/**
* Authenticate User
*
* Controller for the Authenticate module.
*
* @author Goran Halusa <*****@*****.**>
* @since 0.1.0
*/
function authenticate_user()
{
$app = \Slim\Slim::getInstance();
$final_global_template_vars = $app->config('final_global_template_vars');
require_once $_SERVER["PATH_TO_VENDOR"] . "wixel/gump/gump.class.php";
require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/authenticate.class.php";
$db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]);
$db_resource = $db_conn->get_resource();
$authenticate = new \PHPSkeleton\Authenticate($db_resource, $final_global_template_vars["session_key"]);
$gump = new GUMP();
$rules = array("user_account_email" => "valid_email", "password" => "min_len,6");
$validated = $gump->validate($app->request()->post(), $rules);
if ($validated === true) {
$validated = array(array("field" => "user_account_email", "value" => "", "rule" => ""));
// Query the database for the user_account_email and password.
try {
$local_validated = $authenticate->authenticate_local($app->request()->post('user_account_email'), $app->request()->post('password'));
} catch (Exception $e) {
$local_validated = false;
}
if ($local_validated) {
$validated = true;
session_regenerate_id();
foreach ($final_global_template_vars["auth_session_keys"] as $single_key) {
$_SESSION[$final_global_template_vars["session_key"]][$single_key] = $local_validated[$single_key];
}
// Log the successful login attempt.
$authenticate->log_login_attempt($local_validated["user_account_email"], "succeeded");
}
}
if ($validated === true) {
// The show_login_form.php redirects to the redirect cookie key instead of doing it here.
} else {
// Log the failed login attempt.
$authenticate->log_login_attempt($app->request()->post("user_account_email"), "failed");
$env = $app->environment();
$env["default_validation_errors"] = $validated;
}
}
/**
* Form
*
* Controller for the Web App Installer module.
*
* @author Goran Halusa <*****@*****.**>
* @since 0.1.0
*/
function form()
{
$app = \Slim\Slim::getInstance();
$env = $app->environment();
$final_global_template_vars = $app->config('final_global_template_vars');
// Redirect to the installer if database variables aren't present, and if we aren't already there.
if (isset($final_global_template_vars["db_connection"]["name"]) && isset($final_global_template_vars["db_connection"]["host"]) && isset($final_global_template_vars["db_connection"]["user"]) && isset($final_global_template_vars["db_connection"]["password"]) && $_SERVER["REQUEST_URI"] == "/webapp_installer/") {
header("Location: " . $final_global_template_vars["login_url"] . "/");
exit;
}
require_once $_SERVER["PATH_TO_VENDOR"] . "wixel/gump/gump.class.php";
$gump = new GUMP();
$data = $posted_data = $app->request()->post() ? $app->request()->post() : false;
// GUMP validation rules
$rules = array("user_account_email" => "required", "user_account_password" => "required", "first_name" => "required", "last_name" => "required", "application_name" => "required", "session_key" => "required", "cname" => "required", "database_host" => "required", "database_name" => "required", "database_username" => "required", "database_password" => "required");
// Validation using GUMP
if ($posted_data) {
$validated = array();
$errors = array();
$validated = $gump->validate($posted_data, $rules);
if ($validated !== true) {
$errors = \phpskeleton\models\utility::gump_parse_errors($validated);
}
if ($errors) {
$env = $app->environment();
$env["default_validation_errors"] = $errors;
}
}
$default_validation_errors = isset($env["default_validation_errors"]) ? $env["default_validation_errors"] : false;
// If there are no errors, begin the second round of checks
if (!$default_validation_errors && $posted_data) {
// Check to see if the database user exists
$link = @mysqli_connect($posted_data['database_host'], $posted_data['database_username'], $posted_data['database_password']);
if (!$link) {
// die('Could not connect to the database. Please check your parameters.');
