Merge branch 'master' of git@github.com:ktgit/knowledgetree

jjordaan
2 parents 069eec81 3013fe57
Showing 5 changed files with 123 additions and 156 deletions
lib/session/Session.inc
lib/users/User.inc
plugins/ktcore/admin/documentFieldsv2.php
plugins/passwordResetPlugin/loginResetDispatcher.php
plugins/passwordResetPlugin/loginUtil.inc.php
@@ -152,7 +152,8 @@ class Session {
      */
     function removeStaleSessions($iUserId = null) {
         global $default;
-        $time = time() - $default->sessionTimeout;
+        $sessionTimeout = $default->sessionTimeout;
+        $time = time() - $sessionTimeout;
         // for web service sessions, we will expire after a month.
         $monthPeriod = 30 * 24 * 60 * 60;
@@ -172,7 +173,7 @@ class Session {
         $mintime = formatDateTime($time);
         $mintime2 = formatDateTime($wsTimeout);
         $aQuery = array(
-            sprintf("SELECT id, lastused, apptype FROM %s WHERE (user_id = $iUserId OR $iUserId = 0) AND ( (lastused <= '$mintime' and apptype = 'webapp') or (lastused <= '$mintime2' and apptype !='webapp') )", $sTable)
+            sprintf("SELECT id, user_id, lastused, apptype FROM %s WHERE (user_id = $iUserId OR $iUserId = 0) AND ( (lastused <= '$mintime' and apptype = 'webapp') or (lastused <= '$mintime2' and apptype !='webapp') )", $sTable)
         );
         $aSessions = DBUtil::getResultArray($aQuery);
@@ -182,12 +183,15 @@ class Session {
         foreach ($aSessions as $aSessionData) {
             $iId = $aSessionData['id'];
+            $user_id = $aSessionData['user_id'];
+            $app_type = $aSessionData['apptype'];
             $dLastUsed = $aSessionData['lastused'];
             $iTime = strtotime($dLastUsed);
-            $iTime = $iTime + ($aSessionData['apptype'] != 'webapp')?$monthPeriod:$default->sessionTimeout;
+            $timeoutPeriod = ($app_type != 'webapp') ? $monthPeriod : $sessionTimeout;
+            $iTime = $iTime + (int)$timeoutPeriod;
             $aParams = array(
-                'userid' => $iUserId,
+                'userid' => $user_id,
                 'datetime' => formatDateTime($iTime),
                 'actionnamespace' => 'ktcore.user_history.timeout',
                 'comments' => 'Session timed out',
@@ -447,6 +447,12 @@ class User extends KTEntity {
         ), array('multi' => true));
     }
+    function getByLastLoginNever() {
+        $aOptions['orderby'] = 'name';
+        $sWhereClause = 'last_login is null';
+        return KTEntityUtil::getList2('User', $sWhereClause, $aOptions);
+    }
+
     function getByLastLoginAfter($dDateTime) {
         return KTEntityUtil::getByDict('User', array(
             'last_login' => array('type' => 'after', 'value' => $dDateTime),
@@ -402,9 +402,12 @@ class KTDocumentFieldDispatcher extends KTAdminDispatcher {
         $data = $res['results'];
         $errors = $res['errors'];
         $extra_errors = array();
+
+        // check that the fieldset name either hasn't changed, or doesn't exist.
         if ($data['name'] != $this->oFieldset->getName()) {
             $oOldFieldset = KTFieldset::getByName($data['name']);
-            if (!PEAR::isError($oOldFieldset)) {
+            // If the fieldset exists throw an error. Mysql doesn't distinguish between Ž and e so check the names are different in php.
+            if (!PEAR::isError($oOldFieldset) && $oOldFieldset->getName() == $data['name']) {
                 $extra_errors['name'][] = _kt("A fieldset with that name already exists.");
             }
         }
@@ -49,7 +49,6 @@ require_once(KT_LIB_DIR . &#39;/help/help.inc.php&#39;);
 require_once(KT_LIB_DIR . '/help/helpreplacement.inc.php');
 require_once(KT_LIB_DIR . '/widgets/fieldWidgets.php');
-require_once('loginUtil.inc.php');
 class loginResetDispatcher extends KTDispatcher {
@@ -80,7 +79,7 @@ class loginResetDispatcher extends KTDispatcher {
             $_REQUEST['errorMessage'] = join('. <br /> ', $_REQUEST['errorMessage']);
         }
-        if(!loginUtil::check() && $_SESSION['userID'] != -2) { // bounce here, potentially.
