/** * Avatar_userapi_setavatar() * * sets the user avatar. * * @param integer $args['uid'] the user id * @param string $args['avatar'] the user avatar * @return boolean success **/ public function setavatar($args) { if (!isset($args['uid']) || !isset($args['avatar'])) { return LogUtil::registerArgsError(); } $avatar_ok = ModUtil::apiFunc('Avatar', 'user', 'checkAvatar', $args); if ($avatar_ok == true) { $uname = UserUtil::getVar('uname', $args['uid']); if ($args['avatar'] == 'blank.gif') { $args['avatar'] = ''; $status = $this->__f('Done! The avatar of the user \'%s\' has been disabled.', $uname); } else { if ($args['avatar'] == 'gravatar.gif') { $status = $this->__f('Done! The avatar of the user \'%s\' has been set to his gravatar.', $uname); } else { $status = $this->__f('Done! The avatar of the user \'%1$s\' has been changed to \'%2$s\'', array($uname, $args['avatar'])); } } UserUtil::setVar('avatar', $args['avatar'], $args['uid']); LogUtil::registerStatus($status); return true; } return LogUtil::registerError($this->__f('Error! The user is not authorized to use this avatar. To change this, update the permission for %s.', $args['avatar'])); }
/** * Respond to a `module.users.ui.process_edit` event to store profile data gathered when editing or creating a user account. * * Parameters passed in via POST: * ------------------------------ * array dynadata An array containing the profile items to store for the user. * * @param Zikula_Event $event The event that triggered this function call, containing the id of the user for which profile information should be stored. * * @return void */ public function processEdit(Zikula_Event $event) { if ($this->request->isPost()) { if ($this->validation && !$this->validation->hasErrors()) { $user = $event->getSubject(); $dynadata = $this->request->getPost()->has('dynadata') ? $this->request->getPost()->get('dynadata') : array(); foreach ($dynadata as $dudName => $dudItem) { UserUtil::setVar($dudName, $dudItem, $user['uid']); } } } }
/** * Responds to process_edit hook-like event notifications. * * @param Zikula_Event $event The event that triggered this function call. * * @return void * * @throws Zikula_Exception_Fatal Thrown if a user account does not exist for the uid specified by the event. */ public function processEdit(Zikula_Event $event) { $activePolicies = $this->helper->getActivePolicies(); $eventName = $event->getName(); if (isset($this->validation) && !$this->validation->hasErrors()) { $user = $event->getSubject(); $uid = $user['uid']; if (!UserUtil::isLoggedIn()) { if (($eventName == 'module.users.ui.process_edit.login_screen') || ($eventName == 'module.users.ui.process_edit.login_block')) { $policiesAcceptedAtLogin = $this->validation->getObject(); $nowUTC = new DateTime('now', new DateTimeZone('UTC')); $nowUTCStr = $nowUTC->format(DateTime::ISO8601); if ($activePolicies['termsOfUse'] && $policiesAcceptedAtLogin['termsOfUse']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowUTCStr, $uid); } if ($activePolicies['privacyPolicy'] && $policiesAcceptedAtLogin['privacyPolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowUTCStr, $uid); } if ($activePolicies['agePolicy'] && $policiesAcceptedAtLogin['agePolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowUTCStr, $uid); } if ($activePolicies['cancellationRightPolicy'] && $policiesAcceptedAtLogin['cancellationRightPolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowUTCStr, $uid); } if ($activePolicies['tradeConditions'] && $policiesAcceptedAtLogin['tradeConditions']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowUTCStr, $uid); } // Force the reload of the user record $user = UserUtil::getVars($uid, true); } else { $isRegistration = UserUtil::isRegistration($uid); $user = UserUtil::getVars($uid, false, 'uid', $isRegistration); if (!