$message = _NONEXISTINGMAIL;
$message_type = 'failure';
eF_redirect('' . basename($_SERVER['PHP_SELF']) . '?ctg=reset_pwd&message=' . urlencode($message) . '&message_type=' . $message_type);
}
} elseif (isset($_GET['id']) && isset($_GET['login'])) {
//Second stage, user received the email and clicked on the link
$login = $_GET['login'];
if (!eF_checkParameter($login, 'login')) {
//Possible hacking attempt: malformed user
$message = _INVALIDUSER;
$message_type = 'failure';
} else {
$user = eF_getTableData("users", "email, name", "login='******'");
if (strcmp($_GET['id'], EfrontUser::createPassword($login)) == 0 && sizeof($user) > 0) {
$password = implode("", array_map(create_function('$v', 'return chr($v);'), array_rand(array_flip(array_merge(range(48, 57), range(64, 90), range(97, 122))), 10)));
$password_encrypted = EfrontUser::createPassword($password);
eF_updateTableData("users", array('password' => $password_encrypted), "login='******'");
EfrontEvent::triggerEvent(array("type" => EfrontEvent::SYSTEM_NEW_PASSWORD_REQUEST, "users_LOGIN" => $login, "entity_name" => $password));
$message = _EMAILWITHPASSWORDSENT;
eF_redirect('' . basename($_SERVER['PHP_SELF']) . '?message=' . urlencode($message) . '&message_type=success');
} else {
$message = _INVALIDUSER;
$message_type = 'failure';
}
}
}
$renderer = new HTML_QuickForm_Renderer_ArraySmarty($smarty);
$renderer->setRequiredTemplate('{$html}{if $required}
<span class = "formRequired">*</span>
{/if}');
$form->setJsWarnings(_BEFOREJAVASCRIPTERROR, _AFTERJAVASCRIPTERROR);
/**
* Login user
*
* This function logs the user in the system, using the specified password
* <br/>Example:
* <code>
* $user = EfrontUserFactory :: factory('jdoe');
* $user -> login('mypass');
* </code>
*
* @param string $password The password to login with
* @param boolean $encrypted Whether the password is already encrypted
* @return boolean True if the user logged in successfully
* @since 3.5.0
* @access public
*/
public function login($password, $encrypted = false)
{
//If the user is already logged in, log him out
if ($this->isLoggedIn()) {
//If the user is logged in right now on the same pc with the same session, return true (nothing to do)
if ($this->isLoggedIn(session_id())) {
if (!$encrypted && EfrontUser::createPassword($password) != $this->user['password']) {
throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD);
} else {
if ($encrypted && $password != $this->user['password']) {
throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD);
}
}
return true;
} elseif (!$this->allowMultipleLogin()) {
$this->logout();
}
}
//If we are logged in as another user, log him out
if (isset($_SESSION['s_login']) && $_SESSION['s_login'] != $this->user['login']) {
try {
EfrontUserFactory::factory($_SESSION['s_login'])->logout(session_id());
} catch (Exception $e) {
}
}
//Empty session without destroying it
foreach ($_SESSION as $key => $value) {
if ($key != 'login_mode' && strpos($key, "facebook") === false) {
//'login_mode' is used to facilitate lesson registrations
unset($_SESSION[$key]);
}
}
if ($this->user['pending']) {
throw new EfrontUserException(_USERPENDING, EfrontUserException::USER_PENDING);
}
if (!$this->user['active']) {
throw new EfrontUserException(_USERINACTIVE, EfrontUserException::USER_INACTIVE);
}
if ($this->isLdapUser) {
//Authenticate LDAP user
if (!eF_checkUserLdap($this->user['login'], $password)) {
throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD);
}
} else {
if (!$encrypted) {
$password = EfrontUser::createPassword($password);
}
if ($password != $this->user['password']) {
throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD);
}
}
//if user language is deactivated or deleted, login user with system default language
if ($GLOBALS['configuration']['onelanguage']) {
$loginLanguage = $GLOBALS['configuration']['default_language'];
