/**
* Return an array of items to show in the your account panel
*
* @return array
*/
public function getall($args)
{
$items = array();
$uname = (isset($args['uname'])) ? $args['uname'] : UserUtil::getVar('uname');
// does this user exist?
if(UserUtil::getIdFromName($uname)==false) {
// user does not exist
return $items;
}
// Create an array of links to return
if (SecurityUtil::checkPermission('News::', '::', ACCESS_COMMENT)) {
$items[] = array('url' => ModUtil::url('News', 'user', 'newitem'),
'module' => 'News',
'title' => $this->__('Submit an article'),
'icon' => 'news_add.gif');
/* If users can save draft articles and the viewdraft function is implemented, this can be enabled
$items[] = array('url' => ModUtil::url('News', 'user', 'viewdraft'),
'module' => 'News',
'title' => __('View personal draft articles', $dom),
'icon' => 'news_draft.gif');
*/
}
// Return the items
return $items;
}
/**
* Zikula_View function to get the user id for a given user.
*
* This function will return the user ID for a given username.
*
* available parameters:
* - uname the username return the id for
* - assign if set, the language will be assigned to this variable
*
* @param array $params All attributes passed to this function from the template.
* @param Zikula_View $view Reference to the Zikula_View object.
*
* @return string The user ID.
*/
function smarty_function_usergetidfromname($params, Zikula_View $view)
{
$assign = isset($params['assign']) ? $params['assign'] : null;
$uname = isset($params['uname']) ? $params['uname'] : null;
if (!$uname) {
$view->trigger_error(__f('Error! in %1$s: the %2$s parameter must be specified.', array('usergetidfromname', 'uname')));
return false;
}
$return = UserUtil::getIdFromName($uname);
if ($assign) {
$view->assign($assign, $return);
} else {
return $return;
}
}
/**
* Return an array of items to show in the your account panel
*
* @return array
*/
public function getall($args)
{
$items = array();
$uname = isset($args['uname']) ? $args['uname'] : UserUtil::getVar('uname');
// does this user exist?
if (UserUtil::getIdFromName($uname) == false) {
// user does not exist
return $items;
}
// Create an array of links to return
if (SecurityUtil::checkPermission('Content::', '::', ACCESS_EDIT)) {
$items[] = array('url' => ModUtil::url('Content', 'admin', 'newpage'), 'module' => 'Content', 'title' => $this->__('Add a new page'), 'icon' => 'content_add.gif');
}
// Return the items
return $items;
}
public function addSearch($s)
{
$search = $s['search'];
$search_field = $s['search_field'];
if ($search === false || $search_field === false) {
return;
}
switch ($search_field) {
case 'author':
if (is_numeric($search)) {
return $this->filterAuthor($search);
} elseif (is_string($search)) {
$uid = \UserUtil::getIdFromName($search);
$uid = $uid !== false ? $uid : 0;
return $this->filterAuthor($uid);
}
break;
case 'name':
return $this->andWhere('m.name LIKE :search')->setParameter('search', '%' . $search . '%');
}
}
/**
* Zikula_View modifier to create a link to a users profile
*
* Example
*
* Simple version, shows $username
* {$username|userprofilelink}
* Simple version, shows $username, using class="classname"
* {$username|userprofilelink:classname}
* Using profile.gif instead of username, no class
* {$username|userprofilelink:'':'images/profile.gif'}
*
* Using language depending image from pnimg. Note that we pass
* the pnimg result array to the modifier as-is
* { pnimg src='profile.gif' assign=profile}
* {$username|userprofilelink:'classname':$profile}
*
* @param string $string The users name.
* @param string $class The class name for the link (optional).
* @param mixed $image The image to show instead of the username (optional).
* May be an array as created by pnimg.
* @param integer $maxLength If set then user names are truncated to x chars.
*
* @return string The output.
*/
function smarty_modifier_userprofilelink($string, $class = '', $image = '', $maxLength = 0)
{
LogUtil::log(__f('Warning! Template modifier {$var|%1$s} is deprecated, please use {$var|%2$s} instead.', array('userprofilelink', 'profilelinkbyuname} {$var|profilelinkbyuid')), E_USER_DEPRECATED);
// TODO - This does not handle cases where the uname is made up entirely of digits (e.g. $uname == "123456"). It will interpret it
// as a uid. A new modifier is needed that acts on uids and only uids, and this modifier should act on unames and only unames.
if (is_numeric($string)) {
$uid = DataUtil::formatForStore($string);
$uname = UserUtil::getVar('uname', $uid);
} else {
$uname = DataUtil::formatForStore($string);
$uid = UserUtil::getIdFromName($uname);
}
$showUname = DataUtil::formatForDisplay($uname);
$profileModule = System::getVar('profilemodule', '');
if (isset($uid) && $uid && isset($uname) && $uname && $uid > 1 && !empty($profileModule) && ModUtil::available($profileModule) && strtolower($uname) != strtolower(ModUtil::getVar(Users_Constant::MODNAME, Users_Constant::MODVAR_ANONYMOUS_DISPLAY_NAME))) {
if (!empty($class)) {
$class = ' class="' . DataUtil::formatForDisplay($class) . '"';
}
if (!empty($image)) {
if (is_array($image)) {
// if it is an array we assume that it is an pnimg array
$show = '<img src="' . DataUtil::formatForDisplay($image['src']) . '" alt="' . DataUtil::formatForDisplay($image['alt']) . '" width="' . DataUtil::formatForDisplay($image['width']) . '" height="' . DataUtil::formatForDisplay($image['height']) . '" />';
} else {
$show = '<img src="' . DataUtil::formatForDisplay($image) . '" alt="' . $showUname . '" />';
}
} elseif ($maxLength > 0) {
// truncate the user name to $maxLength chars
$showLength = strlen($showUname);
$truncEnd = $maxLength > $showLength ? $showLength : $maxLength;
$showUname = substr($string, 0, $truncEnd);
}
$profileLink = '<a' . $class . ' title="' . DataUtil::formatForDisplay(__('Personal information')) . ': ' . $showUname . '" href="' . DataUtil::formatForDisplay(ModUtil::url($profileModule, 'user', 'view', array('uid' => $uid), null, null, true)) . '">' . $showUname . '</a>';
} elseif (!empty($image)) {
$profileLink = '';
//image for anonymous user should be "empty"
} else {
$profileLink = DataUtil::formatForDisplay($string);
}
return $profileLink;
}
/**
* Zikula_View modifier to create a link to a users profile from the username.
*
* Example
*
* Simple version, shows $username
* {$username|profilelinkbyuname}
* Simple version, shows $username, using class="classname"
* {$username|profilelinkbyuname:classname}
* Using profile.gif instead of username, no class
* {$username|profilelinkbyuname:'':'images/profile.gif'}
*
* Using language depending image from pnimg. Note that we pass
* the pnimg result array to the modifier as-is
* {img src='profile.gif' assign=profile}
* {$username|profilelinkbyuname:'classname':$profile}
*
* @param string $string The users name.
* @param string $class The class name for the link (optional).
* @param mixed $image The image to show instead of the username (optional).
* May be an array as created by pnimg.
* @param integer $maxLength If set then user names are truncated to x chars.
*
* @return string The output.
*/
function smarty_modifier_profilelinkbyuname($uname, $class = '', $image = '', $maxLength = 0)
{
if (empty($uname)) {
return $uname;
}
$uid = UserUtil::getIdFromName($uname);
$profileModule = System::getVar('profilemodule', '');
if ($uid && $uid > 1 && !empty($profileModule) && ModUtil::available($profileModule)) {
$userDisplayName = ModUtil::apiFunc($profileModule, 'user', 'getUserDisplayName', array('uid' => $uid));
if (empty($userDisplayName)) {
$userDisplayName = $uname;
}
if (!empty($class)) {
$class = ' class="' . DataUtil::formatForDisplay($class) . '"';
}
if (!empty($image)) {
if (is_array($image)) {
// if it is an array we assume that it is an img array
$show = '<img src="' . DataUtil::formatForDisplay($image['src']) . '" alt="' . DataUtil::formatForDisplay($image['alt']) . '" width="' . DataUtil::formatForDisplay($image['width']) . '" height="' . DataUtil::formatForDisplay($image['height']) . '" />';
} else {
$show = '<img src="' . DataUtil::formatForDisplay($image) . '" alt="' . DataUtil::formatForDisplay($userDisplayName) . '" />';
}
} elseif ($maxLength > 0) {
// truncate the user name to $maxLength chars
$length = strlen($userDisplayName);
$truncEnd = $maxLength > $length ? $length : $maxLength;
$show = DataUtil::formatForDisplay(substr($userDisplayName, 0, $truncEnd));
} else {
$show = DataUtil::formatForDisplay($userDisplayName);
}
$profileLink = '<a' . $class . ' title="' . DataUtil::formatForDisplay(__('Profile')) . ': ' . DataUtil::formatForDisplay($userDisplayName) . '" href="' . DataUtil::formatForDisplay(ModUtil::url($profileModule, 'user', 'view', array('uid' => $uid), null, null, true)) . '">' . $show . '</a>';
} elseif (!empty($image)) {
$profileLink = '';
// image for anonymous user should be "empty"
} else {
$profileLink = DataUtil::formatForDisplay($uname);
}
return $profileLink;
}
/**
* Return an array of items to show in the your account panel.
