public static function authenticate($ps_username, $ps_password = '', $pa_options = null)
{
$t_user = new ca_users();
$t_user->load($ps_username);
if ($t_user->getPrimaryKey() > 0) {
$vs_hash = $t_user->get('password');
if (preg_match('/^[a-f0-9]{32}$/', $vs_hash)) {
// old-style md5 passwords
//throw new CaUsersException(_t('The stored password for this user seems to be in legacy format. Please update the user account by resetting the password.'));
if (md5($ps_password) == $vs_hash) {
// if the md5 hash matches, authenticate successfully and move the user over to pbkdf2 key
$t_user->setMode(ACCESS_WRITE);
// ca_users::update takes care of the hashing by calling AuthenticationManager::updatePassword()
$t_user->set('password', $ps_password);
$t_user->update();
return true;
} else {
return false;
}
}
return validate_password($ps_password, $vs_hash);
} else {
return false;
}
}
public function DoReset()
{
if (!AuthenticationManager::supports(__CA_AUTH_ADAPTER_FEATURE_RESET_PASSWORDS__)) {
$this->Login();
return;
}
$vs_token = $this->getRequest()->getParameter('token', pString);
$vs_username = $this->getRequest()->getParameter('username', pString);
$t_user = new ca_users();
$vs_pw = $this->getRequest()->getParameter('password', pString);
$vs_pw_check = $this->getRequest()->getParameter('password2', pString);
if ($t_user->load($vs_username)) {
if ($t_user->isValidToken($vs_token)) {
// no password match
if ($vs_pw !== $vs_pw_check) {
$this->notification->addNotification(_t("Passwords did not match. Please try again."), __NOTIFICATION_TYPE_ERROR__);
$this->view->setVar('notifications', $this->notification->getNotifications());
$this->view->setVar('renderForm', true);
$this->view->setVar('token', $vs_token);
$this->view->setVar('username', $vs_username);
$this->render('password_reset_form_html.php');
} else {
$t_user->set('password', $vs_pw);
$t_user->setMode(ACCESS_WRITE);
$t_user->update();
$this->notification->addNotification(_t("Password was successfully changed. You can now log in with your new password."), __NOTIFICATION_TYPE_INFO__);
$this->view->setVar('notifications', $this->notification->getNotifications());
$this->Login();
}
}
}
}
/**
* Reset user password
*/
public static function reset_password($po_opts = null)
{
if ($vs_user_name = (string) $po_opts->getOption('user')) {
if (!($vs_password = (string) $po_opts->getOption('password'))) {
CLIUtils::addError(_t("You must specify a password"));
return false;
}
$t_user = new ca_users();
if (!$t_user->load(array("user_name" => $vs_user_name))) {
CLIUtils::addError(_t("User name %1 does not exist", $vs_user_name));
return false;
}
$t_user->setMode(ACCESS_WRITE);
$t_user->set('password', $vs_password);
$t_user->update();
if ($t_user->numErrors()) {
CLIUtils::addError(_t("Password change for user %1 failed: %2", $vs_user_name, join("; ", $t_user->getErrors())));
return false;
}
CLIUtils::addMessage(_t('Changed password for user %1', $vs_user_name), array('color' => 'bold_green'));
return true;
}
CLIUtils::addError(_t("You must specify a user"));
return false;
}
/**
*
*/
public function Save()
{
// Field to user profile preference mapping
