public static function sendEmail($scenario, $userId = "", $messageId = "", $tempPassword = "", $cc = "", $bcc = "")
{
$model = EmailTemplateApi::getTemplateByScenario($scenario);
if ($userId) {
$user = UserApi::getUser($userId);
}
if ($user) {
$data["verification_link"] = SecurityUtils::getVerificationLink($user["activation_code"]);
$data["email_id"] = $user["email_id"];
$data["name"] = UserApi::getNameByUserId($userId);
}
if ($tempPassword) {
$data["temp_password"] = $tempPassword;
}
if ($messageId) {
$message = PmbApi::loadMessage($messageId);
}
if ($message) {
$data["message_subject"] = $message->subject;
$data["message_content"] = $message->content;
$data["message_from"] = UserApi::getNameByUserId($message->from_user_id);
}
if ($model) {
$htmlEmail = self::changeTemplate($data, $model->body_html);
$plainEmail = self::changeTemplate($data, $model->body_plain);
$emailData["from_email"] = $model->from_email;
$emailData["from_name"] = $model->from_name;
$emailData["subject"] = $model->subject;
$emailData["body_html"] = $htmlEmail;
$emailData["body_plain"] = $plainEmail;
return EmailQueueApi::addToQueue($user["email_id"], $cc, $bcc, "", $emailData);
}
return false;
}
/**
* __construct
*
* @param mixed $securityManager The security manager
*
* @access public
* @return void
*/
public function __construct($securityManager = null)
{
$this->_context = new DefaultSubjectContext();
if ($securityManager === null) {
$this->_securityManager = SecurityUtils::getSecurityManager();
}
}
protected function afterLogin($fromCookie)
{
if (!$fromCookie) {
$user = UserCredentials::model()->findByPK(Yii::app()->user->id);
$user->last_login_time = new CDbExpression('NOW()');
$user->last_login_ip = SecurityUtils::getRealIp();
$user->save();
}
}
public static function createUser($data)
{
$profile = new UserProfiles();
$profile->dob = '1988-11-11';
$profile->attributes = $data;
$profile->salt = SecurityUtils::generateSalt($profile->email_id);
$profile->activation_code = SecurityUtils::generateRandomString(10);
$profile->registered_ip = SecurityUtils::getRealIp();
return $profile->save();
}
function haloDump($var)
{
$config = HaloEnv::get('config');
if ($config['dump']) {
echo '<pre>';
$res = var_export($var, true);
var_dump(SecurityUtils::escape($res));
echo '</pre>';
// echo '<pre>'. $var. '</pre>';
}
}
/**
* @param string $pass
* @param string $salt
* @param string $encPass
* @return boolean
*
* This method compares user entered value with the value stored in DB. It encrypts the user input before comparison
*/
public static function comparePasswords($pass = null, $salt = null, $encPass = null)
{
if (null == $pass || null == $salt || null == $encPass) {
return false;
}
if (SecurityUtils::encryptPassword($pass, $salt) === $encPass) {
//if($pass === $encPass){
return true;
}
return false;
}
public function exists($attribute, $params)
{
if ($this->id) {
$user = UserCredentials::model()->findByPk($this->id);
if ($user) {
$password = SecurityUtils::encryptPassword($this->currentPassword, $user->salt);
$criteria = new CDbCriteria();
$criteria->condition = 'password=:password';
$criteria->params = array(':password' => $password);
if (!UserCredentials::model()->find($criteria)) {
$this->addError('currentPassword', 'Please enter your current password !');
}
} else {
$this->addError('currentPassword', 'Sorry, could not process your password modification request at this time !');
}
} else {
$this->addError('currentPassword', 'Sorry, could not process your password modification request at this time !');
}
}
public function postAction()
{
$db = $this->_helper->database->getAdapter();
$token = $this->getRequest()->getParam("token");
self::$logger->info("Logout requested for token ({$token}).");
$response = array('success' => false, 'message' => 'An unknown error occurred');
$token_username = SecurityUtils::getUsernameForToken($db, $token);
if (!isset($token_username)) {
$response['success'] = false;
