$message = _NONEXISTINGMAIL; $message_type = 'failure'; eF_redirect('' . basename($_SERVER['PHP_SELF']) . '?ctg=reset_pwd&message=' . urlencode($message) . '&message_type=' . $message_type); } } elseif (isset($_GET['id']) && isset($_GET['login'])) { //Second stage, user received the email and clicked on the link $login = $_GET['login']; if (!eF_checkParameter($login, 'login')) { //Possible hacking attempt: malformed user $message = _INVALIDUSER; $message_type = 'failure'; } else { $user = eF_getTableData("users", "email, name", "login='******'"); if (strcmp($_GET['id'], EfrontUser::createPassword($login)) == 0 && sizeof($user) > 0) { $password = implode("", array_map(create_function('$v', 'return chr($v);'), array_rand(array_flip(array_merge(range(48, 57), range(64, 90), range(97, 122))), 10))); $password_encrypted = EfrontUser::createPassword($password); eF_updateTableData("users", array('password' => $password_encrypted), "login='******'"); EfrontEvent::triggerEvent(array("type" => EfrontEvent::SYSTEM_NEW_PASSWORD_REQUEST, "users_LOGIN" => $login, "entity_name" => $password)); $message = _EMAILWITHPASSWORDSENT; eF_redirect('' . basename($_SERVER['PHP_SELF']) . '?message=' . urlencode($message) . '&message_type=success'); } else { $message = _INVALIDUSER; $message_type = 'failure'; } } } $renderer = new HTML_QuickForm_Renderer_ArraySmarty($smarty); $renderer->setRequiredTemplate('{$html}{if $required} <span class = "formRequired">*</span> {/if}'); $form->setJsWarnings(_BEFOREJAVASCRIPTERROR, _AFTERJAVASCRIPTERROR);
/** * Login user * * This function logs the user in the system, using the specified password * <br/>Example: * <code> * $user = EfrontUserFactory :: factory('jdoe'); * $user -> login('mypass'); * </code> * * @param string $password The password to login with * @param boolean $encrypted Whether the password is already encrypted * @return boolean True if the user logged in successfully * @since 3.5.0 * @access public */ public function login($password, $encrypted = false) { //If the user is already logged in, log him out if ($this->isLoggedIn()) { //If the user is logged in right now on the same pc with the same session, return true (nothing to do) if ($this->isLoggedIn(session_id())) { if (!$encrypted && EfrontUser::createPassword($password) != $this->user['password']) { throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD); } else { if ($encrypted && $password != $this->user['password']) { throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD); } } return true; } elseif (!$this->allowMultipleLogin()) { $this->logout(); } } //If we are logged in as another user, log him out if (isset($_SESSION['s_login']) && $_SESSION['s_login'] != $this->user['login']) { try { EfrontUserFactory::factory($_SESSION['s_login'])->logout(session_id()); } catch (Exception $e) { } } //Empty session without destroying it foreach ($_SESSION as $key => $value) { if ($key != 'login_mode' && strpos($key, "facebook") === false) { //'login_mode' is used to facilitate lesson registrations unset($_SESSION[$key]); } } if ($this->user['pending']) { throw new EfrontUserException(_USERPENDING, EfrontUserException::USER_PENDING); } if (!$this->user['active']) { throw new EfrontUserException(_USERINACTIVE, EfrontUserException::USER_INACTIVE); } if ($this->isLdapUser) { //Authenticate LDAP user if (!eF_checkUserLdap($this->user['login'], $password)) { throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD); } } else { if (!