Beispiel #1
0
/**
* A handle_quick_checkout will only ever handle one request at a time, because
* they are initiated from item_display & listings.php, but not borrow.php
*/
function handle_quick_checkout($item_id, $instance_no, $borrower_id, $borrow_duration, $more_information, &$errors)
{
    if (!is_user_valid($borrower_id)) {
        $errors = get_opendb_lang_var('invalid_borrower_user', 'user_id', $borrower_id);
        return FALSE;
    } else {
        if (!is_user_granted_permission(PERM_USER_BORROWER, $borrower_id)) {
            $errors = get_opendb_lang_var('user_must_be_borrower', 'user_id', $borrower_id);
            return FALSE;
        } else {
            if (!is_user_allowed_to_checkout_item($item_id, $instance_no)) {
                $errors = get_opendb_lang_var('not_owner_of_item');
                return FALSE;
            } else {
                if (is_user_owner_of_item($item_id, $instance_no, $borrower_id) && get_opendb_config_var('borrow', 'owner_self_checkout') !== TRUE) {
                    $errors = get_opendb_lang_var('cannot_checkout_items_you_own');
                    return FALSE;
                } else {
                    if (is_item_borrowed($item_id, $instance_no)) {
                        $errors = get_opendb_lang_var('item_is_already_checked_out');
                        return FALSE;
                    }
                }
            }
        }
    }
    $sequence_number = fetch_borrowed_item_seq_no($item_id, $instance_no, 'R', $borrower_id);
    if ($sequence_number !== FALSE) {
        if (get_opendb_config_var('borrow', 'quick_checkout_use_existing_reservation') !== FALSE) {
            if (check_out_item($sequence_number, $borrow_duration, $more_information)) {
                return $sequence_number;
            } else {
                return FALSE;
            }
        } else {
            $errors = get_opendb_lang_var('user_has_reservation', 'user_id', $borrower_id);
            return FALSE;
        }
    } else {
        //if($sequence_number !== FALSE)
        $status_type_r = fetch_status_type_r(fetch_item_s_status_type($item_id, $instance_no));
        if ($status_type_r['borrow_ind'] == 'Y') {
            $new_borrowed_item_id = quick_check_out_item($item_id, $instance_no, $borrower_id, $borrow_duration, $more_information);
            if ($new_borrowed_item_id !== FALSE) {
                return $new_borrowed_item_id;
            } else {
                return FALSE;
            }
        } else {
            $errors = get_opendb_lang_var('s_status_type_items_cannot_be_borrowed', 's_status_type_desc', $status_type_r['description']);
            return FALSE;
        }
    }
}
Beispiel #2
0
function handle_user_insert(&$HTTP_VARS, &$errors)
{
    if (!is_user_valid($HTTP_VARS['user_id'])) {
        $HTTP_VARS['user_id'] = strtolower(filter_input_field("filtered(20,20,a-zA-Z0-9_.)", $HTTP_VARS['user_id']));
        if (!validate_input_field(get_opendb_lang_var('userid'), "filtered(20,20,a-zA-Z0-9_.)", "Y", $HTTP_VARS['user_id'], $errors)) {
            return FALSE;
        }
        if (validate_user_info(NULL, $HTTP_VARS, $address_provided_r, $errors)) {
            if ($HTTP_VARS['op'] == 'signup') {
                // no password saved when signing up, as user still must be activated
                $active_ind = 'X';
                // Will be reset when user activated
                $HTTP_VARS['pwd'] = NULL;
            } else {
                $active_ind = 'Y';
                if (strlen($HTTP_VARS['pwd']) == 0) {
                    if (is_valid_opendb_mailer()) {
                        $HTTP_VARS['pwd'] = generate_password(8);
                    } else {
                        $errors[] = array('error' => get_opendb_lang_var('passwd_not_specified'));
                        return FALSE;
                    }
                } else {
                    if ($HTTP_VARS['pwd'] != $HTTP_VARS['confirmpwd']) {
