function checkAuth($action, &$options)
{
if ($action == 'login' or $action == 'logout') {
$options['custom'] = 'basicAuth';
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
return 0;
}
if (isset($_SERVER['PHP_AUTH_USER']) and $_SERVER['PHP_AUTH_PW']) {
$id = $_SERVER['PHP_AUTH_USER'];
$userdb = new UserDB($this->DB);
$user = new WikiUser();
# get from COOKIE VARS
if ($user->id == $id) {
return 1;
}
if ($userdb->_exists($id)) {
$user = $userdb->getUser($id);
# check password
if ($user->checkPasswd($_SERVER['PHP_AUTH_PW']) === true) {
$dummy = $user->setCookie();
$dummy = $userdb->saveUser($user);
return 1;
}
}
}
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
return 0;
}
function Security_htaccesslogin($DB = "")
{
$this->DB = $DB;
# BEGIN LOGIN
$id = getenv('REMOTE_USER');
if ($id != "") {
$userdb = new UserDB($DB);
$user = new WikiUser();
# get from COOKIE VARS
if ($userdb->_exists($id)) {
# login
$user = $userdb->getUser($id);
$options['id'] = $user->id;
$options['login_id'] = $user->id;
$dummy = $user->setCookie();
$dummy = $userdb->saveUser($user);
} else {
# create account
$user->id = $id;
$options['id'] = $user->id;
#$ticket=md5(time().$user->id.$options['email']);
#$user->info['eticket']='';
$dummy = $user->setCookie();
$dummy = $userdb->addUser($user);
}
}
# END LOGIN
}
public function addComment($parent_id, $article_id, $text)
{
$comment = new CommentDB();
if (!$this->auth_user) {
return false;
}
$comment->article_id = $article_id;
$comment->user_id = $this->auth_user->id;
$comment->parent_id = $parent_id;
$comment->text = $text;
try {
$comment->save();
/*не верно*/
$comment_parent = new CommentDB();
$comment_parent->load($parent_id);
if ($comment_parent->isSaved() && $comment_parent->user_id != $this->auth_user->id) {
$user = new UserDB();
$user->load($comment_parent->user_id);
$this->mail->send($user->email, array("user" => $user, "link" => $comment_parent->link), "comment_subscribe");
}
return json_encode(array("id" => $comment->id, "parent_id" => $comment->parent_id, "user_id" => $this->auth_user->id, "name" => $this->auth_user->name, "avatar" => $this->auth_user->avatar, "text" => $comment->text, "date" => $comment->date));
} catch (Exception $e) {
return false;
}
}
public function login(UserDB $user)
{
session_regenerate_id();
if ($user) {
$this->user_id = $_SESSION['user_id'] = $user->id;
$_SESSION['logged_in'] = true;
$this->logged_in = true;
$user->update_last_login();
}
}
public function loginCheck($num, $password)
{
$userdb = new UserDB();
$u = $userdb->login($num, $password);
if ($u) {
$d = array("id" => $u[0], "num" => $u[1], "username" => $u[2]);
return $d;
} else {
return false;
}
}
function testAuthorizeUser()
{
$info = new UserInfo($this->data);
$store = new UserDB();
$store->updateUser($info);
$result = $store->authorizeUser($info);
$this->assertEquals($info->userid, $result->userid);
$this->assertEquals($info->username, $result->username);
$fake = new UserInfo(array('username' => 'test', 'password' => 1111));
$result = $store->authorizeUser($fake);
$this->assertEquals(null, $result);
}
function User_nforge($id = '')
{
if ($id) {
$this->setID($id);
$u =& user_get_object_by_name($id);
} else {
$u =& user_get_object(user_getid());
if ($u and is_object($u) and !$u->isError()) {
global $DBInfo;
$id = $u->getUnixName();
}
if (!empty($id)) {
$this->setID($id);
$udb = new UserDB($DBInfo);
$tmp = $udb->getUser($id);
// get timezone and make timezone offset
$tz_offset = date('Z');
$update = 0;
if ($tz_offset != $tmp->info['tz_offset']) {
$update = 1;
}
if (!empty($DBInfo->use_homepage_url) and empty($tmp->info['home']) or $update or empty($tmp->info['nick']) or $tmp->info['nick'] != $u->data_array['realname']) {
// register user
$tmp->info['tz_offset'] = $tz_offset;
$tmp->info['nick'] = $u->data_array['realname'];
if (!empty($DBInfo->use_homepage_url)) {
$tmp->info['home'] = util_make_url_u($u->getID(), true);
}
$udb->saveUser($tmp);
}
} else {
$id = 'Anonymous';
$this->setID('Anonymous');
}
}
$this->css = isset($_COOKIE['MONI_CSS']) ? $_COOKIE['MONI_CSS'] : '';
$this->theme = isset($_COOKIE['MONI_THEME']) ? $_COOKIE['MONI_THEME'] : '';
$this->bookmark = isset($_COOKIE['MONI_BOOKMARK']) ? $_COOKIE['MONI_BOOKMARK'] : '';
$this->trail = isset($_COOKIE['MONI_TRAIL']) ? _stripslashes($_COOKIE['MONI_TRAIL']) : '';
