/**
* Creates the permission menu template
*/
public static function permissionMenu(Key $key, $popbox = FALSE)
{
$edit_groups = Users_Permission::getRestrictedGroups($key, TRUE);
if (PHPWS_Error::isError($edit_groups)) {
PHPWS_Error::log($edit_groups);
$tpl['MESSAGE'] = $edit_groups->getMessage();
return $tpl;
}
$view_groups = User_Form::_getNonUserGroups();
$view_matches = $key->getViewGroups();
$edit_matches = $key->getEditGroups();
if (!empty($edit_groups)) {
$edit_select = User_Form::_createMultiple($edit_groups['restricted']['all'], 'edit_groups', $edit_matches);
} else {
$edit_select = null;
}
if (!empty($view_groups)) {
$view_select = User_Form::_createMultiple($view_groups, 'view_groups', $view_matches);
} else {
$view_select = null;
}
$form = new PHPWS_Form('choose_permissions');
$form->addHidden('module', 'users');
$form->addHidden('action', 'permission');
$form->addHidden('key_id', $key->id);
$form->addRadio('view_permission', array(0, 1, 2));
$form->setExtra('view_permission', 'onclick="hideSelect(this.value)"');
$form->setLabel('view_permission', array(dgettext('users', 'All visitors'), dgettext('users', 'Logged visitors'), dgettext('users', 'Specific group(s)')));
$form->setMatch('view_permission', $key->restricted);
$form->addSubmit(dgettext('users', 'Save permissions'));
if ($popbox) {
$form->addHidden('popbox', 1);
}
$tpl = $form->getTemplate();
$tpl['TITLE'] = dgettext('users', 'Permissions');
$tpl['EDIT_SELECT_LABEL'] = dgettext('users', 'Edit restrictions');
$tpl['VIEW_SELECT_LABEL'] = dgettext('users', 'View restrictions');
if ($edit_select) {
$tpl['EDIT_SELECT'] = $edit_select;
} else {
$tpl['EDIT_SELECT'] = dgettext('users', 'No restricted edit groups found.');
}
if ($view_select) {
$tpl['VIEW_SELECT'] = $view_select;
} else {
$tpl['VIEW_SELECT'] = dgettext('users', 'No view groups found.');
}
if ($popbox) {
$tpl['CANCEL'] = sprintf('<input type="button" value="%s" onclick="window.close()" />', dgettext('users', 'Cancel'));
}
if (isset($_SESSION['Permission_Message'])) {
$tpl['MESSAGE'] = $_SESSION['Permission_Message'];
unset($_SESSION['Permission_Message']);
}
return $tpl;
}
/**
* Controller of user requests. Based on the command request variable
* defaults to my_page
*/
public static function userAction()
{
$auth = Current_User::getAuthorization();
$content = $title = null;
if (isset($_REQUEST['command'])) {
$command = $_REQUEST['command'];
} else {
$command = 'my_page';
}
switch ($command) {
case 'login':
if (!Current_User::isLogged() && isset($_POST['phpws_username']) && isset($_POST['phpws_password'])) {
$result = Current_User::loginUser($_POST['phpws_username'], $_POST['phpws_password']);
// here
if (!$result) {
$title = dgettext('users', 'Login page');
$message = dgettext('users', 'Username and password combination not found.');
$content = User_Form::loginPage();
} elseif (PHPWS_Error::isError($result)) {
if (preg_match('/L\\d/', $result->code)) {
$title = dgettext('users', 'Sorry');
$content = $result->getMessage();
$content .= ' ' . sprintf('<a href="mailto:%s">%s</a>', PHPWS_User::getUserSetting('site_contact'), dgettext('users', 'Contact the site administrator'));
} else {
PHPWS_Error::log($result);
$message = dgettext('users', 'A problem occurred when accessing user information. Please try again later.');
}
} else {
Current_User::getLogin();
PHPWS_Core::returnToBookmark();
}
} else {
PHPWS_Core::errorPage('403');
}
break;
// This is used by auth scripts if they need to return the user to
// where they left off after redirection to another site for SSO
// This is used by auth scripts if they need to return the user to
// where they left off after redirection to another site for SSO
case 'return_bookmark':
PHPWS_Core::popUrlHistory();
break;
// reset user password
// reset user password
case 'rp':
$user_id = User_Action::checkResetPassword();
if ($user_id) {
$title = dgettext('users', 'Reset my password');
$content = User_Form::resetPassword($user_id, $_GET['auth']);
} else {
$title = dgettext('users', 'Sorry');
$content = dgettext('users', 'Your password request was not found or timed out. Please apply again.');
}
break;
case 'my_page':
if ($auth->local_user) {
PHPWS_Core::initModClass('users', 'My_Page.php');
$my_page = new My_Page();
$my_page->main();
} else {
Layout::add(PHPWS_ControlPanel::display(dgettext('users', 'My Page unavailable to remote users.'), 'my_page'));
}
break;
case 'signup_user':
$title = dgettext('users', 'New Account Sign-up');
if (Current_User::isLogged()) {
$content = dgettext('users', 'You already have an account.');
break;
}
$user = new PHPWS_User();
if (PHPWS_User::getUserSetting('new_user_method') == 0) {
$content = dgettext('users', 'Sorry, we are not accepting new users at this time.');
break;
}
$content = User_Form::signup_form($user);
break;
case 'submit_new_user':
$title = dgettext('users', 'New Account Sign-up');
$user_method = PHPWS_User::getUserSetting('new_user_method');
if ($user_method == 0) {
