2012-08-28 06:27:22 +00:00
|
|
|
<?php
|
|
|
|
// MyDMS. Document Management System
|
|
|
|
// Copyright (C) 2002-2005 Markus Westphal
|
|
|
|
// Copyright (C) 2006-2008 Malcolm Cowe
|
|
|
|
// Copyright (C) 2010 Matteo Lucarelli
|
2016-08-09 05:34:30 +00:00
|
|
|
// Copyright (C) 2010-2016 Uwe Steinmann
|
2012-08-28 06:27:22 +00:00
|
|
|
//
|
|
|
|
// This program is free software; you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU General Public License as published by
|
|
|
|
// the Free Software Foundation; either version 2 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
|
|
// along with this program; if not, write to the Free Software
|
|
|
|
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
|
|
|
|
include("../inc/inc.Settings.php");
|
2011-05-16 15:44:59 +00:00
|
|
|
include("../inc/inc.LogInit.php");
|
2012-08-28 06:27:22 +00:00
|
|
|
include("../inc/inc.Utils.php");
|
|
|
|
include("../inc/inc.Language.php");
|
2014-12-08 13:47:32 +00:00
|
|
|
include("../inc/inc.Init.php");
|
|
|
|
include("../inc/inc.Extension.php");
|
|
|
|
include("../inc/inc.DBInit.php");
|
2021-06-23 06:58:55 +00:00
|
|
|
include("../inc/inc.ClassAccessOperation.php");
|
2012-08-28 06:27:22 +00:00
|
|
|
include("../inc/inc.ClassUI.php");
|
|
|
|
include("../inc/inc.Authentication.php");
|
|
|
|
include("../inc/inc.ClassPasswordStrength.php");
|
2010-10-29 13:19:51 +00:00
|
|
|
|
2012-08-28 06:27:22 +00:00
|
|
|
if (!$user->isAdmin()) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
2010-10-29 13:19:51 +00:00
|
|
|
}
|
|
|
|
|
2021-06-23 06:58:55 +00:00
|
|
|
$accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings);
|
|
|
|
if (!$accessop->check_controller_access('UsrMgr', $_POST)) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
|
|
|
}
|
|
|
|
|
2010-10-29 13:19:51 +00:00
|
|
|
if (isset($_POST["action"])) $action=$_POST["action"];
|
2012-08-28 06:27:22 +00:00
|
|
|
else $action=NULL;
|
|
|
|
|
2012-12-14 15:29:25 +00:00
|
|
|
// add new user ---------------------------------------------------------
|
2012-08-28 06:27:22 +00:00
|
|
|
if ($action == "adduser") {
|
|
|
|
|
2016-10-05 14:23:22 +00:00
|
|
|
/* Check if the form data comes from a trusted request */
|
2012-08-29 20:37:22 +00:00
|
|
|
if(!checkFormKey('adduser')) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
|
|
|
}
|
|
|
|
|
2012-08-28 06:27:22 +00:00
|
|
|
$login = $_POST["login"];
|
|
|
|
$pwd = $_POST["pwd"];
|
2012-09-11 13:16:47 +00:00
|
|
|
if(!isset($_POST["pwdexpiration"]))
|
|
|
|
$pwdexpiration = '';
|
|
|
|
else
|
|
|
|
$pwdexpiration = $_POST["pwdexpiration"];
|
2012-08-28 06:27:22 +00:00
|
|
|
$name = $_POST["name"];
|
2021-05-27 19:52:01 +00:00
|
|
|
if(!$name) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("user_name_missing"));
|
|
|
|
}
|
2012-08-28 06:27:22 +00:00
|
|
|
$email = $_POST["email"];
|
2021-05-27 19:52:01 +00:00
|
|
|
if(!$email) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("user_email_missing"));
|
|
|
|
}
|
2012-08-28 06:27:22 +00:00
|
|
|
$comment = $_POST["comment"];
|
2021-05-27 19:52:01 +00:00
|
|
|
if ($settings->_strictFormCheck && !$comment) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("user_comment_missing"));
|
|
|
|
