/** * create a new member and let it become participant of the supplied ballot * * @param Period $period * @param mixed $ballot Ballot, true or null * @param integer $case * @param string $i */ function add_participant(Period $period, $ballot, $case, $i) { global $date, $password; Login::$member = new Member; Login::$member->invite = Login::generate_token(24); Login::$member->eligible = true; Login::$member->verified = true; Login::$member->create(); Login::$member->username = "******".$date."c".$case."p".(is_object($ballot)?$ballot->id:$ballot).$i; Login::$member->password = $password; $update_fields = array('username', 'password', 'eligible'); // Enable this only in local development environment, because it may lead to a lot if notification mails! //Login::$member->mail = ERROR_MAIL; //$update_fields[] = "mail"; Login::$member->update($update_fields, 'activated=now()'); Login::$member->update_ngroups([1]); if ($ballot) { if (is_object($ballot)) $period->select_ballot($ballot); else $period->select_postal(); } }
/** * save not yet confirmed mail address and send confirmation request * * @param string $mail */ public function set_mail($mail) { if ( strtotime($this->mail_lock_expiry) > time() ) { warning(_("We have sent an email with a confirmation code already in the last hour. Please try again later!")); redirect(); } $this->mail_unconfirmed = $mail; DB::transaction_start(); do { $this->mail_code = Login::generate_token(16); $sql = "SELECT id FROM member WHERE mail_code=".DB::esc($this->mail_code); } while ( DB::numrows($sql) ); // The member has 7 days to confirm the email address. $this->update(['mail_unconfirmed', 'mail_code'], "mail_code_expiry = now() + interval '7 days'"); DB::transaction_commit(); $subject = _("Email confirmation request"); $body = _("Please confirm your email address by clicking the following link:")."\n" .BASE_URL."confirm_mail.php?code=".$this->mail_code."\n\n" ._("If this link does not work, please open the following URL in your web browser:")."\n" .BASE_URL."confirm_mail.php\n" ._("On that page enter the code:")."\n" .$this->mail_code; if ( send_mail($mail, $subject, $body) ) { $this->update(array(), "mail_lock_expiry = now() + interval '1 hour'"); success(_("Your email address has been saved. An email with a confirmation code has been sent.")); } else { warning(sprintf(_("Your email address has been saved, but the email with the confirmation code could not be sent. Try again later or contact %s.")), MAIL_SUPPORT); } // notification to old mail address if ($this->mail) { $subject = _("Change of your email address"); $body = _("Someone, probably you, changed your email address to:")."\n" .$this->mail_unconfirmed."\n\n" ._("If this was not you, somebody else got access to your account. In this case please log in as soon as possible and change your password:"******"\n" .BASE_URL."settings.php\n" .sprintf(_("Then try to set the email address back to your one and contact %s!"), MAIL_SUPPORT); send_mail($this->mail, $subject, $body); } }
/** * create a member once * * @param string $username */ function create_member($username) { global $password, $ngroup; // make usernames unique $username .= " ".$ngroup->id; static $members = array(); if (isset($members[$username])) { Login::$member = $members[$username]; return; } Login::$member = new Member; Login::$member->invite = Login::generate_token(24); Login::$member->eligible = true; Login::$member->verified = true; Login::$member->create(); Login::$member->username = $username; Login::$member->password = $password; $update_fields = array('username', 'password', 'eligible'); // Enable this only in local development environment, because it will lead to extremely many notification mails! //Login::$member->mail = ERROR_MAIL; //$update_fields[] = "mail"; Login::$member->update($update_fields, 'activated=now()'); DB::insert("member_ngroup", array('member'=>Login::$member->id, 'ngroup'=>$ngroup->id)); // activate all notifications foreach ( Notification::$default_settings as $interest => $types ) { $fields_values = array('member'=>Login::$member->id, 'interest'=>$interest); foreach ( $types as $type => $value ) { $fields_values[$type] = true; } DB::insert_or_update("notify", $fields_values, array('member', 'interest')); } $members[$username] = Login::$member; }
