* Copyright 1999-2001, VA Linux Systems, Inc.
* Copyright 2009-2010, Roland Mas
* Copyright 2011, Franck Villaume - Capgemini
+ * Copyright 2012, Franck Villaume - TrivialDev
+ * Copyright (C) 2012 Alain Peyrat - Alcatel-Lucent
* http://fusionforge.org
*
- * This file is part of FusionForge.
+ * This file is part of FusionForge. FusionForge is free software;
+ * you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the Licence, or (at your option)
+ * any later version.
*
- * FusionForge is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published
- * by the Free Software Foundation; either version 2 of the License,
- * or (at your option) any later version.
- *
- * FusionForge is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License
- * along with FusionForge; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- * USA
+ * You should have received a copy of the GNU General Public License along
+ * with FusionForge; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
$USER_OBJ=array();
/**
* user_get_object_by_name() - Get User object by username.
* user_get_object is useful so you can pool user objects/save database queries
- * You should always use this instead of instantiating the object directly
+ * You should always use this instead of instantiating the object directly
*
* @param string The unix username - required
* @param int The result set handle ("SELECT * FROM USERS WHERE user_id=xx")
/**
* user_get_object() - Get User object by user ID.
* user_get_object is useful so you can pool user objects/save database queries
- * You should always use this instead of instantiating the object directly
+ * You should always use this instead of instantiating the object directly
*
* @param int The ID of the user - required
* @param int The result set handle ("SELECT * FROM USERS WHERE user_id=xx")
function &user_get_object($user_id, $res = false) {
//create a common set of group objects
//saves a little wear on the database
-
- //automatically checks group_type and
+
+ //automatically checks group_type and
//returns appropriate object
-
+
global $USER_OBJ;
if (!isset($USER_OBJ["_".$user_id."_"])) {
if ($res) {
return user_get_objects($arr);
}
+function &user_get_objects_by_email($email_arr) {
+ $res=db_query_params('SELECT user_id FROM users WHERE lower(email) = ANY ($1)',
+ array(db_string_array_to_any_clause ($email_arr)));
+ $arr =& util_result_column_to_array($res, 0);
+ return user_get_objects($arr);
+}
+
function &user_get_active_users() {
$res=db_query_params('SELECT user_id FROM users WHERE status=$1',
array('A'));
}
class GFUser extends Error {
- /**
+ /**
* Associative array of data from db.
*
* @var array $data_array.
*/
var $data_array;
-
+
/**
* Is this person a site super-admin?
*
* @param int The user_id
* @param int The database result set OR array of data
*/
- function GFUser($id=false,$res=false) {
+ function GFUser($id = false, $res = false) {
$this->Error();
if (!$id) {
//setting up an empty object
} else {
//set up an associative array for use by other functions
$this->data_array = db_fetch_array_by_row($res, 0);
+ if (($this->getUnixStatus() == 'A') && (forge_get_config('use_shell'))) {
+ $this->data_array['authorized_keys'] = array();
+ $res = db_query_params('select * from sshkeys where userid = $1 and deleted = 0', array($this->getID()));
+ while ($arr = db_fetch_array($res)) {
+ $this->data_array['authorized_keys'][$arr['id_sshkeys']]['upload'] = $arr['upload'];
+ $this->data_array['authorized_keys'][$arr['id_sshkeys']]['name'] = $arr['name'];
+ $this->data_array['authorized_keys'][$arr['id_sshkeys']]['fingerprint'] = $arr['fingerprint'];
+ $this->data_array['authorized_keys'][$arr['id_sshkeys']]['algorithm'] = $arr['algorithm'];
+ $this->data_array['authorized_keys'][$arr['id_sshkeys']]['deploy'] = $arr['deploy'];
+ $this->data_array['authorized_keys'][$arr['id_sshkeys']]['key'] = $arr['sshkey'];
+ $this->data_array['authorized_keys'][$arr['id_sshkeys']]['keyid'] = $arr['id_sshkeys'];
+ }
+ }
}
}
- $this->is_super_user=false;
- $this->is_logged_in=false;
+ $this->is_super_user = false;
+ $this->is_logged_in = false;
return true;
}
-
+
/**
* create() - Create a new user.
