protected static function HandleOperations($operation)
{
$sMessage = '';
// most of the operations never return, but some can return a message to be displayed
if ($operation == 'logoff') {
if (isset($_SESSION['login_mode'])) {
$sLoginMode = $_SESSION['login_mode'];
} else {
$aAllowedLoginTypes = MetaModel::GetConfig()->GetAllowedLoginTypes();
if (count($aAllowedLoginTypes) > 0) {
$sLoginMode = $aAllowedLoginTypes[0];
} else {
$sLoginMode = 'form';
}
}
self::ResetSession();
$oPage = self::NewLoginWebPage();
$oPage->DisplayLoginForm($sLoginMode, false);
$oPage->output();
exit;
} else {
if ($operation == 'forgot_pwd') {
$oPage = self::NewLoginWebPage();
$oPage->DisplayForgotPwdForm();
$oPage->output();
exit;
} else {
if ($operation == 'forgot_pwd_go') {
$oPage = self::NewLoginWebPage();
$oPage->ForgotPwdGo();
$oPage->output();
exit;
} else {
if ($operation == 'reset_pwd') {
$oPage = self::NewLoginWebPage();
$oPage->DisplayResetPwdForm();
$oPage->output();
exit;
} else {
if ($operation == 'do_reset_pwd') {
$oPage = self::NewLoginWebPage();
$oPage->DoResetPassword();
$oPage->output();
exit;
} else {
if ($operation == 'change_pwd') {
$sAuthUser = $_SESSION['auth_user'];
UserRights::Login($sAuthUser);
// Set the user's language
$oPage = self::NewLoginWebPage();
$oPage->DisplayChangePwdForm();
$oPage->output();
exit;
}
}
}
}
}
}
if ($operation == 'do_change_pwd') {
$sAuthUser = $_SESSION['auth_user'];
UserRights::Login($sAuthUser);
// Set the user's language
$sOldPwd = utils::ReadPostedParam('old_pwd', '', false, 'raw_data');
$sNewPwd = utils::ReadPostedParam('new_pwd', '', false, 'raw_data');
if (UserRights::CanChangePassword() && (!UserRights::CheckCredentials($sAuthUser, $sOldPwd) || !UserRights::ChangePassword($sOldPwd, $sNewPwd))) {
$oPage = self::NewLoginWebPage();
$oPage->DisplayChangePwdForm(true);
// old pwd was wrong
$oPage->output();
exit;
}
$sMessage = Dict::S('UI:Login:PasswordChanged');
}
return $sMessage;
}
exit - 2;
}
$oP = new CLIPage(Dict::S("TitleSynchroExecution"));
try {
utils::UseParamFile();
} catch (Exception $e) {
$oP->p("Error: " . $e->GetMessage());
$oP->output();
exit - 2;
}
// Next steps:
// specific arguments: 'csvfile'
//
$sAuthUser = ReadMandatoryParam($oP, 'auth_user', 'raw_data');
$sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd', 'raw_data');
if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) {
UserRights::Login($sAuthUser);
// Login & set the user's language
} else {
$oP->p("Access restricted or wrong credentials ('{$sAuthUser}')");
$oP->output();
exit - 1;
}
$iStepCount = ReadMandatoryParam($oP, 'step_count');
$oP->p('Executing a partial synchro - step ' . $iStepCount);
$iSource = ReadMandatoryParam($oP, 'source');
$iStatLog = ReadMandatoryParam($oP, 'log');
$iChange = ReadMandatoryParam($oP, 'change');
$sLastFullLoad = ReadMandatoryParam($oP, 'last_full_load', 'raw_data');
$iChunkSize = ReadMandatoryParam($oP, 'chunk');
$oP->p('Last full load: ' . $sLastFullLoad);
/**
* Given an OQL, returns a set of objects (several objects could be on the same row)
*
* @param string sOQL
*/
public function SearchObjects($sLogin, $sPassword, $sOQL)
{
if (!UserRights::CheckCredentials($sLogin, $sPassword)) {
$oRes = new WebServiceResultFailedLogin($sLogin);
$this->LogUsage(__FUNCTION__, $oRes);
return $oRes->ToSoapStructure();
}
UserRights::Login($sLogin);
$oRes = $this->_SearchObjects($sOQL);
return $oRes->ToSoapStructure();
}
/**
* Enumerate services delivered by this class
* @param string $sVersion The version (e.g. 1.0) supported by the services
* @return RestResult The standardized result structure (at least a message)
* @throws Exception in case of internal failure.