$user) { throw new Zikula_Exception_Fatal(__('A user account or registration does not exist for the specified uid.', $this->domain)); } $policiesAcceptedAtRegistration = $this->validation->getObject(); $nowUTC = new DateTime('now', new DateTimeZone('UTC')); $nowUTCStr = $nowUTC->format(DateTime::ISO8601); if ($activePolicies['termsOfUse'] && $policiesAcceptedAtRegistration['termsOfUse']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowUTCStr, $uid); } if ($activePolicies['privacyPolicy'] && $policiesAcceptedAtRegistration['privacyPolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowUTCStr, $uid); } if ($activePolicies['agePolicy'] && $policiesAcceptedAtRegistration['agePolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowUTCStr, $uid); } if ($activePolicies['cancellationRightPolicy'] && $policiesAcceptedAtRegistration['cancellationRightPolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowUTCStr, $uid); } if ($activePolicies['tradeConditions'] && $policiesAcceptedAtRegistration['tradeConditions']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowUTCStr, $uid); } // Force the reload of the user record $user = UserUtil::getVars($uid, true, 'uid', $isRegistration); } } else { $isRegistration = UserUtil::isRegistration($uid); $user = UserUtil::getVars($uid, false, 'uid', $isRegistration); if (!$user) { throw new Zikula_Exception_Fatal(__('A user account or registration does not exist for the specified uid.', $this->domain)); } $policiesAcceptedAtRegistration = $this->validation->getObject(); $editablePolicies = $this->helper->getEditablePolicies(); $nowUTC = new DateTime('now', new DateTimeZone('UTC')); $nowUTCStr = $nowUTC->format(DateTime::ISO8601); if ($activePolicies['termsOfUse'] && $editablePolicies['termsOfUse']) { if ($policiesAcceptedAtRegistration['termsOfUse']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowUTCStr, $uid); } elseif (($policiesAcceptedAtRegistration['termsOfUse'] === 0) || ($policiesAcceptedAtRegistration['termsOfUse'] === "0")) { UserUtil::delVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $uid); } } if ($activePolicies['privacyPolicy'] && $editablePolicies['privacyPolicy']) { if ($policiesAcceptedAtRegistration['privacyPolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowUTCStr, $uid); } elseif (($policiesAcceptedAtRegistration['privacyPolicy'] === 0) || ($policiesAcceptedAtRegistration['termsOfUse'] === "0")) { UserUtil::delVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $uid); } } if ($activePolicies['agePolicy'] && $editablePolicies['agePolicy']) { if ($policiesAcceptedAtRegistration['agePolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowUTCStr, $uid); } elseif (($policiesAcceptedAtRegistration['agePolicy'] === 0) || ($policiesAcceptedAtRegistration['termsOfUse'] === "0")) { UserUtil::delVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $uid); } } if ($activePolicies['cancellationRightPolicy'] && $editablePolicies['cancellationRightPolicy']) { if ($policiesAcceptedAtRegistration['cancellationRightPolicy']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowUTCStr, $uid); } elseif (($policiesAcceptedAtRegistration['cancellationRightPolicy'] === 0) || ($policiesAcceptedAtRegistration['cancellationRightPolicy'] === "0")) { UserUtil::delVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $uid); } } if ($activePolicies['tradeConditions'] && $editablePolicies['tradeConditions']) { if ($policiesAcceptedAtRegistration['tradeConditions']) { UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowUTCStr, $uid); } elseif (($policiesAcceptedAtRegistration['tradeConditions'] === 0) || ($policiesAcceptedAtRegistration['tradeConditions'] === "0")) { UserUtil::delVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $uid); } } // Force the reload of the user record $user = UserUtil::getVars($uid, true, 'uid', $isRegistration); } } }
