Exemple #1
0
 function testUser()
 {
     $this->startCodeCoverage();
     $user = new User();
     $user->Id = "non_numeric";
     if (!($user->SetPassword("blah") === false)) {
         $this->fail("User::SetPassword didn't return false for non-numeric user id");
         return 1;
     }
     if (!($user->IsAdmin() === false)) {
         $this->fail("User::IsAdmin didn't return false for non-numeric user id");
         return 1;
     }
     $user->Id = "";
     $user->Email = "";
     if (!($user->GetName() === false)) {
         $this->fail("User::GetName didn't return false when given no user id");
         return 1;
     }
     if (!($user->IsAdmin() === false)) {
         $this->fail("User::Exists didn't return false for no user id and no email");
         return 1;
     }
     $user->Email = "simpletest@localhost";
     if ($user->Exists() === false) {
         $this->fail("User::Exists returned false even though user exists");
         return 1;
     }
     $id = $user->GetIdFromEmail("simpletest@localhost");
     if ($id === false) {
         $this->fail("User::GetIdFromEmail returned false for a valid user");
         return 1;
     }
     $user->Id = $id;
     $user->Admin = "1";
     $user->FirstName = "administrator";
     $user->Institution = "Kitware Inc.";
     if ($user->Exists() != true) {
         $this->fail("User::Exists failed given a valid user id");
         return 1;
     }
     $user->Password = md5("simpletest");
     // Coverage for update save
     $user->Save();
     // Coverage for SetPassword
     $user->SetPassword(md5("simpletest"));
     $this->stopCodeCoverage();
     return 0;
 }
Exemple #2
0
 public function testUser()
 {
     $this->startCodeCoverage();
     $user = new User();
     $user->Id = 'non_numeric';
     if (!($user->SetPassword('blah') === false)) {
         $this->fail("User::SetPassword didn't return false for non-numeric user id");
         return 1;
     }
     if (!($user->IsAdmin() === false)) {
         $this->fail("User::IsAdmin didn't return false for non-numeric user id");
         return 1;
     }
     $user->Id = '';
     $user->Email = '';
     if (!($user->GetName() === false)) {
         $this->fail("User::GetName didn't return false when given no user id");
         return 1;
     }
     if (!($user->IsAdmin() === false)) {
         $this->fail("User::Exists didn't return false for no user id and no email");
         return 1;
     }
     $user->Email = 'simpletest@localhost';
     if ($user->Exists() === false) {
         $this->fail('User::Exists returned false even though user exists');
         return 1;
     }
     $id = $user->GetIdFromEmail('simpletest@localhost');
     if ($id === false) {
         $this->fail('User::GetIdFromEmail returned false for a valid user');
         return 1;
     }
     $user->Id = $id;
     $user->Admin = '1';
     $user->FirstName = 'administrator';
     $user->Institution = 'Kitware Inc.';
     if ($user->Exists() != true) {
         $this->fail('User::Exists failed given a valid user id');
         return 1;
     }
     $user->Password = md5('simpletest');
     // Coverage for update save
     $user->Save();
     // Coverage for SetPassword
     $user->SetPassword(md5('simpletest'));
     $this->stopCodeCoverage();
     return 0;
 }
 public function saveUser($req)
 {
     $profileVar = SIGN_IN_ELEMENT_MAPPING_FIELD_NAME;
     $profileClass = ucfirst(SIGN_IN_ELEMENT_MAPPING_FIELD_NAME);
     if ($this->user->user_level == 'Admin') {
         $user = new User();
         $user->Load("email = ?", array($req->email));
         if ($user->email == $req->email) {
             return new IceResponse(IceResponse::ERROR, "User with same email already exists");
         }
         $user->Load("username = ?", array($req->username));
         if ($user->username == $req->username) {
             return new IceResponse(IceResponse::ERROR, "User with same username already exists");
         }
         $user = new User();
         $user->email = $req->email;
         $user->username = $req->username;
         $password = $this->generateRandomString(6);
         $user->password = md5($password);
         $user->profile = empty($req->profile) || $req->profile == "NULL" ? NULL : $req->profile;
         $user->user_level = $req->user_level;
         $user->last_login = date("Y-m-d H:i:s");
         $user->last_update = date("Y-m-d H:i:s");
         $user->created = date("Y-m-d H:i:s");
         $profile = null;
         if (!empty($user->profile)) {
             $profile = $this->baseService->getElement($profileClass, $user->profile, null, true);
         }
         $ok = $user->Save();
         if (!$ok) {
             LogManager::getInstance()->info($user->ErrorMsg() . "|" . json_encode($user));
             return new IceResponse(IceResponse::ERROR, "Error occured while saving the user");
         }
         $user->password = "";
         $user = $this->baseService->cleanUpAdoDB($user);
         if (!empty($this->emailSender)) {
             $usersEmailSender = new UsersEmailSender($this->emailSender, $this);
             $usersEmailSender->sendWelcomeUserEmail($user, $password, $profile);
         }
         return new IceResponse(IceResponse::SUCCESS, $user);
     }
     return new IceResponse(IceResponse::ERROR, "Not Allowed");
 }
Exemple #4
0
 public function saveUser($req)
 {
     if ($this->user->user_level == 'Admin') {
         $user = new User();
         $user->Load("email = ?", array($req->email));
         if ($user->email == $req->email) {
             return new IceResponse(IceResponse::ERROR, "User with same email already exists");
         }
         $user->Load("username = ?", array($req->username));
         if ($user->username == $req->username) {
             return new IceResponse(IceResponse::ERROR, "User with same username already exists");
         }
         $user = new User();
         $user->email = $req->email;
         $user->username = $req->username;
         $password = $this->generateRandomString(6);
         $user->password = md5($password);
         $user->employee = empty($req->employee) || $req->employee == "NULL" ? NULL : $req->employee;
         $user->user_level = $req->user_level;
         $user->last_login = date("Y-m-d H:i:s");
         $user->last_update = date("Y-m-d H:i:s");
         $user->created = date("Y-m-d H:i:s");
         $employee = null;
         if (!empty($user->employee)) {
             $employee = $this->baseService->getElement('Employee', $user->employee, null, true);
         }
         $ok = $user->Save();
         if (!$ok) {
             error_log($user->ErrorMsg() . "|" . json_encode($user));
             return new IceResponse(IceResponse::ERROR, "Error occured while saving the user");
         }
         $user->password = "";
         $user = $this->baseService->cleanUpAdoDB($user);
         if (!empty($this->emailSender)) {
             $usersEmailSender = new UsersEmailSender($this->emailSender, $this);
             $usersEmailSender->sendWelcomeUserEmail($user, $password, $employee);
         }
         return new IceResponse(IceResponse::SUCCESS, $user);
     }
     return new IceResponse(IceResponse::ERROR, "Not Allowed");
 }
 protected function createNewUsers()
 {
     $profileVar = SIGN_IN_ELEMENT_MAPPING_FIELD_NAME;
     $profileClass = ucfirst(SIGN_IN_ELEMENT_MAPPING_FIELD_NAME);
     $user = new User();
     $user->username = '******';
     $user->email = '*****@*****.**';
     $user->password = '******';
     $user->user_level = 'Manager';
     $user->Save();
     $this->usersArray[$user->username] = $user;
     $user = new User();
     $user->username = '******';
     $user->email = '*****@*****.**';
     $user->password = '******';
     $user->user_level = 'Profile';
     $user->Save();
     $this->usersArray[$user->username] = $user;
     $user = new User();
     $user->Load("username = ?", array('admin'));
     $this->usersArray[$user->username] = $user;
 }
 public function testSetup()
 {
     // Create a project with GitHub credentials named CDash.
