Example #1
0
		$permissions[$field] = $permissionEnabled;
	}
}

if ($editUser->isAdmin() && $customizeRights && $canManage) {
	// save user customized rights
	$editUser->updatePermissions($permissions);

	$logtext = getGS('Permissions changed for user "$1"',$editUser->getUserName());
	Log::Message($logtext, $g_user->getUserId(), 55);
}
if ($editUser->isAdmin() && !$customizeRights && $canManage) {
	// save user rights based on existing user type
	$userTypeId = Input::Get('UserType', 'int', 0);
	if ($userTypeId != 0) {
		$editUser->setUserType($userTypeId);
	}
}

// unsubscribe
$unsubscribe = Input::Get('unsubscribe', 'bool', false);
if ($unsubscribe 
    && ($canManage || $editUser->getUserId() == $g_user->getUserId())) {
    $editUser->setPermission('MailNotify', false);
}

camp_html_add_msg(getGS("User '$1' information was changed successfully.",
	$editUser->getUserName()), "ok");
$editUser->fetch();
if ($editUser->getUserName() == $g_user->getUserName() && !$editUser->hasPermission('ManageUsers')) {
	camp_html_goto_page("/$ADMIN/");
 private function getUser($selectResult)
 {
     $User = new User();
     $count = 0;
     while ($list = mysqli_fetch_assoc($selectResult)) {
         $User->setUserId($list['usr_user_id']);
         $User->setFirstName($list['usr_first_name']);
         $User->setLastName($list['usr_last_name']);
         $User->setLogin($list['usr_login']);
         //$User->setUserRatingId($list['']);
         $User->setEmail($list['usr_email']);
         $User->setDOB($list['usr_DOB']);
         //$User->setLocation($list['']);
         $User->setRegistration_date($list['usr_registration_date']);
         $User->setUserType($list['usr_user_type_id']);
         $User->setUserLanguage($list['usr_language']);
         $User->setEmailSub($list['usr_email_subscribed']);
     }
     return $User;
 }
Example #3
0
$pass = $user_info['password'];
$user_insert_id = "";
//contains the city Ids, it will get us the location
//$cityid = $userManager->getuserLocation();
$cityid = '1';
//Inserting into the profecient Table;;
$LProfManager = new LanguageProfManager();
$User->setFirstName($userfname);
$User->setLastName($userlname);
$User->setLogin($userid);
$User->setEmail($emailid);
$User->setPassword($pass);
$User->setDOB($dob);
$User->setLocation($cityid);
$User->setRegistration_date(date("Y-m-d"));
$User->setUserType(4);
$user_insert_id = $userManager->addUser($User);
//echo $user_insert_id;
if ($user_insert_id) {
    //$cityid='4';
    $prof = [];
    $count_prof = count($user_info['mylanguage']);
    $i = 0;
    if (count($count_prof) > 0) {
        for ($i = 0; $i < $count_prof; $i++) {
            $lprof[] = new LanguageProf();
            $lprof[$i]->setLanguageId($user_info['mylanguage'][$i]);
            $lprof[$i]->setProf($user_info['proficient'][$i]);
            $lprof[$i]->setUserId($user_insert_id);
            if ($LProfManager->AddProficient($lprof[$i])) {
                $allworks = true;
Example #4
0
<?php

