/**
* Creates the user's session and log him in
*
* @param unknown_type $StPwd
* @return unknown
*/
public function getLogged($StLogin, $StPwd)
{
UserHandler::SQLInjectionHandle($StLogin);
UserHandler::SQLInjectionHandle($StPwd);
$this->StLogin = $StLogin;
$StSQL = "\nSELECT\n IDUser, StPassword, StName, StEmail, StHash\nFROM\n " . DBPREFIX . "User\nWHERE\n StEmail = '{$this->StLogin}'";
$this->execSQL($StSQL);
$this->commit();
if ($this->getNumRows() != 1) {
throw new ErrorHandler(EXC_USER_NOTREG);
}
$ArResult = $this->getResult('string');
if ($ArResult[0]['StPassword'] == $this->myHash($ArResult[0]['StHash'], $StPwd)) {
$StSQL = "\nSELECT\n C.IDClient, S.IDSupporter\nFROM\n " . DBPREFIX . "User U\nLEFT JOIN\n " . DBPREFIX . "Supporter S ON (U.IDUser = S.IDUser)\nLEFT JOIN\n " . DBPREFIX . "Client C ON (U.IDUser = C.IDUser)\nWHERE\n U.IDUser = {$ArResult[0]['IDUser']}";
$this->execSQL($StSQL);
$ArResult = array_merge($ArResult, $this->getResult('string'));
setSessionProp('StName', $ArResult[0]['StName']);
setSessionProp('IDUser', $ArResult[0]['IDUser']);
setSessionProp('StEmail', $ArResult[0]['StEmail']);
setSessionProp('StHash', md5($ArResult[0]['IDUser'] . $ArResult[0]['StName']));
if (!isset($ArResult[1]['IDClient']) && isset($ArResult[1]['IDSupporter'])) {
setSessionProp('isSupporter', 'true');
setSessionProp('IDSupporter', $ArResult[1]['IDSupporter']);
} else {
setSessionProp('isSupporter', 'false');
setSessionProp('IDClient', $ArResult[1]['IDClient']);
}
return true;
} else {
throw new ErrorHandler(EXC_USER_WRONGPASS);
}
}
/**
* This part has had to be outsourced from the Constructor,
* because the called Classes access the core and by
* that the Core::instance() method. Thus an endless recursion
* occured. because the instance is not already instantiated
*/
private function postConstruct()
{
$this->db = Grootdb::instance();
I18N::instance()->addFolder('i18n');
UserHandler::instance();
$this->controller = Controller::instance();
}
public static function insertMessage($user_id, $chat_id, $message)
{
$conn = DbHandler::getConnection();
$query = "INSERT INTO messages (chat_id, user_id, message, insert_time) " . "VALUES (" . $conn->escapeString($chat_id) . ", " . $conn->escapeString($user_id) . ", '" . $conn->escapeString($message) . "', " . $conn->escapeString(getMicrotime()) . ")";
$conn->exec($query);
UserHandler::setUserActivity();
return true;
}
public function testRegister()
{
$uh = UserHandler::instance();
$uh->register('widow', '12345', 'Black', 'Widow');
$user = $uh->user();
$this->equal($user->getValue('user_name'), 'widow', 'Wrong user name');
$double_register = $uh->register('widow', '12345', 'Black', 'Widow');
$this->equal($double_register, UserHandler::ERROR_EXISTS, 'Not recognized double registration');
}
public static function login($username)
{
require_once "handlers/SessionsHandler.php";
$user_id = UserHandler::getUserId($username);
if (!$user_id) {
$user_id = static::createUser($username);
}
SessionsHandler::startSession();
SessionsHandler::setSessionUser($user_id, $username);
}
/**
* @copydoc PKPHandler::authorize()
*/
function authorize($request, &$args, $roleAssignments)
{
$operations = array('profile');
// Site access policy
import('lib.pkp.classes.security.authorization.PKPSiteAccessPolicy');
$this->addPolicy(new PKPSiteAccessPolicy($request, $operations, SITE_ACCESS_ALL_ROLES));
// User must be logged in
import('lib.pkp.classes.security.authorization.UserRequiredPolicy');
$this->addPolicy(new UserRequiredPolicy($request));
return parent::authorize($request, $args, $roleAssignments);
}
/**
* Save user's new password.
