From 5aa88dd29027871622d086fce2ce7f1c875265b3 Mon Sep 17 00:00:00 2001 From: padams Date: Sun, 11 Jan 2009 07:24:24 +0000 Subject: [PATCH] fixed getrequest variables function to only include $_GET when POST is not present added entity check validations added various validations to controllers fixed bug in entiy update method that was not properly returning it's status code fixed bug in the status code function that was wiping out the message array when called twice in the same request --- conf/messages.php | 6 +- modules/base/classes/entityManager.php | 2 +- modules/base/classes/mailer.php | 2 +- modules/base/loginForm.php | 1 - modules/base/passwordResetRequest.php | 55 +++++++------ modules/base/sitesAdd.php | 13 ++- modules/base/templates/users.tpl | 2 + modules/base/usersAdd.php | 94 ++++++++++++---------- modules/base/usersChangePassword.php | 8 +- modules/base/usersResetPassword.php | 17 ++-- owa_base.php | 7 +- owa_controller.php | 15 ++-- owa_lib.php | 15 +++- owa_view.php | 6 +- plugins/validations/entityDoesNotExist.php | 71 ++++++++++++++++ plugins/validations/entityExists.php | 71 ++++++++++++++++ 16 files changed, 287 insertions(+), 98 deletions(-) create mode 100644 plugins/validations/entityDoesNotExist.php create mode 100644 plugins/validations/entityExists.php diff --git a/conf/messages.php b/conf/messages.php index 01c807799..62d5b1fda 100644 --- a/conf/messages.php +++ b/conf/messages.php @@ -31,13 +31,13 @@ $_owa_messages = array( -// Login related 2000 => array("An e-mail containing instructions on how to complete the password reset process has been sent to %s",1), 2001 => array("The e-mail %s was not found in our database. Please check the address and try again.",1), 2002 => array("Login Failed. Your user name or password did not match.",0), 2003 => array("Your Account lacks the necessary priviledges to access the requested resource.",0), 2004 => array("You must login to access the requested resource.",0), 2010 => array("Sucess. Logout Complete.",0), +2011 => array("Error. Can't find your temporary passkey in the db.",0), // Options/Configuration related 2500 => array("Options Saved.",0), @@ -53,9 +53,11 @@ 3003 => array("Success. User profile saved.",0), 3004 => array("Success. User acount deleted."), 3005 => array("Enter Your New Password", 0), -3006 => array("Success. Your password will be changed shortly. This may take a few minutes.",0), +3006 => array("Success. Please login with your new password.",0), 3007 => array("Error. Your passwords must match.",0), 3008 => array("Error. Your password must be %s characters long.", 1), +3009 => array("Error. A user with that email address already exists.", 0), +3010 => array("A user with that email address does not exist.", 0), //sites management 3200 => array("Error. Please fill in all required fields.",0), diff --git a/modules/base/classes/entityManager.php b/modules/base/classes/entityManager.php index 35b623901..21dc7d8bc 100644 --- a/modules/base/classes/entityManager.php +++ b/modules/base/classes/entityManager.php @@ -183,7 +183,7 @@ function create() { */ function update($where = '') { - $this->entity->update($where); + return $this->entity->update($where); } diff --git a/modules/base/classes/mailer.php b/modules/base/classes/mailer.php index 09699f28d..1f18c562e 100644 --- a/modules/base/classes/mailer.php +++ b/modules/base/classes/mailer.php @@ -88,7 +88,7 @@ function sendMail() { return $this->e->debug(sprintf("Mailer Failure. Was not able to send to %s with subject of '%s'. Error Msgs: '%s'", $this->mailer->to, $this->mailer->Subject, $this->mailer->ErrorInfo)); else: - return $this->e->debug(sprintf("Mail sent to %s with the subject of '%s'.", $this->mailer->to, $this->mailer->Subject)); + return $this->e->debug(sprintf("Mail sent to %s with the subject of '%s'.", $this->mailer->to[0], $this->mailer->Subject)); endif; diff --git a/modules/base/loginForm.php b/modules/base/loginForm.php index 948725a8b..ccf706826 100644 --- a/modules/base/loginForm.php +++ b/modules/base/loginForm.php @@ -18,7 +18,6 @@ require_once(OWA_BASE_DIR.'/owa_view.php'); require_once(OWA_BASE_DIR.'/owa_controller.php'); -require_once(OWA_BASE_DIR.'