コード例 #1
0
function ProcessPasswordChange()
{
    global $database;
    global $current_user;
    if (isset($_POST["current_password"]) || isset($_POST["new_password"]) || isset($_POST["repeat_password"])) {
        // get the password variables
        $current_password = null;
        if (!isset($_POST["current_password"]) || empty($_POST["current_password"])) {
            return "Current password not set.<br/>";
        }
        $current_password = $_POST["current_password"];
        $new_password = null;
        if (!isset($_POST["new_password"]) || empty($_POST["new_password"])) {
            return "New password not set.<br/>";
        }
        $new_password = $_POST["new_password"];
        $repeat_password = null;
        if (!isset($_POST["repeat_password"]) || empty($_POST["repeat_password"])) {
            return "Repeated password not set.<br/>";
        }
        $repeat_password = $_POST["repeat_password"];
        // check that the new password was entered correctly
        if ($new_password !== $repeat_password) {
            return "New password does not match the repeated password.<br/>";
        }
        // get the current users database entry
        $user_read = new UserRead($database, "SELECT {0} FROM `map_server_users` WHERE username = ?");
        $user_read->ExecuteQuery(array($current_user));
        if (!$user_read->MoveNext()) {
            return "Failed to get current user account from the database.<br/>";
        }
        // check that the provided password matches the current users password
        $password_hash = new PasswordHash(8, true);
        if (!$password_hash->CheckPassword($current_password, $user_read->password_hash)) {
            return "Incorrect password provided.<br/>";
        }
        $user_update = new UserUpdate($database, "UPDATE `map_server_users` SET {0} WHERE username = ?");
        $user_update->username = $user_read->username;
        $user_update->password_hash = $password_hash->HashPassword($new_password);
        $user_update->map_database_permissions = $user_read->map_database_permissions;
        $user_update->user_control_permissions = $user_read->user_control_permissions;
        $user_update->ExecuteQuery(array($user_read->username));
        return "Changes saved.<br/>";
    }
    return null;
}
コード例 #2
0
    /**
     * @covers Intacct\Functions\Company\UserUpdate::writeXml
     */
    public function testRestrictions()
    {
        $expected = <<<EOF
<?xml version="1.0" encoding="UTF-8"?>
<function controlid="unittest">
    <update>
        <USERINFO>
            <LOGINID>U1234</LOGINID>
            <USERLOCATIONS>
                <LOCATIONID>E100</LOCATIONID>
            </USERLOCATIONS>
            <USERLOCATIONS>
                <LOCATIONID>E200</LOCATIONID>
            </USERLOCATIONS>
            <USERDEPARTMENTS>
                <DEPARTMENTID>D100</DEPARTMENTID>
            </USERDEPARTMENTS>
            <USERDEPARTMENTS>
                <DEPARTMENTID>D200</DEPARTMENTID>
            </USERDEPARTMENTS>
        </USERINFO>
    </update>
</function>
EOF;
        $xml = new XMLWriter();
        $xml->openMemory();
        $xml->setIndent(true);
        $xml->setIndentString('    ');
        $xml->startDocument();
        $record = new UserUpdate('unittest');
        $record->setUserId('U1234');
        $record->setRestrictedEntities(['E100', 'E200']);
        $record->setRestrictedDepartments(['D100', 'D200']);
        $record->writeXml($xml);
        $this->assertXmlStringEqualsXmlString($expected, $xml->flush());
    }
コード例 #3
0
ファイル: user_edit.php プロジェクト: CodeAsm/open-sauce
function ProcessUserEdit()
{
    global $database;
    global $current_user;
    global $can_edit_users;
    $result = new UserEditResult();
    // only allow users with the required privileges to delete users
    if (!$can_edit_users) {
        $result->success = false;
        $result->error_message = "Your user account does not have sufficient priviledges to edit users.";
        return $result;
    }
    // verify the username has been set
    if (!isset($_POST["user_edit"]) || empty($_POST["user_edit"])) {
        $result->success = false;
        $result->error_message = "No username to edit provided.";
        return $result;
    }
    $result->user_name = $_POST["user_edit"];
    // prevent the currently signed in user from being edited
    if ($result->user_name === $current_user) {
        $result->success = false;
        $result->error_message = "You cannot edit the currently logged in user.";
        return $result;
    }
    $user_read = new UserRead($database, "SELECT {0} FROM `map_server_users` WHERE username = ?");
    $user_read->ExecuteQuery(array($result->user_name));
    if (!$user_read->MoveNext()) {
        $result->success = false;
        $result->error_message = "Unable to find user in database.";
        return $result;
    }
    $result->user_can_create_map_entry = ($user_read->map_database_permissions & AccessPermissions::ACCESS_PERMISSIONS_CREATE) == AccessPermissions::ACCESS_PERMISSIONS_CREATE;
    $result->user_can_delete_map_entry = ($user_read->map_database_permissions & AccessPermissions::ACCESS_PERMISSIONS_DELETE) == AccessPermissions::ACCESS_PERMISSIONS_DELETE;
    $result->user_can_edit_map_entry = ($user_read->map_database_permissions & AccessPermissions::ACCESS_PERMISSIONS_EDIT) == AccessPermissions::ACCESS_PERMISSIONS_EDIT;
    $result->user_can_create_users = ($user_read->user_control_permissions & AccessPermissions::ACCESS_PERMISSIONS_CREATE) == AccessPermissions::ACCESS_PERMISSIONS_CREATE;
    $result->user_can_delete_users = ($user_read->user_control_permissions & AccessPermissions::ACCESS_PERMISSIONS_DELETE) == AccessPermissions::ACCESS_PERMISSIONS_DELETE;
    $result->user_can_edit_users = ($user_read->user_control_permissions & AccessPermissions::ACCESS_PERMISSIONS_EDIT) == AccessPermissions::ACCESS_PERMISSIONS_EDIT;
    if (isset($_POST['user_edit_save'])) {
        $result->user_can_create_map_entry = isset($_POST['user_edit_can_create_map_entry']);
        $result->user_can_delete_map_entry = isset($_POST['user_edit_can_delete_map_entry']);
        $result->user_can_edit_map_entry = isset($_POST['user_edit_can_edit_map_entry']);
        $result->user_can_create_users = isset($_POST['user_edit_can_create_users']);
        $result->user_can_delete_users = isset($_POST['user_edit_can_delete_users']);
        $result->user_can_edit_users = isset($_POST['user_edit_can_edit_users']);
        $user_update = new UserUpdate($database, "UPDATE `map_server_users` SET {0} WHERE username = ?");
        $user_update->username = $user_read->username;
        $user_update->password_hash = $user_read->password_hash;
        $user_update->map_database_permissions = AccessPermissions::ACCESS_PERMISSIONS_NONE;
        $user_update->user_control_permissions = AccessPermissions::ACCESS_PERMISSIONS_NONE;
        if ($result->user_can_create_map_entry) {
            $user_update->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_CREATE;
        }
        if ($result->user_can_delete_map_entry) {
            $user_update->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_DELETE;
        }
        if ($result->user_can_edit_map_entry) {
            $user_update->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_EDIT;
        }
        if ($result->user_can_create_users) {
            $user_update->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_CREATE;
        }
        if ($result->user_can_delete_users) {
            $user_update->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_DELETE;
        }
        if ($result->user_can_edit_users) {
            $user_update->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_EDIT;
        }
        $user_update->ExecuteQuery(array($user_read->username));
        print_line_inset("<h3>Output</h3>", 2);
        print_line_inset("Changes saved.<br/><br/>", 2);
    }
    $result->success = true;
    return $result;
}