}
|
2012-08-28 06:27:22 +00:00
|
|
|
$role = preg_replace('/[^0-2]+/', '', $_POST["role"]);
|
|
|
|
$isHidden = (isset($_POST["ishidden"]) && $_POST["ishidden"]==1 ? 1 : 0);
|
|
|
|
$isDisabled = (isset($_POST["isdisabled"]) && $_POST["isdisabled"]==1 ? 1 : 0);
|
2014-03-26 16:31:37 +00:00
|
|
|
$homefolder = (isset($_POST["homefolder"]) ? $_POST["homefolder"] : 0);
|
|
|
|
$quota = (isset($_POST["quota"]) ? (int) $_POST["quota"] : 0);
|
2012-08-28 06:27:22 +00:00
|
|
|
|
2010-11-15 12:01:21 +00:00
|
|
|
if (is_object($dms->getUserByLogin($login))) {
|
2012-08-28 06:27:22 +00:00
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("user_exists"));
|
|
|
|
}
|
|
|
|
|
2020-07-30 08:57:29 +00:00
|
|
|
$newUser = $dms->addUser($login, seed_pass_hash($pwd), $name, $email, $settings->_language, $settings->_theme, $comment, $role, $isHidden, $isDisabled, $pwdexpiration, $quota, $homefolder);
|
2012-08-28 06:27:22 +00:00
|
|
|
if ($newUser) {
|
|
|
|
|
2013-04-17 10:02:22 +00:00
|
|
|
/* Set user image if uploaded */
|
2012-08-28 06:27:22 +00:00
|
|
|
if (isset($_FILES["userfile"]) && is_uploaded_file($_FILES["userfile"]["tmp_name"]) && $_FILES["userfile"]["size"] > 0 && $_FILES['userfile']['error']==0)
|
|
|
|
{
|
|
|
|
$userfiletype = $_FILES["userfile"]["type"];
|
|
|
|
$userfilename = $_FILES["userfile"]["name"];
|
2014-06-13 15:29:40 +00:00
|
|
|
$fileType = ".".pathinfo($userfilename, PATHINFO_EXTENSION);
|
2013-04-17 10:02:22 +00:00
|
|
|
if ($fileType != ".jpg" && $filetype != ".jpeg") {
|
2012-08-28 06:27:22 +00:00
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("only_jpg_user_images"));
|
2013-04-17 10:02:22 +00:00
|
|
|
} else {
|
2012-08-28 06:27:22 +00:00
|
|
|
resizeImage($_FILES["userfile"]["tmp_name"]);
|
|
|
|
$newUser->setImage($_FILES["userfile"]["tmp_name"], $userfiletype);
|
|
|
|
}
|
|
|
|
}
|
2013-04-17 10:02:22 +00:00
|
|
|
|
|
|
|
/* Set groups if set */
|
|
|
|
if(isset($_POST["groups"]) && $_POST["groups"]) {
|
|
|
|
foreach($_POST["groups"] as $groupid) {
|
|
|
|
$group = $dms->getGroup($groupid);
|
|
|
|
$group->addUser($newUser);
|
|
|
|
}
|
|
|
|
}
|
2012-08-28 06:27:22 +00:00
|
|
|
}
|
2010-10-29 13:19:51 +00:00
|
|
|
else UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
|
|
|
|
2016-01-27 15:20:12 +00:00
|
|
|
if(isset($_POST["workflows"]) && $_POST["workflows"]) {
|
|
|
|
$workflows = array();
|
|
|
|
foreach($_POST["workflows"] as $workflowid)
|
|
|
|
if($tmp = $dms->getWorkflow($workflowid))
|
|
|
|
$workflows[] = $tmp;
|
|
|
|
if($workflows)
|
|
|
|
$newUser->setMandatoryWorkflows($workflows);
|
2013-01-24 10:15:09 +00:00
|
|
|
}
|
|
|
|
|
2010-10-29 13:19:51 +00:00
|
|
|
if (isset($_POST["usrReviewers"])){
|
|
|
|
foreach ($_POST["usrReviewers"] as $revID)
|
|
|
|
$newUser->setMandatoryReviewer($revID,false);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isset($_POST["grpReviewers"])){
|
|
|
|
foreach ($_POST["grpReviewers"] as $revID)
|
|
|
|
$newUser->setMandatoryReviewer($revID,true);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isset($_POST["usrApprovers"])){
|
|
|
|
foreach ($_POST["usrApprovers"] as $appID)
|
|
|
|
$newUser->setMandatoryApprover($appID,false);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isset($_POST["grpApprovers"])){
