예제 #1
0
/**
 * Set the user's password to the given string, encoded as appropriate
 *
 * @param integer $p_user_id         A valid user identifier.
 * @param string  $p_password        A password to set.
 * @param boolean $p_allow_protected Whether Allow password change to a protected account. This defaults to false.
 * @return boolean always true
 */
function user_set_password($p_user_id, $p_password, $p_allow_protected = false)
{
    if (!$p_allow_protected) {
        user_ensure_unprotected($p_user_id);
    }
    # When the password is changed, invalidate the cookie to expire sessions that
    # may be active on all browsers.
    $c_cookie_string = auth_generate_unique_cookie_string();
    $c_password = auth_process_plain_password($p_password);
    $t_query = 'UPDATE {user}
				  SET password='******', cookie_string=' . db_param() . '
				  WHERE id=' . db_param();
    db_query($t_query, array($c_password, $c_cookie_string, (int) $p_user_id));
    return true;
}
예제 #2
0
function user_set_password($p_user_id, $p_password, $p_allow_protected = false)
{
    if (!$p_allow_protected) {
        user_ensure_unprotected($p_user_id);
    }
    $t_email = user_get_field($p_user_id, 'email');
    $t_username = user_get_field($p_user_id, 'username');
    # When the password is changed, invalidate the cookie to expire sessions that
    # may be active on all browsers.
    $t_seed = $t_email . $t_username;
    $c_cookie_string = db_prepare_string(auth_generate_unique_cookie_string($t_seed));
    $c_user_id = db_prepare_int($p_user_id);
    $c_password = db_prepare_string(auth_process_plain_password($p_password));
    $c_user_table = config_get('mantis_user_table');
    $query = "UPDATE {$c_user_table}\n\t\t\t\t  SET password='******',\n\t\t\t\t  cookie_string='{$c_cookie_string}'\n\t\t\t\t  WHERE id='{$c_user_id}'";
    db_query($query);
    #db_query() errors on failure so:
    return true;
}
예제 #3
0
function user_create($p_username, $p_password, $p_email = '', $p_access_level = null, $p_protected = false, $p_enabled = true, $p_realname = '')
{
    if (null === $p_access_level) {
        $p_access_level = config_get('default_new_account_access_level');
    }
    $t_password = auth_process_plain_password($p_password);
    $c_username = db_prepare_string($p_username);
    $c_realname = db_prepare_string($p_realname);
    $c_password = db_prepare_string($t_password);
    $c_email = db_prepare_string($p_email);
    $c_access_level = db_prepare_int($p_access_level);
    $c_protected = db_prepare_bool($p_protected);
    $c_enabled = db_prepare_bool($p_enabled);
    user_ensure_name_valid($p_username);
    user_ensure_name_unique($p_username);
    user_ensure_realname_valid($p_realname);
    user_ensure_realname_unique($p_username, $p_realname);
    email_ensure_valid($p_email);
    $t_seed = $p_email . $p_username;
    $t_cookie_string = auth_generate_unique_cookie_string($t_seed);
    $t_user_table = config_get('mantis_user_table');
    $query = "INSERT INTO {$t_user_table}\n\t\t\t\t    ( username, email, password, date_created, last_visit,\n\t\t\t\t     enabled, access_level, login_count, cookie_string, realname )\n\t\t\t\t  VALUES\n\t\t\t\t    ( '{$c_username}', '{$c_email}', '{$c_password}', " . db_now() . "," . db_now() . ",\n\t\t\t\t     {$c_enabled}, {$c_access_level}, 0, '{$t_cookie_string}', '{$c_realname}')";
    db_query($query);
    # Create preferences for the user
    $t_user_id = db_insert_id($t_user_table);
    user_pref_set_default($t_user_id);
