Exemplo n.º 1
0
function restore_users($users, $cours_user, $departments, $restoreHelper) {
    global $tool_content, $langRestoreUserExists, $langRestoreUserNew, $uid;

    $userid_map = array();
    if ($_POST['add_users'] == 'none') {
        // find the 1st teacher (oldid)
        foreach ($cours_user as $cudata) {
            if (intval($cudata[$restoreHelper->getField('course_user', 'status')]) === USER_TEACHER) {
                $old_id = $cudata['user_id'];
                $userid_map[$old_id] = $uid;
                break;
            }
        }
        return $userid_map;
    }

    if ($_POST['add_users'] == 'prof') {
        $add_only_profs = true;
        foreach ($cours_user as $cu_info) {
            $is_prof[$cu_info['user_id']] = ($cu_info[$restoreHelper->getField('course_user', 'status')] == 1);
        }
    } else {
        $add_only_profs = false;
    }

    require_once 'include/lib/user.class.php';
    foreach ($users as $data) {
        if ($add_only_profs and !$is_prof[$data[$restoreHelper->getField('user', 'id')]]) {
            continue;
        }
        $u = Database::get()->querySingle("SELECT * FROM user WHERE BINARY username = ?s", $data['username']);
        if ($u) {
            $userid_map[$data[$restoreHelper->getField('user', 'id')]] = $u->id;
            $tool_content .= "<div class='alert alert-info'>" .
                sprintf($langRestoreUserExists,
                    '<b>' . q($data['username']) . '</b>',
                    '<i>' . q(trim($u->givenname . ' ' . $u->surname)) . '</i>',
                    '<i>' . q(trim($data[$restoreHelper->getField('user', 'givenname')] .
                        ' ' . $data[$restoreHelper->getField('user', 'surname')])) . '</i>') .
                "</div>\n";
        } elseif (isset($_POST['create_users'])) {
            $now = date('Y-m-d H:i:s', time());
            $user_id = Database::get()->query("INSERT INTO user SET surname = ?s, "
                . "givenname = ?s, username = ?s, password = ?s, email = ?s, status = ?d, phone = ?s, "
                . "registered_at = ?t, expires_at = ?t",
                (isset($data[$restoreHelper->getField('user', 'surname')])) ? $data[$restoreHelper->getField('user', 'surname')] : '',
                (isset($data[$restoreHelper->getField('user', 'givenname')])) ? $data[$restoreHelper->getField('user', 'givenname')] : '',
                $data['username'],
                isset($data['password'])? $data['password']: '******',
                isset($data['email'])? $data['email']: '',
                intval($data[$restoreHelper->getField('course_user', 'status')]),
                isset($data['phone'])? $data['phone']: '',
                $now,
                date('Y-m-d H:i:s', time() + get_config('account_duration')))->lastInsertID;
            $userid_map[$data[$restoreHelper->getField('user', 'id')]] = $user_id;
            $user = new User();
            $user->refresh($user_id, $departments);
            user_hook($user_id);
            $tool_content .= "<div class='alert alert-info'>" .
                sprintf($langRestoreUserNew,
                    '<b>' . q($data['username']) . '</b>',
                    '<i>' . q($data[$restoreHelper->getField('user', 'givenname')] .
                        ' ' . $data[$restoreHelper->getField('user', 'surname')]) . '</i>') .
                "</div>\n";
        }
    }
    return $userid_map;
}
Exemplo n.º 2
0
            $q1 = Database::get()->query("INSERT INTO user (surname, givenname, username, password, email,
                    status, am, phone, registered_at, expires_at,
                    lang, verified_mail, whitelist, description)
                    VALUES (?s, ?s, ?s, '$password_encrypted', ?s, " . USER_STUDENT . ", ?s, ?s, " . DBHelper::timeAfter() . ",
                                  " . DBHelper::timeAfter(get_config('account_duration')) . ", ?s, $verified_mail, '', '')",
                    $surname_form, $givenname_form, $uname, $email, $am, $phone, $language);
            if ($q1) {
                Database::get()->query('INSERT INTO user_ext_uid
                    SET user_id = ?d, auth_id = ?d, uid = ?s',
                    $q1->lastInsertID, $auth, $user_data->identifier);
            }
        }

        $last_id = $q1->lastInsertID;
        $userObj->refresh($last_id, $departments);
        user_hook($last_id);
        
        //fill custom profile fields
        process_profile_fields_data(array('uid' => $last_id, 'origin' => 'student_register'));
        
        if ($vmail) {
            $hmac = token_generate($uname . $email . $last_id);
        }