require_once '../core/init.php';
$data = array();
$userId = $_POST['userid'];
$userType = $_POST['usertype'];
$userFullName = $_POST['fullname'];
$userStatus = $_POST['userstatus'];
$user = new User();
$fetchedUser = $user->getUserUsingUserId($userId);
if (isset($fetchedUser)) {
    //now set the modified values using the setter methods..
    $modifiedUser = new User();
    $modifiedUser->setUserId($userId);
    $modifiedUser->setUserType($userType);
    $modifiedUser->setUsername($fetchedUser->username);
    $modifiedUser->existingUserPassword($fetchedUser->user_password);
    $modifiedUser->setUserFullName($userFullName);
    $modifiedUser->setUserStatus($userStatus);
    $modifiedUser->setEmail($fetchedUser->email);
    $modifiedUser->setUserLastValidLogin($fetchedUser->user_last_valid_login);
    $modifiedUser->setUserFirstInvalidLogin($fetchedUser->user_first_invalid_login);
    $modifiedUser->setUserFailedLoginCount($fetchedUser->user_faild_login_count);
    $modifiedUser->setUserCreateDate($fetchedUser->user_create_date);
    $modifiedUser->setModifiedBy($fetchedUser->modified_by);
    $modifiedUser->setModificationDate($fetchedUser->modification_date);
    //update the record
    $user->update($modifiedUser);
    $data['success'] = true;
    $data['message'] = "<div class='alert alert-success alert-dismissable'>" . "<button type='button' class='close' data-dismiss='alert' aria-hidden='true'>&times;</button>" . "Lorem ipsum dolor sit amet, consectetur adipisicing elit. <a href='#' class='alert-link'>Alert Link</a>." . "</div><br/>";
    echo json_encode($data);
Example #5
0
 function Main()
 {
     switch ($this->formArray["formAction"]) {
         case "edit":
             $UserDetails = new SoapObject(NCCBIZ . "UserDetails.php", "urn:Object");
             if (!($xmlStr = $UserDetails->getUserDetails($this->formArray["userID"]))) {
                 $this->tpl->set_block("rptsTemplate", "Table", "TableBlock");
                 $this->tpl->set_var("TableBlock", "User record not found");
             } else {
                 if (!($domDoc = domxml_open_mem($xmlStr))) {
                     $this->tpl->set_block("rptsTemplate", "Table", "TableBlock");
                     $this->tpl->set_var("TableBlock", "error xmlDoc");
                 } else {
                     $user = new User();
                     $user->parseDomDocument($domDoc);
                     $this->formArray["userID"] = $user->getUserID();
                     $this->formArray["userType"] = $user->getUserType();
                     $this->formArray["username"] = $user->getUsername();
                     $this->formArray["password"] = $user->getPassword();
                     $this->formArray["personID"] = $user->getPersonID();
                     $this->formArray["status"] = $user->getStatus();
                 }
             }
             $PersonDetails = new SoapObject(NCCBIZ . "PersonDetails.php", "urn:Object");
             if (!($xmlStr = $PersonDetails->getPersonDetails($this->formArray["personID"]))) {
                 $this->tpl->set_block("rptsTemplate", "Table", "TableBlock");
                 $this->tpl->set_var("TableBlock", "Person record not found");
             } else {
                 if (!($domDoc = domxml_open_mem($xmlStr))) {
                     $this->tpl->set_block("rptsTemplate", "Table", "TableBlock");
                     $this->tpl->set_var("TableBlock", "error xmlDoc");
                 } else {
                     $person = new Person();
                     $person->parseDomDocument($domDoc);
                     list($dateArr["year"], $dateArr["month"], $dateArr["day"]) = explode("-", $person->getBirthday());
                     $this->formArray["personID"] = $person->getPersonID();
                     $this->formArray["lastName"] = $person->getLastName();
                     $this->formArray["firstName"] = $person->getFirstName();
                     $this->formArray["middleName"] = $person->getMiddleName();
                     $this->formArray["gender"] = $person->getGender();
                     $this->formArray["birth_year"] = removePreZero($dateArr["year"]);
                     $this->formArray["birth_month"] = removePreZero($dateArr["month"]);
                     $this->formArray["birth_day"] = removePreZero($dateArr["day"]);
                     $this->formArray["maritalStatus"] = $person->getMaritalStatus();
                     $this->formArray["tin"] = $person->getTin();
                     $address = $person->addressArray[0];
                     if (is_a($address, Address)) {
                         $this->formArray["addressID"] = $address->getAddressID();
                         $this->formArray["number"] = $address->getNumber();
                         $this->formArray["street"] = $address->getStreet();
                         $this->formArray["barangay"] = $address->getBarangay();
                         $this->formArray["district"] = $address->getDistrict();
                         $this->formArray["municipalityCity"] = $address->getMunicipalitycity();
                         $this->formArray["province"] = $address->getProvince();
                     }
                     $this->formArray["telephone"] = $person->getTelephone();
                     $this->formArray["mobileNumber"] = $person->getMobileNumber();
                     $this->formArray["email"] = $person->getEmail();
                 }
             }
             $this->tpl->set_block("rptsTemplate", "NewUserPassword", "NewUserPasswordBlock");
             $this->tpl->set_var("NewUserPasswordBlock", "");
             $this->tpl->set_block("rptsTemplate", "OldUserPassword", "OldUserPasswordBlock");
             $this->tpl->set_var("oldNewUserRowspan", 5);
             //$this->tpl->set_var("oldNewUserRowspan", 3);
             $this->tpl->parse("OldUserPasswordBlock", "OldUserPassword", true);
             break;
         case "save":
             /*
             			    if($this->isOldPasswordCorrect()==false){
             			        $this->message = "Error. Cannot Save. Old password incorrect to create new password.";
             		    	    $this->tpl->set_var("message", $this->message);	
             		    	    $this->tpl->parse("MessageBlock", "Message", true);
             		    	    
                                 $this->tpl->set_block("rptsTemplate", "NewUserPassword", "NewUserPasswordBlock");
                                 $this->tpl->set_var("NewUserPasswordBlock", "");
             
