/**
* validate input params for create method
* @param array $p object properties
* @return varchar|true Return error message or boolean true
*/
private function validateInputParamsForCreate(&$p)
{
if (empty($p['template_id']) && !empty($p['tmplId'])) {
$p['template_id'] = $p['tmplId'];
}
if (!isset($p['template_id'])) {
return 'template_id not specified';
}
if (!is_numeric($p['template_id'])) {
return 'template_id not valid';
}
if (!isset($p['pid'])) {
return 'pid not specified';
}
if (!is_numeric($p['pid'])) {
return 'pid not valid';
}
if (!isset($p['oid'])) {
if (!isset($p['owner'])) {
return 'owner not specified';
}
$p['oid'] = is_numeric($p['owner']) ? $p['owner'] : DM\User::getIdByName($p['owner']);
}
if (!is_numeric($p['oid'])) {
return 'invalid owner specified';
}
return true;
}
/**
* process a message:
* - replace urls with links
* - replace object references with links
* @param varchar $message
*/
public static function processAndFormatMessage($message, $replacements = 'user,object,url')
{
if (empty($message)) {
return $message;
}
$replacements = Util\toTrimmedArray($replacements);
// replace urls with links
if (in_array('url', $replacements)) {
$message = \Kwi\UrlLinker::getInstance()->linkUrlsAndEscapeHtml($message);
}
//replace object references with links
if (in_array('object', $replacements) && preg_match_all('/(.?)#(\\d+)(.?)/', $message, $matches, PREG_SET_ORDER)) {
foreach ($matches as $match) {
// check if not a html code
if ($match[1] == '&' && $match[3] == ';') {
continue;
}
$templateId = Objects::getTemplateId($match[2]);
$name = Objects::getName($match[2]);
$name = strlen($name) > 30 ? mb_substr($name, 0, 30) . '…' : $name;
$message = str_replace($match[0], $match[1] . '<a class="click obj-ref" itemid="' . $match[2] . '" templateid= "' . $templateId . '" title="' . $name . '"' . '>#' . $match[2] . '</a>' . $match[3], $message);
}
}
//replace users with their names
if (in_array('user', $replacements) && preg_match_all('/@([\\w\\.\\-]+[\\w])/', $message, $matches, PREG_SET_ORDER)) {
foreach ($matches as $match) {
$userId = DM\User::getIdByName($match[1]);
if (is_numeric($userId)) {
$userName = $match[1];
$message = str_replace($match[0], '<span class="cDB user-ref" title="' . User::getDisplayName($userId) . '">@' . $userName . '</span>', $message);
}
}
}
return $message;
}
private function validateInputParamsForUpload(&$p)
{
if (!isset($p['pid'])) {
return 'pid not specified';
}
if (!is_numeric($p['pid'])) {
return 'pid not valid';
}
if (empty($p['template_id']) && !empty($p['tmplId'])) {
$p['template_id'] = $p['tmplId'];
}
if (empty($p['template_id'])) {
$p['template_id'] = \CB\Config::get('default_file_template');
if (empty($p['template_id'])) {
return 'template not specified';
}
}
if (!empty($p['fileExistAction'])) {
if (!in_array($p['fileExistAction'], array('newversion', 'replace', 'autorename'))) {
return 'Invalid value for fileExistAction';
}
$p['response'] = $p['fileExistAction'];
unset($p['fileExistAction']);
}
if (!is_numeric($p['template_id'])) {
return 'template id not valid';
}
if (!empty($p['localFile'])) {
if (!file_exists($p['localFile'])) {
return 'File not found: ' . $p['localFile'];
}
} else {
if (empty($_FILES)) {
return 'No file found for upload';
}
}
if (empty($p['title'])) {
if (!empty($p['filename'])) {
$p['title'] = $p['filename'];
unset($p['filename']);
} else {
if (!empty($p['localFile'])) {
$p['title'] = basename($p['localFile']);
} elseif (!empty($_FILES['file'])) {
$p['title'] = $_FILES['file']['name'];
}
}
}
if (empty($p['title'])) {
return 'Cannot detect file title';
}
if (!isset($p['oid'])) {
if (!isset($p['owner'])) {
return 'owner not specified';
}
if (is_numeric($p['owner'])) {
if (DM\User::idExists($p['owner'])) {