        $emailsubject = "$langYourReg $siteName";
        $telephone = get_config('phone');
        $administratorName = get_config('admin_name');
        $emailhelpdesk = get_config('email_helpdesk');
        $emailbody = "$langDestination $givenname_form $surname_form\n" .
                "$langYouAreReg $siteName $langSettings $uname\n" .
                "$langPass: $password\n$langAddress $siteName: " .
Exemplo n.º 3
0
            $olddeps = $user->getDepartmentIds(intval($u));

            foreach ($departments as $depId) {
                if (!in_array($depId, $olddeps)) {
                    validateNode(intval($depId), true);
                }
            }

            foreach ($olddeps as $depId) {
                if (!in_array($depId, $departments)) {
                    validateNode($depId, true);
                }
            }
        }
        $user->refresh(intval($u), $departments);
        user_hook($u);
        $qry = Database::get()->query("UPDATE user SET surname = ?s,
                                givenname = ?s,
                                username = ?s,
                                email = ?s,
                                status = ?d,
                                phone = ?s,
                                expires_at = ?t,
                                am = ?s,
                                verified_mail = ?d,
                                whitelist = ?s
                      WHERE id = ?d", $lname, $fname, $username, $email, $newstatus, $phone, $user_expires_at, $am, $verified_mail, $user_upload_whitelist, $u);
            //update custom profile fields
            $cpf_updated = process_profile_fields_data(array('uid' => $u, 'origin' => 'admin_edit_profile'));
            if ($qry->affectedRows > 0 || $cpf_updated === true) {
                Session::Messages($langSuccessfulUpdate, 'alert-info');
Exemplo n.º 4
0
function create_user($status, $uname, $password, $surname, $givenname, $email, $departments, $am, $phone, $lang, $send_mail, $email_public, $phone_public, $am_public) {
    global $charset, $langAsProf,
    $langYourReg, $siteName, $langDestination, $langYouAreReg,
    $langSettings, $langPass, $langAddress, $langIs, $urlServer,
    $langProblem, $langPassSameAuth,
    $langManager, $langTel, $langEmail,
    $profsuccess, $usersuccess,
    $user, $auth_ids, $auth_methods_form;

    if ($status == 1) {
        $message = $profsuccess;
        $type_message = ' ' . $langAsProf;
    } else {
        $message = $usersuccess;
        $type_message = '';
    }

    if (Database::get()->querySingle('SELECT * FROM user WHERE username = ?s', $uname)) {
        $GLOBALS['error'] = "$GLOBALS[langMultiRegUsernameError] ($uname)";
        return false;
    }
    if (empty($am)) {        
        $am = ' ';
    }
    if (empty($phone)) {
        $phone = ' ';
    }
    
    if ($auth_methods_form != 1) { // other authentication methods
        $password_encrypted = $auth_ids[$auth_methods_form];
        $mail_message = $langPassSameAuth;
    } else {
        $hasher = new PasswordHash(8, false);
        $password_encrypted = $hasher->HashPassword($password);
        $mail_message = $password;
    }
    
    $id = Database::get()->query("INSERT INTO user
                (surname, givenname, username, password, email,
                 status, registered_at, expires_at, lang, am, phone,
                 email_public, phone_public, am_public, description, verified_mail, whitelist)
                VALUES (?s,?s,?s,?s,?s,?d," . DBHelper::timeAfter() . "," . DBHelper::timeAfter(get_config('account_duration')) . ",?s,?s,?s,?d,?d,?d,'',".EMAIL_VERIFIED.",'')"
                    , $surname, $givenname, $uname, $password_encrypted, mb_strtolower(trim($email)), $status, $lang, $am, $phone, $email_public, $phone_public, $am_public)->lastInsertID;
    $user->refresh($id, $departments);
    user_hook($id);
    $telephone = get_config('phone');
    $administratorName = get_config('admin_name');
    $emailhelpdesk = get_config('email_helpdesk');
    $emailsubject = "$langYourReg $siteName $type_message"; 
    $emailbody = "
$langDestination $givenname $surname

$langYouAreReg $siteName$type_message $langSettings $uname
$langPass : $mail_message
$langAddress $siteName $langIs: $urlServer
$langProblem