$app->flash('message', 'Could not connect to the database. Please check your parameters.');
$app->redirect($final_global_template_vars["path_to_this_module"]);
}
// Next, check to see if the database exists by making $posted_data['database_name'] the current db
$db_selected = mysqli_select_db($link, $posted_data['database_name']);
if (!$db_selected) {
// die('Cannot use the "'.$posted_data['database_name'].'" database. Does it exist?');
$app->flash('message', 'Cannot use the "' . $posted_data['database_name'] . '" database. Does it exist?');
$app->redirect($final_global_template_vars["path_to_this_module"]);
}
// If there are no MYSQL errors, overwrite the default_global_settings.php file
$file_name = "default_global_settings.php";
$original_file = file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name);
$parsed = str_replace('#~site_name~#', '"site_name" => "' . $posted_data['application_name'] . '",', $original_file);
$parsed = str_replace('#~session_key~#', ',"session_key" => "' . $posted_data['session_key'] . '"', $parsed);
$parsed = str_replace('#~name~#', '"name" => ($_SERVER["IS_DEV"] == "true") ? "' . $posted_data['database_name'] . '" : "' . $posted_data['database_name'] . '"', $parsed);
$parsed = str_replace('#~host~#', ',"host" => "' . $posted_data['database_host'] . '"', $parsed);
$parsed = str_replace('#~user~#', ',"user" => "' . $posted_data['database_username'] . '"', $parsed);
$parsed = str_replace('#~password~#', ',"password" => "' . $posted_data['database_password'] . '",', $parsed);
$parsed = str_replace('#~admin_emails~#', ',"admin_emails" => "' . $posted_data['user_account_email'] . '",', $parsed);
unlink($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name);
$file_handle = fopen($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name, 'w') or die("can't open file");
fwrite($file_handle, $parsed);
fclose($file_handle);
chmod($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name, 0664);
// Overwrite the .htaccess file
$file_name = ".htaccess";
$original_file = file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name);
$parsed = str_replace('"^([^\\.]*)\\.com$"', $posted_data['cname'], $original_file);
unlink($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name);
$file_handle = fopen($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name, 'w') or die("can't open file");
fwrite($file_handle, $parsed);
fclose($file_handle);
chmod($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name, 0664);
// Build the database tables
$db_vars = array("name" => $posted_data['database_name'], "host" => $posted_data['database_host'], "user" => $posted_data['database_username'], "password" => $posted_data['database_password']);
$db_conn = new \PHPSkeleton\models\db($db_vars);
$db = $db_conn->get_resource();
require_once $final_global_template_vars["default_module_list"]["authenticate"]["absolute_path_to_this_module"] . "/models/authenticate.class.php";
$authenticate = new \PHPSkeleton\Authenticate($db, $final_global_template_vars["session_key"]);
$statement = $db->prepare("CREATE TABLE `user_account` (\n `user_account_id` int(10) NOT NULL AUTO_INCREMENT,\n `user_account_email` varchar(255) NOT NULL,\n `user_account_password` varchar(255) NOT NULL,\n `first_name` varchar(255) NOT NULL,\n `last_name` varchar(255) NOT NULL,\n `acceptable_use_policy` int(1) DEFAULT NULL,\n `active` int(1) NOT NULL DEFAULT '0',\n `emailed_hash` varchar(255) DEFAULT NULL,\n `created_date` datetime DEFAULT NULL,\n `modified_date` datetime DEFAULT NULL,\n PRIMARY KEY (`user_account_id`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table stores user accounts'");
$statement->execute();
$error = $db->errorInfo();
if ($error[0] != "00000") {
var_dump($db->errorInfo());
die('CREATE TABLE `user_account` failed.');
}
// INSERT this user into the user_account table
$statement = $db->prepare("INSERT INTO user_account\n (user_account_email, user_account_password, first_name, last_name, acceptable_use_policy, created_date, active)\n VALUES ( :user_account_email, :user_account_password, :first_name, :last_name, 1, NOW(), 1 )");