*
// ...based on the email address:
$email_array = explode ('@', $email, 2) ;
$email_u = $email_array [0];
- $l = ereg_replace('[^a-z0-9]', '', $email_u);
+ $l = preg_replace('/[^a-z0-9]/', '', $email_u);
$l = substr ($l, 0, 15);
// Is the user part of the email address okay?
if (account_namevalid($l)
$this->setError(_('Invalid Unix Name.'));
return false;
}
+ $shell = account_get_user_default_shell();
// if we got this far, it must be good
$confirm_hash = substr(md5($password1 . util_randbytes() . microtime()),0,16);
db_begin();
- $result = db_query_params('INSERT INTO users (user_name,user_pw,unix_pw,realname,firstname,lastname,email,add_date,status,confirm_hash,mail_siteupdates,mail_va,language,timezone,jabber_address,jabber_only,unix_box,address,address2,phone,fax,title,ccode,theme_id,tooltips)
- VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18,$19,$20,$21,$22,$23,$24,$25)',
+ $result = db_query_params('INSERT INTO users (user_name,user_pw,unix_pw,realname,firstname,lastname,email,add_date,status,confirm_hash,mail_siteupdates,mail_va,language,timezone,jabber_address,jabber_only,unix_box,address,address2,phone,fax,title,ccode,theme_id,tooltips,shell)
+ VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18,$19,$20,$21,$22,$23,$24,$25,$26)',
array($unix_name,
md5($password1),
account_genunixpw($password1),
htmlspecialchars($title),
$ccode,
$theme_id,
- $tooltips));
+ $tooltips,
+ $shell));
if (!$result) {
$this->setError(_('Insert Failed: ') . db_error());
db_rollback();
$hook_params['user_name'] = $unix_name;
$hook_params['user_password'] = $password1;
plugin_hook("user_create", $hook_params);
-
+
if ($send_mail) {
setup_gettext_from_lang_id($language_id);
$this->sendRegistrationEmail();
function sendRegistrationEmail() {
$message=stripcslashes(sprintf(_('Thank you for registering on the %3$s web site. You have
account with username %1$s created for you. In order
-to complete your registration, visit the following url:
+to complete your registration, visit the following url:
<%2$s>
-- the %3$s staff
'),
$this->getUnixName(),
- util_make_url ('/account/verify.php?confirm_hash=_'.$this->getConfirmHash()),
- forge_get_config ('forge_name')));
+ util_make_url('/account/verify.php?confirm_hash=_'.$this->getConfirmHash()),
+ forge_get_config('forge_name')));
util_send_message(
$this->getEmail(),
- sprintf(_('%1$s Account Registration'), forge_get_config ('forge_name')),
+ sprintf(_('%1$s Account Registration'), forge_get_config('forge_name')),
$message
);
}
* @param string The users title.
* @param string The users ccode.
* @param int The users preference for tooltips.
+ * @param string The users email.
