/** * * JKN Patch, if naflogin is triggered do the assignments(only triggered when a new user account is created with naf plugin) * */ public function handleEvent($a_component, $a_event, $a_parameter) { if ($a_component == 'Services/Authentication' && ($a_event == 'nafLogin' || $a_event == 'afterLogin')) { /** * @var $ilUser ilObjUser */ if (is_null($a_parameter['user_obj']) && $a_parameter['username'] !== 'anonymous') { $ilUser = new ilObjUser(ilObjUser::getUserIdByLogin($a_parameter['username'])); } else { $ilUser = $a_parameter['user_obj']; } if ($ilUser instanceof ilObjUser) { foreach (ilUserSetting::where(array('status' => ilUserSetting::STATUS_ACTIVE))->get() as $ilUserSetting) { $ilUserSetting->doAssignements($ilUser); } } } }
function validateInfoSettings() { global $ilErr; $error = false; if ($this->getContactEmail()) { $emails = split(",", $this->getContactEmail()); foreach ($emails as $email) { $email = trim($email); if (!(ilUtil::is_email($email) or ilObjUser::getUserIdByLogin($email))) { $ilErr->appendMessage($this->lng->txt('contact_email_not_valid') . " '" . $email . "'"); $error = true; } } } return !$error; }
function addVendorObject() { global $rbacsystem; // MINIMUM ACCESS LEVEL = 'administrate' if (!$rbacsystem->checkAccess('write', $this->object->getRefId())) { $this->ilErr->raiseError($this->lng->txt('msg_no_perm_write'), $this->ilErr->MESSAGE); } if (!$_POST['user_login']) { ilUtil::sendFailure($this->lng->txt('pays_no_username_given')); $this->vendorsObject(); return true; } if (!($usr_id = ilObjUser::getUserIdByLogin(ilUtil::stripSlashes($_POST['user_login'])))) { ilUtil::sendFailure($this->lng->txt('pays_no_valid_username_given')); $this->vendorsObject(); return true; } if ($this->vendors_obj->isAssigned($usr_id)) { ilUtil::sendFailure($this->lng->txt('pays_user_already_assigned')); $this->vendorsObject(); return true; } $this->vendors_obj->add($usr_id); ilUtil::sendSuccess($this->lng->txt('pays_added_vendor')); $this->vendorsObject(); return true; }
/** * check if recipients are valid * @access public * @param string string with login names or group names (start with #) * @return Returns an empty string, if all recipients are okay. * Returns a string with invalid recipients, if some are not okay. */ function checkRecipients($a_recipients, $a_type) { global $rbacsystem, $rbacreview; $wrong_rcps = ''; $this->validatePear($a_recipients); if (ilMail::_usePearMail() && $this->getUsePear()) { $tmp_rcp = $this->explodeRecipients($a_recipients, $this->getUsePear()); if (is_a($tmp_rcp, 'PEAR_Error')) { $colon_pos = strpos($tmp_rcp->message, ':'); $wrong_rcps = '<br />' . ($colon_pos === false ? $tmp_rcp->message : substr($tmp_rcp->message, $colon_pos + 2)); } else { foreach ($tmp_rcp as $rcp) { // NO ROLE MAIL ADDRESS if (substr($rcp->mailbox, 0, 1) != '#') { // ALL RECIPIENTS MUST EITHER HAVE A VALID LOGIN OR A VALID EMAIL $user_id = $rcp->host == 'ilias' ? ilObjUser::getUserIdByLogin(addslashes($rcp->mailbox)) : false; if ($user_id == false && $rcp->host == 'ilias') { $wrong_rcps .= "<br />" . htmlentities($rcp->mailbox); continue; } // CHECK IF USER CAN RECEIVE MAIL if ($user_id) { if (!$rbacsystem->checkAccessOfUser($user_id, "internal_mail", $this->getMailObjectReferenceId())) { $wrong_rcps .= "<br />" . htmlentities($rcp->mailbox) . " (" . $this->lng->txt("user_cant_receive_mail") . ")"; continue; } } } else { if (substr($rcp->mailbox, 0, 7) == '#il_ml_') { if (!$this->mlists->mailingListExists($rcp->mailbox)) { $wrong_rcps .= "<br />" . htmlentities($rcp->mailbox) . " (" . $this->lng->txt("mail_no_valid_mailing_list") . ")"; } continue; } else { $role_ids = $rbacreview->searchRolesByMailboxAddressList($rcp->mailbox . '@' . $rcp->host); if (!