Esempio n. 1
0
 /**
  * Avatar_userapi_setavatar()
  *
  * sets the user avatar.
  *
  * @param integer $args['uid'] the user id
  * @param string $args['avatar'] the user avatar
  * @return boolean success
  **/
 public function setavatar($args)
 {
     if (!isset($args['uid']) || !isset($args['avatar'])) {
         return LogUtil::registerArgsError();
     }
     $avatar_ok = ModUtil::apiFunc('Avatar', 'user', 'checkAvatar', $args);
     if ($avatar_ok == true) {
         $uname = UserUtil::getVar('uname', $args['uid']);
         if ($args['avatar'] == 'blank.gif') {
             $args['avatar'] = '';
             $status = $this->__f('Done! The avatar of the user \'%s\' has been disabled.', $uname);
         } else {
             if ($args['avatar'] == 'gravatar.gif') {
                 $status = $this->__f('Done! The avatar of the user \'%s\' has been set to his gravatar.', $uname);
             } else {
                 $status = $this->__f('Done! The avatar of the user \'%1$s\' has been changed to \'%2$s\'', array($uname, $args['avatar']));
             }
         }
         UserUtil::setVar('avatar', $args['avatar'], $args['uid']);
         LogUtil::registerStatus($status);
         return true;
     }
     return LogUtil::registerError($this->__f('Error! The user is not authorized to use this avatar. To change this, update the permission for %s.', $args['avatar']));
 }
Esempio n. 2
0
    /**
     * Respond to a `module.users.ui.process_edit` event to store profile data gathered when editing or creating a user account.
     * 
     * Parameters passed in via POST:
     * ------------------------------
     * array dynadata An array containing the profile items to store for the user.
     *
     * @param Zikula_Event $event The event that triggered this function call, containing the id of the user for which profile information should be stored.
     * 
     * @return void
     */
    public function processEdit(Zikula_Event $event)
    {
        if ($this->request->isPost()) {
            if ($this->validation && !$this->validation->hasErrors()) {
                $user = $event->getSubject();
                $dynadata = $this->request->getPost()->has('dynadata') ? $this->request->getPost()->get('dynadata') : array();

                foreach ($dynadata as $dudName => $dudItem) {
                    UserUtil::setVar($dudName, $dudItem, $user['uid']);
                }
            }
        }
    }
Esempio n. 3
0
    /**
     * Responds to process_edit hook-like event notifications.
     *
     * @param Zikula_Event $event The event that triggered this function call.
     *
     * @return void
     *
     * @throws Zikula_Exception_Fatal Thrown if a user account does not exist for the uid specified by the event.
     */
    public function processEdit(Zikula_Event $event)
    {
        $activePolicies = $this->helper->getActivePolicies();
        $eventName = $event->getName();

        if (isset($this->validation) && !$this->validation->hasErrors()) {
            $user = $event->getSubject();
            $uid = $user['uid'];

            if (!UserUtil::isLoggedIn()) {
                if (($eventName == 'module.users.ui.process_edit.login_screen') || ($eventName == 'module.users.ui.process_edit.login_block')) {
                    $policiesAcceptedAtLogin = $this->validation->getObject();

                    $nowUTC = new DateTime('now', new DateTimeZone('UTC'));
                    $nowUTCStr = $nowUTC->format(DateTime::ISO8601);

                    if ($activePolicies['termsOfUse'] && $policiesAcceptedAtLogin['termsOfUse']) {
                        UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowUTCStr, $uid);
                    }

                    if ($activePolicies['privacyPolicy'] && $policiesAcceptedAtLogin['privacyPolicy']) {
                        UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowUTCStr, $uid);
                    }

                    if ($activePolicies['agePolicy'] && $policiesAcceptedAtLogin['agePolicy']) {
                        UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowUTCStr, $uid);
                    }

                    if ($activePolicies['cancellationRightPolicy'] && $policiesAcceptedAtLogin['cancellationRightPolicy']) {
                        UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowUTCStr, $uid);
                    }

                    if ($activePolicies['tradeConditions'] && $policiesAcceptedAtLogin['tradeConditions']) {
                        UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowUTCStr, $uid);
                    }

                    // Force the reload of the user record
                    $user = UserUtil::getVars($uid, true);
                } else {
                    $isRegistration = UserUtil::isRegistration($uid);

                    $user = UserUtil::getVars($uid, false, 'uid', $isRegistration);
                    if (!$user) {
                        throw new Zikula_Exception_Fatal(__('A user account or registration does not exist for the specified uid.', $this->domain));
                    }

                    $policiesAcceptedAtRegistration = $this->validation->getObject();