                                 $this->tpl->set_block("rptsTemplate", "OldUserPassword", "OldUserPasswordBlock");
                                 $this->tpl->set_var("oldNewUserRowspan", 3);
                                 $this->tpl->parse("OldUserPasswordBlock", "OldUserPassword", true);		    	
             		    	    break;
             			    }
             */
             if ($this->formArray["newPassword"] != "" && $this->formArray["newPassword"] != "null") {
                 $this->formArray["password"] = md5($this->formArray["newPassword"]);
             }
             if ($this->usernameAlreadyExists() == true) {
                 $this->message = "Error. Cannot Save. Username already exists.";
                 $this->tpl->set_var("message", $this->message);
                 $this->tpl->parse("MessageBlock", "Message", true);
                 $this->tpl->set_block("rptsTemplate", "NewUserPassword", "NewUserPasswordBlock");
                 $this->tpl->set_block("rptsTemplate", "OldUserPassword", "OldUserPasswordBlock");
                 if ($this->formArray["personID"] != "") {
                     $this->tpl->set_var("NewUserPasswordBlock", "");
                     $this->tpl->set_var("oldNewUserRowspan", 3);
                     $this->tpl->parse("OldUserPasswordBlock", "OldUserPassword", true);
                 } else {
                     $this->tpl->set_var("oldNewUserRowspan", 2);
                     $this->tpl->parse("NewUserPasswordBlock", "NewUserPassword", true);
                     $this->tpl->set_var("OldUserPasswordBlock", "");
                 }
                 break;
             }
             $PersonEncode = new SoapObject(NCCBIZ . "PersonEncode.php", "urn:Object");
             if ($this->formArray["personID"] != "") {
                 $PersonDetails = new SoapObject(NCCBIZ . "PersonDetails.php", "urn:Object");
                 if (!($xmlStr = $PersonDetails->getPersonDetails($this->formArray["personID"]))) {
                     $this->tpl->set_block("rptsTemplate", "Table", "TableBlock");
                     $this->tpl->set_var("TableBlock", "Person record not found");
                 } else {
                     if (!($domDoc = domxml_open_mem($xmlStr))) {
                         $this->tpl->set_block("rptsTemplate", "Table", "TableBlock");
                         $this->tpl->set_var("TableBlock", "error xmlDoc");
                     } else {
                         $person = new Person();
                         $person->parseDomDocument($domDoc);
                         $address = $person->addressArray[0];
                         if (is_a($address, Address)) {
                             $address->setAddressID($this->formArray["addressID"]);
                             $address->setNumber($this->formArray["number"]);
                             $address->setStreet($this->formArray["street"]);
                             $address->setBarangay($this->formArray["barangay"]);
                             $address->setDistrict($this->formArray["district"]);
                             $address->setMunicipalityCity($this->formArray["municipalityCity"]);
                             $address->setProvince($this->formArray["province"]);
                             $address->setDomDocument();
                         }
                         $person->setPersonID($this->formArray["personID"]);
                         $person->setPersonType("adminUser");
                         $person->setLastName($this->formArray["lastName"]);
                         $person->setFirstName($this->formArray["firstName"]);
                         $person->setMiddleName($this->formArray["middleName"]);
                         $person->setGender($this->formArray["gender"]);
                         $person->setBirthday($this->birthdate);
                         $person->setMaritalStatus($this->formArray["maritalStatus"]);
                         $person->setTin($this->formArray["tin"]);
                         $person->setAddressArray($address);
                         $person->setTelephone($this->formArray["telephone"]);
                         $person->setMobileNumber($this->formArray["mobileNumber"]);
                         $person->setEmail($this->formArray["email"]);
                         $person->setDomDocument();
                         $doc = $person->getDomDocument();
                         //echo $doc->html_dump_mem();
                         $xmlStr = $doc->dump_mem(true);
                         if (!($ret = $PersonEncode->updatePerson($xmlStr))) {
                             exit("error update");
                         }
                     }
                 }
             } else {
                 $address = new Address();
                 $address->setNumber($this->formArray["number"]);
                 $address->setStreet($this->formArray["street"]);
                 $address->setBarangay($this->formArray["barangay"]);
                 $address->setDistrict($this->formArray["district"]);
                 $address->setMunicipalityCity($this->formArray["municipalityCity"]);
                 $address->setProvince($this->formArray["province"]);
                 $address->setDomDocument();
                 $person = new Person();
                 $person->setPersonID($this->formArray["personID"]);
                 $person->setPersonType("adminUser");
                 $person->setLastName($this->formArray["lastName"]);
                 $person->setFirstName($this->formArray["firstName"]);
                 $person->setMiddleName($this->formArray["middleName"]);
                 $person->setGender($this->formArray["gender"]);
                 $person->setBirthday($this->birthdate);
                 $person->setMaritalStatus($this->formArray["maritalStatus"]);
                 $person->setTin($this->formArray["tin"]);
                 $person->setAddressArray($address);
                 $person->setTelephone($this->formArray["telephone"]);
                 $person->setMobileNumber($this->formArray["mobileNumber"]);
                 $person->setEmail($this->formArray["email"]);
                 $person->setDomDocument();
                 $doc = $person->getDomDocument();
                 $xmlStr = $doc->dump_mem(true);
                 //echo $this->formArray["ownerID"].$xmlStr;
                 if (!($ret = $PersonEncode->savePerson($xmlStr, $this->formArray["ownerID"]))) {
                     exit("error save");
                 }
             }
             $this->formArray["personID"] = $ret;
             $UserEncode = new SoapObject(NCCBIZ . "UserEncode.php", "urn:Object");
