public static function invokePermissions($pUser, $pObject, $pMethod)
{
return true;
$pUser = new User();
$registry = KISS_Framework_Registry::instance();
$permissions = $registry->getEntry('user_defined');
$permissions_default = $registry->getEntry('default');
$permission_array = array($permissions->xpath('/application/permission/user[@role="' . $pUser->getRole() . '"]/class[@name="' . get_class($pObject) . '"]/method[@name="' . $pMethod . '"]'), $permissions->xpath('/application/permission/user[@role="' . $pUser->getRole() . '"]/class[@name="' . get_class($pObject) . '"]'), $permissions->xpath('/application/permission/user[@role="' . $pUser->getRole() . '"]'), $permissions->xpath('/application/permission/user[@role="default"]'));
//$permissions_default->xpath('/application/permission/user[@role="default"]')
foreach ($permission_array as $permission) {
if ($permission && count($permission) == 1) {
return (string) $permission[0]['access'] == "true";
}
}
return false;
}
private function isRootUser(User $existingUser)
{
if ($existingUser->getRole()->getName() === "ROOT") {
return true;
}
return false;
}
/**
* Store User authentication data in session
*
* Also regenerates session id to prevent session fixation
*
* @param User $user
*/
public function signIn(User $user)
{
$_SESSION['HTTP_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];
$userArray = ['id' => $user->getId(), 'email' => $user->getEmail(), 'role' => $user->getRole()];
$_SESSION['User'] = serialize($userArray);
session_regenerate_id(true);
}
/**
* Returns true if this relationship is applicable to the supplied user
* @param User $user
* @return boolean
*/
public function isRelated(User $user)
{
if ($this->organisation && $user->getOrganisationId() != $this->organisation || $this->group && $user->getGroup() != $this->group || $this->role && $user->getRole() != $this->role || $this->user && $user->getID() != $this->user) {
return false;
}
return true;
}
public function checkLogin()
{
if (isset($_POST['submit'])) {
$user = new User();
$role = $user->getRole();
if ($role) {
$_SESSION['role'] = $role;
$_SESSION['login'] = "******";
$_SESSION['user'] = $_POST['userName'];
header("Location: http://localhost/HW/View/Home.php");
} else {
//header("Location: http://localhost/HW/connection.php");
?>
<div dir="rtl">
<?php
$_SESSION['Fail'] = "OK";
//echo "خطأ في اسم المستخدم أو كلمة السر";
?>
</div>
<?php
//exit();
}
}
if (isset($_SESSION['logout'])) {
//<div dir="rtl">
//<h2>
//<?php echo "تم تسجيل الخروج بنجاح";
//</h2>
//</div>
//<?php
session_destroy();
}
}
public function setRole()
{
$this->setPrerequisites('userid,newrole,targetid');
if (!$this->checkPrerequisites()) {
return false;
}
if (!$this->isModerator()) {
$this->setUpError('NO RIGHTS', $this->getRole());
return false;
}
$target = new User(array('userid' => $this->get('targetid')));
if ($this->get('newrole') == $target->getRole()) {
$this->setUpError("ALREADY IN ROLE", $this->get('newrole'));
return false;
}
$db = new DB();
$query = 'UPDATE mototimes_users SET role=? WHERE id_vk=?';
$stmt = $db->prepare($query);
$stmt->bind_param('si', $this->get('newrole'), $this->get('targetid'));
$stmt->execute();
if ($stmt->errno != 0) {
$this->setUpError("NO SUCH ROLE", $this->get('newrole'));
} else {
if ($stmt->affected_rows == 0) {
$this->setUpError("NO USER", $this->get('targetid'));
} else {
$result = array('response' => 'ok');
$this->setResult($result);
}
}
$db->close();
return true;
}
function login()
{
//登录
if (isset($_POST['name'])) {
$model = new User();
if ($model->check()) {
//检查用户输入的用户名和密码是否有效
setcookie('user', $_POST['name']);
//有效则将用户信息存入cookie和session中
$_SESSION['name'] = $model->getName();
$_SESSION['id'] = $model->getID();
$_SESSION['role'] = $model->getRole();
header('location:http://' . $_SERVER['HTTP_HOST'] . '/WeiXianPin/index.php');
//重定向到主页
exit;
} else {
$error = '用户名或密码错误,请重新登录';
}
} else {
$error = '';
}
//没有提交登录表单,自然没错
include 'login.html.php';
//进入登录页面并显示错误信息(如果没有则不显示)
}
function getBiographicalFeature(User $user, $feature)
{
switch ($feature) {
case "name":
$feat_str = $user->getName("%f %l");
break;
case "group":
$feat_str = $user->getGroup();
break;
case "role":
$feat_str = $user->getRole();
break;
case "photo":
$official_photo = UserPhoto::get($user->getID(), UserPhoto::OFFICIAL);
