function __construct($pdo)
{
$this->pdo = $pdo;
$sm = new SecurityManager();
$sm->denyAll();
$sm->allow(SecurityManager::SECURITY_MANAGER_MASK_ADMIN);
$sm->checkSecurity();
}
public static function instance()
{
if (self::$sm == null) {
self::$sm = new SecurityManager();
}
return self::$sm;
}
/**
* Forgot administrator password action
*
* @return void
*/
public function execute()
{
$email = (string) $this->getRequest()->getParam('email');
$params = $this->getRequest()->getParams();
if (!empty($email) && !empty($params)) {
// Validate received data to be an email address
if (\Zend_Validate::is($email, 'EmailAddress')) {
try {
$this->securityManager->performSecurityCheck(\Magento\Security\Model\PasswordResetRequestEvent::ADMIN_PASSWORD_RESET_REQUEST, $email);
} catch (\Magento\Framework\Exception\SecurityViolationException $exception) {
$this->messageManager->addErrorMessage($exception->getMessage());
$resultRedirect = $this->resultRedirectFactory->create();
return $resultRedirect->setPath('admin');
}
$collection = $this->_objectManager->get('Magento\\User\\Model\\ResourceModel\\User\\Collection');
/** @var $collection \Magento\User\Model\ResourceModel\User\Collection */
$collection->addFieldToFilter('email', $email);
$collection->load(false);
if ($collection->getSize() > 0) {
foreach ($collection as $item) {
/** @var \Magento\User\Model\User $user */
$user = $this->_userFactory->create()->load($item->getId());
if ($user->getId()) {
$newPassResetToken = $this->_objectManager->get('Magento\\User\\Helper\\Data')->generateResetPasswordLinkToken();
$user->changeResetPasswordLinkToken($newPassResetToken);
$user->save();
$user->sendPasswordResetConfirmationEmail();
}
break;
}
}
// @codingStandardsIgnoreStart
$this->messageManager->addSuccess(__('We\'ll email you a link to reset your password.'));
// @codingStandardsIgnoreEnd
$this->getResponse()->setRedirect($this->_objectManager->get('Magento\\Backend\\Helper\\Data')->getHomePageUrl());
return;
} else {
$this->messageManager->addError(__('Please correct this email address:'));
}
} elseif (!empty($params)) {
$this->messageManager->addError(__('Please enter an email address.'));
}
$this->_view->loadLayout();
$this->_view->renderLayout();
}
/**
* Check if the currently logged-in user has a certain privilege on a
* node.
*
* @param string $node The full nodename of the node for which to check
* access privileges. (modulename.nodename notation).
* @param string $privilege The privilege to check (atkaction).
*
* @return bool True if the user has the privilege, false if not.
*/
public function allowed($node, $privilege)
{
if (isset($this->m_resultallowed['all'])) {
return $this->m_resultallowed['all'];
}
if (isset($this->m_resultallowed[$node . '.' . $privilege])) {
return $this->m_resultallowed[$node . '.' . $privilege];
}
return parent::allowed($node, $privilege);
}
public function loginEvent($runData)
{
$pl = $runData->getParameterList();
$uname = $pl->getParameterValue("name");
$upass = $pl->getParameterValue("password");
$userId = $pl->getParameterValue("welcome");
$keepLogged = $pl->getParameterValue("keepLogged");
$bindIP = $pl->getParameterValue("bindIP");
// decrypt! woooohhooooo!!!!!!!!