                        $errors[] = array('error' => get_opendb_lang_var('passwds_do_not_match'));
                        return FALSE;
                    }
                }
            }
            // We want to validate and perform inserts even in signup mode
            if (insert_user($HTTP_VARS['user_id'], $HTTP_VARS['fullname'], $HTTP_VARS['pwd'], $HTTP_VARS['user_role'], $HTTP_VARS['uid_language'], $HTTP_VARS['uid_theme'], $HTTP_VARS['email_addr'], $active_ind)) {
                $user_r = fetch_user_r($HTTP_VARS['user_id']);
                return update_user_addresses($user_r, $address_provided_r, $HTTP_VARS, $errors);
            } else {
                $db_error = db_error();
                $errors[] = array('error' => get_opendb_lang_var('user_not_added', 'user_id', $HTTP_VARS['user_id']), 'detail' => $db_error);
                return FALSE;
            }
        } else {
            return FALSE;
        }
    } else {
        $errors[] = array('error' => get_opendb_lang_var('user_exists', 'user_id', $HTTP_VARS['user_id']), 'detail' => '');
        return FALSE;
    }
}
Beispiel #3
0
function perform_newpassword($HTTP_VARS, &$errors)
{
    if (!is_user_valid($HTTP_VARS['uid'])) {
        opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User does not exist', array($HTTP_VARS['uid']));
        // make user look successful to prevent mining for valid userids
        return TRUE;
    } else {
        if (!is_user_active($HTTP_VARS['uid'])) {
            // Do not allow new password operation for 'deactivated' user.
            opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User is not active', array($HTTP_VARS['uid']));
            return FALSE;
        } else {
            if (!is_user_granted_permission(PERM_CHANGE_PASSWORD, $HTTP_VARS['uid'])) {
                opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User does not have permission to change password', array($HTTP_VARS['uid']));
                return FALSE;
            } else {
                if (get_opendb_config_var('user_admin', 'user_passwd_change_allowed') === FALSE && !is_user_granted_permission(PERM_ADMIN_CHANGE_PASSWORD)) {
                    opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: Password change is disabled', array($HTTP_VARS['uid']));
                    return FALSE;
                } else {
                    opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'User requested to be emailed a new password', array($HTTP_VARS['uid']));
                    $user_r = fetch_user_r($HTTP_VARS['uid']);
                    $user_passwd = generate_password(8);
                    // only send if valid user (email)
                    if (strlen($user_r['email_addr']) > 0) {
                        $pass_result = update_user_passwd($HTTP_VARS['uid'], $user_passwd);
                        if ($pass_result === TRUE) {
                            $subject = get_opendb_lang_var('lost_password');
                            $message = get_opendb_lang_var('to_user_email_intro', 'fullname', $user_r['fullname']) . "\n\n" . get_opendb_lang_var('new_passwd_email') . "\n\n" . get_opendb_lang_var('userid') . ": " . $HTTP_VARS['uid'] . "\n" . get_opendb_lang_var('password') . ": " . $user_passwd;
                            if (opendb_user_email($user_r['user_id'], NULL, $subject, $message, $errors)) {
                                return TRUE;
                            } else {
                                return "EMAIL_NOT_SENT";
                            }
                        }
                    } else {
                        $errors[] = "User '" . $HTTP_VARS['uid'] . "' does not have a valid email address.";
                        return FALSE;
                    }
                }
            }
        }
    }
}
Beispiel #4
0
/**
 * The table structure could be more sophisticated where a message is sent to multiple
 * addresses, but since the email function does not provide this, I see no reason to
 * do anything more complicated.
