Esempio n. 1
0
 /**
  * Save profile
  *
  * @return  void
  */
 private function _saveEntryData()
 {
     $isNew = !$this->_profile->get('uidNumber');
     if (!isset($this->raw->password)) {
         $this->raw->password = null;
     }
     if ($isNew) {
         if (!$this->_profile->get('username')) {
             $valid = false;
             // Try to create from name
             $username = preg_replace('/[^a-z9-0_]/i', '', strtolower($this->_profile->get('name')));
             if (\Hubzero\Utility\Validate::username($username)) {
                 if (!$this->_usernameExists($username)) {
                     $valid = true;
                 }
             }
             // Try to create from portion preceeding @ in email address
             if (!$valid) {
                 $username = strstr($this->_profile->get('email'), '@', true);
                 if (\Hubzero\Utility\Validate::username($username)) {
                     if ($this->_usernameExists($username)) {
                         $valid = true;
                     }
                 }
             }
             // Try to create from whole email address
             if (!$valid) {
                 for ($i = 0; $i <= 99; $i++) {
                     $username = preg_replace('/[^a-z9-0_]/i', '', strtolower($this->_profile->get('name'))) . $i;
                     if (\Hubzero\Utility\Validate::username($username)) {
                         if ($this->_usernameExists($username)) {
                             $valid = true;
                             break;
                         }
                     }
                 }
             }
             if ($valid) {
                 $this->_profile->set('username', $username);
             }
         }
         if (!$this->raw->password) {
             //\Hubzero\User\Helper::random_password();
             $this->raw->password = $this->_profile->get('username');
         }
         $usersConfig = Component::params('com_users');
         $newUsertype = $usersConfig->get('new_usertype');
         if (!$newUsertype) {
             $db = \App::get('db');
             $query = $db->getQuery(true)->select('id')->from('#__usergroups')->where('title = "Registered"');
             $db->setQuery($query);
             $newUsertype = $db->loadResult();
         }
         $user = User::getRoot();
         $user->set('username', $this->_profile->get('username'));
         $user->set('name', $this->_profile->get('name'));
         $user->set('email', $this->_profile->get('email'));
         $user->set('id', 0);
         $user->set('groups', array($newUsertype));
         $user->set('registerDate', Date::of('now')->toSql());
         $user->set('password', $this->raw->password);
         $user->set('password_clear', $this->raw->password);
         $user->save();
         $user->set('password_clear', '');
         // Attempt to get the new user
         $profile = \Hubzero\User\Profile::getInstance($user->get('id'));
         $result = is_object($profile);
         // Did we successfully create an account?
         if ($result) {
             if (!$this->record->entry->get('emailConfirmed', null)) {
                 $this->_profile->set('emailConfirmed', -rand(1, pow(2, 31) - 1));
             }
             $this->_profile->set('uidNumber', $user->get('id'));
             $this->_profile->set('gidNumber', $profile->get('gidNumber'));
             if (!$this->_profile->get('homeDirectory')) {
                 $this->_profile->set('homeDirectory', $profile->get('homeDirectory'));
             }
             if (!$this->_profile->get('loginShell')) {
                 $this->_profile->set('loginShell', $profile->get('loginShell'));
             }
             if (!$this->_profile->get('ftpShell')) {
                 $this->_profile->set('ftpShell', $profile->get('ftpShell'));
             }
             if (!$this->_profile->get('jobsAllowed')) {
                 $this->_profile->set('jobsAllowed', $profile->get('jobsAllowed'));
             }
         }
     }
     if (!$this->_profile->store()) {
         throw new Exception(Lang::txt('Unable to save the entry data.'));
     }
     if ($password = $this->raw->password) {
         /*if ($isNew)
         		{
         			// We need to bypass any hashing
         			$this->raw->password = '******';
         			\Hubzero\User\Password::changePasshash($this->_profile->get('uidNumber'), $password);
         		}
         		else
         		{*/
         \Hubzero\User\Password::changePassword($this->_profile->get('uidNumber'), $password);
         //}
     }
     \Hubzero\User\Password::expirePassword($this->_profile->get('uidNumber'));
     if ($isNew && $this->_options['emailnew'] == 1) {
