function createSystem() { global $settings; global $_testInstall_Ok; try { /* * The settings system is used to create a lot of output, * we swallow it all */ ob_start(); /* * Get the schema version and other constants */ require_once "lib/Bootstrap.php"; $bootstrap = new Bootstrap(); /* * Now create the database */ $dbsettings = $_SESSION['spotsettings']['db']; $dbCon = dbeng_abs::getDbFactory($dbsettings['engine']); $dbCon->connect($dbsettings['host'], $dbsettings['user'], $dbsettings['pass'], $dbsettings['dbname']); $daoFactory = Dao_Factory::getDAOFactory($dbsettings['engine']); $daoFactory->setConnection($dbCon); /* * The database must exist before we can get the Service_Settings_Base instance */ $dbStruct = SpotStruct_abs::factory($dbsettings['engine'], $daoFactory->getConnection()); $dbStruct->updateSchema(); $spotSettings = $bootstrap->getSettings($daoFactory, false); $svcUpgradeBase = new Services_Upgrade_Base($daoFactory, $spotSettings, $dbsettings['engine']); /* * Create all the different settings (only the default) ones */ $svcUpgradeBase->settings(); /* * Create the users */ $svcUpgradeBase->users(); /* * print all the output as HTML comment for debugging */ $dbCreateOutput = ob_get_contents(); ob_end_clean(); /* * Now it is time to do something with * the information the user has given to us */ /* * Update the NNTP settings in the databas */ $spotSettings->set('nntp_nzb', $_SESSION['spotsettings']['nntp']['nzb']); $spotSettings->set('nntp_hdr', $_SESSION['spotsettings']['nntp']['hdr']); $spotSettings->set('nntp_post', $_SESSION['spotsettings']['nntp']['post']); /* * Create the given user */ $svcUserRecord = new Services_User_Record($daoFactory, $spotSettings); $spotUser = $_SESSION['spotsettings']['adminuser']; /* * and actually add the user */ $spotUser['userid'] = $svcUserRecord->createUserRecord($spotUser)->getData('userid'); /* * When the new user was created a random password was assigned, * so now have to set the supplied password */ $svcUserRecord->setUserPassword($spotUser); # Change the administrators' account password to that of this created user $adminUser = $svcUserRecord->getUser(SPOTWEB_ADMIN_USERID); $adminUser['newpassword1'] = $spotUser['newpassword1']; $svcUserRecord->setUserPassword($adminUser); # update the settings with our system type and our admin id $spotSettings->set('custom_admin_userid', $spotUser['userid']); $spotSettings->set('systemtype', $spotUser['systemtype']); # Set the system type $svcUpgradeBase->resetSystemType($spotUser['systemtype']); /* * Create the necessary database connection information */ $dbConnectionString = ''; switch ($_SESSION['spotsettings']['db']['engine']) { case 'pdo_mysql': $dbConnectionString .= "\$dbsettings['engine'] = 'pdo_mysql';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['host'] = '" . $_SESSION['spotsettings']['db']['host'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['dbname'] = '" . $_SESSION['spotsettings']['db']['dbname'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['user'] = '******'spotsettings']['db']['user'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['pass'] = '******'spotsettings']['db']['pass'] . "';" . PHP_EOL; break; # mysql # mysql case 'pdo_pgsql': $dbConnectionString .= "\$dbsettings['engine'] = 'pdo_pgsql';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['host'] = '" . $_SESSION['spotsettings']['db']['host'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['dbname'] = '" . $_SESSION['spotsettings']['db']['dbname'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['user'] = '******'spotsettings']['db']['user'] . "';" . PHP_EOL; $dbConnectionString .= "\$dbsettings['pass'] = '******'spotsettings']['db']['pass'] . "';" . PHP_EOL; break; # pdo_pgsql } # switch # Try to create the dbsettings.inc.php file for the user @file_put_contents("dbsettings.inc.php", "<?php" . PHP_EOL . $dbConnectionString); $createdDbSettings = file_exists("dbsettings.inc.php"); showTemplate("step-final.inc.php", array('createdDbSettings' => $createdDbSettings, 'dbCreateOutput' => $dbCreateOutput, 'dbConnectionString' => $dbConnectionString)); } catch (Exception $x) { showTemplate("fatalerror.inc.php", array('x' => $x)); } # exception }
* the user with */ $apiKey = $req->getDef('apikey', ''); $userSession = $svcUserAuth->verifyApi($apiKey); /* * If the session failed or the the user doesn't have access * to retrieve spots, let the user know */ if ($userSession == false || !$userSession['security']->allowed(SpotSecurity::spotsec_retrieve_spots, '')) { throw new PermissionDeniedException(SpotSecurity::spotsec_retrieve_spots, ''); } # if # Add the user's ip addres, we need it for sending notifications $userSession['session'] = array('ipaddr' => ''); } else { $userSession['user'] = $svcUserRecord->getUser(SPOTWEB_ADMIN_USERID); $userSession['security'] = new SpotSecurity($daoFactory->getUserDao(), $daoFactory->getAuditDao(), $settings, $userSession['user'], ''); $userSession['session'] = array('ipaddr' => ''); } # if /* * We normally check whether we are not running already, because * this would mean it will mess up all sorts of things like * comment calculation, but a user can force our hand */ $forceMode = SpotCommandline::get('force'); /* * Do we need to debuglog this session? Generates loads of * output */ $debugLog = SpotCommandline::get('debug');
