/**
*
* JKN Patch, if naflogin is triggered do the assignments(only triggered when a new user account is created with naf plugin)
*
*/
public function handleEvent($a_component, $a_event, $a_parameter)
{
if ($a_component == 'Services/Authentication' && ($a_event == 'nafLogin' || $a_event == 'afterLogin')) {
/**
* @var $ilUser ilObjUser
*/
if (is_null($a_parameter['user_obj']) && $a_parameter['username'] !== 'anonymous') {
$ilUser = new ilObjUser(ilObjUser::getUserIdByLogin($a_parameter['username']));
} else {
$ilUser = $a_parameter['user_obj'];
}
if ($ilUser instanceof ilObjUser) {
foreach (ilUserSetting::where(array('status' => ilUserSetting::STATUS_ACTIVE))->get() as $ilUserSetting) {
$ilUserSetting->doAssignements($ilUser);
}
}
}
}
function validateInfoSettings()
{
global $ilErr;
$error = false;
if ($this->getContactEmail()) {
$emails = split(",", $this->getContactEmail());
foreach ($emails as $email) {
$email = trim($email);
if (!(ilUtil::is_email($email) or ilObjUser::getUserIdByLogin($email))) {
$ilErr->appendMessage($this->lng->txt('contact_email_not_valid') . " '" . $email . "'");
$error = true;
}
}
}
return !$error;
}
function addVendorObject()
{
global $rbacsystem;
// MINIMUM ACCESS LEVEL = 'administrate'
if (!$rbacsystem->checkAccess('write', $this->object->getRefId())) {
$this->ilErr->raiseError($this->lng->txt('msg_no_perm_write'), $this->ilErr->MESSAGE);
}
if (!$_POST['user_login']) {
ilUtil::sendFailure($this->lng->txt('pays_no_username_given'));
$this->vendorsObject();
return true;
}
if (!($usr_id = ilObjUser::getUserIdByLogin(ilUtil::stripSlashes($_POST['user_login'])))) {
ilUtil::sendFailure($this->lng->txt('pays_no_valid_username_given'));
$this->vendorsObject();
return true;
}
if ($this->vendors_obj->isAssigned($usr_id)) {
ilUtil::sendFailure($this->lng->txt('pays_user_already_assigned'));
$this->vendorsObject();
return true;
}
$this->vendors_obj->add($usr_id);
ilUtil::sendSuccess($this->lng->txt('pays_added_vendor'));
$this->vendorsObject();
return true;
}
/**
* check if recipients are valid
* @access public
* @param string string with login names or group names (start with #)
* @return Returns an empty string, if all recipients are okay.
* Returns a string with invalid recipients, if some are not okay.
*/
function checkRecipients($a_recipients, $a_type)
{
global $rbacsystem, $rbacreview;
$wrong_rcps = '';
$this->validatePear($a_recipients);
if (ilMail::_usePearMail() && $this->getUsePear()) {
$tmp_rcp = $this->explodeRecipients($a_recipients, $this->getUsePear());
if (is_a($tmp_rcp, 'PEAR_Error')) {
$colon_pos = strpos($tmp_rcp->message, ':');
$wrong_rcps = '<br />' . ($colon_pos === false ? $tmp_rcp->message : substr($tmp_rcp->message, $colon_pos + 2));
} else {
foreach ($tmp_rcp as $rcp) {
// NO ROLE MAIL ADDRESS
if (substr($rcp->mailbox, 0, 1) != '#') {
// ALL RECIPIENTS MUST EITHER HAVE A VALID LOGIN OR A VALID EMAIL
$user_id = $rcp->host == 'ilias' ? ilObjUser::getUserIdByLogin(addslashes($rcp->mailbox)) : false;