$feat_str = $official_photo->getFilename();
break;
case "organisation":
$organisation = $user->getOrganisation();
$feat_str = $organisation->getTitle();
break;
case "email":
$feat_str = $user->getEmail();
break;
case "email_alt":
$feat_str = $user->getEmailAlternate();
break;
case "address":
$address = $user->getAddress();
$postcode = $user->getPostalCode();
$city = $user->getCity();
$province = $user->getProvince();
$prov_name = $province->getName();
$country = $user->getCountry();
$country_name = $country->getName();
$feat_str = html_encode($address) . "<br />" . html_encode($city);
if ($prov_name) {
$feat_str .= ", " . html_encode($prov_name);
}
$feat_str .= "<br />";
$feat_str .= html_encode($country_name);
if ($postcode) {
$feat_str .= ", " . html_encode($postcode);
}
break;
case "phone":
$feat_str = $user->getTelephone();
break;
case "fax":
$feat_str = $user->getFax();
break;
default:
Zend_Debug::dump($feature);
return;
}
return $feat_str;
}
/**
* @param user User
* @param $token Token
* @return UserDto
*/
public function mapUserToDto(User $user, $token = null)
{
$userDto = new UserDto();
$userDto->setId($user->getId());
$userDto->setUserName($user->getUsername());
$userDto->setEmail($user->getEmail());
$userDto->setFirstName($user->getFirstName());
$userDto->setLastName($user->getLastName());
$userDto->setPicture($user->getPicture());
$userDto->setFile($user->getFile());
$userDto->setDisplay($user->getDisplay());
$userDto->setRole($this->roleMapper->mapUserRoleToDto($user->getRole()));
$userDto->setToken($token);
return $userDto;
}
function getRole($type = null)
{
if (isset(Yii::app()->user->id)) {
$groups = User::getGroups($this->id);
if ($role = User::getRole($this->id)) {
$role['role'] = $groups[$role['groupId']];
return $role;
} else {
$role['groupId'] = 6;
$role['role'] = $groups[6];
return $role;
}
} else {
$role['groupId'] = 0;
$role['role'] = 0;
return $role;
}
}
/**
* Checks whether the given user has acces to a resource.
* First invokes the parent for general ACL verification, then checks the instance specifically
*
* @param StitchPattern $resource
* @param User $identity
* @param string $privilege
*/
public function __invoke(\StitchPattern\Model\StitchPattern $resource, $identity, $privilege)
{
$sharePrivilages = array('convert', 'upload', 'pddemulate');
if (parent::__invoke('StitchPattern\\Controller', $privilege)) {
if ($identity && $identity->getRole()->getName() == 'admin') {
return true;
} else {
if ($identity && $resource->user_id == $identity->getId()) {
return true;
} else {
if (in_array($privilege, $sharePrivilages) && $resource->shared) {
return true;
}
}
}
}
return false;
}
/**
*
* @param User $user
* @return int id of the User inserted in base. False if it didn't work.
*/
public static function flush($user)
{
$userId = $user->getId();
$login = $user->getLogin();
$password = $user->getPassword();
$mail = $user->getMail();
$inscriptionDate = $user->getInscriptionDate();
$firstName = $user->getFirstName();
$lastName = $user->getLastName();
$birthDate = $user->getBirthDate();
$address = $user->getAddress();
$phoneNumber = $user->getPhoneNumber();
$avatar = $user->getAvatar();
$role = $user->getRole()->getId();
if ($userId > 0) {
$sql = 'UPDATE user u SET ' . 'u.login = ?, ' . 'u.passwd = ?, ' . 'u.mail = ?, ' . 'u.inscription_date = ?, ' . 'u.first_name = ?, ' . 'u.last_name = ?, ' . 'u.birth_date = ?, ' . 'u.address = ?, ' . 'u.phone_number = ?, ' . 'u.avatar = ?, ' . 'u.ROLE_id_role = ? ' . 'WHERE u.id_user = ?';
$params = array('ssssssssssii', &$login, &$password, &$mail, &$inscriptionDate, &$firstName, &$lastName, &$birthDate, &$address, &$phoneNumber, &$avatar, &$role, &$userId);
} else {
$sql = 'INSERT INTO user ' . '(login, passwd, mail, inscription_date, first_name, ' . 'last_name, birth_date, address, phone_number, avatar, ROLE_id_role) ' . 'VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
$params = array('ssssssssssi', &$login, &$password, &$mail, &$inscriptionDate, &$firstName, &$lastName, &$birthDate, &$address, &$phoneNumber, &$avatar, &$role);
}
$idInsert = BaseSingleton::insertOrEdit($sql, $params);
if ($idInsert !== false && $userId > 0) {
$idInsert = $userId;
}
return $idInsert;
}
/**
* Lists the link filters currently in the system.
*
* @return array An array of information.