*/
function savePassword()
{
parent::validate();
import('user.form.ChangePasswordForm');
$passwordForm =& new ChangePasswordForm();
$passwordForm->readInputData();
if ($passwordForm->validate()) {
$passwordForm->execute();
Request::redirect(null, Request::getRequestedPage());
} else {
parent::setupTemplate(true);
$passwordForm->display();
}
}
public static function lang()
{
if (static::$lang) {
return static::$lang;
}
if (isset($_REQUEST['lang']) && static::validLang($_REQUEST['lang'])) {
return static::$lang = $_REQUEST['lang'];
}
if (isset($_SESSION['lang']) && static::validLang($_SESSION['lang'])) {
return static::$lang = $_SESSION['lang'];
}
$user = UserHandler::instance()->user();
if (!is_null($user) && static::validLang($user->lang())) {
return static::$lang = $user->lang();
}
return static::$lang = DEFAULT_LANGUAGE;
}
public static function loginWithWhere($p_where = array())
{
if (count($_POST) == 0) {
return Utility::getArrayForResults(RUNTIME_CODE_ERROR_PARAM, '错误,此处不接受GET数据。');
}
switch (static::getAuthIfUserCanDoIt(Utility::getCurrentUserID(), 'login')) {
case 'admin':
//有管理权限
//有管理权限
case 'self':
//作者
//作者
case 'normal':
//正常用户
//正常用户
case 'draft':
//未激活
//未激活
case 'pending':
//待审禁言
//待审禁言
case 'disabled':
//封号
return Utility::getArrayForResults(RUNTIME_CODE_ERROR_NO_AUTH, '您已登录,需要注销后才能重新登录。');
break;
case 'visitor':
//游客
break;
default:
return Utility::getArrayForResults(RUNTIME_CODE_ERROR_NO_AUTH, '您没有权限执行该操作');
break;
}
UserHandler::$isUseCache = false;
$tmpModel = UserHandler::loadModelFirstInList($p_where);
UserHandler::$isUseCache = true;
if (!is_object($tmpModel)) {
return Utility::getArrayForResults(RUNTIME_CODE_ERROR_NOT_USER, '登录失败,账号或密码错误。');
}
switch ($tmpModel->getStatus()) {
case STATUS_DRAFT:
// return Utility::getArrayForResults(RUNTIME_CODE_ERROR_DATA_EMPTY,'未激活');
break;
case STATUS_PENDING:
// return Utility::getArrayForResults(RUNTIME_CODE_ERROR_DATA_EMPTY,'禁言用户');
break;
case STATUS_DISABLED:
return Utility::getArrayForResults(RUNTIME_CODE_ERROR_DATA_EMPTY, '该账号不可用,不可登录。');
break;
default:
// return Utility::getArrayForResults(RUNTIME_CODE_ERROR_DATA_EMPTY,'该数据暂不可用。');
break;
}
$tmpModel->setLastLoginTime(date('Y-m-d H:i:s'));
$savedModel = UserHandler::saveModel($tmpModel);
if (Utility::getHeaderValue('Devicetoken') != '') {
DeviceController::setDeviceWithUser(Utility::getHeaderValue('Devicetoken'), $savedModel);
}
return Utility::getArrayForResults(RUNTIME_CODE_OK, '', $savedModel, array('authInfo' => Utility::getHeaderAuthInfoForUserID($savedModel->getId())));
}
public function logout($function)
{
return UserHandler::instance()->logout();
}
public function makeMenu()
{
#label of selectbox
$selectName = "cat";
$divId = "logo";
$classIcon = "stdanimation1_4";
$grootLogoChar = "G";
//Build html
$html = "";
$selectBox = GenreModel::getTranslatedGenres();
array_unshift($selectBox, array('value' => '', 'label' => i('All')));
$cat = isset($_REQUEST['cat']) ? htmlspecialchars($_REQUEST['cat']) : null;
//build the select html element
$selectBoxHtml = Utilities::buildSelectbox($selectBox, $selectName, $cat);
//Logo
$html .= '
<a href="index.php?view=home">
<div id="' . $divId . '">
<span class="' . $classIcon . '">' . $grootLogoChar . '</span>
</div>
</a>
';
$query_val = isset($_REQUEST['query']) ? htmlspecialchars($_REQUEST['query']) : '';
//Searchbar
$html .= '<form id="search" method="GET">
' . $selectBoxHtml . '
<input type="hidden" name="view" value="search" />
<input type="text" name="query" id="query" value="' . $query_val . '" autocomplete="off"/>
<button type="submit" name="search" value="search">' . i("Search") . '</button>
</form>';
//Build up all the navigation points from an array
$naviElement = "";
$current_view_url = Controller::instance()->getViewUrl();
foreach (I18n::availableLanguages() as $lang) {
$naviArray[] = array("link" => $current_view_url . '&lang=' . $lang, "icon" => "", "cls" => $lang == I18n::lang() ? 'active' : '', "label" => strtoupper($lang));
}
//create HTML elements for each navi point