if ($user_id == false && $rcp->host == 'ilias') {
$wrong_rcps .= "<br />" . htmlentities($rcp->mailbox);
continue;
}
// CHECK IF USER CAN RECEIVE MAIL
if ($user_id) {
if (!$rbacsystem->checkAccessOfUser($user_id, "internal_mail", $this->getMailObjectReferenceId())) {
$wrong_rcps .= "<br />" . htmlentities($rcp->mailbox) . " (" . $this->lng->txt("user_cant_receive_mail") . ")";
continue;
}
}
} else {
if (substr($rcp->mailbox, 0, 7) == '#il_ml_') {
if (!$this->mlists->mailingListExists($rcp->mailbox)) {
$wrong_rcps .= "<br />" . htmlentities($rcp->mailbox) . " (" . $this->lng->txt("mail_no_valid_mailing_list") . ")";
}
continue;
} else {
$role_ids = $rbacreview->searchRolesByMailboxAddressList($rcp->mailbox . '@' . $rcp->host);
if (!$this->mail_to_global_roles && is_array($role_ids)) {
foreach ($role_ids as $role_id) {
if ($rbacreview->isGlobalRole($role_id)) {
include_once 'Services/Mail/exceptions/class.ilMailException.php';
throw new ilMailException('mail_to_global_roles_not_allowed');
}
}
}
if (count($role_ids) == 0) {
$wrong_rcps .= '<br />' . htmlentities($rcp->mailbox) . ' (' . $this->lng->txt('mail_no_recipient_found') . ')';
continue;
} else {
if (count($role_ids) > 1) {
$wrong_rcps .= '<br/>' . htmlentities($rcp->mailbox) . ' (' . sprintf($this->lng->txt('mail_multiple_recipients_found'), implode(',', $role_ids)) . ')';
}
}
}
}
}
}
} else {
$tmp_rcp = $this->explodeRecipients($a_recipients, $this->getUsePear());
foreach ($tmp_rcp as $rcp) {
if (empty($rcp)) {
continue;
}
// NO GROUP
if (substr($rcp, 0, 1) != '#') {
// ALL RECIPIENTS MUST EITHER HAVE A VALID LOGIN OR A VALID EMAIL
if (!ilObjUser::getUserIdByLogin(addslashes($rcp)) and !ilUtil::is_email($rcp)) {
$wrong_rcps .= "<br />" . htmlentities($rcp);
continue;
}
// CHECK IF USER CAN RECEIVE MAIL
if ($user_id = ilObjUser::getUserIdByLogin(addslashes($rcp))) {
if (!$rbacsystem->checkAccessOfUser($user_id, "internal_mail", $this->getMailObjectReferenceId())) {
$wrong_rcps .= "<br />" . htmlentities($rcp) . " (" . $this->lng->txt("user_cant_receive_mail") . ")";
continue;
}
}
} else {
if (substr($rcp, 0, 7) == '#il_ml_') {
if (!$this->mlists->mailingListExists($rcp)) {
$wrong_rcps .= "<br />" . htmlentities($rcp) . " (" . $this->lng->txt("mail_no_valid_mailing_list") . ")";
}
continue;
} else {
if (ilUtil::groupNameExists(addslashes(substr($rcp, 1)))) {
continue;
} else {
if (!$rbacreview->roleExists(addslashes(substr($rcp, 1)))) {
$wrong_rcps .= "<br />" . htmlentities($rcp) . " (" . $this->lng->txt("mail_no_valid_group_role") . ")";
continue;
} else {
if (!$this->mail_to_global_roles) {
$role_id = $rbacreview->roleExists(addslashes(substr($rcp, 1)));
if ((int) $role_id && $rbacreview->isGlobalRole($role_id)) {
include_once 'Services/Mail/exceptions/class.ilMailException.php';
throw new ilMailException('mail_to_global_roles_not_allowed');
}
}
}
}
}
}
}
}
return $wrong_rcps;
}
/**
* handler for end of element when in verify mode.