$encrypted) { $password = EfrontUser::createPassword($password); } if ($password != $this->user['password']) { throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD); } } //if user language is deactivated or deleted, login user with system default language if ($GLOBALS['configuration']['onelanguage']) { $loginLanguage = $GLOBALS['configuration']['default_language']; } else { $activeLanguages = array_keys(EfrontSystem::getLanguages(true, true)); if (in_array($this->user['languages_NAME'], $activeLanguages)) { $loginLanguage = $this->user['languages_NAME']; } else { $loginLanguage = $GLOBALS['configuration']['default_language']; } } //Assign session variables $_SESSION['s_login'] = $this->user['login']; $_SESSION['s_password'] = $this->user['password']; $_SESSION['s_type'] = $this->user['user_type']; $_SESSION['s_language'] = $loginLanguage; $_SESSION['s_custom_identifier'] = sha1(microtime() . $this->user['login']); $_SESSION['s_time_target'] = array(0 => 'system'); //'s_time_target' is used to signify which of the system's area the user is currently accessing. It is a id => entity pair //$_SESSION['last_action_timestamp'] = time(); //Initialize first action //Insert log entry $fields_insert = array('users_LOGIN' => $this->user['login'], 'timestamp' => time(), 'action' => 'login', 'comments' => session_id(), 'session_ip' => eF_encodeIP($_SERVER['REMOTE_ADDR'])); eF_insertTableData("logs", $fields_insert); eF_updateTableData("users", array('last_login' => time()), "login='******'login']}'"); if ($GLOBALS['configuration']['ban_failed_logins']) { eF_deleteTableData("logs", "users_LOGIN='******'login'] . "' and action='failed_login'"); } //Insert user times entry $fields = array("session_timestamp" => time(), "session_id" => session_id(), "session_custom_identifier" => $_SESSION['s_custom_identifier'], "session_expired" => 0, "users_LOGIN" => $_SESSION['s_login'], "timestamp_now" => time(), "time" => 0, "entity" => 'system', "entity_id" => 0); eF_insertTableData("user_times", $fields); return true; }
protected function updateExistingData($line, $type, $data) { $this->cleanUpEmptyValues($data); try { switch ($type) { case "users": if (isset($data['password']) && $data['password'] != "" && $data['password'] != "ldap") { $data['password'] = EfrontUser::createPassword($data['password']); } eF_updateTableData("users", $data, "login='******'login'] . "'"); $this->log["success"][] = _LINE . " {$line}: " . _REPLACEDUSER . " " . $data['login']; EfrontCache::getInstance()->deleteCache('usernames'); break; case "users_to_courses": $where = "users_login='******'users_login'] . "' AND courses_ID = " . $data['courses_ID']; EfrontCourse::persistCourseUsers($data, $where, $data['courses_ID'], $data['users_login']); $this->log["success"][] = _LINE . " {$line}: " . _REPLACEDEXISTINGASSIGNMENT; break; case "users_to_lessons": eF_updateTableData("users_to_lessons", $data, "users_login='******'users_login'] . "' AND lessons_ID = " . $data['lessons_ID']); $this->log["success"][] = _LINE . " {$line}: " . _REPLACEDEXISTINGASSIGNMENT; break; case "users_to_groups": break; #cpp#ifdef ENTERPRISE #cpp#ifdef ENTERPRISE case "employees": eF_updateTableData("module_hcd_employees", $data, "users_login='******'users_login'] . "'"); $this->log["success"][] = _LINE . " {$line}: " . _REPLACEDUSER . " " . $data['users_login']; break; case "branches": eF_updateTableData("module_hcd_branch", $data, "branch_ID ='" . $data['branch_ID'] . "'"); $this->log["success"][] = _LINE . " {$line}: " . _REPLACEDEXISTINGBRANCH . " " . $data['name']; break; case "job_descriptions": if ($data['branch_ID'] != "all") { $branch_condition = " AND branch_ID = " . $data['branch_ID']; } eF_updateTableData("module_hcd_job_description", $data, "description ='" . $data['job_description_ID'] . "' " . $branch_condition); $this->log["success"][] = _LINE . " {$line}: " . _REPLACEDEXISTINGJOB . " " . $data['description']; break; case "skills": eF_updateTableData("module_hcd_skills", $data, "skill_ID ='" . $data['skill_ID'] . "'"); $this->log["success"][] = _LINE . " {$line}: " . _REPLACEDEXISTINGSKILL . " " . $data['description']; break; case "users_to_jobs": // Done in importData to avoid re-creating the same objects // Done in importData to avoid re-creating the same objects case "users_to_skills": // Done automatically in importData by $skill->assignToUser break; case "courses_to_branches": // break; #cpp#endif } } catch (Exception $e) { $this->log["failure"][] = _LINE . " {$line}: " . $e->getMessage(); } }