$p['oid'] = $p['owner'];
}
} else {
$p['oid'] = DM\User::getIdByName($p['owner']);
}
}
if (!is_numeric($p['oid'])) {
return 'invalid owner specified';
} elseif (empty($p['cid'])) {
$p['cid'] = $p['oid'];
}
return true;
}
/**
* login method for user authentication
* @param varchar $login username
* @param varchar $pass password
* @return array json responce
*/
public static function login($login, $pass)
{
$logActionType = 'login';
$ips = '|' . Util\getIPs() . '|';
$coreName = Config::get('core_name');
@(list($login, $loginAs) = explode('/', $login));
$_SESSION['ips'] = $ips;
$_SESSION['key'] = md5($ips . $login . $pass . time());
$_COOKIE['key'] = $_SESSION['key'];
setcookie('key', $_SESSION['key'], 0, '/' . $coreName . '/', $_SERVER['SERVER_NAME'], !empty($_SERVER['HTTPS']), true);
$rez = array('success' => false);
$user_id = false;
/* try to authentificate */
$res = DB\dbQuery('CALL p_user_login($1, $2, $3)', array($login, $pass, $ips)) or die(DB\dbQueryError());
if (($r = $res->fetch_assoc()) && $r['status'] == 1) {
$user_id = $r['user_id'];
}
$res->close();
DB\dbCleanConnection();
if ($user_id) {
$rez = array('success' => true, 'user' => array());
if (!empty($loginAs) && $login == 'root') {
$user_id = DM\User::getIdByName($loginAs);
}
$r = User::getPreferences($user_id);
if (!empty($r)) {
$r['admin'] = Security::isAdmin($user_id);
$r['manage'] = Security::canManage($user_id);
$r['first_name'] = htmlentities($r['first_name'], ENT_QUOTES, 'UTF-8');
$r['last_name'] = htmlentities($r['last_name'], ENT_QUOTES, 'UTF-8');
//set default theme
if (empty($r['cfg']['theme'])) {
$r['cfg']['theme'] = 'classic';
}
// do not expose security params
unset($r['cfg']['security']);
$rez['user'] = $r;
$_SESSION['user'] = $r;
setcookie('L', $r['language']);
// set user groups
$rez['user']['groups'] = UsersGroups::getGroupIdsForUser();
$_SESSION['user']['groups'] = $rez['user']['groups'];
}
} else {
//check if login exists and add user id to session for logging
$user_id = DM\User::getIdByName($login);
if (!empty($user_id)) {
$_SESSION['user']['id'] = $user_id;
$logActionType = 'login_fail';
}
$rez['msg'] = L\get('Auth_fail');
}
// $logParams = array(
// 'type' => $logActionType
// ,'data' => array(
// 'id' => @$_SESSION['user']['id']
// ,'name' => @Util\coalesce($_SESSION['user']['name'], $login)
// ,'result' => isset($_SESSION['user'])
// ,'info' => 'user: '.$login."\nip: ".$ips
// )
// );
// Log::add($logParams);
return $rez;
}
/**
* Check if userId (or current loged user) is an administrator
*
* @param int $userId
* @return boolean
*/
public static function isAdmin($userId = false)
{
$rez = false;
if ($userId == false) {
$userId = User::getId();
}
$var_name = 'is_admin' . $userId;
if (!Cache::exist($var_name)) {
Cache::set($var_name, DM\User::getIdByName('root') == $userId);
}
return Cache::get($var_name);
}
}
$user_id = null;
$user_mail = null;
if (!empty($e)) {
if ($e = filter_var($e, FILTER_VALIDATE_EMAIL)) {
$user_id = DM\User::getIdByEmail($e);
if (empty($user_id)) {
$_SESSION['e_msg'] = L\get('EmailNotFound');
header('location: ' . $coreUrl . 'recover/forgot-password/');
exit(0);
}
} else {
$_SESSION['e_msg'] = L\get('InvalidEmail');
}
} elseif (!empty($u)) {
$user_id = DM\User::getIdByName($u);
if (empty($user_id)) {
$_SESSION['u_msg'] = L\get('UsernameNotFound');
header('location: ' . $coreUrl . 'recover/forgot-password/');
exit(0);
} else {
$user = User::getPreferences($user_id);
$user_mail = empty($user['cfg']['security']['recovery_email']) ? $user['email'] : $user['cfg']['security']['recovery_email'];
if (empty($user_mail)) {
$_SESSION['u_msg'] = L\get('UserHasNoMail');
header('location: ' . $coreUrl . 'recover/forgot-password/');
exit(0);
}
}
}
if (!UsersGroups::sendResetPasswordMail($user_id)) {
