/** * Add a new user into a given project * * @param Integer $group_id Project id * @param PFUser $user User to add * * @return Boolean */ function account_add_user_obj_to_group($group_id, PFUser $user) { //user was found but if it's a pending account adding //is not allowed if (!$user->isActive() && !$user->isRestricted()) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('include_account', 'account_notactive', $user->getUserName())); return false; } //if not already a member, add it $res_member = db_query("SELECT user_id FROM user_group WHERE user_id=" . $user->getId() . " AND group_id='" . db_ei($group_id) . "'"); if (db_numrows($res_member) < 1) { //not already a member db_query("INSERT INTO user_group (user_id,group_id) VALUES (" . db_ei($user->getId()) . "," . db_ei($group_id) . ")"); //if no unix account, give them a unix_uid if ($user->getUnixStatus() == 'N' || !$user->getUnixUid()) { $user->setUnixStatus('A'); $um = UserManager::instance(); $um->assignNextUnixUid($user); $um->updateDb($user); } // Raise an event $em = EventManager::instance(); $em->processEvent('project_admin_add_user', array('group_id' => $group_id, 'user_id' => $user->getId(), 'user_unix_name' => $user->getUserName())); $GLOBALS['Response']->addFeedback('info', $GLOBALS['Language']->getText('include_account', 'user_added')); account_send_add_user_to_group_email($group_id, $user->getId()); group_add_history('added_user', $user->getUserName(), $group_id, array($user->getUserName())); return true; } else { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('include_account', 'user_already_member')); } return false; }
/** * Write SSH authorized_keys into a user homedir * * @param PFUser $user * * @return Boolean */ public function writeSSHKeys(PFUser $user) { try { if ($user->getUnixStatus() != 'A') { return true; } $ssh_dir = $user->getUnixHomeDir() . '/.ssh'; // Subtlety: between the 2 process owner change, there is no way to // write any logs because the process is owned by a mere user but // the log file is only writtable by codendiadm and root. So the // exceptions... welcome to the real world Neo. $this->changeProcessUidGidToUser($user); $this->createSSHDirForUser($user, $ssh_dir); $this->writeSSHFile($user, $ssh_dir); $this->restoreRootUidGid(); $this->backend->changeOwnerGroupMode($ssh_dir, $user->getUserName(), $user->getUserName(), 0700); $this->backend->changeOwnerGroupMode("{$ssh_dir}/authorized_keys", $user->getUserName(), $user->getUserName(), 0600); $this->backend->log("Authorized_keys for " . $user->getUserName() . " written.", Backend::LOG_INFO); return true; } catch (Exception $exception) { $this->restoreRootUidGid(); $this->backend->log($exception->getMessage(), Backend::LOG_ERROR); return false; } }
/** * Create new account * * @param PFUser $user * * @return PFUser */ function createAccount($user) { $dao = $this->getDao(); $user_id = $dao->create($user->getUserName(), $user->getEmail(), $user->getPassword(), $user->getRealName(), $user->getRegisterPurpose(), $user->getStatus(), $user->getShell(), $user->getUnixStatus(), $user->getUnixUid(), $user->getUnixBox(), $user->getLdapId(), $_SERVER['REQUEST_TIME'], $user->getConfirmHash(), $user->getMailSiteUpdates(), $user->getMailVA(), $user->getStickyLogin(), $user->getAuthorizedKeys(), $user->getNewMail(), $user->getTimeZone(), $user->getTheme(), $user->getLanguageID(), $user->getExpiryDate(), $_SERVER['REQUEST_TIME']); if (!$user_id) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('include_exit', 'error')); return 0; } else { $user->setId($user_id); $this->assignNextUnixUid($user); $em = $this->_getEventManager(); $em->processEvent(Event::USER_MANAGER_CREATE_ACCOUNT, array('user' => $user)); // Create the first layout for the user and add some initial widgets $lm = $this->_getWidgetLayoutManager(); $lm->createDefaultLayoutForUser($user_id); switch ($user->getStatus()) { case PFUser::STATUS_PENDING: if (ForgeConfig::get('sys_user_approval')) { $this->pending_user_notifier->notifyAdministrator($user); } break; case PFUser::STATUS_ACTIVE: case PFUser::STATUS_RESTRICTED: $em->processEvent('project_admin_activate_user', array('user_id' => $user_id)); break; } return $user; } }