Exemplo n.º 1
1
 private function _send_reset($form)
 {
     $user_name = $form->reset->inputs["name"]->value;
     $user = user::lookup_by_name($user_name);
     if ($user && !empty($user->email)) {
         $user->hash = random::hash();
         $user->save();
         $message = new View("reset_password.html");
         $message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}");
         $message->user = $user;
         Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=UTF-8")->message($message->render())->send();
         log::success("user", t("Password reset email sent for user %name", array("name" => $user->name)));
     } else {
         if (!$user) {
             // Don't include the username here until you're sure that it's XSS safe
             log::warning("user", t("Password reset email requested for user %user_name, which does not exist.", array("user_name" => $user_name)));
         } else {
             log::warning("user", t("Password reset failed for %user_name (has no email address on record).", array("user_name" => $user->name)));
         }
     }
     // Always pretend that an email has been sent to avoid leaking
     // information on what user names are actually real.
     message::success(t("Password reset email sent"));
     json::reply(array("result" => "success"));
 }
Exemplo n.º 2
0
 private function _send_reset()
 {
     $form = $this->_reset_form();
     $valid = $form->validate();
     if ($valid) {
         $user = user::lookup_by_name($form->reset->inputs["name"]->value);
         if (!$user->loaded || empty($user->email)) {
             $form->reset->inputs["name"]->add_error("no_email", 1);
             $valid = false;
         }
     }
     if ($valid) {
         $user->hash = md5(rand());
         $user->save();
         $message = new View("reset_password.html");
         $message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}");
         $message->user = $user;
         Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=iso-8859-1")->message($message->render())->send();
         log::success("user", t("Password reset email sent for user %name", array("name" => $user->name)));
     } else {
         // Don't include the username here until you're sure that it's XSS safe
         log::warning("user", "Password reset email requested for bogus user");
     }
     message::success(t("Password reset email sent"));
     print json_encode(array("result" => "success"));
 }
Exemplo n.º 3
0
 private function _auth($url)
 {
     $form = user::get_login_form($url);
     $valid = $form->validate();
     if ($valid) {
         $user = user::lookup_by_name($form->login->inputs["name"]->value);
         if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) {
             log::warning("user", t("Failed login for %name", array("name" => $form->login->inputs["name"]->value)));
             $form->login->inputs["name"]->add_error("invalid_login", 1);
             $valid = false;
         }
     }
     if ($valid) {
         user::login($user);
         log::info("user", t("User %name logged in", array("name" => $user->name)));
     }
     // Either way, regenerate the session id to avoid session trapping
     Session::instance()->regenerate();
     return array($valid, $form);
 }
Exemplo n.º 4
0
 public function index()
 {
     gallery_remote::check_protocol_version();
     $input = Input::instance();
     // TODO: Validate protocol version here
     switch ($input->post("cmd")) {
         case "login":
             print "#__GR2PROTO__\n";
             $uname = $input->post("uname");
             if (empty($uname)) {
                 print "status=202\n";
             } else {
                 $user = user::lookup_by_name($uname);
                 $password = $input->post("password");
                 if ($user && user::is_correct_password($user, $password)) {
                     print "status=0\n";
                     user::login($user);
                 } else {
                     print "status=201\n";
                 }
             }
             print "server_version=2.15\n";
     }
 }
Exemplo n.º 5
0
 /**
  * Import a single user.
  */
 static function import_user(&$queue)
 {
     $g2_user_id = array_shift($queue);
     if (self::map($g2_user_id)) {
         return t("User with id: %id already imported, skipping", array("id" => $g2_user_id));
     }
     if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
         self::set_map($g2_user_id, user::guest()->id);
         return t("Skipping Anonymous User");
     }
     $g2_admin_group_id = g2(GalleryCoreApi::getPluginParameter("module", "core", "id.adminGroup"));
     try {
         $g2_user = g2(GalleryCoreApi::loadEntitiesById($g2_user_id));
     } catch (Exception $e) {
         return t("Failed to import Gallery 2 user with id: %id\n%exception", array("id" => $g2_user_id, "exception" => $e->__toString()));
     }
     $g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
     try {
         $user = user::create($g2_user->getUsername(), $g2_user->getfullname(), "");
         $message = t("Created user: '******'.", array("name" => $user->name));
     } catch (Exception $e) {
         // @todo For now we assume this is a "duplicate user" exception
         $user = user::lookup_by_name($g2_user->getUsername());
         $message = t("Loaded existing user: '******'.", array("name" => $user->name));
     }
     $user->hashed_password = $g2_user->getHashedPassword();
     $user->email = $g2_user->getEmail();
     $user->locale = $g2_user->getLanguage();
     foreach ($g2_groups as $g2_group_id => $g2_group_name) {
         if ($g2_group_id == $g2_admin_group_id) {
             $user->admin = true;
             $message .= t("\n\tAdded 'admin' flag to user");
         } else {
             $group = ORM::factory("group", self::map($g2_group_id));
             $user->add($group);
             $message .= t("\n\tAdded user to group '%group'.", array("group" => $group->name));
         }
     }
     $user->save();
     self::set_map($g2_user->getId(), $user->id);
     return $message;
 }
Exemplo n.º 6
0
 /**
  * Import a single user.
