/** * Save profile * * @return void */ private function _saveEntryData() { $isNew = !$this->_profile->get('uidNumber'); if (!isset($this->raw->password)) { $this->raw->password = null; } if ($isNew) { if (!$this->_profile->get('username')) { $valid = false; // Try to create from name $username = preg_replace('/[^a-z9-0_]/i', '', strtolower($this->_profile->get('name'))); if (\Hubzero\Utility\Validate::username($username)) { if (!$this->_usernameExists($username)) { $valid = true; } } // Try to create from portion preceeding @ in email address if (!$valid) { $username = strstr($this->_profile->get('email'), '@', true); if (\Hubzero\Utility\Validate::username($username)) { if ($this->_usernameExists($username)) { $valid = true; } } } // Try to create from whole email address if (!$valid) { for ($i = 0; $i <= 99; $i++) { $username = preg_replace('/[^a-z9-0_]/i', '', strtolower($this->_profile->get('name'))) . $i; if (\Hubzero\Utility\Validate::username($username)) { if ($this->_usernameExists($username)) { $valid = true; break; } } } } if ($valid) { $this->_profile->set('username', $username); } } if (!$this->raw->password) { //\Hubzero\User\Helper::random_password(); $this->raw->password = $this->_profile->get('username'); } $usersConfig = Component::params('com_users'); $newUsertype = $usersConfig->get('new_usertype'); if (!$newUsertype) { $db = \App::get('db'); $query = $db->getQuery(true)->select('id')->from('#__usergroups')->where('title = "Registered"'); $db->setQuery($query); $newUsertype = $db->loadResult(); } $user = User::getRoot(); $user->set('username', $this->_profile->get('username')); $user->set('name', $this->_profile->get('name')); $user->set('email', $this->_profile->get('email')); $user->set('id', 0); $user->set('groups', array($newUsertype)); $user->set('registerDate', Date::of('now')->toSql()); $user->set('password', $this->raw->password); $user->set('password_clear', $this->raw->password); $user->save(); $user->set('password_clear', ''); // Attempt to get the new user $profile = \Hubzero\User\Profile::getInstance($user->get('id')); $result = is_object($profile); // Did we successfully create an account? if ($result) { if (!$this->record->entry->get('emailConfirmed', null)) { $this->_profile->set('emailConfirmed', -rand(1, pow(2, 31) - 1)); } $this->_profile->set('uidNumber', $user->get('id')); $this->_profile->set('gidNumber', $profile->get('gidNumber')); if (!$this->_profile->get('homeDirectory')) { $this->_profile->set('homeDirectory', $profile->get('homeDirectory')); } if (!$this->_profile->get('loginShell')) { $this->_profile->set('loginShell', $profile->get('loginShell')); } if (!$this->_profile->get('ftpShell')) { $this->_profile->set('ftpShell', $profile->get('ftpShell')); } if (!$this->_profile->get('jobsAllowed')) { $this->_profile->set('jobsAllowed', $profile->get('jobsAllowed')); } } } if (!$this->_profile->store()) { throw new Exception(Lang::txt('Unable to save the entry data.')); } if ($password = $this->raw->password) { /*if ($isNew) { // We need to bypass any hashing $this->raw->password = '******'; \Hubzero\User\Password::changePasshash($this->_profile->get('uidNumber'), $password); } else {*/ \Hubzero\User\Password::changePassword($this->_profile->get('uidNumber'), $password); //} } \Hubzero\User\Password::expirePassword($this->_profile->get('uidNumber')); if ($isNew && $this->_options['emailnew'] == 1) { $eview = new \Hubzero\Component\View(array('base_path' => PATH_CORE . DS . 'components' . DS . 'com_members' . DS . 'site', 'name' => 'emails', 'layout' => 'confirm')); $eview->option = 'com_members'; $eview->controller = 'register'; $eview->sitename = Config::get('sitename'); $eview->login = $this->_profile->get('username'); $eview->name = $this->_profile->get('name'); $eview->registerDate = $this->_profile->get('registerDate'); $eview->confirm = $this->_profile->get('emailConfirmed'); $eview->baseURL = Request::base(); $msg = new \Hubzero\Mail\Message(); $msg->setSubject(Config::get('sitename') . ' ' . Lang::txt('COM_MEMBERS_REGISTER_EMAIL_CONFIRMATION'))->addTo($this->_profile->get('email'))->addFrom(Config::get('mailfrom'), Config::get('sitename') . ' Administrator')->addHeader('X-Component', 'com_members'); $message = $eview->loadTemplate(); $message = str_replace("\n", "\r\n", $message); $msg->addPart($message, 'text/plain'); $eview->setLayout('confirm_html'); $message = $eview->loadTemplate(); $message = str_replace("\n", "\r\n", $message); $msg->addPart($message, 'text/html'); if (!$msg->send()) { array_push($this->record->errors, Lang::txt('COM_MEMBERS_REGISTER_ERROR_EMAILING_CONFIRMATION')); } } }