$this->mail_to_global_roles && is_array($role_ids)) { foreach ($role_ids as $role_id) { if ($rbacreview->isGlobalRole($role_id)) { include_once 'Services/Mail/exceptions/class.ilMailException.php'; throw new ilMailException('mail_to_global_roles_not_allowed'); } } } if (count($role_ids) == 0) { $wrong_rcps .= '<br />' . htmlentities($rcp->mailbox) . ' (' . $this->lng->txt('mail_no_recipient_found') . ')'; continue; } else { if (count($role_ids) > 1) { $wrong_rcps .= '<br/>' . htmlentities($rcp->mailbox) . ' (' . sprintf($this->lng->txt('mail_multiple_recipients_found'), implode(',', $role_ids)) . ')'; } } } } } } } else { $tmp_rcp = $this->explodeRecipients($a_recipients, $this->getUsePear()); foreach ($tmp_rcp as $rcp) { if (empty($rcp)) { continue; } // NO GROUP if (substr($rcp, 0, 1) != '#') { // ALL RECIPIENTS MUST EITHER HAVE A VALID LOGIN OR A VALID EMAIL if (!ilObjUser::getUserIdByLogin(addslashes($rcp)) and !ilUtil::is_email($rcp)) { $wrong_rcps .= "<br />" . htmlentities($rcp); continue; } // CHECK IF USER CAN RECEIVE MAIL if ($user_id = ilObjUser::getUserIdByLogin(addslashes($rcp))) { if (!$rbacsystem->checkAccessOfUser($user_id, "internal_mail", $this->getMailObjectReferenceId())) { $wrong_rcps .= "<br />" . htmlentities($rcp) . " (" . $this->lng->txt("user_cant_receive_mail") . ")"; continue; } } } else { if (substr($rcp, 0, 7) == '#il_ml_') { if (!$this->mlists->mailingListExists($rcp)) { $wrong_rcps .= "<br />" . htmlentities($rcp) . " (" . $this->lng->txt("mail_no_valid_mailing_list") . ")"; } continue; } else { if (ilUtil::groupNameExists(addslashes(substr($rcp, 1)))) { continue; } else { if (!$rbacreview->roleExists(addslashes(substr($rcp, 1)))) { $wrong_rcps .= "<br />" . htmlentities($rcp) . " (" . $this->lng->txt("mail_no_valid_group_role") . ")"; continue; } else { if (!$this->mail_to_global_roles) { $role_id = $rbacreview->roleExists(addslashes(substr($rcp, 1))); if ((int) $role_id && $rbacreview->isGlobalRole($role_id)) { include_once 'Services/Mail/exceptions/class.ilMailException.php'; throw new ilMailException('mail_to_global_roles_not_allowed'); } } } } } } } } return $wrong_rcps; }
/** * handler for end of element when in verify mode. */ function verifyEndTag($a_xml_parser, $a_name) { global $lng, $ilAccess, $ilSetting, $ilObjDataCache; switch ($a_name) { case "Role": $this->roles[$this->current_role_id]["name"] = $this->cdata; $this->roles[$this->current_role_id]["type"] = $this->current_role_type; $this->roles[$this->current_role_id]["action"] = $this->current_role_action; break; case "User": $this->userObj->setFullname(); if ($this->user_id != -1 && $this->action == "Update") { $user_exists = !is_null(ilObjUser::_lookupLogin($this->user_id)); } else { $user_exists = ilObjUser::getUserIdByLogin($this->userObj->getLogin()) != 0; } if (is_null($this->userObj->getLogin())) { $this->logFailure("---", sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Login", "Insert")); } switch ($this->action) { case "Insert": if ($user_exists and $this->conflict_rule == IL_FAIL_ON_CONFLICT) { $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_insert")); } if (is_null($this->userObj->getGender()) && $this->isFieldRequired("gender")) { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Gender", "Insert")); } if (is_null($this->userObj->getFirstname())) { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Firstname", "Insert")); } if (is_null($this->userObj->getLastname())) { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Lastname", "Insert")); } if (count($this->roles) == 0) { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Role", "Insert")); } else { $has_global_role = false; foreach ($this->roles as $role) { if ($role['type'] == 'Global') { $has_global_role = true; break; } } if (!