*/
public function ExecOperation($sVersion, $sVerb, $aParams)
{
$oResult = new RestResultWithObjects();
switch ($sVerb) {
case 'core/create':
RestUtils::InitTrackingComment($aParams);
$sClass = RestUtils::GetClass($aParams, 'class');
$aFields = RestUtils::GetMandatoryParam($aParams, 'fields');
$aShowFields = RestUtils::GetFieldList($sClass, $aParams, 'output_fields');
$bExtendedOutput = RestUtils::GetOptionalParam($aParams, 'output_fields', '*') == '*+';
$oObject = RestUtils::MakeObjectFromFields($sClass, $aFields);
$oObject->DBInsert();
$oResult->AddObject(0, 'created', $oObject, $aShowFields, $bExtendedOutput);
break;
case 'core/update':
RestUtils::InitTrackingComment($aParams);
$sClass = RestUtils::GetClass($aParams, 'class');
$key = RestUtils::GetMandatoryParam($aParams, 'key');
$aFields = RestUtils::GetMandatoryParam($aParams, 'fields');
$aShowFields = RestUtils::GetFieldList($sClass, $aParams, 'output_fields');
$bExtendedOutput = RestUtils::GetOptionalParam($aParams, 'output_fields', '*') == '*+';
$oObject = RestUtils::FindObjectFromKey($sClass, $key);
RestUtils::UpdateObjectFromFields($oObject, $aFields);
$oObject->DBUpdate();
$oResult->AddObject(0, 'updated', $oObject, $aShowFields, $bExtendedOutput);
break;
case 'core/apply_stimulus':
RestUtils::InitTrackingComment($aParams);
$sClass = RestUtils::GetClass($aParams, 'class');
$key = RestUtils::GetMandatoryParam($aParams, 'key');
$aFields = RestUtils::GetMandatoryParam($aParams, 'fields');
$aShowFields = RestUtils::GetFieldList($sClass, $aParams, 'output_fields');
$bExtendedOutput = RestUtils::GetOptionalParam($aParams, 'output_fields', '*') == '*+';
$sStimulus = RestUtils::GetMandatoryParam($aParams, 'stimulus');
$oObject = RestUtils::FindObjectFromKey($sClass, $key);
RestUtils::UpdateObjectFromFields($oObject, $aFields);
$aTransitions = $oObject->EnumTransitions();
$aStimuli = MetaModel::EnumStimuli(get_class($oObject));
if (!isset($aTransitions[$sStimulus])) {
// Invalid stimulus
$oResult->code = RestResult::INTERNAL_ERROR;
$oResult->message = "Invalid stimulus: '{$sStimulus}' on the object " . $oObject->GetName() . " in state '" . $oObject->GetState() . "'";
} else {
$aTransition = $aTransitions[$sStimulus];
$sTargetState = $aTransition['target_state'];
$aStates = MetaModel::EnumStates($sClass);
$aTargetStateDef = $aStates[$sTargetState];
$aExpectedAttributes = $aTargetStateDef['attribute_list'];
$aMissingMandatory = array();
foreach ($aExpectedAttributes as $sAttCode => $iExpectCode) {
if ($iExpectCode & OPT_ATT_MANDATORY && $oObject->Get($sAttCode) == '') {
$aMissingMandatory[] = $sAttCode;
}
}
if (count($aMissingMandatory) == 0) {
// If all the mandatory fields are already present, just apply the transition silently...