$statement->bindValue(":user_account_email", $posted_data['user_account_email'], PDO::PARAM_STR);
$statement->bindValue(":user_account_password", $authenticate->generate_hashed_password($posted_data['user_account_password']), PDO::PARAM_STR);
$statement->bindValue(":first_name", $posted_data['first_name'], PDO::PARAM_STR);
$statement->bindValue(":last_name", $posted_data['last_name'], PDO::PARAM_STR);
$statement->execute();
$error = $db->errorInfo();
if ($error[0] != "00000") {
var_dump($db->errorInfo());
die('The INSERT INTO user_account failed.');
}
$last_inserted_user_account_id = $db->lastInsertId();
$statement = $db->prepare("CREATE TABLE `user_account_addresses` (\n `user_account_addresses_id` int(11) NOT NULL AUTO_INCREMENT,\n `user_account_id` int(11) NOT NULL,\n `address_label` varchar(100) NOT NULL DEFAULT '',\n `address_1` varchar(50) DEFAULT NULL,\n `address_2` varchar(50) DEFAULT NULL,\n `city` varchar(50) NOT NULL DEFAULT '',\n `state` char(2) NOT NULL DEFAULT '',\n `zip` varchar(10) NOT NULL,\n `date_created` datetime NOT NULL,\n `created_by_user_account_id` int(11) NOT NULL,\n `last_modified` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00' ON UPDATE CURRENT_TIMESTAMP,\n `last_modified_user_account_id` int(11) NOT NULL,\n `primary` tinyint(1) NOT NULL DEFAULT '0',\n `active` tinyint(1) NOT NULL DEFAULT '1',\n PRIMARY KEY (`user_account_addresses_id`),\n KEY `created_by_user_account_id` (`created_by_user_account_id`),\n KEY `last_modified_user_account_id` (`last_modified_user_account_id`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table stores user account addresses'");
$statement->execute();
$error = $db->errorInfo();
if ($error[0] != "00000") {
var_dump($db->errorInfo());
die('CREATE TABLE `user_account_addresses` failed.');
}
$statement = $db->prepare("CREATE TABLE `group` (\n `group_id` int(11) NOT NULL AUTO_INCREMENT,\n `name` varchar(100) NOT NULL DEFAULT '',\n `abbreviation` varchar(10) NOT NULL DEFAULT '',\n `description` mediumtext NOT NULL,\n `address_1` varchar(50) DEFAULT NULL,\n `address_2` varchar(50) DEFAULT NULL,\n `city` varchar(50) NOT NULL DEFAULT '',\n `state` char(2) NOT NULL DEFAULT '',\n `zip` varchar(10) NOT NULL,\n `date_created` datetime NOT NULL,\n `created_by_user_account_id` int(11) NOT NULL,\n `last_modified` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00' ON UPDATE CURRENT_TIMESTAMP,\n `last_modified_user_account_id` int(11) NOT NULL,\n `active` tinyint(1) NOT NULL DEFAULT '1',\n PRIMARY KEY (`group_id`),\n KEY `created_by_user_account_id` (`created_by_user_account_id`),\n KEY `last_modified_user_account_id` (`last_modified_user_account_id`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table stores groups for user accounts'");
$statement->execute();
$error = $db->errorInfo();
if ($error[0] != "00000") {
var_dump($db->errorInfo());
die('CREATE TABLE `group` failed.');
}
$statement = $db->prepare("INSERT INTO `group` (\n `group_id`\n ,`name`\n ,`abbreviation`\n ,`description`\n ,`address_1`\n ,`address_2`\n ,`city`\n ,`state`\n ,`zip`\n ,`date_created`\n ,`created_by_user_account_id`\n ,`last_modified`\n ,`last_modified_user_account_id`\n ,`active`\n )\n VALUES (1\n ,'Global Group'\n ,'GLOBAL'\n ,'Global Web App Group'\n ,'ADDRESS PLACEHOLDER'\n ,''\n ,'CITY PLACEHOLDER'\n ,'STATE PLACEHOLDER'\n ,'12345'\n ,NOW()\n ,:user_account_id\n ,NOW()\n ,:user_account_id\n ,1)\n ");
$statement->bindValue(":user_account_id", $last_inserted_user_account_id, PDO::PARAM_INT);
$statement->execute();
$error = $db->errorInfo();
if ($error[0] != "00000") {
var_dump($db->errorInfo());
die('The INSERT INTO `group` failed.');
}
$statement = $db->prepare("CREATE TABLE `group_closure_table` (\n `ancestor` int(10) NOT NULL DEFAULT '0',\n `descendant` int(10) NOT NULL DEFAULT '0',\n `pathlength` int(10) NOT NULL DEFAULT '0',\n PRIMARY KEY (`ancestor`,`descendant`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table was from the guidance of Mr. Bill Karwin'");
$statement->execute();
$error = $db->errorInfo();
