function render()
{
# Make sure the user has the appropriate permissions
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_keep_own_downloadlist, '');
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_keep_own_downloadlist, 'erasedls');
# Instantiat the user system as necessary for the management of user preferences
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
$svcUserRecord->clearDownloadList($this->_currentSession['user']['userid']);
$this->sendExpireHeaders(true);
$result = new Dto_FormResult('success');
$this->template('jsonresult', array('result' => $result));
}
function render()
{
# Controleer de users' rechten
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_send_notifications_services, 'twitter');
# Instantieer het Spot user system & notificatiesysteem
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
$requestArray = array_merge_recursive($this->_currentSession['user']['prefs']['notifications']['twitter'], array('consumer_key' => $this->_settings->get('twitter_consumer_key'), 'consumer_secret' => $this->_settings->get('twitter_consumer_secret')));
if ($this->_params['action'] == 'verify') {
$this->_notificationService = Notifications_Factory::build('Spotweb', 'twitter', $requestArray);
# een foute PIN invoeren geeft een notice, terwijl we zonder notice al een prima foutafhandeling hebben
list($http_code, $access_token) = @$this->_notificationService->verifyPIN($this->_params['pin']);
if ($http_code == 200) {
# request_token hebben we niet meer nodig
$this->_currentSession['user']['prefs']['notifications']['twitter']['request_token'] = '';
$this->_currentSession['user']['prefs']['notifications']['twitter']['request_token_secret'] = '';
# access_token is wat we wel willen opslaan
$this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name'] = $access_token['screen_name'];
$this->_currentSession['user']['prefs']['notifications']['twitter']['access_token'] = $access_token['oauth_token'];
$this->_currentSession['user']['prefs']['notifications']['twitter']['access_token_secret'] = $access_token['oauth_token_secret'];
$svcUserRecord->setUser($this->_currentSession['user']);
echo "Account " . $access_token['screen_name'] . " geverifiëerd.";
} else {
echo "Code " . $http_code . ": " . $this->getError($http_code);
}
# if
} elseif ($this->_params['action'] == 'remove') {
$screen_name = $this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name'];
$this->_currentSession['user']['prefs']['notifications']['twitter']['screen_name'] = '';
$this->_currentSession['user']['prefs']['notifications']['twitter']['access_token'] = '';
$this->_currentSession['user']['prefs']['notifications']['twitter']['access_token_secret'] = '';
$svcUserRecord->setUser($this->_currentSession['user']);
echo "Account " . $screen_name . " verwijderd.";
} else {
$this->_notificationService = Notifications_Factory::build('Spotweb', 'twitter', $requestArray);
list($http_code, $request_token, $registerURL) = @$this->_notificationService->requestAuthorizeURL();
if ($http_code == 200) {
# request_token slaan we op in de preferences, deze hebben we
# weer nodig wanneer de PIN wordt ingevoerd
$this->_currentSession['user']['prefs']['notifications']['twitter']['request_token'] = $request_token['oauth_token'];
$this->_currentSession['user']['prefs']['notifications']['twitter']['request_token_secret'] = $request_token['oauth_token_secret'];
$svcUserRecord->setUser($this->_currentSession['user']);
echo $registerURL;
} else {
echo "Code " . $http_code . ": " . $this->getError($http_code);
}
# if
}
# if
}
function render()
{
# Check users' permissions
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_blacklist_spotter, '');
# Make sure the editresult is set to 'not comitted' per default
$result = new Dto_FormResult('notsubmitted');
# Create the default blacklist information
$blackList = array('spotterid' => '', 'origin' => '');
# set the page title
$this->_pageTitle = "report: blacklist spotter";
/*
* bring the forms' action into the local scope for
* easier access
*/
