/**
* Constructor
*
* @param integer $scope_id Scope ID (group, course, etc.)
* @return void
*/
public function __construct($referenceid = 0)
{
$this->set('referenceid', $referenceid)->set('category', 'user')->set('option', $this->_segments['option']);
$this->_segments['id'] = $referenceid;
$this->_segments['active'] = 'wishlist';
$this->_item = \Hubzero\User\User::oneOrNew($this->get('scope_id'));
}
/**
* Up
**/
public function up()
{
$query = "describe #__citations uid";
$this->db->setQuery($query);
$uidField = $this->db->loadObject();
// if we have an INT already, were good to go
if (strtolower($uidField->Type) == 'int(11)') {
return;
}
// load all citations
$query = "SELECT id, uid FROM `#__citations`";
$this->db->setQuery($query);
$citations = $this->db->loadObjectList();
foreach ($citations as $citation) {
if (!is_numeric($citation->uid)) {
$newId = 62;
$profile = \Hubzero\User\User::oneOrNew($citation->uid);
if ($profile->get('id')) {
$newId = $profile->get('id');
}
$query = "UPDATE `#__citations` SET uid=" . $this->db->quote($newId) . " WHERE id=" . $this->db->quote($citation->id);
$this->db->setQuery($query);
$this->db->query();
}
}
// change column name
$query = "ALTER TABLE `#__citations` CHANGE uid uid INT(11);";
$this->db->setQuery($query);
$this->db->query();
}
/**
* Method to test for a valid color in hexadecimal.
*
* @param object &$element The SimpleXMLElement object representing the <field /> tag for the form field object.
* @param mixed $value The form field value to validate.
* @param string $group The field name group control value. This acts as as an array container for the field.
* For example if the field has name="foo" and the group value is set to "bar" then the
* full field name would end up being "bar[foo]".
* @param object &$input An optional Registry object with the entire data set to validate against the entire form.
* @param object &$form The form object for which the field is being tested.
* @return boolean True if the value is valid, false otherwise.
*/
public function test(&$element, $value, $group = null, &$input = null, &$form = null)
{
$duplicate = User::all()->whereEquals('username', $value)->where('id', '<>', (int) $userId)->total();
if ($duplicate) {
return false;
}
return true;
}
function display($tpl = null)
{
$user = User::getInstance();
// If this is an auth_link account update, carry on, otherwise raise an error
if ($user->isGuest() || !$user->hasAttribute('auth_link_id') || !is_numeric($user->username) || !$user->username < 0) {
App::abort('405', 'Method not allowed');
return;
}
// Get and add the js and extra css to the page
\Hubzero\Document\Assets::addComponentStylesheet('com_users', 'link.css');
\Hubzero\Document\Assets::addComponentStylesheet('com_users', 'providers.css');
\Hubzero\Document\Assets::addComponentScript('com_users', 'link');
// Import a few things
jimport('joomla.user.helper');
// Look up a few things
$hzal = \Hubzero\Auth\Link::find_by_id($user->get("auth_link_id"));
$hzad = \Hubzero\Auth\Domain::find_by_id($hzal->auth_domain_id);
$plugins = Plugin::byType('authentication');
// Get the display name for the current plugin being used
Plugin::import('authentication', $hzad->authenticator);
$plugin = Plugin::byType('authentication', $hzad->authenticator);
$pparams = new \Hubzero\Config\Registry($plugin->params);
$refl = new ReflectionClass("plgAuthentication{$plugin->name}");
$display_name = $pparams->get('display_name', $refl->hasMethod('onGetLinkDescription') ? $refl->getMethod('onGetLinkDescription')->invoke(NULL) : ucfirst($plugin->name));
// Look for conflicts - first check in the hub accounts
$profile_conflicts = \Hubzero\User\User::all()->whereEquals('email', $hzal->email)->rows();
// Now check the auth_link table
$link_conflicts = \Hubzero\Auth\Link::find_by_email($hzal->email, array($hzad->id));
$conflict = array();
if ($profile_conflicts) {
foreach ($profile_conflicts as $juser) {
$auth_link = \Hubzero\Auth\Link::find_by_user_id($juser->id);
$dname = is_object($auth_link) && $auth_link->auth_domain_name ? $auth_link->auth_domain_name : 'hubzero';
$conflict[] = array("auth_domain_name" => $dname, "name" => $juser->name, "email" => $juser->email);
}
}
if ($link_conflicts) {
foreach ($link_conflicts as $l) {
$juser = User::getInstance($l['user_id']);
$conflict[] = array("auth_domain_name" => $l['auth_domain_name'], "name" => $juser->name, "email" => $l['email']);
}
}
// Make sure we don't somehow have any duplicate conflicts
$conflict = array_map("unserialize", array_unique(array_map("serialize", $conflict)));
// @TODO: Could also check for high probability of name matches???
// Get the site name
$sitename = Config::get('sitename');
// Assign variables to the view
$this->assign('hzal', $hzal);
$this->assign('hzad', $hzad);
$this->assign('plugins', $plugins);
$this->assign('display_name', $display_name);
$this->assign('conflict', $conflict);
$this->assign('sitename', $sitename);
$this->assignref('juser', $user);
parent::display($tpl);
}
/**
* Increments user spam count, both globally and in current session
*
* @return bool
*/
public function incrementSpamCount()
{
// Save global spam count
$current = $this->get('spam_count', 0);
$this->set('spam_count', $current + 1);
$this->set('user_id', \User::get('id'));
$this->save();
// Also increment session spam count
$current = Session::get('spam_count', 0);
Session::set('spam_count', $current + 1);
}
/**
* Constructor
*
* @param integer $scope_id Scope ID (group, course, etc.)
