  * Deletes the usertype specified by ID.
  * @return bool Was it successful?
 protected function body()
     if (!$this->userHasPrivileges(User::usersPrivPresets)) {
         return false;
     if (!$this->isInputSet('id')) {
         return false;
     $id = $this->getParams('id');
     if ($id == Repositories::StudentUserType) {
         return $this->death(StringID::CannotRemoveBasicStudentType);
      * @var $deletedType \UserType
     $deletedType = Repositories::findEntity(Repositories::UserType, $id);
     $users = Repositories::getRepository(Repositories::User)->findBy(['type' => $id]);
     /** @var \UserType $studentType */
     $studentType = Repositories::findEntity(Repositories::UserType, Repositories::StudentUserType);
     foreach ($users as $user) {
         /** @var $user \User */
     return true;
 protected function body()
     if (!$this->isInputSet(array('email'))) {
         return false;
     $email = $this->getParams('email');
     $users = Repositories::getRepository(Repositories::User)->findBy(['email' => $email]);
     foreach ($users as $user) {
          * @var $user \User
         // Generate reset link.
         $resetLink = StringUtils::randomString(60);
         $now = new \DateTime();
         $expiryDate = $now->add(new \DateInterval('P1D'));
         // Add in in the database (replacing any older reset links in the process)
         // Send the e-mail
         $body = "A Password Reset Link was requested for your e-mail address on XMLCheck.\n\nYour name: " . $user->getRealName() . "\nYour login: "******"\n\nClick this link to reset your password: \n\n" . Config::get('roots', 'http') . "#resetPassword#" . $resetLink . "\n\nThe link will be valid for the next 24 hours, until " . $expiryDate->format("Y-m-d H:i:s") . ".";
         if (!Core::sendEmail($user->getEmail(), "[XMLCheck] Password Reset Link for '" . $user->getRealName() . "'", $body)) {
             return $this->death(StringID::MailError);
     $this->addOutput('count', count($users));
     return true;
 protected function body()
     if (!$this->isInputValid(array('id' => 'isIndex'))) {
         return false;
     $id = $this->getParams('id');
      * @var $question \Question
     $question = Repositories::findEntity(Repositories::Question, $id);
     if (!$this->authorizedToManageLecture($question->getLecture())) {
         return $this->death(StringID::InsufficientPrivileges);
     // What if some tests refer to this question? Then the deletion should not be permitted.
      * @var $xtests \Xtest[]
     $xtests = Repositories::getRepository(Repositories::Xtest)->findAll();
     foreach ($xtests as $xtest) {
         $templateArray = explode(',', $xtest->getTemplate());
         if (in_array($question->getId(), $templateArray)) {
             return $this->death(StringID::CannotDeleteQuestionThatsPartOfATest);
     return true;
 protected function body()
     if (!$this->isInputValid(['resetLink' => 'isNotEmpty', 'pass' => 'isNotEmpty'])) {
         return false;
     $resetLink = $this->getParams('resetLink');
     if (strlen($resetLink) < 1) {
         // We double-check here. This should not be necessary because the isInputValid function takes care of this.
         // However, if there is a bug in isInputValid that causes the check to be skipped,
         // this will allow the user to change the password of the first user with no resetLink active.
         // This could plausibly be the administrator.
