/** * Creates a new user * @param string $user_name * @param string $password * @param string $real_name * @param string $jabber_id * @param string $email * @param integer $notify_type * @param integer $time_zone * @param integer $group_in * @access public * @return bool false if username is already taken * @version 1.0 * @notes This function does not have any permission checks (checked elsewhere) */ public static function create_user($user_name, $password, $real_name, $jabber_id, $email, $notify_type, $time_zone, $group_in, $enabled, $oauth_uid = '', $oauth_provider = '', $profile_image = '') { global $fs, $db, $notify, $baseurl; $user_name = Backend::clean_username($user_name); // TODO Handle this whole create_user better concerning return false. Why did it fail? if (empty($user_name)) { return false; } // Limit length $real_name = substr(trim($real_name), 0, 100); // Remove doubled up spaces and control chars $real_name = preg_replace('![\\x00-\\x1f\\s]+!u', ' ', $real_name); // Check to see if the username is available $sql = $db->Query('SELECT COUNT(*) FROM {users} WHERE user_name = ?', array($user_name)); if ($db->fetchOne($sql)) { return false; } $auto = false; // Autogenerate a password if (!$password) { $auto = true; $password = substr(md5(uniqid(mt_rand(), true)), 0, mt_rand(8, 12)); } // Check the emails before inserting anything to database. $emailList = explode(';', $email); foreach ($emailList as $mail) { //Still need to do: check email $count = $db->Query("SELECT COUNT(*) FROM {user_emails} WHERE email_address = ?", array($mail)); $count = $db->fetchOne($count); if ($count > 0) { Flyspray::show_error("Email address has alredy been taken"); return false; } } $db->Query("INSERT INTO {users}\n ( user_name, user_pass, real_name, jabber_id, profile_image, magic_url,\n email_address, notify_type, account_enabled,\n tasks_perpage, register_date, time_zone, dateformat,\n dateformat_extended, oauth_uid, oauth_provider, lang_code)\n VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, 25, ?, ?, ?, ?, ?, ?, ?)", array($user_name, Flyspray::cryptPassword($password), $real_name, strtolower($jabber_id), $profile_image, '', strtolower($email), $notify_type, $enabled, time(), $time_zone, '', '', $oauth_uid, $oauth_provider, $fs->prefs['lang_code'])); // Get this user's id for the record $uid = Flyspray::UserNameToId($user_name); foreach ($emailList as $mail) { if ($mail != '') { $db->Query("INSERT INTO {user_emails}(id,email_address,oauth_uid,oauth_provider) VALUES (?,?,?,?)", array($uid, strtolower($mail), $oauth_uid, $oauth_provider)); } } // Now, create a new record in the users_in_groups table $db->Query('INSERT INTO {users_in_groups} (user_id, group_id) VALUES (?, ?)', array($uid, $group_in)); Flyspray::logEvent(0, 30, serialize(Flyspray::getUserDetails($uid))); $varnames = array('iwatch', 'atome', 'iopened'); $toserialize = array('string' => NULL, 'type' => array(''), 'sev' => array(''), 'due' => array(''), 'dev' => NULL, 'cat' => array(''), 'status' => array('open'), 'order' => NULL, 'sort' => NULL, 'percent' => array(''), 'opened' => NULL, 'search_in_comments' => NULL, 'search_for_all' => NULL, 'reported' => array(''), 'only_primary' => NULL, 'only_watched' => NULL); foreach ($varnames as $tmpname) { if ($tmpname == 'iwatch') { $tmparr = array('only_watched' => '1'); } elseif ($tmpname == 'atome') { $tmparr = array('dev' => $uid); } elseif ($tmpname == 'iopened') { $tmparr = array('opened' => $uid); } ${$tmpname} = $tmparr + $toserialize; } // Now give him his default searches $db->Query('INSERT INTO {searches} (user_id, name, search_string, time) VALUES (?, ?, ?, ?)', array($uid, L('taskswatched'), serialize($iwatch), time())); $db->Query('INSERT INTO {searches} (user_id, name, search_string, time) VALUES (?, ?, ?, ?)', array($uid, L('assignedtome'), serialize($atome), time())); $db->Query('INSERT INTO {searches} (user_id, name, search_string, time) VALUES (?, ?, ?, ?)', array($uid, L('tasksireported'), serialize($iopened), time())); if ($jabber_id) { Notifications::JabberRequestAuth($jabber_id); } // Send a user his details (his username might be altered, password auto-generated) // dont send notifications if the user logged in using oauth if (!$oauth_provider) { $recipients = self::GetAdminAddresses(); $newuser = array(); // Add the right message here depending on $enabled. if ($enabled === 0) { $newuser[0][$email] = array('recipient' => $email, 'lang' => $fs->prefs['lang_code']); } else { $newuser[0][$email] = array('recipient' => $email, 'lang' => $fs->prefs['lang_code']); } // Notify the appropriate users $notify->Create(NOTIFY_NEW_USER, null, array($baseurl, $user_name, $real_name, $email, $jabber_id, $password, $auto), $recipients, NOTIFY_EMAIL); // And also the new user $notify->Create(NOTIFY_OWN_REGISTRATION, null, array($baseurl, $user_name, $real_name, $email, $jabber_id, $password, $auto), $newuser, NOTIFY_EMAIL); } // If the account is created as not enabled, no matter what any // preferences might say or how the registration was made in first // place, it MUST be first approved by an admin. And a small // work-around: there's no field for email, so we use reason_given // for that purpose. if ($enabled === 0) { Flyspray::AdminRequest(3, 0, 0, $uid, $email); } return true; }
/** * Creates a new user * @param string $user_name * @param string $password * @param string $real_name * @param string $jabber_id * @param string $email * @param integer $notify_type * @param integer $time_zone * @param integer $group_in * @access public * @return mixed false if username is already taken, otherwise integer uid * @version 1.0 * @notes This function does not have any permission checks (checked elsewhere) */ function create_user($user_name, $password, $real_name, $jabber_id, $email, $notify_type, $time_zone, $group_in) { global $fs, $db, $baseurl; $user_name = Backend::clean_username($user_name); // Limit lengths $real_name = substr(trim($real_name), 0, 100); // Remove doubled up spaces and control chars $real_name = preg_replace('![\\x00-\\x1f\\s]+!u', ' ', $real_name); // Check to see if the username is available $username_exists = $db->x->GetOne('SELECT COUNT(*) FROM {users} WHERE user_name = ?', null, $user_name); if ($username_exists) { return false; } $auto = false; // Autogenerate a password if (!$password) { $auto = true; $password = substr(md5(uniqid(mt_rand(), true)), 0, mt_rand(8, 12)); } $salt = md5(uniqid(mt_rand(), true)); $userdata = array('user_name' => $user_name, 'user_pass' => Flyspray::cryptPassword($password, $salt), 'password_salt' => $salt, 'real_name' => $real_name, 'jabber_id' => $jabber_id, 'email_address' => $email, 'notify_type' => $notify_type, 'time_zone' => $time_zone, 'register_date' => time(), 'account_enabled' => 1); $db->x->autoExecute('{users}', $userdata); // Get this user's id for the record $uid = Flyspray::UserNameToId($user_name); // Now, create a new record in the users_in_groups table $db->x->autoExecute('{users_in_groups}', array('user_id' => $uid, 'group_id' => $group_in)); Flyspray::logEvent(0, 30, serialize(Flyspray::getUserDetails($uid))); // Add user to project groups $sql = $db->x->getAll('SELECT anon_group FROM {projects} WHERE anon_group != 0'); if (count($sql)) { $stmt = $db->x->autoPrepare('{users_in_groups}', array('user_id', 'group_id')); foreach ($sql as $row) { $stmt->execute(array($uid, $row['anon_group'])); } $stmt->free(); } $varnames = array('iwatch', 'atome', 'iopened'); $toserialize = array('string' => null, 'type' => array(''), 'sev' => array(''), 'due' => array(''), 'dev' => null, 'cat' => array(''), 'status' => array('open'), 'order' => null, 'sort' => null, 'percent' => array(''), 'opened' => null, 'search_in_comments' => null, 'search_for_all' => null, 'reported' => array(''), 'only_primary' => null, 'only_watched' => null); foreach ($varnames as $tmpname) { if ($tmpname == 'iwatch') { $tmparr = array('only_watched' => '1'); } elseif ($tmpname == 'atome') { $tmparr = array('dev' => $uid); } elseif ($tmpname == 'iopened') { $tmparr = array('opened' => $uid); } ${$tmpname} = $tmparr + $toserialize; } // Now give him his default searches $stmt = $db->x->autoPrepare('{searches}', array('user_id', 'name', 'search_string', 'time')); $params = array(array($uid, L('taskswatched'), serialize($iwatch), time()), array($uid, L('assignedtome'), serialize($atome), time()), array($uid, L('tasksireported'), serialize($iopened), time())); $db->x->executeMultiple($stmt, $params); $stmt->free(); if ($jabber_id) { Notifications::JabberRequestAuth($jabber_id); } // Send a user his details (his username might be altered, password auto-generated) if ($fs->prefs['notify_registration']) { $admins = $db->x->GetCol('SELECT user_id FROM {users_in_groups} WHERE group_id = 1'); Notifications::send($admins, ADDRESS_USER, NOTIFY_NEW_USER, array($baseurl, $user_name, $real_name, $email, $jabber_id, $password, $auto)); } return $uid; }
function action_edituser() { global $fs, $db, $proj, $user, $do, $conf; if (Post::val('delete_user')) { // check that he is not the last user if ($db->x->GetOne('SELECT count(*) FROM {users}') > 1) { Backend::delete_user(Post::val('user_id')); return array(SUBMIT_OK, L('userdeleted'), CreateURL(array('admin', 'groups'))); } else { return array(ERROR_RECOVER, L('lastuser')); } } if (!Post::val('real_name') || !Post::val('email_address')) { return array(ERROR_RECOVER, L('realandnotify')); } if ((!$user->perms('is_admin') || $user->id == Post::val('user_id')) && !Post::val('oldpass') && (Post::val('changepass') || Post::val('confirmpass'))) { return array(ERROR_RECOVER, L('nooldpass')); } if (Post::val('changepass') || Post::val('confirmpass')) { if (Post::val('changepass') != Post::val('confirmpass')) { return array(ERROR_RECOVER, L('passnomatch')); } if (Post::val('oldpass')) { $oldpass = $db->x->getRow('SELECT user_pass, password_salt FROM {users} WHERE user_id = ?', null, Post::val('user_id')); $oldsalt = $oldpass['password_salt'] ? $oldpass['password_salt'] : null; if (Flyspray::cryptPassword(Post::val('oldpass'), $oldsalt) !== $oldpass['user_pass']) { return array(ERROR_RECOVER, L('oldpasswrong')); } } $new_salt = md5(uniqid(mt_rand(), true)); $new_hash = Flyspray::cryptPassword(Post::val('changepass'), $new_salt); $db->x->execParam('UPDATE {users} SET user_pass = ?, password_salt = ? WHERE user_id = ?', array($new_hash, $new_salt, Post::val('user_id'))); // If the user is changing their password, better update their cookie hash if ($user->id == Post::val('user_id')) { Flyspray::setcookie('flyspray_passhash', hash_hmac('md5', $new_hash, $conf['general']['cookiesalt']), time() + 3600 * 24 * 30); } } // Check for existing email / jabber ID $taken = $db->x->GetOne("SELECT