/** * **/ public function routes(&$router) { // $router->get('/user(/:user_id)', function ($user_id) use($router) { $user_id = $user_id ?: $GLOBALS['user']->id; $user = User::find($user_id); if (!$user) { $router->halt(404, sprintf('User %s not found', $user_id)); return; } $visibilities = get_local_visibility_by_id($user_id, 'homepage'); if (is_array(json_decode($visibilities, true))) { $visibilities = json_decode($visibilities, true); } else { $visibilities = array(); } $get_field = function ($field, $visibility) use($user_id, $user, $visibilities) { if (!$user[$field] || !is_element_visible_for_user($GLOBALS['user']->id, $user_id, $visibilities[$visibility])) { return ''; } return $user[$field]; }; $avatar = function ($size) use($user_id, $visibilities) { static $avatar; if (!$avatar) { $avatar_id = is_element_visible_for_user($GLOBALS['user']->id, $user_id, $visibilities['picture']) ? $user_id : 'nobody'; $avatar = Avatar::getAvatar($avatar_id); } return $avatar->getURL($size); }; $user = array('user_id' => $user_id, 'username' => $user['username'], 'perms' => $user['perms'], 'title_pre' => $user['title_front'], 'forename' => $user['Vorname'], 'lastname' => $user['Nachname'], 'title_post' => $user['title_rear'], 'email' => get_visible_email($user_id), 'avatar_small' => $avatar(Avatar::SMALL), 'avatar_medium' => $avatar(Avatar::MEDIUM), 'avatar_normal' => $avatar(Avatar::NORMAL), 'phone' => $get_field('privatnr', 'private_phone'), 'homepage' => $get_field('Home', 'homepage'), 'privadr' => $get_field('privadr', 'privadr')); $query = "SELECT value\n FROM user_config\n WHERE field = ? AND user_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array('SKYPE_NAME', $user_id)); $user['skype'] = $statement->fetchColumn() ?: ''; $statement->closeCursor(); if ($user['skype']) { $statement->execute(array('SKYPE_ONLINE_STATUS', $user_id)); $user['skype_show'] = (bool) $statement->fetchColumn(); } else { $user['skype_show'] = false; } $router->render(compact('user')); }); // Deletes a user $router->delete('/user/:user_id', function ($user_id) use($router) { $user = new \UserManagement($user_id . '.'); if (empty($user->user_data['auth_user_md5.user_id'])) { $router->halt(404, sprintf('User id "%s" not found', $user_id)); die; } $router->halt($user->deleteUser() ? 200 : 500); }); }
$kill_list = array_unique($kill_list); $query = "SELECT * FROM auth_user_md5 WHERE username IN (?)"; $statement = DBManager::get()->prepare($query); $statement->execute(array($kill_list ?: '')); while ($row = $statement->fetch(PDO::FETCH_ASSOC)) { $kill_user[$row['username']] = $row; } if (!is_array($kill_user)) { fwrite(STDOUT, 'No user from list found in database.' . chr(10)); exit(0); } $umanager = new UserManagement(); foreach ($kill_user as $uname => $udetail) { if (!KILL_ADMINS && ($udetail['perms'] == 'admin' || $udetail['perms'] == 'root')) { fwrite(STDOUT, "user: {$uname} is '{$udetail['perms']}', NOT deleted" . chr(10)); } else { $umanager->user_data = array(); $umanager->msg = ''; $umanager->getFromDatabase($udetail['user_id']); //wenn keine Email gewünscht, Adresse aus den Daten löschen if (!SEND_MAIL_ON_DELETE) { $umanager->user_data['auth_user_md5.Email'] = ''; } if ($umanager->deleteUser()) { fwrite(STDOUT, "user: {$uname} successfully deleted:" . chr(10) . parse_msg_to_clean_text($umanager->msg) . chr(10)); } else { fwrite(STDOUT, "user: {$uname} NOT deleted:" . chr(10) . parse_msg_to_clean_text($umanager->msg) . chr(10)); } } } exit(1);
/** * <MethodDescription> * * @return type <description> */ function destroy() { $user_management = new UserManagement($this->id); if (!$user_management->deleteUser()) { $this->error = $user_management->msg; // TODO return FALSE; } return TRUE; }