         return $this->death(StringID::HackerError);
     $encryptionType = Security::HASHTYPE_PHPASS;
     $newPassword = $this->getParams('pass');
     $newPasswordHash = Security::hash($newPassword, $encryptionType);
     $usersWithThisResetLink = Repositories::getRepository(Repositories::User)->findBy(['resetLink' => $resetLink]);
     if (count($usersWithThisResetLink) !== 1) {
         return $this->death(StringID::ResetLinkDoesNotExist);
      * @var $user \User
     $user = $usersWithThisResetLink[0];
     if ($user->getResetLinkExpiry() < new \DateTime()) {
         return $this->death(StringID::ResetLinkExpired);
     return true;
 protected function body()
     if (!$this->userHasPrivileges(User::pluginsAdd)) {
         return false;
     $inputs = array('name' => array('isName', 'isNotEmpty'));
     if (!$this->isInputValid($inputs)) {
         return false;
     $name = $this->getParams('name');
     $existingPluginsWithSameName = Repositories::getRepository(Repositories::Plugin)->findBy(['name' => $name]);
     if (count($existingPluginsWithSameName) > 0) {
         return $this->death(StringID::PluginNameAlreadyExists);
     $pluginFile = $this->getUploadedFile('plugin');
     if (!$pluginFile) {
         return false;
     $pluginFolder = Config::get('paths', 'plugins') . $name;
     if (file_exists($pluginFolder)) {
         return $this->death(StringID::PluginFolderAlreadyExists);
     if (!Filesystem::createDir($pluginFolder)) {
         return $this->death(StringID::FileSystemError);
     if (!Compression::unzip($pluginFile, $pluginFolder)) {
         goto cleanup_error;
     $manifestFile = $pluginFolder . DIRECTORY_SEPARATOR . 'manifest.xml';
     $manifest = null;
     if (!($manifest = $this->parsePluginManifest($manifestFile))) {
         goto cleanup_error;
     if (!file_exists($pluginFolder . DIRECTORY_SEPARATOR . $manifest['mainFile'])) {
         goto cleanup_error;
     $plugin = new \Plugin();
     $plugin->setMainfile($name . '/' . $manifest['mainFile']);
     return true;
     return false;
 protected function body()
     $inputs = array('lecture' => 'isIndex', 'name' => array('isName', 'isNotEmpty'), 'type' => array('isEnum' => array('text', 'code', 'image')));
     if (!$this->isInputValid($inputs)) {
         return false;
     $lectureId = $this->getParams('lecture');
     /** @var \Lecture $lecture */
     $lecture = Repositories::findEntity(Repositories::Lecture, $lectureId);
     $name = $this->getParams('name');
     $type = $this->getParams('type');
     $id = $this->getParams('id');
     $isIdSet = $id !== null && $id !== '';
     $originalName = $this->getUploadedFileName('file');
     if (!$originalName) {
         return false;
     $extensionStart = strrpos($originalName, '.');
     $extension = $extensionStart === false ? '' : substr($originalName, strrpos($originalName, '.'));
     $attachmentFolder = Config::get('paths', 'attachments');
     $filename = $id . '_' . $name . $extension;
     if (!$this->checkTestGenerationPrivileges($lecture)) {
         return $this->death(StringID::InsufficientPrivileges);
      * @var $attachment \Attachment
     $attachment = null;
     if (!$this->saveUploadedFile('file', $attachmentFolder . $filename)) {
         return $this->death(StringID::InsufficientPrivileges);
     /** @var \Attachment[] $attachmentsWithThisName */
     $attachmentsWithThisName = Repositories::getRepository(Repositories::Attachment)->findBy(['lecture' => $lectureId, 'name' => $name]);
     if ($isIdSet) {
         $attachment = Repositories::findEntity(Repositories::Attachment, $id);
         if (count($attachmentsWithThisName) > 0) {
             if ($attachmentsWithThisName[0]->getId() !== $attachment->getId()) {
                 return $this->death(StringID::AttachmentExists);
     } else {
         if (count($attachmentsWithThisName) > 0) {
             return $this->death(StringID::AttachmentExists);
         $attachment = new \Attachment();
     return true;
 protected function body()
     $plugins = Repositories::getRepository(Repositories::Plugin)->findAll();
     $errors = [];
     foreach ($plugins as $plugin) {
         /** @var $plugin \Plugin */
         $dbPhpFile = $plugin->getMainfile();
         $dbDescription = $plugin->getDescription();
         $dbIdentifier = $plugin->getIdentifier();
         $pluginDirectory = $this->getMainDirectory($dbPhpFile);
         if ($pluginDirectory === false) {
             $errors[] = $plugin->getName() . ": " . Language::get(StringID::ReloadManifests_InvalidFolder);
         $manifestFile = Filesystem::combinePaths(Config::get('paths', 'plugins'), $pluginDirectory, "manifest.xml");
         $xml = new \DOMDocument();
         $success = $xml->load(realpath($manifestFile));
         if ($success === false) {
             $errors[] = $plugin->getName() . ": " . Language::get(StringID::ReloadManifests_MalformedXmlOrFileMissing);
         $fileDescription = $xml->getElementsByTagName('description')->item(0);
         $fileArguments = $xml->getElementsByTagName('argument');
         $fileIdentifier = $xml->getElementsByTagName('identifier')->item(0);
         $fileArgumentsArray = [];
         for ($i = 0; $i < $fileArguments->length; $i++) {
             $fileArgumentsArray[] = trim($fileArguments->item($i)->nodeValue);
         $fileArgumentsString = implode(';', $fileArgumentsArray);