$response['message'] = "Token ({$token}) does not match a user";
//throw new SecurityException("Token ($token) does not match a user");
} else {
//$db->update('user', array('token' => null), 'username = ?');
$db->update('user', array('token' => null), $db->quoteInto('username = ?', $token_username));
$response['success'] = true;
$response['message'] = "Logged out successfully.";
setcookie('token', '', 0, '/');
}
//sleep(2); // simulate network lag
echo Zend_Json::encode($response);
}
public function authenticate()
{
$user = UserCredentials::model()->findByAttributes(array('email_id' => $this->username));
if ($user === null) {
$this->errorCode = self::ERROR_USERNAME_INVALID;
} else {
if ($user->status != 'ACTIVE') {
$this->errorCode = self::ERROR_USERNAME_INACTIVE;
} else {
if (!SecurityUtils::comparePasswords($this->password, $user->salt, $user->password)) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
$this->_username = $user->email_id;
$this->setState('id', $user->id);
$this->setState('emailId', $user->email_id);
$this->setState('last_login_time', $user->last_login_time);
$this->errorCode = self::ERROR_NONE;
}
}
}
return !$this->errorCode;
}
public function indexAction()
{
$db = $this->_helper->database->getAdapter();
//@TODO: handle the query with $this->_getParam(...)
$action = $this->getRequest()->getParam("action");
self::$logger->info("security handling action ({$action})");
$response = array('success' => false);
// fail by default
// if ($action == 'validateToken') {
// @TODO db lookup to validate token
$token = $this->getRequest()->getParam("token");
$token_username = SecurityUtils::getUsernameForToken($db, $token);
if (isset($token_username)) {
$response = array('success' => true, 'username' => $token_username);
} else {
$response = array('success' => false, 'message' => 'Could not validate token');
setcookie('token', '', 0, '/');
}
// } else {
// self::$logger->emerg("Unknown action ($action)!");
// }
echo Zend_Json::encode($response);
}
public function registerMemeber($email, $name, $pwd)
{
$memberObj = new Member();
$memberObj->email = SecurityUtils::securityDBParam($email);
$memberObj->name = SecurityUtils::securityDBParam($name);
$memberObj->pwd = SecurityUtils::md5Password(SecurityUtils::securityDBParam($pwd));
if (empty($memberObj->email) || empty($memberObj->pwd)) {
throw new MyException("registerMemeber : email or pwd is empty: email={$email} pwd={$pwd}");
}
$this->saveMemberToDB($memberObj, true);
}
public function postAction()
{
$this->_helper->viewRenderer->setNoRender(true);
$db = $this->_helper->database->getAdapter();
// retrieve the guts of the bucket
$name = $this->getRequest()->getParam("name");
$description = $this->getRequest()->getParam("description");
$dojo_version = $this->getRequest()->getParam("dojo_version");
$dj_config = $this->getRequest()->getParam("dj_config");
$html = $this->getRequest()->getParam("html");
$javascript = $this->getRequest()->getParam("javascript");
$css = $this->getRequest()->getParam("css");
$layers = $this->getRequest()->getParam("layers");
// prepare the guts of the bucket, used in each kind of insert/update later
$bucket_contents = array('dojo_version' => $dojo_version, 'content_html' => $html, 'content_css' => $css, 'content_js' => $javascript, 'dj_config' => $dj_config, 'layers' => $layers);
$response = array();
try {
// We may not have been passed any identifying info
$token = $this->getRequest()->getParam("token");
$namespace = $this->getRequest()->getParam("namespace");
$id = $this->getRequest()->getParam("id");
$version = $this->getRequest()->getParam("version");
self::$logger->info("postAction namespace ({$namespace}) id ({$id}) version ({$version})");
if (isset($_REQUEST['save'])) {
// sanitize $namespace - may be empty for new buckets
if (!isset($namespace) || $namespace == '' || $_REQUEST['save'] === 'fork') {
self::$logger->debug("namespace not set or forking. Check token ({$token})");
