function usertemplates() { $clang = Yii::app()->lang; $postuserid = Yii::app()->request->getPost('uid'); // SUPERADMINS AND MANAGE_TEMPLATE USERS CAN SET THESE RIGHTS if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1 || Yii::app()->session['USER_RIGHT_MANAGE_TEMPLATE'] == 1) { $templaterights = array(); $tresult = Template::model()->findAll(); foreach ($tresult as $trow) { if (isset($_POST[$trow["folder"] . "_use"])) { $templaterights[$trow["folder"]] = 1; } else { $templaterights[$trow["folder"]] = 0; } } foreach ($templaterights as $key => $value) { $rights = Templates_rights::model()->findByPk(array('folder' => $key, 'uid' => $postuserid)); if (empty($rights)) { $rights = new Templates_rights(); $rights->uid = $postuserid; $rights->folder = $key; } $rights->use = $value; $uresult = $rights->save(); } if ($uresult !== false) { $aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect($clang->gT("Set template permissions"), $clang->gT("Template permissions were updated successfully."), "successheader"); } else { $aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect($clang->gT("Set template permissions"), $clang->gT("Error while updating usertemplates."), "warningheader"); } } else { die('access denied'); } $this->_renderWrappedTemplate('user', $aViewUrls); }
function hasTemplateManageRights($userid, $templatefolder) { $userid = sanitize_int($userid); $templatefolder = sanitize_paranoid_string($templatefolder); $criteria = new CDbCriteria(); $criteria->addColumnCondition(array('uid' => $userid)); $criteria->addSearchCondition('folder', $templatefolder); $query = Templates_rights::model()->find($criteria); //if ($result->RecordCount() == 0) return false; if (is_null($query)) { return false; } $row = $query; //$row = $result->FetchRow(); return $row["use"]; }
/** * Checks whether this user has correctly entered password or not * * @access public * @return bool */ public function authenticate($sOneTimePassword = '') { if (Yii::app()->getConfig("auth_webserver") == false || $this->username != "") { $user = User::model()->findByAttributes(array('users_name' => $this->username)); if ($user !== null) { if (gettype($user->password) == 'resource') { $sStoredPassword = stream_get_contents($user->password, -1, 0); // Postgres delivers bytea fields as streams :-o } else { $sStoredPassword = $user->password; } } else { $this->errorCode = self::ERROR_USERNAME_INVALID; return !$this->errorCode; } if ($sOneTimePassword != '' && Yii::app()->getConfig("use_one_time_passwords") && md5($sOneTimePassword) == $user->one_time_pw) { $user->one_time_pw = ''; $user->save(); $this->id = $user->uid; $this->user = $user; $this->errorCode = self::ERROR_NONE; } elseif ($sStoredPassword !== hash('sha256', $this->password)) { $this->errorCode = self::ERROR_PASSWORD_INVALID; } else { $this->id = $user->uid; $this->user = $user; $this->errorCode = self::ERROR_NONE; } } elseif (Yii::app()->getConfig("auth_webserver") === true && (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['LOGON_USER']))) { if (isset($_SERVER['PHP_AUTH_USER'])) { $sUser = $_SERVER['PHP_AUTH_USER']; } else { $sUser = $_SERVER['LOGON_USER']; $sUser = substr($sUser, strrpos($sUser, "\\") + 1); } $aUserMappings = Yii::app()->getConfig("auth_webserver_user_map"); if (isset($aUserMappings[$sUser])) { $sUser = $aUserMappings[$sUser]; } $oUser = User::model()->findByAttributes(array('users_name' => $sUser)); if (is_null($oUser)) { if (function_exists("hook_get_auth_webserver_profile")) { // If defined this function returns an array // describing the defaukt profile for this user $aUserProfile = hook_get_autouserprofile($sUser); } elseif (Yii::app()->getConfig("auth_webserver_autocreate_user")) { $aUserProfile = Yii::app()->getConfig("auth_webserver_autocreate_profile"); } } else { $this->id = $oUser->uid; $this->user = $oUser; $this->errorCode = self::ERROR_NONE; } if (Yii::app()->getConfig("auth_webserver_autocreate_user") && isset($aUserProfile) && is_null($oUser)) { // user doesn't exist but auto-create user is set $oUser = new User(); $oUser->users_name = $sUser; $oUser->password = hash('sha256', createPassword()); $oUser->full_name = $aUserProfile['full_name']; $oUser->parent_id = 1; $oUser->lang = $aUserProfile['lang']; $oUser->email = $aUserProfile['email']; $oUser->create_survey = $aUserProfile['create_survey']; $oUser->create_user = $aUserProfile['create_user']; $oUser->delete_user = $aUserProfile['delete_user']; $oUser->superadmin = $aUserProfile['superadmin']; $oUser->configurator = $aUserProfile['configurator']; $oUser->manage_template = $aUserProfile['manage_template']; $oUser->manage_label = $aUserProfile['manage_label']; if ($oUser->save()) { $aTemplates = explode(",", $aUserProfile['templatelist']); foreach ($aTemplates as $sTemplateName) { $oRecord = new Templates_rights(); $oRecord->uid = $oUser->uid; $oRecord->folder = trim($sTemplateName); $oRecord->use = 1; $oRecord->save(); } // read again user from newly created entry $this->id = $oUser->uid; $this->user = $oUser; $this->errorCode = self::ERROR_NONE; } else { $this->errorCode = self::ERROR_USERNAME_INVALID; } } } else { $this->errorCode = self::ERROR_USERNAME_INVALID; } return !$this->errorCode; }
/** * Function responsible to delete a template. * * @access public * @param string $templatename * @return void */ public function delete($templatename) { Yii::app()->loadHelper("admin/template"); if (is_template_editable($templatename) == true) { $clang = $this->getController()->lang; if (rmdirr(Yii::app()->getConfig('usertemplaterootdir') . "/" . $templatename) == true) { $surveys = Survey::model()->findAllByAttributes(array('template' => $templatename)); foreach ($surveys as $s) { $s->template = Yii::app()->getConfig('defaulttemplate'); $s->save(); } Template::model()->deleteAllByAttributes(array('folder' => $templatename)); Templates_rights::model()->deleteAllByAttributes(array('folder' => $templatename)); Yii::app()->session['flashmessage'] = sprintf($clang->gT("Template '%s' was successfully deleted."), $templatename); } else { Yii::app()->session['flashmessage'] = sprintf($clang->gT("There was a problem deleting the template '%s'. Please check your directory/file permissions."), $templatename); } } // Redirect with default templatename, editfile and screenname $this->getController()->redirect($this->getController()->createUrl("admin/templates/view")); }