/**
* Set up this controller.
*
* @param String $action Name of the action to be invoked
* @param Array $args Arguments to be passed to the action method
*/
public function before_filter(&$action, &$args)
{
parent::before_filter($action, $args);
if (!in_array($this->user->perms, words('autor tutor dozent'))) {
throw new AccessDeniedException();
}
PageLayout::setHelpKeyword('Basis.HomepageUniversitäreDaten');
PageLayout::setTitle(_('Studiengang bearbeiten'));
Navigation::activateItem('/profile/edit/studies');
SkipLinks::addIndex(_('Fächer und Abschlüsse auswählen'), 'select_fach_abschluss');
SkipLinks::addIndex(_('Zu Einrichtungen zuordnen'), 'select_institute');
$this->allow_change = array('sg' => !StudipAuthAbstract::CheckField('studiengang_id', $this->user->auth_plugin) && (Config::get()->ALLOW_SELFASSIGN_STUDYCOURSE || $GLOBALS['perm']->have_perm('admin')), 'in' => Config::get()->ALLOW_SELFASSIGN_INSTITUTE || $GLOBALS['perm']->have_perm('admin'));
}
/**
* Initialize the subnavigation of this item. This method
* is called once before the first item is added or removed.
*/
public function initSubNavigation()
{
global $user, $perm;
parent::initSubNavigation();
$username = Request::username('username', $user->username);
$current_user = $username == $user->username ? $user : User::findByUsername($username);
// profile
$navigation = new Navigation(_('Profil'), 'dispatch.php/profile/index');
$this->addSubNavigation('index', $navigation);
if ($perm->have_profile_perm('user', $current_user->user_id)) {
// avatar
$navigation = new Navigation(_('Bild'), 'dispatch.php/settings/avatar');
$this->addSubNavigation('avatar', $navigation);
// profile data
$navigation = new Navigation(_('Nutzerdaten'));
$navigation->addSubNavigation('profile', new Navigation(_('Grunddaten'), 'dispatch.php/settings/account'));
if (($perm->get_profile_perm($current_user->user_id) == 'user' || $perm->have_perm('root') && Config::get()->ALLOW_ADMIN_USERACCESS) && !StudipAuthAbstract::CheckField('auth_user_md5.password', $current_user->auth_plugin) && !LockRules::check($current_user->user_id, 'password')) {
$navigation->addSubNavigation('password', new Navigation(_('Passwort ändern'), 'dispatch.php/settings/password'));
}
$navigation->addSubNavigation('details', new Navigation(_('Weitere Daten'), 'dispatch.php/settings/details'));
if (!in_array($current_user->perms, words('user admin root'))) {
$navigation->addSubNavigation('studies', new Navigation(_('Studiendaten'), 'dispatch.php/settings/studies'));
}
if ($current_user->perms != 'root') {
if (count(UserDomain::getUserDomains())) {
$navigation->addSubNavigation('userdomains', new Navigation(_('Nutzerdomänen'), 'dispatch.php/settings/userdomains'));
}
if ($perm->is_staff_member($current_user->user_id)) {
$navigation->addSubNavigation('statusgruppen', new Navigation(_('Einrichtungsdaten'), 'dispatch.php/settings/statusgruppen'));
}
}
$this->addSubNavigation('edit', $navigation);
if ($perm->have_perm('autor')) {
$navigation = new Navigation(_('Einstellungen'));
$navigation->addSubNavigation('general', new Navigation(_('Allgemeines'), 'dispatch.php/settings/general'));
$navigation->addSubNavigation('privacy', new Navigation(_('Privatsphäre'), 'dispatch.php/settings/privacy'));
$navigation->addSubNavigation('messaging', new Navigation(_('Nachrichten'), 'dispatch.php/settings/messaging'));
if (get_config('CALENDAR_ENABLE')) {
$navigation->addSubNavigation('calendar_new', new Navigation(_('Terminkalender'), 'dispatch.php/settings/calendar'));
}
if (!$perm->have_perm('admin') and get_config('MAIL_NOTIFICATION_ENABLE')) {
$navigation->addSubNavigation('notification', new Navigation(_('Benachrichtigung'), 'dispatch.php/settings/notification'));
}
if (isDefaultDeputyActivated() && $perm->get_perm() == 'dozent') {
$navigation->addSubNavigation('deputies', new Navigation(_('Standardvertretung'), 'dispatch.php/settings/deputies'));
}
if (Config::Get()->API_ENABLED) {
$navigation->addSubNavigation('api', new Navigation(_('API-Berechtigungen'), 'dispatch.php/api/authorizations'));
}
$this->addSubNavigation('settings', $navigation);
}
// user defined sections
$navigation = new Navigation(_('Kategorien'), 'dispatch.php/settings/categories');
$this->addSubNavigation('categories', $navigation);
}
// user documents page
if (Config::get()->PERSONALDOCUMENT_ENABLE && ($perm->have_profile_perm('user', $current_user->user_id) || Config::get()->PERSONALDOCUMENT_OPEN_ACCESS)) {
$title = _('Meine Dateien');
if (Config::get()->PERSONALDOCUMENT_OPEN_ACCESS && $current_user->id !== $user->id) {
$title = _('Dateibereich');
}
$navigation = new Navigation($title, 'dispatch.php/document/files');
$this->addSubNavigation('files', $navigation);
}
}
/**
* Displays the user domain settings of a user.
