$new_pwd1 = db_escape(trim(dPgetCleanParam($_POST, 'new_pwd1', null))); $new_pwd2 = db_escape(trim(dPgetCleanParam($_POST, 'new_pwd2', null))); // has the change form been posted if ($new_pwd1 && $new_pwd2 && $new_pwd1 == $new_pwd2) { // check that the old password matches $old_md5 = md5($old_pwd); $q = new DBQuery(); $q->addQuery('user_id'); $q->addTable('users'); $q->addWhere("user_password='******' AND user_id={$user_id}"); if ($AppUI->user_type == 1 || $q->loadResult() == $user_id) { require_once $AppUI->getModuleClass('admin'); $user = new CUser(); $user->user_id = $user_id; $user->user_password = $new_pwd1; if ($msg = $user->store()) { $AppUI->setMsg($msg, UI_MSG_ERROR); } else { echo $AppUI->_('chgpwUpdated'); } } else { echo $AppUI->_('chgpwWrongPW'); } } else { ?> <script language="javascript"> function submitIt() { var f = document.frmEdit; var msg = ''; if (f.new_pwd1.value.length < <?php
public function createsqluser($username, $password, $ldap_attribs = array()) { global $AppUI; $hash_pass = MD5($password); if (!count($ldap_attribs) == 0) { // Contact information based on the inetOrgPerson class schema $c = new CContact(); $c->contact_first_name = $ldap_attribs['givenname'][0]; $c->contact_last_name = $ldap_attribs['sn'][0]; $c->contact_city = $ldap_attribs['l'][0]; $c->contact_country = $ldap_attribs['country'][0]; $c->contact_state = $ldap_attribs['st'][0]; $c->contact_zip = $ldap_attribs['postalcode'][0]; $c->contact_job = $ldap_attribs['title'][0]; $c->contact_email = $ldap_attribs['mail'][0]; $c->contact_phone = $ldap_attribs['telephonenumber'][0]; $c->contact_owner = $AppUI->user_id; $c->store(); $contactArray = array('phone_mobile' => $ldap_attribs['mobile'][0]); $c->setContactMethods($contactArray); } $contact_id = $c->contact_id == null ? 'NULL' : $c->contact_id; $u = new CUser(); $u->user_username = $username; $u->user_password = $hash_pass; $u->user_type = 0; // Changed from 1 (administrator) to 0 (Default user) $u->user_contact = (int) $contact_id; $u->store(); $user_id = $u->user_id; $this->user_id = $user_id; $acl =& $AppUI->acl(); $acl->insertUserRole($acl->get_group_id('anon'), $this->user_id); }
$userEx = TRUE; } } //pull a list of existing usernames $sql = "SELECT user_username FROM users"; $q = new DBQuery(); $q->addTable('users', 'u'); $q->addQuery('user_username'); $users = $q->loadList(); // Iterate the above userNameExistenceCheck for each user foreach ($users as $usrs) { $usrLst = array_map("userExistence", $usrs); } // If userName already exists quit with error and do nothing if ($userEx == TRUE) { $AppUI->setMsg("already exists. Try another username.", UI_MSG_ERROR, true); $AppUI->redirect(); } $contact->contact_owner = $AppUI->user_id; } if ($msg = $contact->store()) { $AppUI->setMsg($msg, UI_MSG_ERROR); } else { $obj->user_contact = $contact->contact_id; if ($msg = $obj->store()) { $AppUI->setMsg($msg, UI_MSG_ERROR); } else { $AppUI->setMsg($isNewUser ? 'added - please setup roles and permissions now. User must have at least one role to log in.' : 'updated', UI_MSG_OK, true); } } $isNewUser ? $AppUI->redirect("m=admin&a=viewuser&user_id=" . $obj->user_id . "&tab=3") : $AppUI->redirect();
