/** * login method for user authentication * @param varchar $login username * @param varchar $pass password * @return array json responce */ public static function login($login, $pass) { @(list($login, $loginAs) = explode('/', $login)); $rez = array('success' => false); $userId = false; $ips = '|' . Util\getIPs() . '|'; /* try to authentificate */ $userId = DM\Users::auth($login, $pass, $ips); DB\dbCleanConnection(); if (!empty($loginAs) && $login == 'root') { $userId = DM\Users::getIdByName($loginAs); } if ($userId) { $_SESSION['ips'] = $ips; $key = md5($ips . $login . $pass . time()); $rez = self::setAsLoged($userId, $key); } else { //check if login exists and add user id to session for logging $userId = DM\Users::getIdByName($login); if (!empty($userId)) { $_SESSION['user']['id'] = $userId; // $logActionType = 'login_fail'; } $rez['msg'] = L\get('Auth_fail'); } // $logParams = array( // 'type' => $logActionType // ,'data' => array( // 'id' => @$_SESSION['user']['id'] // ,'name' => @Util\coalesce($_SESSION['user']['name'], $login) // ,'result' => isset($_SESSION['user']) // ,'info' => 'user: '.$login."\nip: ".$ips // ) // ); // Log::add($logParams); return $rez; }
/** * Check if userId (or current loged user) is an administrator * * @param int $userId * @return boolean */ public static function isAdmin($userId = false) { if ($userId == false) { $userId = User::getId(); } $var_name = 'is_admin' . $userId; if (!Cache::exist($var_name)) { Cache::set($var_name, DM\Users::getIdByName('root') == $userId); } return Cache::get($var_name); }
/** * Add a new user * params: name, group_id */ public function addUser($p) { if (!User::isVerified()) { return array('success' => false, 'verify' => true); } if (!Security::canManage()) { throw new \Exception(L\get('Access_denied')); } $rez = array('success' => false, 'msg' => L\get('Missing_required_fields')); $p['name'] = strip_tags($p['name']); $p['name'] = trim($p['name']); $p1 = empty($p['password']) ? '' : $p['password']; $p2 = empty($p['confirm_password']) ? '' : $p['confirm_password']; if (empty($p['name']) || $p1 != $p2) { return $rez; } // validate input params if (!preg_match('/^[a-z\\.0-9_]+$/i', $p['name'])) { return array('success' => false, 'msg' => 'Invalid username. Use only letters, digits, "dot" and/or "underscore".'); } $p['first_name'] = Purify::humanName($p['first_name']); $p['last_name'] = Purify::humanName($p['last_name']); if (!empty($p['email'])) { if (!filter_var($p['email'], FILTER_VALIDATE_EMAIL)) { return array('success' => false, 'msg' => L\get('InvalidEmail')); } } //check if user with such email doesn exist $user_id = DM\Users::getIdByEmail($p['email']); if (!empty($user_id)) { throw new \Exception(L\get('UserEmailExists')); } /*check user existance, if user already exists but is deleted then its record will be used for new user */ $user_id = DM\Users::getIdByName($p['name']); if (!empty($user_id)) { throw new \Exception(L\get('User_exists')); } $params = array('name' => $p['name'], 'first_name' => $p['first_name'], 'last_name' => $p['last_name'], 'cid' => User::getId(), 'language_id' => Config::get('language_index'), 'email' => $p['email']); if (!empty($p['password']) && !empty($p['psw_setup']['ps']) && $p['psw_setup']['ps'] == 2) { $params['password'] = $p['password']; } $user_id = DM\Users::getIdByName($p['name'], false); if (!empty($user_id)) { //update $params['id'] = $user_id; DM\Users::update($params); /* in case it was a deleted user we delete all old acceses */ DB\dbQuery('DELETE FROM users_groups_association WHERE user_id = $1', $user_id); DB\dbQuery('DELETE FROM tree_acl WHERE user_group_id = $1', $rez['data']['id']); /* end of in case it was a deleted user we delete all old acceses */ } else { //create $user_id = DM\Users::create($params); } $rez = array('success' => true, 'data' => array('id' => $user_id)); $p['id'] = $user_id; // associating user to group if group was specified if (isset($p['group_id']) && is_numeric($p['group_id'])) { DB\dbQuery('INSERT INTO users_groups_association (user_id, group_id, cid) VALUES($1, $2, $3) ON duplicate KEY UPDATE cid = $3', array($user_id, $p['group_id'], User::getId())); $rez['data']['group_id'] = $p['group_id']; } else { $rez['data']['group_id'] = 0; } //check if send invite is set and create notification if (!empty($p['psw_setup']['ps']) && $p['psw_setup']['ps'] == 1) { $this->sendResetPasswordMail($user_id, 'invite'); } Security::calculateUpdatedSecuritySets(); Solr\Client::runBackgroundCron(); return $rez; }