 *
 * @param unknown_type $item_id
 * @param unknown_type $author_id
 * @param unknown_type $comment
 * @param unknown_type $rating
 * @return unknown
 */
function insert_email($to_user_id, $from_user_id, $from_email_addr, $subject, $message)
{
    $to_user_id = trim($to_user_id);
    $from_user_id = trim($from_user_id);
    $from_email_addr = trim($from_email_addr);
    if (!is_user_valid($to_user_id)) {
        opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid To User', array($to_user_id, $from_user_id, $from_email_addr, $subject));
        return FALSE;
    } else {
        if (strlen($from_user_id) > 0 && !is_user_valid($from_user_id)) {
            opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid From User', array($to_user_id, $from_user_id, $from_email_addr, $subject));
            return FALSE;
        } else {
            if (strlen($from_user_id) == 0 && (strlen($from_email_addr) == 0 || !is_valid_email_addr($from_email_addr))) {
                opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, 'Invalid From Email', array($to_user_id, $from_user_id, $from_email_addr, $subject));
                return FALSE;
            }
        }
    }
    if (strlen($from_user_id) > 0) {
        $from_email_addr = NULL;
    } else {
        $from_email_addr = addslashes($from_email_addr);
    }
    $subject = addslashes(trim($subject));
    $message = addslashes(replace_newlines(trim($message)));
    $query = "INSERT INTO mailbox (to_user_id,from_user_id,from_email_addr,subject,message)" . "VALUES ('{$to_user_id}'," . (strlen($from_user_id) > 0 ? "'{$from_user_id}'" : "NULL") . "," . (strlen($from_email_addr) > 0 ? "'{$from_email_addr}'" : "NULL") . ", '{$subject}','{$message}')";
    $insert = db_query($query);
    if ($insert && db_affected_rows() > 0) {
        opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, NULL, array($to_user_id, $from_user_id, $from_email_addr, $subject));
        return TRUE;
    } else {
        opendb_logger(OPENDB_LOG_ERROR, __FILE__, __FUNCTION__, db_error(), array($to_user_id, $from_user_id, $from_email_addr, $subject));
        return FALSE;
    }
}
Beispiel #5
0
                     $result = fetch_item_instance_history_rs($item_r['item_id'], $item_r['instance_no'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder(), $listingObject->getStartIndex(), $listingObject->getItemsPerPage());
                 }
             } else {
                 $result = fetch_item_instance_history_rs($item_r['item_id'], $item_r['instance_no'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder());
             }
         } else {
             opendb_not_authorised_page();
         }
     } else {
         echo _theme_header(get_opendb_lang_var('item_not_found'));
         echo "<p class=\"error\">" . get_opendb_lang_var('item_not_found') . "</p>";
         echo _theme_footer();
     }
 } else {
     if ($HTTP_VARS['op'] == 'my_history') {
         if (is_user_valid($HTTP_VARS['uid']) && $HTTP_VARS['uid'] !== get_opendb_session_var('user_id') && is_user_granted_permission(PERM_ADMIN_BORROWER)) {
             $page_title = get_opendb_lang_var('borrower_history_for_fullname', array('fullname' => fetch_user_name($HTTP_VARS['uid']), 'user_id' => $HTTP_VARS['uid']));
             if (is_numeric($listingObject->getItemsPerPage())) {
                 $listingObject->setTotalItems(fetch_my_history_item_cnt($HTTP_VARS['uid']));
                 if ($listingObject->getTotalItemCount() > 0) {
                     $result = fetch_my_history_item_rs($HTTP_VARS['uid'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder(), $listingObject->getStartIndex(), $listingObject->getItemsPerPage());
                 }
             } else {
                 $result = fetch_my_history_item_rs($HTTP_VARS['uid'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder());
             }
         } else {
             $page_title = get_opendb_lang_var('my_history');
             if (is_numeric($listingObject->getItemsPerPage())) {
                 $listingObject->setTotalItems(fetch_my_history_item_cnt(get_opendb_session_var('user_id')));
                 if ($listingObject->getTotalItemCount() > 0) {
                     $result = fetch_my_history_item_rs(get_opendb_session_var('user_id'), $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder(), $listingObject->getStartIndex(), $listingObject->getItemsPerPage());
Beispiel #6
0
function is_user_permitted_to_receive_email($user_id)
{
    return is_user_valid($user_id) && is_user_active($user_id) && is_user_granted_permission(PERM_RECEIVE_EMAIL, $user_id);
}