* @return void
*/
public function __construct($scope_id = 0)
{
$this->set('scope_id', $scope_id);
$this->_segments['id'] = $scope_id;
$this->_segments['active'] = 'blog';
$this->_item = User::oneOrNew($scope_id);
$config = Plugin::params('members', 'blog');
$id = String::pad($this->get('scope_id'));
$this->set('path', str_replace('{{uid}}', $id, $config->get('uploadpath', '/site/members/{{uid}}/blog')));
$this->set('scope', $this->get('scope_id') . '/blog');
$this->set('option', $this->_segments['option']);
}
/**
* Short description for 'addmanager'
*
* @return void
*/
public function addTask()
{
// Check for request forgeries
Request::checkToken();
// Incoming member ID
$id = Request::getInt('id', 0);
if (!$id) {
$this->setError(Lang::txt('COM_COURSES_ERROR_NO_ID'));
$this->displayTask();
return;
}
// Load the profile
$course = \Components\Courses\Models\Course::getInstance($id);
$managers = $course->managers();
//get('managers');
// Incoming host
$m = Request::getVar('usernames', '', 'post');
$mbrs = explode(',', $m);
$users = array();
foreach ($mbrs as $mbr) {
// Retrieve user's account info
$mbr = trim($mbr);
// User ID
if (is_numeric($mbr)) {
// Make sure the user exists
$user = User::getInstance($mbr);
if (is_object($user) && $user->get('username')) {
$uid = $mbr;
}
} else {
$uid = \Hubzero\User\User::oneByUsername($mbr)->get('id');
}
// Ensure we found an account
if ($uid) {
// Loop through existing members and make sure the user isn't already a member
if (isset($managers[$uid])) {
$this->setError(Lang::txt('COM_COURSES_ERROR_ALREADY_MANAGER', $mbr));
continue;
}
// They user is not already a member, so we can go ahead and add them
$users[] = $uid;
} else {
$this->setError(Lang::txt('COM_COURSES_ERROR_USER_NOTFOUND') . ' ' . $mbr);
}
}
// Add users
$course->add($users, Request::getInt('role', 0));
// Push through to the hosts view
$this->displayTask($course);
}
/**
* Add a user to the manager list
*
* @return void
*/
public function addTask()
{
// Check for request forgeries
Request::checkToken();
// Incoming member ID
$id = Request::getInt('offering', 0);
if (!$id) {
$this->setError(Lang::txt('COURSES_NO_ID'));
$this->displayTask();
return;
}
$section = Request::getInt('section', 0);
$role_id = Request::getInt('role', 0);
// Load the profile
$model = \Components\Courses\Models\Offering::getInstance($id);
if ($section) {
$model->section($section);
}
$managers = $model->managers(array('student' => 0, 'section_id' => array(0, $section), 'offering_id' => array(0, $id)));
// Incoming host
$m = Request::getVar('usernames', '', 'post');
$mbrs = explode(',', $m);
$users = array();
foreach ($mbrs as $mbr) {
// Retrieve user's account info
$mbr = trim($mbr);
if (is_numeric($mbr)) {
$uid = (int) $mbr;
} else {
$uid = \Hubzero\User\User::oneByUsername($mbr)->get('id');
}
// Ensure we found an account
if ($uid) {
// Loop through existing members and make sure the user isn't already a member
if (isset($managers[$uid])) {
$this->setError(Lang::txt('COM_COURSES_ERROR_ALREADY_MANAGER', $mbr));
continue;
}
// They user is not already a member, so we can go ahead and add them
$users[] = $uid;
} else {
$this->setError(Lang::txt('COM_COURSES_ERROR_USER_NOTFOUND') . ' ' . $mbr);
}
}
if (count($users) > 0) {
$model->add($users, $role_id);
}
// Push through to the hosts view
$this->displayTask($model);
}
/**
* Hook for after parsing route
*
* @return void
*/
public function onAfterRoute()
{
if (App::isSite() && !User::isGuest()) {
$exceptions = ['com_users.logout', 'com_support.tickets.save.index', 'com_members.media.download.profiles'];
$current = Request::getWord('option', '');
$current .= ($controller = Request::getWord('controller', false)) ? '.' . $controller : '';
$current .= ($task = Request::getWord('task', false)) ? '.' . $task : '';
$current .= ($view = Request::getWord('view', false)) ? '.' . $view : '';
// If guest, proceed as normal and they'll land on the login page
if (!in_array($current, $exceptions) && \Hubzero\User\User::oneOrFail(User::get('id'))->reputation->isJailed()) {
Request::setVar('option', 'com_users');
Request::setVar('view', 'spamjail');
}
}
}
/**
* Force SSL if site is configured to and
* the connection is not secure.
*
* @return void
*/
public function boot()
{
// Set the base link to use for profiles
User::$linkBase = 'index.php?option=com_members&id={ID}';
// Set the picture resolver
if ($this->app->has('component')) {
$params = $this->app['component']->params('com_members');
$config = ['path' => PATH_APP . DS . 'site' . DS . 'members', 'pictureName' => 'profile.png', 'thumbnailName' => 'thumb.png', 'fallback' => $params->get('defaultpic', '/core/components/com_members/site/assets/img/profile.gif')];
User::$pictureResolvers[] = new File($config);
$resolver = $params->get('picture');
// Build the class name
$cls = 'Hubzero\\User\\Picture\\' . ucfirst($resolver);
if (class_exists($cls)) {
User::$pictureResolvers[] = new $cls($config);
}
}
}
/**
* Display module contents
*
* @return void
*/
public function displaySite()
{
// Get all sessions
$sessions = SessionHelper::getAllSessions(array('distinct' => 1, 'client' => 0));
// Vars to hold guests & logged in members
$this->guestCount = 0;
$this->loggedInCount = 0;
$this->loggedInList = array();
// Get guest and logged in counts/list
foreach ($sessions as $session) {
if ($session->guest == 1) {
$this->guestCount++;
} else {
$this->loggedInCount++;
$profile = User::oneOrNew($session->userid);
if ($profile->get('id')) {
$this->loggedInList[] = $profile;
}
}
}
// Render view
require $this->getLayoutPath('default');
}
/**
* Method to test for a valid color in hexadecimal.