                    $nowUTC = new DateTime('now', new DateTimeZone('UTC'));
                    $nowUTCStr = $nowUTC->format(DateTime::ISO8601);

                    if ($activePolicies['termsOfUse'] && $policiesAcceptedAtRegistration['termsOfUse']) {
                        UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowUTCStr, $uid);
                    }

                    if ($activePolicies['privacyPolicy'] && $policiesAcceptedAtRegistration['privacyPolicy']) {
                        UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowUTCStr, $uid);
                    }

                    if ($activePolicies['agePolicy'] && $policiesAcceptedAtRegistration['agePolicy']) {
                        UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowUTCStr, $uid);
                    }

                    if ($activePolicies['cancellationRightPolicy'] && $policiesAcceptedAtRegistration['cancellationRightPolicy']) {
                        UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowUTCStr, $uid);
                    }

                    if ($activePolicies['tradeConditions'] && $policiesAcceptedAtRegistration['tradeConditions']) {
                        UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowUTCStr, $uid);
                    }

                    // Force the reload of the user record
                    $user = UserUtil::getVars($uid, true, 'uid', $isRegistration);
                }
            } else {
                $isRegistration = UserUtil::isRegistration($uid);

                $user = UserUtil::getVars($uid, false, 'uid', $isRegistration);
                if (!$user) {
                    throw new Zikula_Exception_Fatal(__('A user account or registration does not exist for the specified uid.', $this->domain));
                }

                $policiesAcceptedAtRegistration = $this->validation->getObject();
                $editablePolicies = $this->helper->getEditablePolicies();

                $nowUTC = new DateTime('now', new DateTimeZone('UTC'));
                $nowUTCStr = $nowUTC->format(DateTime::ISO8601);

                if ($activePolicies['termsOfUse'] && $editablePolicies['termsOfUse']) {
                    if ($policiesAcceptedAtRegistration['termsOfUse']) {
                        UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowUTCStr, $uid);
                    } elseif (($policiesAcceptedAtRegistration['termsOfUse'] === 0) || ($policiesAcceptedAtRegistration['termsOfUse'] === "0")) {
                        UserUtil::delVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $uid);
                    }
                }

                if ($activePolicies['privacyPolicy'] && $editablePolicies['privacyPolicy']) {
                    if ($policiesAcceptedAtRegistration['privacyPolicy']) {
                        UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowUTCStr, $uid);
                    } elseif (($policiesAcceptedAtRegistration['privacyPolicy'] === 0) || ($policiesAcceptedAtRegistration['termsOfUse'] === "0")) {
                        UserUtil::delVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $uid);
                    }
                }

                if ($activePolicies['agePolicy'] && $editablePolicies['agePolicy']) {
                    if ($policiesAcceptedAtRegistration['agePolicy']) {
                        UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowUTCStr, $uid);
                    } elseif (($policiesAcceptedAtRegistration['agePolicy'] === 0) || ($policiesAcceptedAtRegistration['termsOfUse'] === "0")) {
                        UserUtil::delVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $uid);
                    }
                }

                if ($activePolicies['cancellationRightPolicy'] && $editablePolicies['cancellationRightPolicy']) {
                    if ($policiesAcceptedAtRegistration['cancellationRightPolicy']) {
                        UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowUTCStr, $uid);
                    } elseif (($policiesAcceptedAtRegistration['cancellationRightPolicy'] === 0) || ($policiesAcceptedAtRegistration['cancellationRightPolicy'] === "0")) {
                        UserUtil::delVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $uid);
                    }
                }

                if ($activePolicies['tradeConditions'] && $editablePolicies['tradeConditions']) {
                    if ($policiesAcceptedAtRegistration['tradeConditions']) {
                        UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowUTCStr, $uid);
                    } elseif (($policiesAcceptedAtRegistration['tradeConditions'] === 0) || ($policiesAcceptedAtRegistration['tradeConditions'] === "0")) {
                        UserUtil::delVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $uid);
                    }
                }

                // Force the reload of the user record
                $user = UserUtil::getVars($uid, true, 'uid', $isRegistration);
            }
        }
    }
Esempio n. 4
0
    /**
     * Sets or resets a user's need to changed his password on his next attempt at logging ing.
     *
     * Parameters passed via GET:
     * --------------------------
     * numeric userid The uid of the user for whom a change of password should be forced (or canceled).
     *
     * Parameters passed via POST:
     * ---------------------------
     * numeric userid                    The uid of the user for whom a change of password should be forced (or canceled).
     * boolean user_must_change_password True to force the user to change his password at his next log-in attempt, otherwise false.
     *
     * Parameters passed via SESSION:
     * ------------------------------
     * None.
     *
     * @return string The rendered output from either the template for confirmation.
     *
     * @throws Zikula_Exception_Fatal Thrown if a user id is not specified, is invalid, or does not point to a valid account record,
     *                                      or the account record is not in a consistent state.
     * @throws Zikula_Exception_Forbidden Thrown if the current user does not have edit access for the account record.
     */
    public function toggleForcedPasswordChange()
    {
        if ($this->request->isGet()) {
            $uid = $this->request->query->get('userid', false);

            if (!$uid || !is_numeric($uid) || ((int)$uid != $uid)) {
                throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs());
            }