$has_global_role) { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_global_role_for_action_required"), "Insert")); } } break; case "Update": if (!$user_exists) { $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_update")); } elseif ($this->user_id != -1 && !is_null($this->userObj->getLogin())) { $someonesId = ilObjUser::_lookupId($this->userObj->getLogin()); if (is_numeric($someonesId) && $someonesId != $this->user_id) { $this->logFailure($this->userObj->getLogin(), $lng->txt("usrimport_login_is_not_unique")); } } break; case "Delete": if (!$user_exists) { $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_delete")); } break; } // init role array for next user $this->roles = array(); break; case "Login": if (array_key_exists($this->cdata, $this->logins)) { $this->logWarning($this->cdata, $lng->txt("usrimport_login_is_not_unique")); } else { $this->logins[$this->cdata] = $this->cdata; } $this->userObj->setLogin($this->cdata); break; case "Password": switch ($this->currPasswordType) { case "ILIAS2": $this->userObj->setPasswd($this->cdata, IL_PASSWD_CRYPT); break; case "ILIAS3": $this->userObj->setPasswd($this->cdata, IL_PASSWD_MD5); break; case "PLAIN": $this->userObj->setPasswd($this->cdata, IL_PASSWD_PLAIN); $this->acc_mail->setUserPassword($this->currPassword); break; default: $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_attribute_value_illegal"), "Type", "Password", $this->currPasswordType)); break; } break; case "Firstname": $this->userObj->setFirstname($this->cdata); break; case "Lastname": $this->userObj->setLastname($this->cdata); break; case "Title": $this->userObj->setUTitle($this->cdata); break; case "Gender": if ($this->cdata != "m" && $this->cdata != "f") { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Gender", $this->cdata)); } $this->userObj->setGender($this->cdata); break; case "Email": $this->userObj->setEmail($this->cdata); break; case "Institution": $this->userObj->setInstitution($this->cdata); break; case "Street": $this->userObj->setStreet($this->cdata); break; case "City": $this->userObj->setCity($this->cdata); break; case "PostalCode": $this->userObj->setZipCode($this->cdata); break; case "Country": $this->userObj->setCountry($this->cdata); break; case "PhoneOffice": $this->userObj->setPhoneOffice($this->cdata); break; case "PhoneHome": $this->userObj->setPhoneHome($this->cdata); break; case "PhoneMobile": $this->userObj->setPhoneMobile($this->cdata); break; case "Fax": $this->userObj->setFax($this->cdata); break; case "Hobby": $this->userObj->setHobby($this->cdata); break; case "Comment": $this->userObj->setComment($this->cdata); break; case "Department": $this->userObj->setDepartment($this->cdata); break; case "Matriculation": $this->userObj->setMatriculation($this->cdata); break; case "ExternalAccount": //echo "-".$this->userObj->getAuthMode()."-".$this->userObj->getLogin()."-"; $am = $this->userObj->getAuthMode() == "default" || $this->userObj->getAuthMode() == "" ? ilAuthUtils::_getAuthModeName($ilSetting->get('auth_mode')) : $this->userObj->getAuthMode(); $loginForExternalAccount = trim($this->cdata) == "" ? "" : ilObjUser::_checkExternalAuthAccount($am, trim($this->cdata)); switch ($this->action) { case "Insert": if ($loginForExternalAccount != "") { $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_insert_ext_account_exists") . " (" . $this->cdata . ")"); } break; case "Update": if ($loginForExternalAccount != "") { $externalAccountHasChanged = trim($this->cdata) != ilObjUser::_lookupExternalAccount($this->user_id); if ($externalAccountHasChanged && trim($loginForExternalAccount) != trim($this->userObj->getLogin())) { $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_update_ext_account_exists") . " (" . $this->cdata . " for " . $loginForExternalAccount . ")"); } } break; } if ($externalAccountHasChanged) { $this->userObj->setExternalAccount(trim($this->cdata)); } break; case "Active": if ($this->cdata != "true" && $this->cdata != "false") { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Active", $this->cdata)); } $this->currActive = $this->cdata; break; case "TimeLimitOwner": if (!preg_match("/\\d+/", $this->cdata)) { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata)); } elseif (!