*/
public function index_action()
{
$this->allow_change = !StudipAuthAbstract::CheckField("userdomain_id", $this->user->auth_plugin) && $GLOBALS['perm']->have_perm('admin');
}
</label>
</td>
</tr>
</tbody>
<? if (in_array($user['perms'], words('autor tutor dozent'))) : ?>
<tbody>
<tr class="header-row">
<th colspan="3" class="toggle-indicator">
<a class="toggler"><b><?php
echo _('Studiendaten');
?>
</b></a>
</th>
</tr>
<? if (!StudipAuthAbstract::CheckField('studiengang_id', $auth_plugin)) : ?>
<tr>
<td>
<label for="new_studiengang"><?php
echo _('Neuer Studiengang');
?>
</label>
</td>
<td colspan="2">
<? $about->select_studiengang() ?>
<? $about->select_abschluss() ?>
<select name="fachsem">
<? for ($s=1; $s < 51; $s++) : ?>
<option><?php
echo $s;
?>
/**
* Change an existing studip user according to the given parameters
*
* @access public
* @param array structure: array('string table_name.field_name'=>'string value')
* @return bool Change successful?
*/
function changeUser($newuser)
{
global $perm;
// Do we have permission to do so?
if (!$perm->have_perm("admin")) {
$this->msg .= "error§" . _("Sie haben keine Berechtigung Accounts zu verändern.") . "§";
return FALSE;
}
if (!$perm->is_fak_admin() && $newuser['auth_user_md5.perms'] == "admin") {
$this->msg .= "error§" . _("Sie haben keine Berechtigung, <em>Admin-Accounts</em> anzulegen.") . "§";
return FALSE;
}
if (!$perm->have_perm("root") && $newuser['auth_user_md5.perms'] == "root") {
$this->msg .= "error§" . _("Sie haben keine Berechtigung, <em>Root-Accounts</em> anzulegen.") . "§";
return FALSE;
}
if (!$perm->have_perm("root")) {
if (!$perm->is_fak_admin() && $this->user_data['auth_user_md5.perms'] == "admin") {
$this->msg .= "error§" . _("Sie haben keine Berechtigung <em>Admin-Accounts</em> zu verändern.") . "§";
return FALSE;
}
if ($this->user_data['auth_user_md5.perms'] == "root") {
$this->msg .= "error§" . _("Sie haben keine Berechtigung <em>Root-Accounts</em> zu verändern.") . "§";
return FALSE;
}
if ($perm->is_fak_admin() && $this->user_data['auth_user_md5.perms'] == "admin") {
if (!$this->adminOK()) {
$this->msg .= "error§" . _("Sie haben keine Berechtigung diesen Admin-Account zu verändern.") . "§";
return FALSE;
}
}
}
// active dozent? (ignore the studygroup guys)
$status = studygroup_sem_types();
if (empty($status)) {
$count = 0;
} else {
$query = "SELECT COUNT(*)\n FROM seminar_user AS su\n LEFT JOIN seminare AS s USING (Seminar_id)\n WHERE su.user_id = ?\n AND s.status NOT IN (?)\n AND su.status = 'dozent'\n AND (SELECT COUNT(*) FROM seminar_user su2 WHERE Seminar_id = su.Seminar_id AND su2.status = 'dozent') = 1\n GROUP BY user_id";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id'], $status));
$count = $statement->fetchColumn();
}
if ($count && isset($newuser['auth_user_md5.perms']) && $newuser['auth_user_md5.perms'] != "dozent") {
$this->msg .= sprintf("error§" . _("Der Benutzer <em>%s</em> ist alleiniger Dozent in %s aktiven Veranstaltungen und kann daher nicht in einen anderen Status versetzt werden!") . "§", $this->user_data['auth_user_md5.username'], $count);
return FALSE;
}
// active admin?