             if ($this->formArray["userID"] != "") {
                 $UserDetails = new SoapObject(NCCBIZ . "UserDetails.php", "urn:Object");
                 if (!($xmlStr = $UserDetails->getUserDetails($this->formArray["userID"]))) {
                     exit("User record not found");
                 } else {
                     if (!($domDoc = domxml_open_mem($xmlStr))) {
                         $this->tpl->set_block("rptsTemplate", "Table", "TableBlock");
                         $this->tpl->set_var("TableBlock", "error xmlDoc");
                     } else {
                         $user = new User();
                         $user->parseDomDocument($domDoc);
                         $user->setUserID($this->formArray["userID"]);
                         $user->setUserType($this->formArray["userType"]);
                         $user->setUsername($this->formArray["username"]);
                         $user->setPassword($this->formArray["password"]);
                         $user->setPersonID($this->formArray["personID"]);
                         $user->setStatus($this->formArray["status"]);
                         $user->setDomDocument();
                         $doc = $user->getDomDocument();
                         $xmlStr = $doc->dump_mem(true);
                         if (!($ret = $UserEncode->updateUser($xmlStr))) {
                             exit("error update");
                         }
                     }
                 }
             } else {
                 $user = new User();
                 //$user->setUserID($this->formArray["userID"]);
                 $user->setUserType($this->formArray["userType"]);
                 $user->setUsername($this->formArray["username"]);
                 $user->setPassword(md5($this->formArray["password"]));
                 $user->setPersonID($this->formArray["personID"]);
                 $user->setStatus($this->formArray["status"]);
                 $user->setDomDocument();
                 $doc = $user->getDomDocument();
                 $xmlStr = $doc->dump_mem(true);
                 if (!($ret = $UserEncode->saveUser($xmlStr))) {
                     exit("error save");
                 }
             }
             header("location: UserClose.php" . $this->sess->url(""));
             exit;
             break;
         case "cancel":
             header("location: UserClose.php" . $this->sess->url(""));
             exit;
             break;
         default:
             $this->tpl->set_block("rptsTemplate", "UserID", "UserIDBlock");
             $this->tpl->set_var("UserIDBlock", "");
             $this->tpl->set_block("rptsTemplate", "ACK", "ACKBlock");
             $this->tpl->set_var("ACKBlock", "");
             $this->tpl->set_block("rptsTemplate", "NewUserPassword", "NewUserPasswordBlock");
             $this->tpl->set_var("oldNewUserRowspan", 2);
             $this->tpl->parse("NewUserPasswordBlock", "NewUserPassword", true);
             $this->tpl->set_block("rptsTemplate", "OldUserPassword", "OldUserPasswordBlock");
             $this->tpl->set_var("OldUserPasswordBlock", "");
     }
     $this->setForm();
     if ($this->message == "") {
         $this->tpl->set_var("MessageBlock", "");
     }
     $this->tpl->parse("templatePage", "rptsTemplate");
     $this->tpl->finish("templatePage");
     $this->tpl->p("templatePage");
 }
Example #6
0
if (User::UserNameExists($fieldValues['UName'])) {
    $errorMsg = $translator->trans('That user name already exists, please choose a different login name.', array(), 'users');
    camp_html_add_msg($errorMsg);
    camp_html_goto_page($backLink);
}
if (User::EmailExists($fieldValues['EMail'])) {
    $errorMsg = $translator->trans('Another user is registered with that e-mail address, please choose a different one.', array(), 'users');
    camp_html_add_msg($errorMsg);
    camp_html_goto_page($backLink);
}
// read password
$password = Input::Get('password', 'string', '');
$passwordConf = Input::Get('passwordConf', 'string', '');
if (strlen($password) < 6 || $password != $passwordConf) {
    $errorMsg = $translator->trans('The password must be at least 6 characters long and both passwords should match.', array(), 'users');
    camp_html_add_msg($errorMsg);
    camp_html_goto_page($backLink);
}
$fieldValues['passwd'] = $password;
// create user
$editUser = new User();
if ($editUser->create($fieldValues)) {
    if ($uType == 'Staff') {
        $editUser->setUserType($Type);
    }
    camp_html_add_msg($translator->trans('User account $1 was created successfully.', array('$1' => $editUser->getUserName()), 'users'), "ok");
    camp_html_goto_page("/{$ADMIN}/users/edit.php?User="******"&{$typeParam}");
} else {
    camp_html_add_msg($translator->trans('The user account could not be created.', array(), 'users'));
    camp_html_goto_page($backLink);
}
require_once '../core/init.php';
$data = array();
$userId = $_POST['userId'];
$currentEmail = $_POST['currentEmail'];
$newEmail = $_POST['newEmail'];
$username = $_POST['username'];
$password = $_POST['password'];
//the next step is to check if there exists a user with the passed
//email, username and password. If so update the email variable only.
$user = new User();
if ($user->userExistsWithCredentials($username, $currentEmail, $password)) {
    //now i can update the fetch the object using the id
    $fetchedUser = $user->getUserUsingUserId($userId);
    $modifiedUser = new User();
    $modifiedUser->setUserId($userId);
    $modifiedUser->setUserType($fetchedUser->user_type);
    $modifiedUser->setUsername($fetchedUser->username);
    $modifiedUser->setUserPassword($password);
    $modifiedUser->setUserFullName($fetchedUser->user_full_name);
    $modifiedUser->setUserStatus($fetchedUser->user_status);
    $modifiedUser->setEmail($newEmail);
    $modifiedUser->setUserLastValidLogin($fetchedUser->user_last_valid_login);
    $modifiedUser->setUserFirstInvalidLogin($fetchedUser->user_first_invalid_login);
    $modifiedUser->setUserFailedLoginCount($fetchedUser->user_faild_login_count);
    $modifiedUser->setUserCreateDate($fetchedUser->user_create_date);
    $modifiedUser->setModifiedBy($fetchedUser->modified_by);
    $modifiedUser->setModificationDate($fetchedUser->modification_date);
    $user->update($modifiedUser);
    $data['success'] = true;
    $data['message'] = "<div class='alert alert-success alert-dismissable'>" . "<button type='button' class='close' data-dismiss='alert' aria-hidden='true'>&times;</button>" . "User email address updated successfully!" . "</div><br/>";
    echo json_encode($data);
Example #8