     global $configure;
     $settings = ['Name' => 'CDash', 'Description' => 'CDash', 'CvsUrl' => 'github.com/Kitware/CDash', 'CvsViewerType' => 'github', 'BugTrackerFileUrl' => 'http://public.kitware.com/Bug/view.php?id=', 'repositories' => [['url' => 'https://github.com/Kitware/CDash', 'branch' => 'master', 'username' => $configure['github_username'], 'password' => $configure['github_password']]]];
     $this->ProjectId = $this->createProject($settings);
     // Create some users for the CDash project.
     $users_details = array(array('email' => '*****@*****.**', 'firstname' => 'Dan', 'lastname' => 'LaManna'), array('email' => '*****@*****.**', 'firstname' => 'Jamie', 'lastname' => 'Snape'), array('email' => '*****@*****.**', 'firstname' => 'Zack', 'lastname' => 'Galbreath'));
     $userproject = new UserProject();
     $userproject->ProjectId = $this->ProjectId;
     foreach ($users_details as $user_details) {
         $user = new User();
         $user->Email = $user_details['email'];
         $user->FirstName = $user_details['firstname'];
         $user->LastName = $user_details['lastname'];
         $user->Password = md5('12345');
         $user->Institution = 'Kitware';
         $user->Admin = 0;
         $user->Save();
         $user->AddProject($userproject);
         $this->Users[] = $user;
     }
 }
Exemple #7
0
             $password_is_good = false;
             if ($CDASH_PASSWORD_COMPLEXITY_COUNT > 1) {
                 $error_msg = "Your password must contain at least {$CDASH_PASSWORD_COMPLEXITY_COUNT} characters from {$CDASH_MINIMUM_PASSWORD_COMPLEXITY} of the following types: uppercase, lowercase, numbers, and symbols.";
             } else {
                 $error_msg = "Your password must contain at least {$CDASH_MINIMUM_PASSWORD_COMPLEXITY} of the following: uppercase, lowercase, numbers, and symbols.";
             }
         }
     }
     if (!$password_is_good) {
         $xml .= "<error>{$error_msg}</error>";
     } else {
         $user = new User();
         $user->Id = $userid;
         $user->Fill();
         $user->Password = $md5pass;
         if ($user->Save()) {
             $xml .= '<error>Your password has been updated.</error>';
             unset($_SESSION['cdash']['redirect']);
         } else {
             $xml .= '<error>Cannot update password.</error>';
         }
         add_last_sql_error('editUser.php');
     }
 }
 $xml .= '<user>';
 $user = pdo_query('SELECT * FROM ' . qid('user') . " WHERE id='{$userid}'");
 $user_array = pdo_fetch_array($user);
 $xml .= add_XML_value('id', $userid);
 $xml .= add_XML_value('firstname', $user_array['firstname']);
 $xml .= add_XML_value('lastname', $user_array['lastname']);
 $xml .= add_XML_value('email', $user_array['email']);
Exemple #8
0
 /** endElement function */
 public function endElement($parser, $name)
 {
     parent::endElement($parser, $name);
     global $CDASH_DELETE_OLD_SUBPROJECTS;
     if (!$this->ProjectNameMatches) {
         return;
     }
     if ($name == 'PROJECT') {
         foreach ($this->SubProjects as $subproject) {
             if ($CDASH_DELETE_OLD_SUBPROJECTS) {
                 // Remove dependencies that do not exist anymore,
                 // but only for those relationships where both sides
                 // are present in $this->SubProjects.
                 //
                 $dependencyids = $subproject->GetDependencies();
                 $removeids = array_diff($dependencyids, $this->Dependencies[$subproject->GetId()]);
                 foreach ($removeids as $removeid) {
                     if (array_key_exists($removeid, $this->SubProjects)) {
                         $subproject->RemoveDependency($removeid);
                     } else {
                         $dep = pdo_get_field_value("SELECT name FROM subproject WHERE id='{$removeid}'", 'name', "{$removeid}");
                         add_log("Not removing dependency {$dep}({$removeid}) from " . $subproject->GetName() . 'because it is not a SubProject element in this Project.xml file', 'ProjectHandler:endElement', LOG_WARNING, $this->projectid);
                     }
                 }
             }
             // Add dependencies that were queued up as we processed the DEPENDENCY
             // elements:
             //
             foreach ($this->Dependencies[$subproject->GetId()] as $addid) {
                 if (array_key_exists($addid, $this->SubProjects)) {
                     $subproject->AddDependency($addid);
                 } else {
                     add_log('impossible condition: should NEVER see this: unknown DEPENDENCY clause should prevent this case', 'ProjectHandler:endElement', LOG_WARNING, $this->projectid);
                 }
             }
         }
         if ($CDASH_DELETE_OLD_SUBPROJECTS) {
             // Delete old subprojects that weren't included in this file.
