public static function retrieveOrganizationName() { $db = DbUtil::accessFactory(); $copname = Auth::getCopName(); $copname = $db->escape($copname); $rs = $db->select("SELECT coplabel FROM cops WHERE copname = '{$copname}'"); return $rs->coplabel; }
/** * Verifies if a Widget Category with a given name exists in the * persistent database of the portal. * * @param string $name The name of the Widget Category you want to verify the existence. */ public static function exists($name) { $db = DbUtil::accessFactory(); $name = $db->escape($name); $toLowerName = strtolower($name); // Check if this category exists. $rs = $db->select("SELECT COUNT(*) AS 'catcount' FROM categories WHERE LOWER(category) = '{$toLowerName}'"); return $rs->catcount; }
public static function userCanChangeHisPassword($login, $lostKey, $lostTime) { # Verify if the login exists $db = DbUtil::accessFactory(); $login = urldecode($login); $login = $db->db_escape_string($login); $lostKey = $db->db_escape_string($lostKey); $lostTime = $db->db_escape_string($lostTime); $userId = UsersManagement::getUserIdByLogin($login); # If login exists fill db with lost key and timestamp if ($userId !== null) { $currentTime = time(); $thresholdHour = VALIDE_LOST_KEY_PERIOD; # 2h $threshold = 3600 * $thresholdHour; # number of seconde # Store the state $rs = $db->select('SELECT * FROM `users` WHERE `id` = \'' . $userId . '\' AND `lostKey` = \'' . $lostKey . '\' AND `lostTime` = \'' . $lostTime . '\''); // var_dump($rs->count()); // var_dump($threshold); // var_dump($currentTime - $lostTime); if ($rs->count() == 1) { if ($currentTime - $lostTime < $threshold) { return true; } else { return -1; } # -1 means that the time is over } else { return false; } } else { return false; } }
public static function getManifest($userId, array $tabs, $format = 'xml') { # Verify if tabs parameters is not empty if (count($tabs) == 0) { throw new MwwException(MwwException::MODEL, 'WidgetSapce::getManifest / tabs argument must contain a least one argument'); } # Init vars $db = DbUtil::accessFactory(); $userId = $db->escape($userId); $wsTabs = array(); # Process each tabs foreach ($tabs as $tabId) { # Init vars $tabId = $db->escape($tabId); $wsTabs[$tabId] = array(); # Get widgets for the given tab $rs = $db->select("SELECT * FROM `interface` WHERE `userid` = {$userId} AND `tab` = '{$tabId}'"); while ($rs->fetch()) { $widgetInstanceId = $rs->widgetinstanceid; $widgetId = WidgetInstances::getWidgetIdByInstanceId($widgetInstanceId); if (!$widgetId) { throw new MwwException(MwwException::MODEL, 'WidgetSapce::getManifest / A widget instance id seems to be not linked to a widget id...'); } # Save widget interface info $wsTabs[$tabId][$widgetInstanceId]['interface'] = array('widgetId' => $widgetId, 'column' => $rs->column, 'minimized' => $rs->minimized, 'position' => $rs->position); $wsTabs[$tabId][$widgetInstanceId]['userpreference'] = array(); # Get and save widget user preference info $rs_pref = $db->select("SELECT * FROM `interface_preferences` WHERE `userid` = {$userId} AND `widgetinstanceid` = {$widgetInstanceId}"); while ($rs_pref->fetch()) { $wsTabs[$tabId][$widgetInstanceId]['userpreference'][$rs_pref->preference] = $rs_pref->value; } } } # return widget space if ($format == 'raw') { return $wsTabs; } # Before the creating of xml, try to canonize the widget position $widgetsTabOrdored = array(); foreach ($wsTabs as $tabId => $tabInfo) { # Put widget into tab following their position in UI foreach ($tabInfo as $widgetInstanceId => $widgetInfo) { $widgetsTabOrdored[$tabId][$widgetInfo['interface']['column']][$widgetInfo['interface']['position']] = $widgetInfo; } } # Now canonize the position for each column $tmp = array(); foreach ($widgetsTabOrdored as $tabId => $tabInfo) { $tmp[$tabId] = array(); foreach ($tabInfo as $column => $columnContent) { $t = $columnContent; ksort($t); $n = count($t); foreach ($t as $oldKey => $content) { $tmp[$tabId][$column][] = $content; } # To start at 0 } } # To finish... $widgetsTabOrdored = $tmp; //var_dump($widgetsTabOrdored); # Now construct the xml output $doc = new DOMDocument('1.0', 'utf-8'); $doc->formatOutput = true; $doc->preserveWhiteSpace = false; # Create the root node $wsXML = xa($doc, $doc, 'widgetspace'); foreach ($widgetsTabOrdored as $tabId => $tabInfo) { $tabXML = xa($doc, $wsXML, 'tabs' . xs . 