/**
* Processes the password set form
*
* @return void
*/
public function settingpasswordTask()
{
// Check for request forgeries
Session::checkToken('post') or exit(Lang::txt('JINVALID_TOKEN'));
// Get the token and user id from the verification process
$token = User::getState('com_users.reset.token', null);
$id = User::getState('com_users.reset.user', null);
$no_html = Request::getInt('no_html', 0);
// Check the token and user id
if (empty($token) || empty($id)) {
throw new Exception(Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_TOKENS_MISSING'), 403);
}
// Get the user object
$user = \Hubzero\User\User::oneOrFail($id);
// Check for a user and that the tokens match
if ($user->tokens()->latest()->token !== $token) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning');
return;
}
// Make sure the user isn't blocked
if ($user->get('block')) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_USER_NOT_FOUND'), 'warning');
return;
}
if (\Hubzero\User\Helper::isXDomainUser($user->get('id'))) {
throw new Exception(Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_LINKED_ACCOUNT'), 403);
}
$password_rules = \Hubzero\Password\Rule::all()->whereEquals('enabled', 1)->rows();
$password1 = trim(Request::getVar('password1', null));
$password2 = trim(Request::getVar('password2', null));
if (!empty($password1)) {
$msg = \Hubzero\Password\Rule::verify($password1, $password_rules, $user->get('username'));
} else {
$msg = array();
}
require_once dirname(dirname(__DIR__)) . DS . 'helpers' . DS . 'utility.php';
$error = false;
$changing = true;
if (!$password1 || !$password2) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_TWICE');
} elseif ($password1 != $password2) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_DONT_MATCH');
} elseif (!\Components\Members\Helpers\Utility::validpassword($password1)) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_INVALID');
} elseif (!empty($msg)) {
$error = Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_PASSWORD_FAILS_REQUIREMENTS');
}
// If we're resetting password to the current password, just return true
// That way you can't reset the counter on your current password, or invalidate it by putting it into history
if (\Hubzero\User\Password::passwordMatches($user->get('id'), $password1)) {
$error = false;
$changing = false;
$result = true;
}
if ($error) {
if ($no_html) {
$response = array('success' => false, 'message' => $error);
echo json_encode($response);
die;
} else {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), $error, 'warning');
return;
}
}
if ($changing) {
// Encrypt the password and update the profile
$result = \Hubzero\User\Password::changePassword($user->get('username'), $password1);
}
// Save the changes
if (!$result) {
if ($no_html) {
$response = array('success' => false, 'message' => Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_GENERIC'));
echo json_encode($response);
die;
} else {
App::redirect(Route::url('index.php?option=' . $this->_option . '&task=setpassword', false), Lang::txt('COM_MEMBERS_CREDENTIALS_ERROR_GENERIC'), 'warning');
return;
}
}
// Flush the user data from the session
User::setState('com_users.reset.token', null);
User::setState('com_users.reset.user', null);
if ($no_html) {
$response = array('success' => true, 'redirect' => Route::url('index.php?option=com_users&view=login', false));
echo json_encode($response);
die;
} else {
// Everything went well...go to the login page
App::redirect(Route::url('index.php?option=com_users&view=login', false), Lang::txt('COM_MEMBERS_CREDENTIALS_PASSWORD_RESET_COMPLETE'), 'passed');
}
}
/**
* Generates new available username based on email address
*
* @param string $email Email address or preferrd username
* @return string Generated username
*/
public function generateUsername($email)
{
$loginMaxLen = 32;
$email = strtolower($email);
$email = explode('@', $email);
$local = $email[0];
$domain = '';
if (!empty($email[1])) {
$domain = $email[1];
}
// strip bad characters
$local = preg_replace("/[^A-Za-z0-9_\\.]/", '', $local);
$domain = preg_replace("/[^A-Za-z0-9_\\.]/", '', $domain);
// Try just the local part of an address
$login = $local;
// Make sure login username is no longer than max allowed by DB
$login = substr($login, 0, $loginMaxLen);
$logincheck = self::checkusername($login);
if (Helpers\Utility::validlogin($login) && $logincheck['status'] == 'ok') {
return $login;
}
// try full email address with @ replaced with '_'
if (!empty($domain)) {
$login = $local . '_' . $domain;
}
// Make sure login username is no longer than max allowed by DB
$login = substr($login, 0, $loginMaxLen);
$logincheck = self::checkusername($login);
if (Helpers\Utility::validlogin($login) && $logincheck['status'] == 'ok') {
return $login;
}
// generate username by simply appending a sequential number to local part of an address until there is an avilable username available
for ($i = 1; true; $i++) {
// Make sure login username is no longer than max allowed by DB
$numberLen = strlen($i);
$login = substr($local, 0, $loginMaxLen - $numberLen) . $i;