|
|
|
|
foreach ($_POST["grpApprovers"] as $appID)
|
|
|
|
$newUser->setMandatoryApprover($appID,true);
|
|
|
|
}
|
|
|
|
|
|
|
|
$userid=$newUser->getID();
|
|
|
|
|
2013-06-14 08:27:17 +00:00
|
|
|
$session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_add_user')));
|
|
|
|
|
2012-08-28 06:27:22 +00:00
|
|
|
add_log_line(".php&action=adduser&login=".$login);
|
|
|
|
}
|
|
|
|
|
2012-12-14 15:29:25 +00:00
|
|
|
// delete user ------------------------------------------------------------
|
2012-08-28 06:27:22 +00:00
|
|
|
else if ($action == "removeuser") {
|
|
|
|
|
2016-10-05 14:23:22 +00:00
|
|
|
/* Check if the form data comes from a trusted request */
|
2012-08-29 20:37:22 +00:00
|
|
|
if(!checkFormKey('removeuser')) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
|
|
|
}
|
|
|
|
|
2012-08-28 06:27:22 +00:00
|
|
|
if (isset($_POST["userid"])) {
|
|
|
|
$userid = $_POST["userid"];
|
|
|
|
}
|
2010-12-10 13:38:03 +00:00
|
|
|
|
2010-10-29 13:19:51 +00:00
|
|
|
if (!isset($userid) || !is_numeric($userid) || intval($userid)<1) {
|
2012-08-28 06:27:22 +00:00
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
2010-12-10 13:38:03 +00:00
|
|
|
}
|
|
|
|
|
2013-05-31 09:59:12 +00:00
|
|
|
if(in_array($userid, explode(',', $settings->_undelUserIds))) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("cannot_delete_user"));
|
|
|
|
}
|
|
|
|
|
2010-12-10 13:38:03 +00:00
|
|
|
/* This used to be a check if an admin is deleted. Now it checks if one
|
|
|
|
* wants to delete herself.
|
|
|
|
*/
|
|
|
|
if ($userid==$user->getID()) {
|
2012-08-28 06:27:22 +00:00
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("cannot_delete_yourself"));
|
|
|
|
}
|
2010-12-10 13:38:03 +00:00
|
|
|
|
2012-08-28 06:27:22 +00:00
|
|
|
$userToRemove = $dms->getUser($userid);
|
2010-12-10 13:38:03 +00:00
|
|
|
if (!is_object($userToRemove)) {
|
2012-08-28 06:27:22 +00:00
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
|
|
|
}
|
|
|
|
|
|
|
|
$userToAssign = $dms->getUser($_POST["assignTo"]);
|
|
|
|
if (!$userToRemove->remove($user, $userToAssign)) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
2010-10-29 13:19:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
add_log_line(".php&action=removeuser&userid=".$userid);
|
2012-08-28 06:27:22 +00:00
|
|
|
|
2013-06-14 08:27:17 +00:00
|
|
|
$session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_rm_user')));
|
2010-10-29 13:19:51 +00:00
|
|
|
$userid=-1;
|
2012-08-28 06:27:22 +00:00
|
|
|
}
|
|
|
|
|
2017-07-28 10:34:37 +00:00
|
|
|
// remove user from all processes (approval, review)
|
|
|
|
else if ($action == "removefromprocesses") {
|
|
|
|
|
|
|
|
/* Check if the form data comes from a trusted request */
|
|
|
|
if(!checkFormKey('removefromprocesses')) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isset($_POST["userid"])) {
|
|
|
|
$userid = $_POST["userid"];
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!isset($userid) || !is_numeric($userid) || intval($userid)<1) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
|
|
|
}
|
|
|
|
|
|
|
|
/* This used to be a check if an admin is deleted. Now it checks if one
|
|
|
|
* wants to delete herself.