*
* @param array $args List of arguments.
*
* @return array List of collected account items
*/
public function getall(array $args = array())
{
// collect items in an array
$items = array();
$useAccountPage = $this->getVar('useAccountPage', true);
if ($useAccountPage === false) {
return $items;
}
$userName = isset($args['uname']) ? $args['uname'] : UserUtil::getVar('uname');
// does this user exist?
if (UserUtil::getIdFromName($userName) === false) {
// user does not exist
return $items;
}
if (!SecurityUtil::checkPermission($this->name . '::', '::', ACCESS_OVERVIEW)) {
return $items;
}
// Create an array of links to return
if (SecurityUtil::checkPermission($this->name . '::', '::', ACCESS_ADMIN)) {
$items[] = array('url' => ModUtil::url($this->name, 'admin', 'main'), 'title' => $this->__('M u video Backend'), 'icon' => 'configure.png', 'module' => 'core', 'set' => 'icons/large');
}
// return the items
return $items;
}
/**
* Return an array of items to show in the "user account page".
*
* Parameters passed in the $args array:
* -------------------------------------
* string uname The user name of the user for whom links should be returned; optional, defaults to the current user.
*
* @param array $args All parameters passed to this function.
*
* @return array array of items, or false on failure
*/
public function getall($args)
{
$items = array();
// do not show the account links if Profile is not the Profile manager
$profilemodule = System::getVar('profilemodule', '');
if ($profilemodule != 'Profile') {
return $items;
}
$uname = isset($args['uname']) ? $args['uname'] : null;
if (!$uname && UserUtil::isLoggedIn()) {
$uname = UserUtil::getVar('uname');
}
// Create an array of links to return
if (!empty($uname)) {
$uid = UserUtil::getIdFromName($uname);
$items['0'] = array('url' => ModUtil::url('Profile', 'user', 'view', array('uid' => $uid)),
'module' => 'Profile',
//! account panel link
'title' => $this->__('Personal info'),
'icon' => 'admin.png');
if (SecurityUtil::checkPermission('Profile:Members:', '::', ACCESS_READ)) {
$items['1'] = array('url' => ModUtil::url('Profile', 'user', 'viewmembers'),
'module' => 'Profile',
'title' => $this->__('Registered users list'),
'icon' => 'members.png');
}
}
// Return the items
return $items;
}
/**
* Test a permission rule for a given username
*
* @param test_user the username
* @param test_component the component
* @param test_instance the instance
* @param test_level the accesslevel
* @return string with test result for display
*/
public function testpermission()
{
$this->checkAjaxToken();
$this->throwForbiddenUnless(SecurityUtil::checkPermission('Permissions::', '::', ACCESS_ADMIN));
$uname = $this->request->getPost()->get('test_user', '');
$comp = $this->request->getPost()->get('test_component', '.*');
$inst = $this->request->getPost()->get('test_instance', '.*');
$level = $this->request->getPost()->get('test_level', ACCESS_READ);
$result = $this->__('Permission check result:') . ' ';
$uid = UserUtil::getIdFromName($uname);
if ($uid == false) {
$result .= '<span id="permissiontestinfored">' . $this->__('unknown user.') . '</span>';
} else {
if (SecurityUtil::checkPermission($comp, $inst, $level, $uid)) {
$result .= '<span id="permissiontestinfogreen">' . $this->__('permission granted.') . '</span>';
} else {
$result .= '<span id="permissiontestinfored">' . $this->__('permission not granted.') . '</span>';
}
}
return new Zikula_Response_Ajax(array('testresult' => $result));
}
/**
* submit a message
*
* @author The PostNuke Development Team
* @param integer $tid the ID of the item to display
* @return output The item detail page
*/
public function submit($args) {
$image = FormUtil::getPassedValue('image', isset($args['image']) ? $args['image'] : null, 'POST');
$subject = FormUtil::getPassedValue('subject', isset($args['subject']) ? $args['subject'] : null, 'POST');
$to_user = FormUtil::getPassedValue('to_user', isset($args['to_user']) ? $args['to_user'] : null, 'POST');
$message = FormUtil::getPassedValue('message', isset($args['message']) ? $args['message'] : null, 'POST');
$reply = FormUtil::getPassedValue('reply', isset($args['reply']) ? $args['reply'] : null, 'POST');
$replied = FormUtil::getPassedValue('replied', isset($args['replied']) ? $args['replied'] : 0, 'POST');
$file1 = FormUtil::getPassedValue('file1', isset($args['file1']) ? $args['file1'] : null, 'POST');
$file2 = FormUtil::getPassedValue('file2', isset($args['file2']) ? $args['file2'] : null, 'POST');
$file3 = FormUtil::getPassedValue('file3', isset($args['file3']) ? $args['file3'] : null, 'POST');
$multi = FormUtil::getPassedValue('multi', isset($args['multi']) ? $args['multi'] : null, 'POST');
if (!SecurityUtil::checkPermission('IWmessages::', $to_user . '::', ACCESS_COMMENT)) {
throw new Zikula_Exception_Forbidden();
}
// Confirm authorisation code
$this->checkCsrfToken();
if (empty($to_user) && (!isset($multi) || $multi == '0')) {
LogUtil::registerError($this->__('Not user especified.'));
return System::redirect(ModUtil::url('IWmessages', 'user', 'view'));
}
if (empty($message)) {
LogUtil::registerError($this->__('Error! Could not do what you wanted. Please check your input.'));
return System::redirect(ModUtil::url('IWmessages', 'user', 'view'));
}
$message = nl2br($message);
if (empty($subject)) {
$subject = $this->__('No subject');
}
if (UserUtil::isLoggedIn()) {
$message .= "[addsig]";
}
//Create an array with the names of all the persons who are going to receipt the message
$usersName = array();
//parse the users for the message
if (strpos($to_user, ',') != 0) {
//More than a user separeted by ,
$users = explode(',', $to_user);
foreach ($users as $user) {
if ($user != '') {
$usersName[] = $user;
}
}
} else {
//an alone user
if ($to_user != '') {
$usersName[] = $to_user;
}
}
//Create an array with the ids of all the persons who are going to receipt the message
$usersId = array();
//For each user check if is a valid one.
