fixed getrequest variables function to only include $_GET when POST i…

…s not present

added entity check validations
added various validations to controllers
fixed bug in entiy update method that was not properly returning it's status code
fixed bug in the status code function that was wiping out the message array when called twice in the same request

conf/messages.php

@@ -31,13 +31,13 @@
 
 $_owa_messages = array(
 
-// Login related
 2000 => array("An e-mail containing instructions on how to complete the password reset process has been sent to %s",1),
 2001 => array("The e-mail <B>%s</B> was not found in our database. Please check the address and try again.",1),
 2002 => array("<B>Login Failed</B>. Your user name or password did not match.",0),
 2003 => array("Your Account lacks the necessary priviledges to access the requested resource.",0),
 2004 => array("You must login to access the requested resource.",0),
 2010 => array("Sucess. Logout Complete.",0),
+2011 => array("Error. Can't find your temporary passkey in the db.",0),
 
 // Options/Configuration related
 2500 => array("Options Saved.",0),
@@ -53,9 +53,11 @@
 3003 => array("Success. User profile saved.",0),
 3004 => array("Success. User acount deleted."),
 3005 => array("Enter Your New Password", 0),
-3006 => array("Success. Your password will be changed shortly. This may take a few minutes.",0),
+3006 => array("Success. Please login with your new password.",0),
 3007 => array("Error. Your passwords must match.",0),
 3008 => array("Error. Your password must be %s characters long.", 1),
+3009 => array("Error. A user with that email address already exists.", 0),
+3010 => array("A user with that email address does not exist.", 0),
 
 //sites management
 3200 => array("Error. Please fill in all required fields.",0),

modules/base/classes/entityManager.php

@@ -183,7 +183,7 @@ function create() {
 	 */
 	function update($where = '') {	
 
-		$this->entity->update($where);
+		return $this->entity->update($where);
 
 	}
 

modules/base/classes/mailer.php

@@ -88,7 +88,7 @@ function sendMail() {
 			return $this->e->debug(sprintf("Mailer Failure. Was not able to send to %s with subject of '%s'. Error Msgs: '%s'", $this->mailer->to, $this->mailer->Subject, $this->mailer->ErrorInfo));
 
 		else:
-			return $this->e->debug(sprintf("Mail sent to %s with the subject of '%s'.", $this->mailer->to, $this->mailer->Subject));
+			return $this->e->debug(sprintf("Mail sent to %s with the subject of '%s'.", $this->mailer->to[0], $this->mailer->Subject));
 		endif;
 
 

modules/base/loginForm.php

@@ -18,7 +18,6 @@
 
 require_once(OWA_BASE_DIR.'/owa_view.php');
 require_once(OWA_BASE_DIR.'/owa_controller.php');
-require_once(OWA_BASE_DIR.'/owa_auth.php');
 
 /**
  * Login Form Controller

modules/base/passwordResetRequest.php

@@ -39,36 +39,43 @@ function owa_passwordResetRequestController($params) {
 
 	function __construct($params) {
 
-		return parent::__construct($params);
+		parent::__construct($params);
+
+		$v1 = owa_coreAPI::validationFactory('entityDoesNotExist');
+		$v1->setConfig('entity', 'base.user');
+		$v1->setConfig('column', 'email_address');
+		$v1->setValues($this->getParam('email_address'));
+		$v1->setErrorMessage($this->getMsg(3010));
+		$this->setValidation('email_address', $v1);
+
+		return;
 	}
 
 	function action() {
+
+		// Log password reset request to event queue
+		$eq = &eventQueue::get_instance();
 
-		// Check to see if this email exists in the db
-		// fetch user object from the db
-		$u = owa_coreAPI::entityFactory('base.user');
-		$u->getByColumn('email_address', $this->getParam('email_address'));
-		$uid = $u->get('user_id');	
-
-		// If user exists then fire event and return view
-		if (!empty($uid)) {
-
-			// Log password reset request to event queue
-			$eq = &eventQueue::get_instance();
-			$eq->log(array('user_id' => $uid), 'base.reset_password');
-
-			// return view
-			$this->setView('base.passwordResetForm');
-			$this->set('status_msg', $this->getMsg(2000, $this->getParam('email_address')));	
-
-		// if user does not exists just return view with error
-		} else {
-			$this->setView('base.passwordResetForm');
-			$this->set('error_msg', $this->getMsg(2001, $this->getParam('email_address')));
-		}
-
+		$eq->log(array('email_address' => $this->getParam('email_address')), 'base.reset_password');
+
+		// return view
+		$this->setView('base.passwordResetForm');
+		$email_address = $this->getParam('email_address');
+		$msg = $this->getMsg(2000, $email_address);
+		$this->set('status_msg', $msg);	
+
 		return;
 	}
+
+	function errorAction() {
+
+		$this->setView('base.passwordResetForm');
+		$this->set('error_msg', $this->getMsg(2001, $this->getParam('email_address')));
+		return;
+	}
+
+
+
 }
 
