ProfileAction.class.php (9871B)
1 <?php 2 3 namespace cms\action; 4 5 6 // OpenRat Content Management System 7 // Copyright (C) 2002-2012 Jan Dankert, cms@jandankert.de 8 // 9 // This program is free software; you can redistribute it and/or 10 // modify it under the terms of the GNU General Public License 11 // as published by the Free Software Foundation; either version 2 12 // of the License, or (at your option) any later version. 13 // 14 // This program is distributed in the hope that it will be useful, 15 // but WITHOUT ANY WARRANTY; without even the implied warranty of 16 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 // GNU General Public License for more details. 18 // 19 // You should have received a copy of the GNU General Public License 20 // along with this program; if not, write to the Free Software 21 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 22 use cms\model\BaseObject; 23 use cms\model\User; 24 use language\Language; 25 use LogicException; 26 use Mail; 27 use modules\util\UIUtils; 28 use security\Base2n; 29 use \Session; 30 31 32 /** 33 * Action-Klasse zum Bearbeiten des Benutzerprofiles 34 * 35 * @author $Author$ 36 * @version $Revision$ 37 * @package openrat.actions 38 */ 39 class ProfileAction extends BaseAction 40 { 41 public $security = Action::SECURITY_USER; 42 43 private $user; 44 var $defaultSubAction = 'edit'; 45 46 /** 47 * Konstruktor. 48 * Setzen der Benutzer-Objektes. 49 */ 50 function __construct() 51 { 52 parent::__construct(); 53 54 $this->user = Session::getUser(); 55 } 56 57 58 /** 59 * Abspeichern des Profiles 60 */ 61 function editPost() 62 { 63 $this->user->fullname = $this->getRequestVar('fullname'); 64 $this->user->tel = $this->getRequestVar('tel' ); 65 $this->user->desc = $this->getRequestVar('desc' ); 66 $this->user->style = $this->getRequestVar('style' ); 67 $this->user->language = $this->getRequestVar('language'); 68 $this->user->timezone = $this->getRequestVar('timezone'); 69 $this->user->hotp = $this->hasRequestVar('hotp' ); 70 $this->user->totp = $this->hasRequestVar('totp' ); 71 72 73 $this->setStyle( $this->user->style ); // Style sofort anwenden 74 Session::setUser( $this->user ); 75 76 if ( !empty($this->user->fullname) ) 77 { 78 $this->user->save(); 79 $this->setStyle($this->user->style); 80 $this->addNotice('user',$this->user->name,'SAVED','ok'); 81 } 82 else 83 { 84 $this->addValidationError('fullname'); 85 } 86 87 88 // Ausgewählte Sprache sofort verwenden. 89 $l = $this->getRequestVar('language'); 90 91 $this->setLanguage($l); 92 } 93 94 95 96 /** 97 * Anzeigen einer Maske zum Ändern des Kennwortes. 98 */ 99 function pwView() 100 { 101 // Kennwortänderung funktioniert natürlich nur in der internen Datenbank. 102 // 103 // Hier wird festgestellt, ob der Benutzer sich über die interne Datenbank angemeldet hat. 104 // Nur dann kann man auch sein Kennwort ändern. 105 $user = $this->getUserFromSession(); 106 $pwchangePossible = in_array( strtolower($user->loginModuleName), array('cookieauth','internal')); 107 $this->setTemplateVar('pwchange_enabled', $pwchangePossible); 108 } 109 110 111 112 /** 113 * Anzeige einer Maske zum Ändern der E-Mail-Adresse 114 */ 115 function mailView() 116 { 117 } 118 119 120 121 /* 122 * Es wird eine E-Mail mit einem Freischaltcode an die eingegebene Adresse geschickt. 