*/
function verifyEndTag($a_xml_parser, $a_name)
{
global $lng, $ilAccess, $ilSetting, $ilObjDataCache;
switch ($a_name) {
case "Role":
$this->roles[$this->current_role_id]["name"] = $this->cdata;
$this->roles[$this->current_role_id]["type"] = $this->current_role_type;
$this->roles[$this->current_role_id]["action"] = $this->current_role_action;
break;
case "User":
$this->userObj->setFullname();
if ($this->user_id != -1 && $this->action == "Update") {
$user_exists = !is_null(ilObjUser::_lookupLogin($this->user_id));
} else {
$user_exists = ilObjUser::getUserIdByLogin($this->userObj->getLogin()) != 0;
}
if (is_null($this->userObj->getLogin())) {
$this->logFailure("---", sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Login", "Insert"));
}
switch ($this->action) {
case "Insert":
if ($user_exists and $this->conflict_rule == IL_FAIL_ON_CONFLICT) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_insert"));
}
if (is_null($this->userObj->getGender()) && $this->isFieldRequired("gender")) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Gender", "Insert"));
}
if (is_null($this->userObj->getFirstname())) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Firstname", "Insert"));
}
if (is_null($this->userObj->getLastname())) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Lastname", "Insert"));
}
if (count($this->roles) == 0) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Role", "Insert"));
} else {
$has_global_role = false;
foreach ($this->roles as $role) {
if ($role['type'] == 'Global') {
$has_global_role = true;
break;
}
}
if (!$has_global_role) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_global_role_for_action_required"), "Insert"));
}
}
break;
case "Update":
if (!$user_exists) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_update"));
} elseif ($this->user_id != -1 && !is_null($this->userObj->getLogin())) {
$someonesId = ilObjUser::_lookupId($this->userObj->getLogin());
if (is_numeric($someonesId) && $someonesId != $this->user_id) {
$this->logFailure($this->userObj->getLogin(), $lng->txt("usrimport_login_is_not_unique"));
}
}
break;
case "Delete":
if (!$user_exists) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_delete"));
}
break;
}
// init role array for next user
$this->roles = array();
break;
case "Login":
if (array_key_exists($this->cdata, $this->logins)) {
$this->logWarning($this->cdata, $lng->txt("usrimport_login_is_not_unique"));
} else {
$this->logins[$this->cdata] = $this->cdata;
}
$this->userObj->setLogin($this->cdata);
break;
case "Password":
switch ($this->currPasswordType) {
case "ILIAS2":
$this->userObj->setPasswd($this->cdata, IL_PASSWD_CRYPT);
break;
case "ILIAS3":
$this->userObj->setPasswd($this->cdata, IL_PASSWD_MD5);
break;
case "PLAIN":
$this->userObj->setPasswd($this->cdata, IL_PASSWD_PLAIN);
$this->acc_mail->setUserPassword($this->currPassword);
break;
default:
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_attribute_value_illegal"), "Type", "Password", $this->currPasswordType));
break;
}
break;
case "Firstname":
$this->userObj->setFirstname($this->cdata);
break;
case "Lastname":
$this->userObj->setLastname($this->cdata);
break;
case "Title":
$this->userObj->setUTitle($this->cdata);
break;
case "Gender":
if ($this->cdata != "m" && $this->cdata != "f") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Gender", $this->cdata));
}
$this->userObj->setGender($this->cdata);
break;
case "Email":
$this->userObj->setEmail($this->cdata);
break;
case "Institution":
$this->userObj->setInstitution($this->cdata);
break;
case "Street":
$this->userObj->setStreet($this->cdata);
break;
case "City":
$this->userObj->setCity($this->cdata);
break;
case "PostalCode":
$this->userObj->setZipCode($this->cdata);
break;
case "Country":
$this->userObj->setCountry($this->cdata);
break;
case "PhoneOffice":
$this->userObj->setPhoneOffice($this->cdata);
break;
case "PhoneHome":
$this->userObj->setPhoneHome($this->cdata);
break;
case "PhoneMobile":
$this->userObj->setPhoneMobile($this->cdata);
break;
case "Fax":
$this->userObj->setFax($this->cdata);
break;
case "Hobby":
$this->userObj->setHobby($this->cdata);
break;
case "Comment":
$this->userObj->setComment($this->cdata);
break;
case "Department":
$this->userObj->setDepartment($this->cdata);
break;
case "Matriculation":
$this->userObj->setMatriculation($this->cdata);
break;
case "ExternalAccount":