         if ($dbDescription !== trim($fileDescription->nodeValue)) {
             $errors[] = $plugin->getName() . ": " . Language::get(StringID::ReloadManifests_DescriptionMismatch);
         if ($dbIdentifier !== trim($fileIdentifier->nodeValue)) {
             $errors[] = $plugin->getName() . ": " . Language::get(StringID::ReloadManifests_IdentifierMismatch);
         if ($plugin->getConfig() !== $fileArgumentsString) {
             $errors[] = $plugin->getName() . ": " . Language::get(StringID::ReloadManifests_ArgumentsMismatch);
     if (count($errors) === 0) {
         $this->addOutput("text", Language::get(StringID::ReloadManifests_DatabaseCorrespondsToManifests));
     } else {
         $this->addOutput("text", implode('<br>', $errors));
     return true;
 protected function body()
     if (!$this->isInputValid(array('id' => 'isIndex'))) {
         return false;
     $id = $this->getParams('id');
      * @var $submission \Submission
     $submission = Repositories::findEntity(Repositories::Submission, $id);
     $userId = User::instance()->getId();
     if ($submission->getUser()->getId() != $userId) {
         return $this->death(StringID::HackerError);
     // First, if you handed something off previously, it is no longer handed off
      * @var $yourSubmissions \Submission[]
     $yourSubmissions = Repositories::getRepository(Repositories::Submission)->findBy(['user' => $userId, 'assignment' => $submission->getAssignment()->getId()]);
     foreach ($yourSubmissions as $previouslyHandedOffSubmission) {
         if ($previouslyHandedOffSubmission->getStatus() == \Submission::STATUS_REQUESTING_GRADING || $previouslyHandedOffSubmission->getStatus() == \Submission::STATUS_LATEST) {
     // Next, hand off the submission
     $emailText = file_get_contents(Config::get("paths", "newSubmissionEmail"));
     $emailText = str_replace("%{RealName}", User::instance()->getRealName(), $emailText);
     $emailText = str_replace("%{Email}", User::instance()->getEmail(), $emailText);
     $emailText = str_replace("%{Link}", Config::getHttpRoot() . "#correctionAll#submission#" . $submission->getId(), $emailText);
     $lines = explode("\n", $emailText);
     $subject = $lines[0];
     // The first line is subject.
     $text = preg_replace('/^.*\\n/', '', $emailText);
     // Everything except the first line.
     $to = $submission->getAssignment()->getGroup()->getOwner();
     if ($to->getSendEmailOnNewSubmission()) {
         if (!Core::sendEmail($to->getEmail(), $subject, $text)) {
             return $this->death(StringID::MailError);
     return true;
 protected function body()
     if (!$this->userHasPrivileges()) {
     $query = "SELECT a, p, l, z, g FROM Assignment a JOIN a.problem p LEFT JOIN p.plugin z JOIN p.lecture l JOIN a.group g WITH g.id IN (SELECT IDENTITY(k.group) FROM \\Subscription k WHERE k.user = :id AND a.deleted = false)";
      * @var $assignments \Assignment[]
     $userId = User::instance()->getId();
     $assignments = Repositories::getEntityManager()->createQuery($query)->setParameter('id', $userId)->getResult();
     foreach ($assignments as $assignment) {
         $submissionGraded = count(Repositories::getRepository(Repositories::Submission)->findBy(['assignment' => $assignment->getId(), 'user' => $userId, 'status' => \Submission::STATUS_GRADED])) > 0;
         $submissionExists = count(Repositories::getRepository(Repositories::Submission)->findBy(['assignment' => $assignment->getId(), 'user' => $userId])) > 0;
         $row = [$assignment->getId(), $assignment->getProblem()->getName(), $assignment->getProblem()->getDescription(), $assignment->getProblem()->getPlugin() ? $assignment->getProblem()->getPlugin()->getDescription() : Language::get(StringID::NoPluginUsed), $assignment->getDeadline()->format("Y-m-d H:i:s"), $assignment->getReward(), $assignment->getProblem()->getLecture()->getName(), $assignment->getProblem()->getLecture()->getDescription(), $assignment->getGroup()->getName(), $assignment->getGroup()->getDescription(), $submissionExists, $submissionGraded];
 protected function body()
     if (!$this->isInputSet(array('code'))) {
         return false;
     $code = $this->getParams('code');
      * @var $users \User[]
     $users = Repositories::getRepository(Repositories::User)->findBy(['activationCode' => $code]);
     if (count($users) === 1) {
         return true;
     } else {
         return $this->death(StringID::InvalidActivationCode);
 protected function body()
     if (!$this->userHasPrivileges(User::otherAdministration, User::groupsManageAll, User::lecturesManageAll)) {
         return false;
     $newId = $this->getParams('newId');
     if (!$newId) {
         return true;
     $canViewAuthors = User::instance()->hasPrivileges(User::submissionsViewAuthors);
     /** @var \Similarity[] $similarities */
     $similarities = Repositories::getRepository(Repositories::Similarity)->findBy(['newSubmission' => $newId]);
     foreach ($similarities as $similarity) {
         $row = [$similarity->getId(), $similarity->getOldSubmission()->getId(), $similarity->getSuspicious() ? "yes" : false, $similarity->getScore(), $similarity->getDetails(), $canViewAuthors ? $similarity->getOldSubmission()->getUser()->getRealName() : Language::get(StringID::NotAuthorizedForName), $similarity->getOldSubmission()->getDate()->format("Y-m-d H:i:s"), $similarity->getOldSubmission()->getStatus()];
     return true;
  * Runs this script.