foreach ($naviArray as $navi) {
$navi['label'] = i($navi['label']);
$naviElement .= '<li class="' . $navi['cls'] . '"><a class="stdanimation1_2" href="' . $navi["link"] . '">' . $navi["label"] . '</a></li>';
}
$html .= '<ul class="menu menu-main">
' . $naviElement . '
</ul>';
//Deside, if user is logged in or not and change appearance
if (UserHandler::instance()->loggedin()) {
$mask_cls = 'loggedin';
$buttons = '<input type="submit" class="button" name="Logout" value="Logout">';
//getting the values from the protected data array via class.basemodel
if (UserHandler::instance()->user()) {
$firstName = UserHandler::instance()->user()->getValue('first_name');
$lastName = UserHandler::instance()->user()->getValue('last_name');
} else {
$firstName = "";
$lastName = "";
}
$greeting = i('Hello');
$loginMask = $greeting . ' ' . $firstName . ' ' . $lastName;
} else {
$mask_cls = 'loggedout';
$buttons = '<input type="submit" class="button" name="Login" value="Login"/>';
$loginMask = '<div><label for="Loginname">' . i("User") . ':</label><input class="" name="Loginname" /> </div>
<div><label for="Password">' . i("Password") . ':</label><input class="" type="password" name="Password" /> </div>';
}
$html .= '<div class="login-mask ' . $mask_cls . '">
<form action="" method="POST">
<div class="mask">' . $loginMask . '</div>
<div class="buttons">' . $buttons . '</div>
</form>
</div>';
return $html;
}
/**
* find for the userID of the existing user or creates a new one
*/
private static function createUser()
{
$userHandler = new UserHandler();
ComponentCore::$userID = $userHandler->getUserID();
ComponentCore::$sessionID = $userHandler->getSession();
}
/**
* 根据$userID获得对应个人实例
* @return PersonModel 个人实例
*/
public static function loadModelByUserID($userID)
{
$tmpModel = null;
if ($userID > 0) {
$_d = static::loadModelList(array('userID' => $userID), null, 1, 1);
if (isset($_d) && is_array($_d) && count($_d) > 0) {
$tmpModel = $_d[0];
} else {
$userModel = UserHandler::loadModelById($userID);
if (is_object($userModel) && $userModel->getGenre() == USER_GENRE::PERSON) {
$tmpModel = static::createModel();
$tmpModel->setUserID($userID);
$tmpModel->setCreateTime(date('Y-m-d H:i:s'));
$tmpModel->setModifyTime(date('Y-m-d H:i:s'));
$tmpModel = static::saveModel($tmpModel);
}
}
}
return $tmpModel;
}
/**
* Extension of password validation to handle more types
*
* @param string $pword - plaintext password as entered by user
* @param string $login_name - string used to log in (could actually be email address)
* @param string $stored_hash - required value for password to match
* @param integer $password_type - constant specifying the type of password to check against
*
* @return PASSWORD_INVALID|PASSWORD_VALID|string
* PASSWORD_INVALID if no match
* PASSWORD_VALID if valid password
* Return a new hash to store if valid password but non-preferred encoding
*/
public function CheckPassword($pword, $login_name, $stored_hash, $password_type = PASSWORD_DEFAULT_TYPE)
{
switch ($password_type) {
case PASSWORD_GENERAL_MD5:
case PASSWORD_E107_MD5:
$pwHash = md5($pword);
break;
case PASSWORD_GENERAL_SHA1:
if (strlen($stored_hash) != 40) {
return PASSWORD_INVALID;
}
$pwHash = sha1($pword);
break;
case PASSWORD_JOOMLA_SALT:
case PASSWORD_MAMBO_SALT:
if (strpos($stored_hash, ':') === false || strlen($stored_hash) < 40) {
return PASSWORD_INVALID;
}
// Mambo/Joomla salted hash - should be 32-character md5 hash, ':', 16-character salt (but could be 8-char salt, maybe)
list($hash, $salt) = explode(':', $stored_hash);
$pwHash = md5($pword . $salt);
$stored_hash = $hash;
break;
case PASSWORD_MAGENTO_SALT:
$hash = $salt = '';
if (strpos($stored_hash, ':') !== false) {
list($hash, $salt) = explode(':', $stored_hash);
} else {
$hash = $stored_hash;
}
if (strlen($hash) !== 32) {
//return PASSWORD_INVALID;
}
$pwHash = $salt ? md5($salt . $pword) : md5($pword);
$stored_hash = $hash;
break;
case PASSWORD_E107_SALT:
//return e107::getUserSession()->CheckPassword($password, $login_name, $stored_hash);