|
|
|
|
*/
|
|
|
|
if ($userid==$user->getID()) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("cannot_delete_yourself"));
|
|
|
|
}
|
|
|
|
|
|
|
|
$userToRemove = $dms->getUser($userid);
|
|
|
|
if (!is_object($userToRemove)) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
|
|
|
}
|
|
|
|
|
2017-07-28 12:57:17 +00:00
|
|
|
if(isset($_POST["status"]) && is_array($_POST["status"]) && $_POST["status"]) {
|
2017-07-31 12:16:45 +00:00
|
|
|
if(!isset($_POST["status"]["review"]))
|
|
|
|
$_POST["status"]["review"] = array();
|
|
|
|
if(!isset($_POST["status"]["approval"]))
|
|
|
|
$_POST["status"]["approval"] = array();
|
2017-07-28 12:57:17 +00:00
|
|
|
if (!$userToRemove->removeFromProcesses($user, $_POST['status'])) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
|
|
|
}
|
|
|
|
|
|
|
|
add_log_line(".php&action=removefromprocesses&userid=".$userid);
|
2017-07-28 10:34:37 +00:00
|
|
|
|
2017-07-28 12:57:17 +00:00
|
|
|
$session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_rm_user_processes')));
|
|
|
|
}
|
2017-07-28 10:34:37 +00:00
|
|
|
}
|
|
|
|
|
2017-07-31 09:28:39 +00:00
|
|
|
// transfer all objects from one user to another one
|
|
|
|
else if ($action == "transferobjects") {
|
|
|
|
|
|
|
|
/* Check if the form data comes from a trusted request */
|
|
|
|
if(!checkFormKey('transferobjects')) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isset($_POST["userid"])) {
|
|
|
|
$userid = $_POST["userid"];
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!isset($userid) || !is_numeric($userid) || intval($userid)<1) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Check if one wants to transfer his/her own objects.
|
|
|
|
*/
|
|
|
|
if ($userid==$user->getID()) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("cannot_transfer_your_objects"));
|
|
|
|
}
|
|
|
|
|
|
|
|
$userToRemove = $dms->getUser($userid);
|
|
|
|
if (!is_object($userToRemove)) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
|
|
|
}
|
|
|
|
|
|
|
|
$userToAssign = $dms->getUser($_POST["assignTo"]);
|
|
|
|
|
|
|
|
// if(isset($_POST["status"]) && is_array($_POST["status"]) && $_POST["status"]) {
|
|
|
|
if (!$userToRemove->transferDocumentsFolders($userToAssign)) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!$userToRemove->transferEvents($userToAssign)) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("error_occured"));
|
|
|
|
}
|
|
|
|
|
|
|
|
add_log_line(".php&action=transferobjects&userid=".$userid);
|
|
|
|
|
|
|
|
$session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_transfer_objects')));
|
|
|
|
// }
|
|
|
|
}
|
|
|
|
|
2017-08-24 06:15:12 +00:00
|
|
|
// send login data to user
|
2017-08-24 06:39:58 +00:00
|
|
|
else if ($action == "sendlogindata" && $settings->_enableEmail) {
|
2017-08-24 06:15:12 +00:00
|
|
|
/* Check if the form data comes from a trusted request */
|
|
|
|
if(!checkFormKey('sendlogindata')) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isset($_POST["userid"])) {
|
|
|
|
$userid = $_POST["userid"];
|
|
|
|
}
|
|
|
|
|
2017-08-29 10:33:11 +00:00
|
|
|
$comment = '';
|
|
|
|
if (isset($_POST["comment"])) {
|
|
|
|
$comment = $_POST["comment"];
|
|
|
|
}
|
|
|
|
|
2017-08-24 06:15:12 +00:00
|
|
|
if (!isset($userid) || !is_numeric($userid) || intval($userid)<1) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