/** * Sets or resets a user's need to changed his password on his next attempt at logging ing. * * Parameters passed via GET: * -------------------------- * numeric userid The uid of the user for whom a change of password should be forced (or canceled). * * Parameters passed via POST: * --------------------------- * numeric userid The uid of the user for whom a change of password should be forced (or canceled). * boolean user_must_change_password True to force the user to change his password at his next log-in attempt, otherwise false. * * Parameters passed via SESSION: * ------------------------------ * None. * * @return string The rendered output from either the template for confirmation. * * @throws Zikula_Exception_Fatal Thrown if a user id is not specified, is invalid, or does not point to a valid account record, * or the account record is not in a consistent state. * @throws Zikula_Exception_Forbidden Thrown if the current user does not have edit access for the account record. */ public function toggleForcedPasswordChange() { if ($this->request->isGet()) { $uid = $this->request->query->get('userid', false); if (!$uid || !is_numeric($uid) || ((int)$uid != $uid)) { throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs()); } $userObj = UserUtil::getVars($uid); if (!isset($userObj) || !$userObj || !is_array($userObj) || empty($userObj)) { throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs()); } if (!SecurityUtil::checkPermission('Users::', "{$userObj['uname']}::{$uid}", ACCESS_EDIT)) { throw new Zikula_Exception_Forbidden(); } $userMustChangePassword = UserUtil::getVar('_Users_mustChangePassword', $uid, false); return $this->view->assign('user_obj', $userObj) ->assign('user_must_change_password', $userMustChangePassword) ->fetch('users_admin_toggleforcedpasswordchange.tpl'); } elseif ($this->request->isPost()) { $this->checkCsrfToken(); $uid = $this->request->request->get('userid', false); $userMustChangePassword = $this->request->request->get('user_must_change_password', false); if (!$uid || !is_numeric($uid) || ((int)$uid != $uid)) { throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs()); } // Force reload of User object into cache. $userObj = UserUtil::getVars($uid); if (!SecurityUtil::checkPermission('Users::', "{$userObj['uname']}::{$uid}", ACCESS_EDIT)) { throw new Zikula_Exception_Forbidden(); } if ($userMustChangePassword) { UserUtil::setVar('_Users_mustChangePassword', $userMustChangePassword, $uid); } else { UserUtil::delVar('_Users_mustChangePassword', $uid); } // Force reload of User object into cache. $userObj = UserUtil::getVars($uid, true); if ($userMustChangePassword) { if (isset($userObj['__ATTRIBUTES__']) && isset($userObj['__ATTRIBUTES__']['_Users_mustChangePassword'])) { $this->registerStatus($this->__f('Done! A password change will be required the next time %1$s logs in.', array($userObj['uname']))); } else { throw new Zikula_Exception_Fatal(); } } else { if (isset($userObj['__ATTRIBUTES__']) && isset($userObj['__ATTRIBUTES__']['_Users_mustChangePassword'])) { throw new Zikula_Exception_Fatal(); } else { $this->registerStatus($this->__f('Done! A password change will no longer be required for %1$s.', array($userObj['uname']))); } } $this->redirect(ModUtil::url($this->name, 'admin', 'view')); } else { throw new Zikula_Exception_Forbidden(); } }
/** * Allow the user to accept active terms of use and/or privacy policy. * * This function is currently used by the Legal module's handler for the users.login.veto event. * * @return string The rendered output from the template. * * @throws Zikula_Exception_Forbidden Thrown if the user is not logged in and the acceptance attempt is not a result of a login attempt. * * @throws Zikula_Exception_Fatal Thrown if the user is already logged in and the acceptance attempt is a result of a login attempt; * also thrown in cases where expected data is not present or not in an expected form; * also thrown if the call to this function is not the result of a POST operation or a GET operation. */ public function acceptPolicies() { // Retrieve and delete any session variables being sent in by the log-in process before we give the function a chance to // throw an exception. We need to make sure no sensitive data is left dangling in the session variables. $sessionVars = $this->request->getSession()->get('Legal_Controller_User_acceptPolicies', null, $this->name); $this->request->getSession()->del('Legal_Controller_User_acceptPolicies', $this->name); $processed = false; $helper = new Legal_Helper_AcceptPolicies(); if ($this->request->isPost()) { $this->checkCsrfToken(); $isLogin = isset($sessionVars) && !empty($sessionVars); if (!