public static function retrieveOrganizationName()
{
$db = DbUtil::accessFactory();
$copname = Auth::getCopName();
$copname = $db->escape($copname);
$rs = $db->select("SELECT coplabel FROM cops WHERE copname = '{$copname}'");
return $rs->coplabel;
}
/**
* Verifies if a Widget Category with a given name exists in the
* persistent database of the portal.
*
* @param string $name The name of the Widget Category you want to verify the existence.
*/
public static function exists($name)
{
$db = DbUtil::accessFactory();
$name = $db->escape($name);
$toLowerName = strtolower($name);
// Check if this category exists.
$rs = $db->select("SELECT COUNT(*) AS 'catcount' FROM categories WHERE LOWER(category) = '{$toLowerName}'");
return $rs->catcount;
}
public static function userCanChangeHisPassword($login, $lostKey, $lostTime)
{
# Verify if the login exists
$db = DbUtil::accessFactory();
$login = urldecode($login);
$login = $db->db_escape_string($login);
$lostKey = $db->db_escape_string($lostKey);
$lostTime = $db->db_escape_string($lostTime);
$userId = UsersManagement::getUserIdByLogin($login);
# If login exists fill db with lost key and timestamp
if ($userId !== null) {
$currentTime = time();
$thresholdHour = VALIDE_LOST_KEY_PERIOD;
# 2h
$threshold = 3600 * $thresholdHour;
# number of seconde
# Store the state
$rs = $db->select('SELECT * FROM `users` WHERE `id` = \'' . $userId . '\' AND `lostKey` = \'' . $lostKey . '\' AND `lostTime` = \'' . $lostTime . '\'');
// var_dump($rs->count());
// var_dump($threshold);
// var_dump($currentTime - $lostTime);
if ($rs->count() == 1) {
if ($currentTime - $lostTime < $threshold) {
return true;
} else {
return -1;
}
# -1 means that the time is over
} else {
return false;
}
} else {
return false;
}
}
public static function getManifest($userId, array $tabs, $format = 'xml')
{
# Verify if tabs parameters is not empty
if (count($tabs) == 0) {
throw new MwwException(MwwException::MODEL, 'WidgetSapce::getManifest / tabs argument must contain a least one argument');
}
# Init vars
$db = DbUtil::accessFactory();
$userId = $db->escape($userId);
$wsTabs = array();
# Process each tabs
foreach ($tabs as $tabId) {
# Init vars
$tabId = $db->escape($tabId);
$wsTabs[$tabId] = array();
# Get widgets for the given tab
$rs = $db->select("SELECT * FROM `interface` WHERE `userid` = {$userId} AND `tab` = '{$tabId}'");
while ($rs->fetch()) {
$widgetInstanceId = $rs->widgetinstanceid;
$widgetId = WidgetInstances::getWidgetIdByInstanceId($widgetInstanceId);
if (!$widgetId) {
throw new MwwException(MwwException::MODEL, 'WidgetSapce::getManifest / A widget instance id seems to be not linked to a widget id...');
}
# Save widget interface info
$wsTabs[$tabId][$widgetInstanceId]['interface'] = array('widgetId' => $widgetId, 'column' => $rs->column, 'minimized' => $rs->minimized, 'position' => $rs->position);
$wsTabs[$tabId][$widgetInstanceId]['userpreference'] = array();
# Get and save widget user preference info
$rs_pref = $db->select("SELECT * FROM `interface_preferences` WHERE `userid` = {$userId} AND `widgetinstanceid` = {$widgetInstanceId}");
while ($rs_pref->fetch()) {
$wsTabs[$tabId][$widgetInstanceId]['userpreference'][$rs_pref->preference] = $rs_pref->value;
}
}
}
# return widget space
if ($format == 'raw') {
return $wsTabs;
}
# Before the creating of xml, try to canonize the widget position
$widgetsTabOrdored = array();
foreach ($wsTabs as $tabId => $tabInfo) {
# Put widget into tab following their position in UI
foreach ($tabInfo as $widgetInstanceId => $widgetInfo) {
$widgetsTabOrdored[$tabId][$widgetInfo['interface']['column']][$widgetInfo['interface']['position']] = $widgetInfo;
}
}
# Now canonize the position for each column
$tmp = array();
foreach ($widgetsTabOrdored as $tabId => $tabInfo) {
$tmp[$tabId] = array();
foreach ($tabInfo as $column => $columnContent) {
$t = $columnContent;
ksort($t);
$n = count($t);
foreach ($t as $oldKey => $content) {
$tmp[$tabId][$column][] = $content;
