/**
* Creates a new user
* @param string $user_name
* @param string $password
* @param string $real_name
* @param string $jabber_id
* @param string $email
* @param integer $notify_type
* @param integer $time_zone
* @param integer $group_in
* @access public
* @return bool false if username is already taken
* @version 1.0
* @notes This function does not have any permission checks (checked elsewhere)
*/
public static function create_user($user_name, $password, $real_name, $jabber_id, $email, $notify_type, $time_zone, $group_in, $enabled, $oauth_uid = '', $oauth_provider = '', $profile_image = '')
{
global $fs, $db, $notify, $baseurl;
$user_name = Backend::clean_username($user_name);
// TODO Handle this whole create_user better concerning return false. Why did it fail?
if (empty($user_name)) {
return false;
}
// Limit length
$real_name = substr(trim($real_name), 0, 100);
// Remove doubled up spaces and control chars
$real_name = preg_replace('![\\x00-\\x1f\\s]+!u', ' ', $real_name);
// Check to see if the username is available
$sql = $db->Query('SELECT COUNT(*) FROM {users} WHERE user_name = ?', array($user_name));
if ($db->fetchOne($sql)) {
return false;
}
$auto = false;
// Autogenerate a password
if (!$password) {
$auto = true;
$password = substr(md5(uniqid(mt_rand(), true)), 0, mt_rand(8, 12));
}
// Check the emails before inserting anything to database.
$emailList = explode(';', $email);
foreach ($emailList as $mail) {
//Still need to do: check email
$count = $db->Query("SELECT COUNT(*) FROM {user_emails} WHERE email_address = ?", array($mail));
$count = $db->fetchOne($count);
if ($count > 0) {
Flyspray::show_error("Email address has alredy been taken");
return false;
}
}
$db->Query("INSERT INTO {users}\n ( user_name, user_pass, real_name, jabber_id, profile_image, magic_url,\n email_address, notify_type, account_enabled,\n tasks_perpage, register_date, time_zone, dateformat,\n dateformat_extended, oauth_uid, oauth_provider, lang_code)\n VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, 25, ?, ?, ?, ?, ?, ?, ?)", array($user_name, Flyspray::cryptPassword($password), $real_name, strtolower($jabber_id), $profile_image, '', strtolower($email), $notify_type, $enabled, time(), $time_zone, '', '', $oauth_uid, $oauth_provider, $fs->prefs['lang_code']));
// Get this user's id for the record
$uid = Flyspray::UserNameToId($user_name);
foreach ($emailList as $mail) {
if ($mail != '') {
$db->Query("INSERT INTO {user_emails}(id,email_address,oauth_uid,oauth_provider) VALUES (?,?,?,?)", array($uid, strtolower($mail), $oauth_uid, $oauth_provider));
}
}
// Now, create a new record in the users_in_groups table
$db->Query('INSERT INTO {users_in_groups} (user_id, group_id)
VALUES (?, ?)', array($uid, $group_in));
Flyspray::logEvent(0, 30, serialize(Flyspray::getUserDetails($uid)));
$varnames = array('iwatch', 'atome', 'iopened');
$toserialize = array('string' => NULL, 'type' => array(''), 'sev' => array(''), 'due' => array(''), 'dev' => NULL, 'cat' => array(''), 'status' => array('open'), 'order' => NULL, 'sort' => NULL, 'percent' => array(''), 'opened' => NULL, 'search_in_comments' => NULL, 'search_for_all' => NULL, 'reported' => array(''), 'only_primary' => NULL, 'only_watched' => NULL);
foreach ($varnames as $tmpname) {
if ($tmpname == 'iwatch') {
$tmparr = array('only_watched' => '1');
} elseif ($tmpname == 'atome') {
$tmparr = array('dev' => $uid);
} elseif ($tmpname == 'iopened') {
$tmparr = array('opened' => $uid);
}
${$tmpname} = $tmparr + $toserialize;
}
// Now give him his default searches
$db->Query('INSERT INTO {searches} (user_id, name, search_string, time)
VALUES (?, ?, ?, ?)', array($uid, L('taskswatched'), serialize($iwatch), time()));
$db->Query('INSERT INTO {searches} (user_id, name, search_string, time)
VALUES (?, ?, ?, ?)', array($uid, L('assignedtome'), serialize($atome), time()));
$db->Query('INSERT INTO {searches} (user_id, name, search_string, time)
VALUES (?, ?, ?, ?)', array($uid, L('tasksireported'), serialize($iopened), time()));
if ($jabber_id) {
Notifications::JabberRequestAuth($jabber_id);
}
// Send a user his details (his username might be altered, password auto-generated)
// dont send notifications if the user logged in using oauth
if (!$oauth_provider) {
$recipients = self::GetAdminAddresses();
$newuser = array();
// Add the right message here depending on $enabled.
