public function testGetActiveStatus()
{
$this->User->setActiveStatus(true);
if ($this->User->getActiveStatus() != true) {
$this->fail();
}
}
public function getUserAddEditForm($target = '/admin/User', $admin = false)
{
$form = new Form('user_addedit', 'POST', $target, '', array('class' => 'admin'));
$form->setConstants(array('section' => 'addedit'));
$form->addElement('hidden', 'section');
if (@$_REQUEST['id']) {
$user = new User($_REQUEST['id']);
$form->setConstants(array('id' => $_REQUEST['id']));
$form->addElement('hidden', 'id');
} else {
$user = new User();
}
$statuses = array(1 => 'Active', 0 => 'Disabled');
$form->addElement('text', 'a_username', 'Username');
$form->addElement('password', 'a_password', 'Password');
$form->addElement('password', 'a_password_confirm', 'Confirm Password');
$form->addElement('text', 'a_name', 'Full Name');
$form->addElement('text', 'a_email', 'Email Address');
if ($admin) {
$form->addElement('select', 'a_status', 'Active Status', $statuses);
}
if (isset($this->user) && $this->user->hasPerm('assigngroups')) {
$sql = 'SELECT agp_id, agp_name from auth_groups';
$groups = Database::singleton()->query_fetch_all($sql);
$assignableGroup = array();
foreach ($groups as $group) {
$assignableGroup[$group['agp_id']] = $group['agp_name'];
}
if (@$user) {
$defaultValues['a_group'] = $user->getAuthGroup();
}
$form->addElement('select', 'a_group', 'Member Group', $assignableGroup);
}
$form->addElement('submit', 'a_submit', 'Save');
$defaultValues['a_username'] = $user->getUsername();
$defaultValues['a_name'] = $user->getName();
$defaultValues['a_email'] = $user->getEmail();
$defaultValues['a_password'] = null;
$defaultValues['a_password_confirm'] = null;
if ($admin) {
$defaultValues['a_status'] = $user->getActiveStatus();
}
$form->setDefaults($defaultValues);
$form->addRule('a_username', 'Please enter a username', 'required', null);
$form->addRule('a_name', 'Please enter the user\'s name', 'required', null);
$form->addRule('a_email', 'Please enter an email address', 'required', null);
$form->addRule('a_email', 'Please enter a valid email address', 'email', null);
if (!isset($_REQUEST['id'])) {
$form->addRule('a_password', 'Please enter a password', 'required', null);
$form->addRule('a_password_confirm', 'Please confirm the passwords match', 'required', null);
}
$form->addRule(array('a_password', 'a_password_confirm'), 'The passwords do not match', 'compare', null);
if (isset($_REQUEST['a_submit']) && $form->validate()) {
$this->template = 'admin/user.tpl';
$this->doUserSubmit();
}
return $form;
}
private function modifyUser()
{
global $_ARRAYLANG, $_CONFIG;
$associatedGroups = '';
$notAssociatedGroups = '';
$cssDisplayStatusCreate = 'none';
$objFWUser = \FWUser::getFWUserObject();
if (($objUser = $objFWUser->objUser->getUser(isset($_REQUEST['id']) ? intval($_REQUEST['id']) : 0)) === false) {
$objUser = new \User();
$cssDisplayStatusCreate = '';
}
if ($objFWUser->objUser->getAdminStatus()) {
$cssDisplayStatus = 'none';
} else {
$cssDisplayStatus = '';
}