}
# To start at 0
}
}
# To finish...
$widgetsTabOrdored = $tmp;
//var_dump($widgetsTabOrdored);
# Now construct the xml output
$doc = new DOMDocument('1.0', 'utf-8');
$doc->formatOutput = true;
$doc->preserveWhiteSpace = false;
# Create the root node
$wsXML = xa($doc, $doc, 'widgetspace');
foreach ($widgetsTabOrdored as $tabId => $tabInfo) {
$tabXML = xa($doc, $wsXML, 'tabs' . xs . 'title=' . $tabId);
# TODO : Add here tab properties
# Add a Layout
$layoutXML = xa($doc, $tabXML, 'layout' . xs . 'type=three_col_layout');
# Here widget must be added into section according to their order in the three_col_layout
# Add widgets into layout
foreach ($tabInfo as $columnPosition => $columnContent) {
$sectionXML = xa($doc, $layoutXML, 'section' . xs . 'position=' . $columnPosition);
# the position attribute is needed (because there are cases where specific column is empty)
foreach ($columnContent as $position => $widgetInfo) {
$i = $widgetInfo['interface'];
$up = $widgetInfo['userpreference'];
$widgetXML = xa($doc, $sectionXML, 'widget' . xs . 'widgetid=' . $i['widgetId'] . xs . 'minimized=' . $i['minimized']);
foreach ($up as $prefname => $prefvalue) {
$propertyXML = xa($doc, $widgetXML, 'property');
xa($doc, $propertyXML, 'name', $prefname);
xa($doc, $propertyXML, 'value', $prefvalue);
}
}
}
}
# return the XML Document
return $doc;
}
/**
* Returns a list of tags contained in the database following a given prefix.
*
* Example : the database contains these tags -> obiwan, yoda, luke, han, leia, yoghurt.
* If you give 'yo' to this function you will receive array('yoda', 'yoghurt').
*
* @param string $tagPrefix A prefix that must match the resulting tags.
* @return array an array of tags as strings.
*/
public static function searchForTags($tagPrefix)
{
$db = DbUtil::accessFactory();
// Sanitization and query execution.
$tagPrefix = $db->escape($tagPrefix);
$rs = $db->select("SELECT `label` FROM `tags` WHERE `label` LIKE '{$tagPrefix}' ORDER BY `label` ASC LIMIT 0, 10");
// Read the the result set into an associative array.
$tags = array();
while ($rs->fetch()) {
$tags[] = $rs->label;
}
return $tags;
}
public static function checkUserIdentifiers($username, $md5Password)
{
$db = DbUtil::accessFactory();
$username = $db->escape($username);
$md5Password = $db->escape($md5Password);
$rs = $db->select("SELECT username FROM users WHERE username = '******' && password = '******'");
return $rs->count();
}
public function resetPassword($login = null, $lostKey = null, $lostTime = null)
{
$r = Auth::userCanChangeHisPassword($login, $lostKey, $lostTime);
$passwordIsChanged = false;
if ($r === true) {
$urlForm = "../../index.php/Users/resetPassword?login="******"&lostKey=" . urlencode($lostKey) . "&lostTime=" . urlencode($lostTime);
# Save the new password
if (!empty($_POST)) {
# Test params
isset($_POST['login']) ? $login = $_POST['login'] : ($login = null);
isset($_POST['new_password']) ? $newPassword = $_POST['new_password'] : ($newPassword = null);
isset($_POST['new_password']) ? $new_password_confirm = $_POST['new_password_confirm'] : ($new_password_confirm = null);
# Get user id
$userId = UsersManagement::getUserIdByLogin($login);
# test if it is ok
if ($userId !== null && $newPassword !== null && $newPassword == $new_password_confirm && Util::checkPasswordLength($newPassword)) {
$db = DbUtil::accessFactory();
if (!$db->execute("UPDATE users SET password = '******' WHERE id = '" . $userId . "'")) {
$message = __('Please reconfirm your password');
$isError = true;
} else {
$message = __('Your password have been changed');
$isError = false;
$passwordIsChanged = true;
Auth::removeForgotPasswordState($login);
# Now reset the lostKey (for security)
}
} else {
$message = __('Please reconfirm your password');
$isError = true;
}
//var_dump($_POST);
} else {
# Display the form to change password
# Get Avaliable Langue
//$availableLanguages = Util::getAvailableLanguages();
//$userLanguage = Auth::getLanguage();
}
require_once DefaultFC::getView('changepassword.tpl');
} else {
if ($r == -1) {
die(__('Authorized time to change your password has expired, please restart the "forgot your password" process from the portal UI.'));
} else {
die(__('You are not authorized to view this page.'));
}
}
}
function getOpenIDStore()
{
$s = new WMySqlStore(DbUtil::accessFactory());
$s->createTables();
return $s;
}
/**
* @param Array $options
*/
public static function setOptions($userId, $title, $options)
{
