"Fossies" - the Fresh Open Source Software Archive

Member "canopy-3.0.7/mod/users/class/Action.php" (1 Nov 2019, 57112 Bytes) of package /linux/www/canopy-3.0.7.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PHP source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "Action.php" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 1.11.0_vs_3.0.3.

    1 <?php
    2 
    3 /**
    4  * Controls results from forms and administration functions
    5  *
    6  
    7  * @author  Matt McNaney <mcnaneym@appstate.edu>
    8  * @package Core
    9  */
   10 require_once PHPWS_SOURCE_DIR . 'mod/users/inc/errorDefines.php';
   11 \phpws\PHPWS_Core::requireConfig('users');
   12 \phpws\PHPWS_Core::initModClass('users', 'User_Form.php');
   13 //\phpws\PHPWS_Core::initCoreClass('Form.php');
   14 
   15 
   16 if (!defined('ALLOW_DEITY_FORGET')) {
   17     define('ALLOW_DEITY_FORGET', false);
   18 }
   19 
   20 class User_Action
   21 {
   22 
   23     public static function adminAction()
   24     {
   25         \phpws\PHPWS_Core::initModClass('users', 'Group.php');
   26         $title = $message = $content = null;
   27 
   28         if (!Current_User::allow('users')) {
   29             PHPWS_User::disallow('Tried to perform an admin function in Users.');
   30             return;
   31         }
   32 
   33         $message = User_Action::getMessage();
   34         $panel = User_Action::cpanel();
   35         $panel->enableSecure();
   36 
   37         if (isset($_REQUEST['command'])) {
   38             $command = $_REQUEST['command'];
   39         } else {
   40             $command = $panel->getCurrentTab();
   41         }
   42 
   43         if (isset($_REQUEST['user_id'])) {
   44             $user = new PHPWS_User((int) $_REQUEST['user_id']);
   45         } else {
   46             $user = new PHPWS_User;
   47         }
   48         if (isset($_REQUEST['group_id'])) {
   49             $group = new PHPWS_Group((int) $_REQUEST['group_id']);
   50         } else {
   51             $group = new PHPWS_Group;
   52         }
   53 
   54         switch ($command) {
   55             /** Form cases * */
   56             /** User Forms * */
   57             case 'new_user':
   58                 if (PHPWS_Settings::get('users', 'allow_new_users') || Current_User::isDeity()) {
   59                     $panel->setCurrentTab('new_user');
   60                     $title = 'Create User';
   61                     $content = User_Form::userForm($user);
   62                 } else {
   63                     Current_User::disallow();
   64                 }
   65                 break;
   66 
   67             case 'search_members':
   68                 self::searchMembers();
   69                 exit();
   70                 break;
   71 
   72             case 'manage_users':
   73                 $title = 'Manage Users';
   74                 $content = User_Form::manageUsers();
   75                 break;
   76 
   77             case 'editUser':
   78                 $title = 'Edit User';
   79                 $user = new PHPWS_User($_REQUEST['user_id']);
   80                 $content = User_Form::userForm($user);
   81                 break;
   82 
   83             case 'deleteUser':
   84                 if (!Current_User::secured('users', 'delete_users')) {
   85                     Current_User::disallow();
   86                     return;
   87                 }
   88                 $user->kill();
   89                 \phpws\PHPWS_Core::goBack();
   90                 break;
   91 
   92             case 'deify_user':
   93                 if (!Current_User::authorized('users') || !Current_User::isDeity()) {
   94                     Current_User::disallow();
   95                     return;
   96                 }
   97                 $user->deity = 1;
   98                 $user->save();
   99                 \phpws\PHPWS_Core::goBack();
  100                 break;
  101 
  102             case 'mortalize_user':
  103                 if (!Current_User::authorized('users') || !Current_User::isDeity()) {
  104                     Current_User::disallow();
  105                     return;
  106                 }
  107                 $user->deity = 0;
  108                 $user->save();
  109                 \phpws\PHPWS_Core::goBack();
  110                 break;
  111 
  112 
  113             case 'authorization':
  114             case 'postAuthorization':
  115             case 'dropAuthScript':
  116                 if (!Current_User::isDeity()) {
  117                     Current_User::disallow();
  118                 }
  119 
  120                 if ($command == 'dropAuthScript' && isset($_REQUEST['script_id'])) {
  121                     User_Action::dropAuthorization($_REQUEST['script_id']);
  122                 } elseif ($command == 'postAuthorization') {
  123                     User_Action::postAuthorization();
  124                     $message = 'Authorization updated.';
  125                 }
  126                 $title = 'Authorization';
  127                 $content = User_Form::authorizationSetup();
  128                 break;
  129 
  130             case 'editScript':
  131                 $title = 'Edit Authorization Script';
  132                 // no reason to edit scripts yet
  133                 break;
  134 
  135             case 'setUserPermissions':
  136                 if (!Current_User::authorized('users', 'edit_permissions')) {
  137                     PHPWS_User::disallow();
  138                     return;
  139                 }
  140 
  141                 if (!$user->id) {
  142                     \phpws\PHPWS_Core::errorPage('404');
  143                 }
  144 
  145                 \phpws\PHPWS_Core::initModClass('users', 'Group.php');
  146                 $title = 'Set User Permissions' . ' : ' . $user->getUsername();
  147                 $content = User_Form::setPermissions($user->getUserGroup());
  148                 break;
  149 
  150             case 'deactivateUser':
  151                 if (!Current_User::authorized('users')) {
  152                     PHPWS_User::disallow();
  153                     return;
  154                 }
  155 
  156                 User_Action::activateUser($_REQUEST['user_id'], false);
  157                 \phpws\PHPWS_Core::goBack();
  158                 break;
  159 
  160             case 'activateUser':
  161                 if (!Current_User::authorized('users')) {
  162                     PHPWS_User::disallow();
  163                     return;
  164                 }
  165 
  166                 User_Action::activateUser($_REQUEST['user_id'], true);
  167                 \phpws\PHPWS_Core::goBack();
  168                 break;
  169 
  170             /** End User Forms * */
  171             /*             * ******************** Group Forms *********************** */
  172 
  173             case 'setGroupPermissions':
  174                 if (!Current_User::authorized('users', 'edit_permissions')) {
  175                     PHPWS_User::disallow();
  176                     return;
  177                 }
  178 
  179                 \phpws\PHPWS_Core::initModClass('users', 'Group.php');
  180                 $title = 'Set Group Permissions' . ' : ' . $group->getName();
  181                 $content = User_Form::setPermissions($_REQUEST['group_id'], 'group');
  182                 break;
  183 
  184 
  185             case 'new_group':
  186                 $title = 'Create Group';
  187                 $content = User_Form::groupForm($group);
  188                 break;
  189 
  190             case 'edit_group':
  191                 $title = 'Edit Group';
  192                 $content = User_Form::groupForm($group);
  193                 break;
  194 
  195             case 'remove_group':
  196                 $group->kill();
  197                 $title = 'Manage Groups';
  198                 $content = User_Form::manageGroups();
  199                 break;
  200 
  201             case 'manage_groups':
  202                 $panel->setCurrentTab('manage_groups');
  203                 \phpws\PHPWS_Core::killSession('Last_Member_Search');
  204                 $title = 'Manage Groups';
  205                 $content = User_Form::manageGroups();
  206                 break;