$isLogin && !UserUtil::isLoggedIn()) { throw new Zikula_Exception_Forbidden(); } elseif ($isLogin && UserUtil::isLoggedIn()) { throw new Zikula_Exception_Fatal(); } $policiesUid = $this->request->getPost()->get('acceptedpolicies_uid', false); $acceptedPolicies = array( 'termsOfUse' => $this->request->getPost()->get('acceptedpolicies_termsofuse', false), 'privacyPolicy' => $this->request->getPost()->get('acceptedpolicies_privacypolicy', false), 'agePolicy' => $this->request->getPost()->get('acceptedpolicies_agepolicy', false), 'cancellationRightPolicy' => $this->request->getPost()->get('acceptedpolicies_cancellationrightpolicy', false), 'tradeConditions' => $this->request->getPost()->get('acceptedpolicies_tradeconditions', false) ); if (!isset($policiesUid) || empty($policiesUid) || !is_numeric($policiesUid)) { throw new Zikula_Exception_Fatal(); } $activePolicies = $helper->getActivePolicies(); $originalAcceptedPolicies = $helper->getAcceptedPolicies($policiesUid); $fieldErrors = array(); if ($activePolicies['termsOfUse'] && !$originalAcceptedPolicies['termsOfUse'] && !$acceptedPolicies['termsOfUse']) { $fieldErrors['termsofuse'] = $this->__('You must accept this site\'s Terms of Use in order to proceed.'); } if ($activePolicies['privacyPolicy'] && !$originalAcceptedPolicies['privacyPolicy'] && !$acceptedPolicies['privacyPolicy']) { $fieldErrors['privacypolicy'] = $this->__('You must accept this site\'s Privacy Policy in order to proceed.'); } if ($activePolicies['agePolicy'] && !$originalAcceptedPolicies['agePolicy'] && !$acceptedPolicies['agePolicy']) { $fieldErrors['agepolicy'] = $this->__f('In order to log in, you must confirm that you meet the requirements of this site\'s Minimum Age Policy. If you are not %1$s years of age or older, and you do not have a parent\'s permission to use this site, then please ask your parent to contact a site administrator.', array(ModUtil::getVar('Legal', Legal_Constant::MODVAR_MINIMUM_AGE, 0))); } if ($activePolicies['cancellationRightPolicy'] && !$originalAcceptedPolicies['cancellationRightPolicy'] && !$acceptedPolicies['cancellationRightPolicy']) { $fieldErrors['cancellationrightpolicy'] = $this->__('You must accept our cancellation right policy in order to proceed.'); } if ($activePolicies['tradeConditions'] && !$originalAcceptedPolicies['tradeConditions'] && !$acceptedPolicies['tradeConditions']) { $fieldErrors['tradeconditions'] = $this->__('You must accept our general terms and conditions of trade in order to proceed.'); } if (empty($fieldErrors)) { $now = new DateTime('now', new DateTimeZone('UTC')); $nowStr = $now->format(DateTime::ISO8601); if ($activePolicies['termsOfUse'] && $acceptedPolicies['termsOfUse']) { $termsOfUseProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowStr, $policiesUid); } else { $termsOfUseProcessed = !$activePolicies['termsOfUse'] || $originalAcceptedPolicies['termsOfUse']; } if ($activePolicies['privacyPolicy'] && $acceptedPolicies['privacyPolicy']) { $privacyPolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowStr, $policiesUid); } else { $privacyPolicyProcessed = !$activePolicies['privacyPolicy'] || $originalAcceptedPolicies['privacyPolicy']; } if ($activePolicies['agePolicy'] && $acceptedPolicies['agePolicy']) { $agePolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowStr, $policiesUid); } else { $agePolicyProcessed = !$activePolicies['agePolicy'] || $originalAcceptedPolicies['agePolicy']; } if ($activePolicies['cancellationRightPolicy'] && $acceptedPolicies['cancellationRightPolicy']) { $cancellationRightPolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowStr, $policiesUid); } else { $cancellationRightPolicyProcessed = !$activePolicies['cancellationRightPolicy'] || $originalAcceptedPolicies['cancellationRightPolicy']; } if ($activePolicies['tradeConditions'] && $acceptedPolicies['tradeConditions']) { $tradeConditionsProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowStr, $policiesUid); } else { $tradeConditionsProcessed = !