*/
public static function getList()
{
$sql = 'SELECT
lfi_id,
lfi_description,
lfi_usr_role,
lfi_pattern,
lfi_replacement
FROM
{{%link_filter}}
ORDER BY
lfi_id';
try {
$res = DB_Helper::getInstance()->getAll($sql);
} catch (DbException $e) {
return array();
}
foreach ($res as &$row) {
$sql = 'SELECT
plf_prj_id,
prj_title
FROM
{{%project_link_filter}},
{{%project}}
WHERE
prj_id = plf_prj_id AND
plf_lfi_id = ?';
try {
$projects = DB_Helper::getInstance()->getPair($sql, array($row['lfi_id']));
} catch (DbException $e) {
$projects = array();
}
if ($projects === null) {
$projects = array();
}
$row['projects'] = array_keys($projects);
$row['project_names'] = array_values($projects);
$row['min_usr_role_name'] = User::getRole($row['lfi_usr_role']);
}
return $res;
}
/**
* This displays a person's name, picture etc. including basic biographical information and assistant info if relevant
* @param User $user
*/
function display_person(User $user)
{
global $ENTRADA_ACL;
$photos = $user->getPhotos();
$user_id = $user->getID();
$is_administrator = $ENTRADA_ACL->amIallowed('user', 'update');
$prefix = $user->getPrefix();
$firstname = $user->getFirstname();
$lastname = $user->getLastname();
$fullname = $user->getName("%f %l");
$departments = $user->getDepartments();
if (0 < count($departments)) {
$dep_titles = array();
foreach ($departments as $department) {
$dep_titles[] = ucwords($department->getTitle());
}
$group_line = implode("<br />", $dep_titles);
} else {
$group = $user->getGroup();
$role = $user->getRole();
$group_line = ucwords($group . " > " . ($group == "student" ? "Class of " : "") . $role);
}
$privacy_level = $user->getPrivacyLevel();
$organisation = $user->getOrganisation();
$org_name = $organisation ? $organisation->getTitle() : "";
$email = 1 < $privacy_level || $is_administrator ? $user->getEmail() : "";
$email_alt = $user->getAlternateEmail();
if (2 < $privacy_level || $is_administrator) {
$show_address = true;
$city = $user->getCity();
$province = $user->getProvince();
$prov_name = $province->getName();
$country = $user->getCountry();
$country_name = $country->getName();
$phone = $user->getTelephone();
$fax = $user->getFax();
$address = $user->getAddress();
$postcode = $user->getPostalCode();
$office_hours = $user->getOfficeHours();
}
$assistants = $user->getAssistants();
//there are 4 photo cases (at time of writing): no photos, official only, uploaded only, or both.
//privacy options also need to be considered here.
ob_start();
?>
<div id="result-<?php
echo $user_id;
?>
" class="person-result">
<div id="img-holder-<?php
echo $user_id;
?>
" class="img-holder">
<?php
$num_photos = count($photos);
if (0 === $num_photos) {
echo display_photo_placeholder();
} else {
foreach ($photos as $photo) {
echo display_photo($photo);
}
if (2 <= $num_photos) {
$label = 0;
foreach ($photos as $photo) {
echo display_photo_link($photo, ++$label);
}
}
echo display_zoom_controls($user_id);
}
?>
</div>
<div class="person-data">
<div class="basic">
<span class="person-name"><?php
echo html_encode($fullname);
?>
</span>
<span class="person-group"><?php
echo html_encode($group_line);
?>
</span>
<span class="person-organisation"><?php
echo html_encode($org_name);
?>
</span>
<div class="email-container">
<?php
if ($email) {
echo display_person_email($email);
if ($email_alt) {
echo display_person_email($email_alt);
}
}
?>
</div>
</div>
<div class="address">
<?php
if ($show_address) {
if ($phone) {
?>
<div>
<span class="address-label">Telephone:</span>
<span class="address-value"><?php
echo html_encode($phone);
?>
</span>
</div>
<?php
}
if ($fax) {
?>
<div>
<span class="address-label">Fax:</span>
<span class="address-value"><?php
echo html_encode($fax);
?>
</span>
</div>
<?php
}
if ($address && $city) {
?>
<div>
<span class="address-label">Address:</span><br />
<span class="address-value">
<?php
echo html_encode($address) . "<br />" . html_encode($city);
if ($prov_name) {
echo ", " . html_encode($prov_name);
}
echo "<br />";
echo html_encode($country_name);
if ($postcode) {
echo ", " . html_encode($postcode);
}
?>
</span>
</div>
<?php
}
if ($office_hours) {
?>
<div>
<span class="address-label">Office Hours:</span>
<span class="address-value"><?php
echo html_encode($office_hours);
?>
</span>
</div>
<?php
}
}
?>
</div>
<div class="assistant"><?php
if (count($assistants) > 0) {
?>
<span class="content-small">Administrative Assistants:</span>
<ul class="assistant-list">
<?php
foreach ($assistants as $assistant) {
echo "<li>" . display_person_email($assistant->getEmail(), $assistant->getName("%f %l")) . "</li>";
}
?>
</ul><?php
}
?>
</div>
</div>
<div></div>
<div class="clearfix"> </div>
</div>
<?php
return ob_get_clean();
}
/**
* Method used to get the list of custom fields available in the
* system.