  */
 static function import_user(&$queue)
 {
     $g2_user_id = array_shift($queue);
     if (self::map($g2_user_id)) {
         return;
     }
     if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
         self::set_map($g2_user_id, user::guest()->id);
         return;
     }
     $g2_admin_group_id = g2(GalleryCoreApi::getPluginParameter("module", "core", "id.adminGroup"));
     try {
         $g2_user = g2(GalleryCoreApi::loadEntitiesById($g2_user_id));
     } catch (Exception $e) {
         g2_import::log(t("Failed to import Gallery 2 user with id: %id", array("id" => $g2_user_id)));
         return;
     }
     $g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
     try {
         $user = user::create($g2_user->getUsername(), $g2_user->getfullname(), "");
     } catch (Exception $e) {
         // @todo For now we assume this is a "duplicate user" exception
         $user = user::lookup_by_name($g2_user->getUsername());
     }
     $user->hashed_password = $g2_user->getHashedPassword();
     $user->email = $g2_user->getEmail();
     $user->locale = $g2_user->getLanguage();
     foreach ($g2_groups as $g2_group_id => $g2_group_name) {
         if ($g2_group_id == $g2_admin_group_id) {
             $user->admin = true;
         } else {
             $user->add(ORM::factory("group", self::map($g2_group_id)));
         }
     }
     $user->save();
     self::set_map($g2_user->getId(), $user->id);
 }
Exemplo n.º 7
0
 public function moved_items_inherit_new_permissions_test()
 {
     user::set_active(user::lookup_by_name("admin"));
     $root = ORM::factory("item", 1);
     $public_album = album::create($root, rand(), "public album");
     $public_photo = photo::create($public_album, MODPATH . "gallery/images/gallery.png", "", "");
     access::allow(group::everybody(), "view", $public_album);
     $root->reload();
     // Account for MPTT changes
     $private_album = album::create($root, rand(), "private album");
     access::deny(group::everybody(), "view", $private_album);
     $private_photo = photo::create($private_album, MODPATH . "gallery/images/gallery.png", "", "");
     // Make sure that we now have a public photo and private photo.
     $this->assert_true(access::group_can(group::everybody(), "view", $public_photo));
     $this->assert_false(access::group_can(group::everybody(), "view", $private_photo));
     // Swap the photos
     item::move($public_photo, $private_album);
     $private_album->reload();
     // Reload to get new MPTT pointers and cached perms.
     $public_album->reload();
     $private_photo->reload();
     $public_photo->reload();
     item::move($private_photo, $public_album);
     $private_album->reload();
     // Reload to get new MPTT pointers and cached perms.
     $public_album->reload();
     $private_photo->reload();
     $public_photo->reload();
     // Make sure that the public_photo is now private, and the private_photo is now public.
     $this->assert_false(access::group_can(group::everybody(), "view", $public_photo));
     $this->assert_true(access::group_can(group::everybody(), "view", $private_photo));
 }
Exemplo n.º 8
0
 public function edit_user($id)
 {
     access::verify_csrf();
     $user = user::lookup($id);
     if (empty($user)) {
         kohana::show_404();
     }
     $form = $this->_get_user_edit_form_admin($user);
     $valid = $form->validate();
     if ($valid) {
         $new_name = $form->edit_user->inputs["name"]->value;
         $temp_user = user::lookup_by_name($new_name);
         if ($new_name != $user->name && ($temp_user && $temp_user->id != $user->id)) {
             $form->edit_user->inputs["name"]->add_error("in_use", 1);
             $valid = false;
         } else {
             $user->name = $new_name;
         }
     }
     if ($valid) {
         $user->full_name = $form->edit_user->full_name->value;
         if ($form->edit_user->password->value) {
             $user->password = $form->edit_user->password->value;
         }
         $user->email = $form->edit_user->email->value;
         $user->url = $form->edit_user->url->value;
         if ($form->edit_user->locale) {
             $desired_locale = $form->edit_user->locale->value;
             $user->locale = $desired_locale == "none" ? null : $desired_locale;
         }
         // An admin can change the admin status for any user but themselves
         if ($user->id != identity::active_user()->id) {
             $user->admin = $form->edit_user->admin->checked;
         }
         $user->save();
         module::event("user_edit_form_admin_completed", $user, $form);
         message::success(t("Changed user %user_name", array("user_name" => $user->name)));
         print json_encode(array("result" => "success"));
     } else {
         print json_encode(array("result" => "error", "form" => $form->__toString()));
     }
 }
Exemplo n.º 9
0
 /**
  * @see IdentityProvider_Driver::lookup_user_by_name.
  */
 public function lookup_user_by_name($name)
 {
     return user::lookup_by_name($name);
 }
Exemplo n.º 10
0
 private function _login(&$input, &$reply)
 {
     $uname = trim($input->post('uname'));
     if (empty($uname)) {
         $reply->send(gallery_remote::LOGIN_MISSING);
     } else {
         $user = user::lookup_by_name($uname);
         $password = trim($input->post('password'));
         if ($user && user::is_correct_password($user, $password)) {
             auth::login($user);
             Session::instance()->regenerate();
             $reply->set('debug_user', $user->name);
             $reply->set('status_text', 'Login successful.');
             $reply->send();
         } else {
             $reply->send(gallery_remote::PASSWD_WRONG);
         }
     }
 }