  207 
  208             case 'manageMembers':
  209                 \phpws\PHPWS_Core::initModClass('users', 'Group.php');
  210                 $title = 'Manage Members' . ' : ' . $group->getName();
  211                 $content = User_Form::manageMembers($group);
  212                 break;
  213 
  214             case 'postMembers':
  215                 if (!Current_User::authorized('users', 'add_edit_groups')) {
  216                     Current_User::disallow();
  217                     return;
  218                 }
  219 
  220                 $title = 'Manage Members' . ' : ' . $group->getName();
  221                 $content = User_Form::manageMembers($group);
  222                 break;
  223 
  224             /*             * *********************** End Group Forms ****************** */
  225 
  226             /*             * *********************** Misc Forms *********************** */
  227             case 'settings':
  228                 if (!Current_User::authorized('users', 'settings')) {
  229                     Current_User::disallow();
  230                     return;
  231                 }
  232 
  233                 $title = 'Settings';
  234                 $content = User_Form::settings();
  235                 break;
  236 
  237             /** End Misc Forms * */
  238             /** Action cases * */
  239             case 'deify':
  240                 if (!Current_User::isDeity()) {
  241                     Current_User::disallow();
  242                     return;
  243                 }
  244                 $user = new PHPWS_User($_REQUEST['user']);
  245                 if (isset($_GET['authorize'])) {
  246                     if ($_GET['authorize'] == 1 && Current_User::isDeity()) {
  247                         $user->setDeity(true);
  248                         $user->save();
  249                         User_Action::sendMessage('User deified.', 'manage_users');
  250                         break;
  251                     } else {
  252                         User_Action::sendMessage('User remains a lowly mortal.', 'manage_users');
  253                         break;
  254                     }
  255                 } else
  256                     $content = User_Form::deify($user);
  257                 break;
  258 
  259             case 'mortalize':
  260                 if (!Current_User::isDeity()) {
  261                     Current_User::disallow();
  262                     return;
  263                 }
  264 
  265                 $user = new PHPWS_User($_REQUEST['user']);
  266                 if (isset($_GET['authorize'])) {
  267                     if ($_GET['authorize'] == 1 && Current_User::isDeity()) {
  268                         $user->setDeity(false);
  269                         $user->save();
  270                         $content = 'User transformed into a lowly mortal.' . '<hr />' . User_Form::manageUsers();
  271                         break;
  272                     } else {
  273                         $content = 'User remains a deity.' . '<hr />' . User_Form::manageUsers();
  274                         break;
  275                     }
  276                 } else
  277                     $content = User_Form::mortalize($user);
  278                 break;
  279 
  280             case 'postUser':
  281                 if (isset($_POST['user_id'])) {
  282                     if (!Current_User::authorized('users', 'edit_users')) {
  283                         PHPWS_User::disallow();
  284                         return;
  285                     }
  286                 } else {
  287                     // posting new user
  288                     if (!Current_User::authorized('users')) {
  289                         PHPWS_User::disallow();
  290                         return;
  291                     }
  292                 }
  293 
  294                 $result = User_Action::postUser($user);
  295 
  296                 if ($result === true) {
  297                     $new_user = !(bool) $user->id;
  298 
  299                     $user->setActive(true);
  300                     $user->setApproved(true);
  301                     if (PHPWS_Error::logIfError($user->save())) {
  302                         $title = 'Sorry';
  303                         $content = 'An error occurred when trying to save the user. Check your logs.';
  304                         break;
  305                     }
  306 
  307                     if ($new_user) {
  308                         User_Action::assignDefaultGroup($user);
  309                         if (isset($_POST['group_add']) && is_array($_POST['group_add'])) {
  310                             foreach ($_POST['group_add'] as $group_id) {
  311                                 $group = new PHPWS_Group($group_id);
  312                                 $group->addMember($user->_user_group);
  313                                 $group->save();
  314                             }
  315                         }
  316                     }
  317 
  318                     $panel->setCurrentTab('manage_users');
  319 
  320                     if (isset($_POST['notify_user'])) {
  321                         self::notifyUser($user, $_POST['password1']);
  322                     }
  323 
  324                     if (isset($_POST['user_id'])) {
  325                         User_Action::sendMessage('User updated.', 'manage_users');
  326                     } elseif (Current_User::allow('users', 'edit_permissions')) {
  327                         if (isset($_POST['notify_user'])) {
  328                             User_Action::sendMessage('New user created and notified.', 'setUserPermissions&user_id=' . $user->id);
  329                         } else {
  330                             User_Action::sendMessage('New user created.', 'setUserPermissions&user_id=' . $user->id);
  331                         }
  332                     } else {
  333                         User_Action::sendMessage('User created.', 'new_user');
  334                     }
  335                 } else {
  336                     $message = implode('<br />', $result);
  337                     if (isset($_POST['user_id'])) {
  338                         $title = 'Edit User';
  339                     } else {
  340                         $title = 'Create User';
  341                     }
  342 
  343                     $content = User_Form::userForm($user);
  344                 }
  345                 break;
  346 
  347             case 'postPermission':
  348                 if (!Current_User::authorized('users', 'edit_permissions')) {
  349                     PHPWS_User::disallow();
  350                     return;
  351                 }
  352                 User_Action::postPermission();
  353                 User_Action::sendMessage('Permissions updated', $panel->getCurrentTab());
  354                 break;
  355 
  356             case 'postGroup':
  357                 if (!Current_User::authorized('users', 'add_edit_groups')) {
  358                     PHPWS_User::disallow();
  359                     return;
  360                 }
  361 
  362                 \phpws\PHPWS_Core::initModClass('users', 'Group.php');
  363                 $result = User_Action::postGroup($group);
  364 
  365                 if (PHPWS_Error::isError($result)) {
  366                     $message = $result->getMessage();
  367                     $title = isset($group->id) ? 'Edit Group' : 'Create Group';
  368                     $content = User_form::groupForm($group);
  369                 } else {
  370                     $result = $group->save();
  371 
  372                     if (PHPWS_Error::logIfError($result)) {
  373                         $message = 'An error occurred when trying to save the group.';
  374                     } else {
  375                         $message = 'Group created.';
  376                     }
  377                     User_Action::sendMessage($message, 'manage_groups');
  378                 }
  379                 break;
  380 
  381 
  382             case 'addMember':
  383                 if (!Current_User::authorized('users', 'add_edit_groups')) {
  384                     PHPWS_User::disallow();
  385                     return;
