/**
* Check whether the username and password are valid
* @param string $username The username
* @param string $password the password
* @return boolean Whether the password belongs to the username return true. Otherwise return false
*/
public static function isValidUser($username, $password)
{
if (empty($username) || empty($password)) {
return false;
}
$user = UserManager::getRepository()->findOneBy(['username' => $username]);
if (empty($user)) {
return false;
}
return UserManager::isPasswordValid($password, $user);
}
function WSEditUserWithPicture($params)
{
global $_configuration;
if (!WSHelperVerifyKey($params)) {
return return_error(WS_ERROR_SECRET_KEY);
}
$userManager = UserManager::getManager();
$userRepository = UserManager::getRepository();
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$original_user_id_value = $params['original_user_id_value'];
$original_user_id_name = $params['original_user_id_name'];
$firstname = $params['firstname'];
$lastname = $params['lastname'];
$username = $params['username'];
$password = null;
$auth_source = null;
$email = $params['email'];
$expiration_date = null;
$expirationDateStatement = '';
$status = $params['status'];
$official_code = '';
$phone = $params['phone'];
$picture_url = $params['picture_url'];
$pictureUri = '';
$active = 1;
$creator_id = null;
$hr_dept_id = 0;
$extra = null;
$extra_list = $params['extra'];
if (!empty($params['expiration_date'])) {
$expiration_date = $params['expiration_date'];
}
if (!empty($params['password'])) {
$password = $params['password'];
}
// Get user id from external id
$user_id = UserManager::get_user_id_from_original_id($original_user_id_value, $original_user_id_name);
// Get picture and generate uri.
$filename = basename($picture_url);
$tempdir = sys_get_temp_dir();
$tempDir = api_get_path(SYS_ARCHIVE_PATH);
// Make sure the file download was OK by checking the HTTP headers for OK
if (strpos(get_headers($picture_url)[0], "OK")) {
file_put_contents($tempDir . $filename, file_get_contents($picture_url));
$pictureUri = UserManager::update_user_picture($user_id, $filename, $tempDir . $filename);
}
if ($user_id == 0) {
return 0;
} else {
$sql = "SELECT id FROM {$table_user} WHERE id ={$user_id} AND active= 0";
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
if (!empty($r_check_user[0])) {
return 0;
}
}
// Check whether username already exits.
$sql = "SELECT username FROM {$table_user} WHERE username = '******' AND id <> {$user_id}";
$res_un = Database::query($sql);
$r_username = Database::fetch_row($res_un);
if (!empty($r_username[0])) {
return 0;
}
/** @var User $user */
$user = $userRepository->find($user_id);
if (!empty($lastname)) {
$user->setLastname($lastname);
//$sql .= " lastname='".Database::escape_string($lastname)."', ";
}
if (!empty($firstname)) {
$user->setFirstname($firstname);
//$sql .= " firstname='".Database::escape_string($firstname)."', ";
}
$user->setUsername($username);
//$sql .= " username='******',";
if (!is_null($password)) {
//$password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
//$sql .= " password='******',";
$user->setPlainPassword($password);
}
if (!is_null($auth_source)) {
$user->setAuthSource($auth_source);
}
// Exception for admins in case no status is provided in WS call...
$t_admin = Database::get_main_table(TABLE_MAIN_ADMIN);
$sqladmin = "SELECT user_id FROM {$t_admin} WHERE user_id = " . intval($user_id);
$resadmin = Database::query($sqladmin);
$is_admin = Database::num_rows($resadmin);
if (empty($status)) {
$status = $user->getStatus();
}
if ($is_admin) {
$status = 1;
}
if (!empty($expiration_date)) {
$expiration_date = new DateTime($expiration_date);
}
$user->setEmail($email)->setStatus($status)->setOfficialCode($official_code)->setPhone($phone)->setExpirationDate($expiration_date)->setHrDeptId($hr_dept_id)->setActive(true)->setPictureUri($pictureUri);
if (!is_null($creator_id)) {
$user->setCreatorId($creator_id);
//$sql .= ", creator_id='".Database::escape_string($creator_id)."'";
}
$userManager->updateUser($user, true);
if (is_array($extra_list) && count($extra_list) > 0) {
foreach ($extra_list as $extra) {
$extra_field_name = $extra['field_name'];
$extra_field_value = $extra['field_value'];
// Save the external system's id into user_field_value table.
