$count = 0;
$line = strtok($_POST['user_names'], "\n");
while ($line !== false) {
// strip comments
$line = preg_replace('/#.*/', '', trim($line));
if (!empty($line)) {
$u = usernameToUid($line); // fetch uid
$line = q($line); // escape for messages below
if (!$u) {
$error_mgs[] = "$langErrorDelete: " . q($line);
} else {
if (isset($_POST['delete'])) {
// for uids with no admin rights
if (get_admin_rights($u) < 0) {
// delete user progress report
if (deleteUser($u, true)) {
$success_mgs[] = "$langWithUsername $line $langWasDeleted";
$count++;
} else {
$error_mgs[] = "$langErrorDelete: " . $line;
}
} else {
$error_mgs[] = "$langDeleteAdmin $line $langNotFeasible";
}
} elseif (isset($months)) {
$q = Database::get()->query('UPDATE user
SET expires_at = expires_at + INTERVAL ?d MONTH
WHERE id = ?d', $months, $u);
if ($q) {
function shib_cas_login($type)
{
global $surname, $givenname, $email, $status, $language, $urlServer, $is_admin, $is_power_user, $is_usermanage_user, $is_departmentmanage_user, $langUserAltAuth;
$alt_auth_stud_reg = get_config('alt_auth_stud_reg');
if ($alt_auth_stud_reg == 2) {
$autoregister = TRUE;
} else {
$autoregister = FALSE;
}
if ($type == 'shibboleth') {
$uname = $_SESSION['shib_uname'];
$email = $_SESSION['shib_email'];
$shib_surname = $_SESSION['shib_surname'];
$shibsettings = Database::get()->querySingle("SELECT auth_settings FROM auth WHERE auth_id = 6");
if ($shibsettings) {
if ($shibsettings->auth_settings != 'shibboleth' and $shibsettings->auth_settings != '') {
$shibseparator = $shibsettings->auth_settings;
}
if (strpos($shib_surname, $shibseparator)) {
$temp = explode($shibseparator, $shib_surname);
$givenname = $temp[0];
$surname = $temp[1];
}
}
} elseif ($type == 'cas') {
$uname = $_SESSION['cas_uname'];
$surname = $_SESSION['cas_surname'];
$givenname = $_SESSION['cas_givenname'];
$email = isset($_SESSION['cas_email']) ? $_SESSION['cas_email'] : '';
}
// user is authenticated, now let's see if he is registered also in db
if (get_config('case_insensitive_usernames')) {
$sqlLogin = "******";
} else {
$sqlLogin = "******";
}
$r = Database::get()->querySingle("SELECT id, surname, username, password, givenname, status, email, lang, verified_mail\n\t\t\t\t\t\tFROM user WHERE username {$sqlLogin}", $uname);
if ($r) {
// if user found
foreach ($r as $info) {
if ($info->password != $type) {
// has different auth method - redirect to home page
unset($_SESSION['shib_uname']);
unset($_SESSION['shib_email']);
unset($_SESSION['shib_surname']);
unset($_SESSION['cas_uname']);
unset($_SESSION['cas_email']);
unset($_SESSION['cas_surname']);
unset($_SESSION['cas_givenname']);
Session::Messages($langUserAltAuth, 'alert-danger');
redirect_to_home_page();
} else {
// don't force email address from CAS/Shibboleth.
