/**
* Avatar_userapi_setavatar()
*
* sets the user avatar.
*
* @param integer $args['uid'] the user id
* @param string $args['avatar'] the user avatar
* @return boolean success
**/
public function setavatar($args)
{
if (!isset($args['uid']) || !isset($args['avatar'])) {
return LogUtil::registerArgsError();
}
$avatar_ok = ModUtil::apiFunc('Avatar', 'user', 'checkAvatar', $args);
if ($avatar_ok == true) {
$uname = UserUtil::getVar('uname', $args['uid']);
if ($args['avatar'] == 'blank.gif') {
$args['avatar'] = '';
$status = $this->__f('Done! The avatar of the user \'%s\' has been disabled.', $uname);
} else {
if ($args['avatar'] == 'gravatar.gif') {
$status = $this->__f('Done! The avatar of the user \'%s\' has been set to his gravatar.', $uname);
} else {
$status = $this->__f('Done! The avatar of the user \'%1$s\' has been changed to \'%2$s\'', array($uname, $args['avatar']));
}
}
UserUtil::setVar('avatar', $args['avatar'], $args['uid']);
LogUtil::registerStatus($status);
return true;
}
return LogUtil::registerError($this->__f('Error! The user is not authorized to use this avatar. To change this, update the permission for %s.', $args['avatar']));
}
/**
* Respond to a `module.users.ui.process_edit` event to store profile data gathered when editing or creating a user account.
*
* Parameters passed in via POST:
* ------------------------------
* array dynadata An array containing the profile items to store for the user.
*
* @param Zikula_Event $event The event that triggered this function call, containing the id of the user for which profile information should be stored.
*
* @return void
*/
public function processEdit(Zikula_Event $event)
{
if ($this->request->isPost()) {
if ($this->validation && !$this->validation->hasErrors()) {
$user = $event->getSubject();
$dynadata = $this->request->getPost()->has('dynadata') ? $this->request->getPost()->get('dynadata') : array();
foreach ($dynadata as $dudName => $dudItem) {
UserUtil::setVar($dudName, $dudItem, $user['uid']);
}
}
}
}
/**
* Responds to process_edit hook-like event notifications.
*
* @param Zikula_Event $event The event that triggered this function call.
*
* @return void
*
* @throws Zikula_Exception_Fatal Thrown if a user account does not exist for the uid specified by the event.
*/
public function processEdit(Zikula_Event $event)
{
$activePolicies = $this->helper->getActivePolicies();
$eventName = $event->getName();
if (isset($this->validation) && !$this->validation->hasErrors()) {
$user = $event->getSubject();
$uid = $user['uid'];
if (!UserUtil::isLoggedIn()) {
if (($eventName == 'module.users.ui.process_edit.login_screen') || ($eventName == 'module.users.ui.process_edit.login_block')) {
$policiesAcceptedAtLogin = $this->validation->getObject();
$nowUTC = new DateTime('now', new DateTimeZone('UTC'));
$nowUTCStr = $nowUTC->format(DateTime::ISO8601);
if ($activePolicies['termsOfUse'] && $policiesAcceptedAtLogin['termsOfUse']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowUTCStr, $uid);
}
if ($activePolicies['privacyPolicy'] && $policiesAcceptedAtLogin['privacyPolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowUTCStr, $uid);
}
if ($activePolicies['agePolicy'] && $policiesAcceptedAtLogin['agePolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowUTCStr, $uid);
}
if ($activePolicies['cancellationRightPolicy'] && $policiesAcceptedAtLogin['cancellationRightPolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowUTCStr, $uid);
}
if ($activePolicies['tradeConditions'] && $policiesAcceptedAtLogin['tradeConditions']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowUTCStr, $uid);
}
// Force the reload of the user record
$user = UserUtil::getVars($uid, true);
} else {
$isRegistration = UserUtil::isRegistration($uid);
$user = UserUtil::getVars($uid, false, 'uid', $isRegistration);
if (!$user) {
throw new Zikula_Exception_Fatal(__('A user account or registration does not exist for the specified uid.', $this->domain));
}
$policiesAcceptedAtRegistration = $this->validation->getObject();
$nowUTC = new DateTime('now', new DateTimeZone('UTC'));
$nowUTCStr = $nowUTC->format(DateTime::ISO8601);
if ($activePolicies['termsOfUse'] && $policiesAcceptedAtRegistration['termsOfUse']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowUTCStr, $uid);
}