} else {
$activeLanguages = array_keys(EfrontSystem::getLanguages(true, true));
if (in_array($this->user['languages_NAME'], $activeLanguages)) {
$loginLanguage = $this->user['languages_NAME'];
} else {
$loginLanguage = $GLOBALS['configuration']['default_language'];
}
}
//Assign session variables
$_SESSION['s_login'] = $this->user['login'];
$_SESSION['s_password'] = $this->user['password'];
$_SESSION['s_type'] = $this->user['user_type'];
$_SESSION['s_language'] = $loginLanguage;
$_SESSION['s_custom_identifier'] = sha1(microtime() . $this->user['login']);
$_SESSION['s_time_target'] = array(0 => 'system');
//'s_time_target' is used to signify which of the system's area the user is currently accessing. It is a id => entity pair
//$_SESSION['last_action_timestamp'] = time(); //Initialize first action
//Insert log entry
$fields_insert = array('users_LOGIN' => $this->user['login'], 'timestamp' => time(), 'action' => 'login', 'comments' => session_id(), 'session_ip' => eF_encodeIP($_SERVER['REMOTE_ADDR']));
eF_insertTableData("logs", $fields_insert);
eF_updateTableData("users", array('last_login' => time()), "login='******'login']}'");
if ($GLOBALS['configuration']['ban_failed_logins']) {
eF_deleteTableData("logs", "users_LOGIN='******'login'] . "' and action='failed_login'");
}
//Insert user times entry
$fields = array("session_timestamp" => time(), "session_id" => session_id(), "session_custom_identifier" => $_SESSION['s_custom_identifier'], "session_expired" => 0, "users_LOGIN" => $_SESSION['s_login'], "timestamp_now" => time(), "time" => 0, "entity" => 'system', "entity_id" => 0);
eF_insertTableData("user_times", $fields);
return true;
}
protected function updateExistingData($line, $type, $data)
{
$this->cleanUpEmptyValues($data);
try {
switch ($type) {
case "users":
if (isset($data['password']) && $data['password'] != "" && $data['password'] != "ldap") {
$data['password'] = EfrontUser::createPassword($data['password']);
}
eF_updateTableData("users", $data, "login='******'login'] . "'");
$this->log["success"][] = _LINE . " {$line}: " . _REPLACEDUSER . " " . $data['login'];
EfrontCache::getInstance()->deleteCache('usernames');
break;
case "users_to_courses":
$where = "users_login='******'users_login'] . "' AND courses_ID = " . $data['courses_ID'];
EfrontCourse::persistCourseUsers($data, $where, $data['courses_ID'], $data['users_login']);
$this->log["success"][] = _LINE . " {$line}: " . _REPLACEDEXISTINGASSIGNMENT;
break;
case "users_to_lessons":
eF_updateTableData("users_to_lessons", $data, "users_login='******'users_login'] . "' AND lessons_ID = " . $data['lessons_ID']);
$this->log["success"][] = _LINE . " {$line}: " . _REPLACEDEXISTINGASSIGNMENT;
break;
case "users_to_groups":
break;
#cpp#ifdef ENTERPRISE
#cpp#ifdef ENTERPRISE
case "employees":
eF_updateTableData("module_hcd_employees", $data, "users_login='******'users_login'] . "'");
$this->log["success"][] = _LINE . " {$line}: " . _REPLACEDUSER . " " . $data['users_login'];
break;
case "branches":
eF_updateTableData("module_hcd_branch", $data, "branch_ID ='" . $data['branch_ID'] . "'");
$this->log["success"][] = _LINE . " {$line}: " . _REPLACEDEXISTINGBRANCH . " " . $data['name'];
break;
case "job_descriptions":
if ($data['branch_ID'] != "all") {
$branch_condition = " AND branch_ID = " . $data['branch_ID'];
}
eF_updateTableData("module_hcd_job_description", $data, "description ='" . $data['job_description_ID'] . "' " . $branch_condition);
$this->log["success"][] = _LINE . " {$line}: " . _REPLACEDEXISTINGJOB . " " . $data['description'];
break;
case "skills":
eF_updateTableData("module_hcd_skills", $data, "skill_ID ='" . $data['skill_ID'] . "'");
$this->log["success"][] = _LINE . " {$line}: " . _REPLACEDEXISTINGSKILL . " " . $data['description'];
break;
case "users_to_jobs":
// Done in importData to avoid re-creating the same objects