0
        $this->userImage = $value;
    }
    function getUserImage()
    {
        return $this->userImage;
    }
}
//check if the user exist in DB
$sql = "SELECT * FROM user WHERE login = '******'login']}'" . " AND password = '******'password']}'";
$user_data = mysql_query($sql, $con);
$row = mysql_fetch_array($user_data);
if (empty($row['login'])) {
    //redirect to registration page
    $to = 'not-exist.html';
    header('Location: ' . $to);
    exit;
}
//put user data in Model (User Object)
$user01 = new User();
$user01->setUserLogin($row['login']);
$user01->setUserPassword($row['password']);
$user01->setFullName($row['fullname']);
$user01->setUserType($row['usertype']);
$user01->setUserImage($row['image']);
//put user data in session
$_SESSION['user'] = $user01;
//redirect to the HOME page
$to = 'home.php';
header('Location: ' . $to);
mysql_close($con);
exit;
Example #9
0
 function showEditUserRes()
 {
     /* update last page */
     $_SESSION['LASTPAGE'] = 'sysadmin.users.edituser';
     $displayUsers = new DisplayUsers();
     $urid = getFromSessionParams('urid');
     $content = "";
     if ($urid != '') {
         //edit
         $content = $displayUsers->displaySuccess(Language::messageUserChanged(loadvar('name')));
         $_SESSION['LASTURID'] = $urid;
     } else {
         //add user!
         if (loadvar('username') != "" && loadvar('name') != '') {
             //ADD NEW!!!
             $user = new User('', true);
             $urid = $user->getUrid();
             $_SESSION['LASTURID'] = $urid;
             $content = $displayUsers->displaySuccess(Language::messageUserAdded(loadvar('name')));
         }
     }
     //ADD ALL SORTS OF CHECKS!!
     if ($urid != '' && loadvar('name') != "" && loadvar('username') != '') {
         $user = new User($urid);
         $user->setName(loadvar('name'));
         $user->setUsername(loadvar('username'));
         if (loadvar('pwd1') != '') {
             if (loadvar('pwd1') == loadvar('pwd2')) {
                 $user->setPassword(loadvar('pwd1'));
             } else {
                 $content = $displayUsers->displayWarning(Language::messageUserNoMatch());
             }
         }
         $user->setSupervisor(loadvar('uridsel'));
         $user->setStatus(loadvar('status'));
         $user->setUserType(loadvar('usertype'));
         $user->setUserSubType(loadvar('usersubtype'));
         $current = $user->getSurveysAccess();
         $allowedsurveys = loadvar(SETTING_USER_SURVEYS);
         // add access to all modes and languages if not specified in current access
         foreach ($allowedsurveys as $a) {
             if (!inArray($a, $current)) {
                 $surv = new Survey($a);
                 $mods = explode("~", $surv->getAllowedModes());
                 foreach ($mods as $m) {
                     $user->setLanguages($a, $m, $surv->getAllowedLanguages($m));
                 }
             }
         }
         foreach ($current as $c) {
             if (!inArray($c, $allowedsurveys)) {
                 $user->removeSurvey($c);
             }
         }
         $user->saveChanges();
         // current survey not in allowed, then update to first survey for user
         if (!inArray($_SESSION['SUID'], $allowedsurveys)) {
             $surveys = new Surveys();
             $_SESSION['SUID'] = $surveys->getFirstSurvey();
         }
     } else {
         $content = $displayUsers->displayWarning(Language::messageUserCorrectErrors());
     }
     return $displayUsers->showEditUser($_SESSION['LASTURID'], $content);
 }
 /**
  * Run method with main page logic
  * 
  * Populate template and display form for editing an profile entry. For POST requests,
  * check user credentials, check if profile exists and then update entry in database.
  * Available to members only
  * @access public
  */
 public function run()
 {
     $session = Session::getInstance();
     $user = $session->getUser();
     if ($user == null || !$user->validUser()) {
         $session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR);
         header("Location: " . BASE_URL);
         return;
     }
     $userDAO = UserDAO::getInstance();
     $alter_user = null;
     $form_errors = array();
     $form_values = array("id" => "", "password" => "", "password2" => "", "status" => "", "usertype" => "", "steamId" => "", "xboxId" => "", "psnId" => "", "wiiId" => "");
     // Check form
     if (!empty($_POST)) {
         $form_values["id"] = isset($_POST["id"]) ? trim($_POST["id"]) : "";
         $form_values["password"] = isset($_POST["password"]) ? trim($_POST["password"]) : "";
         $form_values["password2"] = isset($_POST["password2"]) ? trim($_POST["password2"]) : "";
         $form_values["status"] = isset($_POST["status"]) ? trim($_POST["status"]) : "";
         $form_values["usertype"] = isset($_POST["usertype"]) ? trim($_POST["usertype"]) : "";
         $form_values["steamId"] = isset($_POST["steamId"]) ? trim($_POST["steamId"]) : "";
         $form_values["xboxId"] = isset($_POST["xboxId"]) ? trim($_POST["xboxId"]) : "";
         $form_values["psnId"] = isset($_POST["psnId"]) ? trim($_POST["psnId"]) : "";
         $form_values["wiiId"] = isset($_POST["wiiId"]) ? trim($_POST["wiiId"]) : "";
         if (empty($form_values["id"])) {
             $form_errors["id"] = "User id not set";
         }
         if (empty($form_values["password"]) && empty($form_values["password2"])) {
         } else {
             if (empty($form_values["password"])) {
                 $form_errors["password"] = "******";
             } else {
                 if (empty($form_values["password2"])) {
                     $form_errors["password"] = "******";
                 } else {
                     if (strcmp($form_values["password"], $form_values["password2"]) != 0) {
                         $form_errors["password"] = "******";
                         $form_values["password2"] = "";
                     }
                 }
             }
         }
         if ($user->isAdmin() && !empty($form_values["status"])) {
             if (!is_numeric($form_values["status"])) {
                 $form_errors["status"] = "Status must be a number";
             } else {
                 $status = intval($form_values["status"]);
                 $tmp = new User();
                 try {
                     $tmp->setUserType($status);
                 } catch (InvalidUserTypeException $e) {
                     $form_errors["status"] = "Invalid value for status";
                 }
             }
         } else {
             if ($user->isAdmin() && empty($form_values["status"])) {
