/**
* Sets or resets a user's need to changed his password on his next attempt at logging ing.
*
* Parameters passed via GET:
* --------------------------
* numeric userid The uid of the user for whom a change of password should be forced (or canceled).
*
* Parameters passed via POST:
* ---------------------------
* numeric userid The uid of the user for whom a change of password should be forced (or canceled).
* boolean user_must_change_password True to force the user to change his password at his next log-in attempt, otherwise false.
*
* Parameters passed via SESSION:
* ------------------------------
* None.
*
* @return string The rendered output from either the template for confirmation.
*
* @throws Zikula_Exception_Fatal Thrown if a user id is not specified, is invalid, or does not point to a valid account record,
* or the account record is not in a consistent state.
* @throws Zikula_Exception_Forbidden Thrown if the current user does not have edit access for the account record.
*/
public function toggleForcedPasswordChange()
{
if ($this->request->isGet()) {
$uid = $this->request->query->get('userid', false);
if (!$uid || !is_numeric($uid) || ((int)$uid != $uid)) {
throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs());
}
$userObj = UserUtil::getVars($uid);
if (!isset($userObj) || !$userObj || !is_array($userObj) || empty($userObj)) {
throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs());
}
if (!SecurityUtil::checkPermission('Users::', "{$userObj['uname']}::{$uid}", ACCESS_EDIT)) {
throw new Zikula_Exception_Forbidden();
}
$userMustChangePassword = UserUtil::getVar('_Users_mustChangePassword', $uid, false);
return $this->view->assign('user_obj', $userObj)
->assign('user_must_change_password', $userMustChangePassword)
->fetch('users_admin_toggleforcedpasswordchange.tpl');
} elseif ($this->request->isPost()) {
$this->checkCsrfToken();
$uid = $this->request->request->get('userid', false);
$userMustChangePassword = $this->request->request->get('user_must_change_password', false);
if (!$uid || !is_numeric($uid) || ((int)$uid != $uid)) {
throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs());
}
// Force reload of User object into cache.
$userObj = UserUtil::getVars($uid);
if (!SecurityUtil::checkPermission('Users::', "{$userObj['uname']}::{$uid}", ACCESS_EDIT)) {
throw new Zikula_Exception_Forbidden();
}
if ($userMustChangePassword) {
UserUtil::setVar('_Users_mustChangePassword', $userMustChangePassword, $uid);
} else {
UserUtil::delVar('_Users_mustChangePassword', $uid);
}
// Force reload of User object into cache.
$userObj = UserUtil::getVars($uid, true);
if ($userMustChangePassword) {
if (isset($userObj['__ATTRIBUTES__']) && isset($userObj['__ATTRIBUTES__']['_Users_mustChangePassword'])) {
$this->registerStatus($this->__f('Done! A password change will be required the next time %1$s logs in.', array($userObj['uname'])));
} else {
throw new Zikula_Exception_Fatal();
}
} else {
if (isset($userObj['__ATTRIBUTES__']) && isset($userObj['__ATTRIBUTES__']['_Users_mustChangePassword'])) {
throw new Zikula_Exception_Fatal();
} else {
$this->registerStatus($this->__f('Done! A password change will no longer be required for %1$s.', array($userObj['uname'])));
}
}
$this->redirect(ModUtil::url($this->name, 'admin', 'view'));
} else {
throw new Zikula_Exception_Forbidden();
}
}
/**
* Removes a record from the users_verifychg table for a specified uid and changetype.
*
* Parameters passed in the $args array:
* -------------------------------------
* integer $args['uid'] The uid of the verifychg record to remove. Required.
* integer|array $args['changetype'] The changetype(s) of the verifychg record to remove. If more
* than one type is to be removed, use an array. Optional. If
* not specifed, all verifychg records for the user will be
* removed. Note: specifying an empty array will remove none.
*
* @param array $args All parameters passed to this function.
*
* @return void|bool Null on success, false on error.
