function my_page() { if (isset($_REQUEST['subcommand'])) { $subcommand = $_REQUEST['subcommand']; } else { $subcommand = 'updateSettings'; } $user = $_SESSION['User']; $template['TITLE'] = dgettext('users', 'Change my Settings'); switch ($subcommand) { case 'updateSettings': if (isset($_GET['save'])) { $template['MESSAGE'] = dgettext('users', 'User settings updated.'); } $content = User_Settings::userForm($user); break; case 'postUser': User_Settings::setTZ(); User_Settings::rememberMe(); User_Settings::setCP(); $result = User_Action::postUser($user, FALSE); if (is_array($result)) { $content = User_Settings::userForm($user, $result); } else { if (PHPWS_Error::logIfError($user->save())) { $content = dgettext('users', 'An error occurred while updating your user account.'); } else { $_SESSION['User'] = $user; PHPWS_Core::reroute('index.php?module=users&action=user&tab=users&save=1'); } } break; } $template['CONTENT'] = $content; return PHPWS_Template::process($template, 'users', 'my_page/main.tpl'); }
/** * Form for adding and choosing default authorization scripts */ public static function authorizationSetup() { $template = array(); PHPWS_Core::initCoreClass('File.php'); $auth_list = User_Action::getAuthorizationList(); $db = new PHPWS_DB('users_groups'); $db->addOrder('name'); $db->addColumn('name'); $db->addColumn('id'); $db->setIndexBy('id'); $db->addWhere('user_id', 0); $groups = $db->select('col'); if (PHPWS_Error::logIfError($groups)) { $groups = array(0 => dgettext('users', '- None -')); } else { $groups = array("0" => dgettext('users', '- None -')) + $groups; } foreach ($auth_list as $auth) { $file_compare[] = $auth['filename']; } $form = new PHPWS_Form(); $form->addHidden('module', 'users'); $form->addHidden('action', 'admin'); $form->addHidden('command', 'postAuthorization'); $file_list = PHPWS_File::readDirectory(PHPWS_SOURCE_DIR . 'mod/users/scripts/', FALSE, TRUE, FALSE, array('php')); if (!empty($file_list)) { $remaining_files = array_diff($file_list, $file_compare); } else { $remaining_files = NULL; } if (empty($remaining_files)) { $template['FILE_LIST'] = dgettext('users', 'No new scripts found'); } else { $form->addSelect('file_list', $remaining_files); $form->reindexValue('file_list'); $form->addSubmit('add_script', dgettext('users', 'Add Script File')); } $form->mergeTemplate($template); $form->addSubmit('submit', dgettext('users', 'Update authorization scripts')); $template = $form->getTemplate(); $template['AUTH_LIST_LABEL'] = dgettext('users', 'Authorization Scripts'); $template['DEFAULT_LABEL'] = dgettext('users', 'Default'); $template['DISPLAY_LABEL'] = dgettext('users', 'Display Name'); $template['FILENAME_LABEL'] = dgettext('users', 'Script Filename'); $template['DEFAULT_GROUP_LABEL'] = dgettext('users', 'Default group'); $template['ACTION_LABEL'] = dgettext('users', 'Action'); $default_authorization = PHPWS_User::getUserSetting('default_authorization'); foreach ($auth_list as $authorize) { $links = array(); extract($authorize); if ($default_authorization == $id) { $checked = 'checked="checked"'; } else { $checked = NULL; } $getVars['module'] = 'users'; $getVars['action'] = 'admin'; $getVars['command'] = 'dropScript'; if ($filename != 'local.php' && $filename != 'global.php') { $vars['QUESTION'] = dgettext('users', 'Are you sure you want to drop this authorization script?'); $vars['ADDRESS'] = sprintf('index.php?module=users&action=admin&command=dropAuthScript&script_id=%s&authkey=%s', $id, Current_User::getAuthKey()); $vars['LINK'] = dgettext('users', 'Drop'); $links[1] = javascript('confirm', $vars); } $getVars['command'] = 'editScript'; // May enable this later. No need for an edit link right now. // $links[2] = PHPWS_Text::secureLink(dgettext('users', 'Edit'), 'users', $getVars); $row['CHECK'] = sprintf('<input