 

modules/base/sitesAdd.php

@@ -130,14 +130,13 @@ function action() {
 
 	function errorAction() {
 
-		$data['view_method'] = 'delegate'; 
-		$data['view'] = 'base.options';
-		$data['subview'] = 'base.sitesProfile';
-		$data['error_code'] = 3307;
-		$data['site'] = $this->params;	
-		$data['validation_errors'] = $this->getValidationErrorMsgs();
+		$this->setView('base.options');
+		$this->setSubview('base.sitesProfile');
+		$this->set('error_code', 3309);
+		$this->set('site', $this->params);	
+		//$data['validation_errors'] = $this->getValidationErrorMsgs();
 
-		return $data;
+		return;
 	}
 
 }

modules/base/templates/users.tpl

@@ -13,6 +13,7 @@
 			<TR>
 				<TH>User ID</TH>
 				<TH>Real Name</TH>
+				<TH>Email Address</TH>
 				<TH>Role</TH>
 				<TH>Last Updated</TH>
 				<TH>Options</TH>
@@ -23,6 +24,7 @@
 			<TR>
 				<TD><?=$value['user_id'];?></TD>
 				<TD><?=$value['real_name'];?></TD>
+				<TD><?=$value['email_address'];?></TD>
 				<TD><?=$value['role'];?></TD>
 				<TD><?=date("F j, Y, g:i a", $value['last_update_date']);?></TD>
 				<TD><a href="<?=$this->makeLink(array('do' => 'base.usersProfile', 'edit' => true, 'user_id' => $value['user_id']));?>">Edit</a>  

modules/base/usersAdd.php

@@ -40,56 +40,68 @@ function owa_usersAddController($params) {
 
 	function __construct($params) {
 
+		parent::__construct($params);
+
 		$this->setRequiredCapability('edit_users');
-		return parent::__construct($params);
+
+		// Check for user with the same email address
+		// this is needed or else the change password feature will not know which account
+		// to chane the password for.
+		$v1 = owa_coreAPI::validationFactory('entityExists');
+		$v1->setConfig('entity', 'base.user');
+		$v1->setConfig('column', 'email_address');
+		$v1->setValues($this->getParam('email_address'));
+		$v1->setErrorMessage($this->getMsg(3009));
+		$this->setValidation('email_address', $v1);
+
+		// Check user name.
+		$v2 = owa_coreAPI::validationFactory('entityExists');
+		$v2->setConfig('entity', 'base.user');
+		$v2->setConfig('column', 'user_id');
+		$v2->setValues($this->getParam('user_id'));
+		$v2->setErrorMessage($this->getMsg(3001));
+		$this->setValidation('user_id', $v2);
+
+		return;
 	}
 
 	function action() {
+
+		$userManager = owa_coreApi::supportClassFactory('base', 'userManager');				
+
+
+		$user_params = array( 'user_id' 		=> $this->params['user_id'],
+							  'real_name' 		=> $this->params['real_name'],
+						      'role'			=> $this->params['role'],
+							  'email_address' 	=> $this->params['email_address']); 
+
+		$temp_passkey = $userManager->createNewUser($user_params);
 
-		$u = owa_coreApi::entityFactory('base.user');
+		// log account creation event to event queue
+		$eq = &eventQueue::get_instance();
+		$eq->log(array( 'user_id' 	=> $this->params['user_id'],
+						'real_name' => $this->params['real_name'],
+						'role' 		=> $this->params['role'],
+						'email_address' => $this->params['email_address'],
+						'temp_passkey' => $temp_passkey), 
+						'base.new_user_account');
 
-		//Check to see if user name already exists
-		$u->getByColumn('user_id', $this->params['user_id']);
-
-		$id = $u->get('id');
 
-		// Set user object Params
-		if (empty($id)):
-
-			$userManager = owa_coreApi::supportClassFactory('base', 'userManager');				
-
-
-			$user_params = array( 'user_id' 		=> $this->params['user_id'],
-								  'real_name' 		=> $this->params['real_name'],
-							      'role'			=> $this->params['role'],
-								  'email_address' 	=> $this->params['email_address']); 
-
-			$temp_passkey = $userManager->createNewUser($user_params);
-
-			// log account creation event to event queue
-			$eq = &eventQueue::get_instance();
-			$eq->log(array( 'user_id' 	=> $this->params['user_id'],
-							'real_name' => $this->params['real_name'],
-							'role' 		=> $this->params['role'],
-							'email_address' => $this->params['email_address'],
-							'temp_passkey' => $temp_passkey), 
-							'base.new_user_account');
-
-
-			$this->setRedirectAction('base.users');
-			$this->set('status_code', 3000);
-
-		//Send user and back to form to pick a new user name.
-		else:
-
-			$this->setView('base.options');
-			$this->setSubview('base.usersProfile');
-			$this->set('error_code', 3001);
-			//assign original form data so the user does not have to re-enter the data
-			$this->set('user', $this->params);
-		endif;
+		$this->setRedirectAction('base.users');
+		$this->set('status_code', 3000);
+
+		return;
+	}
+
+	function errorAction() {
+		$this->setView('base.options');
+		$this->setSubview('base.usersProfile');
+		$this->set('error_code', 3009);
+		//assign original form data so the user does not have to re-enter the data
+		$this->set('profile', $this->params);
 