             $previousSubProjectIds = $this->Project->GetSubProjects();
             foreach ($previousSubProjectIds as $previousId) {
                 $found = false;
                 foreach ($this->SubProjects as $subproject) {
                     if ($subproject->GetId() == $previousId) {
                         $found = true;
                         break;
                     }
                 }
                 if (!$found) {
                     $subProjectToRemove = new SubProject();
                     $subProjectToRemove->SetId($previousId);
                     $subProjectToRemove->Delete();
                     add_log("Deleted " . $subProjectToRemove->GetName() . " because it was not mentioned in Project.xml", 'ProjectHandler:endElement', LOG_WARNING, $this->projectid);
                 }
             }
         }
     } elseif ($name == 'SUBPROJECT') {
         // Insert the SubProject.
         $this->SubProject->Save();
         // Insert the label.
         $Label = new Label();
         $Label->Text = $this->SubProject->GetName();
         $Label->Insert();
         $this->SubProjects[$this->SubProject->GetId()] = $this->SubProject;
         // Handle dependencies here too.
         $this->Dependencies[$this->SubProject->GetId()] = array();
         foreach ($this->CurrentDependencies as $dependencyid) {
             $added = false;
             if ($dependencyid !== false && is_numeric($dependencyid)) {
                 if (array_key_exists($dependencyid, $this->SubProjects)) {
                     $this->Dependencies[$this->SubProject->GetId()][] = $dependencyid;
                     $added = true;
                 }
             }
             if (!$added) {
                 add_log('Project.xml DEPENDENCY of ' . $this->SubProject->GetName() . ' not mentioned earlier in file.', 'ProjectHandler:endElement', LOG_WARNING, $this->projectid);
             }
         }
         // Check if the user is in the database.
         $User = new User();
         $posat = strpos($this->Email, '@');
         if ($posat !== false) {
             $User->FirstName = substr($this->Email, 0, $posat);
             $User->LastName = substr($this->Email, $posat + 1);
         } else {
             $User->FirstName = $this->Email;
             $User->LastName = $this->Email;
         }
         $User->Email = $this->Email;
         $User->Password = md5($this->Email);
         $User->Admin = 0;
         $userid = $User->GetIdFromEmail($this->Email);
         if (!$userid) {
             $User->Save();
             $userid = $User->Id;
         }
         // Insert into the UserProject
         $UserProject = new UserProject();
         $UserProject->EmailType = 3;
         // any build
         $UserProject->EmailCategory = 54;
         // everything except warnings
         $UserProject->UserId = $userid;
         $UserProject->ProjectId = $this->projectid;
         $UserProject->Save();
         // Insert the labels for this user
         $LabelEmail = new LabelEmail();
         $LabelEmail->UserId = $userid;
         $LabelEmail->ProjectId = $this->projectid;
         $Label = new Label();
         $Label->SetText($this->SubProject->GetName());
         $labelid = $Label->GetIdFromText();
         if (!empty($labelid)) {
             $LabelEmail->LabelId = $labelid;
             $LabelEmail->Insert();
         }
     }
 }
Exemple #9
0
 static function AddUser($fields, $use_captcha = false)
 {
     $data = array();
     $validator = new Validate();
     $result = $validator->AddValue('username', $fields['username'])->AddPattern('username-unique')->AddValue('email', $fields['email'])->AddPattern('email-unique')->Check();
     if (isset($fields['password'])) {
         $result = $validator->AddValue('password', $fields['password'])->AddPattern('password')->Check() && $result;
     }
     if (isset($fields['cpassword'])) {
         $result = $validator->AddValue('cpassword', $fields['cpassword'])->AddRule('match', $fields['password'])->Check() && $result;
     }
     if ($use_captcha) {
         $result = Validate::ValidCaptcha($fields['recaptcha_challenge_field'], $fields['recaptcha_response_field']) && $result;
     }
     if ($result) {
         $data['username'] = $fields['username'];
         $data['email'] = $fields['email'];
         $data['password'] = isset($fields['password']) ? Validate::Encrypt($fields['password']) : '';
         $data['user_type'] = isset($fields['user_type']) && $fields['user_type'] == 'admin' ? 'admin' : 'user';
         $data['activation_state'] = isset($fields['activation_state']) && $fields['activation_state'] == '1' ? '1' : '0';
         $info = array('phone', 'about', 'location', 'fullname', 'gender', 'social_id', 'social_type', 'activation_key', 'avatar');
         foreach ($info as $value) {
             $data[$value] = isset($fields[$value]) ? Validate::Escape($fields[$value]) : '';
         }
         $new_user = new User($data);
         if ($new_user->Save()) {
             return $new_user;
         } else {
             Error::Set("database", "databaseinsert");
         }
     }
     return false;
 }
Exemple #10
0
 public function recharge()
 {
     $curUser = $this->checkLogin('enekpani');
     $user = new User($_POST['loginId']);
     //crediting account
     if (isset($_POST['creditaccount'])) {
         $errorMsg = '';
         //validation
         if (trim($_POST['qnt']) == '' || $_POST['qnt'] < 1) {
             $errorMsg = 'You must specify the quantity and it must not be less than one';
         }
         if ($errorMsg == '') {
             if ($_POST['transType'] == 'credit') {
                 ////check if admin have enogh
                 //if($curUser->Balance )
                 $user->Balance += $_POST['qnt'];
                 $qnt = abs($_POST['qnt']);
                 //$curUser->Balance -= $_POST['qnt'];
             } else {
                 if ($user->Balance >= $_POST['qnt']) {
                     $user->Balance -= $_POST['qnt'];
                     $qnt = -abs($_POST['qnt']);
                     //$curUser->Balance += $_POST['qnt'];
                 } else {
                     $errorMsg = $user->Name . ' do not have up to ' . $_POST['qnt'] . ' units';
                 }
             }
             if ($errorMsg == '') {
                 $success = $this->deductAccount($qnt);
                 if ($success) {
                     //if($curUser->LoginId != $user->LoginId){
                     //    $curUser->Save();
                     //}
                     $user->Save();