if ($activePolicies['privacyPolicy'] && $policiesAcceptedAtRegistration['privacyPolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowUTCStr, $uid);
}
if ($activePolicies['agePolicy'] && $policiesAcceptedAtRegistration['agePolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowUTCStr, $uid);
}
if ($activePolicies['cancellationRightPolicy'] && $policiesAcceptedAtRegistration['cancellationRightPolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowUTCStr, $uid);
}
if ($activePolicies['tradeConditions'] && $policiesAcceptedAtRegistration['tradeConditions']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowUTCStr, $uid);
}
// Force the reload of the user record
$user = UserUtil::getVars($uid, true, 'uid', $isRegistration);
}
} else {
$isRegistration = UserUtil::isRegistration($uid);
$user = UserUtil::getVars($uid, false, 'uid', $isRegistration);
if (!$user) {
throw new Zikula_Exception_Fatal(__('A user account or registration does not exist for the specified uid.', $this->domain));
}
$policiesAcceptedAtRegistration = $this->validation->getObject();
$editablePolicies = $this->helper->getEditablePolicies();
$nowUTC = new DateTime('now', new DateTimeZone('UTC'));
$nowUTCStr = $nowUTC->format(DateTime::ISO8601);
if ($activePolicies['termsOfUse'] && $editablePolicies['termsOfUse']) {
if ($policiesAcceptedAtRegistration['termsOfUse']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowUTCStr, $uid);
} elseif (($policiesAcceptedAtRegistration['termsOfUse'] === 0) || ($policiesAcceptedAtRegistration['termsOfUse'] === "0")) {
UserUtil::delVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $uid);
}
}
if ($activePolicies['privacyPolicy'] && $editablePolicies['privacyPolicy']) {
if ($policiesAcceptedAtRegistration['privacyPolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowUTCStr, $uid);
} elseif (($policiesAcceptedAtRegistration['privacyPolicy'] === 0) || ($policiesAcceptedAtRegistration['termsOfUse'] === "0")) {
UserUtil::delVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $uid);
}
}
if ($activePolicies['agePolicy'] && $editablePolicies['agePolicy']) {
if ($policiesAcceptedAtRegistration['agePolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowUTCStr, $uid);
} elseif (($policiesAcceptedAtRegistration['agePolicy'] === 0) || ($policiesAcceptedAtRegistration['termsOfUse'] === "0")) {
UserUtil::delVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $uid);
}
}
if ($activePolicies['cancellationRightPolicy'] && $editablePolicies['cancellationRightPolicy']) {
if ($policiesAcceptedAtRegistration['cancellationRightPolicy']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowUTCStr, $uid);
} elseif (($policiesAcceptedAtRegistration['cancellationRightPolicy'] === 0) || ($policiesAcceptedAtRegistration['cancellationRightPolicy'] === "0")) {
UserUtil::delVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $uid);
}
}
if ($activePolicies['tradeConditions'] && $editablePolicies['tradeConditions']) {
if ($policiesAcceptedAtRegistration['tradeConditions']) {
UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowUTCStr, $uid);
} elseif (($policiesAcceptedAtRegistration['tradeConditions'] === 0) || ($policiesAcceptedAtRegistration['tradeConditions'] === "0")) {
UserUtil::delVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $uid);
}
}
// Force the reload of the user record
$user = UserUtil::getVars($uid, true, 'uid', $isRegistration);
}
}
}
/**
* Sets or resets a user's need to changed his password on his next attempt at logging ing.
*
* Parameters passed via GET:
* --------------------------
* numeric userid The uid of the user for whom a change of password should be forced (or canceled).
*
* Parameters passed via POST:
* ---------------------------
* numeric userid The uid of the user for whom a change of password should be forced (or canceled).
* boolean user_must_change_password True to force the user to change his password at his next log-in attempt, otherwise false.
*
* Parameters passed via SESSION:
* ------------------------------
* None.
*
* @return string The rendered output from either the template for confirmation.
*
* @throws Zikula_Exception_Fatal Thrown if a user id is not specified, is invalid, or does not point to a valid account record,
* or the account record is not in a consistent state.
* @throws Zikula_Exception_Forbidden Thrown if the current user does not have edit access for the account record.