$activePolicies['tradeConditions'] || $originalAcceptedPolicies['tradeConditions']; } $processed = $termsOfUseProcessed && $privacyPolicyProcessed && $agePolicyProcessed && $cancellationRightPolicyProcessed && $tradeConditionsProcessed; } if ($processed) { if ($isLogin) { $loginArgs = $this->request->getSession()->get('Users_Controller_User_login', array(), 'Zikula_Users'); $loginArgs['authentication_method'] = $sessionVars['authentication_method']; $loginArgs['authentication_info'] = $sessionVars['authentication_info']; $loginArgs['rememberme'] = $sessionVars['rememberme']; return ModUtil::func('Users', 'user', 'login', $loginArgs); } else { $this->redirect(System::getHomepageUrl()); } } } elseif ($this->request->isGet()) { $isLogin = $this->request->getGet()->get('login', false); $fieldErrors = array(); } else { throw new Zikula_Exception_Forbidden(); } // If we are coming here from the login process, then there are certain things that must have been // send along in the session variable. If not, then error. if ($isLogin && (!isset($sessionVars['user_obj']) || !is_array($sessionVars['user_obj']) || !isset($sessionVars['authentication_info']) || !is_array($sessionVars['authentication_info']) || !isset($sessionVars['authentication_method']) || !is_array($sessionVars['authentication_method'])) ) { throw new Zikula_Exception_Fatal(); } if ($isLogin) { $policiesUid = $sessionVars['user_obj']['uid']; } else { $policiesUid = UserUtil::getVar('uid'); } if (!$policiesUid || empty($policiesUid)) { throw new Zikula_Exception_Fatal(); } if ($isLogin) { // Pass along the session vars to updateAcceptance. We didn't want to just keep them in the session variable // Legal_Controller_User_acceptPolicies because if we hit an exception or got redirected, then the data // would have been orphaned, and it contains some sensitive information. SessionUtil::requireSession(); $this->request->getSession()->set('Legal_Controller_User_acceptPolicies', $sessionVars, $this->name); } $templateVars = array( 'login' => $isLogin, 'policiesUid' => $policiesUid, 'activePolicies' => $helper->getActivePolicies(), 'acceptedPolicies' => isset($acceptedPolicies) ? $acceptedPolicies : $helper->getAcceptedPolicies($policiesUid), 'originalAcceptedPolicies' => isset($originalAcceptedPolicies) ? $originalAcceptedPolicies : $helper->getAcceptedPolicies($policiesUid), 'fieldErrors' => $fieldErrors, ); return $this->view->assign($templateVars) ->fetch('legal_user_acceptpolicies.tpl'); }
/** * Delete one or more user account records, or mark one or more account records for deletion. * * If records are marked for deletion, they remain in the system and accessible by the system, but are given an * 'activated' status that prevents the user from logging in. Records marked for deletion will not appear on the * regular users list. The delete hook and delete events are not triggered if the records are only marked for * deletion. * * Parameters passed in the $args array: * ------------------------------------- * numeric|array $args['uid'] A single (numeric integer) user id, or an array of user ids to delete. * boolean $args['mark'] If true, then mark for deletion, but do not actually delete. * defaults to false. * * @param array $args All parameters passed to this function. * * @return bool True if successful, false otherwise. */ public function deleteUser($args) { if (!SecurityUtil::checkPermission("{$this->name}::", 'ANY', ACCESS_DELETE)) { return false; } if (!isset($args['uid']) || (!is_numeric($args['uid']) && !is_array($args['uid']))) { $this->registerError("Error! Illegal argument were passed to 'deleteuser'"); return false; } if (isset($args['mark']) && is_bool($args['mark'])) { $markOnly = $args['mark']; } else { $markOnly = false; } // ensure we always have an array if (!is_array($args['uid'])) { $args['uid'] = array($args['uid']); } $curUserUid = UserUtil::getVar('uid'); $userList = array(); foreach ($args['uid'] as $uid) { if (!is_numeric($uid) || ((int)$uid != $uid) || ($uid == $curUserUid)) { return false; } $userObj = UserUtil::getVars($uid); if (!