//echo "-".$this->userObj->getAuthMode()."-".$this->userObj->getLogin()."-";
$am = $this->userObj->getAuthMode() == "default" || $this->userObj->getAuthMode() == "" ? ilAuthUtils::_getAuthModeName($ilSetting->get('auth_mode')) : $this->userObj->getAuthMode();
$loginForExternalAccount = trim($this->cdata) == "" ? "" : ilObjUser::_checkExternalAuthAccount($am, trim($this->cdata));
switch ($this->action) {
case "Insert":
if ($loginForExternalAccount != "") {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_insert_ext_account_exists") . " (" . $this->cdata . ")");
}
break;
case "Update":
if ($loginForExternalAccount != "") {
$externalAccountHasChanged = trim($this->cdata) != ilObjUser::_lookupExternalAccount($this->user_id);
if ($externalAccountHasChanged && trim($loginForExternalAccount) != trim($this->userObj->getLogin())) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_update_ext_account_exists") . " (" . $this->cdata . " for " . $loginForExternalAccount . ")");
}
}
break;
}
if ($externalAccountHasChanged) {
$this->userObj->setExternalAccount(trim($this->cdata));
}
break;
case "Active":
if ($this->cdata != "true" && $this->cdata != "false") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Active", $this->cdata));
}
$this->currActive = $this->cdata;
break;
case "TimeLimitOwner":
if (!preg_match("/\\d+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
} elseif (!$ilAccess->checkAccess('cat_administrate_users', '', $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
} elseif ($ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($this->cdata)) != 'cat' && !(int) $this->cdata == USER_FOLDER_ID) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
}
$this->userObj->setTimeLimitOwner($this->cdata);
break;
case "TimeLimitUnlimited":
switch (strtolower($this->cdata)) {
case "true":
case "1":
$this->userObj->setTimeLimitUnlimited(1);
break;
case "false":
case "0":
$this->userObj->setTimeLimitUnlimited(0);
break;
default:
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUnlimited", $this->cdata));
break;
}
break;
case "TimeLimitFrom":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitFrom", $this->cdata));
}
$this->userObj->setTimeLimitFrom($this->cdata);
break;
case "TimeLimitUntil":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUntil", $this->cdata));
}
$this->userObj->setTimeLimitUntil($this->cdata);
break;
case "TimeLimitMessage":
switch (strtolower($this->cdata)) {
case "1":
$this->userObj->setTimeLimitMessage(1);
break;
case "0":
$this->userObj->setTimeLimitMessage(0);
break;
default:
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitMessage", $this->cdata));
break;
}
break;
case "ApproveDate":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "ApproveDate", $this->cdata));
}
break;
case "AgreeDate":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "AgreeDate", $this->cdata));
}
break;
case "iLincID":
if (!preg_match("/\\d+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincID", $this->cdata));
}
break;
case "iLincUser":
if (!preg_match("/\\w+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincUser", $this->cdata));
}
break;
case "iLincPasswd":
if (!preg_match("/\\w+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincPasswd", $this->cdata));
}
break;
case "Pref":
if ($this->currentPrefKey != null) {
$this->verifyPref($this->currentPrefKey, $this->cdata);
}
$this->currentPrefKey == null;
}
}
function addUser()
{
if (!$_POST['trustee_login']) {
ilUtil::sendInfo($this->lng->txt('paya_enter_login'));
$this->showTrustees();
return false;
}
if (!($user_id = ilObjUser::getUserIdByLogin($_POST['trustee_login']))) {
ilUtil::sendInfo($this->lng->txt('paya_no_valid_login'));
$this->showTrustees();
return false;
}
if ($this->trustee_obj->isTrustee($user_id)) {
ilUtil::sendInfo($this->lng->txt('paya_user_already_assigned'));
$this->showTrustees();
return false;
}
if ($user_id == $this->user_obj->getId()) {
ilUtil::sendInfo($this->lng->txt('paya_not_assign_yourself'));
$this->showTrustees();
return false;
}
// checks passed => add trustee
$this->trustee_obj->setTrusteeId($user_id);
$this->trustee_obj->toggleObjectPermission(true);
$this->trustee_obj->toggleStatisticPermission(true);
$this->trustee_obj->toggleCouponsPermission(true);
$this->trustee_obj->add();
ilUtil::sendInfo($this->lng->txt('paya_added_trustee'));
$this->showTrustees();
return true;
}
/** Reads the submitted data from the password assistance form.