  * @return bool Is it successful?
 protected function body()
     if (!$this->isInputSet(array('id'))) {
         return false;
     $id = $this->getParams('id');
      * @var $submission \Submission
     $submission = Repositories::findEntity(Repositories::Submission, $id);
     if ($submission->getUser()->getId() !== User::instance()->getId()) {
         return $this->death(StringID::InsufficientPrivileges);
     if ($submission->getStatus() === \Submission::STATUS_GRADED) {
         return $this->death(StringID::CannotDeleteGradedSubmissions);
     if ($submission->getStatus() === \Submission::STATUS_REQUESTING_GRADING) {
         return $this->death(StringID::CannotDeleteHandsoffSubmissions);
     $status = $submission->getStatus();
     // Make something else latest
     if ($status === \Submission::STATUS_LATEST) {
         $latestSubmission = null;
          * @var $submissions \Submission[]
          * @var $latestSubmission \Submission
         $submissions = Repositories::getRepository(Repositories::Submission)->findBy(['status' => \Submission::STATUS_NORMAL, 'assignment' => $submission->getAssignment()->getId(), 'user' => User::instance()->getId()]);
         foreach ($submissions as $olderSolution) {
             if ($latestSubmission === null || $olderSolution->getDate() > $latestSubmission->getDate()) {
                 $latestSubmission = $olderSolution;
         if ($latestSubmission !== null) {
     return true;
  * Runs this script.
  * @return bool Is it successful?
  * @throws \Exception Should never occur.
 protected function body()
     $inputs = array('name' => array('isAlphaNumeric', 'hasLength' => array('min_length' => Constants::UsernameMinLength, 'max_length' => Constants::UsernameMaxLength)), 'realname' => array('isNotEmpty', 'isName'), 'email' => 'isEmail', 'pass' => array(), 'repass' => array());
     if (!$this->isInputValid($inputs)) {
         return false;
     // Extract input data
     $username = strtolower($this->getParams('name'));
     $realname = $this->getParams('realname');
     $email = $this->getParams('email');
     $pass = $this->getParams('pass');
     $repass = $this->getParams('repass');
     $id = $this->getParams('id');
     $type = $this->getParams('type');
     $user = null;
     $isIdSet = $id !== null && $id !== '';
     $isTypeSet = $type !== null && $type !== '';
     // Extract database data
     if ($id) {
         $user = Repositories::findEntity(Repositories::User, $id);
     $userExists = $user != null;
     $sameNameUserExists = count(Repositories::getRepository(Repositories::User)->findBy(['name' => $username])) > 0;
     // Custom verification of input data
     if ($pass !== $repass) {
         return $this->death(StringID::InvalidInput);
     if ($userExists) {
         if ((strlen($pass) < Constants::PasswordMinLength || strlen($pass) > Constants::PasswordMaxLength) && $pass !== "") {
             return $this->death(StringID::InvalidInput);
     } else {
         // A new user must have full password
         if (strlen($pass) < Constants::PasswordMinLength || strlen($pass) > Constants::PasswordMaxLength) {
             return $this->death(StringID::InvalidInput);
     $code = '';
     $unhashedPass = $pass;
     $pass = Security::hash($pass, Security::HASHTYPE_PHPASS);
     $canAddUsers = User::instance()->hasPrivileges(User::usersAdd);
     $canEditUsers = User::instance()->hasPrivileges(User::usersManage);
     $isEditingSelf = $id == User::instance()->getId();
     // This must not be a strict comparison.