if (isset($_POST['access_save_user'])) {
$arrSettings = \User_Setting::getSettings();
// only administrators are allowed to change a users account. or users may be allowed to change their own account
if (!\Permission::hasAllAccess() && ($objUser->getId() != $objFWUser->objUser->getId() || !\Permission::checkAccess(31, 'static', true))) {
\Permission::noAccess();
}
$objUser->setUsername(isset($_POST['access_user_username']) ? trim(contrexx_stripslashes($_POST['access_user_username'])) : '');
$objUser->setEmail(isset($_POST['access_user_email']) ? trim(contrexx_stripslashes($_POST['access_user_email'])) : '');
$objUser->setFrontendLanguage(isset($_POST['access_user_frontend_language']) ? intval($_POST['access_user_frontend_language']) : 0);
$objUser->setBackendLanguage(isset($_POST['access_user_backend_language']) ? intval($_POST['access_user_backend_language']) : 0);
$oldActiveStatus = $objUser->getActiveStatus();
$objUser->setActiveStatus(isset($_POST['access_user_active']) ? (bool) $_POST['access_user_active'] : false);
$objUser->setEmailAccess(isset($_POST['access_user_email_access']) && $objUser->isAllowedToChangeEmailAccess() ? trim(contrexx_stripslashes($_POST['access_user_email_access'])) : '');
$objUser->setProfileAccess(isset($_POST['access_user_profile_access']) && $objUser->isAllowedToChangeProfileAccess() ? trim(contrexx_stripslashes($_POST['access_user_profile_access'])) : '');
$objUser->setSubscribedNewsletterListIDs(isset($_POST['access_user_newsletters']) ? $_POST['access_user_newsletters'] : array());
if (isset($_POST['access_profile_attribute']) && is_array($_POST['access_profile_attribute'])) {
$arrProfile = $_POST['access_profile_attribute'];
if (!empty($_POST['access_image_uploader_id']) && isset($_POST['access_profile_attribute_images']) && is_array($_POST['access_profile_attribute_images'])) {
$upload_res = $this->addUploadedImagesToProfile($objUser, $arrProfile, $_POST['access_profile_attribute_images'], $_POST['access_image_uploader_id']);
if (is_array($upload_res)) {
self::$arrStatusMsg['error'] = array_merge(self::$arrStatusMsg['error'], $upload_res);
}
}
$objUser->setProfile($arrProfile);
}
// only administrators are allowed to change the group assigement
if (\Permission::hasAllAccess()) {
if (isset($_POST['access_user_associated_groups']) && is_array($_POST['access_user_associated_groups'])) {
$objUser->setGroups($_POST['access_user_associated_groups']);
} else {
$objUser->setGroups(array());
}
}
$objUser->setPrimaryGroup(isset($_POST['access_user_primary_group']) ? $_POST['access_user_primary_group'] : 0);
if ((isset($_POST['notification_email']) && $_POST['notification_email'] == 1 && !$objUser->getId() || $objUser->setPassword(isset($_POST['access_user_password']) ? trim(contrexx_stripslashes($_POST['access_user_password'])) : '', isset($_POST['access_user_password_confirmed']) ? trim(contrexx_stripslashes($_POST['access_user_password_confirmed'])) : '')) && (!\Permission::hasAllAccess() || $objUser->getId() == $objFWUser->objUser->getId() || $objUser->setAdminStatus(isset($_POST['access_user_is_admin']) ? (bool) $_POST['access_user_is_admin'] : false) && (!isset($_POST['access_user_validity']) || $_REQUEST['access_user_validity'] == 'current' || $objUser->setValidityTimePeriod(intval($_POST['access_user_validity'])))) && (\Permission::hasAllAccess() || !$arrSettings['user_account_verification']['value'] || $objUser->checkMandatoryCompliance()) && $objUser->store()) {