if (isset($this->_blForm['action'])) {
$formAction = $this->_blForm['action'];
} else {
$formAction = '';
}
# else
# Instantiate the user system which does the actually heavy lifting
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
if (!empty($formAction) && !$result->isError()) {
$result->setResult('success');
# Make sure we have a complete blacklist information
$blackList = array_merge($blackList, $this->_blForm);
switch ($formAction) {
case 'addspotterid':
$result->mergeResult($svcUserRecord->addSpotterToList($this->_currentSession['user'], $blackList['spotterid'], $blackList['origin'], $blackList['idtype']));
break;
# case addspotterid
# case addspotterid
case 'removespotterid':
$result->mergeResult($svcUserRecord->removeSpotterFromList($this->_currentSession['user'], $blackList['spotterid']));
break;
# case removespotterid
}
# switch
}
# if
#- display stuff -#
$this->template('jsonresult', array('result' => $result));
}
function render()
{
$result = new Dto_FormResult('success');
# Check the appropriate permissions
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_mark_spots_asread, '');
# instantiate an user system
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
# if this is allowed, mark all individual spots as read
if ($this->_spotSec->allowed(SpotSecurity::spotsec_keep_own_seenlist, '')) {
$svcUserRecord->markAllAsRead($this->_currentSession['user']['userid']);
}
# if
# never cache this action
$this->sendExpireHeaders(true);
# our results are always in json
$this->sendContentTypeHeader('json');
# reset the lastvisit and lastread timestamp
$svcUserRecord->resetReadStamp($this->_currentSession['user']);
$this->template('jsonresult', array('result' => $result));
}
public function postSpamReport(Services_User_Record $svcUserRecord, array $user, array $report)
{
$result = new Dto_FormResult();
$spotReportDao = $this->_daoFactory->getSpotReportDao();
# Make sure the anonymous user and reserved usernames cannot post content
if (!$svcUserRecord->allowedToPost($user)) {
$result->addError(_("You need to login to be able to report spam"));
}
# if
# Retrieve the users' private key
$user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']);
# Make sure no spam report has already been posted by this user to prevent flooding
if ($spotReportDao->isReportPlaced($report['inreplyto'], $user['userid'])) {
$result->addError(_('This spot has already been reported'));
}
# if
/*
* We'll get the messageid's with <>'s but we always strip
* them in Spotweb, so remove them
*/
$report['newmessageid'] = substr($report['newmessageid'], 1, -1);
# retrieve the spot this is a report of
$svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory, $this->_nntp_hdr);
$fullSpot = $svcProvFullSpot->fetchFullSpot($report['inreplyto'], $user['userid']);
# we won't bother when the hashcash is not properly calculcated
if (substr(sha1('<' . $report['newmessageid'] . '>'), 0, 4) != '0000') {
$result->addError(_('Hash was not calculated properly'));
}
# if
# Body cannot be empty or very short
$report['body'] = trim($report['body']);
if (strlen($report['body']) < 2) {
$result->addError(_('Please provide a reason why this Spot should be reported'));
}
# if
# controleer dat de messageid waarop we replyen overeenkomt
# met het newMessageid om replay-attacks te voorkomen.
$replyToPart = substr($report['inreplyto'], 0, strpos($report['inreplyto'], '@'));
if (substr($report['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) {
$result->addError(_('Replay attack!?'));
}
# if
/*
* Make sure the random message we require in the system has not been
* used recently to prevent one calculated hashcash to be reused again
* and again
*/
if (!$spotReportDao->isReportMessageIdUnique($report['newmessageid'])) {
$result->addError(_('Replay attack!?'));
}
# if
# Make sure a newmessageid consists of a certain length
if (strlen($report['newmessageid']) < 10) {
$result->addError(_('MessageID too short!?'));
}
# if
/*
* Body is UTF-8 (we instruct the browser to do everything in UTF-*), but
* usenet wants its body in UTF-8.