            $userObj = UserUtil::getVars($uid);

            if (!isset($userObj) || !$userObj || !is_array($userObj) || empty($userObj)) {
                throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs());
            }

            if (!SecurityUtil::checkPermission('Users::', "{$userObj['uname']}::{$uid}", ACCESS_EDIT)) {
                throw new Zikula_Exception_Forbidden();
            }

            $userMustChangePassword = UserUtil::getVar('_Users_mustChangePassword', $uid, false);

            return $this->view->assign('user_obj', $userObj)
                ->assign('user_must_change_password', $userMustChangePassword)
                ->fetch('users_admin_toggleforcedpasswordchange.tpl');
        } elseif ($this->request->isPost()) {
            $this->checkCsrfToken();

            $uid = $this->request->request->get('userid', false);
            $userMustChangePassword = $this->request->request->get('user_must_change_password', false);

            if (!$uid || !is_numeric($uid) || ((int)$uid != $uid)) {
                throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs());
            }

            // Force reload of User object into cache.
            $userObj = UserUtil::getVars($uid);

            if (!SecurityUtil::checkPermission('Users::', "{$userObj['uname']}::{$uid}", ACCESS_EDIT)) {
                throw new Zikula_Exception_Forbidden();
            }

            if ($userMustChangePassword) {
                UserUtil::setVar('_Users_mustChangePassword', $userMustChangePassword, $uid);
            } else {
                UserUtil::delVar('_Users_mustChangePassword', $uid);
            }

            // Force reload of User object into cache.
            $userObj = UserUtil::getVars($uid, true);

            if ($userMustChangePassword) {
                if (isset($userObj['__ATTRIBUTES__']) && isset($userObj['__ATTRIBUTES__']['_Users_mustChangePassword'])) {
                    $this->registerStatus($this->__f('Done! A password change will be required the next time %1$s logs in.', array($userObj['uname'])));
                } else {
                    throw new Zikula_Exception_Fatal();
                }
            } else {
                if (isset($userObj['__ATTRIBUTES__']) && isset($userObj['__ATTRIBUTES__']['_Users_mustChangePassword'])) {
                    throw new Zikula_Exception_Fatal();
                } else {
                    $this->registerStatus($this->__f('Done! A password change will no longer be required for %1$s.', array($userObj['uname'])));
                }
            }

            $this->redirect(ModUtil::url($this->name, 'admin', 'view'));
        } else {
            throw new Zikula_Exception_Forbidden();
        }
    }
Esempio n. 5
0
    /**
     * Allow the user to accept active terms of use and/or privacy policy.
     *
     * This function is currently used by the Legal module's handler for the users.login.veto event.
     *
     * @return string The rendered output from the template.
     *
     * @throws Zikula_Exception_Forbidden Thrown if the user is not logged in and the acceptance attempt is not a result of a login attempt.
     *
     * @throws Zikula_Exception_Fatal Thrown if the user is already logged in and the acceptance attempt is a result of a login attempt;
     *      also thrown in cases where expected data is not present or not in an expected form;
     *      also thrown if the call to this function is not the result of a POST operation or a GET operation.
     */
    public function acceptPolicies()
    {
        // Retrieve and delete any session variables being sent in by the log-in process before we give the function a chance to
        // throw an exception. We need to make sure no sensitive data is left dangling in the session variables.
        $sessionVars = $this->request->getSession()->get('Legal_Controller_User_acceptPolicies', null, $this->name);
        $this->request->getSession()->del('Legal_Controller_User_acceptPolicies', $this->name);

        $processed = false;
        $helper = new Legal_Helper_AcceptPolicies();

        if ($this->request->isPost()) {
            $this->checkCsrfToken();

            $isLogin = isset($sessionVars) && !empty($sessionVars);

            if (!$isLogin && !UserUtil::isLoggedIn()) {
                throw new Zikula_Exception_Forbidden();
            } elseif ($isLogin && UserUtil::isLoggedIn()) {
                throw new Zikula_Exception_Fatal();
            }

