/** * Perform the main actions of the page. */ protected function action() { parent::action(); $this->template->setAttribute("class", "active", "menuPassword", "a[@href='password']"); if ($this->isPost()) { $access = I2CE::getUserAccess(); if (!$access instanceof I2CE_UserAccess_Mechanism || !$access->canChangePassword() || $this->user->getRole() == 'guest') { $success = 'no_change'; } else { if (!$this->post('old_password') || !$this->post('new_password')) { $success = 'none'; } else { if ($this->post('new_password') != $this->post('confirm_password')) { $success = 'no_match'; } else { if (!$this->user->changePassword($this->post('old_password'), $this->post('new_password'))) { $success = 'wrong'; } else { $success = 'success'; } } } } //$this->template->addTextNode( "message", $message ); if ($success == 'success') { $this->template->addFile("password_success.html"); } else { $this->template->addFile("password_form.html"); $this->template->addFile("password_" . $success . ".html", "td"); } } else { $this->template->addFile("password_form.html"); } }
/** * Checks to see if we are doing an auto-login */ public static function doAutoLogin() { $userAccess = I2CE::getUserAccess(); if (!$userAccess instanceof I2CE_UserAccess_Mechanism) { return false; } return $userAccess->doAutoLogin(); }
/** *Get the fields in the user form that can be read from the person form *@returns array of string */ public static function getUserDetailsInPerson() { $person = I2CE_FormFactory::instance()->createContainer('person'); $map = array(); $accessMech = I2CE::getUserAccess(); $details = $accessMech->getAllowedDetails(); if (in_array('lastname', $details)) { $map['lastname'] = 'surname'; } foreach ($details as $detail) { if ($person->hasField($detail)) { $map[$detail] = $detail; } } return $map; }
/** * Perform the main actions of the page. * @global array Get the home page from the global configuration */ protected function action() { parent::action(); if ($this->user->logged_in()) { $this->setRedirect('home'); return; } $access = I2CE::getUserAccess(); $has_email = $access instanceof I2CE_UserAccess_Mechanism && $access->canChangePassword() && I2CE_User::hasDetail('email'); $this->template->setBodyId("loginPage"); $this->template->setDisplayDataImmediate('has_email', $has_email); if (!$this->isPost() || !$has_email) { return; } if ($this->post('submit') == "Reset") { if (I2CE_Validate::checkString($this->post('username')) && I2CE_User::userExists($this->post('username'), true)) { $user = new I2CE_User($this->post('username'), true, false, true); $email = $user->email; $valid_email = I2CE_Validate::checkEmail($email); $pass = trim(I2CE_User::generatePassword()); if ($user->getRole() != 'guest' && $valid_email && $pass && $user->setPassword($pass)) { if ($this->mailPassword($email, $this->post('username'), $pass)) { $this->template->addTextNode("error_message", "Your password has been reset and mailed to you."); } else { $this->template->addTextNode("error_message", "Your password has been reset, but could not mailed to you. Please contact your system administrator"); } } else { $this->template->addTextNode("error_message", "Your password could not be reset. Please contact your system administrator to change your password."); } } else { $this->template->addTextNode("error_message", "Your username could not be found in the database. Please contact your System Administrator."); } } elseif ($this->post('submit') == "View") { $usernames = I2CE_User::findUsersByInfo(false, array('email' => $this->post('email'))); if (is_array($usernames) && count($usernames) == 1) { reset($usernames); $this->template->addText('<p id="error_message">Your username is: <b>' . current($usernames) . '</b><br />Enter it below to reset your password or return to the login page to login.</p>', 'p'); } else { $this->template->addTextNode("error_message", "That email address was not found in the system. Please contact your System Administrator."); } } else { $this->template->addTextNode("error_message", "Please click one of the submit buttons or only enter one text field."); } }
/** * Construct this module class * @param string $name The name of this storage mechanism * @param array $options */ public function __construct($name, $options = array()) { $this->userAccess = I2CE::getUserAccess(); parent::__construct($name, $options); }