$this->tz_offset = isset($_COOKIE['MONI_TZ']) ? _stripslashes($_COOKIE['MONI_TZ']) : '';
$this->nick = isset($_COOKIE['MONI_NICK']) ? _stripslashes($_COOKIE['MONI_NICK']) : '';
if ($this->tz_offset == '') {
$this->tz_offset = date('Z');
}
if (!empty($id) and $id != 'Anonymous') {
global $DBInfo;
$udb = new UserDB($DBInfo);
if (!$udb->_exists($id)) {
$dummy = $udb->saveUser($this);
}
}
}
public static function get()
{
$page = new Page();
$page->data['title'] = 'Geld beheren';
//Redirect if user is not set
if (!isset($_GET['user'])) {
header('Location: manageuser', true, 303);
} else {
try {
$_SESSION['Stippers']['ManageUserMoney']['user'] = UserDB::getFullUserById($_GET['user']);
ManageUserMoneyController::buildEnterTransactionView($page, false);
} catch (UserDBException $ex) {
if ($ex->getCode() == UserDBException::NOUSERFORCARDNUMER) {
$page->data['ErrorMessageNoDescriptionWithLinkView']['errorTitle'] = 'Er is geen gebruiker met deze id';
} else {
$page->data['ErrorMessageNoDescriptionWithLinkView']['errorTitle'] = 'Kan gegevens niet ophalen uit de database';
}
$page->data['ErrorMessageNoDescriptionWithLinkView']['tryAgainUrl'] = $_SERVER['REQUEST_URI'];
$page->addView('error/ErrorMessageNoDescriptionWithLinkView');
} catch (Exception $ex) {
$page->data['ErrorMessageNoDescriptionWithLinkView']['errorTitle'] = 'Kan gegevens niet ophalen uit de database';
$page->data['ErrorMessageNoDescriptionWithLinkView']['tryAgainUrl'] = $_SERVER['REQUEST_URI'];
$page->addView('error/ErrorMessageNoDescriptionWithLinkView');
}
$page->showWithMenu();
}
}
public function usersLogin()
{
Logger::debug('main', 'USERSGROUP::usersLogin (for id=' . $this->getUniqueID() . ')');
$logins = array();
$prefs = Preferences::getInstance();
if (!$prefs) {
Logger::critical('main', 'USERSGROUP::usersLogin (for id=' . $this->getUniqueID() . ') get prefs failed');
die_error('get Preferences failed', __FILE__, __LINE__);
}
$user_default_group = $prefs->get('general', 'user_default_group');
if ($user_default_group === $this->getUniqueID()) {
// it's the default group -> we add all users
$userdb = UserDB::getInstance();
$users = $userdb->getList();
foreach ($users as $a_user) {
$logins[] = $a_user->getAttribute('login');
}
} else {
$ls = Abstract_Liaison::load('UsersGroup', NULL, $this->getUniqueID());
if (is_array($ls)) {
foreach ($ls as $l) {
$logins[] = $l->element;
}
}
}
return $logins;
}
public function makeLDAPconfig($config_ = NULL)
{
if (is_null($config_) === false) {
return $config_;
} else {
$userDBAD = UserDB::getInstance();
if (method_exists($userDBAD, 'makeLDAPconfig') === false) {
Logger::error('main', 'UserGroupDB::ldap_posix::makeLDAPconfig makeLDAPconfig is not avalaible');
return NULL;
}
$configLDAP = $userDBAD->makeLDAPconfig();
$configLDAP['match'] = array();
if (array_key_exists('match', $this->preferences)) {
$configLDAP['match'] = $this->preferences['match'];
}
$configLDAP['userbranch'] = '';
if (array_key_exists('group_dn', $this->preferences)) {
$configLDAP['userbranch'] = $this->preferences['group_dn'];
}
if (array_key_exists('filter', $this->preferences)) {
$configLDAP['filter'] = $this->preferences['filter'];
}
return $configLDAP;
}
}
public function get_login()
{
$userDB = UserDB::getInstance();
if (!is_object($userDB)) {
return NULL;
}
$prefs = Preferences::getInstance();
$config = $prefs->get('AuthMethod', 'Auto');
if (array_key_exists('login', $_POST) && array_key_exists('uselogin', $config) && $config['uselogin'] == '1') {
$this->login = $_POST['login'];
} else {
$this->login = '******' . gen_unique_string();
}
$u = new User();
$u->setAttribute('login', $this->login);
$u->setAttribute('password', $u->getAttribute('login'));
$u->setAttribute('displayname', 'user ' . $u->getAttribute('login'));
if ($userDB->add($u)) {
$user = $userDB->import($u->getAttribute('login'));
} else {
Logger::error('main', 'AuthMethod::Auto::get_login failed to add user ' . $u->getAttribute('login'));
return NULL;
}
if (!is_object($user)) {
return NULL;
}
$this->login = $user->getAttribute('login');
return $this->login;
}
public static function post()
{
$page = new Page();
$page->data['title'] = 'Kassa';
if (isset($_POST['to_enter_transaction_view'])) {
$errMsgs = CashRegisterEnterCardViewValidator::validate($_POST);
if (empty($errMsgs)) {