            $policiesUid = $this->request->getPost()->get('acceptedpolicies_uid', false);
            $acceptedPolicies = array(
                'termsOfUse'                => $this->request->getPost()->get('acceptedpolicies_termsofuse', false),
                'privacyPolicy'             => $this->request->getPost()->get('acceptedpolicies_privacypolicy', false),
                'agePolicy'                 => $this->request->getPost()->get('acceptedpolicies_agepolicy', false),
                'cancellationRightPolicy'   => $this->request->getPost()->get('acceptedpolicies_cancellationrightpolicy', false),
                'tradeConditions'           => $this->request->getPost()->get('acceptedpolicies_tradeconditions', false)
            );

            if (!isset($policiesUid) || empty($policiesUid) || !is_numeric($policiesUid)) {
                throw new Zikula_Exception_Fatal();
            }

            $activePolicies = $helper->getActivePolicies();
            $originalAcceptedPolicies = $helper->getAcceptedPolicies($policiesUid);

            $fieldErrors = array();

            if ($activePolicies['termsOfUse'] && !$originalAcceptedPolicies['termsOfUse'] && !$acceptedPolicies['termsOfUse']) {
                $fieldErrors['termsofuse'] = $this->__('You must accept this site\'s Terms of Use in order to proceed.');
            }

            if ($activePolicies['privacyPolicy'] && !$originalAcceptedPolicies['privacyPolicy'] && !$acceptedPolicies['privacyPolicy']) {
                $fieldErrors['privacypolicy'] = $this->__('You must accept this site\'s Privacy Policy in order to proceed.');
            }

            if ($activePolicies['agePolicy'] && !$originalAcceptedPolicies['agePolicy'] && !$acceptedPolicies['agePolicy']) {
                $fieldErrors['agepolicy'] = $this->__f('In order to log in, you must confirm that you meet the requirements of this site\'s Minimum Age Policy. If you are not %1$s years of age or older, and you do not have a parent\'s permission to use this site, then please ask your parent to contact a site administrator.', array(ModUtil::getVar('Legal', Legal_Constant::MODVAR_MINIMUM_AGE, 0)));
            }

            if ($activePolicies['cancellationRightPolicy'] && !$originalAcceptedPolicies['cancellationRightPolicy'] && !$acceptedPolicies['cancellationRightPolicy']) {
                $fieldErrors['cancellationrightpolicy'] = $this->__('You must accept our cancellation right policy in order to proceed.');
            }

            if ($activePolicies['tradeConditions'] && !$originalAcceptedPolicies['tradeConditions'] && !$acceptedPolicies['tradeConditions']) {
                $fieldErrors['tradeconditions'] = $this->__('You must accept our general terms and conditions of trade in order to proceed.');
            }

            if (empty($fieldErrors)) {
                $now = new DateTime('now', new DateTimeZone('UTC'));
                $nowStr = $now->format(DateTime::ISO8601);

                if ($activePolicies['termsOfUse'] && $acceptedPolicies['termsOfUse']) {
                    $termsOfUseProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowStr, $policiesUid);
                } else {
                    $termsOfUseProcessed = !$activePolicies['termsOfUse'] || $originalAcceptedPolicies['termsOfUse'];
                }

                if ($activePolicies['privacyPolicy'] && $acceptedPolicies['privacyPolicy']) {
                    $privacyPolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowStr, $policiesUid);
                } else {
                    $privacyPolicyProcessed = !$activePolicies['privacyPolicy'] || $originalAcceptedPolicies['privacyPolicy'];
                }

                if ($activePolicies['agePolicy'] && $acceptedPolicies['agePolicy']) {
                    $agePolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowStr, $policiesUid);
                } else {
                    $agePolicyProcessed = !$activePolicies['agePolicy'] || $originalAcceptedPolicies['agePolicy'];
                }

                if ($activePolicies['cancellationRightPolicy'] && $acceptedPolicies['cancellationRightPolicy']) {
                    $cancellationRightPolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowStr, $policiesUid);
                } else {
                    $cancellationRightPolicyProcessed = !$activePolicies['cancellationRightPolicy'] || $originalAcceptedPolicies['cancellationRightPolicy'];
                }

                if ($activePolicies['tradeConditions'] && $acceptedPolicies['tradeConditions']) {
                    $tradeConditionsProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowStr, $policiesUid);
                } else {
                    $tradeConditionsProcessed = !$activePolicies['tradeConditions'] || $originalAcceptedPolicies['tradeConditions'];
                }