$va_mapping = array('billing_organization' => 'user_profile_organization', 'billing_address1' => 'user_profile_address1', 'billing_address2' => 'user_profile_address2', 'billing_city' => 'user_profile_city', 'billing_zone' => 'user_profile_state', 'billing_postal_code' => 'user_profile_postalcode', 'billing_country' => 'user_profile_country', 'billing_phone' => 'user_profile_phone', 'billing_fax' => 'user_profile_fax', 'shipping_organization' => 'user_profile_organization', 'shipping_address1' => 'user_profile_address1', 'shipping_address2' => 'user_profile_address2', 'shipping_city' => 'user_profile_city', 'shipping_zone' => 'user_profile_state', 'shipping_postal_code' => 'user_profile_postalcode', 'shipping_country' => 'user_profile_country', 'shipping_phone' => 'user_profile_phone', 'shipping_fax' => 'user_profile_fax');
$va_errors = array();
$va_fields = $this->opt_order->getFormFields();
foreach ($va_fields as $vs_f => $va_field_info) {
switch ($vs_f) {
case 'transaction_id':
// noop
break;
case 'order_type':
// noop
break;
default:
if (isset($_REQUEST[$vs_f])) {
if (!$this->opt_order->set($vs_f, $this->request->getParameter($vs_f, pString))) {
$va_errors[$vs_f] = $this->opt_order->errors();
}
}
break;
}
}
// Set additional fees for order
$va_fees = $this->opo_client_services_config->getAssoc('additional_loan_fees');
if (is_array($va_fees)) {
if (!is_array($va_fee_values = $this->opt_order->get('additional_fees'))) {
$va_fee_values = array();
}
foreach ($va_fees as $vs_code => $va_info) {
$va_fee_values[$vs_code] = (double) $this->request->getParameter("additional_fee_{$vs_code}", pString);
}
$this->opt_order->set('additional_fees', $va_fee_values);
}
$this->opt_order->setMode(ACCESS_WRITE);
if ($this->opt_order->getPrimaryKey()) {
$this->opt_order->set('order_type', 'L');
// L=loan
$this->opt_order->update();
$vn_transaction_id = $this->opt_order->get('transaction_id');
} else {
// Set transaction
if (!($vn_transaction_id = $this->request->getParameter('transaction_id', pInteger))) {
if ($vn_user_id = $this->request->getParameter('transaction_user_id', pInteger)) {
// try to create transaction
$t_trans = new ca_commerce_transactions();
$t_trans->setMode(ACCESS_WRITE);
$t_trans->set('user_id', $vn_user_id);
$t_trans->set('short_description', "Created on " . date("c"));
$t_trans->set('set_id', null);
$t_trans->insert();
if ($t_trans->numErrors()) {
$this->notification->addNotification(_t('Errors occurred when creating commerce transaction: %1', join('; ', $t_trans->getErrors())), __NOTIFICATION_TYPE_ERROR__);
} else {
$vn_transaction_id = $t_trans->getPrimaryKey();
}
}
}
$this->opt_order->set('transaction_id', $vn_transaction_id);
$this->opt_order->set('order_type', 'L');
// L=loan
$this->opt_order->insert();
$this->request->setParameter('order_id', $this->opt_order->getPrimaryKey());
}
// set user profile if not already set
$t_trans = new ca_commerce_transactions($vn_transaction_id);
$t_user = new ca_users($t_trans->get('user_id'));
$t_user->setMode(ACCESS_WRITE);
foreach ($va_mapping as $vs_field => $vs_pref) {
if (!strlen($t_user->getPreference($vs_pref))) {
$t_user->setPreference($vs_pref, $this->opt_order->get($vs_field));
}
}
$t_user->update();
if (!$this->opt_order->numErrors()) {
$this->notification->addNotification(_t('Saved changes'), __NOTIFICATION_TYPE_INFO__);
} else {
$va_errors['general'] = $this->opt_order->errors();
$this->notification->addNotification(_t('Errors occurred: %1', join('; ', $this->opt_order->getErrors())), __NOTIFICATION_TYPE_ERROR__);
}
$this->view->setVar('errors', $va_errors);
}
function resetSave()
{
MetaTagManager::setWindowTitle($this->request->config->get("app_display_name") . ": " . _t("Reset Password"));
$ps_action = $this->request->getParameter('action', pString);
if (!$ps_action) {
$ps_action = "reset";
}
$ps_key = $this->request->getParameter('key', pString);
$ps_key = preg_replace("/[^A-Za-z0-9]+/", "", $ps_key);
