function createSystem()
{
global $settings;
global $_testInstall_Ok;
try {
/*
* The settings system is used to create a lot of output,
* we swallow it all
*/
ob_start();
/*
* Get the schema version and other constants
*/
require_once "lib/Bootstrap.php";
$bootstrap = new Bootstrap();
/*
* Now create the database
*/
$dbsettings = $_SESSION['spotsettings']['db'];
$dbCon = dbeng_abs::getDbFactory($dbsettings['engine']);
$dbCon->connect($dbsettings['host'], $dbsettings['user'], $dbsettings['pass'], $dbsettings['dbname']);
$daoFactory = Dao_Factory::getDAOFactory($dbsettings['engine']);
$daoFactory->setConnection($dbCon);
/*
* The database must exist before we can get the Service_Settings_Base instance
*/
$dbStruct = SpotStruct_abs::factory($dbsettings['engine'], $daoFactory->getConnection());
$dbStruct->updateSchema();
$spotSettings = $bootstrap->getSettings($daoFactory, false);
$svcUpgradeBase = new Services_Upgrade_Base($daoFactory, $spotSettings, $dbsettings['engine']);
/*
* Create all the different settings (only the default) ones
*/
$svcUpgradeBase->settings();
/*
* Create the users
*/
$svcUpgradeBase->users();
/*
* print all the output as HTML comment for debugging
*/
$dbCreateOutput = ob_get_contents();
ob_end_clean();
/*
* Now it is time to do something with
* the information the user has given to us
*/
/*
* Update the NNTP settings in the databas
*/
$spotSettings->set('nntp_nzb', $_SESSION['spotsettings']['nntp']['nzb']);
$spotSettings->set('nntp_hdr', $_SESSION['spotsettings']['nntp']['hdr']);
$spotSettings->set('nntp_post', $_SESSION['spotsettings']['nntp']['post']);
/*
* Create the given user
*/
$svcUserRecord = new Services_User_Record($daoFactory, $spotSettings);
$spotUser = $_SESSION['spotsettings']['adminuser'];
/*
* and actually add the user
*/
$spotUser['userid'] = $svcUserRecord->createUserRecord($spotUser)->getData('userid');
/*
* When the new user was created a random password was assigned,
* so now have to set the supplied password
*/
$svcUserRecord->setUserPassword($spotUser);
# Change the administrators' account password to that of this created user
$adminUser = $svcUserRecord->getUser(SPOTWEB_ADMIN_USERID);
$adminUser['newpassword1'] = $spotUser['newpassword1'];
$svcUserRecord->setUserPassword($adminUser);
# update the settings with our system type and our admin id
$spotSettings->set('custom_admin_userid', $spotUser['userid']);
$spotSettings->set('systemtype', $spotUser['systemtype']);
# Set the system type
$svcUpgradeBase->resetSystemType($spotUser['systemtype']);
/*
* Create the necessary database connection information
*/
$dbConnectionString = '';
switch ($_SESSION['spotsettings']['db']['engine']) {
case 'pdo_mysql':
$dbConnectionString .= "\$dbsettings['engine'] = 'pdo_mysql';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['host'] = '" . $_SESSION['spotsettings']['db']['host'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['dbname'] = '" . $_SESSION['spotsettings']['db']['dbname'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['user'] = '******'spotsettings']['db']['user'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['pass'] = '******'spotsettings']['db']['pass'] . "';" . PHP_EOL;
break;
# mysql
# mysql
case 'pdo_pgsql':
$dbConnectionString .= "\$dbsettings['engine'] = 'pdo_pgsql';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['host'] = '" . $_SESSION['spotsettings']['db']['host'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['dbname'] = '" . $_SESSION['spotsettings']['db']['dbname'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['user'] = '******'spotsettings']['db']['user'] . "';" . PHP_EOL;
$dbConnectionString .= "\$dbsettings['pass'] = '******'spotsettings']['db']['pass'] . "';" . PHP_EOL;
break;
# pdo_pgsql
}
# switch
# Try to create the dbsettings.inc.php file for the user
@file_put_contents("dbsettings.inc.php", "<?php" . PHP_EOL . $dbConnectionString);
$createdDbSettings = file_exists("dbsettings.inc.php");
showTemplate("step-final.inc.php", array('createdDbSettings' => $createdDbSettings, 'dbCreateOutput' => $dbCreateOutput, 'dbConnectionString' => $dbConnectionString));
} catch (Exception $x) {
showTemplate("fatalerror.inc.php", array('x' => $x));
}
# exception
}
* the user with
*/
$apiKey = $req->getDef('apikey', '');
$userSession = $svcUserAuth->verifyApi($apiKey);
/*
* If the session failed or the the user doesn't have access
* to retrieve spots, let the user know
*/
if ($userSession == false || !$userSession['security']->allowed(SpotSecurity::spotsec_retrieve_spots, '')) {
throw new PermissionDeniedException(SpotSecurity::spotsec_retrieve_spots, '');
}
# if
# Add the user's ip addres, we need it for sending notifications
$userSession['session'] = array('ipaddr' => '');
} else {
$userSession['user'] = $svcUserRecord->getUser(SPOTWEB_ADMIN_USERID);