*/
public function toggleForcedPasswordChange()
{
if ($this->request->isGet()) {
$uid = $this->request->query->get('userid', false);
if (!$uid || !is_numeric($uid) || ((int)$uid != $uid)) {
throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs());
}
$userObj = UserUtil::getVars($uid);
if (!isset($userObj) || !$userObj || !is_array($userObj) || empty($userObj)) {
throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs());
}
if (!SecurityUtil::checkPermission('Users::', "{$userObj['uname']}::{$uid}", ACCESS_EDIT)) {
throw new Zikula_Exception_Forbidden();
}
$userMustChangePassword = UserUtil::getVar('_Users_mustChangePassword', $uid, false);
return $this->view->assign('user_obj', $userObj)
->assign('user_must_change_password', $userMustChangePassword)
->fetch('users_admin_toggleforcedpasswordchange.tpl');
} elseif ($this->request->isPost()) {
$this->checkCsrfToken();
$uid = $this->request->request->get('userid', false);
$userMustChangePassword = $this->request->request->get('user_must_change_password', false);
if (!$uid || !is_numeric($uid) || ((int)$uid != $uid)) {
throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs());
}
// Force reload of User object into cache.
$userObj = UserUtil::getVars($uid);
if (!SecurityUtil::checkPermission('Users::', "{$userObj['uname']}::{$uid}", ACCESS_EDIT)) {
throw new Zikula_Exception_Forbidden();
}
if ($userMustChangePassword) {
UserUtil::setVar('_Users_mustChangePassword', $userMustChangePassword, $uid);
} else {
UserUtil::delVar('_Users_mustChangePassword', $uid);
}
// Force reload of User object into cache.
$userObj = UserUtil::getVars($uid, true);
if ($userMustChangePassword) {
if (isset($userObj['__ATTRIBUTES__']) && isset($userObj['__ATTRIBUTES__']['_Users_mustChangePassword'])) {
$this->registerStatus($this->__f('Done! A password change will be required the next time %1$s logs in.', array($userObj['uname'])));
} else {
throw new Zikula_Exception_Fatal();
}
} else {
if (isset($userObj['__ATTRIBUTES__']) && isset($userObj['__ATTRIBUTES__']['_Users_mustChangePassword'])) {
throw new Zikula_Exception_Fatal();
} else {
$this->registerStatus($this->__f('Done! A password change will no longer be required for %1$s.', array($userObj['uname'])));
}
}
$this->redirect(ModUtil::url($this->name, 'admin', 'view'));
} else {
throw new Zikula_Exception_Forbidden();
}
}
/**
* Allow the user to accept active terms of use and/or privacy policy.
*
* This function is currently used by the Legal module's handler for the users.login.veto event.
*
* @return string The rendered output from the template.
*
* @throws Zikula_Exception_Forbidden Thrown if the user is not logged in and the acceptance attempt is not a result of a login attempt.
*
* @throws Zikula_Exception_Fatal Thrown if the user is already logged in and the acceptance attempt is a result of a login attempt;
* also thrown in cases where expected data is not present or not in an expected form;
* also thrown if the call to this function is not the result of a POST operation or a GET operation.
*/
public function acceptPolicies()
{
// Retrieve and delete any session variables being sent in by the log-in process before we give the function a chance to
// throw an exception. We need to make sure no sensitive data is left dangling in the session variables.
