コード例 #1
0
 /**
  * Creates the permission menu template
  */
 public static function permissionMenu(Key $key, $popbox = FALSE)
 {
     $edit_groups = Users_Permission::getRestrictedGroups($key, TRUE);
     if (PHPWS_Error::isError($edit_groups)) {
         PHPWS_Error::log($edit_groups);
         $tpl['MESSAGE'] = $edit_groups->getMessage();
         return $tpl;
     }
     $view_groups = User_Form::_getNonUserGroups();
     $view_matches = $key->getViewGroups();
     $edit_matches = $key->getEditGroups();
     if (!empty($edit_groups)) {
         $edit_select = User_Form::_createMultiple($edit_groups['restricted']['all'], 'edit_groups', $edit_matches);
     } else {
         $edit_select = null;
     }
     if (!empty($view_groups)) {
         $view_select = User_Form::_createMultiple($view_groups, 'view_groups', $view_matches);
     } else {
         $view_select = null;
     }
     $form = new PHPWS_Form('choose_permissions');
     $form->addHidden('module', 'users');
     $form->addHidden('action', 'permission');
     $form->addHidden('key_id', $key->id);
     $form->addRadio('view_permission', array(0, 1, 2));
     $form->setExtra('view_permission', 'onclick="hideSelect(this.value)"');
     $form->setLabel('view_permission', array(dgettext('users', 'All visitors'), dgettext('users', 'Logged visitors'), dgettext('users', 'Specific group(s)')));
     $form->setMatch('view_permission', $key->restricted);
     $form->addSubmit(dgettext('users', 'Save permissions'));
     if ($popbox) {
         $form->addHidden('popbox', 1);
     }
     $tpl = $form->getTemplate();
     $tpl['TITLE'] = dgettext('users', 'Permissions');
     $tpl['EDIT_SELECT_LABEL'] = dgettext('users', 'Edit restrictions');
     $tpl['VIEW_SELECT_LABEL'] = dgettext('users', 'View restrictions');
     if ($edit_select) {
         $tpl['EDIT_SELECT'] = $edit_select;
     } else {
         $tpl['EDIT_SELECT'] = dgettext('users', 'No restricted edit groups found.');
     }
     if ($view_select) {
         $tpl['VIEW_SELECT'] = $view_select;
     } else {
         $tpl['VIEW_SELECT'] = dgettext('users', 'No view groups found.');
     }
     if ($popbox) {
         $tpl['CANCEL'] = sprintf('<input type="button" value="%s" onclick="window.close()" />', dgettext('users', 'Cancel'));
     }
     if (isset($_SESSION['Permission_Message'])) {
         $tpl['MESSAGE'] = $_SESSION['Permission_Message'];
         unset($_SESSION['Permission_Message']);
     }
     return $tpl;
 }
コード例 #2
0
ファイル: Action.php プロジェクト: HaldunA/phpwebsite
    /**
     * Controller of user requests. Based on the command request variable
     * defaults to my_page
     */
    public static function userAction()
    {
        $auth = Current_User::getAuthorization();
        $content = $title = null;
        if (isset($_REQUEST['command'])) {
            $command = $_REQUEST['command'];
        } else {
            $command = 'my_page';
        }
        switch ($command) {
            case 'login':
                if (!Current_User::isLogged() && isset($_POST['phpws_username']) && isset($_POST['phpws_password'])) {
                    $result = Current_User::loginUser($_POST['phpws_username'], $_POST['phpws_password']);
                    // here
                    if (!$result) {
                        $title = dgettext('users', 'Login page');
                        $message = dgettext('users', 'Username and password combination not found.');
                        $content = User_Form::loginPage();
                    } elseif (PHPWS_Error::isError($result)) {
                        if (preg_match('/L\\d/', $result->code)) {
                            $title = dgettext('users', 'Sorry');
                            $content = $result->getMessage();
                            $content .= ' ' . sprintf('<a href="mailto:%s">%s</a>', PHPWS_User::getUserSetting('site_contact'), dgettext('users', 'Contact the site administrator'));
                        } else {
                            PHPWS_Error::log($result);
                            $message = dgettext('users', 'A problem occurred when accessing user information. Please try again later.');
                        }
                    } else {
                        Current_User::getLogin();
                        PHPWS_Core::returnToBookmark();
                    }
                } else {
                    PHPWS_Core::errorPage('403');
                }
                break;
                // This is used by auth scripts if they need to return the user to
                // where they left off after redirection to another site for SSO