Current_User::disallow(dgettext('users', 'New user signup not allowed.'));
return;
}
$user = new PHPWS_User();
$result = User_Action::postNewUser($user);
if (is_array($result)) {
$content = User_Form::signup_form($user, $result);
} else {
$content = User_Action::successfulSignup($user);
}
break;
case 'logout':
$auth = Current_User::getAuthorization();
$auth->logout();
PHPWS_Core::killAllSessions();
PHPWS_Core::reroute('index.php?module=users&action=reset');
break;
case 'login_page':
if (Current_User::isLogged()) {
PHPWS_Core::home();
}
$title = dgettext('users', 'Login Page');
$content = User_Form::loginPage();
break;
case 'confirm_user':
if (Current_User::isLogged()) {
PHPWS_Core::home();
}
if (User_Action::confirmUser()) {
$title = dgettext('users', 'Welcome!');
$content = dgettext('users', 'Your account has been successfully activated. Please log in.');
} else {
$title = dgettext('users', 'Sorry');
$content = dgettext('users', 'This authentication does not exist.<br />
If you did not log in within the time frame specified in your email, please apply for another account.');
}
User_Action::cleanUpConfirm();
break;
case 'forgot_password':
if (Current_User::isLogged()) {
PHPWS_Core::home();
}
$title = dgettext('users', 'Forgot Password');
$content = User_Form::forgotForm();
break;
case 'post_forgot':
$title = dgettext('users', 'Forgot Password');
if (ALLOW_CAPTCHA) {
PHPWS_Core::initCoreClass('Captcha.php');
if (!Captcha::verify()) {
$content = dgettext('users', 'Captcha information was incorrect.');
$content .= User_Form::forgotForm();
} else {
if (!User_Action::postForgot($content)) {
$content .= User_Form::forgotForm();
}
}
} elseif (!User_Action::postForgot($content)) {
$content .= User_Form::forgotForm();
}
break;
case 'reset_pw':
$pw_result = User_Action::finishResetPW();
switch ($pw_result) {
case PHPWS_Error::isError($pw_result):
$title = dgettext('users', 'Reset my password');
$content = dgettext('users', 'Passwords were not acceptable for the following reason:');
$content .= '<br />' . $pw_result->getmessage() . '<br />';
$content .= User_Form::resetPassword($_POST['user_id'], $_POST['authhash']);
break;
case 0:
$title = dgettext('users', 'Sorry');
$content = dgettext('users', 'A problem occurred when trying to update your password. Please try again later.');
break;
case 1:
PHPWS_Core::home();
break;
}
break;
default:
PHPWS_Core::errorPage('404');
break;
}
if (isset($message)) {
$tag['MESSAGE'] = $message;
}
if (isset($title)) {
$tag['TITLE'] = $title;
}
if (isset($content)) {
$tag['CONTENT'] = $content;
}
if (isset($tag)) {
$final = PHPWS_Template::process($tag, 'users', 'user_main.tpl');
Layout::add($final);
}
}
/**
* The public challenge action for getting a new password
*
* @return void
*/
public function changepasswordAction()
{
$uri = new Digitalus_Uri();
$uriParams = $uri->getParams();
if (!isset($uriParams['u']) || !isset($uriParams['c'])) {
$this->_error;
} else {
$userName = $uriParams['u'];
$challengeId = $uriParams['c'];
$mdlChallenge = new Login_Challenge();
if (!$mdlChallenge->isValid($challengeId, $userName)) {
$this->_error = $this->view->getTranslation('Error: No valid challenge was found. Please try again!');
} else {
$changePasswordForm = new User_Form();
$uri = $this->baseUrl . '/' . Digitalus_Toolbox_Page::getCurrentPageName() . '/p/a/changepassword/u/' . $userName . '/c/' . $challengeId;
$changePasswordForm->setAction($uri);
$changePasswordForm->getElement('name')->addValidators(array(array('UsernameExists', true)));
$changePasswordForm->onlyChangepasswordActionElements(array('legend' => 'Change Password'));
if ($this->_request->isPost() && $changePasswordForm->isValid($_POST)) {
$password = Digitalus_Filter_Post::get('password');
$passwordConfirm = Digitalus_Filter_Post::get('password_confirm');
$mdlUser = new Model_User();
if (!$mdlUser->updatePassword($userName, $password, true, $passwordConfirm)) {
$this->_error = $this->view->getTranslation("Error: Your password hasn't been updated!");
} else {
$mdlChallenge->invalidate($challengeId);
$this->_message = $this->view->getTranslation('Your password has been updated successfully!');
}
} else {
$this->_message = $this->view->getTranslation('Please type in Your user name and Your new password.');
$this->view->form = $changePasswordForm;
}
}
}
$this->view->error = $this->_error;
$this->view->message = $this->_message;
}
public static function permissionMenu()
{
$key = Key::getCurrent();
if (empty($key) || $key->isDummy() || empty($key->edit_permission)) {
return;
}
if (Current_User::isUnrestricted($key->module) && Current_User::allow($key->module, $key->edit_permission)) {
if (!javascriptEnabled()) {
$tpl = User_Form::permissionMenu($key);
$content = PHPWS_Template::process($tpl, 'users', 'forms/permission_menu.tpl');
Layout::add($content, 'users', 'permissions');
} else {
$links[] = Current_User::popupPermission($key->id, sprintf(dgettext('users', 'Set permissions'), $key->title));
MiniAdmin::add('users', $links);
}
}
}