$seed = $runData->sessionGet("login_seed");
if ($seed == null) {
throw new ProcessException(_("You have been inactive quite long while trying to log in and your session data have expired. Please try to click 'log in' once again."), "no_seed");
}
$uname = CryptUtils::rsaDecrypt($uname);
$upass = CryptUtils::rsaDecrypt($upass);
// remove seed
if (preg_match('/^' . $seed . '/', $uname) == 0 || preg_match('/^' . $seed . '/', $upass) == 0) {
EventLogger::instance()->logFailedLogin($uname);
throw new ProcessException(_("The user and password do not match."), "login_invalid");
}
$uname = preg_replace('/^' . $seed . '/', '', $uname);
$upass = preg_replace('/^' . $seed . '/', '', $upass);
if ($userId && is_numeric($userId) && $userId > 0) {
$user = DB_OzoneUserPeer::instance()->selectByPrimaryKey($userId);
if ($user && $user->getPassword() !== md5($upass)) {
$user = null;
}
} else {
$user = SecurityManager::authenticateUser($uname, $upass);
}
if ($user == null) {
EventLogger::instance()->logFailedLogin($uname);
throw new ProcessException(_("The login and password do not match."), "login_invalid");
}
$runData->resetSession();
$session = $runData->getSession();
$session->setUserId($user->getUserId());
// set other parameters
$session->setStarted(new ODate());
$session->setLastAccessed(new ODate());
$user->setLastLogin(new ODate());
$user->save();
if ($keepLogged) {
$session->setInfinite(true);
}
if ($bindIP) {
$session->setCheckIp(true);
}
setcookie("welcome", $user->getUserId(), time() + 10000000, "/", GlobalProperties::$SESSION_COOKIE_DOMAIN);
// log event
EventLogger::instance()->logLogin();
}
/**
* @param mixed $object
* @param IMetaData $metaData
* @param String $params
* @throws EyeException
* @throws EyeErrorException
*/
public function storeMeta($object, IMetaData $metaData = null, $params)
{
if (!$object instanceof EyeSysFile) {
throw new EyeInvalidArgumentException('$object must be an EyeSysFile.');
}
$urlParts = $object->getURLComponents();
$meta = $this->retrieveMeta($object, $params);
SecurityManager::getInstance()->checkPermission($metaData, new MetaDataPermission('write', $meta, $object));
//{
// TODO: store metadata into database
//}
}
}
if (!isset($stateObj)) {
include_once SITE_CLASS_APPLICATION . "class.State.php";
$stateObj = new State();
}
if (!isset($cntstObj)) {
include_once SITE_CLASS_GEN . "class.countrystate.php";
$cntstObj = new CountryState();
}
if (!isset($bnkObj)) {
include_once SITE_CLASS_APPLICATION . "class.BankMaster.php";
$bnkObj = new BankMaster();
}
if (!isset($secManObj)) {
include_once SITE_CLASS_APPLICATION . 'class.SecurityManager.php';
$secManObj = new SecurityManager();
}
if (!isset($userActionObj)) {
include_once SITE_CLASS_APPLICATION . 'user/class.UserActionVerification.php';
$userActionObj = new UserActionVerification();
}
if (!isset($emailObj)) {
include_once SITE_CLASS_APPLICATION . 'class.EmailTemplate.php';
$emailObj = new EmailTemplate();
}
if (!isset($sendMail)) {
include SITE_CLASS_GEN . "class.sendmail.php";
$sendMail = new SendPHPMail();
}
if (!isset($orgObj)) {
require_once SITE_CLASS_APPLICATION . "organization/class.Organization.php";
include S_SECTIONS . "/member/memberaccess.php";
if (!isset($orgObj)) {
require_once SITE_CLASS_APPLICATION . "organization/class.Organization.php";
$orgObj = new Organization();
}
if (!isset($orgAssocObj)) {
require_once SITE_CLASS_APPLICATION . "organization/class.OrganizationAssociation.php";
$orgAssocObj = new OrganizationAssociation();
}
if (!isset($orgAssocVerifyObj)) {
include_once SITE_CLASS_APPLICATION . "organization/class.OrganizationAssociationToVerify.php";
$orgAssocVerifyObj = new OrganizationAssociationToVerify();
}
if (!isset($secManObj)) {
require_once SITE_CLASS_APPLICATION . "{$usersec}/class.SecurityManager.php";
$secManObj = new SecurityManager();
}
if (!isset($userActionObj)) {
include_once SITE_CLASS_APPLICATION . 'user/class.UserActionVerification.php';
$userActionObj = new UserActionVerification();
}
if (!isset($emailObj)) {
include_once SITE_CLASS_APPLICATION . 'class.EmailTemplate.php';
$emailObj = new EmailTemplate();
}
if (!isset($sendMail)) {
include_once SITE_CLASS_GEN . "class.sendmail.php";
$sendMail = new SendPHPMail();
}
if (!isset($orgUsrObj)) {
require_once SITE_CLASS_APPLICATION . "user/class.OrganizationUser.php";
public function processRequest(MMapRequest $request, MMapResponse $response, AppExecutionContext $appContext = null)
{
$status = ob_get_status();
$response->getHeaders()->append('Content-type:text/javascript');
if (isset($status['name']) && $status['name'] != 'ob_gzhandler') {
ob_start("ob_gzhandler");
}
try {
MMapManager::startSession();
if (!$appContext instanceof AppExecutionContext) {
$appContext = new AppExecutionContext();
$appContext->initFromRequest($request);
}
$appDesc = $appContext->getApplicationDescriptor();
// Check if the session has expired only if the application we want to execute is not "init" nor "logout"
// FIXME: Not sure this way for checking session is the best here (maybe a flag in the metadata instead?)
if ($appDesc->getName() != 'init' && $appDesc->getName() != 'logout') {
MMapManager::checkSessionExpiration();
}
// Restore parent process if available
try {
$checknum = (int) $request->getGET('checknum');
$procFather = ProcManager::getInstance()->getProcessByChecknum($checknum);
ProcManager::getInstance()->setCurrentProcess($procFather);
// Access control is based on current user, contained in the login context of
// the current process, so we can only perform security checks when a process
// is active.