$ilAccess->checkAccess('cat_administrate_users', '', $this->cdata)) { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata)); } elseif ($ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($this->cdata)) != 'cat' && !(int) $this->cdata == USER_FOLDER_ID) { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata)); } $this->userObj->setTimeLimitOwner($this->cdata); break; case "TimeLimitUnlimited": switch (strtolower($this->cdata)) { case "true": case "1": $this->userObj->setTimeLimitUnlimited(1); break; case "false": case "0": $this->userObj->setTimeLimitUnlimited(0); break; default: $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUnlimited", $this->cdata)); break; } break; case "TimeLimitFrom": // Accept datetime or Unix timestamp if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitFrom", $this->cdata)); } $this->userObj->setTimeLimitFrom($this->cdata); break; case "TimeLimitUntil": // Accept datetime or Unix timestamp if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUntil", $this->cdata)); } $this->userObj->setTimeLimitUntil($this->cdata); break; case "TimeLimitMessage": switch (strtolower($this->cdata)) { case "1": $this->userObj->setTimeLimitMessage(1); break; case "0": $this->userObj->setTimeLimitMessage(0); break; default: $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitMessage", $this->cdata)); break; } break; case "ApproveDate": // Accept datetime or Unix timestamp if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "ApproveDate", $this->cdata)); } break; case "AgreeDate": // Accept datetime or Unix timestamp if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "AgreeDate", $this->cdata)); } break; case "iLincID": if (!preg_match("/\\d+/", $this->cdata)) { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincID", $this->cdata)); } break; case "iLincUser": if (!preg_match("/\\w+/", $this->cdata)) { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincUser", $this->cdata)); } break; case "iLincPasswd": if (!preg_match("/\\w+/", $this->cdata)) { $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincPasswd", $this->cdata)); } break; case "Pref": if ($this->currentPrefKey != null) { $this->verifyPref($this->currentPrefKey, $this->cdata); } $this->currentPrefKey == null; } }
function addUser() { if (!$_POST['trustee_login']) { ilUtil::sendInfo($this->lng->txt('paya_enter_login')); $this->showTrustees(); return false; } if (!($user_id = ilObjUser::getUserIdByLogin($_POST['trustee_login']))) { ilUtil::sendInfo($this->lng->txt('paya_no_valid_login')); $this->showTrustees(); return false; } if ($this->trustee_obj->isTrustee($user_id)) { ilUtil::sendInfo($this->lng->txt('paya_user_already_assigned')); $this->showTrustees(); return false; } if ($user_id == $this->user_obj->getId()) { ilUtil::sendInfo($this->lng->txt('paya_not_assign_yourself')); $this->showTrustees(); return false; } // checks passed => add trustee $this->trustee_obj->setTrusteeId($user_id); $this->trustee_obj->toggleObjectPermission(true); $this->trustee_obj->toggleStatisticPermission(true); $this->trustee_obj->toggleCouponsPermission(true); $this->trustee_obj->add(); ilUtil::sendInfo($this->lng->txt('paya_added_trustee')); $this->showTrustees(); return true; }