$this->view->setVar("key", $ps_key);
$this->view->setVar("email", $this->request->config->get("ca_admin_email"));
$o_check_key = new Db();
$qr_check_key = $o_check_key->query("\n\t\t\t\tSELECT user_id \n\t\t\t\tFROM ca_users \n\t\t\t\tWHERE\n\t\t\t\t\tmd5(concat(concat(user_id, '/'), password)) = ?\n\t\t\t", $ps_key);
#
# Check reset key
#
if (!$qr_check_key->nextRow() || !($vs_user_id = $qr_check_key->get("user_id"))) {
$this->view->setVar("action", "reset_failure");
$this->view->setVar("message", _t("Your password could not be reset"));
$this->render('LoginReg/form_reset_html.php');
} else {
$ps_password = $this->request->getParameter('password', pString);
$ps_password_confirm = $this->request->getParameter('password_confirm', pString);
switch ($ps_action) {
case 'reset_save':
if (!$ps_password || !$ps_password_confirm) {
$this->view->setVar("message", _t("Please enter and re-type your password."));
$ps_action = "reset";
break;
}
if ($ps_password != $ps_password_confirm) {
$this->view->setVar("message", _t("Passwords do not match. Please try again."));
$ps_action = "reset";
break;
}
$t_user = new ca_users();
$t_user->purify(true);
$t_user->load($vs_user_id);
# verify user exists with this e-mail address
if ($t_user->getPrimaryKey()) {
# user with e-mail already exists...
$t_user->setMode(ACCESS_WRITE);
$t_user->set("password", $ps_password);
$t_user->update();
if ($t_user->numErrors()) {
$this->notification->addNotification(join("; ", $t_user->getErrors()), __NOTIFICATION_TYPE_INFO__);
$ps_action = "reset_failure";
} else {
$ps_action = "reset_success";
$o_view = new View($this->request, array($this->request->getViewsDirectoryPath()));
# -- generate email subject
$vs_subject_line = $o_view->render("mailTemplates/notification_subject.tpl");
# -- generate mail text from template - get both the html and text versions
$vs_mail_message_text = $o_view->render("mailTemplates/notification.tpl");
$vs_mail_message_html = $o_view->render("mailTemplates/notification_html.tpl");
caSendmail($t_user->get('email'), $this->request->config->get("ca_admin_email"), $vs_subject_line, $vs_mail_message_text, $vs_mail_message_html);
}
break;
} else {
$this->notification->addNotification(_t("Invalid user"), __NOTIFICATION_TYPE_INFO__);
$ps_action = "reset_failure";
}
}
$this->view->setVar("action", $ps_action);
$this->render('LoginReg/form_reset_html.php');
}
}
<?php
require '../../../setup.php';
require_once __CA_LIB_DIR__ . "/core/Db.php";
require_once __CA_MODELS_DIR__ . "/ca_users.php";
$o_db = new Db();
$q_users = $o_db->query("select user_id from ca_users");
$t_user = new ca_users();
while ($q_users->nextRow()) {
$t_user->load($q_users->get("user_id"));
$t_user->setMode(ACCESS_WRITE);
$t_user->setPreference("user_profile_field_of_research", $t_user->getVar("field_of_research"));
$t_user->update();
}
public function Save()
{
// Field to user profile preference mapping
$va_mapping = array('billing_organization' => 'user_profile_organization', 'billing_address1' => 'user_profile_address1', 'billing_address2' => 'user_profile_address2', 'billing_city' => 'user_profile_city', 'billing_zone' => 'user_profile_state', 'billing_postal_code' => 'user_profile_postalcode', 'billing_country' => 'user_profile_country', 'billing_phone' => 'user_profile_phone', 'billing_fax' => 'user_profile_fax', 'shipping_organization' => 'user_profile_organization', 'shipping_address1' => 'user_profile_address1', 'shipping_address2' => 'user_profile_address2', 'shipping_city' => 'user_profile_city', 'shipping_zone' => 'user_profile_state', 'shipping_postal_code' => 'user_profile_postalcode', 'shipping_country' => 'user_profile_country', 'shipping_phone' => 'user_profile_phone', 'shipping_fax' => 'user_profile_fax');