return parent::CheckPassword($password, $login_name, $stored_hash);
break;
case PASSWORD_PHPBB_SALT:
case PASSWORD_WORDPRESS_SALT:
if (strlen($stored_hash) != 34) {
return PASSWORD_INVALID;
}
$pwHash = $this->crypt_private($pword, $stored_hash, $password_type);
if ($pwHash[0] == '*') {
return PASSWORD_INVALID;
}
$stored_hash = substr($stored_hash, 12);
break;
case PASSWORD_PLAINTEXT:
$pwHash = $pword;
break;
default:
return PASSWORD_INVALID;
}
if ($stored_hash != $pwHash) {
return PASSWORD_INVALID;
}
return PASSWORD_VALID;
}
public function __construct($method, &$username, &$userpass)
{
$this->e107 = e107::getInstance();
$newvals = array();
if ($method == 'none') {
$this->loginResult = AUTH_NOCONNECT;
return;
}
require_once e_PLUGIN . 'alt_auth/' . $method . '_auth.php';
$_login = new auth_login();
if (isset($_login->Available) && $_login->Available === FALSE) {
// Relevant auth method not available (e.g. PHP extension not loaded)
$this->loginResult = AUTH_NOT_AVAILABLE;
return;
}
$login_result = $_login->login($username, $userpass, $newvals, FALSE);
if ($login_result === AUTH_SUCCESS) {
require_once e_HANDLER . 'user_handler.php';
require_once e_HANDLER . 'validator_class.php';
if (MAGIC_QUOTES_GPC == FALSE) {
$username = mysql_real_escape_string($username);
}
$username = preg_replace("/\\sOR\\s|\\=|\\#/", "", $username);
$username = substr($username, 0, e107::getPref('loginname_maxlength'));
$aa_sql = e107::getDb('aa');
$userMethods = new UserHandler();
$db_vals = array('user_password' => $aa_sql->escape($userMethods->HashPassword($userpass, $username)));
$xFields = array();
// Possible extended user fields
// See if any of the fields need processing before save
if (isset($_login->copyMethods) && count($_login->copyMethods)) {
foreach ($newvals as $k => $v) {
if (isset($_login->copyMethods[$k])) {
$newvals[$k] = $this->translate($_login->copyMethods[$k], $v);
if (AA_DEBUG1) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth convert", $k . ': ' . $v . '=>' . $newvals[$k], FALSE, LOG_TO_ROLLING);
}
}
}
}
foreach ($newvals as $k => $v) {
if (strpos($k, 'x_') === 0) {
// Extended field
$k = substr($k, 2);
$xFields['user_' . $k] = $v;
} else {
// Normal user table
if (strpos($k, 'user_' !== 0)) {
$k = 'user_' . $k;
}
// translate the field names (but latest handlers don't need translation)
$db_vals[$k] = $v;
}
}
$ulogin = new userlogin();
if (count($xFields)) {
// We're going to have to do something with extended fields as well - make sure there's an object
require_once e_HANDLER . 'user_extended_class.php';
$ue = new e107_user_extended();
$q = $qry = "SELECT u.user_id,u." . implode(',u.', array_keys($db_vals)) . ", ue.user_extended_id, ue." . implode(',ue.', array_keys($xFields)) . " FROM `#user` AS u\n\t\t\t\t\t\tLEFT JOIN `#user_extended` AS ue ON ue.user_extended_id = u.user_id\n\t\t\t\t\t\tWHERE " . $ulogin->getLookupQuery($username, FALSE, 'u.');
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Query: {$qry}[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
} else {
$qry = "SELECT * FROM `#user` WHERE " . $ulogin->getLookupQuery($username, FALSE);
}
if ($aa_sql->db_Select_gen($qry)) {
// Existing user - get current data, see if any changes
$row = $aa_sql->db_Fetch(MYSQL_ASSOC);
foreach ($db_vals as $k => $v) {
if ($row[$k] == $v) {
unset($db_vals[$k]);
}
}
if (count($db_vals)) {
$newUser = array();
$newUser['data'] = $db_vals;
validatorClass::addFieldTypes($userMethods->userVettingInfo, $newUser);
$newUser['WHERE'] = '`user_id`=' . $row['user_id'];
$aa_sql->db_Update('user', $newUser);
if (AA_DEBUG1) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User data update: " . print_r($newUser, TRUE), FALSE, LOG_TO_ROLLING);
}
}
foreach ($xFields as $k => $v) {
if ($row[$k] == $v) {
unset($xFields[$k]);
}
}
if (AA_DEBUG1) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User data read: " . print_r($row, TRUE) . "[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User xtnd read: " . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