if ($enabled === 0) {
$newuser[0][$email] = array('recipient' => $email, 'lang' => $fs->prefs['lang_code']);
} else {
$newuser[0][$email] = array('recipient' => $email, 'lang' => $fs->prefs['lang_code']);
}
// Notify the appropriate users
$notify->Create(NOTIFY_NEW_USER, null, array($baseurl, $user_name, $real_name, $email, $jabber_id, $password, $auto), $recipients, NOTIFY_EMAIL);
// And also the new user
$notify->Create(NOTIFY_OWN_REGISTRATION, null, array($baseurl, $user_name, $real_name, $email, $jabber_id, $password, $auto), $newuser, NOTIFY_EMAIL);
}
// If the account is created as not enabled, no matter what any
// preferences might say or how the registration was made in first
// place, it MUST be first approved by an admin. And a small
// work-around: there's no field for email, so we use reason_given
// for that purpose.
if ($enabled === 0) {
Flyspray::AdminRequest(3, 0, 0, $uid, $email);
}
return true;
}
/**
* Creates a new user
* @param string $user_name
* @param string $password
* @param string $real_name
* @param string $jabber_id
* @param string $email
* @param integer $notify_type
* @param integer $time_zone
* @param integer $group_in
* @access public
* @return mixed false if username is already taken, otherwise integer uid
* @version 1.0
* @notes This function does not have any permission checks (checked elsewhere)
*/
function create_user($user_name, $password, $real_name, $jabber_id, $email, $notify_type, $time_zone, $group_in)
{
global $fs, $db, $baseurl;
$user_name = Backend::clean_username($user_name);
// Limit lengths
$real_name = substr(trim($real_name), 0, 100);
// Remove doubled up spaces and control chars
$real_name = preg_replace('![\\x00-\\x1f\\s]+!u', ' ', $real_name);
// Check to see if the username is available
$username_exists = $db->x->GetOne('SELECT COUNT(*) FROM {users} WHERE user_name = ?', null, $user_name);
if ($username_exists) {
return false;
}
$auto = false;
// Autogenerate a password
if (!$password) {
$auto = true;
$password = substr(md5(uniqid(mt_rand(), true)), 0, mt_rand(8, 12));
}
$salt = md5(uniqid(mt_rand(), true));
$userdata = array('user_name' => $user_name, 'user_pass' => Flyspray::cryptPassword($password, $salt), 'password_salt' => $salt, 'real_name' => $real_name, 'jabber_id' => $jabber_id, 'email_address' => $email, 'notify_type' => $notify_type, 'time_zone' => $time_zone, 'register_date' => time(), 'account_enabled' => 1);
$db->x->autoExecute('{users}', $userdata);
// Get this user's id for the record
$uid = Flyspray::UserNameToId($user_name);
// Now, create a new record in the users_in_groups table
$db->x->autoExecute('{users_in_groups}', array('user_id' => $uid, 'group_id' => $group_in));
Flyspray::logEvent(0, 30, serialize(Flyspray::getUserDetails($uid)));
// Add user to project groups
$sql = $db->x->getAll('SELECT anon_group FROM {projects} WHERE anon_group != 0');
if (count($sql)) {
$stmt = $db->x->autoPrepare('{users_in_groups}', array('user_id', 'group_id'));
foreach ($sql as $row) {
$stmt->execute(array($uid, $row['anon_group']));
}
$stmt->free();
}
$varnames = array('iwatch', 'atome', 'iopened');
$toserialize = array('string' => null, 'type' => array(''), 'sev' => array(''), 'due' => array(''), 'dev' => null, 'cat' => array(''), 'status' => array('open'), 'order' => null, 'sort' => null, 'percent' => array(''), 'opened' => null, 'search_in_comments' => null, 'search_for_all' => null, 'reported' => array(''), 'only_primary' => null, 'only_watched' => null);
foreach ($varnames as $tmpname) {
if ($tmpname == 'iwatch') {
$tmparr = array('only_watched' => '1');
} elseif ($tmpname == 'atome') {