if ($error[0] != "00000") {
var_dump($db->errorInfo());
die('The CREATE TABLE `group_closure_table` failed.');
}
$statement = $db->prepare("INSERT INTO `group_closure_table` (\n `ancestor`\n ,`descendant`\n ,`pathlength`\n )\n VALUES (1,1,0)\n ");
$statement->execute();
$error = $db->errorInfo();
if ($error[0] != "00000") {
var_dump($db->errorInfo());
die('The INSERT INTO `group_closure_table` failed.');
}
$statement = $db->prepare("CREATE TABLE `user_account_groups` (\n `role_id` int(10) NOT NULL DEFAULT '0',\n `user_account_id` int(10) NOT NULL DEFAULT '0',\n `group_id` int(10) NOT NULL DEFAULT '0',\n `user_account_groups_id` int(10) NOT NULL AUTO_INCREMENT,\n PRIMARY KEY (`user_account_groups_id`),\n KEY `role_id` (`role_id`),\n KEY `user_account_id` (`user_account_id`),\n KEY `group_id` (`group_id`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table stores user account groups'");
$statement->execute();
$error = $db->errorInfo();
if ($error[0] != "00000") {
var_dump($db->errorInfo());
die('CREATE TABLE `user_account_groups` failed.');
}
$statement = $db->prepare("CREATE TABLE `user_account_proxy` (\n `user_account_groups_id` int(10) NOT NULL DEFAULT '0',\n `proxy_user_account_id` int(10) NOT NULL DEFAULT '0',\n PRIMARY KEY (`user_account_groups_id`,`proxy_user_account_id`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table stores user account proxy users'");
$statement->execute();
$error = $db->errorInfo();
if ($error[0] != "00000") {
var_dump($db->errorInfo());
die('CREATE TABLE `user_account_proxy` failed.');
}
$statement = $db->prepare("CREATE TABLE `user_account_roles` (\n `role_id` int(10) NOT NULL AUTO_INCREMENT,\n `label` varchar(50) DEFAULT NULL,\n PRIMARY KEY (`role_id`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table stores user account roles'");
$statement->execute();
$error = $db->errorInfo();
if ($error[0] != "00000") {
var_dump($db->errorInfo());
die('CREATE TABLE `user_account_roles` failed.');
}
$statement = $db->prepare("INSERT INTO `user_account_roles` (`role_id`,`label`)\n VALUES\n (1, 'Administrator'),\n (2, 'Author'),\n (3, 'Proxy'),\n (4, 'Editor'),\n (5, 'Manager'),\n (6, 'Universal Administrator')\n ");
$statement->execute();
$error = $db->errorInfo();
if ($error[0] != "00000") {
var_dump($db->errorInfo());
die('The INSERT INTO `user_account_roles` failed.');
}
// INSERT this user into the user_account_groups table with "Universal Administrator" privileges
$statement = $db->prepare("INSERT INTO user_account_groups\n (role_id, user_account_id, group_id)\n VALUES ( 6, :user_account_id, 1 ), ( 1, :user_account_id, 1 )");
$statement->bindValue(":user_account_id", $last_inserted_user_account_id, PDO::PARAM_INT);
$statement->execute();
$error = $db->errorInfo();
if ($error[0] != "00000") {
var_dump($db->errorInfo());
die('The INSERT INTO user_account_groups failed.');
}
$statement = $db->prepare("CREATE TABLE `login_attempt` (\n `login_attempt_id` int(11) NOT NULL AUTO_INCREMENT,\n `user_account_email` varchar(255) NOT NULL,\n `ip_address` varchar(255) NOT NULL DEFAULT '0',\n `result` varchar(255) DEFAULT NULL,\n `page` varchar(255) DEFAULT NULL,\n `created_date` datetime DEFAULT NULL,\n PRIMARY KEY (`login_attempt_id`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table is used to log login attempts'");
$statement->execute();
$error = $db->errorInfo();
if ($error[0] != "00000") {
var_dump($db->errorInfo());
die('The CREATE TABLE `login_attempt` failed.');
}
// Don't return the user account password and the CSRF key value.
unset($data['user_account_password']);
unset($data['csrf_key']);
$data['success_message'] = 'installed';
}
if (!$posted_data) {
$data['cname'] = $_SERVER['SERVER_NAME'];
$data['database_host'] = 'localhost';
}
$app->render('form.php', array("page_title" => "Web Application Installer", "hide_page_header" => true, "path_to_this_module" => $final_global_template_vars["path_to_this_module"], "errors" => $default_validation_errors, "data" => $data));
}
/**
* Insert User Account
*
* Controller for the User Account module.