*
* The database requires UTF8 again, so we keep seperate bodies for
* the database and for the system
*/
$dbReport = $report;
$report['body'] = utf8_decode($report['body']);
$report['title'] = 'REPORT <' . $report['inreplyto'] . '> ' . $fullSpot['title'];
# en post daadwerkelijk de report
if ($result->isSuccess()) {
$this->_nntp_post->reportSpotAsSpam($user, $this->_settings->get('privatekey'), $this->_settings->get('report_group'), $report);
$spotReportDao->addPostedReport($user['userid'], $dbReport);
}
# if
return $result;
}
function createSystem()
{
global $settings;
global $_testInstall_Ok;
try {
/*
* The settings system is used to create a lot of output,
* we swallow it all
*/
ob_start();
/*
* Get the schema version and other constants
*/
require_once "lib/Bootstrap.php";
$bootstrap = new Bootstrap();
/*
* Now create the database
*/
$dbsettings = $_SESSION['spotsettings']['db'];
$dbCon = dbeng_abs::getDbFactory($dbsettings['engine']);
$dbCon->connect($dbsettings['host'], $dbsettings['user'], $dbsettings['pass'], $dbsettings['dbname']);
$daoFactory = Dao_Factory::getDAOFactory($dbsettings['engine']);
$daoFactory->setConnection($dbCon);
/*
* The database must exist before we can get the Service_Settings_Base instance
*/
$dbStruct = SpotStruct_abs::factory($dbsettings['engine'], $daoFactory->getConnection());
$dbStruct->updateSchema();
$spotSettings = $bootstrap->getSettings($daoFactory, false);
$svcUpgradeBase = new Services_Upgrade_Base($daoFactory, $spotSettings, $dbsettings['engine']);
/*
* Create all the different settings (only the default) ones
*/
$svcUpgradeBase->settings();
/*
* Create the users
*/
$svcUpgradeBase->users();
/*
* print all the output as HTML comment for debugging
*/
$dbCreateOutput = ob_get_contents();
ob_end_clean();
/*
* Now it is time to do something with
* the information the user has given to us
*/
/*
* Update the NNTP settings in the databas
*/
$spotSettings->set('nntp_nzb', $_SESSION['spotsettings']['nntp']['nzb']);
$spotSettings->set('nntp_hdr', $_SESSION['spotsettings']['nntp']['hdr']);
$spotSettings->set('nntp_post', $_SESSION['spotsettings']['nntp']['post']);
/*
* Create the given user
*/
$svcUserRecord = new Services_User_Record($daoFactory, $spotSettings);
$spotUser = $_SESSION['spotsettings']['adminuser'];
/*
* and actually add the user
*/
$spotUser['userid'] = $svcUserRecord->createUserRecord($spotUser)->getData('userid');
/*
* When the new user was created a random password was assigned,
* so now have to set the supplied password
*/
$svcUserRecord->setUserPassword($spotUser);
# Change the administrators' account password to that of this created user
$adminUser = $svcUserRecord->getUser(SPOTWEB_ADMIN_USERID);
$adminUser['newpassword1'] = $spotUser['newpassword1'];
$svcUserRecord->setUserPassword($adminUser);
# update the settings with our system type and our admin id
$spotSettings->set('custom_admin_userid', $spotUser['userid']);
$spotSettings->set('systemtype', $spotUser['systemtype']);
# Set the system type
$svcUpgradeBase->resetSystemType($spotUser['systemtype']);
/*
* Create the necessary database connection information
*/
$dbConnectionString = '';
switch ($_SESSION['spotsettings']['db']['engine']) {
case 'pdo_mysql':
$dbConnectionString .= "\$dbsettings['engine'] = 'pdo_mysql';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['host'] = '" . $_SESSION['spotsettings']['db']['host'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['dbname'] = '" . $_SESSION['spotsettings']['db']['dbname'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['user'] = '******'spotsettings']['db']['user'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['pass'] = '******'spotsettings']['db']['pass'] . "';" . PHP_EOL;