self::$arrStatusMsg['ok'][] = $_ARRAYLANG['TXT_ACCESS_USER_ACCOUNT_STORED_SUCCESSFULLY'];
$objFWUser->objUser->getDynamicPermissionIds(true);
$objFWUser->objUser->getStaticPermissionIds(true);
if ($oldActiveStatus != $objUser->getActiveStatus() && isset($_POST['access_user_status_notification']) && $_POST['access_user_status_notification'] == '1') {
// notify user about the status (in-/ active) of his account
$this->notifyUserAboutAccountStatusChange($objUser);
}
// process module specific extensions
$this->processModuleSpecificExtensions($objUser);
if (\Permission::checkAccess(18, 'static', true)) {
return $this->userList();
}
} else {
self::$arrStatusMsg['error'] = array_merge(self::$arrStatusMsg['error'], $objUser->getErrorMsg());
}
} elseif (!$objUser->getId()) {
$objUser->setActiveStatus(true);
}
$this->_objTpl->addBlockfile('ACCESS_USER_TEMPLATE', 'module_access_user_modify', 'module_access_user_modify.html');
if ($objUser->getId()) {
$this->_pageTitle = $_ARRAYLANG['TXT_ACCESS_MODIFY_USER_ACCOUNT'];
$this->_objTpl->touchBlock('access_user_active_notification_function_call');
} else {
$this->_pageTitle = $_ARRAYLANG['TXT_ACCESS_CREATE_USER_ACCOUNT'];
$this->_objTpl->hideBlock('access_user_active_notification_function_call');
}
if (\Permission::hasAllAccess()) {
$objGroup = $objFWUser->objGroup->getGroups();
while (!$objGroup->EOF) {
$var = in_array($objGroup->getId(), $objUser->getAssociatedGroupIds()) ? 'associatedGroups' : 'notAssociatedGroups';
${$var} .= "<option value=\"" . $objGroup->getId() . "\">" . htmlentities($objGroup->getName(), ENT_QUOTES, CONTREXX_CHARSET) . " [" . $objGroup->getType() . "]</option>\n";
$objGroup->next();
}
$this->_objTpl->touchBlock('access_profile_group_assignment');
$this->attachJavaScriptFunction('accessSelectAllGroups');
$this->attachJavaScriptFunction('accessDeselectAllGroups');
$this->attachJavaScriptFunction('accessAddGroupToList');
$this->attachJavaScriptFunction('accessRemoveGroupFromList');
$this->attachJavaScriptFunction('accessAssignGroupToUser');
$this->attachJavaScriptFunction('confirmUserNotification');
} else {
$this->_objTpl->hideBlock('access_profile_group_assignment');
}
$this->attachJavaScriptFunction('accessSetWebsite');
$passwordInfo = self::getPasswordInfo();