$logincheck = self::checkusername($login);
if (Helpers\Utility::validlogin($login) && $logincheck['status'] == 'ok') {
return $login;
}
}
return false;
}
/**
* Method to parse and send invites
*
* @return void
*/
public function doinviteTask()
{
// Check if they're logged in
if (User::isGuest()) {
$this->loginTask(Lang::txt('COM_GROUPS_INVITE_MUST_BE_LOGGED_IN'));
return;
}
Request::checkToken();
//check to make sure we have cname
if (!$this->cn) {
$this->_errorHandler(400, Lang::txt('COM_GROUPS_ERROR_NO_ID'));
}
// Load the group page
$this->view->group = Group::getInstance($this->cn);
// Ensure we found the group info
if (!$this->view->group || !$this->view->group->get('gidNumber')) {
$this->_errorHandler(404, Lang::txt('COM_GROUPS_ERROR_NOT_FOUND'));
}
// Check authorization
if ($this->_authorize() != 'manager' && !$this->_authorizedForTask('group.invite')) {
$this->_errorHandler(403, Lang::txt('COM_GROUPS_ERROR_NOT_AUTH'));
}
//get request vars
$logins = trim(Request::getVar('logins', ''));
$msg = trim(Request::getVar('msg', ''));
if (!$logins) {
$this->setNotification(Lang::txt('COM_GROUPS_INVITE_MUST_ENTER_DATA'), 'error');
$this->inviteTask();
return;
}
// Get all the group's members
$members = $this->view->group->get('members');
$applicants = $this->view->group->get('applicants');
$current_invitees = $this->view->group->get('invitees');
// Get invite emails
$group_inviteemails = new \Hubzero\User\Group\InviteEmail();
$current_inviteemails = $group_inviteemails->getInviteEmails($this->view->group->get('gidNumber'), true);
//vars needed
$invitees = array();
$inviteemails = array();
$badentries = array();
$apps = array();
$mems = array();
// Explode the string of logins/e-mails into an array
$la = preg_split("/[,;]/", $logins);
$la = array_map('trim', $la);
// turn usernames into proper IDs
foreach ($la as $k => $l) {
// ignore uids & email addresses
if (!is_numeric($l) && strpos($l, '@') === false) {
// load by username
$profile = User::getInstance($l);
if ($profile && $profile->get('id')) {
unset($la[$k]);
$la[] = $profile->get('id');
}
}
}
// handle each entered
foreach ($la as $l) {
// If it was a user id
if (is_numeric($l)) {
$user = User::getInstance($l);
$uid = $user->get('id');
// Ensure we found an account
if ($uid != '') {
// If not a member
if (!in_array($uid, $members) && !in_array($uid, $current_invitees)) {
// If an applicant
// Make applicant a member
if (in_array($uid, $applicants)) {
$apps[] = $uid;
$mems[] = $uid;
} else {
$invitees[] = $uid;
}
} else {
$badentries[] = array($uid, Lang::txt('COM_GROUPS_INVITE_USER_IS_ALREADY_MEMBER'));
}
}
} else {
require_once PATH_CORE . DS . 'components' . DS . 'com_members' . DS . 'helpers' . DS . 'utility.php';
// If not a userid check if proper email
if (\Components\Members\Helpers\Utility::validemail($l)) {
// Try to find an account that might match this e-mail
$this->database->setQuery("SELECT u.id FROM `#__users` AS u WHERE u.email=" . $this->database->quote($l) . " OR u.email LIKE " . $this->database->quote($l . '%') . " LIMIT 1;");
$uid = $this->database->loadResult();
if (!$this->database->query()) {
$this->setNotification($this->database->getErrorMsg(), 'error');
}
// If we found an ID, add it to the invitees list
if ($uid) {
// Check if user is already member or invitee
// Check if applicant remove from applicants and add as member
// Check if in current email invitee if not add a new email invite
if (in_array($uid, $members) || in_array($uid, $current_invitees)) {
$badentries[] = array($uid, Lang::txt('COM_GROUPS_INVITE_USER_IS_ALREADY_MEMBER'));
} elseif (in_array($uid, $applicants)) {
$apps[] = $uid;
$mems[] = $uid;
} else {
$invitees[] = $uid;
}
} else {
if (!in_array($l, $current_inviteemails)) {
$inviteemails[] = array('email' => $l, 'gidNumber' => $this->view->group->get('gidNumber'), 'token' => $this->_randomString(32));
} else {
$badentries[] = array($l, Lang::txt('COM_GROUPS_INVITE_EMAIL_ALREADY_INVITED'));
}
}
} else {
$badentries[] = array($l, Lang::txt('COM_GROUPS_INVITE_EMAIL_NOT_VALID'));
}
}
}
// Add the users to the invitee list and save
$this->view->group->remove('applicants', $apps);
$this->view->group->add('members', $mems);
$this->view->group->add('invitees', $invitees);
$this->view->group->update();
// Add the inviteemails
foreach ($inviteemails as $ie) {
$group_inviteemails = new \Hubzero\User\Group\InviteEmail();
$group_inviteemails->set('email', $ie['email']);
$group_inviteemails->set('gidNumber', $ie['gidNumber']);
$group_inviteemails->set('token', $ie['token']);
$group_inviteemails->save();
}
// log invites
Log::log(array('gidNumber' => $this->view->group->get('gidNumber'), 'action' => 'membership_invites_sent', 'comments' => array_merge($invitees, $inviteemails)));
// Build the "from" info for e-mails
$from = array('name' => Config::get('sitename') . ' ' . Lang::txt(strtoupper($this->_name)), 'email' => Config::get('mailfrom'));
// Message subject
$subject = Lang::txt('COM_GROUPS_INVITE_EMAIL_SUBJECT', $this->view->group->get('cn'));