type="radio" name="default_authorization" value="%s" %s />', $id, $checked); $form = new PHPWS_Form(); $form->addSelect("default_group[{$id}]", $groups); $form->setMatch("default_group[{$id}]", $default_group); $row['DEFAULT_GROUP'] = $form->get("default_group[{$id}]"); $row['DISPLAY_NAME'] = $display_name; $row['FILENAME'] = $filename; if (!empty($links)) { $row['ACTION'] = implode(' | ', $links); } else { $row['ACTION'] = dgettext('users', 'None'); } $template['auth-rows'][] = $row; } return PHPWS_Template::process($template, 'users', 'forms/authorization.tpl'); }
function prepare(&$controller, &$xoopsUser, $moduleConfig) { parent::prepare($controller, $xoopsUser, $moduleConfig); $this->_mAllowRegister = $moduleConfig['allow_register']; }
/** * @author Matthew McNaney <mcnaney at gmail dot com> * @version $Id$ */ function users_update(&$content, $currentVersion) { $home_dir = PHPWS_Boost::getHomeDir(); switch ($currentVersion) { case version_compare($currentVersion, '2.2.0', '<'): $content[] = 'This package does not update versions under 2.2.0'; return false; case version_compare($currentVersion, '2.2.1', '<'): $content[] = '+ Fixed a bug causing conflicts between user and group permissions.'; case version_compare($currentVersion, '2.2.2', '<'): $content[] = '+ Set username to the same character size in both users table and user_authorization.'; $content[] = '+ Fixed typo causing branch installation failure on Postgresql.'; case version_compare($currentVersion, '2.3.0', '<'): $content[] = '<pre> 2.3.0 changes ------------------------ + Added translate function calls in classes and my_page.php + my_page hides translation option if language defines disable selection + Added a unrestricted only parameter to Current_User\'s allow and authorize functions + Dropped references from some constructors + Added error check to setPermissions function: won\'t accept empty group id + Changed id default to zero. + Removed unneeded function parameter on getGroups </pre> '; case version_compare($currentVersion, '2.3.1', '<'): $content[] = '<pre>'; $files = array('templates/my_page/user_setting.tpl'); userUpdateFiles($files, $content); $content[] = ' 2.3.1 changes ------------------------ + Added ability for user to set editor preferences </pre> '; case version_compare($currentVersion, '2.3.2', '<'): $content[] = '<pre>2.3.2 changes'; $files = array('img/users.png', 'templates/user_main.tpl'); userUpdateFiles($files, $content); $content[] = '+ Added error check to login. + Changed user control panel icon. + Fixed template typo that broke IE login. + Removed fake French translation (delete mod/users/locale/fr_FR/ directory + Permissions are now ordered alphabetically. + isUser will now always return false if passed a zero id. + Added new function requireLogin that forwards a user to the login screen </pre>'; case version_compare($currentVersion, '2.4.0', '<'): if (!PHPWS_DB::isTable('users_pw_reset')) { $new_table = 'CREATE TABLE users_pw_reset ( user_id INT NOT NULL default 0, authhash CHAR( 32 ) NOT NULL default 0, timeout INT NOT NULL default 0, );'; if (!PHPWS_DB::import($new_table)) { $content[] = 'Unable to create users_pw_reset table.'; return false; } else { $content[] = 'Created new table: users_pw_reset'; } } $files = array('templates/forms/reset_password.tpl', 'templates/forms/forgot.tpl', 'conf/config.php', 'templates/usermenus/top.tpl', 'templates/forms/settings.tpl', 'templates/my_page/user_setting.tpl'); $content[] = '<pre>'; userUpdatefiles($files, $content); if (!PHPWS_Boost::inBranch()) { $content[] = file_get_contents(PHPWS_SOURCE_DIR . 