// !User's contact information not deleted - left for history. if ($del) { $result = $obj->delete(); $message = $result ? 'User deleted' : $obj->getError(); $redirect = $result ? 'm=users' : ACCESS_DENIED; $status = $result ? UI_MSG_ALERT : UI_MSG_ERROR; $AppUI->setMsg($message, $status); $AppUI->redirect($redirect); } $contact->contact_owner = $contact->contact_owner ? $contact->contact_owner : $AppUI->user_id; $contactArray = $contact->getContactMethods(); $result = $contact->store(); if ($result) { $contact->setContactMethods($contactArray); $obj->user_contact = $contact->contact_id; if ($obj->store()) { if ($isNewUser && w2PgetParam($_POST, 'send_user_mail', 0)) { notifyNewUserCredentials($contact->contact_email, $contact->contact_first_name, $obj->user_username, $_POST['user_password']); } if (isset($_REQUEST['user_role']) && $_REQUEST['user_role']) { $perms =& $AppUI->acl(); if ($perms->insertUserRole($_REQUEST['user_role'], $obj->user_id)) { $AppUI->setMsg('', UI_MSG_ALERT, true); } else { $AppUI->setMsg('failed to add role', UI_MSG_ERROR); } } $AppUI->setMsg($isNewUser ? 'User added' : 'User updated', UI_MSG_OK, true); $redirect = 'm=users&a=view&user_id=' . $obj->user_id . '&tab=2'; } else { $AppUI->setMsg($obj->getError(), UI_MSG_ERROR);
// !User's contact information not deleted - left for history. if ($del) { $result = $obj->delete($AppUI); $message = $result ? 'User deleted' : $obj->getError(); $path = $result ? 'm=admin' : 'm=public&a=access_denied'; $status = $result ? UI_MSG_ALERT : UI_MSG_ERROR; $AppUI->setMsg($message, $status); $AppUI->redirect($path); } $contact->contact_owner = $contact->contact_owner ? $contact->contact_owner : $AppUI->user_id; $contactArray = $contact->getContactMethods(); $result = $contact->store($AppUI); if ($result) { $contact->setContactMethods($contactArray); $obj->user_contact = $contact->contact_id; if ($obj->store($AppUI)) { if ($isNewUser && w2PgetParam($_POST, 'send_user_mail', 0)) { notifyNewUserCredentials($contact->contact_email, $contact->contact_first_name, $obj->user_username, $_POST['user_password']); } if (isset($_REQUEST['user_role']) && $_REQUEST['user_role']) { $perms =& $AppUI->acl(); if ($perms->insertUserRole($_REQUEST['user_role'], $obj->user_id)) { $AppUI->setMsg('', UI_MSG_ALERT, true); } else { $AppUI->setMsg('failed to add role', UI_MSG_ERROR); } } $AppUI->setMsg($isNewUser ? 'User added' : 'User updated', UI_MSG_OK, true); $path = 'm=admin&a=viewuser&user_id=' . $obj->user_id . '&tab=2'; } else { $AppUI->setMsg($obj->getError(), UI_MSG_ERROR);
/** * Check wether login/password is found * Handle password attempts count * * @param CUser $user User whose password attempt to check * * @return bool True is attempt is successful */ static function checkPasswordAttempt(CUser $user) { $sibling = new CUser(); $sibling->user_username = $user->user_username; $sibling->loadMatchingObject(); $sibling->loadRefMediuser(); $mediuser = $sibling->_ref_mediuser; if ($mediuser && $mediuser->_id) { if (!$mediuser->actif) { self::setMsg("Auth-failed-user-deactivated", UI_MSG_ERROR); return false; } $today = CMbDT::date(); $deb = $mediuser->deb_activite; $fin = $mediuser->fin_activite; // Check if the user is in his activity period if ($deb && $deb > $today || $fin && $fin <= $today) { self::setMsg("Auth-failed-user-deactivated", UI_MSG_ERROR); return false; } } if ($sibling->_login_locked) { self::setMsg("Auth-failed-user-locked", UI_MSG_ERROR); return false; } // Wrong login and/or password if (!$user->_id) { self::setMsg("Auth-failed-combination", UI_MSG_ERROR); // If the user exists, but has given a wrong password let's increment his error count if ($user->loginErrorsReady() && $sibling->_id) { $sibling->user_login_errors++; $sibling->store(); $remainingAttempts = max(0, self::conf("admin CUser max_login_attempts") - $sibling->user_login_errors); self::setMsg("Auth-failed-tried", UI_MSG_ERROR, $sibling->user_login_errors, $remainingAttempts); } return false; } return true; }
