private function _send_reset($form)
{
$user_name = $form->reset->inputs["name"]->value;
$user = user::lookup_by_name($user_name);
if ($user && !empty($user->email)) {
$user->hash = random::hash();
$user->save();
$message = new View("reset_password.html");
$message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}");
$message->user = $user;
Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=UTF-8")->message($message->render())->send();
log::success("user", t("Password reset email sent for user %name", array("name" => $user->name)));
} else {
if (!$user) {
// Don't include the username here until you're sure that it's XSS safe
log::warning("user", t("Password reset email requested for user %user_name, which does not exist.", array("user_name" => $user_name)));
} else {
log::warning("user", t("Password reset failed for %user_name (has no email address on record).", array("user_name" => $user->name)));
}
}
// Always pretend that an email has been sent to avoid leaking
// information on what user names are actually real.
message::success(t("Password reset email sent"));
json::reply(array("result" => "success"));
}
private function _send_reset()
{
$form = $this->_reset_form();
$valid = $form->validate();
if ($valid) {
$user = user::lookup_by_name($form->reset->inputs["name"]->value);
if (!$user->loaded || empty($user->email)) {
$form->reset->inputs["name"]->add_error("no_email", 1);
$valid = false;
}
}
if ($valid) {
$user->hash = md5(rand());
$user->save();
$message = new View("reset_password.html");
$message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}");
$message->user = $user;
Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=iso-8859-1")->message($message->render())->send();
log::success("user", t("Password reset email sent for user %name", array("name" => $user->name)));
} else {
// Don't include the username here until you're sure that it's XSS safe
log::warning("user", "Password reset email requested for bogus user");
}
message::success(t("Password reset email sent"));
print json_encode(array("result" => "success"));
}
private function _auth($url)
{
$form = user::get_login_form($url);
$valid = $form->validate();
if ($valid) {
$user = user::lookup_by_name($form->login->inputs["name"]->value);
if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) {
log::warning("user", t("Failed login for %name", array("name" => $form->login->inputs["name"]->value)));
$form->login->inputs["name"]->add_error("invalid_login", 1);
$valid = false;
}
}
if ($valid) {
user::login($user);
log::info("user", t("User %name logged in", array("name" => $user->name)));
}
// Either way, regenerate the session id to avoid session trapping
Session::instance()->regenerate();
return array($valid, $form);
}
public function index()
{
gallery_remote::check_protocol_version();
$input = Input::instance();
// TODO: Validate protocol version here
switch ($input->post("cmd")) {
case "login":
print "#__GR2PROTO__\n";
$uname = $input->post("uname");
if (empty($uname)) {
print "status=202\n";
} else {
$user = user::lookup_by_name($uname);
$password = $input->post("password");
if ($user && user::is_correct_password($user, $password)) {
print "status=0\n";
user::login($user);
} else {
print "status=201\n";
}
}
print "server_version=2.15\n";
}
}
/**
* Import a single user.
*/
static function import_user(&$queue)
{
$g2_user_id = array_shift($queue);
if (self::map($g2_user_id)) {
return t("User with id: %id already imported, skipping", array("id" => $g2_user_id));
}
if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
self::set_map($g2_user_id, user::guest()->id);
return t("Skipping Anonymous User");
}
$g2_admin_group_id = g2(GalleryCoreApi::getPluginParameter("module", "core", "id.adminGroup"));
try {
$g2_user = g2(GalleryCoreApi::loadEntitiesById($g2_user_id));
} catch (Exception $e) {
return t("Failed to import Gallery 2 user with id: %id\n%exception", array("id" => $g2_user_id, "exception" => $e->__toString()));
}
$g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
try {
$user = user::create($g2_user->getUsername(), $g2_user->getfullname(), "");
$message = t("Created user: '******'.", array("name" => $user->name));
} catch (Exception $e) {
// @todo For now we assume this is a "duplicate user" exception
$user = user::lookup_by_name($g2_user->getUsername());
$message = t("Loaded existing user: '******'.", array("name" => $user->name));
}
$user->hashed_password = $g2_user->getHashedPassword();
$user->email = $g2_user->getEmail();
$user->locale = $g2_user->getLanguage();
foreach ($g2_groups as $g2_group_id => $g2_group_name) {
if ($g2_group_id == $g2_admin_group_id) {
$user->admin = true;
$message .= t("\n\tAdded 'admin' flag to user");
} else {
$group = ORM::factory("group", self::map($g2_group_id));
$user->add($group);
$message .= t("\n\tAdded user to group '%group'.", array("group" => $group->name));
}
}
$user->save();
self::set_map($g2_user->getId(), $user->id);
return $message;
}
/**
* Import a single user.
