/** * @todo Change the $dbAdapter for making it automatic according to the config, here we are stuck with MySQL * @param Zend_Controller_Request_Http $request * @param bool $encryptedPass * @return bool|Sydney_Auth_Adaptater_DbTable */ public static function getAuthAdapter(Zend_Controller_Request_Http $request, $encryptedPass = false) { // Load cookie informations $identity = Sydney_Http_Cookie::getIdentity($request); $credential = Sydney_Http_Cookie::getCredential($request); // Load params $params = $request->getParams(); // Auth with identity and credential loaded from cookie if (empty($identity) && empty($credential) && empty($params['username']) && empty($params['password'])) { // IF no username and no password then return false return false; } elseif (!empty($identity) && !empty($credential) && empty($params['username']) && empty($params['password'])) { // IF identity loaded from cookie then set as params $params['username'] = $identity; $params['password'] = $credential; } $where2 = " 1 = 2 "; $username = strtolower(addslashes($params['username'])); $password = addslashes($params['password']); // get the user if any $uDB = new Users(); $users = $uDB->fetchAll(" LOWER(login) LIKE '" . $username . "' "); // one user found if (count($users) == 1) { if ($users[0]->safinstances_id == Sydney_Tools::getSafinstancesId()) { $where2 = " 1 = 1 "; } else { $corDB = new SafinstancesUsers(); $cors = $corDB->fetchAll(" safinstances_id = " . Sydney_Tools::getSafinstancesId() . " AND users_id = " . $users[0]->id . " "); if (count($cors) > 0) { $where2 = " 1 = 1 "; } } $username = $users[0]->login; } $config = Zend_Registry::get('config'); $dbAdapter = new Zend_Db_Adapter_Pdo_Mysql($config->db->params); if ($encryptedPass === false) { $authAdapter = new Sydney_Auth_Adaptater_DbTable($dbAdapter, 'users', 'login', 'password', 'MD5(?) AND valid = 1 AND active = 1 AND (TIMESTAMPADD(SECOND,timeValidityPassword,lastpwdchanges) > now() OR timeValidityPassword = 0) AND ' . $where2); } else { $authAdapter = new Sydney_Auth_Adaptater_DbTable($dbAdapter, 'users', 'login', 'password', '? AND valid = 1 AND active = 1 AND (TIMESTAMPADD(SECOND,timeValidityPassword,lastpwdchanges) > now() OR timeValidityPassword = 0) AND ' . $where2); } // Store username and pass to cookie if ($params['rememberme'] == "1") { Sydney_Http_Cookie::setAuthCookie($username, $password, 7); } $authAdapter->setIdentity($username)->setCredential($password); return $authAdapter; }
/** * Do the process of registration * @todo add a link to a safinstance if the user exists and he wants to register from another safinstance * @return void */ public function registerprocessAction() { $request = $this->getRequest(); // Check if we have a POST request if (!$request->isPost()) { return $this->_helper->redirector('login'); } else { // Get our form and validate it $form = $this->getRegistrationForm(); $this->view->form = $form; $params = $request->getPost(); // check the form is valid if (!$form->isValid($request->getPost())) { return $this->render('register'); } else { if ($params['password'] != $params['password2']) { $this->view->form->setDescription($this->_translate->_('Both password do not match')); return $this->render('register'); } else { // check if the login doen't exist already $users = new Users(); $rows = $users->fetchAll("login LIKE '" . $params['username'] . "'"); // user is not unique if (count($rows) > 0) { $this->view->form->setDescription($this->_translate->_('This user exists already')); return $this->render('register'); } else { // insert the new user in the table $data = array('login' => addslashes($params['username']), 'password' => md5(addslashes($params['password'])), 'usersgroups_id' => 2, 'email' => addslashes($params['username']), 'active' => 1, 'safinstances_id' => $this->_config->db->safinstances_id, 'subscribedate' => date("Y-m-d H:i:s"), 'ip' => $_SERVER['REMOTE_ADDR']); $uid = $users->insert($data); // insert the link to the safinstance $corDB = new SafinstancesUsers(); $row = $corDB->createRow(); $row->safinstances_id = $this->_config->db->safinstances_id; $row->users_id = $uid; $row->save(); // process login with the information provided $adapter = $this->getAuthAdapter($request); $auth = Sydney_Auth::getInstance(); $result = $auth->authenticate($adapter); if ($result->isValid()) { $r = $this->getRequest(); if (isset($r->redirectmodule)) { $this->_helper->redirector('index', 'index', $r->getParam('redirectmodule', 'index')); } elseif ($r->redirectpage) { $this->_helper->redirector('view', 'index', 'publicms', array('page' => $r->redirectpage)); } else { $this->_helper->redirector('index', 'index', $r->getParam('redirectmodule', 'index')); } // $this->logger->log('New user registered', Zend_Log::WARN); // return $this->render('register'); } else { $this->view->form->setDescription($this->_translate->_('An unexpected error occured... please contact the support.')); return $this->render('register'); } } } } } }