*/
public function resetVerifyChgFor($args)
{
if (!isset($args['uid'])) {
$this->registerError(LogUtil::getErrorMsgArgs());
return false;
}
$uid = $args['uid'];
if (!is_numeric($uid) || ((int)$uid != $uid) || ($uid <= 1)) {
$this->registerError(LogUtil::getErrorMsgArgs());
return false;
}
if (!isset($args['changetype'])) {
$changeType = null;
} else {
$changeType = $args['changetype'];
if (!is_array($changeType)) {
$changeType = array($changeType);
} elseif (empty($changeType)) {
return;
}
foreach ($changeType as $theType) {
if (!is_numeric($theType) || ((int)$theType != $theType) || ($theType < 0)) {
$this->registerError(LogUtil::getErrorMsgArgs());
return false;
}
}
}
$dbinfo = DBUtil::getTables();
$verifyChgColumn = $dbinfo['users_verifychg_column'];
$where = "WHERE ({$verifyChgColumn['uid']} = {$uid})";
if (isset($changeType)) {
$where .= " AND ({$verifyChgColumn['changetype']} IN (" . implode(', ', $changeType) . "))";
}
DBUtil::deleteWhere('users_verifychg', $where);
}
/**
* Approves a registration.
*
* If the registration is also verified (or does not need it) then a new users table record
* is created.
*
* Parameters passed in the $args array:
* -------------------------------------
* array $args['reginfo'] An array of registration information containing a valid uid pointing to the registration
* record to be approved; optional; if not set, then $args['uid'] should be set.
* numeric $args['uid'] The uid of the registration record to be set; optional, used only if $args['reginfo'] not set; if not
* set then $args['reginfo'] must be set and have a valid uid.
* boolean $args['force'] Force the approval of the registration record; optional; only effective if the current user
* is an administrator.
*
* @param array $args All parameters passed to this function.
*
* @return bool True on success; otherwise false.
*
* @throws Zikula_Exception_Forbidden Thrown if the user does not have add access.
*/
public function approve($args)
{
if (!SecurityUtil::checkPermission('Users::', '::', ACCESS_ADD)) {
throw new Zikula_Exception_Forbidden();
}
if (isset($args['reginfo'])) {
// Got a full reginfo record
if (!is_array($args['reginfo'])) {
$this->registerError(LogUtil::getErrorMsgArgs());
return false;
}
$reginfo = $args['reginfo'];
if (!$reginfo || !is_array($reginfo) || !isset($reginfo['uid']) || !is_numeric($reginfo['uid'])) {
$this->registerError($this->__('Error! Invalid registration record.'));
return false;
}
} elseif (!isset($args['uid']) || !is_numeric($args['uid']) || ((int)$args['uid'] != $args['uid'])) {
$this->registerError(LogUtil::getErrorMsgArgs());
return false;
} else {
// Got just an id.