// Message body for HUB user
$eview = new \Hubzero\Mail\View(array('name' => 'emails', 'layout' => 'invite_plain'));
$eview->option = $this->_option;
$eview->sitename = Config::get('sitename');
$eview->user = User::getInstance();
$eview->group = $this->view->group;
$eview->msg = $msg;
$plain = $eview->loadTemplate(false);
$plain = str_replace("\n", "\r\n", $plain);
$eview->setLayout('invite');
$html = $eview->loadTemplate();
$html = str_replace("\n", "\r\n", $html);
// build array of group invites to send
$groupInvitees = array();
$activity = array();
foreach ($invitees as $invitee) {
if ($profile = User::getInstance($invitee)) {
$groupInvitees[$profile->get('email')] = $profile->get('name');
$activity[] = $profile->get('name') . '(' . $profile->get('email') . ')';
}
}
// only email regular invitees if we have any
if (count($groupInvitees) > 0) {
// create new message
$message = new \Hubzero\Mail\Message();
// build message object and send
$message->setSubject($subject)->addFrom($from['email'], $from['name'])->setTo($groupInvitees)->addHeader('X-Mailer', 'PHP/' . phpversion())->addHeader('X-Component', 'com_groups')->addHeader('X-Component-Object', 'group_invite')->addPart($plain, 'text/plain')->addPart($html, 'text/html')->send();
}
// Log activity
$url = Route::url('index.php?option=' . $this->_option . '&cn=' . $this->view->group->get('cn'));
foreach ($invitees as $invitee) {
Event::trigger('system.logActivity', ['activity' => ['action' => 'invited', 'scope' => 'group', 'scope_id' => $this->view->group->get('gidNumber'), 'description' => Lang::txt('COM_GROUPS_ACTIVITY_GROUP_USER_INVITED', '<a href="' . $url . '">' . $this->view->group->get('description') . '</a>'), 'details' => array('title' => $this->view->group->get('description'), 'url' => $url, 'cn' => $this->view->group->get('cn'), 'gidNumber' => $this->view->group->get('gidNumber'))], 'recipients' => array(['user', $invitee])]);
}
$recipients = array(['group', $this->view->group->get('gidNumber')], ['user', User::get('id')]);
foreach ($this->view->group->get('managers') as $recipient) {
$recipients[] = ['user', $recipient];
}
Event::trigger('system.logActivity', ['activity' => ['action' => 'invited', 'scope' => 'group', 'scope_id' => $this->view->group->get('gidNumber'), 'description' => Lang::txt('COM_GROUPS_ACTIVITY_GROUP_USERS_INVITED', implode(', ', $activity), '<a href="' . $url . '">' . $this->view->group->get('description') . '</a>'), 'details' => array('title' => $this->view->group->get('description'), 'url' => $url, 'cn' => $this->view->group->get('cn'), 'gidNumber' => $this->view->group->get('gidNumber'))], 'recipients' => $recipients]);
// send message to users invited via email
foreach ($inviteemails as $mbr) {
// Message body for HUB user
$eview2 = new \Hubzero\Mail\View(array('name' => 'emails', 'layout' => 'inviteemail_plain'));
$eview2->option = $this->_option;
$eview2->sitename = Config::get('sitename');
$eview2->user = User::getInstance();
$eview2->group = $this->view->group;
$eview2->msg = $msg;
$eview2->token = $mbr['token'];
$plain = $eview2->loadTemplate(false);
$plain = str_replace("\n", "\r\n", $plain);
$eview2->setLayout('inviteemail');
$html = $eview2->loadTemplate();
$html = str_replace("\n", "\r\n", $html);
// create new message
$message = new \Hubzero\Mail\Message();
// build message object and send
$message->setSubject($subject)->addFrom($from['email'], $from['name'])->setTo(array($mbr['email']))->addHeader('X-Mailer', 'PHP/' . phpversion())->addHeader('X-Component', 'com_groups')->addHeader('X-Component-Object', 'group_inviteemail')->addPart($plain, 'text/plain')->addPart($html, 'text/html')->send();
}
// Push all invitees together
$all_invites = array_merge($invitees, $inviteemails);
// Declare success/error message vars
$success_message = '';
$error_message = '';
if (count($all_invites) > 0) {
$success_message = Lang::txt('COM_GROUPS_INVITE_SUCCESS_MESSAGE');
foreach ($all_invites as $invite) {
if (is_numeric($invite)) {
$user = User::getInstance($invite);
$success_message .= ' - ' . $user->get('name') . '<br />';
} else {
$success_message .= ' - ' . $invite['email'] . '<br />';
}
}
}
if (count($badentries) > 0) {
$error_message = Lang::txt('COM_GROUPS_INVITE_ERROR_MESSAGE');
foreach ($badentries as $entry) {
if (is_numeric($entry[0])) {
$user = User::getInstance($entry[0]);
if ($user->get('name') != '') {
$error_message .= ' - ' . $user->get('name') . ' → ' . $entry[1] . '<br />';
} else {
$error_message .= ' - ' . $entry[0] . ' → ' . $entry[1] . '<br />';
}
} else {
$error_message .= ' - ' . $entry[0] . ' → ' . $entry[1] . '<br />';
}
}
}
// Push some notifications to the view
$this->setNotification($success_message, 'passed');
$this->setNotification($error_message, 'error');
// Redirect back to view group
App::redirect($url);
}
/**
* @since 1.6
*/
function processResetComplete($data)
{
// Get the form.
$form = $this->getResetCompleteForm();
// Check for an error.
if ($form instanceof Exception) {
return $form;
}
// Filter and validate the form data.