*
* @author Goran Halusa <*****@*****.**>
* @since 0.1.0
*/
function insert_user_account()
{
$app = \Slim\Slim::getInstance();
$env = $app->environment();
$final_global_template_vars = $app->config('final_global_template_vars');
require_once $_SERVER["PATH_TO_VENDOR"] . "wixel/gump/gump.class.php";
require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/user_account.class.php";
require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/register_account.class.php";
require_once $final_global_template_vars["default_module_list"]["authenticate"]["absolute_path_to_this_module"] . "/models/authenticate.class.php";
require_once $_SERVER["PATH_TO_VENDOR"] . "phpmailer/phpmailer/PHPMailerAutoload.php";
$db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]);
$db_resource = $db_conn->get_resource();
$useraccount = new \PHPSkeleton\UserAccount($db_resource, $final_global_template_vars["session_key"]);
$register_account = new \PHPSkeleton\RegisterAccount($db_resource, $final_global_template_vars["session_key"]);
$authenticate = new \PHPSkeleton\Authenticate($db_resource, $final_global_template_vars["session_key"]);
$gump = new GUMP();
$mail = new PHPMailer();
$errors = false;
$posted_data = $app->request()->post() ? $app->request()->post() : false;
$account_email_exists = $register_account->account_email_exists($posted_data["user_account_email"]);
if ($account_email_exists) {
$app->flash('message', 'It looks like you already have an account. Email address is already in use.');
$app->redirect($final_global_template_vars["path_to_this_module"] . "/register/");
}
// GUMP validation rules
$rules = array("user_account_email" => "required|valid_email", "user_account_password" => "required|max_len,100|min_len,6", "first_name" => "required|alpha_numeric", "last_name" => "required|alpha_numeric");
// Validation using GUMP
if ($posted_data) {
$validated = array();
$errors = array();
$validated = $gump->validate($posted_data, $rules);
if ($validated !== true) {
$errors = \phpskeleton\models\utility::gump_parse_errors($validated);
}
if ($errors) {
$env = $app->environment();
$env["default_validation_errors"] = $errors;
}
}
$default_validation_errors = isset($env["default_validation_errors"]) ? $env["default_validation_errors"] : false;
// If there are no errors, process posted data and email to user
if (!$default_validation_errors && $posted_data) {
$emailed_hash = md5(rand(0, 1000));
// INSERT this user into the user_account table
$statement = $db_resource->prepare("INSERT INTO user_account\n (user_account_email, user_account_password, first_name, last_name, acceptable_use_policy, created_date, active, emailed_hash)\n VALUES ( :user_account_email, :user_account_password, :first_name, :last_name, 1, NOW(), 0, :emailed_hash )");
$statement->bindValue(":user_account_email", $posted_data['user_account_email'], PDO::PARAM_STR);
$statement->bindValue(":user_account_password", $authenticate->generate_hashed_password($posted_data['user_account_password']), PDO::PARAM_STR);
$statement->bindValue(":first_name", $posted_data['first_name'], PDO::PARAM_STR);
$statement->bindValue(":last_name", $posted_data['last_name'], PDO::PARAM_STR);
$statement->bindValue(":emailed_hash", $emailed_hash, PDO::PARAM_STR);
$statement->execute();
$error = $db_resource->errorInfo();
if ($error[0] != "00000") {
die('The INSERT INTO user_account failed.');
}
$last_inserted_user_account_id = $db_resource->lastInsertId();
// INSERT this user into the user_account_groups table with "Author" privileges
$statement = $db_resource->prepare("INSERT INTO user_account_groups\n (role_id, user_account_id, group_id)\n VALUES ( 2, :user_account_id, 1 )");
$statement->bindValue(":user_account_id", $last_inserted_user_account_id, PDO::PARAM_INT);
$statement->execute();
$error = $db_resource->errorInfo();
if ($error[0] != "00000") {
die('The INSERT INTO user_account_groups failed.');
}
// Send emails
// Email setup for user
$to = $posted_data['user_account_email'];
// Send email to our user
$subject = 'Signup | Verification';
// Give the email a subject
$message = '<h2>Hello ' . $posted_data['first_name'] . '!</h2>
<p>Your account has been created, you can login with the following credentials after you have
activated your account by accessing the url below.</p>
<hr>