$reginfo = ModUtil::apiFunc($this->name, 'registration', 'get', array('uid' => $args['uid']));
if (!$reginfo) {
$this->registerError($this->__f('Error! Unable to retrieve registration record with id \'%1$s\'', $id));
return false;
}
}
$nowUTC = new DateTime(null, new DateTimeZone('UTC'));
$reginfo['approved_by'] = UserUtil::getVar('uid');
UserUtil::setVar('approved_by', $reginfo['approved_by'], $reginfo['uid']);
$reginfo['approved_date'] = $nowUTC->format(Users_Constant::DATETIME_FORMAT);
UserUtil::setVar('approved_date', $reginfo['approved_date'], $reginfo['uid']);
$reginfo = UserUtil::getVars($reginfo['uid'], true, 'uid', true);
if (isset($args['force']) && $args['force']) {
if (!isset($reginfo['email']) || empty($reginfo['email'])) {
$this->registerError($this->__f('Error: Unable to force registration for \'%1$s\' to be verified during approval. No e-mail address.', array($reginfo['uname'])));
return false;
}
$reginfo['isverified'] = true;
ModUtil::apiFunc($this->name, 'user', 'resetVerifyChgFor', array(
'uid' => $reginfo['uid'],
'changetype'=> Users_Constant::VERIFYCHGTYPE_REGEMAIL,
));
}
if ($reginfo['isverified']) {
$reginfo = $this->createUser($reginfo);
}
return $reginfo;
}
/**
* Importa les taules de entitats-gtaf i grups d'entitats a partir d'un csv a la base de dades de Sirius
*
* Esborra el contingut previ de les taules i importa el contingut del fitxer
*
* @return void Retorna a la funció *gtafEntitiesGest* amb els missatges d'execució
*/
public function importGtafEntities() {
if (!SecurityUtil::checkPermission('Cataleg::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
// get input values. Check for direct function call first because calling function might be either get or post
if (isset($args) && is_array($args) && !empty($args)) {
$confirmed = isset($args['confirmed']) ? $args['confirmed'] : false;
$case = isset($args['case']) ? $args['case'] : false;
} elseif (isset($args) && !is_array($args)) {
throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs());
} elseif ($this->request->isGet()) {
$confirmed = 1;
} elseif ($this->request->isPost()) {
$this->checkCsrfToken();
$confirmed = $this->request->request->get('confirmed', false);
$case = $this->request->request->get('case',false);
}
if ($confirmed == 2) {
if ($case == 'entities') {
$caps = array(
'gtafEntityId' => 'gtafEntityId',
'nom' => 'nom',
'tipus' => 'tipus',
'gtafGroupId' => 'gtafGroupId'
);
$caps_man = $caps;
$taula = 'cataleg_gtafEntities';
$mes = "Importació d'entitats-gtaf";
$field_id = 'gtafEntityId';
} else {
$caps = array(
'gtafGroupId' => 'gtafGroupId',
'nom' => 'nom',
'resp_uid' => 'resp_uid'
);
$caps_man = array(
'gtafGroupId' => 'gtafGroupId',
'nom' => 'nom'
);
$taula = 'cataleg_gtafGroups';
$mes = "Importació de grups d'entitats-gtaf";
$field_id = 'gtafGroupId';
}
// get other import values
$importFile = $this->request->files->get('importFile', isset($args['importFile']) ? $args['importFile'] : null);
$fileName = $importFile['name'];
$importResults = '';
if ($fileName == '') {
$importResults = $this->__("No heu triat cap fitxer.");
} elseif (FileUtil::getExtension($fileName) != 'csv') {
$importResults = $this->__("L'extensió del fitxer ha de ser csv.");
} elseif (!$file_handle = fopen($importFile['tmp_name'], 'r')) {
$importResults = $this->__("No s'ha pogut llegir el fitxer csv.");
} else {
while (!feof($file_handle)) {
$line = fgetcsv($file_handle, 1024, ';', '"');
if ($line != '') {
$lines[] = $line;
}
}
fclose($file_handle);
//
foreach ($lines as $line_num => $line) {
if ($line_num != 0) {
if (count($lines[0]) != count($line)) {
$importResults .= $this->__("<div>Hi ha registres amb un número de camps incorrecte.</div>");
} else {
$import[] = array_combine($lines[0], $line);
$import_id[] = $line[0];
}
} else {
$difs = array_diff($line, $caps);
$difs2 = array_diff($caps_man,$line);
if (count($line) != count(array_unique($line))) {
$importResults .= $this->__("<div>La capçalera del csv té columnes repetides.</div>");
} elseif (!in_array($field_id, $line)) {
$importResults .= $this->__("<div>Falta el camp obligatori de la clau primària (id).</div>");
} elseif ($line[0] != $field_id) {
$importResults .= $this->__("<div>El camp obligatori de la clau primària (id) ha d'ocupar el primer lloc.</div>");
} elseif (!empty($difs2)) {
$importResults .= $this->__("<div>Falten camps obligatoris.</div>");
} elseif (!empty($difs)) {
$importResults .= $this->__("div>El csv té camps incorrectes.</div>");