$data = $form->filter($data);
$return = $form->validate($data);
// Check for an error.
if ($return instanceof Exception) {
return $return;
}
// Check the validation results.
if ($return === false) {
// Get the validation messages from the form.
foreach ($form->getErrors() as $message) {
$this->setError($message);
}
return false;
}
// Get the token and user id from the confirmation process.
$app = JFactory::getApplication();
$token = $app->getUserState('com_users.reset.token', null);
$id = $app->getUserState('com_users.reset.user', null);
// Check the token and user id.
if (empty($token) || empty($id)) {
return new Exception(Lang::txt('COM_USERS_RESET_COMPLETE_TOKENS_MISSING'), 403);
}
// Get the user object.
$user = User::getInstance($id);
// Check for a user and that the tokens match.
if (empty($user) || $user->activation !== $token) {
$this->setError(Lang::txt('COM_USERS_USER_NOT_FOUND'));
return false;
}
// Make sure the user isn't blocked.
if ($user->block) {
$this->setError(Lang::txt('COM_USERS_USER_BLOCKED'));
return false;
}
// Initiate profile classs
$profile = User::getInstance($id);
if (\Hubzero\User\Helper::isXDomainUser($user->get('id'))) {
App::abort(403, Lang::txt('This is a linked account. To change your password you must change it using the procedures available where the account you are linked to is managed.'));
return;
}
$password_rules = \Hubzero\Password\Rule::all()->whereEquals('enabled', 1)->rows();
$password1 = $data['password1'];
$password2 = $data['password2'];
if (!empty($password1)) {
$msg = \Hubzero\Password\Rule::verify($password1, $password_rules, $profile->get('username'));
} else {
$msg = array();
}
include_once PATH_CORE . DS . 'components' . DS . 'com_members' . DS . 'helpers' . DS . 'utility.php';
if (!$password1 || !$password2) {
$this->setError(Lang::txt('you must enter your new password twice to ensure we have it correct'));
} elseif ($password1 != $password2) {
$this->setError(Lang::txt('the new password and confirmation you entered do not match. Please try again'));
} elseif (!\Components\Members\Helpers\Utility::validpassword($password1)) {
$this->setError(Lang::txt('the password you entered was invalid password. You may be using characters that are not allowed'));
} elseif (!empty($msg)) {
$this->setError(Lang::txt('the password does not meet site password requirements. Please choose a password meeting all the requirements listed below.'));
}
if ($this->getError()) {
$this->setError($this->getError());
return false;
}
// Encrypt the password and update the profile
$result = \Hubzero\User\Password::changePassword($profile->get('username'), $password1);
// Save the changes
if (!$result) {
$this->setError(Lang::txt('There was an error changing your password.'));
return false;
}
// Flush the user data from the session.
$app->setUserState('com_users.reset.token', null);
$app->setUserState('com_users.reset.user', null);
return true;
}
?>
" by <a href="<?php
echo Route::url('index.php?option=' . $this->option . '&controller=' . $this->controller . '&task=resend&return=' . $this->return);
?>
">clicking here</a>.</p>
</div>
<?php
}
?>
<fieldset>
<h3><?php
echo Lang::txt('Correct Email Address');
?>
</h3>
<label<?php
if (!$this->email || !\Components\Members\Helpers\Utility::validemail($this->email)) {
echo ' class="fieldWithErrors"';
}
?>
>
<?php
echo Lang::txt('Valid E-mail:');
?>
<input name="email" id="email" type="text" size="51" value="<?php
echo $this->escape($this->email);
?>
" />
</label>
</fieldset>
<div class="clear"></div>
/**
* Conform user's registration code
*
* @return void
*/
public function confirmTask()
{
// Incoming
$code = Request::getVar('confirm', false);
if (!$code) {
$code = Request::getVar('code', false);
}
// Check if the user is logged in
if (User::isGuest()) {
$return = base64_encode(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=' . $this->_task . '&confirm=' . $code, false, true));
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return, false), Lang::txt('Please login in so we can confirm your account.'), 'warning');
return;
}
// Set the pathway
$this->_buildPathway();
// Set the page title
$this->_buildTitle();
$xprofile = \Hubzero\User\Profile::getInstance(User::get('id'));
$email_confirmed = $xprofile->get('emailConfirmed');
if ($email_confirmed == 1 || $email_confirmed == 3) {
// The current user is confirmed - check to see if the incoming code is valid at all
if (\Components\Members\Helpers\Utility::isActiveCode($code)) {
$this->setError('login mismatch');
// Build logout/login/confirm redirect flow
$login_return = base64_encode(Route::url('index.php?option=' . $this->option . '&controller=' . $this->_controller . '&task=' . $this->_task . '&confirm=' . $code));
$logout_return = base64_encode(Route::url('index.php?option=com_users&view=login&return=' . $login_return));
$redirect = Route::url('index.php?option=com_users&view=logout&return=' . $logout_return);
}
} elseif ($email_confirmed < 0 && $email_confirmed == -$code) {
//var to hold return path
$return = '';
// get return path
$cReturn = $this->config->get('ConfirmationReturn');
