|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* * ******************************************************************************** |
|
4
|
|
|
* (c) 2011-15 GÉANT on behalf of the GN3, GN3plus and GN4 consortia |
|
5
|
|
|
* License: see the LICENSE file in the root directory |
|
6
|
|
|
* ********************************************************************************* */ |
|
7
|
|
|
?> |
|
8
|
|
|
<?php |
|
9
|
|
|
|
|
10
|
|
|
/** |
|
11
|
|
|
* This class manages user privileges and bindings to institutions |
|
12
|
|
|
* |
|
13
|
|
|
* @author Stefan Winter <[email protected]> |
|
14
|
|
|
* @author Tomasz Wolniewicz <[email protected]> |
|
15
|
|
|
* |
|
16
|
|
|
* @package Developer |
|
17
|
|
|
*/ |
|
18
|
|
|
/** |
|
19
|
|
|
* necessary includes |
|
20
|
|
|
*/ |
|
21
|
|
|
require_once('DBConnection.php'); |
|
22
|
|
|
require_once("Federation.php"); |
|
23
|
|
|
require_once("IdP.php"); |
|
24
|
|
|
require_once('EntityWithDBProperties.php'); |
|
25
|
|
|
require_once("core/PHPMailer/src/PHPMailer.php"); |
|
26
|
|
|
require_once("core/PHPMailer/src/SMTP.php"); |
|
27
|
|
|
|
|
28
|
|
|
/** |
|
29
|
|
|
* This class represents a known CAT User (i.e. an institution and/or federation adiministrator). |
|
30
|
|
|
* @author Stefan Winter <[email protected]> |
|
31
|
|
|
* |
|
32
|
|
|
* @package Developer |
|
33
|
|
|
*/ |
|
34
|
|
|
class User extends EntityWithDBProperties { |
|
35
|
|
|
|
|
36
|
|
|
/** |
|
37
|
|
|
* Class constructor. The required argument is a user's persistent identifier as was returned by the authentication source. |
|
38
|
|
|
* |
|
39
|
|
|
* @param string $userId User Identifier as per authentication source |
|
40
|
|
|
*/ |
|
41
|
|
|
public function __construct($userId) { |
|
42
|
|
|
$this->databaseType = "USER"; |
|
43
|
|
|
$this->attributes = []; |
|
44
|
|
|
$this->entityOptionTable = "user_options"; |
|
45
|
|
|
$this->entityIdColumn = "user_id"; |
|
46
|
|
|
$this->identifier = DBConnection::escape_value($this->databaseType, $userId); |
|
47
|
|
|
|
|
48
|
|
|
$optioninstance = Options::instance(); |
|
49
|
|
|
|
|
50
|
|
|
if (Config::$CONSORTIUM['name'] == "eduroam" && isset(Config::$CONSORTIUM['deployment-voodoo']) && Config::$CONSORTIUM['deployment-voodoo'] == "Operations Team") { // SW: APPROVED |
|
51
|
|
|
// e d u r o a m DB doesn't follow the usual approach |
|
52
|
|
|
// we could get multiple rows below (if administering multiple |
|
53
|
|
|
// federations), so consolidate all into the usual options |
|
54
|
|
|
$info = DBConnection::exec($this->databaseType, "SELECT email, common_name, role, realm FROM view_admin WHERE eptid = '$userId'"); |
|
55
|
|
|
$visited = FALSE; |
|
56
|
|
|
while ($userDetailQuery = mysqli_fetch_object($info)) { |
|
57
|
|
|
if (!$visited) { |
|
58
|
|
|
$mailOptinfo = $optioninstance->optionType("user:email"); |
|
59
|
|
|
$this->attributes[] = ["name" => "user:email", "value" => $userDetailQuery->email, "level" => "User", "row" => 0, "flag" => $mailOptinfo['flag']]; |
|
60
|
|
|
$realnameOptinfo = $optioninstance->optionType("user:realname"); |
|
61
|
|
|
$this->attributes[] = ["name" => "user:realname", "value" => $userDetailQuery->common_name, "level" => "User", "row" => 0, "flag" => $realnameOptinfo['flag']]; |
|
62
|
|
|
$visited = TRUE; |
|
63
|
|
|
} |
|
64
|
|
|
if ($userDetailQuery->role == "fedadmin") { |
|
65
|
|
|
$optinfo = $optioninstance->optionType("user:fedadmin"); |
|
66
|
|
|
$this->attributes[] = ["name" => "user:fedadmin", "value" => strtoupper($userDetailQuery->realm), "level" => "User", "row" => 0, "flag" => $optinfo['flag']]; |
|
67
|
|
|
} |
|
68
|
|
|
} |
|
69
|
|
|
} else { |
|
70
|
|
|
$this->retrieveOptionsFromDatabase("SELECT option_name, option_value, id AS row |
|
71
|
|
|
FROM $this->entityOptionTable |
|
72
|
|
|
WHERE $this->entityIdColumn = '$userId'", "User"); |
|
73
|
|
|
} |
|
74
|
|
|
} |
|
75
|
|
|
|
|
76
|
|
|
/** |
|
77
|
|
|
