public function showTeam($teamid) { global $tmpl; global $db; $team = new team($teamid); if (!$team->exists()) { $tmpl->setTemplate('NoPerm'); return; } if (!$tmpl->setTemplate('teamSystemProfile')) { $tmpl->noTemplateFound(); die; } // FIXME: implement something to avoid hardcoded paths $tmpl->assign('pmLink', '../PM/?add&teamid=' . $teamid); $tmpl->assign('status', $team->getStatus()); $tmpl->assign('title', 'Team ' . htmlent($team->getName())); // the team's leader $teamLeader = $team->getLeaderId(); $teamData = array(); $teamData['profileLink'] = './?profile=' . $team->getID(); $teamData['name'] = $team->getName(); $teamData['score'] = $team->getScore(); $teamData['scoreClass'] = $this->rankScore($teamData['score']); $teamData['matchSearchLink'] = '../Matches/?search_string=' . $teamData['name'] . '&search_type=team+name' . '&search_result_amount=200' . '&search=Search'; $teamData['matchCount'] = $team->getMatchCount(); $teamData['memberCount'] = $team->getMemberCount(); $teamData['leaderLink'] = '../Players/?profile=' . $team->getLeaderId(); $teamData['leaderName'] = (new \user($team->getLeaderId()))->getName(); $teamData['activityNew'] = $team->getActivityNew(); $teamData['activityOld'] = $team->getActivityOld(); $teamData['created'] = $team->getCreationTimestampStr(); $teamData['wins'] = $team->getMatchCount('won'); $teamData['draws'] = $team->getMatchCount('draw'); $teamData['losses'] = $team->getMatchCount('lost'); $teamData['logo'] = $team->getAvatarURI(); $tmpl->assign('teamDescription', $team->getDescription()); $tmpl->assign('team', $teamData); $tmpl->assign('teamid', $teamid); $tmpl->assign('canPMTeam', \user::getCurrentUserLoggedIn() && \user::getCurrentUserId() > 0 ? true : false); // tell template if user can edit this team $tmpl->assign('canEditTeam', \user::getCurrentUserLoggedIn() && \user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_edit_any_team_profile')); // tell template if user can delete this team // either user has deletion permission for team // or user is leader of team and there are one or less members in team $tmpl->assign('canDeleteTeam', $team->getStatus() !== 'deleted' && (\user::getCurrentUser()->getPermission('team.allowDelete ' . $team->getID()) || \user::getCurrentUser()->getPermission('allow_delete_any_team') || \user::getCurrentUserId() === $team->getLeaderId())); $showMemberActionOptions = false; if (\user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_kick_any_team_members')) { $showMemberActionOptions = true; } $members = array(); $memberids = $team->getUserIds(); foreach ($memberids as $memberid) { $user = new \user($memberid); $member = array(); // rename db result fields and assemble some additional informations // use a temporary array for better readable (but slower) code if (!$showMemberActionOptions && \user::getCurrentUserId() === $memberid) { $showMemberActionOptions = true; } $member['profileLink'] = '../Players/?profile=' . $user->getID(); $member['userName'] = $user->getName(); $member['permissions'] = $teamLeader === $memberid ? 'Leader' : 'Standard'; if ($country = $user->getCountry()) { $member['countryName'] = $country->getName(); if (strlen($country->getFlag()) > 0) { $member['countryFlag'] = $country->getFlag(); } } $member['joined'] = $user->getJoinTimestampStr(); $member['last_login'] = $user->getLastLoginTimestampStr(); // show leave/kick links if permission is given // a team leader can neither leave or be kicked // a leader must first give someone else leadership to leave if ((\user::getCurrentUserId() === $teamLeader || \user::getCurrentUser()->getPermission('allow_kick_any_team_members') || \user::getCurrentUserId() === $user->getID()) && $user->getID() !== $teamLeader) { $member['removeLink'] = './?remove=' . $user->getID() . '&team=' . $teamid; if (\user::getCurrentUserId() === $user->getID()) { $member['removeDescription'] = 'Leave team'; } else { $member['removeDescription'] = 'Kick member from team'; } } // append current member data $members[] = $member; unset($user); } $tmpl->assign('members', $members); $tmpl->assign('showMemberActionOptions', $showMemberActionOptions); // show last entered matches $matches = array(); // show available options if any available $allowEdit = \user::getCurrentUser()->getPermission('allow_edit_match'); $allowDelete = \user::getCurrentUser()->getPermission('allow_delete_match'); $tmpl->assign('showMatchActionOptions', $allowEdit || $allowDelete); $tmpl->assign('allowEdit', $allowEdit); $tmpl->assign('allowDelete', $allowDelete); // get match data // sort the data by id to find out if abusers entered a match at a long time in the past $query = $db->prepare('SELECT `timestamp`,`team1_id`,`team2_id`,' . '(SELECT `name` FROM `teams` WHERE `id`=`team1_id`) AS `team1_name`' . ',(SELECT `name` FROM `teams` WHERE `id`=`team2_id`) AS `team2_name`' . ',`team1_points`,`team2_points`,`userid`' . ',(SELECT `users`.