                     $errorMsg = 'Transaction saved';
                 } else {
                     $errorMsg = "Low master account balance";
                 }
             }
         }
     }
     $error_code = $errorMsg == 'Transaction saved' ? 0 : 1;
     header('Location: ' . URL . 'users/manage/' . $_POST['loginId'] . '?notification=' . $errorMsg . '&error_code=' . $error_code);
     exit;
 }
Exemple #11
0
 static function Reactivate($fields)
 {
     $validator = new Validate();
     $result = $validator->AddValue('email', $fields['email'])->AddPattern('email')->Check();
     if (Config::Get("validation.use_captcha")) {
         $result = Validate::ValidCaptcha($fields['recaptcha_challenge_field'], $fields['recaptcha_response_field']);
     }
     if ($result) {
         $user = new User();
         $result = $user->Load(array('email' => $fields['email']));
         if ($result) {
             if ($user->Get('activation_state') == '1') {
                 Error::Set("email", "alreadyactivated");
             } else {
                 $key = md5(time() . $fields['email']);
                 $user->Set("activation_key", $key);
                 $user->Save();
                 $url = Config::Get("base_url") . "auth/activate.php?key=" . $key;
                 $url = '<a href="' . $url . '">' . $url . '</a>';
                 Email::SendEmail($fields['email'], Config::Get("success.activation_subject"), Config::Get("success.activation_message") . $url);
                 return true;
             }
         } else {
             Error::Set("email", "usernotfound");
         }
     }
     return false;
 }
Exemple #12
0
 /** startElement function */
 public function startElement($parser, $name, $attributes)
 {
     parent::startElement($parser, $name, $attributes);
     // Check that the project name matches
     if ($name == 'PROJECT') {
         if (get_project_id($attributes['NAME']) != $this->projectid) {
             add_log("Wrong project name: " . $attributes['NAME'], "ProjectHandler::startElement", LOG_ERR, $this->projectid);
             $this->ProjectNameMatches = false;
         }
     }
     if (!$this->ProjectNameMatches) {
         return;
     }
     if ($name == 'PROJECT') {
         $this->SubProjects = array();
         $this->Dependencies = array();
     } else {
         if ($name == 'SUBPROJECT') {
             $this->SubProject = new SubProject();
             $this->SubProject->SetProjectId($this->projectid);
             $this->SubProject->SetName($attributes['NAME']);
             if (array_key_exists("GROUP", $attributes)) {
                 $this->SubProject->SetGroup($attributes['GROUP']);
             }
             $this->SubProject->Save();
             // Insert the label
             $Label = new Label();
             $Label->Text = $this->SubProject->GetName();
             $Label->Insert();
             $this->SubProjects[$this->SubProject->GetId()] = $this->SubProject;
             $this->Dependencies[$this->SubProject->GetId()] = array();
         } else {
             if ($name == 'DEPENDENCY') {
                 // A DEPENDENCY is expected to be:
                 //
                 //  - another subproject that already exists (from a previous element in
                 //      this submission)
                 //
                 $dependentProject = new SubProject();
                 $dependentProject->SetName($attributes['NAME']);
                 $dependentProject->SetProjectId($this->projectid);
                 // The subproject's Id is automatically loaded once its name & projectid
                 // are set.
                 $dependencyid = $dependentProject->GetId();
                 $added = false;
                 if ($dependencyid !== false && is_numeric($dependencyid)) {
                     if (array_key_exists($dependencyid, $this->SubProjects)) {
                         $this->Dependencies[$this->SubProject->GetId()][] = $dependencyid;
                         $added = true;
                     }
                 }
                 if (!$added) {
                     add_log("Project.xml DEPENDENCY of " . $this->SubProject->GetName() . " not mentioned earlier in file: " . $attributes['NAME'], "ProjectHandler:startElement", LOG_WARNING, $this->projectid);
                 }
             } else {
                 if ($name == 'EMAIL') {
                     $email = $attributes['ADDRESS'];
                     // Check if the user is in the database
                     $User = new User();
                     $posat = strpos($email, '@');
                     if ($posat !== false) {
                         $User->FirstName = substr($email, 0, $posat);
                         $User->LastName = substr($email, $posat + 1);
                     } else {
                         $User->FirstName = $email;
                         $User->LastName = $email;
                     }
                     $User->Email = $email;
                     $User->Password = md5($email);
                     $User->Admin = 0;
                     $userid = $User->GetIdFromEmail($email);
                     if (!$userid) {
                         $User->Save();
                         $userid = $User->Id;
                     }
                     // Insert into the UserProject
                     $UserProject = new UserProject();
                     $UserProject->EmailType = 3;
                     // any build
                     $UserProject->EmailCategory = 54;
                     // everything except warnings
                     $UserProject->UserId = $userid;
                     $UserProject->ProjectId = $this->projectid;
                     $UserProject->Save();
                     // Insert the labels for this user
                     $LabelEmail = new LabelEmail();
                     $LabelEmail->UserId = $userid;
                     $LabelEmail->ProjectId = $this->projectid;
                     $Label = new Label();
                     $Label->SetText($this->SubProject->GetName());
                     $labelid = $Label->GetIdFromText();
                     if (!empty($labelid)) {
                         $LabelEmail->LabelId = $labelid;
                         $LabelEmail->Insert();
                     }
                 }
             }
         }
     }
 }
Exemple #13
0
 public static function Login(UserCredentials $credentials)
 {
     //Credentials check
     $res = 0;
     if ($credentials->Email && $credentials->Password) {
         $res = 3;
         $user = new User($credentials->Email);