$tmparr = array('dev' => $uid);
} elseif ($tmpname == 'iopened') {
$tmparr = array('opened' => $uid);
}
${$tmpname} = $tmparr + $toserialize;
}
// Now give him his default searches
$stmt = $db->x->autoPrepare('{searches}', array('user_id', 'name', 'search_string', 'time'));
$params = array(array($uid, L('taskswatched'), serialize($iwatch), time()), array($uid, L('assignedtome'), serialize($atome), time()), array($uid, L('tasksireported'), serialize($iopened), time()));
$db->x->executeMultiple($stmt, $params);
$stmt->free();
if ($jabber_id) {
Notifications::JabberRequestAuth($jabber_id);
}
// Send a user his details (his username might be altered, password auto-generated)
if ($fs->prefs['notify_registration']) {
$admins = $db->x->GetCol('SELECT user_id
FROM {users_in_groups}
WHERE group_id = 1');
Notifications::send($admins, ADDRESS_USER, NOTIFY_NEW_USER, array($baseurl, $user_name, $real_name, $email, $jabber_id, $password, $auto));
}
return $uid;
}
function action_edituser()
{
global $fs, $db, $proj, $user, $do, $conf;
if (Post::val('delete_user')) {
// check that he is not the last user
if ($db->x->GetOne('SELECT count(*) FROM {users}') > 1) {
Backend::delete_user(Post::val('user_id'));
return array(SUBMIT_OK, L('userdeleted'), CreateURL(array('admin', 'groups')));
} else {
return array(ERROR_RECOVER, L('lastuser'));
}
}
if (!Post::val('real_name') || !Post::val('email_address')) {
return array(ERROR_RECOVER, L('realandnotify'));
}
if ((!$user->perms('is_admin') || $user->id == Post::val('user_id')) && !Post::val('oldpass') && (Post::val('changepass') || Post::val('confirmpass'))) {
return array(ERROR_RECOVER, L('nooldpass'));
}
if (Post::val('changepass') || Post::val('confirmpass')) {
if (Post::val('changepass') != Post::val('confirmpass')) {
return array(ERROR_RECOVER, L('passnomatch'));
}
if (Post::val('oldpass')) {
$oldpass = $db->x->getRow('SELECT user_pass, password_salt FROM {users} WHERE user_id = ?', null, Post::val('user_id'));
$oldsalt = $oldpass['password_salt'] ? $oldpass['password_salt'] : null;
if (Flyspray::cryptPassword(Post::val('oldpass'), $oldsalt) !== $oldpass['user_pass']) {
return array(ERROR_RECOVER, L('oldpasswrong'));
}
}
$new_salt = md5(uniqid(mt_rand(), true));
$new_hash = Flyspray::cryptPassword(Post::val('changepass'), $new_salt);
$db->x->execParam('UPDATE {users} SET user_pass = ?, password_salt = ? WHERE user_id = ?', array($new_hash, $new_salt, Post::val('user_id')));
// If the user is changing their password, better update their cookie hash
if ($user->id == Post::val('user_id')) {
Flyspray::setcookie('flyspray_passhash', hash_hmac('md5', $new_hash, $conf['general']['cookiesalt']), time() + 3600 * 24 * 30);
}
}
// Check for existing email / jabber ID
$taken = $db->x->GetOne("SELECT COUNT(*)\n FROM {users}\n WHERE (jabber_id = ? AND ? != NULL\n OR email_address = ? AND ? != NULL)\n AND user_id != ?", null, array(Post::val('jabber_id'), Post::val('jabber_id'), Post::val('email_address'), Post::val('email_address'), Post::val('user_id')));
if ($taken) {
return array(ERROR_RECOVER, L('emailtaken'));
}
if (Post::val('old_jabber_id') != Post::val('jabber_id')) {
Notifications::JabberRequestAuth(Post::val('jabber_id'));
}
$previous = $db->x->GetRow('SELECT real_name, user_name FROM {users} WHERE user_id = ?', null, Post::val('user_id'));
$db->x->execParam('UPDATE {users}
SET real_name = ?, email_address = ?, notify_own = ?,
jabber_id = ?, notify_type = ?, show_contact = ?,
dateformat = ?, dateformat_extended = ?, defaultorder = ?,
tasks_perpage = ?, time_zone = ?, defaultsortcolumn = ?,
notify_blacklist = ?, lang_code = ?, syntax_plugins = ?
