static function create_new_user($id)
{
$user = ORM::factory("pending_user", $id);
$password = md5(uniqid(mt_rand(), true));
$new_user = identity::create_user($user->name, $user->full_name, $password, $user->email);
$new_user->url = $user->url;
$new_user->admin = false;
$new_user->guest = false;
$new_user->save();
$user->hash = md5(uniqid(mt_rand(), true));
$user->state = 2;
$user->save();
self::send_user_created_confirmation($user, $password);
return $new_user;
}
static function create_new_user($id)
{
$user = ORM::factory("pending_user", $id);
$password = md5(rand());
$new_user = identity::create_user($user->name, $user->full_name, $password);
$new_user->email = $user->email;
$new_user->url = $user->url;
$new_user->admin = false;
$new_user->guest = false;
$new_user->save();
$default_group = module::get_var("registration", "default_group");
if (!empty($default_group)) {
identity::add_user_to_group($new_user, $default_group);
}
$user->hash = md5(rand());
$user->state = 2;
$user->save();
self::send_user_created_confirmation($user, $password);
return $new_user;
}
/**
* Import a single user.
*/
static function import_user(&$queue)
{
$messages = array();
$g2_user_id = array_shift($queue);
if (self::map($g2_user_id)) {
return t("User with id: %id already imported, skipping", array("id" => $g2_user_id));
}
if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
self::set_map($g2_user_id, identity::guest()->id, "group");
return t("Skipping anonymous user");
}
$g2_admin_group_id = g2(GalleryCoreApi::getPluginParameter("module", "core", "id.adminGroup"));
try {
$g2_user = g2(GalleryCoreApi::loadEntitiesById($g2_user_id));
} catch (Exception $e) {
throw new G2_Import_Exception(t("Failed to import Gallery 2 user with id: %id\n%exception", array("id" => $g2_user_id, "exception" => (string) $e)), $e);
}
$g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
$user = identity::lookup_user_by_name($g2_user->getUsername());
if ($user) {
$messages[] = t("Loaded existing user: '******'.", array("name" => $user->name));
} else {
$email = $g2_user->getEmail();
if (empty($email) || !valid::email($email)) {
$email = "*****@*****.**";
}
try {
$user = identity::create_user($g2_user->getUserName(), $g2_user->getFullName(), $g2_user->getHashedPassword(), $email);
} catch (Exception $e) {
throw new G2_Import_Exception(t("Failed to create user: '******' (id: %id)", array("name" => $g2_user->getUserName(), "id" => $g2_user_id)), $e, $messages);
}
if (class_exists("User_Model") && $user instanceof User_Model) {
// This will work if G2's password is a PasswordHash password as well.
$user->hashed_password = $g2_user->getHashedPassword();
}
$messages[] = t("Created user: '******'.", array("name" => $user->name));
if ($email == "*****@*****.**") {
$messages[] = t("Fixed invalid email (was '%invalid_email')", array("invalid_email" => $g2_user->getEmail()));
}
}
$user->locale = $g2_user->getLanguage();
foreach ($g2_groups as $g2_group_id => $g2_group_name) {
if ($g2_group_id == $g2_admin_group_id) {
$user->admin = true;
$messages[] = t("Added 'admin' flag to user");
} else {
$group = identity::lookup_group(self::map($g2_group_id));
$user->add($group);
$messages[] = t("Added user to group '%group'.", array("group" => $group->name));
}
}
try {
$user->save();
self::set_map($g2_user->getId(), $user->id, "user");
} catch (Exception $e) {
throw new G2_Import_Exception(t("Failed to create user: '******'", array("name" => $user->name)), $e, $messages);
}
return $messages;
}
public function i_can_edit_test()
{
// Create a new user that belongs to no groups
$user = identity::create_user("access_test", "Access Test", "*****", "*****@*****.**");
foreach ($user->groups() as $group) {
$user->remove($group);
}
$user->save();
identity::set_active_user($user);
// This user can't edit anything
$root = item::root();
$this->assert_false(access::can("edit", $root));
// Now add them to a group that has edit permission
$group = identity::create_group("access_test");
$group->add($user);
$group->save();
access::allow($group, "edit", $root);
$user = identity::lookup_user($user->id);
// reload() does not flush related columns
identity::set_active_user($user);
// And verify that the user can edit.
$this->assert_true(access::can("edit", $root));
}
/**
* Import a single user.