try {
$_SESSION['Stippers']['CashRegister']['user'] = UserDB::getFullUserByCardNumber($_POST['card_number']);
if (!$_SESSION['Stippers']['CashRegister']['user']) {
CashRegisterController::buildEnterCardView($page, true);
$page->data['CashRegisterEnterCardView']['errMsgs']['global'] = '<h2 class="error_message" id="enter_card_form_error_message">Dit kaartnummer is niet gekoppeld aan een gebruiker.</h2>';
} else {
CashRegisterController::buildEnterTransactionView($page, false);
}
} catch (Exception $ex) {
CashRegisterController::buildEnterCardView($page, true);
$page->data['CashRegisterEnterCardView']['errMsgs']['global'] = '<h2 class="error_message" id="enter_card_form_error_message">Kan gebruiker niet ophalen, probeer opnieuw.</h2>';
}
} else {
CashRegisterController::buildEnterCardView($page, true);
$page->data['CashRegisterEnterCardView']['errMsgs'] = array_merge($page->data['CashRegisterEnterCardView']['errMsgs'], $errMsgs);
}
} elseif (isset($_POST['register_transaction'])) {
$errMsgs = CashRegisterEnterTransactionViewValidator::validate($_POST);
if (empty($errMsgs)) {
try {
$decrMoney = $_POST['decrease_money'] == '' ? 0 : SafeMath::getCentsFromString($_POST['decrease_money']);
$executingBrowserName = BrowserDB::getBrowserById($_SESSION['Stippers']['browser']->browserId)->name;
$trans = new MoneyTransaction(null, $_SESSION['Stippers']['CashRegister']['user']->userId, $_SESSION['Stippers']['CashRegister']['user']->balance, 0, $decrMoney, MoneyTransactionConfig::DEFAULT_DISCOUNT_PERC, false, null, $executingBrowserName, null);
if ($trans->getBalAfter() < 0) {
$page->data['ErrorMessageWithDescriptionWithLinkView']['tryAgainUrl'] = $_SERVER['REQUEST_URI'];
$page->data['ErrorMessageWithDescriptionWithLinkView']['errorTitle'] = 'Saldo te laag';
$page->data['ErrorMessageWithDescriptionWithLinkView']['errorDescription'] = 'Het saldo de kaart is te laag.<br>Je komt onder nul uit.';
$page->addView('error/ErrorMessageWithDescriptionWithLinkView');
} else {
MoneyTransactionDB::addTransaction($_SESSION['Stippers']['CashRegister']['user'], $trans);
$page->data['CashRegisterTransactionResultView']['balBefore'] = $trans->getBalBefore() / 100;
$page->data['CashRegisterTransactionResultView']['balAfter'] = $trans->getBalAfter() / 100;
$page->data['CashRegisterTransactionResultView']['discount'] = $trans->getDiscount() / 100;
$page->data['CashRegisterTransactionResultView']['decrMoney'] = $trans->getDecrMoney() / 100;
$page->addView('cashRegister/CashRegisterTransactionResultView');
}
} catch (Exception $ex) {
CashRegisterController::buildEnterTransactionView($page, true);
$page->data['CashRegisterEnterTransactionView']['errMsgs']['global'] = '<h2 class="error_message" id="enter_transaction_form_error_message">Kan transactie niet registreren, probeer opnieuw.</h2>';
}
} else {
CashRegisterController::buildEnterTransactionView($page, true);
$page->data['CashRegisterEnterTransactionView']['errMsgs'] = array_merge($page->data['CashRegisterEnterTransactionView']['errMsgs'], $errMsgs);
}
}
$page->showWithMenu();
}
public static function post()
{
//If required data is not in session go to search page
if (!isset($_SESSION['Stippers']['ManageUserSearch']['inputData']['values'])) {
header('Location: manageuser', TRUE, 303);
} else {
$page = new Page();
$page->data['title'] = 'E-mail versturen naar gebruikers';
$errMsgs = SendEmailToUsersViewValidator::validate($_POST);
if (empty($errMsgs)) {
try {
//Get search users
$select = ['email' => true, 'firstName' => true, 'lastName' => true];
$users = array_column(UserDB::getSearchUsers($select, $_SESSION['Stippers']['ManageUserSearch']['inputData']['values'], null), 'user');
//Send email
$failedAddresses = Email::sendEmails($_POST['email_file'], $_POST['subject'], EmailConfig::FROM_ADDRESS, $users, null);
//Check if some emails failed
if (empty($failedAddresses)) {
$page->date['SuccessMessageNoDescriptionWithLinkView']['successTitle'] = 'E-mails succesvol verzonden';
$page->date['SuccessMessageNoDescriptionWithLinkView']['redirectUrl'] = 'manageuser';
$page->addView('success/SuccessMessageNoDescriptionWithLinkView');
} else {
$page->data['ErrorMessageWithDescriptionNoLinkView']['errorTitle'] = 'Kan niet alle e-mails verzenden';