$userSession['security'] = new SpotSecurity($daoFactory->getUserDao(), $daoFactory->getAuditDao(), $settings, $userSession['user'], '');
$userSession['session'] = array('ipaddr' => '');
}
# if
/*
* We normally check whether we are not running already, because
* this would mean it will mess up all sorts of things like
* comment calculation, but a user can force our hand
*/
$forceMode = SpotCommandline::get('force');
/*
* Do we need to debuglog this session? Generates loads of
* output
*/
$debugLog = SpotCommandline::get('debug');
function render()
{
# Make sure the result is set to 'not submitted' per default
$result = new Dto_FormResult('notsubmitted');
# Validate proper permissions
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, '');
} else {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, '');
}
# if
# Instantiate the user system as necessary for the management of user preferences
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
# set the page title
$this->_pageTitle = "spot: edit user preferences";
# retrieve the to-edit user
$spotUser = $svcUserRecord->getUser($this->_userIdToEdit);
if ($spotUser === false) {
$result->addError(sprintf(_('User %d can not be found'), $this->_userIdToEdit));
}
# if
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_editUserPrefsForm['action'];
/*
* Check to see if a file was uploaded, if so, handle any associated errors
*/
$avatarFileName = '';
if ($formAction == 'edit') {
$uploadHandler = new Services_Providers_FileUpload('edituserprefsform', 'avatar');
if ($uploadHandler->isUploaded()) {
if (!$uploadHandler->success()) {
$result->addError(_('Unable to update avatar') . '(' . $uploadHandler->errorText() . ')');
} else {
$avatarFileName = $uploadHandler->getTempName();
}
# else
}
# if
}
# if
# Are we trying to submit this form, or only rendering it?
if (!empty($formAction) && !$result->isError()) {
switch ($formAction) {
case 'edit':
$svcActn_EditUserPrefs = new Services_Actions_EditUserPrefs($this->_daoFactory, $this->_settings, $this->_spotSec);
$result = $svcActn_EditUserPrefs->editUserPref($this->_editUserPrefsForm, $this->_tplHelper->getTemplatePreferences(), $spotUser, $avatarFileName);
break;
# case 'edit'
# case 'edit'
case 'cancel':
$result->setResult('success');
# case 'cancel'
}
# switch
}
# if
#- display stuff -#
$this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'spotuser' => $spotUser, 'dialogembedded' => $this->_dialogembedded, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'result' => $result));
}
function render()
{
$result = new Dto_FormResult('notsubmitted');
# check the users' permissions
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, '');
} else {
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, '');
}
# if
# Instantiate the service userrecord object
$svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings);
# and create a nice and shiny page title
$this->_pageTitle = "spot: edit user";
# get the users' group membership
$spotUser = $svcUserRecord->getUser($this->_userIdToEdit);
$groupMembership = $svcUserRecord->getUserGroupMemberShip($this->_userIdToEdit);
/*
* bring the forms' action into the local scope for
* easier access
*/
$formAction = $this->_editUserForm['action'];
# Only perform certain validations when the form is actually submitted
if (!empty($formAction)) {
switch ($formAction) {
case 'delete':
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, '');
if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) {
$result->addError('Cannot delete your own user');
} else {
$result = $svcUserRecord->removeUser($this->_userIdToEdit);
}
// removeUser
break;
# case delete
# case delete
case 'edit':
# Mangle the grouplisting we get from the form to an usable format for the system
$groupList = array();
if (isset($this->_editUserForm['grouplist'])) {
foreach ($this->_editUserForm['grouplist'] as $val) {
if ($val != 'dummy') {
$groupList[] = array('groupid' => $val, 'prio' => count($groupList));
}
# if
}
# foreach
}
# if
$this->_editUserForm['userid'] = $this->_userIdToEdit;
$result = $svcUserRecord->updateUserRecord($this->_editUserForm, $groupList, $this->_spotSec->allowed(SpotSecurity::spotsec_edit_groupmembership, ''));
break;
# case 'edit'
# case 'edit'
case 'removeallsessions':
$svcUserAuth = new Services_User_Authentication($this->_daoFactory, $this->_settings);
$result = $svcUserAuth->removeAllUserSessions($spotUser['userid']);
break;
# case 'removeallsessions'
# case 'removeallsessions'
case 'resetuserapi':
$this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, '');
$result = $svcUserRecord->resetUserApi($spotUser);
break;
# case resetuserapi
}
# switch
}
# if
#- display stuff -#
$this->template('edituser', array('edituserform' => $spotUser, 'result' => $result, 'groupMembership' => $groupMembership));
}