// user might prefer a different one
if (!empty($info->email)) {
$email = $info->email;
}
if (!empty($info->status)) {
$status = $info->status;
}
// update user information
Database::get()->query("UPDATE user SET surname = ?s, givenname = ?s, email = ?s\n WHERE id = ?d", $surname, $givenname, $email, $info->id);
// check for admin privileges
$admin_rights = get_admin_rights($info->id);
if ($admin_rights == ADMIN_USER) {
$is_active = 1;
// admin user is always active
$_SESSION['is_admin'] = 1;
$is_admin = 1;
} elseif ($admin_rights == POWER_USER) {
$_SESSION['is_power_user'] = 1;
$is_power_user = 1;
} elseif ($admin_rights == USERMANAGE_USER) {
$_SESSION['is_usermanage_user'] = 1;
$is_usermanage_user = 1;
} elseif ($admin_rights == DEPARTMENTMANAGE_USER) {
$_SESSION['is_departmentmanage_user'] = 1;
$is_departmentmanage_user = 1;
}
$_SESSION['uid'] = $info->id;
if (isset($_SESSION['langswitch'])) {
$language = $_SESSION['langswitch'];
} else {
$language = $info->lang;
}
}
}
} elseif ($autoregister and !get_config('am_required')) {
// else create him automatically
if (get_config('email_verification_required')) {
$verified_mail = 0;
$_SESSION['mail_verification_required'] = 1;
} else {
$verified_mail = 2;
}
$_SESSION['uid'] = Database::get()->query("INSERT INTO user SET surname = ?, givenname = ?, password = ?, \n username = ?s, email = ?s, status = ?d, lang = 'el', \n registered_at = " . DBHelper::timeAfter() . ", expires_at = " . DBHelper::timeAfter(get_config('account_duration')) . ", whitelist = ''", $surname, $givenname, $type, $uname, $email, USER_STUDENT)->lastInsertID;
$language = $_SESSION['langswitch'] = 'el';
} else {
// user not registered, automatic registration disabled
// redirect to registration screen
foreach (array_keys($_SESSION) as $key) {
unset($_SESSION[$key]);
}
session_destroy();
header("Location: {$urlServer}modules/auth/registration.php");
exit;
}
$_SESSION['uname'] = $uname;
$_SESSION['surname'] = $surname;
$_SESSION['givenname'] = $givenname;
$_SESSION['email'] = $email;
$_SESSION['status'] = $status;
//$_SESSION['is_admin'] = $is_admin;
$_SESSION['shib_user'] = 1;
// now we are shibboleth user
Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action)\n\t\t\t\t\tVALUES ({$_SESSION['uid']}, '{$_SERVER['REMOTE_ADDR']}', " . DBHelper::timeAfter() . ", 'LOGIN')");
if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) {
$_SESSION['mail_verification_required'] = 1;
// init.php is already loaded so redirect from here
header("Location:" . $urlServer . "modules/auth/mail_verify_change.php");
}
}
session_id($session_id);
session_start();
require_once '../../include/init.php';
require_once 'modules/auth/auth.inc.php';
// validate token timestamp
if (!token_validate($username . $session_id, $token, 500)) {
exit;
}
$exists = Database::get()->querySingle("SELECT 1 AS `exists` FROM user_sso WHERE username = ?s AND token = ?s AND session_id = ?s", $username, $token, $session_id);
if ($exists && intval($exists->exists) === 1) {
foreach (array_keys($_SESSION) as $key) {
unset($_SESSION[$key]);
}
$user = Database::get()->querySingle("SELECT * FROM user WHERE username COLLATE utf8_bin = ?s", $username);
$is_active = check_activity($user->id);
$admin_rights = get_admin_rights($user->id);
if ($admin_rights == ADMIN_USER) {
$is_active = 1;
// admin user is always active
$_SESSION['is_admin'] = 1;
} elseif ($admin_rights == POWER_USER) {
$_SESSION['is_power_user'] = 1;
} elseif ($admin_rights == USERMANAGE_USER) {
$_SESSION['is_usermanage_user'] = 1;
} elseif ($admin_rights == DEPARTMENTMANAGE_USER) {
$_SESSION['is_departmentmanage_user'] = 1;
}
if ($is_active) {
$_SESSION['uid'] = intval($user->id);
$_SESSION['uname'] = $user->username;
$_SESSION['surname'] = $user->surname;
<input type='hidden' name='u' value='$u'>
</fieldset>
</form>
</div>";
draw($tool_content, 3, null, $head_content);
exit;
}
if (!$u_submitted) { // if the form was not submitted
// Display Actions Toolbar
$ind_u = getIndirectReference($u);
$tool_content .= action_bar(array(
array('title' => $langUserMerge,
'url' => "mergeuser.php?u=$u",
'icon' => 'fa-share-alt',
'level' => 'primary-label',
'show' => ($u != 1 and get_admin_rights($u) < 0)),
array('title' => $langChangePass,
'url' => "password.php?userid=$u",
'icon' => 'fa-key',
'level' => 'primary-label',
'show' => !(in_array($info->password, $auth_ids))),
array('title' => $langEditAuth,
'url' => "$_SERVER[SCRIPT_NAME]?u=$u&edit=auth",
'icon' => 'fa-key',
'level' => 'primary'),
array('title' => $langDelUser,
'url' => "deluser.php?u=$ind_u",
'icon' => 'fa-times',
'level' => 'primary',
'show' => $u > 1),
array('title' => $langBack,
if (get_admin_rights($user) > 0) {
$tool_content .= "<div class='alert alert-warning'>" .
sprintf($langCantDeleteAdmin, $u_desc) . ' ' .