                $processed = $termsOfUseProcessed && $privacyPolicyProcessed && $agePolicyProcessed && $cancellationRightPolicyProcessed && $tradeConditionsProcessed;
            }

            if ($processed) {
                if ($isLogin) {
                    $loginArgs = $this->request->getSession()->get('Users_Controller_User_login', array(), 'Zikula_Users');
                    $loginArgs['authentication_method'] = $sessionVars['authentication_method'];
                    $loginArgs['authentication_info']   = $sessionVars['authentication_info'];
                    $loginArgs['rememberme']            = $sessionVars['rememberme'];
                    return ModUtil::func('Users', 'user', 'login', $loginArgs);
                } else {
                    $this->redirect(System::getHomepageUrl());
                }
            }
        } elseif ($this->request->isGet()) {
            $isLogin = $this->request->getGet()->get('login', false);
            $fieldErrors = array();
        } else {
            throw new Zikula_Exception_Forbidden();
        }

        // If we are coming here from the login process, then there are certain things that must have been
        // send along in the session variable. If not, then error.
        if ($isLogin && (!isset($sessionVars['user_obj']) || !is_array($sessionVars['user_obj'])
                || !isset($sessionVars['authentication_info']) || !is_array($sessionVars['authentication_info'])
                || !isset($sessionVars['authentication_method']) || !is_array($sessionVars['authentication_method']))
                ) {
            throw new Zikula_Exception_Fatal();
        }

        if ($isLogin) {
            $policiesUid = $sessionVars['user_obj']['uid'];
        } else {
            $policiesUid = UserUtil::getVar('uid');
        }

        if (!$policiesUid || empty($policiesUid)) {
            throw new Zikula_Exception_Fatal();
        }

        if ($isLogin) {
            // Pass along the session vars to updateAcceptance. We didn't want to just keep them in the session variable
            // Legal_Controller_User_acceptPolicies because if we hit an exception or got redirected, then the data
            // would have been orphaned, and it contains some sensitive information.
            SessionUtil::requireSession();
            $this->request->getSession()->set('Legal_Controller_User_acceptPolicies', $sessionVars, $this->name);
        }

        $templateVars = array(
            'login'                     => $isLogin,
            'policiesUid'               => $policiesUid,
            'activePolicies'            => $helper->getActivePolicies(),
            'acceptedPolicies'          => isset($acceptedPolicies) ? $acceptedPolicies : $helper->getAcceptedPolicies($policiesUid),
            'originalAcceptedPolicies'  => isset($originalAcceptedPolicies) ? $originalAcceptedPolicies : $helper->getAcceptedPolicies($policiesUid),
            'fieldErrors'               => $fieldErrors,
        );

        return $this->view->assign($templateVars)
                ->fetch('legal_user_acceptpolicies.tpl');
    }
Esempio n. 6
0
        /**
     * Delete one or more user account records, or mark one or more account records for deletion.
     *
     * If records are marked for deletion, they remain in the system and accessible by the system, but are given an
     * 'activated' status that prevents the user from logging in. Records marked for deletion will not appear on the
     * regular users list. The delete hook and delete events are not triggered if the records are only marked for
     * deletion.
     *
     * Parameters passed in the $args array:
     * -------------------------------------
     * numeric|array $args['uid']  A single (numeric integer) user id, or an array of user ids to delete.
     * boolean       $args['mark'] If true, then mark for deletion, but do not actually delete.
     *                                  defaults to false.
     *
     * @param array $args All parameters passed to this function.
     *
     * @return bool True if successful, false otherwise.
     */
    public function deleteUser($args)
    {
        if (!SecurityUtil::checkPermission("{$this->name}::", 'ANY', ACCESS_DELETE)) {
            return false;
        }

        if (!isset($args['uid']) || (!is_numeric($args['uid']) && !is_array($args['uid']))) {
            $this->registerError("Error! Illegal argument were passed to 'deleteuser'");
            return false;
        }

        if (isset($args['mark']) && is_bool($args['mark'])) {
            $markOnly = $args['mark'];
        } else {
            $markOnly = false;
        }

        // ensure we always have an array
        if (!is_array($args['uid'])) {
            $args['uid'] = array($args['uid']);
        }

        $curUserUid = UserUtil::getVar('uid');
        $userList = array();

        foreach ($args['uid'] as $uid) {             
            if (!is_numeric($uid) || ((int)$uid != $uid) || ($uid == $curUserUid)) {
                return false;
            }
            $userObj = UserUtil::getVars($uid);
            if (!$userObj) {
                return false;
            } elseif (!SecurityUtil::checkPermission("{$this->name}::", "{$userObj['uname']}::{$userObj['uid']}", ACCESS_DELETE)) {
                return false;
            }

            $userList[] = $userObj;
        }


        foreach ($userList as $userObj) {
            if ($markOnly) {
                UserUtil::setVar('activated', Users_Constant::ACTIVATED_PENDING_DELETE, $userObj['uid']);
            } else {
                // TODO - This should be in the Groups module, and happen as a result of an event.
                if (!DBUtil::deleteObjectByID('group_membership', $userObj['uid'], 'uid')) {
                    return false;
                }

