/** Edit the user details
* @access public
* @return void
* @throws Pas_Exception
*/
public function editAction()
{
$form = new ProfileForm();
$form->removeElement('username');
$form->removeElement('password');
$this->view->form = $form;
if ($this->getRequest()->isPost() && $form->isValid($this->_request->getPost())) {
if ($form->isValid($form->getValues())) {
$where = array();
$where[] = $this->_users->getAdapter()->quoteInto('id = ?', $this->getIdentityForForms());
$this->_users->update($form->getValues(), $where);
$this->getFlash()->addMessage('You updated your profile successfully.');
$this->_redirect('/users/account/');
} else {
$form->populate($form->getValues());
$this->getFlash()->addMessage('You have some errors with your submission.');
}
} else {
$id = (int) $this->getIdentityForForms();
if ($id > 0) {
$user = $this->_users->fetchRow('id =' . $this->getIdentityForForms())->toArray();
if ($user) {
$form->populate($user);
} else {
throw new Pas_Exception('No user account found with that id', 500);
}
}
}
}
function loginAction()
{
if ($this->_request->isPost('log-form')) {
Zend_Loader::loadClass('Zend_Filter_StripTags');
$filter = new Zend_Filter_StripTags();
$username = trim($filter->filter($this->_request->getPost('log-name')));
$password = trim($filter->filter($this->_request->getPost('log-pswd')));
$warnings = new Zend_Session_Namespace();
$warnings->username = $username;
$warnings->error = '';
$error_msg = '';
if ($username == '') {
$error_msg .= '<p>Enter your username.</p>';
} else {
if ($password == '') {
$error_msg .= '<p>Enter your password.</p>';
} else {
$data = new Users();
$query = 'login = "******"';
$data_row = $data->fetchRow($query);
if (!count($data_row)) {
$error_msg .= '<p>There is no user with such username.</p>';
} else {
if ($data_row == '0') {
$error_msg .= '<p>Your account is not activated.</p>';
}
$check_pass = sha1($password . $data_row['salt']);
if ($check_pass != $data_row['password']) {
$error_msg .= '<p>Wrong password.</p>';
}
}
}
}
if ($error_msg != '') {
$warnings->error = $error_msg;
$warnings->status = '';
$this->_redirect('/');
return;
} else {
Zend_Loader::loadClass('Zend_Date');
$date = new Zend_Date();
$current_date = $date->toString('YYYY-MM-dd HH:mm:ss');
$where = 'login = "******"';
$data = array('last_login' => $current_date);
$user_update = new Users();
$user_update->update($data, $where);
$warnings->error = '';
$warnings->username = '';
$warnings->email = '';
$warnings->real_name = '';
$warnings->status = ' hide';
$user_dates = new Zend_Session_Namespace();
$user_dates->username = $username;
$user_dates->status = '1';
$this->_redirect('/profile/');
return;
}
}
}
function indexAction()
{
$this->view->title = "User profile Page";
$user_dates = new Zend_Session_Namespace();
if ($user_dates->status != '1') {
$this->_redirect('/');
return;
}
$username = $user_dates->username;
$data = new Users();
$query = 'login = "******"';
$data_row = $data->fetchRow($query);
if ($data_row['avatar'] == '') {
$this->view->avatar = '/public/img/avatar.png';
} else {
$this->view->avatar = '/public/upload/avatars/' . $data_row['avatar'];
}
$this->view->username = $data_row['login'];
$this->view->email = $data_row['email'];
$this->view->real_name = $data_row['real_name'];
$this->view->reg_date = $data_row['reg_date'];
$this->view->last_login = $data_row['last_login'];
}
/** Provide a notification for an object
*/
protected function notify($objecttype, $broadperiod, $institution, $createdBy, $data)
{
if ($institution === 'PUBLIC') {
$users = new Users();
$responsible = $users->fetchRow('id = ' . $createdBy);
$to = array(array('email' => $responsible->email, 'name' => $responsible->fullname));
} elseif (in_array($institution, array('PAS', 'DCMS', 'RAH', 'BM'))) {