      * @var $user \User
     if (!$userExists && !$sameNameUserExists) {
         if ($this->getParams('fromRegistrationForm')) {
             if ($type != Repositories::StudentUserType) {
                 return $this->death(StringID::InsufficientPrivileges);
             $code = md5(uniqid(mt_rand(), true));
             $emailText = file_get_contents(Config::get("paths", "registrationEmail"));
             $emailText = str_replace("%{Username}", $username, $emailText);
             $emailText = str_replace("%{ActivationCode}", $code, $emailText);
             $emailText = str_replace("%{Link}", Config::getHttpRoot() . "#activate", $emailText);
             $lines = explode("\n", $emailText);
             $subject = $lines[0];
             // The first line is subject.
             $text = preg_replace('/^.*\\n/', '', $emailText);
             // Everything except the first line.
             $returnCode = Core::sendEmail($email, $subject, $text);
             if (!$returnCode) {
                 return $this->stop(ErrorCode::mail, 'user registration failed', 'email could not be sent');
         } else {
             if (!$canAddUsers) {
                 return $this->death(StringID::InsufficientPrivileges);
         $user = new \User();
         /** @var \UserType $typeEntity */
         $typeEntity = Repositories::findEntity(Repositories::UserType, $type);
     } elseif ($isIdSet) {
         if (!$canEditUsers && ($isTypeSet || !$isEditingSelf)) {
             return $this->stop(ErrorCode::lowPrivileges, 'cannot edit data of users other than yourself');
         $type = $isTypeSet ? $type : $user->getType()->getId();
         /** @var \UserType $typeEntity */
         $typeEntity = Repositories::findEntity(Repositories::UserType, $type);
         if ($unhashedPass) {
     } else {
         return $this->death(StringID::UserNameExists);
     return true;
  * Deletes plugin with supplied ID. This is a very destructive operation because all problems associated with this plugin will lose any reference to it and thus the submissions will lose reference and therefore we won't be able to use them for sooth.similarity comparison, for example.
  * @param int $id plugin ID
  * @return array error properties provided by removalError() or retrievalError(),
  * or false in case of success
 public static function deletePluginById($id)
      * @var $plugin \Plugin
      * @var $tests \PluginTest[]
      * @var $problems \Problem[]
     $plugin = Repositories::findEntity(Repositories::Plugin, $id);
     // Destroy plugin tests testing this plugin
     $tests = Repositories::getRepository(Repositories::PluginTest)->findBy(['plugin' => $id]);
     foreach ($tests as $test) {
     // Problems that relied on this plugin are now without plugin
     $problems = Repositories::getRepository(Repositories::Problem)->findBy(['plugin' => $id]);
     foreach ($problems as $problem) {
     // Delete the plugin
     return false;
Exemple #15
  * Tries to log user in with supplied credentials.
  * @param string $name username
  * @param string $pass password
  * @return bool true if login was successful
 public function login($name, $pass)
     if ($this->data != null) {
     /// Username is case-insensitive.
     $name = strtolower($name);
     $users = Repositories::getRepository(Repositories::User)->findBy(['name' => $name]);
     if (!empty($users)) {
          * @var $user \User
         $user = $users[0];
         if ($user->getActivationCode() !== '') {
             // Non-empty activation code means the account is not yet activated.
             return false;
         $authenticationSuccess = Security::check($pass, $user->getPass(), $user->getEncryptionType());
         if ($authenticationSuccess) {
             $this->data = array('id' => $user->getId(), 'name' => $user->getName(), 'privileges' => $user->getType()->getPrivileges(), 'realName' => $user->getRealName(), 'email' => $user->getEmail(), 'lastAccess' => $user->getLastAccess()->format("Y-m-d H:i:s"), 'applicationVersion' => implode('.', Config::get('version')), User::sendEmailOnAssignmentAvailableStudent => $user->getSendEmailOnNewAssignment() ? 1 : 0, User::sendEmailOnSubmissionConfirmedTutor => $user->getSendEmailOnNewSubmission() ? 1 : 0, User::sendEmailOnSubmissionRatedStudent => $user->getSendEmailOnSubmissionRated() ? 1 : 0);
             $user->setLastAccess(new \DateTime());
             $this->entity = $user;
             return true;
         } else {
             return false;
     return false;