// In case no login context is defined, we can be sure that almost nothing unsafe
// will be done, because this element is required in most of the operations.
if ($procFather->getLoginContext() !== null) {
SecurityManager::getInstance()->checkExecute($appDesc);
}
} catch (EyeProcException $e) {
}
// Start process (PHP)
$this->startProcess($appContext);
// Append necessary scripts and execute JS code (actually, only append it to the $response body)
$appDesc->executeJavascript($appContext, $response);
} catch (Exception $e) {
self::$Logger->error('Uncaught exception while processing request: ' . $request);
self::$Logger->error('Exception message: ' . $e->getMessage());
if (self::$Logger->isDebugEnabled()) {
self::$Logger->debug(ExceptionStackUtil::getStackTrace($e, false));
}
// Special processing on session expiration
if ($e instanceof EyeSessionExpiredException) {
$controlMessageBodyRenderer = new ControlMessageBodyRenderer(ControlMessageBodyRenderer::TYPE_SESSION_EXPIRED);
} else {
// Remove incomplete process
$proc = $appContext->getProcess();
if ($proc instanceof Process) {
try {
ProcManager::getInstance()->kill($proc);
} catch (Exception $e) {
self::$Logger->error('Cannot kill incomplete process: ' . $proc);
self::$Logger->error('Exception message: ' . $e->getMessage());
}
}
$controlMessageBodyRenderer = new ControlMessageBodyRenderer(ControlMessageBodyRenderer::TYPE_EXCEPTION, $e);
}
// When using qx.io.ScriptLoader on the JS side, no callback proxy is available
// to intercept control messages, so we're using a little workaround here by
// calling directly eyeos._callbackProxyWithContent() with the exception summary
// in argument.
$responseContent = $controlMessageBodyRenderer->getRenderedBody();
$response->setBody('eyeos._callbackProxyWithContent(null, null, null, ' . $responseContent . ');');
}
$this->handleClientMessageQueue($response);
}
public function doCheck($object, IPermission $perm, LoginContext $context = null)
{
if (SecurityManager::$Logger->isDebugEnabled()) {
SecurityManager::$Logger->debug('Preparing to check permission with login context:');
SecurityManager::$Logger->debug(print_r($context, true));
}
// A little "hack" here to avoid any lock to the root user due to configuration problem
// in the next steps (= even without any configuration or with a broken configuration file,
// the root will always have all the permissions on everything)
$eyeosUser = null;
try {
$eyeosUser = $context->getEyeosUser();
if ($eyeosUser->getName() === 'root') {
if (SecurityManager::$Logger->isInfoEnabled()) {
SecurityManager::$Logger->info('Root user found in login context: bypassing any further security check for requested permission ' . $perm . '.');
}
return;
}
} catch (EyeNullPointerException $e) {
}
$configuration = PolicyConfiguration::getConfiguration();
// Browse policy entries until we find one that matches the class of our object
foreach ($configuration->getPolicyEntries() as $policyEntry) {
$objectClass = $policyEntry->getObjectClass();
if ($object instanceof $objectClass) {
// Check permission using each handler defined for this entry
foreach ($policyEntry->getHandlerEntries() as $handlerEntry) {
try {
$handler = SecurityManager::getNewHandlerInstance($handlerEntry->getHandlerClass(), $handlerEntry->getParams());
try {
$status = $handler->checkPermission($object, $perm, $context);
// SUCCESS (access granted byt the current handler)
if ($status === true) {
if ($handlerEntry->getFlag() == PolicyHandlerEntry::FLAG_SUFFICIENT) {
if ($this->firstRequiredError === null) {
return;
}
}
$this->success = true;
} else {
if (SecurityManager::$Logger->isInfoEnabled()) {
$failureExceptionMessage = '(none available)';
if ($handler->getFailureException() !== null) {
$failureExceptionMessage = $handler->getFailureException()->getMessage();
}
SecurityManager::$Logger->debug($handlerEntry->getHandlerClass() . ' failure message: ' . $failureExceptionMessage);
}
}
} catch (EyeSecurityException $e) {
if ($handlerEntry->getFlag() == PolicyHandlerEntry::FLAG_REQUISITE) {