  386                 }
  387 
  388                 \phpws\PHPWS_Core::initModClass('users', 'Group.php');
  389                 $group->addMember($_REQUEST['member']);
  390                 $group->save();
  391                 unset($_SESSION['Last_Member_Search']);
  392                 User_Action::sendMessage('Member added.', 'manageMembers&group_id=' . $group->id);
  393                 break;
  394 
  395             case 'dropMember':
  396                 if (!Current_User::authorized('users', 'add_edit_groups')) {
  397                     PHPWS_User::disallow();
  398                     return;
  399                 }
  400 
  401                 \phpws\PHPWS_Core::initModClass('users', 'Group.php');
  402                 $group->dropMember($_REQUEST['member']);
  403                 $group->save();
  404                 unset($_SESSION['Last_Member_Search']);
  405                 User_Action::sendMessage('Member removed.', 'manageMembers&group_id=' . $group->id);
  406                 break;
  407 
  408             case 'update_settings':
  409                 if (!Current_User::authorized('users', 'settings')) {
  410                     PHPWS_User::disallow();
  411                     return;
  412                 }
  413                 $title = 'Settings';
  414 
  415                 $result = User_Action::update_settings();
  416                 if ($result === true) {
  417                     $message = 'User settings updated.';
  418                 } else {
  419                     $message = $result;
  420                 }
  421                 $content = User_Form::settings();
  422                 break;
  423 
  424             case 'check_permission_tables':
  425                 if (!Current_User::authorized('users', 'settings')) {
  426                     PHPWS_User::disallow();
  427                     return;
  428                 }
  429                 $title = 'Register Module Permissions';
  430                 $content = User_Action::checkPermissionTables();
  431                 break;
  432 
  433             default:
  434                 \phpws\PHPWS_Core::errorPage('404');
  435                 break;
  436         }
  437 
  438         $template['CONTENT'] = $content;
  439         $template['TITLE'] = $title;
  440         $template['MESSAGE'] = $message;
  441 
  442         $final = PHPWS_Template::process($template, 'users', 'main.tpl');
  443 
  444         $panel->setContent($final);
  445 
  446         Layout::add(PHPWS_ControlPanel::display($panel->display()));
  447     }
  448 
  449     public static function popupPermission()
  450     {
  451         if (!isset($_GET['key_id'])) {
  452             echo 'Missing key information.';
  453         }
  454         $key = new \Canopy\Key((int) $_GET['key_id']);
  455 
  456         if (!\Canopy\Key::checkKey($key, false)) {
  457             PHPWS_Error::log(USER_BAD_KEY, 'users', 'User_Action::popupPermission', "Key : " . $_GET['key_id']);
  458             echo 'Unable to set permissions. Bad key data.';
  459             Layout::nakedDisplay(null, null, true);
  460         }
  461 
  462         if (Current_User::isRestricted($key->module) || !$key->allowEdit()) {
  463             javascript('close_refresh', array('location' => 'index.php?module=users&action=user&command=login_page'));
  464             Layout::nakedDisplay();
  465         }
  466 
  467         $content = User_Action::getPermissionForm($key);
  468         Layout::nakedDisplay($content, null, true);
  469     }
  470 
  471     public static function getPermissionForm(\Canopy\Key $key)
  472     {
  473         if (Current_User::isUnrestricted($key->module) && Current_User::allow($key->module, $key->edit_permission)) {
  474             $tpl = User_Form::permissionMenu($key, true);
  475 
  476             return PHPWS_Template::process($tpl, 'users', 'forms/permission_pop.tpl');
  477         }
  478     }
  479 
  480     public static function permission()
  481     {
  482         if (!isset($_REQUEST['key_id'])) {
  483             return;
  484         }
  485 
  486         $key = new \Canopy\Key((int) $_REQUEST['key_id']);
  487 
  488         if (!\Canopy\Key::checkKey($key, false)) {
  489             return;
  490         }
  491 
  492         if (Current_User::isRestricted($key->module) || !$key->allowEdit()) {
  493             Current_User::disallow();
  494         }
  495 
  496         // View permissions must be first to allow error checking
  497         // Edit will add its list to the view
  498         Users_Permission::postViewPermissions($key);
  499         Users_Permission::postEditPermissions($key);
  500 
  501         $result = $key->savePermissions();
  502         if (isset($_POST['popbox'])) {
  503             Layout::nakedDisplay(javascript('close_refresh', array('refresh' => 0)));
  504         } else {
  505             if (PHPWS_Error::logIfError($result)) {
  506                 $_SESSION['Permission_Message'] = 'An error occurred.';
  507             } else {
  508                 $_SESSION['Permission_Message'] = 'Permissions updated.';
  509             }
  510             \phpws\PHPWS_Core::goBack();
  511         }
  512     }
  513 
  514     public static function getMessage()
  515     {
  516         if (!isset($_SESSION['User_Admin_Message'])) {
  517             return null;
  518         }
  519         $message = $_SESSION['User_Admin_Message'];
  520         unset($_SESSION['User_Admin_Message']);
  521         return $message;
  522     }
  523 
  524     public static function sendMessage($message, $command)
  525     {
  526         $_SESSION['User_Admin_Message'] = $message;
  527         \phpws\PHPWS_Core::reroute('index.php?module=users&action=admin&command='
  528                 . $command . '&authkey=' . Current_User::getAuthKey());
  529     }
  530 
  531     /**
  532      * Checks a new user's form for errors
  533      */
  534     public function postNewUser(PHPWS_User $user)
  535     {
  536         $new_user_method = PHPWS_User::getUserSetting('new_user_method');
  537 
  538         $result = $user->setUsername($_POST['username']);
  539         if (PHPWS_Error::isError($result)) {
  540             $error['USERNAME_ERROR'] = 'Please try another user name.';
  541         }
  542 
  543         if (!User_Action::testForbidden($user)) {
  544             $user->username = null;
  545             $error['USERNAME_ERROR'] = 'Please try another user name.';
  546         }
  547 
  548         if (!$user->isUser() || (!empty($_POST['password1']) || !empty($_POST['password2']))) {
  549             $result = $user->checkPassword($_POST['password1'], $_POST['password2']);
  550 
  551             if (PHPWS_Error::isError($result)) {
  552                 $error['PASSWORD_ERROR'] = $result->getMessage();
  553             } else {
  554                 $user->setPassword($_POST['password1'], false);
  555             }
  556         }
  557 
  558         if (empty($_POST['email'])) {
  559             $error['EMAIL_ERROR'] = 'Missing an email address.';
  560         } else {
  561             $result = $user->setEmail($_POST['email']);
  562             if (PHPWS_Error::isError($result)) {
  563                 $error['EMAIL_ERROR'] = 'This email address cannot be used.';
  564             }
  565         }
  566 
  567         if (!User_Action::confirm()) {
  568             $error['CONFIRM_ERROR'] = 'Confirmation phrase is not correct.';
  569         }
  570 
  571         if (isset($error)) {
  572             return $error;
  573         } else {
  574             return true;
  575         }
  576     }
  577 
  578     public function confirm()
  579     {
  580         if (!PHPWS_User::getUserSetting('graphic_confirm') || !extension_loaded('gd')) {
  581             return true;
  582         }
  583 
  584         \phpws\PHPWS_Core::initCoreClass('Captcha.php');
  585         return Captcha::verify();
  586     }
  587 
  588     public static function postUser(PHPWS_User $user, $set_username = true)
  589     {
  590         if (!$user->id || ($user->authorize == PHPWS_Settings::get('users', 'local_script') && $set_username)) {
  591             $user->_prev_username = $user->username;
  592             $result = $user->setUsername($_POST['username']);