                ModUtil::apiFunc($this->name, 'admin', 'resetVerifyChgFor', array('uid' => $userObj['uid']));
                DBUtil::deleteObjectByID('session_info', $userObj['uid'], 'uid');

                if (!DBUtil::deleteObject($userObj, 'users', '', 'uid')) {
                    return false;
                }

                // Let other modules know we have deleted an item
                $deleteEvent = new Zikula_Event('user.account.delete', $userObj);
                $this->eventManager->notify($deleteEvent);
            }
        }

        return $args['uid'];
    }
Esempio n. 7
0
    /**
     * Utility function to save the data of the user.
     *
     * Parameters passed in the $args array:
     * -------------------------------------
     * integer uid      The user id of the user for which the data should be saved; required.
     * array   dynadata The data for the user to be saved, indexed by prop_attribute_name; required.
     * 
     * @param array $args All parameters passed to this function.
     *
     * @return boolean True on success; otherwise false.
     */
    public function savedata($args)
    {
        // Argument check
        if (!isset($args['uid'])) {
            return LogUtil::registerArgsError();
        }

        $fields = $args['dynadata'];

        $duds = ModUtil::apiFunc('Profile', 'user', 'getallactive', array('get' => 'editable', 'uid' => $args['uid']));

        foreach ($duds as $attrname => $dud) {
            // exclude avatar update when Avatar module is present
            if ($attrname == 'avatar' && ModUtil::available('Avatar')) {
                continue;
            }

            $fieldvalue = '';
            if (isset($fields[$attrname])) {
                // Process the Date DUD separately
                if ($dud['prop_displaytype'] == 5 && !empty($fields[$attrname])) {
                    $fieldvalue = $this->parseDate($fields[$attrname]);
                    $fieldvalue = DateUtil::transformInternalDate($fieldvalue);
                } elseif (is_array($fields[$attrname])) {
                    $fieldvalue = serialize(array_values($fields[$attrname]));
                } else {
                    $fieldvalue = $fields[$attrname];
                }
            }
            UserUtil::setVar($attrname, $fieldvalue, $args['uid']);
        }

        // Return the result (true = success, false = failure
        // At this point, the result is true.
        return true;
    }
Esempio n. 8
0
/**
 * Set a user variable. This can be
 * - a field in the users table
 * - or an attribute and in this case either a new style attribute or an old style user information.
 *
 * Examples:
 * pnUserSetVar('pass', 'mysecretpassword'); // store a password (should be hashed of course)
 * pnUserSetVar('avatar', 'mypicture.gif');  // stores an users avatar, new style
 * (internally both the new and the old style write the same attribute)
 *
 * If the user variable does not exist it will be created automatically. This means with
 * pnUserSetVar('somename', 'somevalue');
 * you can easily create brand new users variables onthefly.
 *
 * This function does not allow you to set uid or uname.
 *
 * @deprecated
 * @see UserUtil::setVar()
 *
 * @param name $ the name of the variable
 * @param value $ the value of the variable
 * @param uid $ the user to set the variable for
 * @return bool true if the set was successful, false otherwise
 */
function pnUserSetVar($name, $value, $uid = -1)
{
    LogUtil::log(__f('Warning! Function %1$s is deprecated. Please use %2$s instead.', array(__FUNCTION__, 'UserUtil::setVar()')), E_USER_DEPRECATED);
    return UserUtil::setVar($name, $value, $uid);
}
Esempio n. 9
0
    /**
     * LEGACY user account activaton.
     *
     * We must keep this function because there is no way to know whether an
     * inactive account is inactive because it requires activation, or because of some
     * other reason.
     *
     * Parameters passed in the $args array:
     * -------------------------------------
     * string  $args['regdate'] An SQL date-time containing the user's original registration date-time.
     * numeric $args['uid']     The id of the user account to activate.
     *
     * @param array $args All parameters passed to this function.
     *
     * @return bool True on success, otherwise false.
     */
    public function activateUser($args)
    {
        // This function is an end-user function.
        if (!SecurityUtil::checkPermission('Users::', '::', ACCESS_READ)) {
            return false;
        }