*
* @param object &$element The SimpleXMLElement object representing the <field /> tag for the form field object.
* @param mixed $value The form field value to validate.
* @param string $group The field name group control value. This acts as as an array container for the field.
* For example if the field has name="foo" and the group value is set to "bar" then the
* full field name would end up being "bar[foo]".
* @param object &$input An optional Registry object with the entire data set to validate against the entire form.
* @param object &$form The form object for which the field is being tested.
* @return boolean True if the value is valid, false otherwise.
*/
public function test(&$element, $value, $group = null, &$input = null, &$form = null)
{
// If the field is empty and not required, the field is valid.
$required = (string) $element['required'] == 'true' || (string) $element['required'] == 'required';
if (!$required && empty($value)) {
return true;
}
// Test the value against the regular expression.
if (!parent::test($element, $value, $group, $input, $form)) {
return false;
}
// Check if we should test for uniqueness.
$unique = (string) $element['unique'] == 'true' || (string) $element['unique'] == 'unique';
if ($unique) {
// Get the extra field check attribute.
$userId = $form instanceof Form ? $form->getValue('id') : '';
$duplicate = User::all()->whereEquals('email', $value)->where('id', '<>', (int) $userId)->total();
if ($duplicate) {
return false;
}
}
return true;
}
/**
* Check to see if user has permission to perform task
*
* @param object $group \Hubzero\User\Group
* @param string $action Group Action to perform
* @return boolean
*/
public static function userHasPermissionForGroupAction($group, $action)
{
// Get user roles
$roles = self::getGroupMemberRoles(\User::get('id'), $group->get('gidNumber'));
// Check to see if any of our roles for user has permission for action
foreach ($roles as $role) {
$permissions = json_decode($role['permissions']);
$permissions = is_object($permissions) ? $permissions : new \stdClass();
if (property_exists($permissions, $action) && $permissions->{$action} == 1) {
return true;
}
}
return false;
}
/**
* Authenticate requests
*
* @return mixed
*/
public function authenticate()
{
if (!$this->_route) {
return;
}
JLoader::import('Hubzero.User.Profile');
JLoader::import('Hubzero.User.Helper');
JLoader::import('Hubzero.Oauth.Provider');
JLoader::import('Hubzero.User');
JLoader::import('Hubzero.Xml');
/*
* If CLI then we have to gather all query, post and header values
* into params for Oauth_Provider's constructor.
*/
$params = array();
if (php_sapi_name() == 'cli') {
$queryvars = $this->request->get('queryvars');
$postvars = $this->request->get('postdata');
if (!empty($queryvars)) {
foreach ($queryvars as $key => $value) {
if (isset($queryvars[$key])) {
$params[$key] = $queryvars[$key];
} else {
if (isset($postvars[$key])) {
$params[$key] = $postvars[$key];
}
}
}
}
if (!empty($postvars)) {
foreach ($postvars as $key => $value) {
if (isset($queryvars[$key])) {
$params[$key] = $queryvars[$key];
} else {
if (isset($postvars[$key])) {
$params[$key] = $postvars[$key];
}
}
}
}
if (empty($params)) {
return false;
}
}
/*
If request has a Basic Auth header Oauth will throw an exception if the header doesn't
conform to the OAuth protocol. We catch that (or any other) exception and proceed as
if there was no oauth data.
@TODO A better approach might be to inspect the Basic Auth header and see if it even
looks like OAuth was being attempted and throw an Oauth compliant error if it was.
*/
try {
$oauthp = new \Hubzero\Oauth\Provider($params);
$oauthp->setRequestTokenPath('/api/oauth/request_token');
$oauthp->setAccessTokenPath('/api/oauth/access_token');
$oauthp->setAuthorizePath('/api/oauth/authorize');
$result = $oauthp->validateRequest($this->request->get('request'), $this->request->get('method'));
if (is_array($result)) {
$this->response->setResponseProvides('application/x-www-form-urlencoded');
$this->response->setMessage($result['message'], $result['status'], $result['reason']);
return false;
}
$this->_provider = $oauthp;
$this->_authn['oauth_token'] = $oauthp->getToken();
$this->_authn['consumer_key'] = $oauthp->getConsumerKey();
} catch (Exception $e) {
$result = false;
}
$this->_authn['user_id'] = null;
if (isset($this->_authn['oauth_token']) && $this->_authn['oauth_token']) {
$data = $oauthp->getTokenData();
if (!empty($data->user_id)) {
$this->_authn['user_id'] = $data->user_id;
}
$this->_authn['session_id'] = null;
JFactory::getSession()->set('user', new JUser($data->user_id));
} else {
// well lets try to authenticate it with a session instead
$session_name = md5(self::getHash('site'));
$session_id = null;
if (!empty($_COOKIE[$session_name])) {
$session_id = $_COOKIE[$session_name];
}
$this->_authn['session_id'] = $session_id;
$this->_authn['user_id'] = null;
if (!empty($session_id)) {
$db = JFactory::getDBO();
$timeout = JFactory::getConfig()->getValue('config.timeout');
$query = "SELECT userid FROM `#__session` WHERE session_id=" . $db->Quote($session_id) . "AND " . " time + " . (int) $timeout . " <= NOW() AND client_id = 0;";
$db->setQuery($query);
$user_id = $db->loadResult();
if (!empty($user_id)) {
$this->_authn['user_id'] = $user_id;
}
}
// tool session authentication
$toolSessionId = JRequest::getInt('sessionnum', null, 'POST');
$toolSessionToken = JRequest::getCmd('sessiontoken', null, 'POST');
// use request headers as backup method to post vars
if (!$toolSessionId && !$toolSessionToken) {
$headers = apache_request_headers();
$toolSessionId = isset($headers['sessionnum']) ? $headers['sessionnum'] : null;
$toolSessionToken = isset($headers['sessiontoken']) ? $headers['sessiontoken'] : null;
}
// if we have a session id & token lets use those to authenticate
if ($toolSessionId && $toolSessionToken) {
// include neede libs
require_once PATH_CORE . DS . 'components' . DS . 'com_tools' . DS . 'helpers' . DS . 'utils.php';
// instantiate middleware database
$mwdb = \Components\Tools\Helpers\Utils::getMWDBO();
// attempt to load session from db
$query = "SELECT * FROM `session` WHERE `sessnum`= " . $mwdb->quote($toolSessionId) . " AND `sesstoken`=" . $mwdb->quote($toolSessionToken);
$mwdb->setQuery($query);
// only continue if a valid session was found
if ($session = $mwdb->loadObject()) {
// check users IP against the session execution host IP
if (JRequest::ip() == gethostbyname($session->exechost)) {
$profile = \Hubzero\User\User::oneByUsername($session->username);
$this->_authn['user_id'] = $profile->get('id');
}
}
}
}
$this->request->validApiKey = !empty($this->_authn['consumer_key']);
}
/**
* Parse the URI
*
* @param object The URI
*
* @return array
*/
public function parse(&$uri)
{
$vars = array();
// Get the application
$app = JApplication::getInstance('site');
if ($app->getCfg('force_ssl') == 2 && strtolower($uri->getScheme()) != 'https') {
//forward to https
$uri->setScheme('https');
$app->redirect((string) $uri);
}
// Get the path
$path = $uri->getPath();
// Remove the base URI path.