  593             if (PHPWS_Error::isError($result)) {
  594                 $error['USERNAME_ERROR'] = $result->getMessage();
  595             }
  596 
  597             if (($user->_prev_username != $user->username) && (empty($_POST['password1']) || empty($_POST['password2']))) {
  598                 $error['PASSWORD_ERROR'] = 'Passwords must be reentered on user name change.';
  599             }
  600         }
  601 
  602         if (!isset($error['USERNAME_ERROR']) && isset($_POST['display_name'])) {
  603             $result = $user->setDisplayName($_POST['display_name']);
  604             if (PHPWS_Error::isError($result)) {
  605                 $error['DISPLAY_ERROR'] = $result->getMessage();
  606             }
  607         }
  608 
  609         if (!$user->isUser() || (!empty($_POST['password1']) || !empty($_POST['password2']))) {
  610             $result = $user->checkPassword($_POST['password1'], $_POST['password2']);
  611 
  612             if (PHPWS_Error::isError($result)) {
  613                 $error['PASSWORD_ERROR'] = $result->getMessage();
  614             } else {
  615                 $user->setPassword($_POST['password1']);
  616             }
  617         }
  618 
  619         $result = $user->setEmail($_POST['email']);
  620         if (PHPWS_Error::isError($result)) {
  621             $error['EMAIL_ERROR'] = $result->getMessage();
  622         }
  623 
  624         if (Current_User::isLogged() && Current_User::allow('users', 'settings') && isset($_POST['authorize'])) {
  625             $user->setAuthorize($_POST['authorize']);
  626         }
  627 
  628         if (isset($_POST['language'])) {
  629             $locale = preg_replace('/\W/', '', $_POST['language']);
  630             setcookie('phpws_default_language', $locale, time() + CORE_COOKIE_TIMEOUT);
  631         }
  632 
  633         if (isset($error)) {
  634             return $error;
  635         } else {
  636             return true;
  637         }
  638     }
  639 
  640     public static function cpanel()
  641     {
  642         \phpws\PHPWS_Core::initModClass('controlpanel', 'Panel.php');
  643         $link = PHPWS_Text::linkAddress('users', array('action' => 'admin'), false, false, true, false);
  644 
  645         /*
  646           if (PHPWS_Settings::get('users', 'allow_new_users') || Current_User::isDeity()) {
  647           $tabs['new_user'] = array('title'=>'New User', 'link'=>$link);
  648           }
  649          */
  650 
  651         if (Current_User::allow('users', 'edit_users') || Current_User::allow('users', 'delete_users'))
  652             $tabs['manage_users'] = array('title' => 'Manage Users', 'link' => $link);
  653 
  654 
  655         if (Current_User::allow('users', 'add_edit_groups')) {
  656             //$tabs['new_group'] = array('title' => 'New Group', 'link' => $link);
  657             $tabs['manage_groups'] = array('title' => 'Manage Groups', 'link' => $link);
  658         }
  659 
  660         if (Current_User::isDeity()) {
  661             $tabs['authorization'] = array('title' => 'Authorization', 'link' => $link);
  662         }
  663 
  664         if (Current_User::allow('users', 'settings')) {
  665             $tabs['settings'] = array('title' => 'Settings', 'link' => $link);
  666         }
  667 
  668         $panel = new PHPWS_Panel('user_user_panel');
  669         $panel->quickSetTabs($tabs);
  670         $panel->setModule('users');
  671 
  672         return $panel;
  673     }
  674 
  675     /**
  676      * Controller of user requests. Based on the command request variable
  677      * defaults to my_page
  678      */
  679     public static function userAction()
  680     {
  681         $auth = Current_User::getAuthorization();
  682         $content = $title = null;
  683         if (isset($_REQUEST['command'])) {
  684             $command = $_REQUEST['command'];
  685         } else {
  686             $command = 'my_page';
  687         }
  688 
  689         switch ($command) {
  690             case 'login':
  691                 try {
  692                     if (!Current_User::isLogged() && isset($_POST['phpws_username']) && isset($_POST['phpws_password'])) {
  693                         $result = Current_User::loginUser($_POST['phpws_username'], $_POST['phpws_password']);
  694 
  695                         if (!$result) {
  696                             $title = 'Login page';
  697                             $message = 'Username and password combination not found.';
  698                             $content = User_Form::loginPage();
  699                         } elseif (PHPWS_Error::isError($result)) {
  700                             if (preg_match('/L\d/', $result->code)) {
  701                                 $title = 'Sorry';
  702                                 $content = $result->getMessage();
  703                                 $content .= ' ' . sprintf('<a href="mailto:%s">%s</a>', PHPWS_User::getUserSetting('site_contact'), 'Contact the site administrator');
  704                             } else {
  705                                 PHPWS_Error::log($result);
  706                                 $message = 'A problem occurred when accessing user information. Please try again later.';
  707                             }
  708                         } else {
  709                             Current_User::getLogin();
  710                             \phpws\PHPWS_Core::returnToBookmark();
  711                         }
  712                     } else {
  713                         \phpws\PHPWS_Core::errorPage('403');
  714                     }
  715                 } catch (Exception $ex) {
  716                     \phpws2\Error::log($ex);
  717                     $content = <<<EOF
  718 <h2>We're sorry...</h2>
  719 <p>Something is problematic with your user account. Please contact the maintainers of this site and report the problem.</p>
  720 EOF;
  721                     \Layout::add($content);
  722                     return;
  723                 }
  724                
  725                 break;
  726 
  727             // This is used by auth scripts if they need to return the user to
  728             // where they left off after redirection to another site for SSO
  729             case 'return_bookmark':
  730                 \phpws\PHPWS_Core::popUrlHistory();
  731                 break;
  732 
  733             // reset user password
  734             case 'rp':
  735                 $user_id = User_Action::checkResetPassword();
  736                 if ($user_id) {
  737                     $title = 'Reset my password';
  738                     $content = User_Form::resetPassword($user_id, $_GET['auth']);
  739                 } else {
  740                     $title = 'Sorry';
  741                     $content = 'Your password request was not found or timed out. Please apply again.';
  742                 }
  743                 break;
  744 
  745             case 'my_page':
  746                 if ($auth->local_user) {
  747                     \phpws\PHPWS_Core::initModClass('users', 'My_Page.php');
  748                     $my_page = new My_Page;
  749                     $my_page->main();
  750                 } else {
  751                     Layout::add(PHPWS_ControlPanel::display('My Page unavailable to remote users.', 'my_page'));
  752                 }
  753                 break;
  754 
  755             case 'signup_user':
  756                 $title = 'New Account Sign-up';
  757                 if (Current_User::isLogged()) {
  758                     $content = 'You already have an account.';
  759                     break;
  760                 }
  761                 $user = new PHPWS_User;
  762                 if (PHPWS_User::getUserSetting('new_user_method') == 0) {
  763                     $content = 'Sorry, we are not accepting new users at this time.';
  764                     break;
  765                 }
  766                 $content = User_Form::signup_form($user);
  767                 break;
  768 
  769             case 'submit_new_user':
  770                 $title = 'New Account Sign-up';
  771                 $user_method = PHPWS_User::getUserSetting('new_user_method');
  772                 if ($user_method == 0) {
  773                     Current_User::disallow('New user signup not allowed.');