COUNT(*)\n FROM {users}\n WHERE (jabber_id = ? AND ? != NULL\n OR email_address = ? AND ? != NULL)\n AND user_id != ?", null, array(Post::val('jabber_id'), Post::val('jabber_id'), Post::val('email_address'), Post::val('email_address'), Post::val('user_id'))); if ($taken) { return array(ERROR_RECOVER, L('emailtaken')); } if (Post::val('old_jabber_id') != Post::val('jabber_id')) { Notifications::JabberRequestAuth(Post::val('jabber_id')); } $previous = $db->x->GetRow('SELECT real_name, user_name FROM {users} WHERE user_id = ?', null, Post::val('user_id')); $db->x->execParam('UPDATE {users} SET real_name = ?, email_address = ?, notify_own = ?, jabber_id = ?, notify_type = ?, show_contact = ?, dateformat = ?, dateformat_extended = ?, defaultorder = ?, tasks_perpage = ?, time_zone = ?, defaultsortcolumn = ?, notify_blacklist = ?, lang_code = ?, syntax_plugins = ? WHERE user_id = ?', array(Post::val('real_name'), Post::val('email_address'), Post::num('notify_own', 0), Post::val('jabber_id', 0), Post::num('notify_type'), Post::num('show_contact'), Post::val('dateformat', 0), Post::val('dateformat_extended', 0), Post::val('defaultorder', 'asc'), Post::num('tasks_perpage'), Post::num('time_zone'), implode(' ', Post::val('defaultsortcolumn')), implode(' ', Post::val('notify_blacklist', array())), Post::val('lang_code', ''), implode(' ', (array) Post::val('syntax_plugins')), Post::num('user_id'))); if ($previous['real_name'] != Post::val('real_name')) { Backend::UpdateRedudantUserData($previous['user_name']); } if ($do == 'myprofile') { $user = new User($user->id); } if ($user->perms('is_admin')) { $db->x->execParam('UPDATE {users} SET account_enabled = ? WHERE user_id = ?', array(Post::val('account_enabled', 0), Post::val('user_id'))); $db->x->execParam('UPDATE {users_in_groups} SET group_id = ? WHERE group_id = ? AND user_id = ?', array(Post::val('group_in'), Post::val('old_global_id'), Post::val('user_id'))); } return array(SUBMIT_OK, L('userupdated')); }
} if ($cryptPass != $oldpass['user_pass']) { Flyspray::show_error(L('oldpasswrong')); break; } } $new_hash = Flyspray::cryptPassword(Post::val('changepass')); $db->Query('UPDATE {users} SET user_pass = ? WHERE user_id = ?', array($new_hash, Post::val('user_id'))); // If the user is changing their password, better update their cookie hash if ($user->id == Post::val('user_id')) { Flyspray::setCookie('flyspray_passhash', crypt($new_hash, $conf['general']['cookiesalt']), time() + 3600 * 24 * 30, null, null, null, true); } } $jabId = Post::val('jabber_id'); if (!empty($jabId) && Post::val('old_jabber_id') != $jabId) { Notifications::JabberRequestAuth(Post::val('jabber_id')); } $db->Query('UPDATE {users} SET real_name = ?, email_address = ?, notify_own = ?, jabber_id = ?, notify_type = ?, dateformat = ?, dateformat_extended = ?, tasks_perpage = ?, time_zone = ?, lang_code = ?, hide_my_email = ?, notify_online = ? WHERE user_id = ?', array(Post::val('real_name'), Post::val('email_address'), Post::num('notify_own', 0), Post::val('jabber_id', ''), Post::num('notify_type'), Post::val('dateformat', 0), Post::val('dateformat_extended', 0), Post::num('tasks_perpage'), Post::num('time_zone'), Post::val('lang_code', 'en'), Post::num('hide_my_email', 0), Post::num('notify_online', 0), Post::num('user_id'))); # 20150307 peterdd: Now we must reload translations, because the user maybe changed his language preferences! # first reload user info $user = new User($user->id); load_translations(); $profile_image = 'profile_image'; if (isset($_FILES[$profile_image])) { if (!empty($_FILES[$profile_image]['name'])) {
