/**
* validate input params for create method
* @param array $p object properties
* @return varchar|true Return error message or boolean true
*/
private function validateInputParamsForCreate(&$p)
{
if (empty($p['template_id']) && !empty($p['tmplId'])) {
$p['template_id'] = $p['tmplId'];
}
if (!isset($p['template_id'])) {
return 'template_id not specified';
}
if (!is_numeric($p['template_id'])) {
return 'template_id not valid';
}
if (!isset($p['pid'])) {
return 'pid not specified';
}
if (!is_numeric($p['pid'])) {
return 'pid not valid';
}
if (!isset($p['oid'])) {
if (!isset($p['owner'])) {
return 'owner not specified';
}
$p['oid'] = is_numeric($p['owner']) ? $p['owner'] : DM\User::getIdByName($p['owner']);
}
if (!is_numeric($p['oid'])) {
return 'invalid owner specified';
}
return true;
}
if (empty($templateIds)) {
\CB\debug('receive comments cron: no comment template defined');
continue;
}
$templateId = array_shift($templateIds);
$commentsObj = Objects::getCustomClassByType('comment');
foreach ($core['mails'] as $mail) {
if (!Objects::idExists($mail['pid'])) {
\CB\debug('receive comments cron: target id not found for mail "' . $mail['subject'] . '"');
continue;
}
$emailFrom = extractEmailFromText($mail['from']);
// user email
$emailTo = extractEmailFromText($mail['to']);
// <*****@*****.**>
$userId = DM\User::getIdByEmail($emailFrom);
$_SESSION['user'] = array('id' => $userId);
$data = array('id' => null, 'pid' => $mail['pid'], 'oid' => $userId, 'cid' => $userId, 'template_id' => $templateId, 'data' => array('_title' => removeContentExtraBlock($mail['content'], $emailFrom, $emailTo)), 'sys_data' => array('mailId' => $mail['id']));
try {
$commentId = $commentsObj->create($data);
//add attachments
if (!empty($mail['attachments'])) {
saveObjectAttachments($commentId, $mail['attachments']);
}
} catch (Exception $e) {
\CB\debug('Cannot create comment from ' . $mail['from'], $data);
}
$deleteMailIds[] = $mail['id'];
}
}
if (!empty($mailConf['mailbox'])) {
/**
* process a message:
* - replace urls with links
* - replace object references with links
* @param varchar $message
*/
public static function processAndFormatMessage($message, $replacements = 'user,object,url')
{
if (empty($message)) {
return $message;
}
$replacements = Util\toTrimmedArray($replacements);
// replace urls with links
if (in_array('url', $replacements)) {
$message = \Kwi\UrlLinker::getInstance()->linkUrlsAndEscapeHtml($message);
}
//replace object references with links
if (in_array('object', $replacements) && preg_match_all('/(.?)#(\\d+)(.?)/', $message, $matches, PREG_SET_ORDER)) {
foreach ($matches as $match) {
// check if not a html code
if ($match[1] == '&' && $match[3] == ';') {
continue;
}
$templateId = Objects::getTemplateId($match[2]);
$name = Objects::getName($match[2]);
$name = strlen($name) > 30 ? mb_substr($name, 0, 30) . '…' : $name;
$message = str_replace($match[0], $match[1] . '<a class="click obj-ref" itemid="' . $match[2] . '" templateid= "' . $templateId . '" title="' . $name . '"' . '>#' . $match[2] . '</a>' . $match[3], $message);
}
}
//replace users with their names
if (in_array('user', $replacements) && preg_match_all('/@([\\w\\.\\-]+[\\w])/', $message, $matches, PREG_SET_ORDER)) {
foreach ($matches as $match) {
$userId = DM\User::getIdByName($match[1]);
if (is_numeric($userId)) {
$userName = $match[1];
$message = str_replace($match[0], '<span class="cDB user-ref" title="' . User::getDisplayName($userId) . '">@' . $userName . '</span>', $message);
}
}
}
return $message;
}
/**
* Add a new user
* params: name, group_id
*/
public function addUser($p)
{
if (!User::isVerified()) {
return array('success' => false, 'verify' => true);
}
if (!Security::canManage()) {
throw new \Exception(L\get('Access_denied'));
}
$rez = array('success' => false, 'msg' => L\get('Missing_required_fields'));
$p['name'] = strip_tags($p['name']);
$p['name'] = trim($p['name']);
if (empty($p['name'])) {
return $rez;
}
// validate input params
if (!preg_match('/^[a-z\\.0-9_]+$/i', $p['name'])) {
return array('success' => false, 'msg' => 'Invalid username. Use only letters, digits, "dot" and/or "underscore".');
}
$p['first_name'] = Purify::humanName($p['first_name']);
$p['last_name'] = Purify::humanName($p['last_name']);
if (!empty($p['email'])) {