$page->data['ErrorMessageWithDescriptionNoLinkView']['errorDescription'] = 'Het verzenden van de e-mail naar onderstaande addressen is mislukt.';
$page->addView('error/ErrorMessageWithDescriptionNoLinkView');
$page->data['FailedEmailListView']['addresses'] = $failedAddresses;
$page->data['FailedEmailListView']['redirectUrl'] = 'manageuser';
$page->addView('sendEmailToUsers/FailedEmailListView');
}
} catch (UserDBException $ex) {
$page->data['ErrorMessageNoDescriptionWithLinkView']['errorTitle'] = 'Kan gebruikers niet ophalen';
$page->data['ErrorMessageNoDescriptionWithLinkView']['tryAgainUrl'] = $_SERVER['REQUEST_URI'];
$page->addView('error/ErrorMessageNoDescriptionWithLinkView');
} catch (EmailException $ex) {
if ($ex->getCode() == EmailException::CANNOTREADEMAILFILE) {
$page->data['ErrorMessageNoDescriptionWithLinkView']['errorTitle'] = 'Kan e-mailbestand niet lezen';
} else {
$page->data['ErrorMessageNoDescriptionWithLinkView']['errorTitle'] = 'Kan e-mails niet verzenden';
}
$page->data['ErrorMessageNoDescriptionWithLinkView']['tryAgainUrl'] = $_SERVER['REQUEST_URI'];
$page->addView('error/ErrorMessageNoDescriptionWithLinkView');
} catch (Exception $ex) {
$page->data['ErrorMessageNoDescriptionWithLinkView']['errorTitle'] = 'Kan e-mails niet verzenden';
$page->data['ErrorMessageNoDescriptionWithLinkView']['tryAgainUrl'] = $_SERVER['REQUEST_URI'];
$page->addView('error/ErrorMessageNoDescriptionWithLinkView');
}
} else {
$page->addView('sendEmailToUsers/SendEmailToUsersTitleView');
SendEmailToUsersController::buildSendEmailToUsersFormView($page, true);
$page->data['SendEmailToUsersFormView']['errMsgs'] = array_merge($page->data['SendEmailToUsersFormView']['errMsgs'], $errMsgs);
}
$page->showWithMenu();
}
}
function search()
{
$userDB = UserDB::getInstance();
list($this->result, $nb) = $userDB->getUsersContains($this->search_item, $this->search_fields, $this->search_limit + 1);
if ($nb || count($this->result) > $this->search_limit) {
array_pop($this->result);
$this->partial_result = true;
} else {
$this->partial_result = false;
}
return $this->result;
}
public static function post()
{
$page = new Page();
$page->data['title'] = 'Wachtwoord resetten';
$errMsgs = ResetPasswordViewValidator::validate($_POST);
if (empty($errMsgs)) {
try {
//Get the user's password salt and calculate password hash
$passwordSalt = UserDB::getPasswordSaltByEmail($_POST['email']);
$newPassword = Random::getPassword();
$newPasswordHash = hash_pbkdf2('sha256', $newPassword, $passwordSalt, SecurityConfig::N_PASSWORD_HASH_ITERATIONS);
//Get user from database and reset password.
$user = UserDB::getBasicUserByEmail($_POST['email']);
UserDB::resetPassword($_POST['email'], $newPasswordHash);
//Show success message
$page->data['ResetSuccessfulView']['redirectUrl'] = 'login';
$page->addView('resetPassword/ResetSuccessfulView');
//Send email with password
$failedEmails = Email::sendEmails('ResetPassword.html', 'JH De Stip - Wachtwoord reset', EmailConfig::FROM_ADDRESS, [$user], array($user->userId => array('newPassword' => $newPassword)));
//If failedEmails is not empty the mail was not sent
if (!empty($failedEmails)) {
$page->data['ErrorMessageNoDescriptionNoLinkView']['errorTitle'] = 'Kan e-mail met nieuwe wachtwoord niet verzenden.';
$page->addView('error/ErrorMessageNoDescriptionNoLinkView');
}
} catch (UserDBException $ex) {
$page->data['ResetPasswordView']['reset_password_formAction'] = $_SERVER['REQUEST_URI'];
$page->data['ResetPasswordView']['email'] = $_POST['email'];
$page->data['ResetPasswordView']['errMsgs'] = ResetPasswordViewValidator::initErrMsgs();
if ($ex->getCode() == UserDBException::NOUSERFOREMAIL) {
$page->data['ResetPasswordView']['errMsgs']['global'] = '<h2 class="error_message" id="reset_password_form_error_message">Er is geen gebruiker met dit e-mailadres.</h2>';
} else {
$page->data['ResetPasswordView']['errMsgs']['global'] = '<h2 class="error_message" id="reset_password_form_error_message">Kan wachtwoord niet resetten, probeer het opnieuw.</h2>';
}
$page->addView('resetPassword/ResetPasswordView');
} catch (EmailException $ex) {
$page->data['ErrorMessageNoDescriptionNoLinkView']['errorTitle'] = 'Kan e-mail met nieuwe wachtwoord niet verzenden.';
$page->addView('error/ErrorMessageNoDescriptionNoLinkView');
} catch (Exception $ex) {
$page->data['ResetPasswordView']['reset_password_formAction'] = $_SERVER['REQUEST_URI'];