if ($oObject->ApplyStimulus($sStimulus)) {
$oObject->DBUpdate();
$oResult->AddObject(0, 'updated', $oObject, $aShowFields, $bExtendedOutput);
}
} else {
// Missing mandatory attributes for the transition
$oResult->code = RestResult::INTERNAL_ERROR;
$oResult->message = 'Missing mandatory attribute(s) for applying the stimulus: ' . implode(', ', $aMissingMandatory) . '.';
}
}
break;
case 'core/get':
$sClass = RestUtils::GetClass($aParams, 'class');
$key = RestUtils::GetMandatoryParam($aParams, 'key');
$aShowFields = RestUtils::GetFieldList($sClass, $aParams, 'output_fields');
$bExtendedOutput = RestUtils::GetOptionalParam($aParams, 'output_fields', '*') == '*+';
$oObjectSet = RestUtils::GetObjectSetFromKey($sClass, $key);
while ($oObject = $oObjectSet->Fetch()) {
$oResult->AddObject(0, '', $oObject, $aShowFields, $bExtendedOutput);
}
$oResult->message = "Found: " . $oObjectSet->Count();
break;
case 'core/delete':
$sClass = RestUtils::GetClass($aParams, 'class');
$key = RestUtils::GetMandatoryParam($aParams, 'key');
$bSimulate = RestUtils::GetOptionalParam($aParams, 'simulate', false);
$oObjectSet = RestUtils::GetObjectSetFromKey($sClass, $key);
$aObjects = $oObjectSet->ToArray();
$this->DeleteObjects($oResult, $aObjects, $bSimulate);
break;
case 'core/get_related':
$oResult = new RestResultWithRelations();
$sClass = RestUtils::GetClass($aParams, 'class');
$key = RestUtils::GetMandatoryParam($aParams, 'key');
$sRelation = RestUtils::GetMandatoryParam($aParams, 'relation');
$iMaxRecursionDepth = RestUtils::GetOptionalParam($aParams, 'depth', 20);
$sDirection = RestUtils::GetOptionalParam($aParams, 'direction', null);
$bEnableRedundancy = RestUtils::GetOptionalParam($aParams, 'redundancy', false);
$bReverse = false;
if (is_null($sDirection) && $sRelation == 'depends on') {
// Legacy behavior, consider "depends on" as a forward relation
$sRelation = 'impacts';
$sDirection = 'up';
$bReverse = true;
// emulate the legacy behavior by returning the edges
} else {
if (is_null($sDirection)) {
$sDirection = 'down';
}
}
$oObjectSet = RestUtils::GetObjectSetFromKey($sClass, $key);
if ($sDirection == 'down') {
$oRelationGraph = $oObjectSet->GetRelatedObjectsDown($sRelation, $iMaxRecursionDepth, $bEnableRedundancy);
} else {
if ($sDirection == 'up') {
$oRelationGraph = $oObjectSet->GetRelatedObjectsUp($sRelation, $iMaxRecursionDepth, $bEnableRedundancy);
} else {
$oResult->code = RestResult::INTERNAL_ERROR;
$oResult->message = "Invalid value: '{$sDirection}' for the parameter 'direction'. Valid values are 'up' and 'down'";
return $oResult;
}
}
if ($bEnableRedundancy) {
// Remove the redundancy nodes from the output
$oIterator = new RelationTypeIterator($oRelationGraph, 'Node');
foreach ($oIterator as $oNode) {
if ($oNode instanceof RelationRedundancyNode) {
$oRelationGraph->FilterNode($oNode);
}
}
}
$aIndexByClass = array();
$oIterator = new RelationTypeIterator($oRelationGraph);
foreach ($oIterator as $oElement) {
if ($oElement instanceof RelationObjectNode) {
$oObject = $oElement->GetProperty('object');
if ($oObject) {
if ($bEnableRedundancy) {
// Add only the "reached" objects
