/** * Verify Email * * Controller for the User Account module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 */ function verify_email() { $app = \Slim\Slim::getInstance(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/user_account.class.php"; $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $get_data = $app->request()->get() ? $app->request()->get() : false; $message = array(); // SELECT this user from the database $statement = $db_resource->prepare("SELECT user_account_email\n ,first_name\n ,last_name\n ,emailed_hash\n FROM user_account\n WHERE user_account_email = :user_account_email\n AND emailed_hash = :emailed_hash\n AND active = 0"); $statement->bindValue(":user_account_email", $get_data['user_account_email'], PDO::PARAM_STR); $statement->bindValue(":emailed_hash", $get_data['emailed_hash'], PDO::PARAM_STR); $statement->execute(); $data = $statement->fetch(PDO::FETCH_ASSOC); $error = $db_resource->errorInfo(); if ($error[0] != "00000") { die('The SELECT FROM user_account failed.'); } if ($data) { // UPDATE this user account to be active $statement = $db_resource->prepare("UPDATE user_account\n SET active = 1\n WHERE user_account_email = :user_account_email\n AND emailed_hash = :emailed_hash"); $statement->bindValue(":user_account_email", $get_data['user_account_email'], PDO::PARAM_STR); $statement->bindValue(":emailed_hash", $get_data['emailed_hash'], PDO::PARAM_STR); $statement->execute(); $error = $db_resource->errorInfo(); if ($error[0] != "00000") { die('The UPDATE user_account active flag.'); } $message["success"] = "Email address verification was successful."; } else { $message["failed"] = "Email address verification failed. Do you already have an active account?"; } $app->render('verify_email.php', array("page_title" => "Email Address Verification", "hide_page_header" => true, "message" => $message)); }
/** * Show Register Form * * Controller for the Authenticate module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 */ function show_register_form() { $app = \Slim\Slim::getInstance(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $final_global_template_vars["default_module_list"]["user_account"]["absolute_path_to_this_module"] . "/models/user_account.class.php"; require_once $final_global_template_vars["default_module_list"]["register_account"]["absolute_path_to_this_module"] . "/models/register_account.class.php"; require_once $final_global_template_vars["default_module_list"]["group"]["absolute_path_to_this_module"] . "/models/group.class.php"; $env = $app->environment(); $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $user_account = new \PHPSkeleton\UserAccount($db_resource, $final_global_template_vars["session_key"]); $register_account = new \PHPSkeleton\RegisterAccount($db_resource, $final_global_template_vars["session_key"]); $group = new \PHPSkeleton\Group($db_resource, $final_global_template_vars["session_key"]); $needs_group = true; // Check to see if they are already registered (group selected). // If they are already registered, don't let them register again. $is_registered = $register_account->is_registered($_SESSION[$final_global_template_vars["session_key"]]["user_account_id"]); // Check to see if this user is already assigned to a group - they may have been added by another administrator. $current_groups = $user_account->get_user_account_groups($_SESSION[$final_global_template_vars["session_key"]]["user_account_id"]); if ($current_groups) { $needs_group = false; } $group_hierarchy = $group->get_group_hierarchy("--"); $flat_group_hierarchy = $group->flatten_group_hierarchy($group_hierarchy); $app->render('register_form.php', array("page_title" => false, "hide_side_nav" => true, "is_registered" => $is_registered, "groups" => $flat_group_hierarchy, "needs_group" => $needs_group, "submitted_data" => $app->request()->post(), "errors" => !empty($env["default_validation_errors"]) ? $env["default_validation_errors"] : false)); }
/** * Insert/Update Group * * Controller for the Group module. * * @param \Slim\Route $route The route data array * @return void */ function insert_update_group(\Slim\Route $route) { $app = \Slim\Slim::getInstance(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/group.class.php"; require_once $_SERVER["PATH_TO_VENDOR"] . "wixel/gump/gump.class.php"; // URL parameters matched in the route. $params = $route->getParams(); $group_id = isset($params["group_id"]) ? $params["group_id"] : false; $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $group = new \PHPSkeleton\Group($db_resource, $final_global_template_vars["session_key"]); $gump = new GUMP(); $rules = array("name" => "required", "abbreviation" => "required|alpha_numeric", "state" => "alpha_numeric", "zip" => "numeric|exact_len,5", "group_parent" => "numeric"); $validated = $gump->validate($app->request()->post(), $rules); $errors = array(); if ($validated !== true) { $errors = \phpskeleton\models\utility::gump_parse_errors($validated); } if (!$errors) { $group->insert_update_group($app->request()->post(), $group_id); // If group_id is true, then the group was modified. Otherwise, it was created. if ($group_id) { $app->flash('message', 'The group has been successfully modified.'); } else { $app->flash('message', 'New group has been successfully created.'); } $app->redirect($final_global_template_vars["path_to_this_module"]); } else { $env = $app->environment(); $env["default_validation_errors"] = $errors; } }
/** * Submit Registration * * Controller for the Authenticate module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 * @param array $route The route data array */ function submit_registration(\Slim\Route $route) { $app = \Slim\Slim::getInstance(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $final_global_template_vars["default_module_list"]["user_account"]["absolute_path_to_this_module"] . "/models/user_account.class.php"; require_once $final_global_template_vars["default_module_list"]["group"]["absolute_path_to_this_module"] . "/models/group.class.php"; require_once $_SERVER["PATH_TO_VENDOR"] . "wixel/gump/gump.class.php"; $env = $app->environment(); $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $user_account = new \PHPSkeleton\UserAccount($db_resource, $final_global_template_vars["session_key"]); $gump = new GUMP(); $errors = array(); $user_account_id = $_SESSION[$final_global_template_vars["session_key"]]["user_account_id"]; // Check to see if this user is already assigned to a group - they may have been added by another administrator. $current_groups = $user_account->get_user_account_groups($user_account_id); if (!$current_groups) { // Validate the group that they submitted. $rules = array("group" => "required|integer"); $validated = $gump->validate($app->request()->post(), $rules); if ($validated !== true) { $errors = \phpskeleton\models\utility::gump_parse_errors($validated); } } // Validate the acceptable use policy. $rules = array("acceptable_use_policy" => "required|integer"); $validated = $gump->validate($app->request()->post(), $rules); if ($validated !== true) { $errors = array_merge($errors, \phpskeleton\models\utility::gump_parse_errors($validated)); } if (!