'mod/users/boost/changes/2_4_0.txt'); } $content[] = '</pre>'; case version_compare($currentVersion, '2.4.1', '<'): $content[] = '<pre>'; $files = array('conf/languages.php'); userUpdateFiles($files, $content); $content[] = ' 2.4.1 changes ------------------------ + Default item id on permission check functions is now zero instead of null. This will make checking permissions a little easier on new items. + Bug #1690657 - Changed group select js property to onclick instead of onchange. Thanks singletrack. + Changed the language abbreviation for Danish </pre> '; case version_compare($currentVersion, '2.4.2', '<'): $content[] = '<pre>'; $files = array('templates/usermenus/Default.tpl'); userUpdateFiles($files, $content); if (!PHPWS_Boost::inBranch()) { $content[] = file_get_contents(PHPWS_SOURCE_DIR . 'mod/users/boost/changes/2_4_2.txt'); } $content[] = '</pre>'; case version_compare($currentVersion, '2.4.3', '<'): $content[] = '<pre>'; if (!PHPWS_Boost::inBranch()) { $content[] = file_get_contents(PHPWS_SOURCE_DIR . 'mod/users/boost/changes/2_4_3.txt'); } $content[] = '</pre>'; case version_compare($currentVersion, '2.4.4', '<'): $content[] = '<pre>'; $source_dir = PHPWS_SOURCE_DIR . 'mod/users/javascript/'; $dest_dir = $home_dir . 'javascript/modules/users/'; if (PHPWS_File::copy_directory($source_dir, $dest_dir, true)) { $content[] = "--- Successfully copied {$source_dir} to {$dest_dir}"; } else { $content[] = "--- Could not copy {$source_dir} to {$dest_dir}"; } $files = array('conf/error.php', 'templates/forms/permissions.tpl', 'templates/forms/permission_pop.tpl'); userUpdateFiles($files, $content); if (!PHPWS_Boost::inBranch()) { $content[] = file_get_contents(PHPWS_SOURCE_DIR . 'mod/users/boost/changes/2_4_4.txt'); } $content[] = '</pre>'; case version_compare($currentVersion, '2.4.5', '<'): $content[] = '<pre>'; $files = array('conf/error.php', 'conf/languages.php', 'templates/forms/settings.tpl', 'templates/manager/groups.tpl'); userUpdateFiles($files, $content); if (!PHPWS_Boost::inBranch()) { $content[] = file_get_contents(PHPWS_SOURCE_DIR . 'mod/users/boost/changes/2_4_5.txt'); } $content[] = '</pre>'; case version_compare($currentVersion, '2.4.6', '<'): $content[] = '<pre>'; $files = array('templates/forms/forgot.tpl'); userUpdateFiles($files, $content); if (!PHPWS_Boost::inBranch()) { $content[] = ' 2.4.6 changes ------------------- + Added error check to permission menu. + Error for missing user groups now reports user id. + Forgot password will work if CAPTCHA is disabled. + Using new savePermissions function instead of save. + Current_User was calling giveItemPermissions incorrectly.'; } $content[] = '</pre>'; case version_compare($currentVersion, '2.4.7', '<'): $content[] = '<pre> 2.4.7 changes ------------------- + Removed global authorization from change password check since it is not written yet. </pre>'; case version_compare($currentVersion, '2.4.9', '<'): $content[] = '<pre>'; if (PHPWS_Core::isBranch() || PHPWS_Boost::inBranch()) { $user_db = new PHPWS_DB('users'); $user_db->addWhere('deity', 1); $user_db->addColumn('id'); $user_db->addColumn('username'); $user_db->setIndexBy('id'); $user_ids = $user_db->select('col'); if (!empty($user_ids) && !PHPWS_Error::logIfError($user_ids)) { $group_db = new PHPWS_DB('users_groups'); foreach ($user_ids as $id => $username) { $group_db->addWhere('user_id', $id); $result = $group_db->select('row'); if (!$result) { $group_db->reset(); $group_db->addValue('active', 1); $group_db->addValue('name', $username); $group_db->addValue('user_id', $id); if (!PHPWS_Error::logIfError($group_db->insert())) { $content[] = '--- Created missing group for user: '******'2.4.9 changes ----------------- + Raised sql character limit in default username, display_name, and group name installs. + Fixed bug with forbidden usernames + Added a function to group to remove its permissions upon deletion. + Bookmark won\'t return a user to a authkey page if their session dies. + Fixed bug #1850815 : unknown