/** * start online voting * * @param array $issues */ public function start_voting(array $issues) { // entitled members of the ngroup $sql = "SELECT member.* FROM member JOIN member_ngroup ON member.id = member_ngroup.member AND member_ngroup.ngroup=".intval($this->ngroup)." WHERE activated IS NOT NULL AND eligible=TRUE AND verified=TRUE"; $members = DB::fetchobjectarray($sql, "Member"); $personal_tokens = array(); $all_tokens = array(); foreach ($issues as $issue) { /** @var $issue Issue */ // generate vote tokens $all_tokens[$issue->id] = array(); foreach ( $members as $member ) { DB::transaction_start(); do { $token = Login::generate_token(8); $sql = "SELECT token FROM vote_token WHERE token=".DB::esc($token); } while ( DB::numrows($sql) ); $sql = "INSERT INTO vote_token (member, issue, token) VALUES (".intval($member->id).", ".intval($issue->id).", ".DB::esc($token).")"; DB::query($sql); DB::transaction_commit(); $personal_tokens[$member->id][$issue->id] = $token; $all_tokens[$issue->id][] = $token; } $issue->state = "voting"; $issue->update(["state"], 'voting_started=now()'); } // notification mails $subject = sprintf(_("Voting started in period %d"), $this->id); $body_top = _("Group").": ".$this->ngroup()->name."\n\n" ._("Online voting has started on the following proposals").":\n"; $body_lists = "\n"._("Voting end").": ".datetimeformat($this->counting) ."\n\n===== "._("Lists of all vote tokens")." =====\n"; $issues_blocks = array(); foreach ( $issues as $issue ) { $body_lists .= "\n" ._("Issue")." ".$issue->id.":\n" .join(", ", $all_tokens[$issue->id])."\n"; $issues_blocks[$issue->id] = "\n"._("Issue")." ".$issue->id."\n"; foreach ( $issue->proposals(true) as $proposal ) { $issues_blocks[$issue->id] .= _("Proposal")." ".$proposal->id.": ".$proposal->title."\n" .BASE_URL."proposal.php?id=".$proposal->id."\n"; } } foreach ( $members as $member ) { if (!$member->mail) continue; $body = $body_top; foreach ( $issues as $issue ) { $body .= $issues_blocks[$issue->id] ._("Vote").": ".BASE_URL."vote.php?issue=".$issue->id."\n" ._("Your vote token").": ".$personal_tokens[$member->id][$issue->id]."\n"; } $body .= $body_lists; send_mail($member->mail, $subject, $body, array(), $member->fingerprint); } }
/** * create a unique token for the member and the current issue * * @param string $table database table * @param Member $member * @return string */ private function create_unique_token($table, Member $member) { DB::transaction_start(); do { $token = Login::generate_token(8); $sql = "SELECT token FROM $table WHERE token=".DB::esc($token); } while ( DB::numrows($sql) ); $sql = "INSERT INTO $table (member, issue, token) VALUES (".intval($member->id).", ".intval($this->id).", ".DB::esc($token).")"; DB::query($sql); DB::transaction_commit(); return $token; }
* @author Magnus Rosenbaum <*****@*****.**> * @package Basisentscheid */ require "inc/common_http.php"; Login::logout(); if ($action) { switch ($action) { case "create": $member = new Member; $member->invite = Login::generate_token(24); $member->eligible = true; $member->verified = true; $member->create(); // become member of ngroups if (!empty($_POST['ngroups'])) { foreach ( $_POST['ngroups'] as $ngroup ) { $ngroup_int = intval($ngroup); if (!$ngroup_int or $ngroup_int!=$ngroup) continue; DB::insert("member_ngroup", array('member'=>$member->id, 'ngroup'=>$ngroup_int)); } } redirect("register.php?invite=".$member->invite);
action_required_parameters('username'); if (!$_POST['username']) break; $sql = "SELECT * FROM member WHERE username="******" AND ( password_reset_code IS NULL OR password_reset_code_expiry < now() )"; $result = DB::query($sql); if ( $member = DB::fetch_object($result, "Member") ) { if (!$member->mail) { warning(sprintf(_("Sorry, but there is no confirmed email address for this account. Please contact %s!"), MAIL_SUPPORT), true); break; } $member->password_reset_code = Login::generate_token(24); if ( ! $member->update(['password_reset_code'], "password_reset_code_expiry = now() + interval '1 day'") ) { warning(sprintf(_("The generated code could not be saved. Please try again or contact %s!"), MAIL_SUPPORT), true); break; } $subject = _("Password reset request"); $body = sprintf(_("Hello %s!"), $member->username)."\n\n" ._("To reset your password please click on the following link:")."\n" .BASE_URL."reset_password.php?code=".$member->password_reset_code."\n\n" ._("If this link does not work, please open the following URL in your web browser:")."\n" .BASE_URL."reset_password.php\n" ._("On that page please enter the code:")."\n" .$member->password_reset_code."\n\n" ._("This code is only valid for one day.");