WHERE user_id = ?', array(Post::val('real_name'), Post::val('email_address'), Post::num('notify_own', 0), Post::val('jabber_id', 0), Post::num('notify_type'), Post::num('show_contact'), Post::val('dateformat', 0), Post::val('dateformat_extended', 0), Post::val('defaultorder', 'asc'), Post::num('tasks_perpage'), Post::num('time_zone'), implode(' ', Post::val('defaultsortcolumn')), implode(' ', Post::val('notify_blacklist', array())), Post::val('lang_code', ''), implode(' ', (array) Post::val('syntax_plugins')), Post::num('user_id')));
if ($previous['real_name'] != Post::val('real_name')) {
Backend::UpdateRedudantUserData($previous['user_name']);
}
if ($do == 'myprofile') {
$user = new User($user->id);
}
if ($user->perms('is_admin')) {
$db->x->execParam('UPDATE {users} SET account_enabled = ? WHERE user_id = ?', array(Post::val('account_enabled', 0), Post::val('user_id')));
$db->x->execParam('UPDATE {users_in_groups} SET group_id = ?
WHERE group_id = ? AND user_id = ?', array(Post::val('group_in'), Post::val('old_global_id'), Post::val('user_id')));
}
return array(SUBMIT_OK, L('userupdated'));
}
}
if ($cryptPass != $oldpass['user_pass']) {
Flyspray::show_error(L('oldpasswrong'));
break;
}
}
$new_hash = Flyspray::cryptPassword(Post::val('changepass'));
$db->Query('UPDATE {users} SET user_pass = ? WHERE user_id = ?', array($new_hash, Post::val('user_id')));
// If the user is changing their password, better update their cookie hash
if ($user->id == Post::val('user_id')) {
Flyspray::setCookie('flyspray_passhash', crypt($new_hash, $conf['general']['cookiesalt']), time() + 3600 * 24 * 30, null, null, null, true);
}
}
$jabId = Post::val('jabber_id');
if (!empty($jabId) && Post::val('old_jabber_id') != $jabId) {
Notifications::JabberRequestAuth(Post::val('jabber_id'));
}
$db->Query('UPDATE {users}
SET real_name = ?, email_address = ?, notify_own = ?,
jabber_id = ?, notify_type = ?,
dateformat = ?, dateformat_extended = ?,
tasks_perpage = ?, time_zone = ?, lang_code = ?,
hide_my_email = ?, notify_online = ?
WHERE user_id = ?', array(Post::val('real_name'), Post::val('email_address'), Post::num('notify_own', 0), Post::val('jabber_id', ''), Post::num('notify_type'), Post::val('dateformat', 0), Post::val('dateformat_extended', 0), Post::num('tasks_perpage'), Post::num('time_zone'), Post::val('lang_code', 'en'), Post::num('hide_my_email', 0), Post::num('notify_online', 0), Post::num('user_id')));