$administratorName
$langManager: $siteName
$langTel: $telephone
$langEmail: $emailhelpdesk
";    
    if ($send_mail) {
        send_mail('', '', '', $email, $emailsubject, $emailbody, $charset);
    }

    return array($id, $surname, $givenname, $email, $phone, $am, $uname, $password);
}
Exemplo n.º 5
0
            'submit' => true));

        if ($auth_form == 1) { // eclass authentication
            validateNode(intval($depid), isDepartmentAdmin());
            $hasher = new PasswordHash(8, false);
            $password_encrypted = $hasher->HashPassword($_POST['password']);
        } else {
            $password_encrypted = $auth_ids[$_POST['auth_form']];
        }
        $uid = Database::get()->query("INSERT INTO user
                (surname, givenname, username, password, email, status, phone, am, registered_at, expires_at, lang, description, verified_mail, whitelist)
                VALUES (?s, ?s, ?s, ?s, ?s, ?d, ?s, ?s, " . DBHelper::timeAfter() . ", " .
                        DBHelper::timeAfter(get_config('account_duration')) . ", ?s, '', ?s, '')",
             $surname_form, $givenname_form, $uname_form, $password_encrypted, $email_form, $pstatus, $phone_form, $am_form, $language_form, $verified_mail)->lastInsertID;
        $user->refresh($uid, array(intval($depid)));
        user_hook($uid);
        //process custom profile fields values
        process_profile_fields_data(array('uid' => $uid));
        
        // close request if needed
        if (!empty($rid)) {
            $rid = intval($rid);
            Database::get()->query("UPDATE user_request set state = 2, date_closed = NOW() WHERE id = ?d", $rid);
        }

        if ($pstatus == 1) {
            $message = $profsuccess;
            $reqtype = '';
            $type_message = $langAsProf;
        } else {
            $message = $usersuccess;
Exemplo n.º 6
0
function shib_cas_login($type) {
    global $surname, $givenname, $email, $status, $language, $session,
        $urlServer, $is_admin, $is_power_user, $is_usermanage_user,
        $is_departmentmanage_user, $langUserAltAuth, $langRegistrationDenied;

    $alt_auth_stud_reg = get_config('alt_auth_stud_reg');

    if ($alt_auth_stud_reg == 2) {
        $autoregister = TRUE;
    } else {
        $autoregister = FALSE;
    }

    if ($type == 'shibboleth') {
        $uname = $_SESSION['shib_uname'];
        $email = $_SESSION['shib_email'];
        $shib_surname = $_SESSION['shib_surname'];
        $shibsettings = Database::get()->querySingle("SELECT auth_settings FROM auth WHERE auth_id = 6");
        if ($shibsettings) {
            if ($shibsettings->auth_settings != 'shibboleth' and $shibsettings->auth_settings != '') {
                $shibseparator = $shibsettings->auth_settings;
            }
            if (strpos($shib_surname, $shibseparator)) {
                $temp = explode($shibseparator, $shib_surname);
                $givenname = $temp[0];
                $surname = $temp[1];
            }
        }
    } elseif ($type == 'cas') {
        $uname = $_SESSION['cas_uname'];
        $surname = $_SESSION['cas_surname'];
        $givenname = $_SESSION['cas_givenname'];
        $email = isset($_SESSION['cas_email']) ? $_SESSION['cas_email'] : '';
        $am = isset($_SESSION['cas_userstudentid']) ? $_SESSION['cas_userstudentid'] : '';
    }

    // Attributes passed to login_hook()
    $attributes = array();
    if (isset($_SESSION['cas_attributes'])) {
        foreach ($_SESSION['cas_attributes'] as $name => $value) {
            $attributes[strtolower($name)] = $value;
        }
    }

    // user is authenticated, now let's see if he is registered also in db
    if (get_config('case_insensitive_usernames')) {
        $sqlLogin = "******";
    } else {
        $sqlLogin = "******";
    }
    $info = Database::get()->querySingle("SELECT id, surname, username, password, givenname, status, email, lang, verified_mail
						FROM user WHERE username $sqlLogin", $uname);

    if ($info) {
        // if user found
        if ($info->password != $type) {
            // has different auth method - redirect to home page
            unset($_SESSION['shib_uname']);
            unset($_SESSION['shib_email']);
            unset($_SESSION['shib_surname']);
            unset($_SESSION['cas_uname']);
            unset($_SESSION['cas_email']);
            unset($_SESSION['cas_surname']);
            unset($_SESSION['cas_givenname']);
            unset($_SESSION['cas_userstudentid']);
            Session::Messages($langUserAltAuth, 'alert-danger');
            redirect_to_home_page();
        } else {
            // don't force email address from CAS/Shibboleth.
            // user might prefer a different one
            if (!empty($info->email)) {
                $email = $info->email;
            }

