header("Location: status.php?action=login");
}
if ($user->getPower() != 0) {
header("Location: status.php?action=login");
}
if (isset($_GET['action']) || isset($_GET['user'])) {
if (!$user->str_check($_GET['user'])) {
header("Location: error.php");
}
if ($_GET['action'] == "delete") {
$user->userDelete($_GET['user']);
echo "<script language=\"javascript\">alert('删除成功!');history.back(-1);</script>";
die;
}
if ($_GET['action'] == "up") {
$user->userRenew($_GET['user'], $user->getPass($_GET['user']), "", 0);
echo "<script language=\"javascript\">alert('提权成功!');history.back(-1);</script>";
die;
}
if ($_GET['action'] == "down") {
$user->userRenew($_GET['user'], $user->getPass($_GET['user']), "", 1);
echo "<script language=\"javascript\">alert('降权成功!');history.back(-1);</script>";
die;
}
}
$limit = isset($_GET['page']) ? (intval($_GET['page']) - 1) * 20 : "0";
$list = $user->getUserList(20, $limit);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php
require_once "../App.class.php";
App::loadMod("User");
$app = new App();
$user = new User();
if (!$user->isLogin()) {
header("Location: status.php?action=login");
}
$alert = "";
if (isset($_POST['old']) && isset($_POST['new'])) {
if ($_POST['new'] != "") {
if ($user->str_check($_POST['new']) && $_POST['old'] == $user->getPass()) {
$flag = $user->userRenew($user->getUser(), $_POST['new'], "", $user->getPower());
if ($flag) {
$alert = "修改成功!";
} else {
$alert = "修改失败!";
}
} else {
$alert = "修改失败!";
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>用户管理 > <?php
echo $user->getUser();
public function insertUser(User $User)
{
$Sql = "INSERT INTO `tbl_users` (`s_Name`, `s_Pass`, `s_Userid`, `i_Userlevel`, `s_Email`, `i_Login`, `i_Refresh`, `b_Looked`, `d_RegisterDate`, `b_Premium`) \n\t\tVALUES \n\t\t(\n\t\t'" . $User->getName() . "',\n\t\t '" . $User->getPass() . "',\n\t\t '0',\n\t\t '0',\n\t\t '" . $User->getMail() . "',\n\t\t '0',\n\t\t '0',\n\t\t '0',\n\t\t now(),\n\t\t '0'\n\t\t)";
//var_dump($Sql);
return $this->MySql->executeNoneQuery($Sql);
}
public function index()
{
!$this->session->userdata('user_id') ? redirect('user') : null;
$identifier = $this->session->userdata('user_indicator');
// get user_id
$user_id = $this->session->userdata('user_id');
//get last log in
$lastlogin = user::get_last_login($user_id);
//pass data to view
$data['lastlogin'] = date("l, jS F Y g:i a", strtotime($lastlogin));
//get last order
$lastorder = user::get_last_order($user_id);
//pass data to view
if (!empty($lastorder)) {
$data['lastorder'] = date("l, jS F Y ", strtotime($lastorder['last_order']));
$data['order_no'] = $lastorder['order_no'];
$data['commodity_name'] = $lastorder['commodity_name'];
$data['quantity_ordered_pack'] = $lastorder['quantity_ordered_pack'];
$data['quantity_ordered_unit'] = $lastorder['quantity_ordered_unit'];
$data['order_total'] = $lastorder['order_total'];
} else {
$data['no_order'] = "N/A";
}
$lastissue = user::get_last_issue($user_id);
if (!empty($lastissue)) {
$data['last_issue'] = date("l, jS F Y ", strtotime($lastissue['last_issue']));
$data['commodity_name'] = $lastissue['commodity_name'];
$data['qty_issued'] = $lastissue['qty_issued'];
$data['issued_to'] = $lastissue['issued_to'];
} else {
$data['no_issue'] = "N/A";
}
//exit;
switch ($identifier) {
case 'moh':
$view = 'shared_files/template/dashboard_template_v';
break;
case 'facility_admin':
case 'facility':
//check if password is default
$username = $this->session->userdata('user_email');
$reply = User::getPass($username);
$user_data = $reply->toArray();
$token = $user_data["password"];
$default = '123456';
$data['identifier'] = $identifier;
$salt = '#*seCrEt!@-*%';
$password = md5($salt . $default);
if ($token == "{$password}") {
//$data['content_view'] = "shared_files/activation";
//$this -> session -> set_flashdata('system_success_message', "This is a security measure.Please Change Your Password to Proceed.");
$view = 'shared_files/enforce_change';
//$this -> load -> view('shared_files/activation');
} else {
$view = 'shared_files/template/template';
$data['content_view'] = "facility/facility_home_v";
$data['facility_dashboard_notifications'] = $this->get_facility_dashboard_notifications_graph_data();
}
break;
case 'recovery':
$facility = $this->session->userdata('facility_id');
$view = 'shared_files/template/template';
$data['title'] = "User Management";
$data['banner_text'] = "User Management";
$data['current_user_id'] = $this->session->userdata('user_id');