if ($oElement->GetProperty('is_reached')) {
$aIndexByClass[get_class($oObject)][$oObject->GetKey()] = null;
$oResult->AddObject(0, '', $oObject);
}
} else {
$aIndexByClass[get_class($oObject)][$oObject->GetKey()] = null;
$oResult->AddObject(0, '', $oObject);
}
}
} else {
if ($oElement instanceof RelationEdge) {
$oSrcObj = $oElement->GetSourceNode()->GetProperty('object');
$oDestObj = $oElement->GetSinkNode()->GetProperty('object');
$sSrcKey = get_class($oSrcObj) . '::' . $oSrcObj->GetKey();
$sDestKey = get_class($oDestObj) . '::' . $oDestObj->GetKey();
if ($bEnableRedundancy) {
// Add only the edges where both source and destination are "reached"
if ($oElement->GetSourceNode()->GetProperty('is_reached') && $oElement->GetSinkNode()->GetProperty('is_reached')) {
if ($bReverse) {
$oResult->AddRelation($sDestKey, $sSrcKey);
} else {
$oResult->AddRelation($sSrcKey, $sDestKey);
}
}
} else {
if ($bReverse) {
$oResult->AddRelation($sDestKey, $sSrcKey);
} else {
$oResult->AddRelation($sSrcKey, $sDestKey);
}
}
}
}
}
if (count($aIndexByClass) > 0) {
$aStats = array();
foreach ($aIndexByClass as $sClass => $aIds) {
$aStats[] = $sClass . '= ' . count($aIds);
}
$oResult->message = "Scope: " . $oObjectSet->Count() . "; Related objects: " . implode(', ', $aStats);
} else {
$oResult->message = "Nothing found";
}
break;
case 'core/check_credentials':
$oResult = new RestResult();
$sUser = RestUtils::GetMandatoryParam($aParams, 'user');
$sPassword = RestUtils::GetMandatoryParam($aParams, 'password');
if (UserRights::CheckCredentials($sUser, $sPassword) !== true) {
$oResult->authorized = false;
} else {
$oResult->authorized = true;
}
break;
default:
// unknown operation: handled at a higher level
}
return $oResult;
}
protected function DoExecute()
{
$sUser = '******';
echo "<p>Totor: " . (UserRights::CheckCredentials('Totor', 'toto') ? 'ok' : 'NO') . "</p>\n";
echo "<p>Romain: " . (UserRights::CheckCredentials('Romain', 'toto') ? 'ok' : 'NO') . "</p>\n";
echo "<p>User: "******"</p>\n";
echo "<p>On behalf of..." . UserRights::GetRealUser() . "</p>\n";
echo "<p>Denis (impersonate) : " . (UserRights::Impersonate('Denis', 'tutu') ? 'ok' : 'NO') . "</p>\n";
echo "<p>User: "******"</p>\n";
echo "<p>On behalf of..." . UserRights::GetRealUser() . "</p>\n";
$oSet = new DBObjectSet(DBObjectSearch::FromOQL("SELECT bizOrganization"));
echo "<p>IsActionAllowed..." . (UserRights::IsActionAllowed('bizOrganization', UR_ACTION_MODIFY, $oSet) == UR_ALLOWED_YES ? 'ok' : 'NO') . "</p>\n";
echo "<p>IsStimulusAllowed..." . (UserRights::IsStimulusAllowed('bizOrganization', 'myStimulus', $oSet) == UR_ALLOWED_YES ? 'ok' : 'NO') . "</p>\n";
echo "<p>IsActionAllowedOnAttribute..." . (UserRights::IsActionAllowedOnAttribute('bizOrganization', 'myattribute', UR_ACTION_MODIFY, $oSet) == UR_ALLOWED_YES ? 'ok' : 'NO') . "</p>\n";
return true;
}
/**
* Enumerate services delivered by this class
* @param string $sVersion The version (e.g. 1.0) supported by the services
* @return RestResult The standardized result structure (at least a message)
* @throws Exception in case of internal failure.