<p>Username: '******'user_account_email'] . '</p>
<p>Password: (The password you submitted during the registration process.)</p>
<hr>
<p>Please click this link to activate your account:<br />
<a href="http://' . $_SERVER["SERVER_NAME"] . '/user_account/verify/?user_account_email=' . $posted_data['user_account_email'] . '&emailed_hash=' . $emailed_hash . '">http://' . $_SERVER["SERVER_NAME"] . '/user_account/verify/?user_account_email=' . $posted_data['user_account_email'] . '&emailed_hash=' . $emailed_hash . '</a></p>';
// Our message above including the link
// Email setup for Universal Administrators
// First, get all of the "Universal Administrator" email addresses
$admin_emails = array();
$universal_administrator_emails = $useraccount->get_universal_administrator_emails();
// Create a comma-delimited list of email addresses
if (is_array($universal_administrator_emails) && !empty($universal_administrator_emails)) {
foreach ($universal_administrator_emails as $email) {
array_push($admin_emails, $email["user_account_email"]);
}
}
$subject_admins = 'New User Registration';
// Give the email a subject
$message_admins = '<h2>New User</h2>
<p>A new user has registered.</p>
<h3>Details</h3>
<p>Name: ' . $posted_data['first_name'] . ' ' . $posted_data['last_name'] . '</p>
<p>Email: ' . $posted_data['user_account_email'] . '</p>
<hr>
<p><a href="http://' . $_SERVER["SERVER_NAME"] . '/authenticate/">Login to administer</a></p>';
// Our message above including the link
// For the ability to send emails from an AWS EC2 instance
// If you need this functionality, you can configure the settings accordingly in /default_global_settings.php
if ($final_global_template_vars["hosting_vendor"] && $final_global_template_vars["hosting_vendor"] == "aws_ec2") {
$email = array();
require_once $final_global_template_vars["path_to_smtp_settings"];
// SMTP Settings
$mail->IsSMTP();
$mail->SMTPAuth = $email['settings']['smtpauth'];
$mail->SMTPSecure = $email['settings']['smtpsecure'];
$mail->Host = $email['settings']['host'];
$mail->Username = $email['settings']['username'];
$mail->Password = $email['settings']['password'];
}
// Send email to user
$mail->SetFrom($final_global_template_vars["send_emails_from"], $final_global_template_vars["site_name"] . ' Accounts');
// From (verified email address)
$mail->Subject = $subject;
// Subject
$mail->MsgHTML($message);
$mail->AddAddress($to);
// Recipient
$mail->Send();
$mail->ClearAllRecipients();
// Send email to Universal Administrators
// Subject
$mail->Subject = $subject_admins;
$mail->MsgHTML($message_admins);
// Universal Admin recipients
if (is_array($universal_administrator_emails) && !empty($universal_administrator_emails)) {
foreach ($universal_administrator_emails as $email) {
$mail->AddAddress($email["user_account_email"]);
}
$mail->Send();
$mail->ClearAllRecipients();
}
}
if (!$errors) {
$app->flash('message', 'Account creation was successful. You will receive an email shortly with further instructions.');
$app->redirect($final_global_template_vars["path_to_this_module"] . "/register/");
} else {
$env = $app->environment();
$env["default_validation_errors"] = $errors;
}
}
/**
* Update Password
*
* Controller for the User Account module.
*
* @author Goran Halusa <*****@*****.**>
* @since 0.1.0
*/
function update_password()
{
$app = \Slim\Slim::getInstance();
$final_global_template_vars = $app->config('final_global_template_vars');
require_once $_SERVER["PATH_TO_VENDOR"] . "wixel/gump/gump.class.php";
require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/register_account.class.php";
require_once $final_global_template_vars["default_module_list"]["authenticate"]["absolute_path_to_this_module"] . "/models/authenticate.class.php";
require_once $_SERVER["PATH_TO_VENDOR"] . "phpmailer/phpmailer/PHPMailerAutoload.php";
$db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]);
$db_resource = $db_conn->get_resource();
$register_account = new \PHPSkeleton\RegisterAccount($db_resource, $final_global_template_vars["session_key"]);
$authenticate = new \PHPSkeleton\Authenticate($db_resource, $final_global_template_vars["session_key"]);
$gump = new GUMP();
$mail = new PHPMailer();
$post = $app->request()->post() ? $app->request()->post() : false;
$account_email_exists = false;
// Is the email address in the database?