$to = array(array('email' => '*****@*****.**', 'name' => 'Central Unit'));
} else {
$responsible = new Contacts();
$to = $responsible->getOwner($data['comment_findID']);
if (empty($to)) {
$to = array(array('email' => '*****@*****.**', 'name' => 'Central Unit'));
}
}
$cc = $this->_getAdviser($objecttype, $broadperiod);
if ($this->_user) {
$from = array(array('email' => $this->_user->email, 'name' => $this->_user->fullname));
} else {
$from = array(array('email' => $data['comment_author_email'], 'name' => $data['comment_author']));
}
$assignData = array_merge($to['0'], $data);
$this->_helper->mailer($assignData, 'errorSubmission', $to, $cc, $from);
}
/**
*
* @return void
*/
public function lostpasswordAction()
{
$form = $this->getLostpassForm();
$request = $this->getRequest();
$this->view->showform = true;
// Check if we have a POST request
if ($request->isPost() && !$form->isValid($request->getPost())) {
// Invalid entries
$this->view->form = $form;
}
if ($request->isPost() && $form->isValid($request->getPost())) {
$this->view->showform = false;
$usrDB = new Users();
$user = $usrDB->fetchRow("login LIKE '" . addslashes($request->username) . "' AND safinstances_id = '" . $this->safinstancesId . "' ");
if ($user) {
$strl = 'qwertyuiopasdfghjklzxcvbnm12345678902@#$!';
$strll = strlen($strl);
$npwd = '';
for ($i = 0; $i <= 8; $i++) {
$rdd = rand(0, $strll - 1);
$npwd .= $strl[$rdd];
}
$user->password = md5($npwd);
$user->lastpwdchanges = Sydney_Tools::getMySQLFormatedDate();
$user->save();
// send the email
$tmsg = "Dear user,\n\nYour password has been modified as requested.\nYou will now be able to use the following credentials:\n\nlogin: "******"\npassword: "******"\n\nWe suggest you change your password as soon as possible for security reason.\nIf you did not request a password change, please contact our support.\n\nRegards,\n" . $this->_config->general->siteTitle . " team.\n\n";
$mail = new Zend_Mail();
$mail->setBodyText($tmsg);
$mail->setFrom($this->_config->general->siteEmail, $this->_config->general->siteTitle);
$mail->addTo($user->login, $user->login);
$mail->setSubject($this->_config->general->siteTitle . ' new password.');
$mail->send();
$this->view->mmsg = 'Thank you! Your new password has been sent to your email. Please check your email and use this new password for authentication.';
} else {
$this->view->mmsg = 'We could not find this user in our database for this website... Are you sure you are registered?';
}
}
$this->view->form = $form;
}
/** Provide a notification for an object
* @param string $institution
* @param integer $createdBy
* @param array $data
* @return void
*/
protected function notify($institution, $createdBy, $data)
{
$to = array();
if ($institution === 'PUBLIC') {
$users = new Users();
$responsible = $users->fetchRow('id = ' . $createdBy);
$to[] = array('email' => $responsible->email, 'name' => $responsible->fullname);
} elseif (in_array($institution, array('PAS', 'DCMS', 'RAH'))) {
$to = array('email' => '*****@*****.**', 'name' => 'Central Unit');
} else {
$responsible = new Contacts();
$to = $responsible->getOwnerHoard($data['comment_findID']);
}
$cc = array();
$team = new Users();
$advisers = $team->getHoardsTeam();
foreach ($advisers as $adviser) {
$cc[] = array('email' => $adviser['email'], 'name' => $adviser['fullname']);
}
if ($this->_user) {
$from = array(array('email' => $this->_user->email, 'name' => $this->_user->fullname));
} else {
$from = array(array('email' => $data['comment_author_email'], 'name' => $data['comment_author']));
}
$assignData = array_merge($to['0'], $data);
$this->_helper->mailer($assignData, 'errorHoard', $to, $cc, $from);
}
/**
* Returns the group of the user and put the user's data in the session
