/** * Register User profile * * @access private * @param array $_post _POST array * @return void */ private function profiling($_post) { $msg = null; // ther'is no permission check because each user can only change his profile // handle _post $post = array('lang' => $_post['lang'], 'username' => $_post['username'], 'description' => strip_tags($_post['description']), 'mail' => $_post['mail'], 'phone' => $_post['phone']); // check for password update if (!empty($_post['password'])) { $post['password'] = X4Utils_helper::hashing($_post['password']); } $user = new User_model(); // check if username or email address are already used by another user $check = (bool) $user->exists($post['username'], $post['mail'], $_SESSION['xuid']); if ($check) { $msg = AdmUtils_helper::set_msg($false, '', $this->dict->get_word('_USER_ALREADY_EXISTS', 'msg')); } else { // update profile $result = $user->update($_SESSION['xuid'], $post); // if user changes his password then send a reminder if ($result[1] && !empty($_post['password'])) { // build subject and message $s = array('DOMAIN', 'USERNAME', 'PASSWORD'); $r = array($this->site->site->domain, $_post['username'], $_post['password']); $subject = str_replace($s, $r, _SUBJECT_PROFILE); $msg = str_replace($s, $r, _MSG_PROFILE); $to = array(array('mail' => $_post['mail'], 'name' => $_post['username'])); // send X4Mailer_helper::mailto(MAIL, false, $subject, $msg, $to); } // set message $this->dict->get_words(); $msg = AdmUtils_helper::set_msg($result); // set update if ($result[1]) { $msg->update[] = array('element' => 'topic', 'url' => urldecode(BASE_URL . 'profile'), 'title' => null); } } $this->response($msg); }
public function createNewUser($formData) { if (!$this->userObj->isAdmin()) { echo json_encode(array('status' => 'error', 'msg' => 'You do not have permission to create a new user.')); exit; } // Check to make sure user does not already exist $userExists = User_model::exists($formData['username']); // If the above statement returns more than 0 rows, the user exists, so display error if ($userExists > 0) { echo json_encode(array('status' => 'error', 'msg' => 'A user with that name already exists.')); exit; } else { $phonenumber = @$formData['phone']; if (!isset($formData['canAdd'])) { $formData['canAdd'] = 0; } if (!isset($formData['canCheckin'])) { $formData['canCheckin'] = 0; } $userArray = array('username' => $formData['username'], 'password' => User_Model::randomPassword(), 'department' => $formData['department'], 'phone' => $phonenumber, 'email' => $formData['email'], 'last_name' => $formData['last_name'], 'first_name' => $formData['first_name'], 'can_add' => $formData['canAdd'], 'can_checkin' => $formData['canCheckin'], 'pw_reset_code' => 1); $userId = User_Model::createUser($userArray); if (!isset($formData['admin'])) { $formData['admin'] = '0'; } $adminArray = array('id' => $userId, 'admin' => $formData['admin']); //Sets the correct admin settings for the new user User_Model::newUserAdmin($adminArray); if (isset($formData['departmentReview'])) { for ($i = 0; $i < sizeof($formData['departmentReview']); $i++) { $deptId = $formData['departmentReview'][$i]; $deptArray = array('dept_id' => $deptId, 'user_id' => $userId); //sets the reviewer status for the new user User_model::newUserReviewer($deptArray); } } /* // mail user telling him/her that his/her account has been created. $newUserObj = new User($userId, $pdo); $date = date('M-d-Y H:i'); $getFullName = $this->userObj->getFullName(); $fullName = $getFullName[0].' '.$getFullName[1]; $getNewFullName = $newUserObj->getFullName(); $newUserFullName = $getNewFullName[0].' '.$getNewFullName[1]; $body= (file_get_contents('templates/emails/user-email-template.html')); $body = str_replace('$fullName', $newUserFullName, $body); $body = str_replace('$userName', $newUserObj->getName(), $body); $body = str_replace('$base_url', $base_url, $body); $body = str_replace('$msg','Your Document Management account was created by '. $fullName . ' on ' . $date , $body); $body = str_replace('$date', $date, $body); $body = str_replace('$email', $this->userObj->getEmailAddress(), $body); $body = str_replace('$siteName', msg('email_automated_document_messenger'), $body); $body = str_replace('$phoneNumber', $this->userObj->getPhoneNumber(), $body); $body = str_replace('$creator', $fullName, $body); if($GLOBALS['CONFIG']['authen'] == 'mysql') { $body = str_replace('$password', $_POST['password'], $body); } $mail = new PHPMailer; $mail->isSendmail(); $mail->setFrom($this->userObj->getEmailAddress(), $fullName); $mail->Subject = msg('message_account_created_add_user'); $mail->msgHTML($body); $mail->addAddress($newUserObj->getEmailAddress() , $newUserFullName); if (!$mail->send()) { echo "Mailer Error: " . $mail->ErrorInfo; break; } else { echo "Message sent!"; } */ } }
/** * Register Edit / New User form data * (if 0 then is a new item) * @param integer $id item ID (if 0 then is a new item) * @param array $_post _POST array * @return void */ private function editing($id, $_post) { $msg = null; // check permission $msg = $id ? AdmUtils_helper::chk_priv_level($_SESSION['xuid'], 'users', $id, 2) : AdmUtils_helper::chk_priv_level($_SESSION['xuid'], '_user_creation', 0, 4); if (is_null($msg)) { // handle _post $post = array('lang' => $_post['lang'], 'id_group' => $_post['id_group'], 'username' => $_post['username'], 'description' => $_post['description'], 'mail' => $_post['mail'], 'phone' => $_post['phone'], 'level' => $_post['level']); // update password if (!empty($_post['password'])) { $post['password'] = X4Utils_helper::hashing($_post['password']); } // check if an user with the same username or password already exists $user = new User_model(); $check = (bool) $user->exists($post['username'], $post['mail'], $id); if ($check) { $msg = AdmUtils_helper::set_msg(false, '', $this->dict->get_word('_USER_ALREADY_EXISTS', 'msg')); } else { $perm = new Permission_model(); if ($id) { // update $result = $user->update($id, $post); // update user privileges on areas $perm->set_aprivs($id, $_post['domain']); // redirect $where = '/detail/' . $id; } else { // insert $result = $user->insert($post); // redirect $where = ''; if ($result[1]) { $id = $result[0]; // set privileges on areas $perm->set_aprivs($id, $_post['domain']); // add privs on new user $array[] = array('action' => 'insert', 'id_what' => $result[0], 'id_user' => $_SESSION['xuid'], 'level' => 4); $res = $perm->pexec('users', $array, $_post['id_area']); // refactory permissions for the user $perm->refactory($id); } } // set message $msg = AdmUtils_helper::set_msg($result); // set what update if ($result[1]) { $msg->update[] = array('element' => 'tdown', 'url' => BASE_URL . 'users' . $where, 'title' => null); } } } $this->response($msg); }