diff --git a/src/www/ui/user-add.php b/src/www/ui/user-add.php index 98bc962f..d99d92f2 100644 --- a/src/www/ui/user-add.php +++ b/src/www/ui/user-add.php @@ -1,213 +1,205 @@ Name = "user_add"; $this->Title = TITLE_user_add; $this->MenuList = "Admin::Users::Add"; $this->DBaccess = PLUGIN_DB_ADMIN; parent::__construct(); + $this->dbManager = $GLOBALS['container']->get('db.manager'); } /** * \brief Add a user. * * \return NULL on success, string on failure. */ function Add() { global $PG_CONN; if (!$PG_CONN) { DBconnect(); if (!$PG_CONN) { $text = _("NO DB connection!"); echo "
$text\n
"; } } /* Get the parameters */ $User = str_replace("'", "''", GetParm('username', PARM_TEXT)); $User = trim($User); $Pass = GetParm('pass1', PARM_TEXT); $Pass2 = GetParm('pass2', PARM_TEXT); $Seed = rand() . rand(); $Hash = sha1($Seed . $Pass); $Desc = str_replace("'", "''", GetParm('description', PARM_TEXT)); $Perm = GetParm('permission', PARM_INTEGER); $Folder = GetParm('folder', PARM_INTEGER); $Email_notify = GetParm('enote', PARM_TEXT); $Email = str_replace("'", "''", GetParm('email', PARM_TEXT)); $agentList = userAgents(); $default_bucketpool_fk = GetParm('default_bucketpool_fk', PARM_INTEGER); - $new_upload_group_fk = GetParm('new_upload_group_fk', PARM_INTEGER); - $new_upload_perm = GetParm('new_upload_perm', PARM_INTEGER); - $uiChoice = GetParm('whichui', PARM_TEXT); /* Make sure username looks valid */ if (empty($User)) { $text = _("Username must be specified. Not added."); return ($text); } /* limit the user name size to 64 characters when creating an account */ if (strlen($User) > 64) { $text = _("Username exceed 64 characters. Not added."); return ($text); } /* Make sure password matches */ if ($Pass != $Pass2) { $text = _("Passwords did not match. Not added."); return ($text); } /* Make sure email looks valid */ $Check = preg_replace("/[^a-zA-Z0-9@_.+-]/", "", $Email); if ($Check != $Email) { $text = _("Invalid email address. Not added."); return ($text); } /* See if the user already exists (better not!) */ - $sql = "SELECT * FROM users WHERE user_name = '$User' LIMIT 1;"; - $result = pg_query($PG_CONN, $sql); - DBCheckResult($result, $sql, __FILE__, __LINE__); - $row = pg_fetch_assoc($result); - pg_free_result($result); + $row = $this->dbManager->getSingleRow("SELECT * FROM users WHERE user_name = $1 LIMIT 1;", + array($User), $stmt = __METHOD__ . ".getUserIfExisting"); if (!empty($row['user_name'])) { $text = _("User already exists. Not added."); return ($text); } /* check email notification, if empty (box not checked), or if no email * specified for the user set to 'n'. */ if(empty($Email_notify)) { $Email_notify = ''; } elseif(empty($Email)) { $Email_notify = ''; } - /* Add the user */ - if($uiChoice != 'simple') - { - $uiChoice = 'original'; - } - - if (empty($new_upload_group_fk)) $new_upload_group_fk = 'NULL'; - if (empty($new_upload_perm)) $new_upload_perm = 'NULL'; - $ErrMsg = add_user($User,$Desc,$Seed,$Hash,$Perm,$Email, $Email_notify,$agentList,$Folder, $default_bucketpool_fk); return ($ErrMsg); } // Add() public function Output() { /* If this is a POST, then process the request. */ $User = GetParm('username', PARM_TEXT); if (!empty($User)) { $rc = $this->Add(); if (empty($rc)) { $text = _("User"); $text1 = _("added"); $this->vars['message'] = "$text $User $text1."; } else { $this->vars['message'] = $rc; } } $V = "
\n"; $V.= _("To create a new user, enter the following information:

\n"); $Style = ""; $V.= ""; $Val = htmlentities(GetParm('username', PARM_TEXT), ENT_QUOTES); $text = _("Username"); $V.= "$Style"; $V.= "\n"; $V.= "\n"; $Val = htmlentities(GetParm('description', PARM_TEXT), ENT_QUOTES); $text = _("Description, full name, contact, etc. (optional)"); $V.= "$Style\n"; $V.= "\n"; $V.= "\n"; $Val = htmlentities(GetParm('email', PARM_TEXT), ENT_QUOTES); $text = _("Email address (optional)"); $V .= "$Style\n"; $V.= "\n"; $V.= "\n"; $text = _("Access level"); $V.= "$Style"; $V.= "\n"; $V.= "\n"; $text = _("User root folder"); $V.= "$Style"; $V.= "\n"; $V.= "\n"; $text = _("Password (optional)"); $V.= "$Style\n"; $V.= "\n"; $text = _("Re-enter password"); $V.= "$Style\n"; $V.= "\n"; $text = _("E-mail Notification"); $text1 = _("Check to enable email notification when upload scan completes ."); $V .= "$Style\n"; $V.= "\n"; $text = _("Agents selected by default when uploading"); $V .= "$Style\n"; $text = _("Default bucketpool"); $V.= "$Style"; $V.= ""; $V .= "\n"; $V.= "
$text
$text
$text
$text
$text"; $V.= "
$text
$text
$text" . "$text1
$text\n "; $V.= AgentCheckBoxMake(-1, array("agent_unpack", "agent_adj2nest", "wget_agent")); $V .= "$text"; $default_bucketpool_fk = 0; $V.= SelectBucketPool($default_bucketpool_fk); $V.= "

"; $text = _("Add User"); $V.= "\n"; $V.= "

\n"; return $V; } } $NewPlugin = new user_add; diff --git a/src/www/ui/user-del.php b/src/www/ui/user-del.php index 46bd4f73..a884bd3b 100644 --- a/src/www/ui/user-del.php +++ b/src/www/ui/user-del.php @@ -1,165 +1,163 @@ Name = "user_del"; $this->Title = TITLE_user_del; $this->MenuList = "Admin::Users::Delete"; $this->DBaccess = PLUGIN_DB_ADMIN; parent::__construct(); } /** * \brief Delete a user. * * \return NULL on success, string on failure. */ function Delete($UserId) { global $PG_CONN; /* See if the user already exists */ $sql = "SELECT * FROM users WHERE user_pk = '$UserId' LIMIT 1;"; $result = pg_query($PG_CONN, $sql); DBCheckResult($result, $sql, __FILE__, __LINE__); $row = pg_fetch_assoc($result); pg_free_result($result); if (empty($row['user_name'])) { $text = _("User does not exist."); return($text); } /* Delete the users group * First look up the users group_pk */ $sql = "SELECT group_pk FROM groups WHERE group_name = '$row[user_name]' LIMIT 1;"; $result = pg_query($PG_CONN, $sql); DBCheckResult($result, $sql, __FILE__, __LINE__); $GroupRow = pg_fetch_assoc($result); pg_free_result($result); /* Delete all the group user members for this user_pk */ $sql = "DELETE FROM group_user_member WHERE user_fk = '$UserId'"; $result = pg_query($PG_CONN, $sql); DBCheckResult($result, $sql, __FILE__, __LINE__); pg_free_result($result); /* Delete the user */ $sql = "DELETE FROM users WHERE user_pk = '$UserId';"; $result = pg_query($PG_CONN, $sql); DBCheckResult($result, $sql, __FILE__, __LINE__); pg_free_result($result); /* Now delete their group */ DeleteGroup($GroupRow['group_pk']); /* Make sure it was deleted */ $sql = "SELECT * FROM users WHERE user_name = '$UserId' LIMIT 1;"; $result = pg_query($PG_CONN, $sql); DBCheckResult($result, $sql, __FILE__, __LINE__); $rowCount = pg_num_rows($result); pg_free_result($result); if ($rowCount != 0) { $text = _("Failed to delete user."); return($text); } return(NULL); } // Delete() /** * \brief Generate the text for this plugin. */ public function Output() { global $PG_CONN; $V=""; /* If this is a POST, then process the request. */ $User = GetParm('userid',PARM_TEXT); $Confirm = GetParm('confirm',PARM_INTEGER); if (!empty($User)) { if ($Confirm != 1) { $rc = "Deletion not confirmed. Not deleted."; } else { $rc = $this->Delete($User); } if (empty($rc)) { /* Need to refresh the screen */ $text = _("User deleted."); $this->vars['message'] = $text; } else { $this->vars['message'] = $rc; } } /* Get the user list */ $currentUserId = Auth::getUserId(); $sql = "SELECT user_pk,user_name,user_desc FROM users WHERE user_pk != '$currentUserId' AND user_pk != '1' ORDER BY user_name"; $result = pg_query($PG_CONN, $sql); DBCheckResult($result, $sql, __FILE__, __LINE__); if (pg_num_rows($result) == 0) { $V .= _("No users to delete."); } else { /* Build HTML form */ $V .= _("Deleting a user removes the user entry from the FOSSology system. The user's name, account information, and password will be permanently removed. (There is no 'undo' to this delete.)

\n"); $V .= "

\n"; // no url = this url $V .= _("To delete a user, enter the following information:

\n"); - $Style = ""; - $Val = htmlentities(GetParm('userid',PARM_TEXT),ENT_QUOTES); $V .= "

    \n"; $V .= _("
  1. Select the user to delete.
    "); $V .= "\n"; $text = _("Confirm user deletion"); $V .= "

  2. $text: "; $V .= "
\n"; $text = _("Delete"); $V .= "\n"; $V .= "
\n"; } pg_free_result($result); return $V; } } $NewPlugin = new user_del; diff --git a/src/www/ui/user-edit.php b/src/www/ui/user-edit.php index c6e661e8..b79a876e 100644 --- a/src/www/ui/user-edit.php +++ b/src/www/ui/user-edit.php @@ -1,331 +1,331 @@ _("Edit User Account"), self::MENU_LIST => 'Admin::Users::Edit User Account', self::REQUIRES_LOGIN => true, self::PERMISSION => Auth::PERM_WRITE )); $this->dbManager = $this->getObject('db.manager'); } /** * @brief Allow user to change their account settings (users db table). * If the user is an Admin, they can change settings for any user.\n * This is called in the following circumstances:\n * 1) User clicks on Admin > Edit User Account\n * 2) User has chosen a user to edit from the 'userid' select list \n * 3) User hit submit to update user data\n */ protected function handle(Request $request) { /* Is the session owner an admin? */ $user_pk = Auth::getUserId(); $SessionUserRec = $this->GetUserRec($user_pk); $SessionIsAdmin = $this->IsSessionAdmin($SessionUserRec); $vars = array('refreshUri' => Traceback_uri() . "?mod=" . self::NAME); /* If this is a POST (the submit button was clicked), then process the request. */ $BtnText = $request->get('UpdateBtn'); if (!empty($BtnText)) { /* Get the form data to in an associated array */ $UserRec = $this->CreateUserRec(""); $rv = $this->UpdateUser($UserRec, $SessionIsAdmin); if (empty($rv)) { // Successful db update $vars['message'] = "User $UserRec[user_name] updated."; /* Reread the user record as update verification */ $UserRec = $this->CreateUserRec($UserRec['user_pk']); } else { $vars['message'] = $rv; } } else { $NewUserpk = intval($request->get('newuser')); $UserRec = empty($NewUserpk) ? $this->CreateUserRec($user_pk) : $this->CreateUserRec($NewUserpk); } /* display the edit form with the requested user data */ $vars = array_merge($vars, $this->DisplayForm($UserRec, $SessionIsAdmin)); $vars['userId'] = $UserRec['user_pk']; return $this->render('user_edit.html.twig', $this->mergeWithDefault($vars)); } /** * \brief Display the user record edit form * * \param $UserRec - Database users record for the user to be edited. * \param $SessionIsAdmin - Boolean: This session is by an admin * \return the text