$va_errors = array();
$va_failed_insert_list = array();
$va_fields = $this->opt_order->getFormFields();
foreach ($va_fields as $vs_f => $va_field_info) {
switch ($vs_f) {
case 'transaction_id':
// noop
break;
default:
if (isset($_REQUEST[$vs_f])) {
if (!$this->opt_order->set($vs_f, $this->request->getParameter($vs_f, pString))) {
$va_errors[$vs_f] = $this->opt_order->errors();
}
}
break;
}
}
// Set additional fees for order
$va_fees = $this->opo_client_services_config->getAssoc('additional_order_fees');
if (is_array($va_fees)) {
if (!is_array($va_fee_values = $this->opt_order->get('additional_fees'))) {
$va_fee_values = array();
}
foreach ($va_fees as $vs_code => $va_info) {
$va_fee_values[$vs_code] = (double) $this->request->getParameter("additional_fee_{$vs_code}", pString);
}
$this->opt_order->set('additional_fees', $va_fee_values);
}
$this->opt_order->setMode(ACCESS_WRITE);
if ($this->opt_order->getPrimaryKey()) {
$this->opt_order->update();
$vn_transaction_id = $this->opt_order->get('transaction_id');
} else {
// Set transaction
if (!($vn_transaction_id = $this->request->getParameter('transaction_id', pInteger))) {
if (!($vn_user_id = $this->request->getParameter('transaction_user_id', pInteger))) {
if ($vs_user_name = $this->request->getParameter('billing_email', pString)) {
// Try to create user in-line
$t_user = new ca_users();
if ($t_user->load(array('user_name' => $vs_user_name))) {
if ($t_user->get('active') == 1) {
// user is active - if not active don't use
if ($t_user->get('userclass') == 255) {
// user is deleted
$t_user->setMode(ACCESS_WRITE);
$t_user->set('userclass', 1);
// 1=public user (no back-end login)
$t_user->update();
if ($t_user->numErrors()) {
$this->notification->addNotification(_t('Errors occurred when undeleting user: %1', join('; ', $t_user->getErrors())), __NOTIFICATION_TYPE_ERROR__);
} else {
$vn_user_id = $t_user->getPrimaryKey();
}
} else {
$vn_user_id = $t_user->getPrimaryKey();
}
} else {
$t_user->setMode(ACCESS_WRITE);
$t_user->set('active', 1);
$t_user->set('userclass', 1);
// 1=public user (no back-end login)
$t_user->update();
if ($t_user->numErrors()) {
$this->notification->addNotification(_t('Errors occurred when reactivating user: %1', join('; ', $t_user->getErrors())), __NOTIFICATION_TYPE_ERROR__);
} else {
$vn_user_id = $t_user->getPrimaryKey();
}
}
} else {
$t_user->setMode(ACCESS_WRITE);
$t_user->set('user_name', $vs_user_name);
$t_user->set('password', $vs_password = substr(md5(uniqid(microtime())), 0, 6));
$t_user->set('userclass', 1);
// 1=public user (no back-end login)
$t_user->set('fname', $vs_fname = $this->request->getParameter('billing_fname', pString));
$t_user->set('lname', $vs_lname = $this->request->getParameter('billing_lname', pString));
$t_user->set('email', $vs_user_name);
$t_user->insert();
if ($t_user->numErrors()) {
$this->notification->addNotification(_t('Errors occurred when creating new user: %1', join('; ', $t_user->getErrors())), __NOTIFICATION_TYPE_ERROR__);
} else {
$vn_user_id = $t_user->getPrimaryKey();
$this->notification->addNotification(_t('Created new client login for <em>%1</em>. Login name is <em>%2</em> and password is <em>%3</em>', $vs_fname . ' ' . $vs_lname, $vs_user_name, $vs_password), __NOTIFICATION_TYPE_INFO__);
// Create related entity?