+        if(!$this->check() && $_SESSION['userID'] != -2) { // bounce here, potentially.
             // User is already logged in - get the redirect
             $redirect = strip_tags(KTUtil::arrayGet($_REQUEST, 'redirect'));
@@ -169,7 +168,7 @@ class loginResetDispatcher extends KTDispatcher {
     function do_login() {
         $aExtra = array();
-        if(!loginUtil::check() && $_SESSION['userID'] != -2) { // bounce here, potentially.
+        if(!$this->check() && $_SESSION['userID'] != -2) { // bounce here, potentially.
             // User is already logged in - get the redirect
             $redirect = strip_tags(KTUtil::arrayGet($_REQUEST, 'redirect'));
@@ -210,7 +209,7 @@ class loginResetDispatcher extends KTDispatcher {
         $oUser =& User::getByUsername($username);
         if (PEAR::isError($oUser) || ($oUser === false)) {
             if (is_a($oUser, 'ktentitynoobjects')) {
-                loginUtil::handleUserDoesNotExist($username, $password, $aExtra);
+                $this->handleUserDoesNotExist($username, $password, $aExtra);
             }
             $this->simpleRedirectToMain(_kt('Login failed.  Please check your username and password, and try again.'), $url, $queryParams);
             exit(0);
@@ -232,7 +231,7 @@ class loginResetDispatcher extends KTDispatcher {
             exit(0);
         }
-        $res = loginUtil::performLogin($oUser);
+        $res = $this->performLogin($oUser);
         if ($res) {
             $this->simpleRedirectToMain($res->getMessage(), $url, $queryParams);
@@ -240,6 +239,107 @@ class loginResetDispatcher extends KTDispatcher {
         }
     }
+    /**
+     * Check if the user is already logged in or if anonymous login is enabled
+     *
+     * @return boolean false if the user is logged in
+     */
+    function check() {
+        $session = new Session();
+        $sessionStatus = $session->verify();
+
+        if ($sessionStatus === true) { // the session is valid
+            if ($_SESSION['userID'] == -2 && $default->allowAnonymousLogin) {
+                // Anonymous user - we want to login
+                return true;
+            } else {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    /**
+     * Verify the user session
+     *
+     */
+    function do_providerVerify() {
+        $this->session = new Session();
+        $sessionStatus = $this->session->verify();
+        if ($sessionStatus !== true) { // the session is not valid
+            $this->redirectToMain();
+        }
+        $this->oUser =& User::get($_SESSION['userID']);
+        $oProvider =& KTAuthenticationUtil::getAuthenticationProviderForUser($this->oUser);
+        $oProvider->subDispatch($this);
+        exit(0);
+    }
+
+    /**
+     * Log the user into the system
+     *
+     * @param unknown_type $oUser
+     * @return unknown
+     */
+    function performLogin(&$oUser) {
+        if (!is_a($oUser, 'User')) {
+        }
+
+        $session = new Session();
+        $sessionID = $session->create($oUser);
+        if (PEAR::isError($sessionID)) {
+            return $sessionID;
+        }
+
+		$redirect = strip_tags(KTUtil::arrayGet($_REQUEST, 'redirect'));
+
+        // DEPRECATED initialise page-level authorisation array
+        $_SESSION["pageAccess"] = NULL;
+
+        $cookietest = KTUtil::randomString();
+        setcookie("CookieTestCookie", $cookietest, 0);
+
+        $this->redirectTo('checkCookie', array(
+            'cookieVerify' => $cookietest,
+            'redirect' => $redirect,
+        ));
+        exit(0);
+    }
+
+    function handleUserDoesNotExist($username, $password, $aExtra = null) {
+        if (empty($aExtra)) {
+            $aExtra = array();
+        }
+
+        // Check if the user has been deleted before allowing auto-signup
+        $delUser = User::checkDeletedUser($username);
+
+        if($delUser){
+            return ;
+        }
+
+        $oKTConfig = KTConfig::getSingleton();
+        $allow = $oKTConfig->get('session/allowAutoSignup', true);
+
+        if($allow){
+            $res = KTAuthenticationUtil::autoSignup($username, $password, $aExtra);
+            if (empty($res)) {
+                return $res;
+            }
+            if (is_a($res, 'User')) {
+                $this->performLogin($res);
+            }
+            if (is_a($res, 'KTAuthenticationSource')) {
+                $_SESSION['autosignup'] = $aExtra;
+                $this->redirectTo('autoSignup', array(
+                    'source_id' => $res->getId(),
+                    'username' => $username,
+                ));
+                exit(0);
+            }
+        }
+    }
+
     function do_autoSignup() {
         $oSource =& $this->oValidator->validateAuthenticationSource($_REQUEST['source_id']);
         $oProvider =& KTAuthenticationUtil::getAuthenticationProviderForSource($oSource);
-<?php
-/**
- * $Id: $
- *
- * This page handles logging a user into the dms.