'title=' . $tabId); # TODO : Add here tab properties # Add a Layout $layoutXML = xa($doc, $tabXML, 'layout' . xs . 'type=three_col_layout'); # Here widget must be added into section according to their order in the three_col_layout # Add widgets into layout foreach ($tabInfo as $columnPosition => $columnContent) { $sectionXML = xa($doc, $layoutXML, 'section' . xs . 'position=' . $columnPosition); # the position attribute is needed (because there are cases where specific column is empty) foreach ($columnContent as $position => $widgetInfo) { $i = $widgetInfo['interface']; $up = $widgetInfo['userpreference']; $widgetXML = xa($doc, $sectionXML, 'widget' . xs . 'widgetid=' . $i['widgetId'] . xs . 'minimized=' . $i['minimized']); foreach ($up as $prefname => $prefvalue) { $propertyXML = xa($doc, $widgetXML, 'property'); xa($doc, $propertyXML, 'name', $prefname); xa($doc, $propertyXML, 'value', $prefvalue); } } } } # return the XML Document return $doc; }
/** * Returns a list of tags contained in the database following a given prefix. * * Example : the database contains these tags -> obiwan, yoda, luke, han, leia, yoghurt. * If you give 'yo' to this function you will receive array('yoda', 'yoghurt'). * * @param string $tagPrefix A prefix that must match the resulting tags. * @return array an array of tags as strings. */ public static function searchForTags($tagPrefix) { $db = DbUtil::accessFactory(); // Sanitization and query execution. $tagPrefix = $db->escape($tagPrefix); $rs = $db->select("SELECT `label` FROM `tags` WHERE `label` LIKE '{$tagPrefix}' ORDER BY `label` ASC LIMIT 0, 10"); // Read the the result set into an associative array. $tags = array(); while ($rs->fetch()) { $tags[] = $rs->label; } return $tags; }
public static function checkUserIdentifiers($username, $md5Password) { $db = DbUtil::accessFactory(); $username = $db->escape($username); $md5Password = $db->escape($md5Password); $rs = $db->select("SELECT username FROM users WHERE username = '******' && password = '******'"); return $rs->count(); }
public function resetPassword($login = null, $lostKey = null, $lostTime = null) { $r = Auth::userCanChangeHisPassword($login, $lostKey, $lostTime); $passwordIsChanged = false; if ($r === true) { $urlForm = "../../index.php/Users/resetPassword?login="******"&lostKey=" . urlencode($lostKey) . "&lostTime=" . urlencode($lostTime); # Save the new password if (!empty($_POST)) { # Test params isset($_POST['login']) ? $login = $_POST['login'] : ($login = null); isset($_POST['new_password']) ? $newPassword = $_POST['new_password'] : ($newPassword = null); isset($_POST['new_password']) ? $new_password_confirm = $_POST['new_password_confirm'] : ($new_password_confirm = null); # Get user id $userId = UsersManagement::getUserIdByLogin($login); # test if it is ok if ($userId !== null && $newPassword !== null && $newPassword == $new_password_confirm && Util::checkPasswordLength($newPassword)) { $db = DbUtil::accessFactory(); if (!$db->execute("UPDATE users SET password = '******' WHERE id = '" . $userId . "'")) { $message = __('Please reconfirm your password'); $isError = true; } else { $message = __('Your password have been changed'); $isError = false; $passwordIsChanged = true; Auth::removeForgotPasswordState($login); # Now reset the lostKey (for security) } } else { $message = __('Please reconfirm your password'); $isError = true; } //var_dump($_POST); } else { # Display the form to change password # Get Avaliable Langue //$availableLanguages = Util::getAvailableLanguages(); //$userLanguage = Auth::getLanguage(); } require_once DefaultFC::getView('changepassword.tpl'); } else { if ($r == -1) { die(__('Authorized time to change your password has expired, please restart the "forgot your password" process from the portal UI.')); } else { die(__('You are not authorized to view this page.')); } } }
function getOpenIDStore() { $s = new WMySqlStore(DbUtil::accessFactory()); $s->createTables(); return $s; }
