public function addUser($user_id) { // First, load current users for event $this->getUsers(); // Return if user already in event if (isset($this->_users[$user_id])) { return $this; } // Next, check that the requested user actually exists if (!UserLoader::exists($user_id)) { throw new \Exception("The specified user_id ({$user_id}) does not exist."); } // Ok, add to the list of users $this->_users[$user_id] = UserLoader::fetch($user_id); return $this; }
public function getUsers() { //Get connected and load the group_user table $db = static::connection(); $link_table = static::getTable('group_user')->name; $sqlVars[":id"] = $this->_id; $query = "\n SELECT user_id FROM `{$link_table}`\n WHERE group_id = :id"; $stmt = $db->prepare($query); $stmt->execute($sqlVars); //Get the array of users in this group $users_array = []; while ($user_id = $stmt->fetch(\PDO::FETCH_ASSOC)) { $users_array[] = UserLoader::fetch($user_id['user_id']); } return $users_array; }
/** * Processes the request to delete an existing user. * * Deletes the specified user, removing associations with any groups and any user-specific authorization rules. * Before doing so, checks that: * 1. You are not trying to delete the master account; * 2. You have permission to delete user user accounts. * This route requires authentication (and should generally be limited to admins or the root user). * Request type: POST * @param int $user_id the id of the user to delete. */ public function deleteUser($user_id) { $post = $this->_app->request->post(); // Get the target user $target_user = UserLoader::fetch($user_id); // Get the alert message stream $ms = $this->_app->alerts; // Check authorization if (!$this->_app->user->checkAccess('delete_account', ['user' => $target_user])) { $ms->addMessageTranslated("danger", "ACCESS_DENIED"); $this->_app->halt(403); } // Check that we are not disabling the master account if ($target_user->id == $this->_app->config('user_id_master')) { $ms->addMessageTranslated("danger", "ACCOUNT_DELETE_MASTER"); $this->_app->halt(403); } $ms->addMessageTranslated("success", "ACCOUNT_DELETION_SUCCESSFUL", ["user_name" => $target_user->user_name]); $target_user->delete(); unset($target_user); }
public function resendActivation() { $data = $this->_app->request->post(); // Load the request schema $requestSchema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/resend-activation.json"); // Get the alert message stream $ms = $this->_app->alerts; // Set up Fortress to validate the request $rf = new \Fortress\HTTPRequestFortress($ms, $requestSchema, $data); // Validate if (!$rf->validate()) { $this->_app->halt(400); } // Check that the username exists if (!UserLoader::exists($data['user_name'], 'user_name')) { $ms->addMessageTranslated("danger", "ACCOUNT_INVALID_USERNAME"); $this->_app->halt(400); } // Load the user, by username $user = UserLoader::fetch($data['user_name'], 'user_name'); // Check that the specified email is correct if ($user->email != $data['email']) { $ms->addMessageTranslated("danger", "ACCOUNT_USER_OR_EMAIL_INVALID"); $this->_app->halt(400); } // Check if user's account is already active if ($user->active == "1") { $ms->addMessageTranslated("danger", "ACCOUNT_ALREADY_ACTIVE"); $this->_app->halt(400); } // Check the time since the last activation request $current_time = new \DateTime("now"); $last_request_time = new \DateTime($user->last_activation_request); $time_since_last_request = $current_time->getTimestamp() - $last_request_time->getTimestamp(); // If an activation request has been sent too recently, they must wait if ($time_since_last_request < $this->_app->site->resend_activation_threshold || $time_since_last_request < 0) { $ms->addMessageTranslated("danger", "ACCOUNT_LINK_ALREADY_SENT", ["resend_activation_threshold" => $this->_app->site->resend_activation_threshold]); $this->_app->halt(429); // "Too many requests" code (http://tools.ietf.org/html/rfc6585#section-4) } // We're good to go - create a new activation token and send the email $user->activation_token = UserLoader::generateActivationToken(); $user->last_activation_request = date("Y-m-d H:i:s"); $user->lost_password_timestamp = date("Y-m-d H:i:s"); // Email the user $mail = new \PHPMailer(); $mail->From = $this->_app->site->admin_email; $mail->FromName = $this->_app->site->site_title; $mail->addAddress($user->email); // Add a recipient $mail->addReplyTo($this->_app->site->admin_email, $this->_app->site->site_title); $mail->Subject = $this->_app->site->site_title . " - activate your account"; $mail->Body = $this->_app->view()->render("common/mail/resend-activation.html", ["user" => $user, "activation_token" => $user->activation_token]); $mail->isHTML(true); // Set email format to HTML if (!