        // Preventing reactivation from same link !
        $newregdate = DateUtil::getDatetime(strtotime($args['regdate'])+1);
        UserUtil::setVar('activated', Users_Constant::ACTIVATED_ACTIVE, $args['uid']);
        UserUtil::setVar('user_regdate', DataUtil::formatForStore($newregdate), $args['uid']);

        return true;
    }
Esempio n. 10
0
 /**
  * Creació i/o Edició d'un usuari del catàleg
  *
  * ### Paràmetres rebuts per POST:
  * -Corresponents als diferents camps de la taula *users*-
  * * integer **uid** [opcional definit-edició/no_definit-creació]
  * * string **uname**
  * 
  * -Corresponents als diferents camps de la taula *iw_users*-
  * * string **iw_nom**
  * * string **iw_cognom1**
  * * string **iw_cognom2**
  * 
  * -Per gestionar les grups relacionats amb el catàleg-
  * * array **groups**
  * 
  * -Per gestionar la contrasenya de l'usuari-
  * * string **password**
  * * string **rpassword**
  * * string **changeme**
  *
  * @return void Retorna a la funció *usergest* després de desar les dades
  */
 public function addeditUser() {
     //Comprovacions de seguretat. Només els gestors poden crear i editar usuaris
     if (!SecurityUtil::checkPermission('Cataleg::', '::', ACCESS_ADMIN)) {
         return LogUtil::registerPermissionError();
     }
     // Primer desem les modificacions de les dades d'usuari a users i a IWusers i reassignem els grups de l'usuari
     $user['zk']['uid'] = FormUtil::getPassedValue('uid', null, 'POST');
     //Comprovem si es passa una uid (per editar) o no (i s'ha de crear un nou usuari)
     if (!empty($user['zk']['uid'])) {
         //Comprovem que aquest usuari eixisteixi i es pugui editar (és a dir, que sigui del grup d'usuaris del catàleg)
         $grupCat = ModUtil::apiFunc('Cataleg', 'admin', 'getgrupsZikula');
         $catUsersList = UserUtil::getUsersForGroup($grupCat['Sirius']);
         if (!in_array($user['zk']['uid'], $catUsersList)) {
             LogUtil::registerError($this->__('No existeix cap usuari del catàleg amb l\'identificador indicat.'));
             return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest'));
         }
         $user['iw']['uid'] = $user['zk']['uid'];
         $user['iw']['suid'] = $user['zk']['uid'];
         $r = 'edit';
     }
     $user['zk']['uname'] = FormUtil::getPassedValue('uname', null, 'POST');
     //Comprovem que no existeix cap usuari amb aquest uname
     if (!empty($user['zk']['uid'])) {
         $where = "uname = '" . $user['zk']['uname'] . "' AND uid != " . $user['zk']['uid'];
     } else {
         $where = "uname = '" . $user['zk']['uname'] . "'";
     }
     $uname = UserUtil::getUsers($where);
     if ($uname) {
         LogUtil::registerError($this->__('El nom d\'usuari triat ja existeix.'));
         return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest'));
     }
     $user['zk']['email'] = FormUtil::getPassedValue('email', null, 'POST');
     $user['iw']['nom'] = FormUtil::getPassedValue('iw_nom', null, 'POST');
     $user['iw']['cognom1'] = FormUtil::getPassedValue('iw_cognom1', null, 'POST');
     $user['iw']['cognom2'] = FormUtil::getPassedValue('iw_cognom2', null, 'POST');
     $user['gr'] = FormUtil::getPassedValue('groups', null, 'POST');
     