*/
function update($firstname, $lastname, $language_id, $timezone, $mail_site, $mail_va, $use_ratings,
- $jabber_address, $jabber_only, $theme_id, $address, $address2, $phone, $fax, $title, $ccode, $tooltips) {
+ $jabber_address, $jabber_only, $theme_id, $address, $address2, $phone, $fax, $title, $ccode, $tooltips, $email='') {
$mail_site = $mail_site ? 1 : 0;
$mail_va = $mail_va ? 1 : 0;
$block_ratings = $use_ratings ? 0 : 1;
$block_ratings,
$jabber_address,
$jabber_only,
- htmlspecialchars($address) ,
- htmlspecialchars($address2) ,
- htmlspecialchars($phone) ,
- htmlspecialchars($fax) ,
- htmlspecialchars($title) ,
+ htmlspecialchars($address),
+ htmlspecialchars($address2),
+ htmlspecialchars($phone),
+ htmlspecialchars($fax),
+ htmlspecialchars($title),
$ccode,
$theme_id,
$tooltips,
- $this->getID())) ;
+ $this->getID()));
if (!$res) {
$this->setError(_('ERROR - Could Not Update User Object:'). ' ' .db_error());
db_rollback();
return false;
- } else {
- // If there's a transaction from using to not
- // using ratings, remove all rating made by the
- // user (ratings by others should not be removed,
- // as it opens possibility to abuse rate system)
- if (!$use_ratings && $this->usesRatings()) {
- db_query_params('DELETE FROM user_ratings WHERE rated_by=$1',
- array($user_id));
- }
- if (!$this->fetchData($this->getID())) {
- db_rollback();
- return false;
- }
-
- $hook_params = array ();
- $hook_params['user'] = $this;
- $hook_params['user_id'] = $this->getID();
- plugin_hook ("user_update", $hook_params);
-
- db_commit();
- return true;
}
+
+ if ($email && $email != $this->getEmail()
+ && !$this->setEmail($email)) {
+ return false;
+ }
+
+ // If there's a transaction from using to not
+ // using ratings, remove all rating made by the
+ // user (ratings by others should not be removed,
+ // as it opens possibility to abuse rate system)
+ if (!$use_ratings && $this->usesRatings()) {
+ db_query_params('DELETE FROM user_ratings WHERE rated_by=$1',
+ array($user_id));
+ }
+ if (!$this->fetchData($this->getID())) {
+ db_rollback();
+ return false;
+ }
+
+ $hook_params = array ();
+ $hook_params['user'] = $this;
+ $hook_params['user_id'] = $this->getID();
+ plugin_hook ("user_update", $hook_params);
+
+ db_commit();
+ return true;
}
/**
$this->data_array = db_fetch_array($res);
return true;
}
-
+
/**
* getID - Simply return the user_id for this object.
*
$this->setError(_('ERROR: Invalid status value'));
return false;
}
+ if ($this->getStatus() != 'P' && $status == 'P') {
+ $this->setError('ERROR: You can\'t set pending status if user is suspend or active');
+ return false;
+ }
db_begin();
$res = db_query_params ('UPDATE users SET status=$1 WHERE user_id=$2',
$hook_params['user_id'] = $this->getID();
$hook_params['status'] = $status;
plugin_hook ("user_setstatus", $hook_params);
-
+
db_commit();
-
+
return true;
}
}
}
}
}
-
+
$this->data_array['unix_status']=$status;
db_commit();
return true;
function getMD5Passwd() {
return $this->data_array['user_pw'];
}
-
+
//Added to be compatible with codendi getUserPw function
function getUserPw() {
return $this->data_array['user_pw'];
function getEmail() {
return str_replace("\n", "", $this->data_array['email']);
}
-
+
/**
* getSha1Email - a SHA1 encoded hash of the email URI (including mailto: prefix)
- *
+ *
* @return string The SHA1 encoded value for the email
*/
function getSha1Email() {
$hook_params['user_id'] = $this->getID();
$hook_params['user_email'] = $email;
plugin_hook("user_setemail", $hook_params);
-
+
if (!$this->fetchData($this->getId())) {
db_rollback();
return false;
* @return string This user's real name.
*/
function getRealName() {
- $last_name = $this->getLastName();
- return $this->getFirstName(). ($last_name ? ' ' .$last_name:'');
+ return $this->data_array['realname'];
+ }
+
+ /**
+ * setRealName - set the user's real name.
+ *
+ * @return string boolean.