            // This is used by auth scripts if they need to return the user to
            // where they left off after redirection to another site for SSO
            case 'return_bookmark':
                PHPWS_Core::popUrlHistory();
                break;
                // reset user password
            // reset user password
            case 'rp':
                $user_id = User_Action::checkResetPassword();
                if ($user_id) {
                    $title = dgettext('users', 'Reset my password');
                    $content = User_Form::resetPassword($user_id, $_GET['auth']);
                } else {
                    $title = dgettext('users', 'Sorry');
                    $content = dgettext('users', 'Your password request was not found or timed out. Please apply again.');
                }
                break;
            case 'my_page':
                if ($auth->local_user) {
                    PHPWS_Core::initModClass('users', 'My_Page.php');
                    $my_page = new My_Page();
                    $my_page->main();
                } else {
                    Layout::add(PHPWS_ControlPanel::display(dgettext('users', 'My Page unavailable to remote users.'), 'my_page'));
                }
                break;
            case 'signup_user':
                $title = dgettext('users', 'New Account Sign-up');
                if (Current_User::isLogged()) {
                    $content = dgettext('users', 'You already have an account.');
                    break;
                }
                $user = new PHPWS_User();
                if (PHPWS_User::getUserSetting('new_user_method') == 0) {
                    $content = dgettext('users', 'Sorry, we are not accepting new users at this time.');
                    break;
                }
                $content = User_Form::signup_form($user);
                break;
            case 'submit_new_user':
                $title = dgettext('users', 'New Account Sign-up');
                $user_method = PHPWS_User::getUserSetting('new_user_method');
                if ($user_method == 0) {
                    Current_User::disallow(dgettext('users', 'New user signup not allowed.'));
                    return;
                }
                $user = new PHPWS_User();
                $result = User_Action::postNewUser($user);
                if (is_array($result)) {
                    $content = User_Form::signup_form($user, $result);
                } else {
                    $content = User_Action::successfulSignup($user);
                }
                break;
            case 'logout':
                $auth = Current_User::getAuthorization();
                $auth->logout();
                PHPWS_Core::killAllSessions();
                PHPWS_Core::reroute('index.php?module=users&action=reset');
                break;
            case 'login_page':
                if (Current_User::isLogged()) {
                    PHPWS_Core::home();
                }
                $title = dgettext('users', 'Login Page');
                $content = User_Form::loginPage();
                break;
            case 'confirm_user':
                if (Current_User::isLogged()) {
                    PHPWS_Core::home();
                }
                if (User_Action::confirmUser()) {
                    $title = dgettext('users', 'Welcome!');
                    $content = dgettext('users', 'Your account has been successfully activated. Please log in.');
                } else {
                    $title = dgettext('users', 'Sorry');
                    $content = dgettext('users', 'This authentication does not exist.<br />
 If you did not log in within the time frame specified in your email, please apply for another account.');
                }
                User_Action::cleanUpConfirm();
                break;
            case 'forgot_password':
                if (Current_User::isLogged()) {
                    PHPWS_Core::home();
                }
                $title = dgettext('users', 'Forgot Password');
                $content = User_Form::forgotForm();
                break;
            case 'post_forgot':
                $title = dgettext('users', 'Forgot Password');
                if (ALLOW_CAPTCHA) {
                    PHPWS_Core::initCoreClass('Captcha.php');
                    if (!Captcha::verify()) {
                        $content = dgettext('users', 'Captcha information was incorrect.');
                        $content .= User_Form::forgotForm();
                    } else {
                        if (!User_Action::postForgot($content)) {
                            $content .= User_Form::forgotForm();