$db = DbUtil::accessFactory();
//Manage the diff of options
$oldOptions = self::getOptions($userId, $title);
var_dump($oldOptions);
// Get old value not specified in options
$tmp = array_diff_key($oldOptions, $options);
// Add it to the options
$options = array_merge($options, $tmp);
// records the result
$options = json_encode($options);
// To avoid prob of object instead of array
$query = "UPDATE tabs SET options = '{$options}' WHERE title = '{$title}' AND userid = {$userId} ";
if (!$db->execute($query)) {
throw new DBException(MwwException::MODEL, "Unable to setOptions in the persistant database.");
}
}
public function finish_auth()
{
$always_trust = false;
if (isset($_GET['pal_trust'])) {
$always_trust = true;
// we hide this parameter from the openid library
unset($_GET['pal_trust']);
$_SERVER['QUERY_STRING'] = str_replace('&pal_trust=true', '', $_SERVER['QUERY_STRING']);
}
$db = DbUtil::accessFactory();
$store = new WMySqlStore($db);
$store->createTables();
$consumer =& new Auth_OpenID_Consumer($store);
$url = HttpRequest::getPathUrl();
$nb = strlen($url);
$base_url = '';
if ($nb == 0 || $url[$nb - 1] != "/") {
$base_url = "http://" . $_SERVER['HTTP_HOST'] . $url . "/";
} else {
$base_url = "http://" . $_SERVER['HTTP_HOST'] . $url;
}
$return_url = $base_url . 'index.php/openid/finish_auth';
// Complete the authentication process using the server's
// response.
$response = $consumer->complete($return_url);
$success = false;
// Check the response status.
if ($response->status == Auth_OpenID_CANCEL) {
// This means the authentication was cancelled.
$msg = __('Verification cancelled.');
} else {
if ($response->status == Auth_OpenID_FAILURE) {
// Authentication failed; display the error message.
$msg = __("OpenID authentication failed: ") . $response->message;
} else {
if ($response->status == Auth_OpenID_SUCCESS) {
$success = true;
// This means the authentication succeeded; extract the
// identity URL and Simple Registration data (if it was
// returned).
$openid = $response->getDisplayIdentifier();
Auth::loginByOpenid($openid);
if (!Auth::isAuth()) {
$success = false;
$msg = __('Account not found.');
}
}
}
}
if ($success) {
// for openid sso
if (OPENID_SSO_MODE) {
if ($always_trust) {
setcookie('default_openid', $openid, time() + 60 * 60 * 24 * 30 * 12, HttpRequest::getPathUrl());
}
}
// Authentication process succeeded.
// FIXME: log this connection
// Redirection in the portal.
DefaultFC::redirection('wall/index');
exit;
} else {
$_SESSION['isError'] = true;
$_SESSION['message'] = $msg;
DefaultFC::redirection('users/index');
exit;
}
}
private static function installLocalWidget($categoryId, $userId, $uploadedFilePath)
{
try {
$unziper = new fileUnzip($uploadedFilePath);
$archiveContent = $unziper->getFilesList();
$tempFolder = './widgets/' . mktime();
$alreadyInstalled = false;
if (!self::isFileInArchive($archiveContent, 'config.xml')) {
throw new FileException(MwwException::MODEL, 'Unable to find config.xml in the provided archive');
} else {
if (!self::isFileInArchive($archiveContent, 'index.html') && !self::isFileInArchive($archiveContent, 'index.xul')) {
throw new FileException(MwwException::MODEL, 'Unable to find index.html in the provided archive');
} else {
// The mandatory files are in the archive.
// We unzip the document in the widget repository under an arbitrary folder.
$unziper->unzipAll($tempFolder);
$unziper->close();
// parse the manifest.
$manifestPath = $tempFolder . '/config.xml';
$doc = new DOMDocument();
$doc->preserveWhiteSpace = false;
if (!@$doc->load($manifestPath)) {
throw new XMLParsingException(MwwException::MODEL, 'Unable to parse XML file. Document not well formed.');
}
// validate the manifest.
if (!@$doc->schemaValidate('./schema/manifest.xsd')) {
throw new XMLValidationException(MwwException::MODEL, "The XML File isn't valid according to the XML Schema.");
}
// test if the id is unique (test if the directory exists).
$id = $doc->getElementsByTagName('widget')->item(0)->getAttribute('id');
// getting name/title of the widget.
if ($doc->getElementsByTagName('name')->length) {
$name = $doc->getElementsByTagName('name')->item(0)->nodeValue;
} else {
if ($doc->getElementsByTagName('title')->length) {
$name = $doc->getElementsByTagName('title')->item(0)->nodeValue;
} else {
throw new XMLValidationException(MwwException::MODEL, "The XML File is not valid. The mandatory title or name element is missing.");
}
}
// getting widget description.