/** * Create a user profile * * @apiMethod POST * @apiUri /members * @return void */ public function createTask() { $this->requiresAuthentication(); // Initialize new usertype setting $usersConfig = Component::params('com_users'); $newUsertype = $usersConfig->get('new_usertype'); if (!$newUsertype) { $db = App::get('db'); $query = $db->getQuery(true)->select('id')->from('#__usergroups')->where('title = "Registered"'); $db->setQuery($query); $newUsertype = $db->loadResult(); } // Incoming $user = User::getInstance(); $user->set('id', 0); $user->set('groups', array($newUsertype)); $user->set('registerDate', Date::toSql()); $user->set('name', Request::getVar('name', '', 'post')); if (!$user->get('name')) { App::abort(500, Lang::txt('No name provided.')); } $user->set('username', Request::getVar('username', '', 'post')); if (!$user->get('username')) { App::abort(500, Lang::txt('No username provided.')); } if (!\Hubzero\Utility\Validate::username($user->get('username'))) { App::abort(500, Lang::txt('Username not valid.')); } $user->set('email', Request::getVar('email', '', 'post')); if (!$user->get('email')) { App::abort(500, Lang::txt('No email provided.')); } if (!\Hubzero\Utility\Validate::email($user->get('email'))) { App::abort(500, Lang::txt('Email not valid.')); } $name = explode(' ', $user->get('name')); $surname = $user->get('name'); $givenName = ''; $middleName = ''; if (count($name) > 1) { $surname = array_pop($name); $givenName = array_shift($name); $middleName = implode(' ', $name); } // Set the new info $user->set('givenName', $givenName); $user->set('middleName', $middleName); $user->set('surname', $surname); $user->set('activation', -rand(1, pow(2, 31) - 1)); $user->set('access', 1); $user->set('password', $password); //$user->set('password_clear', $password); $result = $user->save(); $user->set('password_clear', ''); $user->set('password', ''); if ($result) { $result = \Hubzero\User\Password::changePassword($user->get('id'), $password); // Set password back here in case anything else down the line is looking for it $user->set('password', $password); $user->save(); } // Did we successfully create/update an account? if (!$result) { App::abort(500, Lang::txt('Account creation failed.')); } if ($groups = Request::getVar('groups', array(), 'post')) { foreach ($groups as $id) { $group = \Hubzero\User\Group::getInstance($id); if ($group) { if (!in_array($user->get('id'), $group->get('members'))) { $group->add('members', array($user->get('id'))); $group->update(); } } } } // Create a response object $response = new stdClass(); $response->id = $user->get('id'); $response->name = $user->get('name'); $response->email = $user->get('email'); $response->username = $user->get('username'); $this->send($response); }
/** * Create a new user * * @param integer $redirect Redirect to main listing? * @return void */ public function newTask($redirect = 1) { // Check for request forgeries Request::checkToken(); // Incoming profile edits $p = Request::getVar('profile', array(), 'post', 'none', 2); // Initialize new usertype setting $usersConfig = \Component::params('com_users'); $newUsertype = $usersConfig->get('new_usertype'); if (!$newUsertype) { $db = \App::get('db'); $query = $db->getQuery(true)->select('id')->from('#__usergroups')->where('title = "Registered"'); $db->setQuery($query); $newUsertype = $db->loadResult(); } // check that username & password are filled if (!Validate::username($p['username'])) { $this->setError(Lang::txt('COM_MEMBERS_MEMBER_USERNAME_INVALID')); $this->addTask(); return; } // check email is valid if (!Validate::email($p['email'])) { $this->setError(Lang::txt('COM_MEMBERS_MEMBER_EMAIL_INVALID')); $this->addTask(); return; } $name = trim($p['givenName']) . ' '; $name .