function itemIsAllowed in Permission.php + My Pages are unregistered on module removal. + My Page tab stays fixed. </pre>'; case version_compare($currentVersion, '2.5.0', '<'): $content[] = '<pre>'; $files = array('templates/forms/memberlist.tpl', 'templates/forms/userForm.tpl', 'javascript/generate/head.js', 'templates/manager/groups.tpl', 'templates/manager/users.tpl'); userUpdateFiles($files, $content); $content[] = '2.5.0 changes ------------------- + Members\' names alphabetized + New user email notification added. + Fixed member listing dropping names past 10. + Added random password generator on user edit form. + Removed reference from Action.php causing php notice. + Changed redundant static method call in Permission. + Added dash to allowed display name characters. + Added \\pL to display name characters. + Users will now query modules should a user get deleted. + Added an error check to Permissions. + Users will now look for remove_user.php in all modules\' inc/ directory in order to run the remove_user function. + Using pager\'s addSortHeaders in user and group listing + Added display name to pager search. </pre>'; case version_compare($currentVersion, '2.6.0', '<'): $content[] = '<pre>'; Users_Permission::registerPermissions('users', $content); $db = new PHPWS_DB('users_auth_scripts'); $db->addWhere('filename', 'local.php'); $db->addColumn('id'); $auth_id = $db->select('one'); PHPWS_Settings::set('users', 'local_script', $auth_id); PHPWS_Settings::save('users'); $files = array('conf/languages.php', 'templates/my_page/user_setting.tpl', 'templates/usermenus/css.tpl', 'img/permission.png', 'templates/forms/userForm.tpl'); userUpdateFiles($files, $content); if (!PHPWS_Boost::inBranch()) { $content[] = file_get_contents(PHPWS_SOURCE_DIR . 'mod/users/boost/changes/2_6_0.txt'); } $content[] = '</pre>'; case version_compare($currentVersion, '2.6.1', '<'): $content[] = '<pre>2.6.1 changes ------------------ + requireLogin now reroutes dependant on the user authorization + If the user\'s group is missing when they are updated, a new one is properly created. Prior to the fix, a new group was created without an assigned user id. + Added error message to my page if update goes bad. </pre>'; case version_compare($currentVersion, '2.6.2', '<'): $content[] = '<pre>'; $files = array('templates/forms/settings.tpl'); userUpdateFiles($files, $content); $content[] = '2.6.2 changes ------------------ + Moved error file to inc/ + Blank passwords forbidden. + Error check added to cosign authorization. + php fiveasized the classes. + Added some needed error logging to user creation problems + Added ability for default user groups to be set for admin created and newly joined users. + Fixed testing on addMembers. Previous code was nonsensical. + _user_group id gets set upon a user object save. </pre>'; case version_compare($currentVersion, '2.6.3', '<'): $content[] = '<pre>'; $files = array('img/deity.gif', 'img/delete.png', 'img/edit.png', 'img/man.gif', 'img/key.png', 'img/members.png', 'templates/forms/authorization.tpl', 'templates/forms/settings.tpl', 'templates/manager/users.tpl'); userUpdateFiles($files, $content); $db = new PHPWS_DB('users_auth_scripts'); PHPWS_Error::logIfError($db->addTableColumn('default_group', 'int not null default 0')); $content[] = '2.6.3 changes ------------------ + Added icons for admin options under manage users and groups + Disabled active link in groups listing + Authorization scripts now have default group assignments. New members will assigned to a group based on their authorization method. + Removed default group by user or admin from settings. + Added ability to view users by whether or not they are in a particular group. + Added pager caching to group listing + Display name may now not be the same as another