|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/* ********************************************************************************* |
|
4
|
|
|
* (c) 2011-15 GÉANT on behalf of the GN3, GN3plus and GN4 consortia |
|
5
|
|
|
* License: see the LICENSE file in the root directory |
|
6
|
|
|
* ********************************************************************************* */ |
|
7
|
|
|
?> |
|
8
|
|
|
<?php |
|
9
|
|
|
|
|
10
|
|
|
/** |
|
11
|
|
|
* This class manages user privileges and bindings to institutions |
|
12
|
|
|
* |
|
13
|
|
|
* @author Stefan Winter <[email protected]> |
|
14
|
|
|
* @author Tomasz Wolniewicz <[email protected]> |
|
15
|
|
|
* |
|
16
|
|
|
* @package Developer |
|
17
|
|
|
*/ |
|
18
|
|
|
|
|
19
|
|
|
/** |
|
20
|
|
|
* necessary includes |
|
21
|
|
|
*/ |
|
22
|
|
|
require_once('DBConnection.php'); |
|
23
|
|
|
require_once("Federation.php"); |
|
24
|
|
|
require_once("IdP.php"); |
|
25
|
|
|
require_once('EntityWithDBProperties.php'); |
|
26
|
|
|
require_once("core/PHPMailer/src/PHPMailer.php"); |
|
27
|
|
|
require_once("core/PHPMailer/src/SMTP.php"); |
|
28
|
|
|
|
|
29
|
|
|
/** |
|
30
|
|
|
* This class represents a known CAT User (i.e. an institution and/or federation adiministrator). |
|
31
|
|
|
* @author Stefan Winter <[email protected]> |
|
32
|
|
|
* |
|
33
|
|
|
* @package Developer |
|
34
|
|
|
*/ |
|
35
|
|
|
class User extends EntityWithDBProperties { |
|
36
|
|
|
|
|
37
|
|
|
/** |
|
38
|
|
|
* Class constructor. The required argument is a user's persistent identifier as was returned by the authentication source. |
|
39
|
|
|
* |
|
40
|
|
|
* @param string $user_id User Identifier as per authentication source |
|
41
|
|
|
*/ |
|
42
|
|
|
public function __construct($user_id) { |
|
43
|
|
|
$this->databaseType = "USER"; |
|
44
|
|
|
$this->attributes = []; |
|
45
|
|
|
$this->entityOptionTable = "user_options"; |
|
46
|
|
|
$this->entityIdColumn = "user_id"; |
|
47
|
|
|
$this->identifier = DBConnection::escape_value($this->databaseType, $user_id); |
|
48
|
|
|
|
|
49
|
|
|
$optioninstance = Options::instance(); |
|
50
|
|
|
|
|
51
|
|
|
if (Config::$CONSORTIUM['name'] == "eduroam" && isset(Config::$CONSORTIUM['deployment-voodoo']) && Config::$CONSORTIUM['deployment-voodoo'] == "Operations Team") { // SW: APPROVED |
|
52
|
|
|
// e d u r o a m DB doesn't follow the usual approach |
|
53
|
|
|
// we could get multiple rows below (if administering multiple |
|
54
|
|
|
// federations), so consolidate all into the usual options |
|
55
|
|
|
$info = DBConnection::exec($this->databaseType, "SELECT email, common_name, role, realm FROM view_admin WHERE eptid = '$user_id'"); |
|
56
|
|
|
$visited = FALSE; |
|
57
|
|
|
while ($a = mysqli_fetch_object($info)) { |
|
58
|
|
|
if (!$visited) { |
|
59
|
|
|
$optinfo = $optioninstance->optionType("user:email"); |
|
60
|
|
|
$flag = $optinfo['flag']; |
|
61
|
|
|
$this->attributes[] = ["name" => "user:email", "value" => $a->email, "level" => "User", "row" => 0, "flag" => $flag]; |