         if ($user->mExists) {
             $res = 2;
             if ($user->CheckPassword($credentials->Password)) {
                 $res = 4;
                 //check if user is banned
                 if (!$user->IsBanned()) {
                     //Login :)
                     $user->IsOnline = true;
                     $user->LastLogin = date('Y-m-d H:i:s');
                     $user->Save();
                     $res = 1;
                 }
             }
         }
     }
     return array('res' => $res, 'userid' => $user->Id);
 }
Exemple #14
0
/** LDAP authentication */
function ldapAuthenticate($email, $password, $SessionCachePolicy, $rememberme)
{
    global $loginerror;
    $loginerror = '';
    include dirname(__DIR__) . '/config/config.php';
    include_once 'models/user.php';
    $ldap = ldap_connect($CDASH_LDAP_HOSTNAME);
    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, $CDASH_LDAP_PROTOCOL_VERSION);
    ldap_set_option($ldap, LDAP_OPT_REFERRALS, $CDASH_LDAP_OPT_REFERRALS);
    // Bind as the LDAP user if authenticated ldap is enabled
    if ($CDASH_LDAP_AUTHENTICATED) {
        ldap_bind($ldap, $CDASH_LDAP_BIND_DN, $CDASH_LDAP_BIND_PASSWORD);
    }
    if (isset($ldap) && $ldap != '') {
        /* search for pid dn */
        $result = ldap_search($ldap, $CDASH_LDAP_BASEDN, '(&(mail=' . $email . ')' . $CDASH_LDAP_FILTER . ')', array('dn', 'cn'));
        if ($result != 0) {
            $entries = ldap_get_entries($ldap, $result);
            @($principal = $entries[0]['dn']);
            if (isset($principal)) {
                // bind as this user
                if (@ldap_bind($ldap, $principal, $password) and strlen(trim($password)) != 0) {
                    $sql = 'SELECT id,password FROM ' . qid('user') . " WHERE email='" . pdo_real_escape_string($email) . "'";
                    $result = pdo_query("{$sql}");
                    // If the user doesn't exist we add it
                    if (pdo_num_rows($result) == 0) {
                        @($givenname = $entries[0]['cn'][0]);
                        if (!isset($givenname)) {
                            $loginerror = 'No givenname (cn) set in LDAP, cannot register user into CDash';
                            return false;
                        }
                        $names = explode(' ', $givenname);
                        $User = new User();
                        if (count($names) > 1) {
                            $User->FirstName = $names[0];
                            $User->LastName = $names[1];
                            for ($i = 2; $i < count($names); $i++) {
                                $User->LastName .= ' ' . $names[$i];
                            }
                        } else {
                            $User->LastName = $names[0];
                        }
                        // Add the user in the database
                        $storedPassword = md5($password);
                        $User->Email = $email;
                        $User->Password = $storedPassword;
                        $User->Save();
                        $userid = $User->Id;
                    } else {
                        $user_array = pdo_fetch_array($result);
                        $storedPassword = $user_array['password'];
                        $userid = $user_array['id'];
                        // If the password has changed we update
                        if ($storedPassword != md5($password)) {
                            $User = new User();
                            $User->Id = $userid;
                            $User->SetPassword(md5($password));
                        }
                    }
                    if ($rememberme) {
                        $cookiename = 'CDash-' . $_SERVER['SERVER_NAME'];
                        $time = time() + 60 * 60 * 24 * 30;
                        // 30 days;
                        // Create a new password
                        $keychars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
                        $length = 32;
                        $key = '';
                        $max = strlen($keychars) - 1;
                        for ($i = 0; $i <= $length; $i++) {
                            // random_int is available in PHP 7 and the random_compat PHP 5.x
                            // polyfill included in the Composer package.json dependencies.
                            $key .= substr($keychars, random_int(0, $max), 1);
                        }
                        $value = $userid . $key;
                        setcookie($cookiename, $value, $time);
                        // Update the user key
                        pdo_query('UPDATE ' . qid('user') . " SET cookiekey='" . $key . "' WHERE id=" . qnum($userid));
                    }
                    session_name('CDash');
                    session_cache_limiter($SessionCachePolicy);
                    session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME);
                    @ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600);
                    session_start();
                    // create the session array
                    if (isset($_SESSION['cdash']['password'])) {
                        $password = $_SESSION['cdash']['password'];
                    }
                    $sessionArray = array('login' => $email, 'passwd' => $storedPassword, 'ID' => session_id(), 'valid' => 1, 'loginid' => $userid);
                    $_SESSION['cdash'] = $sessionArray;
                    return true;
                } else {
                    $loginerror = 'Wrong email or password.';
                    return false;
                }
            } else {
                $loginerror = 'User not found in LDAP';
            }
            ldap_free_result($result);
        } else {
            $loginerror = 'Error occured searching the LDAP';
        }
        ldap_close($ldap);
    } else {
        $loginerror = 'Could not connect to LDAP at ' . $CDASH_LDAP_HOSTNAME;
    }
    return false;
}
// Get the long lasting token credentials
$token_credentials = $connection->getAccessToken($_GET['oauth_verifier']);
// Grab the details of this user
$details = $connection->get("profile/details");
// Save it to the database
$myUser->ResetValues();
// Check to see if this user is already in the DB
$myUser->SetValue('username', $details->response->username);
$myUser->GetInfo(NULL, array('username'));
// Add the new token credentials
$myUser->SetValue('oauth_token', $token_credentials['oauth_token']);
