function user_create($p_username, $p_password, $p_email = '', $p_access_level = null, $p_protected = false, $p_enabled = true, $p_realname = '') { if (null === $p_access_level) { $p_access_level = config_get('default_new_account_access_level'); } $t_password = auth_process_plain_password($p_password); $c_username = db_prepare_string($p_username); $c_realname = db_prepare_string($p_realname); $c_password = db_prepare_string($t_password); $c_email = db_prepare_string($p_email); $c_access_level = db_prepare_int($p_access_level); $c_protected = db_prepare_bool($p_protected); $c_enabled = db_prepare_bool($p_enabled); user_ensure_name_valid($p_username); user_ensure_name_unique($p_username); user_ensure_realname_valid($p_realname); user_ensure_realname_unique($p_username, $p_realname); email_ensure_valid($p_email); $t_seed = $p_email . $p_username; $t_cookie_string = auth_generate_unique_cookie_string($t_seed); $t_user_table = config_get('mantis_user_table'); $query = "INSERT INTO {$t_user_table}\n\t\t\t\t ( username, email, password, date_created, last_visit,\n\t\t\t\t enabled, access_level, login_count, cookie_string, realname )\n\t\t\t\t VALUES\n\t\t\t\t ( '{$c_username}', '{$c_email}', '{$c_password}', " . db_now() . "," . db_now() . ",\n\t\t\t\t {$c_enabled}, {$c_access_level}, 0, '{$t_cookie_string}', '{$c_realname}')"; db_query($query); # Create preferences for the user $t_user_id = db_insert_id($t_user_table); user_pref_set_default($t_user_id); # Users are added with protected set to FALSE in order to be able to update # preferences. Now set the real value of protected. if ($c_protected) { user_set_field($t_user_id, 'protected', 1); } # Send notification email if (!is_blank($p_email)) { $t_confirm_hash = auth_generate_confirm_hash($t_user_id); email_signup($t_user_id, $p_password, $t_confirm_hash); } return $t_cookie_string; }
function user_create($p_username, $p_password, $p_email = '', $p_access_level = null, $p_protected = false, $p_enabled = true, $p_realname = '', $p_admin_name = '', $p_role = null, $p_agency = null, $p_unit_department = null) { if (null === $p_access_level) { $p_access_level = config_get('default_new_account_access_level'); } #added if (null === $p_role) { $p_role = config_get('default_new_account_role'); } ## #added if (null === $p_agency) { $p_agency = config_get('default_new_account_agency'); } ## #added if (null === $p_unit_department) { $p_unit_department = config_get('default_new_account_unit_department'); } ## $t_password = auth_process_plain_password($p_password); $c_access_level = db_prepare_int($p_access_level); #added $c_role = db_prepare_int($p_role); $c_agency = db_prepare_int($p_agency); $c_unit_department = db_prepare_int($p_unit_department); ## $c_protected = db_prepare_bool($p_protected); $c_enabled = db_prepare_bool($p_enabled); user_ensure_name_valid($p_username); user_ensure_name_unique($p_username); user_ensure_realname_valid($p_realname); user_ensure_realname_unique($p_username, $p_realname); email_ensure_valid($p_email); $t_seed = $p_email . $p_username; $t_cookie_string = auth_generate_unique_cookie_string($t_seed); $t_user_table = db_get_table('mantis_user_table'); #modification effectuée le 10/08/2012## ############################################################################################## /*$query = "INSERT INTO $t_user_table ( username, email, password, date_created, last_visit, enabled, access_level, login_count, cookie_string, realname ) VALUES ( " . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ", " . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ', ' . db_param() . ')'; db_query_bound( $query, Array( $p_username, $p_email, $t_password, db_now(), db_now(), $c_enabled, $c_access_level, 0, $t_cookie_string, $p_realname ) ); */ $query = "INSERT INTO {$t_user_table}\n\t\t\t\t ( username, email, password, date_created, last_visit,\n\t\t\t\t enabled, access_level, login_count, cookie_string, realname, role, agency, unit_department)\n\t\t\t\t VALUES\n\t\t\t\t ( " . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ",\n\t\t\t\t " . db_param() . ',' . db_param() . ',' . db_param() . ',' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ')'; db_query_bound($query, array($p_username, $p_email, $t_password, db_now(), db_now(), $c_enabled, $c_access_level, 0, $t_cookie_string, $p_realname, $p_role, $p_agency, $p_unit_department)); ############################################################################################## ##end## # Create preferences for the user $t_user_id = db_insert_id($t_user_table); # Users are added with protected set to FALSE in order to be able to update # preferences. Now set the real value of protected. if ($c_protected) { user_set_field($t_user_id, 'protected', 1); } # Send notification email if (!is_blank($p_email)) { $t_confirm_hash = auth_generate_confirm_hash($t_user_id); email_signup($t_user_id, $p_password, $t_confirm_hash, $p_admin_name); } return $t_cookie_string; }
