function usertemplates()
{
$clang = Yii::app()->lang;
$postuserid = Yii::app()->request->getPost('uid');
// SUPERADMINS AND MANAGE_TEMPLATE USERS CAN SET THESE RIGHTS
if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1 || Yii::app()->session['USER_RIGHT_MANAGE_TEMPLATE'] == 1) {
$templaterights = array();
$tresult = Template::model()->findAll();
foreach ($tresult as $trow) {
if (isset($_POST[$trow["folder"] . "_use"])) {
$templaterights[$trow["folder"]] = 1;
} else {
$templaterights[$trow["folder"]] = 0;
}
}
foreach ($templaterights as $key => $value) {
$rights = Templates_rights::model()->findByPk(array('folder' => $key, 'uid' => $postuserid));
if (empty($rights)) {
$rights = new Templates_rights();
$rights->uid = $postuserid;
$rights->folder = $key;
}
$rights->use = $value;
$uresult = $rights->save();
}
if ($uresult !== false) {
$aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect($clang->gT("Set template permissions"), $clang->gT("Template permissions were updated successfully."), "successheader");
} else {
$aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect($clang->gT("Set template permissions"), $clang->gT("Error while updating usertemplates."), "warningheader");
}
} else {
die('access denied');
}
$this->_renderWrappedTemplate('user', $aViewUrls);
}
function hasTemplateManageRights($userid, $templatefolder)
{
$userid = sanitize_int($userid);
$templatefolder = sanitize_paranoid_string($templatefolder);
$criteria = new CDbCriteria();
$criteria->addColumnCondition(array('uid' => $userid));
$criteria->addSearchCondition('folder', $templatefolder);
$query = Templates_rights::model()->find($criteria);
//if ($result->RecordCount() == 0) return false;
if (is_null($query)) {
return false;
}
$row = $query;
//$row = $result->FetchRow();
return $row["use"];
}
/**
* Checks whether this user has correctly entered password or not
*
* @access public
* @return bool
*/
public function authenticate($sOneTimePassword = '')
{
if (Yii::app()->getConfig("auth_webserver") == false || $this->username != "") {
$user = User::model()->findByAttributes(array('users_name' => $this->username));
if ($user !== null) {
if (gettype($user->password) == 'resource') {
$sStoredPassword = stream_get_contents($user->password, -1, 0);
// Postgres delivers bytea fields as streams :-o
} else {
$sStoredPassword = $user->password;
}
} else {
$this->errorCode = self::ERROR_USERNAME_INVALID;
return !$this->errorCode;
}
if ($sOneTimePassword != '' && Yii::app()->getConfig("use_one_time_passwords") && md5($sOneTimePassword) == $user->one_time_pw) {
$user->one_time_pw = '';
$user->save();
$this->id = $user->uid;
$this->user = $user;
$this->errorCode = self::ERROR_NONE;
} elseif ($sStoredPassword !== hash('sha256', $this->password)) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
$this->id = $user->uid;
$this->user = $user;
$this->errorCode = self::ERROR_NONE;
}
} elseif (Yii::app()->getConfig("auth_webserver") === true && (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['LOGON_USER']))) {
if (isset($_SERVER['PHP_AUTH_USER'])) {
$sUser = $_SERVER['PHP_AUTH_USER'];
} else {
$sUser = $_SERVER['LOGON_USER'];
$sUser = substr($sUser, strrpos($sUser, "\\") + 1);
}
$aUserMappings = Yii::app()->getConfig("auth_webserver_user_map");
if (isset($aUserMappings[$sUser])) {
$sUser = $aUserMappings[$sUser];
}
$oUser = User::model()->findByAttributes(array('users_name' => $sUser));
if (is_null($oUser)) {
if (function_exists("hook_get_auth_webserver_profile")) {
// If defined this function returns an array
// describing the defaukt profile for this user
$aUserProfile = hook_get_autouserprofile($sUser);
} elseif (Yii::app()->getConfig("auth_webserver_autocreate_user")) {
$aUserProfile = Yii::app()->getConfig("auth_webserver_autocreate_profile");
}
} else {
$this->id = $oUser->uid;
$this->user = $oUser;
$this->errorCode = self::ERROR_NONE;
}
if (Yii::app()->getConfig("auth_webserver_autocreate_user") && isset($aUserProfile) && is_null($oUser)) {
// user doesn't exist but auto-create user is set
$oUser = new User();
$oUser->users_name = $sUser;
$oUser->password = hash('sha256', createPassword());
$oUser->full_name = $aUserProfile['full_name'];
$oUser->parent_id = 1;
$oUser->lang = $aUserProfile['lang'];
$oUser->email = $aUserProfile['email'];
$oUser->create_survey = $aUserProfile['create_survey'];
$oUser->create_user = $aUserProfile['create_user'];
$oUser->delete_user = $aUserProfile['delete_user'];
$oUser->superadmin = $aUserProfile['superadmin'];
$oUser->configurator = $aUserProfile['configurator'];
$oUser->manage_template = $aUserProfile['manage_template'];
$oUser->manage_label = $aUserProfile['manage_label'];
if ($oUser->save()) {
$aTemplates = explode(",", $aUserProfile['templatelist']);
foreach ($aTemplates as $sTemplateName) {
$oRecord = new Templates_rights();
$oRecord->uid = $oUser->uid;
$oRecord->folder = trim($sTemplateName);
$oRecord->use = 1;
$oRecord->save();
}
// read again user from newly created entry
$this->id = $oUser->uid;
$this->user = $oUser;
$this->errorCode = self::ERROR_NONE;
} else {
$this->errorCode = self::ERROR_USERNAME_INVALID;
}
}
} else {
$this->errorCode = self::ERROR_USERNAME_INVALID;
}
return !$this->errorCode;
}
/**
* Function responsible to delete a template.
*
* @access public
* @param string $templatename
* @return void
*/
public function delete($templatename)
{
Yii::app()->loadHelper("admin/template");
if (is_template_editable($templatename) == true) {
$clang = $this->getController()->lang;
if (rmdirr(Yii::app()->getConfig('usertemplaterootdir') . "/" . $templatename) == true) {
$surveys = Survey::model()->findAllByAttributes(array('template' => $templatename));
foreach ($surveys as $s) {
$s->template = Yii::app()->getConfig('defaulttemplate');
$s->save();
}
Template::model()->deleteAllByAttributes(array('folder' => $templatename));
Templates_rights::model()->deleteAllByAttributes(array('folder' => $templatename));
Yii::app()->session['flashmessage'] = sprintf($clang->gT("Template '%s' was successfully deleted."), $templatename);
} else {
Yii::app()->session['flashmessage'] = sprintf($clang->gT("There was a problem deleting the template '%s'. Please check your directory/file permissions."), $templatename);
}
}
// Redirect with default templatename, editfile and screenname
$this->getController()->redirect($this->getController()->createUrl("admin/templates/view"));
}