$page->data['ResetPasswordView']['email'] = $_POST['email'];
$page->data['ResetPasswordView']['errMsgs']['global'] = '<h2 class="error_message" id="reset_password_form_error_message">Kan wachtwoord niet resetten, probeer het opnieuw.</h2>';
$page->addView('resetPassword/ResetPasswordView');
}
} else {
$page->data['ResetPasswordView']['reset_password_formAction'] = $_SERVER['REQUEST_URI'];
$page->data['ResetPasswordView']['email'] = $_POST['email'];
$page->data['ResetPasswordView']['errMsgs'] = ResetPasswordViewValidator::initErrMsgs();
$page->data['ResetPasswordView']['errMsgs'] = array_merge($page->data['ResetPasswordView']['errMsgs'], $errMsgs);
$page->addView('resetPassword/ResetPasswordView');
}
$page->showWithMenu();
}
public static function post()
{
if (isset($_POST['edit'])) {
$page = new Page();
$page->data['title'] = 'Profiel';
ProfileController::buildProfileTopView($page, true, false);
$page->addView('profile/ProfileEnabledFormBottomView');
ProfileController::buildMembershipDetailsView($page);
$page->showWithMenu();
} elseif (isset($_POST['save'])) {
$page = new Page();
$page->data['title'] = 'Profiel';
$errMsgs = ProfileTopViewValidator::validate($_POST);
if (empty($errMsgs)) {
//If no error: create a new user from posted data and try to save it
$newUser = ProfileController::createUserFromPost();
try {
UserDB::updateUser($_SESSION['Stippers']['Profile']['user'], $newUser);
$page->data['SuccessMessageNoDescriptionWithLinkView']['successTitle'] = 'Gegevens succesvol bijgewerkt';
$page->data['SuccessMessageNoDescriptionWithLinkView']['redirectUrl'] = $_SERVER['REQUEST_URI'];
$page->addView('success/SuccessMessageNoDescriptionWithLinkView');
} catch (UserDBException $ex) {
//Show correct error message for errors
if ($ex->getCode() == UserDBException::USEROUTOFDATE) {
$page->data['ErrorMessageWithDescriptionWithLinkView']['errorTitle'] = 'Gegevens niet bijgewerkt';
$page->data['ErrorMessageWithDescriptionWithLinkView']['errorDescription'] = 'Iemand anders heeft je gegevens in tussentijd al gewijzigd.';
$page->data['ErrorMessageWithDescriptionWithLinkView']['tryAgainUrl'] = $_SERVER['REQUEST_URI'];
$page->addView('error/ErrorMessageWithDescriptionWithLinkView');
} else {
ProfileController::buildProfileTopView($page, true, true);
if ($ex->getCode() == UserDBException::EMAILALREADYEXISTS) {
$page->data['ProfileTopView']['errMsgs']['global'] = '<h2 class="error_message" id="profile_form_error_message">Dit e-mailadres is al in gebruik.</h2>';
} else {
$page->data['ProfileTopView']['errMsgs']['global'] = '<h2 class="error_message" id="profile_form_error_message">Kan gegevens niet bijwerken, probeer het opnieuw.</h2>';
}
$page->addView('profile/ProfileEnabledFormBottomView');
}
}
} else {
//If we had an error we show the views with enabled controls and take data from POST
ProfileController::buildProfileTopView($page, true, true);
$page->addView('profile/ProfileEnabledFormBottomView');
$page->data['ProfileTopView']['errMsgs'] = array_merge($page->data['ProfileTopView']['errMsgs'], $errMsgs);
ProfileController::buildMembershipDetailsView($page);
}
$page->showWithMenu();
} else {
ProfileController::get();
}
}
function setUpUserDB()
{
if (!file_exists(USERDB_FILE_LOCATION)) {
$aUserDB = new UserDB();
$aUserDB->setFileName(USERDB_FILE_LOCATION);
$aNewUser = new User();
$aNewUser->setUserName("admin");
$aNewUser->setMD5Password("1234");
$aNewUser->setSecurityLevel(0);
$aNewUser->setSecurityLevelType(SEC_LEVEL_GREATER_D);
$aNewUser->rebuildElementLine();
$aUserDB->addElement($aNewUser);
$aNewUser = new User();
$aNewUser->setType(PIN_TYPE_D);
$aNewUser->setUserName("pin1");
$aNewUser->setMD5Password("1234");
$aNewUser->setSecurityLevel(0);
$aNewUser->setSecurityLevelType(SEC_LEVEL_GREATER_D);
$aNewUser->rebuildElementLine();
$aUserDB->addElement($aNewUser);
$aUserDB->save();
}
}
public function getUsers()
{
$liaisons = Abstract_Liaison::load('UserProfile', NULL, $this->id);
if (is_array($liaisons) == false) {
Logger::error('main', 'NetworkFolder::getUsers()');
return false;
}
$userDB = UserDB::getInstance();
$users = array();
foreach ($liaisons as $liaison) {
array_push($users, $liaison->element);
}
return $userDB->imports($users);
}
/**
* Get search results and load the data into the page.