|
62
|
|
|
$optinfo = $optioninstance->optionType("user:realname"); |
|
63
|
|
|
$flag = $optinfo['flag']; |
|
64
|
|
|
$this->attributes[] = ["name" => "user:realname", "value" => $a->common_name, "level" => "User", "row" => 0, "flag" => $flag]; |
|
65
|
|
|
$visited = TRUE; |
|
66
|
|
|
} |
|
67
|
|
|
if ($a->role == "fedadmin") { |
|
68
|
|
|
$optinfo = $optioninstance->optionType("user:fedadmin"); |
|
69
|
|
|
$flag = $optinfo['flag']; |
|
70
|
|
|
$this->attributes[] = ["name" => "user:fedadmin", "value" => strtoupper($a->realm), "level" => "User", "row" => 0, "flag" => $flag]; |
|
71
|
|
|
} |
|
72
|
|
|
} |
|
73
|
|
|
|
|
74
|
|
|
} else { |
|
75
|
|
|
$user_options = DBConnection::exec($this->databaseType, "SELECT option_name, option_value, id AS row FROM user_options WHERE user_id = '$user_id'"); |
|
76
|
|
View Code Duplication |
while ($a = mysqli_fetch_object($user_options)) { |
|
|
|
|
|
|
77
|
|
|
$lang = ""; |
|
78
|
|
|
// decode base64 for files (respecting multi-lang) |
|
79
|
|
|
$optinfo = $optioninstance->optionType($a->option_name); |
|
80
|
|
|
$flag = $optinfo['flag']; |
|
81
|
|
|
|
|
82
|
|
|
if ($optinfo['type'] != "file") { |
|
83
|
|
|
$this->attributes[] = ["name" => $a->option_name, "value" => $a->option_value, "level" => "User", "row" => $a->row, "flag" => $flag]; |
|
84
|
|
|
} else { |
|
85
|
|
|
if (unserialize($a->option_value) != FALSE) { // multi-lang |
|
86
|
|
|
$content = unserialize($a->option_value); |
|
87
|
|
|
$lang = $content['lang']; |
|
88
|
|
|
$content = $content['content']; |
|
89
|
|
|
} else { // single lang, direct content |
|
90
|
|
|
$content = $a->option_value; |
|
91
|
|
|
} |
|
92
|
|
|
|
|
93
|
|
|
$content = base64_decode($content); |
|
94
|
|
|
|
|
95
|
|
|
$this->attributes[] = ["name" => $a->option_name, "value" => ($lang == "" ? $content : serialize(['lang' => $lang, 'content' => $content])), "level" => "User", "row" => $a->row, "flag" => $flag]; |
|
96
|
|
|
} |
|
97
|
|
|
} |
|
98
|
|
|
} |
|
99
|
|
|
} |
|
100
|
|
|
|
|
101
|
|
|
/** |
|
102
|
|
|
* This function checks whether a user is a federation administrator. When called without argument, it only checks if the |
|
103
|
|
|
* user is a federation administrator of *any* federation. When given a parameter (ISO shortname of federation), it checks |
|
104
|
|
|
* if the user administers this particular federation. |
|
105
|
|
|
* |
|
106
|
|
|
* @param string $federation optional: federation to be checked |
|
107
|
|
|
* @return boolean TRUE if the user is federation admin, FALSE if not |
|
108
|
|
|
*/ |
|
109
|
|
|
public function isFederationAdmin($federation = 0) { |
|
110
|
|
|
$feds = $this->getAttributes("user:fedadmin"); |
|
111
|
|
|
if ($federation === 0) { |
|
112
|
|
|
if (count($feds) == 0) |
|
113
|
|
|
return FALSE; |
|
114
|
|
|
else |
|
115
|
|
|
return TRUE; |
|
116
|
|
|
} else { |
|
117
|
|
|
foreach ($feds as $fed) { |
|
118
|