}
}
}
if (count($import_id) != count(array_unique($import_id))) $importResults .= $this->__("<div>El fitxer té alguna id repetida.</div>");
}
if ($importResults == '') {
$old_reg = DBUtil::selectObjectCount($taula);
DBUtil::deleteWhere($taula);
$inserts = count($import);
DBUtil::insertObjectArray($import, $taula);
$this->registerStatus($mes);
$this->registerStatus($this->__('La importació s\'ha realitzat correctament'));
$this->registerStatus($this->__('Registres antics: ' . $old_reg . ' - Registres actuals: ' . $inserts));
return system::redirect(ModUtil::url('Cataleg', 'admin', 'gtafEntitiesGest'));
} else {
$this->view->assign('case',$case);
$post_max_size = ini_get('post_max_size');
return $this->view->assign('importResults', isset($importResults) ? $importResults : '')
->assign('post_max_size', $post_max_size)
->fetch('admin/Cataleg_admin_importGtafEntities.tpl');
}
} elseif ($confirmed == 1){
// shows the form
$case = $this->request->query->get('case',false);
$this->view->assign('case',$case);
$post_max_size = ini_get('post_max_size');
return $this->view->assign('importResults', isset($importResults) ? $importResults : '')
->assign('post_max_size', $post_max_size)
->fetch('admin/Cataleg_admin_importGtafEntities.tpl');
} else {
LogUtil::registerError($this->__('La petició no és vàlida'));
return system::redirect(ModUtil::url('Cataleg', 'admin', 'gtafEntitiesGest'));
}
}
/**
* Display the change password form.
*
* Parameters passed via the $args array:
* --------------------------------------
* boolean login True if in the middle of a log-in attempt and changing the password via a forced password change.
*
* Parameters passed via GET:
* --------------------------
* boolean login True if in the middle of a log-in attempt and changing the password via a forced password change.
*
* Parameters passed via POST:
* ---------------------------
* boolean login True if in the middle of a log-in attempt and changing the password via a forced password change.
*
* Parameters passed via SESSION:
* ------------------------------
* Namespace: Zikula_Users
* Variable: Users_Controller_User_changePassword
* Type: array
* Contents: An array containing the information saved from the log-in attempt in order to re-enter it, including:
* 'authentication_method', an array containing the selected authentication module name and method name,
* 'authentication_info', an array containing the authentication information entered by the user,
* 'user_obj', a user record containing the user information found during the log-in attempt,
* 'password_errors', errors that have occurred during a previous pass through this function.
*
* @return string The rendered template.
*/
public function changePassword($args)
{
// Retrieve and delete any session variables being sent in before we give the function a chance to
// throw an exception. We need to make sure no sensitive data is left dangling in the session variables.
$sessionVars = $this->request->getSession()->get('Users_Controller_User_changePassword', null, 'Zikula_Users');
$this->request->getSession()->del('Users_Controller_User_changePassword', 'Zikula_Users');
// The check for $args must be first, because isPost() and isGet() will be set for the function that called this one
if (isset($args) && !empty($args) && is_array($args)) {
// Arrived via function call
if (!isset($args['login'])) {
$args['login'] = false;
}
} elseif (isset($args) && !is_array($args)) {
// Arrived via function call with bad $args
throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs());
} elseif ($this->request->isPost()) {
// Arrived from a form post
$args['login'] = $this->request->request->get('login', false);
} elseif ($this->request->isGet()) {
// Arrived from a simple URL
$args['login'] = $this->request->query->get('login', false);
}
// In order to change one's password, the user either must be logged in already, or specifically
// must be coming from the login process. This is an exclusive-or. It is an error if neither is set,
// and likewise if both are set. One or the other, please!
if (!$args['login'] && !UserUtil::isLoggedIn()) {
throw new Zikula_Exception_Forbidden();
} elseif ($args['login'] && UserUtil::isLoggedIn()) {
throw new Zikula_Exception_Fatal();
}
// If we are coming here from the login process, then there are certain things that must have been
// send along in the session variable. If not, then error.