*/
static function import_user(&$queue)
{
$g2_user_id = array_shift($queue);
if (self::map($g2_user_id)) {
return t("User with id: %id already imported, skipping", array("id" => $g2_user_id));
}
if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
self::set_map($g2_user_id, identity::guest()->id);
return t("Skipping anonymous user");
}
$g2_admin_group_id = g2(GalleryCoreApi::getPluginParameter("module", "core", "id.adminGroup"));
try {
$g2_user = g2(GalleryCoreApi::loadEntitiesById($g2_user_id));
} catch (Exception $e) {
return t("Failed to import Gallery 2 user with id: %id\n%exception", array("id" => $g2_user_id, "exception" => $e->__toString()));
}
$g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
try {
$user = identity::create_user($g2_user->getUsername(), $g2_user->getfullname(), "");
$message = t("Created user: '******'.", array("name" => $user->name));
} catch (Exception $e) {
// @todo For now we assume this is a "duplicate user" exception
$user = identity::lookup_user_by_name($g2_user->getUsername());
$message = t("Loaded existing user: '******'.", array("name" => $user->name));
}
$user->hashed_password = $g2_user->getHashedPassword();
$user->email = $g2_user->getEmail();
$user->locale = $g2_user->getLanguage();
foreach ($g2_groups as $g2_group_id => $g2_group_name) {
if ($g2_group_id == $g2_admin_group_id) {
$user->admin = true;
$message .= t("\n\tAdded 'admin' flag to user");
} else {
$group = identity::lookup_group(self::map($g2_group_id));
$user->add($group);
$message .= t("\n\tAdded user to group '%group'.", array("group" => $group->name));
}
}
$user->save();
self::set_map($g2_user->getId(), $user->id);
return $message;
}
static function random_user($password = "******")
{
$rand = "name_" . rand();
return identity::create_user($rand, $rand, $password, "{$rand}@rand.com");
}
static function album_add_form_completed($album, $form)
{
if ($form->privacy->private->checked) {
$username = $form->privacy->username->value;
$password = $form->privacy->password->value;
// TODO validation
// create a group based on username
$group = identity::create_group($username);
// create a user based on username
$user = identity::create_user($username, $username, $password, $username . "@unknown.com");
identity::add_user_to_group($user, $group);
// create user home
$home = ORM::factory("user_home")->where("id", "=", $user->id)->find();
$home->id = $user->id;
$home->home = $album->id;
$home->save();
// reload album
$album->reload();
// set permissions
// deny all groups.
$groups = ORM::factory("group")->find_all();
foreach ($groups as $group2) {
if ($group->id != $group2->id) {
access::deny($group2, "view", $album);
access::deny($group2, "view_full", $album);
}
}
// deny all other albums
$albums = ORM::factory("item")->where("type", "=", "album")->find_all();
foreach ($albums as $albumt) {
access::deny($group, "view", $albumt);
}
// allow access to newly created group
access::allow($group, "view_full", $album);
$parents = $album->parents();
foreach ($parents as $parent) {
access::allow($group, "view", $parent);
}
access::allow($group, "view", $album);
}
}
static function create_new_user($id)
{
$user = ORM::factory("pending_user", $id);
$password = md5(uniqid(mt_rand(), true));
$new_user = identity::create_user($user->name, $user->full_name, $password, $user->email);
$new_user->url = $user->url;
$new_user->admin = false;
$new_user->guest = false;
$new_user->save();
$group_id = module::get_var("registration", "default_group");
if ($group_id != null) {
$default_group = group::lookup($group_id);
if ($default_group != null) {
$default_group->add($new_user);
$default_group->save();
}
}
$user->hash = md5(uniqid(mt_rand(), true));
$user->state = 2;
$user->save();
self::send_user_created_confirmation($user, $password);
return $new_user;
}
/**
* authenticate the user
*
* @param string $url
* @return boolean
*/
private function _auth($url)
{
$form = auth::get_login_form($url);
$validform = $form->validate();
$valid = false;
if ($validform) {
// retrieve the values from the form
$name = $form->login->inputs["name"]->value;
$pass = $form->login->password->value;
// do we have a user?
$user = identity::lookup_user_by_name($name);
$validuser = empty($user) ? false : true;
// is the user authentic?
$checkpass = $this->_checkpass($name, $pass);
/*
* we are concerned with these three possibilities:
* 1. there is no valid user or no valid password
* 2. there is no valid user but a valid password
* 3. there is a valid user and a valid password
*/
// 1. there is no valid user or no valid password: error
if (!$validuser || !$checkpass) {
$form->login->inputs["name"]->add_error("invalid_login", 1);
$name = $form->login->inputs["name"]->value;
log::warning("user", t("Failed login for %name", array("name" => $name)));
module::event("user_auth_failed", $name);
}
// 2. there is no valid user but a valid password: create account if allowed
if (!$validuser && $checkpass && $this->create_account) {
$account = $this->pam_auth->getAccount();
if ($account) {
$password = md5(uniqid(mt_rand(), true));
$new_user = identity::create_user($account->name, $account->full_name, $password, $account->email);
$new_user->url = '';
$new_user->admin = false;
$new_user->guest = false;
$new_user->save();
$user = identity::lookup_user_by_name($account->name);
$validuser = empty($user) ? false : true;
}
}
// 3. there is a valid user and a valid password: load user account
if ($validuser && $checkpass) {
auth::login($user);
$valid = true;
}
}
// regenerate the session id to avoid session trapping
Session::instance()->regenerate();
return array($valid, $form);
}
