public function actionSetDefaultPass() { if (isset($_GET['user_ids'])) { $user_ids = explode(",", $_GET['user_ids']); foreach ($user_ids as $user_id) { $userPasswordModel = new UserPassword(); $userPasswordModel->user_id = 1; $userPasswordModel->setPassword("password"); if ($userPasswordModel->save()) { echo "Saved... <br />"; } } } else { echo "<p>?user_ids=user_id,user_id to reset the password of users to 'password'</p>"; } }
/** * Change users current password */ public function actionChangePassword() { if (Yii::app()->user->authMode != User::AUTH_MODE_LOCAL) { throw new CHttpException(500, Yii::t('UserModule.controllers_AccountController', 'You cannot change your password here.')); } $userPassword = new UserPassword('changePassword'); if (isset($_POST['UserPassword'])) { $userPassword->attributes = $_POST['UserPassword']; if ($userPassword->validate()) { $userPassword->user_id = Yii::app()->user->id; $userPassword->setPassword($userPassword->newPassword); $userPassword->save(); return $this->render('changePassword_success'); } } $this->render('changePassword', array('model' => $userPassword)); }
/** * Resets users password based on given token */ public function actionResetPassword() { $user = User::model()->findByAttributes(array('guid' => Yii::app()->request->getQuery('guid'))); if ($user === null || !$this->checkPasswordResetToken($user, Yii::app()->request->getQuery('token'))) { throw new CHttpException('500', 'It looks like you clicked on an invalid password reset link. Please try again.'); } $model = new UserPassword('newPassword'); if (isset($_POST['UserPassword'])) { $model->attributes = $_POST['UserPassword']; if ($model->validate()) { // Clear password reset token $user->setSetting('passwordRecoveryToken', '', 'user'); $model->user_id = $user->id; $model->setPassword($model->newPassword); $model->save(); return $this->render('resetPassword_success'); } } $this->render('resetPassword', array('model' => $model)); }
function create_user($user_data, $permissionsString) { $user = new User(); $user->setUsername(array_var($user_data, 'username')); $user->setDisplayName(array_var($user_data, 'display_name')); $user->setEmail(array_var($user_data, 'email')); $user->setCompanyId(array_var($user_data, 'company_id')); $user->setType(array_var($user_data, 'type')); $user->setTimezone(array_var($user_data, 'timezone')); if (!logged_user() instanceof User || can_manage_security(logged_user())) { $user->setCanEditCompanyData(array_var($user_data, 'can_edit_company_data')); $user->setCanManageSecurity(array_var($user_data, 'can_manage_security')); $user->setCanManageWorkspaces(array_var($user_data, 'can_manage_workspaces')); $user->setCanManageConfiguration(array_var($user_data, 'can_manage_configuration')); $user->setCanManageContacts(array_var($user_data, 'can_manage_contacts')); $user->setCanManageTemplates(array_var($user_data, 'can_manage_templates')); $user->setCanManageReports(array_var($user_data, 'can_manage_reports')); $user->setCanManageTime(array_var($user_data, 'can_manage_time')); $user->setCanAddMailAccounts(array_var($user_data, 'can_add_mail_accounts')); $other_permissions = array(); Hook::fire('add_user_permissions', $user, $other_permissions); foreach ($other_permissions as $k => $v) { $user->setColumnValue($k, array_var($user_data, $k)); } } if (array_var($user_data, 'password_generator', 'random') == 'random') { // Generate random password $password = UserPasswords::generateRandomPassword(); } else { // Validate input $password = array_var($user_data, 'password'); if (trim($password) == '') { throw new Error(lang('password value required')); } // if if ($password != array_var($user_data, 'password_a')) { throw new Error(lang('passwords dont match')); } // if } // if $user->setPassword($password); $user->save(); $user_password = new UserPassword(); $user_password->setUserId($user->getId()); $user_password->setPasswordDate(DateTimeValueLib::now()); $user_password->setPassword(cp_encrypt($password, $user_password->getPasswordDate()->getTimestamp())); $user_password->password_temp = $password; $user_password->save(); if (array_var($user_data, 'autodetect_time_zone', 1) == 1) { set_user_config_option('autodetect_time_zone', 1, $user->getId()); } if ($user->getType() == 'admin') { if ($user->getCompanyId() != owner_company()->getId() || logged_user() instanceof User && !can_manage_security(logged_user())) { // external users can't be admins or logged user has no rights to create admins => set as Normal $user->setType('normal'); } else { $user->setAsAdministrator(true); } } /* create contact for this user*/ if (array_var($user_data, 'create_contact', 1)) { // if contact with same email exists take it, else create new $contact = Contacts::getByEmail($user->getEmail(), true); if (!