= trim($p['middleName']) != '' ? trim($p['middleName']) . ' ' : ''; $name .= trim($p['surname']); $user = User::getRoot(); $user->set('username', trim($p['username'])); $user->set('name', $name); $user->set('email', trim($p['email'])); $user->set('id', 0); $user->set('groups', array($newUsertype)); $user->set('registerDate', Date::toSql()); $user->set('password', trim($p['password'])); $user->set('password_clear', trim($p['password'])); $user->save(); $user->set('password_clear', ''); // Attempt to get the new user $profile = Profile::getInstance($user->get('id')); $result = is_object($profile); // Did we successfully create an account? if ($result) { // Set the new info $profile->set('givenName', trim($p['givenName'])); $profile->set('middleName', trim($p['middleName'])); $profile->set('surname', trim($p['surname'])); $profile->set('name', $name); $profile->set('emailConfirmed', -rand(1, pow(2, 31) - 1)); $profile->set('public', 0); $profile->set('password', ''); $result = $profile->store(); } if ($result) { $result = \Hubzero\User\Password::changePassword($profile->get('uidNumber'), $p['password']); // Set password back here in case anything else down the line is looking for it $profile->set('password', $p['password']); $profile->store(); } // Did we successfully create/update an account? if (!$result) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), $user->getError(), 'error'); return; } // Redirect App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=edit&id[]=' . $profile->get('uidNumber'), false), Lang::txt('COM_MEMBERS_MEMBER_SAVED')); }
/** * Save an entry and return to main listing * * @return void */ public function saveTask() { // Check for request forgeries Request::checkToken(); if (!User::authorise('core.manage', $this->_option) && !User::authorise('core.admin', $this->_option) && !User::authorise('core.create', $this->_option) && !User::authorise('core.edit', $this->_option)) { App::abort(403, Lang::txt('JERROR_ALERTNOAUTHOR')); } // Incoming profile edits $fields = Request::getVar('fields', array(), 'post', 'none', 2); // Load the profile $user = Member::oneOrNew($fields['id']); // Get the user before changes so we can // compare how data changed later on $prev = clone $user; // Set the incoming data $user->set($fields); if ($user->isNew()) { $newUsertype = $this->config->get('new_usertype'); if (!$newUsertype) { $newUsertype = Accessgroup::oneByTitle('Registered')->get('id'); } $user->set('accessgroups', array($newUsertype)); // Check that username is filled if (!Validate::username($user->get('username'))) { Notify::error(Lang::txt('COM_MEMBERS_MEMBER_USERNAME_INVALID')); return $this->editTask($user); } // Check email is valid if (!Validate::email($user->get('email'))) { Notify::error(Lang::txt('COM_MEMBERS_MEMBER_EMAIL_INVALID')); return $this->editTask($user); } // Set home directory $hubHomeDir = rtrim($this->config->get('homedir'), '/'); if (!$hubHomeDir) { // try to deduce a viable home directory based on sitename or live_site $sitename = strtolower(Config::get('sitename')); $sitename = preg_replace('/^http[s]{0,1}:\\/\\//', '', $sitename, 1); $sitename = trim($sitename, '/ '); $sitename_e = explode('.', $sitename, 2); if (isset($sitename_e[1])) { $sitename = $sitename_e[0]; } if (!preg_match("/^[a-zA-Z]+[\\-_0-9a-zA-Z\\.]+\$/i", $sitename)) { $sitename = ''; } if (empty($sitename)) { $sitename = strtolower(Request::base()); $sitename = preg_replace('/^http[s]{0,1}:\\/\\//', '', $sitename, 1); $sitename = trim($sitename, '/ '); $sitename_e = explode('.', $sitename, 2); if (isset($sitename_e[1])) { $sitename = $sitename_e[0]; } if (!preg_match("/^[a-zA-Z]+[\\-_0-9a-zA-Z\\.]+\$/i", $sitename)) { $sitename = ''; } } $hubHomeDir = DS . 'home'; if (!empty($sitename)) { $hubHomeDir .