*
* @return array The list of custom fields
*/
public static function getList()
{
$stmt = 'SELECT
*
FROM
{{%custom_field}}
ORDER BY
fld_rank ASC';
try {
$res = DB_Helper::getInstance()->getAll($stmt);
} catch (DbException $e) {
return '';
}
foreach ($res as &$row) {
$row['projects'] = @implode(', ', array_values(self::getAssociatedProjects($row['fld_id'])));
if ($row['fld_type'] == 'combo' || $row['fld_type'] == 'multiple') {
if (!empty($row['fld_backend'])) {
$row['field_options'] = implode(', ', array_values(self::getOptions($row['fld_id'])));
}
}
if (!empty($row['fld_backend'])) {
$row['field_options'] = 'Backend: ' . self::getBackendName($row['fld_backend']);
}
$row['min_role_name'] = User::getRole($row['fld_min_role']);
}
return $res;
}
<?php
$this->breadcrumbs = array(UserModule::t('Users') => array('admin'), $model->userLogin->username);
?>
<h1><?php
echo UserModule::t('View User') . ' "' . $model->userLogin->username . '"';
?>
</h1>
<?php
echo $this->renderPartial('_menu', array('list' => array(CHtml::link(UserModule::t('Create User'), array('create')), CHtml::link(UserModule::t('Update User'), array('update', 'id' => $model->user_id)), CHtml::linkButton(UserModule::t('Delete User'), array('submit' => array('delete', 'id' => $model->user_id), 'confirm' => UserModule::t('Are you sure to delete this item?'))))));
$this->widget('zii.widgets.CDetailView', array('data' => $model, 'attributes' => array('name', array('name' => 'Username', 'value' => $model->userLogin->username), 'mobile', 'email', array('name' => 'Address', 'value' => $model->address1 . "\n" . $model->address2), 'city', 'state', 'country', 'pincode', array('name' => 'Created on', 'value' => date("d.m.Y H:i:s", strtotime($model->create_ts))), array('name' => 'Updated By', 'type' => 'raw', 'value' => $model->updated_by > 0 ? isset($model->updatedBy) ? CHtml::link(CHtml::encode($model->updatedBy->name), array("admin/view", "id" => $model->updatedBy->user_id)) : $model->updated_by : 'Unavailable'), array('name' => 'Updated on', 'value' => date("d.m.Y H:i:s", strtotime($model->update_ts))), array('name' => 'Role', 'value' => User::getRole($model->role)), array('name' => 'Last Visited On', 'value' => isset($model->userLogin->last_login) ? date("d.m.Y H:i:s", strtotime($model->userLogin->last_login)) : 'Never Logged In'))));
/**
* Method used to get the list of issues to be displayed in the grid layout.
*
* @access public
* @param array $options The search parameters
* @return string The where clause
*/
function buildWhereClause($options)
{
$usr_id = Auth::getUserID();
$prj_id = Auth::getCurrentProject();
$role_id = User::getRoleByUser($usr_id, $prj_id);
$stmt = ' AND iss_usr_id = en_ID';
if (User::getRole($role_id) == "Customer") {
$stmt .= " AND iss_customer_id=" . User::getCustomerID($usr_id);
} elseif ($role_id <= User::getRoleID("Standard User") && Project::getSegregateReporters($prj_id)) {
$stmt .= " AND (\n iss_usr_id = {$usr_id} OR\n iur_usr_id = {$usr_id} OR\n isu_usr_id = {$usr_id}\n )";
}
if (!empty($options["users"])) {
$stmt .= " AND (\n";
if (stristr($options["users"], "grp") !== false) {
$chunks = explode(":", $options["users"]);
$stmt .= 'iss_grp_id = ' . Misc::escapeInteger($chunks[1]);
} else {
if ($options['users'] == '-1') {
$stmt .= 'isu_usr_id IS NULL';
} elseif ($options['users'] == '-2') {
$stmt .= 'isu_usr_id IS NULL OR isu_usr_id=' . $usr_id;
} elseif ($options['users'] == '-3') {
$stmt .= 'isu_usr_id = ' . $usr_id . ' OR iss_grp_id = ' . User::getGroupID($usr_id);
} elseif ($options['users'] == '-4') {
$stmt .= 'isu_usr_id IS NULL OR isu_usr_id = ' . $usr_id . ' OR iss_grp_id = ' . User::getGroupID($usr_id);
} else {
$stmt .= 'isu_usr_id =' . Misc::escapeInteger($options["users"]);
}
}
$stmt .= ')';
}
if (!empty($options["reporter"])) {
$stmt .= " AND iss_usr_id = " . Misc::escapeInteger($options["reporter"]);
}
if (!empty($options["show_authorized_issues"])) {
$stmt .= " AND (iur_usr_id={$usr_id})";
}
if (!empty($options["show_notification_list_issues"])) {
$stmt .= " AND (sub_usr_id={$usr_id})";
}
if (!empty($options["keywords"])) {
$stmt .= " AND (\n";
if ($options['search_type'] == 'all_text' && APP_ENABLE_FULLTEXT) {
$stmt .= "iss_id IN(" . join(', ', Issue::getFullTextIssues($options)) . ")";
} elseif ($options['search_type'] == 'customer' && Customer::hasCustomerIntegration($prj_id)) {
// check if the user is trying to search by customer email
$customer_ids = Customer::getCustomerIDsLikeEmail($prj_id, $options['keywords']);
if (count($customer_ids) > 0) {
$stmt .= " iss_customer_id IN (" . implode(', ', $customer_ids) . ")";
} else {
// no results, kill query
$stmt .= " iss_customer_id = -1";
}
} else {
$stmt .= "(" . Misc::prepareBooleanSearch('iss_summary', $options["keywords"]);