user\'s username + Extended user name error to include display name + Added empty password check to ldap script </pre>'; case version_compare($currentVersion, '2.6.4', '<'): $db = new PHPWS_DB('users_auth_scripts'); PHPWS_Error::logIfError($db->addTableColumn('default_group', 'int not null default 0')); $content[] = '<pre>2.6.4 changes ------------------------- + Added missing column to install.sql</pre>'; case version_compare($currentVersion, '2.6.5', '<'): $content[] = '<pre>'; userUpdateFiles(array('conf/languages.php'), $content); $content[] = '2.6.5 changes ------------------------- + Added missing column to install.sql</pre>'; case version_compare($currentVersion, '2.6.6', '<'): $content[] = '<pre>'; userUpdateFiles(array('templates/forms/userForm.tpl'), $content); $content[] = '2.6.6 changes ----------------------- + Graceful recovery from broken authentication scripts. + Authorization script made deity only + Fixed default groups on external authentication + Deleted auth scripts will update users under it to use local instead. + The user constructor was trying to load the authorization script on failed users. Thanks Verdon.</pre>'; case version_compare($currentVersion, '2.7.0', '<'): $content[] = '<pre>2.7.0 changes ------------------------- + Usernames and passwords can not be changed on non local users + Added switch to settings to prevent admins from making new users + Site admin can be set by non-deities again + Fixed bug with users able to change password on alternate auth. + Fixed some bugs with user creation and editing with alternate authentication. + Hiding permissions and members in create group form + Icon class implemented. + Strict PHP 5 changes made. </pre>'; case version_compare($currentVersion, '2.7.1', '<'): $content[] = '<pre>2.7.1 changes ------------------------- + Improved cosign script + Fixed errors getting dropped without logging. </pre>'; case version_compare($currentVersion, '2.7.2', '<'): $content[] = '<pre>2.7.2 changes ------------------------- + Fixed multiple group member bug. + Cleaned up cosign authentication. + Current_User requireLogin to use login_link instead of login_url + New User form now properly respects the "settings" permission for showing user authentication script option. + User constuction allow username parameter. + Trim whitespace from user email addresses. Don\'t modify the member variable unless all the sanity checks passed. </pre>'; case version_compare($currentVersion, '2.7.3', '<'): PHPWS_Core::initModClass('users', 'Action.php'); User_Action::checkPermissionTables(); $content[] = '<pre>2.7.3 changes ------------------------ + Update permissions </pre>'; case version_compare($currentVersion, '2.7.4', '<'): $content[] = '<pre>2.7.4 changes ------------------------ + Fixed 500 error on My Page </pre>'; case version_compare($currentVersion, '2.7.5', '<'): $content[] = '<pre>2.7.5 changes ------------------------ + Loosened group name restrictions + User edit page shows group membership </pre>'; case version_compare($currentVersion, '2.7.6', '<'): $content[] = '<pre>2.7.6 changes ------------------------ + Updated icons to Font Awesome + Email addresses may now be used as user names. + Static method call fixed. + Added exception error for missing authorization file. + My Page no longer is using tabs as other modules use of My Page have been removed. + css.tpl template rewritten. Login now works closer with authentication script. - drop down no longer contains Home or Control Panel. Account link added - takes user to their account page to change their password. </pre>'; case version_compare($currentVersion, '2.8.0', '<'): $content[] = <<<EOF <pre>2.8.0 changes ----------------- + Added suggested bootstrap classes from TRF + Removed call to nonexistent method. + Moved icons to left and