}
}
}
}
if ($vn_user_id) {
// try to create transaction
$t_trans = new ca_commerce_transactions();
$t_trans->setMode(ACCESS_WRITE);
$t_trans->set('user_id', $vn_user_id);
$t_trans->set('short_description', "Created on " . date("c"));
$t_trans->set('set_id', null);
$t_trans->insert();
if ($t_trans->numErrors()) {
$this->notification->addNotification(_t('Errors occurred when creating commerce transaction: %1', join('; ', $t_trans->getErrors())), __NOTIFICATION_TYPE_ERROR__);
} else {
$vn_transaction_id = $t_trans->getPrimaryKey();
}
} else {
$this->notification->addNotification(_t('You must specify a client'), __NOTIFICATION_TYPE_ERROR__);
$va_errors['general'][] = new Error(1100, _t('You must specify a client'), 'CheckOutController->Save()', false, false, false);
}
}
$this->opt_order->set('transaction_id', $vn_transaction_id);
if ($vn_transaction_id) {
$this->opt_order->set('order_type', 'L');
// L = loan (as opposed to 'O' for sales orders)
$this->opt_order->set('order_status', 'OPEN');
$this->opt_order->insert();
$this->request->setParameter('order_id', $x = $this->opt_order->getPrimaryKey());
}
}
if ($vn_transaction_id) {
// set user profile if not already set
$t_trans = new ca_commerce_transactions($vn_transaction_id);
$t_user = new ca_users($t_trans->get('user_id'));
$t_user->setMode(ACCESS_WRITE);
foreach ($va_mapping as $vs_field => $vs_pref) {
if (!strlen($t_user->getPreference($vs_pref))) {
$t_user->setPreference($vs_pref, $this->opt_order->get($vs_field));
}
}
$t_user->update();
$va_additional_fee_codes = $this->opo_client_services_config->getAssoc('additional_loan_fees');
// Look for newly added items
$vn_items_added = 0;
$vn_item_errors = 0;
$vs_errors = '';
foreach ($_REQUEST as $vs_k => $vs_v) {
if (preg_match("!^item_list_idnew_([\\d]+)\$!", $vs_k, $va_matches)) {
if ($vn_object_id = (int) $vs_v) {
// add item to order
$va_values = array();
foreach ($_REQUEST as $vs_f => $vs_value) {
if (preg_match("!^item_list_([A-Za-z0-9_]+)_new_" . $va_matches[1] . "\$!", $vs_f, $va_matches2)) {
$va_values[$va_matches2[1]] = $vs_value;
}
}
// Set additional fees
//
$va_fee_values = array();
foreach ($va_additional_fee_codes as $vs_code => $va_info) {
$va_fee_values[$vs_code] = $_REQUEST['additional_order_item_fee_' . $vs_code . '_new_' . $va_matches[1]];
}
$t_item = $this->opt_order->addItem($vn_object_id, $va_values, array('additional_fees' => $va_fee_values));
if ($t_item && $t_item->getPrimaryKey()) {
$vn_items_added++;
} else {
if ($this->opt_order->numErrors()) {
$t_object = new ca_objects($vn_object_id);
$this->notification->addNotification(_t('Could not check-out item <em>%1</em> (%2) due to errors: %3', $t_object->get('ca_objects.preferred_labels.name'), $t_object->get('idno'), join("; ", $this->opt_order->getErrors())), __NOTIFICATION_TYPE_ERROR__);
$vn_item_errors++;
$va_fee_values_proc = array();
foreach ($va_fee_values as $vs_k => $vs_v) {
$va_fee_values_proc['ADDITIONAL_FEE_' . $vs_k] = $vs_v;
}
$va_failed_insert_list[] = array_merge($va_values, $va_fee_values_proc, array('autocomplete' => $_REQUEST['item_list_autocompletenew_' . $va_matches[1]], 'id' => $vn_object_id));
}
}
}
}
}
if (!$this->opt_order->numErrors() && $vn_items_added) {