$stmt .= " OR " . Misc::prepareBooleanSearch('iss_description', $options["keywords"]) . ")";
}
$stmt .= "\n) ";
}
if (!empty($options["priority"])) {
$stmt .= " AND iss_pri_id=" . Misc::escapeInteger($options["priority"]);
}
if (!empty($options["status"])) {
$stmt .= " AND iss_sta_id=" . Misc::escapeInteger($options["status"]);
}
if (!empty($options["category"])) {
$stmt .= " AND iss_prc_id=" . Misc::escapeInteger($options["category"]);
}
if (!empty($options["hide_closed"])) {
$stmt .= " AND sta_is_closed=0";
}
if (!empty($options["hide_answered"])) {
$stmt .= " AND iss_control_status='Unanswered'";
}
if (!empty($options['release'])) {
$stmt .= " AND iss_pre_id = " . Misc::escapeInteger($options['release']);
}
// now for the date fields
$date_fields = array('created_date', 'updated_date', 'last_response_date', 'first_response_date', 'closed_date');
foreach ($date_fields as $field_name) {
if (!empty($options[$field_name])) {
switch ($options[$field_name]['filter_type']) {
case 'greater':
$stmt .= " AND iss_{$field_name} >= '" . Misc::escapeString($options[$field_name]['start']) . "'";
break;
case 'less':
$stmt .= " AND iss_{$field_name} <= '" . Misc::escapeString($options[$field_name]['start']) . "'";
break;
case 'between':
$stmt .= " AND iss_{$field_name} BETWEEN '" . Misc::escapeString($options[$field_name]['start']) . "' AND '" . Misc::escapeString($options[$field_name]['end']) . "'";
break;
case 'null':
$stmt .= " AND iss_{$field_name} IS NULL";
break;
case 'in_past':
if (strlen($options[$field_name]['time_period']) == 0) {
$options[$field_name]['time_period'] = 0;
}
$stmt .= " AND (UNIX_TIMESTAMP('" . Date_API::getCurrentDateGMT() . "') - UNIX_TIMESTAMP(iss_{$field_name})) <= (" . Misc::escapeInteger($options[$field_name]['time_period']) . "*3600)";
break;
case 'not_in_past':
if (strlen($options[$field_name]['time_period']) == 0) {
$options[$field_name]['time_period'] = 0;
}
$stmt .= " AND \n\t\t\t\t\t\t(\n\t\t\t\t\t\t\tiss_{$field_name} is NULL || \n\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t(\n\t\t\t\t\t\t\t\t\t(UNIX_TIMESTAMP('" . Date_API::getCurrentDateGMT() . "') - UNIX_TIMESTAMP(iss_{$field_name})) > (" . Misc::escapeInteger($options[$field_name]['time_period']) . "*3600)\n\t\t\t\t\t\t\t\t)\n\t\t\t\t\t\t\t)\n\t\t\t\t\t\t)";
break;
}
}
}
// custom fields
if (is_array($options['custom_field']) && count($options['custom_field']) > 0) {
foreach ($options['custom_field'] as $fld_id => $search_value) {
if (empty($search_value)) {
continue;
}
$field = Custom_Field::getDetails($fld_id);
if ($field['fld_type'] == 'multiple') {
$search_value = Misc::escapeInteger($search_value);
foreach ($search_value as $cfo_id) {
$stmt .= " AND\n cf" . $fld_id . '_' . $cfo_id . ".icf_iss_id = iss_id";
$stmt .= " AND\n cf" . $fld_id . '_' . $cfo_id . ".icf_fld_id = {$fld_id}";
$stmt .= " AND\n cf" . $fld_id . '_' . $cfo_id . ".icf_value = {$cfo_id}";
}
} elseif ($field['fld_type'] == 'date') {
if (empty($search_value['Year']) || empty($search_value['Month']) || empty($search_value['Day'])) {
continue;
}
$search_value = $search_value['Year'] . "-" . $search_value['Month'] . "-" . $search_value['Day'];
$stmt .= " AND\n (iss_id = cf" . $fld_id . ".icf_iss_id AND\n cf" . $fld_id . ".icf_value = '" . Misc::escapeString($search_value) . "')";
} else {
$stmt .= " AND\n (iss_id = cf" . $fld_id . ".icf_iss_id";
$stmt .= " AND\n cf" . $fld_id . ".icf_fld_id = {$fld_id}";
if (in_array($field['fld_type'], array('text', 'textarea'))) {
$stmt .= " AND cf" . $fld_id . ".icf_value LIKE '%" . Misc::escapeString($search_value) . "%'";
} elseif ($field['fld_type'] == 'combo') {
$stmt .= " AND cf" . $fld_id . ".icf_value IN(" . join(', ', Misc::escapeInteger($search_value)) . ")";
}
$stmt .= ')';
}
}
}
// clear cached full-text values if we are not searching fulltext anymore
if (APP_ENABLE_FULLTEXT && @$options['search_type'] != 'all_text') {
Session::set('fulltext_string', '');
Session::set('fulltext_issues', '');
}
return $stmt;
}
/**
* @package CandyCMS
* @version 0.1
* @copyright Copyright 2012 (C) Cocoon Design Ltd. - All Rights Reserved
*
* Login page for CandyCMS admin
*/
session_start();
if (isset($_SESSION['loggedin'])) {
header('Location: dashboard.php');
}
require 'bootstrap.php';
if (isset($_POST['username'])) {
$login = Login::signin($_POST['username'], $_POST['password']);
if ($login != false) {
$role = User::getRole($_POST['username']);
$_SESSION['loggedin'] = 'true';
$_SESSION['username'] = $_POST['username'];
$_SESSION['role'] = $role;
header('Location: dashboard.php');
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>CMS Login</title>
<link rel="stylesheet" href="css/login.css" type="text/css" />
<!--[if lt IE 9]>
/**
* Processes the template and assign common variables automatically.