$contact instanceof Contact) { $contact = new Contact(); $contact->setEmail($user->getEmail()); } else { if ($contact->isTrashed()) { $contact->untrash(); } } $contact->setFirstname($user->getDisplayName()); $contact->setUserId($user->getId()); $contact->setTimezone($user->getTimezone()); $contact->setCompanyId($user->getCompanyId()); $contact->save(); } else { $contact_id = array_var($user_data, 'contact_id'); $contact = Contacts::findById($contact_id); if ($contact instanceof Contact) { // user created from a contact $contact->setUserId($user->getId()); $contact->save(); } else { // if contact with same email exists use it as user's contact, without changing it $contact = Contacts::getByEmail($user->getEmail(), true); if ($contact instanceof Contact) { $contact->setUserId($user->getId()); if ($contact->isTrashed()) { $contact->untrash(); } $contact->save(); } } } $contact = $user->getContact(); if ($contact instanceof Contact) { // update contact data with data entered for this user $contact->setCompanyId($user->getCompanyId()); if ($contact->getEmail() != $user->getEmail()) { // make user's email the contact's main email address if ($contact->getEmail2() == $user->getEmail()) { $contact->setEmail2($contact->getEmail()); } else { if ($contact->getEmail3() == $user->getEmail()) { $contact->setEmail3($contact->getEmail()); } else { if ($contact->getEmail2() == "") { $contact->setEmail2($contact->getEmail()); } else { $contact->setEmail3($contact->getEmail()); } } } } $contact->setEmail($user->getEmail()); $contact->save(); } if (!$user->isGuest()) { /* create personal project or assing the selected*/ //if recived a personal project assing this //project as personal project for this user $new_project = null; $personalProjectId = array_var($user_data, 'personal_project', 0); $project = Projects::findById($personalProjectId); if (!$project instanceof Project) { $project = new Project(); $wname = new_personal_project_name($user->getUsername()); $project->setName($wname); $wdesc = Localization::instance()->lang(lang('personal workspace description')); if (!is_null($wdesc)) { $project->setDescription($wdesc); } $project->setCreatedById($user->getId()); $project->save(); //Save to set an ID number $project->setP1($project->getId()); //Set ID number to the first project $project->save(); $new_project = $project; } $user->setPersonalProjectId($project->getId()); $project_user = new ProjectUser(); $project_user->setProjectId($project->getId()); $project_user->setUserId($user->getId()); $project_user->setCreatedById($user->getId()); $project_user->setAllPermissions(true); $project_user->save(); /* end personal project */ } $user->save(); ApplicationLogs::createLog($user, null, ApplicationLogs::ACTION_ADD); //TODO - Make batch update of these permissions if ($permissionsString && $permissionsString != '') { $permissions = json_decode($permissionsString); } else { $permissions = null; } if (is_array($permissions) && (!logged_user() instanceof User || can_manage_security(logged_user()))) { foreach ($permissions as $perm) { if (ProjectUser::hasAnyPermissions($perm->pr, $perm->pc)) { if (!$personalProjectId || $personalProjectId != $perm->wsid) { $relation = new ProjectUser(); $relation->setProjectId($perm->wsid); $relation->setUserId($user->getId()); $relation->setCheckboxPermissions($perm->pc, $user->isGuest() ? false : true); $relation->setRadioPermissions($perm->pr, $user->isGuest() ? false : true); $relation->save(); } } } } // if if ($new_project instanceof Project && logged_user() instanceof User && logged_user()->isProjectUser($new_project)) { evt_add("workspace added", array("id" => $new_project->getId(), "name" => $new_project->getName(), "color" => $new_project->getColor())); } // Send notification... try { if (array_var($user_data, 'send_email_notification')) { Notifier::newUserAccount($user, $password); } // if } catch (Exception $e) { } // try return $user; }