    # Users are added with protected set to FALSE in order to be able to update
    # preferences.  Now set the real value of protected.
    if ($c_protected) {
        user_set_field($t_user_id, 'protected', 1);
    }
    # Send notification email
    if (!is_blank($p_email)) {
        $t_confirm_hash = auth_generate_confirm_hash($t_user_id);
        email_signup($t_user_id, $p_password, $t_confirm_hash);
    }
    return $t_cookie_string;
}
예제 #4
0
/**
 * Set the user's password to the given string, encoded as appropriate
 *
 * @param int $p_user_id User ID
 * @param string $p_password Password
 * @param bool $p_allow_protected Allow password change to protected accounts [optional - default false]
 * @return bool always true
 */
function user_set_password($p_user_id, $p_password, $p_allow_protected = false)
{
    if (!$p_allow_protected) {
        user_ensure_unprotected($p_user_id);
    }
    $t_email = user_get_field($p_user_id, 'email');
    $t_username = user_get_field($p_user_id, 'username');
    # When the password is changed, invalidate the cookie to expire sessions that
    # may be active on all browsers.
    $c_cookie_string = auth_generate_unique_cookie_string();
    $c_user_id = db_prepare_int($p_user_id);
    $c_password = auth_process_plain_password($p_password);
    $c_user_table = db_get_table('user');
    $query = "UPDATE {$c_user_table}\n\t\t\t\t  SET password="******",\n\t\t\t\t  cookie_string=" . db_param() . "\n\t\t\t\t  WHERE id=" . db_param();
    db_query_bound($query, array($c_password, $c_cookie_string, $c_user_id));
    # db_query errors on failure so:
    return true;
}
예제 #5
0
 public function put($request)
 {
     /**
      * 	Updates the user.
      *
      *      @param $request - The Request we're responding to
      */
     $this->user_id = User::get_mantis_id_from_url($request->url);
     if (!access_has_global_level(config_get('manage_user_threshold')) && auth_get_current_user_id() != $this->user_id) {
         throw new HTTPException(403, "Access denied to edit user {$this->user_id}'s info");
     }
     $this->populate_from_repr($request->body);
     # Do some validation on the inputs (from Mantis's user_create())
     $username = db_prepare_string($this->rsrc_data['username']);
     $realname = db_prepare_string($this->rsrc_data['realname']);
     $password = db_prepare_string($this->rsrc_data['password']);
     $email = db_prepare_string($this->rsrc_data['email']);
     $access_level = db_prepare_int(get_string_to_enum(config_get('access_levels_enum_string'), $this->rsrc_data['access_level']));
     $protected = db_prepare_bool($this->rsrc_data['protected']);
     $enabled = db_prepare_bool($this->rsrc_data['enabled']);
     user_ensure_name_valid($username);
     user_ensure_realname_valid($realname);
     user_ensure_realname_unique($username, $realname);
     email_ensure_valid($email);
     # The cookie string is based on email and username, so if either of those changed,
     # we have to change the cookie string.
     $user_row = user_get_row($this->user_id);
     $username_key = array_key_exists('username', $user_row) ? 'username' : 1;
     $email_key = array_key_exists('email', $user_row) ? 'email' : 3;
     $cookie_string_key = array_key_exists('cookie_string', $user_row) ? 'cookie_string' : 13;
     if ($user_row[$username_key] != $username || $user_row[$email_key] != $email) {
         $seed = $email . $username;
         $cookie_string = auth_generate_unique_cookie_string($seed);
     } else {
         $cookie_string = $user_row[$cookie_string_key];
     }
     $password_hash = auth_process_plain_password($password);
     $user_table = config_get('mantis_user_table');
     $query = "UPDATE  {$user_table}\n\t\t\t\tSET username = '******',\n\t\t\t\t    realname = '{$realname}',\n\t\t\t\t    email = '{$email}',\n\t\t\t\t    password = '******',\n\t\t\t\t    enabled = {$enabled},\n\t\t\t\t    protected = {$protected},\n\t\t\t\t    access_level = {$access_level},\n\t\t\t\t    cookie_string = '{$cookie_string}'\n\t\t\t\tWHERE id = {$this->user_id};";
     db_query($query);
     $resp = new Response();
     $resp->status = 204;
     return $resp;
 }