*
* The following form fields are read as HTTP POST parameters:
* username
* email
*
* If the submitted username and email address matches an entry in the user data
* table, then ILIAS creates a password assistance session for the user, and
* sends a password assistance mail to the email address.
* For details about the creation of the session and the e-mail see function
* sendPasswordAssistanceMail().
*/
function submitAssistanceForm()
{
global $tpl, $ilias, $lng, $rbacadmin, $rbacreview;
require_once './Services/User/classes/class.ilObjUser.php';
require_once "./Services/Utilities/classes/class.ilUtil.php";
// Retrieve form data
$username = ilUtil::stripSlashes($_POST["username"]);
$email = ilUtil::stripSlashes($_POST["email"]);
// Retrieve a user object with matching user name and email address.
$userObj = null;
$userid = ilObjUser::getUserIdByLogin($username);
$txt_key = "pwassist_invalid_username_or_email";
if ($userid != 0) {
$userObj = new ilObjUser($userid);
if (strcasecmp($userObj->getEmail(), $email) != 0) {
$userObj = null;
} elseif (!strlen($email)) {
$userObj = null;
$txt_key = 'pwassist_no_email_found';
} else {
if ($userObj->getAuthMode(true) != AUTH_LOCAL || $userObj->getAuthMode(true) == AUTH_DEFAULT && AUTH_DEFAULT != AUTH_LOCAL) {
$userObj = null;
$txt_key = "pwassist_invalid_auth_mode";
}
}
}
// No matching user object found?
// Show the password assistance form again, and display an error message.
if ($userObj == null) {
$this->showAssistanceForm($lng->txt($txt_key), $username, $email);
} else {
// FIXME: Extend this if-statement to check whether the user
// has the permission to use the password assistance function.
// The anonymous user and users who are system administrators are
// not allowed to use this feature
if ($rbacreview->isAssigned($userObj->getID, ANONYMOUS_ROLE_ID) || $rbacreview->isAssigned($userObj->getID, SYSTEM_ROLE_ID)) {
$this->showAssistanceForm($lng->txt("pwassist_not_permitted"), $username, $email);
} else {
$this->sendPasswordAssistanceMail($userObj);
$this->showMessageForm(null, sprintf($lng->txt("pwassist_mail_sent"), $email));
}
}
}
/**
* Automatically generates the username/screenname of a Shibboleth user or returns
* the user's already existing username
*
* @access private
* @return String Generated username
*/
function generateLogin()
{
global $ilias, $ilDB;
$shibID = $_SERVER[$ilias->getSetting('shib_login')];
$lastname = $this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]);
$firstname = $this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]);
if (trim($shibID) == "") {
return;
}
//***********************************************//
// For backwards compatibility with previous versions
// We use the passwd field as mapping attribute for Shibboleth users
// because they don't need a password
$ilias->db->query("UPDATE usr_data SET auth_mode='shibboleth', passwd=" . $ilDB->quote(md5(end(ilUtil::generatePasswords(1)))) . ", ext_account=" . $ilDB->quote($shibID) . " WHERE passwd=" . $ilDB->quote($shibID));
//***********************************************//
// Let's see if user already is registered
$local_user = ilObjUser::_checkExternalAuthAccount("shibboleth", $shibID);
if ($local_user) {
return $local_user;
}
// Let's see if user already is registered but authenticates by ldap
$local_user = ilObjUser::_checkExternalAuthAccount("ldap", $shibID);
if ($local_user) {
return $local_user;
}
// User doesn't seem to exist yet
// Generate new username
// This can be overruled by the data conversion API but you have
// to do it yourself in that case
// Generate the username out of the first character of firstname and the
// first word in lastname (adding the second one if the login is too short,
// avoiding meaningless last names like 'von' or 'd' and eliminating
// non-ASCII-characters, spaces, dashes etc.