  774                     return;
  775                 }
  776 
  777                 $user = new PHPWS_User;
  778                 $result = User_Action::postNewUser($user);
  779 
  780                 if (is_array($result)) {
  781                     $content = User_Form::signup_form($user, $result);
  782                 } else {
  783                     $content = User_Action::successfulSignup($user);
  784                 }
  785                 break;
  786 
  787             case 'logout':
  788                 $auth = Current_User::getAuthorization();
  789                 $auth->logout();
  790                 \phpws\PHPWS_Core::killAllSessions();
  791                 \phpws\PHPWS_Core::reroute('index.php?module=users&action=reset');
  792                 break;
  793 
  794             case 'login_page':
  795                 if (Current_User::isLogged()) {
  796                     \phpws\PHPWS_Core::home();
  797                 }
  798                 $title = 'Login Page';
  799                 $content = User_Form::loginPage();
  800                 break;
  801 
  802             case 'confirm_user':
  803                 if (Current_User::isLogged()) {
  804                     \phpws\PHPWS_Core::home();
  805                 }
  806                 if (User_Action::confirmUser()) {
  807                     $title = 'Welcome!';
  808                     $content = 'Your account has been successfully activated. Please log in.';
  809                 } else {
  810                     $title = 'Sorry';
  811                     $content = 'This authentication does not exist.<br />
  812  If you did not log in within the time frame specified in your email, please apply for another account.';
  813                 }
  814                 User_Action::cleanUpConfirm();
  815                 break;
  816 
  817             case 'forgot_password':
  818                 if (Current_User::isLogged()) {
  819                     \phpws\PHPWS_Core::home();
  820                 }
  821                 $title = 'Forgot Password';
  822                 $content = User_Form::forgotForm();
  823                 break;
  824 
  825             case 'post_forgot':
  826                 $title = 'Forgot Password';
  827                 if (ALLOW_CAPTCHA) {
  828                     \phpws\PHPWS_Core::initCoreClass('Captcha.php');
  829                     if (!Captcha::verify()) {
  830                         $content = 'Captcha information was incorrect.';
  831                         $content .= User_Form::forgotForm();
  832                     } else if (!User_Action::postForgot($content)) {
  833                         $content .= User_Form::forgotForm();
  834                     }
  835                 } elseif (!User_Action::postForgot($content)) {
  836                     $content .= User_Form::forgotForm();
  837                 }
  838 
  839                 break;
  840 
  841             case 'reset_pw':
  842                 $pw_result = User_Action::finishResetPW();
  843                 switch ($pw_result) {
  844                     case PHPWS_Error::isError($pw_result):
  845                         $title = 'Reset my password';
  846                         $content = 'Passwords were not acceptable for the following reason:';
  847                         $content .= '<br />' . $pw_result->getmessage() . '<br />';
  848                         $content .= User_Form::resetPassword($_POST['user_id'], $_POST['authhash']);
  849                         break;
  850 
  851                     case 0:
  852                         $title = 'Sorry';
  853                         $content = 'A problem occurred when trying to update your password. Please try again later.';
  854                         break;
  855 
  856                     case 1:
  857                         \phpws\PHPWS_Core::home();
  858                         break;
  859                 }
  860                 break;
  861 
  862             default:
  863                 \phpws\PHPWS_Core::errorPage('404');
  864                 break;
  865         }
  866 
  867         if (isset($message)) {
  868             $tag['MESSAGE'] = $message;
  869         }
  870 
  871         if (isset($title)) {
  872             $tag['TITLE'] = $title;
  873         }
  874 
  875         if (isset($content)) {
  876             $tag['CONTENT'] = $content;
  877         }
  878 
  879         if (isset($tag)) {
  880             $final = PHPWS_Template::process($tag, 'users', 'user_main.tpl');
  881             Layout::add($final);
  882         }
  883     }
  884 
  885     public function confirmUser()
  886     {
  887         $hash = $_GET['hash'];
  888         if (preg_match('/\W/', $hash)) {
  889             Security::log(sprintf('User tried to send bad hash (%s) to confirm user.', $hash));
  890             \phpws\PHPWS_Core::errorPage('400');
  891         }
  892         $db = new PHPWS_DB('users_signup');
  893         $db->addWhere('authkey', $hash);
  894         $row = $db->select('row');
  895 
  896         if (PHPWS_Error::logIfError($row)) {
  897             return false;
  898         } elseif (empty($row)) {
  899             return false;
  900         } else {
  901             $user_id = &$row['user_id'];
  902             $user = new PHPWS_User($user_id);
  903 
  904             // If the deadline has not yet passed, approve the user, save, and return true
  905             if ($row['deadline'] > time()) {
  906                 $db->delete();
  907                 $user->approved = 1;
  908                 if (PHPWS_Error::logIfError($user->save())) {
  909                     return false;
  910                 } else {
  911                     User_Action::assignDefaultGroup($user);
  912                     return true;
  913                 }
  914             } else {
  915                 // If the deadline has passed, delete the user and return false.
  916                 $user->delete();
  917                 return false;
  918             }
  919         }
  920     }
  921 
  922     public function cleanUpConfirm()
  923     {
  924         $db = new PHPWS_DB('users_signup');
  925         $db->addWhere('deadline', time(), '<');
  926         $result = $db->delete();
  927         PHPWS_Error::logIfError($result);
  928     }
  929 
  930     public function successfulSignup($user)
  931     {
  932         switch (PHPWS_User::getUserSetting('new_user_method')) {
  933             case AUTO_SIGNUP:
  934                 $result = User_Action::saveNewUser($user, true);
  935                 if ($result) {
  936                     User_Action::assignDefaultGroup($user);
  937                     $content[] = 'Account created successfully!';
  938                     $content[] = 'You will return to the home page in five seconds.';
  939                     $content[] = PHPWS_Text::moduleLink('Click here if you are not redirected.');
  940                     Layout::metaRoute();
  941                 } else {
  942                     $content[] = 'An error occurred when trying to create your account. Please try again later.';
  943                 }
  944                 break;
  945 
  946             case CONFIRM_SIGNUP:
  947                 if (User_Action::saveNewUser($user, false)) {
  948                     if (User_Action::confirmEmail($user)) {
  949                         $content[] = 'User created successfully. Check your email for your login information.';
  950                     } else {
  951                         $result = $user->kill();
  952                         PHPWS_Error::logIfError($result);
  953                         $content[] = 'There was problem creating your acccount. Check back later.';
  954                     }
  955                 } else {
  956                     $content[] = 'There was problem creating your acccount. Check back later.';
  957                 }
  958         }
  959 
  960         return implode('<br />', $content);
  961     }
  962 
  963     public function confirmEmail($user)
  964     {
  965         $site_contact = PHPWS_User::getUserSetting('site_contact');
  966         $authkey = User_Action::_createSignupConfirmation($user->id);
  967         if (!$authkey) {
  968             return false;