UserManager::update_extra_field_value($user_id, $extra_field_name, $extra_field_value);
}
}
return $user_id;
}
*/
/**
* Initialization
*/
/* Example of input file:
sam@example.com
Matthew@example.com
HERMAN@example.com
*/
die;
//change filename depending on file containing mails list, with one e-mail per line.
$list = file('input.txt');
require_once '../../inc/global.inc.php';
$users = Database::get_main_table(TABLE_MAIN_USER);
$userManager = UserManager::getManager();
$repository = UserManager::getRepository();
/**
* E-mails list loop
*/
foreach ($list as $mail) {
$mail = trim($mail);
$sql = "SELECT user_id, official_code, firstname, lastname, email, username, language\n FROM {$users} WHERE email = '{$mail}'\n";
$res = Database::query($sql);
if ($res === false) {
echo 'Error in database with email ' . $mail . "\n";
}
if (Database::num_rows($res) == 0) {
echo '[Error] Email not found in database: ' . $row['email'] . "\n";
} else {
$row = Database::fetch_assoc($res);
$pass = api_substr($row['username'], 0, 4) . rand(0, 9) . rand(0, 9);
{
$user_id = api_get_user_id();
if ($user_id != strval(intval($user_id)) || empty($email)) {
return false;
}
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$email = Database::escape_string($email);
$sql = "SELECT * FROM {$table_user}\n WHERE user_id='" . $user_id . "' AND email='" . $email . "'";
$result = Database::query($sql);
return Database::num_rows($result) != 0;
}
$filtered_extension = false;
if ($form->validate()) {
$wrong_current_password = false;
$user_data = $form->getSubmitValues(1);
$user = UserManager::getRepository()->find(api_get_user_id());
// set password if a new one was provided
$validPassword = false;
$passwordWasChecked = false;
if ($user && (!empty($user_data['password0']) && !empty($user_data['password1'])) || !empty($user_data['password0']) && api_get_setting('profile', 'email') == 'true') {
$passwordWasChecked = true;
$validPassword = UserManager::isPasswordValid($user_data['password0'], $user);
if ($validPassword) {
$password = $user_data['password1'];
} else {
Display::addFlash(Display::return_message(get_lang('CurrentPasswordEmptyOrIncorrect'), 'warning', false));
}
}
$allow_users_to_change_email_with_no_password = true;
if (is_platform_authentication() && api_get_setting('allow_users_to_change_email_with_no_password') == 'false') {
$allow_users_to_change_email_with_no_password = false;
if ($debug) {
error_log('------ Entering lp_view.php -------');
}
$learnPath->error = '';
$lp_item_id = $learnPath->get_current_item_id();
$lpType = $learnPath->get_type();
if (!$is_allowed_to_edit) {
$categoryId = $_SESSION['oLP']->getCategoryId();
$em = Database::getManager();
if (!empty($categoryId)) {
/** @var \Chamilo\CourseBundle\Entity\CLpCategory $category */
$category = $em->getRepository('ChamiloCourseBundle:CLpCategory')->find($categoryId);
if ($category) {
$users = $category->getUsers();
if (!empty($users) && $users->count() > 0) {
$user = UserManager::getRepository()->find($user_id);
if (!$category->hasUserAdded($user)) {
api_not_allowed(true);
}
}
}
}
}
$course_code = api_get_course_id();
$course_id = api_get_course_int_id();
$user_id = api_get_user_id();
$platform_theme = api_get_setting('stylesheets');
// Platform's css.
$my_style = $platform_theme;
$htmlHeadXtra[] = '<script type="text/javascript">
<!--
/**
* @param string $file
* @param bool $moveFile
*/
private function importStudents($file, $moveFile = true)
{
$data = Import::csvToArray($file);
$userRepository = UserManager::getRepository();
/*
* Another users import.
Unique identifier: official code and username . ok
Password should never get updated. ok
If an update should need to occur (because it changed in the .csv),
we’ll want that logged. We will handle this manually in that case.