$ln_arr = preg_split("/[ '-;]/", $lastname);
$login = substr($this->toAscii($firstname), 0, 1) . "." . $this->toAscii($ln_arr[0]);
if (strlen($login) < 6) {
$login .= $this->toAscii($ln_arr[1]);
}
$prefix = strtolower($login);
// If the user name didn't contain any ASCII characters, assign the
// name 'shibboleth' followed by a number, starting with 1.
if (strlen($prefix) == 0) {
$prefix = 'shibboleth';
$number = 1;
} else {
// Try if the login name is not already taken
if (!ilObjUser::getUserIdByLogin($prefix)) {
return $prefix;
}
// If the login name is in use, append a number, starting with 2.
$number = 2;
}
// Append a number, if the username is already taken
while (ilObjUser::getUserIdByLogin($prefix . $number)) {
$number++;
}
return $prefix . $number;
}
function lookupUser($sid, $user_name)
{
$this->initAuth($sid);
$this->initIlias();
if (!$this->__checkSession($sid)) {
return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
}
if (!strlen($user_name)) {
return $this->__raiseError('No username given. Aborting', 'Client');
}
global $rbacsystem, $ilUser;
if (strcasecmp($ilUser->getLogin(), $user_name) != 0 && !$rbacsystem->checkAccess('read', USER_FOLDER_ID)) {
return $this->__raiseError('Check access failed. ' . USER_FOLDER_ID, 'Server');
}
$user_id = ilObjUser::getUserIdByLogin($user_name);
return $user_id ? $user_id : "0";
}
/**
* Reads the submitted data from the password assistance form.
* The following form fields are read as HTTP POST parameters:
* username
* email
* If the submitted username and email address matches an entry in the user data
* table, then ILIAS creates a password assistance session for the user, and
* sends a password assistance mail to the email address.
* For details about the creation of the session and the e-mail see function
* sendPasswordAssistanceMail().
*/
public function submitAssistanceForm()
{
$form = $this->getAssistanceForm();
if (!$form->checkInput()) {
$form->setValuesByPost();
$this->showAssistanceForm($form);
return;
}
$username = $form->getInput('username');
$email = $form->getInput('email');
$userObj = null;
$userid = ilObjUser::getUserIdByLogin($username);
$txt_key = 'pwassist_invalid_username_or_email';
if ($userid != 0) {
$userObj = new ilObjUser($userid);
if (strcasecmp($userObj->getEmail(), $email) != 0) {
$userObj = null;
} elseif (!strlen($email)) {
$userObj = null;
$txt_key = 'pwassist_no_email_found';
} else {
if ($userObj->getAuthMode(true) != AUTH_LOCAL || $userObj->getAuthMode(true) == AUTH_DEFAULT && AUTH_DEFAULT != AUTH_LOCAL) {
$userObj = null;
$txt_key = 'pwassist_invalid_auth_mode';
}
}
}
// No matching user object found?
// Show the password assistance form again, and display an error message.
if ($userObj == null) {
ilUtil::sendFailure(str_replace("\\n", '', $this->lng->txt($txt_key)));
$form->setValuesByPost();
$this->showAssistanceForm($form);
} else {
// Matching user object found?
// Check if the user is permitted to use the password assistance function,
// and then send a password assistance mail to the email address.
// FIXME: Extend this if-statement to check whether the user
// has the permission to use the password assistance function.
// The anonymous user and users who are system administrators are
// not allowed to use this feature
if ($this->rbacreview->isAssigned($userObj->getId, ANONYMOUS_ROLE_ID) || $this->rbacreview->isAssigned($userObj->getId, SYSTEM_ROLE_ID)) {
ilUtil::sendFailure(str_replace("\\n", '', $this->lng->txt('pwassist_not_permitted')));
$form->setValuesByPost();
$this->showAssistanceForm($form);
} else {
$this->sendPasswordAssistanceMail($userObj);
$this->showMessageForm(sprintf($this->lng->txt('pwassist_mail_sent'), $email));
}
}
}
