function saveWorkerPeekAction() { $translate = DevblocksPlatform::getTranslationService(); $active_worker = FegApplication::getActiveWorker(); if (!$active_worker || !$active_worker->is_superuser) { return; } @($id = DevblocksPlatform::importGPC($_POST['id'], 'integer')); @($view_id = DevblocksPlatform::importGPC($_POST['view_id'], 'string')); @($first_name = DevblocksPlatform::importGPC($_POST['first_name'], 'string')); @($last_name = DevblocksPlatform::importGPC($_POST['last_name'], 'string')); @($title = DevblocksPlatform::importGPC($_POST['title'], 'string')); @($email = DevblocksPlatform::importGPC($_POST['email'], 'string')); @($password = DevblocksPlatform::importGPC($_POST['password'], 'string')); @($is_superuser = DevblocksPlatform::importGPC($_POST['is_superuser'], 'integer', 0)); @($disabled = DevblocksPlatform::importGPC($_POST['is_disabled'], 'integer', 0)); // @$group_ids = DevblocksPlatform::importGPC($_POST['group_ids'],'array'); // @$group_roles = DevblocksPlatform::importGPC($_POST['group_roles'],'array'); @($delete = DevblocksPlatform::importGPC($_POST['do_delete'], 'integer', 0)); // [TODO] The superuser set bit here needs to be protected by ACL if (empty($first_name)) { $first_name = "Anonymous"; } if (!empty($id) && !empty($delete)) { // Can't delete or disable self if ($active_worker->id != $id) { DAO_Worker::delete($id); } } else { if (empty($id) && null == DAO_Worker::getWhere(sprintf("%s=%s", DAO_Worker::EMAIL, Feg_ORMHelper::qstr($email)))) { $workers = DAO_Worker::getAll(); $license = FegLicense::getInstance(); if (!empty($license) && !empty($license['serial']) || count($workers) < 3) { // Creating new worker. If password is empty, email it to them if (empty($password)) { $settings = DevblocksPlatform::getPluginSettingsService(); $replyFrom = $settings->get('feg.core', FegSettings::DEFAULT_REPLY_FROM); $replyPersonal = $settings->get('feg.core', FegSettings::DEFAULT_REPLY_PERSONAL, ''); $url = DevblocksPlatform::getUrlService(); $password = FegApplication::generatePassword(8); } $fields = array(DAO_Worker::EMAIL => $email, DAO_Worker::PASS => $password); $id = DAO_Worker::create($fields); } } // end create worker // Update $fields = array(DAO_Worker::FIRST_NAME => $first_name, DAO_Worker::LAST_NAME => $last_name, DAO_Worker::TITLE => $title, DAO_Worker::EMAIL => $email, DAO_Worker::IS_SUPERUSER => $is_superuser, DAO_Worker::IS_DISABLED => $disabled); // if we're resetting the password if (!empty($password)) { $fields[DAO_Worker::PASS] = md5($password); } // Update worker DAO_Worker::update($id, $fields); // Custom field saves @($field_ids = DevblocksPlatform::importGPC($_POST['field_ids'], 'array', array())); DAO_CustomFieldValue::handleFormPost(FegCustomFieldSource_Worker::ID, $id, $field_ids); } if (!empty($view_id)) { $view = Feg_AbstractViewLoader::getView($view_id); $view->render(); } }
function doRecoverStep3Action() { @($password = DevblocksPlatform::importGPC($_REQUEST['password'], 'string')); $email = $_SESSION[self::KEY_FORGOT_EMAIL]; $sentcode = $_SESSION[self::KEY_FORGOT_SENTCODE]; $code = $_SESSION[self::KEY_FORGOT_CODE]; $worker = null; $results = DAO_Worker::getWhere(sprintf("%s = %s", DAO_Worker::EMAIL, Feg_ORMHelper::qstr($email))); if (!empty($results)) { $worker = array_shift($results); } if (empty($email) || empty($code) || empty($worker)) { return; } if (0 == strcmp($sentcode, $code)) { // passed DAO_Worker::update($worker->id, array(DAO_Worker::PASS => md5($password))); unset($_SESSION[self::KEY_FORGOT_EMAIL]); unset($_SESSION[self::KEY_FORGOT_CODE]); unset($_SESSION[self::KEY_FORGOT_SENTCODE]); DevblocksPlatform::redirect(new DevblocksHttpResponse(array('login'))); } else { DevblocksPlatform::redirect(new DevblocksHttpResponse(array('login', 'forgot', 'step2'))); } }