echo "<xml>"; echo "<status>error</status>"; echo "<message>Incomplete arguments</message>"; echo "</xml>"; } } else { echo "<xml>"; echo "<status>error</status>"; echo "<message>Invalid token</message>"; echo "</xml>"; } break; case 'update_user': if (isset($_GET['token']) && checkToken($_GET['token'])) { if (isset($_GET['login']) && isset($_GET['password']) && isset($_GET['email']) && isset($_GET['name']) && isset($_GET['surname'])) { $fields['password'] = EfrontUser::createPassword($_GET['password']); $fields['email'] = $_GET['email']; $fields['name'] = $_GET['name']; $fields['surname'] = $_GET['surname']; if (eF_updateTableData("users", $fields, "login='******'login'] . "'")) { echo "<xml>"; echo "<status>ok</status>"; echo "</xml>"; } else { echo "<xml>"; echo "<status>error</status>"; echo "<message>User exists</message>"; echo "</xml>"; } } else { echo "<xml>";
foreach ($constrainAccess as $value) { unset($userProperties[$value]); } if ($values['ldap_user'] && !$editedUser->isLdapUser) { $userProperties['password'] = '******'; } else { if (!$values['password_']) { //If a password is not set, don't set it if (!$values['ldap_user'] && $editedUser->isLdapUser && $currentUser->user['login'] != $editedUser->user['login']) { $userProperties['password'] = ''; $ldapMessage = ' ' . _PLEASEREMEMBERTOSETUPAPASSWORD; } else { unset($userProperties['password']); } } else { $userProperties['password'] = EfrontUser::createPassword($userProperties['password']); //encode the password } } $editedUser->user = array_merge($editedUser->user, $userProperties); $editedUser->persist(); if ($currentUser->user['login'] == $editedUser->user['login'] && $_SESSION['s_password'] != $editedUser->user['password']) { $_SESSION['s_password'] = $editedUser->user['password']; } if ($currentUser->user['login'] == $editedUser->user['login'] && $_SESSION['s_language'] != $editedUser->user['languages_NAME']) { $_SESSION['s_language'] = $editedUser->user['languages_NAME']; } } if (!in_array('file_upload', $constrainAccess) && $constrainAccess != 'all') { $avatarDirectory = G_UPLOADPATH . $editedUser->user['login'] . '/avatars'; is_dir($avatarDirectory) or mkdir($avatarDirectory, 0755);
} $redirect_url = $paypal_url . urlencode($query_string); echo "<xml>"; echo "<redirect_url>" . $redirect_url . "</redirect_url>"; echo "</xml>"; } else { echo "<xml>"; echo "<status>error</status>"; echo "<message>Invalid token</message>"; echo "</xml>"; } break; case 'get_user_autologin_key': if (isset($_GET['token']) && checkToken($_GET['token']) && isset($_GET['password']) && isset($_GET['login'])) { $login = $_GET['login']; $password = EfrontUser::createPassword($_GET['password']); $tmp2 = eF_getTableData("users", "password", "login='******'"); $pwd = $tmp2[0]['password']; if ($pwd != $password) { echo "<xml>"; echo "<status>error</status>"; echo "<message>Invalid password</message>"; echo "</xml>"; exit; } try { $user = EfrontUserFactory::factory($login); $result = eF_getTableData("users", "autologin", "login='******'"); echo "<xml>"; echo "<autologin_key>" . $result[0]['autologin'] . "</autologin_key>"; echo "</xml>";