                 $form_errors["status"] = "Status not defined";
             }
         }
         if ($user->isAdmin() && !empty($form_values["usertype"])) {
             if (!is_numeric($form_values["usertype"])) {
                 $form_errors["usertype"] = "Status must be a number";
             }
             $tmp = new User();
             try {
                 $tmp->setUserType($status);
             } catch (InvalidStatusException $e) {
                 $form_errors["usertype"] = "Invalid value for status";
             }
         } else {
             if ($user->isAdmin() && !empty($form_values["usertype"])) {
                 $form_errors["usertype"] = "Type not defined";
             }
         }
         // Regular expression check for identities
         if (!empty($form_values["steamId"])) {
             if (strlen($form_values["steamId"]) > 20) {
                 $form_errors["steamId"] = "Steam ID too long";
             } else {
                 if (!preg_match("/^([A-Za-z0-9_]{3,20})\$/", $form_values["steamId"])) {
                     $form_errors["steamId"] = "Steam ID is not valid";
                 }
             }
         }
         if (!empty($form_values["xboxId"])) {
             if (strlen($form_values["xboxId"]) > 15) {
                 $form_errors["xboxId"] = "Xbox gamertag too long";
             } else {
                 if (!preg_match("/^[A-Za-z0-9 ]{3,15}\$/", $form_values["xboxId"])) {
                     $form_errors["xboxId"] = "Xbox gamertag is not valid";
                 }
             }
         }
         if (!empty($form_values["psnId"])) {
             if (strlen($form_values["psnId"]) > 16) {
                 $form_errors["psnId"] = "PSN ID too long";
             } else {
                 if (!preg_match("/^([A-Za-z0-9-_]+){3,16}\$/", $form_values["psnId"])) {
                     $form_errors["psnId"] = "PSN ID is not valid";
                 }
             }
         }
         if (!empty($form_values["wiiId"])) {
             if (strlen($form_values["wiiId"]) > 20) {
                 $form_errors["wiiId"] = "Steam Id too long";
             } else {
                 if (!preg_match("/^([0-9]{4}[- ][0-9]{4}[- ][0-9]{4}[- ][0-9]{4})\$/", $form_values["wiiId"])) {
                     $form_errors["wiiId"] = "Wii Friend Code is not valid";
                 }
             }
         }
         // No errors found
         if (empty($form_errors)) {
             // Status call not done
             $alter_user = $userDAO->load($form_values["id"]);
             if ($alter_user != null) {
                 if ($session->getUser()->isAdmin() || $alter_user->getId() == $session->getUser()->id) {
                     if (!empty($form_values["password"])) {
                         $alter_user->setPassHash(sha1($form_values["password"]));
                     }
                     if (!empty($form_values["status"])) {
                         $alter_user->setStatus(intval($form_values["status"]));
                     }
                     if (!empty($form_values["usertype"])) {
                         $alter_user->setUserType(intval($form_values["usertype"]));
                     }
                     if (!empty($form_values["steamId"])) {
                         $alter_user->setSteamId($form_values["steamId"]);
                     }
                     if (!empty($form_values["xboxId"])) {
                         $alter_user->setXboxId($form_values["xboxId"]);
                     }
                     if (!empty($form_values["psnId"])) {
                         $alter_user->setPsnId($form_values["psnId"]);
                     }
                     if (!empty($form_values["wiiId"])) {
                         $alter_user->setWiiId($form_values["wiiId"]);
                     }
                     // Save profile
                     if ($userDAO->save($alter_user)) {
                         $session->setMessage("User profile altered");
                         header("Location: {$_SERVER["PHP_SELF"]}?id={$alter_user->id}");
                         return;
                     } else {
                         $session->setMessage("User profile not altered", Session::MESSAGE_ERROR);
                     }
                 } else {
                     header("Location: " . BASE_URL);
                     return;
                 }
             }
         } else {
             if (empty($form_errors["id"])) {
                 $alter_user = $userDAO->load($form_values["id"]);
             }
         }
     } else {
         if (!empty($_GET)) {
             $form_values["id"] = isset($_GET["id"]) ? trim($_GET["id"]) : "";
             if (empty($form_values["id"])) {
                 $form_errors["id"] = "User id not set";
             }
             if (empty($form_errors)) {
                 $alter_user = $userDAO->load($form_values["id"]);
                 // Value is null so user does not exist. Allow null to be passed to template
                 if (!$alter_user) {
                 } else {
                     if ($session->getUser()->isAdmin()) {
                         $form_values["steamId"] = $alter_user->getSteamId();
                         $form_values["xboxId"] = $alter_user->getXboxId();
                         $form_values["psnId"] = $alter_user->getPsnId();
                         $form_values["wiiId"] = $alter_user->getWiiId();
                     } else {
                         if (!$session->getUser()->isAdmin() && $alter_user->getId() != $session->getUser()->getId()) {
                             $session->setMessage("Do not have permission", Session::MESSAGE_ERROR);
                             header("Location: " . BASE_URL);
                             return;
                         } else {
                             $form_values["steamId"] = $alter_user->getSteamId();
                             $form_values["xboxId"] = $alter_user->getXboxId();
                             $form_values["psnId"] = $alter_user->getPsnId();
                             $form_values["wiiId"] = $alter_user->getWiiId();
                         }
                     }
                 }
             }
         } else {
             header("Location: " . BASE_URL);
             return;
         }
     }
     $this->template->render(array("title" => "Edit Profile", "main_page" => "edit_profile_tpl.php", "session" => $session, "alter_user" => $alter_user, "form_errors" => $form_errors, "form_values" => $form_values));
 }
Example #11
0
    public function store($p_user_id = null)
    {
        require_once 'HTML/QuickForm.php';