         $eview = new \Hubzero\Component\View(array('base_path' => PATH_CORE . DS . 'components' . DS . 'com_members' . DS . 'site', 'name' => 'emails', 'layout' => 'confirm'));
         $eview->option = 'com_members';
         $eview->controller = 'register';
         $eview->sitename = Config::get('sitename');
         $eview->login = $this->_profile->get('username');
         $eview->name = $this->_profile->get('name');
         $eview->registerDate = $this->_profile->get('registerDate');
         $eview->confirm = $this->_profile->get('emailConfirmed');
         $eview->baseURL = Request::base();
         $msg = new \Hubzero\Mail\Message();
         $msg->setSubject(Config::get('sitename') . ' ' . Lang::txt('COM_MEMBERS_REGISTER_EMAIL_CONFIRMATION'))->addTo($this->_profile->get('email'))->addFrom(Config::get('mailfrom'), Config::get('sitename') . ' Administrator')->addHeader('X-Component', 'com_members');
         $message = $eview->loadTemplate();
         $message = str_replace("\n", "\r\n", $message);
         $msg->addPart($message, 'text/plain');
         $eview->setLayout('confirm_html');
         $message = $eview->loadTemplate();
         $message = str_replace("\n", "\r\n", $message);
         $msg->addPart($message, 'text/html');
         if (!$msg->send()) {
             array_push($this->record->errors, Lang::txt('COM_MEMBERS_REGISTER_ERROR_EMAILING_CONFIRMATION'));
         }
     }
 }
Esempio n. 2
0
 /**
  * Create a user profile
  *
  * @apiMethod POST
  * @apiUri    /members
  * @return    void
  */
 public function createTask()
 {
     $this->requiresAuthentication();
     // Initialize new usertype setting
     $usersConfig = Component::params('com_users');
     $newUsertype = $usersConfig->get('new_usertype');
     if (!$newUsertype) {
         $db = App::get('db');
         $query = $db->getQuery(true)->select('id')->from('#__usergroups')->where('title = "Registered"');
         $db->setQuery($query);
         $newUsertype = $db->loadResult();
     }
     // Incoming
     $user = User::getInstance();
     $user->set('id', 0);
     $user->set('groups', array($newUsertype));
     $user->set('registerDate', Date::toSql());
     $user->set('name', Request::getVar('name', '', 'post'));
     if (!$user->get('name')) {
         App::abort(500, Lang::txt('No name provided.'));
     }
     $user->set('username', Request::getVar('username', '', 'post'));
     if (!$user->get('username')) {
         App::abort(500, Lang::txt('No username provided.'));
     }
     if (!\Hubzero\Utility\Validate::username($user->get('username'))) {
         App::abort(500, Lang::txt('Username not valid.'));
     }
     $user->set('email', Request::getVar('email', '', 'post'));
     if (!$user->get('email')) {
         App::abort(500, Lang::txt('No email provided.'));
     }
     if (!\Hubzero\Utility\Validate::email($user->get('email'))) {
         App::abort(500, Lang::txt('Email not valid.'));
     }
     $name = explode(' ', $user->get('name'));
     $surname = $user->get('name');
     $givenName = '';
     $middleName = '';
     if (count($name) > 1) {
         $surname = array_pop($name);
         $givenName = array_shift($name);
         $middleName = implode(' ', $name);
     }
     // Set the new info
     $user->set('givenName', $givenName);
     $user->set('middleName', $middleName);
     $user->set('surname', $surname);
     $user->set('activation', -rand(1, pow(2, 31) - 1));
     $user->set('access', 1);
     $user->set('password', $password);
     //$user->set('password_clear', $password);
     $result = $user->save();
     $user->set('password_clear', '');
     $user->set('password', '');
     if ($result) {
         $result = \Hubzero\User\Password::changePassword($user->get('id'), $password);
         // Set password back here in case anything else down the line is looking for it
         $user->set('password', $password);
         $user->save();
     }
     // Did we successfully create/update an account?
     if (!$result) {
         App::abort(500, Lang::txt('Account creation failed.'));
     }
     if ($groups = Request::getVar('groups', array(), 'post')) {
         foreach ($groups as $id) {
             $group = \Hubzero\User\Group::getInstance($id);
             if ($group) {
                 if (!in_array($user->get('id'), $group->get('members'))) {
                     $group->add('members', array($user->get('id')));
                     $group->update();
                 }
             }
         }
     }
     // Create a response object
     $response = new stdClass();
     $response->id = $user->get('id');
     $response->name = $user->get('name');
     $response->email = $user->get('email');
     $response->username = $user->get('username');
     $this->send($response);
 }
Esempio n. 3
0
 /**
  * Create a new user
  *
  * @param      integer $redirect Redirect to main listing?