if (isset($token) && $token != '') {
$token_namespace = BucketUtils::getNamespaceForToken($db, $token);
if ($token_namespace) {
$namespace = $token_namespace;
}
} else {
self::$logger->info("namespace not provided, default to 'public'");
$namespace = 'public';
}
}
SecurityUtils::verifyToken($db, $token, $namespace);
if (!isset($id) || $id == '' || $_REQUEST['save'] === 'fork') {
self::$logger->info("id not provided or forking, generating new random id");
$id = BucketUtils::generateId($db, $namespace);
}
if (!isset($version) || $_REQUEST['save'] === 'fork') {
self::$logger->info("version not provided or forking, default to 0");
$version = 0;
}
if ($_REQUEST['save'] == 'new_version') {
$version++;
}
// The bucket may not yet exist
self::$logger->info("Running bucket count for namespace ({$namespace}) id ({$id})...");
$select = $db->select()->from('bucket', "COUNT(*) as cc")->where('namespace = ?', $namespace)->where('id = ?', $id);
if ($db->fetchRow($select)->cc == 0) {
// sandbox does not yet exist, create it
self::$logger->info('bucket does not yet exist');
// Create the bucket
$db->insert('bucket', array('namespace' => $namespace, 'id' => $id, 'name' => $name, 'description' => $description, 'latest_version' => $version));
}
self::$logger->info("Running bucket_version count for namespace ({$namespace}) id ({$id}) version ({$version})...");
$select = $db->select()->from('bucket_version', "COUNT(*) as cc")->where('bucket_namespace = ?', $namespace)->where('bucket_id = ?', $id)->where('version = ?', $version);
if ($db->fetchRow($select)->cc == 0) {
// Create the initial version
self::$logger->info("insert bucket_version");
$db->insert('bucket_version', array_merge(array('bucket_namespace' => $namespace, 'bucket_id' => $id, 'version' => $version), $bucket_contents));
} else {
self::$logger->info("update bucket_version ({$version})");
$db->update('bucket_version', $bucket_contents, array('bucket_namespace = ?' => $namespace, 'bucket_id = ?' => $id, 'version = ?' => $version));
}
// inform the caller of the new identity
$response = array("success" => true, "namespace" => $namespace, "id" => $id, "version" => $version);
} else {
if (isset($_REQUEST['save'])) {
// save_as_new was false, so overwrite existing version.
$db->update('bucket_version', array_merge(array('bucket_namespace' => $namespace, 'bucket_id' => $id, 'version' => $version), $bucket_contents));
$response = array("success" => true, "namespace" => $namespace, "id" => $id, "version" => $version);
}
}
$session = new Zend_Session_Namespace("runIframe");
$session->name = $name;
$session->content_html = $bucket_contents['content_html'];
$session->content_js = $bucket_contents['content_js'];
$session->content_css = $bucket_contents['content_css'];
$session->dojo_version = $bucket_contents['dojo_version'];
$session->dj_config = $bucket_contents['dj_config'];
$session->layers = $bucket_contents['layers'];
$session->session_id = rand(1, 1000000);
$response['session_id'] = $session->session_id;
} catch (SecurityException $e) {
$response['success'] = false;
$response['exception'] = 'SecurityException';
$response['message'] = $e->getMessage();
}
echo Zend_Json::encode($response);
}
public static function sendEmail($to, $scenario, $data = "", $cc = "", $bcc = "")
{
$model = EmailTemplateApi::getTemplateByScenario($scenario);
$template = array();
if ($model) {
$template["home_link"] = Yii::app()->createAbsoluteUrl('/');
$template["signin_link"] = Yii::app()->createAbsoluteUrl('/account');
$template["logo_link"] = Yii::app()->createAbsoluteUrl('/') . Yii::app()->theme->baseUrl . '/images/logo-newsletter.jpg';
if ($data) {
if (is_array($data)) {
foreach ($data as $key => $value) {
if ($key == "user") {
$user = UserApi::getUser($value);
if ($user) {
$template["verification_link"] = SecurityUtils::getVerificationLink($user["activation_code"], $user["email_id"]);
$template["email_id"] = $user["email_id"];
