public function addUser($user_id)
{
// First, load current users for event
$this->getUsers();
// Return if user already in event
if (isset($this->_users[$user_id])) {
return $this;
}
// Next, check that the requested user actually exists
if (!UserLoader::exists($user_id)) {
throw new \Exception("The specified user_id ({$user_id}) does not exist.");
}
// Ok, add to the list of users
$this->_users[$user_id] = UserLoader::fetch($user_id);
return $this;
}
public function getUsers()
{
//Get connected and load the group_user table
$db = static::connection();
$link_table = static::getTable('group_user')->name;
$sqlVars[":id"] = $this->_id;
$query = "\n SELECT user_id FROM `{$link_table}`\n WHERE group_id = :id";
$stmt = $db->prepare($query);
$stmt->execute($sqlVars);
//Get the array of users in this group
$users_array = [];
while ($user_id = $stmt->fetch(\PDO::FETCH_ASSOC)) {
$users_array[] = UserLoader::fetch($user_id['user_id']);
}
return $users_array;
}
/**
* Processes the request to delete an existing user.
*
* Deletes the specified user, removing associations with any groups and any user-specific authorization rules.
* Before doing so, checks that:
* 1. You are not trying to delete the master account;
* 2. You have permission to delete user user accounts.
* This route requires authentication (and should generally be limited to admins or the root user).
* Request type: POST
* @param int $user_id the id of the user to delete.
*/
public function deleteUser($user_id)
{
$post = $this->_app->request->post();
// Get the target user
$target_user = UserLoader::fetch($user_id);
// Get the alert message stream
$ms = $this->_app->alerts;
// Check authorization
if (!$this->_app->user->checkAccess('delete_account', ['user' => $target_user])) {
$ms->addMessageTranslated("danger", "ACCESS_DENIED");
$this->_app->halt(403);
}
// Check that we are not disabling the master account
if ($target_user->id == $this->_app->config('user_id_master')) {
$ms->addMessageTranslated("danger", "ACCOUNT_DELETE_MASTER");
$this->_app->halt(403);
}
$ms->addMessageTranslated("success", "ACCOUNT_DELETION_SUCCESSFUL", ["user_name" => $target_user->user_name]);
$target_user->delete();
unset($target_user);
}
public function resendActivation()
{
$data = $this->_app->request->post();
// Load the request schema
$requestSchema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/resend-activation.json");
// Get the alert message stream
$ms = $this->_app->alerts;
// Set up Fortress to validate the request
$rf = new \Fortress\HTTPRequestFortress($ms, $requestSchema, $data);
// Validate
if (!$rf->validate()) {
$this->_app->halt(400);
}
// Check that the username exists
if (!UserLoader::exists($data['user_name'], 'user_name')) {
$ms->addMessageTranslated("danger", "ACCOUNT_INVALID_USERNAME");
$this->_app->halt(400);
}
// Load the user, by username
$user = UserLoader::fetch($data['user_name'], 'user_name');
// Check that the specified email is correct
if ($user->email != $data['email']) {
$ms->addMessageTranslated("danger", "ACCOUNT_USER_OR_EMAIL_INVALID");
$this->_app->halt(400);
}
// Check if user's account is already active
if ($user->active == "1") {
$ms->addMessageTranslated("danger", "ACCOUNT_ALREADY_ACTIVE");
$this->_app->halt(400);
}
// Check the time since the last activation request
$current_time = new \DateTime("now");
$last_request_time = new \DateTime($user->last_activation_request);
$time_since_last_request = $current_time->getTimestamp() - $last_request_time->getTimestamp();
// If an activation request has been sent too recently, they must wait
if ($time_since_last_request < $this->_app->site->resend_activation_threshold || $time_since_last_request < 0) {
$ms->addMessageTranslated("danger", "ACCOUNT_LINK_ALREADY_SENT", ["resend_activation_threshold" => $this->_app->site->resend_activation_threshold]);
$this->_app->halt(429);
// "Too many requests" code (http://tools.ietf.org/html/rfc6585#section-4)
}
// We're good to go - create a new activation token and send the email
$user->activation_token = UserLoader::generateActivationToken();
$user->last_activation_request = date("Y-m-d H:i:s");
$user->lost_password_timestamp = date("Y-m-d H:i:s");
// Email the user
$mail = new \PHPMailer();
$mail->From = $this->_app->site->admin_email;
$mail->FromName = $this->_app->site->site_title;
$mail->addAddress($user->email);
// Add a recipient
$mail->addReplyTo($this->_app->site->admin_email, $this->_app->site->site_title);
$mail->Subject = $this->_app->site->site_title . " - activate your account";
$mail->Body = $this->_app->view()->render("common/mail/resend-activation.html", ["user" => $user, "activation_token" => $user->activation_token]);
$mail->isHTML(true);
// Set email format to HTML
if (!$mail->send()) {
$ms->addMessageTranslated("danger", "MAIL_ERROR");
error_log('Mailer Error: ' . $mail->ErrorInfo);
$this->_app->halt(500);
}
$user->store();
$ms->addMessageTranslated("success", "ACCOUNT_NEW_ACTIVATION_SENT");
}
/**
* Processes a request to resend the activation email for a new user account.
