/**
* Fetch an account
*
* @param integer $id the account id to fetch
* @param boolean $use_cache read the record from the cache, should (just about) always be true
*
* @return object the account as a phpgw_account derived object
*/
public function get($id, $use_cache = true)
{
$id = (int) $id;
$account = null;
static $cache = array();
if (isset($cache[$id])) {
return $cache[$id];
}
if ($use_cache) {
$account = phpgwapi_cache::system_get('phpgwapi', "account_{$id}");
if (is_object($account)) {
return $account;
}
}
$this->db->query("SELECT * FROM phpgw_accounts WHERE account_id = {$id}", __LINE__, __FILE__);
if ($this->db->next_record()) {
$record = array('id' => $this->db->f('account_id'), 'lid' => $this->db->f('account_lid'), 'passwd_hash' => $this->db->f('account_pwd', true), 'firstname' => $this->db->f('account_firstname', true), 'lastname' => $this->db->f('account_lastname', true), 'last_login' => $this->db->f('account_lastlogin'), 'last_login_from' => $this->db->f('account_lastloginfrom'), 'last_passwd_change' => $this->db->f('account_lastpwd_change'), 'enabled' => $this->db->f('account_status') == 'A', 'expires' => $this->db->f('account_expires'), 'person_id' => $this->db->f('person_id'), 'quota' => $this->db->f('account_quota'), 'type' => $this->db->f('account_type'));
if ($this->db->f('account_type') == 'g') {
$account = new phpgwapi_group();
} else {
$account = new phpgwapi_user();
}
$account->init($record);
phpgwapi_cache::system_set('phpgwapi', "account_{$id}", $account);
}
$cache[$id] = $account;
return $account;
}
/**
* Update the account data
*
* @param array $data the account data to use
*
* @return object the account
*
* @internal does not write it to the storage backend
*/
public function update_data($data)
{
if ($this->get_type($data->id) == 'g') {
$account = new phpgwapi_group();
} else {
$account = new phpgwapi_user();
}
$account->init($data);
$this->account = $account;
return $this->account;
}
/**
* Validate the data for the admin user account
*
* @param string &$username the login id for the admin user -
* @param string $passwd the password for the new user
* @param string $passwd2 the verification password for the new user
* @param string $fname the first name of the administrator
* @param string $lname the lastname of the administrator
*
* @return array list of errors - empty array if valid
*
* @internal we pass the username by ref so it can be unset if invalid
*/
function validate_admin(&$username, $passwd, &$passwd2, $fname, $lname)
{
phpgw::import_class('phpgwapi.globally_denied');
$errors = array();
if ($passwd != $passwd2) {
$errors[] = lang('Passwords did not match, please re-enter');
} else {
$account = new phpgwapi_user();
try {
$account->validate_password($passwd);
} catch (Exception $e) {
$errors[] = $e->getMessage();
}
}
if (!$username) {
$errors[] = lang('You must enter a username for the admin');
} else {
if (phpgwapi_globally_denied::user($username)) {
$errors[] = lang('You can not use %1 as the admin username, please try again with another username', $username);
$username = '';
}
}
return $errors;
}
/**
* Saves a new user (account) or update an existing one
*
* @param array &$values Account details
*
* @return integer the account id - 0 = error
*/
function save_user(&$values)
{
if (!is_array($values)) {
throw new Exception(lang('Invalid data'));
}
if (!(isset($values['id']) && $values['id']) && $GLOBALS['phpgw']->acl->check('account_access', phpgwapi_acl::ADD, 'admin')) {
throw new Exception(lang('no permission to add users'));
}
if ($values['id']) {
$user = $GLOBALS['phpgw']->accounts->get($values['id']);
} else {
$user = new phpgwapi_user();
}
if (isset($values['expires_never']) && $values['expires_never']) {