/owa_auth.php'); /** * Login Form Controller diff --git a/modules/base/passwordResetRequest.php b/modules/base/passwordResetRequest.php index add3fd36b..d0d2c0b18 100644 --- a/modules/base/passwordResetRequest.php +++ b/modules/base/passwordResetRequest.php @@ -39,36 +39,43 @@ function owa_passwordResetRequestController($params) { function __construct($params) { - return parent::__construct($params); + parent::__construct($params); + + $v1 = owa_coreAPI::validationFactory('entityDoesNotExist'); + $v1->setConfig('entity', 'base.user'); + $v1->setConfig('column', 'email_address'); + $v1->setValues($this->getParam('email_address')); + $v1->setErrorMessage($this->getMsg(3010)); + $this->setValidation('email_address', $v1); + + return; } function action() { + + // Log password reset request to event queue + $eq = &eventQueue::get_instance(); - // Check to see if this email exists in the db - // fetch user object from the db - $u = owa_coreAPI::entityFactory('base.user'); - $u->getByColumn('email_address', $this->getParam('email_address')); - $uid = $u->get('user_id'); - - // If user exists then fire event and return view - if (!empty($uid)) { - - // Log password reset request to event queue - $eq = &eventQueue::get_instance(); - $eq->log(array('user_id' => $uid), 'base.reset_password'); - - // return view - $this->setView('base.passwordResetForm'); - $this->set('status_msg', $this->getMsg(2000, $this->getParam('email_address'))); - - // if user does not exists just return view with error - } else { - $this->setView('base.passwordResetForm'); - $this->set('error_msg', $this->getMsg(2001, $this->getParam('email_address'))); - } - + $eq->log(array('email_address' => $this->getParam('email_address')), 'base.reset_password'); + + // return view + $this->setView('base.passwordResetForm'); + $email_address = $this->getParam('email_address'); + $msg = $this->getMsg(2000, $email_address); + $this->set('status_msg', $msg); + return; } + + function errorAction() { + + $this->setView('base.passwordResetForm'); + $this->set('error_msg', $this->getMsg(2001, $this->getParam('email_address'))); + return; + } + + + } diff --git a/modules/base/sitesAdd.php b/modules/base/sitesAdd.php index baa52cc15..3a9cec03a 100644 --- a/modules/base/sitesAdd.php +++ b/modules/base/sitesAdd.php @@ -130,14 +130,13 @@ function action() { function errorAction() { - $data['view_method'] = 'delegate'; - $data['view'] = 'base.options'; - $data['subview'] = 'base.sitesProfile'; - $data['error_code'] = 3307; - $data['site'] = $this->params; - $data['validation_errors'] = $this->getValidationErrorMsgs(); + $this->setView('base.options'); + $this->setSubview('base.sitesProfile'); + $this->set('error_code', 3309); + $this->set('site', $this->params); + //$data['validation_errors'] = $this->getValidationErrorMsgs(); - return $data; + return; } } diff --git a/modules/base/templates/users.tpl b/modules/base/templates/users.tpl index cd20f32a2..8e7faef58 100644 --- a/modules/base/templates/users.tpl +++ b/modules/base/templates/users.tpl @@ -13,6 +13,7 @@ User ID Real Name + Email Address Role Last Updated Options @@ -23,6 +24,7 @@ + Edit diff --git a/modules/base/usersAdd.php b/modules/base/usersAdd.php index 8ecbea6d9..229bc53eb 100644 --- a/modules/base/usersAdd.php +++ b/modules/base/usersAdd.php @@ -40,56 +40,68 @@ function owa_usersAddController($params) { function __construct($params) { + parent::__construct($params); + $this->setRequiredCapability('edit_users'); - return parent::__construct($params); + + // Check for user with the same email address + // this is needed or else the change password feature will not know which account + // to chane the password for. + $v1 = owa_coreAPI::validationFactory('entityExists'); + $v1->setConfig('entity', 'base.user'); + $v1->setConfig('column', 'email_address'); + $v1->setValues($this->getParam('email_address')); + $v1->setErrorMessage($this->getMsg(3009)); + $this->setValidation('email_address', $v1); + + // Check user name. + $v2 = owa_coreAPI::validationFactory('entityExists'); + $v2->setConfig('entity', 'base.user'); + $v2->setConfig('column', 'user_id'); + $v2->setValues($this->getParam('user_id')); + $v2->setErrorMessage($this->getMsg(3001)); + $this->setValidation('user_id', $v2); + + return; } function action() { + + $userManager = owa_coreApi::supportClassFactory('base', 'userManager'); + + + $user_params = array( 'user_id' => $this->params['user_id'], + 'real_name' => $this->params['real_name'], + 'role' => $this->params['role'], + 'email_address' => $this->params['email_address']); + + $temp_passkey = $userManager->createNewUser($user_params); - $u = owa_coreApi::entityFactory('base.user'); + // log account creation event to event queue + $eq = &eventQueue::get_instance(); + $eq->log(array( 'user_id' => $this->params['user_id'], + 