$errors) { // Create the actual user account. $user_data = array("group_data" => '{"0":{"group_id":"' . $app->request()->post("group") . '","roles":["' . $final_global_template_vars["default_role_id"] . '"]}}'); $update_groups = !empty($current_groups) ? false : true; // Get the existing user account info. $existing_user_data = $user_account->get_user_account_info($user_account_id); // Merge the data. $user_data = array_merge($user_data, $existing_user_data); // Insert/update $user_account->insert_update_user_account($user_data, $user_account_id, $update_groups); // Update acceptable use policy. $user_account->update_acceptable_use_policy($user_account_id, 1); $landing_page = $final_global_template_vars['landing_page']; if (isset($_COOKIE[$final_global_template_vars["redirect_cookie_key"]]) && $_COOKIE[$final_global_template_vars["redirect_cookie_key"]]) { $landing_page = $_COOKIE[$final_global_template_vars["redirect_cookie_key"]]; setcookie($final_global_template_vars["redirect_cookie_key"], "", time() - 3600, "/"); unset($_COOKIE[$final_global_template_vars["redirect_cookie_key"]]); } // Add role list to session. $_SESSION[$final_global_template_vars["session_key"]][$final_global_template_vars["current_user_roles_session_key"]] = \phpskeleton\models\utility::array_flatten($user_account->get_user_roles_list($user_account_id)); // Add group to session. $_SESSION[$final_global_template_vars["session_key"]]["associated_groups"] = array((int) $app->request()->post("group")); $app->redirect($landing_page); } else { $env["default_validation_errors"] = $errors; } }
/** * Show User Account Form * * Controller for the User Account module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 * @param int $user_account_id The user account id */ function show_user_account_form($user_account_id = false) { $app = \Slim\Slim::getInstance(); $env = $app->environment(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/user_account.class.php"; require_once $final_global_template_vars["default_module_list"]["group"]["absolute_path_to_this_module"] . "/models/group.class.php"; $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $useraccount = new \PHPSkeleton\UserAccount($db_resource, $final_global_template_vars["session_key"]); $group = new \PHPSkeleton\Group($db_resource, $final_global_template_vars["session_key"]); $post = $app->request()->post(); $address_data = array(); // Check to see if user has permissions to access all accounts. $has_permission = array_intersect($_SESSION[$final_global_template_vars["session_key"]]["user_role_list"], $final_global_template_vars["role_perm_manage_all_accounts_access"]); $role_perm_manage_all_accounts_access = empty($has_permission) ? false : true; // Redirect if user does not have permissions to access all accounts. if (!$role_perm_manage_all_accounts_access && (int) $user_account_id != $_SESSION[$final_global_template_vars["session_key"]]["user_account_id"]) { $app->flash('message', 'Access denied.'); $app->redirect("/authenticate/access_denied"); } $current_group_values = $useraccount->get_user_group_roles_map((int) $user_account_id, $final_global_template_vars["proxy_id"]); $roles = $useraccount->get_roles($final_global_template_vars["exclude_ids_from_selector"]); $group_hierarchy = $group->get_group_hierarchy("--"); $flat_group_hierarchy = $group->flatten_group_hierarchy($group_hierarchy); foreach ($flat_group_hierarchy as $array_key => &$single_group_info) { $single_group_info["admin"] = false; $show_all = array_intersect($_SESSION[$final_global_template_vars["session_key"]]["user_role_list"], $final_global_template_vars["role_perm_assign_user_account_to_any_group"]); if (!empty($show_all)) { $single_group_info["admin"] = true; } else { $group_roles = $useraccount->has_role($_SESSION[$final_global_template_vars["session_key"]]["user_account_id"], $final_global_template_vars["administrator_id"], $single_group_info["group_id"]); if (!empty($group_roles)) { $single_group_info["admin"] = true; } } } $has_permission = array_intersect($_SESSION[$final_global_template_vars["session_key"]]["user_role_list"], $final_global_template_vars["role_perm_modify_own_groups"]); $role_perm_modify_own_groups = empty($has_permission) ? false : true; $current_user_account_info = $useraccount->get_user_account_info((int) $user_account_id); $user_account_info = $post ? $post : $useraccount->get_user_account_info((int) $user_account_id); $address_fields = array("label", "address_1", "address_2", "city", "state", "zip"); if (isset($post["address_count"]) && !empty($post["address_count"])) { for ($i = 1; $i <= count($post["address_count"]); $i++) { foreach ($address_fields as $field) { $address_data[$i - 1][$field] = $post[$field][$i]; } } } else { $address_data = $useraccount->get_addresses((int) $user_account_id); } $app->render('user_account_form.php', array("page_title" => "Manage User Account", "address_data" => $address_data, "role_perm_modify_own_groups" => $role_perm_modify_own_groups, "roles" => $roles, "groups" => $flat_group_hierarchy, "current_user_account_info" => $current_user_account_info, "account_info" => $user_account_info, "user_account_groups" => $current_group_values, "errors" => isset($env["default_validation_errors"]) ? $env["default_validation_errors"] : false)); }
/** * Delete Group * * Controller for the Group module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 */ function delete_group() { $app = \Slim\Slim::getInstance(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/group.class.php"; $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $group = new \PHPSkeleton\Group($db_resource, $final_global_template_vars["session_key"]); $delete_ids = json_decode($app->request()->post("id")); foreach ($delete_ids as $single_id) { $group->delete_group($single_id); } }
/** * Find User Account * * Controller for the User Account module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 */ function find_user_account() { $app = \Slim\Slim::getInstance(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/user_account.class.php"; $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $useraccount = new \PHPSkeleton\UserAccount($db_resource, $final_global_template_vars["session_key"]); $search = $app->request()->get("q"); $results = $useraccount->find_user_account($search); echo json_encode($results); die; }
/** * Datatables Browse Groups * * Controller for the Group module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 */ function datatables_browse_groups() { $app = \Slim\Slim::getInstance(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/group.class.php"; $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $group = new \PHPSkeleton\Group($db_resource, $final_global_template_vars["session_key"]); $search = $app->request()->post('search'); $search_value = !empty($search["value"]) ? $search["value"] : false; $data = $group->browse_groups(false, $app->request()->post('order'), $app->request()->post('start'), $app->request()->post('length'), $search_value); echo json_encode($data); die; }
/** * Check Local Account * * Controller for the Authenticate module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 */ function check_local_account() { $app = \Slim\Slim::getInstance(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $final_global_template_vars["default_module_list"]["user_account"]["absolute_path_to_this_module"] . "/models/register_account.class.php"; $env = $app->environment(); $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $register_account = new \PHPSkeleton\RegisterAccount($db_resource, $final_global_template_vars["session_key"]); if (!empty($_SESSION[$final_global_template_vars["session_key"]]) && empty($env["default_validation_errors"])) { // Check to see if the author has a role in the system and is registered (AUP). $local_user_account = $register_account->is_registered($_SESSION[$final_global_template_vars["session_key"]]['user_account_id']); if (!$local_user_account) { $app->redirect($final_global_template_vars["path_to_this_module"] . "/register"); } } }