$sessionVars = $this->request->getSession()->get('Legal_Controller_User_acceptPolicies', null, $this->name);
$this->request->getSession()->del('Legal_Controller_User_acceptPolicies', $this->name);
$processed = false;
$helper = new Legal_Helper_AcceptPolicies();
if ($this->request->isPost()) {
$this->checkCsrfToken();
$isLogin = isset($sessionVars) && !empty($sessionVars);
if (!$isLogin && !UserUtil::isLoggedIn()) {
throw new Zikula_Exception_Forbidden();
} elseif ($isLogin && UserUtil::isLoggedIn()) {
throw new Zikula_Exception_Fatal();
}
$policiesUid = $this->request->getPost()->get('acceptedpolicies_uid', false);
$acceptedPolicies = array(
'termsOfUse' => $this->request->getPost()->get('acceptedpolicies_termsofuse', false),
'privacyPolicy' => $this->request->getPost()->get('acceptedpolicies_privacypolicy', false),
'agePolicy' => $this->request->getPost()->get('acceptedpolicies_agepolicy', false),
'cancellationRightPolicy' => $this->request->getPost()->get('acceptedpolicies_cancellationrightpolicy', false),
'tradeConditions' => $this->request->getPost()->get('acceptedpolicies_tradeconditions', false)
);
if (!isset($policiesUid) || empty($policiesUid) || !is_numeric($policiesUid)) {
throw new Zikula_Exception_Fatal();
}
$activePolicies = $helper->getActivePolicies();
$originalAcceptedPolicies = $helper->getAcceptedPolicies($policiesUid);
$fieldErrors = array();
if ($activePolicies['termsOfUse'] && !$originalAcceptedPolicies['termsOfUse'] && !$acceptedPolicies['termsOfUse']) {
$fieldErrors['termsofuse'] = $this->__('You must accept this site\'s Terms of Use in order to proceed.');
}
if ($activePolicies['privacyPolicy'] && !$originalAcceptedPolicies['privacyPolicy'] && !$acceptedPolicies['privacyPolicy']) {
$fieldErrors['privacypolicy'] = $this->__('You must accept this site\'s Privacy Policy in order to proceed.');
}
if ($activePolicies['agePolicy'] && !$originalAcceptedPolicies['agePolicy'] && !$acceptedPolicies['agePolicy']) {
$fieldErrors['agepolicy'] = $this->__f('In order to log in, you must confirm that you meet the requirements of this site\'s Minimum Age Policy. If you are not %1$s years of age or older, and you do not have a parent\'s permission to use this site, then please ask your parent to contact a site administrator.', array(ModUtil::getVar('Legal', Legal_Constant::MODVAR_MINIMUM_AGE, 0)));
}
if ($activePolicies['cancellationRightPolicy'] && !$originalAcceptedPolicies['cancellationRightPolicy'] && !$acceptedPolicies['cancellationRightPolicy']) {
$fieldErrors['cancellationrightpolicy'] = $this->__('You must accept our cancellation right policy in order to proceed.');
}
if ($activePolicies['tradeConditions'] && !$originalAcceptedPolicies['tradeConditions'] && !$acceptedPolicies['tradeConditions']) {
$fieldErrors['tradeconditions'] = $this->__('You must accept our general terms and conditions of trade in order to proceed.');
}
if (empty($fieldErrors)) {
$now = new DateTime('now', new DateTimeZone('UTC'));
$nowStr = $now->format(DateTime::ISO8601);
if ($activePolicies['termsOfUse'] && $acceptedPolicies['termsOfUse']) {
$termsOfUseProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_TERMSOFUSE_ACCEPTED, $nowStr, $policiesUid);
} else {
$termsOfUseProcessed = !$activePolicies['termsOfUse'] || $originalAcceptedPolicies['termsOfUse'];
}
if ($activePolicies['privacyPolicy'] && $acceptedPolicies['privacyPolicy']) {
$privacyPolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_PRIVACYPOLICY_ACCEPTED, $nowStr, $policiesUid);
} else {
$privacyPolicyProcessed = !$activePolicies['privacyPolicy'] || $originalAcceptedPolicies['privacyPolicy'];
}
if ($activePolicies['agePolicy'] && $acceptedPolicies['agePolicy']) {
$agePolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_AGEPOLICY_CONFIRMED, $nowStr, $policiesUid);
} else {
$agePolicyProcessed = !$activePolicies['agePolicy'] || $originalAcceptedPolicies['agePolicy'];
}
if ($activePolicies['cancellationRightPolicy'] && $acceptedPolicies['cancellationRightPolicy']) {
$cancellationRightPolicyProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_CANCELLATIONRIGHTPOLICY_ACCEPTED, $nowStr, $policiesUid);
} else {
$cancellationRightPolicyProcessed = !$activePolicies['cancellationRightPolicy'] || $originalAcceptedPolicies['cancellationRightPolicy'];
}
if ($activePolicies['tradeConditions'] && $acceptedPolicies['tradeConditions']) {
$tradeConditionsProcessed = UserUtil::setVar(Legal_Constant::ATTRIBUTE_TRADECONDITIONS_ACCEPTED, $nowStr, $policiesUid);
} else {
$tradeConditionsProcessed = !$activePolicies['tradeConditions'] || $originalAcceptedPolicies['tradeConditions'];
}
$processed = $termsOfUseProcessed && $privacyPolicyProcessed && $agePolicyProcessed && $cancellationRightPolicyProcessed && $tradeConditionsProcessed;
}
if ($processed) {
if ($isLogin) {
$loginArgs = $this->request->getSession()->get('Users_Controller_User_login', array(), 'Zikula_Users');
$loginArgs['authentication_method'] = $sessionVars['authentication_method'];
$loginArgs['authentication_info'] = $sessionVars['authentication_info'];
$loginArgs['rememberme'] = $sessionVars['rememberme'];
return ModUtil::func('Users', 'user', 'login', $loginArgs);
} else {
$this->redirect(System::getHomepageUrl());
}
}
} elseif ($this->request->isGet()) {
$isLogin = $this->request->getGet()->get('login', false);
$fieldErrors = array();
} else {
throw new Zikula_Exception_Forbidden();
}
// If we are coming here from the login process, then there are certain things that must have been
// send along in the session variable. If not, then error.