'real_name' => $this->params['real_name'], + 'role' => $this->params['role'], + 'email_address' => $this->params['email_address'], + 'temp_passkey' => $temp_passkey), + 'base.new_user_account'); - //Check to see if user name already exists - $u->getByColumn('user_id', $this->params['user_id']); - - $id = $u->get('id'); - // Set user object Params - if (empty($id)): - - $userManager = owa_coreApi::supportClassFactory('base', 'userManager'); - - - $user_params = array( 'user_id' => $this->params['user_id'], - 'real_name' => $this->params['real_name'], - 'role' => $this->params['role'], - 'email_address' => $this->params['email_address']); - - $temp_passkey = $userManager->createNewUser($user_params); - - // log account creation event to event queue - $eq = &eventQueue::get_instance(); - $eq->log(array( 'user_id' => $this->params['user_id'], - 'real_name' => $this->params['real_name'], - 'role' => $this->params['role'], - 'email_address' => $this->params['email_address'], - 'temp_passkey' => $temp_passkey), - 'base.new_user_account'); - - - $this->setRedirectAction('base.users'); - $this->set('status_code', 3000); - - //Send user and back to form to pick a new user name. - else: - - $this->setView('base.options'); - $this->setSubview('base.usersProfile'); - $this->set('error_code', 3001); - //assign original form data so the user does not have to re-enter the data - $this->set('user', $this->params); - endif; + $this->setRedirectAction('base.users'); + $this->set('status_code', 3000); + + return; + } + + function errorAction() { + $this->setView('base.options'); + $this->setSubview('base.usersProfile'); + $this->set('error_code', 3009); + //assign original form data so the user does not have to re-enter the data + $this->set('profile', $this->params); return; + } } diff --git a/modules/base/usersChangePassword.php b/modules/base/usersChangePassword.php index b93f04258..e4d7c9dcc 100644 --- a/modules/base/usersChangePassword.php +++ b/modules/base/usersChangePassword.php @@ -64,7 +64,7 @@ function __construct($params) { } function action() { - exit; + $auth = &owa_auth::get_instance(); $status = $auth->authenticateUserTempPasskey($this->params['k']); @@ -74,11 +74,11 @@ function action() { $new_password = array('key' => $this->params['k'], 'password' => $auth->encryptPassword($this->params['password']), 'ip' => $_SERVER['REMOTE_ADDR']); $eq->log($new_password, 'base.set_password'); $auth->deleteCredentials(); - $this->setRedirectAction('base.login'); + $this->setRedirectAction('base.loginForm'); $this->set('status_code', 3006); } else { - $this->setRedirectAction('base.login'); - $this->set('error_code', 000000); // can't find key in the db + $this->setRedirectAction('base.loginForm'); + $this->set('error_code', 2011); // can't find key in the db } return; diff --git a/modules/base/usersResetPassword.php b/modules/base/usersResetPassword.php index 4d16ef56a..c3132a4d7 100644 --- a/modules/base/usersResetPassword.php +++ b/modules/base/usersResetPassword.php @@ -35,23 +35,30 @@ class owa_usersResetPasswordController extends owa_controller { function owa_usersResetPasswordController($params) { - $this->owa_controller($params); + return owa_usersResetPasswordController::__construct($params); + } + + function __construct($params) { + + return parent::__construct($params); } function action() { $auth = &owa_auth::get_instance(); $u = owa_coreAPI::entityFactory('base.user'); - $u->getByColumn('user_id', $this->getParam('user_id')); - $u->set('temp_passkey', $auth->generateTempPasskey($this->getParam('user_id'))); + $u->getByColumn('email_address', $this->getParam('email_address')); + $u->set('temp_passkey', $auth->generateTempPasskey($u->get('user_id'))); $status = $u->update(); - + $this->e->debug('status: '.$status); if ($status === true): $this->setView('base.usersResetPassword'); $this->set('key', $u->get('temp_passkey')); $this->set('email_address', $u->get('email_address')); + else: + $this->e->debug("could not update password in db."); endif; return; @@ -89,7 +96,7 @@ function render($data) { $this->body->set_template('users_reset_password_email.tpl'); $this->body->set('key', $this->get('key')); $this->setMailSubject('Your New OWA Password'); - $this->addMailToAddress($this->get('email_address')); + $this->addMailToAddress($this->get('email_address')); return; diff --git a/owa_base.php b/owa_base.php index 5b0709472..d918be618 100644 --- a/owa_base.php +++ b/owa_base.php @@ -100,7 +100,12 @@ function __construct() { */ function getMsg($code, $s1 = null, $s2 = null, $s3 = null, $s4 = null) { - include_once(OWA_DIR.'conf/messages.php'); + static $_owa_messages; + + if (empty($_owa_messages)) { + + require_once(OWA_DIR.'conf/messages.php'); + } switch ($_owa_messages[$code][1]) { diff --git a/owa_controller.php b/owa_controller.php index c070dbc00..b1d772435 100644 --- a/owa_controller.php +++ b/owa_controller.php @@ -216,26 +216,23 @@ function doAction() { // set site_id $this->set('site_id', $this->get('site_id')); - /* - // set status msg - NEEDED HERE? doesnt owa_ view handle this? - if (!empty($this->params['status_code'])): - $this->data['status_msg'] = $this->getMsg($this->params['status_code']); + if (array_key_exists('status_code', $this->params)): + $this->set('status_code', $this->getParam('status_code')); endif; // get error msg from error code passed on the query string from a redirect. - if (!empty($this->params['error_code'])): - $this->data['error_msg'] = $this->getMsg($this->params['error_code']); + if (array_key_exists('error_code', $this->params)): + $this->set('error_code', $this->getParam('error_code')); endif; - - */ // check to see if the controller has created a validator if (!empty($this->v)): // if so do the validations required $this->v->doValidations(); - //check for erros + //check for errors if ($this->v->hasErrors === true): + //print_r($this->v); // if errors, do the errorAction instead of the normal action $this->set('validation_errors', $this->getValidationErrorMsgs()); $ret = $this->errorAction(); diff --git a/owa_lib.php b/owa_lib.php index 819bfd572..87b1328f1 100644 --- a/owa_lib.php +++ b/owa_lib.php @@ -555,8 +555,21 @@ function makeLinkQueryString($query_params) { function getRequestParams() { + $params = array(); + + if (!empty($_POST)) { + $params = $_POST; + } else { + $params = $_GET; + } + + if (!empty($_COOKIE)) { + + $params = array_merge($params, $_COOKIE); + } + // Clean Input arrays - $params = owa_lib::inputFilter($_REQUEST); + $params = owa_lib::inputFilter($params); return owa_lib::stripParams($params); } diff --git a/owa_view.php b/owa_view.php index a43ba331d..4e243e2ad 100644 --- a/owa_view.php +++ b/owa_view.php @@ -694,7 +694,11 @@ function setMailSubject($sbj) { return; } - function addMailToAddress($email, $name) { + function addMailToAddress($email, $name = '') { + + if (empty($name)) { + $name = $email; + } $this->po->mailer->AddAddress($email, $name); return; diff --git a/plugins/validations/entityDoesNotExist.php b/plugins/validations/entityDoesNotExist.php new file mode 100644 index 000000000..b798db87a --- /dev/null +++ b/plugins/validations/entityDoesNotExist.php @@ -0,0 +1,71 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ + + class owa_entityDoesNotExistValidation extends owa_validation { + + + function owa_entityDoesNotExistValidation() { + + return owa_EntityDoesNotExistValidation::__construct(); + } + + function __construct() { + + return parent::__construct(); + } + + + function validate() { + + $entity = owa_coreAPI::entityFactory($this->getConfig('entity')); + $entity->getByColumn($this->getConfig('column'), $this->getValues()); + + $error = $this->getErrorMsg(); + + if (empty($error)) { + $this->setErrorMessage('An entity with that value does not exist.'); + } + + $id = $entity->get('id'); + + // validation logic + if (empty($id)) { + $this->hasError(); + } + + return; + + } + + } + + +?> + \ No newline at end of file diff --git a/plugins/validations/entityExists.php b/plugins/validations/entityExists.php new file mode 100644 index 000000000..4335b0887 --- /dev/null +++ b/plugins/validations/entityExists.php @@ -0,0 +1,71 @@ + + * @copyright Copyright © 2006 Peter Adams + * @license http://www.gnu.org/copyleft/gpl.html GPL v2.0 + * @category owa + * @package owa + * @version $Revision$ + * @since owa 1.0.0 + */ + + class owa_entityExistsValidation extends owa_validation { + + + function owa_entityExistsValidation() { + + return owa_EntityExistsValidation::__construct(); + } + + function __construct() { + + return parent::__construct(); + } + + + function validate() { + + $entity = owa_coreAPI::entityFactory($this->getConfig('entity')); + $entity->getByColumn($this->getConfig('column'), $this->getValues()); + + $error = $this->getErrorMsg(); + + if (empty($error)) { + $this->setErrorMessage('An entity with that value already exists.'); + } + + $id = $entity->get('id'); + + // validation logic + if (!empty($id)) { + $this->hasError(); + } + + return; + + } + + } + + +?> + \ No newline at end of file