prepare ("SELECT _active FROM _user WHERE _id = ". $id); $sth->execute (); $obj = $sth->fetch (PDO::FETCH_OBJ); if ((int) $obj->_active) return TRUE; return FALSE; } catch (PDOException $e) { $message->addWarning ($e->getMessage ()); } catch (Exception $e) { $message->addWarning ($e->getMessage ()); } $message->save (); $this->showMessages (); return FALSE; } public function activate ($id, $value) { $message = Message::singleton (); $return = TRUE; try { $db = Database::singleton (); $sth = $db->prepare ("UPDATE _user SET _active = '". $value ."' WHERE _id = ". $id); $sth->execute (); $message->addMessage ('Usuário '. ($value ? 'ATIVADO' : 'DESATIVADO') .' com sucesso!'); if ($value) { $sth = $db->prepare ("SELECT _name, _login, _email, _type, _password FROM _user WHERE _id = ". $id); $sth->execute (); $obj = $sth->fetch (PDO::FETCH_OBJ); $toName = $obj->_name; $toLogin = $obj->_login; $toEmail = $obj->_email; if (Security::singleton ()->getUserType ($obj->_type)->useLdap ()) { $ldap = Security::singleton ()->getUserType ($obj->_type)->getLdap (); $ldap->connect (FALSE, FALSE, TRUE); $result = $ldap->load ($toLogin, array ('userPassword')); $passwd = $result ['userpassword']; $ldap->close (); } else $passwd = $obj->_password; $instance = Instance::singleton (); $headers = "From: ". $instance->getName () ." <". $instance->getEmail () .">\r\n"; $headers .= "Reply-To: ". $instance->getEmail () ."\r\n"; $headers .= "Content-Type: text/plain; charset=utf-8"; $mail = Mail::singleton (); $subject = $mail->getRegister ('subject'); $msg = $mail->getRegister ('text'); $hash = Security::singleton ()->getHash (); if ($instance->getFriendlyUrl ('change-password') == '') $link = $instance->getUrl () ."titan.php?target=remakePasswd&login=". urlencode ($toLogin) ."&hash=". shortlyHash (sha1 ($hash . $toName . $hash . $passwd . $hash . $toEmail . $hash)); else $link = $instance->getUrl () . $instance->getFriendlyUrl ('change-password') ."/". urlencode ($toLogin) ."/". shortlyHash (sha1 ($hash . $toName . $hash . $passwd . $hash . $toEmail . $hash)); $search = array ('[USER]', '[NAME]', '[LINK]', '[LOGIN]'); $replace = array ($toName, html_entity_decode ($instance->getName (), ENT_QUOTES, 'UTF-8'), $link, $toLogin); $subject = str_replace ($search, $replace, $subject); $msg = str_replace ($search, $replace, $msg); if (@mail ($toEmail, '=?utf-8?B?'. base64_encode ($subject) .'?=', $msg, $headers)) $message->addMessage ('Um link para cadastro de senha foi enviado para o e-mail do usuário.'); else $message->addWarning ('Não foi possível enviar o e-mail com o link para cadastro de senha. Este link poderá ser obtido através da opção "Esqueci minha senha", na página de logon.'); Log::singleton ()->add ('O usuário '. $toName .' ('. $toLogin .') foi '. ($value ? 'ATIVADO' : 'DESATIVADO') .'.'); } } catch (PDOException $e) { $message->addWarning ($e->getMessage ()); $return = FALSE; } catch (Exception $e) { $message->addWarning ($e->getMessage ()); $return = FALSE; } $message->save (); $this->showMessages (); return $return; } public function changePasswd ($userId, $password) { $message = Message::singleton (); $return = TRUE; try { if (!User::singleton ()->hasPermission ('_CHANGE_PASSWORD_')) throw new Exception ('You do not have permission to change passwords!'); if (!is_integer ($userId) || !$userId) throw new Exception ('Invalid parameters!'); $validate = array ("'", '"', '\\', '--', '/*', '*/'); if ($password !== str_replace ($validate, '', $password)) throw new Exception (__ ('Sequences of characters [[1]] may not be used in the password!', htmlspecialchars (implode (', ', $validate)))); $db = Database::singleton (); $sth = $db->prepare ("SELECT _login, _type, _email FROM _user WHERE _id = :id"); $sth->bindParam (':id', $userId, PDO::PARAM_INT); $sth->execute (); $user = $sth->fetch (PDO::FETCH_OBJ); if (!$user) throw new Exception ('Invalid user!'); if (Security::singleton ()->getUserType ($user->_type)->useLdap ()) { $ldap = Security::singleton ()->getUserType ($user->_type)->getLdap (); $ldap->connect (FALSE, FALSE, TRUE); $info = $ldap->getEssentialPassword ($user->_login, $password); $ldap->update ($info, $user->_login); $ldap->close (); } else { if (!Security::singleton ()->encryptOnClient ()) $encrypted = sha1 ($password); else $encrypted = $password; $sth = $db->prepare ("UPDATE _user SET _password = :passwd WHERE _id = :id"); $sth->bindValue (':passwd', $encrypted, PDO::PARAM_STR); $sth->bindValue (':id', $userId, PDO::PARAM_INT); if (!$sth->execute ()) throw new Exception (__ ('It was not possible to change the password.')); } $message->addMessage (__ ('Password successfully changed.')); Log::singleton ()->add ('PASSWORD'); if (!Security::singleton ()->encryptOnClient ()) Alert::add ('_PASSWORD_CHANGED_', $userId, array ($userId), array ('[LOGIN]' => $user->_login, '[PASSWD]' => $password)); else Alert::add ('_PASSWORD_CHANGED_', $userId, array ($userId), array ('[LOGIN]' => $user->_login, '[PASSWD]' => 'The new password can not be displayed! Contact your system administrator for more information.')); } catch (Exception $e) { $message->addWarning ($e->getMessage ()); $return = FALSE; } catch (PDOException $e) { $message->addWarning ($e->getMessage ()); $return = FALSE; } $message->save (); return $return; } public function showMessages () { $message = Message::singleton (); if (!is_object ($message) || !$message->has ()) return FALSE; $str = ''; while ($msg = $message->get ()) $str .= $msg; $msgs = &XOAD_HTML::getElementById ('labelMessage'); $msgs->innerHTML = '