|
|
|
}
|
|
|
|
|
|
|
|
$newuser = $dms->getUser($userid);
|
|
|
|
if (!is_object($newuser)) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
|
|
|
}
|
|
|
|
|
|
|
|
if($notifier) {
|
|
|
|
$subject = "send_login_data_subject";
|
|
|
|
$message = "send_login_data_body";
|
|
|
|
$params = array();
|
|
|
|
$params['username'] = $newuser->getFullName();
|
|
|
|
$params['login'] = $newuser->getLogin();
|
|
|
|
$params['comment'] = $comment;
|
2019-11-28 09:01:59 +00:00
|
|
|
$params['url'] = getBaseUrl().$settings->_httpRoot."out/out.ViewFolder.php";
|
2017-08-24 06:15:12 +00:00
|
|
|
$params['sitename'] = $settings->_siteName;
|
|
|
|
$params['http_root'] = $settings->_httpRoot;
|
2021-01-29 07:58:21 +00:00
|
|
|
$notifier->toIndividual($user, $newuser, $subject, $message, $params, SeedDMS_NotificationService::RECV_OWNER);
|
2017-08-24 06:15:12 +00:00
|
|
|
}
|
|
|
|
add_log_line(".php&action=sendlogindata&userid=".$userid);
|
|
|
|
|
|
|
|
$session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_send_login_data')));
|
|
|
|
}
|
|
|
|
|
2012-12-14 15:29:25 +00:00
|
|
|
// modify user ------------------------------------------------------------
|
2012-08-28 06:27:22 +00:00
|
|
|
else if ($action == "edituser") {
|
2010-10-29 13:19:51 +00:00
|
|
|
|
2016-10-05 14:23:22 +00:00
|
|
|
/* Check if the form data comes from a trusted request */
|
2012-08-29 20:37:22 +00:00
|
|
|
if(!checkFormKey('edituser')) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_request_token"));
|
|
|
|
}
|
|
|
|
|
2012-08-28 06:27:22 +00:00
|
|
|
if (!isset($_POST["userid"]) || !is_numeric($_POST["userid"]) || intval($_POST["userid"])<1) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
2010-10-29 13:19:51 +00:00
|
|
|
}
|
|
|
|
|
2012-08-28 06:27:22 +00:00
|
|
|
$userid=$_POST["userid"];
|
2010-11-15 12:01:21 +00:00
|
|
|
$editedUser = $dms->getUser($userid);
|
2012-08-28 06:27:22 +00:00
|
|
|
|
|
|
|
if (!is_object($editedUser)) {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("invalid_user_id"));
|
|
|
|
}
|
2014-05-22 04:43:18 +00:00
|
|
|
|
2012-08-28 06:27:22 +00:00
|
|
|
$login = $_POST["login"];
|
|
|
|
$pwd = $_POST["pwd"];
|
2016-03-23 11:32:03 +00:00
|
|
|
if(isset($_POST['clearpwd']) && $_POST['clearpwd'])
|
|
|
|
$clearpwd = 1;
|
|
|
|
else
|
|
|
|
$clearpwd = 0;
|
2013-01-24 10:15:09 +00:00
|
|
|
if(isset($_POST["pwdexpiration"]))
|
|
|
|
$pwdexpiration = $_POST["pwdexpiration"];
|
|
|
|
else
|
|
|
|
$pwdexpiration = '';
|
2014-05-20 04:23:32 +00:00
|
|
|
if(!isset($_POST["quota"]))
|
|
|
|
$quota = 0;
|
|
|
|
else
|
|
|
|
$quota = (int) $_POST["quota"];
|
2012-08-28 06:27:22 +00:00
|
|
|
$name = $_POST["name"];
|
|
|
|
$email = $_POST["email"];
|
|
|
|
$comment = $_POST["comment"];
|
|
|
|
$role = preg_replace('/[^0-2]+/', '', $_POST["role"]);
|
|
|
|
$isHidden = (isset($_POST["ishidden"]) && $_POST["ishidden"]==1 ? 1 : 0);
|
|
|
|
$isDisabled = (isset($_POST["isdisabled"]) && $_POST["isdisabled"]==1 ? 1 : 0);
|
2014-03-26 16:31:37 +00:00
|
|
|
$homefolder = (isset($_POST["homefolder"]) ? $_POST["homefolder"] : 0);
|
|
|
|
$quota = (isset($_POST["quota"]) ? (int) $_POST["quota"] : 0);
|
2012-08-28 06:27:22 +00:00
|
|
|
|
|
|
|
if (isset($pwd) && ($pwd != "")) {
|
|
|
|