 		return;
+
 	}
 
 }

modules/base/usersChangePassword.php

@@ -64,7 +64,7 @@ function __construct($params) {
 	}
 
 	function action() {
-		exit;
+
 		$auth = &owa_auth::get_instance();
 		$status = $auth->authenticateUserTempPasskey($this->params['k']);
 
@@ -74,11 +74,11 @@ function action() {
 			$new_password = array('key' => $this->params['k'], 'password' => $auth->encryptPassword($this->params['password']), 'ip' => $_SERVER['REMOTE_ADDR']);
 			$eq->log($new_password, 'base.set_password');
 			$auth->deleteCredentials();	
-			$this->setRedirectAction('base.login');
+			$this->setRedirectAction('base.loginForm');
 			$this->set('status_code', 3006);
 		} else {
-			$this->setRedirectAction('base.login');
-			$this->set('error_code', 000000); // can't find key in the db
+			$this->setRedirectAction('base.loginForm');
+			$this->set('error_code', 2011); // can't find key in the db
 		}
 
 		return;

modules/base/usersResetPassword.php

@@ -35,23 +35,30 @@
 class owa_usersResetPasswordController extends owa_controller {
 
 	function owa_usersResetPasswordController($params) {
-		$this->owa_controller($params);
 
+		return owa_usersResetPasswordController::__construct($params);
+	}
+
+	function __construct($params) {
+
+		return parent::__construct($params);
 	}
 
 	function action() {
 		$auth = &owa_auth::get_instance();
 		$u = owa_coreAPI::entityFactory('base.user');
-		$u->getByColumn('user_id', $this->getParam('user_id'));
-		$u->set('temp_passkey', $auth->generateTempPasskey($this->getParam('user_id')));
+		$u->getByColumn('email_address', $this->getParam('email_address'));
+		$u->set('temp_passkey', $auth->generateTempPasskey($u->get('user_id')));
 		$status = $u->update();
-
+		$this->e->debug('status: '.$status);
 		if ($status === true):
 
 			$this->setView('base.usersResetPassword');
 			$this->set('key', $u->get('temp_passkey'));
 			$this->set('email_address', $u->get('email_address'));
 
+		else:
+			$this->e->debug("could not update password in db.");	
 		endif;
 
 		return;
@@ -89,7 +96,7 @@ function render($data) {
 		$this->body->set_template('users_reset_password_email.tpl');
 		$this->body->set('key', $this->get('key'));
 		$this->setMailSubject('Your New OWA Password');	
-		$this->addMailToAddress($this->get('email_address'));
+		$this->addMailToAddress($this->get('email_address')); 
 
 		return;
 

owa_base.php

@@ -100,7 +100,12 @@ function __construct() {
 	 */
 	function getMsg($code, $s1 = null, $s2 = null, $s3 = null, $s4 = null) {
 
-		include_once(OWA_DIR.'conf/messages.php');
+		static $_owa_messages;
+
+		if (empty($_owa_messages)) {
+
+			require_once(OWA_DIR.'conf/messages.php');
+		}
 
 		switch ($_owa_messages[$code][1]) {
 

owa_controller.php

@@ -216,26 +216,23 @@ function doAction() {
 		// set site_id
 		$this->set('site_id', $this->get('site_id'));
 
-		/*
-		
 		// set status msg - NEEDED HERE? doesnt owa_ view handle this?
-		if (!empty($this->params['status_code'])):
-			$this->data['status_msg'] = $this->getMsg($this->params['status_code']);
+		if (array_key_exists('status_code', $this->params)):
+			$this->set('status_code', $this->getParam('status_code'));
 		endif;
 
 		// get error msg from error code passed on the query string from a redirect.
-		if (!empty($this->params['error_code'])):
-			$this->data['error_msg'] = $this->getMsg($this->params['error_code']);
+		if (array_key_exists('error_code', $this->params)):
+			$this->set('error_code', $this->getParam('error_code'));
 		endif;
-		
-		*/
 
 		// check to see if the controller has created a validator
 		if (!empty($this->v)):
 			// if so do the validations required
 			$this->v->doValidations();
-			//check for erros
+			//check for errors
 			if ($this->v->hasErrors === true):
+				//print_r($this->v);
 				// if errors, do the errorAction instead of the normal action
 				$this->set('validation_errors', $this->getValidationErrorMsgs());
 				$ret = $this->errorAction();