  * @return     void
  */
 public function newTask($redirect = 1)
 {
     // Check for request forgeries
     Request::checkToken();
     // Incoming profile edits
     $p = Request::getVar('profile', array(), 'post', 'none', 2);
     // Initialize new usertype setting
     $usersConfig = \Component::params('com_users');
     $newUsertype = $usersConfig->get('new_usertype');
     if (!$newUsertype) {
         $db = \App::get('db');
         $query = $db->getQuery(true)->select('id')->from('#__usergroups')->where('title = "Registered"');
         $db->setQuery($query);
         $newUsertype = $db->loadResult();
     }
     // check that username & password are filled
     if (!Validate::username($p['username'])) {
         $this->setError(Lang::txt('COM_MEMBERS_MEMBER_USERNAME_INVALID'));
         $this->addTask();
         return;
     }
     // check email is valid
     if (!Validate::email($p['email'])) {
         $this->setError(Lang::txt('COM_MEMBERS_MEMBER_EMAIL_INVALID'));
         $this->addTask();
         return;
     }
     $name = trim($p['givenName']) . ' ';
     $name .= trim($p['middleName']) != '' ? trim($p['middleName']) . ' ' : '';
     $name .= trim($p['surname']);
     $user = User::getRoot();
     $user->set('username', trim($p['username']));
     $user->set('name', $name);
     $user->set('email', trim($p['email']));
     $user->set('id', 0);
     $user->set('groups', array($newUsertype));
     $user->set('registerDate', Date::toSql());
     $user->set('password', trim($p['password']));
     $user->set('password_clear', trim($p['password']));
     $user->save();
     $user->set('password_clear', '');
     // Attempt to get the new user
     $profile = Profile::getInstance($user->get('id'));
     $result = is_object($profile);
     // Did we successfully create an account?
     if ($result) {
         // Set the new info
         $profile->set('givenName', trim($p['givenName']));
         $profile->set('middleName', trim($p['middleName']));
         $profile->set('surname', trim($p['surname']));
         $profile->set('name', $name);
         $profile->set('emailConfirmed', -rand(1, pow(2, 31) - 1));
         $profile->set('public', 0);
         $profile->set('password', '');
         $result = $profile->store();
     }
     if ($result) {
         $result = \Hubzero\User\Password::changePassword($profile->get('uidNumber'), $p['password']);
         // Set password back here in case anything else down the line is looking for it
         $profile->set('password', $p['password']);
         $profile->store();
     }
     // Did we successfully create/update an account?
     if (!$result) {
         App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), $user->getError(), 'error');
         return;
     }
     // Redirect
     App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=edit&id[]=' . $profile->get('uidNumber'), false), Lang::txt('COM_MEMBERS_MEMBER_SAVED'));
 }
Esempio n. 4
0
 /**
  * Save an entry and return to main listing
  *
  * @return  void
  */
 public function saveTask()
 {
     // Check for request forgeries
     Request::checkToken();
     if (!User::authorise('core.manage', $this->_option) && !User::authorise('core.admin', $this->_option) && !User::authorise('core.create', $this->_option) && !User::authorise('core.edit', $this->_option)) {
         App::abort(403, Lang::txt('JERROR_ALERTNOAUTHOR'));
     }
     // Incoming profile edits
     $fields = Request::getVar('fields', array(), 'post', 'none', 2);
     // Load the profile
     $user = Member::oneOrNew($fields['id']);
     // Get the user before changes so we can
     // compare how data changed later on
     $prev = clone $user;
     // Set the incoming data
     $user->set($fields);
     if ($user->isNew()) {
         $newUsertype = $this->config->get('new_usertype');
         if (!$newUsertype) {
             $newUsertype = Accessgroup::oneByTitle('Registered')->get('id');
         }
         $user->set('accessgroups', array($newUsertype));
         // Check that username is filled
         if (!Validate::username($user->get('username'))) {
             Notify::error(Lang::txt('COM_MEMBERS_MEMBER_USERNAME_INVALID'));
             return $this->editTask($user);
         }
         // Check email is valid
         if (!Validate::email($user->get('email'))) {
             Notify::error(Lang::txt('COM_MEMBERS_MEMBER_EMAIL_INVALID'));