if ($cReturn) {
$return = $cReturn;
}
//load user profile
$profile = new \Hubzero\User\Profile();
$profile->load($xprofile->get('username'));
//check to see if we have a return param
$pReturn = base64_decode(urldecode($profile->getParam('return')));
if ($pReturn) {
$return = $pReturn;
$profile->setParam('return', '');
}
// make as confirmed
$profile->set('emailConfirmed', 1);
// set public setting
$profile->set('public', $this->config->get('privacy', '0'));
// upload profile
if (!$profile->update()) {
$this->setError(Lang::txt('COM_MEMBERS_REGISTER_ERROR_CONFIRMING'));
}
// if the user just changed their email & confirmed
// reset 'userchangedemail' key
if (Session::get('userchangedemail', 0) == 1) {
Session::set('userchangedemail', 0);
}
// Redirect
if (empty($return)) {
$r = $this->config->get('ConfirmationReturn');
$return = $r ? $r : Route::url('index.php?option=com_members&task=myaccount');
// consume cookie (yum) if available to return to whatever action prompted registration
if (isset($_COOKIE['return'])) {
$return = $_COOKIE['return'];
setcookie('return', '', time() - 3600);
}
}
App::redirect($return, '', 'message', true);
} else {
$this->setError(Lang::txt('COM_MEMBERS_REGISTER_ERROR_INVALID_CONFIRMATION'));
}
// Instantiate a new view
$this->view->title = Lang::txt('COM_MEMBERS_REGISTER_CONFIRM');
$this->view->login = $xprofile->get('username');
$this->view->email = $xprofile->get('email');
$this->view->code = $code;
$this->view->redirect = isset($return) ? $return : '';
$this->view->sitename = Config::get('sitename');
if ($this->getError()) {
$this->view->setError($this->getError());
}
$this->view->display();
}
/**
* Cancel membership of one or more users
*
* @return void
*/
private function confirmcancel()
{
if ($this->authorized != 'manager' && $this->authorized != 'admin') {
return false;
}
if ($this->membership_control == 0) {
return false;
}
$database = App::get('db');
// An array for the users we're going to deny
$users = array();
$user_emails = array();
// Incoming array of users to demote
$mbrs = Request::getVar('users', array(), 'post');
// Set a flag for emailing any changes made
$admchange = '';
require_once PATH_CORE . DS . 'components' . DS . 'com_members' . DS . 'helpers' . DS . 'utility.php';
foreach ($mbrs as $mbr) {
//if an email address
if (\Components\Members\Helpers\Utility::validemail($mbr)) {
$user_emails[] = $mbr;
$this->notifyEmailInvitedUser($mbr);
} else {
// Retrieve user's account info
$targetuser = User::getInstance($mbr);
// Ensure we found an account
if (is_object($targetuser) && $targetuser->get('id')) {
$admchange .= "\t\t" . $targetuser->get('name') . "\r\n";
$admchange .= "\t\t" . $targetuser->get('username') . ' (' . $targetuser->get('email') . ')';
$admchange .= count($mbrs) > 1 ? "\r\n" : '';
// Add them to the array of users to cancel invitations
$users[] = $targetuser->get('id');
// Log activity
$recipients = array(['group', $this->group->get('gidNumber')], ['user', $targetuser->get('id')]);
foreach ($this->group->get('managers') as $recipient) {
$recipients[] = ['user', $recipient];
}
Event::trigger('system.logActivity', ['activity' => ['action' => 'denied', 'scope' => 'group.membership', 'scope_id' => $this->group->get('gidNumber'), 'description' => Lang::txt('PLG_GROUPS_MEMBERS_ACTIVITY_CANCELLED', '<a href="' . Route::url('index.php?option=com_members&id=' . $targetuser->get('id')) . '">' . $targetuser->get('name') . '</a>', '<a href="' . Route::url('index.php?option=com_groups&cn=' . $this->group->get('cn')) . '">' . $this->group->get('description') . '</a>'), 'details' => array('user_id' => $targetuser->get('id'), 'group_id' => $this->group->get('gidNumber'))], 'recipients' => $recipients]);
// E-mail the user, letting them know the invitation has been cancelled
$this->notifyUser($targetuser);
} else {
$this->setError(Lang::txt('PLG_GROUPS_MESSAGES_ERROR_USER_NOTFOUND') . ' ' . $mbr);
}
}
}
// Remove users from managers list
$this->group->remove('invitees', $users);
// Save changes
$this->group->update();
//delete any email invited users
$db = App::get('db');
foreach ($user_emails as $ue) {
$sql = "DELETE FROM `#__xgroups_inviteemails` WHERE email=" . $db->Quote($ue);
$db->setQuery($sql);
$db->query();
}
// log invites
\Components\Groups\Models\Log::log(array('gidNumber' => $this->group->get('gidNumber'), 'action' => 'membership_invite_cancelled', 'comments' => array_merge($users, $user_emails)));
App::redirect(Route::url('index.php?option=com_groups&cn=' . $this->group->get('cn') . '&active=members&filter=invitees'), '', '', true);
}
// get all sessions
$sessions = Hubzero\Session\Helper::getAllSessions(array('guest' => 0, 'distinct' => 1));
// Loop through the results
$html = '';
if ($this->limit == 0) {
$this->limit = 500;
}
for ($i = 0, $n = $this->limit; $i < $n; $i++) {
$cls = '';
$inviteemail = false;
if ($i + $this->start >= count($this->groupusers)) {
break;
}
$guser = $this->groupusers[$i + $this->start];
$u = User::getInstance($guser);
if (\Components\Members\Helpers\Utility::validemail($guser)) {
$inviteemail = true;
