/** * validate input params for create method * @param array $p object properties * @return varchar|true Return error message or boolean true */ private function validateInputParamsForCreate(&$p) { if (empty($p['template_id']) && !empty($p['tmplId'])) { $p['template_id'] = $p['tmplId']; } if (!isset($p['template_id'])) { return 'template_id not specified'; } if (!is_numeric($p['template_id'])) { return 'template_id not valid'; } if (!isset($p['pid'])) { return 'pid not specified'; } if (!is_numeric($p['pid'])) { return 'pid not valid'; } if (!isset($p['oid'])) { if (!isset($p['owner'])) { return 'owner not specified'; } $p['oid'] = is_numeric($p['owner']) ? $p['owner'] : DM\User::getIdByName($p['owner']); } if (!is_numeric($p['oid'])) { return 'invalid owner specified'; } return true; }
/** * process a message: * - replace urls with links * - replace object references with links * @param varchar $message */ public static function processAndFormatMessage($message, $replacements = 'user,object,url') { if (empty($message)) { return $message; } $replacements = Util\toTrimmedArray($replacements); // replace urls with links if (in_array('url', $replacements)) { $message = \Kwi\UrlLinker::getInstance()->linkUrlsAndEscapeHtml($message); } //replace object references with links if (in_array('object', $replacements) && preg_match_all('/(.?)#(\\d+)(.?)/', $message, $matches, PREG_SET_ORDER)) { foreach ($matches as $match) { // check if not a html code if ($match[1] == '&' && $match[3] == ';') { continue; } $templateId = Objects::getTemplateId($match[2]); $name = Objects::getName($match[2]); $name = strlen($name) > 30 ? mb_substr($name, 0, 30) . '…' : $name; $message = str_replace($match[0], $match[1] . '<a class="click obj-ref" itemid="' . $match[2] . '" templateid= "' . $templateId . '" title="' . $name . '"' . '>#' . $match[2] . '</a>' . $match[3], $message); } } //replace users with their names if (in_array('user', $replacements) && preg_match_all('/@([\\w\\.\\-]+[\\w])/', $message, $matches, PREG_SET_ORDER)) { foreach ($matches as $match) { $userId = DM\User::getIdByName($match[1]); if (is_numeric($userId)) { $userName = $match[1]; $message = str_replace($match[0], '<span class="cDB user-ref" title="' . User::getDisplayName($userId) . '">@' . $userName . '</span>', $message); } } } return $message; }
private function validateInputParamsForUpload(&$p) { if (!isset($p['pid'])) { return 'pid not specified'; } if (!is_numeric($p['pid'])) { return 'pid not valid'; } if (empty($p['template_id']) && !empty($p['tmplId'])) { $p['template_id'] = $p['tmplId']; } if (empty($p['template_id'])) { $p['template_id'] = \CB\Config::get('default_file_template'); if (empty($p['template_id'])) { return 'template not specified'; } } if (!empty($p['fileExistAction'])) { if (!in_array($p['fileExistAction'], array('newversion', 'replace', 'autorename'))) { return 'Invalid value for fileExistAction'; } $p['response'] = $p['fileExistAction']; unset($p['fileExistAction']); } if (!is_numeric($p['template_id'])) { return 'template id not valid'; } if (!empty($p['localFile'])) { if (!file_exists($p['localFile'])) { return 'File not found: ' . $p['localFile']; } } else { if (empty($_FILES)) { return 'No file found for upload'; } } if (empty($p['title'])) { if (!empty($p['filename'])) { $p['title'] = $p['filename']; unset($p['filename']); } else { if (!empty($p['localFile'])) { $p['title'] = basename($p['localFile']); } elseif (!empty($_FILES['file'])) { $p['title'] = $_FILES['file']['name']; } } } if (empty($p['title'])) { return 'Cannot detect file title'; } if (!isset($p['oid'])) { if (!isset($p['owner'])) { return 'owner not specified'; } if (is_numeric($p['owner'])) { if (DM\User::idExists($p['owner'])) { $p['oid'] = $p['owner']; } } else { $p['oid'] = DM\User::getIdByName($p['owner']); } } if (!is_numeric($p['oid'])) { return 'invalid owner specified'; } elseif (empty($p['cid'])) { $p['cid'] = $p['oid']; } return true; }