$f_protected = gpc_get_bool('protected'); $f_enabled = gpc_get_bool('enabled'); $f_email = gpc_get_string('email', ''); $f_username = gpc_get_string('username', ''); $f_realname = gpc_get_string('realname', ''); $f_access_level = gpc_get_int('access_level'); $f_user_id = gpc_get_int('user_id'); $f_email = trim($f_email); $f_username = trim($f_username); $t_old_username = user_get_field($f_user_id, 'username'); # check that the username is unique if (0 != strcasecmp($t_old_username, $f_username) && false == user_is_name_unique($f_username)) { trigger_error(ERROR_USER_NAME_NOT_UNIQUE, ERROR); } user_ensure_name_valid($f_username); user_ensure_realname_valid($f_realname); user_ensure_realname_unique($f_username, $f_realname); $f_email = email_append_domain($f_email); email_ensure_valid($f_email); $c_email = db_prepare_string($f_email); $c_username = db_prepare_string($f_username); $c_realname = db_prepare_string($f_realname); $c_protected = db_prepare_bool($f_protected); $c_enabled = db_prepare_bool($f_enabled); $c_user_id = db_prepare_int($f_user_id); $c_access_level = db_prepare_int($f_access_level); $t_user_table = config_get('mantis_user_table'); $t_old_protected = user_get_field($f_user_id, 'protected'); # check that we are not downgrading the last administrator $t_old_access = user_get_field($f_user_id, 'access_level'); if (ADMINISTRATOR == $t_old_access && $t_old_access != $f_access_level && 1 >= user_count_level(ADMINISTRATOR)) {
public function put($request) { /** * Updates the user. * * @param $request - The Request we're responding to */ $this->user_id = User::get_mantis_id_from_url($request->url); if (!access_has_global_level(config_get('manage_user_threshold')) && auth_get_current_user_id() != $this->user_id) { throw new HTTPException(403, "Access denied to edit user {$this->user_id}'s info"); } $this->populate_from_repr($request->body); # Do some validation on the inputs (from Mantis's user_create()) $username = db_prepare_string($this->rsrc_data['username']); $realname = db_prepare_string($this->rsrc_data['realname']); $password = db_prepare_string($this->rsrc_data['password']); $email = db_prepare_string($this->rsrc_data['email']); $access_level = db_prepare_int(get_string_to_enum(config_get('access_levels_enum_string'), $this->rsrc_data['access_level'])); $protected = db_prepare_bool($this->rsrc_data['protected']); $enabled = db_prepare_bool($this->rsrc_data['enabled']); user_ensure_name_valid($username); user_ensure_realname_valid($realname); user_ensure_realname_unique($username, $realname); email_ensure_valid($email); # The cookie string is based on email and username, so if either of those changed, # we have to change the cookie string. $user_row = user_get_row($this->user_id); $username_key = array_key_exists('username', $user_row) ? 'username' : 1; $email_key = array_key_exists('email', $user_row) ? 'email' : 3; $cookie_string_key = array_key_exists('cookie_string', $user_row) ? 'cookie_string' : 13; if ($user_row[$username_key] != $username || $user_row[$email_key] != $email) { $seed = $email . $username; $cookie_string = auth_generate_unique_cookie_string($seed); } else { $cookie_string = $user_row[$cookie_string_key]; } $password_hash = auth_process_plain_password($password); $user_table = config_get('mantis_user_table'); $query = "UPDATE {$user_table}\n\t\t\t\tSET username = '******',\n\t\t\t\t realname = '{$realname}',\n\t\t\t\t email = '{$email}',\n\t\t\t\t password = '******',\n\t\t\t\t enabled = {$enabled},\n\t\t\t\t protected = {$protected},\n\t\t\t\t access_level = {$access_level},\n\t\t\t\t cookie_string = '{$cookie_string}'\n\t\t\t\tWHERE id = {$this->user_id};"; db_query($query); $resp = new Response(); $resp->status = 204; return $resp; }