+ */
+ function setRealName($realname) {
+ $res=db_query_params('UPDATE users SET realname=$1 WHERE user_id=$2',
+ array($realname, $this->getID()));
+ if (!$res || db_affected_rows($res) < 1) {
+ $this->setError('ERROR - Could Not Update real name of user : '.db_error());
+ return false;
+ }
+ $this->data_array['realname'] = $realname;
+ return true;
}
/**
*/
function setShell($shell) {
global $SYS;
- $shells = file('/etc/shells');
- $shells[count($shells)] = "/bin/cvssh";
- $out_shells = array();
- foreach ($shells as $s) {
- if (substr($s, 0, 1) == '#') {
- continue;
- }
- $out_shells[] = chop($s);
- }
- if (!in_array($shell, $out_shells)) {
- $this->setError(_('ERROR: Invalid Shell'));
+
+ $shells = account_getavailableshells();
+
+ if (!in_array($shell, $shells)) {
+ $this->setError( sprintf(_('ERROR: Invalid Shell %s'), $shell) );
return false;
}
* @return array Array of groups.
*/
function &getGroups($onlylocal = true) {
- $ids = array () ;
+ $ids = array();
foreach ($this->getRoles() as $r) {
if ($onlylocal) {
if ($r instanceof RoleExplicit
&& $r->getHomeProject() != NULL) {
- $ids[] = $r->getHomeProject()->getID() ;
+ $ids[] = $r->getHomeProject()->getID();
}
} else {
foreach ($r->getLinkedProjects() as $p) {
- $ids[] = $p->getID() ;
+ $ids[] = $p->getID();
}
}
}
* @return string This user's SSH authorized (public) keys.
*/
function getAuthorizedKeys() {
- return preg_replace("/###/", "\n", $this->data_array['authorized_keys']);
+ return $this->data_array['authorized_keys'];
}
/**
- * setAuthorizedKeys - set the SSH authorized keys for the user.
+ * addAuthorizedKey - add the SSH authorized key for the user.
*
- * @param string The users public keys.
+ * @param string The user public key.
* @return boolean success.
*/
- function setAuthorizedKeys($keys) {
- $keys = trim($keys);
- $keys = preg_replace("/\r\n/", "\n", $keys); // Convert to Unix EOL
- $keys = preg_replace("/\n+/", "\n", $keys); // Remove empty lines
- $keys = preg_replace("/\n/", "###", $keys); // Convert EOL to marker
+ function addAuthorizedKey($key) {
+ $key = trim($key);
+ $key = preg_replace("/\r\n/", "\n", $key); // Convert to Unix EOL
+ $key = preg_replace("/\n+/", "\n", $key); // Remove empty lines
+ $tempfile = tempnam("/tmp", "authkey");
+ $ft = fopen($tempfile, 'w');
+ fwrite($ft, $key);
+ fclose($ft);
+ $returnExec = array();
+ exec("/usr/bin/ssh-keygen -lf ".$tempfile, $returnExec);
+ unlink($tempfile);
+ $returnExecExploded = explode(' ', $returnExec[0]);
+ $fingerprint = $returnExecExploded[1];
+ $now = time();
+ $explodedKey = explode(' ', $key);
+ $res = db_query_params('insert into sshkeys (userid, fingerprint, upload, sshkey, name, algorithm)
+ values ($1, $2, $3, $4, $5, $6)',
+ array($this->getID(), $fingerprint, $now, $key, $explodedKey[2], $explodedKey[0]));
+ if (!$res) {
+ $this->setError(_('ERROR - Could Not Add User SSH Key:').db_error());
+ return false;
+ } else {
+ $keyid = db_insertid($res, 'sshkeys', 'id_sshkeys');
+ $this->data_array['authorized_keys'][$keyid]['fingerprint'] = $fingerprint;
+ $this->data_array['authorized_keys'][$keyid]['upload'] = $now;
+ $this->data_array['authorized_keys'][$keyid]['sshkey'] = $key;
+ $this->data_array['authorized_keys'][$keyid]['deploy'] = 0;
+ $this->data_array['authorized_keys'][$keyid]['keyid'] = $keyid;
+ return true;
+ }
+ }
- $res = db_query_params('UPDATE users SET authorized_keys=$1 WHERE user_id=$2',
- array($keys,
- $this->getID()));
+ function deleteAuthorizedKey($keyid) {
+ $res = db_query_params('update sshkeys set deleted = 1 where id_sshkeys =$1 and userid = $2',
+ array($keyid, $this->getID()));
if (!$res) {
- $this->setError(_('ERROR - Could Not Update User SSH Keys'));
+ $this->setError(_('ERROR - Could Not Delete User SSH Key:').db_error());
return false;
} else {
- $this->data_array['authorized_keys'] = $keys;
+ unset($this->data_array['authorized_keys'][$keyid]);
return true;
}
}
$res = db_query_params('DELETE FROM user_preferences WHERE user_id=$1 AND preference_name=$2',
array ($this->getID(),
$preference_name));
- return $res;
+ return ((!$res || db_affected_rows($res) < 1) ? false : true);
}
/**
$preference_name,
$value,
time())) ;
- return $result;
}
}
+ return ((!$result || db_affected_rows($result) < 1) ? false : true);
}
/**
return true;
}
+ /**
+ * setMD5Passwd - Changes user's MD5 password.