$template["name"] = UserApi::getNameByUserId($value);
}
continue;
} else {
if ($key == "temp_password") {
$template["temp_password"] = $value;
continue;
} else {
if ($key == "message") {
$message = PmbApi::loadMessage($value);
if ($message) {
$template["message_subject"] = $message->subject;
$template["message_content"] = $message->content;
$template["message_body"] = $message->content;
$template["message_from"] = UserApi::getNameByUserId($message->from_user_id);
}
continue;
} else {
if ($key == "feedback") {
$user = UserApi::getUserById($value);
$feedback = FeedbackApi::getLatestFeedback($toId, $entityId, $type);
if ($user) {
$template["first_name"] = $user->first_name;
$template["feedback"] = $feedback->feedback;
$template["specialist_rating"] = SpecialistRatingApi::getRating($specialist->user_id);
}
continue;
}
}
}
}
}
}
}
$htmlEmail = self::changeTemplate($template, $model->body_html);
$plainEmail = self::changeTemplate($template, $model->body_plain);
$emailData["from_email"] = $model->from_email;
$emailData["from_name"] = $model->from_name;
$emailData["subject"] = self::changeTemplate($template, $model->subject);
$emailData["body_html"] = $htmlEmail;
$emailData["body_plain"] = $plainEmail;
return EmailQueueApi::addToQueue($to, $cc, $bcc, "", $emailData);
}
return false;
}
public function postAction()
{
$db = $this->_helper->database->getAdapter();
$username = $this->getRequest()->getParam("username");
$password = $this->getRequest()->getParam("password");
// $loginButton = $this->getRequest()->getParam("loginButton");
// $registerButton = $this->getRequest()->getParam("registerButton");
$register = $this->getRequest()->getParam("register") == 'on';
// self::$logger->debug("loginButton $loginButton registerButton $registerButton");
self::$logger->debug("register? ({$register})");
$token = null;
/* We set up token either by logging in, or registering a new account. */
$response = array('success' => false, 'message' => 'An unknown error occurred');
if (!$register) {
self::$logger->debug("validate username (" . $username . ") password (" . $password . ")");
// $select_rs = $db->select()
// ->from('user', 'id')
// ->where('username = ?', $username)->fetchAll();
$sql = $db->quoteInto('select id, password from user where username = ?', $username);
$select_rs = $db->fetchAll($sql);
self::$logger->debug("found " . count($select_rs) . " rows for username ({$username})");
if (count($select_rs) == 0) {
$response['success'] = false;
$response['message'] = "Unknown user account '{$username}'.";
} else {
if (count($select_rs) > 1) {
$response['success'] = false;
$response['message'] = "Duplicate user account '{$username}'.";
} else {
$user_id = $select_rs[0]->id;
self::$logger->debug("Found user id {$user_id} for username {$username}");
// check password against what's in DB
//self::$logger->debug("first row: " . json_encode($select_rs[0]));
if ($this->validate_password($password, $select_rs[0]->password)) {
$response['success'] = true;
$response['username'] = $username;
$response['message'] = "You have logged on successfully.";
} else {
$response['success'] = false;
$response['message'] = "Username or Password was not valid.";
}
}
}
} else {
self::$logger->debug("CREATE NEW ACCOUNT username {$username} password {$password}");
$select = $db->select()->from('user', "COUNT(*) as cc")->where('username = ?', $username);
if ($db->fetchRow($select)->cc == 0) {
self::$logger->debug("Username doesn't already exist, OK to create account.");
$first_name = $this->getRequest()->getParam("first_name");
$last_name = $this->getRequest()->getParam("last_name");
$email = $this->getRequest()->getParam("email");
if (!$first_name || strlen($first_name) == 0 || !$last_name || strlen($last_name) == 0 || !$email || strlen($email) == 0) {
$response['message'] = "A required field was missing";
} else {
self::$logger->debug("Inserting new user into database, password {$password} encrypts to (" . $this->encrypt_password($password) . ")...");
