/**
*
**/
public function routes(&$router)
{
//
$router->get('/user(/:user_id)', function ($user_id) use($router) {
$user_id = $user_id ?: $GLOBALS['user']->id;
$user = User::find($user_id);
if (!$user) {
$router->halt(404, sprintf('User %s not found', $user_id));
return;
}
$visibilities = get_local_visibility_by_id($user_id, 'homepage');
if (is_array(json_decode($visibilities, true))) {
$visibilities = json_decode($visibilities, true);
} else {
$visibilities = array();
}
$get_field = function ($field, $visibility) use($user_id, $user, $visibilities) {
if (!$user[$field] || !is_element_visible_for_user($GLOBALS['user']->id, $user_id, $visibilities[$visibility])) {
return '';
}
return $user[$field];
};
$avatar = function ($size) use($user_id, $visibilities) {
static $avatar;
if (!$avatar) {
$avatar_id = is_element_visible_for_user($GLOBALS['user']->id, $user_id, $visibilities['picture']) ? $user_id : 'nobody';
$avatar = Avatar::getAvatar($avatar_id);
}
return $avatar->getURL($size);
};
$user = array('user_id' => $user_id, 'username' => $user['username'], 'perms' => $user['perms'], 'title_pre' => $user['title_front'], 'forename' => $user['Vorname'], 'lastname' => $user['Nachname'], 'title_post' => $user['title_rear'], 'email' => get_visible_email($user_id), 'avatar_small' => $avatar(Avatar::SMALL), 'avatar_medium' => $avatar(Avatar::MEDIUM), 'avatar_normal' => $avatar(Avatar::NORMAL), 'phone' => $get_field('privatnr', 'private_phone'), 'homepage' => $get_field('Home', 'homepage'), 'privadr' => $get_field('privadr', 'privadr'));
$query = "SELECT value\n FROM user_config\n WHERE field = ? AND user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array('SKYPE_NAME', $user_id));
$user['skype'] = $statement->fetchColumn() ?: '';
$statement->closeCursor();
if ($user['skype']) {
$statement->execute(array('SKYPE_ONLINE_STATUS', $user_id));
$user['skype_show'] = (bool) $statement->fetchColumn();
} else {
$user['skype_show'] = false;
}
$router->render(compact('user'));
});
// Deletes a user
$router->delete('/user/:user_id', function ($user_id) use($router) {
$user = new \UserManagement($user_id . '.');
if (empty($user->user_data['auth_user_md5.user_id'])) {
$router->halt(404, sprintf('User id "%s" not found', $user_id));
die;
}
$router->halt($user->deleteUser() ? 200 : 500);
});
}
$kill_list = array_unique($kill_list);
$query = "SELECT * FROM auth_user_md5 WHERE username IN (?)";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($kill_list ?: ''));
while ($row = $statement->fetch(PDO::FETCH_ASSOC)) {
$kill_user[$row['username']] = $row;
}
if (!is_array($kill_user)) {
fwrite(STDOUT, 'No user from list found in database.' . chr(10));
exit(0);
}
$umanager = new UserManagement();
foreach ($kill_user as $uname => $udetail) {
if (!KILL_ADMINS && ($udetail['perms'] == 'admin' || $udetail['perms'] == 'root')) {
fwrite(STDOUT, "user: {$uname} is '{$udetail['perms']}', NOT deleted" . chr(10));
} else {
$umanager->user_data = array();
$umanager->msg = '';
$umanager->getFromDatabase($udetail['user_id']);
//wenn keine Email gewünscht, Adresse aus den Daten löschen
if (!SEND_MAIL_ON_DELETE) {
$umanager->user_data['auth_user_md5.Email'] = '';
}
if ($umanager->deleteUser()) {
fwrite(STDOUT, "user: {$uname} successfully deleted:" . chr(10) . parse_msg_to_clean_text($umanager->msg) . chr(10));
} else {
fwrite(STDOUT, "user: {$uname} NOT deleted:" . chr(10) . parse_msg_to_clean_text($umanager->msg) . chr(10));
}
}
}
exit(1);
/**
* <MethodDescription>
*
* @return type <description>
*/
function destroy()
{
$user_management = new UserManagement($this->id);
if (!$user_management->deleteUser()) {
$this->error = $user_management->msg;
// TODO
return FALSE;
}
return TRUE;
}
/**
* Function to test the function logOutFromALLDevices
*/
public function testLogOutFromAllDevices()
{
UserManagement::createUser("owasp1", "owasp", "*****@*****.**");
//create a user.
User::activateAccount("owasp1");
$obj1 = UserManagement::logIn("owasp1", "owasp");
$obj2 = UserManagement::logIn("owasp1", "owasp");
//log in the same user from different device.
$obj3 = UserManagement::logIn("owasp1", "owasp");
//log in the same user from different device.