set admin-icons class to column. + Added FA icon here for mini admin + Changed to ensure users_auth_scripts table was created properly + Session timeouts are now tracked. Warning to user given before failure. </pre> EOF; case version_compare($currentVersion, '2.8.1', '<'): \PHPWS_Settings::set('users', 'session_warning', 0); \PHPWS_Settings::save('users'); $content[] = <<<EOF <pre>2.8.1 changes ----------------- + Changing default on user session to false. If you want it enabled, do so in settings. </pre> EOF; case version_compare($currentVersion, '2.8.2', '<'): $content[] = <<<EOF <pre>2.8.2 changes ----------------- + Bug Fix: Unstyled permission pop up. </pre> EOF; } // End of switch statement return TRUE; }
include '../../core/conf/404.html'; exit; } if (!isset($_REQUEST['action'])) { PHPWS_Core::errorPage('404'); } if (!class_exists('PHPWS_User')) { PHPWS_Error::log('PHPWS_CLASS_NOT_CONSTRUCTED', 'core', NULL, 'Class: PHPWS_Users'); return; } PHPWS_Core::initModClass('users', 'Action.php'); switch ($_REQUEST['action']) { case 'user': User_Action::userAction(); break; case 'admin': User_Action::adminAction(); break; case 'permission': User_Action::permission(); break; case 'popup_permission': User_Action::popupPermission(); exit; break; case 'reset': $_SESSION['User'] = new PHPWS_User(); PHPWS_Core::home(); break; } // End area switch
public static function getAllGroups() { PHPWS_Core::initModClass('users', 'Action.php'); return User_Action::getGroups('group'); }
public function postForgot(&$content) { if (empty($_POST['fg_username']) && empty($_POST['fg_email'])) { $content = dgettext('users', 'You must enter either a username or email address.'); return false; } if (!empty($_POST['fg_username'])) { $username = $_POST['fg_username']; if (preg_match('/\'|"/', html_entity_decode(strip_tags($username), ENT_QUOTES))) { $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.'); return false; } $db = new PHPWS_DB('users'); $db->addWhere('username', strtolower($username)); $db->addColumn('email'); $db->addColumn('id'); $db->addColumn('deity'); $db->addColumn('authorize'); $user_search = $db->select('row'); if (PHPWS_Error::logIfError($user_search)) { $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.'); return false; } elseif (empty($user_search)) { $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.'); return false; } else { if ($user_search['deity'] && !ALLOW_DEITY_FORGET) { Security::log(dgettext('users', 'Forgotten password attempt made on a deity account.')); $content = dgettext('users', 'User name not found. Check your spelling or enter an email address instead.'); return false; } if ($user_search['authorize'] != 1) { $content = sprintf(dgettext('users', 'Sorry but your authorization is not checked on this site. Please contact %s for information on reseting your password.'), PHPWS_User::getUserSetting('site_contact')); return false; } if (PHPWS_Core::isPosted()) { $content = dgettext('users', 'Please check your email for a response.'); return true; } if (empty($user_search['email'])) { $content = dgettext('users', 'Your email address is missing from your account. Please contact the site administrators.'); PHPWS_Error::log(USER_ERR_NO_EMAIL, 'users', 'User_Action::postForgot'); return true; } if (User_Action::emailPasswordReset($user_search['id'], $user_search['email'])) { $content = dgettext('users', 'We have sent you an email to reset your password.'); return true; } else { $content = dgettext('users', 'We are currently unable to send out email reminders. Try again later.'); return true; } } } elseif (!empty($_POST['fg_email'])) { $email = $_POST['fg_email']; if (preg_match('/\'|"/', html_entity_decode(strip_tags($email), ENT_QUOTES))) { $content = dgettext('users', 'Email address not found. Please try again.'); return