+ *
+ * @param string The MD5-hashed password.
+ * @return boolean success.
+ */
+ function setMD5Passwd($md5) {
+ global $SYS;
+
+ db_begin();
+
+ if ($md5) {
+ $res = db_query_params('UPDATE users SET user_pw=$1 WHERE user_id=$2',
+ array($md5_pw,
+ $this->getID()));
+
+ if (!$res || db_affected_rows($res) < 1) {
+ $this->setError(_('ERROR - Could Not Change User Password:') . ' ' .db_error());
+ db_rollback();
+ return false;
+ }
+ }
+ db_commit();
+ return true;
+ }
+
+ /**
+ * setUnixPasswd - Changes user's Unix-hashed password.
+ *
+ * @param string The Unix-hashed password.
+ * @return boolean success.
+ */
+ function setUnixPasswd($unix) {
+ global $SYS;
+
+ db_begin();
+
+ if ($unix) {
+ $res = db_query_params('UPDATE users SET unix_pw=$1 WHERE user_id=$1',
+ array ($unix_pw,
+ $this->getID()));
+
+ if (!$res || db_affected_rows($res) < 1) {
+ $this->setError(_('ERROR - Could Not Change User Password:') . ' ' .db_error());
+ db_rollback();
+ return false;
+ }
+
+ // Now change system password, but only if corresponding
+ // entry exists (i.e. if user have shell access)
+ if ($SYS->sysCheckUser($this->getID())) {
+ if (!$SYS->sysUserSetAttribute($this->getID(),"userPassword",'{crypt}'.$unix)) {
+ $this->setError($SYS->getErrorMessage());
+ db_rollback();
+ return false;
+ }
+ }
+ }
+ db_commit();
+ return true;
+ }
+
/**
* usesRatings - whether user participates in rating system.
*
}
/**
- * usesPlugin - returns true if the user uses a particular plugin
+ * usesPlugin - returns true if the user uses a particular plugin
*
* @param string name of the plugin
* @return boolean whether plugin is being used or not
* @return boolean success.
*/
function getMailingsPrefs($mailing_id) {
- if ($mailing_id=='va') {
+ if ($mailing_id == 'va') {
return $this->data_array['mail_va'];
- } else if ($mailing_id=='site') {
+ } else if ($mailing_id == 'site') {
return $this->data_array['mail_siteupdates'];
} else {
return 0;
* @param boolean If false, disable general site mailings, else - all.
* @return boolean success.