`name` FROM `users`' . ' WHERE `users`.`id`=`matches`.`userid`)' . ' AS `username`' . ',`matches`.`id`' . ' FROM `matches` WHERE `matches`.`team1_id`=?' . ' OR `matches`.`team2_id`=?' . ' ORDER BY `id` DESC LIMIT 0,10'); $db->execute($query, array($teamid, $teamid)); while ($row = $db->fetchRow($query)) { // rename db result fields and assemble some additional informations // use a temporary array for better readable (but slower) code $prepared = array(); $prepared['time'] = $row['timestamp']; $prepared['team1Link'] = '../Teams/?profile=' . $row['team1_id']; $prepared['team2Link'] = '../Teams/?profile=' . $row['team2_id']; $prepared['team1Name'] = $row['team1_name']; $prepared['team2Name'] = $row['team2_name']; $prepared['score1'] = $row['team1_points']; $prepared['score2'] = $row['team2_points']; $prepared['lastModById'] = $row['userid']; $prepared['lastModByName'] = $row['username']; $prepared['lastModByLink'] = '../Players/?profile=' . $prepared['lastModById']; if ($allowEdit) { $prepared['editLink'] = '../Matches/?edit=' . $row['id']; } if ($allowDelete) { $prepared['deleteLink'] = '../Matches/?delete=' . $row['id']; } $matches[] = $prepared; } $tmpl->assign('matches', $matches); // invitation data visible // for team members // for users who can issue any invitation if (\user::getCurrentUser()->getMemberOfTeam($teamid) || \user::getCurrentUser()->getPermission('allow_invite_in_any_team')) { $invitationData = array(); $invitations = invitation::getInvitationsForTeam($teamid); foreach ($invitations as $invitation) { $invitationUser = $invitation->getUsers()[0]; $invitationData[] = array('userName' => $invitationUser->getName(), 'profileLink' => '../Players/?profile=' . $invitationUser->getID(), 'expiration' => $invitation->getExpiration()); } $tmpl->assign('invitations', $invitationData); } }
if (!($aData['token'] = $this->token->createToken('invitation', $account_id))) { $this->setErrorMessage($this->getErrorMsg('E0027', $this->token->getError())); return false; } $aData['username'] = $this->user->getUserName($account_id); $aData['subject'] = 'Pending Invitation'; $this->log->log("info", $this->user->getUserName($account_id) . " sent an invitation"); if ($this->mail->sendMail('invitations/body', $aData)) { $aToken = $this->token->getToken($aData['token'], 'invitation'); if (!$this->createInvitation($account_id, $aData['email'], $aToken['id'])) { return false; } return true; } else { $this->log->log("warn", $this->user->getUserName($account_id) . " sent an invitation but failed to send e-mail"); $this->setErrorMessage($this->getErrorMsg('E0028')); } $this->setErrorMessage($this->getErrorMsg('E0029')); return false; } } // Instantiate class $invitation = new invitation(); $invitation->setDebug($debug); $invitation->setLog($log); $invitation->setMysql($mysqli); $invitation->setMail($mail); $invitation->setUser($user); $invitation->setToken($oToken); $invitation->setConfig($config); $invitation->setErrorCodes($aErrorCodes);
public function getAllowedToJoinTeam($teamid) { // not logged in or unidentified user can never join if ($this->origUserId === 0) { return false; } // investigate team $team = new team($teamid); // can not join deleted team if ($team->getStatus() === 'deleted') { return false; } // leader can always join own team (e.g. during team creation) if ($team->getLeaderId() === $this->origUserId) { return true; } require_once dirname(__FILE__) . '/invitation.php'; return $this->getPermission('allow_join_any_team') || (new team($teamid))->getOpen() || invitation::getInvitationsForTeam($teamid, $this->origUserId); }
protected function reactivateTeam() { global $tmpl; // perform sanity checks if (($result = $this->sanityCheck()) !== true) { $tmpl->assign('error', $result === false ? 'An unknown error occurred while checking your request' : $result); return; } $tmpl->assign('teamName', $this->team->getName()); $tmpl->assign('teamid', $this->team->getID()); $tmpl->assign('userName', $this->user->getName()); $tmpl->assign('userid', $this->user->getID()); // reactivate team with chosen leader // issue an invitation for team leader so he can join $invitation = new invitation(); $invitation->forUserId($this->user->getID()); $invitation->toTeam($this->team->getID()); $invitation->insert(false); // now change team status to reactivate and add the user to team then make the user leader if (!$this->team->setStatus('reactivated') || !$this->team->update() || !$this->user->addTeamMembership($this->team->getID()) || !$this->user->update() || !$this->team->setLeaderId($this->user->getID()) || !$this->team->update()) { /* var_dump($this->user->addTeamMembership($this->team->getID())); */ $tmpl->assign('error', 'An unknown error occurred while reactivating the team.'); } else { // notify team members using a private message $pm = new pm(); $pm->setSubject(\user::getCurrentUser()->getName() . ' reactivated team ' . $this->team->getName()); $pm->setContent('Congratulations: Player ' . \user::getCurrentUser()->getName() . ' reactivated team ' . $this->team->getName() . ' with you as its leader.'); $pm->setTimestamp(date('Y-m-d H:i:s')); $pm->addUserID($this->user->getID()); // send it $pm->send(); // tell user that team reactivation was successful $tmpl->assign('teamReactivationSuccessful', true); } }