/** Reads the submitted data from the password assistance form. * * The following form fields are read as HTTP POST parameters: * username * email * * If the submitted username and email address matches an entry in the user data * table, then ILIAS creates a password assistance session for the user, and * sends a password assistance mail to the email address. * For details about the creation of the session and the e-mail see function * sendPasswordAssistanceMail(). */ function submitAssistanceForm() { global $tpl, $ilias, $lng, $rbacadmin, $rbacreview; require_once './Services/User/classes/class.ilObjUser.php'; require_once "./Services/Utilities/classes/class.ilUtil.php"; // Retrieve form data $username = ilUtil::stripSlashes($_POST["username"]); $email = ilUtil::stripSlashes($_POST["email"]); // Retrieve a user object with matching user name and email address. $userObj = null; $userid = ilObjUser::getUserIdByLogin($username); $txt_key = "pwassist_invalid_username_or_email"; if ($userid != 0) { $userObj = new ilObjUser($userid); if (strcasecmp($userObj->getEmail(), $email) != 0) { $userObj = null; } elseif (!strlen($email)) { $userObj = null; $txt_key = 'pwassist_no_email_found'; } else { if ($userObj->getAuthMode(true) != AUTH_LOCAL || $userObj->getAuthMode(true) == AUTH_DEFAULT && AUTH_DEFAULT != AUTH_LOCAL) { $userObj = null; $txt_key = "pwassist_invalid_auth_mode"; } } } // No matching user object found? // Show the password assistance form again, and display an error message. if ($userObj == null) { $this->showAssistanceForm($lng->txt($txt_key), $username, $email); } else { // FIXME: Extend this if-statement to check whether the user // has the permission to use the password assistance function. // The anonymous user and users who are system administrators are // not allowed to use this feature if ($rbacreview->isAssigned($userObj->getID, ANONYMOUS_ROLE_ID) || $rbacreview->isAssigned($userObj->getID, SYSTEM_ROLE_ID)) { $this->showAssistanceForm($lng->txt("pwassist_not_permitted"), $username, $email); } else { $this->sendPasswordAssistanceMail($userObj); $this->showMessageForm(null, sprintf($lng->txt("pwassist_mail_sent"), $email)); } } }
/** * Automatically generates the username/screenname of a Shibboleth user or returns * the user's already existing username * * @access private * @return String Generated username */ function generateLogin() { global $ilias, $ilDB; $shibID = $_SERVER[$ilias->getSetting('shib_login')]; $lastname = $this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]); $firstname = $this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]); if (trim($shibID) == "") { return; } //***********************************************// // For backwards compatibility with previous versions // We use the passwd field as mapping attribute for Shibboleth users // because they don't need a password $ilias->db->query("UPDATE usr_data SET auth_mode='shibboleth', passwd=" . $ilDB->quote(md5(end(ilUtil::generatePasswords(1)))) . ", ext_account=" . $ilDB->quote($shibID) . " WHERE passwd=" . $ilDB->quote($shibID)); //***********************************************// // Let's see if user already is registered $local_user = ilObjUser::_checkExternalAuthAccount("shibboleth", $shibID); if ($local_user) { return $local_user; } // Let's see if user already is registered but authenticates by ldap $local_user = ilObjUser::_checkExternalAuthAccount("ldap", $shibID); if ($local_user) { return $local_user; } // User doesn't seem to exist yet // Generate new username // This can be overruled by the data conversion API but you have // to do it yourself in that case // Generate the username out of the first character of firstname and the // first word in lastname (adding the second one if the login is too short, // avoiding meaningless last names like 'von' or 'd' and eliminating // non-ASCII-characters, spaces, dashes etc. $ln_arr = preg_split("/[ '-;]/", $lastname); $login = substr($this->toAscii($firstname), 0, 1) . "." . $this->toAscii($ln_arr[0]); if (strlen($login) < 6) { $login .