if (!filter_var($p['email'], FILTER_VALIDATE_EMAIL)) {
return array('success' => false, 'msg' => L\get('InvalidEmail'));
}
}
//check if user with such email doesn exist
$user_id = DM\User::getIdByEmail($p['email']);
if (!empty($user_id)) {
throw new \Exception(L\get('UserEmailExists'));
}
$user_id = 0;
/*check user existance, if user already exists but is deleted
then its record will be used for new user */
$res = DB\dbQuery('SELECT id
FROM users_groups
WHERE name = $1
AND did IS NULL', $p['name']) or die(DB\dbQueryError());
if ($r = $res->fetch_assoc()) {
throw new \Exception(L\get('User_exists'));
}
$res->close();
/*end of check user existance */
DB\dbQuery('INSERT INTO users_groups (
`name`
,first_name
,last_name
,`cid`
,language_id
,cdate
,uid
,email)
VALUES($1
,$2
,$3
,$4
,$5
,CURRENT_TIMESTAMP
,$4
,$6)
ON DUPLICATE KEY
UPDATE id = last_insert_id(id)
,`name` = $1
,`first_name` = $2
,`last_name` = $3
,`cid` = $4
,last_login = NULL
,login_successful = NULL
,login_from_ip = NULL
,last_logout = NULL
,last_action_time = NULL
,enabled = 1
,cdate = CURRENT_TIMESTAMP
,did = NULL
,ddate = NULL
,`password` = NULL
,`password_change` = NULL
,`recover_hash` = NULL
,language_id = $5
,`cfg` = NULL
,`data` = NULL
,email = $6
,uid = $4
,cdate = CURRENT_TIMESTAMP', array($p['name'], $p['first_name'], $p['last_name'], $_SESSION['user']['id'], Config::get('language_index'), $p['email'])) or die(DB\dbQueryError());
if ($user_id = DB\dbLastInsertId()) {
$rez = array('success' => true, 'data' => array('id' => $user_id));
$p['id'] = $user_id;
}
/* in case it was a deleted user we delete all old acceses */
DB\dbQuery('DELETE FROM users_groups_association WHERE user_id = $1', $user_id) or die(DB\dbQueryError());
DB\dbQuery('DELETE FROM tree_acl WHERE user_group_id = $1', $rez['data']['id']) or die(DB\dbQueryError());
/* end of in case it was a deleted user we delete all old acceses */
// associating user to group if group was specified
if (isset($p['group_id']) && is_numeric($p['group_id'])) {
DB\dbQuery('INSERT INTO users_groups_association (user_id, group_id, cid)
VALUES($1, $2, $3)
ON duplicate KEY
UPDATE cid = $3', array($user_id, $p['group_id'], $_SESSION['user']['id'])) or die(DB\dbQueryError());
$rez['data']['group_id'] = $p['group_id'];
} else {
$rez['data']['group_id'] = 0;
}
//check if send invite is set and create notification
if (!empty($p['send_invite'])) {
$this->sendResetPasswordMail($user_id, 'invite');
}
Security::calculateUpdatedSecuritySets();
Solr\Client::runBackgroundCron();
return $rez;
}
private function validateInputParamsForUpload(&$p)
{
if (!isset($p['pid'])) {
return 'pid not specified';
}
if (!is_numeric($p['pid'])) {
return 'pid not valid';
}
if (empty($p['template_id']) && !empty($p['tmplId'])) {
$p['template_id'] = $p['tmplId'];
}
if (empty($p['template_id'])) {
$p['template_id'] = \CB\Config::get('default_file_template');
if (empty($p['template_id'])) {
return 'template not specified';
}
}
if (!empty($p['fileExistAction'])) {
if (!in_array($p['fileExistAction'], array('newversion', 'replace', 'autorename'))) {
return 'Invalid value for fileExistAction';
}
$p['response'] = $p['fileExistAction'];
unset($p['fileExistAction']);
}
if (!is_numeric($p['template_id'])) {
return 'template id not valid';
}
if (!empty($p['localFile'])) {
if (!file_exists($p['localFile'])) {
return 'File not found: ' . $p['localFile'];
}
} else {
if (empty($_FILES)) {
return 'No file found for upload';
}
}
if (empty($p['title'])) {
if (!empty($p['filename'])) {
$p['title'] = $p['filename'];
unset($p['filename']);
} else {
if (!empty($p['localFile'])) {
$p['title'] = basename($p['localFile']);
} elseif (!empty($_FILES['file'])) {
$p['title'] = $_FILES['file']['name'];
}
}
}
if (empty($p['title'])) {
return 'Cannot detect file title';
}
if (!isset($p['oid'])) {
if (!isset($p['owner'])) {
return 'owner not specified';
}
if (is_numeric($p['owner'])) {
if (DM\User::idExists($p['owner'])) {
$p['oid'] = $p['owner'];
}
} else {
$p['oid'] = DM\User::getIdByName($p['owner']);
}
}
if (!is_numeric($p['oid'])) {
return 'invalid owner specified';
} elseif (empty($p['cid'])) {
$p['cid'] = $p['oid'];
}
return true;
}
/* try to get target folder from subject*/
$path = false;
//case_nr
/* try to find user from database that corresponds to this mail.