$noValidUser = '';
foreach ($usersName as $userName) {
// get the user id
$to_userid = UserUtil::getIdFromName($userName);
if (!$to_userid) {
$noValidUser .= $userName . ' - ';
} else {
$usersId[] = $to_userid;
}
}
if ($noValidUser != '') {
$noValidUser = substr($noValidUser, 0, -3);
LogUtil::registerError($this->__('Some of the users writed into the field A: are not correct. The incorrect users are: ') . $noValidUser);
return System::redirect((UserUtil::isLoggedIn()) ? ModUtil::url('IWmessages', 'user', 'compose',
array('touser' => $to_user,
'subject' => $subject,
'message' => str_replace('[addsig]', '', $message),
'reply' => $reply,
'to_group' => $multi,
'image' => $image)) : 'index.php');
}
$groupsCanUpdate = ModUtil::getVar('IWmessages', 'groupsCanUpdate');
$groupsUpdate = explode('$$', substr($groupsCanUpdate, 0, -1));
array_shift($groupsUpdate);
foreach ($groupsUpdate as $update) {
$names = explode('|', $update);
$sv = ModUtil::func('IWmain', 'user', 'genSecurityValue');
$isMember = ModUtil::func('IWmain', 'user', 'isMember',
array('uid' => UserUtil::getVar('uid'),
'gid' => $names[0],
'sgid' => $names[1],
'sv' => $sv));
if ($isMember) {
$canUpdate = true;
break;
}
}
$multiMail = ModUtil::getVar('IWmessages', 'multiMail');
//Check if the user can really send multiple mails to the grups especified
$canMultiMail = false;
//Get the group of the user who send the message
$sv = ModUtil::func('IWmain', 'user', 'genSecurityValue');
$userGroups = ModUtil::func('IWmain', 'user', 'getAllUserGroups',
array('uid' => UserUtil::getVar('uid'),
'sv' => $sv));
foreach ($userGroups as $userGroup) {
$multip = explode('|', $multi);
if (strpos($multiMail, '$' . $userGroup['id'] . '|0-0|0$') != 0 ||
strpos($multiMail, '$' . $userGroup['id'] . '|0-' . $multi . '$') != 0 ||
strpos($multiMail, '$' . $userGroup['id'] . '|0-' . $multip[0] . '|0$') != 0) {
//The user can send to everybody
$canMultiMail = true;
break;
}
}
//Add the user in the array of user who send the message
if ($canMultiMail) {
if ($multi == '0|0') {
$sv = ModUtil::func('IWmain', 'user', 'genSecurityValue');
$allUsers = ModUtil::func('IWmain', 'user', 'getAllUsersInfo',
array('sv' => $sv));
foreach ($allUsers as $user) {
$usersId[] = UserUtil::getIdFromName($user);
}
} else {
if ($multi != '0') {
$members = explode('|', $multi);
if ($members[1] == 0) {
$sv = ModUtil::func('IWmain', 'user', 'genSecurityValue');
$membersList = ModUtil::func('IWmain', 'user', 'getMembersGroup',
array('sv' => $sv,
'gid' => $members[0]));
} else {
$sv = ModUtil::func('IWmain', 'user', 'genSecurityValue');
$membersList = ModUtil::func('IWmain', 'user', 'getMembersGroup',
array('sv' => $sv,
'gid' => $members[1]));
}
foreach ($membersList as $member) {
$usersId[] = $member['id'];
}
}
}
}
if (count($usersId) == 0) {
LogUtil::registerError(_MESSAGESUSERNOTINDB . ', ' . $this->__('Please check that the name of the user you are sending a message to is a real user and known by this system.'));
} else {
if ($canUpdate) {
//Update the attached files to the server
for ($i = 1; $i < 4; $i++) {
$update = array();
$file = 'file' . $i;
$$file = str_replace(' ', '_', $_FILES['file' . $i]['name']);
if ($$file != '') {
$folder = ModUtil::getVar('IWmessages', 'uploadFolder');
$fileName = md5($$file . UserUtil::getVar('uid'));
$sv = ModUtil::func('IWmain', 'user', 'genSecurityValue');
$update = ModUtil::func('IWmain', 'user', 'updateFile',
array('sv' => $sv,
'folder' => $folder,
'fileNameTemp' => $_FILES['file' . $i]['tmp_name'],
'fileRealName' => $_FILES['file' . $i]['name'],
'fileSize' => $_FILES['file' . $i]['size'],
'fileName' => $fileName));
//the function returns the error string if the update fails and empty string if success
if ($update['msg'] != '') {
LogUtil::registerError($update['msg'] . ' ' . $this->__('Probably the message has been sent without the attached file'));
$$file = '';
}
}
}
} else {
$file1 = '';
$file2 = '';
$file3 = '';
}
foreach ($usersId as $userId) {
if (ModUtil::apiFunc('IWmessages', 'user', 'create',
array('image' => $image,
'subject' => $subject,
'to_userid' => $userId,
'message' => $message,
'reply' => $reply,
'file1' => str_replace(' ', '_', $file1),
'file2' => str_replace(' ', '_', $file2),
'file3' => str_replace(' ', '_', $file3)))) {
$this->view->clear_cache(null, $to_userid);
$sended++;
} else {
$error++;
}
}
}
if ($sended > 0) {
$sendedText = ($sended > 1) ? $this->__('Number of sent messages:') . ' ' . $sended : '';
LogUtil::registerStatus($this->__('Your message has been posted.') . ' ' . $sendedText);
if ($replied > 0) {
//Set a message as replied
ModUtil::apiFunc('IWmessages', 'user', 'setreplied',
array('msgid' => $replied));
}
}
if ($error > 0) {
$errorText = ($error > 1) ? $this->__('Errors number:') . ' ' . $error : '';
LogUtil::registerError($this->__('Error! Creation attempt failed.') . ' ' . $errorText);
}
return System::redirect((UserUtil::isLoggedIn()) ? ModUtil::url('IWmessages', 'user', 'view') : 'index.php');
}
/**
* Returns an TimeIt_Filter_OperatorIf instance form an expression.
*
* @param string $objectType Object type.
* @param string $exp Expression in format: field:operator:value .
*
* @return TimeIt_Filter_OperatorIf
* @throws InvalidArgumentException In case of invalid parameters.
* @throws LogicException If operation class does not extend this class.
*/
public static function operatorFromExp($objectType, $exp)
{
$pattern = '/^([0-9a-zA-Z_-]+):([0-9a-zA-Z_-]+):(.*)$/';
// extract parts
if (preg_match_all($pattern, $exp, $array)) {
$field = $array[1][0];
$operator = $array[2][0];
$value = $array[3][0];
if (strlen($value) > 0) {
// check field
$class = 'TimeIt_Filter_OP_' . DataUtil::formatForOS($operator);
// check operator
if (class_exists($class)) {
$rfclass = new ReflectionClass($class);
// check operator class (need to use reflection because we can't create an instance yet)
if ($rfclass->isSubclassOf(new ReflectionClass('TimeIt_Filter_OP_Interface'))) {
if (($field == 'cr_uid' || $field == 'lu_uid') && (int) $value == -1) {
$value = UserUtil::getVar('uid', -1, 1);
// set uid of current user
} else {
if (($field == 'cr_uid' || $field == 'lu_uid') && !preg_match('/^[0-9]+$/', $value)) {
if ($value == 'User Name') {
return null;
} else {
$name = $value;
$value = $uid = UserUtil::getIdFromName($value);
// get user id form user name
if (empty($uid)) {
// show error
LogUtil::registerError(__f('The user named "%s" not found (TimeIt filter).', $name, ZLanguage::getModuleDomain('TimeIt')));
return null;
}
}
} else {
if (($field == 'cr_uid' || $field == 'up_uid') && preg_match('/^[0-9]+$/', $value)) {
$value = (int) $value;
}
}
}
if ($value) {
return new $class($objectType, $field, $value);
} else {
return null;
}
} else {
throw new LogicException('Class of operator ' . $operator . ' (' . $class . ') is not a subclass of TimeIt_Filter_OP_Interface.');
}
} else {
throw new InvalidArgumentException('Expression has got an invalid operator (' . $operator . ').');
}
}
// ignore filter
} else {
throw new InvalidArgumentException('Expression has got an invalid format.');
}
}
/**
* Display the block.
*
* @param array $blockinfo A blockinfo structure.
*
* @return string The rendered block.
*/
public function display($blockinfo)
{
// Check if the Profile module is available.