/** * Datatables Browse User Accounts * * Controller for the User Account module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 */ function datatables_browse_user_accounts() { $app = \Slim\Slim::getInstance(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/user_account.class.php"; $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $useraccount = new \PHPSkeleton\UserAccount($db_resource, $final_global_template_vars["session_key"]); // Determine if user can manage all accounts. If not, limit the query to only the user's user_account_id. $has_permission = array_intersect($_SESSION[$final_global_template_vars["session_key"]]["user_role_list"], $final_global_template_vars["role_perm_manage_all_accounts_access"]); $role_perm_manage_all_accounts_access = empty($has_permission) ? false : true; $user_account_id = !$role_perm_manage_all_accounts_access ? $_SESSION[$final_global_template_vars["session_key"]]["user_account_id"] : false; $search = $app->request()->post('search'); $search_value = !empty($search["value"]) ? $search["value"] : false; $data = $useraccount->browse_user_accounts(false, $app->request()->post('order'), $app->request()->post('start'), $app->request()->post('length'), $search_value, $user_account_id); echo json_encode($data); die; }
/** * Show Login Form * * Controller for the Authenticate module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 */ function show_login_form() { $app = \Slim\Slim::getInstance(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $final_global_template_vars["default_module_list"]["user_account"]["absolute_path_to_this_module"] . "/models/user_account.class.php"; $env = $app->environment(); $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $user_account = new \PHPSkeleton\UserAccount($db_resource, $final_global_template_vars["session_key"]); if (empty($env["default_validation_errors"]) && $_SERVER['REQUEST_METHOD'] == "POST") { $landing_page = $final_global_template_vars['landing_page']; if (isset($_COOKIE[$final_global_template_vars["redirect_cookie_key"]]) && $_COOKIE[$final_global_template_vars["redirect_cookie_key"]] && $_COOKIE[$final_global_template_vars["redirect_cookie_key"]] != "/") { $landing_page = $_COOKIE[$final_global_template_vars["redirect_cookie_key"]]; setcookie($final_global_template_vars["redirect_cookie_key"], "", time() - 3600, "/"); unset($_COOKIE[$final_global_template_vars["redirect_cookie_key"]]); } // Add role list to session. $_SESSION[$final_global_template_vars["session_key"]][$final_global_template_vars["current_user_roles_session_key"]] = \phpskeleton\models\utility::array_flatten($user_account->get_user_roles_list($_SESSION[$final_global_template_vars["session_key"]]["user_account_id"])); // Add group list to session. $tmp_array = array(); $_SESSION[$final_global_template_vars["session_key"]]["associated_groups"] = \phpskeleton\models\utility::array_flatten($user_account->get_user_account_groups($_SESSION[$final_global_template_vars["session_key"]]["user_account_id"]), $tmp_array, 'group_id'); // Landing page exceptions. switch ($landing_page) { // If coming from the register page, set the $app->redirect() to the "/dashboard". case "/user_account/register/": $app->redirect("/dashboard"); break; // If coming from the home page, set the $app->redirect() to the "/dashboard". // If coming from the home page, set the $app->redirect() to the "/dashboard". case "/": $app->redirect("/dashboard"); break; // Otherwise, set the $app->redirect() to the value of the $landing_page variable. // Otherwise, set the $app->redirect() to the value of the $landing_page variable. default: $app->redirect($landing_page); } } // If logged in, don't render the login form. if (isset($_SESSION[$final_global_template_vars["session_key"]])) { $app->redirect("/dashboard/"); } $app->render('login_form.php', array("page_title" => "Login", "hide_page_header" => true, "errors" => !empty($env["default_validation_errors"]) ? $env["default_validation_errors"] : false)); }
/** * Show Group Form * * Controller for the Group module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 * @param int $group_id The group id */ function show_group_form($group_id = false) { $app = \Slim\Slim::getInstance(); $env = $app->environment(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/group.class.php"; $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $group = new \PHPSkeleton\Group($db_resource, $final_global_template_vars["session_key"]); $group_hierarchy = $group->get_group_hierarchy("--"); $flat_group_hierarchy = $group->flatten_group_hierarchy($group_hierarchy); $current_values = false; if ($app->request()->post()) { $current_values = $app->request()->post(); } elseif ($group_id) { $current_values = $group->get_group_record($group_id); } $title = $group_id ? "Update" : "Create"; $app->render('group_form.php', array("page_title" => "{$title} Group", "group_data" => $current_values, "groups" => $flat_group_hierarchy, "errors" => isset($env["default_validation_errors"]) ? $env["default_validation_errors"] : false)); }
/** * Authenticate User * * Controller for the Authenticate module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 */ function authenticate_user() { $app = \Slim\Slim::getInstance(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $_SERVER["PATH_TO_VENDOR"] . "wixel/gump/gump.class.php"; require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/authenticate.class.php"; $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $authenticate = new \PHPSkeleton\Authenticate($db_resource, $final_global_template_vars["session_key"]); $gump = new GUMP(); $rules = array("user_account_email" => "valid_email", "password" => "min_len,6"); $validated = $gump->validate($app->request()->post(), $rules); if ($validated === true) { $validated = array(array("field" => "user_account_email", "value" => "", "rule" => "")); // Query the database for the user_account_email and password. try { $local_validated = $authenticate->authenticate_local($app->request()->post('user_account_email'), $app->request()->post('password')); } catch (Exception $e) { $local_validated = false; } if ($local_validated) { $validated = true; session_regenerate_id(); foreach ($final_global_template_vars["auth_session_keys"] as $single_key) { $_SESSION[$final_global_template_vars["session_key"]][$single_key] = $local_validated[$single_key]; } // Log the successful login attempt. $authenticate->log_login_attempt($local_validated["user_account_email"], "succeeded"); } } if ($validated === true) { // The show_login_form.php redirects to the redirect cookie key instead of doing it here. } else { // Log the failed login attempt. $authenticate->log_login_attempt($app->request()->post("user_account_email"), "failed"); $env = $app->environment(); $env["default_validation_errors"] = $validated; } }