$this->_objTpl->setVariable(array('TXT_ACCESS_USER_ACCOUNT' => $_ARRAYLANG['TXT_ACCESS_USER_ACCOUNT'], 'TXT_ACCESS_USER_GROUP_S' => $_ARRAYLANG['TXT_ACCESS_USER_GROUP_S'], 'TXT_ACCESS_PROFILE' => $_ARRAYLANG['TXT_ACCESS_PROFILE'], 'TXT_ACCESS_NEWSLETTER_LISTS' => $_ARRAYLANG['TXT_ACCESS_NEWSLETTER_LISTS'], 'TXT_ACCESS_USERNAME' => $_ARRAYLANG['TXT_ACCESS_USERNAME'], 'TXT_ACCESS_PASSWORD' => $_ARRAYLANG['TXT_ACCESS_PASSWORD'], 'TXT_ACCESS_CONFIRM_PASSWORD' => $_ARRAYLANG['TXT_ACCESS_CONFIRM_PASSWORD'], 'TXT_ACCESS_EMAIL' => $_ARRAYLANG['TXT_ACCESS_EMAIL'], 'TXT_ACCESS_LANGUAGE' => $_ARRAYLANG['TXT_ACCESS_LANGUAGE'], 'TXT_ACCESS_ADMINISTRATOR' => $_ARRAYLANG['TXT_ACCESS_ADMINISTRATOR'], 'TXT_ACCESS_PASSWORD_INFO' => $passwordInfo, 'TXT_ACCESS_USER_ADMIN_RIGHTS' => $_ARRAYLANG['TXT_ACCESS_USER_ADMIN_RIGHTS'], 'TXT_ACCESS_USER_ADMIN_RIGHTS_TOOLTIP' => $_ARRAYLANG['TXT_ACCESS_USER_ADMIN_RIGHTS_TOOLTIP'], 'TXT_ACCESS_PASSWORD_FIELD_EMPTY' => $_ARRAYLANG['TXT_ACCESS_PASSWORD_FIELD_EMPTY'], 'TXT_ACCESS_PASSWORD_MD5_ENCRYPTED' => $_ARRAYLANG['TXT_ACCESS_PASSWORD_MD5_ENCRYPTED'], 'TXT_ACCESS_AVAILABLE_GROUPS' => $_ARRAYLANG['TXT_ACCESS_AVAILABLE_GROUPS'], 'TXT_ACCESS_ASSOCIATED_GROUPS' => $_ARRAYLANG['TXT_ACCESS_ASSOCIATED_GROUPS'], 'TXT_ACCESS_PRIMARY_GROUP' => $_ARRAYLANG['TXT_ACCESS_PRIMARY_GROUP'], 'TXT_ACCESS_CHECK_ALL' => $_ARRAYLANG['TXT_ACCESS_CHECK_ALL'], 'TXT_ACCESS_UNCHECK_ALL' => $_ARRAYLANG['TXT_ACCESS_UNCHECK_ALL'], 'TXT_ACCESS_SAVE' => $_ARRAYLANG['TXT_ACCESS_SAVE'], 'TXT_ACCESS_CANCEL' => $_ARRAYLANG['TXT_ACCESS_CANCEL'], 'TXT_ACCESS_CHANGE_WEBSITE' => $_ARRAYLANG['TXT_ACCESS_CHANGE_WEBSITE'], 'TXT_ACCESS_VISIT_WEBSITE' => $_ARRAYLANG['TXT_ACCESS_VISIT_WEBSITE'], 'TXT_ACCESS_NO_SPECIFIED' => $_ARRAYLANG['TXT_ACCESS_NO_SPECIFIED'], 'TXT_ACCESS_CHANGE_PROFILE_PIC' => $_ARRAYLANG['TXT_ACCESS_CHANGE_PROFILE_PIC'], 'TXT_ACCESS_STATUS' => $_ARRAYLANG['TXT_ACCESS_STATUS'], 'TXT_ACCESS_ACTIVE' => $_ARRAYLANG['TXT_ACCESS_ACTIVE'], 'TXT_ACCESS_CONFIRM_OPEN_URL' => $_ARRAYLANG['TXT_ACCESS_CONFIRM_OPEN_URL'], 'TXT_ACCESS_URL_OPEN_RISK_MSG' => $_ARRAYLANG['TXT_ACCESS_URL_OPEN_RISK_MSG'], 'TXT_ACCESS_PRIVACY' => $_ARRAYLANG['TXT_ACCESS_PRIVACY'], 'TXT_ACCESS_FRONTEND_DESC' => $_ARRAYLANG['TXT_ACCESS_FRONTEND_DESC'], 'TXT_ACCESS_BACKEND_DESC' => $_ARRAYLANG['TXT_ACCESS_BACKEND_DESC'], 'TXT_ACCESS_VALIDITY_EXPIRATION' => $_ARRAYLANG['TXT_ACCESS_VALIDITY_EXPIRATION'], 'TXT_ACCESS_PASSWORD_INVALID' => $_ARRAYLANG['TXT_ACCESS_PASSWORD_INVALID'], 'TXT_ACCESS_PASSWORD_TOO_SHORT' => $_ARRAYLANG['TXT_ACCESS_PASSWORD_TOO_SHORT'], 'TXT_ACCESS_PASSWORD_WEAK' => $_ARRAYLANG['TXT_ACCESS_PASSWORD_WEAK'], 'TXT_ACCESS_PASSWORD_GOOD' => $_ARRAYLANG['TXT_ACCESS_PASSWORD_GOOD'], 'TXT_ACCESS_PASSWORD_STRONG' => $_ARRAYLANG['TXT_ACCESS_PASSWORD_STRONG'], 'TXT_ACCESS_PASSWORD_MANUALLY' => $_ARRAYLANG['TXT_ACCESS_PASSWORD_MANUALLY'], 'TXT_ACCESS_PASSWORD_GENERATED' => $_ARRAYLANG['TXT_ACCESS_PASSWORD_GENERATED'], 'TXT_ACCESS_NOTIFICATION_EMAIL_TITLE' => $_ARRAYLANG['TXT_ACCESS_NOTIFICATION_EMAIL_TITLE']));
$this->parseAccountAttributes($objUser, true);
if ($objUser->isAllowedToChangeEmailAccess() || $objUser->isAllowedToChangeProfileAccess()) {
$this->_objTpl->touchBlock('access_user_privacy');
} else {
$this->_objTpl->hideBlock('access_user_privacy');
}
$arrSettings = \User_Setting::getSettings();
if (!$arrSettings['use_usernames']['status']) {