$path = substr_replace($path, '', 0, strlen(JURI::base(true)));
// Check to see if a request to a specific entry point has been made.
if (preg_match("#.*?\\.php#u", $path, $matches)) {
// Get the current entry point path relative to the site path.
$scriptPath = realpath($_SERVER['SCRIPT_FILENAME'] ? $_SERVER['SCRIPT_FILENAME'] : str_replace('\\\\', '\\', $_SERVER['PATH_TRANSLATED']));
$relativeScriptPath = str_replace('\\', '/', str_replace(JPATH_SITE, '', $scriptPath));
// If a php file has been found in the request path, check to see if it is a valid file.
// Also verify that it represents the same file from the server variable for entry script.
if (file_exists(JPATH_SITE . $matches[0]) && $matches[0] == $relativeScriptPath) {
// Remove the entry point segments from the request path for proper routing.
$path = str_replace($matches[0], '', $path);
}
}
// Identify format
if ($this->_mode == JROUTER_MODE_SEF) {
if ($app->getCfg('sef_suffix') && !(substr($path, -9) == 'index.php' || substr($path, -1) == '/')) {
if ($suffix = pathinfo($path, PATHINFO_EXTENSION)) {
$vars['format'] = $suffix;
}
}
}
//Remove prefix
$path = str_replace('index.php', '', $path);
//Set the route
$uri->setPath(trim($path, '/'));
$vars += parent::parse($uri);
if (empty($vars['option']) && isset($_POST['option'])) {
$vars['option'] = JRequest::getCmd('option', '', 'post');
}
if (empty($vars['option'])) {
JError::raiseError(404, JText::_('JGLOBAL_RESOURCE_NOT_FOUND'));
}
/* START: HUBzero Extensions Follow to force registration and email confirmation */
$juser = JFactory::getUser();
if (!$juser->get('guest')) {
$session = JFactory::getSession();
$registration_incomplete = $session->get('registration.incomplete');
if ($registration_incomplete) {
if ($vars['option'] == 'com_users') {
if ($vars['view'] == 'logout' || $vars['task'] == 'logout') {
return $vars;
}
}
if ($vars['option'] == 'com_members' && (isset($vars['controller']) && $vars['controller'] == 'register' || isset($vars['view']) && $vars['view'] == 'register')) {
$session->set('linkaccount', false);
return $vars;
}
if ($uri->getPath() != 'legal/terms') {
$originalVars = $vars;
$vars = array();
if ($juser->get('tmp_user')) {
$vars['option'] = 'com_members';
$vars['controller'] = 'register';
$vars['task'] = 'create';
$vars['act'] = '';
} else {
if (substr($juser->get('email'), -8) == '@invalid') {
// First, allow ticket creation
if ($originalVars['option'] == 'com_support' && $originalVars['controller'] == 'tickets' && $originalVars['task'] == 'save') {
// Do nothing...allow it to pass through
$vars = $originalVars;
} elseif ($session->get('linkaccount', true)) {
$vars['option'] = 'com_users';
$vars['view'] = 'link';
} else {
$vars['option'] = 'com_members';
$vars['controller'] = 'register';
$vars['task'] = 'update';
$vars['act'] = '';
}
} else {
$o = JRequest::getVar('option', '');
$t = JRequest::getVar('task', '');
$nh = JRequest::getInt('no_html', 0);
//are we trying to use the tag autocompletor when forcing registration update?