*
* Processes the request from the resend activation email form, checking that:
* 1. The provided username is associated with an existing user account;
* 2. The provided email matches the user account;
* 3. The user account is not already active;
* 4. A request to resend the activation link wasn't already processed in the last X seconds (specified in site settings)
* 5. The submitted data is valid.
* This route is "public access".
* Request type: POST
* @todo Again, just like with password reset - do we really need to get the user's user_name to do this?
*/
public function resendActivation()
{
$data = $this->_app->request->post();
// Load the request schema
$requestSchema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/resend-activation.json");
// Get the alert message stream
$ms = $this->_app->alerts;
// Set up Fortress to validate the request
$rf = new \Fortress\HTTPRequestFortress($ms, $requestSchema, $data);
// Validate
if (!$rf->validate()) {
$this->_app->halt(400);
}
// Check that the username exists
if (!UserLoader::exists($data['user_name'], 'user_name')) {
$ms->addMessageTranslated("danger", "ACCOUNT_INVALID_USERNAME");
$this->_app->halt(400);
}
// Load the user, by username
$user = UserLoader::fetch($data['user_name'], 'user_name');
// Check that the specified email is correct
if (strtolower($user->email) != strtolower($data['email'])) {
$ms->addMessageTranslated("danger", "ACCOUNT_USER_OR_EMAIL_INVALID");
$this->_app->halt(400);
}
// Check if user's account is already active
if ($user->flag_verified == "1") {
$ms->addMessageTranslated("danger", "ACCOUNT_ALREADY_ACTIVE");
$this->_app->halt(400);
}
// Get the most recent account verification request time
$last_verification_request_time = $user->lastEventTime('verification_request');
$last_verification_request_time = $last_verification_request_time ? $last_verification_request_time : "0000-00-00 00:00:00";
// Check the time since the last activation request
$current_time = new \DateTime("now");
$last_verification_request_datetime = new \DateTime($last_verification_request_time);
$time_since_last_request = $current_time->getTimestamp() - $last_verification_request_datetime->getTimestamp();
// If an activation request has been sent too recently, they must wait
if ($time_since_last_request < $this->_app->site->resend_activation_threshold || $time_since_last_request < 0) {
$ms->addMessageTranslated("danger", "ACCOUNT_LINK_ALREADY_SENT", ["resend_activation_threshold" => $this->_app->site->resend_activation_threshold]);
$this->_app->halt(429);
// "Too many requests" code (http://tools.ietf.org/html/rfc6585#section-4)
}
// We're good to go - create a new verification request and send the email
$user->newEventVerificationRequest();
// Email the user
$twig = $this->_app->view()->getEnvironment();
$template = $twig->loadTemplate("mail/resend-activation.twig");
$notification = new Notification($template);
$notification->fromWebsite();
// Automatically sets sender and reply-to
$notification->addEmailRecipient($user->email, $user->display_name, ["user" => $user, "secret_token" => $user->secret_token]);
try {
$notification->send();
} catch (\Exception\phpmailerException $e) {
$ms->addMessageTranslated("danger", "MAIL_ERROR");
error_log('Mailer Error: ' . $e->errorMessage());
$this->_app->halt(500);
}
$user->save();
$ms->addMessageTranslated("success", "ACCOUNT_NEW_ACTIVATION_SENT");
}