  969         }
  970 
  971         $message = User_Action::_getSignupMessage($authkey);
  972 
  973         \phpws\PHPWS_Core::initCoreClass('Mail.php');
  974         $mail = new PHPWS_Mail;
  975         $mail->addSendTo($user->email);
  976         $mail->setSubject('Confirmation email');
  977         $mail->setFrom($site_contact);
  978         $mail->setMessageBody($message);
  979 
  980         return $mail->send();
  981     }
  982 
  983     public function _getSignupMessage($authkey)
  984     {
  985         $http = \phpws\PHPWS_Core::getHomeHttp();
  986 
  987         $template['LINK'] = sprintf('%sindex.php?module=users&action=user&command=confirm_user&hash=%s', $http, $authkey);
  988 
  989         $template['HOURS'] = NEW_SIGNUP_WINDOW;
  990         $template['SITE_NAME'] = Layout::getPageTitle(true);
  991 
  992         return PHPWS_Template::process($template, 'users', 'confirm/confirm.en-us.tpl');
  993     }
  994 
  995     public function _createSignupConfirmation($user_id)
  996     {
  997         $deadline = time() + (3600 * NEW_SIGNUP_WINDOW);
  998         $authkey = md5($deadline . $user_id);
  999 
 1000         $db = new PHPWS_DB('users_signup');
 1001         $db->addValue('authkey', $authkey);
 1002         $db->addValue('user_id', $user_id);
 1003         $db->addValue('deadline', $deadline);
 1004         $result = $db->insert();
 1005         if (PHPWS_Error::logIfError($result)) {
 1006             return false;
 1007         } else {
 1008             return $authkey;
 1009         }
 1010     }
 1011 
 1012     public function saveNewUser(PHPWS_User $user, $approved)
 1013     {
 1014         $user->setPassword($user->_password);
 1015         $user->setApproved($approved);
 1016         $result = $user->save();
 1017         if (PHPWS_Error::logIfError($result)) {
 1018             return false;
 1019         } elseif ($approved) {
 1020             $user->login();
 1021             $_SESSION['User'] = $user;
 1022             Current_User::getLogin();
 1023         }
 1024         return true;
 1025     }
 1026 
 1027     public static function postPermission()
 1028     {
 1029         \phpws\PHPWS_Core::initModClass('users', 'Permission.php');
 1030 
 1031         //extract($_POST);
 1032         $group_id = (int) $_POST['group_id'];
 1033 
 1034         // Error here
 1035         if (empty($group_id)) {
 1036             return false;
 1037         }
 1038 
 1039         $module_permission = $_POST['module_permission'];
 1040 
 1041         if (isset($_POST['sub_permission'])) {
 1042             $sub_permission = $_POST['sub_permission'];
 1043         }
 1044 
 1045         foreach ($module_permission as $mod_title => $permission) {
 1046             $subpermission = isset($sub_permission[$mod_title]) ? $sub_permission[$mod_title] : null;
 1047             Users_Permission::setPermissions($group_id, $mod_title, $permission, $subpermission);
 1048         }
 1049     }
 1050 
 1051     // Moved to Current User
 1052     public function loginUser($username, $password)
 1053     {
 1054         return Current_User::loginUser($username, $password);
 1055     }
 1056 
 1057     public static function postGroup(PHPWS_Group $group, $showLikeGroups = false)
 1058     {
 1059         $result = $group->setName($_POST['groupname'], true);
 1060         if (PHPWS_Error::isError($result))
 1061             return $result;
 1062         $group->setActive(true);
 1063         return true;
 1064     }
 1065 
 1066     // Moved ot Current User
 1067     public function authorize($authorize, $username, $password)
 1068     {
 1069         return Current_User::authorize($authorize, $username, $password);
 1070     }
 1071 
 1072     public function badLogin()
 1073     {
 1074         Layout::add('Username and password refused.');
 1075     }
 1076 
 1077     public static function getGroups($mode = null)
 1078     {
 1079         if (isset($GLOBALS['User_Group_List'])) {
 1080             return $GLOBALS['User_Group_List'];
 1081         }
 1082 
 1083         \phpws\PHPWS_Core::initModClass('users', 'Group.php');
 1084 
 1085         $db = new PHPWS_DB('users_groups');
 1086         if ($mode == 'users') {
 1087             $db->addWhere('user_id', 0, '>');
 1088         } elseif ($mode == 'group') {
 1089             $db->addWhere('user_id', 0);
 1090         }
 1091 
 1092         $db->addOrder('name');
 1093         $db->setIndexBy('id');
 1094         $db->addColumn('id');
 1095         $db->addColumn('name');
 1096 
 1097         $result = $db->select('col');
 1098         if (PHPWS_Error::isError($result)) {
 1099             return $result;
 1100         }
 1101 
 1102         $GLOBALS['User_Group_List'] = $result;
 1103         return $result;
 1104     }
 1105 
 1106     public static function update_settings()
 1107     {
 1108         $error = null;
 1109 
 1110         if (!Current_User::authorized('users', 'settings')) {
 1111             Current_User::disallow();
 1112             return;
 1113         }
 1114 
 1115         if (!isset($_POST['site_contact'])) {
 1116             $error = 'You need to set a site contact address.';
 1117         } elseif (!PHPWS_Text::isValidInput($_POST['site_contact'], 'email')) {
 1118             $error = 'Please enter a valid email address as a site contact.';
 1119         }
 1120 
 1121         $settings['site_contact'] = $_POST['site_contact'];
 1122 
 1123         if (Current_User::isDeity()) {
 1124 
 1125             if (is_numeric($_POST['user_signup'])) {
 1126                 $settings['new_user_method'] = (int) $_POST['user_signup'];
 1127             }
 1128 
 1129             $settings['session_warning'] = (int) isset($_POST['session_warning']);
 1130 
 1131             if (isset($_POST['show_login'])) {
 1132                 $settings['show_login'] = 1;
 1133             } else {
 1134                 $settings['show_login'] = 0;
 1135             }
 1136 
 1137             if (isset($_POST['allow_remember'])) {
 1138                 $settings['allow_remember'] = 1;
 1139             } else {
 1140                 $settings['allow_remember'] = 0;
 1141             }
 1142 
 1143             if (isset($_POST['graphic_confirm'])) {
 1144                 $settings['graphic_confirm'] = 1;
 1145             } else {
 1146                 $settings['graphic_confirm'] = 0;
 1147             }
 1148             $settings['user_menu'] = $_POST['user_menu'];
 1149 
 1150             $settings['allow_new_users'] = (int) $_POST['allow_new_users'];
 1151         }
 1152         $settings['forbidden_usernames'] = str_replace(' ', "\n", strtolower(strip_tags($_POST['forbidden_usernames'])));
 1153 
 1154         PHPWS_Settings::set('users', $settings);
 1155         if ($error) {
 1156             return $error;
 1157         } else {
 1158             PHPWS_Settings::save('users');
 1159             return true;
 1160         }
 1161     }
 1162 
 1163     public static function getAuthorizationList()
 1164     {
 1165         $db = new PHPWS_DB('users_auth_scripts');
 1166         $db->addOrder('display_name');
 1167         $result = $db->select();
 1168 
 1169         if (PHPWS_Error::logIfError($result)) {
 1170             return null;
 1171         }
 1172 
 1173         return $result;
 1174     }
 1175 
 1176     public static function postAuthorization()
 1177     {
 1178 
 1179         if (isset($_POST['add_script'])) {
 1180             if (!isset($_POST['file_list'])) {
 1181                 return false;
 1182             }
 1183 
 1184             $db = new PHPWS_DB('users_auth_scripts');
 1185             $db->addWhere('filename', strip_tags($_POST['file_list']));
 1186             $result = $db->select('one');
 1187 
 1188             if (PHPWS_Error::isError($result)) {
 1189                 return $result;
 1190             } elseif (!empty($result)) {
 1191                 return false;
 1192             }
 1193 
 1194             $db->resetWhere();
 1195             $db->addValue('display_name', $_POST['file_list']);
 1196             $db->addValue('filename', $_POST['file_list']);
 1197             $result = $db->insert();
 1198             if (PHPWS_Error::isError($result)) {
 1199                 return $result;
 1200             }
 1201         } else {
 1202             if (isset($_POST['default_authorization'])) {