        $mask = self::getFormMask($p_owner, $p_admin);
        $form = new html_QuickForm('interview', 'post', $p_target, null, null, true);
        FormProcessor::parseArr2Form($form, $mask);

        if ($form->validate() && SecurityToken::isValid()) {
            $data = $form->getSubmitValues();

            $image_id = $this->getProperty('fk_image_id');

            if ($data['f_image_delete'] && $image_id) {
                $Image = new Image($this->getProperty('fk_image_id'));
                $Image->delete();
                $image_id = null;
            } else {
                $file = $form->getElementValue('f_image');
                if (strlen($file['name'])) {
                    $attributes = array(
                        'Description' => strlen($data['f_image_description']) ? $data['f_image_description'] : $file['name'],
                    );
                    $Image = Image::OnImageUpload($file, $attributes, $p_user_id, !empty($image_id) ? $image_id : null);
                    if (is_a($Image, 'Image')) {
                        $image_id = $Image->getProperty('Id');
                    } else {
                        return false;
                    }
                }
            }

            // may have to create new user account for guest
            foreach (array('guest') as $type) {
                if ($data['f_'.$type.'_user_id'] == '__new__') {
                    global $ADMIN_DIR;
                    require_once($GLOBALS['g_campsiteDir']. "/$ADMIN_DIR/users/users_common.php");

                    $passwd = substr(sha1(rand()), 0, 10);

                    $fieldValues = array(
                        'UName' => $data['f_'.$type.'_new_user_login'],
                        'Name'  => $data['f_'.$type.'_new_user_login'].' (interview guest)',
                        'EMail' => $data['f_'.$type.'_new_user_email'],
                        'passwd' => $passwd,
                        'Reader' => 'N'
                    );
                    // create user
                    $editUser = new User();
                    $phorumUser = new Phorum_user();

                    if ($phorumUser->UserNameExists($fieldValues['UName']) || User::UserNameExists($fieldValues['UName'])) {
                        return false;
                    }

                    if (!$editUser->create($fieldValues)) {
                        return false;
                    }

                	$editUser->setUserType('Staff');
                	$editUser->setPermission('plugin_interview_'.$type, true);

                	$phorumUser->create($fieldValues['UName'], $passwd, $fieldValues['EMail'], $editUser->getUserId());

                    $userid[$type] = $editUser->getUserId();
                } else {
                     $userid[$type] = $data['f_'.$type.'_user_id'];
                }
            }

            if ($this->exists()) {
                // edit existing interview
                $this->setProperty('fk_language_id', $data['f_language_id']);
                $this->setProperty('title', $data['f_title']);
                $this->setProperty('fk_image_id', $image_id);
                $this->setProperty('description_short', $data['f_description_short']);
                $this->setProperty('description', $data['f_description']);
                $this->setProperty('interview_begin', $data['f_interview_begin']);
                $this->setProperty('interview_end', $data['f_interview_end']);
                $this->setProperty('questions_begin', $data['f_questions_begin']);
                $this->setProperty('questions_end', $data['f_questions_end']);
                $this->setProperty('questions_limit', $data['f_questions_limit']);
                $this->setProperty('status', $data['f_status']);
                $this->setProperty('fk_moderator_user_id', $data['f_moderator_user_id']);
                $this->setProperty('fk_guest_user_id', $userid['guest']);

                if (strlen($passwd)) {
                    $this->setProperty('invitation_password', $passwd);
                }

                return true;

            } else {
                // create new interview
                $created = $this->create(
                    $data['f_language_id'],
                    $data['f_moderator_user_id'],
                    $userid['guest'],
                    $data['f_title'],
                    $image_id,
                    $data['f_description_short'],
                    $data['f_description'],
                    $data['f_interview_begin'],
                    $data['f_interview_end'],
                    $data['f_questions_begin'],
                    $data['f_questions_end'],
                    $data['f_questions_limit'],
                    $data['f_status']
                );

                if (strlen($passwd)) {
                    $this->setProperty('invitation_password', $passwd);
                }