private function doLogin($moduleInstance, $moduleName) { global $config; // if used login module is not local, then an external login has been used $externalLogin = strcasecmp($moduleName, 'local') !== 0; // init user id to reserved value 0 $uid = 0; // load operations framework include dirname(__FILE__) . '/classes/userOperations.php'; $userOperations = new userOperations(); if ($externalLogin) { // lookup internal id using external id $uid = \user::getIdByExternalId($moduleInstance->getID()); } else { // local login id is equal to internal login id by definition $uid = $moduleInstance->getID(); } // if uid is 0 this means // either new user // or user already registered using local login if ($uid === 0) { if ($externalLogin) { // try to recover uid by username based db lookup $uid_list = \user::getIdByName($moduleInstance->getName()); // iterate through the list, trying to update old callsigns // and hoping to find the proper user account for this login attempt foreach ($uid_list as $one_uid) { // check external login id for match with external login module id // $moduleInstance->getID() must have a valid value if login got approved // by the external login module used $user = new \user($one_uid); $servicematch = false; foreach ($user->getExternalIds as $eservice) { // only act on matching service type if ($eservice->service === $moduleInstance->getType) { $servicematch = true; if ($eservice->euid !== $moduleInstance->getID()) { // try to resolve the name conflict by updating a username that might be forgotten $userOperations->updateUserName($one_uid, $eservice->euid, $moduleInstance->getName()); } else { $uid = $one_uid; break; } } } if (!$servicematch) { $uid = $one_uid; } } unset($servicematch); unset($eservice); unset($uid_list); unset($one_uid); } // init newUser to false (do not send welcome message by default) $newUser = false; // find out if an internal id can be found for callsign $newUser = $uid !== 0 ? false : true; if ($newUser) { // a new user, be happy :) if ($config->getValue('login.welcome.summary')) { $this->moduleOutput[] = strval($config->getValue('login.welcome.summary')); } else { $this->moduleOutput[] = 'Welcome and thanks for registering on this website.'; } // register the account on db if ($uid = $userOperations->registerAccount($moduleInstance, $externalLogin)) { // send welcome message if registering was successful \pm::sendWelcomeMessage($uid); } } else { // existing account with no external login // call logout as bandaid for erroneous login modules $user->logout(); $this->moduleOutput[] = 'This account does not have any external logins enabled. ' . 'You may try using ' . '<a href="./?module=local&action=form">local login</a>' . ' first.'; // login failed without any possibility to recover from user error return false; } // does a user try to log in using reserved id 0? if ($uid === 0) { // call logout as bandaid for erroneous login modules // these may log the user in, even though they never should $user->logout(); $this->moduleOutput[] = 'An internal error occurred: $uid === 0 on login.'; return false; } } $user = new \user($uid); // re-activate deleted accounts // stop processing disabled/banned or broken accounts // call logout as bandaid for erroneous login modules $status = $user->getStatus(); switch ($status) { case 'active': break; case 'deleted': $user->setStatus('active'); break; case 'login disabled': $this->moduleOutput[] = 'Your account is disabled: No login possible.'; $user->logout(); return false; break; // TODO: implement site wide ban list // TODO: implement site wide ban list case 'banned': $this->moduleOutput[] = 'You have been banned from this website.'; $user->logout(); return false; break; default: $this->moduleOutput[] = 'The impossible happened: Account status is' . htmlent($status) . '.'; $user->logout(); return false; } if ($uid > 0) { // update username first because online user list uses the name directly instead of an id //hmm, uid := $moduleInstance->getID() $userOperations->updateUserName($uid, $externalLogin ? $moduleInstance->getID() : 0, $moduleInstance->getName()); user::setCurrentUserID($uid); $moduleInstance->givePermissions(); $userOperations->addToVisitsLog($uid); $user->setLastLogin(); $user->update(); $userOperations->addToOnlineUserList($moduleInstance->getName(), $uid); invitation::deleteOldInvitations(); $this->moduleOutput[] = 'Login was successful!'; return true; } else { $user->logout(); } return false; }