$pic = rtrim(Request::base(true), '/') . '/core/components/com_groups/site/assets/img/emailthumb.png';
} else {
if (!is_object($u)) {
continue;
} else {
$pic = $u->picture(0);
}
}
switch ($this->filter) {
case 'invitees':
$status = Lang::txt('PLG_GROUPS_MEMBERS_STATUS_INVITEE');
break;
case 'pending':
$status = Lang::txt('PLG_GROUPS_MEMBERS_STATUS_PENDING');
/**
* Send out local password set confirmation token
*
* @return void - redirect to confirm token view
*/
private function sendtoken()
{
// Import helpers/classes
jimport('joomla.mail.helper');
jimport('joomla.user.helper');
// Make sure they're logged in
if ($this->user->isGuest()) {
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode(Route::url('index.php?option=' . $this->option . '&task=myaccount&active=account&action=sendtoken'))), Lang::txt('You must be a logged in to access this area.'), 'warning');
return;
}
// Make sure this is an auth link account (i.e. no password set)
$hzup = \Hubzero\User\Password::getInstance($this->member->get('id'));
if (!empty($hzup->passhash)) {
App::abort(404, Lang::txt('PLG_MEMBERS_ACCOUNT_NOT_LINKED_ACCOUNT'));
return;
}
// Generate a new random token and hash it
//$token = App::hash(JUserHelper::genRandomPassword());
//$salt = JUserHelper::getSalt('crypt-md5');
//$hashedToken = md5($token.$salt).':'.$salt;
$token = abs(\Components\Members\Helpers\Utility::genemailconfirm());
// Store the hashed token
$this->setToken($token);
// Send the email with the token
$this->sendEmail($token);
// Redirect user to confirm token view page
App::redirect(Route::url($this->member->link() . '&active=account&task=confirmtoken'), Lang::txt('Please check the email associated with this account (' . $this->member->get('email') . ') for your confirmation token!'), 'warning');
return;
}
/**
* Sets the account activation state of a member
*
* @return void
*/
public function stateTask()
{
// Check for request forgeries
Request::checkToken(['get', 'post']);
if (!User::authorise('core.manage', $this->_option) && !User::authorise('core.admin', $this->_option) && !User::authorise('core.edit', $this->_option)) {
App::abort(403, Lang::txt('JERROR_ALERTNOAUTHOR'));
}
$state = $this->getTask() == 'confirm' ? 1 : 0;
// Incoming user ID
$ids = Request::getVar('id', array());
$ids = !is_array($ids) ? array($ids) : $ids;
// Do we have an ID?
if (empty($ids)) {
Notify::warning(Lang::txt('COM_MEMBERS_NO_ID'));
return $this->cancelTask();
}
$i = 0;
foreach ($ids as $id) {
// Load the profile
$user = Member::oneOrFail(intval($id));
if ($state) {
$user->set('activation', $state);
} else {
$user->set('activation', Helpers\Utility::genemailconfirm());
}
if (!$user->save()) {
Notify::error($user->getError());
continue;
}
$i++;
}
if ($i) {
Notify::success(Lang::txt('COM_MEMBERS_CONFIRMATION_CHANGED'));
}
$this->cancelTask();
}
/**
* Sets the emailConfirmed state of a member
*
* @return void
*/
public function stateTask($state = 1)
{
// Check for request forgeries
Request::checkToken(['get', 'post']);
// Incoming user ID
$ids = Request::getVar('id', array());
$ids = !is_array($ids) ? array($ids) : $ids;
// Do we have an ID?
if (empty($ids)) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_MEMBERS_NO_ID'), 'error');
return;
}
foreach ($ids as $id) {
// Load the profile
$profile = new Profile();
$profile->load(intval($id));
if ($state) {
$profile->set('emailConfirmed', $state);
} else {
$confirm = Helpers\Utility::genemailconfirm();
$profile->set('emailConfirmed', $confirm);
}
if (!$profile->update()) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), $profile->getError(), 'error');
return;
}
}
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_MEMBERS_CONFIRMATION_CHANGED'));
}
/**
* Save changes to a profile
* Outputs JSON when called via AJAX, redirects to profile otherwise
*
* @return string JSON
*/
public function saveTask()
{
// Check if they are logged in
if (User::isGuest()) {
return false;
}
Request::checkToken(array('get', 'post'));
$no_html = Request::getVar('no_html', 0);
// Incoming user ID
$id = Request::getInt('id', 0, 'post');
// Do we have an ID?
if (!$id) {
App::abort(404, Lang::txt('COM_MEMBERS_NO_ID'));
}
// Load the profile
$member = Member::oneOrFail($id);
// Name changed?
$name = Request::getVar('name', array(), 'post');
if ($name && !empty($name)) {
$member->set('givenName', trim($name['first']));
$member->set('middleName', trim($name['middle']));
$member->set('surname', trim($name['last']));
$name = implode(' ', $name);
$name = preg_replace('/\\s+/', ' ', $name);
$member->set('name', $name);
}
// Set profile access
$visibility = Request::getVar('profileaccess', null, 'post');
if (!is_null($visibility)) {
$member->set('access', $visibility);
}
// Check email
$oldemail = $member->get('email');
$email = Request::getVar('email', null, 'post');
if (!is_null($email)) {
$member->set('email', (string) $email);
// Unconfirm if the email address changed
if ($oldemail != $email) {
// Get a new confirmation code
$confirm = \Components\Members\Helpers\Utility::genemailconfirm();
$member->set('activation', $confirm);
}
}
// Receieve email updates?