             return $this->editTask($user);
         }
         // Set home directory
         $hubHomeDir = rtrim($this->config->get('homedir'), '/');
         if (!$hubHomeDir) {
             // try to deduce a viable home directory based on sitename or live_site
             $sitename = strtolower(Config::get('sitename'));
             $sitename = preg_replace('/^http[s]{0,1}:\\/\\//', '', $sitename, 1);
             $sitename = trim($sitename, '/ ');
             $sitename_e = explode('.', $sitename, 2);
             if (isset($sitename_e[1])) {
                 $sitename = $sitename_e[0];
             }
             if (!preg_match("/^[a-zA-Z]+[\\-_0-9a-zA-Z\\.]+\$/i", $sitename)) {
                 $sitename = '';
             }
             if (empty($sitename)) {
                 $sitename = strtolower(Request::base());
                 $sitename = preg_replace('/^http[s]{0,1}:\\/\\//', '', $sitename, 1);
                 $sitename = trim($sitename, '/ ');
                 $sitename_e = explode('.', $sitename, 2);
                 if (isset($sitename_e[1])) {
                     $sitename = $sitename_e[0];
                 }
                 if (!preg_match("/^[a-zA-Z]+[\\-_0-9a-zA-Z\\.]+\$/i", $sitename)) {
                     $sitename = '';
                 }
             }
             $hubHomeDir = DS . 'home';
             if (!empty($sitename)) {
                 $hubHomeDir .= DS . $sitename;
             }
         }
         $user->set('homeDirectory', $hubHomeDir . DS . $user->get('username'));
         $user->set('loginShell', '/bin/bash');
         $user->set('ftpShell', '/usr/lib/sftp-server');
         $user->set('registerDate', Date::toSql());
     }
     // Set the new info
     $user->set('givenName', preg_replace('/\\s+/', ' ', trim($fields['givenName'])));
     $user->set('middleName', preg_replace('/\\s+/', ' ', trim($fields['middleName'])));
     $user->set('surname', preg_replace('/\\s+/', ' ', trim($fields['surname'])));
     $name = array($user->get('givenName'), $user->get('middleName'), $user->get('surname'));
     $name = implode(' ', $name);
     $name = preg_replace('/\\s+/', ' ', $name);
     $user->set('name', $name);
     $user->set('modifiedDate', Date::toSql());
     if ($ec = Request::getInt('activation', 0, 'post')) {
         $user->set('activation', $ec);
     } else {
         $user->set('activation', Helpers\Utility::genemailconfirm());
     }
     // Can't block yourself
     if ($user->get('block') && $user->get('id') == User::get('id') && !User::get('block')) {
         Notify::error(Lang::txt('COM_USERS_USERS_ERROR_CANNOT_BLOCK_SELF'));
         return $this->editTask($user);
     }
     // Make sure that we are not removing ourself from Super Admin group
     $iAmSuperAdmin = User::authorise('core.admin');
     if ($iAmSuperAdmin && User::get('id') == $user->get('id')) {
         // Check that at least one of our new groups is Super Admin
         $stillSuperAdmin = false;
         foreach ($fields['accessgroups'] as $group) {
             $stillSuperAdmin = $stillSuperAdmin ? $stillSuperAdmin : \JAccess::checkGroup($group, 'core.admin');
         }
         if (!$stillSuperAdmin) {
             Notify::error(Lang::txt('COM_USERS_USERS_ERROR_CANNOT_DEMOTE_SELF'));
             return $this->editTask($user);
         }
     }
     // Save the changes
     if (!$user->save()) {
         Notify::error($user->getError());
         return $this->editTask($user);
     }
     // Save profile data
     $profile = Request::getVar('profile', array(), 'post', 'none', 2);
     $access = Request::getVar('profileaccess', array(), 'post', 'none', 2);
     foreach ($profile as $key => $data) {
         if (isset($profile[$key]) && is_array($profile[$key])) {
             $profile[$key] = array_filter($profile[$key]);
         }
         if (isset($profile[$key . '_other']) && trim($profile[$key . '_other'])) {
             if (is_array($profile[$key])) {
                 $profile[$key][] = $profile[$key . '_other'];
             } else {
                 $profile[$key] = $profile[$key . '_other'];
             }
             unset($profile[$key . '_other']);
         }
     }
     if (!$user->saveProfile($profile, $access)) {
         Notify::error($user->getError());
         return $this->editTask($user);
     }
     // Do we have a new pass?