function render() { # Make sure the result is set to 'not submitted' per default $result = new Dto_FormResult('notsubmitted'); # Validate proper permissions if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_userprefs, ''); } else { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, ''); } # if # Instantiate the user system as necessary for the management of user preferences $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); # set the page title $this->_pageTitle = "spot: edit user preferences"; # retrieve the to-edit user $spotUser = $svcUserRecord->getUser($this->_userIdToEdit); if ($spotUser === false) { $result->addError(sprintf(_('User %d can not be found'), $this->_userIdToEdit)); } # if /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_editUserPrefsForm['action']; /* * Check to see if a file was uploaded, if so, handle any associated errors */ $avatarFileName = ''; if ($formAction == 'edit') { $uploadHandler = new Services_Providers_FileUpload('edituserprefsform', 'avatar'); if ($uploadHandler->isUploaded()) { if (!$uploadHandler->success()) { $result->addError(_('Unable to update avatar') . '(' . $uploadHandler->errorText() . ')'); } else { $avatarFileName = $uploadHandler->getTempName(); } # else } # if } # if # Are we trying to submit this form, or only rendering it? if (!empty($formAction) && !$result->isError()) { switch ($formAction) { case 'edit': $svcActn_EditUserPrefs = new Services_Actions_EditUserPrefs($this->_daoFactory, $this->_settings, $this->_spotSec); $result = $svcActn_EditUserPrefs->editUserPref($this->_editUserPrefsForm, $this->_tplHelper->getTemplatePreferences(), $spotUser, $avatarFileName); break; # case 'edit' # case 'edit' case 'cancel': $result->setResult('success'); # case 'cancel' } # switch } # if #- display stuff -# $this->template('edituserprefs', array('edituserprefsform' => $spotUser['prefs'], 'spotuser' => $spotUser, 'dialogembedded' => $this->_dialogembedded, 'http_referer' => $this->_editUserPrefsForm['http_referer'], 'result' => $result)); }
function render() { $result = new Dto_FormResult('notsubmitted'); # check the users' permissions if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_own_user, ''); } else { $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_edit_other_users, ''); } # if # Instantiate the service userrecord object $svcUserRecord = new Services_User_Record($this->_daoFactory, $this->_settings); # and create a nice and shiny page title $this->_pageTitle = "spot: edit user"; # get the users' group membership $spotUser = $svcUserRecord->getUser($this->_userIdToEdit); $groupMembership = $svcUserRecord->getUserGroupMemberShip($this->_userIdToEdit); /* * bring the forms' action into the local scope for * easier access */ $formAction = $this->_editUserForm['action']; # Only perform certain validations when the form is actually submitted if (!empty($formAction)) { switch ($formAction) { case 'delete': $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_delete_user, ''); if ($this->_userIdToEdit == $this->_currentSession['user']['userid']) { $result->addError('Cannot delete your own user'); } else { $result = $svcUserRecord->removeUser($this->_userIdToEdit); } // removeUser break; # case delete # case delete case 'edit': # Mangle the grouplisting we get from the form to an usable format for the system $groupList = array(); if (isset($this->_editUserForm['grouplist'])) { foreach ($this->_editUserForm['grouplist'] as $val) { if ($val != 'dummy') { $groupList[] = array('groupid' => $val, 'prio' => count($groupList)); } # if } # foreach } # if $this->_editUserForm['userid'] = $this->_userIdToEdit; $result = $svcUserRecord->updateUserRecord($this->_editUserForm, $groupList, $this->_spotSec->allowed(SpotSecurity::spotsec_edit_groupmembership, '')); break; # case 'edit' # case 'edit' case 'removeallsessions': $svcUserAuth = new Services_User_Authentication($this->_daoFactory, $this->_settings); $result = $svcUserAuth->removeAllUserSessions($spotUser['userid']); break; # case 'removeallsessions' # case 'removeallsessions' case 'resetuserapi': $this->_spotSec->fatalPermCheck(SpotSecurity::spotsec_consume_api, ''); $result = $svcUserRecord->resetUserApi($spotUser); break; # case resetuserapi } # switch } # if #- display stuff -# $this->template('edituser', array('edituserform' => $spotUser, 'result' => $result, 'groupMembership' => $groupMembership)); }