= DS . $sitename; } } $user->set('homeDirectory', $hubHomeDir . DS . $user->get('username')); $user->set('loginShell', '/bin/bash'); $user->set('ftpShell', '/usr/lib/sftp-server'); $user->set('registerDate', Date::toSql()); } // Set the new info $user->set('givenName', preg_replace('/\\s+/', ' ', trim($fields['givenName']))); $user->set('middleName', preg_replace('/\\s+/', ' ', trim($fields['middleName']))); $user->set('surname', preg_replace('/\\s+/', ' ', trim($fields['surname']))); $name = array($user->get('givenName'), $user->get('middleName'), $user->get('surname')); $name = implode(' ', $name); $name = preg_replace('/\\s+/', ' ', $name); $user->set('name', $name); $user->set('modifiedDate', Date::toSql()); if ($ec = Request::getInt('activation', 0, 'post')) { $user->set('activation', $ec); } else { $user->set('activation', Helpers\Utility::genemailconfirm()); } // Can't block yourself if ($user->get('block') && $user->get('id') == User::get('id') && !User::get('block')) { Notify::error(Lang::txt('COM_USERS_USERS_ERROR_CANNOT_BLOCK_SELF')); return $this->editTask($user); } // Make sure that we are not removing ourself from Super Admin group $iAmSuperAdmin = User::authorise('core.admin'); if ($iAmSuperAdmin && User::get('id') == $user->get('id')) { // Check that at least one of our new groups is Super Admin $stillSuperAdmin = false; foreach ($fields['accessgroups'] as $group) { $stillSuperAdmin = $stillSuperAdmin ? $stillSuperAdmin : \JAccess::checkGroup($group, 'core.admin'); } if (!$stillSuperAdmin) { Notify::error(Lang::txt('COM_USERS_USERS_ERROR_CANNOT_DEMOTE_SELF')); return $this->editTask($user); } } // Save the changes if (!$user->save()) { Notify::error($user->getError()); return $this->editTask($user); } // Save profile data $profile = Request::getVar('profile', array(), 'post', 'none', 2); $access = Request::getVar('profileaccess', array(), 'post', 'none', 2); foreach ($profile as $key => $data) { if (isset($profile[$key]) && is_array($profile[$key])) { $profile[$key] = array_filter($profile[$key]); } if (isset($profile[$key . '_other']) && trim($profile[$key . '_other'])) { if (is_array($profile[$key])) { $profile[$key][] = $profile[$key . '_other']; } else { $profile[$key] = $profile[$key . '_other']; } unset($profile[$key . '_other']); } } if (!$user->saveProfile($profile, $access)) { Notify::error($user->getError()); return $this->editTask($user); } // Do we have a new pass? $newpass = trim(Request::getVar('newpass', '', 'post')); if ($newpass) { // Get password rules and validate $password_rules = \Hubzero\Password\Rule::all()->whereEquals('enabled', 1)->rows(); $validated = \Hubzero\Password\Rule::verify($newpass, $password_rules, $user->get('id')); if (!empty($validated)) { // Set error Notify::error(Lang::txt('COM_MEMBERS_PASSWORD_DOES_NOT_MEET_REQUIREMENTS')); $this->validated = $validated; $this->_task = 'apply'; } else { // Save password \Hubzero\User\Password::changePassword($user->get('username'), $newpass); } } $passinfo = \Hubzero\User\Password::getInstance($user->get('id')); if (is_object($passinfo)) { // Do we have shadow info to change? $shadowMax = Request::getInt('shadowMax', false, 'post'); $shadowWarning = Request::getInt('shadowWarning', false, 'post'); $shadowExpire = Request::getVar('shadowExpire', '', 'post'); if ($shadowMax || $shadowWarning || !is_null($passinfo->get('shadowExpire')) && empty($shadowExpire)) { if ($shadowMax) { $passinfo->set('shadowMax', $shadowMax); } if ($shadowExpire || !is_null($passinfo->get('shadowExpire')) && empty($shadowExpire)) { if (preg_match("/[0-9]{4}-[0-9]{2}-[0-9]{2}/", $shadowExpire)) { $shadowExpire = strtotime($shadowExpire) / 86400; $passinfo->set('shadowExpire', $shadowExpire); } elseif (preg_match("/[0-9]+/", $shadowExpire)) { $passinfo->set('shadowExpire', $shadowExpire); } elseif (empty($shadowExpire)) { $passinfo->set('shadowExpire', NULL); } } if ($shadowWarning) { $passinfo->set('shadowWarning', $shadowWarning); } $passinfo->update(); } } // Check for spam count $reputation = Request::getVar('spam_count', null, 'post'); if (!is_null($reputation)) { $user->reputation->set('spam_count', $reputation); $user->reputation->save(); } // Email the user that their account has been approved if (!$prev->get('approved') && $this->config->get('useractivation_email')) { if (!$this->emailApprovedUser($user)) { Notify::error(Lang::txt('COM_MEMBERS_ERROR_EMAIL_FAILED')); } } // Set success message Notify::success(Lang::txt('COM_MEMBERS_MEMBER_SAVED')); // Drop through to edit form? if ($this->getTask() == 'apply') { return $this->editTask($user); } // Redirect $this->cancelTask(); }