$langIfDeleteAdmin .
"</div>";
} else {
$tool_content .= "<div class='alert alert-warning'>$langConfirmDeleteQuestion1 $u_desc<br>
$langConfirmDeleteQuestion3
</div>
<form method='post' action='$_SERVER[SCRIPT_NAME]?u=$iuid'>
<input class='btn btn-danger' type='submit' name='doit' value='$langDelete'>
</form>";
}
} else {
$tool_content .= "<div class='alert alert-danger'>$langErrorDelete</div>";
}
} else {
if (get_admin_rights($user) > 0) {
Session::Messages($langTryDeleteAdmin, 'alert-danger');
redirect_to_home_page("modules/admin/deluser.php?u=$iuid");
} else {
if (deleteUser($user, true)) {
Session::Messages("$langWithUsername \"$u_account\" ($u_realname) $langWasDeleted.", 'alert-info');
} else {
Session::Messages($langErrorDelete, 'alert-danger');
}
redirect_to_home_page('modules/admin/listusers.php');
}
}
draw($tool_content, 3);
@file mergeuser.php
@Description: Merge two users
*/
$require_usermanage_user = true;
require_once '../../include/baseTheme.php';
require_once 'modules/auth/auth.inc.php';
$toolName = $langUserMerge;
$navigation[] = array('url' => 'index.php', 'name' => $langAdmin);
$navigation[] = array('url' => 'listusers.php', 'name' => $langListUsersActions);
if (isset($_REQUEST['u'])) {
$u = intval($_REQUEST['u']);
$navigation[] = array('url' => "edituser.php?u=$u", 'name' => $langEditUser);
if ($u == 1 or get_admin_rights($u) >= 0) {
$tool_content = "<div class='alert alert-danger'>$langUserMergeAdminForbidden</div>";
draw($tool_content, 3);
exit;
}
$info = Database::get()->querySingle("SELECT * FROM user WHERE id = ?s", $u);
if ($info) {
$info = (array) $info;
$auth_id = isset($auth_ids[$info['password']]) ? $auth_ids[$info['password']] : 1;
$legend = q(sprintf($langUserMergeLegend, $info['username']));
$status_names = array(USER_GUEST => $langGuest, USER_TEACHER => $langTeacher, USER_STUDENT => $langStudent);
$target = false;
$pageName = $legend;
$tool_content .= action_bar(array(
array('title' => $langBack,
$current_auth = 1;
$auth_names[1] = get_auth_info(1);
foreach (get_auth_active_methods() as $auth) {
$auth_names[$auth] = get_auth_info($auth);
if ($info->password == $auth_ids[$auth]) {
$current_auth = $auth;
}
}
$tool_content .= "<div class='form-wrapper'>\n <form class='form-horizontal' role='form' method='post' action='{$_SERVER['SCRIPT_NAME']}'>\n <fieldset> \n <div class='form-group'>\n <label class='col-sm-2 control-label'>{$langEditAuthMethod}</label>\n <div class='col-sm-10'>" . selection($auth_names, 'auth', intval($current_auth), "class='form-control'") . "</div>\n </div>\n <div class='col-sm-offset-2 col-sm-10'>\n <input class='btn btn-primary' type='submit' name='submit_editauth' value='{$langModify}'>\n </div> \n <input type='hidden' name='u' value='{$u}'>\n </fieldset>\n </form>\n </div>";
draw($tool_content, 3, null, $head_content);
exit;
}
if (!$u_submitted) {
// if the form was not submitted
// Display Actions Toolbar
$tool_content .= action_bar(array(array('title' => $langUserMerge, 'url' => "mergeuser.php?u={$u}", 'icon' => 'fa-share-alt', 'level' => 'primary-label', 'show' => $u != 1 and get_admin_rights($u) < 0), array('title' => $langChangePass, 'url' => "password.php?userid={$u}", 'icon' => 'fa-key', 'level' => 'primary-label', 'show' => !in_array($info->password, $auth_ids)), array('title' => $langEditAuth, 'url' => "{$_SERVER['SCRIPT_NAME']}?u={$u}&edit=auth", 'icon' => 'fa-key', 'level' => 'primary'), array('title' => $langDelUser, 'url' => "deluser.php?u={$u}", 'icon' => 'fa-times', 'level' => 'primary'), array('title' => $langBack, 'url' => "listusers.php", 'icon' => 'fa-reply', 'level' => 'primary')));
