$smarty->assign('link_to_op', "login.php");
$smarty->assign('hint_text', lang_get('link_back_to_login'));
$smarty->display('workAreaSimple.tpl');
exit;
}
$args = init_args();
doDBConnect($db, database::ONERROREXIT);
$message = lang_get('your_info_please');
if ($args->doEditUser) {
if (strcmp($args->password, $args->password2)) {
$message = lang_get('passwd_dont_match');
} else {
$user = new tlUser();
$rx = $user->checkPasswordQuality($args->password);
if ($rx['status_ok'] >= tl::OK) {
$result = $user->setPassword($args->password);
if ($result >= tl::OK) {
$user->login = $args->login;
$user->emailAddress = $args->email;
$user->firstName = $args->firstName;
$user->lastName = $args->lastName;
$result = $user->writeToDB($db);
$cfg = config_get('notifications');
if ($cfg->userSignUp->enabled) {
notifyGlobalAdmins($db, $user);
}
logAuditEvent(TLS("audit_users_self_signup", $args->login), "CREATE", $user->dbID, "users");
redirect(TL_BASE_HREF . "login.php?note=first");
exit;
} else {
$message = getUserErrorMessage($result);
/**
* authorization function verifies login & password and set user session data
* return map
*
* we need an option to skip existent session block, in order to use
* feature that requires login when session has expired and user has some data
* not saved. (ajaxlogin on login.php page)
*/
function doAuthorize(&$db, $login, $pwd, $options = null)
{
global $g_tlLogger;
$result = array('status' => tl::ERROR, 'msg' => null);
$_SESSION['locale'] = TL_DEFAULT_LOCALE;
$my['options'] = array('doSessionExistsCheck' => true);
$my['options'] = array_merge($my['options'], (array) $options);
$doLogin = false;
if (!is_null($pwd) && !is_null($login)) {
$user = new tlUser();
$user->login = $login;
$login_exists = $user->readFromDB($db, tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK;
if ($login_exists) {
$password_check = auth_does_password_match($user, $pwd);
if (!$password_check->status_ok) {
$result = array('status' => tl::ERROR, 'msg' => null);
}
$doLogin = $password_check->status_ok && $user->isActive;
if (!$doLogin) {
logAuditEvent(TLS("audit_login_failed", $login, $_SERVER['REMOTE_ADDR']), "LOGIN_FAILED", $user->dbID, "users");
}
} else {
$authCfg = config_get('authentication');
if ($authCfg['ldap_automatic_user_creation']) {
$user->authentication = 'LDAP';
// force for auth_does_password_match
$check = auth_does_password_match($user, $pwd);
if ($check->status_ok) {
$user = new tlUser();
$user->login = $login;
$user->authentication = 'LDAP';
$user->isActive = true;
$user->setPassword($pwd);
// write password on DB anyway
$user->emailAddress = ldap_get_field_from_username($user->login, strtolower($authCfg['ldap_email_field']));
$user->firstName = ldap_get_field_from_username($user->login, strtolower($authCfg['ldap_firstname_field']));
$user->lastName = ldap_get_field_from_username($user->login, strtolower($authCfg['ldap_surname_field']));
$user->firstName = is_null($user->firstName) || strlen($user->firstName) == 0 ? $login : $user->firstName;
$user->lastName = is_null($user->lastName) || strlen($user->lastName) == 0 ? $login : $user->lastName;
$doLogin = $user->writeToDB($db) == tl::OK;
}
}
}
}
if ($doLogin) {
// After some tests (I'm very tired), seems that re-reading is best option
$user = new tlUser();
$user->login = $login;
$user->readFromDB($db, tlUser::USER_O_SEARCH_BYLOGIN);
// Need to do set COOKIE following Mantis model
$auth_cookie_name = config_get('auth_cookie');
$expireOnBrowserClose = false;
setcookie($auth_cookie_name, $user->getSecurityCookie(), $expireOnBrowserClose, '/');
// Disallow two sessions within one browser
if ($my['options']['doSessionExistsCheck'] && isset($_SESSION['currentUser']) && !is_null($_SESSION['currentUser'])) {
$result['msg'] = lang_get('login_msg_session_exists1') . ' <a style="color:white;" href="logout.php">' . lang_get('logout_link') . '</a>' . lang_get('login_msg_session_exists2');
} else {
// Setting user's session information
$_SESSION['currentUser'] = $user;
$_SESSION['lastActivity'] = time();
$g_tlLogger->endTransaction();
$g_tlLogger->startTransaction();
setUserSession($db, $user->login, $user->dbID, $user->globalRoleID, $user->emailAddress, $user->locale, null);
$result['status'] = tl::OK;
}
}
return $result;
}
/**
* reset user password in DB
*
* @param resource &$db reference to database handler
* @param integer $userID
* @param string $newPasswordSendMethod, default 'send_password_by_mail'
*
* @return hash
* status: integer result status code
* password: new password
* msg: error message (if any)
*/
function resetPassword(&$db, $userID, $passwordSendMethod = 'send_password_by_mail')
{
$retval = array('status' => tl::OK, 'password' => '', 'msg' => '');
$user = new tlUser($userID);
$retval['status'] = $user->readFromDB($db);
// Reset can be done ONLY if user authentication method allows it.