//set session variables to imitate real cookies.
$randomValue = randstr(32);
SQL("INSERT INTO `SESSION` (`SESSION_ID`, `DATE_CREATED`, `LAST_ACTIVITY`, `USERID`) VALUES (?, ?, ?, ?)", array($randomValue, time(), time(), $obj3->getUserID()));
SQL("INSERT INTO `SESSION` (`SESSION_ID`, `DATE_CREATED`, `LAST_ACTIVITY`, `USERID`) VALUES (?, ?, ?, ?)", array(randstr(32), time(), time(), $obj3->getUserID()));
SQL("INSERT INTO `SESSION` (`SESSION_ID`, `DATE_CREATED`, `LAST_ACTIVITY`, `USERID`) VALUES (?, ?, ?, ?)", array(randstr(32), time(), time(), $obj3->getUserID()));
$_COOKIE['sessionid'] = $randomValue;
UserManagement::logOutFromAllDevices($obj1->getUserID());
//This will delete all the sessions from the DB
$result = SQL("SELECT * FROM SESSION");
$Test = count($result) == 0;
UserManagement::deleteUser("owasp1");
//delete the newly created users.
$this->assertTrue($Test);
}
function delete_action($user_id = NULL)
{
//deleting one user
if (!is_null($user_id)) {
$user = UserModel::getUser($user_id);
//check user
if (!Request::getArray('user_ids') && empty($user)) {
PageLayout::postMessage(MessageBox::error(_('Fehler! Der zu löschende Benutzer ist nicht vorhanden oder Sie haben keinen Nutzer ausgewählt.')));
//antwort ja
} elseif (!empty($user)) {
//CSRFProtection::verifyUnsafeRequest();
//if deleting user, go back to mainpage
$parent = '';
//deactivate message
if (!Request::int('mail')) {
$dev_null = new blackhole_message_class();
$default_mailer = StudipMail::getDefaultTransporter();
StudipMail::setDefaultTransporter($dev_null);
}
//preparing delete
$umanager = new UserManagement();
$umanager->getFromDatabase($user_id);
//delete
if ($umanager->deleteUser(Request::option('documents', false))) {
$details = explode('§', str_replace(array('msg§', 'info§', 'error§'), '', substr($umanager->msg, 0, -1)));
PageLayout::postMessage(MessageBox::success(htmlReady(sprintf(_('Der Benutzer "%s %s (%s)" wurde erfolgreich gelöscht.'), $user['Vorname'], $user['Nachname'], $user['username'])), $details));
} else {
$details = explode('§', str_replace(array('msg§', 'info§', 'error§'), '', substr($umanager->msg, 0, -1)));
PageLayout::postMessage(MessageBox::error(htmlReady(sprintf(_('Fehler! Der Benutzer "%s %s (%s)" konnte nicht gelöscht werden.'), $user['Vorname'], $user['Nachname'], $user['username'])), $details));
}
//reavtivate messages
if (!Request::int('mail')) {
StudipMail::setDefaultTransporter($default_mailer);
}
//sicherheitsabfrage
} else {
$user_ids = Request::getArray('user_ids');
if (count($user_ids) == 0) {
PageLayout::postMessage(MessageBox::error(_('Bitte wählen Sie mindestens einen Benutzer zum Löschen aus.')));
$this->redirect('show' . $parent);
return;
}
//CSRFProtection::verifyUnsafeRequest();
//deactivate message
if (!Request::int('mail')) {
$dev_null = new blackhole_message_class();
$default_mailer = StudipMail::getDefaultTransporter();
StudipMail::setDefaultTransporter($dev_null);
}
foreach ($user_ids as $i => $user_id) {
$users[$i] = UserModel::getUser($user_id);
//preparing delete
$umanager = new UserManagement();
$umanager->getFromDatabase($user_id);
//delete
if ($umanager->deleteUser(Request::option('documents', false))) {
$details = explode('§', str_replace(array('msg§', 'info§', 'error§'), '', substr($umanager->msg, 0, -1)));
PageLayout::postMessage(MessageBox::success(htmlReady(sprintf(_('Der Benutzer "%s %s (%s)" wurde erfolgreich gelöscht'), $users[$i]['Vorname'], $users[$i]['Nachname'], $users[$i]['username'])), $details));
} else {
$details = explode('§', str_replace(array('msg§', 'info§', 'error§'), '', substr($umanager->msg, 0, -1)));
PageLayout::postMessage(MessageBox::error(htmlReady(sprintf(_('Fehler! Der Benutzer "%s %s (%s)" konnte nicht gelöscht werden'), $users[$i]['Vorname'], $users[$i]['Nachname'], $users[$i]['username'])), $details));
}
}
//reactivate messages
if (!Request::int('mail')) {
StudipMail::setDefaultTransporter($default_mailer);
}
}
}
}