/** * Save profile * * @return void */ private function _saveEntryData() { $isNew = !$this->record->entry->get('id'); if (!isset($this->raw->password)) { $this->raw->password = null; } if ($isNew) { if (!$this->record->entry->get('username')) { $valid = false; // Try to create from name $username = preg_replace('/[^a-z9-0_]/i', '', strtolower($this->record->entry->get('name'))); if (Validate::username($username)) { if (!$this->_usernameExists($username)) { $valid = true; } } // Try to create from portion preceeding @ in email address if (!$valid) { $username = strstr($this->record->entry->get('email'), '@', true); if (Validate::username($username)) { if ($this->_usernameExists($username)) { $valid = true; } } } // Try to create from whole email address if (!$valid) { for ($i = 0; $i <= 99; $i++) { $username = preg_replace('/[^a-z9-0_]/i', '', strtolower($this->record->entry->get('name'))) . $i; if (Validate::username($username)) { if ($this->_usernameExists($username)) { $valid = true; break; } } } } if ($valid) { $this->record->entry->set('username', $username); } } if (!$this->raw->password) { $this->raw->password = $this->record->entry->get('username'); } $newUsertype = null; if (isset($this->raw->usertype)) { if (is_numeric($this->raw->usertype)) { $newUsertype = (int) $this->raw->usertype; } else { $db = \App::get('db'); $query = $db->getQuery(true)->select('id')->from('#__usergroups')->where('title=' . $db->quote($this->raw->usertype)); $db->setQuery($query); $newUsertype = (int) $db->loadResult(); } } if (!$newUsertype) { $usersConfig = Component::params('com_users'); $newUsertype = $usersConfig->get('new_usertype'); if (!$newUsertype) { $db = \App::get('db'); $query = $db->getQuery(true)->select('id')->from('#__usergroups')->where('title = "Registered"'); $db->setQuery($query); $newUsertype = $db->loadResult(); } } $d = Date::of('now'); if ($this->raw->registerDate) { try { $d = Date::of($this->raw->registerDate); } catch (Exception $e) { array_push($this->record->errors, $e->getMessage()); } } $this->record->entry->set('id', 0); $this->record->entry->set('accessgroups', array($newUsertype)); $this->record->entry->set('registerDate', $d->toSql()); $this->record->entry->set('password', $this->raw->password); if (!$this->record->entry->get('activation', null)) { $this->record->entry->set('activation', -rand(1, pow(2, 31) - 1)); } } if (!$this->record->entry->save()) { throw new Exception(Lang::txt('Unable to save the entry data.')); } if (!empty($this->_profile)) { if (!$this->record->entry->saveProfile($this->_profile)) { throw new Exception($this->record->entry->getError()); } } if ($this->raw->password) { \Hubzero\User\Password::changePassword($this->record->entry->get('id'), $this->raw->password); \Hubzero\User\Password::expirePassword($this->record->entry->get('id')); } if ($isNew && $this->_options['emailnew'] == 1) { $eview = new \Hubzero\Component\View(array('base_path' => PATH_CORE . DS . 'components' . DS . 'com_members' . DS . 'site', 'name' => 'emails', 'layout' => 'confirm')); $eview->option = 'com_members'; $eview->controller = 'register'; $eview->sitename = Config::get('sitename'); $eview->login = $this->record->entry->get('username'); $eview->name = $this->record->entry->get('name'); $eview->registerDate = $this->record->entry->get('registerDate'); $eview->confirm = $this->record->entry->get('activation'); $eview->baseURL = Request::base(); $msg = new \Hubzero\Mail\Message(); $msg->setSubject(Config::get('sitename') . ' ' . Lang::txt('COM_MEMBERS_REGISTER_EMAIL_CONFIRMATION'))->addTo($this->record->entry->get('email'))->addFrom(Config::get('mailfrom'), Config::get('sitename') . ' Administrator')->addHeader('X-Component', 'com_members'); $message = $eview->loadTemplate(); $message = str_replace("\n", "\r\n", $message); $msg->addPart($message, 'text/plain'); $eview->setLayout('confirm_html'); $message = $eview->loadTemplate(); $message = str_replace("\n", "\r\n", $message); $msg->addPart($message, 'text/html'); if (!$msg->send()) { array_push($this->record->errors, Lang::txt('COM_MEMBERS_REGISTER_ERROR_EMAILING_CONFIRMATION')); } } }