* This function checks whether a user is a federation administrator. When called without argument, it only checks if the |
|
78
|
|
|
* user is a federation administrator of *any* federation. When given a parameter (ISO shortname of federation), it checks |
|
79
|
|
|
* if the user administers this particular federation. |
|
80
|
|
|
* |
|
81
|
|
|
* @param string $federation optional: federation to be checked |
|
82
|
|
|
* @return boolean TRUE if the user is federation admin, FALSE if not |
|
83
|
|
|
*/ |
|
84
|
|
|
public function isFederationAdmin($federation = 0) { |
|
85
|
|
|
$feds = $this->getAttributes("user:fedadmin"); |
|
86
|
|
|
if (count($feds) == 0) { // not a fedadmin at all |
|
87
|
|
|
return FALSE; |
|
88
|
|
|
} |
|
89
|
|
|
if ($federation === 0) { // fedadmin for one; that's all we want to know |
|
90
|
|
|
return TRUE; |
|
91
|
|
|
} |
|
92
|
|
|
foreach ($feds as $fed) { // check if authz is for requested federation |
|
93
|
|
|
if (strtoupper($fed['value']) == strtoupper($federation)) { |
|
94
|
|
|
return TRUE; |
|
95
|
|
|
} |
|
96
|
|
|
} |
|
97
|
|
|
return FALSE; // no luck so far? Not the admin we are looking for. |
|
98
|
|
|
} |
|
99
|
|
|
|
|
100
|
|
|
/** |
|
101
|
|
|
* This function tests if the current user has been configured as the system superadmin, i.e. if the user is allowed |
|
102
|
|
|
* to execute the 112365365321.php script |
|
103
|
|
|
* |
|
104
|
|
|
* @return boolean TRUE if the user is a superadmin, FALSE if not |
|
105
|
|
|
*/ |
|
106
|
|
|
public function isSuperadmin() { |
|
107
|
|
|
return in_array($this->identifier, Config::$SUPERADMINS); |
|
108
|
|
|
} |
|
109
|
|
|
|
|
110
|
|
|
/** |
|
111
|
|
|
* This function tests if the current user is an ovner of a given IdP |
|
112
|
|
|
* |
|
113
|
|
|
* @return boolean TRUE if the user is an owner, FALSE if not |
|
114
|
|
|
*/ |
|
115
|
|
|
public function isIdPOwner($idp) { |
|
116
|
|
|
$temp = new IdP($idp); |
|
117
|
|
|
foreach ($temp->owner() as $oneowner) { |
|
118
|
|
|
if ($oneowner['ID'] == $this->identifier) { |
|
119
|
|
|
return TRUE; |
|
120
|
|
|
} |
|
121
|
|
|
} |
|
122
|
|
|
return FALSE; |
|
123
|
|
|
} |
|
124
|
|
|
|
|
125
|
|
|
public function sendMailToUser($subject, $content) { |
|
126
|
|
|
$mailaddr = $this->getAttributes("user:email"); |
|
127
|
|
|
if (count($mailaddr) == 0) { // we don't know user's mail address |
|
128
|
|
|
return FALSE; |
|
129
|
|
|
} |
|
130
|
|
|
// use PHPMailer to send the mail |
|
131
|
|
|
$mail = new PHPMailer\PHPMailer\PHPMailer(); |
|
132
|
|
|
$mail->isSMTP(); |
|
133
|
|
|
$mail->SMTPAuth = true; |
|
134
|
|
|
$mail->Port = 587; |
|
135
|
|
|
$mail->SMTPSecure = 'tls'; |
|
136
|
|
|
$mail->Host = Config::$MAILSETTINGS['host']; |
|
137
|
|
|
$mail->Username = Config::$MAILSETTINGS['user']; |
|
138
|
|
|
$mail->Password = Config::$MAILSETTINGS['pass']; |
|
139
|
|
|
// formatting nitty-gritty |
|
140
|
|
|
$mail->WordWrap = 72; |
|
141
|
|
|
$mail->isHTML(FALSE); |
|
142
|
|
|
$mail->CharSet = 'UTF-8'; |
|
143
|
|
|
// who to whom? |
|
144
|
|
|
$mail->From = Config::$APPEARANCE['from-mail']; |
|
145
|
|
|
$mail->FromName = Config::$APPEARANCE['productname'] . " Notification System"; |
|
146
|
|
|
$mail->addReplyTo(Config::$APPEARANCE['support-contact']['mail'], Config::$APPEARANCE['productname'] . " " . _("Feedback")); |
|
147
|
|
|
$mail->addAddress($mailaddr[0]["value"]); |
|
148
|
|
|
// what do we want to say? |
|
149
|
|
|
$mail->Subject = $subject; |
|
150
|
|
|
$mail->Body = $content; |
|
151
|
|
View Code Duplication |
if (isset(Config::$CONSORTIUM['certfilename'], Config::$CONSORTIUM['keyfilename'], Config::$CONSORTIUM['keypass'])) { |
|
|
|
|
|
|
152
|
|
|
$mail->sign(Config::$CONSORTIUM['certfilename'], Config::$CONSORTIUM['keyfilename'], Config::$CONSORTIUM['keypass']); |
|
153
|
|
|
} |
|
154
|
|
|
|
|
155
|
|
|
$sent = $mail->send(); |
|
156
|
|
|
|
|
157
|
|
|
return $sent; |
|
158
|
|
|
} |
|
159
|
|
|
|
|
160
|
|
|
} |
|
161
|
|
|
|
GEANT /
CAT
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.