$description = null;
if ($doc->getElementsByTagName('description')->length) {
$description = $doc->getElementsByTagName('description')->item(0)->nodeValue;
}
// is widget authentication enabled or disabled ?
$widgetAuth = false;
$authKey = null;
if ($doc->getElementsByTagName('widget_authentication')->length) {
$authValue = $doc->getElementsByTagName('widget_authentication')->item(0)->nodeValue;
if ($authValue == 'enabled') {
$widgetAuth = true;
// create the key.
$crypto = new Rijndael();
$authKey = $crypto->generateKey();
}
}
$targetFolder = './widgets/' . $id;
if (file_exists($targetFolder)) {
$alreadyInstalled = true;
throw new FileException(MwwException::MODEL, 'A widget with the id \'' . $id . '\' already exists.');
}
// create the widget directory (actually we simply rename the temporary directory).
if (!@rename($tempFolder, $targetFolder)) {
throw new FileException(MwwException::MODEL, 'The widget directory could not be created');
}
$nameToReturn = $name;
// -- Persistant data access section.
$db = DbUtil::accessFactory();
$categoryId = $categoryId != 0 ? $db->escape($categoryId) : 'NULL';
$userId = $db->escape($userId);
$name = $db->escape($name);
$description = $db->escape($description);
$generatedKey = $widgetAuth ? "'{$authKey}'" : 'NULL';
// insert the widget into the database.
if (!$db->execute("INSERT INTO `widgets` (`widgetid`, `widgetname`, `visible`, `copname`, `category`, `description`, `authkey`) VALUES ('{$id}', '{$name}', 0, (SELECT `copname` FROM `users` WHERE `id`= {$userId}), {$categoryId}, '{$description}', {$generatedKey})")) {
throw new DBException(MwwException::MODEL, "Unable to insert new widget '{$id}' information in persistant data");
}
// -- End of Persistant data access section.
// End of the installation. Everything was fine.
return $nameToReturn;
}
}
} catch (Exception $ex) {
if (isset($tempFolder) && is_dir($tempFolder)) {
Util::full_rmdir($tempFolder);
}
if (isset($targetFolder) && is_dir($targetFolder) && !$alreadyInstalled) {
Util::full_rmdir($targetFolder);
}
throw $ex;
}
}
public static function getUserIdByLogin($login)
{
$db = DbUtil::accessFactory();
$login = $db->escape($login);
$rs = $db->select("SELECT id FROM users WHERE username = '******'");
if ($rs->count() == 1 && $rs->fetch()) {
return $rs->id;
} else {
return null;
}
}
/**
* Makes effective a subscribing to a given widget for a particular user in the database. If
* the widget already exists in the user's UI, the call to this function will simply
* be ignored.
*
* You have to know that if the widget is inserted in the user's UI, it will take place
* in the first column of the screen, at the first place (in other words: top-left on the screen).
*
* @param integer $userId The user's identifier in the database
* @param string $widgetId The widget's identifier to wich the user want to subscribe.
*/
public static function subscribe($userId, $widgetId)
{
// Test if the widget exists. Developpers please be carefull, there's a dependancy on /models/Widgets::isInstalled.
if (!Widgets::isInstalled($widgetId)) {
throw new ServiceException(MwwException::MODEL, "Unable to subscribe user '{$userId}' to widget '{$widgetId}'. The widget is not installed.");
}
// Sanitization and database connexion.
$db = DbUtil::accessFactory();
$userId = $db->escape($userId);
$widgetId = $db->escape($widgetId);
// Test if the widget needs to be added to the user interface.
# $rs = $db->select("SELECT * FROM interface as i, widget_instances as wi WHERE userid = ${userId} AND wi.instanceid = i.widgetinstanceid AND wi.widgetid = '${widgetId}'");
# TODO Remove this ligne because in case of multi instanciation there is not this constrain
//if($rs->isEmpty())
//{
// We can subscribe this user to the requested widget.
// Developpers note : be careful the 'column' mysql keyword use in the following queries. Use brackets !
# New instance
$db->execute("INSERT INTO `widget_instances` (`widgetid`) VALUES ('" . $widgetId . "')");
$widgetInstanceId = mysql_insert_id();
# TODO test this, may be do a transaction and use clearbricks
$db->execute("UPDATE interface SET position = position + 1 WHERE userid = {$userId} AND `column` = 0");
$db->execute("INSERT INTO interface (userid, widgetinstanceid, `column`, minimized, position) VALUES ({$userId}, '{$widgetInstanceId}', '0', '0', '0')");
//}
}