// Done in importData to avoid re-creating the same objects
case "users_to_skills":
// Done automatically in importData by $skill->assignToUser
break;
case "courses_to_branches":
//
break;
#cpp#endif
}
} catch (Exception $e) {
$this->log["failure"][] = _LINE . " {$line}: " . $e->getMessage();
}
}
echo "<xml>";
echo "<status>error</status>";
echo "<message>Incomplete arguments</message>";
echo "</xml>";
}
} else {
echo "<xml>";
echo "<status>error</status>";
echo "<message>Invalid token</message>";
echo "</xml>";
}
break;
case 'update_user':
if (isset($_GET['token']) && checkToken($_GET['token'])) {
if (isset($_GET['login']) && isset($_GET['password']) && isset($_GET['email']) && isset($_GET['name']) && isset($_GET['surname'])) {
$fields['password'] = EfrontUser::createPassword($_GET['password']);
$fields['email'] = $_GET['email'];
$fields['name'] = $_GET['name'];
$fields['surname'] = $_GET['surname'];
if (eF_updateTableData("users", $fields, "login='******'login'] . "'")) {
echo "<xml>";
echo "<status>ok</status>";
echo "</xml>";
} else {
echo "<xml>";
echo "<status>error</status>";
echo "<message>User exists</message>";
echo "</xml>";
}
} else {
echo "<xml>";
foreach ($constrainAccess as $value) {
unset($userProperties[$value]);
}
if ($values['ldap_user'] && !$editedUser->isLdapUser) {
$userProperties['password'] = '******';
} else {
if (!$values['password_']) {
//If a password is not set, don't set it
if (!$values['ldap_user'] && $editedUser->isLdapUser && $currentUser->user['login'] != $editedUser->user['login']) {
$userProperties['password'] = '';
$ldapMessage = ' ' . _PLEASEREMEMBERTOSETUPAPASSWORD;
} else {
unset($userProperties['password']);
}
} else {
$userProperties['password'] = EfrontUser::createPassword($userProperties['password']);
//encode the password
}
}
$editedUser->user = array_merge($editedUser->user, $userProperties);
$editedUser->persist();
if ($currentUser->user['login'] == $editedUser->user['login'] && $_SESSION['s_password'] != $editedUser->user['password']) {
$_SESSION['s_password'] = $editedUser->user['password'];
}
if ($currentUser->user['login'] == $editedUser->user['login'] && $_SESSION['s_language'] != $editedUser->user['languages_NAME']) {
$_SESSION['s_language'] = $editedUser->user['languages_NAME'];
}
}
if (!in_array('file_upload', $constrainAccess) && $constrainAccess != 'all') {
$avatarDirectory = G_UPLOADPATH . $editedUser->user['login'] . '/avatars';
is_dir($avatarDirectory) or mkdir($avatarDirectory, 0755);
}
$redirect_url = $paypal_url . urlencode($query_string);
echo "<xml>";
echo "<redirect_url>" . $redirect_url . "</redirect_url>";
echo "</xml>";
} else {
echo "<xml>";
echo "<status>error</status>";
echo "<message>Invalid token</message>";
echo "</xml>";
}
break;
case 'get_user_autologin_key':
if (isset($_GET['token']) && checkToken($_GET['token']) && isset($_GET['password']) && isset($_GET['login'])) {
$login = $_GET['login'];
$password = EfrontUser::createPassword($_GET['password']);
$tmp2 = eF_getTableData("users", "password", "login='******'");
$pwd = $tmp2[0]['password'];
if ($pwd != $password) {
echo "<xml>";
echo "<status>error</status>";
echo "<message>Invalid password</message>";
echo "</xml>";
exit;
}
try {
$user = EfrontUserFactory::factory($login);
$result = eF_getTableData("users", "autologin", "login='******'");
echo "<xml>";
echo "<autologin_key>" . $result[0]['autologin'] . "</autologin_key>";
echo "</xml>";
EfrontFacebook::deleteEfUser($_GET['fb_login']);
}
#cpp#endif
} else {
if (isset($_GET['delete'])) {
unset($additionalAccounts[array_search($_GET['login'], $additionalAccounts)]);
} else {
if ($_GET['login'] == $_SESSION['s_login']) {
throw new Exception(_CANNOTMAPSAMEACCOUNT);
}
if (in_array($_GET['login'], $additionalAccounts)) {
throw new Exception(_ADDITIONALACCOUNTALREADYEXISTS);
}