/** * Create a new instance of a I2CE_User_Form object. * If the username isn't given then it will be determined from the session array. * @param I2CE_FieldContainer_Factory $factory * @param string $form The name of this form. Should be 'user'. * @param string $username */ public function __construct($factory, $form, $username = '******') { parent::__construct($factory, $form, $username); $this->user = new I2CE_User($username, true, false, false); $access = I2CE::getUserAccess(); if ($access instanceof I2CE_UserAccess_Mechanism) { $this->allowedDetails = $access->getAllowedDetails(); } else { $this->allowedDetails = array(); } foreach ($this->allowedDetails as $detail) { if (array_key_exists($detail, $this->fields)) { continue; } if ($detail == 'locale') { $header = I2CE_User::getDetailName('locale'); $options = array('in_db' => true, 'required' => I2CE_User::isRequired('locale'), 'meta' => array('limits' => array('default' => array('locale' => array('operator' => 'FIELD_LIMIT', 'field' => 'selectable', 'style' => 'yes', 'data' => array()))), 'display' => array('default' => array('fields' => 'locale+name')))); $this->fields['locale'] = new I2CE_FormField_MAP('locale', $options); $this->fields['locale']->setHeaders(array('default' => $header)); $this->fields['locale']->setContainer($this); $locale = I2CE_Locales::ensureSelectableLocale($this->fields['locale']->getDBValue()); $this->fields['locale']->setFromDB('locale|' . $locale); $this->user->locale = $locale; } else { $this->fields[$detail] = new I2CE_FormField_STRING_LINE($detail, array('in_db' => true, 'required' => I2CE_User::isRequired($detail))); $this->fields[$detail]->setHeaders(array('default' => I2CE_User::getDetailName($detail))); $this->fields[$detail]->setContainer($this); } } $this->fields['username'] = new I2CE_FormField_STRING_LINE('username', array('in_db' => true, 'required' => true)); $this->fields['username']->setHeaders(array('default' => 'Username')); $this->fields['username']->setContainer($this); }
/** * Saves the user to the database. * * This method saves all the user data and updates the access the user has for this system. * @param mixed $password. If it is a string, it is the password to set for the user. detaulst to false in which * case we do not set the password */ public function save($password = false) { $userAccess = I2CE::getUserAccess(); if (!$userAccess instanceof I2CE_UserAccess_Mechanism) { I2CE::raiseError("No user access mechanism"); return false; } if ($password) { if (!self::userExists($this->username, false)) { I2CE::raiseError("User {$this->username} does not exist, creating"); return $userAccess->createUser($this->username, $password, $this->role, $this->details); } else { if (!$userAccess->setUserInfo($this->username, $this->role, $this->details)) { return false; } return $this->setPassword($password) === true; } } else { if (!self::userExists($this->username, false)) { I2CE::raiseError("No password set for new user {$this->username}"); return false; } else { return $userAccess->setUserInfo($this->username, $this->role, $this->details); } } }
/** * Perform the actions of the page. */ protected function action() { $can_see = false; if ($this->hasPermission('task(users_can_edit_all)')) { $can_see = true; } elseif ($this->hasPermission('task(users_can_edit)')) { $userAccess = I2CE::getUserAccess(); if ($userAccess instanceof I2CE_UserAccess_Mechansim && in_array('creator', $userAccess->getAllowedDetails()) && $this->view_user->creator == $this->user->id) { $can_see = true; } } if (!$can_see) { $this->userMessage("You can not edit this user.", 'notice', false); $this->setRedirect("user"); return false; } I2CE_ModuleFactory::callHooks("pre_page_view_user", $this); parent::action(); $this->template->setForm($this->view_user); $child_forms = $this->view_user->getChildForms(); foreach ($child_forms as $child) { $method = "action_" . $child; if ($this->_hasMethod($method)) { if (!$this->{$method}()) { I2CE::raiseError("Could not do action for {$form}."); } } } I2CE_ModuleFactory::callHooks("post_page_view_user", $this); return true; }
/** * Save the objects to the database. * * Save the default object being edited and return to the view page. */ protected function save() { if ($this->creatingNewUser()) { if (!$this->userObj instanceof I2CE_User_Form || !($username = $this->userObj->username) || !$this->userMap instanceof I2CE_Form) { return false; } $accessMech = I2CE::getUserAccess(); if ($accessMech->userExists($username, false)) { I2CE::raiseError("Trying to recreate existing user : "******"There was an error submitting your application"); $this->setRedirect('login'); } else { if ($this->creatingNewUser()) { $this->user->login($this->userObj->username, $this->userObj->password); $this->setRedirect("view?id=" . $this->getPrimary()->getNameId()); } else { $this->userMessage("Thank you for your application"); $this->setRedirect('login'); } } }