/** * Update Password * * Controller for the User Account module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 */ function update_password() { $app = \Slim\Slim::getInstance(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $_SERVER["PATH_TO_VENDOR"] . "wixel/gump/gump.class.php"; require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/register_account.class.php"; require_once $final_global_template_vars["default_module_list"]["authenticate"]["absolute_path_to_this_module"] . "/models/authenticate.class.php"; require_once $_SERVER["PATH_TO_VENDOR"] . "phpmailer/phpmailer/PHPMailerAutoload.php"; $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $register_account = new \PHPSkeleton\RegisterAccount($db_resource, $final_global_template_vars["session_key"]); $authenticate = new \PHPSkeleton\Authenticate($db_resource, $final_global_template_vars["session_key"]); $gump = new GUMP(); $mail = new PHPMailer(); $post = $app->request()->post() ? $app->request()->post() : false; $account_email_exists = false; // Is the email address in the database? if ($post) { $account_email_exists = $register_account->account_email_exists($post["user_account_email"]); if (!$account_email_exists) { $app->flash('message', 'The entered email address was not found in our database.'); $app->redirect($final_global_template_vars["path_to_this_module"] . "/password/"); } } $rules = array(); if ($account_email_exists) { $rules = array("user_account_password" => "required|max_len,100|min_len,6", "password_check" => "required|max_len,100|min_len,6"); } $validated = $gump->validate($post, $rules); if ($post["user_account_password"] != $post["password_check"]) { $validated_password_check = array("field" => "user_account_password_check", "value" => null, "rule" => "validate_required"); if (is_array($validated)) { array_push($validated, $validated_password_check); } else { $validated = array($validated_password_check); } } $errors = array(); if ($validated !== true) { $errors = \phpskeleton\models\utility::gump_parse_errors($validated); } if (isset($errors["user_account_password_check"])) { $errors["user_account_password_check"] = "Passwords did not match."; } // If there are no errors, process posted data and email to user if (empty($errors) && $post) { // Attempt to update the user_account_password and set the account to active (returns boolean) $updated = $register_account->update_password($authenticate->generate_hashed_password($post["user_account_password"]), $account_email_exists['user_account_id'], $post["emailed_hash"]); if ($updated) { // Prepare the email... // The email subject. $subject = 'Your Password Has Been Reset'; // The message. $message = '<h2>Your Password Has Been Reset</h2> <hr> <p>If you did not execute this change, please contact the site administrator as soon as possible.</p>'; // For the ability to send emails from an AWS EC2 instance // If you need this functionality, you can configure the settings accordingly in /default_global_settings.php if ($final_global_template_vars["hosting_vendor"] && $final_global_template_vars["hosting_vendor"] == "aws_ec2") { $email = array(); require_once $final_global_template_vars["path_to_smtp_settings"]; // SMTP Settings $mail = new PHPMailer(); $mail->IsSMTP(); $mail->SMTPAuth = $email['settings']['smtpauth']; $mail->SMTPSecure = $email['settings']['smtpsecure']; $mail->Host = $email['settings']['host']; $mail->Username = $email['settings']['username']; $mail->Password = $email['settings']['password']; } // From (verified email address). $mail->SetFrom($final_global_template_vars["send_emails_from"], $final_global_template_vars["site_name"] . ' Accounts'); // Subject $mail->Subject = $subject; $mail->MsgHTML($message); // Recipient $mail->AddAddress($post['user_account_email']); // Send the email. $mail->Send(); $app->flash('message', 'Your password has been reset.'); $app->redirect($final_global_template_vars["path_to_this_module"] . "/password/"); } else { $app->flash('message', 'Processing failed.'); $app->redirect($final_global_template_vars["path_to_this_module"] . "/password/"); } } else { $app->flash('message', $errors["user_account_password"]); $app->redirect($final_global_template_vars["path_to_this_module"] . "/reset/?user_account_email=" . $account_email_exists['user_account_email'] . "&emailed_hash=" . $post["emailed_hash"]); } }
/** * Insert/Update User Account * * Controller for the User Account module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 * @param array $route The route data array */ function insert_update_user_account(\Slim\Route $route) { $app = \Slim\Slim::getInstance(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/user_account.class.php"; require_once $final_global_template_vars["default_module_list"]["group"]["absolute_path_to_this_module"] . "/models/group.class.php"; require_once $final_global_template_vars["default_module_list"]["authenticate"]["absolute_path_to_this_module"] . "/models/authenticate.class.php"; require_once $_SERVER["PATH_TO_VENDOR"] . "wixel/gump/gump.class.php"; // URL parameters matched in the route. $params = $route->getParams(); $user_account_id = isset($params["user_account_id"]) ? $params["user_account_id"] : false; $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $useraccount = new \PHPSkeleton\UserAccount($db_resource, $final_global_template_vars["session_key"]); $group = new \PHPSkeleton\Group($db_resource, $final_global_template_vars["session_key"]); $authenticate = new \PHPSkeleton\Authenticate($db_resource, $final_global_template_vars["session_key"]); $post = $app->request()->post(); $errors = false; $gump = new GUMP(); $rules_password = array(); $rules = array("first_name" => "required|alpha_numeric", "last_name" => "required|alpha_numeric", "user_account_email" => "required|valid_email"); if (isset($post["user_account_password"]) && !empty($post["user_account_password"])) { $rules_password = array("user_account_password" => "max_len,100|min_len,6", "password_check" => "required|max_len,100|min_len,6"); } $rules = array_merge($rules, $rules_password); $validated = $gump->validate($post, $rules); if ($post["user_account_password"] != $post["password_check"]) { $validated_password_check = array("field" => "user_account_password_check", "value" => null, "rule" => "validate_required"); if (is_array($validated)) { array_push($validated, $validated_password_check); } else { $validated = array($validated_password_check); } } $errors = array(); if ($validated !