# 20150307 peterdd: Now we must reload translations, because the user maybe changed his language preferences!
# first reload user info
$user = new User($user->id);
load_translations();
$profile_image = 'profile_image';
if (isset($_FILES[$profile_image])) {
if (!empty($_FILES[$profile_image]['name'])) {
/**
* Creates a new user
* @param string $user_name
* @param string $password
* @param string $real_name
* @param string $jabber_id
* @param string $email
* @param integer $notify_type
* @param integer $time_zone
* @param integer $group_in
* @access public
* @return bool false if username is already taken
* @version 1.0
* @notes This function does not have any permission checks (checked elsewhere)
*/
public static function create_user($user_name, $password, $real_name, $jabber_id, $email, $notify_type, $time_zone, $group_in)
{
global $fs, $db, $notify, $baseurl;
$user_name = Backend::clean_username($user_name);
// Limit length
$real_name = substr(trim($real_name), 0, 100);
// Remove doubled up spaces and control chars
$real_name = preg_replace('![\\x00-\\x1f\\s]+!u', ' ', $real_name);
// Check to see if the username is available
$sql = $db->Query('SELECT COUNT(*) FROM {users} WHERE user_name = ?', array($user_name));
if ($db->fetchOne($sql)) {
return false;
}
$auto = false;
// Autogenerate a password
if (!$password) {
$auto = true;
$password = substr(md5(uniqid(mt_rand(), true)), 0, mt_rand(8, 12));
}
$db->Query("INSERT INTO {users}\n ( user_name, user_pass, real_name, jabber_id, magic_url,\n email_address, notify_type, account_enabled,\n tasks_perpage, register_date, time_zone, dateformat, dateformat_extended)\n VALUES ( ?, ?, ?, ?, ?, ?, ?, 1, 25, ?, ?, ?, ?)", array($user_name, Flyspray::cryptPassword($password), $real_name, strtolower($jabber_id), '', strtolower($email), $notify_type, time(), $time_zone, '', ''));
// Get this user's id for the record
$uid = Flyspray::UserNameToId($user_name);
// Now, create a new record in the users_in_groups table
$db->Query('INSERT INTO {users_in_groups} (user_id, group_id)
VALUES (?, ?)', array($uid, $group_in));
Flyspray::logEvent(0, 30, serialize(Flyspray::getUserDetails($uid)));
$varnames = array('iwatch', 'atome', 'iopened');
$toserialize = array('string' => NULL, 'type' => array(''), 'sev' => array(''), 'due' => array(''), 'dev' => NULL, 'cat' => array(''), 'status' => array('open'), 'order' => NULL, 'sort' => NULL, 'percent' => array(''), 'opened' => NULL, 'search_in_comments' => NULL, 'search_for_all' => NULL, 'reported' => array(''), 'only_primary' => NULL, 'only_watched' => NULL);
foreach ($varnames as $tmpname) {
if ($tmpname == 'iwatch') {
$tmparr = array('only_watched' => '1');
} elseif ($tmpname == 'atome') {
$tmparr = array('dev' => $uid);
} elseif ($tmpname == 'iopened') {
$tmparr = array('opened' => $uid);
}
${$tmpname} = $tmparr + $toserialize;
}
// Now give him his default searches
$db->Query('INSERT INTO {searches} (user_id, name, search_string, time)
VALUES (?, ?, ?, ?)', array($uid, L('taskswatched'), serialize($iwatch), time()));
$db->Query('INSERT INTO {searches} (user_id, name, search_string, time)
VALUES (?, ?, ?, ?)', array($uid, L('assignedtome'), serialize($atome), time()));
$db->Query('INSERT INTO {searches} (user_id, name, search_string, time)
VALUES (?, ?, ?, ?)', array($uid, L('tasksireported'), serialize($iopened), time()));
if ($jabber_id) {
Notifications::JabberRequestAuth($jabber_id);
}
// Send a user his details (his username might be altered, password auto-generated)
if ($fs->prefs['notify_registration']) {
$sql = $db->Query('SELECT DISTINCT email_address
FROM {users} u
LEFT JOIN {users_in_groups} g ON u.user_id = g.user_id
WHERE g.group_id = 1');
$notify->Create(NOTIFY_NEW_USER, null, array($baseurl, $user_name, $real_name, $email, $jabber_id, $password, $auto), $db->FetchCol($sql), NOTIFY_EMAIL);
}
return true;
}