if (count($xFields)) {
$xArray = array();
$xArray['data'] = $xFields;
if ($row['user_extended_id']) {
$ue->addFieldTypes($xArray);
// Add in the data types for storage
$xArray['WHERE'] = '`user_extended_id`=' . intval($row['user_id']);
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "User xtnd update: " . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
$aa_sql->db_Update('user_extended', $xArray);
} else {
// Never been an extended user fields record for this user
$xArray['data']['user_extended_id'] = $row['user_id'];
$ue->addDefaultFields($xArray);
// Add in the data types for storage, plus any default values
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Write new extended record" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
$aa_sql->db_Insert('user_extended', $xArray);
}
}
} else {
// Just add a new user
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), "DEBUG", "Alt auth login", "Add new user: "******"[!br!]" . print_r($xFields, TRUE), FALSE, LOG_TO_ROLLING);
}
if (!isset($db_vals['user_name'])) {
$db_vals['user_name'] = $username;
}
if (!isset($db_vals['user_loginname'])) {
$db_vals['user_loginname'] = $username;
}
if (!isset($db_vals['user_join'])) {
$db_vals['user_join'] = time();
}
$db_vals['user_class'] = e107::getPref('initial_user_classes');
if (!isset($db_vals['user_signature'])) {
$db_vals['user_signature'] = '';
}
if (!isset($db_vals['user_prefs'])) {
$db_vals['user_prefs'] = '';
}
if (!isset($db_vals['user_perms'])) {
$db_vals['user_perms'] = '';
}
$userMethods->userClassUpdate($db_vals, 'userall');
$newUser = array();
$newUser['data'] = $db_vals;
$userMethods->addNonDefaulted($newUser);
validatorClass::addFieldTypes($userMethods->userVettingInfo, $newUser);
$newID = $aa_sql->db_Insert('user', $newUser);
if ($newID !== FALSE) {
if (count($xFields)) {
$xFields['user_extended_id'] = $newID;
$xArray = array();
$xArray['data'] = $xFields;
$ue->addDefaultFields($xArray);
// Add in the data types for storage, plus any default values
$result = $aa_sql->db_Insert('user_extended', $xArray);
if (AA_DEBUG) {
$this->e107->admin_log->e_log_event(10, debug_backtrace(), 'DEBUG', 'Alt auth login', "Add extended: UID={$newID} result={$result}", FALSE, LOG_TO_ROLLING);
}
}
} else {
// Error adding user to database - possibly a conflict on unique fields
$this->e107->admin_log->e_log_event(10, __FILE__ . '|' . __FUNCTION__ . '@' . __LINE__, 'ALT_AUTH', 'Alt auth login', 'Add user fail: DB Error ' . $aa_sql->getLastErrorText() . "[!br!]" . print_r($db_vals, TRUE), FALSE, LOG_TO_ROLLING);
$this->loginResult = LOGIN_DB_ERROR;
return;
}
}
$this->loginResult = LOGIN_CONTINUE;
return;
} else {
// Failure modes
switch ($login_result) {
case AUTH_NOCONNECT:
if (varset(e107::getPref('auth_noconn'), TRUE)) {
$this->loginResult = LOGIN_TRY_OTHER;
return;
}
$username = md5('xx_noconn_xx');
$this->loginResult = LOGIN_ABORT;
return;
case AUTH_BADPASSWORD:
if (varset(e107::getPref('auth_badpassword'), TRUE)) {
$this->loginResult = LOGIN_TRY_OTHER;
return;
}
$userpass = md5('xx_badpassword_xx');
$this->loginResult = LOGIN_ABORT;
// Not going to magically be able to log in!
return;
}
}
$this->loginResult = LOGIN_ABORT;
// catch-all just in case
return;
}
/**
* Constructor
**/
function ProfileHandler()
{
parent::UserHandler();
}
function email($args)
{
parent::validate();
parent::setupTemplate(true);
$templateMgr =& TemplateManager::getManager();
$userDao =& DAORegistry::getDAO('UserDAO');
$journal =& Request::getJournal();
$user =& Request::getUser();
// See if this is the Editor or Manager and an email template has been chosen
$template = Request::getUserVar('template');
if (!$journal || empty($template) || !Validation::isJournalManager($journal->getJournalId()) && !Validation::isEditor($journal->getJournalId()) && !Validation::isSectionEditor($journal->getJournalId())) {
$template = null;
}
// Determine whether or not this account is subject to
// email sending restrictions.