$mail->send()) { $ms->addMessageTranslated("danger", "MAIL_ERROR"); error_log('Mailer Error: ' . $mail->ErrorInfo); $this->_app->halt(500); } $user->store(); $ms->addMessageTranslated("success", "ACCOUNT_NEW_ACTIVATION_SENT"); }
/** * Processes a request to resend the activation email for a new user account. * * Processes the request from the resend activation email form, checking that: * 1. The provided username is associated with an existing user account; * 2. The provided email matches the user account; * 3. The user account is not already active; * 4. A request to resend the activation link wasn't already processed in the last X seconds (specified in site settings) * 5. The submitted data is valid. * This route is "public access". * Request type: POST * @todo Again, just like with password reset - do we really need to get the user's user_name to do this? */ public function resendActivation() { $data = $this->_app->request->post(); // Load the request schema $requestSchema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/resend-activation.json"); // Get the alert message stream $ms = $this->_app->alerts; // Set up Fortress to validate the request $rf = new \Fortress\HTTPRequestFortress($ms, $requestSchema, $data); // Validate if (!$rf->validate()) { $this->_app->halt(400); } // Check that the username exists if (!UserLoader::exists($data['user_name'], 'user_name')) { $ms->addMessageTranslated("danger", "ACCOUNT_INVALID_USERNAME"); $this->_app->halt(400); } // Load the user, by username $user = UserLoader::fetch($data['user_name'], 'user_name'); // Check that the specified email is correct if (strtolower($user->email) != strtolower($data['email'])) { $ms->addMessageTranslated("danger", "ACCOUNT_USER_OR_EMAIL_INVALID"); $this->_app->halt(400); } // Check if user's account is already active if ($user->flag_verified == "1") { $ms->addMessageTranslated("danger", "ACCOUNT_ALREADY_ACTIVE"); $this->_app->halt(400); } // Get the most recent account verification request time $last_verification_request_time = $user->lastEventTime('verification_request'); $last_verification_request_time = $last_verification_request_time ? $last_verification_request_time : "0000-00-00 00:00:00"; // Check the time since the last activation request $current_time = new \DateTime("now"); $last_verification_request_datetime = new \DateTime($last_verification_request_time); $time_since_last_request = $current_time->getTimestamp() - $last_verification_request_datetime->getTimestamp(); // If an activation request has been sent too recently, they must wait if ($time_since_last_request < $this->_app->site->resend_activation_threshold || $time_since_last_request < 0) { $ms->addMessageTranslated("danger", "ACCOUNT_LINK_ALREADY_SENT", ["resend_activation_threshold" => $this->_app->site->resend_activation_threshold]); $this->_app->halt(429); // "Too many requests" code (http://tools.ietf.org/html/rfc6585#section-4) } // We're good to go - create a new verification request and send the email $user->newEventVerificationRequest(); // Email the user $twig = $this->_app->view()->getEnvironment(); $template = $twig->loadTemplate("mail/resend-activation.twig"); $notification = new Notification($template); $notification->fromWebsite(); // Automatically sets sender and reply-to $notification->addEmailRecipient($user->email, $user->display_name, ["user" => $user, "secret_token" => $user->secret_token]); try { $notification->send(); } catch (\Exception\phpmailerException $e) { $ms->addMessageTranslated("danger", "MAIL_ERROR"); error_log('Mailer Error: ' . $e->errorMessage()); $this->_app->halt(500); } $user->save(); $ms->addMessageTranslated("success", "ACCOUNT_NEW_ACTIVATION_SENT"); }