if ($post) {
$account_email_exists = $register_account->account_email_exists($post["user_account_email"]);
if (!$account_email_exists) {
$app->flash('message', 'The entered email address was not found in our database.');
$app->redirect($final_global_template_vars["path_to_this_module"] . "/password/");
}
}
$rules = array();
if ($account_email_exists) {
$rules = array("user_account_password" => "required|max_len,100|min_len,6", "password_check" => "required|max_len,100|min_len,6");
}
$validated = $gump->validate($post, $rules);
if ($post["user_account_password"] != $post["password_check"]) {
$validated_password_check = array("field" => "user_account_password_check", "value" => null, "rule" => "validate_required");
if (is_array($validated)) {
array_push($validated, $validated_password_check);
} else {
$validated = array($validated_password_check);
}
}
$errors = array();
if ($validated !== true) {
$errors = \phpskeleton\models\utility::gump_parse_errors($validated);
}
if (isset($errors["user_account_password_check"])) {
$errors["user_account_password_check"] = "Passwords did not match.";
}
// If there are no errors, process posted data and email to user
if (empty($errors) && $post) {
// Attempt to update the user_account_password and set the account to active (returns boolean)
$updated = $register_account->update_password($authenticate->generate_hashed_password($post["user_account_password"]), $account_email_exists['user_account_id'], $post["emailed_hash"]);
if ($updated) {
// Prepare the email...
// The email subject.
$subject = 'Your Password Has Been Reset';
// The message.
$message = '<h2>Your Password Has Been Reset</h2>
<hr>
<p>If you did not execute this change, please contact the site administrator as soon as possible.</p>';
// For the ability to send emails from an AWS EC2 instance
// If you need this functionality, you can configure the settings accordingly in /default_global_settings.php
if ($final_global_template_vars["hosting_vendor"] && $final_global_template_vars["hosting_vendor"] == "aws_ec2") {
$email = array();
require_once $final_global_template_vars["path_to_smtp_settings"];
// SMTP Settings
$mail = new PHPMailer();
$mail->IsSMTP();
$mail->SMTPAuth = $email['settings']['smtpauth'];
$mail->SMTPSecure = $email['settings']['smtpsecure'];
$mail->Host = $email['settings']['host'];
$mail->Username = $email['settings']['username'];
$mail->Password = $email['settings']['password'];
}
// From (verified email address).
$mail->SetFrom($final_global_template_vars["send_emails_from"], $final_global_template_vars["site_name"] . ' Accounts');
// Subject
$mail->Subject = $subject;
$mail->MsgHTML($message);
// Recipient
$mail->AddAddress($post['user_account_email']);
// Send the email.
$mail->Send();
$app->flash('message', 'Your password has been reset.');
$app->redirect($final_global_template_vars["path_to_this_module"] . "/password/");
} else {
$app->flash('message', 'Processing failed.');
$app->redirect($final_global_template_vars["path_to_this_module"] . "/password/");
}
} else {
$app->flash('message', $errors["user_account_password"]);
$app->redirect($final_global_template_vars["path_to_this_module"] . "/reset/?user_account_email=" . $account_email_exists['user_account_email'] . "&emailed_hash=" . $post["emailed_hash"]);
}
}
/**
* Insert/Update User Account
*
* Controller for the User Account module.
*
* @author Goran Halusa <*****@*****.**>
* @since 0.1.0
* @param array $route The route data array
*/
function insert_update_user_account(\Slim\Route $route)
{
$app = \Slim\Slim::getInstance();
$final_global_template_vars = $app->config('final_global_template_vars');
require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/user_account.class.php";
require_once $final_global_template_vars["default_module_list"]["group"]["absolute_path_to_this_module"] . "/models/group.class.php";
require_once $final_global_template_vars["default_module_list"]["authenticate"]["absolute_path_to_this_module"] . "/models/authenticate.class.php";
require_once $_SERVER["PATH_TO_VENDOR"] . "wixel/gump/gump.class.php";
// URL parameters matched in the route.