/** * Edit logged user password * * @access public * @param void * @return null */ function edit_password() { $user = Users::findById(get_id()); if (!$user instanceof User) { flash_error(lang('user dnx')); ajx_current("empty"); return; } // if if (!$user->canUpdateProfile(logged_user())) { flash_error(lang('no access permissions')); ajx_current("empty"); return; } // if $redirect_to = array_var($_GET, 'redirect_to'); if (trim($redirect_to) == '' || !is_valid_url($redirect_to)) { $redirect_to = $user->getCardUrl(); } // if tpl_assign('redirect_to', null); $password_data = array_var($_POST, 'password'); tpl_assign('user', $user); if (is_array($password_data)) { $old_password = array_var($password_data, 'old_password'); $new_password = array_var($password_data, 'new_password'); $new_password_again = array_var($password_data, 'new_password_again'); try { if (!logged_user()->isAdministrator()) { if (trim($old_password) == '') { throw new Error(lang('old password required')); } // if if (!$user->isValidPassword($old_password)) { throw new Error(lang('invalid old password')); } // if } // if if (trim($new_password) == '') { throw new Error(lang('password value required')); } // if if ($new_password != $new_password_again) { throw new Error(lang('passwords dont match')); } // if $user_password = new UserPassword(); $user_password->setUserId(get_id()); $user_password->password_temp = $new_password; $user_password->setPasswordDate(DateTimeValueLib::now()); $user_password->setPassword(cp_encrypt($new_password, $user_password->getPasswordDate()->getTimestamp())); $user_password->save(); $user->setPassword($new_password); $user->setUpdatedOn(DateTimeValueLib::now()); $user->save(); if ($user->getId() == logged_user()->getId()) { CompanyWebsite::instance()->logUserIn($user, Cookie::getValue("remember", 0)); } ApplicationLogs::createLog($user, null, ApplicationLogs::ACTION_EDIT); flash_success(lang('success edit user', $user->getUsername())); ajx_current("back"); } catch (Exception $e) { DB::rollback(); ajx_current("empty"); flash_error($e->getMessage()); } // try } // if }
function reset_password() { $tok = array_var($_GET, 't'); $uid = array_var($_GET, 'uid'); if (!$tok || !$uid) { flash_error(lang('invalid parameters')); $this->redirectTo('access', 'login'); } $user = Users::findById($uid); if (!$user instanceof User) { flash_error(lang('user dnx')); $this->redirectTo('access', 'login'); } $stok = user_config_option('reset_password', null, $user->getId()); if (!$stok) { flash_error(lang('reset password expired', lang('forgot password'))); $this->redirectTo('access', 'login'); } $split = explode(";", $stok); if (count($split) < 2) { flash_error(lang('reset password expired', lang('forgot password'))); $this->redirectTo('access', 'login'); } $token = $split[0]; $timestamp = $split[1]; if ($timestamp < time()) { set_user_config_option('reset_password', '', $user->getId()); flash_error(lang('reset password expired', lang('forgot password'))); $this->redirectTo('access', 'login'); } if ($token != $tok) { flash_error(lang('reset password expired', lang('forgot password'))); $this->redirectTo('access', 'login'); } tpl_assign('token', $token); tpl_assign('user', $user); $new_password = array_var($_POST, 'new_password'); if ($new_password) { $repeat_password = array_var($_POST, 'repeat_password'); if ($new_password != $repeat_password) { flash_error(lang('passwords dont match')); return; } $user_password = new UserPassword(); $user_password->setUserId($user->getId()); $user_password->password_temp = $new_password; $user_password->setPasswordDate(DateTimeValueLib::now()); $user_password->setPassword(cp_encrypt($new_password, $user_password->getPasswordDate()->getTimestamp())); $user_password->save(); $user->setPassword($new_password); $user->setUpdatedOn(DateTimeValueLib::now()); $user->save(); set_user_config_option('reset_password', '', $user->getId()); flash_success(lang('success reset password')); $this->redirectTo('access', 'login'); } }