if ($o == 'com_tags' && $t == 'autocomplete' && $nh) {
$vars['option'] = 'com_tags';
} else {
$vars['option'] = 'com_members';
$vars['id'] = $juser->get("id");
$vars['active'] = 'profile';
}
}
}
$this->setVars($vars);
JRequest::set($vars, 'get', true);
// overwrite existing
return $vars;
}
}
$xprofile = \Hubzero\User\User::oneOrNew($juser->get('id'));
if (is_object($xprofile) && $xprofile->get('activation') != 1 && $xprofile->get('activation') != 3) {
if ($vars['option'] == 'com_users') {
if (isset($vars['view']) && $vars['view'] == 'logout' || isset($vars['task']) && $vars['task'] == 'logout') {
return $vars;
}
} else {
if ($uri->getPath() == 'legal/terms') {
return $vars;
} else {
if ($vars['option'] == 'com_members' && (isset($vars['controller']) && $vars['controller'] == 'register' || isset($vars['view']) && $vars['view'] == 'register')) {
if (!empty($vars['task'])) {
if ($vars['task'] == 'unconfirmed' || $vars['task'] == 'change' || $vars['task'] == 'resend' || $vars['task'] == 'confirm') {
return $vars;
}
}
} else {
if ($vars['option'] == 'com_members' && (isset($vars['task']) && $vars['task'] == 'download') && (isset($vars['active']) && strpos($vars['active'], 'Image:') !== false) && JFactory::getSession()->get('userchangedemail', 0) == 1) {
return $vars;
}
}
}
}
$vars = array();
$vars['option'] = 'com_members';
$vars['controller'] = 'register';
$vars['task'] = 'unconfirmed';
$this->setVars($vars);
JRequest::set($vars, 'get', true);
// overwrite existing
return $vars;
}
if (!$juser->get('approved')) {
if ($vars['option'] == 'com_users') {
if ($vars['view'] == 'logout' || $vars['task'] == 'logout') {
return $vars;
}
} else {
if ($uri->getPath() == 'legal/terms') {
return $vars;
} else {
if ($vars['option'] == 'com_support' && $vars['controller'] == 'tickets' && $vars['task'] == 'save') {
return $vars;
} else {
if ($vars['option'] == 'com_support' && $vars['controller'] == 'tickets' && $vars['task'] == 'new') {
return $vars;
}
}
}
}
$vars = array();
$vars['option'] = 'com_users';
$vars['view'] = 'unapproved';
$this->setVars($vars);
JRequest::set($vars, 'get', true);
// overwrite existing
return $vars;
}
$badpassword = $session->get('badpassword', false);
$expiredpassword = $session->get('expiredpassword', false);
if ($badpassword || $expiredpassword) {
if ($vars['option'] == 'com_members' && isset($vars['task']) && $vars['task'] == 'changepassword') {
return $vars;
}
if ($vars['option'] == 'com_users' && ($vars['view'] == 'logout' || $vars['task'] == 'logout' || JRequest::getWord('task') == 'logout')) {
return $vars;
}
if ($vars['option'] == 'com_support' && $vars['task'] == 'save') {
return $vars;
}
if ($uri->getPath() == 'legal/terms') {
return $vars;
}
// @FIXME: should double check shadowFlag here in case password gets chanegd
// out of band.
// @FIXME: should we clear POST and GET data
$vars = array();
$vars['option'] = 'com_members';
$vars['task'] = 'changepassword';
if ($badpassword) {
$vars['message'] = "Your password does not meet current site requirements. Please change your password now.";
}
if ($expiredpassword) {
$vars['message'] = "Your password has expired. Please change your password now.";
}
$this->setVars($vars);
JRequest::set($vars, 'get', true);
// overwrite existing
}
}
// Call system plugins for parsing routes
if ($responses = JDispatcher::getInstance()->trigger('onParseRoute', array($vars))) {
// We're assuming here that if a plugin returns vars, we'll take them wholesale.
// This also means that plugins need to be ordered in terms of priority, as we'll
// return the first response that isn't empty.
foreach ($responses as $response) {
if (is_array($response) && !empty($response)) {
$this->setVars($response);
JRequest::set($response, 'get', true);
return $response;
}
}
}
/* END: HUBzero Extensions Follow to force registration and email confirmation */
return $vars;
}
/**
* Processes the password set form
*
* @return void
*/
public function settingpasswordTask()
{
// Check for request forgeries
Session::checkToken('post') or exit(Lang::txt('JINVALID_TOKEN'));
// Get the token and user id from the verification process
$token = User::getState('com_users.reset.token', null);
$id = User::getState('com_users.reset.user', null);
$no_html = Request::getInt('no_html', 0);
// Check the token and user id
if (empty($token) || empty($id)) {
throw new Exception(Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_TOKENS_MISSING'), 403);
}
// Get the user object
$user = \Hubzero\User\User::oneOrFail($id);
// Check for a user and that the tokens match
if ($user->tokens()->latest()->token !== $token) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning');
return;
}
// Make sure the user isn't blocked
if ($user->get('block')) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning');
return;
}
if (\Hubzero\User\Helper::isXDomainUser($user->get('id'))) {
throw new Exception(Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_LINKED_ACCOUNT'), 403);
}
$password_rules = \Hubzero\Password\Rule::all()->whereEquals('enabled', 1)->rows();
$password1 = trim(Request::getVar('password1', null));
$password2 = trim(Request::getVar('password2', null));
if (!empty($password1)) {
$msg = \Hubzero\Password\Rule::verify($password1, $password_rules, $user->get('username'));
} else {
$msg = array();
}
require_once dirname(dirname(__DIR__)) . DS . 'helpers' . DS . 'utility.php';
$error = false;
$changing = true;
if (!$password1 || !$password2) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_TWICE');
} elseif ($password1 != $password2) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_DONT_MATCH');
} elseif (!\Components\Members\Helpers\Utility::validpassword($password1)) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_INVALID');
} elseif (!empty($msg)) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_FAILS_REQUIREMENTS');
}
// If we're resetting password to the current password, just return true
// That way you can't reset the counter on your current password, or invalidate it by putting it into history
if (\Hubzero\User\Password::passwordMatches($user->get('id'), $password1)) {
$error = false;
$changing = false;
$result = true;
}
if ($error) {
if ($no_html) {
$response = array('success' => false, 'message' => $error);
echo json_encode($response);
die;
} else {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), $error, 'warning');
return;
}
}
if ($changing) {
// Encrypt the password and update the profile
$result = \Hubzero\User\Password::changePassword($user->get('username'), $password1);
}
// Save the changes
if (!$result) {
if ($no_html) {
$response = array('success' => false, 'message' => Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_GENERIC'));
echo json_encode($response);
die;
} else {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_GENERIC'), 'warning');
return;
}
}
// Flush the user data from the session
User::setState('com_users.reset.token', null);
User::setState('com_users.reset.user', null);
if ($no_html) {
$response = array('success' => true, 'redirect' => Route::url('index.php?option=com_users&view=login', false));
echo json_encode($response);
die;
} else {
// Everything went well...go to the login page
App::redirect(Route::url('index.php?option=com_users&view=login', false), Lang::txt('COM_MEMBERS_CREDENTIALS_PASSWORD_RESET_COMPLETE'), 'passed');
}
}
/**
* Check if a password matches
*
* @param mixed $user
* @param string $password
* @param bool $alltables
* @return bool
*/
public static function passwordMatches($user = null, $password, $alltables = false)
{
$passhash = null;
$hzup = self::getInstance($user);
if (is_object($hzup) && !empty($hzup->passhash)) {
$passhash = $hzup->passhash;
} else {
if ($alltables) {
$profile = Profile::getInstance($user);
if (is_object($profile) && $profile->get('userPassword') != '') {
$passhash = $profile->get('userPassword');
} else {
$user = \User::getInstance($user);
if (is_object($user) && !empty($user->password)) {
$passhash = $user->password;
}
}
}
}
return self::comparePasswords($passhash, $password);
}
/**
* Return a groups logo
*
* @param string $what What data to return?