$params = $route->getParams();
$user_account_id = isset($params["user_account_id"]) ? $params["user_account_id"] : false;
$db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]);
$db_resource = $db_conn->get_resource();
$useraccount = new \PHPSkeleton\UserAccount($db_resource, $final_global_template_vars["session_key"]);
$group = new \PHPSkeleton\Group($db_resource, $final_global_template_vars["session_key"]);
$authenticate = new \PHPSkeleton\Authenticate($db_resource, $final_global_template_vars["session_key"]);
$post = $app->request()->post();
$errors = false;
$gump = new GUMP();
$rules_password = array();
$rules = array("first_name" => "required|alpha_numeric", "last_name" => "required|alpha_numeric", "user_account_email" => "required|valid_email");
if (isset($post["user_account_password"]) && !empty($post["user_account_password"])) {
$rules_password = array("user_account_password" => "max_len,100|min_len,6", "password_check" => "required|max_len,100|min_len,6");
}
$rules = array_merge($rules, $rules_password);
$validated = $gump->validate($post, $rules);
if ($post["user_account_password"] != $post["password_check"]) {
$validated_password_check = array("field" => "user_account_password_check", "value" => null, "rule" => "validate_required");
if (is_array($validated)) {
array_push($validated, $validated_password_check);
} else {
$validated = array($validated_password_check);
}
}
$errors = array();
if ($validated !== true) {
$errors = \phpskeleton\models\utility::gump_parse_errors($validated);
}
if (isset($errors["user_account_password_check"])) {
$errors["user_account_password_check"] = "Passwords did not match.";
}
$has_permission = array_intersect($_SESSION[$final_global_template_vars["session_key"]]["user_role_list"], $final_global_template_vars["role_perm_manage_all_accounts_access"]);
$role_perm_manage_all_accounts_access = empty($has_permission) ? false : true;
if (!empty($post) && $role_perm_manage_all_accounts_access) {
$current_group_values = $useraccount->get_user_group_roles_map($user_account_id, $final_global_template_vars["proxy_id"]);
$proposed_group_value = json_decode($post["group_data"], true);
$changes = array();
$current_group_role_array = array();
$proposed_group_role_array = array();
foreach ($proposed_group_value as $single_group_info) {
foreach ($single_group_info["roles"] as $single_role_id) {
$tmp_array = array("group_id" => $single_group_info["group_id"], "role_id" => $single_role_id);
$proposed_group_role_array[] = json_encode($tmp_array);
}
}
if (is_array($current_group_values) && !empty($current_group_values)) {
foreach ($current_group_values as $single_group_info) {
foreach ($single_group_info["roles"] as $single_role_id) {
$tmp_array = array("group_id" => $single_group_info["group_id"], "role_id" => $single_role_id);
$current_group_role_array[] = json_encode($tmp_array);
}
}
}
$changes = array_diff($proposed_group_role_array, $current_group_role_array);
$changes = array_merge($changes, array_diff($current_group_role_array, $proposed_group_role_array));
/**
* Check to see if the user is trying to hack the system and add a role they are not able to.
**/
foreach ($changes as $single_change) {
$single_change_array = json_decode($single_change, true);
$show_all = array_intersect($_SESSION[$final_global_template_vars["session_key"]]["user_role_list"], $final_global_template_vars["role_perm_assign_user_account_to_any_group"]);
if (!empty($show_all)) {
// This user can add any group to any user.
} else {
$group_roles = $useraccount->has_role($_SESSION[$final_global_template_vars["session_key"]]["user_account_id"], $final_global_template_vars["administrator_id"], $single_change_array["group_id"]);
if (empty($group_roles)) {
$failed_group = $group->get_group_record($single_change_array["group_id"]);
$errors[] = "You are not able to administor group: " . $failed_group["name"];
}
}
}
// Check to see if the user is trying to add a role to a group they are not able to.
foreach ($changes as $single_change) {
$single_change_array = json_decode($single_change, true);
if (in_array($single_change_array["role_id"], $final_global_template_vars["exclude_ids_from_selector"])) {
$errors[] = "You are not able to administer that role.";
}
}
}
if (!$errors) {
// Hash the incoming password (with some salt).
if (!empty($post["user_account_password"])) {
$post["user_account_password"] = $authenticate->generate_hashed_password($post["user_account_password"]);
}
$useraccount->insert_update_user_account($post, $user_account_id, true, $final_global_template_vars["proxy_id"], $role_perm_manage_all_accounts_access);
$useraccount->insert_addresses($post, $user_account_id, $_SESSION[$final_global_template_vars["session_key"]]["user_account_id"]);
$app->flash('message', 'Account successfully updated.');
if ($role_perm_manage_all_accounts_access) {
$app->redirect($final_global_template_vars["path_to_this_module"]);
} else {
$app->redirect($final_global_template_vars["path_to_this_module"] . "/manage/" . $user_account_id);
}
} else {
$env = $app->environment();
$env["default_validation_errors"] = $errors;
}
}