if (!ModUtil::available('Profile')) {
return false;
}
// Security check
if (!SecurityUtil::checkPermission('Profile:FeaturedUserblock:', "$blockinfo[bid]::", ACCESS_READ)) {
return false;
}
// Get variables from content block
$vars = BlockUtil::varsFromContent($blockinfo['content']);
// If there's no user to show, nothing to do
if (!isset($vars['username']) || empty($vars['username'])) {
return false;
}
// Defaults
if (!isset($vars['fieldstoshow']) || !is_array($vars['fieldstoshow']) || empty($vars['fieldstoshow'])) {
$vars['fieldstoshow'] = array();
}
if (!isset($vars['showregdate']) || empty($vars['showregdate'])) {
$vars['showregdate'] = '';
}
$userinfo = UserUtil::getVars(UserUtil::getIdFromName($vars['username']));
// Check if the user is watching its own profile or if he is admin
$currentuser = UserUtil::getVar('uid');
$ismember = ($currentuser >= 2);
$sameuser = ($currentuser == $userinfo['uid']);
$isadmin = false;
if (SecurityUtil::checkPermission('Profile::', '::', ACCESS_ADMIN)) {
$isadmin = true;
}
// get all active profile fields
$activeduds = ModUtil::apiFunc('Profile', 'user', 'getallactive', array('index' => 'prop_label'));
foreach ($activeduds as $dudlabel => $activedud) {
// check if the attribute is set to be shown in the block
if (!in_array($activedud['prop_attribute_name'], $vars['fieldstoshow'])) {
continue;
}
// discard empty fields
if (empty($userinfo['__ATTRIBUTES__'][$activedud['prop_attribute_name']])) {
continue;
}
// check the access to this field
if ($activedud['prop_viewby'] != 0) {
// not to everyone, checks members only or higher
if (!($activedud['prop_viewby'] == 1 && $ismember)) {
// lastly check for the same user or admin
if (!($activedud['prop_viewby'] == 2 && ($sameuser || $isadmin))) {
continue;
}
}
}
// add it to the viewable properties
$dudarray[$dudlabel] = $userinfo['__ATTRIBUTES__'][$activedud['prop_attribute_name']];
}
unset($activeduds);
// build the output
$this->view->setCacheId('featured'.$vars['username']);
$this->view->assign('userinfo', $userinfo);
$this->view->assign('showregdate', $vars['showregdate']);
$this->view->assign('dudarray', $dudarray);
$blockinfo['content'] = $this->view->fetch('profile_block_featureduser.tpl');
return BlockUtil::themeBlock($blockinfo);
}
/**
* Display item.
*
* Parameters passed via the $args array, or via GET:
* --------------------------------------------------
* numeric uid The user account id (uid) of the user for whom to display profile information; optional, ignored if uname is supplied, if not provided
* and if uname is not supplied then defaults to the current user.
* string uname The user name of the user for whom to display profile information; optional, if not supplied, then uid is used to determine the user.
* string page The name of the Profile "page" (view template) to display; optional, if not provided then the standard view template is used.
*
* @param array $args All parameters passed to this function via an internal call.
*
* @return string The rendered template output.
*/
public function view($args)
{
// Security check
if (!SecurityUtil::checkPermission('Profile::view', '::', ACCESS_READ)) {
return LogUtil::registerPermissionError();
}
// Get parameters from whatever input we need.
$uid = (int)$this->request->getGet()->get('uid', isset($args['uid']) ? $args['uid'] : null);
$uname = $this->request->getGet()->get('uname', isset($args['uname']) ? $args['uname'] : null);
$page = $this->request->getGet()->get('page', isset($args['page']) ? $args['page'] : null);
// Getting uid by uname
if (!empty($uname)) {
$uid = UserUtil::getIdFromName($uname);
} elseif (empty($uid)) {
$uid = UserUtil::getVar('uid');
}
// Check for an invalid uid (uid = 1 is the anonymous user)
if ($uid < 2) {
return LogUtil::registerError($this->__('Error! Could not find this user.'), 404);
}
// Get all the user data
$userinfo = UserUtil::getVars($uid);
if (!$userinfo) {
return LogUtil::registerError($this->__('Error! Could not find this user.'), 404);
}
// Check if the user is watching its own profile or if he is admin
// TODO maybe remove the four lines below
$currentuser = UserUtil::getVar('uid');
$ismember = ($currentuser >= 2);
$isowner = ($currentuser == $uid);
$isadmin = SecurityUtil::checkPermission('Profile::', '::', ACCESS_ADMIN);
// Get all active profile fields
$activeduds = ModUtil::apiFunc('Profile', 'user', 'getallactive',
array('get' => 'viewable',
'uid' => $uid));
// Fill the DUD values array
$dudarray = array();
foreach (array_keys($activeduds) as $dudattr) {
$dudarray[$dudattr] = isset($userinfo['__ATTRIBUTES__'][$dudattr]) ? $userinfo['__ATTRIBUTES__'][$dudattr] : '';
}
// Create output object
$this->view->setCaching(false)->add_core_data();
$this->view->assign('dudarray', $dudarray)
->assign('fields', $activeduds)
->assign('uid', $userinfo['uid'])
->assign('uname', $userinfo['uname'])
->assign('userinfo', $userinfo)
->assign('ismember', $ismember)
->assign('isadmin', $isadmin)
->assign('sameuser', $isowner);
// Return the output that has been generated by this function
if (!empty($page)) {
if ($this->view->template_exists("profile_user_view_{$page}.tpl")) {
return $this->view->fetch("profile_user_view_{$page}.tpl", $uid);
} else {
return LogUtil::registerError($this->__f('Error! Could not find profile page [%s].', DataUtil::formatForDisplay($page)), 404);
}
}
return $this->view->fetch('profile_user_view.tpl', $uid);
}
/**
* Display a form to confirm the deletion of one user, and then process the deletion.
*
* Parameters passed via GET:
* --------------------------
* numeric userid The user id of the user to be deleted.
* string uname The user name of the user to be deleted.
*
* Parameters passed via POST:
* ---------------------------
* array userid The array of user ids of the users to be deleted.
* boolean process_delete True to process the posted userid list, and delete the corresponding accounts; false or null to confirm first.
*
* Parameters passed via SESSION:
* ------------------------------
* None.
*
* @return string HTML string containing the rendered template.
*
* @throws Zikula_Exception_Forbidden Thrown if the current user does not have delete access, or if the method of accessing this function is improper.
*/
public function deleteUsers()
{
// check permissions
$this->throwForbiddenUnless(SecurityUtil::checkPermission('IWusers::', '::', ACCESS_DELETE));
$proceedToForm = false;
$processDelete = false;
if ($this->request->isPost()) {
$userid = $this->request->request->get('userId', null);
$processDelete = $this->request->request->get('process_delete', false);
$proceedToForm = !$processDelete;
} elseif ($this->request->isGet()) {
$userid = $this->request->query->get('uid', null);
$uname = $this->request->query->get('uname', null);
// retreive userid from uname
if (empty($userid) && !empty($uname)) {
$userid = UserUtil::getIdFromName($users);
}
$proceedToForm = true;
} else {
throw new Zikula_Exception_Forbidden();
}
if (empty($userid)) {
$this->registerError($this->__('No users have chosen'));
$proceedToForm = false;
$userid = array();
} elseif (!is_array($userid)) {
$userid = array($userid);
}
$currentUser = UserUtil::getVar('uid');
$users = array();
foreach ($userid as $key => $uid) {
if ($uid == 1) {
$this->registerError($this->__("Error! You can't delete the guest account."));
$proceedToForm = false;
$processDelete = false;
} elseif ($uid == 2) {
$this->registerError($this->__("Error! You can't delete the primary administrator account."));
$proceedToForm = false;
$processDelete = false;
} elseif ($uid == $currentUser) {
$this->registerError($this->__("Error! You can't delete the account you are currently logged into."));
$proceedToForm = false;
$processDelete = false;
}
// get the user vars
$users[$key] = UserUtil::getVars($uid);
if (empty($users[$key])) {
$this->registerError($this->__('Sorry! No such user found.'));
$proceedToForm = false;
$processDelete = false;
}
}
if ($processDelete) {
$this->checkCsrfToken();
$valid = true;
foreach ($userid as $uid) {
$event = new Zikula_Event('module.users.ui.validate_delete', null, array('id' => $uid), new Zikula_Hook_ValidationProviders());
$validators = $this->eventManager->notify($event)->getData();
$hook = new Zikula_ValidationHook('users.ui_hooks.user.validate_delete', $validators);
$this->notifyHooks($hook);
$validators = $hook->getValidators();
if ($validators->hasErrors()) {
$valid = false;
}
}
$proceedToForm = false;
if ($valid) {
$deleted = ModUtil::apiFunc($this->name, 'admin', 'deleteUser', array('uid' => $userid));
if ($deleted) {
foreach ($userid as $uid) {
$event = new Zikula_Event('module.users.ui.process_delete', null, array('id' => $uid));
$this->eventManager->notify($event);
$hook = new Zikula_ProcessHook('users.ui_hooks.user.process_delete', $uid);
$this->notifyHooks($hook);
}
$count = count($userid);
$this->registerStatus($this->_fn('Done! Deleted %1$d user account.', 'Done! Deleted %1$d user accounts.', $count, array($count)));
}
}
}
if ($proceedToForm) {
return $this->view->assign('users', $users)
->fetch('IWusers_admin_deleteusers.tpl');
} else {
$this->redirect(ModUtil::url($this->name, 'admin', 'main'));
}
}
/**
* Smarty function to display user links for the Profile module
*
* Example
* {profileuserlinks start='' end='' seperator='|' class='z-menuitem-title'}
*
* Parameters passed in via the $params array:
* -------------------------------------------
* string start Start string.