 1203                 PHPWS_Settings::set('users', 'default_authorization', (int) $_POST['default_authorization']);
 1204                 PHPWS_Settings::save('users');
 1205             }
 1206 
 1207             if (!empty($_POST['default_group'])) {
 1208                 $db = new PHPWS_DB('users_auth_scripts');
 1209                 foreach ($_POST['default_group'] as $auth_id => $group_id) {
 1210                     $db->reset();
 1211                     $db->addWhere('id', $auth_id);
 1212                     $db->addValue('default_group', $group_id);
 1213                     PHPWS_Error::logIfError($db->update());
 1214                 }
 1215             }
 1216         }
 1217         return true;
 1218     }
 1219 
 1220     public static function dropAuthorization($script_id)
 1221     {
 1222         $db = new PHPWS_DB('users_auth_scripts');
 1223         $db->addWhere('id', (int) $script_id);
 1224         $result = $db->delete();
 1225         if (PHPWS_Error::isError($result)) {
 1226             return $result;
 1227         }
 1228         $db2 = new PHPWS_DB('users');
 1229         $db2->addWhere('authorize', $script_id);
 1230         $db2->addValue('authorize', PHPWS_Settings::get('users', 'local_script'));
 1231         return $db2->update();
 1232     }
 1233 
 1234     public function postForgot(&$content)
 1235     {
 1236         if (empty($_POST['fg_username']) && empty($_POST['fg_email'])) {
 1237             $content = 'You must enter either a username or email address.';
 1238             return false;
 1239         }
 1240 
 1241         if (!empty($_POST['fg_username'])) {
 1242             $username = $_POST['fg_username'];
 1243             if (preg_match('/\'|"/', html_entity_decode(strip_tags($username), ENT_QUOTES))) {
 1244                 $content = 'User name not found. Check your spelling or enter an email address instead.';
 1245                 return false;
 1246             }
 1247 
 1248             $db = new PHPWS_DB('users');
 1249             $db->addWhere('username', strtolower($username));
 1250             $db->addColumn('email');
 1251             $db->addColumn('id');
 1252             $db->addColumn('deity');
 1253             $db->addColumn('authorize');
 1254             $user_search = $db->select('row');
 1255             if (PHPWS_Error::logIfError($user_search)) {
 1256                 $content = 'User name not found. Check your spelling or enter an email address instead.';
 1257                 return false;
 1258             } elseif (empty($user_search)) {
 1259                 $content = 'User name not found. Check your spelling or enter an email address instead.';
 1260                 return false;
 1261             } else {
 1262                 if ($user_search['deity'] && !ALLOW_DEITY_FORGET) {
 1263                     Security::log('Forgotten password attempt made on a deity account.');
 1264                     $content = 'User name not found. Check your spelling or enter an email address instead.';
 1265                     return false;
 1266                 }
 1267 
 1268                 if ($user_search['authorize'] != 1) {
 1269                     $content = sprintf('Sorry but your authorization is not checked on this site. Please contact %s for information on reseting your password.', PHPWS_User::getUserSetting('site_contact'));
 1270                     return false;
 1271                 }
 1272 
 1273                 if (\phpws\PHPWS_Core::isPosted()) {
 1274                     $content = 'Please check your email for a response.';
 1275                     return true;
 1276                 }
 1277 
 1278                 if (empty($user_search['email'])) {
 1279                     $content = 'Your email address is missing from your account. Please contact the site administrators.';
 1280                     PHPWS_Error::log(USER_ERR_NO_EMAIL, 'users', 'User_Action::postForgot');
 1281                     return true;
 1282                 }
 1283 
 1284                 if (User_Action::emailPasswordReset($user_search['id'], $user_search['email'])) {
 1285                     $content = 'We have sent you an email to reset your password.';
 1286                     return true;
 1287                 } else {
 1288                     $content = 'We are currently unable to send out email reminders. Try again later.';
 1289                     return true;
 1290                 }
 1291             }
 1292         } elseif (!empty($_POST['fg_email'])) {
 1293             $email = $_POST['fg_email'];
 1294             if (preg_match('/\'|"/', html_entity_decode(strip_tags($email), ENT_QUOTES))) {
 1295                 $content = 'Email address not found. Please try again.';
 1296                 return false;
 1297             }
 1298 
 1299             if (!PHPWS_Text::isValidInput($email, 'email')) {
 1300                 $content = 'Email address not found. Please try again.';
 1301                 return false;
 1302             }
 1303 
 1304             $db = new PHPWS_DB('users');
 1305             $db->addWhere('email', $email);
 1306             $db->addColumn('username');
 1307             $user_search = $db->select('row');
 1308             if (PHPWS_Error::logIfError($user_search)) {
 1309                 $content = 'Email address not found. Please try again.';
 1310                 return false;
 1311             } elseif (empty($user_search)) {
 1312                 $content = 'Email address not found. Please try again.';
 1313                 return false;
 1314             } else {
 1315                 if (\phpws\PHPWS_Core::isPosted()) {
 1316                     $content = 'Please check your email for a response.';
 1317                     return true;
 1318                 }
 1319 
 1320                 if (User_Action::emailUsernameReminder($user_search['username'], $email)) {
 1321                     $content = 'We have sent you an user name reminder. Please check your email and return to log in.';
 1322                     return true;
 1323                 } else {
 1324                     $content = 'We are currently unable to send out email reminders. Try again later.';
 1325                     return true;
 1326                 }
 1327             }
 1328         }
 1329     }
 1330 
 1331     public function emailPasswordReset($user_id, $email)
 1332     {
 1333         $db = new PHPWS_DB('users_pw_reset');
 1334 
 1335         // clear old reset rows
 1336         $db->addWhere('timeout', time(), '<');
 1337         PHPWS_Error::logIfError($db->delete());
 1338         $db->reset();
 1339 
 1340 
 1341         // check to see if they have already submitted a request
 1342         $db->addWhere('user_id', (int) $user_id);
 1343         $db->addColumn('user_id');
 1344         $reset_present = $db->select('one');
 1345         if (PHPWS_Error::logIfError($reset_present)) {
 1346             return false;
 1347         } elseif ($reset_present) {
 1348             return true;
 1349         }
 1350         $db->reset();
 1351 
 1352         $page_title = $_SESSION['Layout_Settings']->getPageTitle(true);
 1353         $url = \phpws\PHPWS_Core::getHomeHttp();
 1354         $hash = md5(time() . $email);
 1355 
 1356         $message[] = 'Did you forget your password at our site?';
 1357         $message[] = 'If so, you may click the link below to reset it.';
 1358         $message[] = '';
 1359         $message[] = sprintf('%sindex.php?module=users&action=user&command=rp&auth=%s', $url, $hash);
 1360         $message[] = '';
 1361         $message[] = 'If you did not wish to reset your password, you may ignore this message.';
 1362         $message[] = 'You have one hour to respond.';
 1363 
 1364         $body = implode("\n", $message);
 1365 
 1366         \phpws\PHPWS_Core::initCoreClass('Mail.php');
 1367         $mail = new PHPWS_Mail;
 1368         $mail->addSendTo($email);
 1369         $mail->setSubject('Forgot your password?');
 1370         $site_contact = PHPWS_User::getUserSetting('site_contact');
 1371         $mail->setFrom(sprintf('%s<%s>', $page_title, $site_contact));
 1372         $mail->setMessageBody($body);
 1373 
 1374         if ($mail->send()) {
 1375             $db->addValue('user_id', $user_id);
 1376             $db->addValue('authhash', $hash);
 1377             // 1 hour limit = 3600
