fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in bugfix/PMC-359 (pull request #6854)

Browse Source 
PMC-359

Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com>
This commit is contained in:
Roly
2019-04-18 19:52:51 +00:00
committed by Julio Cesar Laura Avendaño
parent c32a949545 3a137027ee
commit 34723302ca
5 changed files with 149 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
workflow/engine/methods/login/authentication.php
View File

@@ -1,5 +1,7 @@
<?php
use Illuminate\Support\Facades\Cache;
use ProcessMaker\BusinessModel\User;
use ProcessMaker\Core\System;
use ProcessMaker\Plugins\PluginRegistry;
@@ -23,6 +25,18 @@ try {
$frm = $_POST['form'];
$changePassword = false;
if (isset($_POST['form']['__USR_PASSWORD_CHANGE__'])) {
$value = Cache::pull($_POST['form']['__USR_PASSWORD_CHANGE__']);
$changePassword = !empty($value);
if ($changePassword === true) {
$_POST['form']['USER_ENV'] = $value['userEnvironment'];
$_POST['form']['BROWSER_TIME_ZONE_OFFSET'] = $value['browserTimeZoneOffset'];
$frm['USR_USERNAME'] = $value['usrUsername'];
$frm['USR_PASSWORD'] = $value['usrPassword'];
}
}
if (isset($frm['USR_USERNAME'])) {
$usr = mb_strtolower(trim($frm['USR_USERNAME']), 'UTF-8');
$pwd = trim($frm['USR_PASSWORD']);
@@ -317,6 +331,15 @@ try {
}
$userPropertyInfo = $userProperty->loadOrCreateIfNotExists($_SESSION['USER_LOGGED'], array('USR_PASSWORD_HISTORY' => serialize(array(G::encryptOld($pwd)))));
//change password
if ($changePassword === true) {
$user = new User();
$currentUser = $user->changePassword($_SESSION['USER_LOGGED'], $_POST['form']['USR_PASSWORD']);
G::header('Location: ' . $currentUser["__REDIRECT_PATH__"]);
return;
}
//Get the errors in the password
$errorInPassword = $userProperty->validatePassword(
$_POST['form']['USR_PASSWORD'],
@@ -345,13 +368,23 @@ try {
$G_PUBLISH = new Publisher;
$version = explode('.', trim(file_get_contents(PATH_GULLIVER . 'VERSION')));
$version = isset($version[0]) ? intval($version[0]) : 0;
if ($version >= 3) {
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePasswordpm3', '', $messPassword,
'changePassword');
$values = [
"usrUsername" => $usr,
"usrPassword" => $pwd,
"userEnvironment" => config("system.workspace"),
"browserTimeZoneOffset" => $_POST['form']['BROWSER_TIME_ZONE_OFFSET']
];
$messPassword['__USR_PASSWORD_CHANGE__'] = G::generateUniqueID();
Cache::put($messPassword['__USR_PASSWORD_CHANGE__'], $values, 2);
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePasswordpm3', '', $messPassword, 'sysLoginVerify');
G::RenderPage('publish');
session_destroy();
} else {
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePassword', '', $messPassword, 'changePassword');
G::RenderPage('publish');
}
G::RenderPage('publish');
die;
}

93
workflow/engine/methods/login/changePassword.php
View File

@@ -1,92 +1,7 @@
<?php
use ProcessMaker\Plugins\PluginRegistry;
require_once 'classes/model/Users.php';
$oUser = new Users();
$aUser = $oUser->load($_SESSION['USER_LOGGED']);
global $RBAC;
$aData['USR_UID'] = $aUser['USR_UID'];
$aData['USR_USERNAME'] = $aUser['USR_USERNAME'];
$aData['USR_PASSWORD'] = Bootstrap::hashPassword($_POST['form']['USR_PASSWORD']);
$aData['USR_FIRSTNAME'] = $aUser['USR_FIRSTNAME'];
$aData['USR_LASTNAME'] = $aUser['USR_LASTNAME'];
$aData['USR_EMAIL'] = $aUser['USR_EMAIL'];
$aData['USR_DUE_DATE'] = $aUser['USR_DUE_DATE'];
$aData['USR_UPDATE_DATE'] = date('Y-m-d H:i:s');
$RBAC->updateUser($aData, $aUser['USR_ROLE']);
$aData['USR_COUNTRY'] = $aUser['USR_COUNTRY'];
$aData['USR_CITY'] = $aUser['USR_CITY'];
$aData['USR_LOCATION'] = $aUser['USR_LOCATION'];
$aData['USR_ADDRESS'] = $aUser['USR_ADDRESS'];
$aData['USR_PHONE'] = $aUser['USR_PHONE'];
$aData['USR_ZIP_CODE'] = $aUser['USR_ZIP_CODE'];
$aData['USR_POSITION'] = $aUser['USR_POSITION'];
$oUser->update($aData);
require_once 'classes/model/UsersProperties.php';
$oUserProperty = new UsersProperties();
$aUserProperty = $oUserProperty->load($_SESSION['USER_LOGGED']);
$aHistory = unserialize($aUserProperty['USR_PASSWORD_HISTORY']);
if (!is_array($aHistory)) {
$aHistory = array();
}
if (!defined('PPP_PASSWORD_HISTORY')) {
define('PPP_PASSWORD_HISTORY', 0);
}
if (PPP_PASSWORD_HISTORY > 0) {
if (count($aHistory) >= PPP_PASSWORD_HISTORY) {
array_shift($aHistory);
}
$aHistory[] = $_POST['form']['USR_PASSWORD'];
}
$aUserProperty['USR_LAST_UPDATE_DATE'] = date('Y-m-d H:i:s');
$aUserProperty['USR_LOGGED_NEXT_TIME'] = 0;
$aUserProperty['USR_PASSWORD_HISTORY'] = serialize($aHistory);
$oUserProperty->update($aUserProperty);
if (class_exists('redirectDetail')) {
//falta validar...
if (isset($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_CODE'])) {
$userRole = $RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_CODE'];
}
$oPluginRegistry = PluginRegistry::loadSingleton();
//$oPluginRegistry->showArrays();
$aRedirectLogin = $oPluginRegistry->getRedirectLogins();
if (isset($aRedirectLogin)) {
if (is_array($aRedirectLogin)) {
/** @var \ProcessMaker\Plugins\Interfaces\RedirectDetail $detail */
foreach ($aRedirectLogin as $detail) {
if (isset($detail->sPathMethod)) {
if ($detail->equalRoleCodeTo($userRole)) {
G::header(
'location: /sys' . SYS_TEMP . '/' . SYS_LANG .
'/' . SYS_SKIN . '/' . $detail->getPathMethod()
);
die;
}
}
}
}
}
}
//end plugin
if (isset($frm['USER_LANG'])) {
if ($frm['USER_LANG'] != '') {
$lang = $frm['USER_LANG'];
}
} else {
if (defined('SYS_LANG')) {
$lang = SYS_LANG;
} else {
$lang = 'en';
}
}
$sLocation = $oUserProperty->redirectTo($_SESSION['USER_LOGGED'], $lang);
G::header('Location: ' . $sLocation);
die;
use ProcessMaker\BusinessModel\User;
$user = new User();
$currentUser = $user->changePassword($_SESSION['USER_LOGGED'], $_POST['form']['USR_PASSWORD'], isset($_POST['form']['USER_LANG']) ? $_POST['form']['USER_LANG'] : "");
G::header('Location: ' . $currentUser["__REDIRECT_PATH__"]);