$myUser->SetValue('oauth_token_secret', $token_credentials['oauth_token_secret']);
// Create a unique ID for the session
$myUser->SetValue('sessionid', uniqid());
// Update the user information if found or insert if new
if (!$myUser->Save()) {
    throw new SimplException('Error Saving Formspring Client Token', 2, 'Error: Error Saving Formspring Client Token :' . $details->response->username);
}
// Set the session cookie
if (!isset($_GET['delegate'])) {
    setcookie('session', $myUser->GetValue('sessionid'), time() + 3600 * 24 * 7);
} else {
    // Setup the relationship
    $myAccountAccess->SetValue('user_id', $_GET['delegate']);
    $myAccountAccess->SetValue('delegate_id', $myUser->GetPrimary());
    $myAccountAccess->SetValue('type', 'full');
    if (!$myAccountAccess->Save()) {
        throw new SimplException('Error Saving Delegate Information', 2, 'Error: Error Saving Delegate Information. Delegate:' . $_GET['delegate']);
    }
}
// See if this user already exists in the DB
 /**
  * API Method inserts a new User record and render response as JSON
  */
 public function Create()
 {
     try {
         $json = json_decode(RequestUtil::GetBody());
         if (!$json) {
             throw new Exception('The request body does not contain valid JSON');
         }
         $user = new User($this->Phreezer);
         // TODO: any fields that should not be inserted by the user should be commented out
         // this is an auto-increment.  uncomment if updating is allowed
         // $user->Iduser = $this->SafeGetVal($json, 'iduser');
         $user->Institution = $this->SafeGetVal($json, 'institution');
         $user->Fullname = $this->SafeGetVal($json, 'fullname');
         $user->Username = $this->SafeGetVal($json, 'username');
         $user->Password = $this->SafeGetVal($json, 'password');
         $user->Notes = $this->SafeGetVal($json, 'notes');
         $user->Code = $this->SafeGetVal($json, 'code');
         $user->Timezone = $this->SafeGetVal($json, 'timezone');
         $user->Lastlogin = date('Y-m-d H:i:s', strtotime($this->SafeGetVal($json, 'lastlogin')));
         $user->Status = $this->SafeGetVal($json, 'status');
         $user->Admin = $this->SafeGetVal($json, 'admin');
         $user->Validate();
         $errors = $user->GetValidationErrors();
         if (count($errors) > 0) {
             $this->RenderErrorJSON('Please check the form for errors', $errors);
         } else {
             $user->Save();
             $this->RenderJSON($user, $this->JSONPCallback(), true, $this->SimpleObjectParams());
         }
     } catch (Exception $ex) {
         $this->RenderExceptionJSON($ex);
     }
 }
Exemple #17
0
 /**
  * API Method inserts a new User record and render response as JSON
  */
 public function Create()
 {
     try {
         $json = json_decode(RequestUtil::GetBody());
         if (!$json) {
             throw new Exception('The request body does not contain valid JSON');
         }
         $user = new User($this->Phreezer);
         // TODO: any fields that should not be inserted by the user should be commented out
         // this is an auto-increment.  uncomment if updating is allowed
         // $user->Id = $this->SafeGetVal($json, 'id');
         $user->RoleId = $this->SafeGetVal($json, 'roleId');
         $user->Username = $this->SafeGetVal($json, 'username');
         $user->Password = $this->SafeGetVal($json, 'password');
         $user->FirstName = $this->SafeGetVal($json, 'firstName');
         $user->LastName = $this->SafeGetVal($json, 'lastName');
         $user->Validate();
         $errors = $user->GetValidationErrors();
         if (count($errors) > 0) {
             $this->RenderErrorJSON('Please check the form for errors', $errors);
         } else {
             $user->Save();
             $this->RenderJSON($user, $this->JSONPCallback(), true, $this->SimpleObjectParams());
         }
     } catch (Exception $ex) {
         $this->RenderExceptionJSON($ex);
     }
 }
Exemple #18
0
				DB::Execute('UPDATE {P}UserSettings SET usrFlags=usrFlags|'.PERMISSION_MOD.' WHERE usrID='.DB::Q($_POST['add_mod']));
				$_SESSION['notice'].='<li>'.$_POST['add_mod'].' added as a '.MOD_NAME.'.</li>';
			}
			if(!empty($_POST['revoke']) && is_array($_POST['revoke']) && count($_POST['revoke'])>0)
			{
				if($lvl<999) die('No.');
				$c=0;
				foreach($_POST['revoke'] as $modid)
				{
					$u=new User($modid);
					$u->Load();
					if($u->getMACLevel()>=$lvl) 
						die('No.');
					$u->Flags&=~PERMISSION_MOD; // Remove mod flag
					$u->Flags&=~PERMISSION_SYSOP; // Remove admin flag
					$u->Save();
					$c++;
				}
				$_SESSION['notice'].='<li>'.$c.' power users revoked.</li>';
			}
			$_SESSION['notice']="<ul>{$_SESSION['notice']}</ul>";
		}
		$page_title = 'Manage Users';

		$mods=new TablePrinter('tblModerators');
		$mods->DefineColumns(array('&nbsp;','UID','Last Action'),'Last Action');
		$mods->SetTDClass('UID','uid');

		$admins=new TablePrinter('tblAdmins');
		$admins->DefineColumns(array('&nbsp;','UID','Last Action'),'Last Action');
		$admins->SetTDClass('UID','uid');
Exemple #19
0
/** Authentication function */
function register()
{
    global $reg;
    include dirname(__DIR__) . '/config/config.php';
    require_once 'include/pdo.php';
    if (isset($_GET['key'])) {
        $key = pdo_real_escape_string($_GET['key']);
        $sql = 'SELECT * FROM ' . qid('usertemp') . " WHERE registrationkey='{$key}'";
        $query = pdo_query($sql);
        if (pdo_num_rows($query) == 0) {
            $reg = 'The key is invalid.';
            return 0;
        }
        $query_array = pdo_fetch_array($query);
        $email = $query_array['email'];
        // We copy the data from usertemp to user
        $user = new User();
        $user->Email = $email;
        $user->Password = $query_array['password'];
        $user->FirstName = $query_array['firstname'];
        $user->LastName = $query_array['lastname'];
        $user->Institution = $query_array['institution'];
        if ($user->Save()) {
            pdo_query("DELETE FROM usertemp WHERE email='{$email}'");
            return 1;
        } else {
            $reg = pdo_error();
            return 0;
        }
    } elseif (isset($_POST['sent'])) {
        // arrive from register form
        $url = $_POST['url'];
        if ($url != 'catchbot') {
            $reg = 'Bots are not allowed to obtain CDash accounts!';
            return 0;
        }
        $email = $_POST['email'];
        $passwd = $_POST['passwd'];
        $passwd2 = $_POST['passwd2'];
        if (!($passwd == $passwd2)) {