* @return mixed
*/
public function getLogo($what = '')
{
//default logo
static $default_logo;
if (!$default_logo) {
$default_logo = '/core/components/com_groups/site/assets/img/group_default_logo.png';
}
//logo link - links to group overview page
$link = \Route::url('index.php?option=com_groups&cn=' . $this->get('cn'));
//path to group uploaded logo
$path = substr(PATH_APP, strlen(PATH_ROOT)) . '/site/groups/' . $this->get('gidNumber') . DS . 'uploads' . DS . $this->get('logo');
//if logo exists and file is uploaded use that logo instead of default
$src = $this->get('logo') != '' && is_file(PATH_ROOT . $path) ? $path : $default_logo;
//check to make sure were a member to show logo for hidden group
$members_and_invitees = array_merge($this->get('members'), $this->get('invitees'));
if ($this->get('discoverability') == 1 && !in_array(\User::get('id'), $members_and_invitees)) {
$src = $default_logo;
}
$what = strtolower($what);
if ($what == 'size') {
return getimagesize(PATH_ROOT . $src);
}
if ($what == 'path') {
return $src;
}
return \Request::base(true) . $src;
}
/**
* Validates incoming request via OAuth2 specification
*
* @param array $params Oauth server request parameters
* @param array $options OAuth server configuration options
* @return array
*/
public function authenticate($params = array(), $options = array())
{
// Placeholder response
$response = ['user_id' => null];
// Fire before auth event
Event::trigger('before_auth');
// Load oauth server
$oauthServer = new Server(new MysqlStorage(), $options);
$oauthRequest = \OAuth2\Request::createFromGlobals();
$oauthResponse = new \OAuth2\Response();
// Validate request via oauth
$oauthServer->verifyResourceRequest($oauthRequest, $oauthResponse);
// Store our token locally
$this->token = $oauthServer->getAccessTokenData($oauthRequest);
// See if we have a valid user
if (isset($this->token['uidNumber'])) {
$response['user_id'] = $this->token['uidNumber'];
$user = User::oneOrNew($response['user_id']);
if ($user->get('id')) {
$user->set('guest', false);
}
$this->app['session']->set('user', $user);
}
// Fire after auth event
Event::trigger('after_auth');
// Return the response
return $response;
}
/**
* Save developer application details
*
* @return void
*/
public function saveTask()
{
// CSRF check
Request::checkToken();
// get request vars
$data = Request::getVar('application', array(), 'post', 2, 'none');
$team = Request::getVar('team', array(), 'post', 2, 'none');
// must be logged in
if (User::isGuest()) {
$return = Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=edit&id=' . $data['id'], false, true);
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode($return)));
return;
}
// bind data to model
$model = Application::oneOrNew($data['id'])->set($data);
// is the app available
if ($model->isDeleted()) {
App::redirect(Route::url('index.php?option=com_developer&controller=applications'), Lang::txt('COM_DEVELOPER_API_APPLICATION_DOES_NOT_EXIST'), 'warning');
return;
}
// make sure its ours
if (!$this->config->get('access-edit-application', 0) && !$this->config->get('access-create-application', 0) && $data['id'] > 0) {
App::redirect(Route::url('index.php?option=com_developer&controller=applications'), Lang::txt('COM_DEVELOPER_API_APPLICATION_NOT_AUTHORIZED'), 'warning');
return;
}
// attempt to save model
if (!$model->save()) {
Notify::error($model->getError());
return $this->editTask($model);
}
// parse incoming team
$team = array_map('trim', explode(',', $team));
// clean up team
foreach ($team as $k => $t) {
// handle usernames & emails
if (!is_numeric($t)) {
// handle emails
if (strpos($t, '@')) {
// load profile by email
$profile = \Hubzero\User\User::oneByEmail($t);
} else {
// load profile by username
$profile = \Hubzero\User\User::oneOrNew($t);
}
// swap usernames for uidnumbers
if ($profile) {
$team[$k] = $profile->get('id');
} else {
unset($team[$k]);
}
}
}
// add creator if new
// will only ever get added once
$team[] = User::get('id');
// get current team
$found = array();
foreach ($model->team()->rows() as $member) {
$found[] = $member->get('uidNumber');
}
// Add each non-team member to team
foreach ($team as $uidNumber) {
if (!in_array($uidNumber, $found)) {
$member = Member::blank();
$member->set('uidNumber', $uidNumber);
$member->set('application_id', $model->get('id'));
$member->save();
}
}
// Redirect back to the main listing with a success message
App::redirect(Route::url($model->link()), Lang::txt('COM_DEVELOPER_API_APPLICATION_SAVED'), 'passed');
}
/**
* Map Resource Contributors
*
* @return void
*/
private function _mapContributorData()
{
// get any contributors
$contributors = isset($this->raw->contributors) ? $this->raw->contributors : new stdClass();
// get roles for resource type
$contributorRoles = new Tables\Contributor\RoleType($this->_database);
$rolesForType = $contributorRoles->getRolesForType($this->record->resource->type);
$rolesForType = is_array($rolesForType) ? $rolesForType : array();
// get valid role aliases
$existingRoles = array_map(function ($role) {
return $role->alias;
}, $rolesForType);
// handle contributors as string
if (is_string($contributors)) {
$contributors = array_map("trim", explode(';', $contributors));
$contributors = array_values(array_filter($contributors));
$contributors = array_map(function ($c) {
$cc = new stdClass();