$values['expires'] = -1;
$values['account_expires'] = $values['expires'];
} else {
$date_valid = checkdate($values['account_expires_month'], $values['account_expires_day'], $values['account_expires_year']);
if (!$date_valid) {
throw new Exception(lang('You have entered an invalid expiration date'));
}
$values['expires'] = mktime(2, 0, 0, $values['account_expires_month'], $values['account_expires_day'], $values['account_expires_year']);
$values['account_expires'] = $values['expires'];
}
if (!$user->old_loginid && !$values['passwd']) {
throw new Exception('You must enter a password');
}
if (!$values['lid']) {
throw new Exception(lang('You must enter a loginid'));
}
if ($user->old_loginid != $values['lid']) {
if ($GLOBALS['phpgw']->accounts->exists($values['lid'])) {
throw new Exception(lang('That loginid has already been taken'));
}
}
if ($values['passwd'] || $values['passwd_2']) {
if ($values['passwd'] != $values['passwd_2']) {
throw new Exception(lang('The passwords don\'t match'));
}
}
if (!count($values['account_permissions']) && !count($values['account_groups'])) {
throw new Exception(lang('You must add at least 1 application or group to this account'));
}
$user_data = array('id' => (int) $values['id'], 'lid' => $values['lid'], 'firstname' => $values['firstname'], 'lastname' => $values['lastname'], 'enabled' => isset($values['enabled']) ? $values['enabled'] : '', 'expires' => $values['expires'], 'quota' => $values['quota']);
if ($values['passwd']) {
$user_data['passwd'] = $values['passwd'];
}
if (false) {
$user_data['homedirectory'] = $values['homedirectory'];
$user_data['loginshell'] = $values['loginshell'];
}
$groups = $values['account_groups'];
$acls = array();
if (isset($values['changepassword']) && $values['changepassword']) {
$acls[] = array('appname' => 'preferences', 'location' => 'changepassword', 'rights' => 1);
}
if (isset($values['anonymous']) && $values['anonymous']) {
$acls[] = array('appname' => 'phpgwapi', 'location' => 'anonymous', 'rights' => 1);
}
$apps_admin = $values['account_permissions_admin'] ? array_keys($values['account_permissions_admin']) : array();
foreach ($apps_admin as $app_admin) {
$acls[] = array('appname' => $app_admin, 'location' => 'admin', 'rights' => phpgwapi_acl::ADD);
}
$apps = $values['account_permissions'] ? array_keys($values['account_permissions']) : array();
unset($values['account_groups'], $values['account_permissions'], $values['account_permissions_admin']);
try {
foreach ($user_data as $key => $val) {
$user->{$key} = $val;
}
} catch (Exception $e) {
throw $e;
}
if ($user->id) {
phpgwapi_cache::user_clear('phpgwapi', 'menu', $user->id);
}
if (!$user->is_dirty()) {
return $user->id;
}
if ($user->id) {
if ($GLOBALS['phpgw']->accounts->update_user($user, $groups, $acls, $apps)) {
return $user->id;
}
} else {
return $GLOBALS['phpgw']->accounts->create($user, $groups, $acls, $apps);
return $user->id;
}
return 0;
}
}
$GLOBALS['phpgw']->template->set_file(array('form' => 'changepassword.tpl'));
$GLOBALS['phpgw']->template->set_var('lang_enter_password', lang('Enter your new password'));
$GLOBALS['phpgw']->template->set_var('lang_reenter_password', lang('Re-enter your password'));
$GLOBALS['phpgw']->template->set_var('lang_change', lang('Change'));
$GLOBALS['phpgw']->template->set_var('lang_cancel', lang('Cancel'));
$GLOBALS['phpgw']->template->set_var('form_action', $GLOBALS['phpgw']->link('/preferences/changepassword.php'));
if ($GLOBALS['phpgw_info']['server']['auth_type'] != 'ldap') {
$GLOBALS['phpgw']->template->set_var('sql_message', lang('note: This feature does *not* change your email password. This will ' . 'need to be done manually.'));
}
if (isset($_POST['change']) && $_POST['change']) {
$errors = array();