$canSendUnlimitedEmails = Validation::isSiteAdmin();
$unlimitedEmailRoles = array(ROLE_ID_JOURNAL_MANAGER, ROLE_ID_EDITOR, ROLE_ID_SECTION_EDITOR);
$roleDao =& DAORegistry::getDAO('RoleDAO');
if ($journal) {
$roles =& $roleDao->getRolesByUserId($user->getUserId(), $journal->getJournalId());
foreach ($roles as $role) {
if (in_array($role->getRoleId(), $unlimitedEmailRoles)) {
$canSendUnlimitedEmails = true;
}
}
}
// Check when this user last sent an email, and if it's too
// recent, make them wait.
if (!$canSendUnlimitedEmails) {
$dateLastEmail = $user->getDateLastEmail();
if ($dateLastEmail && strtotime($dateLastEmail) + (int) Config::getVar('email', 'time_between_emails') > strtotime(Core::getCurrentDate())) {
$templateMgr->assign('pageTitle', 'email.compose');
$templateMgr->assign('message', 'email.compose.tooSoon');
$templateMgr->assign('backLink', 'javascript:history.back()');
$templateMgr->assign('backLinkLabel', 'email.compose');
return $templateMgr->display('common/message.tpl');
}
}
$email = null;
if ($articleId = Request::getUserVar('articleId')) {
// This message is in reference to an article.
// Determine whether the current user has access
// to the article in some form, and if so, use an
// ArticleMailTemplate.
$articleDao =& DAORegistry::getDAO('ArticleDAO');
$article =& $articleDao->getArticle($articleId);
$hasAccess = false;
// First, conditions where access is OK.
// 1. User is submitter
if ($article && $article->getUserId() == $user->getUserId()) {
$hasAccess = true;
}
// 2. User is section editor of article or full editor
$editAssignmentDao =& DAORegistry::getDAO('EditAssignmentDAO');
$editAssignments =& $editAssignmentDao->getEditAssignmentsByArticleId($articleId);
while ($editAssignment =& $editAssignments->next()) {
if ($editAssignment->getEditorId() === $user->getUserId()) {
$hasAccess = true;
}
}
if (Validation::isEditor($journal->getJournalId())) {
$hasAccess = true;
}
// 3. User is reviewer
$reviewAssignmentDao =& DAORegistry::getDAO('ReviewAssignmentDAO');
foreach ($reviewAssignmentDao->getReviewAssignmentsByArticleId($articleId) as $reviewAssignment) {
if ($reviewAssignment->getReviewerId() === $user->getUserId()) {
$hasAccess = true;
}
}
// 4. User is copyeditor
$copyAssignmentDao =& DAORegistry::getDAO('CopyAssignmentDAO');
$copyAssignment =& $copyAssignmentDao->getCopyAssignmentByArticleId($articleId);
if ($copyAssignment && $copyAssignment->getCopyeditorId() === $user->getUserId()) {
$hasAccess = true;
}
// 5. User is layout editor
$layoutAssignmentDao =& DAORegistry::getDAO('LayoutAssignmentDAO');
$layoutAssignment =& $layoutAssignmentDao->getLayoutAssignmentByArticleId($articleId);
if ($layoutAssignment && $layoutAssignment->getEditorId() === $user->getUserId()) {
$hasAccess = true;
}
// 6. User is proofreader
$proofAssignmentDao =& DAORegistry::getDAO('ProofAssignmentDAO');
$proofAssignment =& $proofAssignmentDao->getProofAssignmentByArticleId($articleId);
if ($proofAssignment && $proofAssignment->getProofreaderId() === $user->getUserId()) {
$hasAccess = true;
}
// Last, "deal-breakers" -- access is not allowed.