$userObj) { return false; } elseif (!SecurityUtil::checkPermission("{$this->name}::", "{$userObj['uname']}::{$userObj['uid']}", ACCESS_DELETE)) { return false; } $userList[] = $userObj; } foreach ($userList as $userObj) { if ($markOnly) { UserUtil::setVar('activated', Users_Constant::ACTIVATED_PENDING_DELETE, $userObj['uid']); } else { // TODO - This should be in the Groups module, and happen as a result of an event. if (!DBUtil::deleteObjectByID('group_membership', $userObj['uid'], 'uid')) { return false; } ModUtil::apiFunc($this->name, 'admin', 'resetVerifyChgFor', array('uid' => $userObj['uid'])); DBUtil::deleteObjectByID('session_info', $userObj['uid'], 'uid'); if (!DBUtil::deleteObject($userObj, 'users', '', 'uid')) { return false; } // Let other modules know we have deleted an item $deleteEvent = new Zikula_Event('user.account.delete', $userObj); $this->eventManager->notify($deleteEvent); } } return $args['uid']; }
/** * Utility function to save the data of the user. * * Parameters passed in the $args array: * ------------------------------------- * integer uid The user id of the user for which the data should be saved; required. * array dynadata The data for the user to be saved, indexed by prop_attribute_name; required. * * @param array $args All parameters passed to this function. * * @return boolean True on success; otherwise false. */ public function savedata($args) { // Argument check if (!isset($args['uid'])) { return LogUtil::registerArgsError(); } $fields = $args['dynadata']; $duds = ModUtil::apiFunc('Profile', 'user', 'getallactive', array('get' => 'editable', 'uid' => $args['uid'])); foreach ($duds as $attrname => $dud) { // exclude avatar update when Avatar module is present if ($attrname == 'avatar' && ModUtil::available('Avatar')) { continue; } $fieldvalue = ''; if (isset($fields[$attrname])) { // Process the Date DUD separately if ($dud['prop_displaytype'] == 5 && !empty($fields[$attrname])) { $fieldvalue = $this->parseDate($fields[$attrname]); $fieldvalue = DateUtil::transformInternalDate($fieldvalue); } elseif (is_array($fields[$attrname])) { $fieldvalue = serialize(array_values($fields[$attrname])); } else { $fieldvalue = $fields[$attrname]; } } UserUtil::setVar($attrname, $fieldvalue, $args['uid']); } // Return the result (true = success, false = failure // At this point, the result is true. return true; }
/** * Set a user variable. This can be * - a field in the users table * - or an attribute and in this case either a new style attribute or an old style user information. * * Examples: * pnUserSetVar('pass', 'mysecretpassword'); // store a password (should be hashed of course) * pnUserSetVar('avatar', 'mypicture.gif'); // stores an users avatar, new style * (internally both the new and the old style write the same attribute) * * If the user variable does not exist it will be created automatically. This means with * pnUserSetVar('somename', 'somevalue'); * you can easily create brand new users variables onthefly. * * This function does not allow you to set uid or uname. * * @deprecated * @see UserUtil::setVar() * * @param name $ the name of the variable * @param value $ the value of the variable * @param uid $ the user to set the variable for * @return bool true if the set was successful, false otherwise */ function pnUserSetVar($name, $value, $uid = -1) { LogUtil::log(__f('Warning! Function %1$s is deprecated. Please use %2$s instead.', array(__FUNCTION__, 'UserUtil::setVar()')), E_USER_DEPRECATED); return UserUtil::setVar($name, $value, $uid); }
/** * LEGACY user account activaton. * * We must keep this function because there is no way to know whether an * inactive account is inactive because it requires activation, or because of some * other reason. * * Parameters passed in the $args array: * ------------------------------------- * string $args['regdate'] An SQL date-time containing the user's original registration date-time. * numeric $args['uid'] The id of the user account to activate. * * @param array $args All parameters passed to this function. * * @return bool True on success, otherwise false. */ public function activateUser($args) { // This function is an end-user function. if (!SecurityUtil::checkPermission('Users::', '::', ACCESS_READ)) { return false; } // Preventing reactivation from same link ! $newregdate = DateUtil::getDatetime(strtotime($args['regdate'])+1); UserUtil::setVar('activated', Users_Constant::ACTIVATED_ACTIVE, $args['uid']); UserUtil::setVar('user_regdate', DataUtil::formatForStore($newregdate), $args['uid']); return true; }