|
|
if (strtoupper($fed['value']) == strtoupper($federation)) |
|
119
|
|
|
return TRUE; |
|
120
|
|
|
} |
|
121
|
|
|
return FALSE; |
|
122
|
|
|
} |
|
123
|
|
|
} |
|
124
|
|
|
|
|
125
|
|
|
/** |
|
126
|
|
|
* This function tests if the current user has been configured as the system superadmin, i.e. if the user is allowed |
|
127
|
|
|
* to execute the 112365365321.php script |
|
128
|
|
|
* |
|
129
|
|
|
* @return boolean TRUE if the user is a superadmin, FALSE if not |
|
130
|
|
|
*/ |
|
131
|
|
|
public function isSuperadmin() { |
|
132
|
|
|
return in_array($this->identifier, Config::$SUPERADMINS); |
|
133
|
|
|
} |
|
134
|
|
|
|
|
135
|
|
|
/** |
|
136
|
|
|
* This function tests if the current user is an ovner of a given IdP |
|
137
|
|
|
* |
|
138
|
|
|
* @return boolean TRUE if the user is an owner, FALSE if not |
|
139
|
|
|
*/ |
|
140
|
|
|
public function isIdPOwner($idp) { |
|
141
|
|
|
$temp = new IdP($idp); |
|
142
|
|
|
foreach ($temp->owner() as $oneowner) |
|
143
|
|
|
if ($oneowner['ID'] == $this->identifier) |
|
144
|
|
|
return TRUE; |
|
145
|
|
|
return FALSE; |
|
146
|
|
|
} |
|
147
|
|
|
|
|
148
|
|
|
public function sendMailToUser($subject, $content) { |
|
149
|
|
|
// use PHPMailer to send the mail |
|
150
|
|
|
$mail = new PHPMailer(); |
|
151
|
|
|
$mail->isSMTP(); |
|
152
|
|
|
$mail->SMTPAuth = true; |
|
153
|
|
|
$mail->Port = 587; |
|
154
|
|
|
$mail->SMTPSecure = 'tls'; |
|
155
|
|
|
$mail->Host = Config::$MAILSETTINGS['host']; |
|
156
|
|
|
$mail->Username = Config::$MAILSETTINGS['user']; |
|
157
|
|
|
$mail->Password = Config::$MAILSETTINGS['pass']; |
|
158
|
|
|
// formatting nitty-gritty |
|
159
|
|
|
$mail->WordWrap = 72; |
|
160
|
|
|
$mail->isHTML(FALSE); |
|
161
|
|
|
$mail->CharSet = 'UTF-8'; |
|
162
|
|
|
// who to whom? |
|
163
|
|
|
$mail->From = Config::$APPEARANCE['from-mail']; |
|
164
|
|
|
$mail->FromName = Config::$APPEARANCE['productname'] . " Notification System"; |
|
165
|
|
|
$mail->addReplyTo(Config::$APPEARANCE['support-contact']['mail'], Config::$APPEARANCE['productname'] . " " ._("Feedback")); |
|
166
|
|
|
|
|
167
|
|
|
$mailaddr = $this->getAttributes("user:email"); |
|
168
|
|
|
if (count($mailaddr) == 0) // we don't know his mail address |
|
169
|
|
|
return FALSE; |
|
170
|
|
|
|
|
171
|
|
|
$mail->addAddress($mailaddr[0]["value"]); |
|
172
|
|
|
|
|
173
|
|
|
// what do we want to say? |
|
174
|
|
|
$mail->Subject = $subject; |
|
175
|
|
|
$mail->Body = $content; |
|
176
|
|
View Code Duplication |
if (isset(Config::$CONSORTIUM['certfilename'], Config::$CONSORTIUM['keyfilename'], Config::$CONSORTIUM['keypass'])) |
|
|
|
|
|
|
177
|
|
|
$mail->sign(Config::$CONSORTIUM['certfilename'], Config::$CONSORTIUM['keyfilename'], Config::$CONSORTIUM['keypass']); |
|
178
|
|
|
|
|
179
|
|
|
|
|
180
|
|
|
$sent = $mail->send(); |
|
181
|
|
|
|
|
182
|
|
|
return $sent; |
|
183
|
|
|
} |
|
184
|
|
|
} |
GEANT /
CAT
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.