/** * Save Temporary Data. * Implementation uses serialised files because of the overhead incurred with a full db implementation. * * @param $key String key of data to save. * @param $value Value to save */ public function saveTemporaryData($key, $value) { $dirPath = $this->storage->getOption("USERS_DIRPATH"); if ($dirPath == "") { $dirPath = AJXP_INSTALL_PATH . "/data/users"; AJXP_Logger::info(__CLASS__, "setTemporaryData", array("Warning" => "The conf.sql driver is missing a mandatory option USERS_DIRPATH!")); } $id = AuthService::ignoreUserCase() ? strtolower($this->getId()) : $this->getId(); AJXP_Utils::saveSerialFile($dirPath . "/" . $id . "/temp-" . $key . ".ser", $value); }
public function deleteUser($login) { if (AuthService::ignoreUserCase()) { $login = strtolower($login); } $users = $this->_listAllUsers(); if (is_array($users) && array_key_exists($login, $users)) { unset($users[$login]); AJXP_Utils::saveSerialFile($this->usersSerFile, $users); } }
public function userExists($login) { // Check if local storage exists for the user. If it does, assume the user // exists. This prevents a barrage of ldap_connect/ldap_bind/ldap_search // calls. $confDriver = ConfService::getConfStorageImpl(); $userObject = $confDriver->instantiateAbstractUserImpl($login); if ($userObject->storageExists()) { //return true; } $entries = $this->getUserEntries($login); if (!is_array($entries)) { return false; } if (AuthService::ignoreUserCase()) { $res = strcasecmp($login, $entries[0][$this->ldapUserAttr][0]) == 0; } else { $res = strcmp($login, $entries[0][$this->ldapUserAttr][0]) == 0; } $this->logDebug(__FUNCTION__, 'checking if user ' . $login . ' exists : ' . $res); return $res; }
public function processUserAccessPoint($action, $httpVars, $fileVars) { switch ($action) { case "user_access_point": $setUrl = ConfService::getCoreConf("SERVER_URL"); $realUri = "/"; if (!empty($setUrl)) { $realUri = parse_url(ConfService::getCoreConf("SERVER_URL"), PHP_URL_PATH); } $requestURI = str_replace("//", "/", $_SERVER["REQUEST_URI"]); $uri = trim(str_replace(rtrim($realUri, "/") . "/user", "", $requestURI), "/"); $uriParts = explode("/", $uri); $action = array_shift($uriParts); try { $this->processSubAction($action, $uriParts); $_SESSION['OVERRIDE_GUI_START_PARAMETERS'] = array("REBASE" => "../../", "USER_GUI_ACTION" => $action); } catch (Exception $e) { $_SESSION['OVERRIDE_GUI_START_PARAMETERS'] = array("ALERT" => $e->getMessage()); } AJXP_Controller::findActionAndApply("get_boot_gui", array(), array()); unset($_SESSION['OVERRIDE_GUI_START_PARAMETERS']); break; case "reset-password-ask": // This is a reset password request, generate a token and store it. // Find user by id if (AuthService::userExists($httpVars["email"])) { // Send email $userObject = ConfService::getConfStorageImpl()->createUserObject($httpVars["email"]); $email = $userObject->personalRole->filterParameterValue("core.conf", "email", AJXP_REPO_SCOPE_ALL, ""); if (!empty($email)) { $uuid = AJXP_Utils::generateRandomString(48); ConfService::getConfStorageImpl()->saveTemporaryKey("password-reset", $uuid, AJXP_Utils::decodeSecureMagic($httpVars["email"]), array()); $mailer = AJXP_PluginsService::getInstance()->getUniqueActivePluginForType("mailer"); if ($mailer !== false) { $mess = ConfService::getMessages(); $link = AJXP_Utils::detectServerURL() . "/user/reset-password/" . $uuid; $mailer->sendMail(array($email), $mess["gui.user.1"], $mess["gui.user.7"] . "<a href=\"{$link}\">{$link}</a>"); } else { echo 'ERROR: There is no mailer configured, please contact your administrator'; } } } // Prune existing expired tokens ConfService::getConfStorageImpl()->pruneTemporaryKeys("password-reset", 20); echo "SUCCESS"; break; case "reset-password": ConfService::getConfStorageImpl()->pruneTemporaryKeys("password-reset", 20); // This is a reset password if (isset($httpVars["key"]) && isset($httpVars["user_id"])) { $key = ConfService::getConfStorageImpl()->loadTemporaryKey("password-reset", $httpVars["key"]); ConfService::getConfStorageImpl()->deleteTemporaryKey("password-reset", $httpVars["key"]); $uId = $httpVars["user_id"]; if (AuthService::ignoreUserCase()) { $uId = strtolower($uId); } if ($key != null && strtolower($key["user_id"]) == $uId && AuthService::userExists($uId)) { AuthService::updatePassword($key["user_id"], $httpVars["new_pass"]); } else { echo 'PASS_ERROR'; break; } } AuthService::disconnect(); echo 'SUCCESS'; break; default: break; } }
public function getStoragePath() { $subDir = trim($this->getGroupPath(), "/"); $id = $this->getId(); if (AuthService::ignoreUserCase()) { $id = strtolower($id); } $res = AJXP_VarsFilter::filter($this->storage->getOption("USERS_DIRPATH")) . "/" . (empty($subDir) ? "" : $subDir . "/") . $id; return $res; }
function userExists($login) { $entries = $this->getUserEntries($login); if (!is_array($entries)) { return false; } if (AuthService::ignoreUserCase()) { return strcasecmp($login, $entries[0][$this->ldapUserAttr][0]) == 0; } else { return strcmp($login, $entries[0][$this->ldapUserAttr][0]) == 0; } }