if (!$article || $article && $article->getJournalId() !== $journal->getJournalId()) {
$hasAccess = false;
}
if ($hasAccess) {
import('mail.ArticleMailTemplate');
$email =& new ArticleMailTemplate($articleDao->getArticle($articleId, $template));
}
}
if ($email === null) {
import('mail.MailTemplate');
$email =& new MailTemplate($template);
}
if (Request::getUserVar('send') && !$email->hasErrors()) {
$recipients = $email->getRecipients();
$ccs = $email->getCcs();
$bccs = $email->getBccs();
// Make sure there aren't too many recipients (to
// prevent use as a spam relay)
$recipientCount = 0;
if (is_array($recipients)) {
$recipientCount += count($recipients);
}
if (is_array($ccs)) {
$recipientCount += count($ccs);
}
if (is_array($bccs)) {
$recipientCount += count($bccs);
}
if (!$canSendUnlimitedEmails && $recipientCount > (int) Config::getVar('email', 'max_recipients')) {
$templateMgr->assign('pageTitle', 'email.compose');
$templateMgr->assign('message', 'email.compose.tooManyRecipients');
$templateMgr->assign('backLink', 'javascript:history.back()');
$templateMgr->assign('backLinkLabel', 'email.compose');
return $templateMgr->display('common/message.tpl');
}
$email->send();
$redirectUrl = Request::getUserVar('redirectUrl');
if (empty($redirectUrl)) {
$redirectUrl = Request::url(null, 'user');
}
$user->setDateLastEmail(Core::getCurrentDate());
$userDao->updateUser($user);
Request::redirectUrl($redirectUrl);
} else {
$email->displayEditForm(Request::url(null, null, 'email'), array('redirectUrl' => Request::getUserVar('redirectUrl'), 'articleId' => $articleId), null, array('disableSkipButton' => true, 'articleId' => $articleId));
}
}
/**
* Constructor
**/
function EmailHandler()
{
parent::UserHandler();
}
?>
</a></td>
<td style="font-size: 11pt"><?php
$authors = $addon->getAuthorInfo();
//This system should probably be rethought
if (sizeof($authors) == 1) {
//$uo = new UserHandler();
//$uo->initFromId($authors[0]->id);
$uo = UserManager::getFromBLID($authors[0]->blid);
echo "<a href=\"#\">" . $uo->getName() . "</a>";
} else {
if (sizeof($authors) == 2) {
//$uo = new UserHandler();
//$uo->initFromId($authors[0]->id);
$uo = UserManager::getFromBLID($authors[0]->blid);
$uo2 = new UserHandler();
$uo2->initFromId($authors[1]->id);
$uo2 = UserManager::getFromBLID($authors[1]->blid);
echo "<a href=\"#\">" . $uo->getName() . "</a>";
echo " and ";
echo "<a href=\"#\">" . $uo2->getName() . "</a>";
} else {
$count = sizeof($authors);
//echo("DATA: ");
//print_r($authors);
foreach ($authors as $num => $author) {
//$uo = new UserHandler();
//$uo->initFromId($auth->id);
$uo = UserManager::getFromBLID($author->blid);
if ($count - $num == 1) {
echo "and <a href=\"#\">" . $uo->getName() . "</a>";
public function getAuthors()
{
if (!$this->isInit()) {
throw new Exception('AddonObject not init');
return;
}
$this->authors = json_decode($this->authorDat);
if (!is_array($this->authors)) {
//LEGACY SUPPORT
if (!is_object($this->author)) {
$author = new UserHandler();
$author->initFromBLID($this->authorDat);
$this->author = $author;
}
$ad = array();
$auth = $ad[] = new stdClass();
$auth->id = $author->getId();
$auth->role = "main";
$auth->owner = true;
$this->authorDat = json_encode($ad);
$this->authors = $ad;
// TODO do something here to send this back to the database
}
$this->authors = json_decode($this->authorDat);
return $this->authors;
}
public function getUserIDLocal()
{
return UserHandler::loadModelById($this->getUserID());
}
/**
* Function to check if the user is logged in and has Admin rights
*@author TSCM
*@return boolean
*/
public function checkIsAdmin()
{
if (UserHandler::instance()->loggedin()) {
if (UserHandler::instance()->user()->getValue('isAdmin') == true) {
return true;
} else {
return false;
}
} else {
return false;
}
}
<?php
require_once dirname(__FILE__) . "/main.php";
$UserHandler = new UserHandler();
$UserHandler->logginOut();
header('Location: index.php');
/**
* Validation check.
* Checks if site allows user registration.