                        }
                    }
                } elseif (!User_Action::postForgot($content)) {
                    $content .= User_Form::forgotForm();
                }
                break;
            case 'reset_pw':
                $pw_result = User_Action::finishResetPW();
                switch ($pw_result) {
                    case PHPWS_Error::isError($pw_result):
                        $title = dgettext('users', 'Reset my password');
                        $content = dgettext('users', 'Passwords were not acceptable for the following reason:');
                        $content .= '<br />' . $pw_result->getmessage() . '<br />';
                        $content .= User_Form::resetPassword($_POST['user_id'], $_POST['authhash']);
                        break;
                    case 0:
                        $title = dgettext('users', 'Sorry');
                        $content = dgettext('users', 'A problem occurred when trying to update your password. Please try again later.');
                        break;
                    case 1:
                        PHPWS_Core::home();
                        break;
                }
                break;
            default:
                PHPWS_Core::errorPage('404');
                break;
        }
        if (isset($message)) {
            $tag['MESSAGE'] = $message;
        }
        if (isset($title)) {
            $tag['TITLE'] = $title;
        }
        if (isset($content)) {
            $tag['CONTENT'] = $content;
        }
        if (isset($tag)) {
            $final = PHPWS_Template::process($tag, 'users', 'user_main.tpl');
            Layout::add($final);
        }
    }
コード例 #3
0
 /**
  * The public challenge action for getting a new password
  *
  * @return void
  */
 public function changepasswordAction()
 {
     $uri = new Digitalus_Uri();
     $uriParams = $uri->getParams();
     if (!isset($uriParams['u']) || !isset($uriParams['c'])) {
         $this->_error;
     } else {
         $userName = $uriParams['u'];
         $challengeId = $uriParams['c'];
         $mdlChallenge = new Login_Challenge();
         if (!$mdlChallenge->isValid($challengeId, $userName)) {
             $this->_error = $this->view->getTranslation('Error: No valid challenge was found. Please try again!');
         } else {
             $changePasswordForm = new User_Form();
             $uri = $this->baseUrl . '/' . Digitalus_Toolbox_Page::getCurrentPageName() . '/p/a/changepassword/u/' . $userName . '/c/' . $challengeId;
             $changePasswordForm->setAction($uri);
             $changePasswordForm->getElement('name')->addValidators(array(array('UsernameExists', true)));
             $changePasswordForm->onlyChangepasswordActionElements(array('legend' => 'Change Password'));
             if ($this->_request->isPost() && $changePasswordForm->isValid($_POST)) {
                 $password = Digitalus_Filter_Post::get('password');
                 $passwordConfirm = Digitalus_Filter_Post::get('password_confirm');
                 $mdlUser = new Model_User();
                 if (!$mdlUser->updatePassword($userName, $password, true, $passwordConfirm)) {
                     $this->_error = $this->view->getTranslation("Error: Your password hasn't been updated!");
                 } else {
                     $mdlChallenge->invalidate($challengeId);
                     $this->_message = $this->view->getTranslation('Your password has been updated successfully!');
                 }
             } else {
                 $this->_message = $this->view->getTranslation('Please type in Your user name and Your new password.');
                 $this->view->form = $changePasswordForm;
             }
         }
     }
     $this->view->error = $this->_error;
     $this->view->message = $this->_message;
 }
コード例 #4
0
ファイル: Current_User.php プロジェクト: HaldunA/phpwebsite
 public static function permissionMenu()
 {
     $key = Key::getCurrent();
     if (empty($key) || $key->isDummy() || empty($key->edit_permission)) {
         return;
     }
     if (Current_User::isUnrestricted($key->module) && Current_User::allow($key->module, $key->edit_permission)) {
         if (!javascriptEnabled()) {
             $tpl = User_Form::permissionMenu($key);
             $content = PHPWS_Template::process($tpl, 'users', 'forms/permission_menu.tpl');
             Layout::add($content, 'users', 'permissions');
         } else {
             $links[] = Current_User::popupPermission($key->id, sprintf(dgettext('users', 'Set permissions'), $key->title));
             MiniAdmin::add('users', $links);
         }
     }
 }