/** * login method for user authentication * @param varchar $login username * @param varchar $pass password * @return array json responce */ public static function login($login, $pass) { $logActionType = 'login'; $ips = '|' . Util\getIPs() . '|'; $coreName = Config::get('core_name'); @(list($login, $loginAs) = explode('/', $login)); $_SESSION['ips'] = $ips; $_SESSION['key'] = md5($ips . $login . $pass . time()); $_COOKIE['key'] = $_SESSION['key']; setcookie('key', $_SESSION['key'], 0, '/' . $coreName . '/', $_SERVER['SERVER_NAME'], !empty($_SERVER['HTTPS']), true); $rez = array('success' => false); $user_id = false; /* try to authentificate */ $res = DB\dbQuery('CALL p_user_login($1, $2, $3)', array($login, $pass, $ips)) or die(DB\dbQueryError()); if (($r = $res->fetch_assoc()) && $r['status'] == 1) { $user_id = $r['user_id']; } $res->close(); DB\dbCleanConnection(); if ($user_id) { $rez = array('success' => true, 'user' => array()); if (!empty($loginAs) && $login == 'root') { $user_id = DM\User::getIdByName($loginAs); } $r = User::getPreferences($user_id); if (!empty($r)) { $r['admin'] = Security::isAdmin($user_id); $r['manage'] = Security::canManage($user_id); $r['first_name'] = htmlentities($r['first_name'], ENT_QUOTES, 'UTF-8'); $r['last_name'] = htmlentities($r['last_name'], ENT_QUOTES, 'UTF-8'); //set default theme if (empty($r['cfg']['theme'])) { $r['cfg']['theme'] = 'classic'; } // do not expose security params unset($r['cfg']['security']); $rez['user'] = $r; $_SESSION['user'] = $r; setcookie('L', $r['language']); // set user groups $rez['user']['groups'] = UsersGroups::getGroupIdsForUser(); $_SESSION['user']['groups'] = $rez['user']['groups']; } } else { //check if login exists and add user id to session for logging $user_id = DM\User::getIdByName($login); if (!empty($user_id)) { $_SESSION['user']['id'] = $user_id; $logActionType = 'login_fail'; } $rez['msg'] = L\get('Auth_fail'); } // $logParams = array( // 'type' => $logActionType // ,'data' => array( // 'id' => @$_SESSION['user']['id'] // ,'name' => @Util\coalesce($_SESSION['user']['name'], $login) // ,'result' => isset($_SESSION['user']) // ,'info' => 'user: '.$login."\nip: ".$ips // ) // ); // Log::add($logParams); return $rez; }
/** * Check if userId (or current loged user) is an administrator * * @param int $userId * @return boolean */ public static function isAdmin($userId = false) { $rez = false; if ($userId == false) { $userId = User::getId(); } $var_name = 'is_admin' . $userId; if (!Cache::exist($var_name)) { Cache::set($var_name, DM\User::getIdByName('root') == $userId); } return Cache::get($var_name); }
} $user_id = null; $user_mail = null; if (!empty($e)) { if ($e = filter_var($e, FILTER_VALIDATE_EMAIL)) { $user_id = DM\User::getIdByEmail($e); if (empty($user_id)) { $_SESSION['e_msg'] = L\get('EmailNotFound'); header('location: ' . $coreUrl . 'recover/forgot-password/'); exit(0); } } else { $_SESSION['e_msg'] = L\get('InvalidEmail'); } } elseif (!empty($u)) { $user_id = DM\User::getIdByName($u); if (empty($user_id)) { $_SESSION['u_msg'] = L\get('UsernameNotFound'); header('location: ' . $coreUrl . 'recover/forgot-password/'); exit(0); } else { $user = User::getPreferences($user_id); $user_mail = empty($user['cfg']['security']['recovery_email']) ? $user['email'] : $user['cfg']['security']['recovery_email']; if (empty($user_mail)) { $_SESSION['u_msg'] = L\get('UserHasNoMail'); header('location: ' . $coreUrl . 'recover/forgot-password/'); exit(0); } } } if (!UsersGroups::sendResetPasswordMail($user_id)) {