summaryrefslogtreecommitdiff
path: root/includes/authentication.php
blob: e5b8057d3378b896030ab5895bf4b6dd52035507 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
<?php
// User and Authentication functions
//
// This file contains functions for working with users and authenticating them.
// It also handles the internal mail messages, news/journal, and storage of My Page
// customizations.  Assumes that a database connection has already been established.
//
// You can extend webtrees to work with other systems by implementing the functions in this file.
// Other possible options are to use LDAP for authentication.
//
// webtrees: Web based Family History software
// Copyright (C) 2014 webtrees development team.
//
// Derived from PhpGedView
// Copyright (C) 2002 to 2010 PGV Development Team.  All rights reserved.
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

use WT\Auth;
use WT\User;

/**
 * Used in custom theme headers...
 *
 * @deprecated
 */
function getUserFullName($user_id) {
	return User::find($user_id)->getRealName();
}

//-- requires a string to add into the searchlog-file
function AddToSearchLog($log_message, $geds) {
	global $WT_REQUEST;
	foreach (WT_Tree::getAll() as $tree) {
		WT_DB::prepare(
			"INSERT INTO `##log` (log_type, log_message, ip_address, user_id, gedcom_id) VALUES ('search', ?, ?, ?, ?)"
		)->execute(array(
			(count(WT_Tree::getAll())==count($geds) ? 'Global search: ' : 'Gedcom search: ').$log_message,
			$WT_REQUEST->getClientIp(),
			WT_USER_ID ? WT_USER_ID : null,
			$tree->tree_id
		));
	}
}

// Store a new message in the database
function addMessage($message) {
	global $WT_TREE, $WT_REQUEST;

	$success = true;

	$sender    = User::findByIdentifier($message['from']);
	$recipient = User::findByIdentifier($message['to']);

	// Sender may not be a webtrees user
	if ($sender) {
		$sender_email = $sender->getEmail();
		$sender_real_name = $sender->getRealName();
	} else {
		$sender_email = $message['from'];
		$sender_real_name = $message['from_name'];
	}

	// Send a copy of the copy message back to the sender.
	if ($message['method']!='messaging') {
		// Switch to the sender’s language.
		if ($sender) {
			WT_I18N::init($sender->getPreference('language'));
		}

		$copy_email = $message['body'];
		if (!empty($message['url'])) {
			$copy_email .=
				WT_Mail::EOL . WT_Mail::EOL . '--------------------------------------' . WT_Mail::EOL .
				WT_I18N::translate('This message was sent while viewing the following URL: ') . $message['url'] . WT_Mail::EOL;
		}
		$copy_email .= WT_Mail::auditFooter();

		if ($sender) {
			// Message from a logged-in user
			$copy_email = WT_I18N::translate('You sent the following message to a webtrees user:') . ' ' . $recipient->getRealName() . WT_Mail::EOL . WT_Mail::EOL . $copy_email;
		} else {
			// Message from a visitor
			$copy_email = WT_I18N::translate('You sent the following message to a webtrees administrator:') . WT_Mail::EOL . WT_Mail::EOL . WT_Mail::EOL . $copy_email;
		}

		$success = $success && WT_Mail::send(
			// From:
			$WT_TREE,
			// To:
			$sender_email,
			$sender_real_name,
			// Reply-To:
			WT_Site::getPreference('SMTP_FROM_NAME'),
			$WT_TREE->getPreference('title'),
			// Message
			WT_I18N::translate('webtrees message') . ' - ' . $message['subject'],
			$copy_email
		);
	}

	// Switch to the recipient’s language.
	WT_I18N::init($recipient->getPreference('language'));
	if (isset($message['from_name'])) {
		$message['body'] =
			WT_I18N::translate('Your name:') . ' ' . $message['from_name'] . WT_Mail::EOL .
			WT_I18N::translate('Email address:') . ' ' . $message['from_email'] . WT_Mail::EOL . WT_Mail::EOL .
			$message['body'];
	}

	// Add another footer - unless we are an admin
	if (!Auth::isAdmin()) {
		if (!empty($message['url'])) {
			$message['body'] .=
				WT_Mail::EOL . WT_Mail::EOL .
				'--------------------------------------' . WT_Mail::EOL .
				WT_I18N::translate('This message was sent while viewing the following URL: ') . $message['url'] . WT_Mail::EOL;
		}
		$message['body'] .= WT_Mail::auditFooter();
	}

	if (empty($message['created'])) {
		$message['created'] = gmdate ("D, d M Y H:i:s T");
	}

	if ($message['method']!='messaging3' && $message['method']!='mailto' && $message['method']!='none') {
		WT_DB::prepare("INSERT INTO `##message` (sender, ip_address, user_id, subject, body) VALUES (? ,? ,? ,? ,?)")
			->execute(array(
				$message['from'],
				$WT_REQUEST->getClientIp(),
				$recipient->getUserId(),
				$message['subject'],
				str_replace('<br>', '', $message['body']) // Remove the <br> that we added for the external email.  TODO: create different messages
			));
	}
	if ($message['method']!='messaging') {
		if ($sender) {
			$original_email = WT_I18N::translate('The following message has been sent to your webtrees user account from ');
			$original_email .= $sender->getRealName();
		} else {
			$original_email = WT_I18N::translate('The following message has been sent to your webtrees user account from ');
			if (!empty($message['from_name'])) {
				$original_email .= $message['from_name'];
			} else {
				$original_email .= $message['from'];
			}
		}
		$original_email .= WT_Mail::EOL . WT_Mail::EOL . $message['body'];