break;
# mysql
# mysql
case 'pdo_pgsql':
$dbConnectionString .= "\$dbsettings['engine'] = 'pdo_pgsql';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['host'] = '" . $_SESSION['spotsettings']['db']['host'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['dbname'] = '" . $_SESSION['spotsettings']['db']['dbname'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['user'] = '******'spotsettings']['db']['user'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['pass'] = '******'spotsettings']['db']['pass'] . "';" . PHP_EOL;
break;
# pdo_pgsql
}
# switch
# Try to create the dbsettings.inc.php file for the user
@file_put_contents("dbsettings.inc.php", "<?php" . PHP_EOL . $dbConnectionString);
$createdDbSettings = file_exists("dbsettings.inc.php");
showTemplate("step-final.inc.php", array('createdDbSettings' => $createdDbSettings, 'dbCreateOutput' => $dbCreateOutput, 'dbConnectionString' => $dbConnectionString));
} catch (Exception $x) {
showTemplate("fatalerror.inc.php", array('x' => $x));
}
# exception
}
public function postComment(Services_User_Record $svcUserRecord, array $user, array $comment)
{
$result = new Dto_FormResult();
$commentDao = $this->_daoFactory->getCommentDao();
# Make sure the anonymous user and reserved usernames cannot post content
if (!$svcUserRecord->allowedToPost($user)) {
$result->addError(_("You need to login to be able to post comments"));
}
# if
# Retrieve the users' private key
$user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']);
/*
* We'll get the messageid's with <>'s but we always strip
* them in Spotweb, so remove them
*/
$comment['newmessageid'] = substr($comment['newmessageid'], 1, -1);
# we won't bother when the hashcash is not properly calculcated
if (substr(sha1('<' . $comment['newmessageid'] . '>'), 0, 4) != '0000') {
$result->addError(_('Hash was not calculated properly'));
}
# if
# Body cannot be either empty or very short
$comment['body'] = trim($comment['body']);
if (strlen($comment['body']) < 2) {
$result->addError(_('Please enter a comment'));
}
# if
if (strlen($comment['body']) > 1024 * 10) {
$result->addError(_('Comment is too long'));
}
# if
# Rating must be within range
if ($comment['rating'] > 10 || $comment['rating'] < 0) {
$result->addError(_('Invalid rating'));
}
# if
/*
* The "newmessageid" is based upon the messageid we are replying to,
* this is to make sure a user cannot reuse an calculated hashcash
* for an spam attack on different posts
*/
$replyToPart = substr($comment['inreplyto'], 0, strpos($comment['inreplyto'], '@'));
if (substr($comment['newmessageid'], 0, strlen($replyToPart)) != $replyToPart) {
$result->addError(_('Replay attack!?'));
}
# if
/*
* Make sure the random message we require in the system has not been
* used recently to prevent one calculated hashcash to be reused again
* and again
*/
if (!$commentDao->isCommentMessageIdUnique($comment['newmessageid'])) {
$result->addError(_('Replay attack!?'));
}
# if
# Make sure a newmessageid contains a certain length
if (strlen($comment['newmessageid']) < 10) {
$result->addError(_('MessageID too short!?'));
}
# if
# Retrieve the spot to which we are commenting
$svcProvFullSpot = new Services_Providers_FullSpot($this->_daoFactory->getSpotDao(), $this->_nntp_hdr);
$fullSpot = $svcProvFullSpot->fetchFullSpot($comment['inreplyto'], $user['userid']);
# Add the title as a comment property
$comment['title'] = 'Re: ' . $fullSpot['title'];
/*
* Body is UTF-8 (we instruct the browser to do everything in UTF-8), but
* usenet wants its body in iso-8859-1.