            $userObj = new User();

            $options = login_hook(array(
                'user_id' => $info->id,
                'attributes' => $attributes,
                'status' => $info->status,
                'departments' => $userObj->getDepartmentIds($info->id),
                'am' => $am));

            if (!$options['accept']) {
                foreach (array_keys($_SESSION) as $key) {
                    unset($_SESSION[$key]);
                }
                Session::Messages($langRegistrationDenied, 'alert-warning');
                redirect_to_home_page();
            }

            $status = $options['status'];

            // update user information
            Database::get()->query("UPDATE user SET surname = ?s, givenname = ?s, email = ?s,
                                           status = ?d WHERE id = ?d",
                                        $surname, $givenname, $email, $status, $info->id);

            $userObj->refresh($info->id, $options['departments']);
            user_hook($_SESSION['uid']);

            // check for admin privileges
            $admin_rights = get_admin_rights($info->id);
            if ($admin_rights == ADMIN_USER) {
                $is_active = 1;   // admin user is always active
                $_SESSION['is_admin'] = 1;
                $is_admin = 1;
            } elseif ($admin_rights == POWER_USER) {
                $_SESSION['is_power_user'] = 1;
                $is_power_user = 1;
            } elseif ($admin_rights == USERMANAGE_USER) {
                $_SESSION['is_usermanage_user'] = 1;
                $is_usermanage_user = 1;
            } elseif ($admin_rights == DEPARTMENTMANAGE_USER) {
                $_SESSION['is_departmentmanage_user'] = 1;
                $is_departmentmanage_user = 1;
            }
            $_SESSION['uid'] = $info->id;
            if (isset($_SESSION['langswitch'])) {
                $language = $_SESSION['langswitch'];
            } else {
                $language = $info->lang;
            }
        }
    } elseif ($autoregister and !(get_config('am_required') and empty($am))) {
        // if user not found and autoregister enabled, create user
	    $verified_mail = EMAIL_UNVERIFIED;
    	if (isset($_SESSION['cas_email'])) {
    	    $verified_mail = EMAIL_VERIFIED;
    	} else { // redirect user to mail_verify_change.php
	    	$_SESSION['mail_verification_required'] = 1;
        }

        $options = login_hook(array(
            'user_id' => null,
            'attributes' => $attributes,
            'am' => $am));

        if (!$options['accept']) {
            foreach (array_keys($_SESSION) as $key) {
                unset($_SESSION[$key]);
            }
            Session::Messages($langRegistrationDenied, 'alert-warning');
            redirect_to_home_page();
        }
        $status = $options['status'];
        $_SESSION['uid'] = Database::get()->query("INSERT INTO user
                    SET surname = ?s, givenname = ?s, password = ?s,
                        username = ?s, email = ?s, status = ?d, lang = ?s,
                        am = ?s, verified_mail = ?d,
                        registered_at = " . DBHelper::timeAfter() . ",
                        expires_at = " . DBHelper::timeAfter(get_config('account_duration')) . ",
                        whitelist = ''",
                $surname, $givenname, $type, $uname, $email, $status,
                $language, $options['am'], $verified_mail)->lastInsertID;
        $userObj = new User();
        $userObj->refresh($_SESSION['uid'], $options['departments']);
        user_hook($_SESSION['uid']);
    } else {
        // user not registered, automatic registration disabled
        // redirect to registration screen
        foreach (array_keys($_SESSION) as $key) {
            unset($_SESSION[$key]);
        }
        session_destroy();
        redirect_to_home_page('modules/auth/registration.php');
        exit;
    }

    $_SESSION['uname'] = $uname;
    $_SESSION['surname'] = $surname;
    $_SESSION['givenname'] = $givenname;
    $_SESSION['email'] = $email;
    $_SESSION['status'] = $status;
    //$_SESSION['is_admin'] = $is_admin;
    $_SESSION['shib_user'] = 1; // now we are shibboleth user

    Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action)
					VALUES ($_SESSION[uid], '$_SERVER[REMOTE_ADDR]', " . DBHelper::timeAfter() . ", 'LOGIN')");
    $session->setLoginTimestamp();
    if (get_config('email_verification_required') and
            get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) {
        $_SESSION['mail_verification_required'] = 1;
        // init.php is already loaded so redirect from here
        redirect_to_home_page('modules/auth/mail_verify_change.php');
    }
}