$data['content_view'] = "shared_files/user_recovery_v";
$data['listing'] = Users::get_user_list_facility($facility);
break;
case 'district':
$data['content_view'] = "subcounty/subcounty_home_v";
$view = 'shared_files/template/template';
break;
case 'moh_user':
$view = '';
break;
case 'scmlt':
case 'rtk_county_admin':
case 'allocation_committee':
case 'rtk_partner_admin':
case 'rtk_manager':
case 'rtk_partner_admin':
case 'rtk_partner_super':
redirect('http://41.89.6.223/HCMP/user');
//redirect('http://192.168.133.23/HCMP/user');
break;
case 'super_admin':
$view = 'shared_files/template/dashboard_v';
$data['content_view'] = "shared_files/template/super_admin_template";
break;
// case 'allocation_committee':
// $view = '';
break;
case 'county':
$view = 'shared_files/template/template';
$data['content_view'] = "subcounty/subcounty_home_v";
break;
}
$data['title'] = "System Home";
$data['banner_text'] = "Home";
$this->load->view($view, $data);
}
$promo = new Promo();
$promo_list = $promo->getAll();
$droit = new Droit();
$droit_list = $droit->getAll();
if ($id_droit == 1 || $id_droit == 2) {
echo $twig->render("modif_user.html.twig", array("user" => $infUser = $user->getInfoAdminProfModif(), "promo" => $promo_list, "droit" => $droit_list));
} else {
echo $twig->render("modif_user.html.twig", array("user" => $infUser = $user->getInfoEleveModif(), "promo" => $promo_list, "droit" => $droit_list));
}
if (isset($_REQUEST['submit'])) {
if (isset($_REQUEST['nom']) && isset($_REQUEST['prenom']) && isset($_REQUEST['email']) && isset($_REQUEST['droit'])) {
$db = Database::getInstance();
$prenom = $_REQUEST['prenom'];
$nom = $_REQUEST['nom'];
$email = $_REQUEST['email'];
$droit = $_REQUEST['droit'];
$idpromo = $_REQUEST['promo'];
$password = "";
if (password_verify($_REQUEST['currentPass'], $user->getPass())) {
if (!empty($_REQUEST['newPass']) && !empty($_REQUEST['reNewPass'])) {
if ($_REQUEST['newPass'] == $_REQUEST['reNewPass']) {
$password = password_hash($_REQUEST['newPass'], PASSWORD_DEFAULT);
} else {
$password = password_hash($user->password(), PASSWORD_DEFAULT);
}
}
}
$user->updateUser($nom, $prenom, $password, $email, $droit, $idpromo);
//header('Location: user_list.php');
}
}
public function editUser(User $user)
{
$result = $this->db->prepare("UPDATE users SET password = ?, username = ? WHERE id = ?");
$result->execute([$user->getPass(), $user->getUsername(), $user->getId()]);
return $result->rowCount() > 0;
}
function returnUserAffiliateLink(User $user)
{
$link = $user->link;
//echo("Check link for: $user<br>");
if (isset($user)) {
$origUserPass = $user->pass;
if ($user->getPass()) {
$user->setPass(false);
$newUser = $this->getUserById($user->upline);
if (isset($_REQUEST['debug'])) {
echo "New User (is old): {$newUser}<br>";
}
if (isset($newUser) && $newUser->id != $user->id) {
if (isset($_REQUEST['debug'])) {
echo "New User (is new): {$newUser}<br>";
}
$link = $this->returnUserAffiliateLink($newUser);
}
} else {
$user->setPass(true);
}
// Save current state of user
$updateQuery = "Update wp_usermeta SET meta_value='" . ($user->getPass() ? 1 : 0) . "' WHERE meta_key='cb_pass' AND user_id=" . $user->id;
if (isset($_REQUEST['debug'])) {
echo "Update Query: {$updateQuery}<br>";
}
$this->getDBConnection()->queryWP($updateQuery);
$affected = $this->getDBConnection()->getWPDBConnection()->affected_rows;
if (isset($_REQUEST['debug'])) {
echo "Affected : {$affected}<br>";
}
if ($affected == 0 && $user->getPass() != $origUserPass) {
if (isset($_REQUEST['debug'])) {
echo "No rows affected after updating<br>";
}
$insertQuery = "INSERT INTO wp_usermeta (user_id,meta_key,meta_value) VALUES(" . $user->id . ",'cb_pass'," . ($user->getPass() ? 1 : 0) . ")";
$this->getDBConnection()->queryWP($insertQuery);
if (isset($_REQUEST['debug'])) {
echo "Inset Query: {$insertQuery}<br>";
}
}
}
return $link;
}
function validate(User $user)
{
$validaEmail = $this->get($user->getEmail());
$validaAlias = $this->getByAlias($user->getAlias());
if ($user->getPass() == null) {
return -2;
//Contraseña en blanco
}
if ($validaEmail->getEmail() != null) {
return -1;
//El email ya existe
}
if ($validaAlias->getAlias() != null) {
return 0;
//El alias ya existe
}
return 1;
}
public function update(User $user)
{
$this->updateObject('User', 'u_id', $user->getId(), ['u_name' => $user->getName(), 'u_mail' => $user->getMail(), 'u_pass' => $user->getPass(), 'u_perm' => $user->getPerm()]);
}