*/
static function import_user(&$queue)
{
$g2_user_id = array_shift($queue);
if (self::map($g2_user_id)) {
return;
}
if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
self::set_map($g2_user_id, user::guest()->id);
return;
}
$g2_admin_group_id = g2(GalleryCoreApi::getPluginParameter("module", "core", "id.adminGroup"));
try {
$g2_user = g2(GalleryCoreApi::loadEntitiesById($g2_user_id));
} catch (Exception $e) {
g2_import::log(t("Failed to import Gallery 2 user with id: %id", array("id" => $g2_user_id)));
return;
}
$g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
try {
$user = user::create($g2_user->getUsername(), $g2_user->getfullname(), "");
} catch (Exception $e) {
// @todo For now we assume this is a "duplicate user" exception
$user = user::lookup_by_name($g2_user->getUsername());
}
$user->hashed_password = $g2_user->getHashedPassword();
$user->email = $g2_user->getEmail();
$user->locale = $g2_user->getLanguage();
foreach ($g2_groups as $g2_group_id => $g2_group_name) {
if ($g2_group_id == $g2_admin_group_id) {
$user->admin = true;
} else {
$user->add(ORM::factory("group", self::map($g2_group_id)));
}
}
$user->save();
self::set_map($g2_user->getId(), $user->id);
}
public function moved_items_inherit_new_permissions_test()
{
user::set_active(user::lookup_by_name("admin"));
$root = ORM::factory("item", 1);
$public_album = album::create($root, rand(), "public album");
$public_photo = photo::create($public_album, MODPATH . "gallery/images/gallery.png", "", "");
access::allow(group::everybody(), "view", $public_album);
$root->reload();
// Account for MPTT changes
$private_album = album::create($root, rand(), "private album");
access::deny(group::everybody(), "view", $private_album);
$private_photo = photo::create($private_album, MODPATH . "gallery/images/gallery.png", "", "");
// Make sure that we now have a public photo and private photo.
$this->assert_true(access::group_can(group::everybody(), "view", $public_photo));
$this->assert_false(access::group_can(group::everybody(), "view", $private_photo));
// Swap the photos
item::move($public_photo, $private_album);
$private_album->reload();
// Reload to get new MPTT pointers and cached perms.
$public_album->reload();
$private_photo->reload();
$public_photo->reload();
item::move($private_photo, $public_album);
$private_album->reload();
// Reload to get new MPTT pointers and cached perms.
$public_album->reload();
$private_photo->reload();
$public_photo->reload();
// Make sure that the public_photo is now private, and the private_photo is now public.
$this->assert_false(access::group_can(group::everybody(), "view", $public_photo));
$this->assert_true(access::group_can(group::everybody(), "view", $private_photo));
}
public function edit_user($id)
{
access::verify_csrf();
$user = user::lookup($id);
if (empty($user)) {
kohana::show_404();
}
$form = $this->_get_user_edit_form_admin($user);
$valid = $form->validate();
if ($valid) {
$new_name = $form->edit_user->inputs["name"]->value;
$temp_user = user::lookup_by_name($new_name);
if ($new_name != $user->name && ($temp_user && $temp_user->id != $user->id)) {
$form->edit_user->inputs["name"]->add_error("in_use", 1);
$valid = false;
} else {
$user->name = $new_name;
}
}
if ($valid) {
$user->full_name = $form->edit_user->full_name->value;
if ($form->edit_user->password->value) {
$user->password = $form->edit_user->password->value;
}
$user->email = $form->edit_user->email->value;
$user->url = $form->edit_user->url->value;
if ($form->edit_user->locale) {
$desired_locale = $form->edit_user->locale->value;
$user->locale = $desired_locale == "none" ? null : $desired_locale;
}
// An admin can change the admin status for any user but themselves
if ($user->id != identity::active_user()->id) {
$user->admin = $form->edit_user->admin->checked;
}
$user->save();
module::event("user_edit_form_admin_completed", $user, $form);
message::success(t("Changed user %user_name", array("user_name" => $user->name)));
print json_encode(array("result" => "success"));
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
}
/**
* @see IdentityProvider_Driver::lookup_user_by_name.
*/
public function lookup_user_by_name($name)
{
return user::lookup_by_name($name);
}
private function _login(&$input, &$reply)
{
$uname = trim($input->post('uname'));
if (empty($uname)) {
$reply->send(gallery_remote::LOGIN_MISSING);
} else {
$user = user::lookup_by_name($uname);
$password = trim($input->post('password'));
if ($user && user::is_correct_password($user, $password)) {
auth::login($user);
Session::instance()->regenerate();
$reply->set('debug_user', $user->name);
$reply->set('status_text', 'Login successful.');
$reply->send();
} else {
$reply->send(gallery_remote::PASSWD_WRONG);
}
}
}