* string end End string.
* string seperator Link seperator.
* string class CSS class.
* string default Default content if there are no links to show (default: <hr />).
*
* @param array $params All attributes passed to this function from the template.
* @param object &$smarty Reference to the Zikula_View/Smarty object.
*
* @return string|boolean The results of the module function; empty string if the Profile module is not available; false if error.
*/
function smarty_function_profileuserlinks($params, &$smarty)
{
// set some defaults
if (!isset($params['start'])) {
$params['start'] = '[';
}
if (!isset($params['end'])) {
$params['end'] = ']';
}
if (!isset($params['seperator'])) {
$params['seperator'] = '|';
}
if (!isset($params['class'])) {
$params['class'] = 'z-menuitem-title';
}
if (!isset($params['default'])) {
$params['default'] = '<hr />';
}
if (!UserUtil::isLoggedIn()) {
return $params['default'];
}
$dom = ZLanguage::getModuleDomain('Profile');
$func = FormUtil::getPassedValue('func', 'main', 'GET');
$currentfunc = (isset($func) && !empty($func)) ? $func : 'main';
$currentuser = UserUtil::getVar('uid');
$currentuname = UserUtil::getVar('uname');
$userlinks = '';
$linksarray = array();
// process the memberlist functions first
if (in_array($currentfunc, array('viewmembers', 'recentmembers', 'onlinemembers'))) {
$userlinks = "<div class=\"z-menu\">\n";
$userlinks .= "<span class=\"$params[class]\">$params[start] ";
if ($currentuser >= 2) {
$linksarray[] = '<a href="' . ModUtil::url('Users', 'user', 'main') . '">' . __('User account panel', $dom) . '</a>';
}
if ($currentfunc != 'viewmembers') {
$linksarray[] = '<a href="' . ModUtil::url('Profile', 'user', 'viewmembers') . '">' . __('Registered users list', $dom) . '</a>';
}
if ($currentfunc != 'recentmembers') {
$linksarray[] = '<a href="' . ModUtil::url('Profile', 'user', 'recentmembers') . '">' . __f('Last %s registered users', ModUtil::getVar('Profile', 'recentmembersitemsperpage'), $dom) . '</a>';
}
if ($currentfunc != 'onlinemembers') {
$linksarray[] = '<a href="' . ModUtil::url('Profile', 'user', 'onlinemembers') . '">' . __('Users currently on-line', $dom) . '</a>';
}
$userlinks .= implode(" $params[seperator] ", $linksarray);
$userlinks .= $params['end'] . "</span>\n";
$userlinks .= "</div>\n";
return $userlinks;
}
// default values for essential vars
if (!isset($smarty->_tpl_vars['ismember'])) {
$smarty->_tpl_vars['ismember'] = ($currentuser >= 2);
}
if (!isset($smarty->_tpl_vars['sameuser'])) {
if (isset($smarty->_tpl_vars['uid'])) {
$smarty->_tpl_vars['sameuser'] = ($currentuser == $smarty->_tpl_vars['uid']);
$smarty->_tpl_vars['uname'] = UserUtil::getVar('uname', $smarty->_tpl_vars['uid']);
} elseif (isset($smarty->_tpl_vars['uname'])) {
$smarty->_tpl_vars['sameuser'] = ($currentuname == $smarty->_tpl_vars['uname']);
$smarty->_tpl_vars['uid'] = UserUtil::getIdFromName($smarty->_tpl_vars['uname']);
} else {
$smarty->_tpl_vars['sameuser'] = false;
}
}
// process the common functions
if ($smarty->_tpl_vars['ismember'] && $smarty->_tpl_vars['sameuser']) {
$linksarray[] = '<a href="' . ModUtil::url('Users', 'user', 'main') . '">' . __('User account panel', $dom) . '</a>';
}
if ($smarty->_tpl_vars['sameuser'] && $currentfunc != 'modify') {
$linksarray[] = '<a href="' . ModUtil::url('Profile', 'user', 'modify') . '">' . __('Edit personal info', $dom) . '</a>';
}
if ($smarty->_tpl_vars['ismember'] && $currentfunc != 'view') {
$linksarray[] = '<a href="' . ModUtil::url('Profile', 'user', 'view', array('uid' => $currentuser)) . '">' . __('View personal info', $dom) . '</a>';
}
if (!$smarty->_tpl_vars['sameuser']) {
// check for the messaging module
$msgmodule = System::getVar('messagemodule');
if (isset($smarty->_tpl_vars['uid']) && ModUtil::available($msgmodule)) {
$linksarray[] = '<a href="' . ModUtil::url($msgmodule, 'user', 'newpm', array('uid' => $smarty->_tpl_vars['uid'])) . '">' . __('Send private message', $dom) . '</a>';
}
}
// build the z-menu if there's an option
if (!empty($linksarray)) {
$userlinks = "<div class=\"z-menu\">\n";
$userlinks .= "<span class=\"$params[class]\">$params[start] ";
$userlinks .= implode(" $params[seperator] ", $linksarray);
$userlinks .= $params['end'] . "</span>\n";
$userlinks .= "</div>\n";
}
// ContactList integration
if (!$smarty->_tpl_vars['sameuser'] && ModUtil::available('ContactList')) {
$buddystatus = ModUtil::apiFunc('ContactList', 'user', 'isBuddy', array('uid1' => $currentuser, 'uid2' => $smarty->_tpl_vars['uid']));
$linksarray = array();
if (empty($userlinks)) {
$linksarray[] = '<a href="' . ModUtil::url('Users', 'user', 'main') . '">' . __('User account panel', $dom) . '</a>';
}
$linksarray[] = '<a href="' . ModUtil::url('ContactList', 'user', 'display', array('uid' => $smarty->_tpl_vars['uid'])) . '">' . __f('Show %s\'s contacts', $smarty->_tpl_vars['uname'], $dom) . '</a>';
if ($buddystatus) {
$linksarray[] = '<a href="' . ModUtil::url('ContactList', 'user', 'edit', array('id' => $buddystatus)) . '">' . __('Edit contact', $dom) . '</a>';
} else {
$linksarray[] = '<a href="' . ModUtil::url('ContactList', 'user', 'create', array('uid' => $smarty->_tpl_vars['uid'])) . '">' . __('Add as contact', $dom) . '</a>';
}
$userlinks .= "<div class=\"z-menu\">\n";
$userlinks .= "<span class=\"$params[class]\">$params[start] ";
$userlinks .= implode(" $params[seperator] ", $linksarray);
$userlinks .= $params['end'] . "</span></div>\n";
}
return !empty($userlinks) ? $userlinks : $params['default'];
}
public function viewStats($args) {
$statsSaved = unserialize(SessionUtil::getVar('statsSaved'));
$moduleName = (isset($statsSaved['moduleName'])) ? $statsSaved['moduleName'] : '';
$fromDate = (isset($statsSaved['fromDate'])) ? $statsSaved['fromDate'] : null;
$toDate = (isset($statsSaved['toDate'])) ? $statsSaved['toDate'] : '';
$moduleName = FormUtil::getPassedValue('moduleName', isset($args['moduleName']) ? $args['moduleName'] : $moduleName, 'GETPOST');
$uname = FormUtil::getPassedValue('uname', isset($args['uname']) ? $args['uname'] : $statsSaved['uname'], 'GETPOST');