     $newpass = trim(Request::getVar('newpass', '', 'post'));
     if ($newpass) {
         // Get password rules and validate
         $password_rules = \Hubzero\Password\Rule::all()->whereEquals('enabled', 1)->rows();
         $validated = \Hubzero\Password\Rule::verify($newpass, $password_rules, $user->get('id'));
         if (!empty($validated)) {
             // Set error
             Notify::error(Lang::txt('COM_MEMBERS_PASSWORD_DOES_NOT_MEET_REQUIREMENTS'));
             $this->validated = $validated;
             $this->_task = 'apply';
         } else {
             // Save password
             \Hubzero\User\Password::changePassword($user->get('username'), $newpass);
         }
     }
     $passinfo = \Hubzero\User\Password::getInstance($user->get('id'));
     if (is_object($passinfo)) {
         // Do we have shadow info to change?
         $shadowMax = Request::getInt('shadowMax', false, 'post');
         $shadowWarning = Request::getInt('shadowWarning', false, 'post');
         $shadowExpire = Request::getVar('shadowExpire', '', 'post');
         if ($shadowMax || $shadowWarning || !is_null($passinfo->get('shadowExpire')) && empty($shadowExpire)) {
             if ($shadowMax) {
                 $passinfo->set('shadowMax', $shadowMax);
             }
             if ($shadowExpire || !is_null($passinfo->get('shadowExpire')) && empty($shadowExpire)) {
                 if (preg_match("/[0-9]{4}-[0-9]{2}-[0-9]{2}/", $shadowExpire)) {
                     $shadowExpire = strtotime($shadowExpire) / 86400;
                     $passinfo->set('shadowExpire', $shadowExpire);
                 } elseif (preg_match("/[0-9]+/", $shadowExpire)) {
                     $passinfo->set('shadowExpire', $shadowExpire);
                 } elseif (empty($shadowExpire)) {
                     $passinfo->set('shadowExpire', NULL);
                 }
             }
             if ($shadowWarning) {
                 $passinfo->set('shadowWarning', $shadowWarning);
             }
             $passinfo->update();
         }
     }
     // Check for spam count
     $reputation = Request::getVar('spam_count', null, 'post');
     if (!is_null($reputation)) {
         $user->reputation->set('spam_count', $reputation);
         $user->reputation->save();
     }
     // Email the user that their account has been approved
     if (!$prev->get('approved') && $this->config->get('useractivation_email')) {
         if (!$this->emailApprovedUser($user)) {
             Notify::error(Lang::txt('COM_MEMBERS_ERROR_EMAIL_FAILED'));
         }
     }
     // Set success message
     Notify::success(Lang::txt('COM_MEMBERS_MEMBER_SAVED'));
     // Drop through to edit form?