$sendEmail = Request::getVar('sendEmail', null, 'post');
if (!is_null($sendEmail)) {
$member->set('sendEmail', $sendEmail);
}
// Usage agreement
$usageAgreement = Request::getVar('usageAgreement', null, 'post');
if (!is_null($usageAgreement)) {
$member->set('usageAgreement', (int) $usageAgreement);
}
// Are we declining the terms of use?
// If yes we want to set the usage agreement to 0 and profile to private
$declineTOU = Request::getVar('declinetou', 0);
if ($declineTOU) {
$member->set('access', 0);
$member->set('usageAgreement', 0);
}
// Save the changes
if (!$member->save()) {
$this->setError($member->getError());
if ($no_html) {
echo json_encode($this->getErrors());
exit;
}
return $this->editTask($member);
}
// Incoming profile edits
$profile = Request::getVar('profile', array(), 'post', 'none', 2);
$access = Request::getVar('access', array(), 'post');
$field_to_check = Request::getVar('field_to_check', array());
$old = Profile::collect($member->profiles);
$profile = array_merge($old, $profile);
// Compile profile data
foreach ($profile as $key => $data) {
if (isset($profile[$key]) && is_array($profile[$key])) {
$profile[$key] = array_filter($profile[$key]);
}
if (isset($profile[$key . '_other']) && trim($profile[$key . '_other'])) {
if (is_array($profile[$key])) {
$profile[$key][] = $profile[$key . '_other'];
} else {
$profile[$key] = $profile[$key . '_other'];
}
unset($profile[$key . '_other']);
}
}
// Validate profile data
$fields = Field::all()->including(['options', function ($option) {
$option->select('*');
}])->where('action_edit', '!=', Field::STATE_HIDDEN)->ordered()->rows();
$form = new \Hubzero\Form\Form('profile', array('control' => 'profile'));
$form->load(Field::toXml($fields, 'edit', $profile));
$form->bind(new \Hubzero\Config\Registry($profile));
$errors = array('_missing' => array(), '_invalid' => array());
if (!$form->validate($profile)) {
foreach ($form->getErrors() as $key => $error) {
// Filter out fields
if (!empty($field_to_check) && !in_array($key, $field_to_check)) {
continue;
}
if ($error instanceof \Hubzero\Form\Exception\MissingData) {
$errors['_missing'][$key] = (string) $error;
}
$errors['_invalid'][$key] = (string) $error;
$this->setError((string) $error);
}
}
if ($this->getError()) {
if ($no_html) {
echo json_encode($errors);
exit;
}
return $this->editTask($member);
}
// Save profile data
if (!$member->saveProfile($profile, $access)) {
$this->setError($member->getError());
if ($no_html) {
echo json_encode($this->getErrors());
exit;
}
return $this->editTask($member);
}
$email = $member->get('email');
// Make sure certain changes make it back to the user table
if ($member->get('id') == User::get('id')) {
$user = App::get('session')->get('user');
if ($member->get('name') != $user->get('name')) {
$user->set('name', $member->get('name'));
}
// Update session if email is changing
if ($member->get('email') != $user->get('email')) {
$user->set('email', $member->get('email'));
// Add item to session to mark that the user changed emails
// this way we can serve profile images for these users but not all
// unconfirmed users
App::get('session')->set('userchangedemail', 1);
}
App::get('session')->set('user', $user);
}
// Send a new confirmation code AFTER we've successfully saved the changes to the e-mail address
if ($email != $oldemail) {
$this->_sendConfirmationCode($member->get('username'), $email, $confirm);
}
// If were declinging the terms we want to logout user and tell the javascript
if ($declineTOU) {
App::get('auth')->logout();
echo json_encode(array('loggedout' => true));
return;
}
if ($no_html) {
// Output JSON
echo json_encode(array('success' => true));
exit;
}
// Redirect
App::redirect(Route::url('index.php?option=' . $this->_option . ($id ? '&id=' . $id . '&active=profile' : '')));
}
/**
* Save changes to a profile
* Outputs JSON when called via AJAX, redirects to profile otherwise
*
* @return string JSON
*/
public function saveTask()
{
// Check if they are logged in
if (User::isGuest()) {
return false;
}
Request::checkToken(array('get', 'post'));
$no_html = Request::getVar("no_html", 0);
// Incoming user ID
$id = Request::getInt('id', 0, 'post');
// Do we have an ID?