*/
function validate()
{
parent::validate();
$site =& Request::getSite();
if (!$site->getSetting('enableSubmit')) {
// Users cannot register themselves
$this->registrationDisabled();
exit;
}
}
<?php
require_once 'main.php';
/***************************************
* Create Submit *
****************************************/
$ObjTicket = new TicketHandler();
if (!empty($_POST) && $_POST['StAction'] == 'create') {
foreach ($_POST as &$StArg) {
UserHandler::SQLInjectionHandle($StArg);
}
$IDCategory = $_POST['StCategory'];
$IDPriority = $_POST['StPriority'];
$StTitle = $_POST['StTitle'];
$TxMessage = f1desk_escape_html($_POST['TxMessage']);
$IDDepartment = $_POST['IDRecipient'] != 'null' ? $_POST['IDRecipient'] : '';
$IDDepartmentReader = isset($_POST['IDReader']) && $_POST['IDReader'] != 'null' ? $_POST['IDReader'] : '';
$ArUsers = isset($_POST['ArRecipients']) ? explode(',', $_POST['ArRecipients']) : array();
$ArReaders = isset($_POST['ArReaders']) ? explode(',', $_POST['ArReaders']) : array();
$ArAttached = isset($_POST['ArAttached']) ? explode(',', $_POST['ArAttached']) : array();
if (F1DeskUtils::IsSupporter()) {
if (!empty($_FILES['Attachment']['name'])) {
$IDTicket = $ObjTicket->createSupporterTicket(getSessionProp('IDSupporter'), $IDCategory, $IDPriority, $StTitle, $TxMessage, $IDDepartment, $IDDepartmentReader, $ArUsers, $ArReaders, true, $_FILES);
} else {
$IDTicket = $ObjTicket->createSupporterTicket(getSessionProp('IDSupporter'), $IDCategory, $IDPriority, $StTitle, $TxMessage, $IDDepartment, $IDDepartmentReader, $ArUsers, $ArReaders, true);
}
} else {
if (!empty($_FILES['Attachment']['name'])) {
$IDTicket = $ObjTicket->createUserTicket(getSessionProp('IDClient'), $IDCategory, $IDPriority, $StTitle, $TxMessage, $IDDepartment, $_FILES);
} else {
$IDTicket = $ObjTicket->createUserTicket(getSessionProp('IDClient'), $IDCategory, $IDPriority, $StTitle, $TxMessage, $IDDepartment);
/**
* find for the userID of the existing user or creates a new one
*/
private static function createUser()
{
$userHandler = new UserHandler();
UPCompCore::$userID = $userHandler->getUserID();
}
/**
* @see PKPHandler::initialize()
*/
function initialize($request, &$args)
{
AppLocale::requireComponents(LOCALE_COMPONENT_APP_COMMON);
parent::initialize($request, $args);
}
<?php
/**
* Created by PhpStorm.
* User: Kristaps
* Date: 11/27/2015
* Time: 12:01 AM
*/
require_once "handlers/UserHandler.php";
if (isset($_POST['username']) && $_POST['username'] != "") {
UserHandler::login($_POST['username']);
SessionsHandler::redirect('chatroom.php');
}
require_once "header.php";
?>
<div class="login-card">
<h1>Log-in</h1><br>
<form id="login_form" action="login.php" method="post">
<input type="text" name="username" placeholder="Username">
<input type="submit" name="login" class="login button" value="login">
</form>
<div class="login-help">
There is no password
</div>
</div>
<?php
require_once "footer.php";
/**
* Validation check.
* Checks if journal allows user registration.
*/
function validate()
{
parent::validate(false);
$journal = Request::getJournal();
if ($journal != null) {
$journalSettingsDao =& DAORegistry::getDAO('JournalSettingsDAO');
if ($journalSettingsDao->getSetting($journal->getJournalId(), 'disableUserReg')) {
// Users cannot register themselves for this journal
RegistrationHandler::registrationDisabled();
exit;
}
}
}
function payMembership($args)
{
UserHandler::validate();
UserHandler::setupTemplate();
import('payment.ojs.OJSPaymentManager');
$paymentManager =& OJSPaymentManager::getManager();
$journal =& Request::getJournal();
$user =& Request::getUser();
$queuedPayment =& $paymentManager->createQueuedPayment($journal->getJournalId(), PAYMENT_TYPE_MEMBERSHIP, $user->getUserId(), null, $journal->getSetting('membershipFee'));
$queuedPaymentId = $paymentManager->queuePayment($queuedPayment);
$paymentManager->displayPaymentForm($queuedPaymentId, $queuedPayment);
}