if (!$contact->bind($_POST)) { $AppUI->setMsg($contact->getError(), UI_MSG_ERROR); $AppUI->redirect(); } // prepare (and translate) the module name ready for the suffix $AppUI->setMsg('User'); $isNewUser = !w2PgetParam($_REQUEST, 'user_id', 0); if ($isNewUser) { // check if a user with the param Username already exists if (is_array($contactListByUsername)) { $AppUI->setMsg('This username is not available, please try another.', UI_MSG_ERROR, true); $AppUI->redirect(); } else { $contact->contact_owner = $AppUI->user_id; } } $result = $contact->store(); if ($result) { $user->user_contact = $contact->contact_id; if ($msg = $user->store(null, true)) { $AppUI->setMsg($msg, UI_MSG_ERROR); } else { if ($isNewUser) { notifyNewExternalUser($contact->contact_email, $contact->contact_first_name, $user->user_username, $_POST['user_password']); } notifyHR(w2PgetConfig('admin_email', '*****@*****.**'), 'w2P System Human Resources', $contact->contact_email, $contact->contact_first_name, $user->user_username, $_POST['user_password'], $user->user_id); } } else { $AppUI->setMsg($msg, UI_MSG_ERROR); } echo "<script language='javascript'>\n\t alert('The User Administrator has been notified to grant you access to the system and an email message was sent to you with your login info. Thank you very much.');\n\t history.go(-2);\n </script>";
public function createsqluser($username, $password, $email, $first, $last) { $hash_pass = $this->hashPassword($password); $c = new CContact(); $c->contact_first_name = $first; $c->contact_last_name = $last; $c->contact_email = $email; $c->store(); $u = new CUser(); $u->user_username = $username; $u->user_password = $hash_pass; $u->user_type = 0; // Changed from 1 (administrator) to 0 (Default user) $u->user_contact = (int) $c->contact_id; $u->store(null, true); $user_id = $u->user_id; $this->user_id = $user_id; $acl =& $this->AppUI->acl(); $acl->insertUserRole($acl->get_group_id('anon'), $this->user_id); }
$user_id = $AppUI->user_id; } // check for a non-zero user id if ($user_id) { $old_pwd = db_escape(trim(w2PgetParam($_POST, 'old_pwd', null))); $new_pwd1 = db_escape(trim(w2PgetParam($_POST, 'new_pwd1', null))); $new_pwd2 = db_escape(trim(w2PgetParam($_POST, 'new_pwd2', null))); $perms =& $AppUI->acl(); $canAdminEdit = canEdit('system'); // has the change form been posted if ($new_pwd1 && $new_pwd2 && $new_pwd1 == $new_pwd2) { $user = new CUser(); if ($canAdminEdit || $user->validatePassword($user_id, $old_pwd)) { $user->load($user_id); $user->user_password = $new_pwd1; $result = $user->store(); if ($result) { ?> <script language="javascript" type="text/javascript"> window.onload = function() { window.close(); } </script> <?php } else { echo '<h1>' . $AppUI->_('Change User Password') . '</h1>'; echo $AppUI->getTheme()->styleRenderBoxTop(); echo '<table class="std"><tr><td>' . $AppUI->_('chgpwUpdated') . '</td></tr></table>'; } } else { echo '<h1>' . $AppUI->_('Change User Password') . '</h1>';
