Example #1
0
 /**
  * Check posted values validity
  *
  * @param array $values   All values to check, basically the $_POST array
  *                        after sending the form
  * @param array $required Array of required fields
  * @param array $disabled Array of disabled fields
  *
  * @return true|array
  */
 public function check($values, $required, $disabled)
 {
     global $zdb, $preferences;
     $errors = array();
     $fields = self::getDbFields();
     //reset company name if needeed
     if (!isset($values['is_company']) || $values['is_company'] != 1) {
         unset($values['is_company']);
         unset($values['societe_adh']);
     }
     foreach ($fields as $key) {
         //first of all, let's sanitize values
         $key = strtolower($key);
         $prop = '_' . $this->_fields[$key]['propname'];
         if (isset($values[$key])) {
             $value = trim($values[$key]);
         } else {
             switch ($key) {
                 case 'bool_admin_adh':
                 case 'bool_exempt_adh':
                 case 'bool_display_info':
                     $value = 0;
                     break;
                 case 'activite_adh':
                     //values that are setted at object instanciation
                     $value = true;
                     break;
                 case 'date_crea_adh':
                 case 'sexe_adh':
                 case 'titre_adh':
                 case 'id_statut':
                 case 'pref_lang':
                 case 'parent_id':
                     //values that are setted at object instanciation
                     $value = $this->{$prop};
                     break;
                 default:
                     $value = '';
             }
         }
         // if the field is enabled, check it
         if (!isset($disabled[$key])) {
             // fill up the adherent structure
             if ($value !== null) {
                 $this->{$prop} = stripslashes($value);
             }
             // now, check validity
             if ($value !== null && $value != '') {
                 switch ($key) {
                     // dates
                     case 'date_crea_adh':
                     case 'ddn_adh':
                         try {
                             $d = \DateTime::createFromFormat(_T("Y-m-d"), $value);
                             if ($d === false) {
                                 //try with non localized date
                                 $d = \DateTime::createFromFormat("Y-m-d", $value);
                                 if ($d === false) {
                                     throw new \Exception('Incorrect format');
                                 }
                             }
                             $this->{$prop} = $d->format('Y-m-d');
                         } catch (\Exception $e) {
                             Analog::log('Wrong date format. field: ' . $key . ', value: ' . $value . ', expected fmt: ' . _T("Y-m-d") . ' | ' . $e->getMessage(), Analog::INFO);
                             $errors[] = str_replace(array('%date_format', '%field'), array(_T("Y-m-d"), $this->_fields[$key]['label']), _T("- Wrong date format (%date_format) for %field!"));
                         }
                         break;
                     case 'titre_adh':
                         if ($value !== null && $value !== '') {
                             if ($value == '-1') {
                                 $this->{$prop} = null;
                             } else {
                                 $this->{$prop} = new Title((int) $value);
                             }
                         } else {
                             $this->{$prop} = null;
                         }
                         break;
                     case 'email_adh':
                     case 'msn_adh':
                         if (!GaletteMail::isValidEmail($value)) {
                             $errors[] = _T("- Non-valid E-Mail address!") . ' (' . $this->getFieldName($key) . ')';
                         }
                         if ($key == 'email_adh') {
                             try {
                                 $select = $zdb->select(self::TABLE);
                                 $select->columns(array(self::PK))->where(array('email_adh' => $value));
                                 if ($this->_id != '' && $this->_id != null) {
                                     $select->where(self::PK . ' != ' . $this->_id);
                                 }
                                 $results = $zdb->execute($select);
                                 if ($results->count() !== 0) {
                                     $errors[] = _T("- This E-Mail address is already used by another member!");
                                 }
                             } catch (\Exception $e) {
                                 Analog::log('An error occured checking member email unicity.', Analog::ERROR);
                                 $errors[] = _T("An error has occured while looking if login already exists.");
                             }
                         }
                         break;
                     case 'url_adh':
                         if ($value == 'http://') {
                             $this->{$prop} = '';
                         } elseif (!isValidWebUrl($value)) {
                             $errors[] = _T("- Non-valid Website address! Maybe you've skipped the http:// ?");
                         }
                         break;
                     case 'login_adh':
                         /** FIXME: add a preference for login lenght */
                         if (strlen($value) < 2) {
                             $errors[] = str_replace('%i', 2, _T("- The username must be composed of at least %i characters!"));
                         } else {
                             //check if login does not contain the @ character
                             if (strpos($value, '@') != false) {
                                 $errors[] = _T("- The username cannot contain the @ character");
                             } else {
                                 //check if login is already taken
                                 try {
                                     $select = $zdb->select(self::TABLE);
                                     $select->columns(array(self::PK))->where(array('login_adh' => $value));
                                     if ($this->_id != '' && $this->_id != null) {
                                         $select->where(self::PK . ' != ' . $this->_id);
                                     }
                                     $results = $zdb->execute($select);
                                     if ($results->count() !== 0 || $value == $preferences->pref_admin_login) {
                                         $errors[] = _T("- This username is already in use, please choose another one!");
                                     }
                                 } catch (\Exception $e) {