                return $created;
            }
        }
        return false;
    }
 /**
  * Run method with main page logic
  * 
  * Populate template and read in list of users in the database. Populate template and
  * display an interface to administer user data for allowing bulk deletion of users, deletion of a single
  * user, links to editing and viewing each user entry. Available to admins only
  * Available to members only
  * @access public
  */
 public function run()
 {
     $PAGINATION_LIMIT = 10;
     $session = Session::getInstance();
     $user = $session->getUser();
     if ($user == null || !$user->isAdmin()) {
         $session->setMessage("Do not have permission to access", Session::MESSAGE_ERROR);
         header("Location: " . BASE_URL);
         return;
     }
     $userDAO = UserDAO::getInstance();
     $method = isset($_GET["users"]) ? trim($_GET["users"]) : "";
     $page = isset($_GET["page"]) && is_numeric($_GET["page"]) ? intval($_GET["page"]) : 1;
     if ($page < 1) {
         $page = 1;
     }
     $action = isset($_GET["action"]) ? trim($_GET["action"]) : "";
     $page = is_numeric($page) ? $page : 1;
     $paginator_page = $queryVars = null;
     // POST request for bulk deletion of users
     if (!empty($_POST) && !empty($_POST["userids"]) && !empty($_POST["action"]) && empty($_POST["domodstatus"])) {
         $action = isset($_POST["action"]) ? trim($_POST["action"]) : "";
         if (!strcmp($action, "delete") == 0) {
             header("Location: " . BASE_URL);
             return;
         }
         $status = $userDAO->deleteByIds($_POST["userids"]);
         if ($status) {
             $session->setMessage("Selected users deleted");
             header("Location: {$_SERVER["PHP_SELF"]}?users=all");
             return;
         } else {
             $session->setMessage("Deletion failed", Session::MESSAGE_ERROR);
             header("Location: {$_SERVER["PHP_SELF"]}?users=all");
             return;
         }
     } else {
         if (!empty($_GET) && !empty($_GET["userids"]) && !empty($_GET["domodstatus"])) {
             $status = isset($_GET["status"]) ? trim($_GET["status"]) : "";
             if (!empty($status)) {
                 $status = intval($status);
                 $tmp = new User();
                 try {
                     $tmp->setUserType($status);
                 } catch (InvalidUserTypeException $e) {
                     $session->setMessage("Invalid status choice");
                     header("Location: {$_SERVER["PHP_SELF"]}?users=all");
                     return;
                 }
             }
             $status = $userDAO->saveStatusByIds($status, $_GET["userids"]);
             if ($status) {
                 $session->setMessage("Selected users updated");
                 header("Location: {$_SERVER["PHP_SELF"]}?users=all");
                 return;
             } else {
                 $session->setMessage("Update failed", Session::MESSAGE_ERROR);
                 header("Location: {$_SERVER["PHP_SELF"]}?users=all");
                 return;
             }
         } else {
             if (strcmp($action, "delete") == 0 && !empty($_GET["userids"])) {
                 $content_title = "Delete Users";
                 $user_array = $userDAO->allByIds($_GET["userids"]);
             } else {
                 if (strcmp($method, "all") == 0) {
                     $count = $userDAO->count();
                     $paginator = new Paginator($count, $PAGINATION_LIMIT);
                     if ($page < 0) {
                         $page = 1;
                     }
                     $paginator_page = $paginator->getPage($page);
                     $user_array = $userDAO->all(array("limit" => $paginator_page, "order" => "userName"));
                     $content_title = "All Users Options";
                     $queryVars = array("users" => "all");
                 } else {
                     $user_array = $userDAO->allPendingUsers();
                     $content_title = "Pending Users Options";
                 }
             }
         }
     }
     $this->template->render(array("title" => "Admin - User Options", "main_page" => "user_options_tpl.php", "user" => $user, "session" => $session, "user_array" => $user_array, "content_title" => $content_title, "paginator_page" => $paginator_page, "queryVars" => $queryVars, "action" => $action));
 }
 /**
  * @param User $admin
  * @return bool
  * this will edit the admin profile
  */
 function Admin_Edit_Profile(User $admin)
 {
     $this->User_Name = mysqli_real_escape_string($this->getDbc(), trim($admin->getUserName()));
     $this->User_Password = mysqli_real_escape_string($this->getDbc(), trim($admin->getUserPassword()));
     $this->User_ID = mysqli_real_escape_string($this->getDbc(), trim($admin->getUserID()));
     $query = "UPDATE user\n\t\t\t      SET User_Name='{$this->User_Name}',User_Password=sha1('{$this->User_Password}')\n\t\t\t      WHERE ID='{$this->User_ID}'";
     $result = mysqli_query($this->getDbc(), $query);
     $updated_admin = new User($this->User_Name, $this->User_Password);
     $updated_admin->setUserID($this->User_ID);
     $updated_admin->setUserType(User_Type::ADMIN);
     /**
      * update the logged in user
      * and return true
      */
     session_start();
     $_SESSION["Logged_In_User"] = $updated_admin;
     return TRUE;
 }
Example #14
0
 function Main()
 {
     switch ($this->formArray["formAction"]) {
         case "edit":
             $UserDetails = new SoapObject(NCCBIZ . "UserDetails.php", "urn:Object");
             if (!($xmlStr = $UserDetails->getUserDetails($this->formArray["userID"]))) {
                 $this->tpl->set_block("rptsTemplate", "Table", "TableBlock");
                 $this->tpl->set_var("TableBlock", "record not found");
             } else {
                 if (!($domDoc = domxml_open_mem($xmlStr))) {
                     $this->tpl->set_block("rptsTemplate", "Table", "TableBlock");
                     $this->tpl->set_var("TableBlock", "error xmlDoc");
                 } else {
                     $user = new User();
                     $user->parseDomDocument($domDoc);
                     $this->formArray["userID"] = $user->getUserID();
                     $this->formArray["userType"] = $user->getUserType();
                     $this->formArray["username"] = $user->getUsername();
                     $this->formArray["password"] = $user->getPassword();
                     $this->formArray["personID"] = $user->getPersonID();
                 }
             }
             break;
         case "save":
             $UserEncode = new SoapObject(NCCBIZ . "UserEncode.php", "urn:Object");
             if ($this->formArray["userID"] != "") {
                 $UserDetails = new SoapObject(NCCBIZ . "UserDetails.php", "urn:Object");
                 if (!($xmlStr = $UserDetails->getUserDetails($this->formArray["userID"]))) {
                     exit("record not found");
                 } else {
                     if (!($domDoc = domxml_open_mem($xmlStr))) {
                         $this->tpl->set_block("rptsTemplate", "Table", "TableBlock");
                         $this->tpl->set_var("TableBlock", "error xmlDoc");
                     } else {
                         $user = new User();
                         $user->parseDomDocument($domDoc);
                         $user->setUserID($this->formArray["userID"]);
                         $user->setUserType($this->formArray["userType"]);
                         $user->setUsername($this->formArray["username"]);
                         $user->setPassword($this->formArray["password"]);
                         $user->setPersonID($this->formArray["personID"]);
                         $user->setDomDocument();
                         $doc = $user->getDomDocument();
                         $xmlStr = $doc->dump_mem(true);
                         if (!($ret = $UserEncode->updateUser($xmlStr))) {
                             exit("error update");
                         }
                     }
                 }
             } else {
                 $user = new User();
                 //$user->setUserID($this->formArray["userID"]);
                 $user->setUserType($this->formArray["userType"]);
                 $user->setUsername($this->formArray["username"]);
                 $user->setPassword($this->formArray["password"]);
                 $user->setPersonID($this->formArray["personID"]);
                 $user->setDomDocument();
                 $doc = $user->getDomDocument();
                 $xmlStr = $doc->dump_mem(true);
                 if (!($ret = $UserEncode->saveUser($xmlStr))) {
                     exit("error save");
                 }
             }
             $this->formArray["userID"] = $ret;
             header("location: UserEncode.php");
             exit;
             break;
         case "cancel":
             header("location: UserList.php");
             exit;
             break;
         default:
             $this->tpl->set_block("rptsTemplate", "UserID", "UserIDBlock");
             $this->tpl->set_var("UserIDBlock", "");
             $this->tpl->set_block("rptsTemplate", "ACK", "ACKBlock");
             $this->tpl->set_var("ACKBlock", "");
     }
     $this->setForm();
     $this->tpl->parse("templatePage", "rptsTemplate");
     $this->tpl->finish("templatePage");
     $this->tpl->p("templatePage");
 }