Ex: Kell <*****@*****.**> */
$email = false;
if (preg_match_all('/^[^<]*<?([^>]+)>?/i', $mail->from, $results)) {
$email = $results[1][0];
}
if ($email == false) {
$delete_ids[] = $mailbox->getUniqueId($k);
echo "\rcannot find senders email for: {$subject} ... skipping";
mail($mail->from, 'Error processing your email: ' . $subject, '. We didn\'t find ' . 'your email in received message. ' . $mail_requirements, 'From: ' . $core['mail_user'] . "\n\r");
continue;
}
$user_id = DM\User::getIdByEmail($email);
if (!empty($user_id)) {
if (empty($test_user_id)) {
$delete_ids[] = $mailbox->getUniqueId($k);
mail($mail->from, 'Error processing your email: ' . $subject, '. We didn\'t find your' . ' email address in our users database, please update your email ' . 'address in your user profile of casebox and resend your mail. ' . 'Wrong messages are deleted automatically.' . $mail_requirements, 'From: ' . $core['mail_user'] . "\n\r");
echo "\rcannot find corresponding user in our database '.\n 'for email {$email} from message: {$subject} ... skipping";
continue;
} else {
$user_id = $test_user_id;
}
}
/* end of try to find user from database that corresponds to this mail */
if (preg_match('/(\\([\\s]*(.+)[\\s]*\\))\\s*$/i', $subject, $matches)) {
$subject = str_replace($matches[0], '', $subject);
$path = $matches[2];
} else {
}
$cbDb = $cfg['prefix'] . '__casebox';
echo 'Registering core .. ';
\CB\DB\dbQuery('INSERT INTO ' . $cbDb . ' .cores (name, cfg) VALUES ($1, $2)', array($coreName, '{}'));
showMessage();
//ask to provide root email & password
$email = '';
$pass = '';
do {
$email = readParam('core_root_email');
} while (\CB\Cache::get('RUN_SETUP_INTERACTIVE_MODE') && empty($email));
do {
$pass = readParam('core_root_pass');
} while (\CB\Cache::get('RUN_SETUP_INTERACTIVE_MODE') && empty($pass));
DB\dbQuery("use `{$dbName}`") or die(DB\dbQueryError());
if (!empty($email) || !empty($pass)) {
DM\User::updateByName(array('name' => 'root', 'password' => $pass, 'email' => $email, 'data' => '{"email": "' . $email . '"}'));
}
//set core languages
$sql = 'INSERT INTO `config` (param, `value`)
VALUES ($1,$2)
ON DUPLICATE KEY UPDATE `value` = $2';
$language = readParam('core_default_language', 'en');
DB\dbQuery($sql, array('default_language', $language)) or die(DB\dbQueryError());
$languages = readParam('core_languages', $language);
DB\dbQuery($sql, array('languages', $languages)) or die(DB\dbQueryError());
createSolrCore($cfg, $coreName);
echo 'Creating language files .. ';
exec('php "' . $binDirectorty . 'languages_update_js_files.php"');
showMessage();
echo "Done.\n";
/**
* set the user enabled or disabled
* @param int $userId
* @param boolean $enabled
*/
public static function setEnabled($userId, $enabled)
{
return DM\User::update(array('id' => $userId, 'enabled' => intval($enabled)));
}
/**
* Check if current loged user is owner for given user id
*
* @param int $userId
* @return boolean
*/
public static function isUsersOwner($userId)
{
return User::getId() == DM\User::getOwnerId($userId);
}
}
$user_id = null;
$user_mail = null;
if (!empty($e)) {
if ($e = filter_var($e, FILTER_VALIDATE_EMAIL)) {
$user_id = DM\User::getIdByEmail($e);
if (empty($user_id)) {
$_SESSION['e_msg'] = L\get('EmailNotFound');
header('location: ' . $coreUrl . 'recover/forgot-password/');
exit(0);
}
} else {
$_SESSION['e_msg'] = L\get('InvalidEmail');
}
} elseif (!empty($u)) {
$user_id = DM\User::getIdByName($u);
if (empty($user_id)) {
$_SESSION['u_msg'] = L\get('UsernameNotFound');
header('location: ' . $coreUrl . 'recover/forgot-password/');
exit(0);
} else {
$user = User::getPreferences($user_id);
$user_mail = empty($user['cfg']['security']['recovery_email']) ? $user['email'] : $user['cfg']['security']['recovery_email'];
if (empty($user_mail)) {
$_SESSION['u_msg'] = L\get('UserHasNoMail');
header('location: ' . $coreUrl . 'recover/forgot-password/');
exit(0);
}
}
}
if (!UsersGroups::sendResetPasswordMail($user_id)) {
public function testDelete()
{
$id = DM\User::toId($this->testName);
$this->assertTrue(DM\User::delete($id), 'Cant delete');
}