* @param $login
* @return string
*/
private function getGroupName($login)
{
if (!isset($this->userNamespace->user)) {
$users = new Users();
$select = $users->select()->setIntegrityCheck(false)->from($users, array('users_id' => 'users.id', 'login' => 'users.login', 'usersgroups_name' => 'usersgroups.name', 'usersgroups_id' => 'usersgroups.id', 'fname' => 'users.fname', 'lname' => 'users.lname', 'email' => 'users.email', 'usersgroups_id' => 'users.usersgroups_id'))->where(' users.login LIKE ?', $login)->join('usersgroups', 'users.usersgroups_id = usersgroups.id');
$rows = $users->fetchAll($select);
$row = $rows->current();
// save the last login time
$usrDB = new Users();
$urow = $usrDB->fetchRow("id = '" . $row->users_id . "'");
$urow->lastlogindate = Sydney_Tools::getMySQLFormatedDate();
$urow->save();
$this->userNamespace->user = $row->toArray();
// define all the groups this user is part of
$groupsDB = new Usersgroups();
$this->userNamespace->user['member_of_groups'] = $groupsDB->getParentsIds($this->userNamespace->user['usersgroups_id']);
$this->userNamespace->lock();
return $row->usersgroups_name;
} else {
return $this->userNamespace->user['usersgroups_name'];
}
}
/** Reject a user's account
*/
public function rejectAction()
{
if ($this->_getParam('id', false)) {
$id = $this->_getParam('id');
$form = new RejectUpgradeForm();
$this->view->form = $form;
if ($this->_request->isPost()) {
$formData = $this->_request->getPost();
if ($form->isValid($formData)) {
$fullname = $form->getValue('fullname');
$email = $form->getValue('email');
$userUpdateData = array();
$userUpdateData['updated'] = $this->getTimeForForms();
$userUpdateData['updatedBy'] = $this->getIdentityForForms();
$userUpdateData['higherLevel'] = 0;
$rejectData = array('status' => 'reject', 'message' => $form->getValue('message'), 'createdBy' => $this->getIdentityForForms(), 'created' => $this->getTimeForForms());
$users = new Users();
$where = array();
$where[] = $users->getAdapter()->quoteInto('id = ?', $id);
$users->update($userUpdateData, $where);
$approvals = new ApproveReject();
$approvals->insert($rejectData);
$message = $form->getValue('message');
$researchOutline = $form->getValue('researchOutline');
$role = $form->getValue('role');
$to = array(array('email' => $form->getValue('email'), 'name' => $form->getValue('fullname')));
$this->_helper->mailer($form->getValues(), 'upgradeRejected', $to);
$this->_flashMessenger->addMessage('Account rejected');
$this->_redirect('/admin/users/upgrades');
} else {
$form->populate($formData);
}
} else {
$id = (int) $this->_request->getParam('id', 0);
if ($id > 0) {
$users = new Users();
$user = $users->fetchRow('id =' . $id);
if (count($user)) {
$form->populate($user->toArray());
} else {
throw new Pas_Exception_Param($this->_nothingFound);
}
}
}
} else {
throw new Pas_Exception_Param($this->_missingParameter);
}
}
function forgotpasswordAction()
{
if ($this->_auth->hasIdentity())
{
$this->_redirect('/default/user/profile/username/'.$this->_identity->username);
}
$this->view->pagetitle = "Forgot Password";
if ($this->_request->isPost())
{
$username = trim($this->_request->getPost('username'));
$email = trim($this->_request->getPost('email'));
$errors = array();
$users_table = new Users();
$username_where = $users_table->getAdapter()->quoteInto('username = ?', $username);
$test_user = $users_table->fetchRow($username_where);
if (is_null($test_user))
{
$email_where = $users_table->getAdapter()->quoteInto('email = ?', $email);
$test_user = $users_table->fetchRow($email_where);
if (is_null($test_user)) $errors[] = $this->_T("No such user.");
}
if (count($errors) == 0)
{
// send email
$this->view->showForm = false;