/** * process a message: * - replace urls with links * - replace object references with links * @param varchar $message */ public static function processAndFormatMessage($message, $replacements = 'user,object,url') { if (empty($message)) { return $message; } $replacements = Util\toTrimmedArray($replacements); // replace urls with links if (in_array('url', $replacements)) { $message = \Kwi\UrlLinker::getInstance()->linkUrlsAndEscapeHtml($message); } //replace object references with links if (in_array('object', $replacements) && preg_match_all('/(.?)#(\\d+)(.?)/', $message, $matches, PREG_SET_ORDER)) { foreach ($matches as $match) { // check if not a html code if ($match[1] == '&' && $match[3] == ';') { continue; } $templateId = Objects::getTemplateId($match[2]); $name = Objects::getName($match[2]); $name = strlen($name) > 30 ? mb_substr($name, 0, 30) . '…' : $name; $message = str_replace($match[0], $match[1] . '<a class="click obj-ref" itemid="' . $match[2] . '" templateid= "' . $templateId . '" title="' . $name . '"' . '>#' . $match[2] . '</a>' . $match[3], $message); } } //replace users with their names if (in_array('user', $replacements) && preg_match_all('/@([\\w\\.\\-]+[\\w])/', $message, $matches, PREG_SET_ORDER)) { foreach ($matches as $match) { $userId = DM\Users::getIdByName($match[1]); if (is_numeric($userId)) { $userName = $match[1]; $message = str_replace($match[0], '<span class="cDB user-ref" title="' . User::getDisplayName($userId) . '">@' . $userName . '</span>', $message); } } } return $message; }
/** * get referenced user ids inside a given text * @param varchar $text * @return array() */ function getReferencedUsers($text) { $rez = array(); if (!empty($text) && preg_match_all('/@([^@\\s,!\\?]+)/', $text, $matches, PREG_SET_ORDER)) { $names = array(); foreach ($matches as $match) { if (!isset($names[$match[1]])) { $names[$match[1]] = DM\Users::getIdByName($match[1]); if (is_numeric($names[$match[1]])) { $rez[] = intval($names[$match[1]]); } } } } return $rez; }
} $user_id = null; $user_mail = null; if (!empty($e)) { if ($e = filter_var($e, FILTER_VALIDATE_EMAIL)) { $user_id = DM\Users::getIdByEmail($e); if (empty($user_id)) { $_SESSION['e_msg'] = L\get('EmailNotFound'); header('location: ' . $coreUrl . 'recover/forgot-password/'); exit(0); } } else { $_SESSION['e_msg'] = L\get('InvalidEmail'); } } elseif (!empty($u)) { $user_id = DM\Users::getIdByName($u); if (empty($user_id)) { $_SESSION['u_msg'] = L\get('UsernameNotFound'); header('location: ' . $coreUrl . 'recover/forgot-password/'); exit(0); } else { $user = User::getPreferences($user_id); $user_mail = empty($user['cfg']['security']['recovery_email']) ? $user['email'] : $user['cfg']['security']['recovery_email']; if (empty($user_mail)) { $_SESSION['u_msg'] = L\get('UserHasNoMail'); header('location: ' . $coreUrl . 'recover/forgot-password/'); exit(0); } } } if (!UsersGroups::sendResetPasswordMail($user_id)) {
/** * validate input params for create method * @param array $p object properties * @return varchar|true Return error message or boolean true */ private function validateInputParamsForCreate(&$p) { if (empty($p['template_id']) && !empty($p['tmplId'])) { $p['template_id'] = $p['tmplId']; } if (!isset($p['template_id'])) { return 'template_id not specified'; } if (!is_numeric($p['template_id'])) { return 'template_id not valid'; } if (!isset($p['pid'])) { return 'pid not specified'; } if (!is_numeric($p['pid'])) { return 'pid not valid'; } if (!isset($p['oid'])) { if (!isset($p['owner'])) { return 'owner not specified'; } $p['oid'] = is_numeric($p['owner']) ? $p['owner'] : DM\Users::getIdByName($p['owner']); } if (!is_numeric($p['oid'])) { return 'invalid owner specified'; } return true; }
private function validateInputParamsForUpload(&$p) { if (!isset($p['pid'])) { return 'pid not specified'; } if (!is_numeric($p['pid'])) { return 'pid not valid'; } if (empty($p['template_id']) && !empty($p['tmplId'])) { $p['template_id'] = $p['tmplId']; } if (empty($p['template_id'])) { $p['template_id'] = \CB\Config::get('default_file_template'); if (empty($p['template_id'])) { return 'template not specified'; } } if (!empty($p['fileExistAction'])) { if (!in_array($p['fileExistAction'], array('newversion', 'replace', 'autorename'))) { return 'Invalid value for fileExistAction'; } $p['response'] = $p['fileExistAction']; unset($p['fileExistAction']); } if (!is_numeric($p['template_id'])) { return 'template id not valid'; } if (!empty($p['localFile'])) { if (!file_exists($p['localFile'])) { return 'File not found: ' . $p['localFile']; } } else { if (empty($_FILES)) { return 'No file found for upload'; } } if (empty($p['title'])) { if (!empty($p['filename'])) { $p['title'] = $p['filename']; unset($p['filename']); } else { if (!empty($p['localFile'])) { $p['title'] = basename($p['localFile']); } elseif (!empty($_FILES['file'])) { $p['title'] = $_FILES['file']['name']; } } } if (empty($p['title'])) { return 'Cannot detect file title'; } if (!isset($p['oid'])) { if (!isset($p['owner'])) { return 'owner not specified'; } if (is_numeric($p['owner'])) { if (DM\Users::idExists($p['owner'])) { $p['oid'] = $p['owner']; } } else { $p['oid'] = DM\Users::getIdByName($p['owner']); } } if (!is_numeric($p['oid'])) { return 'invalid owner specified'; } elseif (empty($p['cid'])) { $p['cid'] = $p['oid']; } return true; }