== true) { $errors = \phpskeleton\models\utility::gump_parse_errors($validated); } if (isset($errors["user_account_password_check"])) { $errors["user_account_password_check"] = "Passwords did not match."; } $has_permission = array_intersect($_SESSION[$final_global_template_vars["session_key"]]["user_role_list"], $final_global_template_vars["role_perm_manage_all_accounts_access"]); $role_perm_manage_all_accounts_access = empty($has_permission) ? false : true; if (!empty($post) && $role_perm_manage_all_accounts_access) { $current_group_values = $useraccount->get_user_group_roles_map($user_account_id, $final_global_template_vars["proxy_id"]); $proposed_group_value = json_decode($post["group_data"], true); $changes = array(); $current_group_role_array = array(); $proposed_group_role_array = array(); foreach ($proposed_group_value as $single_group_info) { foreach ($single_group_info["roles"] as $single_role_id) { $tmp_array = array("group_id" => $single_group_info["group_id"], "role_id" => $single_role_id); $proposed_group_role_array[] = json_encode($tmp_array); } } if (is_array($current_group_values) && !empty($current_group_values)) { foreach ($current_group_values as $single_group_info) { foreach ($single_group_info["roles"] as $single_role_id) { $tmp_array = array("group_id" => $single_group_info["group_id"], "role_id" => $single_role_id); $current_group_role_array[] = json_encode($tmp_array); } } } $changes = array_diff($proposed_group_role_array, $current_group_role_array); $changes = array_merge($changes, array_diff($current_group_role_array, $proposed_group_role_array)); /** * Check to see if the user is trying to hack the system and add a role they are not able to. **/ foreach ($changes as $single_change) { $single_change_array = json_decode($single_change, true); $show_all = array_intersect($_SESSION[$final_global_template_vars["session_key"]]["user_role_list"], $final_global_template_vars["role_perm_assign_user_account_to_any_group"]); if (!empty($show_all)) { // This user can add any group to any user. } else { $group_roles = $useraccount->has_role($_SESSION[$final_global_template_vars["session_key"]]["user_account_id"], $final_global_template_vars["administrator_id"], $single_change_array["group_id"]); if (empty($group_roles)) { $failed_group = $group->get_group_record($single_change_array["group_id"]); $errors[] = "You are not able to administor group: " . $failed_group["name"]; } } } // Check to see if the user is trying to add a role to a group they are not able to. foreach ($changes as $single_change) { $single_change_array = json_decode($single_change, true); if (in_array($single_change_array["role_id"], $final_global_template_vars["exclude_ids_from_selector"])) { $errors[] = "You are not able to administer that role."; } } } if (!$errors) { // Hash the incoming password (with some salt). if (!empty($post["user_account_password"])) { $post["user_account_password"] = $authenticate->generate_hashed_password($post["user_account_password"]); } $useraccount->insert_update_user_account($post, $user_account_id, true, $final_global_template_vars["proxy_id"], $role_perm_manage_all_accounts_access); $useraccount->insert_addresses($post, $user_account_id, $_SESSION[$final_global_template_vars["session_key"]]["user_account_id"]); $app->flash('message', 'Account successfully updated.'); if ($role_perm_manage_all_accounts_access) { $app->redirect($final_global_template_vars["path_to_this_module"]); } else { $app->redirect($final_global_template_vars["path_to_this_module"] . "/manage/" . $user_account_id); } } else { $env = $app->environment(); $env["default_validation_errors"] = $errors; } }
/** * Reset Password * * Controller for the User Account module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 */ function reset_password() { $app = \Slim\Slim::getInstance(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/register_account.class.php"; require_once $_SERVER["PATH_TO_VENDOR"] . "phpmailer/phpmailer/PHPMailerAutoload.php"; $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $register_account = new \PHPSkeleton\RegisterAccount($db_resource, $final_global_template_vars["session_key"]); $mail = new PHPMailer(); $posted_data = $app->request()->post() ? $app->request()->post() : false; $account_email_exists = false; // Is the email address in the database? if ($posted_data) { $account_email_exists = $register_account->account_email_exists($posted_data["user_account_email"]); if (!$account_email_exists) { $app->flash('message', 'The entered email address was not found in our database.'); $app->redirect($final_global_template_vars["path_to_this_module"] . "/password/"); } } // If there are no errors, process posted data and email to user if ($account_email_exists && $posted_data) { $emailed_hash = md5(rand(0, 1000)); // Attempt to update the emailed_hash and set account to inactive (returns boolean) $updated = $register_account->update_emailed_hash($account_email_exists['user_account_id'], $emailed_hash); if ($updated) { // Prepare the email... // The email subject. $subject = 'Reset Password'; // The message, including the link. $message = '<h2>Reset Your Password</h2> <hr> <p>Please click this link to reset your password:<br /> <a href="http://' . $_SERVER["SERVER_NAME"] . '/user_account/reset/?user_account_email=' . $account_email_exists['user_account_email'] . '&emailed_hash=' . $emailed_hash . '">http://' . $_SERVER["SERVER_NAME"] . '/user_account/reset/?user_account_email=' . $account_email_exists['user_account_email'] . '&emailed_hash=' . $emailed_hash . '</a></p>'; // For the ability to send emails from an AWS EC2 instance... // If you need this functionality, you can configure the settings accordingly in /default_global_settings.php if ($final_global_template_vars["hosting_vendor"] && $final_global_template_vars["hosting_vendor"] == "aws_ec2") { $email = array(); require_once $final_global_template_vars["path_to_smtp_settings"]; // SMTP Settings $mail->IsSMTP(); $mail->SMTPAuth = $email['settings']['smtpauth']; $mail->SMTPSecure = $email['settings']['smtpsecure']; $mail->Host = $email['settings']['host']; $mail->Username = $email['settings']['username']; $mail->Password = $email['settings']['password']; } // From (verified email address). $mail->SetFrom($final_global_template_vars["send_emails_from"], $final_global_template_vars["site_name"] . ' Accounts'); // Subject $mail->Subject = $subject; // Message $mail->MsgHTML($message); // Recipient $mail->AddAddress($posted_data['user_account_email']); // Send the email. $mail->Send(); $app->flash('message', 'Thank you. Further instructions are being sent to your email address.'); } else { $app->flash('message', 'Processing failed.'); } $app->redirect($final_global_template_vars["path_to_this_module"] . "/password/"); } }
/** * Form * * Controller for the Web App Installer module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 */ function form() { $app = \Slim\Slim::getInstance(); $env = $app->environment(); $final_global_template_vars = $app->config('final_global_template_vars'); // Redirect to the installer if database variables aren't present, and if we aren't already there. if (isset($final_global_template_vars["db_connection"]["name"]) && isset($final_global_template_vars["db_connection"]["host"]) && isset($final_global_template_vars["db_connection"]["user"]) && isset($final_global_template_vars["db_connection"]["password"]) && $_SERVER["REQUEST_URI"] == "/webapp_installer/") { header("Location: " . $final_global_template_vars["login_url"] . "/"); exit; } require_once $_SERVER["PATH_TO_VENDOR"] . "wixel/gump/gump.class.php"; $gump = new GUMP(); $data = $posted_data = $app->request()->post() ? $app->request()->post() : false; // GUMP validation rules $rules = array("user_account_email" => "required", "user_account_password" => "required", "first_name" => "required", "last_name" => "required", "application_name" => "required", "session_key" => "required", "cname" => "required", "database_host" => "required", "database_name" => "required", "database_username" => "required", "database_password" => "required"); // Validation using GUMP if ($posted_data) { $validated = array(); $errors = array(); $validated = $gump->validate($posted_data, $rules); if ($validated !== true) { $errors = \phpskeleton\models\utility::gump_parse_errors($validated); } if ($errors) { $env = $app->environment(); $env["default_validation_errors"] = $errors; } } $default_validation_errors = isset($env["default_validation_errors"]) ? $env["default_validation_errors"] : false; // If there are no errors, begin the second round of checks if (!