123 */ 124 function mailPost() 125 { 126 srand ((double)microtime()*1000003); 127 $code = rand(); // Zufalls-Freischaltcode erzeugen 128 $newMail = $this->getRequestVar('mail'); 129 130 if ( empty($newMail) ) 131 { 132 // Keine E-Mail-Adresse eingegeben. 133 $this->addValidationError('mail'); 134 return; 135 } 136 else 137 { 138 // Der Freischaltcode wird in der Sitzung gespeichert. 139 Session::set('mailChangeCode',$code ); 140 Session::set('mailChangeMail',$newMail); 141 142 // E-Mail an die neue Adresse senden. 143 $mail = new Mail( $newMail,'mail_change_code' ); 144 $mail->setVar('code',$code ); 145 $mail->setVar('name',$this->user->getName()); 146 147 if ( $mail->send() ) 148 { 149 $this->addNotice('user',$this->user->name,'mail_sent',OR_NOTICE_OK); // Meldung 150 } 151 else 152 { 153 $this->addNotice('user',$this->user->name,'mail_not_sent',OR_NOTICE_ERROR,array(),$mail->error); // Meldung 154 return; 155 } 156 } 157 } 158 159 160 161 /** 162 * Anzeige einer Maske, in die der Freischaltcode für das 163 * Ändern der E-Mail-Adresse eingetragen werden muss. 164 */ 165 function confirmmailView() 166 { 167 } 168 169 170 171 /** 172 * Abspeichern der neuen E-Mail-Adresse 173 */ 174 function confirmmailPost() 175 { 176 $sessionCode = Session::get('mailChangeCode'); 177 $newMail = Session::get('mailChangeMail'); 178 $inputRegisterCode = $this->getRequestVar('code'); 179 180 if ( $sessionCode == $inputRegisterCode ) 181 { 182 // Best�tigungscode stimmt �berein. 183 // E-Mail-Adresse �ndern. 184 $this->user->mail = $newMail; 185 $this->user->save(); 186 187 $this->addNotice('user',$this->user->name,'SAVED',OR_NOTICE_OK); 188 } 189 else 190 { 191 // Best�tigungscode stimmt nicht. 192 $this->addValidationError('code','code_not_match'); 193 } 194 195 } 196 197 198 199 public function pwPost() 200 { 201 if ( ! $this->user->checkPassword( $this->getRequestVar('act_password') ) ) 202 { 203 $this->addValidationError('act_password'); 204 } 205 elseif ( $this->getRequestVar('password1') == '' ) 206 { 207 $this->addValidationError('password1'); 208 } 209 elseif ( $this->getRequestVar('password1') != $this->getRequestVar('password2') ) 210 { 211 $this->addValidationError('password2','PASSWORDS_DO_NOT_MATCH'); 212 } 213 elseif ( strlen($this->getRequestVar('password1'))<intval(config('security','password','min_length')) ) 214 { 215 $this->addValidationError('password1','PASSWORD_MINLENGTH',array('minlength'=>config('security','password','min_length'))); 216 } 217 else 218 { 219 $this->user->setPassword( $this->getRequestVar('password1') ); 220 $this->addNotice('user',$this->user->name,'SAVED','ok'); 221 } 222 } 223 224 225 226 /** 227 * Anzeige aller Benutzer-Eigenschaften. 228 */ 229 function editView() 230 { 231 $issuer = urlencode(config('application','operator')); 232 $account = $this->user->name.'@'.$_SERVER['SERVER_NAME']; 233 234 $base32 = new Base2n(5, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567', FALSE, TRUE, TRUE); 235 $secret = $base32->encode(hex2bin($this->user->otpSecret)); 236 $counter = $this->user->hotpCount; 237 238 $this->setTemplateVars( $this->user->getProperties() ); 239 240 $this->setTemplateVar( 'allstyles',$this->user->getAvailableStyles() ); 241 242 $this->setTemplateVar('timezone_list',timezone_identifiers_list() ); 243 244 $languages = explode(',',config('i18n','available')); 245 foreach($languages as $id=>$name) 246 { 247 unset($languages[$id]); 248 $languages[$name] = $name; 249 } 250 $this->setTemplateVar('language_list',$languages); 251 252 $this->setTemplateVars( 253 $this->user->getProperties() + 254 array('totpSecretUrl' => "otpauth://totp/{$issuer}:{$account}?secret={$secret}&issuer={$issuer}", 255 'hotpSecretUrl' => "otpauth://hotp/{$issuer}:{$account}?secret={$secret}&issuer={$issuer}&counter={$counter}" 256 ) 257 ); 258 259 260 } 261 262 263 264 /** 265 * Anzeige aller Gruppen des angemeldeten Benutzers. 