/** * * @return void */ public function permissionsAction() { $r = $this->getRequest(); $uid = 0; if (isset($r->id) && preg_match("/^[0-9]{1,100}\$/", $r->id)) { $uid = $r->id; } $usersDB = new Users(); $users = $usersDB->find($uid); if (count($users) == 1) { $user = $users[0]; $this->setSubtitle2('Permissions for ' . $user->login); $this->setSideBar('permissions', 'people'); $this->view->extended = false; if (in_array(3, $this->usersData['member_of_groups'])) { $this->view->extended = true; $form = new UsersWebsitePermisionsForm(); $safinstancesUsers = new SafinstancesUsers(); $data = array('id' => $user->id, 'saf_id' => $user->safinstances_id, 'SafinstancesUsers' => $safinstancesUsers->getSafinstancesLinkedTo($user->id)); $form->populate($data); $this->view->websiteForm = $form; } } }
/** * Saves the data from the "permission access to website form" * @return void */ public function userswebsitepermisionsAction() { $this->view->ResultSet = array(); $this->view->message = 'Error... '; $this->view->status = 0; $form = new UsersWebsitePermisionsForm(); $data = $this->getRequest()->getPost(); if ($form->isValid($data)) { if (isset($data['id']) && preg_match('/^[0-9]{1,10}$/', $data['id'])) { // update the user $usersDB = new Users(); $users = $usersDB->find($data['id']); if (count($users) == 1) { $users[0]->safinstances_id = $data['saf_id']; $uid = $users[0]->id; $users[0]->save(); // update correspondances $c1DB = new SafinstancesUsers(); $c1DB->delete("users_id = '" . $uid . "' "); $c1DB->setUsersLinkedTo($uid, $data['SafinstancesUsers']); $this->view->message = 'Data saved'; $this->view->status = 1; $this->view->modal = false; } } } else { $this->view->ResultSet = array('errors' => $form->getMessages(), 'entry' => $data); $this->view->message = 'Errors in the form...'; $this->view->status = 0; $this->view->timeout = 2; $this->view->modal = false; } }
private function saveRow($data, $modeEdit, $isPublicModule) { try { $usersDb = new Users(); if ($modeEdit) { $rows = $usersDb->fetchAll(" id = '" . $data['id'] . "' AND login = '******'login']) . "' "); $row = $rows[0]; } else { $row = $usersDb->createRow(); } // Store row $this->set($row); foreach ($data as $k => $v) { if (isset($data[$k]) && isset($row->{$k})) { switch ($k) { case 'password': if (!empty($data[$k])) { if (!$this->isValidPassword($data[$k], $data['id'])) { Sydney_Messages::getInstance()->addMessage(Sydney_Tools::_('Please use another password!')); return false; } $row->lastpwdhistory = $this->getUpdatedHistoryForDb($row->lastpwdhistory, $data[$k]); $row->{$k} = md5($data[$k]); $row->lastpwdchanges = Sydney_Tools::getMySQLFormatedDate(); $row->timeValidityPassword = 0; } break; case 'valid': if ($row->{$k} != $data[$k]) { $row->laststatuschange = Sydney_Tools::getMySQLFormatedDate(); if ($row->{$k} == 1) { $row->unsubscribedate = Sydney_Tools::getMySQLFormatedDate(); } } $row->{$k} = $data[$k]; break; case 'active': if ($row->{$k} != $data[$k]) { $row->laststatuschange = Sydney_Tools::getMySQLFormatedDate(); if ($row->{$k} == 1) { $row->unsubscribedate = Sydney_Tools::getMySQLFormatedDate(); } } $row->{$k} = $data[$k]; break; default: $row->{$k} = $data[$k]; break; } } } $creation = !($row->id > 0); // Store row $this->set($row); if (!$creation) { // in case we are editing $row->modifieddate = Sydney_Tools::getMySQLFormatedDate(); } else { // fixed values if public creation if ($isPublicModule) { $row->usersgroups_id = 2; // User is added to group 'auth' $row->active = 0; // User is not active } // in case we are creating $usersData = Sydney_Tools::getUserdata(); $row->subscribedate = Sydney_Tools::getMySQLFormatedDate(); $row->modifieddate = Sydney_Tools::getMySQLFormatedDate(); $row->safinstances_id = Sydney_Tools::getSafinstancesId(); $row->creatoridentity = $usersData ? $usersData['users_id'] : 0; $row->ip = $_SERVER['REMOTE_ADDR']; } if ($newId = $row->save()) { Sydney_Messages::getInstance()->addMessage('Success! The data is valid.'); $row->id = $newId; // Store row $this->set($row); if ($creation) { // create the link to cor table $corDb = new SafinstancesUsers(); $corRow = $corDb->createRow(); $corRow->safinstances_id = Sydney_Tools::getSafinstancesId(); $corRow->users_id = $row->id; $corRow->save(); } return $row; } else { Sydney_Messages::getInstance()->addMessage('Error...'); return false; } } catch (Exception $e) { Sydney_Messages::getInstance()->addMessage('UsersOp::save::Exception! ' . $e->getMessage()); return false; } }