*/
public function ExecOperation($sVersion, $sVerb, $aParams)
{
$oResult = new RestResultWithObjects();
switch ($sVerb) {
case 'core/create':
RestUtils::InitTrackingComment($aParams);
$sClass = RestUtils::GetClass($aParams, 'class');
$aFields = RestUtils::GetMandatoryParam($aParams, 'fields');
$aShowFields = RestUtils::GetFieldList($sClass, $aParams, 'output_fields');
$bExtendedOutput = RestUtils::GetOptionalParam($aParams, 'output_fields', '*') == '*+';
$oObject = RestUtils::MakeObjectFromFields($sClass, $aFields);
$oObject->DBInsert();
$oResult->AddObject(0, 'created', $oObject, $aShowFields, $bExtendedOutput);
break;
case 'core/update':
RestUtils::InitTrackingComment($aParams);
$sClass = RestUtils::GetClass($aParams, 'class');
$key = RestUtils::GetMandatoryParam($aParams, 'key');
$aFields = RestUtils::GetMandatoryParam($aParams, 'fields');
$aShowFields = RestUtils::GetFieldList($sClass, $aParams, 'output_fields');
$bExtendedOutput = RestUtils::GetOptionalParam($aParams, 'output_fields', '*') == '*+';
$oObject = RestUtils::FindObjectFromKey($sClass, $key);
RestUtils::UpdateObjectFromFields($oObject, $aFields);
$oObject->DBUpdate();
$oResult->AddObject(0, 'updated', $oObject, $aShowFields, $bExtendedOutput);
break;
case 'core/apply_stimulus':
RestUtils::InitTrackingComment($aParams);
$sClass = RestUtils::GetClass($aParams, 'class');
$key = RestUtils::GetMandatoryParam($aParams, 'key');
$aFields = RestUtils::GetMandatoryParam($aParams, 'fields');
$aShowFields = RestUtils::GetFieldList($sClass, $aParams, 'output_fields');
$bExtendedOutput = RestUtils::GetOptionalParam($aParams, 'output_fields', '*') == '*+';
$sStimulus = RestUtils::GetMandatoryParam($aParams, 'stimulus');
$oObject = RestUtils::FindObjectFromKey($sClass, $key);
RestUtils::UpdateObjectFromFields($oObject, $aFields);
$aTransitions = $oObject->EnumTransitions();
$aStimuli = MetaModel::EnumStimuli(get_class($oObject));
if (!isset($aTransitions[$sStimulus])) {
// Invalid stimulus
$oResult->code = RestResult::INTERNAL_ERROR;
$oResult->message = "Invalid stimulus: '{$sStimulus}' on the object " . $oObject->GetName() . " in state '" . $oObject->GetState() . "'";
} else {
$aTransition = $aTransitions[$sStimulus];
$sTargetState = $aTransition['target_state'];
$aStates = MetaModel::EnumStates($sClass);
$aTargetStateDef = $aStates[$sTargetState];
$aExpectedAttributes = $aTargetStateDef['attribute_list'];
$aMissingMandatory = array();
foreach ($aExpectedAttributes as $sAttCode => $iExpectCode) {
if ($iExpectCode & OPT_ATT_MANDATORY && $oObject->Get($sAttCode) == '') {
$aMissingMandatory[] = $sAttCode;
}
}
if (count($aMissingMandatory) == 0) {
// If all the mandatory fields are already present, just apply the transition silently...