$cc->name = $c;
return $cc;
}, $contributors);
}
// loop through each contributor
foreach ($contributors as $contributor) {
// create resource contributor object
$resourceContributor = new Tables\Contributor($this->_database);
// check to see if we have an author id
$authorid = isset($contributor->authorid) ? $contributor->authorid : null;
// load name
if ($authorid != null) {
if ($profile = \Hubzero\User\User::oneOrNew($authorid)) {
$resourceContributor->authorid = $profile->get('id');
}
}
$resourceContributor->name = isset($contributor->name) ? $contributor->name : '';
$resourceContributor->organization = isset($contributor->organization) ? $contributor->organization : '';
$resourceContributor->role = isset($contributor->role) && in_array($contributor->role, $existingRoles) ? $contributor->role : '';
$resourceContributor->subtable = 'resources';
array_push($this->record->contributors, $resourceContributor);
}
}
/**
* Get the creator of this entry
*
* Accepts an optional property name. If provided
* it will return that property value. Otherwise,
* it returns the entire User object
*
* @param string $property What data to return
* @param mixed $default Default value
* @return mixed
*/
public function creator($property = null, $default = null)
{
if (!$this->_creator instanceof \Hubzero\User\User) {
$this->_creator = \Hubzero\User\User::oneOrNew($this->get('created_by'));
}
if ($property) {
$property = $property == 'uidNumber' ? 'id' : $property;
if ($property == 'picture') {
return $this->_creator->picture($this->get('anonymous'));
}
return $this->_creator->get($property, $default);
}
return $this->_creator;
}
/**
* Render the events
*
* @param array Array of group events
* @return string
*/
private function renderMembers($group, $members)
{
$content = '<div class="member_browser">';
if (count($members) > 0) {
$profiles = \Hubzero\User\User::all()->whereIn('id', $members)->rows();
foreach ($profiles as $profile) {
$content .= '<a href="' . Route::url($profile->link()) . '" class="member" title="Go to ' . stripslashes($profile->get('name')) . '\'s Profile.">';
$content .= '<img src="' . $profile->picture() . '" alt="' . stripslashes($profile->get('name')) . '" class="member-border" width="50px" height="50px" />';
$content .= '<span class="name">' . stripslashes($profile->get('name')) . '</span>';
$content .= '<span class="org">' . stripslashes($profile->get('organization')) . '</span>';
$content .= '</a>';
}
}
$content .= '</div><!-- /.member_browser -->';
return $content;
}
/**
* Save an entry
*
* @return void
*/
public function saveTask()
{
// [SECURITY] Check for request forgeries
Request::checkToken();
if (!User::authorise('core.edit', $this->_option) && !User::authorise('core.create', $this->_option)) {
App::abort(403, Lang::txt('JERROR_ALERTNOAUTHOR'));
}
// Incoming
$fields = Request::getVar('fields', array(), 'post', 'none', 2);
$team = Request::getVar('team', '', 'post', 2, 'none');
// Bind the incoming data to our mdoel
$row = Application::oneOrNew($fields['id'])->set($fields);
// Validate and save the data
if (!$row->save()) {
Notify::error($row->getError());
return $this->editTask($row);
}
// parse incoming team
$team = array_map('trim', explode(',', $team));
// clean up team
foreach ($team as $k => $t) {
// handle usernames & emails
if (!is_numeric($t)) {
// handle emails
if (strpos($t, '@')) {
// load profile by email
$profile = \Hubzero\User\User::oneByEmail($t);
} else {
// load profile by username
$profile = \Hubzero\User\User::oneOrNew($t);
}
// swap usernames for uidnumbers
if ($profile) {
$team[$k] = $profile->get('id');
} else {
unset($team[$k]);
}
}
}
// add creator if new
// will only ever get added once
$team[] = User::get('id');
// get current team
$currentTeam = $row->team()->rows();
$found = array();
// Remove members not included now
foreach ($currentTeam as $member) {
if (!in_array($member->get('uidNumber'), $team)) {
$member->destroy();
}
$found[] = $member->get('uidNumber');
}
// Add each non-team member to team
foreach ($team as $uidNumber) {
if (!in_array($uidNumber, $found)) {
$member = Member::blank();
$member->set('uidNumber', $uidNumber);
$member->set('application_id', $row->get('id'));
$member->save();
}
}
Notify::success(Lang::txt('COM_DEVELOPER_APPLICATION_SAVED'));
if ($this->getTask() == 'apply') {
return $this->editTask($row);
}
$this->cancelTask();
}
/**
* Checks if username already exists
*
* @param string $username Username to check
* @return array Status & message
*/
public function checkusername($username)
{
$ret['status'] = 'error';
if (empty($username)) {
$ret['message'] = 'Please enter a username.';
return $ret;
}
// check the general validity
if (!Helpers\Utility::validlogin($username)) {
$ret['message'] = 'Invalid login name. Please type between 2 and 32 characters and use only lowercase alphanumeric characters.';
return $ret;
}
// Count records with the given username
$total = \Hubzero\User\User::all()->whereEquals('username', $username)->total();
if ($total > 0) {
$ret['message'] = 'User login name is not available. Please select another one.';
return $ret;
}
$ret['status'] = 'ok';
$ret['message'] = 'User login name is available';
return $ret;
}
/**
* Validate tool session data
*
* @param string $toolSessionId Tool session id
* @param string $toolSessionToken Tool session token