* @return $this
*/
private function processTemplate()
{
$core = array('rel_url' => APP_RELATIVE_URL, 'base_url' => APP_BASE_URL, 'app_title' => APP_NAME, 'app_version' => APP_VERSION, 'app_setup' => Setup::load(), 'messages' => Misc::getMessages(), 'roles' => User::getAssocRoleIDs(), 'auth_backend' => APP_AUTH_BACKEND, 'current_url' => $_SERVER['PHP_SELF']);
// If VCS version is present "Eventum 2.3.3-148-g78b3368", link ref to github
$vcsVersion = self::getVcsVersion();
if ($vcsVersion) {
$link = "https://github.com/eventum/eventum/commit/{$vcsVersion}";
$core['application_version_link'] = $link;
// append VCS version if not yet there
if (!preg_match('/-g[0-9a-f]+$/', APP_VERSION)) {
$core['app_version'] = "v{$core['app_version']}-g{$vcsVersion}";
}
}
$usr_id = Auth::getUserID();
if ($usr_id) {
$core['user'] = User::getDetails($usr_id);
$prj_id = Auth::getCurrentProject();
$setup = Setup::load();
if (!empty($prj_id)) {
$role_id = User::getRoleByUser($usr_id, $prj_id);
$has_crm = CRM::hasCustomerIntegration($prj_id);
$core = $core + array('project_id' => $prj_id, 'project_name' => Auth::getCurrentProjectName(), 'has_crm' => $has_crm, 'current_role' => $role_id, 'current_role_name' => User::getRole($role_id), 'feature_access' => Access::getFeatureAccessArray($usr_id));
if ($has_crm) {
$crm = CRM::getInstance($prj_id);
$core['crm_template_path'] = $crm->getTemplatePath();
if ($role_id == User::getRoleID('Customer')) {
try {
$contact = $crm->getContact($core['user']['usr_customer_contact_id']);
$core['allowed_customers'] = $contact->getCustomers();
$core['current_customer'] = $crm->getCustomer(Auth::getCurrentCustomerID(false));
} catch (CRMException $e) {
}
}
}
}
$info = User::getDetails($usr_id);
$raw_projects = Project::getAssocList(Auth::getUserID(), false, true);
$active_projects = array();
foreach ($raw_projects as $prj_id => $prj_info) {
if ($prj_info['status'] == 'archived') {
$prj_info['prj_title'] .= ' ' . ev_gettext('(archived)');
}
$active_projects[$prj_id] = $prj_info['prj_title'];
}
$core = $core + array('active_projects' => $active_projects, 'current_full_name' => $info['usr_full_name'], 'current_email' => $info['usr_email'], 'current_user_id' => $usr_id, 'current_user_datetime' => Date_Helper::getISO8601date('now', '', true), 'is_current_user_clocked_in' => User::isCLockedIn($usr_id), 'is_anon_user' => Auth::isAnonUser(), 'is_current_user_partner' => !empty($info['usr_par_code']), 'roles' => User::getAssocRoleIDs(), 'current_user_prefs' => Prefs::get(Auth::getUserID()));
$this->assign('current_full_name', $core['user']['usr_full_name']);
$this->assign('current_email', $core['user']['usr_email']);
$this->assign('current_user_id', $usr_id);
$this->assign('handle_clock_in', $setup['handle_clock_in'] == 'enabled');
$this->assign('is_current_user_clocked_in', User::isClockedIn($usr_id));
$this->assign('roles', User::getAssocRoleIDs());
}
$this->assign('core', $core);
return $this;
}
$action = fRequest::get('action');
// --------------------------------- //
if ('log_out' == $action) {
fAuthorization::destroyUserInfo();
fSession::destroy();
fMessaging::create('success', User::makeUrl('login'), 'You were successfully logged out');
fURL::redirect(User::makeUrl('login'));
// --------------------------------- //
} else {
if (!fAuthorization::checkLoggedIn()) {
if (fRequest::isPost()) {
try {
$user = new User(array('username' => fRequest::get('username')));
$valid_pass = fCryptography::checkPasswordHash(fRequest::get('password'), $user->getPassword());
if (!$valid_pass) {
throw new fValidationException('The login or password entered is invalid');
}
fAuthorization::setUserToken($user->getEmail());
fAuthorization::setUserAuthLevel($user->getRole());
fSession::set('user_id', $user->getUserId());
fSession::set('user_name', $user->getUsername());
fURL::redirect(fAuthorization::getRequestedURL(TRUE, 'index.php'));
} catch (fExpectedException $e) {
fMessaging::create('error', fURL::get(), $e->getMessage());
}
}
include VIEW_PATH . '/log_in.php';
} else {
fURL::redirect('index.php');
}
}
/**
* Method used to get the list of custom fields available in the
* system.