if ($oObject->ApplyStimulus($sStimulus)) {
$oObject->DBUpdate();
$oResult->AddObject(0, 'updated', $oObject, $aShowFields, $bExtendedOutput);
}
} else {
// Missing mandatory attributes for the transition
$oResult->code = RestResult::INTERNAL_ERROR;
$oResult->message = 'Missing mandatory attribute(s) for applying the stimulus: ' . implode(', ', $aMissingMandatory) . '.';
}
}
break;
case 'core/get':
$sClass = RestUtils::GetClass($aParams, 'class');
$key = RestUtils::GetMandatoryParam($aParams, 'key');
$aShowFields = RestUtils::GetFieldList($sClass, $aParams, 'output_fields');
$bExtendedOutput = RestUtils::GetOptionalParam($aParams, 'output_fields', '*') == '*+';
$oObjectSet = RestUtils::GetObjectSetFromKey($sClass, $key);
while ($oObject = $oObjectSet->Fetch()) {
$oResult->AddObject(0, '', $oObject, $aShowFields, $bExtendedOutput);
}
$oResult->message = "Found: " . $oObjectSet->Count();
break;
case 'core/delete':
$sClass = RestUtils::GetClass($aParams, 'class');
$key = RestUtils::GetMandatoryParam($aParams, 'key');
$bSimulate = RestUtils::GetOptionalParam($aParams, 'simulate', false);
$oObjectSet = RestUtils::GetObjectSetFromKey($sClass, $key);
$aObjects = $oObjectSet->ToArray();
$this->DeleteObjects($oResult, $aObjects, $bSimulate);
break;
case 'core/get_related':
$oResult = new RestResultWithRelations();
$sClass = RestUtils::GetClass($aParams, 'class');
$key = RestUtils::GetMandatoryParam($aParams, 'key');
$sRelation = RestUtils::GetMandatoryParam($aParams, 'relation');
$iMaxRecursionDepth = RestUtils::GetOptionalParam($aParams, 'depth', 20);
$oObjectSet = RestUtils::GetObjectSetFromKey($sClass, $key);
$aIndexByClass = array();
while ($oObject = $oObjectSet->Fetch()) {
$aRelated = array();
$aGraph = array();
$aIndexByClass[get_class($oObject)][$oObject->GetKey()] = null;
$oResult->AddObject(0, '', $oObject);
$this->GetRelatedObjects($oObject, $sRelation, $iMaxRecursionDepth, $aRelated, $aGraph);
foreach ($aRelated as $sClass => $aObjects) {
foreach ($aObjects as $oRelatedObj) {
$aIndexByClass[get_class($oRelatedObj)][$oRelatedObj->GetKey()] = null;
$oResult->AddObject(0, '', $oRelatedObj);
}
}
foreach ($aGraph as $sSrcKey => $aDestinations) {
foreach ($aDestinations as $sDestKey) {
$oResult->AddRelation($sSrcKey, $sDestKey);
}
}
}
if (count($aIndexByClass) > 0) {
$aStats = array();
foreach ($aIndexByClass as $sClass => $aIds) {
$aStats[] = $sClass . '= ' . count($aIds);
}
$oResult->message = "Scope: " . $oObjectSet->Count() . "; Related objects: " . implode(', ', $aStats);
} else {
$oResult->message = "Nothing found";
}
break;
case 'core/check_credentials':
$oResult = new RestResult();
$sUser = RestUtils::GetMandatoryParam($aParams, 'user');
$sPassword = RestUtils::GetMandatoryParam($aParams, 'password');
if (UserRights::CheckCredentials($sUser, $sPassword) !== true) {
$oResult->authorized = false;
} else {
$oResult->authorized = true;
}
break;
default:
// unknown operation: handled at a higher level
}
return $oResult;
}
/**
* Check if the user is already authentified, if yes, then performs some additional validations:
* - if $bMustBeAdmin is true, then the user must be an administrator, otherwise an error is displayed
* - if $bIsAllowedToPortalUsers is false and the user has only access to the portal, then the user is redirected to the portal
* @param bool $bMustBeAdmin Whether or not the user must be an admin to access the current page
* @param bool $bIsAllowedToPortalUsers Whether or not the current page is considered as part of the portal
* @param int iOnExit What action to take if the user is not logged on (one of the class constants EXIT_...)