if ($isLogin && (!isset($sessionVars['user_obj']) || !is_array($sessionVars['user_obj'])
|| !isset($sessionVars['authentication_info']) || !is_array($sessionVars['authentication_info'])
|| !isset($sessionVars['authentication_method']) || !is_array($sessionVars['authentication_method']))
) {
throw new Zikula_Exception_Fatal();
}
if ($isLogin) {
$policiesUid = $sessionVars['user_obj']['uid'];
} else {
$policiesUid = UserUtil::getVar('uid');
}
if (!$policiesUid || empty($policiesUid)) {
throw new Zikula_Exception_Fatal();
}
if ($isLogin) {
// Pass along the session vars to updateAcceptance. We didn't want to just keep them in the session variable
// Legal_Controller_User_acceptPolicies because if we hit an exception or got redirected, then the data
// would have been orphaned, and it contains some sensitive information.
SessionUtil::requireSession();
$this->request->getSession()->set('Legal_Controller_User_acceptPolicies', $sessionVars, $this->name);
}
$templateVars = array(
'login' => $isLogin,
'policiesUid' => $policiesUid,
'activePolicies' => $helper->getActivePolicies(),
'acceptedPolicies' => isset($acceptedPolicies) ? $acceptedPolicies : $helper->getAcceptedPolicies($policiesUid),
'originalAcceptedPolicies' => isset($originalAcceptedPolicies) ? $originalAcceptedPolicies : $helper->getAcceptedPolicies($policiesUid),
'fieldErrors' => $fieldErrors,
);
return $this->view->assign($templateVars)
->fetch('legal_user_acceptpolicies.tpl');
}
/**
* Delete one or more user account records, or mark one or more account records for deletion.
*
* If records are marked for deletion, they remain in the system and accessible by the system, but are given an
* 'activated' status that prevents the user from logging in. Records marked for deletion will not appear on the
* regular users list. The delete hook and delete events are not triggered if the records are only marked for
* deletion.
*
* Parameters passed in the $args array:
* -------------------------------------
* numeric|array $args['uid'] A single (numeric integer) user id, or an array of user ids to delete.
* boolean $args['mark'] If true, then mark for deletion, but do not actually delete.
* defaults to false.
*
* @param array $args All parameters passed to this function.
*
* @return bool True if successful, false otherwise.
*/
public function deleteUser($args)
{
if (!SecurityUtil::checkPermission("{$this->name}::", 'ANY', ACCESS_DELETE)) {
return false;
}
if (!isset($args['uid']) || (!is_numeric($args['uid']) && !is_array($args['uid']))) {
$this->registerError("Error! Illegal argument were passed to 'deleteuser'");
return false;
}
if (isset($args['mark']) && is_bool($args['mark'])) {
$markOnly = $args['mark'];
} else {
$markOnly = false;
}
// ensure we always have an array
if (!is_array($args['uid'])) {
$args['uid'] = array($args['uid']);
}
$curUserUid = UserUtil::getVar('uid');
$userList = array();
foreach ($args['uid'] as $uid) {
if (!is_numeric($uid) || ((int)$uid != $uid) || ($uid == $curUserUid)) {
return false;
}
$userObj = UserUtil::getVars($uid);
if (!$userObj) {
return false;
} elseif (!SecurityUtil::checkPermission("{$this->name}::", "{$userObj['uname']}::{$userObj['uid']}", ACCESS_DELETE)) {
return false;
}
$userList[] = $userObj;
}
foreach ($userList as $userObj) {
if ($markOnly) {
UserUtil::setVar('activated', Users_Constant::ACTIVATED_PENDING_DELETE, $userObj['uid']);
} else {
// TODO - This should be in the Groups module, and happen as a result of an event.
if (!DBUtil::deleteObjectByID('group_membership', $userObj['uid'], 'uid')) {
return false;
}
ModUtil::apiFunc($this->name, 'admin', 'resetVerifyChgFor', array('uid' => $userObj['uid']));
DBUtil::deleteObjectByID('session_info', $userObj['uid'], 'uid');
if (!DBUtil::deleteObject($userObj, 'users', '', 'uid')) {
return false;
}
// Let other modules know we have deleted an item
$deleteEvent = new Zikula_Event('user.account.delete', $userObj);
$this->eventManager->notify($deleteEvent);
}
}
return $args['uid'];
}
/**
* Utility function to save the data of the user.