of the display form on success, or error on failure. */ private function DisplayForm($UserRec, $SessionIsAdmin) { $vars = array('isSessionAdmin' => $SessionIsAdmin, 'userId' => $UserRec['user_pk']); /* For Admins, get the list of all users * For non-admins, only show themself */ if ($SessionIsAdmin) { $stmt = __METHOD__ . '.asSssionAdmin'; $sql = "SELECT * FROM users ORDER BY user_name"; $this->dbManager->prepare($stmt, $sql); $res = $this->dbManager->execute($stmt); $allUsers = array(); while ($row = $this->dbManager->fetchArray($res)) { $allUsers[$row['user_pk']] = htmlentities($row['user_name']); } $this->dbManager->freeResult($res); $vars['allUsers'] = $allUsers; } $vars['userName'] = $UserRec['user_name']; $vars['userDescription'] = $UserRec['user_desc']; $vars['userEMail'] = $UserRec["user_email"]; $vars['eMailNotification'] = ($UserRec['email_notify'] == 'y'); if ($SessionIsAdmin) { $vars['allAccessLevels'] = array( PLUGIN_DB_NONE => _("None (very basic, no database access)"), PLUGIN_DB_READ => _("Read-only (read, but no writes or downloads)"), PLUGIN_DB_WRITE => _("Read-Write (read, download, or edit information)"), PLUGIN_DB_ADMIN => _("Full Administrator (all access including adding and deleting users)") ); $vars['accessLevel'] = $UserRec['user_perm']; $SelectedFolderPk = $UserRec['root_folder_fk']; $vars['folderListOption'] = FolderListOption($ParentFolder = -1, $Depth = 0, $IncludeTop = 1, $SelectedFolderPk); } $vars['isBlankPassword'] = ($UserRec['_blank_pass'] == 'on'); $vars['agentSelector'] = AgentCheckBoxMake(-1, array("agent_unpack", "agent_adj2nest", "wget_agent"), $UserRec['user_name']); $vars['bucketPool'] = SelectBucketPool($UserRec["default_bucketpool_fk"]); return $vars; } /** * \brief Validate and update the user data. * \param $UserRec - Database record for the user to be edited. * * \return NULL on success, string (error text) on failure. */ function UpdateUser($UserRec, $SessionIsAdmin) { global $PG_CONN; $Errors = ""; /**** Validations ****/ /* Make sure we have a user_pk */ if (empty($UserRec['user_pk'])) { $Errors .= "
  • " . _("Consistency error (User_pk missing). Please start over."); } /* Make sure username looks valid */ if (empty($UserRec['user_name'])) { $Errors .= "
  • " . _("Username must be specified."); } /* Verify the user_name is not a duplicate */ $CheckUserRec = GetSingleRec("users", "WHERE user_name='$UserRec[user_name]'"); if ((!empty($CheckUserRec)) and ( $CheckUserRec['user_pk'] != $UserRec['user_pk'])) { $Errors .= "
  • " . _("Username is not unique."); } /* Make sure password matches */ if ($UserRec['_pass1'] != $UserRec['_pass2']) { $Errors .= "
  • " . _("Passwords do not match."); } /* Make sure email looks valid */ $Check = preg_replace("/[^a-zA-Z0-9@_.+-]/", "", $UserRec['user_email']); if ($Check != $UserRec['user_email']) { $Errors .= "
  • " . _("Invalid email address."); } /* Did they specify a password and also request a blank password? */ if (!empty($UserRec['_blank_pass']) and ( !empty($UserRec['_pass1']) or ! empty($UserRec['_pass2']))) { $Errors .= "
  • " . _("You cannot specify both a password and a blank password."); } /* If we have any errors, return them */ if (!empty($Errors)) { return _("Errors") . ":
      $Errors