if (SecurityManager::$Logger->isInfoEnabled()) {
SecurityManager::$Logger->info('Requested permission ' . $perm . ' denied object of class ' . get_class($object) . ' (REQUISITE handler ' . $handlerEntry->getHandlerClass() . ' failed).');
SecurityManager::$Logger->info($e->getMessage());
}
$this->throwException($this->firstRequiredError, $e);
} else {
if ($handlerEntry->getFlag() == PolicyHandlerEntry::FLAG_REQUIRED) {
if ($this->firstRequiredError === null) {
$this->firstRequiredError = $e;
}
} else {
if ($this->firstError === null) {
$this->firstError = $e;
}
}
}
}
} catch (EyeException $e) {
$this->throwException(null, $e);
}
}
if ($this->firstRequiredError !== null) {
// A required handler failed
if (SecurityManager::$Logger->isInfoEnabled()) {
SecurityManager::$Logger->info('Requested permission ' . $perm . ' denied on object of class ' . get_class($object) . ' (a REQUIRED handler failed).');
SecurityManager::$Logger->info($this->firstRequiredError->getMessage());
}
$this->throwException($this->firstRequiredError, null);
} else {
if (!$this->success && $this->firstError !== null) {
// No handler succeeded: return the first error
if (SecurityManager::$Logger->isInfoEnabled()) {
SecurityManager::$Logger->info('Requested permission ' . $perm . ' denied on object of class ' . get_class($object) . '.');
SecurityManager::$Logger->info($this->firstError->getMessage());
}
$this->throwException($this->firstError, null);
} else {
if (!$this->success) {
// All handlers returned FALSE (= they could not perform permission checks for any reason)
SecurityManager::$Logger->warn('All SecurityHandlers have been ignored for object of class ' . get_class($object) . '.');
$this->throwException(new EyeSecurityException('Permission check failure: all handlers ignored on object of class "' . $objectClass . '".'), null);
} else {
if (SecurityManager::$Logger->isDebugEnabled()) {
SecurityManager::$Logger->debug('Permission ' . $perm . ' granted on object of class ' . get_class($object) . '.');
}
return;
}
}
}
}
}
// No matching policy entry has been found for given $object: report it in the log and allow access
if (!$this->success) {
SecurityManager::$Logger->warn('No matching policy entry for object of class ' . get_class($object) . ' has been found.');
}
}
<?php
include S_SECTIONS . "/member/memberaccess.php";
//sendmail class incude
include SITE_CLASS_GEN . "class.sendmail.php";
//initialization of senmail class object
$sendMail = new SendPHPMail();
if (!isset($secManObj)) {
include_once SITE_CLASS_APPLICATION . 'class.SecurityManager.php';
$secManObj = new SecurityManager();
}
if (!isset($orgUserObj)) {
include_once SITE_CLASS_APPLICATION . 'user/class.OrganizationUser.php';
$orgUserObj = new OrganizationUser();
}
if (!isset($userToVerifyObj)) {
include_once SITE_CLASS_APPLICATION . 'user/class.OrganizationUserToverify.php';
$userToVerifyObj = new OrganizationUserToverify();
}
if (!isset($emailObj)) {
include_once SITE_CLASS_APPLICATION . 'class.EmailTemplate.php';
$emailObj = new EmailTemplate();
}
$Data = PostVar("Data");
if (!isset($Data['eEmailNotification'])) {
$Data['eEmailNotification'] = 'No';
}
$Data['vPhone'] = $_POST['vPhoneCode'] . "-" . $Data['vPhone'];
$Data['vMobile'] = $_POST['vMobileCode'] . "-" . $Data['vMobile'];
//prints($Data);exit;
if (count($emailArr) > 0) {
<?php
/**
* Action File For Admin change password
*
* @package addadminchangepassword_a.php
* @Section general
* @author Andrew Dev
*/
//sendmail class incude
include SITE_CLASS_GEN . "class.sendmail.php";
$sendMail = new SendPHPMail();
if (!isset($secManObj)) {
include_once SITE_CLASS_APPLICATION . 'securitymanager/class.SecurityManager.php';
$secManObj = new SecurityManager();
}
$gdbobj->getRequestVars();
//prints($_POST);exit;
$password = md5(PostVar('vPassword'));
$Data['vPassword'] = $password;
$iSMID = PostVar("iSMID");
$arr = $secManObj->select($iSMID);
$secManObj->setAllVar($arr);
$secManObj->setAllVar($Data);
$where = "iSMID = '" . $iSMID . "'";
$res = $secManObj->update($where);
if ($res) {