*
* @param Page $page
*/
private static function loadSearchResults($page)
{
try {
$users = UserDB::getSearchUsers(['firstName' => true, 'lastName' => true, 'email' => true], ['firstName' => $_POST['first_name'], 'lastName' => $_POST['last_name'], 'email' => $_POST['email']], null);
if (count($users) == 0) {
$page->addView('userSearch/UserSearchNoResultsView');
} else {
$page->data['RenewUserSearchResultsView']['users'] = $users;
$page->addView('addRenewUser/renewUserSearch/RenewUserSearchResultsView');
}
} catch (Exception $ex) {
$page->data['ErrorMessageNoDescriptionNoLinkView']['errorTitle'] = 'Kan gebruikers niet ophalen.';
$page->addView('error/ErrorMessageNoDescriptionNoLinkView');
}
}
public static function post()
{
if (isset($_POST['save'])) {
$page = new Page();
$page->data['title'] = 'Wachtwoord wijzigen';
$errMsgs = ChangePasswordViewValidator::validate($_POST);
if (empty($errMsgs)) {
try {
$passwordSalt = UserDB::getPasswordSaltByUserId($_SESSION['Stippers']['user']->userId);
$oldPasswordHash = hash_pbkdf2('sha256', $_POST['old_password'], $passwordSalt, SecurityConfig::N_PASSWORD_HASH_ITERATIONS);
//If the old password is incorrect, show an error
if ($_SESSION['Stippers']['ChangePassword']['user']->passwordHash != $oldPasswordHash) {
ChangePasswordController::buildChangePasswordView($page);
$page->data['ChangePasswordView']['errMsgs']['global'] = '<h2 class="error_message" id="change_password_form_error_message">Het oude wachtwoord is fout.</h2>';
} else {
$newPasswordHash = hash_pbkdf2('sha256', $_POST['new_password'], $passwordSalt, SecurityConfig::N_PASSWORD_HASH_ITERATIONS);
UserDB::updatePassword($_SESSION['Stippers']['ChangePassword']['user'], $newPasswordHash);
$_SESSION['Stippers']['user']->passwordHash = $newPasswordHash;
//Show success view
$page->data['SuccessMessageNoDescriptionWithLinkView']['successTitle'] = 'Wachtwoord succesvol gewijzigd';
$page->data['SuccessMessageNoDescriptionWithLinkView']['redirectUrl'] = 'profile';
$page->addView('success/SuccessMessageNoDescriptionWithLinkView');
}
} catch (UserDBException $ex) {
//Show correct error message for errors
if ($ex->getCode() == UserDBException::USEROUTOFDATE) {
$page->data['ErrorMessageWithDescriptionWithLinkView']['errorTitle'] = 'Wachtwoord niet gewijzigd';
$page->data['ErrorMessageWithDescriptionWithLinkView']['errorDescription'] = 'Iemand anders heeft je gegevens in tussentijd al gewijzigd.';
$page->data['ErrorMessageWithDescriptionWithLinkView']['tryAgainUrl'] = $_SERVER['REQUEST_URI'];
$page->addView('error/ErrorMessageWithDescriptionWithLinkView');
} else {
ChangePasswordController::buildChangePasswordView($page);
$page->data['ChangePasswordView']['errMsgs']['global'] = '<h2 class="error_message" id="change_password_form_error_message">Kan wachtwoord niet wijzigen, probeer het opnieuw.</h2>';
}
} catch (Exception $ex) {
ChangePasswordController::buildChangePasswordView($page);
$page->data['ChangePasswordView']['errMsgs']['global'] = '<h2 class="error_message" id="change_password_form_error_message">Kan wachtwoord niet wijzigen, probeer het opnieuw.</h2>';
}
} else {
//If we had an error we show the page again with errors
ChangePasswordController::buildChangePasswordView($page);
$page->data['ChangePasswordView']['errMsgs'] = array_merge($page->data['ChangePasswordView']['errMsgs'], $errMsgs);
}
$page->showWithMenu();
} else {
ChangePasswordController::get();
}
}
public static function getInstance()
{
if (is_null(self::$instance)) {
$prefs = Preferences::getInstance();
if (!$prefs) {
die_error('get Preferences failed', __FILE__, __LINE__);
}
$mods_enable = $prefs->get('general', 'module_enable');
if (!in_array('UserDB', $mods_enable)) {
die_error(_('UserDB module must be enabled'), __FILE__, __LINE__);
}
$mod_app_name = 'UserDB_' . $prefs->get('UserDB', 'enable');
self::$instance = new $mod_app_name();
}
return self::$instance;
}
public function getUsers()
{
$liaisons = Abstract_Liaison::load('UserProfile', NULL, $this->id);
if (is_array($liaisons) == false) {
Logger::error('main', 'NetworkFolder::getUsers()');
return false;
}
$userDB = UserDB::getInstance();
$users = array();
foreach ($liaisons as $liaison) {
$user = $userDB->import($liaison->element);
if (!is_object($user)) {
continue;
}
$users[$user->getAttribute('login')] = $user;
}
return $users;
}
public function checkPendingSession($session_)
{
$sessions = Abstract_Session::getByUser($session_->user_login);
foreach ($sessions as $i => $session) {
if ($session->id == $session_->id) {
unset($sessions[$i]);
continue;
}
}
if (count($sessions) != 1) {
return true;
}
$session = reset($sessions);
if ($session->need_creation == 0) {
return true;
}
// Start the creation
try {