if ($this->user_data['auth_user_md5.perms'] == 'admin' && $newuser['auth_user_md5.perms'] != 'admin') {
// count number of institutes where the user is admin
$query = "SELECT COUNT(*)\n FROM user_inst\n WHERE user_id = ? AND inst_perms = 'admin'\n GROUP BY Institut_id";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
// if there are institutes with admin-perms, add error-message and deny change
if ($count = $statement->fetchColumn()) {
$this->msg .= sprintf('error§' . _("Der Benutzer <em>%s</em> ist Admin in %s Einrichtungen und kann daher nicht in einen anderen Status versetzt werden!") . '§', $this->user_data['auth_user_md5.username'], $count);
return false;
}
}
// Is the username correct?
if (isset($newuser['auth_user_md5.username'])) {
if ($this->user_data['auth_user_md5.username'] != $newuser['auth_user_md5.username']) {
if (!$this->validator->ValidateUsername($newuser['auth_user_md5.username'])) {
$this->msg .= "error§" . _("Der gewählte Benutzername ist zu kurz oder enthält unzulässige Zeichen!") . "§";
return FALSE;
}
$check_uname = StudipAuthAbstract::CheckUsername($newuser['auth_user_md5.username']);
if ($check_uname['found']) {
$this->msg .= "error§" . _("Der Benutzername wird bereits von einem anderen Benutzer verwendet. Bitte wählen Sie einen anderen Benutzernamen!") . "§";
return false;
} else {
//$this->msg .= "info§" . $check_uname['error'] ."§";
}
} else {
unset($newuser['auth_user_md5.username']);
}
}
// Can we reach the email?
if (isset($newuser['auth_user_md5.Email'])) {
if (!$this->checkMail($newuser['auth_user_md5.Email'])) {
return FALSE;
}
}
// Store changed values in internal array if allowed
$old_perms = $this->user_data['auth_user_md5.perms'];
$auth_plugin = $this->user_data['auth_user_md5.auth_plugin'];
foreach ($newuser as $key => $value) {
if (!StudipAuthAbstract::CheckField($key, $auth_plugin)) {
$this->user_data[$key] = $value;
} else {
$this->msg .= "error§" . sprintf(_("Das Feld <em>%s</em> können Sie nicht ändern!"), $key) . "§";
return FALSE;
}
}
if (!$this->storeToDatabase()) {
$this->msg .= "info§" . _("Es wurden keine Veränderungen der Grunddaten vorgenommen.") . "§";
return false;
}
$this->msg .= "msg§" . sprintf(_("Benutzer \"%s\" verändert."), $this->user_data['auth_user_md5.username']) . "§";
if ($auth_plugin !== null) {
// Automated entering new users, based on their status (perms)
$result = AutoInsert::instance()->saveUser($this->user_data['auth_user_md5.user_id'], $newuser['auth_user_md5.perms']);
foreach ($result['added'] as $item) {
$this->msg .= "msg§" . sprintf(_("Das automatische Eintragen in die Veranstaltung <em>%s</em> wurde durchgeführt."), $item) . "§";
}
foreach ($result['removed'] as $item) {
$this->msg .= "msg§" . sprintf(_("Das automatische Austragen aus der Veranstaltung <em>%s</em> wurde durchgeführt."), $item) . "§";
}
// include language-specific subject and mailbody
$user_language = getUserLanguagePath($this->user_data['auth_user_md5.user_id']);
$Zeit = date("H:i:s, d.m.Y", time());
include "locale/{$user_language}/LC_MAILS/change_mail.inc.php";
// send mail
StudipMail::sendMessage($this->user_data['auth_user_md5.Email'], $subject, $mailbody);
}
// Upgrade to admin or root?