		$success = $success && WT_Mail::send(
			// From:
			$WT_TREE,
			// To:
			$recipient->getEmail(),
			$recipient->getRealName(),
			// Reply-To:
			$sender_email,
			$sender_real_name,
			// Message
			WT_I18N::translate('webtrees message') . ' - ' . $message['subject'],
			$original_email
		);
	}

	WT_I18N::init(WT_LOCALE); // restore language settings if needed

	return $success;
}

//-- deletes a message in the database
function deleteMessage($message_id) {
	WT_DB::prepare("DELETE FROM `##message` WHERE message_id=?")->execute(array($message_id));
}

//-- Return an array of a users messages
function getUserMessages($user_id) {
	return
		WT_DB::prepare("SELECT message_id, sender, subject, body, UNIX_TIMESTAMP(created) AS created FROM `##message` WHERE user_id=? ORDER BY message_id DESC")
		->execute(array($user_id))
		->fetchAll();
}

/**
 * Adds a news item to the database
 *
 * This function adds a news item represented by the $news array to the database.
 * If the $news array has an ['id'] field then the function assumes that it is
 * as update of an older news item.
 *
 * @param array $news a news item array
 */
function addNews($news) {
	if (array_key_exists('id', $news)) {
		WT_DB::prepare("UPDATE `##news` SET subject=?, body=?, updated=FROM_UNIXTIME(?) WHERE news_id=?")
		->execute(array($news['title'], $news['text'], $news['date'], $news['id']));
	} else {
		WT_DB::prepare("INSERT INTO `##news` (user_id, gedcom_id, subject, body) VALUES (NULLIF(?, ''), NULLIF(?, '') ,? ,?)")
		->execute(array($news['user_id'], $news['gedcom_id'],  $news['title'], $news['text']));
	}
}

/**
 * Deletes a news item from the database
 *
 * @param int $news_id the id number of the news item to delete
 *
 * @return bool
 */
function deleteNews($news_id) {
	return (bool)WT_DB::prepare("DELETE FROM `##news` WHERE news_id=?")->execute(array($news_id));
}

// Gets the news items for the given user or gedcom
function getUserNews($user_id) {
	$rows=
		WT_DB::prepare("SELECT SQL_CACHE news_id, user_id, gedcom_id, UNIX_TIMESTAMP(updated) AS updated, subject, body FROM `##news` WHERE user_id=? ORDER BY updated DESC")
		->execute(array($user_id))
		->fetchAll();

	$news=array();
	foreach ($rows as $row) {
		$news[$row->news_id]=array(
			'id'=>$row->news_id,
			'user_id'=>$row->user_id,
			'gedcom_id'=>$row->gedcom_id,
			'date'=>$row->updated,
			'title'=>$row->subject,
			'text'=>$row->body,
		);
	}
	return $news;
}

function getGedcomNews($gedcom_id) {
	$rows=
		WT_DB::prepare("SELECT SQL_CACHE news_id, user_id, gedcom_id, UNIX_TIMESTAMP(updated) AS updated, subject, body FROM `##news` WHERE gedcom_id=? ORDER BY updated DESC")
		->execute(array($gedcom_id))
		->fetchAll();

	$news=array();
	foreach ($rows as $row) {
		$news[$row->news_id]=array(
			'id'=>$row->news_id,
			'user_id'=>$row->user_id,
			'gedcom_id'=>$row->gedcom_id,
			'date'=>$row->updated,
			'title'=>$row->subject,
			'text'=>$row->body,
		);
	}
	return $news;
}

/**
 * Gets the news item for the given news id
 *
 * @param int $news_id the id of the news entry to get
 *
 * @return array|null
 */
function getNewsItem($news_id) {
	$row=
		WT_DB::prepare("SELECT SQL_CACHE news_id, user_id, gedcom_id, UNIX_TIMESTAMP(updated) AS updated, subject, body FROM `##news` WHERE news_id=?")
		->execute(array($news_id))
		->fetchOneRow();

	if ($row) {
		return array(
			'id'=>$row->news_id,
			'user_id'=>$row->user_id,
			'gedcom_id'=>$row->gedcom_id,
			'date'=>$row->updated,
			'title'=>$row->subject,
			'text'=>$row->body,
		);
	} else {
		return null;
	}
}