$NAME = $arr[0]['vFirstName'] . " " . $arr[0]['vLastName'];
//set the valuse of the body of email format
$body_arr = array("#NAME#", "#PASSWORD#", "#MAIL_FOOTER#", "#SITE_URL#");
$post_arr = array($NAME, PostVar('vPassword'), $MAIL_FOOTER, SITE_URL_DUM);
/**
* @param mixed $object
* @param IMetaData $metaData
* @param String $params
* @throws EyeException
* @throws EyeErrorException
*/
public function storeMeta($object, IMetaData $metaData = null, $params)
{
if (!$object instanceof EyeosUser) {
throw new EyeInvalidArgumentException('$object must be an EyeosUser.');
}
$meta = $this->retrieveMeta($object, $params);
SecurityManager::getInstance()->checkPermission($meta, new MetaDataPermission('write', $metaData, $object));
$filepath = $this->getUserSettingsPath($object);
$dir = dirname($filepath);
if (!is_dir($dir)) {
if (!mkdir($dir, 0777, true)) {
throw new EyeIOException('Unable to create necessary directories for meta file ' . $filepath . '.');
}
}
$provider = new SimpleXMLMetaProvider((string) $params, array(SimpleXMLMetaProvider::PARAM_FILEPATH => $filepath, SimpleXMLMetaProvider::PARAM_FORMATOUTPUT => true));
$provider->storeMeta(null, $metaData);
}
<?php
include S_SECTIONS . "/member/memberaccess.php";
if (!isset($secManObj)) {
include_once SITE_CLASS_APPLICATION . 'class.SecurityManager.php';
$secManObj = new SecurityManager();
}
$order = $_POST['order'];
$Data['tDashboard'] = $order;
$secManObj->setAllVar($Data);
$where = " iSMID = '" . $_SESSION['SESS_' . PRJ_CONST_PREFIX . '_ID'] . "'";
$res = $secManObj->updateData($Data, $where);
exit;
include S_SECTIONS . "/member/memberaccess.php";
if (!isset($orgObj)) {
include_once SITE_CLASS_APPLICATION . "organization/class.Organization.php";
$orgObj = new Organization();
}
if (!isset($orgUserPermObj)) {
include_once SITE_CLASS_APPLICATION . "user/class.OrganizationUserPermission.php";
$orgUserPermObj = new OrganizationUserPermission();
}
if (!isset($orgUserPermVerifyObj)) {
include_once SITE_CLASS_APPLICATION . "user/class.OrganizationUserPermissionToVerify.php";
$orgUserPermVerifyObj = new OrganizationUserPermissionToVerify();
}
if (!isset($secManObj)) {
require_once SITE_CLASS_APPLICATION . "securitymanager/class.SecurityManager.php";
$secManObj = new SecurityManager();
}
if (!isset($orgUsrObj)) {
require_once SITE_CLASS_APPLICATION . "user/class.OrganizationUser.php";
$orgUsrObj = new OrganizationUser();
}
if (!isset($userToVerifyObj)) {
include_once SITE_CLASS_APPLICATION . 'user/class.OrganizationUserToverify.php';
$userToVerifyObj = new OrganizationUserToverify();
}
if (!isset($userActionObj)) {
include_once SITE_CLASS_APPLICATION . 'user/class.UserActionVerification.php';
$userActionObj = new UserActionVerification();
}
if (!isset($emailObj)) {
include_once SITE_CLASS_APPLICATION . 'class.EmailTemplate.php';
private function updateUserWorkgroupAssignation_private(IUserWorkgroupAssignation $assignation)
{
SecurityManager::getInstance()->checkPermission($assignation, new SimplePermission('', array('update')));
try {
$this->eyeosDAO->update($assignation);
} catch (Exception $e) {
//{
//TODO: rollback
//}
throw new EyeUMException('Unable to update user/workgroup assignation between user ID "' . $assignation->getUserId() . '" and workgroup ID "' . $assignation->getWorkgroupId() . '".', 0, $e);
}
}
public function checkGuard(Object $object)
{
if (!SecurityManager::checkPermission($this)) {
throw new SecurityException("Access denied by System Security Manager");
}
}
public static function extractDomainObjectFromRequest($request, $table, $param = null, $doSecurity = false)
{
if ($param == null) {
$param = $table . "Id";
$param[0] = strtolower($param[0]);
}
self::requireParam($request, $param);
$obj = Doctrine::getTable($table)->find($request->getParameter($param));
if ($obj) {
if ($doSecurity && !SecurityManager::verify($obj)) {
if (sfContext::getInstance()->getUser()->isAuthenticated()) {
throw new Exception("User tried to access a {$table} that doesnt belong to it! userId=" . sfContext::getInstance()->getUser()->getId());