/** * @param Array $options */ public static function setOptions($userId, $title, $options) { $db = DbUtil::accessFactory(); //Manage the diff of options $oldOptions = self::getOptions($userId, $title); var_dump($oldOptions); // Get old value not specified in options $tmp = array_diff_key($oldOptions, $options); // Add it to the options $options = array_merge($options, $tmp); // records the result $options = json_encode($options); // To avoid prob of object instead of array $query = "UPDATE tabs SET options = '{$options}' WHERE title = '{$title}' AND userid = {$userId} "; if (!$db->execute($query)) { throw new DBException(MwwException::MODEL, "Unable to setOptions in the persistant database."); } }
public function finish_auth() { $always_trust = false; if (isset($_GET['pal_trust'])) { $always_trust = true; // we hide this parameter from the openid library unset($_GET['pal_trust']); $_SERVER['QUERY_STRING'] = str_replace('&pal_trust=true', '', $_SERVER['QUERY_STRING']); } $db = DbUtil::accessFactory(); $store = new WMySqlStore($db); $store->createTables(); $consumer =& new Auth_OpenID_Consumer($store); $url = HttpRequest::getPathUrl(); $nb = strlen($url); $base_url = ''; if ($nb == 0 || $url[$nb - 1] != "/") { $base_url = "http://" . $_SERVER['HTTP_HOST'] . $url . "/"; } else { $base_url = "http://" . $_SERVER['HTTP_HOST'] . $url; } $return_url = $base_url . 'index.php/openid/finish_auth'; // Complete the authentication process using the server's // response. $response = $consumer->complete($return_url); $success = false; // Check the response status. if ($response->status == Auth_OpenID_CANCEL) { // This means the authentication was cancelled. $msg = __('Verification cancelled.'); } else { if ($response->status == Auth_OpenID_FAILURE) { // Authentication failed; display the error message. $msg = __("OpenID authentication failed: ") . $response->message; } else { if ($response->status == Auth_OpenID_SUCCESS) { $success = true; // This means the authentication succeeded; extract the // identity URL and Simple Registration data (if it was // returned). $openid = $response->getDisplayIdentifier(); Auth::loginByOpenid($openid); if (!Auth::isAuth()) { $success = false; $msg = __('Account not found.'); } } } } if ($success) { // for openid sso if (OPENID_SSO_MODE) { if ($always_trust) { setcookie('default_openid', $openid, time() + 60 * 60 * 24 * 30 * 12, HttpRequest::getPathUrl()); } } // Authentication process succeeded. // FIXME: log this connection // Redirection in the portal. DefaultFC::redirection('wall/index'); exit; } else { $_SESSION['isError'] = true; $_SESSION['message'] = $msg; DefaultFC::redirection('users/index'); exit; } }
private static function installLocalWidget($categoryId, $userId, $uploadedFilePath) { try { $unziper = new fileUnzip($uploadedFilePath); $archiveContent = $unziper->getFilesList(); $tempFolder = './widgets/' . mktime(); $alreadyInstalled = false; if (!self::isFileInArchive($archiveContent, 'config.xml')) { throw new FileException(MwwException::MODEL, 'Unable to find config.xml in the provided archive'); } else { if (!self::isFileInArchive($archiveContent, 'index.html') && !self::isFileInArchive($archiveContent, 'index.xul')) { throw new FileException(MwwException::MODEL, 'Unable to find index.html in the provided archive'); } else { // The mandatory files are in the archive. // We unzip the document in the widget repository under an arbitrary folder. $unziper->unzipAll($tempFolder); $unziper->close(); // parse the manifest. $manifestPath = $tempFolder . '/config.xml'; $doc = new DOMDocument(); $doc->preserveWhiteSpace = false; if (!@$doc->load($manifestPath)) { throw new XMLParsingException(MwwException::MODEL, 'Unable to parse XML file. Document not well formed.'); } // validate the manifest. if (!@$doc->schemaValidate('./schema/manifest.xsd')) { throw new XMLValidationException(MwwException::MODEL, "The XML File isn't valid according to the XML Schema."); } // test if the id is unique (test if the directory exists). $id = $doc->getElementsByTagName('widget')->item(0)->getAttribute('id'); // getting name/title of the widget. if ($doc->getElementsByTagName('name')->length) { $name = $doc->getElementsByTagName('name')->item(0)->nodeValue; } else { if ($doc->getElementsByTagName('title')->length) { $name = $doc->getElementsByTagName('title')->item(0)->nodeValue; } else { throw new XMLValidationException(MwwException::MODEL, "The XML File is not valid. The mandatory title or name element is missing."); } } // getting widget description. $description = null; if ($doc->getElementsByTagName('description')->length) { $description = $doc->getElementsByTagName('description')->item(0)->nodeValue; } // is widget authentication enabled or disabled ? $widgetAuth = false; $authKey = null; if ($doc->getElementsByTagName('widget_authentication')->length) { $authValue = $doc->getElementsByTagName('widget_authentication')->item(0)->nodeValue; if ($authValue == 'enabled') { $widgetAuth = true; // create the key. $crypto = new Rijndael(); $authKey = $crypto->generateKey(); } } $targetFolder = './widgets/' . $id; if (file_exists($targetFolder)) { $alreadyInstalled = true; throw new FileException(MwwException::MODEL, 'A widget with the id \'' . $id . '\' already exists.'); } // create the widget directory (actually we simply rename the temporary directory). if (!@rename($tempFolder, $targetFolder)) { throw new FileException(MwwException::MODEL, 'The widget directory could not be created'); } $nameToReturn = $name; // -- Persistant data access section. $db = DbUtil::accessFactory(); $categoryId = $categoryId != 0 ? $db->escape($categoryId) : 'NULL'; $userId = $db->escape($userId); $name = $db->escape($name); $description = $db->escape($description); $generatedKey = $widgetAuth ? "'{$authKey}'" : 'NULL'; // insert the widget into the database. if (!$db->execute("INSERT INTO `widgets` (`widgetid`, `widgetname`, `visible`, `copname`, `category`, `description`, `authkey`) VALUES ('{$id}', '{$name}', 0, (SELECT `copname` FROM `users` WHERE `id`= {$userId}), {$categoryId}, '{$description}', {$generatedKey})")) { throw new DBException(MwwException::MODEL, "Unable to insert new widget '{$id}' information in persistant data"); } // -- End of Persistant data access section. // End of the installation. Everything was fine. return $nameToReturn; } } } catch (Exception $ex) { if (isset($tempFolder) && is_dir($tempFolder)) { Util::full_rmdir($tempFolder); } if (isset($targetFolder) && is_dir($targetFolder) && !$alreadyInstalled) { Util::full_rmdir($targetFolder); } throw $ex; } }
public static function getUserIdByLogin($login) { $db = DbUtil::accessFactory(); $login = $db->escape($login); $rs = $db->select("SELECT id FROM users WHERE username = '******'"); if ($rs->count() == 1 && $rs->fetch()) { return $rs->id; } else { return null; } }
/** * Makes effective a subscribing to a given widget for a particular user in the database. If * the widget already exists in the user's UI, the call to this function will simply * be ignored. * * You have to know that if the widget is inserted in the user's UI, it will take place * in the first column of the screen, at the first place (in other words: top-left on the screen). * * @param integer $userId The user's identifier in the database * @param string $widgetId The widget's identifier to wich the user want to subscribe. */ public static function subscribe($userId, $widgetId) { // Test if the widget exists. Developpers please be carefull, there's a dependancy on /models/Widgets::isInstalled. if (!Widgets::isInstalled($widgetId)) { throw new ServiceException(MwwException::MODEL, "Unable to subscribe user '{$userId}' to widget '{$widgetId}'. The widget is not installed."); } // Sanitization and database connexion. $db = DbUtil::accessFactory(); $userId = $db->escape($userId); $widgetId = $db->escape($widgetId); // Test if the widget needs to be added to the user interface. # $rs = $db->select("SELECT * FROM interface as i, widget_instances as wi WHERE userid = ${userId} AND wi.instanceid = i.widgetinstanceid AND wi.widgetid = '${widgetId}'"); # TODO Remove this ligne because in case of multi instanciation there is not this constrain //if($rs->isEmpty()) //{ // We can subscribe this user to the requested widget. // Developpers note : be careful the 'column' mysql keyword use in the following queries. Use brackets ! # New instance $db->execute("INSERT INTO `widget_instances` (`widgetid`) VALUES ('" . $widgetId . "')"); $widgetInstanceId = mysql_insert_id(); # TODO test this, may be do a transaction and use clearbricks $db->execute("UPDATE interface SET position = position + 1 WHERE userid = {$userId} AND `column` = 0"); $db->execute("INSERT INTO interface (userid, widgetinstanceid, `column`, minimized, position) VALUES ({$userId}, '{$widgetInstanceId}', '0', '0', '0')"); //} }