$tool_content .= "<div class='form-wrapper'>\n <form class='form-horizontal' role='form' name='edituser' method='post' action='{$_SERVER['SCRIPT_NAME']}' onsubmit='return validateNodePickerForm();'>\n <fieldset> \n <div class='form-group'>\n <label class='col-sm-2 control-label'>{$langSurname}</label>\n <div class='col-sm-10'>\n <input type='text' name='lname' size='50' value='" . q($info->surname) . "'>\n </div>\n </div>\n <div class='form-group'>\n <label class='col-sm-2 control-label'>{$langName}</label>\n <div class='col-sm-10'>\n <input type='text' name='fname' size='50' value='" . q($info->givenname) . "'>\n </div>\n </div>";
if (!in_array($info->password, $auth_ids)) {
$tool_content .= "<div class='form-group'>\n <label class='col-sm-2 control-label'>{$langUsername}</label>\n <div class='col-sm-10'>\n <input type='text' name='username' size='50' value='" . q($info->username) . "'>\n </div>\n </div>";
} else {
// means that it is external auth method, so the user cannot change this password
switch ($info->password) {
case "pop3":
$auth = 2;
break;
case "imap":
$auth = 3;
break;
case "ldap":
$auth = 4;
break;
function shib_cas_login($type) {
global $surname, $givenname, $email, $status, $language, $session,
$urlServer, $is_admin, $is_power_user, $is_usermanage_user,
$is_departmentmanage_user, $langUserAltAuth, $langRegistrationDenied;
$alt_auth_stud_reg = get_config('alt_auth_stud_reg');
if ($alt_auth_stud_reg == 2) {
$autoregister = TRUE;
} else {
$autoregister = FALSE;
}
if ($type == 'shibboleth') {
$uname = $_SESSION['shib_uname'];
$email = $_SESSION['shib_email'];
$shib_surname = $_SESSION['shib_surname'];
$shibsettings = Database::get()->querySingle("SELECT auth_settings FROM auth WHERE auth_id = 6");
if ($shibsettings) {
if ($shibsettings->auth_settings != 'shibboleth' and $shibsettings->auth_settings != '') {
$shibseparator = $shibsettings->auth_settings;
}
if (strpos($shib_surname, $shibseparator)) {
$temp = explode($shibseparator, $shib_surname);
$givenname = $temp[0];
$surname = $temp[1];
}
}
} elseif ($type == 'cas') {
$uname = $_SESSION['cas_uname'];
$surname = $_SESSION['cas_surname'];
$givenname = $_SESSION['cas_givenname'];
$email = isset($_SESSION['cas_email']) ? $_SESSION['cas_email'] : '';
$am = isset($_SESSION['cas_userstudentid']) ? $_SESSION['cas_userstudentid'] : '';
}
// Attributes passed to login_hook()
$attributes = array();
if (isset($_SESSION['cas_attributes'])) {
foreach ($_SESSION['cas_attributes'] as $name => $value) {
$attributes[strtolower($name)] = $value;
}
}
// user is authenticated, now let's see if he is registered also in db
if (get_config('case_insensitive_usernames')) {
$sqlLogin = "******";
} else {
$sqlLogin = "******";
}
$info = Database::get()->querySingle("SELECT id, surname, username, password, givenname, status, email, lang, verified_mail
FROM user WHERE username $sqlLogin", $uname);
if ($info) {
// if user found
if ($info->password != $type) {
// has different auth method - redirect to home page
unset($_SESSION['shib_uname']);
unset($_SESSION['shib_email']);
unset($_SESSION['shib_surname']);
unset($_SESSION['cas_uname']);
unset($_SESSION['cas_email']);
unset($_SESSION['cas_surname']);
unset($_SESSION['cas_givenname']);
unset($_SESSION['cas_userstudentid']);
Session::Messages($langUserAltAuth, 'alert-danger');
redirect_to_home_page();
} else {
// don't force email address from CAS/Shibboleth.