if($settings->_passwordStrength) {
|
|
|
|
$ps = new Password_Strength();
|
2016-03-23 11:32:03 +00:00
|
|
|
$ps->set_password($pwd);
|
2013-08-07 06:55:36 +00:00
|
|
|
if($settings->_passwordStrengthAlgorithm == 'simple')
|
|
|
|
$ps->simple_calculate();
|
|
|
|
else
|
|
|
|
$ps->calculate();
|
2012-08-28 06:27:22 +00:00
|
|
|
$score = $ps->get_score();
|
2016-03-23 11:32:03 +00:00
|
|
|
if($score < $settings->_passwordStrength) {
|
2012-08-28 06:27:22 +00:00
|
|
|
UI::exitError(getMLText("set_password"),getMLText("password_strength_insuffient"));
|
|
|
|
}
|
2016-03-23 11:32:03 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if ($editedUser->getLogin() != $login)
|
|
|
|
$editedUser->setLogin($login);
|
|
|
|
if($pwdexpiration)
|
|
|
|
$editedUser->setPwdExpiration($pwdexpiration);
|
|
|
|
if(($role == SeedDMS_Core_User::role_guest) && $clearpwd) {
|
|
|
|
$editedUser->setPwd('');
|
|
|
|
} else {
|
|
|
|
if (isset($pwd) && ($pwd != "")) {
|
2020-07-30 08:57:29 +00:00
|
|
|
$editedUser->setPwd(seed_pass_hash($pwd));
|
2012-08-28 06:27:22 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
if ($editedUser->getFullName() != $name)
|
|
|
|
$editedUser->setFullName($name);
|
|
|
|
if ($editedUser->getEmail() != $email)
|
|
|
|
$editedUser->setEmail($email);
|
|
|
|
if ($editedUser->getComment() != $comment)
|
|
|
|
$editedUser->setComment($comment);
|
|
|
|
if ($editedUser->getRole() != $role)
|
|
|
|
$editedUser->setRole($role);
|
2014-05-20 04:23:32 +00:00
|
|
|
if ($editedUser->getQuota() != $quota)
|
|
|
|
$editedUser->setQuota($quota);
|
2012-08-28 06:27:22 +00:00
|
|
|
if ($editedUser->isHidden() != $isHidden)
|
|
|
|
$editedUser->setHidden($isHidden);
|
|
|
|
if ($editedUser->isDisabled() != $isDisabled) {
|
|
|
|
$editedUser->setDisabled($isDisabled);
|
|
|
|
if(!$isDisabled)
|
|
|
|
$editedUser->clearLoginFailures();
|
|
|
|
}
|
2014-03-26 16:31:37 +00:00
|
|
|
if ($editedUser->getHomeFolder() != $homefolder)
|
|
|
|
$editedUser->setHomeFolder($homefolder);
|
|
|
|
if ($editedUser->getQuota() != $quota)
|
|
|
|
$editedUser->setQuota($quota);
|
2016-01-27 15:20:12 +00:00
|
|
|
if(isset($_POST["workflows"]) && $_POST["workflows"]) {
|
|
|
|
$workflows = array();
|
|
|
|
foreach($_POST["workflows"] as $workflowid) {
|
|
|
|
if($tmp = $dms->getWorkflow($workflowid))
|
|
|
|
$workflows[] = $tmp;
|
2013-01-24 10:15:09 +00:00
|
|
|
}
|
2016-01-27 15:20:12 +00:00
|
|
|
if($workflows)
|
|
|
|
$editedUser->setMandatoryWorkflows($workflows);
|
2013-01-24 10:15:09 +00:00
|
|
|
} else {
|
|
|
|
$editedUser->delMandatoryWorkflow();
|
|
|
|
}
|
2012-08-28 06:27:22 +00:00
|
|
|
|
|
|
|
if (isset($_FILES['userfile']) && is_uploaded_file($_FILES["userfile"]["tmp_name"]) && $_FILES["userfile"]["size"] > 0 && $_FILES['userfile']['error']==0)
|
|
|
|
{
|
|
|
|
$userfiletype = $_FILES["userfile"]["type"];
|
|
|
|
$userfilename = $_FILES["userfile"]["name"];
|
2014-06-13 15:29:40 +00:00
|
|
|
$fileType = ".".pathinfo($userfilename, PATHINFO_EXTENSION);
|
2012-08-28 06:27:22 +00:00
|
|
|
if ($fileType != ".jpg" && $filetype != ".jpeg") {
|
|
|
|
UI::exitError(getMLText("admin_tools"),getMLText("only_jpg_user_images"));
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
resizeImage($_FILES["userfile"]["tmp_name"]);
|
|
|
|