} else {
sfContext::getInstance()->getController()->redirect("login/index");
}
}
return $obj;
} else {
throw new Exception("Could not find {$table} with id=" . $request->getParameter($param));
}
}
$ogGalleryManager->fEditorID = $oUser->getID();
// bringing up
if (!$ogGalleryManager->initialize()) {
_throw("FNoGalleryTables", "There is no gallery and images tables present in DB");
}
// security managers initialization (for current FA and 'global' for entire site)
if ($fusebox['mode'] == "development" || $oUser->isDev()) {
$oSecurityManager = new SecurityManager($oDB, $oUser, $oFuseaction, $fusebox['tableSecurity'], $fusebox['tableGroups'], $fusebox['tableUsersGroups'], $fusebox['defaultGroup'], SECURITYMODE_LOOSE, true);
$ogSecurityManager = new SecurityManager($oDB, $oUser, $ogFuseaction, $fusebox['tableSecurity'], $fusebox['tableGroups'], $fusebox['tableUsersGroups'], $fusebox['defaultGroup'], SECURITYMODE_LOOSE, true);
} else {
if ($fusebox['globalSecurityMode'] == "STRICT") {
$oSecurityManager = new SecurityManager($oDB, $oUser, $oFuseaction, $fusebox['tableSecurity'], $fusebox['tableGroups'], $fusebox['tableUsersGroups'], $fusebox['defaultGroup'], SECURITYMODE_STRICT, false);
$ogSecurityManager = new SecurityManager($oDB, $oUser, $ogFuseaction, $fusebox['tableSecurity'], $fusebox['tableGroups'], $fusebox['tableUsersGroups'], $fusebox['defaultGroup'], SECURITYMODE_STRICT, false);
} elseif ($fusebox['globalSecurityMode'] == "LOOSE") {
$oSecurityManager = new SecurityManager($oDB, $oUser, $oFuseaction, $fusebox['tableSecurity'], $fusebox['tableGroups'], $fusebox['tableUsersGroups'], $fusebox['defaultGroup'], SECURITYMODE_LOOSE, false);
$ogSecurityManager = new SecurityManager($oDB, $oUser, $ogFuseaction, $fusebox['tableSecurity'], $fusebox['tableGroups'], $fusebox['tableUsersGroups'], $fusebox['defaultGroup'], SECURITYMODE_LOOSE, false);
} else {
_throw("FUncertainSecurityMode", "Security mode is uncertain");
}
}
if (!$oSecurityManager->initialize() || !$ogSecurityManager->initialize()) {
_throw("FNoSecurityTables", "There are no security tables \"{$fusebox['tableGroups']}\" and/or \"{$fusebox['tableSecurity']}\" present in DB");
}
// checking that default user group exists and add it if needed
if (!$oSecurityManager->checkGroup($fusebox['defaultGroup'])) {
$tmpoGroup = new Group(0, $fusebox['defaultGroup']);
if ($oSecurityManager->addGroup($tmpoGroup)) {
unset($tmpoGroup);
} else {
_throw("FCannotAddDefaultGroup", "Cannot add default security group");
}
function remove($id)
{
$sm = new SecurityManager();
$sm->denyAll();
$sm->allow(SecurityManager::SECURITY_MANAGER_MASK_ADMIN);
$sm->checkSecurity();
if ($id == -1) {
throw new SecuritySevereException("Could not delete the SuperAdmin");
}
$sth = $this->pdo->prepare("UPDATE users SET active = 0 WHERE id = ?");
$res = $sth->execute(array($id));
if ($res == 0) {
throw new Exception("Impossible de supprimer cet utilisateur.");
}
if (isset($_REQUEST["origin"])) {
header('Location: ' . $_REQUEST["origin"]);
} else {
header('Location: ' . '/monitoring/?v=dashboard&cat=users');
}
}
/**
* @param mixed $object
* @param IMetaData $metaData
* @param String $params
* @throws EyeException
* @throws EyeErrorException
*/
public function storeMeta($object, IMetaData $metaData = null, $params)
{
if (!$object instanceof EyeUserFile) {
throw new EyeInvalidArgumentException('$object must be an EyeUserFile.');
}
$meta = $this->retrieveMeta($object, $params);
SecurityManager::getInstance()->checkPermission($metaData, new MetaDataPermission('write', $meta, $object));
$urlParts = $object->getURLComponents();
if ($urlParts['path'] == '/') {
$filepath = $this->getUserMetaFilesPath($urlParts['principalname']) . '/' . USERS_FILES_DIR . USERS_METAFILES_EXTENSION;
} else {
$filepath = $this->getUserMetaFilesPath($urlParts['principalname']) . '/' . USERS_FILES_DIR . $urlParts['path'] . USERS_METAFILES_EXTENSION;
}
$dir = dirname($filepath);
if (!is_dir($dir)) {
if (!mkdir($dir, 0777, true)) {