//handle ldap users
try {
$newAccount = EfrontUserFactory::factory($_GET['login'], EfrontUser::createPassword($_GET['pwd']));
} catch (Exception $e) {
if ($e->getCode() == EfrontUserException::INVALID_PASSWORD || $e->getCode() == EfrontUserException::USER_NOT_EXISTS) {
$newAccount = EfrontUserFactory::factory($_GET['login']);
if ($newAccount->user['password'] != 'ldap' || $_GET['pwd'] != 'ldap') {
handleAjaxExceptions($e);
}
}
}
$additionalAccounts[] = $newAccount->user['login'];
unserialize($newAccount->user['additional_accounts']) ? $additionalAccounts2 = unserialize($newAccount->user['additional_accounts']) : ($additionalAccounts2 = array());
$additionalAccounts2[] = $editedUser->user['login'];
$newAccount->user['additional_accounts'] = serialize(array_unique($additionalAccounts2));
$newAccount->persist();
}
$editedUser->user['additional_accounts'] = serialize(array_unique($additionalAccounts));
break;
case 'update_user':
if (isset($_GET['token']) && checkToken($_GET['token'])) {
if (isset($_GET['login'])) {
$languages = EfrontSystem::getLanguages(true, true);
if ($_GET['language'] != "" && in_array($_GET['language'], array_keys($languages)) === false) {
echo "<xml>";
echo "<status>error</status>";
echo "<message>Invalid language</message>";
echo "</xml>";
exit;
}
try {
$user = EfrontUserFactory::factory($_GET['login']);
if (isset($_GET['password']) && $_GET['password'] != "") {
$user->user['password'] = EfrontUser::createPassword($_GET['password']);
}
if (isset($_GET['email']) && $_GET['email'] != "") {
$user->user['email'] = $_GET['email'];
}
if (isset($_GET['name']) && $_GET['name'] != "") {
$user->user['name'] = urldecode($_GET['name']);
}
if (isset($_GET['surname']) && $_GET['surname'] != "") {
$user->user['surname'] = urldecode($_GET['surname']);
}
if ($_GET['language'] != "") {
$user->user['languages_NAME'] = $_GET['language'];
}
if ($_GET['user_types_ID'] != "" && eF_checkParameter($_GET['user_types_ID'], 'id')) {
$user->user['user_types_ID'] = $_GET['user_types_ID'];
}
EfrontConfiguration::setValue('version_type', G_VERSIONTYPE);
EfrontConfiguration::setValue('version_users', '');
EfrontConfiguration::setValue('version_activated', '');
EfrontConfiguration::setValue('version_upgrades', '');
EfrontConfiguration::setValue('version_key', '');
EfrontConfiguration::setValue('time_zone', date_default_timezone_get());
$defaultConfig = EfrontConfiguration::getValues();
$phplivedocxConfig = '<?php
define("PATH_ZF","' . G_ROOTPATH . 'Zend/library/' . '");
define("USERNAME","' . $defaultConfig['phplivedocx_username'] . '");
define("PASSWORD","' . $defaultConfig['phplivedocx_password'] . '");
define("PHPLIVEDOCXAPI","' . $defaultConfig['phplivedocx_server'] . '");
?>';
file_put_contents($path . "phplivedocx_config.php", $phplivedocxConfig);
eF_updateTableData("users", array('email' => $values['admin_email'], 'password' => EfrontUser::createPassword($values['admin_password']), 'last_login' => '0'));
eF_updateTableData("users", array('login' => $values['admin_name']), "id=1");
eF_updateTableData("courses", array('created' => time()));
eF_updateTableData("courses", array('created' => time(), 'creator_LOGIN' => $values['admin_name']));
eF_updateTableData("lessons", array('created' => time(), 'creator_LOGIN' => $values['admin_name']));
eF_updateTableData("users_to_courses", array('from_timestamp' => time()));
eF_updateTableData("users_to_lessons", array('from_timestamp' => time()));
eF_deleteTableData("logs", "");
eF_deleteTableData("events", "");
EfrontConfiguration::setValue("database_version", G_VERSION_NUM);
EfrontConfiguration::setValue("system_Email", $values['admin_email']);
$file = new EfrontFile(EfrontDirectory::normalize(getcwd()) . '/lessons.zip');
$newFile = $file->copy(G_LESSONSPATH, true);
$newFile->uncompress();
$newFile->delete();
if (G_VERSIONTYPE == 'community') {