/** * Creació i/o Edició d'un usuari del catàleg * * ### Paràmetres rebuts per POST: * -Corresponents als diferents camps de la taula *users*- * * integer **uid** [opcional definit-edició/no_definit-creació] * * string **uname** * * -Corresponents als diferents camps de la taula *iw_users*- * * string **iw_nom** * * string **iw_cognom1** * * string **iw_cognom2** * * -Per gestionar les grups relacionats amb el catàleg- * * array **groups** * * -Per gestionar la contrasenya de l'usuari- * * string **password** * * string **rpassword** * * string **changeme** * * @return void Retorna a la funció *usergest* després de desar les dades */ public function addeditUser() { //Comprovacions de seguretat. Només els gestors poden crear i editar usuaris if (!SecurityUtil::checkPermission('Cataleg::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } // Primer desem les modificacions de les dades d'usuari a users i a IWusers i reassignem els grups de l'usuari $user['zk']['uid'] = FormUtil::getPassedValue('uid', null, 'POST'); //Comprovem si es passa una uid (per editar) o no (i s'ha de crear un nou usuari) if (!empty($user['zk']['uid'])) { //Comprovem que aquest usuari eixisteixi i es pugui editar (és a dir, que sigui del grup d'usuaris del catàleg) $grupCat = ModUtil::apiFunc('Cataleg', 'admin', 'getgrupsZikula'); $catUsersList = UserUtil::getUsersForGroup($grupCat['Sirius']); if (!in_array($user['zk']['uid'], $catUsersList)) { LogUtil::registerError($this->__('No existeix cap usuari del catàleg amb l\'identificador indicat.')); return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest')); } $user['iw']['uid'] = $user['zk']['uid']; $user['iw']['suid'] = $user['zk']['uid']; $r = 'edit'; } $user['zk']['uname'] = FormUtil::getPassedValue('uname', null, 'POST'); //Comprovem que no existeix cap usuari amb aquest uname if (!empty($user['zk']['uid'])) { $where = "uname = '" . $user['zk']['uname'] . "' AND uid != " . $user['zk']['uid']; } else { $where = "uname = '" . $user['zk']['uname'] . "'"; } $uname = UserUtil::getUsers($where); if ($uname) { LogUtil::registerError($this->__('El nom d\'usuari triat ja existeix.')); return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest')); } $user['zk']['email'] = FormUtil::getPassedValue('email', null, 'POST'); $user['iw']['nom'] = FormUtil::getPassedValue('iw_nom', null, 'POST'); $user['iw']['cognom1'] = FormUtil::getPassedValue('iw_cognom1', null, 'POST'); $user['iw']['cognom2'] = FormUtil::getPassedValue('iw_cognom2', null, 'POST'); $user['gr'] = FormUtil::getPassedValue('groups', null, 'POST'); $prev_pass = FormUtil::getPassedValue('prev_pass', 0, 'POST'); $setpass = FormUtil::getPassedValue('setpass', 0, 'POST'); if ($setpass == 1) { $password = FormUtil::getPassedValue('password', null, 'POST'); $changeme = FormUtil::getPassedValue('changeme', 0, 'POST'); } else { $password = null; } $setcode = FormUtil::getPassedValue('setcode', 0, 'POST'); if ($setcode == 1) $iwcode = FormUtil::getPassedValue('iwcode_s', null, 'POST'); if ($setcode == 2) $iwcode = FormUtil::getPassedValue('iwcode_m', null, 'POST'); if ($iwcode) { $user['iw']['code'] = $iwcode; } elseif ($r == 'edit'){ $iwcode = DBUtil::selectField('IWusers', 'code', 'iw_uid='.$user['zk']['uid']); } if ($iwcode) { $gtafInfo = ModUtil::apiFunc('Cataleg','admin','getGtafEntity',$iwcode); $grupCat = ModUtil::apiFunc('Cataleg', 'admin', 'getgrupsZikula'); if (isset($grupCat[$gtafInfo['entity']['tipus']])) $user['gr'][] = $grupCat[$gtafInfo['entity']['tipus']]; } $insertUserId = ModUtil::apifunc('Cataleg', 'admin', 'saveUser', $user); if ($insertUserId) { if ($r == 'edit') { LogUtil::registerStatus($this->__('L\'usuari s\'ha editat correctament.')); } else { LogUtil::registerStatus($this->__('L\'usuari s\'ha creat correctament.')); } } else { LogUtil::registerError($this->__('No s\'ha pogut desar l\'usuari.')); return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest')); } //Si