$fromDate = FormUtil::getPassedValue('fromDate', isset($args['fromDate']) ? $args['fromDate'] : $fromDate, 'GETPOST');
$toDate = FormUtil::getPassedValue('toDate', isset($args['toDate']) ? $args['toDate'] : $toDate, 'GETPOST');
$uid = FormUtil::getPassedValue('uid', isset($args['uid']) ? $args['uid'] : 0, 'GETPOST');
if ($uid > 0) {
$uname = UserUtil::getVar('uname', $uid);
}
SessionUtil::setVar('statsSaved', serialize(array('uname' => $uname,
'moduleName' => $moduleName,
'fromDate' => $fromDate,
'toDate' => $toDate,
)));
if (!SecurityUtil::checkPermission('IWstats::', '::', ACCESS_ADMIN)) {
throw new Zikula_Exception_Forbidden();
}
$uid = 0;
$rpp = 50;
$lastDays = 10;
$nusers = 0;
if ($uname != null && $uname != '') {
// get user id from uname
$uid = UserUtil::getIdFromName($uname);
if (!$uid) {
LogUtil::registerError(__f('User \'%s\' not found', array($uname)));
$uname = '';
}
}
$time = time();
if ($fromDate != null) {
$fromDate = mktime(0, 0, 0, substr($fromDate, 3, 2), substr($fromDate, 0, 2), substr($fromDate, 6, 4));
$fromDate = date('Y-m-d 00:00:00', $fromDate);
$fromDate = DateUtil::makeTimestamp($fromDate);
$fromDate = date('d-m-Y', $fromDate);
} else {
$fromDate = date('d-m-Y', $time - $lastDays * 24 * 60 * 60);
}
if ($toDate != null) {
$toDate = mktime(0, 0, 0, substr($toDate, 3, 2), substr($toDate, 0, 2), substr($toDate, 6, 4));
$toDate = date('Y-m-d 00:00:00', $toDate);
$toDate = DateUtil::makeTimestamp($toDate);
$toDate = date('d-m-Y', $toDate);
} else {
$toDate = date('d-m-Y', $time);
}
// get last records
$records = ModUtil::apiFunc('IWstats', 'user', 'getAllSummary', array('rpp' => -1,
'init' => -1,
'fromDate' => $fromDate,
'toDate' => $toDate,
));
// get all modules
$modules = ModUtil::apiFunc('Extensions', 'admin', 'listmodules', array('state' => 0));
foreach ($modules as $module) {
$modulesNames[$module['id']] = $module['name'];
$modulesArray[] = array('id' => $module['id'],
'name' => $module['name']);
}
$modulesNames[0] = $this->__('unknown');
$usersListArray = array();
$moduleStatsArray = array();
$userModulesArray = array();
$userArray = array();
$moduleArray = array();
$usersForModule = array();
$users = array();
$usersIpCounter = 0;
$nRecords = 0;
$userNRecords = 0;
$usersList = '';
$userName = '';
foreach ($records as $record) {
$nRecords = $nRecords + $record['nrecords'];
$usersIpCounter = $usersIpCounter + $record['nips'];
$users = explode('$$', substr($record['users'], 1, -1)); // substr to remove $ in the begining and the end of the string
foreach ($users as $user) {
$oneUser = explode('|', $user);
if (!in_array($oneUser[0], $usersListArray)) {
$nusers++;
$usersListArray[] = $oneUser[0];
}
if ($oneUser[0] == $uid && $uid > 0) {
$userInit = '$' . $uid . '|';
$userDataPos = strpos($record['users'], $userInit);
$subDataPre = substr($record['users'], $userDataPos + strlen($userInit));
$userDataPos = strpos($subDataPre, '$');
$subDataPre = substr($subDataPre, 0, $userDataPos);
$userModules = explode('#', $subDataPre);
foreach ($userModules as $module) {
$oneModule = explode('=', $module);
if (array_key_exists($modulesNames[$oneModule[0]], $userModulesArray)) {
$userModulesArray[$modulesNames[$oneModule[0]]] = $oneModule[1];
} else {
$userModulesArray[$modulesNames[$oneModule[0]]] = $userModulesArray[$modulesNames[$oneModule[0]]] + $oneModule[1];
}
$userNRecords = $userNRecords + $oneModule[1];
}
}
if ($moduleName != '') {
$moduleId = ModUtil::getIdFromName($moduleName);
if ((strpos($oneUser[1], $moduleId . '=') !== false && strpos($oneUser[1], $moduleId . '=') == 0) || strpos($oneUser[1], '#' . $moduleId . '=') !== false) {
// get the number of views
$pos = strpos($oneUser[1], $moduleId . '=');
if ($pos != 0) {
$pos = strpos($oneUser[1], '#' . $moduleId . '=');
}
$preString = substr($oneUser[1], $pos);
//print $preString . '<br />';
if ($pos != 0) {
$preString = substr($preString, 1);
}
$pos = strpos($preString, '#');
$preString = ($pos == 0) ? $preString : substr($preString, 0, $pos);
$num = explode('=', $preString);
if (!array_key_exists($oneUser[0], $usersForModule)) {
$usersForModule[$oneUser[0]] = $num[1];
$usersList .= $oneUser[0] . '$$';
} else {
$usersForModule[$oneUser[0]] = $usersForModule[$oneUser[0]] + $num[1];
}
}
}
}
$modules = explode('$$', substr($record['modules'], 1, -1)); // substr to remove $ in the begining and the end of the string
foreach ($modules as $module) {
$oneModule = explode('|', $module);
if (isset($modulesNames[$oneModule[0]])) {
if (!array_key_exists($modulesNames[$oneModule[0]], $moduleStatsArray)) {
$moduleStatsArray[$modulesNames[$oneModule[0]]] = $oneModule[1];
} else {
$moduleStatsArray[$modulesNames[$oneModule[0]]] = $moduleStatsArray[$modulesNames[$oneModule[0]]] + $oneModule[1];
}
}
}
}
ksort($userModulesArray);
if ($uid > 0) {
$userArray = array('nRecords' => $userNRecords,
'userModulesArray' => $userModulesArray,
);
}
ksort($moduleStatsArray);
if ($uid > 0) {
$sv = ModUtil::func('IWmain', 'user', 'genSecurityValue');
$userName = ModUtil::func('IWmain', 'user', 'getUserInfo', array('info' => 'ncc',
'sv' => $sv,
'uid' => $uid));
}
if ($moduleName != '') {
$sv = ModUtil::func('IWmain', 'user', 'genSecurityValue');
$users = ModUtil::func('IWmain', 'user', 'getAllUsersInfo', array('info' => 'ncc',
'sv' => $sv,
'list' => $usersList,
));
$users[0] = $this->__('Unregistered');
}
return $this->view->assign('users', $users)
->assign('nRecords', $nRecords)
->assign('nusers', $nusers)
->assign('userName', $userName)
->assign('usersIpCounter', $usersIpCounter)
->assign('modulesNames', $modulesNames)
->assign('modulesArray', $modulesArray)
->assign('moduleName', $moduleName)
->assign('uname', $uname)
->assign('fromDate', $fromDate)
->assign('toDate', $toDate)
->assign('userArray', $userArray)
->assign('maxDate', date('Ymd', time()))
->assign('usersForModule', $usersForModule)
->assign('moduleStatsArray', $moduleStatsArray)
->fetch('IWstats_admin_stats.htm');
}
/**
* view permissions
* @return string HTML string
*/
public function view()
{
// Security check
if (!SecurityUtil::checkPermission('Permissions::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
// Get parameters from whatever input we need.