*
* The database requires UTF8 again, so we keep seperate bodies for
* the database and for the system
*/
$dbComment = $comment;
$comment['body'] = utf8_decode($comment['body']);
# and actually post the comment
if ($result->isSuccess()) {
try {
$this->_nntp_post->postComment($user, $this->_settings->get('privatekey'), $this->_settings->get('comment_group'), $comment);
$commentDao->addPostedComment($user['userid'], $dbComment);
} catch (Exception $x) {
$result->addError($x->getMessage());
}
# catch
}
# if
return $result;
}
public function postSpot(Services_User_Record $svcUserRecord, array $user, array $spot, $imageFilename, $nzbFilename)
{
$result = new Dto_FormResult();
$spotDao = $this->_daoFactory->getSpotDao();
# Make sure the anonymous user and reserved usernames cannot post content
if (!$svcUserRecord->allowedToPost($user)) {
$result->addError(_("You need to login to be able to post spots"));
}
# if
# Retrieve the users' private key
$user['privatekey'] = $svcUserRecord->getUserPrivateRsaKey($user['userid']);
$hdr_newsgroup = $this->_settings->get('hdr_group');
$bin_newsgroup = $this->_settings->get('nzb_group');
/*
* We'll get the messageid's with <>'s but we always strip
* them in Spotweb, so remove them
*/
$spot['newmessageid'] = substr($spot['newmessageid'], 1, -1);
/*
$hdr_newsgroup = 'alt.test';
$bin_newsgroup = 'alt.test';
*/
# If the hashcash doesn't match, we will never post it
if (substr(sha1('<' . $spot['newmessageid'] . '>'), 0, 4) != '0000') {
$result->addError(_('Hash was not calculated properly'));
}
# if
# Verify several properties from the caller
$result->addData('spot', $spot);
$result = $this->_spotValidator->verifyTitle($result);
$result = $this->_spotValidator->verifyBody($result);
$result = $this->_spotValidator->verifyCategories($result);
$result = $this->_spotValidator->verifyWebsite($result);
$result = $this->_spotValidator->verifyTag($result);
/*
* Retrieve the spot information from the result,
* and remove it again. We do not want to send the
* whole spot back to the caller
*/
$spot = $result->getData('spot');
$result->removeData('spot');
# Read the contents of image so we can check it
$imageContents = file_get_contents($imageFilename);
# the image should be below 1MB
if (strlen($imageContents) > 1024 * 1024) {
$result->addError(_('Uploaded image is too large (maximum 1MB)'));
}
# if
/*
* Get some image information, if it fails, this is an
* error as well
*/
$tmpGdImageSize = getimagesize($imageFilename);
if ($tmpGdImageSize === false) {
$result->addError(_('Uploaded image was not recognized as an image'));
} else {
$imageInfo = array('width' => $tmpGdImageSize[0], 'height' => $tmpGdImageSize[1]);
}
# if
/*
* Load the NZB file as an XML file so we can make sure
* it's a valid XML and NZB file and we can determine the
* filesize
*/
$nzbFileContents = file_get_contents($nzbFilename);
$nzbXml = simplexml_load_string($nzbFileContents);
# Do some basic sanity checking for some required NZB elements
if (empty($nzbXml->file)) {
$result->addError(_('Incorrect NZB file'));
}
# if
# and determine the total filesize
$spot['filesize'] = 0;
foreach ($nzbXml->file as $file) {
foreach ($file->segments->segment as $seg) {
$spot['filesize'] += (int) $seg['bytes'];
}
# foreach
}
# foreach
/*
* Make sure we didn't use this messageid recently or at all, this
* prevents people from not recalculating the hashcash in order to spam
* the system
*/
if (!$spotDao->isNewSpotMessageIdUnique($spot['newmessageid'])) {
$result->addError(_('Replay attack!?'));
}
# if
# Make sure a newmessageid contains a certain length
if (strlen($spot['newmessageid']) < 10) {
$result->addError(_('MessageID too short!?'));
}
