include_once 'classes/DataAccess.class.php';
include_once 'classes/SecurityHandler.class.php';
include_once 'classes/GamingHandler.class.php';
include_once 'classes/PayPalMsgHandler.class.php';
include_once 'classes/DBSessionHandler.class.php';
include_once 'classes/Logger.class.php';
include_once 'classes/User.class.php';
include_once 'classes/EventSearchParameters.class.php';
include_once 'classes/UserSearchParameters.class.php';
include_once 'securimage/securimage.php';
$dataAccess = new DataAccess();
$loggerDataAccess = new DataAccess();
$securityHandler = new SecurityHandler();
$gamingHandler = new GamingHandler();
$logger = new Logger($loggerDataAccess);
$objUser = User::constructDefaultUser();
$action = isset($_GET['action']) ? filter_var($_GET['action'], FILTER_SANITIZE_STRING) : filter_var($_POST['action'], FILTER_SANITIZE_STRING);
if (isset($action)) {
// Only proceed if this page is accessed due to signup/login, or from a logged-in user
if ($action != "Login" && $action != "Signup" && $action != "PasswordRecoveryDialogLoad" && $action != "SendPasswordRecoveryEmailToUser" && $action != "ResetUserPassword") {
$sessionDataAccess = new DataAccess();
$sessionHandler = new DBSessionHandler($sessionDataAccess);
session_set_save_handler($sessionHandler, true);
session_start();
if (isset($_SESSION['WebUser'])) {
$objUser = $_SESSION['WebUser'];
$_SESSION['lastActivity'] = time();
session_write_close();
} else {
// If action was intended for a jTable display, format error response appropriately
if (strripos($action, 'ForJTable') !== false) {
public function LoadAllActiveUsers($dataAccess, $logger, $curUserID)
{
$getActiveUsersQuery = "SELECT DISTINCT `ID`, TRIM(`UserName`) AS UserName FROM `Security.Users` " . "WHERE (`IsActive` = 1) AND (LENGTH(TRIM(`UserName`)) > 0) AND (`ID` <> :userID) " . "ORDER BY `UserName`;";
$parmUserId = new QueryParameter(':userID', $curUserID, PDO::PARAM_INT);
$queryParms = array($parmUserId);
$activeUsers = array();
$errors = $dataAccess->CheckErrors();
if (strlen($errors) == 0) {
if ($dataAccess->BuildQuery($getActiveUsersQuery, $queryParms)) {
$results = $dataAccess->GetResultSet();
if ($results != null) {
foreach ($results as $row) {
$user = User::constructDefaultUser();
$user->UserID = $row['ID'];
$user->UserName = $row['UserName'];
array_push($activeUsers, $user);
}
}
}
}
$errors = $dataAccess->CheckErrors();
if (strlen($errors) > 0) {
$logger->LogError("Could not retrieve active users. " . $errors);
}
return $activeUsers;
}
private function LookUpUserAccountByProvidedInfo($dataAccess, $logger, $userName, $email)
{
$user = User::constructDefaultUser();
$parmUserName = new QueryParameter(':userName', $userName, PDO::PARAM_STR);
$parmEmail = new QueryParameter(':emailAddress', $email, PDO::PARAM_STR);
$queryParms = [];
$lookUpUserAccountByUserNameQuery = "SELECT `ID`, `EmailAddress` FROM `Security.Users` WHERE ((`UserName` = :userName) OR (`EmailAddress` = :emailAddress)) AND (`IsActive` = 1);";
if (strlen($userName) == 0) {
$lookUpUserAccountByUserNameQuery = "SELECT `ID`, `EmailAddress` FROM `Security.Users` WHERE (`EmailAddress` = :emailAddress) AND (`IsActive` = 1);";
array_push($queryParms, $parmEmail);
} else {
if (strlen($email) == 0) {
$lookUpUserAccountByUserNameQuery = "SELECT `ID`, `EmailAddress` FROM `Security.Users` WHERE (`UserName` = :userName) AND (`IsActive` = 1);";
array_push($queryParms, $parmUserName);
} else {
array_push($queryParms, $parmUserName, $parmEmail);
}
}
if ($dataAccess->BuildQuery($lookUpUserAccountByUserNameQuery, $queryParms)) {
$results = $dataAccess->GetSingleResult();
if ($results != null) {
$user->UserID = $results['ID'];
$user->EmailAddress = $results['EmailAddress'];
}
}
if ($user->UserID == -1) {
$errors = $dataAccess->CheckErrors();
$logger->LogError("ProcessPasswordResetRequest(): Could not find user profile for username '" . $userName . "' or email '" . $email . "'. " . $errors);
}
return $user;
}