     $prev_pass = FormUtil::getPassedValue('prev_pass', 0, 'POST');
     $setpass = FormUtil::getPassedValue('setpass', 0, 'POST');
     if ($setpass == 1) {
         $password = FormUtil::getPassedValue('password', null, 'POST');
         $changeme = FormUtil::getPassedValue('changeme', 0, 'POST');
     } else {
         $password = null;
     }
     $setcode = FormUtil::getPassedValue('setcode', 0, 'POST');
     if ($setcode == 1) $iwcode = FormUtil::getPassedValue('iwcode_s', null, 'POST');
     if ($setcode == 2) $iwcode = FormUtil::getPassedValue('iwcode_m', null, 'POST');
     if ($iwcode) {
         $user['iw']['code'] = $iwcode;
     } elseif ($r == 'edit'){
         $iwcode = DBUtil::selectField('IWusers', 'code', 'iw_uid='.$user['zk']['uid']);
     }
     if ($iwcode) {
         $gtafInfo = ModUtil::apiFunc('Cataleg','admin','getGtafEntity',$iwcode);
         $grupCat = ModUtil::apiFunc('Cataleg', 'admin', 'getgrupsZikula');
         if (isset($grupCat[$gtafInfo['entity']['tipus']])) $user['gr'][] = $grupCat[$gtafInfo['entity']['tipus']];
     }
     $insertUserId = ModUtil::apifunc('Cataleg', 'admin', 'saveUser', $user);
     if ($insertUserId) {
         if ($r == 'edit') {
             LogUtil::registerStatus($this->__('L\'usuari s\'ha editat correctament.'));
         } else {
             LogUtil::registerStatus($this->__('L\'usuari s\'ha creat correctament.'));
         }
     } else {
         LogUtil::registerError($this->__('No s\'ha pogut desar l\'usuari.'));
         return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest'));
     }
     //Si es tria 'buidar' la contrasenya, aquesta opció mana sobre el canvi i forçar el canvi
     if ($setpass == 2) {
         $reg = array('pass' => '');
         if (DBUtil::updateObject($reg,'users','uid ='. $insertUserId)) {
             UserUtil::setVar('', $passreminder, $insertUserId);
             LogUtil::registerStatus($this->__('L\'usuari haurà de validar-se per LDAP'));
         }
     }
     // Segon pas: desem el possible canvi de contrasenya
     if ($password) {
         $rpassword = FormUtil::getPassedValue('rpassword', null, 'POST');
         $passreminder = $this->__('Constasenya establerta des de l\'administració.');
         $passwordErrors = ModUtil::apiFunc('Users', 'registration', 'getPasswordErrors', array(
                     'uname' => $user['zk']['uname'],
                     'pass' => $password,
                     'passagain' => $rpassword,
                     'passreminder' => $passreminder
         ));
         if (empty($passwordErrors)) {
             if (UserUtil::setPassword($password, $insertUserId)) {
                 UserUtil::setVar('passreminder', $passreminder, $insertUserId);
                 LogUtil::registerStatus($this->__('S\'ha desat la contrasenya.'));
             }
         } else {
             LogUtil::registerError($this->__('No s\'ha desat la contrasenya.'));
             LogUtil::registerError($passwordErrors['pass']);
         }
     }
     // Tercer pas: establim la variable que controla el forçar el canvi de contrasenya
     if ($setpass == 1 && ($prev_pass || $password)) {
         UserUtil::setVar('_Users_mustChangePassword', $changeme, $insertUserId);
         if ($changeme == 1)
             LogUtil::registerStatus($this->__('L\'usuari haurà de canviar la contrasenya en la propera validació.'));
     }
     return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest'));
 }
Esempio n. 11
0
    /**
     * Confirm the update of the email address.
     *
     * Available Get Parameters:
     * - confirmcode (string) The confirmation code.
     *
     * Parameters passed via the $args array:
     * --------------------------------------
     * string $args['confirmcode'] Default value for the 'confirmcode' get parameter. Allows this function to be called internally.
     *
     * Parameters passed via GET:
     * --------------------------
     * string confirmcode The confirmation code for verifying the change of e-mail address.
     *
     * Parameters passed via POST:
     * ---------------------------
     * None.
     *
     * Parameters passed via SESSION:
     * ------------------------------
     * None.
     *
     * @param array $args All parameters passed to this function.
     *
     * @return bool True on success, otherwise false.
     */
    public function confirmChEmail($args)
    {
        $confirmcode = $this->request->query->get('confirmcode', isset($args['confirmcode']) ? $args['confirmcode'] : null);

        if (!UserUtil::isLoggedIn()) {
            $this->registerError($this->__('Please log into your account in order to confirm your change of e-mail address.'))
                    ->redirect(ModUtil::url($this->name, 'user', 'login', array('returnpage' => urlencode(ModUtil::url($this->name, 'user', 'confirmChEmail', array('confirmcode' => $confirmcode))))));
        }

        // get user new email that is waiting for confirmation
        $preemail = ModUtil::apiFunc($this->name, 'user', 'getUserPreEmail');

        $validCode = UserUtil::passwordsMatch($confirmcode, $preemail['verifycode']);

        if (!$preemail || !$validCode) {
            $this->registerError($this->__('Error! Your e-mail has not been found. After your request you have five days to confirm the new e-mail address.'))
                    ->redirect(ModUtil::url($this->name, 'user', 'main'));
        }

        // user and confirmation code are correct. set the new email
        UserUtil::setVar('email', $preemail['newemail']);

        // the preemail record is deleted
        ModUtil::apiFunc($this->name, 'user', 'resetVerifyChgFor', array(
            'uid'       => $preemail['uid'],
            'changetype'=> Users_Constant::VERIFYCHGTYPE_EMAIL,
        ));

        $this->registerStatus($this->__('Done! Changed your e-mail address.'))
                ->redirect(ModUtil::url($this->name, 'user', 'main'));
    }
Esempio n. 12
0
    /**
     * Reset the current users theme to the site default
     */
    public function resettodefault($args)
    {
        // Security check
        if (!System::getVar('theme_change')) {
            return LogUtil::registerError($this->__('Notice: Theme switching is currently disabled.'));
        }

        if (!SecurityUtil::checkPermission('Theme::', '::', ACCESS_COMMENT)) {
            return LogUtil::registerPermissionError();
        }

        // update the users record to an empty string - if this user var is empty then the site default is used.
        UserUtil::setVar('theme', '');

        return true;
    }