$default_validation_errors && $posted_data) { // Check to see if the database user exists $link = @mysqli_connect($posted_data['database_host'], $posted_data['database_username'], $posted_data['database_password']); if (!$link) { // die('Could not connect to the database. Please check your parameters.'); $app->flash('message', 'Could not connect to the database. Please check your parameters.'); $app->redirect($final_global_template_vars["path_to_this_module"]); } // Next, check to see if the database exists by making $posted_data['database_name'] the current db $db_selected = mysqli_select_db($link, $posted_data['database_name']); if (!$db_selected) { // die('Cannot use the "'.$posted_data['database_name'].'" database. Does it exist?'); $app->flash('message', 'Cannot use the "' . $posted_data['database_name'] . '" database. Does it exist?'); $app->redirect($final_global_template_vars["path_to_this_module"]); } // If there are no MYSQL errors, overwrite the default_global_settings.php file $file_name = "default_global_settings.php"; $original_file = file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name); $parsed = str_replace('#~site_name~#', '"site_name" => "' . $posted_data['application_name'] . '",', $original_file); $parsed = str_replace('#~session_key~#', ',"session_key" => "' . $posted_data['session_key'] . '"', $parsed); $parsed = str_replace('#~name~#', '"name" => ($_SERVER["IS_DEV"] == "true") ? "' . $posted_data['database_name'] . '" : "' . $posted_data['database_name'] . '"', $parsed); $parsed = str_replace('#~host~#', ',"host" => "' . $posted_data['database_host'] . '"', $parsed); $parsed = str_replace('#~user~#', ',"user" => "' . $posted_data['database_username'] . '"', $parsed); $parsed = str_replace('#~password~#', ',"password" => "' . $posted_data['database_password'] . '",', $parsed); $parsed = str_replace('#~admin_emails~#', ',"admin_emails" => "' . $posted_data['user_account_email'] . '",', $parsed); unlink($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name); $file_handle = fopen($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name, 'w') or die("can't open file"); fwrite($file_handle, $parsed); fclose($file_handle); chmod($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name, 0664); // Overwrite the .htaccess file $file_name = ".htaccess"; $original_file = file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name); $parsed = str_replace('"^([^\\.]*)\\.com$"', $posted_data['cname'], $original_file); unlink($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name); $file_handle = fopen($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name, 'w') or die("can't open file"); fwrite($file_handle, $parsed); fclose($file_handle); chmod($_SERVER['DOCUMENT_ROOT'] . '/' . $file_name, 0664); // Build the database tables $db_vars = array("name" => $posted_data['database_name'], "host" => $posted_data['database_host'], "user" => $posted_data['database_username'], "password" => $posted_data['database_password']); $db_conn = new \PHPSkeleton\models\db($db_vars); $db = $db_conn->get_resource(); require_once $final_global_template_vars["default_module_list"]["authenticate"]["absolute_path_to_this_module"] . "/models/authenticate.class.php"; $authenticate = new \PHPSkeleton\Authenticate($db, $final_global_template_vars["session_key"]); $statement = $db->prepare("CREATE TABLE `user_account` (\n `user_account_id` int(10) NOT NULL AUTO_INCREMENT,\n `user_account_email` varchar(255) NOT NULL,\n `user_account_password` varchar(255) NOT NULL,\n `first_name` varchar(255) NOT NULL,\n `last_name` varchar(255) NOT NULL,\n `acceptable_use_policy` int(1) DEFAULT NULL,\n `active` int(1) NOT NULL DEFAULT '0',\n `emailed_hash` varchar(255) DEFAULT NULL,\n `created_date` datetime DEFAULT NULL,\n `modified_date` datetime DEFAULT NULL,\n PRIMARY KEY (`user_account_id`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table stores user accounts'"); $statement->execute(); $error = $db->errorInfo(); if ($error[0] != "00000") { var_dump($db->errorInfo()); die('CREATE TABLE `user_account` failed.'); } // INSERT this user into the user_account table $statement = $db->prepare("INSERT INTO user_account\n (user_account_email, user_account_password, first_name, last_name, acceptable_use_policy, created_date, active)\n VALUES ( :user_account_email, :user_account_password, :first_name, :last_name, 1, NOW(), 1 )"); $statement->bindValue(":user_account_email", $posted_data['user_account_email'], PDO::PARAM_STR); $statement->bindValue(":user_account_password", $authenticate->generate_hashed_password($posted_data['user_account_password']), PDO::PARAM_STR); $statement->bindValue(":first_name", $posted_data['first_name'], PDO::PARAM_STR); $statement->bindValue(":last_name", $posted_data['last_name'], PDO::PARAM_STR); $statement->execute(); $error = $db->errorInfo(); if ($error[0] != "00000") { var_dump($db->errorInfo()); die('The INSERT INTO user_account failed.'); } $last_inserted_user_account_id = $db->lastInsertId(); $statement = $db->prepare("CREATE TABLE `user_account_addresses` (\n `user_account_addresses_id` int(11) NOT NULL AUTO_INCREMENT,\n `user_account_id` int(11) NOT NULL,\n `address_label` varchar(100) NOT NULL DEFAULT '',\n `address_1` varchar(50) DEFAULT NULL,\n `address_2` varchar(50) DEFAULT NULL,\n `city` varchar(50) NOT NULL DEFAULT '',\n `state` char(2) NOT NULL DEFAULT '',\n `zip` varchar(10) NOT NULL,\n `date_created` datetime NOT NULL,\n `created_by_user_account_id` int(11) NOT NULL,\n `last_modified` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00' ON UPDATE CURRENT_TIMESTAMP,\n `last_modified_user_account_id` int(11) NOT NULL,\n `primary` tinyint(1) NOT NULL DEFAULT '0',\n `active` tinyint(1) NOT NULL DEFAULT '1',\n PRIMARY KEY (`user_account_addresses_id`),\n KEY `created_by_user_account_id` (`created_by_user_account_id`),\n KEY `last_modified_user_account_id` (`last_modified_user_account_id`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table stores user account addresses'"); $statement->execute(); $error = $db->errorInfo(); if ($error[0] != "00000") { var_dump($db->errorInfo()); die('CREATE TABLE `user_account_addresses` failed.'); } $statement = $db->prepare("CREATE TABLE `group` (\n `group_id` int(11) NOT NULL AUTO_INCREMENT,\n `name` varchar(100) NOT NULL DEFAULT '',\n `abbreviation` varchar(10) NOT NULL DEFAULT '',\n `description` mediumtext NOT NULL,\n `address_1` varchar(50) DEFAULT NULL,\n `address_2` varchar(50) DEFAULT NULL,\n `city` varchar(50) NOT NULL DEFAULT '',\n `state` char(2) NOT NULL DEFAULT '',\n `zip` varchar(10) NOT NULL,\n `date_created` datetime NOT NULL,\n `created_by_user_account_id` int(11) NOT NULL,\n `last_modified` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00' ON UPDATE CURRENT_TIMESTAMP,\n `last_modified_user_account_id` int(11) NOT NULL,\n `active` tinyint(1) NOT NULL DEFAULT '1',\n PRIMARY KEY (`group_id`),\n KEY `created_by_user_account_id` (`created_by_user_account_id`),\n KEY `last_modified_user_account_id` (`last_modified_user_account_id`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table stores groups for user accounts'"); $statement->execute(); $error = $db->errorInfo(); if ($error[0] != "00000") { var_dump($db->errorInfo()); die('CREATE TABLE `group` failed.'); } $statement = $db->prepare("INSERT INTO `group` (\n `group_id`\n ,`name`\n ,`abbreviation`\n ,`description`\n ,`address_1`\n ,`address_2`\n ,`city`\n ,`state`\n ,`zip`\n ,`date_created`\n ,`created_by_user_account_id`\n ,`last_modified`\n ,`last_modified_user_account_id`\n ,`active`\n )\n VALUES (1\n ,'Global Group'\n ,'GLOBAL'\n ,'Global Web App Group'\n ,'ADDRESS PLACEHOLDER'\n ,''\n ,'CITY PLACEHOLDER'\n ,'STATE PLACEHOLDER'\n ,'12345'\n ,NOW()\n ,:user_account_id\n ,NOW()\n ,:user_account_id\n ,1)\n "); $statement->bindValue(":user_account_id", $last_inserted_user_account_id, PDO::PARAM_INT); $statement->execute(); $error = $db->errorInfo(); if ($error[0] != "00000") { var_dump($db->errorInfo()); die('The INSERT INTO `group` failed.'); } $statement = $db->prepare("CREATE TABLE `group_closure_table` (\n `ancestor` int(10) NOT NULL DEFAULT '0',\n `descendant` int(10) NOT NULL DEFAULT '0',\n `pathlength` int(10) NOT NULL DEFAULT '0',\n PRIMARY KEY (`ancestor`,`descendant`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table was from the guidance of Mr. Bill Karwin'"); $statement->execute(); $error = $db->errorInfo(); if ($error[0] != "00000") { var_dump($db->errorInfo()); die('The CREATE TABLE `group_closure_table` failed.'); } $statement = $db->prepare("INSERT INTO `group_closure_table` (\n `ancestor`\n ,`descendant`\n ,`pathlength`\n )\n VALUES (1,1,0)\n "); $statement->execute(); $error = $db->errorInfo(); if ($error[0] != "00000") { var_dump($db->errorInfo()); die('The INSERT INTO `group_closure_table` failed.'); } $statement = $db->prepare("CREATE TABLE `user_account_groups` (\n `role_id` int(10) NOT NULL DEFAULT '0',\n `user_account_id` int(10) NOT NULL DEFAULT '0',\n `group_id` int(10) NOT NULL DEFAULT '0',\n `user_account_groups_id` int(10) NOT NULL AUTO_INCREMENT,\n PRIMARY KEY (`user_account_groups_id`),\n KEY `role_id` (`role_id`),\n KEY `user_account_id` (`user_account_id`),\n KEY `group_id` (`group_id`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table stores user account groups'"); $statement->execute(); $error = $db->errorInfo(); if ($error[0] != "00000") { var_dump($db->errorInfo()); die('CREATE TABLE `user_account_groups` failed.'); } $statement = $db->prepare("CREATE TABLE `user_account_proxy` (\n `user_account_groups_id` int(10) NOT NULL DEFAULT '0',\n `proxy_user_account_id` int(10) NOT NULL DEFAULT '0',\n PRIMARY KEY (`user_account_groups_id`,`proxy_user_account_id`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table stores user account proxy users'"); $statement->execute(); $error = $db->errorInfo(); if ($error[0] != "00000") { var_dump($db->errorInfo()); die('CREATE TABLE `user_account_proxy` failed.'); } $statement = $db->prepare("CREATE TABLE `user_account_roles` (\n `role_id` int(10) NOT NULL AUTO_INCREMENT,\n `label` varchar(50) DEFAULT NULL,\n PRIMARY KEY (`role_id`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table stores user account roles'"); $statement->execute(); $error = $db->errorInfo(); if ($error[0] != "00000") { var_dump($db->errorInfo()); die('CREATE TABLE `user_account_roles` failed.'); } $statement = $db->prepare("INSERT INTO `user_account_roles` (`role_id`,`label`)\n VALUES\n (1, 'Administrator'),\n (2, 'Author'),\n (3, 'Proxy'),\n (4, 'Editor'),\n (5, 'Manager'),\n (6, 'Universal Administrator')\n "); $statement->execute(); $error = $db->errorInfo(); if ($error[0] != "00000") { var_dump($db->errorInfo()); die('The INSERT INTO `user_account_roles` failed.'); } // INSERT this user into the user_account_groups table with "Universal Administrator" privileges $statement = $db->prepare("INSERT INTO user_account_groups\n (role_id, user_account_id, group_id)\n VALUES ( 6, :user_account_id, 1 ), ( 1, :user_account_id, 1 )"); $statement->bindValue(":user_account_id", $last_inserted_user_account_id, PDO::PARAM_INT); $statement->execute(); $error = $db->errorInfo(); if ($error[0] != "00000") { var_dump($db->errorInfo()); die('The INSERT INTO user_account_groups failed.'); } $statement = $db->prepare("CREATE TABLE `login_attempt` (\n `login_attempt_id` int(11) NOT NULL AUTO_INCREMENT,\n `user_account_email` varchar(255) NOT NULL,\n `ip_address` varchar(255) NOT NULL DEFAULT '0',\n `result` varchar(255) DEFAULT NULL,\n `page` varchar(255) DEFAULT NULL,\n `created_date` datetime DEFAULT NULL,\n PRIMARY KEY (`login_attempt_id`)\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='This table is used to log login attempts'"); $statement->execute(); $error = $db->errorInfo(); if ($error[0] != "00000") { var_dump($db->errorInfo()); die('The CREATE TABLE `login_attempt` failed.'); } // Don't return the user account password and the CSRF key value. unset($data['user_account_password']); unset($data['csrf_key']); $data['success_message'] = 'installed'; } if (!$posted_data) { $data['cname'] = $_SERVER['SERVER_NAME']; $data['database_host'] = 'localhost'; } $app->render('form.php', array("page_title" => "Web Application Installer", "hide_page_header" => true, "path_to_this_module" => $final_global_template_vars["path_to_this_module"], "errors" => $default_validation_errors, "data" => $data)); }
/** * Insert User Account * * Controller for the User Account module. * * @author Goran Halusa <*****@*****.**> * @since 0.1.0 */ function insert_user_account() { $app = \Slim\Slim::getInstance(); $env = $app->environment(); $final_global_template_vars = $app->config('final_global_template_vars'); require_once $_SERVER["PATH_TO_VENDOR"] . "wixel/gump/gump.class.php"; require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/user_account.class.php"; require_once $final_global_template_vars["absolute_path_to_this_module"] . "/models/register_account.class.php"; require_once $final_global_template_vars["default_module_list"]["authenticate"]["absolute_path_to_this_module"] . "/models/authenticate.class.php"; require_once $_SERVER["PATH_TO_VENDOR"] . "phpmailer/phpmailer/PHPMailerAutoload.php"; $db_conn = new \PHPSkeleton\models\db($final_global_template_vars["db_connection"]); $db_resource = $db_conn->get_resource(); $useraccount = new \PHPSkeleton\UserAccount($db_resource, $final_global_template_vars["session_key"]); $register_account = new \PHPSkeleton\RegisterAccount($db_resource, $final_global_template_vars["session_key"]); $authenticate = new \PHPSkeleton\Authenticate($db_resource, $final_global_template_vars["session_key"]); $gump = new GUMP(); $mail = new PHPMailer(); $errors = false; $posted_data = $app->request()->post() ? $app->request()->post() : false; $account_email_exists = $register_account->account_email_exists($posted_data["user_account_email"]); if ($account_email_exists) { $app->flash('message', 'It looks like you already have an account. Email address is already in use.'); $app->redirect($final_global_template_vars["path_to_this_module"] . "/register/"); } // GUMP validation rules $rules = array("user_account_email" => "required|valid_email", "user_account_password" => "required|max_len,100|min_len,6", "first_name" => "required|alpha_numeric", "last_name" => "required|alpha_numeric"); // Validation using GUMP if ($posted_data) { $validated = array(); $errors = array(); $validated = $gump->validate($posted_data, $rules); if ($validated !== true) { $errors = \phpskeleton\models\utility::gump_parse_errors($validated); } if ($errors) { $env = $app->environment(); $env["default_validation_errors"] = $errors; } } $default_validation_errors = isset($env["default_validation_errors"]) ? $env["default_validation_errors"] : false; // If there are no errors, process posted data and email to user if (!