*
* Parameters passed in the $args array:
* -------------------------------------
* integer uid The user id of the user for which the data should be saved; required.
* array dynadata The data for the user to be saved, indexed by prop_attribute_name; required.
*
* @param array $args All parameters passed to this function.
*
* @return boolean True on success; otherwise false.
*/
public function savedata($args)
{
// Argument check
if (!isset($args['uid'])) {
return LogUtil::registerArgsError();
}
$fields = $args['dynadata'];
$duds = ModUtil::apiFunc('Profile', 'user', 'getallactive', array('get' => 'editable', 'uid' => $args['uid']));
foreach ($duds as $attrname => $dud) {
// exclude avatar update when Avatar module is present
if ($attrname == 'avatar' && ModUtil::available('Avatar')) {
continue;
}
$fieldvalue = '';
if (isset($fields[$attrname])) {
// Process the Date DUD separately
if ($dud['prop_displaytype'] == 5 && !empty($fields[$attrname])) {
$fieldvalue = $this->parseDate($fields[$attrname]);
$fieldvalue = DateUtil::transformInternalDate($fieldvalue);
} elseif (is_array($fields[$attrname])) {
$fieldvalue = serialize(array_values($fields[$attrname]));
} else {
$fieldvalue = $fields[$attrname];
}
}
UserUtil::setVar($attrname, $fieldvalue, $args['uid']);
}
// Return the result (true = success, false = failure
// At this point, the result is true.
return true;
}
/**
* Set a user variable. This can be
* - a field in the users table
* - or an attribute and in this case either a new style attribute or an old style user information.
*
* Examples:
* pnUserSetVar('pass', 'mysecretpassword'); // store a password (should be hashed of course)
* pnUserSetVar('avatar', 'mypicture.gif'); // stores an users avatar, new style
* (internally both the new and the old style write the same attribute)
*
* If the user variable does not exist it will be created automatically. This means with
* pnUserSetVar('somename', 'somevalue');
* you can easily create brand new users variables onthefly.
*
* This function does not allow you to set uid or uname.
*
* @deprecated
* @see UserUtil::setVar()
*
* @param name $ the name of the variable
* @param value $ the value of the variable
* @param uid $ the user to set the variable for
* @return bool true if the set was successful, false otherwise
*/
function pnUserSetVar($name, $value, $uid = -1)
{
LogUtil::log(__f('Warning! Function %1$s is deprecated. Please use %2$s instead.', array(__FUNCTION__, 'UserUtil::setVar()')), E_USER_DEPRECATED);
return UserUtil::setVar($name, $value, $uid);
}
/**
* LEGACY user account activaton.
*
* We must keep this function because there is no way to know whether an
* inactive account is inactive because it requires activation, or because of some
* other reason.
*
* Parameters passed in the $args array:
* -------------------------------------
* string $args['regdate'] An SQL date-time containing the user's original registration date-time.
* numeric $args['uid'] The id of the user account to activate.
*
* @param array $args All parameters passed to this function.
*
* @return bool True on success, otherwise false.
*/
public function activateUser($args)
{
// This function is an end-user function.
if (!SecurityUtil::checkPermission('Users::', '::', ACCESS_READ)) {
return false;
}
// Preventing reactivation from same link !