$db->insert('user', array('username' => $username, 'password' => $this->encrypt_password($password), 'role' => 'user', 'first_name' => $first_name, 'last_name' => $last_name, 'email' => $email));
$user_id = $db->lastInsertId();
self::$logger->debug("Returning success.");
$response['success'] = true;
$response['username'] = $username;
$response['message'] = "Your user account was created successfully.";
}
} else {
$response['success'] = false;
$response['message'] = "The username already exists.";
}
}
if ($response['success'] == true) {
$token = SecurityUtils::generateToken();
self::$logger->debug("Updating username ({$username}) with token ({$token})...");
$db->update('user', array('token' => $token), "id = {$user_id}");
// 2 weeks = 60*60*24*7 = 604800
setcookie('token', $token, time() + 604800, '/');
// TODO pass 'secure' when we support https
// $cookie = new Zend_Http_Cookie('token',
// $token,
// $_SERVER['SERVER_NAME'],
// time() + 604800,
// '/; secure');
//
// $client->setCookie($cookie);
$response['token'] = $token;
}
//sleep(2); // simulate network lag
echo Zend_Json::encode($response);
}
/**
* getSession
*
* @param mixed $create The params to create.
*
* @access public
* @return void
*/
public function getSession($create = true)
{
global $logger;
if ($this->_session == null && $create == true) {
$this->_session = SecurityUtils::getSecurityManager()->startSession();
}
return $this->_session;
}
public function actionForgotPassword()
{
if (!Yii::app()->user->isGuest) {
$this->redirect('/home');
}
$model = new ForgotPasswordForm();
if (isset($_POST) && isset($_POST['ForgotPasswordForm'])) {
$model->attributes = $_POST['ForgotPasswordForm'];
if ($model->validate()) {
// Generate Password here and redirect
$tempPass = SecurityUtils::generateRandomString(8);
$user = UserCredentials::model()->find('email_id=:email', array(':email' => $model->email));
if ($user) {
$user->salt = SecurityUtils::generateSalt($user->email_id);
$user->password = SecurityUtils::encryptPassword($tempPass, $user->salt);
if ($user->save()) {
$data['temp_password'] = $tempPass;
$data['user'] = $user->id;
EmailApi::sendEmail($model->email, "ACCOUNT.RESET.PASSWORD", $data);
Yii::app()->user->setFlash('success', "We have sent you a new password to your email.\n\t\t\t\t\t\t<br/> Please add " . Yii::app()->params['adminEmail'] . " to your whitelist.");
$this->redirect('/home');
}
}
}
}
$this->render('forgotPassword', array('model' => $model));
}
public static function createUser($credential, $profile, $role = "Member")
{
$password = $credential->password;
$credential->salt = SecurityUtils::generateSalt($credential->email_id);
$credential->activation_code = SecurityUtils::generateRandomString(10);
$credential->registered_ip = SecurityUtils::getRealIp();
$credential->password = SecurityUtils::encryptPassword($credential->password, $credential->salt);
$credential->password_confirm = $credential->password;
if ($credential->save()) {
$profile->user_id = $credential->id;
if ($profile->save()) {
$assignment = new Assignments();
$assignment->itemname = $role;
$assignment->userid = $credential->id;
$assignment->data = 's:0:"";';
$assignment->save();
return array('credential' => $credential, 'profile' => $profile);
} else {
$credential->delete();
$credential->setIsNewRecord(true);
return false;
}
} else {
$credential->password = $password;
$credential->password_confirm = $password;
return false;
}
}
public function resolveSecurityManager()
{
global $logger;
$securityManager = $this->getSecurityManager();
if ($securityManager == null) {
$logger->debug("No SecurityManager available in subject context map. " + "Falling back to SecurityUtils.getSecurityManager() lookup.");
try {
$securityManager = SecurityUtils::getSecurityManager();
} catch (\Exception $e) {
$logger->debug("No SecurityManager available via SecurityUtils. Heuristics exhausted.");
}
}
return $securityManager;
}