/** * Function to test the function logOutFromALLDevices */ public function testLogOutFromAllDevices() { UserManagement::createUser("owasp1", "owasp", "*****@*****.**"); //create a user. User::activateAccount("owasp1"); $obj1 = UserManagement::logIn("owasp1", "owasp"); $obj2 = UserManagement::logIn("owasp1", "owasp"); //log in the same user from different device. $obj3 = UserManagement::logIn("owasp1", "owasp"); //log in the same user from different device. //set session variables to imitate real cookies. $randomValue = randstr(32); SQL("INSERT INTO `SESSION` (`SESSION_ID`, `DATE_CREATED`, `LAST_ACTIVITY`, `USERID`) VALUES (?, ?, ?, ?)", array($randomValue, time(), time(), $obj3->getUserID())); SQL("INSERT INTO `SESSION` (`SESSION_ID`, `DATE_CREATED`, `LAST_ACTIVITY`, `USERID`) VALUES (?, ?, ?, ?)", array(randstr(32), time(), time(), $obj3->getUserID())); SQL("INSERT INTO `SESSION` (`SESSION_ID`, `DATE_CREATED`, `LAST_ACTIVITY`, `USERID`) VALUES (?, ?, ?, ?)", array(randstr(32), time(), time(), $obj3->getUserID())); $_COOKIE['sessionid'] = $randomValue; UserManagement::logOutFromAllDevices($obj1->getUserID()); //This will delete all the sessions from the DB $result = SQL("SELECT * FROM SESSION"); $Test = count($result) == 0; UserManagement::deleteUser("owasp1"); //delete the newly created users. $this->assertTrue($Test); }
function delete_action($user_id = NULL) { //deleting one user if (!is_null($user_id)) { $user = UserModel::getUser($user_id); //check user if (!Request::getArray('user_ids') && empty($user)) { PageLayout::postMessage(MessageBox::error(_('Fehler! Der zu löschende Benutzer ist nicht vorhanden oder Sie haben keinen Nutzer ausgewählt.'))); //antwort ja } elseif (!empty($user)) { //CSRFProtection::verifyUnsafeRequest(); //if deleting user, go back to mainpage $parent = ''; //deactivate message if (!Request::int('mail')) { $dev_null = new blackhole_message_class(); $default_mailer = StudipMail::getDefaultTransporter(); StudipMail::setDefaultTransporter($dev_null); } //preparing delete $umanager = new UserManagement(); $umanager->getFromDatabase($user_id); //delete if ($umanager->deleteUser(Request::option('documents', false))) { $details = explode('§', str_replace(array('msg§', 'info§', 'error§'), '', substr($umanager->msg, 0, -1))); PageLayout::postMessage(MessageBox::success(htmlReady(sprintf(_('Der Benutzer "%s %s (%s)" wurde erfolgreich gelöscht.'), $user['Vorname'], $user['Nachname'], $user['username'])), $details)); } else { $details = explode('§', str_replace(array('msg§', 'info§', 'error§'), '', substr($umanager->msg, 0, -1))); PageLayout::postMessage(MessageBox::error(htmlReady(sprintf(_('Fehler! Der Benutzer "%s %s (%s)" konnte nicht gelöscht werden.'), $user['Vorname'], $user['Nachname'], $user['username'])), $details)); } //reavtivate messages if (!Request::int('mail')) { StudipMail::setDefaultTransporter($default_mailer); } //sicherheitsabfrage } else { $user_ids = Request::getArray('user_ids'); if (count($user_ids) == 0) { PageLayout::postMessage(MessageBox::error(_('Bitte wählen Sie mindestens einen Benutzer zum Löschen aus.'))); $this->redirect('show' . $parent); return; } //CSRFProtection::verifyUnsafeRequest(); //deactivate message if (!Request::int('mail')) { $dev_null = new blackhole_message_class(); $default_mailer = StudipMail::getDefaultTransporter(); StudipMail::setDefaultTransporter($dev_null); } foreach ($user_ids as $i => $user_id) { $users[$i] = UserModel::getUser($user_id); //preparing delete $umanager = new UserManagement(); $umanager->getFromDatabase($user_id); //delete if ($umanager->deleteUser(Request::option('documents', false))) { $details = explode('§', str_replace(array('msg§', 'info§', 'error§'), '', substr($umanager->msg, 0, -1))); PageLayout::postMessage(MessageBox::success(htmlReady(sprintf(_('Der Benutzer "%s %s (%s)" wurde erfolgreich gelöscht'), $users[$i]['Vorname'], $users[$i]['Nachname'], $users[$i]['username'])), $details)); } else { $details = explode('§', str_replace(array('msg§', 'info§', 'error§'), '', substr($umanager->msg, 0, -1))); PageLayout::postMessage(MessageBox::error(htmlReady(sprintf(_('Fehler! Der Benutzer "%s %s (%s)" konnte nicht gelöscht werden'), $users[$i]['Vorname'], $users[$i]['Nachname'], $users[$i]['username'])), $details)); } } //reactivate messages if (!Request::int('mail')) { StudipMail::setDefaultTransporter($default_mailer); } } } }