$permgrp = FormUtil::getPassedValue('permgrp', -1, 'REQUEST');
$testuser = FormUtil::getPassedValue('test_user', null, 'POST');
$testcomponent = FormUtil::getPassedValue('test_component', null, 'POST');
$testinstance = FormUtil::getPassedValue('test_instance', null, 'POST');
$testlevel = FormUtil::getPassedValue('test_level', null, 'POST');
$testresult = '';
if (!empty($testuser) &&
!empty($testcomponent) &&
!empty($testinstance)
) {
// we have everything we need for an effective permission check
$testuid = UserUtil::getIdFromName($testuser);
if ($testuid <> false) {
if (SecurityUtil::checkPermission($testcomponent, $testinstance, $testlevel, $testuid)) {
$testresult = '<span id="permissiontestinfogreen">' . $this->__('permission granted.') . '</span>';
} else {
$testresult = '<span id="permissiontestinfored">' . $this->__('permission not granted.') . '</span>';
}
} else {
$testresult = '<span id="permissiontestinfored">' . $this->__('unknown user.') . '</span>';
}
}
$this->view->assign('testuser', $testuser)
->assign('testcomponent', $testcomponent)
->assign('testinstance', $testinstance)
->assign('testlevel', $testlevel)
->assign('testresult', $testresult);
// decide the default view
$enableFilter = $this->getVar('filter', 1);
$rowview = $this->getVar('rowview', 25);
// Work out which tables to operate against, and
// various other bits and pieces
$dbtable = DBUtil::getTables();
$permcolumn = $dbtable['group_perms_column'];
$ids = $this->getGroupsInfo();
$where = '';
if ($enableFilter == 1) {
$permgrpparts = explode('+', $permgrp);
if ($permgrpparts[0] == 'g') {
if (is_array($permgrpparts) && $permgrpparts[1] != SecurityUtil::PERMS_ALL) {
$where = "WHERE (" . $permcolumn['gid'] . "='" . SecurityUtil::PERMS_ALL . "' OR " . $permcolumn['gid'] . "='" . DataUtil::formatForStore($permgrpparts[1]) . "')";
$permgrp = $permgrpparts[1];
$this->view->assign('filtertype', 'group');
} else {
$permgrp = SecurityUtil::PERMS_ALL;
$where = '';
}
} elseif ($permgrpparts[0] == 'c') {
if (is_array($permgrpparts) && $permgrpparts[1] != SecurityUtil::PERMS_ALL) {
$where = "WHERE (" . $permcolumn['component'] . "='.*' OR " . $permcolumn['component'] . " LIKE '" . DataUtil::formatForStore($permgrpparts[1]) . "%')";
$permgrp = $permgrpparts[1];
$this->view->assign('filtertype', 'component');
} else {
$permgrp = SecurityUtil::PERMS_ALL;
$where = '';
}
} else {
$this->view->assign('filtertype', '');
}
$this->view->assign('permgrps', $ids);
$this->view->assign('permgrp', $permgrp);
$this->view->assign('enablefilter', true);
} else {
$this->view->assign('enablefilter', false);
$this->view->assign('filtertype', '');
$this->view->assign('permgrp', SecurityUtil::PERMS_ALL);
}
$accesslevels = SecurityUtil::accesslevelnames();
$orderBy = "ORDER BY $permcolumn[sequence]";
$objArray = DBUtil::selectObjectArray('group_perms', $where, $orderBy, -1, -1, false);
$numrows = DBUtil::_getFetchedObjectCount();
$permissions = array();
$components = array(-1 => $this->__('All components'));
if ($numrows > 0) {
$csrftoken = SecurityUtil::generateCsrfToken($this->serviceManager, true);
$rownum = 1;
$ak = array_keys($objArray);
foreach ($ak as $v) {
$obj = $objArray[$v];
$id = $obj['gid'];
$up = array('url' => ModUtil::url('Permissions', 'admin', 'inc',
array('pid' => $obj['pid'],
'permgrp' => $permgrp,
'csrftoken' => $csrftoken)),
'title' => $this->__('Up'));
$down = array('url' => ModUtil::url('Permissions', 'admin', 'dec',
array('pid' => $obj['pid'],
'permgrp' => $permgrp,
'csrftoken' => $csrftoken)),
'title' => $this->__('Down'));
switch ($rownum) {
case 1:
$arrows = array('up' => 0, 'down' => 1);
break;
case $numrows:
$arrows = array('up' => 1, 'down' => 0);
break;
default:
$arrows = array('up' => 1, 'down' => 1);
break;
}
$rownum++;
$options = array();
$inserturl = ModUtil::url('Permissions', 'admin', 'listedit',
array('permgrp' => $permgrp,
'action' => 'insert',
'insseq' => $obj['sequence']));
$editurl = ModUtil::url('Permissions', 'admin', 'listedit',
array('chgpid' => $obj['pid'],
'permgrp' => $permgrp,
'action' => 'modify'));
$deleteurl = ModUtil::url('Permissions', 'admin', 'delete',
array('pid' => $obj['pid'],
'permgrp' => $permgrp));
$permissions[] = array('sequence' => $obj['sequence'],
'arrows' => $arrows,
// Realms not currently functional so hide the output - jgm
//'realms' => $realms[$realm],
'group' => $ids[$id],
'groupid' => $id,
'component' => $obj['component'],
'instance' => $obj['instance'],
'accesslevel' => $accesslevels[$obj['level']],
'accesslevelid' => $obj['level'],
'options' => $options,
'up' => $up,
'down' => $down,
'permid' => $obj['pid'],
'inserturl' => $inserturl,
'editurl' => $editurl,
'deleteurl' => $deleteurl);
}
}
// read all perms to extract components
$allPerms = DBUtil::selectObjectArray('group_perms', '', $orderBy, -1, -1, false);
foreach ($allPerms as $singlePerm) {
// extract components, we keep everything up to the first colon
$compparts = explode(':', $singlePerm['component']);
$components[$compparts[0]] = $compparts[0];
}
$this->view->assign('groups', $this->getGroupsInfo());
$this->view->assign('permissions', $permissions);
$this->view->assign('components', $components);
$lockadmin = ($this->getVar('lockadmin')) ? 1 : 0;
$this->view->assign('lockadmin', $lockadmin);
$this->view->assign('adminid', $this->getVar('adminid'));
// Assign the permission levels
$this->view->assign('permissionlevels', SecurityUtil::accesslevelnames());
return $this->view->fetch('permissions_admin_view.tpl');
}
/**
* When Zikula authentication has failed, start SiriusXtecAuth
*
* @return bool true authetication succesful
*/
public static function trySiriusXtecAuth(Zikula_Event $event)
{
$authentication_info = FormUtil::getPassedValue('authentication_info', isset($args['authentication_info']) ? $args['authentication_info'] : null, 'POST');
// Argument check
if ($authentication_info['login_id'] == '' || $authentication_info['pass'] == '') {
LogUtil::registerError(__('Usuari o contrasenya en blanc.'));
return System::redirect(System::getHomepageUrl());
}
$uname = $authentication_info['login_id'];
$pass = $authentication_info['pass'];
// check if ldap is active
if (!ModUtil::getVar('SiriusXtecAuth','ldap_active',false)) return false;
// checking new users case
$userid = UserUtil::getIdFromName($uname);
if (($userid === false) && (ModUtil::getVar('SiriusXtecAuth','users_creation',false) === false)) return false;
// connect to ldap server
if (!$ldap_ds = ldap_connect(ModUtil::getVar('SiriusXtecAuth', 'ldap_server'))) {
LogUtil::registerError(__('No ha pogut connectar amb el servidor ldap.'));
return false;
}
///////////////////
// Checking ldap validation
$ldaprdn = ModUtil::getVar('SiriusXtecAuth', 'ldap_searchattr') . '=' . $uname . ',' . ModUtil::getVar('SiriusXtecAuth', 'ldap_basedn');
$bind = @ldap_bind($ldap_ds, $ldaprdn, $pass);
if (!$bind) {
LogUtil::registerError(__('La informació introduïda no correspon a cap validació manual ni XTEC.'));
return false;
}
LogUtil::getErrorMessages();
// Case new users
if ($userid === false) {
$userLdapFields = array ('cn', 'uid', 'givenname', 'sn', 'mail');
// search the directory for our user
if (!$ldap_sr = ldap_search($ldap_ds, ModUtil::getVar('SiriusXtecAuth', 'ldap_basedn'), ModUtil::getVar('SiriusXtecAuth', 'ldap_searchattr') . '=' . DataUtil::formatForStore($uname),$userLdapFields)) {
LogUtil::registerError(__('Problemes en la creació d\'un nou usuari de Sirus des de la validació XTEC (I).'));
return false;
}
$info = ldap_get_entries($ldap_ds, $ldap_sr);
if (!$info || $info['count'] == 0) {
LogUtil::registerError('Problemes en la creació d\'un nou usuari de Sirus des de la validació XTEC (II).');
return false;
} else {
if (!isset($info[0]['dn'])) {
LogUtil::registerError('Problemes en la creació d\'un nou usuari de Sirus des de la validació XTEC (III).');
return false;
}
}
$user['zk']['uname'] =$uname;
$user['zk']['email'] = $info[0]['mail'][0];
if (ModUtil::getVar('SiriusXtecAuth','iw_write',false) && ModUtil::available('IWusers')) {
$user['iw']['nom'] = ucwords(strtolower($info[0]['givenname'][0]));
$cognom_separator = strpos($info[0]['sn'][0],' ');
if ($cognom_separator && ModUtil::getVar('SiriusXtecAuth','iw_lastnames',false)) {
$user['iw']['cognom1'] = ucwords(strtolower(substr($info[0]['sn'][0],0,$cognom_separator)));
$user['iw']['cognom2'] = ucwords(strtolower(substr($info[0]['sn'][0],$cognom_separator+1)));
} else{
$user['iw']['cognom1'] = ucwords(strtolower($info[0]['sn'][0]));
$user['iw']['cognom1'] = '';
}
}
if (ModUtil::getVar('SiriusXtecAuth','new_users_activation', false)) {
$user['zk']['activated'] = 1;
}else {
$user['zk']['activated'] = 0;
}
$user['gr'] = ModUtil::getVar('SiriusXtecAuth','new_users_groups');
$userid = ModUtil::apifunc('SiriusXtecAuth', 'listeners', 'createUser', $user);
if (!$userid) {
LogUtil::registerError(__('No s\'ha pogut crear l\'usuari. Torneu a validar-vos.'));
return false;
}
}
@ldap_unbind($ldap_ds);
UserUtil::setUserByUid($userid);
if (!ModUtil::getVar('SiriusXtecAuth','loginXtecApps',false)) {
return System::redirect(System::getHomepageUrl());
} else {
$pass_e = urlencode(base64_encode($pass));
return System::redirect(ModUtil::url('SiriusXtecAuth', 'user', 'logingXtecApps',array('uname'=>$uname,'pass'=>$pass_e,'logtype'=>'in')));
}
}
/**
* Retrieves the Zikula User ID (uid) for the given authenticationInfo, from the mapping maintained by this authenticationModule.