$default_validation_errors && $posted_data) { $emailed_hash = md5(rand(0, 1000)); // INSERT this user into the user_account table $statement = $db_resource->prepare("INSERT INTO user_account\n (user_account_email, user_account_password, first_name, last_name, acceptable_use_policy, created_date, active, emailed_hash)\n VALUES ( :user_account_email, :user_account_password, :first_name, :last_name, 1, NOW(), 0, :emailed_hash )"); $statement->bindValue(":user_account_email", $posted_data['user_account_email'], PDO::PARAM_STR); $statement->bindValue(":user_account_password", $authenticate->generate_hashed_password($posted_data['user_account_password']), PDO::PARAM_STR); $statement->bindValue(":first_name", $posted_data['first_name'], PDO::PARAM_STR); $statement->bindValue(":last_name", $posted_data['last_name'], PDO::PARAM_STR); $statement->bindValue(":emailed_hash", $emailed_hash, PDO::PARAM_STR); $statement->execute(); $error = $db_resource->errorInfo(); if ($error[0] != "00000") { die('The INSERT INTO user_account failed.'); } $last_inserted_user_account_id = $db_resource->lastInsertId(); // INSERT this user into the user_account_groups table with "Author" privileges $statement = $db_resource->prepare("INSERT INTO user_account_groups\n (role_id, user_account_id, group_id)\n VALUES ( 2, :user_account_id, 1 )"); $statement->bindValue(":user_account_id", $last_inserted_user_account_id, PDO::PARAM_INT); $statement->execute(); $error = $db_resource->errorInfo(); if ($error[0] != "00000") { die('The INSERT INTO user_account_groups failed.'); } // Send emails // Email setup for user $to = $posted_data['user_account_email']; // Send email to our user $subject = 'Signup | Verification'; // Give the email a subject $message = '<h2>Hello ' . $posted_data['first_name'] . '!</h2> <p>Your account has been created, you can login with the following credentials after you have activated your account by accessing the url below.</p> <hr> <p>Username: '******'user_account_email'] . '</p> <p>Password: (The password you submitted during the registration process.)</p> <hr> <p>Please click this link to activate your account:<br /> <a href="http://' . $_SERVER["SERVER_NAME"] . '/user_account/verify/?user_account_email=' . $posted_data['user_account_email'] . '&emailed_hash=' . $emailed_hash . '">http://' . $_SERVER["SERVER_NAME"] . '/user_account/verify/?user_account_email=' . $posted_data['user_account_email'] . '&emailed_hash=' . $emailed_hash . '</a></p>'; // Our message above including the link // Email setup for Universal Administrators // First, get all of the "Universal Administrator" email addresses $admin_emails = array(); $universal_administrator_emails = $useraccount->get_universal_administrator_emails(); // Create a comma-delimited list of email addresses if (is_array($universal_administrator_emails) && !empty($universal_administrator_emails)) { foreach ($universal_administrator_emails as $email) { array_push($admin_emails, $email["user_account_email"]); } } $subject_admins = 'New User Registration'; // Give the email a subject $message_admins = '<h2>New User</h2> <p>A new user has registered.</p> <h3>Details</h3> <p>Name: ' . $posted_data['first_name'] . ' ' . $posted_data['last_name'] . '</p> <p>Email: ' . $posted_data['user_account_email'] . '</p> <hr> <p><a href="http://' . $_SERVER["SERVER_NAME"] . '/authenticate/">Login to administer</a></p>'; // Our message above including the link // For the ability to send emails from an AWS EC2 instance // If you need this functionality, you can configure the settings accordingly in /default_global_settings.php if ($final_global_template_vars["hosting_vendor"] && $final_global_template_vars["hosting_vendor"] == "aws_ec2") { $email = array(); require_once $final_global_template_vars["path_to_smtp_settings"]; // SMTP Settings $mail->IsSMTP(); $mail->SMTPAuth = $email['settings']['smtpauth']; $mail->SMTPSecure = $email['settings']['smtpsecure']; $mail->Host = $email['settings']['host']; $mail->Username = $email['settings']['username']; $mail->Password = $email['settings']['password']; } // Send email to user $mail->SetFrom($final_global_template_vars["send_emails_from"], $final_global_template_vars["site_name"] . ' Accounts'); // From (verified email address) $mail->Subject = $subject; // Subject $mail->MsgHTML($message); $mail->AddAddress($to); // Recipient $mail->Send(); $mail->ClearAllRecipients(); // Send email to Universal Administrators // Subject $mail->Subject = $subject_admins; $mail->MsgHTML($message_admins); // Universal Admin recipients if (is_array($universal_administrator_emails) && !empty($universal_administrator_emails)) { foreach ($universal_administrator_emails as $email) { $mail->AddAddress($email["user_account_email"]); } $mail->Send(); $mail->ClearAllRecipients(); } } if (!$errors) { $app->flash('message', 'Account creation was successful. You will receive an email shortly with further instructions.'); $app->redirect($final_global_template_vars["path_to_this_module"] . "/register/"); } else { $env = $app->environment(); $env["default_validation_errors"] = $errors; } }
closedir($handle); } } // Changed from static call to instanciated due to PHP errors - by Gor, gor@webcraftr.com, 2013-07-16 // "PHP Strict Standards: Non-static method phpskeleton\models\utility::subvalue_sort() // should not be called statically in /vendor/default/autoload.php on line 169" $modules_list_array = $utility->subvalue_sort($modules_list_array, 'sort_order'); $final_global_template_vars["default_module_list"] = $modules_list_array; $final_global_template_vars["visible_module_count"] = $visible_module_count; foreach ($final_global_template_vars as $var_name => $var_value) { $twig->addGlobal($var_name, $var_value); } $twig->addGlobal("is_authenticated", isset($final_global_template_vars["session_key"]) && isset($_SESSION[$final_global_template_vars["session_key"]]) ? true : false); $twig->addGlobal("session", $_SESSION); $twig->addGlobal("request_uri", $_SERVER["REQUEST_URI"]); // Define routes. require_once $current_module_location . "/config/routes.php"; // Log page load. if (isset($final_global_template_vars["log_page_load"]) && $final_global_template_vars["log_page_load"]) { $app->hook('slim.after', function () use($app, $final_global_template_vars) { $log_params = array($_SERVER["REMOTE_ADDR"], $_SERVER["HTTP_USER_AGENT"], $_SERVER["HTTP_HOST"], $_SERVER["REQUEST_URI"], isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "", isset($_SESSION[$final_global_template_vars["session_key"]]) && isset($_SESSION[$final_global_template_vars["session_key"]]['cn']) ? $_SESSION[$final_global_template_vars["session_key"]]['cn'] : "", $final_global_template_vars["active_module"]); $log_db = new \PHPSkeleton\models\db($final_global_template_vars["core_framework_db"]); $log_db_resource = $log_db->get_resource(); $statement = $log_db_resource->prepare("\r\n INSERT INTO page_load\r\n (ip_address\r\n ,http_user_agent\r\n ,domain\r\n ,page\r\n ,created_date\r\n ,referer\r\n ,cn\r\n ,module)\r\n VALUES\r\n (?,?,?,?,NOW(),?,?,?)"); $statement->execute($log_params); $log_db->close_connection(); }); } $app->config('final_global_template_vars', $final_global_template_vars); // Run the app. $app->run();