/** * modify(): Update user information. * @param string $authtoken Authentication token. * @param string $oldpass Old Password. * @param string $password New Password. * @param string $realname Real name. * @return TlonSoapResponse Result. */ public function modify($authtoken, $oldpass, $password, $realname) { $old_user = TlonUser::getByAuthToken($authtoken); if ($old_user && TlonUser::checkPassword($old_user, $oldpass) && TlonUser::modify($old_user['username'], $password, $realname)) { return $this->returnSuccess(TlonUser::getAuthToken($old_user['username'])); } else { return $this->returnFailure($authtoken); } }
it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ require_once 'class.tlondata.php'; require_once 'class.tlonhash.php'; require_once 'class.tlonusergroup.php'; TlonUser::$TABLE = new TlonDataTable('tl_user', 'username, password, realname, salt, auth_token'); class TlonUser { public static $TABLE = null; /** * add(): Add a new user to TABLE, auto-generating password-hash and salt, and automatically * adding her to the 'all' group and to a group with the name '${username}_grp'. * @param string $username Username. * @param string $password Unhashed password. * @param string $realname Real name. * @return bool */ public static function add($username, $password, $realname) { list($hash, $salt) = TlonHash::password($password); if (!(TlonUserGroup::add($username, TlonGroup::EVERYONE, TlonRights::READ, TlonGroup::EVERYONEINFO) && TlonUserGroup::add($username, TlonGroup::userGroupname($username), TlonRights::READ_WRITE, $realname))) {
/** * modifyUser(): add a user to a group. * @param string $authtoken Auth token. * @param string $username Username * @param string $groupname Groupname. * @param int $rights User rights. * @return TlonSoapResponse Result */ public function modifyUser($authtoken, $username, $groupname, $rights = TlonRights::READ) { if (TlonUser::getByUsername($username) && $this->_checkRights($authtoken, $groupname, TlonRights::WRITE) && TlonUserGroup::edit($username, $groupname, $rights)) { return $this->returnSuccess($authtoken, array('username' => $username, 'groupname' => $groupname, 'rights' => $rights)); } else { return $this->returnFailure($authtoken); } }
private function authUser($auth_token, $document_id, $auth_rights = TlonRights::READ) { if (($u = TlonUser::getByAuthToken($auth_token)) && ($groups = TlonUserGroup::getByUsername($u['username']))) { foreach ($groups as $grp) { $gi .= ', ' . $grp['groupname']; if (TlonGroupDocument::hasRights($grp['groupname'], $document_id, $auth_rights)) { return true; } } } else { return "No groups gotten"; } return "No groups matched ({$gi})"; }