 1378             $db->addValue('timeout', time() + 3600);
 1379             if (PHPWS_Error::logIfError($db->insert())) {
 1380                 return false;
 1381             } else {
 1382                 return true;
 1383             }
 1384         } else {
 1385             return false;
 1386         }
 1387     }
 1388 
 1389     public function emailUsernameReminder($username, $email)
 1390     {
 1391         $page_title = $_SESSION['Layout_Settings']->getPageTitle(true);
 1392         $url = \phpws\PHPWS_Core::getHomeHttp();
 1393         $hash = md5(time() . $email);
 1394 
 1395         $message[] = 'Did you forget your user name at our site?';
 1396         $message[] = sprintf('The user name associated with your email address is "%s"', $username);
 1397         $message[] = '';
 1398         $message[] = 'Here is the address to return to our site:';
 1399         $message[] = $url;
 1400         $body = implode("\n", $message);
 1401 
 1402         \phpws\PHPWS_Core::initCoreClass('Mail.php');
 1403         $mail = new PHPWS_Mail;
 1404         $mail->addSendTo($email);
 1405         $mail->setSubject('Forgot your user name?');
 1406         $site_contact = PHPWS_User::getUserSetting('site_contact');
 1407         $mail->setFrom(sprintf('%s<%s>', $page_title, $site_contact));
 1408         $mail->setMessageBody($body);
 1409 
 1410         return $mail->send();
 1411     }
 1412 
 1413     /**
 1414      * Returns user id is successful, zero otherwise
 1415      */
 1416     public function checkResetPassword()
 1417     {
 1418         @$auth = $_GET['auth'];
 1419         if (empty($auth) || preg_match('/\W/', $auth)) {
 1420             return 0;
 1421         }
 1422 
 1423         $db = new PHPWS_DB('users_pw_reset');
 1424         $db->addWhere('authhash', $auth);
 1425         $db->addWhere('timeout', time(), '>');
 1426         $db->addColumn('user_id');
 1427         $result = $db->select('one');
 1428 
 1429         if (PHPWS_Error::logIfError($result)) {
 1430             return false;
 1431         } elseif (empty($result)) {
 1432             return 0;
 1433         } else {
 1434             return $result;
 1435         }
 1436     }
 1437 
 1438     public function finishResetPW()
 1439     {
 1440         $result = PHPWS_User::checkPassword($_POST['password1'], $_POST['password2']);
 1441         if (PHPWS_Error::isError($result)) {
 1442             return $result;
 1443         }
 1444 
 1445         @$auth = $_POST['authhash'];
 1446         @$user_id = (int) $_POST['user_id'];
 1447         if (empty($user_id) || empty($auth) || preg_match('/\W/', $auth)) {
 1448             return 0;
 1449         }
 1450 
 1451         $db = new PHPWS_DB('users_pw_reset');
 1452         $db->addWhere('user_id', $user_id);
 1453         $db->addWhere('authhash', $auth);
 1454         $db->addWhere('timeout', time(), '>');
 1455         $result = $db->select();
 1456         $db->reset();
 1457         $db->addWhere('user_id', $user_id);
 1458         if (PHPWS_Error::logIfError($result)) {
 1459             $db->delete();
 1460             return 0;
 1461         } elseif (empty($result)) {
 1462             $db->delete();
 1463             return 0;
 1464         } else {
 1465             $user = new PHPWS_User($user_id);
 1466             $user->setPassword($_POST['password1']);
 1467             $result = $user->save();
 1468             if (PHPWS_Error::logIfError($result)) {
 1469                 return 0;
 1470             }
 1471 
 1472             Current_User::loginUser($user->username, $_POST['password1']);
 1473             unset($user);
 1474             $db->delete();
 1475             return 1;
 1476         }
 1477     }
 1478 
 1479     public static function checkPermissionTables()
 1480     {
 1481         \phpws\PHPWS_Core::initModClass('users', 'Permission.php');
 1482         $db = new PHPWS_DB('modules');
 1483         $db->addWhere('active', 1);
 1484         $db->addColumn('title');
 1485         $result = $db->select('col');
 1486 
 1487         foreach ($result as $mod_title) {
 1488             $content[] = '<br />';
 1489             $content[] = sprintf('Checking %s module', $mod_title);
 1490 
 1491             $result = Users_Permission::registerPermissions($mod_title, $content);
 1492             if (!$result) {
 1493                 $content[] = 'No permissions file found.';
 1494                 continue;
 1495             }
 1496         }
 1497 
 1498         return implode('<br>', $content);
 1499     }
 1500 
 1501     public static function activateUser($user_id, $value)
 1502     {
 1503         $db = new PHPWS_DB('users');
 1504         $db->addWhere('id', (int) $user_id);
 1505         $db->addWhere('deity', 0);
 1506         $db->addValue('active', $value ? 1 : 0);
 1507         if (!PHPWS_Error::logIfError($db->update())) {
 1508             $db = new PHPWS_DB('users_groups');
 1509             $db->addWhere('user_id', $user_id);
 1510             $db->addValue('active', $value ? 1 : 0);
 1511             return PHPWS_Error::logIfError($db->update());
 1512         }
 1513     }
 1514 
 1515     public function testForbidden($user)
 1516     {
 1517         $forbidden = PHPWS_Settings::get('users', 'forbidden_usernames');
 1518         if (empty($forbidden)) {
 1519             return true;
 1520         }
 1521 
 1522         $names = explode("\n", $forbidden);
 1523         if (empty($names)) {
 1524             return true;
 1525         }
 1526         foreach ($names as $bad_name) {
 1527             if (empty($bad_name)) {
 1528                 continue;
 1529             }
 1530             $bad_name = preg_quote(trim($bad_name));
 1531             if (preg_match("/$bad_name/i", $user->username)) {
 1532                 return false;
 1533             }
 1534         }
 1535 
 1536         return true;
 1537     }
 1538 
 1539     public static function notifyUser($user, $password)
 1540     {
 1541         \phpws\PHPWS_Core::initCoreClass('Mail.php');
 1542         $page_title = Layout::getPageTitle(true);
 1543 
 1544 
 1545         $body[] = sprintf('%s created an user account for you.', $page_title);
 1546         $body[] = 'You may log-in using the following information:';
 1547         $body[] = sprintf('Site address: %s', \phpws\PHPWS_Core::getHomeHttp());
 1548         $body[] = sprintf('Username: %s', $user->username);
 1549         $body[] = sprintf('Password: %s', $password);
 1550         $body[] = 'Please change your password immediately after logging in.';
 1551 
 1552         $mail = new PHPWS_Mail;
 1553         $mail->addSendTo($user->email);
 1554         $mail->setSubject(sprintf('%s account created', $page_title));
 1555         $mail->setFrom(PHPWS_User::getUserSetting('site_contact'));
 1556         $mail->setReplyTo(PHPWS_User::getUserSetting('site_contact'));
 1557         $mail->setMessageBody(implode("\n\n", $body));
 1558         $result = $mail->send();
 1559         return $result;
 1560     }
 1561 
 1562     public static function assignDefaultGroup(PHPWS_User $user)
 1563     {
 1564         $db = new PHPWS_DB('users_auth_scripts');
 1565         $db->addColumn('default_group');
 1566         $db->addColumn('id');
 1567         $db->setIndexBy('id');
 1568         $scripts = $db->select('col');
 1569 
 1570         $default_group = $scripts[$user->authorize];
 1571 
 1572         $group = new PHPWS_Group($default_group);
 1573 
 1574         if (!$group->id) {
 1575             return false;
 1576         }
 1577 
 1578         $group->addMember($user->_user_group);
 1579         $group->save();
 1580         return true;
 1581     }
 1582 
 1583     private static function searchMembers()
 1584     {
 1585         if (!Current_User::isLogged()) {
 1586             exit();
 1587         }
 1588         $db = new PHPWS_DB('users_groups');
 1589         if (empty($_GET['term'])) {
 1590             exit();
 1591         }
 1592 
 1593         $name = preg_replace('/[^' . ALLOWED_USERNAME_CHARACTERS . ']/', '', $_GET['term']);
 1594         $db->addWhere('name', "$name%", 'like');
 1595         $db->addColumn('name');
 1596         $result = $db->select('col');
 1597         if (!empty($result) && !PHPWS_Error::logIfError($result)) {
 1598             echo json_encode($result);
 1599         }
 1600         exit();
 1601     }
 1602 
 1603 }