/** * Save the objects to the database. * * Save the default object being edited and return to the view page. */ protected function save() { if ($this->creatingNewUser()) { if (!$this->hasPermission('task(users_can_edit)')) { return false; } if (!$this->userObj instanceof I2CE_User_Form || !($username = $this->userObj->username)) { return false; } $accessMech = I2CE::getUserAccess(); if ($accessMech->userExists($username, false)) { I2CE::raiseError("Trying to recreate existing user : " . $username); return false; } if (I2CE_User::hasDetail('creator')) { $this->userObj->creator = $this->user->username; } } return parent::save(); }
/** * Handle any additional actions after all the child forms have * been loaded on the user view page. * @param iHRIS_PageViewUser $page */ public function post_page_view_user($page) { if (!$page instanceof iHRIS_PageViewUser) { I2CE::raiseError("post_page_view_user hook called on a page that isn't the View User page."); return; } $user = $page->getViewUser(); $template = $page->getTemplate(); $defaults = I2CE::getConfig()->modules->UserStatistics->defaults; $login_limit = 10; $defaults->setIfIsSet($login_limit, "login_limit"); $userAccess = I2CE::getUserAccess(); $username = $user->getId(); $userid = $userAccess->getUserId($username); $logins = self::getLoginHistory($userid, $login_limit); $template->addHeaderLink("view_user_statistics.css"); $stats_node = $template->appendFileById("view_user_statistics_login_history.html", "div", "user_details"); $template->setDisplayDataImmediate("history_limit", $login_limit, $stats_node); if ($logins) { while ($row = $logins->fetchRow()) { $node = null; if ($row->logout) { $node = $template->appendFileById("view_user_statistics_logged_out.html", "tr", "user_stats_login_history"); $logout = I2CE_Date::fromDB($row->logout); $template->setDisplayDataImmediate("user_stats_logout", $logout->displayDate(), $node); } else { $node = $template->appendFileById("view_user_statistics_logged_in.html", "tr", "user_stats_login_history"); $activity = I2CE_Date::fromDB($row->activity); $template->setDisplayDataImmediate("user_stats_activity", $activity->displayDate(), $node); } $login = I2CE_Date::fromDB($row->login); $template->setDisplayDataImmediate("user_stats_login", $login->displayDate(), $node); } } $days_limit = 5; $defaults->setIfIsSet($days_limit, "days_forms_limit"); if (!self::setupEntryHistory($userid, $username, $days_limit)) { I2CE::raiseError("Unable to set up entry history for {$userid} ({$days_limit} days)"); return; } if (self::$entries[$userid]['has_person']) { $person_node = $template->appendFileById("view_user_statistics_person_history.html", "div", "user_details"); $template->setDisplayDataImmediate("days_limit", $days_limit, $person_node); foreach (self::$entries[$userid]['dates'] as $date => $data) { if (count($data['person']) > 0) { $node = $template->appendFileById("view_user_statistics_person_row.html", "tr", "user_stats_person_history"); $dateObj = I2CE_Date::fromDB($date); $template->setDisplayDataImmediate("user_stats_person_date", $dateObj->displayDate(), $node); $template->setDisplayDataImmediate("user_stats_person_count", count($data['person']), $node); } } } if (self::$entries[$userid]['has_forms']) { $forms_node = $template->appendFileById("view_user_statistics_form_history.html", "div", "user_details"); $template->setDisplayDataImmediate("days_limit", $days_limit, $forms_node); $displays = array(); $formConfig = I2CE::getConfig()->modules->forms->forms; foreach (self::$entries[$userid]['dates'] as $date => $data) { $date_node = $template->appendFileById("view_user_statistics_form_date.html", "tr", "user_stats_form_history"); $dateObj = I2CE_Date::fromDB($date); $template->setDisplayDataImmediate("form_date", $dateObj->displayDate(), $date_node); $total = 0; ksort($data['forms']); foreach ($data['forms'] as $form => $count) { if (!array_key_exists($form, $displays)) { if (!empty($formConfig->{$form}->display)) { $displays[$form] = $formConfig->{$form}->display; } else { $displays[$form] = $form; } } $form_node = $template->appendFileById("view_user_statistics_form_row.html", "tr", "user_stats_form_history"); $template->setDisplayDataImmediate("form_form", $displays[$form], $form_node); $template->setDisplayDataImmediate("form_count", $count, $form_node); $total += $count; } $total_node = $template->appendFileById("view_user_statistics_form_total.html", "tr", "user_stats_form_history"); $template->setDisplayDataImmediate("form_date", $dateObj->displayDate(), $total_node); $template->setDisplayDataImmediate("total_count", $total, $total_node); } } }