# if
# We require the keyid 7 because it is selfsigned
$spot['key'] = 7;
# Poster's username
$spot['poster'] = $user['username'];
# actually post the spot
if ($result->isSuccess()) {
/*
* Retrieve the image information and post the image to
* the appropriate newsgroup so we have the messageid list of
* images
*/
$imgSegmentList = $this->_nntp_post->postBinaryMessage($user, $bin_newsgroup, $imageContents, '');
$imageInfo['segments'] = $imgSegmentList;
# Post the NZB file to the appropriate newsgroups
$nzbSegmentList = $this->_nntp_post->postBinaryMessage($user, $bin_newsgroup, gzdeflate($nzbFileContents), '');
# Convert the current Spotnet info, to an XML structure
$spotCreator = new Services_Format_Creation();
$spotXml = $spotCreator->convertSpotToXml($spot, $imageInfo, $nzbSegmentList);
$spot['spotxml'] = $spotXml;
# And actually post to the newsgroups
$this->_nntp_post->postFullSpot($user, $this->_settings->get('privatekey'), $hdr_newsgroup, $spot);
$spotDao->addPostedSpot($user['userid'], $spot, $spotXml);
}
# if
return $result;
}
function render()
{
# Make sure the result is set to 'not submitted' per default
$result = new Dto_FormResult('notsubmitted');
# Validate proper permissions
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, '');
} else {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, '');
}
# if
# Instantiate the user system as necessary for the management of user preferences
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
# set the page title
$this->_pageTitle = "spot: edit user preferences";
# retrieve the to-edit user
$spotUser = $svcUserRecord->getUser($this->_userIdToEdit);
if ($spotUser === false) {
$result->addError(sprintf(_('User %d can not be found'), $this->_userIdToEdit));
}
# if
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_editUserPrefsForm['action'];
/*
* Check to see if a file was uploaded, if so, handle any associated errors
*/
$avatarFileName = '';
if ($formAction == 'edit') {
$uploadHandler = new Services_Providers_FileUpload('edituserprefsform', 'avatar');
if ($uploadHandler->isUploaded()) {
if (!$uploadHandler->success()) {
$result->addError(_('Unable to update avatar') . '(' . $uploadHandler->errorText() . ')');
} else {
$avatarFileName = $uploadHandler->getTempName();
}
# else
}
# if
}
# if
# Are we trying to submit this form, or only rendering it?
if (!empty($formAction) && !$result->isError()) {
switch ($formAction) {
case 'edit':
$svcActn_EditUserPrefs = new Services_Actions_EditUserPrefs($this->_daoFactory, $this->_settings, $this->_spotSec);
$result = $svcActn_EditUserPrefs->editUserPref($this->_editUserPrefsForm, $this->_tplHelper->getTemplatePreferences(), $spotUser, $avatarFileName);
break;
# case 'edit'
# case 'edit'
case 'cancel':
$result->setResult('success');
# case 'cancel'
}
# switch
}
# if
#- display stuff -#
$this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'spotuser' => $spotUser, 'dialogembedded' => $this->_dialogembedded, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'result' => $result));
}
function allowedToPost()
{
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
return $svcUserRecord->allowedToPost($this->_currentSession['user']);
}
# if
# Initialize translation to english
SpotTranslation::initialize('en_US');
/*
* When PHP is running in safe mode, max execution time cannot be set,
* which is necessary on slow systems for retrieval and statistics generation
*/
if (ini_get('safe_mode')) {
echo "WARNING: PHP safemode is enabled, maximum execution cannot be reset! Turn off safemode if this causes problems" . PHP_EOL . PHP_EOL;
}
# if
/*
* When retrieval is run from the webinterface, we want to make
* sure this user is actually allowed to run retrieval.