* @return bool Result of test
*/
public function validateToolSessionData($toolSessionId, $toolSessionToken)
{
// include neede libs
require_once PATH_CORE . DS . 'components' . DS . 'com_tools' . DS . 'helpers' . DS . 'utils.php';
// instantiate middleware database
$mwdb = \Components\Tools\Helpers\Utils::getMWDBO();
// attempt to load session from db
$query = "SELECT * \n\t\t\t\t FROM `session`\n\t\t\t\t WHERE `sessnum`= " . $mwdb->quote($toolSessionId) . " \n\t\t\t\t AND `sesstoken`=" . $mwdb->quote($toolSessionToken);
$mwdb->setQuery($query);
// only continue if a valid session was found
if (!($session = $mwdb->loadObject())) {
return false;
}
$ip = new \Hubzero\Utility\Ip(\App::get('request')->ip());
// ip should be coming from a private address
if (!$ip->isPrivate()) {
return false;
}
// return user id
$profile = \Hubzero\User\User::oneByUsername($session->username);
return $profile->get('id');
}
/**
* Get Profile Object from user id
*
* @return object Profile object
*/
public function getProfile()
{
return User::oneOrNew($this->get('uidNumber'));
}
/**
* Delete the record and all associated data
*
* @return boolean False if error, True on success
*/
public function destroy()
{
$data = $this->toArray();
Event::trigger('user.onUserBeforeDelete', array($data));
// Remove profile fields
foreach ($this->profiles()->rows() as $field) {
if (!$field->destroy()) {
$this->addError($field->getError());
return false;
}
}
// Remove notes
foreach ($this->notes()->rows() as $note) {
if (!$note->destroy()) {
$this->addError($note->getError());
return false;
}
}
// Remove hosts
foreach ($this->hosts()->rows() as $host) {
if (!$host->destroy()) {
$this->addError($host->getError());
return false;
}
}
// Remove tags
$this->tag('');
// Attempt to delete the record
$result = parent::destroy();
if ($result) {
Event::trigger('user.onUserAfterDelete', array($data, true, $this->getError()));
}
return $result;
}
/**
* Validate a password
*
* @param string $password
* @param array $rules
* @param mixed $user
* @param string $name
* @return array
*/
public static function verify($password, $rules, $user, $name = null)
{
if (empty($rules)) {
return array();
}
$fail = array();
$stats = self::analyze($password);
foreach ($rules as $rule) {
if ($rule['rule'] == 'minCharacterClasses') {
if ($stats['uniqueClasses'] < $rule['value']) {
$fail[] = $rule['failuremsg'];
}
} else {
if ($rule['rule'] == 'maxCharacterClasses') {
if ($stats['uniqueClasses'] > $rule['value']) {
$fail[] = $rule['failuremsg'];
}
} else {
if ($rule['rule'] == 'minPasswordLength') {
if ($stats['count'][0] < $rule['value']) {
$fail[] = $rule['failuremsg'];
}
} else {
if ($rule['rule'] == 'maxPasswordLength') {
if ($stats['count'][0] > $rule['value']) {
$fail[] = $rule['failuremsg'];
}
} else {
if ($rule['rule'] == 'maxClassCharacters') {
if (empty($rule['class'])) {
continue;
}
$class = $rule['class'];
if (empty($stats['count'][$class])) {
$stats['count'][$class] = 0;
}
if ($stats['count'][$class] > $rule['value']) {
$fail[] = $rule['failuremsg'];
}
} else {
if ($rule['rule'] == 'minClassCharacters') {
if (empty($rule['class'])) {
continue;
}
$class = $rule['class'];
if (empty($stats['count'][$class])) {
$stats['count'][$class] = 0;
}
if ($stats['count'][$class] < $rule['value']) {
$fail[] = $rule['failuremsg'];
}
} else {
if ($rule['rule'] == 'minUniqueCharacters') {
if ($stats['uniqueCharacters'] < $rule['value']) {
$fail[] = $rule['failuremsg'];
}
} else {
if ($rule['rule'] == 'notBlacklisted') {
if (Blacklist::basedOnBlackList($password)) {
$fail[] = $rule['failuremsg'];
}
} else {
if ($rule['rule'] == 'notNameBased') {
if ($name == null) {
if (is_numeric($user)) {
$xuser = User::oneOrNew($user);
} else {
$xuser = User::oneByUsername($user);
}
if (!is_object($xuser)) {
continue;
}
$givenName = $xuser->get('givenName');
$middleName = $xuser->get('middleName');
$surname = $xuser->get('surname');
$name = $givenName;
if (!empty($middleName)) {
if (empty($name)) {
$name = $middleName;
} else {
$name .= ' ' . $middleName;
}
}
if (!empty($surname)) {
if (empty($name)) {
$name = $surname;
} else {
$name .= ' ' . $surname;
}
}
}
if (self::isBasedOnName($password, $name)) {
$fail[] = $rule['failuremsg'];
}
} else {
if ($rule['rule'] == 'notUsernameBased') {
if (is_numeric($user)) {
$xuser = User::oneOrNew($user);
if (!is_object($xuser)) {
continue;
}
$user = $xuser->get('username');
}
if (self::isBasedOnUsername($password, $user)) {
$fail[] = $rule['failuremsg'];
}
} else {
if ($rule['rule'] == 'notReused') {
$date = new \DateTime('now');
$date->modify("-" . $rule['value'] . "day");
$phist = History::getInstance($user);
if (!is_object($phist)) {
continue;
}
if ($phist->exists($password, $date->format("Y-m-d H:i:s"))) {
$fail[] = $rule['failuremsg'];
}
} else {
if ($rule['rule'] == 'notRepeat') {
if (Password::passwordMatches($user, $password, true)) {
$fail[] = $rule['failuremsg'];
}
} else {
if ($rule['rule'] === 'true') {
} else {
if ($rule['rule'] == 'notStale') {
} else {
$fail[] = $rule['failuremsg'];
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
if (empty($fail)) {
$fail = array();
}
return $fail;
}
/**
* Function to return profile object
*
* @param integer $user_id User identifier
* @return object User object
*/
private function profileExpander($user_id)
{
return User::oneOrNew($user_id);
}