                                     Analog::log('An error occured checking member login unicity.', Analog::ERROR);
                                     $errors[] = _T("An error has occured while looking if login already exists.");
                                 }
                             }
                         }
                         break;
                     case 'mdp_adh':
                         /** TODO: check password complexity, set by a preference */
                         /** FIXME: add a preference for password lenght */
                         if (strlen($value) < 6) {
                             $errors[] = str_replace('%i', 6, _T("- The password must be of at least %i characters!"));
                         } else {
                             if ($this->_self_adh !== true && (!isset($values['mdp_adh2']) || $values['mdp_adh2'] != $value)) {
                                 $errors[] = _T("- The passwords don't match!");
                             } else {
                                 if ($this->_self_adh === true && !crypt($value, $values['mdp_crypt']) == $values['mdp_crypt']) {
                                     $errors[] = _T("Password misrepeated: ");
                                 } else {
                                     $this->{$prop} = password_hash($value, PASSWORD_BCRYPT);
                                 }
                             }
                         }
                         break;
                     case 'id_statut':
                         try {
                             //check if status exists
                             $select = $zdb->select(Status::TABLE);
                             $select->where(Status::PK . '= ' . $value);
                             $results = $zdb->execute($select);
                             $result = $results->current();
                             if ($result === false) {
                                 $errors[] = str_replace('%id', $value, _T("Status #%id does not exists in database."));
                                 break;
                             }
                             //check for status unicity
                             $select = $zdb->select(self::TABLE, 'a');
                             $select->limit(1)->join(array('b' => PREFIX_DB . Status::TABLE), 'a.' . Status::PK . '=b.' . Status::PK, array('libelle_statut'))->where('b.' . Status::PK . '=' . $value);
                             $select->where->lessThan('b.priorite_statut', Members::NON_STAFF_MEMBERS);
                             if ($this->_id != '' && $this->_id != null) {
                                 $select->where('a.' . self::PK . ' != ' . $this->_id);
                             }
                             $results = $zdb->execute($select);
                             $result = $results->current();
                             if ($result !== false) {
                                 $errors[] = str_replace(array('%s', '%i', '%n', '%m'), array($result->libelle_statut, $result->id_adh, $result->nom_adh, $result->prenom_adh), _T("Selected status (%s) is already in use in <a href='voir_adherent.php?id_adh=%i'>%n %m's profile</a>."));
                             }
                         } catch (\Exception $e) {
                             Analog::log('An error occured checking status unicity: ' . $e->getMessage(), Analog::ERROR);
                             $errors[] = _T("An error has occured while looking if status is already in use.");
                         }
                         break;
                 }
             } else {
                 if ($key == 'login_adh' && !isset($required['login_adh']) || $key == 'mdp_adh' && !isset($required['mdp_adh']) && !isset($this->_id)) {
                     $p = new Password();
                     $this->{$prop} = $p->makeRandomPassword(15);
                 }
             }
         }
     }
     // missing required fields?
     while (list($key, $val) = each($required)) {
         $prop = '_' . $this->_fields[$key]['propname'];
         if (isset($disabled[$key])) {
             $mandatory_missing = false;
             if (!isset($this->{$prop})) {
                 $mandatory_missing = true;
             } else {
                 if ($key === 'titre_adh' && $this->{$prop} == '-1') {
                     $mandatory_missing = true;
                 }
             }
             if ($mandatory_missing === true) {
                 $errors[] = _T("- Mandatory field empty: ") . ' <a href="#' . $key . '">' . $this->getFieldName($key) . '</a>';
             }
         }
     }
     //attach to/detach from parent
     if (isset($values['detach_parent'])) {
         $this->_parent = null;
     }
     if (count($errors) > 0) {
         Analog::log('Some errors has been throwed attempting to edit/store a member' . print_r($errors, true), Analog::DEBUG);
         return $errors;
     } else {
         Analog::log('Member checked successfully.', Analog::DEBUG);
         return true;
     }
 }
Example #2
0
 /**
  * Generate temporary path
  *
  * @param string $id Random id, defautls to null
  *
  * @return void
  */
 private function _generateTmpPath($id = null)
 {
     if ($id === null) {
         $pass = new Password();
         $id = $pass->makeRandomPassword(30);
     }
     $this->_tmp_path = GALETTE_ATTACHMENTS_PATH . '/' . $id;
 }
Example #3
0
$done = false;
// Validation
if (isset($_POST['valid']) && $_POST['valid'] == '1' || $from_admin) {
    $adh = null;
    $login_adh = null;
    if (($login->isAdmin() || $login->isStaff()) && isset($_GET['id_adh'])) {
        $adh = new Adherent((int) $_GET['id_adh']);
        $login_adh = $adh->login;
    } else {
        $login_adh = $_POST['login'];
        $adh = new Adherent($login_adh);
    }
    if ($adh->id != '') {
        //account has been found, proceed
        if (Core\GaletteMail::isValidEmail($adh->email)) {
            $password = new Core\Password();
            $res = $password->generateNewPassword($adh->id);
            if ($res == true) {
                $link_validity = new DateTime();
                $link_validity->add(new DateInterval('PT24H'));
                $df = _T("Y-m-d H:i:s");
                $proto = 'http';
                if (isset($_SERVER['HTTPS'])) {
                    $proto = 'https';
                }
                $texts = new Texts($texts_fields, $preferences, array('change_pass_uri' => $proto . '://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['REQUEST_URI']) . '/change_passwd.php?hash=' . urlencode($password->getHash()), 'link_validity' => $link_validity->format(_T("Y-m-d H:i:s")), 'login_adh' => custom_html_entity_decode($adh->login, ENT_QUOTES)));
                $mtxt = $texts->getTexts('pwd', $adh->language);
                $mail = new Core\GaletteMail();
                $mail->setSubject($texts->getSubject());
                $mail->setRecipients(array($adh->email => $adh->sname));
                $mail->setMessage($texts->getBody());