$this->view->success = $this->_T("Password reset email sent. Please check your email.");
// prepare notification email
$subject = $this->_T("Password Reset Link");
$from = trim(RivetyCore_Registry::get('site_from'));
$from = $this->_T($from);
$from_email = trim(RivetyCore_Registry::get('site_from_email'));
$from_email = $this->_T($from_email);
$email_params = array(
"url" => $this->_getConfirmationUrl($test_user->email),
"from" => $from,
"from_email" => $from_email,
"locale_code" => $this->locale_code
);
$email = new RivetyCore_Email();
$email->sendEmail($subject, $test_user->email, "password.tpl", $email_params);
}
else
{
$this->view->errors = $errors;
$this->view->username = $username;
$this->view->email = $email;
$this->view->showForm = true;
}
}
else
{
$this->view->showForm = true;
}
}
/**
*
* @param unknown_type $userId
* @param unknown_type $newAvatar
*/
public static function changeAvatar($userId, $newAvatar = 0)
{
// save information into people table (users)
$people = new Users();
$rowPeople = $people->fetchRow("id = " . $userId);
if (isset($rowPeople)) {
// store old avatar
$oldAvatar = $rowPeople->avatar;
// update avatar
$dataUsers = array('avatar' => $newAvatar);
if (!$people->update($dataUsers, "id = " . $userId)) {
return false;
}
// link avatar to system folder
if ($newAvatar > 0) {
self::linkAvatarToSystemFolder($newAvatar);
}
// if old avatar, check if another user has the same avatar
if ($oldAvatar > 0) {
// search avatar
$select = $people->select()->where('avatar = ?', $oldAvatar);
$rowsetPeople = $people->fetchAll($select);
// if no avatar found, clean link between avatar and folder
if (count($rowsetPeople) == 0) {
$objectFolder = new Filfolders();
// get id of filfolders "adminpeople" and isSystemFolder "1"
$rowFolder = $objectFolder->getFoldersByModule('adminpeople');
$objectLinkFolder = new FilfoldersFilfiles();
$objectLinkFolder->delete('filfiles_id = ' . $oldAvatar . ' AND filfolders_id = ' . $rowFolder->id);
}
}
return true;
}
}
function recAction()
{
Zend_Loader::loadClass('Zend_Filter_StripTags');
Zend_Loader::loadClass('Zend_Mail');
Zend_Loader::loadClass('Zend_Validate_EmailAddress');
$filter = new Zend_Filter_StripTags();
$email = trim($filter->filter($this->_request->getPost('rec-email')));
$warnings = new Zend_Session_Namespace();
$error_msg = '';
$mail_val = new Zend_Validate_EmailAddress();
if ($email == '') {
$error_msg .= '<p>Enter your email.</p>';
} else {
if (!$mail_val->isValid($email)) {
foreach ($mail_val->getMessages() as $message) {
$error_msg .= '<p>' . $message . '</p>';
}
}
}
$data = new Users();
$query = 'email = "' . $email . '"';
$data_row = $data->fetchRow($query);
if (!count($data_row)) {
$error_msg .= '<p>Can`t find user with such email.</p>';
} else {
$salt = $data_row['salt'];
}
if ($error_msg != '') {
$warnings->error = $error_msg;
$warnings->status = '';
$this->_redirect('/register/recovery');
} else {
$ranges = array(range('a', 'z'), range('A', 'Z'), range(1, 9));
$length = 8;
$pass = '';
for ($i = 0; $i < $length; $i++) {
$rkey = array_rand($ranges);
$vkey = array_rand($ranges[$rkey]);
$pass .= $ranges[$rkey][$vkey];
}
$hash = sha1($pass . $salt);
$user_update = new Users();
$where = 'email = "' . $email . '"';
$dates = array('password' => $hash);
$user_update->update($dates, $where);
$mail = new Zend_Mail();
$url = $this->getRequest()->getServer('HTTP_HOST');
$mail->setBodyHtml('<p>Your new password.</p>
<p>Password: '******'</p>
');
$mail->setFrom('*****@*****.**', 'Administrator');
$mail->addTo($email, $data_row['login']);
$mail->setSubject('Test password recovery');
$mail->send();
$warnings->error = '<p>Password was sent to ' . $email . '.</p>';
$warnings->status = ' reg_ok';
$this->_redirect('/register/recovery');
return;
}
}