266 * 267 */ 268 function membershipsView() 269 { 270 $this->setTemplateVar( 'groups',$this->user->getGroups() ); 271 } 272 273 274 275 /** 276 * @param String $name Menüpunkt 277 * @return boolean true, falls Menüpunkt zugelassen 278 */ 279 function checkMenu( $name ) 280 { 281 global $conf; 282 283 switch( $name ) 284 { 285 case 'pwchange': 286 // Die Funktion "Kennwort setzen" ist nur aktiv, wenn als Authentifizierungs-Backend 287 // auch die interne Benutzerdatenbank eingesetzt wird. 288 return @$conf['security']['auth']['type'] == 'database' 289 && !@$conf['security']['auth']['userdn']; 290 291 default: 292 return true; 293 } 294 } 295 296 /** 297 * Setzt eine Sprache für den Benutzer. 298 * 299 * @param $l string Sprache 300 */ 301 public function setLanguage($l) 302 { 303 $conf = Session::getConfig(); 304 $language = new \language\Language(); 305 $conf['language'] = $language->getLanguage($l,PRODUCTION); 306 $conf['language']['language_code'] = $l; 307 Session::setConfig($conf); 308 } 309 310 311 312 /** 313 * Ermittelt die letzten Änderungen, die durch den aktuellen Benutzer in allen Projekten gemacht worden sind. 314 */ 315 public function historyView() 316 { 317 $lastChanges = $this->user->getLastChanges(); 318 319 $timeline = array(); 320 321 foreach( $lastChanges as $entry ) 322 { 323 $timeline[ $entry['objectid'] ] = $entry; 324 $baseObject = new BaseObject( $entry['objectid']); 325 $baseObject->objectLoad(); 326 $timeline[ $entry['objectid'] ]['type'] = $baseObject->getType(); 327 } 328 $this->setTemplateVar('timeline', $timeline); 329 } 330 331 332 333 public function userinfoView() 334 { 335 336 $user = Session::getUser(); 337 338 $currentStyle = $this->getUserStyle($user); 339 $this->setTemplateVar('style',$currentStyle); 340 341 342 $styleConfig = config('style-default'); // default style config 343 $userStyleConfig = config('style', $currentStyle); // user style config 344 345 if (is_array($userStyleConfig)) 346 $styleConfig = array_merge($styleConfig, $userStyleConfig ); // Merging user style into default style 347 else 348 ; // Unknown style name, we are ignoring this. 349 350 // Theme base color for smartphones colorizing their status bar. 351 $this->setTemplateVar('theme-color', UIUtils::getColorHexCode($styleConfig['title_background_color'])); 352 } 353 354 355 /** 356 * All UI settings. 357 */ 358 public function uisettingsView() { 359 360 $this->setTemplateVar('settings',Config()->get('ui') ); 361 } 362 363 364 /** 365 * The user-dependent language codes. 366 */ 367 public function languageView() { 368 369 $this->setTemplateVar('language',Config()->get('language') ); 370 } 371 372 373 374 public function pingView() 375 { 376 $this->setTemplateVar('pong',1); 377 } 378 379 380 381 /** 382 * @param User $user 383 * @return string 384 */ 385 private function getUserStyle( $user ) 386 { 387 // Theme für den angemeldeten Benuter ermitteln 388 if ( $user && isset(config('style')[$user->style])) 389 $style = $user->style; 390 else 391 $style = config('interface', 'style', 'default'); 392 393 return $style; 394 } 395 396 397 }