$doIt = false;
if ($retval['status'] >= tl::OK) {
$cfg = config_get('authentication');
$cfg = $cfg['domain'];
$doIt = isset($cfg[$user->authentication]) && $cfg[$user->authentication]['allowPasswordManagement'];
}
if ($doIt) {
$retval['status'] = tlUser::E_EMAILLENGTH;
if (trim($user->emailAddress) != "") {
$newPassword = tlUser::generatePassword(8, 4);
$retval['status'] = $user->setPassword($newPassword, $cfg[$user->authentication]);
if ($retval['status'] >= tl::OK) {
$retval['password'] = $newPassword;
$mail_op = new stdClass();
$mail_op->status_ok = false;
if ($passwordSendMethod == 'send_password_by_mail') {
$msgBody = lang_get('your_password_is') . "\n\n" . $newPassword . "\n\n" . lang_get('contact_admin');
$mail_op = @email_send(config_get('from_email'), $user->emailAddress, lang_get('mail_passwd_subject'), $msgBody);
}
if ($mail_op->status_ok || $passwordSendMethod == 'display_on_screen') {
$retval['status'] = $user->writePasswordToDB($db);
} else {
$retval['status'] = tl::ERROR;
$retval['msg'] = $mail_op->msg;
}
}
}
}
$retval['msg'] = $retval['msg'] != "" ? $retval['msg'] : getUserErrorMessage($retval['status']);
return $retval;
}
/**
* Create user
*
* @param struct $args
* @param string $args["devKey"]
* @param string $args["user"]
* @param string $args["email"]
* @param string $args["firstName"]
* @param string $args["lastName"]
* @param boolean $args["admin"]
* @return int
* @access public
*/
public function createUser($args)
{
$this->_setArgs($args);
if (!$this->authenticate()) {
return $this->errors;
}
$login = $this->args[self::$userParamName];
$email = $this->args['email'];
$firstName = $this->args['firstName'];
$lastName = $this->args['lastName'];
$admin = $this->args['admin'];
$user_id = tlUser::doesUserExist($this->dbObj, $login);
if (!is_null($user_id)) {
$this->errors[] = new IXR_ERROR(100002, 'User already exists');
} else {
$user = new tlUser();
$user->login = $login;
$user->authentication = 'LDAP';
$user->isActive = true;
$user->setPassword('');
$user->emailAddress = $email;
$user->firstName = $firstName;
$user->lastName = $lastName;
$roleId = tlRole::doesRoleExist($this->dbObj, 'admin', 0);
if (!is_null($roleId) and $admin) {
$user->globalRoleID = $roleId;
}
if ($user->writeToDB($this->dbObj) == tl::OK) {
return tlUser::doesUserExist($this->dbObj, $login);
}
$this->errors[] = new IXR_ERROR(100003, 'Error creating user');
}
return $this->errors;
}
/**
* reset user password in DB
*
* @param resource &$db reference to database handler
* @param integer $userID
* @param string &$errorMsg reference to error message
*
* @return integer result status code
*/
function resetPassword(&$db, $userID, &$errorMsg)
{
$errorMsg = '';
$user = new tlUser($userID);
$result = $user->readFromDB($db);
if ($result >= tl::OK) {
$result = tlUser::E_EMAILLENGTH;
if ($user->emailAddress != "") {
$newPassword = tlUser::generatePassword(8, 4);
$result = $user->setPassword($newPassword);
if ($result >= tl::OK) {
// BUGID 3396
$msgBody = lang_get('your_password_is') . "\n\n" . $newPassword . "\n\n" . lang_get('contact_admin');
$mail_op = @email_send(config_get('from_email'), $user->emailAddress, lang_get('mail_passwd_subject'), $msgBody);
if ($mail_op->status_ok) {
$result = $user->writePasswordToDB($db);
// BUGID 3396
} else {
$result = tl::ERROR;
$errorMsg = $mail_op->msg;
}
}
}
}
$errorMsg = $errorMsg != "" ? $errorMsg : getUserErrorMessage($result);
return $result;
}