es tria 'buidar' la contrasenya, aquesta opció mana sobre el canvi i forçar el canvi if ($setpass == 2) { $reg = array('pass' => ''); if (DBUtil::updateObject($reg,'users','uid ='. $insertUserId)) { UserUtil::setVar('', $passreminder, $insertUserId); LogUtil::registerStatus($this->__('L\'usuari haurà de validar-se per LDAP')); } } // Segon pas: desem el possible canvi de contrasenya if ($password) { $rpassword = FormUtil::getPassedValue('rpassword', null, 'POST'); $passreminder = $this->__('Constasenya establerta des de l\'administració.'); $passwordErrors = ModUtil::apiFunc('Users', 'registration', 'getPasswordErrors', array( 'uname' => $user['zk']['uname'], 'pass' => $password, 'passagain' => $rpassword, 'passreminder' => $passreminder )); if (empty($passwordErrors)) { if (UserUtil::setPassword($password, $insertUserId)) { UserUtil::setVar('passreminder', $passreminder, $insertUserId); LogUtil::registerStatus($this->__('S\'ha desat la contrasenya.')); } } else { LogUtil::registerError($this->__('No s\'ha desat la contrasenya.')); LogUtil::registerError($passwordErrors['pass']); } } // Tercer pas: establim la variable que controla el forçar el canvi de contrasenya if ($setpass == 1 && ($prev_pass || $password)) { UserUtil::setVar('_Users_mustChangePassword', $changeme, $insertUserId); if ($changeme == 1) LogUtil::registerStatus($this->__('L\'usuari haurà de canviar la contrasenya en la propera validació.')); } return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest')); }
/** * Confirm the update of the email address. * * Available Get Parameters: * - confirmcode (string) The confirmation code. * * Parameters passed via the $args array: * -------------------------------------- * string $args['confirmcode'] Default value for the 'confirmcode' get parameter. Allows this function to be called internally. * * Parameters passed via GET: * -------------------------- * string confirmcode The confirmation code for verifying the change of e-mail address. * * Parameters passed via POST: * --------------------------- * None. * * Parameters passed via SESSION: * ------------------------------ * None. * * @param array $args All parameters passed to this function. * * @return bool True on success, otherwise false. */ public function confirmChEmail($args) { $confirmcode = $this->request->query->get('confirmcode', isset($args['confirmcode']) ? $args['confirmcode'] : null); if (!UserUtil::isLoggedIn()) { $this->registerError($this->__('Please log into your account in order to confirm your change of e-mail address.')) ->redirect(ModUtil::url($this->name, 'user', 'login', array('returnpage' => urlencode(ModUtil::url($this->name, 'user', 'confirmChEmail', array('confirmcode' => $confirmcode)))))); } // get user new email that is waiting for confirmation $preemail = ModUtil::apiFunc($this->name, 'user', 'getUserPreEmail'); $validCode = UserUtil::passwordsMatch($confirmcode, $preemail['verifycode']); if (!$preemail || !$validCode) { $this->registerError($this->__('Error! Your e-mail has not been found. After your request you have five days to confirm the new e-mail address.')) ->redirect(ModUtil::url($this->name, 'user', 'main')); } // user and confirmation code are correct. set the new email UserUtil::setVar('email', $preemail['newemail']); // the preemail record is deleted ModUtil::apiFunc($this->name, 'user', 'resetVerifyChgFor', array( 'uid' => $preemail['uid'], 'changetype'=> Users_Constant::VERIFYCHGTYPE_EMAIL, )); $this->registerStatus($this->__('Done! Changed your e-mail address.')) ->redirect(ModUtil::url($this->name, 'user', 'main')); }
/** * Reset the current users theme to the site default */ public function resettodefault($args) { // Security check if (!System::getVar('theme_change')) { return LogUtil::registerError($this->__('Notice: Theme switching is currently disabled.')); } if (!SecurityUtil::checkPermission('Theme::', '::', ACCESS_COMMENT)) { return LogUtil::registerPermissionError(); } // update the users record to an empty string - if this user var is empty then the site default is used. UserUtil::setVar('theme', ''); return true; }