/** * Load the HTML template files for editing and confirming the index information. */ protected function loadHTMLTemplates() { $postfix = ''; $resend = $this->request_exists('resend') && $this->request('resend'); if ($resend) { $node = $this->template->addFile("resend_email.html"); if (!$node instanceof DOMNode) { return false; } } else { $access = get_class(I2CE::getUserAccess()); if ($access && ($pos = strpos($access, 'I2CE_UserAccess_')) !== false) { $postfix = substr($access, 15); } $node = $this->template->addFile("user_form_edit{$postfix}.html"); if (!$node instanceof DOMNode) { return false; } $this->updateTemplateNames($node); } }
/** * Populate a drop down of users that can be edited by the current user given his/her access level. * @param string $selectId * @global array */ public function listUsersToEdit($selectId, $username = null) { $add_last = array(); if ($username == null) { $usernames = I2CE_User::findUsersByInfo(false, array(), false); //we all users except the interal admin user regardless or role or details. } else { $userAccess = I2CE::getUserAccess(); if (!$userAccess instanceof I2CE_UserAccess_Mechansim) { return false; } if (!in_array('creator', $userAccess->getAllowedDetails())) { return false; } $usernames = I2CE_User::findUsersByInfo(false, array('creator' => $username)); } if (!is_array($usernames)) { return false; } foreach ($usernames as $username) { $user = new I2CE_User($username, true, false, false); if (!$user instanceof I2CE_User) { continue; } $role = $user->getRole(); if ($role) { $role = I2CE_User_Form::getRoleNameFromShortName($role); } $disp = trim($user->displayName()); if (!$disp) { $disp = "({$username})"; } if ($role == "") { $add_last[$username] = 'No Access - ' . $disp; } else { $this->template->addOption($selectId, $username, $role . ' - ' . $disp); } } foreach ($add_last as $username => $dispname) { $this->template->addOption($selectId, $username, $dispname); } }
public static function canAddUser($requested_user, $request_number = false, $allow_delete = false) { $factory = I2CE_FormFactory::instance(); if ($request_number) { $allow_delete = false; } if (!$requested_user instanceof I2CE_User_Request || !($usernameField = $requested_user->getField('username')) instanceof I2CE_FormField_STRING_LINE || !($emailField = $requested_user->getField('email')) instanceof I2CE_FormField_STRING_LINE) { return false; } $username = $usernameField->getValue(); $email = $emailField->getValue(); $userAccess = I2CE::getUserAccess(); $where = array('field' => 'id', 'operator' => 'FIELD_LIMIT', 'style' => 'equals', 'data' => array('value' => $username)); $details = array('email' => $email); if (count($details) > 0) { $where = array('operator' => 'OR', 'operand' => array($where)); foreach ($details as $detail => $value) { $where['operand'][] = array('field' => $detail, 'operator' => 'FIELD_LIMIT', 'style' => 'equals', 'data' => array('value' => $value)); } } if ($request_number !== false) { $where = array('operator' => 'AND', 'operand' => array($where, array('operator' => 'NOT', 'operand' => array(array('field' => 'request_number', 'operator' => 'FIELD_LIMIT', 'style' => 'equals', 'data' => array('value' => $request_number)))))); } $requested_users = I2CE_FormStorage::search('user_request', false, $where); if (!$username || $username == 'i2ce_admin' || $userAccess->getUserID($username) !== false || count($userAccess->getUsersByInfo(false, $details)) > 0) { return false; } if (is_array($requested_users) && count($requested_users) > 0) { //we already have a user request for this email/request number if (!$allow_delete) { return false; } if (!$request_number) { //we will want to create a new request, so we need to delete any existing ones foreach ($requested_users as $req_id) { if (!($reqObj = $factory->createContainer('user_request|' . $req_id)) instanceof I2CE_User_Request) { I2CE::raiseError("Bad user_request|{$req_id}"); continue; } I2CE::raiseError("Deleting {$req_id}"); $reqObj->delete(); } } } return true; }