if (!$id) {
App::abort(404, Lang::txt('MEMBERS_NO_ID'));
return;
}
// Incoming profile edits
$p = Request::getVar('profile', array(), 'post', 'none', 2);
$n = Request::getVar('name', array(), 'post');
$a = Request::getVar('access', array(), 'post');
// Load the profile
$profile = \Hubzero\User\Profile::getInstance($id);
$oldemail = $profile->get('email');
if ($n) {
$profile->set('givenName', trim($n['first']));
$profile->set('middleName', trim($n['middle']));
$profile->set('surname', trim($n['last']));
$name = trim($n['first']) . ' ';
$name .= trim($n['middle']) != '' ? trim($n['middle']) . ' ' : '';
$name .= trim($n['last']);
$profile->set('name', $name);
}
if (isset($p['bio'])) {
$profile->set('bio', trim($p['bio']));
}
if (is_array($a) && count($a) > 0) {
foreach ($a as $k => $v) {
$v = intval($v);
if (!in_array($v, array(0, 1, 2, 3, 4))) {
$v = 0;
}
$profile->setParam('access_' . $k, $v);
}
}
if (isset($p['public'])) {
$profile->set('public', $p['public']);
}
// Set some post data for the xregistration class
$tags = trim(Request::getVar('tags', ''));
if (isset($tags)) {
Request::setVar('interests', $tags, 'post');
}
// Instantiate a new \Components\Members\Models\Registration
$xregistration = new \Components\Members\Models\Registration();
$xregistration->loadPOST();
// Push the posted data to the profile
// Note: this is done before the required fields check so, if we need to display the edit form, it'll show all the new changes
if (!is_null($xregistration->_registration['email'])) {
$profile->set('email', $xregistration->_registration['email']);
// Unconfirm if the email address changed
if ($oldemail != $xregistration->_registration['email']) {
// Get a new confirmation code
$confirm = \Components\Members\Helpers\Utility::genemailconfirm();
$profile->set('emailConfirmed', $confirm);
}
}
if (!is_null($xregistration->_registration['countryresident'])) {
$profile->set('countryresident', $xregistration->_registration['countryresident']);
}
if (!is_null($xregistration->_registration['countryorigin'])) {
$profile->set('countryorigin', $xregistration->_registration['countryorigin']);
}
if (!is_null($xregistration->_registration['nativetribe'])) {
$profile->set('nativeTribe', $xregistration->_registration['nativetribe']);
}
if ($xregistration->_registration['org'] != '') {
$profile->set('organization', $xregistration->_registration['org']);
} elseif ($xregistration->_registration['orgtext'] != '') {
$profile->set('organization', $xregistration->_registration['orgtext']);
}
if (!is_null($xregistration->_registration['web'])) {
$profile->set('url', $xregistration->_registration['web']);
}
if (!is_null($xregistration->_registration['phone'])) {
$profile->set('phone', $xregistration->_registration['phone']);
}
if (!is_null($xregistration->_registration['orgtype'])) {
$profile->set('orgtype', $xregistration->_registration['orgtype']);
}
if (!is_null($xregistration->_registration['sex'])) {
$profile->set('gender', $xregistration->_registration['sex']);
}
if (!is_null($xregistration->_registration['disability'])) {
$profile->set('disability', $xregistration->_registration['disability']);
}
if (!is_null($xregistration->_registration['hispanic'])) {
$profile->set('hispanic', $xregistration->_registration['hispanic']);
}
if (!is_null($xregistration->_registration['race'])) {
$profile->set('race', $xregistration->_registration['race']);
}
if (!is_null($xregistration->_registration['mailPreferenceOption'])) {
$profile->set('mailPreferenceOption', $xregistration->_registration['mailPreferenceOption']);
}
if (!is_null($xregistration->_registration['usageAgreement'])) {
$profile->set('usageAgreement', $xregistration->_registration['usageAgreement']);
}
if (!is_null($xregistration->_registration['orcid'])) {
$profile->set('orcid', $xregistration->_registration['orcid']);
}
$field_to_check = Request::getVar("field_to_check", array());
// Check that required fields were filled in properly
if (!$xregistration->check('edit', $profile->get('uidNumber'), $field_to_check)) {
if (!$no_html) {
$this->_task = 'edit';
$this->editTask($xregistration, $profile);
return;
} else {
echo json_encode($xregistration);
exit;
}
}
//are we declining the terms of use
//if yes we want to set the usage agreement to 0 and profile to private
$declineTOU = Request::getVar('declinetou', 0);
if ($declineTOU) {
$profile->set('public', 0);
$profile->set('usageAgreement', 0);
}
// Set the last modified datetime
$profile->set('modifiedDate', Date::toSql());
// Save the changes
if (!$profile->update()) {
App::abort(500, $profile->getError());
return false;
}
// Process tags
if (isset($tags) && in_array('interests', $field_to_check)) {
$mt = new \Components\Members\Models\Tags($id);
$mt->setTags($tags, $id);
}
$email = $profile->get('email');
$name = $profile->get('name');
// Make sure certain changes make it back to the user table
if ($id > 0) {
$user = User::getInstance($id);
$jname = $user->get('name');
$jemail = $user->get('email');
if ($name != trim($jname)) {
$user->set('name', $name);
}
if ($email != trim($jemail)) {
$user->set('email', $email);
}
if ($name != trim($jname) || $email != trim($jemail)) {
if (!$user->save()) {
App::abort(500, Lang::txt($user->getError()));
return false;
}
}
// Update session if name is changing
if ($n && $user->get('name') != App::get('session')->get('user')->get('name')) {
$suser = App::get('session')->get('user');
$user->set('name', $suser->get('name'));
}
// Update session if email is changing
if ($user->get('email') != App::get('session')->get('user')->get('email')) {
$suser = App::get('session')->get('user');
$user->set('email', $suser->get('email'));
// add item to session to mark that the user changed emails
// this way we can serve profile images for these users but not all
// unconfirmed users
$session = App::get('session');
$session->set('userchangedemail', 1);
}
}
// Send a new confirmation code AFTER we've successfully saved the changes to the e-mail address
if ($email != $oldemail) {
$this->_message = $this->_sendConfirmationCode($profile->get('username'), $email, $confirm);
}
//if were declinging the terms we want to logout user and tell the javascript
if ($declineTOU) {
App::get('auth')->logout();
echo json_encode(array('loggedout' => true));
return;
}
if (!$no_html) {
// Redirect
App::redirect(Route::url('index.php?option=' . $this->_option . ($id ? '&id=' . $id . '&active=profile' : '')), $this->_message);
} else {
// Output JSON
echo json_encode(array('success' => true));
}
}