*/
static function DoLogin($bMustBeAdmin = false, $bIsAllowedToPortalUsers = false, $iOnExit = self::EXIT_PROMPT)
{
$sMessage = '';
// In case we need to return a message to the calling web page
$operation = utils::ReadParam('loginop', '');
if ($operation == 'logoff') {
if (isset($_SESSION['login_mode'])) {
$sLoginMode = $_SESSION['login_mode'];
} else {
$aAllowedLoginTypes = MetaModel::GetConfig()->GetAllowedLoginTypes();
if (count($aAllowedLoginTypes) > 0) {
$sLoginMode = $aAllowedLoginTypes[0];
} else {
$sLoginMode = 'form';
}
}
self::ResetSession();
$oPage = self::NewLoginWebPage();
$oPage->DisplayLoginForm($sLoginMode, false);
$oPage->output();
exit;
} else {
if ($operation == 'forgot_pwd') {
$oPage = self::NewLoginWebPage();
$oPage->DisplayForgotPwdForm();
$oPage->output();
exit;
} else {
if ($operation == 'forgot_pwd_go') {
$oPage = self::NewLoginWebPage();
$oPage->ForgotPwdGo();
$oPage->output();
exit;
} else {
if ($operation == 'reset_pwd') {
$oPage = self::NewLoginWebPage();
$oPage->DisplayResetPwdForm();
$oPage->output();
exit;
} else {
if ($operation == 'do_reset_pwd') {
$oPage = self::NewLoginWebPage();
$oPage->DoResetPassword();
$oPage->output();
exit;
} else {
if ($operation == 'change_pwd') {
$sAuthUser = $_SESSION['auth_user'];
UserRights::Login($sAuthUser);
// Set the user's language
$oPage = self::NewLoginWebPage();
$oPage->DisplayChangePwdForm();
$oPage->output();
exit;
}
}
}
}
}
}
if ($operation == 'do_change_pwd') {
$sAuthUser = $_SESSION['auth_user'];
UserRights::Login($sAuthUser);
// Set the user's language
$sOldPwd = utils::ReadPostedParam('old_pwd', '', false, 'raw_data');
$sNewPwd = utils::ReadPostedParam('new_pwd', '', false, 'raw_data');
if (UserRights::CanChangePassword() && (!UserRights::CheckCredentials($sAuthUser, $sOldPwd) || !UserRights::ChangePassword($sOldPwd, $sNewPwd))) {
$oPage = self::NewLoginWebPage();
$oPage->DisplayChangePwdForm(true);
// old pwd was wrong
$oPage->output();
exit;
}
$sMessage = Dict::S('UI:Login:PasswordChanged');
}
$iRet = self::Login($iOnExit);
if ($iRet == self::EXIT_CODE_OK) {
if ($bMustBeAdmin && !UserRights::IsAdministrator()) {
if ($iOnExit == self::EXIT_RETURN) {
return self::EXIT_CODE_MUSTBEADMIN;
} else {
require_once APPROOT . '/setup/setuppage.class.inc.php';
$oP = new SetupPage(Dict::S('UI:PageTitle:FatalError'));
$oP->add("<h1>" . Dict::S('UI:Login:Error:AccessAdmin') . "</h1>\n");
$oP->p("<a href=\"" . utils::GetAbsoluteUrlAppRoot() . "pages/logoff.php\">" . Dict::S('UI:LogOffMenu') . "</a>");
$oP->output();
exit;
}
}
$iRet = call_user_func(array(self::$sHandlerClass, 'ChangeLocation'), $bIsAllowedToPortalUsers, $iOnExit);
}
if ($iOnExit == self::EXIT_RETURN) {
return $iRet;
} else {
return $sMessage;
}
}