- * This page displays the login form, and performs the business logic login processing.
- *
- * KnowledgeTree Community Edition
- * Document Management Made Simple
- * Copyright (C) 2008, 2009 KnowledgeTree Inc.
- * Portions copyright The Jam Warehouse Software (Pty) Limited
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License version 3 as published by the
- * Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
- * You can contact KnowledgeTree Inc., PO Box 7775 #87847, San Francisco,
- * California 94120-7775, or email info@knowledgetree.com.
- *
- * The interactive user interfaces in modified source and object code versions
- * of this program must display Appropriate Legal Notices, as required under
- * Section 5 of the GNU General Public License version 3.
- *
- * In accordance with Section 7(b) of the GNU General Public License version 3,
- * these Appropriate Legal Notices must retain the display of the "Powered by
- * KnowledgeTree" logo and retain the original copyright notice. If the display of the
- * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
- * must display the words "Powered by KnowledgeTree" and retain the original
- * copyright notice.
- * Contributor( s): ______________________________________
- */
-
-require_once(KT_LIB_DIR . '/session/Session.inc');
-
-class loginUtil
-{
-    /**
-     * Check if the user is already logged in or if anonymous login is enabled
-     *
-     * @return boolean false if the user is logged in
-     */
-    function check() {
-        $session = new Session();
-        $sessionStatus = $session->verify();
-
-        if ($sessionStatus === true) { // the session is valid
-            if ($_SESSION['userID'] == -2 && $default->allowAnonymousLogin) {
-                // Anonymous user - we want to login
-                return true;
-            } else {
-                return false;
-            }
-        }
-        return true;
-    }
-
-    /**
-     * Verify the user session
-     *
-     */
-    function do_providerVerify() {
-        $this->session = new Session();
-        $sessionStatus = $this->session->verify();
-        if ($sessionStatus !== true) { // the session is not valid
-            $this->redirectToMain();
-        }
-        $this->oUser =& User::get($_SESSION['userID']);
-        $oProvider =& KTAuthenticationUtil::getAuthenticationProviderForUser($this->oUser);
-        $oProvider->subDispatch($this);
-        exit(0);
-    }
-
-    /**
-     * Log the user into the system
-     *
-     * @param unknown_type $oUser
-     * @return unknown
-     */
-    function performLogin(&$oUser) {
-        if (!is_a($oUser, 'User')) {
-        }
-
-        $session = new Session();
-        $sessionID = $session->create($oUser);
-        if (PEAR::isError($sessionID)) {
-            return $sessionID;
-        }
-
-		$redirect = strip_tags(KTUtil::arrayGet($_REQUEST, 'redirect'));
-
-        // DEPRECATED initialise page-level authorisation array
-        $_SESSION["pageAccess"] = NULL;
-
-        $cookietest = KTUtil::randomString();
-        setcookie("CookieTestCookie", $cookietest, 0);
-
-        $this->redirectTo('checkCookie', array(
-            'cookieVerify' => $cookietest,
-            'redirect' => $redirect,
-        ));
-        exit(0);
-    }
-
-    function handleUserDoesNotExist($username, $password, $aExtra = null) {
-        if (empty($aExtra)) {
-            $aExtra = array();
-        }
-
-        // Check if the user has been deleted before allowing auto-signup
-        $delUser = User::checkDeletedUser($username);
-
-        if($delUser){
-            return ;
-        }
-
-        $oKTConfig = KTConfig::getSingleton();
-        $allow = $oKTConfig->get('session/allowAutoSignup', true);
-
-        if($allow){
-            $res = KTAuthenticationUtil::autoSignup($username, $password, $aExtra);
-            if (empty($res)) {
-                return $res;
-            }
-            if (is_a($res, 'User')) {
-                $this->performLogin($res);
-            }
-            if (is_a($res, 'KTAuthenticationSource')) {
-                $_SESSION['autosignup'] = $aExtra;
-                $this->redirectTo('autoSignup', array(
-                    'source_id' => $res->getId(),
-                    'username' => $username,
-                ));
-                exit(0);
-            }
-        }
-    }
-}
-?>