/** * @see parent::updatePlainFields() */ function updatePlainFields() { parent::updatePlainFields(); // To prevent from recalculate new salt and re-hash password if ($this->_merging) { return; } $this->user_password = null; // If no raw password or already hashed, nothing to do if (!$this->_user_password || preg_match('/^[0-9a-f]{32}$/i', $this->_user_password)) { return; } // If the new password hashing system is not ready yet if (!$this->loginSaltReady()) { CValue::setSessionAbs("_pass_deferred", $this->_user_password); $this->user_password = md5($this->_user_password); return; } // If user is logging, get the salt value in table if (!$this->_is_logging || $this->_is_changing) { $this->generateUserSalt(); return; } // If user is trying to log in, we have to compare hashes with corresponding user in table $where = array("user_username" => " = '{$this->user_username}'"); $_user = new CUser(); $_user->loadObject($where); // If user exists, we compare hashes if ($_user->_id) { // Password is a SHA256 hash, we get user's salt if ($this->_user_password && strlen($_user->user_password) == 64) { $this->user_password = hash("SHA256", $_user->user_salt . $this->_user_password); return; } // Password is an old MD5 hash, we have to update if ($_user->user_password == md5($this->_user_password)) { $this->generateUserSalt(); $_user->_user_password = $this->_user_password; $_user->_user_salt = $this->user_salt; $_user->store(); } else { // Won't load anything $this->user_password = "******"; } } }
if ($setup->mod_version == $module->mod_version) { CAppUI::setMsg("Installation de '%s' à la version %s", UI_MSG_OK, $module->mod_name, $setup->mod_version); } else { CAppUI::setMsg("Installation de '%s' à la version %s sur %s", UI_MSG_WARNING, $module->mod_name, $module->mod_version, $setup->mod_version); } } else { CAppUI::setMsg("Module '%s' non mis à jour", UI_MSG_WARNING, $module->mod_name); } CModule::loadModules(false); // To force dependency re-evaluation } if (isset($_SESSION["_pass_deferred"]) && CAppUI::$instance->user_id == 1) { $user = new CUser(); $user->load(1); $user->_user_password = $_SESSION["_pass_deferred"]; $user->store(); unset($_SESSION["_pass_deferred"]); } // In case the setup has added some user prefs CAppUI::buildPrefs(); error_reporting($old_er); CAppUI::redirect(); } $module = new CModule(); if ($mod_id) { $module->load($mod_id); $module->checkModuleFiles(); } else { $module->mod_version = "all"; $module->mod_name = $mod_name; }
public function createsqluser($username, $password, $ldap_attribs = array()) { $hash_pass = $this->hashPassword($password); $u = new CUser(); $u->user_username = $username; $u->user_password = $hash_pass; $u->user_type = 0; // Changed from 1 (administrator) to 0 (Default user) $u->user_contact = 0; $result = $u->store(null, true); $user_id = $u->user_id; $this->user_id = $user_id; $c = new CContact(); if (count($ldap_attribs)) { // Contact information based on the inetOrgPerson class schema $c->contact_first_name = $ldap_attribs['givenname'][0]; $c->contact_last_name = $ldap_attribs['sn'][0]; $c->contact_city = $ldap_attribs['l'][0]; $c->contact_country = $ldap_attribs['country'][0]; $c->contact_state = $ldap_attribs['st'][0]; $c->contact_zip = $ldap_attribs['postalcode'][0]; $c->contact_job = $ldap_attribs['title'][0]; $c->contact_email = $ldap_attribs['mail'][0]; $c->contact_phone = $ldap_attribs['telephonenumber'][0]; $c->contact_owner = $this->user_id; $result = $c->store(); $contactArray = array('phone_mobile' => $ldap_attribs['mobile'][0]); $c->setContactMethods($contactArray); } //we may be able to use the above user element for this but I didnt know how it would handle an update after the store command so I created a new object. $tmpUser = new CUser(); $tmpUser->load($user_id); $tmpUser->user_contact = $this->contactId($user_id); $tmpUser->store(); $acl =& $this->AppUI->acl(); $acl->insertUserRole($acl->get_group_id('normal'), $this->user_id); }