    "; } /**** Update the users database record ****/ /* First remove user_pass and user_seed if the password wasn't changed. */ if (!empty($UserRec['_blank_pass']) ) { $UserRec['user_seed'] = rand() . rand(); $UserRec['user_pass'] = sha1($UserRec['user_seed'] . ""); } else if (empty($UserRec['_pass1'])) // password wasn't changed { unset( $UserRec['user_pass']); unset( $UserRec['user_seed']); } /* Build the sql update */ $sql = "UPDATE users SET "; $first = TRUE; foreach($UserRec as $key=>$val) { if ($key[0] == '_' || $key == "user_pk") { continue; } if (!$SessionIsAdmin && ($key == "user_perm" || $key == "root_folder_fk")) { continue; } if (!$first) $sql .= ","; $sql .= "$key='" . pg_escape_string($val) . "'"; $first = FALSE; } $sql .= " where user_pk=$UserRec[user_pk]"; $result = pg_query($PG_CONN, $sql); DBCheckResult($result, $sql, __FILE__, __LINE__); pg_free_result($result); return (NULL); } // UpdateUser() /** * \brief Get a user record * \param $user_pk fetch this users db record * * \return users db record */ function GetUserRec($user_pk) { if (empty($user_pk)) { throw new Exception("Invalid access. Your session has expired.",1); } $UserRec = GetSingleRec("users", "WHERE user_pk=$user_pk"); if (empty($UserRec)) { throw new Exception("Invalid user. ",1); } return $UserRec; } /** * \brief Determine if the session user is an admin * * \return TRUE if the session user is an admin. Otherwise, return FALSE */ private function IsSessionAdmin($UserRec) { return ($UserRec['user_perm'] == PLUGIN_DB_ADMIN); } /** * \brief Create a user record. * \param integer $user_pk: If empty, use form data * * \return A user record in the same associated array format that you get from a pg_fetch_assoc(). * However, there may be additional fields from the data input form that are not in the * users table. These additional fields start with an underscore (_pass1, _pass2, _blank_pass) * that come from the edit form. */ function CreateUserRec($user_pk="") { /* If a $user_pk was given, use it to read the user db record. * Otherwise, use the form data. */ if (!empty($user_pk)) { $UserRec = $this->GetUserRec($user_pk); $UserRec['_pass1'] = ""; $UserRec['_pass2'] = ""; $UserRec['_blank_pass'] = ($UserRec['user_pass'] == sha1($UserRec['user_seed'] . "")) ? "on" : ""; } else { $UserRec = array(); $UserRec['user_pk'] = GetParm('user_pk', PARM_TEXT); $UserRec['user_name'] = GetParm('user_name', PARM_TEXT); $UserRec['root_folder_fk'] = GetParm('root_folder_fk', PARM_INTEGER); $UserRec['user_desc'] = GetParm('user_desc', PARM_TEXT); $UserRec['_pass1'] = GetParm('_pass1', PARM_TEXT); $UserRec['_pass2'] = GetParm('_pass2', PARM_TEXT); if (!empty($UserRec['_pass1'])) { $UserRec['user_seed'] = rand() . rand(); $UserRec['user_pass'] = sha1($UserRec['user_seed'] . $UserRec['_pass1']); $UserRec['_blank_pass'] = ""; } else { $UserRec['user_pass'] = ""; $UserRec['_blank_pass'] = GetParm("_blank_pass", PARM_TEXT); if (empty($UserRec['_blank_pass'])) // check for blank password { // get the stored seed $StoredUserRec = $this->GetUserRec($UserRec['user_pk']); $UserRec['_blank_pass'] = ($UserRec['user_pass'] == sha1($StoredUserRec['user_seed'] . "")) ? "on" : ""; } } $UserRec['user_perm'] = GetParm('user_perm', PARM_INTEGER); $UserRec['user_email'] = GetParm('user_email', PARM_TEXT); $UserRec['email_notify'] = GetParm('email_notify', PARM_TEXT); if (!empty($UserRec['email_notify'])) { $UserRec['email_notify'] = 'y'; } $UserRec['user_agent_list'] = userAgents(); $UserRec['default_bucketpool_fk'] = GetParm("default_bucketpool_fk", PARM_INTEGER); } return $UserRec; } } -register_plugin(new UserEditPage()); +register_plugin(new UserEditPage()); \ No newline at end of file