$this->_objTpl->hideBlock('access_user_username_block');
}
$this->parseNewsletterLists($objUser);
$urlParams = '';
$cancelUrl = 'index.php?cmd=Access&act=user';
$source = isset($_GET['source']) ? contrexx_input2raw($_GET['source']) : 'Access';
switch ($source) {
case 'Newsletter':
$cancelUrl = 'index.php?cmd=Newsletter&act=users';
$urlParams = (!empty($_GET['newsletterListId']) ? '&newsletterListId=' . contrexx_input2raw($_GET['newsletterListId']) : '') . (!empty($_GET['filterkeyword']) ? '&filterkeyword=' . contrexx_input2raw($_GET['filterkeyword']) : '') . (!empty($_GET['filterattribute']) ? '&filterattribute=' . contrexx_input2raw($_GET['filterattribute']) : '') . (!empty($_GET['filterStatus']) ? '&filterStatus=' . contrexx_input2raw($_GET['filterStatus']) : '');
break;
}
$this->attachJavaScriptFunction('addHistoryField');
$uploader = $this->getImageUploader();
$this->_objTpl->setVariable(array('ACCESS_USER_ID' => $objUser->getId(), 'ACCESS_USER_IS_ADMIN' => $objUser->getAdminStatus() ? 'checked="checked"' : '', 'ACCESS_USER_ACTIVE' => $objUser->getActiveStatus() ? 'checked="checked"' : '', 'ACCESS_USER_NOT_ASSOCIATED_GROUPS' => $notAssociatedGroups, 'ACCESS_USER_ASSOCIATED_GROUPS' => $associatedGroups, 'ACCESS_USER_PRIMARY_GROUP_MENU' => $this->getGroupMenu($objUser->getPrimaryGroupId(), 'name="access_user_primary_group" id="access_user_primary_group" onchange="accessAssignGroupToUser(this,document.getElementById(\'access_user_not_associated_groups\'),document.getElementById(\'access_user_associated_groups\'))"', false), 'ACCESS_USER_VALIDITY_EXPIRATION_MENU' => $this->getUserValidityMenu($objUser->getValidityTimePeriod(), $objUser->getExpirationDate()), 'ACCESS_USER_VALIDITY_OPTION_DISPLAY' => $objUser->getAdminStatus() ? 'none' : '', 'ACCESS_JAVASCRIPT_FUNCTIONS' => $this->getJavaScriptCode(), 'CSS_DISPLAY_STATUS' => $cssDisplayStatus, 'CSS_DISPLAY_STATUS_CREATE' => $cssDisplayStatusCreate, 'ACCESS_PASSWORT_COMPLEXITY' => isset($_CONFIG['passwordComplexity']) ? $_CONFIG['passwordComplexity'] : 'off', 'SOURCE' => $source, 'CANCEL_URL' => $cancelUrl, 'URL_PARAMS' => $urlParams, 'ACCESS_IMAGE_UPLOADER_ID' => $uploader->getId(), 'ACCESS_IMAGE_UPLOADER_CODE' => $uploader->getXHtml()));
$rowNr = 0;
$objUser->objAttribute->first();
while (!$objUser->objAttribute->EOF) {
$objAttribute = $objUser->objAttribute->getById($objUser->objAttribute->getId());
if (!$objAttribute->isProtected() || (\Permission::checkAccess($objAttribute->getAccessId(), 'dynamic', true) || $objAttribute->checkModifyPermission())) {
$this->_objTpl->setVariable(array('ACCESS_ATTRIBUTE_ROW_CLASS' => ++$rowNr % 2 + 1, 'ACCESS_PROFILE_ATTRIBUTE_DESC' => htmlentities($objUser->objAttribute->getName(), ENT_QUOTES, CONTREXX_CHARSET), 'ACCESS_PROFILE_ATTRIBUTE' => $this->parseAttribute($objUser, $objAttribute->getId(), 0, true, true)));
$this->_objTpl->parse('access_profile_attribute_list');
}
$objUser->objAttribute->next();
}
$this->parseModuleSpecificExtensions();
$this->_objTpl->parse('module_access_user_modify');
return true;
}