false; } if (!PHPWS_Text::isValidInput($email, 'email')) { $content = dgettext('users', 'Email address not found. Please try again.'); return false; } $db = new PHPWS_DB('users'); $db->addWhere('email', $email); $db->addColumn('username'); $user_search = $db->select('row'); if (PHPWS_Error::logIfError($user_search)) { $content = dgettext('users', 'Email address not found. Please try again.'); return false; } elseif (empty($user_search)) { $content = dgettext('users', 'Email address not found. Please try again.'); return false; } else { if (PHPWS_Core::isPosted()) { $content = dgettext('users', 'Please check your email for a response.'); return true; } if (User_Action::emailUsernameReminder($user_search['username'], $email)) { $content = dgettext('users', 'We have sent you an user name reminder. Please check your email and return to log in.'); return true; } else { $content = dgettext('users', 'We are currently unable to send out email reminders. Try again later.'); return true; } } } }
public static function settings() { $form = new PHPWS_Form(); $form->addHidden('module', 'blog'); $form->addHidden('action', 'admin'); $form->addHidden('command', 'post_settings'); $form->addText('blog_limit', PHPWS_Settings::get('blog', 'blog_limit')); $form->setSize('blog_limit', 2, 2); $form->setLabel('blog_limit', dgettext('blog', 'Entries shown per page')); $form->addCssClass('blog_limit', 'form-control'); $form->addText('past_entries', PHPWS_Settings::get('blog', 'past_entries')); $form->setLabel('past_entries', dgettext('blog', 'Previous entries shown')); $form->setSize('past_entries', 2, 2); $form->addCssClass('past_entries', 'form-control'); // Show/hide posted on date $form->addCheck('show_posted_date', 1); $form->setLabel('show_posted_date', dgettext('blog', 'Show the date the post was made')); $form->setMatch('show_posted_date', PHPWS_Settings::get('blog', 'show_posted_date')); // Show/hide posted by user full name $form->addCheck('show_posted_by', 1); $form->setLabel('show_posted_by', dgettext('blog', 'Show the author\'s name')); $form->setMatch('show_posted_by', PHPWS_Settings::get('blog', 'show_posted_by')); $form->addCheck('simple_image', 1); $form->setLabel('simple_image', dgettext('blog', 'Use Image Manager')); $form->setMatch('simple_image', PHPWS_Settings::get('blog', 'simple_image')); $form->addCheck('mod_folders_only', 1); $form->setLabel('mod_folders_only', dgettext('blog', 'Hide general image folders')); $form->setMatch('mod_folders_only', PHPWS_Settings::get('blog', 'mod_folders_only')); $form->addCheck('home_page_display', 1); $form->setLabel('home_page_display', dgettext('blog', 'Show blog on home page')); $form->setMatch('home_page_display', PHPWS_Settings::get('blog', 'home_page_display')); $form->addCheck('logged_users_only', 1); $form->setLabel('logged_users_only', dgettext('blog', 'Logged user view only')); $form->setMatch('logged_users_only', PHPWS_Settings::get('blog', 'logged_users_only')); PHPWS_Core::initModClass('users', 'Action.php'); $groups = User_Action::getGroups('group'); if (!empty($groups)) { $group_match = array(); $group_match_str = PHPWS_Settings::get('blog', 'view_only'); if (!empty($group_match_str)) { $group_match = explode(':', $group_match_str); } $form->addMultiple('view_only', $groups); $form->setLabel('view_only', dgettext('blog', 'Limit blog to specific groups')); $form->setMatch('view_only', $group_match); $form->addCssClass('view_only', 'form-control'); } $show[0] = dgettext('blog', 'Do not show'); $show[1] = dgettext('blog', 'Only on home page'); $show[2] = dgettext('blog', 'Always'); $form->addSelect('show_recent', $show); $form->setLabel('show_recent', dgettext('blog', 'Show recent entries')); $form->setMatch('show_recent', PHPWS_Settings::get('blog', 'show_recent')); $form->addCssClass('show_recent', 