*
* @access public
* @return array The list of custom fields
*/
function getList()
{
$stmt = "SELECT\n *\n FROM\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "custom_field\n ORDER BY\n fld_rank ASC";
$res = $GLOBALS["db_api"]->dbh->getAll($stmt, DB_FETCHMODE_ASSOC);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return "";
} else {
for ($i = 0; $i < count($res); $i++) {
$res[$i]["projects"] = @implode(", ", array_values(Custom_Field::getAssociatedProjects($res[$i]["fld_id"])));
if ($res[$i]["fld_type"] == "combo" || $res[$i]["fld_type"] == "multiple") {
if (!empty($res[$i]['fld_backend'])) {
$res[$i]["field_options"] = @implode(", ", array_values(Custom_Field::getOptions($res[$i]["fld_id"])));
}
}
if (!empty($res[$i]['fld_backend'])) {
$res[$i]['field_options'] = 'Backend: ' . Custom_Field::getBackendName($res[$i]['fld_backend']);
}
$res[$i]['min_role_name'] = @User::getRole($res[$i]['fld_min_role']);
}
return $res;
}
}
}
// if we are dealing with just one message, use the subject line as the
// summary for the issue, and the body as the description
if (count($HTTP_GET_VARS["item"]) == 1) {
$email_details = Support::getEmailDetails(Email_Account::getAccountByEmail($HTTP_GET_VARS["item"][0]), $HTTP_GET_VARS["item"][0]);
$tpl->assign(array('issue_summary' => $email_details['sup_subject'], 'issue_description' => $email_details['message']));
// also auto pre-fill the customer contact text fields
if (Customer::hasCustomerIntegration($prj_id)) {
$sender_email = Mail_API::getEmailAddress($email_details['sup_from']);
list(, $contact_id) = Customer::getCustomerIDByEmails($prj_id, array($sender_email));
if (!empty($contact_id)) {
$tpl->assign("contact_details", Customer::getContactDetails($prj_id, $contact_id));
}
}
}
}
}
$tpl->assign(array("cats" => Category::getAssocList($prj_id), "priorities" => Priority::getAssocList($prj_id), "users" => Project::getUserAssocList($prj_id, 'active', User::getRoleID('Customer')), "releases" => Release::getAssocList($prj_id), "custom_fields" => Custom_Field::getListByProject($prj_id, 'report_form'), "max_attachment_size" => Attachment::getMaxAttachmentSize(), "field_display_settings" => Project::getFieldDisplaySettings($prj_id), "groups" => Group::getAssocList($prj_id)));
$setup = Setup::load();
$tpl->assign("allow_unassigned_issues", @$setup["allow_unassigned_issues"]);
$prefs = Prefs::get($usr_id);
$tpl->assign("user_prefs", $prefs);
$tpl->assign("zones", Date_API::getTimezoneList());
if (User::getRole(Auth::getCurrentRole()) == "Customer") {
$customer_contact_id = User::getCustomerContactID($usr_id);
$tpl->assign("contact_details", Customer::getContactDetails($prj_id, $customer_contact_id));
$customer_id = User::getCustomerID($usr_id);
$tpl->assign("contacts", Customer::getContactEmailAssocList($prj_id, $customer_id));
$tpl->assign(array("customer_id" => User::getCustomerID($usr_id), "contact_id" => User::getCustomerContactID($usr_id)));
}
$tpl->displayTemplate();
<?php
$user_id = '3';
$u = new User();
$u->load($user_id);
$rolle = $u->getRole();
//html::showAll($rolle);
$vname = $rolle->getVorname();
$nname = $rolle->getNachname();
$geburtstag_db = $u->getGeburtstag();
$nick = $u->getLogin();
$email = $u->getEmail();
$beschreibung = $rolle->getBeschreibung();
$klasse_id = $rolle->getKlasse_Id();
$k = new Klasse();
$k->load($klasse_id);
$klasse = $k->getName();
//Umwandlung der DB-Schreibweise in die EU-Schreibweise
$geburtstag = html::buildDateFromMysql($geburtstag_db);
//Errechung des Alters
$alter = html::buildDateToAge($geburtstag);
?>
<html>
<head>
<title>Profil ändern</title>
</head>
<body>
<form method="post" action="index.phpaction=save&what=edituser">
<input type="hidden" name="user_id" value="<?php
echo $user_id;
public function testGetSetRole()
{
$user = new User();
$user->setRole('user');
$this->assertEquals('user', $user->getRole());
}
/**
* Method used to get an associative array of project ID and title
* of all projects available in the system to a given user ID.
*
* @access public
* @param integer $usr_id The user ID
* @param boolean $force_refresh If the cache should not be used.
* @param boolean $include_role if the user role should be included.
* @return array The list of projects
*/
function getAssocList($usr_id, $force_refresh = false, $include_role = false)
{
static $returns;
if (!empty($returns[$usr_id][$include_role]) && $force_refresh != true) {
return $returns[$usr_id][$include_role];
}
$stmt = "SELECT\n prj_id,\n prj_title";
if ($include_role) {
$stmt .= ",\npru_role";
}
$stmt .= "\n FROM\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project,\n " . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "project_user\n WHERE\n prj_id=pru_prj_id AND\n pru_usr_id=" . Misc::escapeInteger($usr_id) . "\n ORDER BY\n prj_title";
if ($include_role) {
$res = $GLOBALS["db_api"]->dbh->getAssoc($stmt, true, array(), DB_FETCHMODE_ASSOC);
} else {
$res = $GLOBALS["db_api"]->dbh->getAssoc($stmt);
}
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
return "";
} else {
if ($include_role) {
foreach ($res as $prj_id => $data) {
$res[$prj_id]['role'] = User::getRole($data['pru_role']);
}
}
$returns[$usr_id][$include_role] = $res;
return $res;
}
}
/**
* Processes the template and assigns common variables automatically.