if ($newuser['auth_user_md5.perms'] == "admin" || $newuser['auth_user_md5.perms'] == "root") {
$this->re_sort_position_in_seminar_user();
// delete all seminar entries
$query = "SELECT seminar_id FROM seminar_user WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
$seminar_ids = $statement->fetchAll(PDO::FETCH_COLUMN);
$query = "DELETE FROM seminar_user WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus Veranstaltungen gelöscht."), $db_ar) . "§";
array_map('update_admission', $seminar_ids);
}
// delete all entries from waiting lists
$query = "SELECT seminar_id FROM admission_seminar_user WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
$seminar_ids = $statement->fetchAll(PDO::FETCH_COLUMN);
$query = "DELETE FROM admission_seminar_user WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus Wartelisten gelöscht."), $db_ar) . "§";
array_map('update_admission', $seminar_ids);
}
// delete 'Studiengaenge'
$query = "DELETE FROM user_studiengang WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Zuordnungen zu Studiengängen gelöscht."), $db_ar) . "§";
}
// delete all private appointments of this user
if ($db_ar = delete_range_of_dates($this->user_data['auth_user_md5.user_id'], FALSE) > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus den Terminen gelöscht."), $db_ar) . "§";
}
}
if ($newuser['auth_user_md5.perms'] == "admin") {
$this->logInstUserDel($this->user_data['auth_user_md5.user_id'], "inst_perms != 'admin'");
$query = "DELETE FROM user_inst WHERE user_id = ? AND inst_perms != 'admin'";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus MitarbeiterInnenlisten gelöscht."), $db_ar) . "§";
}
}
if ($newuser['auth_user_md5.perms'] == "root") {
$this->logInstUserDel($this->user_data['auth_user_md5.user_id']);
$query = "DELETE FROM user_inst WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($this->user_data['auth_user_md5.user_id']));
if (($db_ar = $statement->rowCount()) > 0) {
$this->msg .= "info§" . sprintf(_("%s Einträge aus MitarbeiterInnenlisten gelöscht."), $db_ar) . "§";
}
}
return TRUE;
}
/**
* Determines whether a user is permitted to change a certain value
* and if provided, whether the value has actually changed.
*
* @param String $field Which db field shall change
* @param mixed $attribute Which attribute is related (optional,
* automatically guessedif missing)
* @param mixed $value Optional new value of the field (used to determine
* whether the value has actually changed)
* @return bool Indicates whether the value shall actually change
*/
public function shallChange($field, $attribute = null, $value = null)
{
$column = end(explode('.', $field));
$attribute = $attribute ?: strtolower($column);
$global_mapping = array('email' => 'ALLOW_CHANGE_EMAIL', 'name' => 'ALLOW_CHANGE_NAME', 'title' => 'ALLOW_CHANGE_TITLE', 'username' => 'ALLOW_CHANGE_USERNAME');
if (isset($global_mapping[$attribute]) and !$GLOBALS[$global_mapping[$attribute]]) {
return false;
}
return !($field && StudipAuthAbstract::CheckField($field, $this->user->auth_plugin)) && !LockRules::check($this->user->user_id, $attribute) && ($value === null || $this->user->{$column} != $value);
}
function edit_email($user, $email, $force = False)
{
$msg = '';
$query = "SELECT email, username, auth_plugin\n FROM auth_user_md5\n WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($user->user_id));
$row = $statement->fetch(PDO::FETCH_ASSOC);
$email_cur = $row['email'];
$username = $row['username'];
$auth_plugin = $row['auth_plugin'];
if ($email_cur == $email && !$force) {
return array(True, $msg);
}
if (StudipAuthAbstract::CheckField("auth_user_md5.Email", $auth_plugin) || LockRules::check($user->user_id, 'email')) {
return array(False, $msg);
}
if (!$GLOBALS['ALLOW_CHANGE_EMAIL']) {
return array(False, $msg);
}
$validator = new email_validation_class();
## Klasse zum Ueberpruefen der Eingaben
$validator->timeout = 10;
$REMOTE_ADDR = $_SERVER["REMOTE_ADDR"];
$Zeit = date("H:i:s, d.m.Y", time());