throw new EyeIOException('Unable to create necessary directories for meta file ' . $filepath . '.');
}
}
$provider = new SimpleXMLMetaProvider((string) $params, array(SimpleXMLMetaProvider::PARAM_FILEPATH => $filepath));
$provider->storeMeta(null, $metaData);
}
<?php
/**
* Add/Update File For Security Manager
* @package addsecuritymanager.inc.php
* @Section security_manager
*/
if (!isset($secManObj)) {
include_once SITE_CLASS_APPLICATION . 'securitymanager/class.SecurityManager.php';
$secManObj = new SecurityManager();
}
$gdbobj->getRequestVars();
if (!isset($adminUserObj)) {
include_once SITE_CLASS_APPLICATION . 'class.AdminUser.php';
$adminUserObj = new AdminUser();
}
if (!isset($countryObj)) {
include_once SITE_CLASS_APPLICATION . "class.Country.php";
$countryObj = new Country();
}
if (!isset($stateObj)) {
include_once SITE_CLASS_APPLICATION . "class.State.php";
$stateObj = new State();
}
if (!isset($cntstObj)) {
include_once SITE_CLASS_GEN . "class.countrystate.php";
$cntstObj = new CountryState();
}
$view = GetVar("view");
$iSMID = GetVar("iSMID");
$file = GetVar("file");
public function updateCollaboratorPermission(IShareable $object, AbstractEyeosPrincipal $collaborator, IPermission $permission)
{
try {
if ($object->getId() === null) {
throw new EyeNullPointerException('$object ID cannot be null.');
}
$handlerClassName = null;
foreach (self::getAllShareableObjectsHandlers() as $handler) {
if ($handler->checkType($object)) {
$handlerClassName = get_class($handler);
break;
}
}
if ($handlerClassName === null) {
throw new EyeHandlerNotFoundException('Unable to find a ShareableObjectHandler for object of class ' . get_class($object) . '.');
}
$owner = $object->getShareOwner();
SecurityManager::getInstance()->checkPermission($object, new SharePermission(array('updatecollaborator'), $collaborator));
//prepare query array
$shareInfoQuery = array(self::SHAREINFO_KEY_OWNERID => $owner->getId(), self::SHAREINFO_KEY_SHAREABLEID => $object->getId(), self::SHAREINFO_KEY_COLLABORATORID => $collaborator->getId(), self::SHAREINFO_KEY_PERMISSIONACTIONS => $permission->getActionsAsString(), self::SHAREINFO_KEY_HANDLERCLASSNAME => $handlerClassName);
$this->getProvider()->updateShareInfo($owner, $shareInfoQuery);
// TODO: we could also add the ShareInfo object containing the old permission as a
// "related source" of the event
$event = new SharingEvent(new BasicShareInfo($owner, $object, $collaborator, $permission, $handlerClassName));
foreach ($this->listeners as $listener) {
$listener->collaboratorPermissionUpdated($event);
}
} catch (Exception $e) {
self::$Logger->warn('Unable to update collaborator ' . $collaborator->getName() . ' permissions for object of class ' . get_class($object) . '.');
if (self::$Logger->isDebugEnabled()) {
self::$Logger->debug(ExceptionStackUtil::getStackTrace($e, false));
}
throw $e;
}
}
}
$newpass = $password;
// $generalobj->GenerateAdminPass('5');
// $pswd = $memArr[0]['vPassword'];
// $newpass = $generalobj->decrypt($pswd);
// $Data['vPassword'] = $generalobj->encrypt($pswd);
/* if(trim($memtype) == '')
{
$where = " iUserId = '".$memArr[0]['iUserId']."'";
$res = $dbobj->MySQLQueryPerform(PRJ_DB_PREFIX.'_user',$Data,'update',$where);
}
*/
if ($memtype == 'securitymanager') {
if (!isset($secManObj)) {
require_once SITE_CLASS_APPLICATION . "securitymanager/class.SecurityManager.php";
$secManObj = new SecurityManager();
}
$where = " (vUserName='******') ";
$data['vActivationCode'] = '';
$data['vPassword'] = $generalobj->encrypt($newpass);
$id = $secManObj->updateData($data, $where);
} else {
if ($memtype == 'orguser') {
if (!isset($orgUsrObj)) {
require_once SITE_CLASS_APPLICATION . "user/class.OrganizationUser.php";
$orgUsrObj = new OrganizationUser();
}
$where = " (vUserName='******') ";
$data['vActivationCode'] = '';
$data['vPassword'] = $generalobj->encrypt($newpass);
$id = $orgUsrObj->updateData($data, $where);
}
if (!isset($orgprefObj)) {
include_once SITE_CLASS_APPLICATION . "organization/class.OrganizationPreference.php";
$orgprefObj = new OrganizationPreference();
}