*
* Custom authenticationModules should pay extra special attention to the accurate association of authenticationInfo and user
* ids (uids). Returning the wrong uid for a given authenticationInfo will potentially expose a user's account to
* unauthorized access. Custom authenticationModules must also ensure that they keep their mapping table in sync with
* the user's account.
*
* Note: (Specific to Zikula Users module authentication) This function uses mb_strtolower, and assumes that
* locale == charset.
*
* Parameters passed in $args:
* ---------------------------
* array $args['authentication_info'] The information needed for this authenticationModule, including any user-entered
* information. For the Users module, this contains the elements 'login_id' and 'pass'.
* The 'login_id' element contains either the user name or the e-mail address of the
* user logging in, depending on the authentication_method. The 'pass' contains the
* password entered by the user.
* array $args['authentication_method'] An array containing the authentication method, including the 'modname' (which should match this
* module's module name), and the 'method' method name. For the Users module, 'modname' would
* be 'Users' and 'method' would contain either 'email' or 'uname'.
*
* @param array $args All arguments passed to this function.
* array authenticationInfo The authentication information uniquely associated with a user.
*
* @return integer|boolean The integer Zikula uid uniquely associated with the given authenticationInfo;
* otherwise false if user not found or error.
*
* @throws Zikula_Exception_Fatal Thrown if invalid parameters are sent in $args.
*/
public function getUidForAuthenticationInfo(array $args)
{
// authenticationInfo can contain anything necessary for the authentication method, but most of the time will contain
// a login ID of some sort, and a password. Set up authenticationInfo in templates as name="authenticationInfo[fieldname]" to
// gather what is needed. In this case, we don't care about any password that might be in authenticationInfo.
$authenticatedUid = false;
// Validate authenticationInfo
if (!isset($args['authentication_info']) || !is_array($args['authentication_info'])
|| empty($args['authentication_info'])) {
throw new Zikula_Exception_Fatal($this->__f('Invalid \'%1$s\' parameter provided in a call to %2$s.', array('authentication_info', __METHOD__)));
}
$authenticationInfo = $args['authentication_info'];
if (!isset($args['authentication_method']) || !is_array($args['authentication_method'])
|| empty($args['authentication_method'])) {
throw new Zikula_Exception_Fatal($this->__f('Invalid \'%1$s\' parameter provided in a call to %2$s.', array('authentication_method', __METHOD__)));
}
$authenticationMethod = $args['authentication_method'];
// Custom authenticationModules can expect whatever they need in authentication_info. The authentication_method
// parameter will contain the module name (which is a bit redundant) and the specific method name.
$loginID = $authenticationInfo['login_id'];
if (!isset($loginID) || (is_string($loginID) && empty($loginID))) {
if ($authenticationMethod == 'email') {
$detailedMessage = $this->__f('An e-mail address was not provided in a call to %1$s.', array(__METHOD__));
} else {
$detailedMessage = $this->__f('A user name was not provided in a call to %1$s.', array(__METHOD__));
}
throw new Zikula_Exception_Fatal($detailedMessage);
} elseif (!is_string($loginID)) {
throw new Zikula_Exception_Fatal($this->__f('Invalid type for \'%1$s\' parameter in a call to %2$s.', array('login_id', __METHOD__)));
}
// The users module expects the loginID to be lower case. Custom authenticationModules would do whatever
// they needed here, if anything.
$loginID = mb_strtolower($loginID);
// Look up the authenticationInfo in the authentication-source to/from Zikula uid mapping table.
//
// Note: the following is a bad example for custom modules because there no mapping table for the Users module.
// A custom authentication module would look up a uid using its own mapping tables, not the users table or UserUtil.
if ($authenticationMethod['method'] == 'email') {
$authenticatedUid = UserUtil::getIdFromEmail($loginID);
if (!$authenticatedUid) {
// Might be a registration. Acting as an authenticationModule, we should not care at this point about the user's
// account status. The account status is something for UserUtil::loginUsing() to deal with after we
// tell it whether the account authenticates or not.
$authenticatedUid = UserUtil::getIdFromEmail($loginID, true);
}
} else {
$authenticatedUid = UserUtil::getIdFromName($loginID);
if (!$authenticatedUid) {
// Might be a registration. See above.
$authenticatedUid = UserUtil::getIdFromName($loginID, true);
}
}
return $authenticatedUid;
}
public function applyCsvValues($args){
$this->throwForbiddenUnless(SecurityUtil::checkPermission('IWusers::', '::', ACCESS_DELETE));
$update = isset($args['update'])?$args['update']:null;
$insert = isset($args['insert'])?$args['insert']:null;
// Upate users table with new values
if (!(DBUtil::updateObjectArray($update, 'users', 'uid')))
LogUtil::registerError($this->__('Error! Update attempt failed.'));
// Update IWusers table
foreach ($update as &$user){
if (DBUtil::updateObject($user, 'IWusers', "iw_uid =".$user['uid']))
$user['action'] = 'm'; // modified //$this->__('Update');
else
$user['error']= $user['uname']." - ".$this->__('Error! Update attempt failed.'). " ";
}
if (count($insert)){
// Create new users in users table
if (!(DBUtil::InsertObjectArray($insert, 'users', 'uid')))
LogUtil::registerError($this->__('Error! New user creation attempt failed.'));
// Create new users in IWusers table
if (!(DBUtil::InsertObjectArray($insert, 'IWusers')))
LogUtil::registerError($this->__('Error! New user creation attempt failed.'));
}
// Join update and insert arrays and process
$allChanges = array_merge($update, $insert);
foreach ($allChanges as &$user){
// Process "in" and "out" groups information
ModUtil::apiFunc($this->name, 'admin', 'updateUserGroups', $user);
// Set user pass
if (isset($user['password']) && ($user['password']!="")) {
// Validate pass length and pass <> uname or new_uname
if (userUtil::validatePassword($user['password'])) {
UserUtil::setPassword($user['password'], $user['uid']);
} else {
// Not a valid password -> error
$result['error'][$user['uid']] = $user;
$user['error'].= $this->__('Password does not meet the minimum criteria.')." ";
}
}
// Force user change password?
if ($forcechgpass) {
switch ($user['forcechgpass']) {
case 1:
UserUtil::setVar('_Users_mustChangePassword', 1, $user['uid']);
break;
case 0;
UserUtil::delVar('_Users_mustChangePassword', $user['uid']);
break;
}
}
// Change uname
if (isset($user['new_uname']) && ($user['new_uname']!= "") && (!is_null($user['uid']))) {
// search repeated uname/new_uname
if (!(UserUtil::getIdFromName($user['new_uname']))) {
// new_uname not exists proceed with uname change
$object['uname'] = $user['new_uname'];
//$object['uid'] = $user['uid'];
DBUtil::updateObject($object, 'users', "uid=".$user['uid']);
//UserUtil::setPassword($user['pass'], $user['uid']);
} else {
$user['error'].= $this->__f('Duplicated username: %s.', $user['new_uname']);
}
}
}
return $allChanges;
}
/**
* Get the uid of a user from the username
*
* @deprecated
* @see UserUtil::getIdFromName()
*
* @param uname $ the username
* @return mixed userid if found, false if not
*/
function pnUserGetIDFromName($uname)
{
LogUtil::log(__f('Warning! Function %1$s is deprecated. Please use %2$s instead.', array(__FUNCTION__, 'UserUtil::getIdFromName()')), E_USER_DEPRECATED);
return UserUtil::getIdFromName($uname);
}