$sessionManagement = SessionManagement::getInstance();
} catch (Exception $err) {
Logger::error('main', "SessionStatusChangedPendingSessionCreation:: Failed to get SessionManagement instance");
return false;
}
if (!$sessionManagement->initialize()) {
Logger::error('main', "SessionStatusChangedPendingSessionCreation:: SessionManagement initialization failed");
return false;
}
$userDB = UserDB::getInstance();
$user = $userDB->import($session->user_login);
if (!is_object($user)) {
Logger::error('main', 'SessionStatusChangedPendingSessionCreation:: Unable to import a valid user with login "' . $session->user_login . '"');
return false;
}
$sessionManagement->user = $user;
if (!$sessionManagement->prepareSession($session)) {
Logger::error('main', "SessionStatusChangedPendingSessionCreation:: SessionManagement initialization failed");
return false;
}
// prepareSession can take some time
$session = Abstract_Session::load($session->id);
$session->need_creation = 0;
Abstract_Session::save($session);
return true;
}
public static function get()
{
$page = new Page();
$page->data['title'] = 'Transacties';
//Checks if user is set, if not redirect to manage user
if (!isset($_GET['user'])) {
header('Location: manageuser', true, 303);
} else {
//Gets the amount from GET or use default
if (isset($_GET['amount'])) {
$amount = $_GET['amount'];
} else {
$amount = MoneyTransactionsViewConfig::DEFAULT_AMOUNT;
}
try {
//Get user for his name
$page->data['TransactionsNameView']['fullName'] = UserDB::getBasicUserById($_GET['user'])->getFullName();
//Get transactions for user
$transactions = MoneyTransactionDB::getTransactionsByUserId($_GET['user'], $amount);
$transactionCount = count($transactions);
//If no transactions show no transactions view, otherwise show list with transactions
if ($transactionCount > 0) {
$page->data['TransactionsWithDiscountListView']['transactions'] = $transactions;
$page->data['TransactionsWithDiscountListView']['totalAmount'] = $transactionCount;
$page->addView('transactions/TransactionsTitleView');
$page->addView('transactions/TransactionsNameView');
$page->addView('transactions/TransactionsBackToManageUserLinkView');
$page->addView('transactions/TransactionsWithDiscountListView');
} else {
$page->data['InfoMessageNoDescriptionWithLinkView']['infoTitle'] = 'Er zijn nog geen transacties';
$page->data['InfoMessageNoDescriptionWithLinkView']['redirectUrl'] = 'manageuser';
$page->addView('transactions/TransactionsTitleView');
$page->addView('transactions/TransactionsNameView');
$page->addView('info/InfoMessageNoDescriptionWithLinkView');
}
} catch (Exception $ex) {
$page->data['ErrorMessageNoDescriptionWithLinkView']['errorTitle'] = 'Kan gegevens niet ophalen uit de database';
$page->data['ErrorMessageNoDescriptionWithLinkView']['tryAgainUrl'] = $_SERVER['REQUEST_URI'];
$page->addView('error/ErrorMessageNoDescriptionWithLinkView');
}
$page->showWithMenu();
}
}
public static function CheckLogin()
{
$Username = isset($_SESSION["Username"]) ? $_SESSION["Username"] : "";
$Password = isset($_SESSION["Password"]) ? $_SESSION["Password"] : "";
if ($Username == "") {
return false;
}
if ($Password == "") {
return false;
}
$UserRecord = UserDB::get($Username);
echo "UserDBInterface:CheckLogin() -----> UserRecord : ";
//var_dump($UserRecord);
/*echo "----CheckLogin----";
echo "Username:"******"Password:"******"<br/>----->";
echo ($UserRecord["Username"]==$Username ) && ($UserRecord["Password"]=="111");
echo "-----><br/>";*/
//var_dump($UserRecord);
// echo "----CheckLogin-----";
// echo (($UserRecord["Username"]==$Username ) && ($UserRecord["Password"]=="aaa"));
// echo "--------------------";
//return true;
if ($UserRecord["Username"] === $Username && $UserRecord["Password"] === $Password) {
echo "----CheckLogin Succcess----";
echo "Username:"******"=!=" . $UserRecord["Username"] . "<br/>";
//echo "Password:"******"=!=".$UserRecord["Password"]."<br/>";
echo "Password: ****** =!= ****** <br/>";
//echo "<br/>----->";
//echo ($UserRecord["Username"]==$Username ) && ($UserRecord["Password"]=="111");
echo "-----><br/>";
return true;
} else {
echo "Login failed.";
echo "Username:"******"<br/>";
//echo "Password:"******"<br/>";
echo "Password: ****** <br/>";
return false;
}
}
public static function get()
{
$page = new Page();
$page->data['title'] = 'Winnaar van de week';
$page->addView('weeklyWinner/WeeklyWinnerTopView');
try {
$weeklyWinnerData = WeeklyWinnerDB::getThisWeeksWinnerData();
//If there's already a winner we show it's data
if ($weeklyWinnerData) {
$user = UserDB::getBasicUserById($weeklyWinnerData->userId);
$page->data['WeeklyWinnerShowWinnerView']['winnerFullName'] = $user->getFullName();
$page->data['WeeklyWinnerShowWinnerView']['hasCollectedPrize'] = $weeklyWinnerData->hasCollectedPrize;