$newregdate = DateUtil::getDatetime(strtotime($args['regdate'])+1);
UserUtil::setVar('activated', Users_Constant::ACTIVATED_ACTIVE, $args['uid']);
UserUtil::setVar('user_regdate', DataUtil::formatForStore($newregdate), $args['uid']);
return true;
}
/**
* Creació i/o Edició d'un usuari del catàleg
*
* ### Paràmetres rebuts per POST:
* -Corresponents als diferents camps de la taula *users*-
* * integer **uid** [opcional definit-edició/no_definit-creació]
* * string **uname**
*
* -Corresponents als diferents camps de la taula *iw_users*-
* * string **iw_nom**
* * string **iw_cognom1**
* * string **iw_cognom2**
*
* -Per gestionar les grups relacionats amb el catàleg-
* * array **groups**
*
* -Per gestionar la contrasenya de l'usuari-
* * string **password**
* * string **rpassword**
* * string **changeme**
*
* @return void Retorna a la funció *usergest* després de desar les dades
*/
public function addeditUser() {
//Comprovacions de seguretat. Només els gestors poden crear i editar usuaris
if (!SecurityUtil::checkPermission('Cataleg::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
// Primer desem les modificacions de les dades d'usuari a users i a IWusers i reassignem els grups de l'usuari
$user['zk']['uid'] = FormUtil::getPassedValue('uid', null, 'POST');
//Comprovem si es passa una uid (per editar) o no (i s'ha de crear un nou usuari)
if (!empty($user['zk']['uid'])) {
//Comprovem que aquest usuari eixisteixi i es pugui editar (és a dir, que sigui del grup d'usuaris del catàleg)
$grupCat = ModUtil::apiFunc('Cataleg', 'admin', 'getgrupsZikula');
$catUsersList = UserUtil::getUsersForGroup($grupCat['Sirius']);
if (!in_array($user['zk']['uid'], $catUsersList)) {
LogUtil::registerError($this->__('No existeix cap usuari del catàleg amb l\'identificador indicat.'));
return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest'));
}
$user['iw']['uid'] = $user['zk']['uid'];
$user['iw']['suid'] = $user['zk']['uid'];
$r = 'edit';
}
$user['zk']['uname'] = FormUtil::getPassedValue('uname', null, 'POST');
//Comprovem que no existeix cap usuari amb aquest uname
if (!empty($user['zk']['uid'])) {
$where = "uname = '" . $user['zk']['uname'] . "' AND uid != " . $user['zk']['uid'];
} else {
$where = "uname = '" . $user['zk']['uname'] . "'";
}
$uname = UserUtil::getUsers($where);
if ($uname) {
LogUtil::registerError($this->__('El nom d\'usuari triat ja existeix.'));
return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest'));
}
$user['zk']['email'] = FormUtil::getPassedValue('email', null, 'POST');
$user['iw']['nom'] = FormUtil::getPassedValue('iw_nom', null, 'POST');
$user['iw']['cognom1'] = FormUtil::getPassedValue('iw_cognom1', null, 'POST');
$user['iw']['cognom2'] = FormUtil::getPassedValue('iw_cognom2', null, 'POST');
$user['gr'] = FormUtil::getPassedValue('groups', null, 'POST');
$prev_pass = FormUtil::getPassedValue('prev_pass', 0, 'POST');
$setpass = FormUtil::getPassedValue('setpass', 0, 'POST');
if ($setpass == 1) {
$password = FormUtil::getPassedValue('password', null, 'POST');
$changeme = FormUtil::getPassedValue('changeme', 0, 'POST');
} else {
$password = null;
}
$setcode = FormUtil::getPassedValue('setcode', 0, 'POST');
if ($setcode == 1) $iwcode = FormUtil::getPassedValue('iwcode_s', null, 'POST');
if ($setcode == 2) $iwcode = FormUtil::getPassedValue('iwcode_m', null, 'POST');
if ($iwcode) {
$user['iw']['code'] = $iwcode;
} elseif ($r == 'edit'){
$iwcode = DBUtil::selectField('IWusers', 'code', 'iw_uid='.$user['zk']['uid']);
}
if ($iwcode) {
$gtafInfo = ModUtil::apiFunc('Cataleg','admin','getGtafEntity',$iwcode);
$grupCat = ModUtil::apiFunc('Cataleg', 'admin', 'getgrupsZikula');
if (isset($grupCat[$gtafInfo['entity']['tipus']])) $user['gr'][] = $grupCat[$gtafInfo['entity']['tipus']];
}
$insertUserId = ModUtil::apifunc('Cataleg', 'admin', 'saveUser', $user);
if ($insertUserId) {
if ($r == 'edit') {
LogUtil::registerStatus($this->__('L\'usuari s\'ha editat correctament.'));
} else {
LogUtil::registerStatus($this->__('L\'usuari s\'ha creat correctament.'));
}
} else {
LogUtil::registerError($this->__('No s\'ha pogut desar l\'usuari.'));
return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest'));