if (!isset($statusmasterObj)) {
include_once SITE_CLASS_APPLICATION . "class.StatusMaster.php";
$statusmasterObj = new StatusMaster();
}
if (!isset($orgUsrObj)) {
require_once SITE_CLASS_APPLICATION . "user/class.OrganizationUser.php";
$orgUsrObj = new OrganizationUser();
}
if (!isset($secManObj)) {
require_once SITE_CLASS_APPLICATION . "securitymanager/class.SecurityManager.php";
$secManObj = new SecurityManager();
}
if (!isset($emailObj)) {
include_once SITE_CLASS_APPLICATION . 'class.EmailTemplate.php';
$emailObj = new EmailTemplate();
}
if (!isset($userActionObj)) {
include_once SITE_CLASS_APPLICATION . 'user/class.UserActionVerification.php';
$userActionObj = new UserActionVerification();
}
if (!isset($sendMail)) {
include SITE_CLASS_GEN . "class.sendmail.php";
$sendMail = new SendPHPMail();
}
if (!isset($pohObj)) {
include_once SITE_CLASS_APPLICATION . "user/class.PurchaseOrderHeading.php";
<?php
/**
* Action file for add/Update of securitymanager
*
* @package addsecuritymanager_a.php
* @section action/security_manager
* @author Jack Scott
*/
//sendmail class incude
include SITE_CLASS_GEN . "class.sendmail.php";
//initialization of senmail class object
$sendMail = new SendPHPMail();
if (!isset($secManObj)) {
include_once SITE_CLASS_APPLICATION . 'securitymanager/class.SecurityManager.php';
$secManObj = new SecurityManager();
}
if (!isset($adminUserObj)) {
include_once SITE_CLASS_APPLICATION . 'class.AdminUser.php';
$adminUserObj = new AdminUser();
}
//prints($_POST);exit;
// print_r($Data);exit;
$view = PostVar("view");
$Data = PostVar("Data");
$dupl = PostVar('dpr');
if (!isset($Data['eEmailNotification'])) {
$Data['eEmailNotification'] = 'No';
}
$Data_access = PostVar("Data_access");
$vPassword = $generalobj->encrypt(PostVar('vPassword'));
public function checkWritePermission()
{
SecurityManager::getInstance()->checkWrite($this);
}
public function executeDeleteSubscribers(sfWebRequest $request)
{
$minyanUserIds = $request->getParameter('minyanUserIds');
if (is_array($minyanUserIds)) {
foreach ($minyanUserIds as $id) {
$minyanUser = Doctrine::getTable('MinyanUser')->find($id);
if (SecurityManager::verify($minyanUser)) {
$minyanUser->delete();
}
}
}
$this->getUser()->setFlash('subscribersSuccess', 'Deleted selected users successfully.');
echo Utils::ajaxResponse(true);
return sfView::NONE;
}
$uvdtl['vMailSubject_en'] = $email_cnt[0]['vSub_en'];
$uvdtl['vMailSubject_fr'] = $email_cnt[0]['vSub_fr'];
$uvdtl['tMailContent_en'] = $emailContent_en;
$uvdtl['tMailContent_fr'] = $emailContent_fr;
$uvdtl['iCreatedBy'] = $_SESSION['SESS_' . PRJ_CONST_PREFIX . '_ID'];
$uvdtl['eCreatedType'] = $_SESSION['SESS_' . PRJ_CONST_PREFIX . '_USER_TYPE_SHORT'];
$uvdtl['dActionDate'] = date("Y-m-d H:i:s");
if (!isset($userActionObj)) {
include_once SITE_CLASS_APPLICATION . 'user/class.UserActionVerification.php';
$userActionObj = new UserActionVerification();
}
$ua = $userActionObj->insert($uvdtl);
//
if (!isset($secManObj)) {
require_once SITE_CLASS_APPLICATION . "securitymanager/class.SecurityManager.php";
$secManObj = new SecurityManager();
}
if (!isset($orgUserObj)) {
include_once SITE_CLASS_APPLICATION . 'user/class.OrganizationUser.php';
$orgUserObj = new OrganizationUser();
}
//
if ($sess_usertype_short == 'OA') {
$smwhr = " AND eEmailNotification='Yes' AND eStatus='Active' ";
$smgrs = $secManObj->getDetails('vEmail', $smwhr);
$oawhr = " AND iUserID!='" . $sess_id . "' AND eStatus='Active' AND eUserType='Admin' AND iOrganizationID='" . $assocs[$l]['iBuyer2Id'] . "' AND eEmailNotification='Yes' ";
$oadms = $orgUserObj->getDetails('vEmail', $oawhr);
} else {
$smgrs = '';
$smwhr = " AND iSMID!='" . $sess_id . "' AND eEmailNotification='Yes' AND eStatus='Active' ";
$smgrs = $secManObj->getDetails('vEmail', $smwhr);
public static function checkpass($id, $password)
{
$CI =& get_instance();
$CI->load->model('User_model');
$user = $CI->User_model->is_role(TRUE)->is_mapper(FALSE)->get($id);
return SecurityManager::validate($password, $user['password'], $user['password_salt']);
}