$this->notification->addNotification(_t('Checked out %1 %2 for %3 (order %4)', $vn_items_added, $vn_items_added == 1 ? _t('item') : _t('items'), $t_user->get('fname') . ' ' . $t_user->get('lname'), $this->opt_order->getOrderNumber()), __NOTIFICATION_TYPE_INFO__);
$this->opt_order->set('order_status', 'PROCESSED');
$this->opt_order->update();
$this->opt_order = new ca_commerce_orders();
$this->request->setParameter('order_id', null);
$this->view->setVar('t_order', $this->opt_order);
$this->view->setVar('order_id', $this->opt_order->getPrimaryKey());
$this->view->setVar('t_item', $this->opt_order);
} else {
if ($vn_items_added == 0 && $this->opt_order->numErrors() == 0) {
$vs_errors = _t('No items were specified');
} else {
if ($vn_item_errors == 0) {
$vs_errors = join('; ', $this->opt_order->getErrors());
}
}
if ($vs_errors) {
$va_errors['general'] = $this->opt_order->errors();
$this->notification->addNotification(_t('Errors occurred: %1', $vs_errors), __NOTIFICATION_TYPE_ERROR__);
}
}
}
$this->view->setVar('errors', $va_errors);
$this->view->setVar('failed_insert_list', $va_failed_insert_list);
$this->Index();
}
function resetSave()
{
$ps_action = $this->request->getParameter('action', pString);
$ps_key = $this->request->getParameter('key', pString);
$ps_key = preg_replace("/[^A-Za-z0-9]+/", "", $ps_key);
$this->view->setVar("key", $ps_key);
$o_check_key = new Db();
$qr_check_key = $o_check_key->query("\n\t\t\t\tSELECT user_id \n\t\t\t\tFROM ca_users \n\t\t\t\tWHERE\n\t\t\t\t\tmd5(concat(concat(user_id, '/'), password)) = ?\n\t\t\t", $ps_key);
#
# Check reset key
#
if (!$qr_check_key->nextRow() || !($vs_user_id = $qr_check_key->get("user_id"))) {
$this->view->setVar("action", "reset_failure");
$this->render('LoginReg/resetpw_html.php');
} else {
$ps_password = $this->request->getParameter('password', pString);
$ps_password_confirm = $this->request->getParameter('password_confirm', pString);
switch ($ps_action) {
case 'reset_save':
if (!$ps_password || !$ps_password_confirm) {
$this->view->setVar("password_error", _t("Please enter and re-type your password."));
$ps_action = "reset";
break;
}
if ($ps_password != $ps_password_confirm) {
$this->view->setVar("password_error", _t("Passwords do not match. Please try again."));
$ps_action = "reset";
break;
}
$t_user = new ca_users();
$t_user->load($vs_user_id);
# verify user exists with this e-mail address
if ($t_user->getPrimaryKey()) {
# user with e-mail already exists...
$t_user->setMode(ACCESS_WRITE);
$t_user->set("password", $ps_password);
$t_user->update();
if ($t_user->numErrors()) {
$this->notification->addNotification(join("; ", $t_user->getErrors()), __NOTIFICATION_TYPE_INFO__);
$ps_action = "reset_failure";
} else {
$ps_action = "reset_success";
# -- generate mail text from template
ob_start();
require $this->request->getViewsDirectoryPath() . "/mailTemplates/notification.tpl";
$vs_mail_message = ob_get_contents();
ob_end_clean();
caSendmail($t_user->get('email'), $this->request->config->get("ca_admin_email"), "[" . $this->request->config->get("app_display_name") . "] " . _t("Your password has been reset"), $vs_mail_message);
}
break;
} else {
$this->notification->addNotification(_t("Invalid user"), __NOTIFICATION_TYPE_INFO__);
$ps_action = "reset_failure";
}
}
$this->view->setVar("action", $ps_action);
$this->render('LoginReg/resetpw_html.php');
}
}