All other fields should be updateable, though passwords should of course not get updated. ok
If a user gets deleted (not there anymore),
He should be set inactive one year after the current date.
So I presume you’ll just update the expiration date. We want to grant access to courses up to a year after deletion.
*/
if (!empty($data)) {
$language = $this->defaultLanguage;
$this->logger->addInfo(count($data) . " records found.");
foreach ($data as $row) {
$row = $this->cleanUserRow($row);
$user_id = UserManager::get_user_id_from_original_id($row['extra_' . $this->extraFieldIdNameList['user']], $this->extraFieldIdNameList['user']);
$userInfo = array();
$userInfoByOfficialCode = null;
if (!empty($user_id)) {
$userInfo = api_get_user_info($user_id);
$userInfoByOfficialCode = api_get_user_info_from_official_code($row['official_code']);
}
$expirationDate = api_get_utc_datetime(strtotime("+" . intval($this->expirationDateInUserCreation) . "years"));
if (empty($userInfo) && empty($userInfoByOfficialCode)) {
// Create user
$result = UserManager::create_user($row['firstname'], $row['lastname'], STUDENT, $row['email'], $row['username'], $row['password'], $row['official_code'], $language, $row['phone'], null, PLATFORM_AUTH_SOURCE, $expirationDate, 1, 0, null, null, false);
if ($result) {
foreach ($row as $key => $value) {
if (substr($key, 0, 6) == 'extra_') {
//an extra field
UserManager::update_extra_field_value($result, substr($key, 6), $value);
}
}
$this->logger->addInfo("Students - User created: " . $row['username']);
} else {
$this->logger->addError("Students - User NOT created: " . $row['username'] . " " . $row['firstname'] . " " . $row['lastname']);
}
} else {
if (empty($userInfo)) {
$this->logger->addError("Students - Can't update user :"******"Students - User email is not updated : " . $row['username'] . " because the avoid conditions (email).");
// Do not change email keep the old email.
$email = $userInfo['email'];
}
// 2. Condition
if (!in_array($userInfo['email'], $avoidUsersWithEmail) && !in_array($row['email'], $avoidUsersWithEmail)) {
$email = $userInfo['email'];
}
// 3. Condition
if (in_array($userInfo['email'], $avoidUsersWithEmail) && !in_array($row['email'], $avoidUsersWithEmail)) {
$email = $row['email'];
}
// Blocking password update
$avoidUsersWithPassword = $this->conditions['importStudents']['update']['avoid']['password'];
$user = $userRepository->find($userInfo['user_id']);
if ($userInfo['password'] != UserManager::encryptPassword($row['password'], $user) && in_array($row['password'], $avoidUsersWithPassword)) {
$this->logger->addInfo("Students - User password is not updated: " . $row['username'] . " because the avoid conditions (password).");
$password = null;
$resetPassword = 0;
// disallow password change
}
}
}
$expirationDate = api_get_utc_datetime(strtotime("+" . intval($this->expirationDateInUserUpdate) . "years"));
// Update user
$result = UserManager::update_user($userInfo['user_id'], $row['firstname'], $row['lastname'], $row['username'], $password, PLATFORM_AUTH_SOURCE, $email, STUDENT, $userInfo['official_code'], $userInfo['phone'], $userInfo['picture_uri'], $expirationDate, $userInfo['active'], null, 0, null, null, null, false, $resetPassword);
if ($result) {
if ($row['username'] != $userInfo['username']) {
$this->logger->addInfo("Students - Username was changes from '" . $userInfo['username'] . "' to '" . $row['username'] . "' ");
}
foreach ($row as $key => $value) {
if (substr($key, 0, 6) == 'extra_') {
//an extra field
UserManager::update_extra_field_value($userInfo['user_id'], substr($key, 6), $value);
}
}
$this->logger->addInfo("Students - User updated: " . $row['username']);
} else {
$this->logger->addError("Students - User NOT updated: " . $row['username'] . " " . $row['firstname'] . " " . $row['lastname']);
}
}
}
}
if ($moveFile) {
$this->moveFile($file);
}
}
