/** * Clears the session variable namespace used by the Users module. * * Triggered by the 'user.logout.succeeded' and 'frontcontroller.exception' events. * * This is to ensure no leakage of authentication information across sessions or between critical * errors. This prevents, for example, the login process from becoming confused about its state * if it detects session variables containing authentication information which might make it think * that a re-attempt is in progress. * * @param Zikula_Event $event The event that triggered this handler. * * @return void */ public static function clearUsersNamespaceListener(Zikula_Event $event) { $eventName = $event->getName(); $modinfo = $event->hasArg('modinfo') ? $event->getArg('modinfo') : array(); $doClear = ($eventName == 'user.logout.succeeded') || (($eventName == 'frontcontroller.exception') && isset($modinfo) && is_array($modinfo) && !empty($modinfo) && !isset($modinfo['name']) && ($modinfo['name'] == self::$modname)); if ($doClear) { $serviceManager = ServiceUtil::getManager(); $session = $serviceManager->getService('session'); $session->clearNamespace('Zikula_Users'); //Do not setNotified. Not handling the exception, just reacting to it. } }
/** * Render form elements for display that allow a user to enter profile information for a user account as part of a Users module hook-like UI event. * * Parameters passed in via POST: * ------------------------------ * array dynadata If reentering the editing phase after validation errors, an array containing the profile items to store for the user; otherwise not * provided. * * @param Zikula_Event $event The event that triggered this function call, including the id of the user for which profile items should be entered. * * @return void */ public function uiEdit(Zikula_Event $event) { $items = ModUtil::apiFunc('Profile', 'user', 'getallactive', array('get' => 'editable')); // The return value of the function is checked here if ($items) { // check if there's a user to edit // or uses uid=1 to pull the default values from the annonymous user $userid = $event->hasArg('id') ? $event->getArg('id') : null; if (!isset($userid)) { $userid = 1; } // Get the dynamic data that might have been posted if ($this->request->isPost() && $this->request->getPost()->has('dynadata')) { $dynadata = $this->request->getPost()->get('dynadata'); } else { $dynadata = array(); } // merge this temporary dynadata and the errors into the items array foreach ($items as $prop_label => $item) { foreach ($dynadata as $propname => $propdata) { if ($item['prop_attribute_name'] == $propname) { $items[$prop_label]['temp_propdata'] = $propdata; } } } if ($this->validation) { $errorFields = $this->validation->getErrors(); } else { $errorFields = array(); } $this->getView()->setCaching(false) ->assign('duderrors', $errorFields) ->assign('duditems', $items) ->assign('userid', $userid); $event->data[self::EVENT_KEY] = $this->getView()->fetch('profile_profile_ui_edit.tpl'); } }