/** * Creates a new user * @param string $user_name * @param string $password * @param string $real_name * @param string $jabber_id * @param string $email * @param integer $notify_type * @param integer $time_zone * @param integer $group_in * @access public * @return bool false if username is already taken * @version 1.0 * @notes This function does not have any permission checks (checked elsewhere) */ public static function create_user($user_name, $password, $real_name, $jabber_id, $email, $notify_type, $time_zone, $group_in) { global $fs, $db, $notify, $baseurl; $user_name = Backend::clean_username($user_name); // Limit length $real_name = substr(trim($real_name), 0, 100); // Remove doubled up spaces and control chars $real_name = preg_replace('![\\x00-\\x1f\\s]+!u', ' ', $real_name); // Check to see if the username is available $sql = $db->Query('SELECT COUNT(*) FROM {users} WHERE user_name = ?', array($user_name)); if ($db->fetchOne($sql)) { return false; } $auto = false; // Autogenerate a password if (!$password) { $auto = true; $password = substr(md5(uniqid(mt_rand(), true)), 0, mt_rand(8, 12)); } $db->Query("INSERT INTO {users}\n ( user_name, user_pass, real_name, jabber_id, magic_url,\n email_address, notify_type, account_enabled,\n tasks_perpage, register_date, time_zone, dateformat, dateformat_extended)\n VALUES ( ?, ?, ?, ?, ?, ?, ?, 1, 25, ?, ?, ?, ?)", array($user_name, Flyspray::cryptPassword($password), $real_name, strtolower($jabber_id), '', strtolower($email), $notify_type, time(), $time_zone, '', '')); // Get this user's id for the record $uid = Flyspray::UserNameToId($user_name); // Now, create a new record in the users_in_groups table $db->Query('INSERT INTO {users_in_groups} (user_id, group_id) VALUES (?, ?)', array($uid, $group_in)); Flyspray::logEvent(0, 30, serialize(Flyspray::getUserDetails($uid))); $varnames = array('iwatch', 'atome', 'iopened'); $toserialize = array('string' => NULL, 'type' => array(''), 'sev' => array(''), 'due' => array(''), 'dev' => NULL, 'cat' => array(''), 'status' => array('open'), 'order' => NULL, 'sort' => NULL, 'percent' => array(''), 'opened' => NULL, 'search_in_comments' => NULL, 'search_for_all' => NULL, 'reported' => array(''), 'only_primary' => NULL, 'only_watched' => NULL); foreach ($varnames as $tmpname) { if ($tmpname == 'iwatch') { $tmparr = array('only_watched' => '1'); } elseif ($tmpname == 'atome') { $tmparr = array('dev' => $uid); } elseif ($tmpname == 'iopened') { $tmparr = array('opened' => $uid); } ${$tmpname} = $tmparr + $toserialize; } // Now give him his default searches $db->Query('INSERT INTO {searches} (user_id, name, search_string, time) VALUES (?, ?, ?, ?)', array($uid, L('taskswatched'), serialize($iwatch), time())); $db->Query('INSERT INTO {searches} (user_id, name, search_string, time) VALUES (?, ?, ?, ?)', array($uid, L('assignedtome'), serialize($atome), time())); $db->Query('INSERT INTO {searches} (user_id, name, search_string, time) VALUES (?, ?, ?, ?)', array($uid, L('tasksireported'), serialize($iopened), time())); if ($jabber_id) { Notifications::JabberRequestAuth($jabber_id); } // Send a user his details (his username might be altered, password auto-generated) if ($fs->prefs['notify_registration']) { $sql = $db->Query('SELECT DISTINCT email_address FROM {users} u LEFT JOIN {users_in_groups} g ON u.user_id = g.user_id WHERE g.group_id = 1'); $notify->Create(NOTIFY_NEW_USER, null, array($baseurl, $user_name, $real_name, $email, $jabber_id, $password, $auto), $db->FetchCol($sql), NOTIFY_EMAIL); } return true; }