= $this->toAscii($ln_arr[1]); } $prefix = strtolower($login); // If the user name didn't contain any ASCII characters, assign the // name 'shibboleth' followed by a number, starting with 1. if (strlen($prefix) == 0) { $prefix = 'shibboleth'; $number = 1; } else { // Try if the login name is not already taken if (!ilObjUser::getUserIdByLogin($prefix)) { return $prefix; } // If the login name is in use, append a number, starting with 2. $number = 2; } // Append a number, if the username is already taken while (ilObjUser::getUserIdByLogin($prefix . $number)) { $number++; } return $prefix . $number; }
function lookupUser($sid, $user_name) { $this->initAuth($sid); $this->initIlias(); if (!$this->__checkSession($sid)) { return $this->__raiseError($this->__getMessage(), $this->__getMessageCode()); } if (!strlen($user_name)) { return $this->__raiseError('No username given. Aborting', 'Client'); } global $rbacsystem, $ilUser; if (strcasecmp($ilUser->getLogin(), $user_name) != 0 && !$rbacsystem->checkAccess('read', USER_FOLDER_ID)) { return $this->__raiseError('Check access failed. ' . USER_FOLDER_ID, 'Server'); } $user_id = ilObjUser::getUserIdByLogin($user_name); return $user_id ? $user_id : "0"; }
/** * Reads the submitted data from the password assistance form. * The following form fields are read as HTTP POST parameters: * username * email * If the submitted username and email address matches an entry in the user data * table, then ILIAS creates a password assistance session for the user, and * sends a password assistance mail to the email address. * For details about the creation of the session and the e-mail see function * sendPasswordAssistanceMail(). */ public function submitAssistanceForm() { $form = $this->getAssistanceForm(); if (!$form->checkInput()) { $form->setValuesByPost(); $this->showAssistanceForm($form); return; } $username = $form->getInput('username'); $email = $form->getInput('email'); $userObj = null; $userid = ilObjUser::getUserIdByLogin($username); $txt_key = 'pwassist_invalid_username_or_email'; if ($userid != 0) { $userObj = new ilObjUser($userid); if (strcasecmp($userObj->getEmail(), $email) != 0) { $userObj = null; } elseif (!strlen($email)) { $userObj = null; $txt_key = 'pwassist_no_email_found'; } else { if ($userObj->getAuthMode(true) != AUTH_LOCAL || $userObj->getAuthMode(true) == AUTH_DEFAULT && AUTH_DEFAULT != AUTH_LOCAL) { $userObj = null; $txt_key = 'pwassist_invalid_auth_mode'; } } } // No matching user object found? // Show the password assistance form again, and display an error message. if ($userObj == null) { ilUtil::sendFailure(str_replace("\\n", '', $this->lng->txt($txt_key))); $form->setValuesByPost(); $this->showAssistanceForm($form); } else { // Matching user object found? // Check if the user is permitted to use the password assistance function, // and then send a password assistance mail to the email address. // FIXME: Extend this if-statement to check whether the user // has the permission to use the password assistance function. // The anonymous user and users who are system administrators are // not allowed to use this feature if ($this->rbacreview->isAssigned($userObj->getId, ANONYMOUS_ROLE_ID) || $this->rbacreview->isAssigned($userObj->getId, SYSTEM_ROLE_ID)) { ilUtil::sendFailure(str_replace("\\n", '', $this->lng->txt('pwassist_not_permitted'))); $form->setValuesByPost(); $this->showAssistanceForm($form); } else { $this->sendPasswordAssistanceMail($userObj); $this->showMessageForm(sprintf($this->lng->txt('pwassist_mail_sent'), $email)); } } }