*/
$svcUserRecord = new Services_User_Record($daoFactory, $settings);
$svcUserAuth = new Services_User_Authentication($daoFactory, $settings);
if (!SpotCommandline::isCommandline()) {
/*
* An API key is required, so request it and try to
* create a session with it which we can use to validate
* the user with
*/
$apiKey = $req->getDef('apikey', '');
$userSession = $svcUserAuth->verifyApi($apiKey);
/*
* If the session failed or the the user doesn't have access
* to retrieve spots, let the user know
*/
if ($userSession == false || !$userSession['security']->allowed(SpotSecurity::spotsec_retrieve_spots, '')) {
throw new PermissionDeniedException(SpotSecurity::spotsec_retrieve_spots, '');
function render()
{
$result = new Dto_FormResult('notsubmitted');
# check the users' permissions
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, '');
} else {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, '');
}
# if
# Instantiate the service userrecord object
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
# and create a nice and shiny page title
$this->_pageTitle = "spot: edit user";
# get the users' group membership
$spotUser = $svcUserRecord->getUser($this->_userIdToEdit);
$groupMembership = $svcUserRecord->getUserGroupMemberShip($this->_userIdToEdit);
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_editUserForm['action'];
# Only perform certain validations when the form is actually submitted
if (!empty($formAction)) {
switch ($formAction) {
case 'delete':
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, '');
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$result->addError('Cannot delete your own user');
} else {
$result = $svcUserRecord->removeUser($this->_userIdToEdit);
}
// removeUser
break;
# case delete
# case delete
case 'edit':
# Mangle the grouplisting we get from the form to an usable format for the system
$groupList = array();
if (isset($this->_editUserForm['grouplist'])) {
foreach ($this->_editUserForm['grouplist'] as $val) {
if ($val != 'dummy') {
$groupList[] = array('groupid' => $val, 'prio' => count($groupList));
}
# if
}
# foreach
}
# if
$this->_editUserForm['userid'] = $this->_userIdToEdit;
$result = $svcUserRecord->updateUserRecord($this->_editUserForm, $groupList, $this->_spotSec->allowed(SpotSecurity::spotsec_edit_groupmembership, ''));
break;
# case 'edit'
# case 'edit'
case 'removeallsessions':
$svcUserAuth = new Services_User_Authentication($this->_daoFactory, $this->_settings);
$result = $svcUserAuth->removeAllUserSessions($spotUser['userid']);
break;
# case 'removeallsessions'
# case 'removeallsessions'
case 'resetuserapi':
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, '');
$result = $svcUserRecord->resetUserApi($spotUser);
break;
# case resetuserapi
}
# switch
}
# if
#- display stuff -#
$this->template('edituser', array('edituserform' => $spotUser, 'result' => $result, 'groupMembership' => $groupMembership));
}
function render()
{
$result = new Dto_FormResult('notsubmitted');
# Make sure the user has the appropriate rights
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_securitygroups, '');
# Instantiate the user record system
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
# set the page title
$this->_pageTitle = "spot: edit security groups";
/*
* Retrieve the requested group and merge results
*/
if ($this->_groupId != 9999) {
$this->_editSecGroupForm = array_merge($svcUserRecord->getSecGroup($this->_groupId), $this->_editSecGroupForm);
}
# if
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_editSecGroupForm['action'];
# Did the user submit already or are we just rendering the form?
if (!empty($formAction)) {
switch ($formAction) {
case 'removegroup':
$result = $svcUserRecord->removeSecGroup($this->_groupId);
break;
# case 'removegroup'
# case 'removegroup'
case 'addperm':
$result = $svcUserRecord->addPermToSecGroup($this->_groupId, $this->_editSecGroupForm);
break;
# case 'addperm'
# case 'addperm'
case 'removeperm':
$result = $svcUserRecord->removePermFromSecGroup($this->_groupId, $this->_editSecGroupForm);
break;
# case 'removeparm'
# case 'removeparm'
case 'setallow':
case 'setdeny':
$this->_editSecGroupForm['deny'] = (bool) ($formAction == 'setdeny');
$result = $svcUserRecord->setDenyForPermFromSecGroup($this->_groupId, $this->_editSecGroupForm);
break;
# case 'setallow' / 'setdeny'
# case 'setallow' / 'setdeny'
case 'addgroup':
$result = $svcUserRecord->addSecGroup($this->_editSecGroupForm['name']);
break;
# 'addgroup'
# 'addgroup'
case 'changename':
$result = $svcUserRecord->setSecGroup($this->_groupId, $this->_editSecGroupForm['name']);
break;
# case 'changename'
}
# switch
}
# if
#- display stuff -#
$this->template('editsecgroup', array('securitygroup' => $this->_editSecGroupForm, 'result' => $result, 'http_referer' => $this->_editSecGroupForm['http_referer']));
}