$editedUser->setImage($_FILES["userfile"]["tmp_name"], $userfiletype);
|
|
|
|
}
|
2010-10-29 13:19:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
$editedUser->delMandatoryReviewers();
|
|
|
|
|
|
|
|
if (isset($_POST["usrReviewers"])) foreach ($_POST["usrReviewers"] as $revID)
|
|
|
|
$editedUser->setMandatoryReviewer($revID,false);
|
|
|
|
|
|
|
|
if (isset($_POST["grpReviewers"])) foreach ($_POST["grpReviewers"] as $revID)
|
|
|
|
$editedUser->setMandatoryReviewer($revID,true);
|
|
|
|
|
|
|
|
$editedUser->delMandatoryApprovers();
|
|
|
|
|
|
|
|
if (isset($_POST["usrApprovers"])) foreach ($_POST["usrApprovers"] as $appID)
|
|
|
|
$editedUser->setMandatoryApprover($appID,false);
|
|
|
|
|
|
|
|
if (isset($_POST["grpApprovers"])) foreach ($_POST["grpApprovers"] as $appID)
|
|
|
|
$editedUser->setMandatoryApprover($appID,true);
|
|
|
|
|
2013-04-17 10:02:22 +00:00
|
|
|
/* Updates groups */
|
|
|
|
if(isset($_POST["groups"]))
|
|
|
|
$newgroups = $_POST["groups"];
|
|
|
|
else
|
|
|
|
$newgroups = array();
|
|
|
|
$oldgroups = array();
|
|
|
|
foreach($editedUser->getGroups() as $k)
|
|
|
|
$oldgroups[] = $k->getID();
|
|
|
|
|
|
|
|
$addgroups = array_diff($newgroups, $oldgroups);
|
|
|
|
foreach($addgroups as $groupid) {
|
|
|
|
$group = $dms->getGroup($groupid);
|
|
|
|
$group->addUser($editedUser);
|
|
|
|
}
|
|
|
|
$delgroups = array_diff($oldgroups, $newgroups);
|
|
|
|
foreach($delgroups as $groupid) {
|
|
|
|
$group = $dms->getGroup($groupid);
|
|
|
|
$group->removeUser($editedUser);
|
|
|
|
}
|
|
|
|
|
2013-06-14 08:27:17 +00:00
|
|
|
$session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_edit_user')));
|
2010-10-29 13:19:51 +00:00
|
|
|
add_log_line(".php&action=edituser&userid=".$userid);
|
2012-08-28 06:27:22 +00:00
|
|
|
}
|
|
|
|
else UI::exitError(getMLText("admin_tools"),getMLText("unknown_command"));
|
|
|
|
|
|
|
|
|
2010-10-29 13:19:51 +00:00
|
|
|
function resizeImage($imageFile) {
|
2012-08-28 06:27:22 +00:00
|
|
|
|
|
|
|
// Not perfect. Creates a new image even if the old one is acceptable,
|
|
|
|
// and the output quality is low. Now uses the function imagecreatetruecolor(),
|
|
|
|
// though, so at least the pictures are in colour.
|
|
|
|
|
2013-04-17 10:02:22 +00:00
|
|
|
// read original image
|
2012-08-28 06:27:22 +00:00
|
|
|
$origImg = imagecreatefromjpeg($imageFile);
|
|
|
|
$width = imagesx($origImg);
|
|
|
|
$height = imagesy($origImg);
|
2013-04-17 10:02:22 +00:00
|
|
|
// Create thumbnail in memory
|
2012-08-28 06:27:22 +00:00
|
|
|
$newHeight = 150;
|
|
|
|
$newWidth = ($width/$height) * $newHeight;
|
|
|
|
$newImg = imagecreatetruecolor($newWidth, $newHeight);
|
2013-04-17 10:02:22 +00:00
|
|
|
// resize
|
2012-08-28 06:27:22 +00:00
|
|
|
imagecopyresized($newImg, $origImg, 0, 0, 0, 0, $newWidth, $newHeight, $width, $height);
|
2013-04-17 10:02:22 +00:00
|
|
|
// save to file
|
2012-08-28 06:27:22 +00:00
|
|
|
imagejpeg($newImg, $imageFile);
|
2013-04-17 10:02:22 +00:00
|
|
|
// Clean up
|
2012-08-28 06:27:22 +00:00
|
|
|
imagedestroy($origImg);
|
|
|
|
imagedestroy($newImg);
|
|
|
|
|
|
|
|
return true;
|
2010-10-29 13:19:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
header("Location:../out/out.UsrMgr.php?userid=".$userid);
|
2012-08-28 06:27:22 +00:00
|
|
|
|
|
|
|
?>
|