}
//Si es tria 'buidar' la contrasenya, aquesta opció mana sobre el canvi i forçar el canvi
if ($setpass == 2) {
$reg = array('pass' => '');
if (DBUtil::updateObject($reg,'users','uid ='. $insertUserId)) {
UserUtil::setVar('', $passreminder, $insertUserId);
LogUtil::registerStatus($this->__('L\'usuari haurà de validar-se per LDAP'));
}
}
// Segon pas: desem el possible canvi de contrasenya
if ($password) {
$rpassword = FormUtil::getPassedValue('rpassword', null, 'POST');
$passreminder = $this->__('Constasenya establerta des de l\'administració.');
$passwordErrors = ModUtil::apiFunc('Users', 'registration', 'getPasswordErrors', array(
'uname' => $user['zk']['uname'],
'pass' => $password,
'passagain' => $rpassword,
'passreminder' => $passreminder
));
if (empty($passwordErrors)) {
if (UserUtil::setPassword($password, $insertUserId)) {
UserUtil::setVar('passreminder', $passreminder, $insertUserId);
LogUtil::registerStatus($this->__('S\'ha desat la contrasenya.'));
}
} else {
LogUtil::registerError($this->__('No s\'ha desat la contrasenya.'));
LogUtil::registerError($passwordErrors['pass']);
}
}
// Tercer pas: establim la variable que controla el forçar el canvi de contrasenya
if ($setpass == 1 && ($prev_pass || $password)) {
UserUtil::setVar('_Users_mustChangePassword', $changeme, $insertUserId);
if ($changeme == 1)
LogUtil::registerStatus($this->__('L\'usuari haurà de canviar la contrasenya en la propera validació.'));
}
return system::redirect(ModUtil::url('Cataleg', 'admin', 'usersgest'));
}
/**
* Confirm the update of the email address.
*
* Available Get Parameters:
* - confirmcode (string) The confirmation code.
*
* Parameters passed via the $args array:
* --------------------------------------
* string $args['confirmcode'] Default value for the 'confirmcode' get parameter. Allows this function to be called internally.
*
* Parameters passed via GET:
* --------------------------
* string confirmcode The confirmation code for verifying the change of e-mail address.
*
* Parameters passed via POST:
* ---------------------------
* None.
*
* Parameters passed via SESSION:
* ------------------------------
* None.
*
* @param array $args All parameters passed to this function.
*
* @return bool True on success, otherwise false.
*/
public function confirmChEmail($args)
{
$confirmcode = $this->request->query->get('confirmcode', isset($args['confirmcode']) ? $args['confirmcode'] : null);
if (!UserUtil::isLoggedIn()) {
$this->registerError($this->__('Please log into your account in order to confirm your change of e-mail address.'))
->redirect(ModUtil::url($this->name, 'user', 'login', array('returnpage' => urlencode(ModUtil::url($this->name, 'user', 'confirmChEmail', array('confirmcode' => $confirmcode))))));
}
// get user new email that is waiting for confirmation
$preemail = ModUtil::apiFunc($this->name, 'user', 'getUserPreEmail');
$validCode = UserUtil::passwordsMatch($confirmcode, $preemail['verifycode']);
if (!$preemail || !$validCode) {
$this->registerError($this->__('Error! Your e-mail has not been found. After your request you have five days to confirm the new e-mail address.'))
->redirect(ModUtil::url($this->name, 'user', 'main'));
}
// user and confirmation code are correct. set the new email
UserUtil::setVar('email', $preemail['newemail']);
// the preemail record is deleted
ModUtil::apiFunc($this->name, 'user', 'resetVerifyChgFor', array(
'uid' => $preemail['uid'],
'changetype'=> Users_Constant::VERIFYCHGTYPE_EMAIL,
));
$this->registerStatus($this->__('Done! Changed your e-mail address.'))
->redirect(ModUtil::url($this->name, 'user', 'main'));
}
/**
* Reset the current users theme to the site default
*/
public function resettodefault($args)
{
// Security check
if (!System::getVar('theme_change')) {
return LogUtil::registerError($this->__('Notice: Theme switching is currently disabled.'));
}
if (!SecurityUtil::checkPermission('Theme::', '::', ACCESS_COMMENT)) {
return LogUtil::registerPermissionError();
}
// update the users record to an empty string - if this user var is empty then the site default is used.
UserUtil::setVar('theme', '');
return true;
}