*
* @access private
*/
function processTemplate()
{
global $HTTP_SERVER_VARS;
// determine the correct CSS file to use
if (ereg('MSIE ([0-9].[0-9]{1,2})', @$HTTP_SERVER_VARS["HTTP_USER_AGENT"], $log_version)) {
$user_agent = 'ie';
} else {
$user_agent = 'other';
}
$this->assign("user_agent", $user_agent);
// create the list of projects
$usr_id = Auth::getUserID();
if ($usr_id != '') {
$prj_id = Auth::getCurrentProject();
if (!empty($prj_id)) {
$role_id = User::getRoleByUser($usr_id, $prj_id);
$this->assign("current_project", $prj_id);
$this->assign("current_project_name", Auth::getCurrentProjectName());
$has_customer_integration = Customer::hasCustomerIntegration($prj_id);
$this->assign("has_customer_integration", $has_customer_integration);
if ($has_customer_integration) {
$this->assign("customer_backend_name", Customer::getBackendImplementationName($prj_id));
}
if ($role_id == User::getRoleID('administrator') || $role_id == User::getRoleID('manager')) {
$this->assign("show_admin_link", true);
}
if ($role_id > 0) {
$this->assign("current_role", (int) $role_id);
$this->assign("current_role_name", User::getRole($role_id));
}
}
$info = User::getNameEmail($usr_id);
$this->assign("active_projects", Project::getAssocList($usr_id));
$this->assign("current_full_name", $info["usr_full_name"]);
$this->assign("current_email", $info["usr_email"]);
$this->assign("current_user_id", $usr_id);
$this->assign("is_current_user_clocked_in", User::isClockedIn($usr_id));
$this->assign("roles", User::getAssocRoleIDs());
}
$this->assign("app_setup", Setup::load());
$this->assign("app_setup_path", APP_SETUP_PATH);
$this->assign("app_setup_file", APP_SETUP_FILE);
$this->assign("application_version", APP_VERSION);
$this->assign("application_title", APP_NAME);
$this->assign("app_base_url", APP_BASE_URL);
$this->assign("rel_url", APP_RELATIVE_URL);
$this->assign("lang", APP_CURRENT_LANG);
$this->assign("SID", SID);
// now for the browser detection stuff
Net_UserAgent_Detect::detect();
$this->assign("browser", Net_UserAgent_Detect::_getStaticProperty('browser'));
$this->assign("os", Net_UserAgent_Detect::_getStaticProperty('os'));
// this is only used by the textarea resize script
$js_script_name = str_replace('/', '_', str_replace('.php', '', $HTTP_SERVER_VARS['PHP_SELF']));
$this->assign("js_script_name", $js_script_name);
$this->assign("total_queries", $GLOBALS['TOTAL_QUERIES']);
$this->assign(array("cell_color" => APP_CELL_COLOR, "light_color" => APP_LIGHT_COLOR, "middle_color" => APP_MIDDLE_COLOR, "dark_color" => APP_DARK_COLOR, "cycle" => APP_CYCLE_COLORS, "internal_color" => APP_INTERNAL_COLOR));
}
public function getRole()
{
$this->__load();
return parent::getRole();
}
/**
* Method used to get an associative array of project ID and title
* of all projects available in the system to a given user ID.
*
* @param integer $usr_id The user ID
* @param boolean $force_refresh If the cache should not be used.
* @param boolean $include_extra If extra data should be included.
* @return array The list of projects
*/
public static function getAssocList($usr_id, $force_refresh = false, $include_extra = false)
{
static $returns;
if (!empty($returns[$usr_id][$include_extra]) && $force_refresh != true) {
return $returns[$usr_id][$include_extra];
}
$stmt = 'SELECT
prj_id,
prj_title';
if ($include_extra) {
$stmt .= ',
pru_role,
prj_status as status';
}
$stmt .= '
FROM
{{%project}},
{{%project_user}}
WHERE
prj_id=pru_prj_id AND
pru_usr_id=? AND
(
prj_status <> ? OR
pru_role >= ?
)
ORDER BY
prj_title';
try {
$params = array($usr_id, 'archived', User::getRoleID('Manager'));
if ($include_extra) {
$res = DB_Helper::getInstance()->fetchAssoc($stmt, $params, DB_FETCHMODE_ASSOC);
} else {
$res = DB_Helper::getInstance()->getPair($stmt, $params);
}
} catch (DbException $e) {
return '';
}
if ($include_extra) {
foreach ($res as $prj_id => $data) {
$res[$prj_id]['role'] = User::getRole($data['pru_role']);
}
}
$returns[$usr_id][$include_extra] = $res;
return $res;
}
function getUserCategoryValues(User $eUser, MetaDataType $category)
{
$org_id = $eUser->getOrganisationId();
$group = $eUser->getGroup();
$role = $eUser->getRole();
$proxy_id = $eUser->getID();
return MetaDataValues::get($org_id, $group, $role, $proxy_id, $category, true, array("order by" => array(array("meta_value_id", "desc"))));
}
/**
* @see IUserAuthentication::logoutUser()
*/
public function logoutUser(User $currentUser)
{
if ($currentUser->getRole() == ROLE_USER) {
$currentUser->id = null;
$currentUser->username = null;
$currentUser->email = null;
$_SESSION = array();
session_destroy();
CookieHelper::destroyCookie('user');
}
}