*/
- function unsubscribeFromMailings($all=false) {
+ function unsubscribeFromMailings($all = false) {
$res1 = $res2 = $res3 = true;
$res1 = db_query_params ('UPDATE users SET mail_siteupdates=0, mail_va=0 WHERE user_id=$1',
array ($this->getID())) ;
if ($all) {
- $res2 = db_query_params ('DELETE FROM forum_monitored_forums WHERE user_id=$1',
+ $res2 = db_query_params('DELETE FROM forum_monitored_forums WHERE user_id=$1',
array ($this->getID())) ;
- $res3 = db_query_params ('DELETE FROM filemodule_monitor WHERE user_id=$1',
+ $res3 = db_query_params('DELETE FROM filemodule_monitor WHERE user_id=$1',
array ($this->getID())) ;
}
* @param object group object
* @return object Role object
*/
- function getRole(&$group) {
+ function getRole(&$g) {
+ if (is_int ($g) || is_string($g)) {
+ $group_id = $g;
+ } else {
+ $group_id = $g->getID();
+ }
foreach ($this->getRoles () as $r) {
- if ($r instanceof RoleExplicit
- && $r->getHomeProject() != NULL
- && $r->getHomeProject()->getID() == $group->getID()) {
- return $r;
+ if ($r instanceof RoleExplicit ) {
+ $homeproj = $r->getHomeProject();
+ if ($homeproj) {
+ if ($homeproj->getID() == $group_id) {
+ return $r;
+ }
+ }
}
}
return false;
}
- function getRoles () {
- return RBACEngine::getInstance()->getAvailableRolesForUser($this) ;
+ function getRoles() {
+ return RBACEngine::getInstance()->getAvailableRolesForUser($this);
}
/* Codendi Glue */
- function isMember($g,$type=0){
+ function isMember($g, $type = 0){
if (is_int ($g) || is_string($g)) {
$group = group_get_object ($g) ;
$group_id = $g ;
}
switch ($type) {
+ case 0:
+ default:
+ foreach ($this->getGroups() as $p) {
+ if ($p->getID() == $group_id) {
+ return true ;
+ }
+ }
+ return false ;
+ break;
case 'P2':
//pm admin
- return forge_check_perm_for_user($this,'pm_admin',$group_id) ;
- break;
+ return forge_check_perm_for_user($this, 'pm_admin', $group_id);
+ break;
case 'F2':
//forum admin
- return forge_check_perm_for_user($this,'forum_admin',$group_id) ;
- break;
+ return forge_check_perm_for_user($this, 'forum_admin', $group_id);
+ break;
case 'A':
//admin for this group
- return forge_check_perm_for_user($this,'project_admin',$group_id) ;
+ return forge_check_perm_for_user($this, 'project_admin', $group_id);
break;
case 'D1':
//document editor
- return forge_check_perm_for_user($this,'docman',$group_id,'admin') ;
- break;
- case '0':
- default:
- foreach ($this->getGroups() as $p) {
- if ($p->getID() == $group_id) {
- return true ;
- }
- }
- return false ;
+ return forge_check_perm_for_user($this, 'docman', $group_id, 'admin');
break;
}
}
+
+ /**
+ * setAdminNotification - send an email to all admins (used in verify.php)
+ *
+ * @return boolean True
+ */
+ function setAdminNotification() {
+ $admins = RBACEngine::getInstance()->getUsersByAllowedAction('forge_admin', -1);
+ foreach ($admins as $admin) {
+ $admin_email = $admin->getEmail();
+ setup_gettext_for_user($admin);
+ $message = sprintf(_('New User %1$s registered and validated
+Full Name: %2$s
+Email: %3$s
+'),
+ $this->getUnixName() , $this->getRealName(), $this->getEmail());
+ util_send_message($admin_email, sprintf(_('New %1$s User'), forge_get_config ('forge_name')), $message);
+ setup_gettext_from_context();
+ }
+ return true;
+ }
}
/*
/**
- * user_ismember() - DEPRECATED; DO NOT USE!
- *
+ * user_ismember() - DEPRECATED; DO NOT USE! (TODO: document what should be used instead)
+ * Replace user_ismember(1[, 'A']) with forge_check_global_perm('forge_admin')
+ * Replace user_ismember($group_id, 'A') with forge_check_perm('project_admin', $group_id)
+ * For now, keep user_ismember($group_id) alone
* @param int The Group ID
* @param int The Type
* @deprecated
}
/**
- * user_getname() - DEPRECATED; DO NOT USE!
+ * user_getname() - DEPRECATED; DO NOT USE! (TODO: document what should be used instead)
*
* @param int The User ID
* @deprecated