// user might prefer a different one
if (!empty($info->email)) {
$email = $info->email;
}
$userObj = new User();
$options = login_hook(array(
'user_id' => $info->id,
'attributes' => $attributes,
'status' => $info->status,
'departments' => $userObj->getDepartmentIds($info->id),
'am' => $am));
if (!$options['accept']) {
foreach (array_keys($_SESSION) as $key) {
unset($_SESSION[$key]);
}
Session::Messages($langRegistrationDenied, 'alert-warning');
redirect_to_home_page();
}
$status = $options['status'];
// update user information
Database::get()->query("UPDATE user SET surname = ?s, givenname = ?s, email = ?s,
status = ?d WHERE id = ?d",
$surname, $givenname, $email, $status, $info->id);
$userObj->refresh($info->id, $options['departments']);
user_hook($_SESSION['uid']);
// check for admin privileges
$admin_rights = get_admin_rights($info->id);
if ($admin_rights == ADMIN_USER) {
$is_active = 1; // admin user is always active
$_SESSION['is_admin'] = 1;
$is_admin = 1;
} elseif ($admin_rights == POWER_USER) {
$_SESSION['is_power_user'] = 1;
$is_power_user = 1;
} elseif ($admin_rights == USERMANAGE_USER) {
$_SESSION['is_usermanage_user'] = 1;
$is_usermanage_user = 1;
} elseif ($admin_rights == DEPARTMENTMANAGE_USER) {
$_SESSION['is_departmentmanage_user'] = 1;
$is_departmentmanage_user = 1;
}
$_SESSION['uid'] = $info->id;
if (isset($_SESSION['langswitch'])) {
$language = $_SESSION['langswitch'];
} else {
$language = $info->lang;
}
}
} elseif ($autoregister and !(get_config('am_required') and empty($am))) {
// if user not found and autoregister enabled, create user
$verified_mail = EMAIL_UNVERIFIED;
if (isset($_SESSION['cas_email'])) {
$verified_mail = EMAIL_VERIFIED;
} else { // redirect user to mail_verify_change.php
$_SESSION['mail_verification_required'] = 1;
}
$options = login_hook(array(
'user_id' => null,
'attributes' => $attributes,
'am' => $am));
if (!$options['accept']) {
foreach (array_keys($_SESSION) as $key) {
unset($_SESSION[$key]);
}
Session::Messages($langRegistrationDenied, 'alert-warning');
redirect_to_home_page();
}
$status = $options['status'];
$_SESSION['uid'] = Database::get()->query("INSERT INTO user
SET surname = ?s, givenname = ?s, password = ?s,
username = ?s, email = ?s, status = ?d, lang = ?s,
am = ?s, verified_mail = ?d,
registered_at = " . DBHelper::timeAfter() . ",
expires_at = " . DBHelper::timeAfter(get_config('account_duration')) . ",
whitelist = ''",
$surname, $givenname, $type, $uname, $email, $status,
$language, $options['am'], $verified_mail)->lastInsertID;
$userObj = new User();
$userObj->refresh($_SESSION['uid'], $options['departments']);
user_hook($_SESSION['uid']);
} else {
// user not registered, automatic registration disabled
// redirect to registration screen
foreach (array_keys($_SESSION) as $key) {
unset($_SESSION[$key]);
}
session_destroy();
redirect_to_home_page('modules/auth/registration.php');
exit;
}
$_SESSION['uname'] = $uname;
$_SESSION['surname'] = $surname;
$_SESSION['givenname'] = $givenname;
$_SESSION['email'] = $email;
$_SESSION['status'] = $status;
//$_SESSION['is_admin'] = $is_admin;
$_SESSION['shib_user'] = 1; // now we are shibboleth user
Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action)
VALUES ($_SESSION[uid], '$_SERVER[REMOTE_ADDR]', " . DBHelper::timeAfter() . ", 'LOGIN')");
$session->setLoginTimestamp();
if (get_config('email_verification_required') and
get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) {
$_SESSION['mail_verification_required'] = 1;
// init.php is already loaded so redirect from here
redirect_to_home_page('modules/auth/mail_verify_change.php');
}
}