if ($n_passwd != $n_passwd_2) {
$errors[] = lang('The two passwords are not the same');
} else {
$account = new phpgwapi_user();
try {
$account->validate_password($n_passwd);
} catch (Exception $e) {
$errors[] = $e->getMessage();
// trigger_error($e->getMessage(), E_USER_WARNING);
}
}
if (!$n_passwd) {
$errors[] = lang('You must enter a password');
}
if (count($errors)) {
$GLOBALS['phpgw']->common->phpgw_header();
echo parse_navbar();
$GLOBALS['phpgw']->template->set_var('messages', $GLOBALS['phpgw']->common->error_list($errors));
$GLOBALS['phpgw']->template->pfp('out', 'form');
function lostpw3()
{
$r_reg = phpgw::get_var('r_reg');
$lid = $GLOBALS['phpgw']->session->appsession('loginid', 'registration');
if (!$lid) {
$error[] = lang('Wrong session');
}
if ($r_reg['passwd'] != $r_reg['passwd_2']) {
$errors[] = lang('The two passwords are not the same');
}
if (!$r_reg['passwd']) {
$errors[] = lang('You must enter a password');
} else {
$account = new phpgwapi_user();
try {
$account->validate_password($r_reg['passwd']);
} catch (Exception $e) {
$errors[] = $e->getMessage();
}
}
if (!is_array($errors)) {
$so = createobject('registration.soreg');
$so->lostpw3($lid, $r_reg['passwd']);
}
$ui = createobject('registration.uireg');
if (is_array($errors)) {
$ui->lostpw3($errors, $r_reg, $lid);
} else {
$ui->lostpw4();
}
return True;
}
public function get($id, $use_cache = true)
{
$id = (int) $id;
$account = null;
if (!$id) {
return null;
}
if ($use_cache) {
$account = phpgwapi_cache::system_get('phpgwapi', "account_{$id}");
if (is_object($account)) {
return $account;
}
}
$acct_type = $this->get_type($id);
/* search the dn for the given uid */
if ($acct_type == phpgwapi_account::TYPE_GROUP && $this->group_context) {
$sri = ldap_search($this->ds, $this->group_context, "gidnumber={$id}");
} else {
if ($acct_type == phpgwapi_account::TYPE_USER && $this->user_context) {
$sri = ldap_search($this->ds, $this->user_context, "uidnumber={$id}");
} else {
throw new Exception('Invalid account requested');
}
}
$entries = ldap_get_entries($this->ds, $sri);
// first in best dressed - we can't tell which one is the correct one
$entry = $entries[0];
unset($entries);
$record = array();
/* Now dump it into the array; take first entry found */
if (isset($entry['phpgwcontactid'])) {
$record['person_id'] = $entry['phpgwcontactid'][0];
}
$record['dn'] = $entry['dn'];
$record['fullname'] = $entry['cn'][0];
if ($acct_type == 'g') {
$record['id'] = $entry['gidnumber'][0];
$record['lid'] = $entry['cn'][0];
$record['firstname'] = $entry['cn'][0];
$record['lastname'] = lang('group');
$record['type'] = 'g';
$account = new phpgwapi_group();
} else {
$record['id'] = $entry['uidnumber'][0];
$record['lid'] = $entry['uid'][0];
$record['firstname'] = isset($entry['givenname']) && isset($entry['givenname'][0]) ? $entry['givenname'][0] : '';
$record['lastname'] = isset($entry['sn']) && isset($entry['sn'][0]) ? $entry['sn'][0] : '';
$record['expires'] = $record['account_expires'] = $entry['phpgwaccountexpires'][0];
// $record['homedirectory'] = isset($entry['homedirectory']) ? $entry['homedirectory'][0] : self::FALLBACK_HOMEDIRECTORY;
// $record['loginshell'] = isset($entry['loginshell']) ? $entry['loginshell'][0] : self::FALLBACK_LOGINSHELL;
$record['enabled'] = isset($entry['phpgwaccountstatus']) && $entry['phpgwaccountstatus'][0] == 'A' ? true : false;
$record['type'] = 'u';
if (!isset($entry['phpgwquota']) || $entry['phpgwquota'] === '') {
$record['quota'] = $this->quota;
// set to 0 by default
} else {
$record['quota'] = $entry['phpgwquota'][0];
}
$account = new phpgwapi_user();
}
$account->init($record);
phpgwapi_cache::system_set('phpgwapi', "account_{$id}", $account);
return $account;
}