     if ($this->getTask() == 'apply') {
         return $this->editTask($user);
     }
     // Redirect
     $this->cancelTask();
 }
Esempio n. 5
0
 /**
  * Save profile
  *
  * @return  void
  */
 private function _saveEntryData()
 {
     $isNew = !$this->record->entry->get('id');
     if (!isset($this->raw->password)) {
         $this->raw->password = null;
     }
     if ($isNew) {
         if (!$this->record->entry->get('username')) {
             $valid = false;
             // Try to create from name
             $username = preg_replace('/[^a-z9-0_]/i', '', strtolower($this->record->entry->get('name')));
             if (Validate::username($username)) {
                 if (!$this->_usernameExists($username)) {
                     $valid = true;
                 }
             }
             // Try to create from portion preceeding @ in email address
             if (!$valid) {
                 $username = strstr($this->record->entry->get('email'), '@', true);
                 if (Validate::username($username)) {
                     if ($this->_usernameExists($username)) {
                         $valid = true;
                     }
                 }
             }
             // Try to create from whole email address
             if (!$valid) {
                 for ($i = 0; $i <= 99; $i++) {
                     $username = preg_replace('/[^a-z9-0_]/i', '', strtolower($this->record->entry->get('name'))) . $i;
                     if (Validate::username($username)) {
                         if ($this->_usernameExists($username)) {
                             $valid = true;
                             break;
                         }
                     }
                 }
             }
             if ($valid) {
                 $this->record->entry->set('username', $username);
             }
         }
         if (!$this->raw->password) {
             $this->raw->password = $this->record->entry->get('username');
         }
         $newUsertype = null;
         if (isset($this->raw->usertype)) {
             if (is_numeric($this->raw->usertype)) {
                 $newUsertype = (int) $this->raw->usertype;
             } else {
                 $db = \App::get('db');
                 $query = $db->getQuery(true)->select('id')->from('#__usergroups')->where('title=' . $db->quote($this->raw->usertype));
                 $db->setQuery($query);
                 $newUsertype = (int) $db->loadResult();
             }
         }
         if (!$newUsertype) {
             $usersConfig = Component::params('com_users');
             $newUsertype = $usersConfig->get('new_usertype');
             if (!$newUsertype) {
                 $db = \App::get('db');
                 $query = $db->getQuery(true)->select('id')->from('#__usergroups')->where('title = "Registered"');
                 $db->setQuery($query);
                 $newUsertype = $db->loadResult();
             }
         }
         $d = Date::of('now');
         if ($this->raw->registerDate) {
             try {
                 $d = Date::of($this->raw->registerDate);
             } catch (Exception $e) {
                 array_push($this->record->errors, $e->getMessage());
             }
         }
         $this->record->entry->set('id', 0);
         $this->record->entry->set('accessgroups', array($newUsertype));
         $this->record->entry->set('registerDate', $d->toSql());
         $this->record->entry->set('password', $this->raw->password);
         if (!$this->record->entry->get('activation', null)) {
             $this->record->entry->set('activation', -rand(1, pow(2, 31) - 1));
         }
     }
     if (!$this->record->entry->save()) {
         throw new Exception(Lang::txt('Unable to save the entry data.'));
     }
     if (!empty($this->_profile)) {
         if (!$this->record->entry->saveProfile($this->_profile)) {
             throw new Exception($this->record->entry->getError());
         }
     }
     if ($this->raw->password) {
         \Hubzero\User\Password::changePassword($this->record->entry->get('id'), $this->raw->password);
         \Hubzero\User\Password::expirePassword($this->record->entry->get('id'));
     }
     if ($isNew && $this->_options['emailnew'] == 1) {
         $eview = new \Hubzero\Component\View(array('base_path' => PATH_CORE . DS . 'components' . DS . 'com_members' . DS . 'site', 'name' => 'emails', 'layout' => 'confirm'));
         $eview->option = 'com_members';
         $eview->controller = 'register';
         $eview->sitename = Config::get('sitename');
         $eview->login = $this->record->entry->get('username');
         $eview->name = $this->record->entry->get('name');
         $eview->registerDate = $this->record->entry->get('registerDate');
         $eview->confirm = $this->record->entry->get('activation');
         $eview->baseURL = Request::base();
         $msg = new \Hubzero\Mail\Message();
         $msg->setSubject(Config::get('sitename') . ' ' . Lang::txt('COM_MEMBERS_REGISTER_EMAIL_CONFIRMATION'))->addTo($this->record->entry->get('email'))->addFrom(Config::get('mailfrom'), Config::get('sitename') . ' Administrator')->addHeader('X-Component', 'com_members');
         $message = $eview->loadTemplate();
         $message = str_replace("\n", "\r\n", $message);
         $msg->addPart($message, 'text/plain');
         $eview->setLayout('confirm_html');
         $message = $eview->loadTemplate();
         $message = str_replace("\n", "\r\n", $message);
         $msg->addPart($message, 'text/html');
         if (!$msg->send()) {
             array_push($this->record->errors, Lang::txt('COM_MEMBERS_REGISTER_ERROR_EMAILING_CONFIRMATION'));
         }
     }
 }