public function process(\w2p_Core_CAppUI $AppUI, array $myArray) { if (!$this->object->bind($myArray)) { $AppUI->setMsg($this->object->getError(), UI_MSG_ERROR); $this->resultPath = $this->errorPath; return $AppUI; } /** * The nonce validation only throws a warning as of v3.1 so that we don't break anyone's forms. As of v4.0 * this validation will be turned on and any form processing using this controller will have to include * the __nonce field. See http://wiki.web2project.net/index.php?title=Security_Nonce for more details. */ if ('' != $AppUI->__nonce && $AppUI->__nonce != $myArray['__nonce']) { error_log("Your submission is missing the CSRF nonce. Please see http://wiki.web2project.net/index.php?title=Security_Nonce for details."); // $AppUI->setMsg("There was an error processing the form. Please submit again.", UI_MSG_ERROR); // $AppUI->holdObject($this->object); // $this->resultPath = $this->errorPath; // return $AppUI; } $action = $this->delete ? 'deleted' : 'stored'; $this->success = $this->delete ? $this->object->delete() : $this->object->store(); if ($this->success) { $AppUI->setMsg($this->prefix . ' ' . $action, UI_MSG_OK, true); $this->resultPath = $this->successPath; } else { $AppUI->holdObject($this->object); $AppUI->setMsg($this->object->getError(), UI_MSG_ERROR); $this->resultPath = $this->errorPath; } return $AppUI; }
public function process(\w2p_Core_CAppUI $AppUI, array $myArray) { if (!canEdit('users')) { $this->resultPath = ACCESS_DENIED; return $AppUI; } $action = $this->delete ? 'deleted' : 'stored'; $this->success = $this->delete ? $this->object->del_acl((int) $myArray['permission_id']) : $this->object->addUserPermission(); if ($this->success) { $AppUI->setMsg($this->prefix . ' ' . $action, UI_MSG_OK, true); $this->resultPath = $this->successPath; $this->object->recalcPermissions(null, (int) $myArray['permission_user']); } else { $AppUI->setMsg($this->object->getError(), UI_MSG_ERROR); $this->resultPath = $this->errorPath; $AppUI->holdObject($this->object); } return $AppUI; }
} $username = w2PgetParam($_POST, 'user_username', 0); $username = preg_replace("/[^A-Za-z0-9]/", "", $username); $user = new CAdmin_User(); $result = $user->loadAll(null, "user_username = '******'"); if (count($result)) { header('Location: newuser.php?msg=existing-user'); } $email = w2PgetParam($_POST, 'contact_email', 0); $contact = new CContact(); $result = $contact->loadAll(null, "contact_email = '{$email}'"); if (count($result)) { header('Location: newuser.php?msg=existing-email'); } if (!$user->bind($_POST)) { $AppUI->setMsg($user->getError(), UI_MSG_ERROR); header('Location: newuser.php?msg=user'); } if (!$contact->bind($_POST)) { $AppUI->setMsg($contact->getError(), UI_MSG_ERROR); header('Location: newuser.php?msg=contact'); } $result = $contact->store(); if (count($contact->getError())) { header('Location: newuser.php?msg=contact'); } else { $user->user_contact = $contact->contact_id; $result = $user->store(null, true); if (count($user->getError())) { header('Location: newuser.php?msg=user'); } else {
$contactListByUsername = CContact::getContactByUsername($username); if ($contactListByUsername != 'User Not Found') { error_reporting(0); echo "<script language='javascript'>\n alert('The username you selected already exists, please select another or if that user name is yours request the password recovery through the dedicated link.');\n history.go(-2);\n </script>"; die; } $email = w2PgetParam($_POST, 'contact_email', 0); $contactListByEmail = CContact::getContactByEmail($email); if ($contactListByEmail != 'User Not Found') { error_reporting(0); echo "<script language='javascript'>\n alert('The email you selected already exists, please select another or if that email is yours request the password recovery through the dedicated link.');\n history.go(-2);\n </script>"; die; } $user = new CUser(); if (!$user->bind($_POST)) { $AppUI->setMsg($user->getError(), UI_MSG_ERROR); $AppUI->redirect(); } $contact = new CContact(); if (!$contact->bind($_POST)) { $AppUI->setMsg($contact->getError(), UI_MSG_ERROR); $AppUI->redirect(); } // prepare (and translate) the module name ready for the suffix $AppUI->setMsg('User'); $isNewUser = !w2PgetParam($_REQUEST, 'user_id', 0); if ($isNewUser) { // check if a user with the param Username already exists if (is_array($contactListByUsername)) { $AppUI->setMsg('This username is not available, please try another.', UI_MSG_ERROR, true); $AppUI->redirect();
$AppUI = new w2p_Core_CAppUI(); $updatekey = w2PgetParam($_GET, 'updatekey', 0); $updatekey = preg_replace("/[^A-Za-z0-9]/", "", $updatekey); $contact_id = CContact::getContactByUpdatekey($updatekey); $company_id = intval(w2PgetParam($_REQUEST, 'company_id', 0)); $company_name = w2PgetParam($_REQUEST, 'company_name', null); // check permissions for this record if (!$contact_id) { echo $AppUI->_('You are not authorized to use this page. If you should be authorized please contact') . ' ' . $w2Pconfig['company_name'] . ' ' . $AppUI->_('to give you another valid link, thank you.'); exit; } // load the record data $msg = ''; $row = new CContact(); if (!$row->load($contact_id) && $contact_id > 0) { $AppUI->setMsg('Contact'); $AppUI->setMsg('invalidID', UI_MSG_ERROR, true); $AppUI->redirect(); } else { //TODO: replace with the proper canEdit() if ($row->contact_private && $row->contact_owner != $AppUI->user_id && $row->contact_owner && $contact_id != 0) { // check only owner can edit $AppUI->redirect(ACCESS_DENIED); } } // setup the title block $ttl = $contact_id > 0 ? 'Edit Contact' : 'Add Contact'; $company_detail = $row->getCompanyDetails(); $dept_detail = $row->getDepartmentDetails(); if ($contact_id == 0 && $company_id > 0) { $company_detail['company_id'] = $company_id;
$msg = 'The username you selected already exists, please select another or if that user name is yours request the password recovery through the dedicated link.'; break; case 'existing-email': $msg = 'The email you selected already exists, please select another or if that email is yours request the password recovery through the dedicated link.'; break; case 'user': case 'contact': $msg = "There was an error creating your {$msg}. No further information is available at this time."; break; case 'ok': $msg = 'The User Administrator has been notified to grant you access to the system and an email message was sent to you with your login info. Thank you very much.'; break; default: $msg = 'No clue what you just tried, but stop it.'; } $AppUI->setMsg($msg, UI_MSG_ERROR); // Can not load the passwordstrength.js file via AppUI->addJavascriptFile() // because AppUI->loadFooterJS() is never called... ?> <script type="text/javascript" src="<?php echo W2P_BASE_URL; ?> /js/passwordstrength.js"></script> <script language="javascript"> function submitIt(){ var form = document.editFrm; if (form.user_username.value.length < <?php echo w2PgetConfig('username_min_len'); ?> ) { alert("<?php