// accept only registered domains if set
$email_restriction = trim(get_config('EMAIL_DOMAIN_RESTRICTION'));
if (!$validator->ValidateEmailAddress($email, $email_restriction)) {
if ($email_restriction) {
$email_restriction_msg_part = '';
$email_restriction_parts = explode(',', $email_restriction);
for ($email_restriction_count = 0; $email_restriction_count < count($email_restriction_parts); $email_restriction_count++) {
if ($email_restriction_count == count($email_restriction_parts) - 1) {
$email_restriction_msg_part .= '@' . trim($email_restriction_parts[$email_restriction_count]) . '<br>';
} else {
if (($email_restriction_count + 1) % 3) {
$email_restriction_msg_part .= '@' . trim($email_restriction_parts[$email_restriction_count]) . ', ';
} else {
$email_restriction_msg_part .= '@' . trim($email_restriction_parts[$email_restriction_count]) . ',<br>';
}
}
}
$msg .= 'error§' . sprintf(_("Die E-Mail-Adresse fehlt, ist falsch geschrieben oder gehört nicht zu folgenden Domains:%s"), '<br>' . $email_restriction_msg_part);
} else {
$msg .= "error§" . _("Die E-Mail-Adresse fehlt oder ist falsch geschrieben!") . "§";
}
return array(False, $msg);
// E-Mail syntaktisch nicht korrekt oder fehlend
}
if (!$validator->ValidateEmailHost($email)) {
// Mailserver nicht erreichbar, ablehnen
$msg .= "error§" . _("Der Mailserver ist nicht erreichbar. Bitte überprüfen Sie, ob Sie E-Mails mit der angegebenen Adresse verschicken können!") . "§";
return array(False, $msg);
} else {
// Server ereichbar
if (!$validator->ValidateEmailBox($email)) {
// aber user unbekannt. Mail an abuse!
StudipMail::sendAbuseMessage("edit_about", "Emailbox unbekannt\n\nUser: "******"\nEmail: {$email}\n\nIP: {$REMOTE_ADDR}\nZeit: {$Zeit}\n");
$msg .= "error§" . _("Die angegebene E-Mail-Adresse ist nicht erreichbar. Bitte überprüfen Sie Ihre Angaben!") . "§";
return array(False, $msg);
}
}
$query = "SELECT Vorname, Nachname\n FROM auth_user_md5\n WHERE Email = ? AND user_id != ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($email, $user->user_id));
$row = $statement->fetch(PDO::FETCH_ASSOC);
if ($row) {
$msg .= "error§" . sprintf(_("Die angegebene E-Mail-Adresse wird bereits von einem anderen Benutzer (%s %s) verwendet. Bitte geben Sie eine andere E-Mail-Adresse an."), htmlReady($row['Vorname']), htmlReady($row['Nachname'])) . "§";
return array(False, $msg);
}
// This already moved to the controller
// $query = "UPDATE auth_user_md5 SET Email = ? WHERE user_id = ?";
// $statement = DBManager::get()->prepare($query);
// $statement->execute(array($email, $uid));
if (StudipAuthAbstract::CheckField("auth_user_md5.validation_key", $auth_plugin)) {
$msg .= "msg§" . _("Ihre E-Mail-Adresse wurde geändert!") . "§";
return array(True, $msg);
} else {
// auth_plugin does not map validation_key (what if...?)
// generate 10 char activation key
$key = '';
mt_srand((double) microtime() * 1000000);
for ($i = 1; $i <= 10; $i++) {
$temp = mt_rand() % 36;
if ($temp < 10) {
$temp += 48;
} else {
$temp += 87;
}
// a = chr(97), z = chr(122)
$key .= chr($temp);
}
$user->validation_key = $key;
$activatation_url = $GLOBALS['ABSOLUTE_URI_STUDIP'] . 'activate_email.php?uid=' . $user->user_id . '&key=' . $user->validation_key;
// include language-specific subject and mailbody with fallback to german
$lang = $GLOBALS['_language_path'];
// workaround
if ($lang == '') {
$lang = 'de';
}
include_once "locale/{$lang}/LC_MAILS/change_self_mail.inc.php";
$mail = StudipMail::sendMessage($email, $subject, $mailbody);
if (!$mail) {
return array(True, $msg);
}
$query = "UPDATE auth_user_md5 SET validation_key = ? WHERE user_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($user->validation_key, $user->user_id));
$msg .= "info§<b>" . sprintf(_('An Ihre neue E-Mail-Adresse <b>%s</b> wurde ein Aktivierungslink geschickt, dem Sie folgen müssen bevor Sie sich das nächste mal einloggen können.'), $email) . '</b>§';
log_event("USER_NEWPWD", $user->user_id);
// logging
}
return array(True, $msg);
}