            $reg = 'Passwords do not match!';
            return 0;
        }
        global $CDASH_MINIMUM_PASSWORD_LENGTH, $CDASH_MINIMUM_PASSWORD_COMPLEXITY, $CDASH_PASSWORD_COMPLEXITY_COUNT;
        $complexity = getPasswordComplexity($passwd);
        if ($complexity < $CDASH_MINIMUM_PASSWORD_COMPLEXITY) {
            if ($CDASH_PASSWORD_COMPLEXITY_COUNT > 1) {
                $reg = "Your password must contain at least {$CDASH_PASSWORD_COMPLEXITY_COUNT} characters from {$CDASH_MINIMUM_PASSWORD_COMPLEXITY} of the following types: uppercase, lowercase, numbers, and symbols.";
            } else {
                $reg = "Your password must contain at least {$CDASH_MINIMUM_PASSWORD_COMPLEXITY} of the following: uppercase, lowercase, numbers, and symbols.";
            }
            return 0;
        }
        if (strlen($passwd) < $CDASH_MINIMUM_PASSWORD_LENGTH) {
            $reg = "Your password must be at least {$CDASH_MINIMUM_PASSWORD_LENGTH} characters.";
            return 0;
        }
        $fname = $_POST['fname'];
        $lname = $_POST['lname'];
        $institution = $_POST['institution'];
        if ($email && $passwd && $passwd2 && $fname && $lname && $institution) {
            $db = pdo_connect("{$CDASH_DB_HOST}", "{$CDASH_DB_LOGIN}", "{$CDASH_DB_PASS}");
            pdo_select_db("{$CDASH_DB_NAME}", $db);
            $passwd = md5($passwd);
            $email = pdo_real_escape_string($email);
            $sql = 'SELECT email FROM ' . qid('user') . " WHERE email='{$email}'";
            if (pdo_num_rows(pdo_query($sql)) > 0) {
                $reg = "{$email} is already registered.";
                return 0;
            }
            $sql = 'SELECT email  FROM ' . qid('usertemp') . " WHERE email='{$email}'";
            if (pdo_num_rows(pdo_query($sql)) > 0) {
                $reg = "{$email} is already registered. Check your email if you haven't received the link to activate yet.";
                return 0;
            }
            $passwd = pdo_real_escape_string($passwd);
            $fname = pdo_real_escape_string($fname);
            $lname = pdo_real_escape_string($lname);
            $institution = pdo_real_escape_string($institution);
            if ($CDASH_REGISTRATION_EMAIL_VERIFY) {
                $keychars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
                $length = 40;
                $key = '';
                $max = strlen($keychars) - 1;
                for ($i = 0; $i < $length; $i++) {
                    // random_int is available in PHP 7 and the random_compat PHP 5.x
                    // polyfill included in the Composer package.json dependencies.
                    $key .= substr($keychars, random_int(0, $max), 1);
                }
                $date = date(FMT_DATETIME);
                $sql = 'INSERT INTO ' . qid('usertemp') . " (email,password,firstname,lastname,institution,registrationkey,registrationdate)\n                    VALUES ('{$email}','{$passwd}','{$fname}','{$lname}','{$institution}','{$key}','{$date}')";
            } else {
                $user = new User();
                $user->Email = $email;
                $user->Password = $passwd;
                $user->FirstName = $fname;
                $user->LastName = $lname;
                $user->Institution = $institution;
                $user->Save();
            }
            if (pdo_query($sql)) {
                if ($CDASH_REGISTRATION_EMAIL_VERIFY) {
                    $currentURI = get_server_URI();
                    // Send the email
                    $emailtitle = 'Welcome to CDash!';
                    $emailbody = 'Hello ' . $fname . ",\n\n";
                    $emailbody .= "Welcome to CDash! In order to validate your registration please follow this link: \n";
                    $emailbody .= $currentURI . '/register.php?key=' . $key . "\n";
                    $serverName = $CDASH_SERVER_NAME;
                    if (strlen($serverName) == 0) {
                        $serverName = $_SERVER['SERVER_NAME'];
                    }
                    $emailbody .= "\n-CDash on " . $serverName . "\n";
                    if (cdashmail("{$email}", $emailtitle, $emailbody)) {
                        add_log('email sent to: ' . $email, 'Registration');
                    } else {
                        add_log('cannot send email to: ' . $email, 'Registration', LOG_ERR);
                    }
                    $reg = "A confirmation email has been sent. Check your email (including your spam folder) to confirm your registration!\n";
                    $reg .= 'You need to activate your account within 24 hours.';
                    return 0;
                }
                return 1;
            } else {
                $reg = pdo_error();
                return 0;
            }
        } else {
            $reg = 'Please fill in all of the required fields';
            return 0;
        }
    }
    return 0;
}
Exemple #20
0
            exit;
        } else {
            if (isset($_POST['USERNAME']) && isset($_POST['PWD']) && isset($_POST['PWDR'])) {
                //TODO Clear Input
                if ($_POST['USERNAME'] == "" || $_POST['PWD'] == "" || $_POST['PWDR'] == "") {
                    throw new Exception("Fields cannot be empty");
                }
                if ($_POST['PWD'] != $_POST['PWDR']) {
                    throw new Exception("Two passwords are different");
                }
                $new = new User();
                $new->SetID($_POST['USERNAME']);
                $new->SetPassword($_POST['PWD']);
                $new->SetAdmin(TRUE);
                $new->SetValid(TRUE);
                $new->Save();
                $msg = "User added successfully";
            }
        }
    }
} catch (Exception $e) {
    $error = $e->getMessage();
}
?>

<html>
<head>
    <title>RaspiControl</title>
    <meta charset="utf-8"/>
    <meta name="viewport"
          content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width, height=device-height, target-densitydpi=device-dpi"/>
<?php

include_once "../includes/header.inc.php";
include_once "../includes/needLogIn.inc.php";
require_once "../Classes/User.class.php";
$user = new User();
if (isset($PARAMS['password'])) {
    $u = $_SESSION['username'];
    $p = $PARAMS['password'];
    $user->username = $u;
    $user->Find();
    if ($user->variables && $user->delete_date == "" && md5(base64_encode($p)) == $user->password) {
        $user->delete_date = date("Ymd");
        $user->Save();
        $datos = array("status" => "OK");