'form-control'); $form->addTextField('max_width', PHPWS_Settings::get('blog', 'max_width')); $form->setLabel('max_width', dgettext('blog', 'Maximum image width (50-2048)')); $form->setSize('max_width', 4, 4); $form->addCssClass('max_width', 'form-control'); $form->addTextField('max_height', PHPWS_Settings::get('blog', 'max_height')); $form->setLabel('max_height', dgettext('blog', 'Maximum image height (50-2048)')); $form->setSize('max_height', 4, 4); $form->addCssClass('max_height', 'form-control'); $form->addTextArea('comment_script', PHPWS_Settings::get('blog', 'comment_script')); $form->setLabel('comment_script', dgettext('blog', 'Paste in your comment code here (e.g. Disqus, Livefyre, Facebook, etc.)')); $form->addCssClass('comment_script', 'form-control'); $form->addSubmit(dgettext('blog', 'Save settings')); if (Current_User::isDeity()) { $date_script = javascript('datetimepicker', array('format' => 'Y/m/d', 'timepicker' => false, 'id' => 'phpws_form_purge_date'), false, true, true); $form->addText('purge_date', date('Y/m/d', time() - 31536000)); $form->setLabel('purge_date', dgettext('blog', 'Purge all entries before this date')); $form->addCssClass('purge_date', 'form-control datetimepicker'); $form->addSubmit('purge_confirm', dgettext('blog', 'Confirm purge')); $form->setClass('purge_confirm', 'btn btn-danger'); } else { $date_script = null; } $template = $form->getTemplate(); $template['date_script'] = $date_script; if (PHPWS_Settings::get('blog', 'allow_anonymous_submits')) { $template['MENU_LINK'] = PHPWS_Text::secureLink(dgettext('blog', 'Clip for menu'), 'blog', array('action' => 'admin', 'command' => 'menu_submit_link')); } $template['VIEW_LABEL'] = dgettext('blog', 'View'); $template['SUBMISSION_LABEL'] = dgettext('blog', 'Submission'); $template['PAST_NOTE'] = dgettext('blog', 'Set to zero to prevent display'); $template['COMMENTS_LABEL'] = dgettext('blog', 'Commenting'); return PHPWS_Template::process($template, 'blog', 'settings.tpl'); }
/** * Logs in a user dependant on their authorization setting */ public static function loginUser($username, $password = null) { if (!Current_User::allowUsername($username)) { return PHPWS_Error::get(USER_BAD_CHARACTERS, 'users', 'Current_User::loginUser'); } // First check if they are currently a user $user = new PHPWS_User(); $db = new PHPWS_DB('users'); $db->addWhere('username', strtolower($username)); $result = $db->loadObject($user); if (PHPWS_Error::isError($result)) { return $result; } if ($result == false) { if (PHPWS_Error::logIfError($user->setUsername($username))) { return false; } } else { // This user is in the local database if (!$user->approved) { return PHPWS_Error::get(USER_NOT_APPROVED, 'users', 'Current_User::loginUser'); } if (!$user->loadScript()) { Layout::add(dgettext('users', 'Could not load authentication script. Please contact site administrator.')); return false; } } if (!Current_User::loadAuthorization($user)) { Layout::add(dgettext('users', 'Could not load authentication script. Please contact site administrator.')); return false; } $auth = Current_User::getAuthorization(); $auth->setPassword($password); $result = $auth->authenticate(); if (PHPWS_Error::isError($result)) { return $result; } if ($result == true) { // If the user id is zero and the authorization wants a new // user created if (!$user->id && $auth->create_new_user) { $user->setActive(true); $user->setApproved(true); $auth->createUser(); $user->save(); PHPWS_Core::initModClass('users', 'Action.php'); User_Action::assignDefaultGroup($user); } if (!$user->active) { return PHPWS_Error::get(USER_DEACTIVATED, 'users', 'Current_User:loginUser', $user->username); } if ($auth->localUser()) { $user->login(); } unset($_SESSION['User']); $_SESSION['User'] = $user; return true; } else { return false; } }