$page->addView('weeklyWinner/WeeklyWinnerShowWinnerView');
} else {
$page->data['WeeklyWinnerGenerateFormView']['generate_winner_formAction'] = $_SERVER['REQUEST_URI'];
$page->addView('weeklyWinner/WeeklyWinnerGenerateFormView');
}
} catch (Exception $ex) {
$page->data['ErrorMessageNoDescriptionNoLinkView']['errorTitle'] = 'Kon winnaar niet ophalen';
$page->addView('error/ErrorMessageNoDescriptionNoLinkView');
}
$page->showWithMenu();
}
function authenticate_ovd_user($login_, $password_)
{
// it's not the login&password from the conf file in /etc
// let's try to login a real user
if (Preferences::fileExists() === false) {
$_SESSION['admin_error'] = _('The system is not configured');
Logger::info('main', 'admin/login.php::authenticate_ovd_user the system is not configured');
return false;
}
if (Preferences::moduleIsEnabled('UserDB') === false) {
$_SESSION['admin_error'] = _('The module UserDB is not enabled');
Logger::info('main', 'admin/login.php::authenticate_ovd_user module UserDB is not enabled');
return false;
}
$userDB = UserDB::getInstance();
$user = $userDB->import($login_);
if (!is_object($user)) {
// the user does not exist
$_SESSION['admin_error'] = _('There was an error with your authentication');
Logger::info('main', 'admin/login.php::authenticate_ovd_user authentication failed: user(login='******') does not exist');
return false;
}
$auth = $userDB->authenticate($user, $password_);
if (!$auth) {
$_SESSION['admin_error'] = _('There was an error with your authentication');
Logger::info('main', 'admin/login.php::authenticate_ovd_user authentication failed for user(login='******'): wrong password');
return false;
}
// the user exists, does he have right to log in the admin panel ?
$policy = $user->getPolicy();
if (isset($policy['canUseAdminPanel']) && $policy['canUseAdminPanel'] == true) {
return $user;
}
Logger::info('main', 'login.php failed to log in ' . $login_ . ' : access denied to admin panel');
$_SESSION['admin_error'] = _('Unauthorized access');
return false;
}
<?php
session_start();
include_once "db/BookReservationDB.php";
include_once "db/BookDB.php";
include_once "db/UserDB.php";
$db = new DBHandler();
$bookDB = new BookDB($db);
$reservationDB = new BookReservationDB($db);
$userDB = new UserDB($db);
$reservations = array();
$user = NULL;
if ($_SERVER['REQUEST_METHOD'] === 'GET' && isset($_GET['userId'])) {
$user = $userDB->GetUser($_GET['userId']);
$reservations = $reservationDB->GetReservationForUser($user['id']);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
<title>BookÉTS</title>
<!-- Favicon -->
<link rel="shortcut icon" type="image/icon" href="assets/images/favicon.ico"/>
<!-- Font Awesome -->
<link href="assets/css/font-awesome.css" rel="stylesheet">
<!-- Bootstrap -->
<?php
session_start();
include "db/UserDB.php";
$userDB = new UserDB();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = $_POST["email"];
$password = $_POST["pwd"];
$name = $_POST["name"];
$confirmPwd = $_POST["confirmPwd"];
$errorMessage = array();
if (trim($email) == '' || trim($password) == '' || trim($confirmPwd) == '' || $name == '' || $email == NULL || $password == NULL || $name == NULL || $confirmPwd == NULL) {
$errorMessage[] = "Aucun champ ne peut être vide.";
}
if ($userDB->UserOwnEmail($email)) {
$errorMessage[] = "Email déjà associé à un compte.";
}
if ($password != $confirmPwd) {
$errorMessage[] = "Le mot de passe ne concorde pas avec la confirmation.";
}
$errors = $userDB->PasswordIsValid($password);
for ($i = 0; $i < count($errors); $i++) {
$errorMessage[] = $errors[$i];
}
if (count($errorMessage) == 0) {
$userDB->Register($email, $name, $password);
$userDB->SignIn($email, $password);
}
if (count($errorMessage) == 0 && isset($_SESSION['user']) && isset($_SESSION['user']['email']) && $_SESSION['user']['email'] == $email) {
?>
<span class="label label-success">Compte créé</span>
public static function loadUnique($type_, $element_, $group_)
{
Logger::debug('main', "Abstract_Liaison_dynamic::loadUnique ({$type_},{$element_},{$group_})");
$userGroupDB = UserGroupDB::getInstance();
$userDB = UserDB::getInstance();
$group = $userGroupDB->import($group_);
if (!is_object($group)) {
Logger::error('main', "Abstract_Liaison_dynamic::loadUnique load group ({$group_}) failed");
return NULL;
}
$user = $userDB->import($element_);
if (!is_object($user)) {
Logger::error('main', "Abstract_Liaison_dynamic::loadUnique load {$element} ({$element_}) failed");
return NULL;
}
if (!$group->containUser($user)) {
Logger::error('main', "Abstract_Liaison_dynamic::loadUnique({$type_},{$element_},{$group_}) group does not contain the user");
return NULL;
} else {
return new Liaison($user->getAttribute('login'), $group_);
}
}