        print_r(json_encode($datos));
    } else {
        if ($user->variables && $user->delete_date == "" && md5(base64_encode($p)) != $user->password) {
            $datos = array("status" => "WrongPassword");
            print_r(json_encode($datos));
        } else {
            if (!$user->variables || $user->delete_date != "") {
                $datos = array("status" => "NoResults");
                print_r(json_encode($datos));
            }
        }
    }
} else {
    $datos = array("status" => "WrongData");
    print_r(json_encode($datos));
}
Exemple #22
0
include_once '../Models/User.php';
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
$method = $_SERVER['REQUEST_METHOD'];
$format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'web';
$view = null;
switch ($action . '_' . $method) {
    case 'create_GET':
        $model = User::Blank();
        $view = "users/edit.php";
        break;
    case 'save_POST':
        $sub_action = empty($_REQUEST['id']) ? 'created' : 'updated';
        $errors = User::Validate($_REQUEST);
        if (!$errors) {
            $errors = User::Save($_REQUEST);
            //	var_dump($errors);
        }
        if (!$errors) {
            if ($format == 'json') {
                header("Location: ?action=edit&format=json&id={$_REQUEST['id']}");
            } else {
                header("Location: ?sub_action={$sub_action}&id={$_REQUEST['id']}");
            }
            die;
        } else {
            //my_print($errors);
            $model = $_REQUEST;
            $view = "users/edit.php";
        }
        break;
Exemple #23
0
     } else {
         $fname = $_POST['fname'];
         $lname = $_POST['lname'];
         $institution = $_POST['institution'];
         if ($email && $passwd && $passwd2 && $fname && $lname && $institution) {
             $User = new User();
             if ($User->GetIdFromEmail($email)) {
                 $xml .= add_XML_value('error', 'Email already registered!');
             } else {
                 $passwdencryted = md5($passwd);
                 $User->Email = $email;
                 $User->Password = $passwdencryted;
                 $User->FirstName = $fname;
                 $User->LastName = $lname;
                 $User->Institution = $institution;
                 if ($User->Save()) {
                     $xml .= add_XML_value('warning', 'User ' . $email . ' added successfully with password:'******'error', 'Cannot add user');
                 }
             }
         } else {
             $xml .= add_XML_value('error', 'Please fill in all of the required fields');
         }
     }
 } elseif (isset($_POST['makenormaluser'])) {
     if ($postuserid > 1) {
         $update_array = pdo_fetch_array(pdo_query('SELECT firstname,lastname FROM ' . qid('user') . " WHERE id='" . $postuserid . "'"));
         pdo_query('UPDATE ' . qid('user') . " SET admin=0 WHERE id='" . $postuserid . "'");
         $xml .= '<warning>' . $update_array['firstname'] . ' ' . $update_array['lastname'] . ' is not administrator anymore.</warning>';
     } else {
Exemple #24
0
include "include.common.php";
include "server.includes.inc.php";
if (empty($user)) {
    if (!empty($_REQUEST['username']) && !empty($_REQUEST['password'])) {
        $suser = null;
        $ssoUserLoaded = false;
        include 'login.com.inc.php';
        if (empty($suser)) {
            $suser = new User();
            $suser->Load("(username = ? or email = ?) and password = ?", array($_REQUEST['username'], $_REQUEST['username'], md5($_REQUEST['password'])));
        }
        if ($suser->password == md5($_REQUEST['password']) || $ssoUserLoaded) {
            $user = $suser;
            saveSessionObject('user', $user);
            $suser->last_login = date("Y-m-d H:i:s");
            $suser->Save();
            if (!$ssoUserLoaded && !empty($baseService->auditManager)) {
                $baseService->auditManager->user = $user;
                $baseService->audit(IceConstants::AUDIT_AUTHENTICATION, "User Login");
            }
            if ($user->user_level == "Admin") {
                header("Location:" . CLIENT_BASE_URL . "?g=admin&n=dashboard&m=admin_Admin");
            } else {
                header("Location:" . CLIENT_BASE_URL . "?g=modules&n=dashboard&m=module_Personal_Information");
            }
        } else {
            header("Location:" . CLIENT_BASE_URL . "login.php?f=1");
        }
    }
} else {
    if ($user->user_level == "Admin") {
Exemple #25
-1
 protected function sendMessage($sender, $message, $recepients, $loginId = '')
 {
     if (!class_exists('Message')) {
         $this->loadModel('Message');
     }
     if (!class_exists('BulkSMS')) {
         $this->loadModel('BulkSMS');
     }
     if (empty($loginId)) {
         $loginId = $_SESSION['loginId'];
     }
     $user = new User($loginId);
     $len = strlen($message);
     $msgNo = $len < 160 ? 1 : ($len - $len % 160) / 160;
     $msgNo = $len > 160 && $len % 160 != 0 ? $msgNo + 1 : $msgNo;
     $count = ceil(count(explode(',', $recepients)) * $msgNo);
     $avu = $user->Balance * 1;
     $uneeded = $count * UNITS_PER_SMS;
     if ($user->Balance < $uneeded) {
         return 'Insufficient balance';
     }
     $recepients = str_replace(',0', ',234', $recepients);
     $url = API_URL . 'api/sendMessage?returnDetails=1&loginId=' . API_USERNAME . '&password='******'&sender=' . urlencode($sender) . '&message=' . urlencode($message) . '&recipients=' . urlencode(trim($recepients));
     $xml = file_get_contents($url);
     //check if message sent and deduct
     if (strpos($xml, '1701') !== FALSE) {
         $user->Balance -= $count * UNITS_PER_SMS;
         $user->Save();
         $notification = "Messae sent";
         $bulksSMS = new BulkSMS();
         $bulksSMS->LoginId = $user->LoginId;
         $bulksSMS->Message = $message;
         $bulksSMS->Sender = $sender;
         $bulksSMS->Status = '1701';
         $bulksSMS->Count = $count;
         $bulksSMS->Save();
         $messages = array();
         $nos = explode(',', $recepients);
         foreach ($nos as $no) {
             if (empty($no)) {
                 continue;
             }
             $sms = new Message();
             $sms->BulkSMSId = $bulksSMS->Id;
             $sms->Number = $no;
             $sms->Message = $message;
             $sms->Sender = $sender;
             $sms->RefId = -1;
             $sms->Status = '1701';
             $messages[] = $sms;
         }
         $bulksSMS->SaveMessages($messages);
     }
     return $xml;
 }