if ($args['login'] && (!isset($sessionVars['user_obj']) || !is_array($sessionVars['user_obj'])
|| !isset($sessionVars['authentication_info']) || !is_array($sessionVars['authentication_info'])
|| !isset($sessionVars['authentication_method']) || !is_array($sessionVars['authentication_method']))
) {
throw new Zikula_Exception_Fatal();
}
if ($this->getVar('changepassword', 1) != 1) {
$this->redirect(ModUtil::url($this->name, 'user', 'main'));
}
$passwordErrors = array();
if (isset($sessionVars['password_errors'])) {
if (!empty($sessionVars['password_errors'])) {
$passwordErrors = $sessionVars['password_errors'];
}
unset($sessionVars['password_errors']);
}
if ($args['login']) {
// Pass along the session vars to updatePassword. We didn't want to just keep them in the session variable
// /Users_Controller_User_changePassword because if we hit an exception or got redirected, then the data
// would have been orphaned, and it contains some sensitive information.
SessionUtil::requireSession();
$this->request->getSession()->set('Users_Controller_User_updatePassword', $sessionVars, 'Zikula_Users');
}
// Return the output that has been generated by this function
return $this->view->assign('password_errors', $passwordErrors)
->assign('login', (bool)$args['login'])
->assign('user_obj', ($args['login'] ? $sessionVars['user_obj'] : null))
->assign('authentication_method', ($args['login'] ? $sessionVars['authentication_method'] : null))
->fetch('users_user_changepassword.tpl');
}
/**
* Create a log of an action
*
* Parameters passed in the $args array:
* -------------------------------------
*
* string $args['actionText'] Text for the log
* integer $args['visible'] Visibility for users // 1 - all users / 0 - only administrators (optional - default 1)
* string $args['moduleName'] Name of the module that has generated the log (optional)
* integer $args['actionType'] Type of action logged // 1 - insert / 2 - update / 3 - Delete / 4 - select (optinal)
*
* @param array $args All parameters passed to this function.
*
* @return integer identity of the log created, or false on failure.
*
* @throws Zikula_Exception_Fatal Thrown if invalid parameters are received in $args, or if the data cannot be loaded from the database.
*
* @throws Zikula_Exception_Forbidden Thrown if the current user does not have overview access.
*/
public function saveLog($args) {
if (!ModUtil::func('IWmain', 'user', 'checkSecurityValue', array('sv' => $args['sv']))) {
throw new Zikula_Exception_Forbidden("You are not allowed to access to some information.");
}
if (!isset($args['actionText']) || $args['actionText'] == '') {
throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs());
}
$visible = (!isset($args['visible'])) ? 1 : $args['visible'];
$error = (!isset($args['error'])) ? 0 : $args['error'];
$ip = '';
if (!empty($_SERVER['REMOTE_ADDR'])) {
$ip = ModUtil::apiFunc('IWmain', 'user', 'cleanremoteaddr', array('originaladdr' => $_SERVER['REMOTE_ADDR']));
}
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = ModUtil::apiFunc('IWmain', 'user', 'cleanremoteaddr', array('originaladdr' => $_SERVER['HTTP_X_FORWARDED_FOR']));
}
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = ModUtil::apiFunc('IWmain', 'user', 'cleanremoteaddr', array('originaladdr' => $_SERVER['HTTP_CLIENT_IP']));
}
$item = array('moduleName' => $args['moduleName'],
'actionType' => $args['actionType'],
'visible' => $visible,
'actionText' => $args['actionText'],
'logIp' => $ip,
'indexName' => $args['indexName'],
'indexValue' => $args['indexValue'],
'indexName1' => $args['indexName1'],
'indexValue1' => $args['indexValue1'],
'error' => $error,
);
if (!DBUtil::insertObject($item, 'IWmain_logs', 'logId')) {
throw new Zikula_Exception_Fatal(LogUtil::getErrorMsgArgs());
}
// Return the id of the newly created item to the calling process
return $item['logId'];
}
