/** * AJAX backend for saving data on the fly * * @param mixed $handler_id The ID of the handler. * @param Array $args The argument list. * @param Array &$data The local request data. * @return boolean Indicating success. */ public function _handler_ajax($handler_id, array $args, array &$data) { $this->_person = new midcom_db_person(midcom_connection::get_user()); // Check for the ACL's $this->_person->require_do('midgard:update'); // Patch for Midgard ACL problem of setting person's own parameters midcom::get('auth')->request_sudo('midgard.admin.asgard'); foreach ($_POST as $key => $value) { if (is_array($value)) { $value = serialize($value); } if (!$this->_person->set_parameter('midgard.admin.asgard:preferences', $key, $value)) { $this->_status = false; midcom::get('uimessages')->add(midcom::get('i18n')->get_string('midgard.admin.asgard', 'midgard.admin.asgard'), sprintf(midcom::get('i18n')->get_string('failed to save the preference for %s', 'midgard.admin.asgard'), midcom::get('i18n')->get_string($key, 'midgard.admin.asgard'))); } debug_add("Added configuration key-value pair {$key} => {$value}"); } midcom::get('auth')->drop_sudo(); }
/** * Helper function to record failed login attempts and disable account is necessary * * @param string $component the component we take the config values from * @return boolean True if further login attempts are allowed, false otherwise */ public function check_login_attempts($component = null) { $stat = true; if (is_null($component)) { $component = "org.openpsa.user"; } //max-attempts allowed & timeframe $max_attempts = midcom_baseclasses_components_configuration::get($component, 'config')->get('max_password_attempts'); $timeframe = midcom_baseclasses_components_configuration::get($component, 'config')->get('password_block_timeframe_min'); if ($max_attempts == 0 || $timeframe == 0) { return $stat; } midcom::get('auth')->request_sudo('org.openpsa.user'); $attempts = $this->_person->get_parameter("org_openpsa_user_password", "attempts"); if (!empty($attempts)) { $attempts = unserialize($attempts); if (is_array($attempts)) { $attempts = array_slice($attempts, 0, $max_attempts - 1); } } if (!is_array($attempts)) { $attempts = array(); } array_unshift($attempts, time()); /* * If the maximum number of attemps is reached and the oldest attempt * on the stack is within our defined timeframe, we block the account */ if (sizeof($attempts) >= $max_attempts && $attempts[$max_attempts - 1] >= time() - $timeframe * 60) { $this->disable_account(); $stat = false; } $attempts = serialize($attempts); $this->_person->set_parameter("org_openpsa_user_password", "attempts", $attempts); midcom::get('auth')->drop_sudo(); return $stat; }
/** * Internal helper for processing the batch change of passwords */ private function _process_batch_change() { // Set the mail commo parts $mail = new org_openpsa_mail(); $mail->from = $this->_config->get('message_sender'); $mail->encoding = 'UTF-8'; // Success switch $success = true; // Get the context prefix $prefix = midcom_core_context::get()->get_key(MIDCOM_CONTEXT_ANCHORPREFIX); // Change every user or continue to next on failure - failures will show UI messages foreach ($_POST['midcom_admin_user'] as $id) { try { $person = new midcom_db_person($id); } catch (midcom_error $e) { midcom::get('uimessages')->add($this->_l10n->get('midcom.admin.user'), sprintf($this->_l10n->get('failed to get the user with id %s'), $id), 'error'); $success = false; continue; } // This shortcut is used in case of errors $person_edit_url = "<a href=\"{$prefix}__mfa/asgard_midcom.admin.user/edit/{$person->guid}\">{$person->name}</a>"; // Cannot send the email if address is not specified if (!$person->email) { midcom::get('uimessages')->add($this->_l10n->get('midcom.admin.user'), sprintf($this->_l10n->get('no email address defined for %s'), $person_edit_url), 'error'); continue; } // Recipient $mail->to = $person->email; // Store the old password $person->set_parameter('midcom.admin.user', 'old_password', $person->password); // Get a new password $password = midcom_admin_user_plugin::generate_password(8); $mail->body = $_POST['body']; $mail->subject = $_POST['subject']; $mail->parameters = array('PASSWORD' => $password, 'FROM' => $this->_config->get('message_sender'), 'LONGDATE' => strftime('%c'), 'SHORTDATE' => strftime('%x'), 'TIME' => strftime('%X'), 'PERSON' => $person); // Send the message if ($mail->send()) { // Set the password $person->password = "******"; if (!$person->update()) { midcom::get('uimessages')->add($this->_l10n->get('midcom.admin.user'), sprintf($this->_l10n->get('failed to update the password for %s'), $person_edit_url)); $success = false; } } else { throw new midcom_error("Failed to send the mail, SMTP returned error " . $mail->get_error_message()); } } // Show UI message on success if ($success) { midcom::get('uimessages')->add($this->_l10n->get('midcom.admin.user'), $this->_l10n->get('passwords updated and mail sent')); } }
$pos = $_COOKIE['midcom_services_toolbars_position']; $pos = explode('_', $pos); $x = $pos[0]; $y = $pos[1]; } break; case 'session': $session = new midcom_services_session('midcom.services.toolbars'); $x = $session->get('position_x'); $y = $session->get('position_y'); break; } echo "{$x},{$y}"; _midcom_stop_request(); } // Interface for storing the toolbar position switch ($GLOBALS['midcom_config']['toolbars_position_storagemode']) { case 'parameter': $person = new midcom_db_person(midcom::get('auth')->user); $person->set_parameter('midcom.services.toolbars', 'position_x', $_REQUEST['position_x']); $person->set_parameter('midcom.services.toolbars', 'position_y', $_REQUEST['position_y']); break; case 'cookie': _midcom_setcookie('midcom_services_toolbars_position', $_REQUEST['position_x'] . '_' . $_REQUEST['position_y'], time() + 30 * 24 * 3600, midcom_connection::get_url('self')); break; case 'session': $session = new midcom_services_session('midcom.services.toolbars'); $session->set('position_x', $_REQUEST['position_x']); $session->set('position_y', $_REQUEST['position_y']); break; }