EfrontFacebook::deleteEfUser($_GET['fb_login']); } #cpp#endif } else { if (isset($_GET['delete'])) { unset($additionalAccounts[array_search($_GET['login'], $additionalAccounts)]); } else { if ($_GET['login'] == $_SESSION['s_login']) { throw new Exception(_CANNOTMAPSAMEACCOUNT); } if (in_array($_GET['login'], $additionalAccounts)) { throw new Exception(_ADDITIONALACCOUNTALREADYEXISTS); } //handle ldap users try { $newAccount = EfrontUserFactory::factory($_GET['login'], EfrontUser::createPassword($_GET['pwd'])); } catch (Exception $e) { if ($e->getCode() == EfrontUserException::INVALID_PASSWORD || $e->getCode() == EfrontUserException::USER_NOT_EXISTS) { $newAccount = EfrontUserFactory::factory($_GET['login']); if ($newAccount->user['password'] != 'ldap' || $_GET['pwd'] != 'ldap') { handleAjaxExceptions($e); } } } $additionalAccounts[] = $newAccount->user['login']; unserialize($newAccount->user['additional_accounts']) ? $additionalAccounts2 = unserialize($newAccount->user['additional_accounts']) : ($additionalAccounts2 = array()); $additionalAccounts2[] = $editedUser->user['login']; $newAccount->user['additional_accounts'] = serialize(array_unique($additionalAccounts2)); $newAccount->persist(); } $editedUser->user['additional_accounts'] = serialize(array_unique($additionalAccounts));
break; case 'update_user': if (isset($_GET['token']) && checkToken($_GET['token'])) { if (isset($_GET['login'])) { $languages = EfrontSystem::getLanguages(true, true); if ($_GET['language'] != "" && in_array($_GET['language'], array_keys($languages)) === false) { echo "<xml>"; echo "<status>error</status>"; echo "<message>Invalid language</message>"; echo "</xml>"; exit; } try { $user = EfrontUserFactory::factory($_GET['login']); if (isset($_GET['password']) && $_GET['password'] != "") { $user->user['password'] = EfrontUser::createPassword($_GET['password']); } if (isset($_GET['email']) && $_GET['email'] != "") { $user->user['email'] = $_GET['email']; } if (isset($_GET['name']) && $_GET['name'] != "") { $user->user['name'] = urldecode($_GET['name']); } if (isset($_GET['surname']) && $_GET['surname'] != "") { $user->user['surname'] = urldecode($_GET['surname']); } if ($_GET['language'] != "") { $user->user['languages_NAME'] = $_GET['language']; } if ($_GET['user_types_ID'] != "" && eF_checkParameter($_GET['user_types_ID'], 'id')) { $user->user['user_types_ID'] = $_GET['user_types_ID'];
} EfrontConfiguration::setValue('version_type', G_VERSIONTYPE); EfrontConfiguration::setValue('version_users', ''); EfrontConfiguration::setValue('version_activated', ''); EfrontConfiguration::setValue('version_upgrades', ''); EfrontConfiguration::setValue('version_key', ''); EfrontConfiguration::setValue('time_zone', date_default_timezone_get()); $defaultConfig = EfrontConfiguration::getValues(); $phplivedocxConfig = '<?php define("PATH_ZF","' . G_ROOTPATH . 'Zend/library/' . '"); define("USERNAME","' . $defaultConfig['phplivedocx_username'] . '"); define("PASSWORD","' . $defaultConfig['phplivedocx_password'] . '"); define("PHPLIVEDOCXAPI","' . $defaultConfig['phplivedocx_server'] . '"); ?>'; file_put_contents($path . "phplivedocx_config.php", $phplivedocxConfig); eF_updateTableData("users", array('email' => $values['admin_email'], 'password' => EfrontUser::createPassword($values['admin_password']), 'last_login' => '0')); eF_updateTableData("users", array('login' => $values['admin_name']), "id=1"); eF_updateTableData("courses", array('created' => time())); eF_updateTableData("courses", array('created' => time(), 'creator_LOGIN' => $values['admin_name'])); eF_updateTableData("lessons", array('created' => time(), 'creator_LOGIN' => $values['admin_name'])); eF_updateTableData("users_to_courses", array('from_timestamp' => time())); eF_updateTableData("users_to_lessons", array('from_timestamp' => time())); eF_deleteTableData("logs", ""); eF_deleteTableData("events", ""); EfrontConfiguration::setValue("database_version", G_VERSION_NUM); EfrontConfiguration::setValue("system_Email", $values['admin_email']); $file = new EfrontFile(EfrontDirectory::normalize(getcwd()) . '/lessons.zip'); $newFile = $file->copy(G_LESSONSPATH, true); $newFile->uncompress(); $newFile->delete(); if (G_VERSIONTYPE == 'community') {