function send_password($email, $email_from_address, $website_address, $new_user = false)
{
$query_passwordcheck = "SELECT * FROM users WHERE user_email = '" . $email . "'";
$passwordcheck = mysql_query($query_passwordcheck) or die(mysql_error());
$row_passwordcheck = mysql_fetch_assoc($passwordcheck);
$totalRows_passwordcheck = mysql_num_rows($passwordcheck);
$new_password = gen_password(8);
update_profile($email, $new_password);
if ($totalRows_passwordcheck == 1) {
error_log("Sending password email to: " . $email);
//SEND EMAIL WITH PASSWORD
$password = $row_passwordcheck['user_password'];
$name = "Donor Track";
$subject = $new_user ? "Welcome to Donor Track" : "Your New Password";
$message = "Your password is {$new_password}.";
$emailto = $row_passwordcheck['user_email'];
if ($new_user) {
$message .= " Your username is {$email}.";
} else {
$message = "A password reset request was submitted for your account. " . $message;
}
$message .= " \nYou can login at: {$website_address}/login.php";
error_log($message);
return mail($emailto, $subject, $message, "From: {$name} <" . $email_from_address . ">\n" . "MIME-Version: 1.0\n" . "Content-type: text/html; charset=iso-8859-1");
//END SEND EMAIL
} else {
if ($totalRows_passwordcheck < 1) {
return false;
}
}
}
static function create_user($username, $password, $title, $forname, $surname, $email, $course, $gender, $year, $role, $sid, $db, $initials = null)
{
$username = trim($username);
$surname = trim($surname);
if (empty($username) or empty($surname) or empty($role)) {
return false;
}
if (!self::username_exists($username, $db) and $username != '' and stristr('ps_', $username) === false) {
// Force re-build of initials off forenames.
$initial = explode(' ', $forname);
$initials = '';
foreach ($initial as $name) {
$initials .= substr($name, 0, 1);
}
$initials = strtoupper($initials);
$surname = self::my_ucwords($surname);
$title = self::my_ucwords(trim($title));
// If there is no password generate a default one.
if ($password == '') {
$password = gen_password();
}
// Force valid value for gender or default to NULL
if (strtolower($gender) != 'male' and strtolower($gender) != 'female') {
$gender = null;
}
$salt = UserUtils::get_salt();
$encrypt_password = encpw($salt, $username, $password);
// One way encrypt the password.
// Add new record into users table.
$result = $db->prepare("INSERT INTO users VALUES(?, ?, ?, ?, ?, ?, ?, ?, NULL, ?, ?, 0, ?, NULL, NULL)");
$result->bind_param('ssssssssssi', $encrypt_password, $course, $surname, $initials, $title, $username, $email, $role, $forname, $gender, $year);
$result->execute();
$result->close();
$tmp_userID = $db->insert_id;
if (isset($sid) and $sid != '') {
$result = $db->prepare("INSERT INTO sid VALUES(?, ?)");
if ($db->error) {
try {
throw new Exception("MySQL error {$db->error} <br /> Query:<br /> ", $db->errno);
} catch (Exception $e) {
echo "Error No: " . $e->getCode() . " - " . $e->getMessage() . "<br />";
echo nl2br($e->getTraceAsString());
}
}
$result->bind_param('si', $sid, $tmp_userID);
$result->execute();
$result->close();
}
return $tmp_userID;
}
return false;
}
public function login($username, $password)
{
if (strpos($username, '@')) {
$filer['email'] = $username;
} else {
$filer['username'] = $username;
}
$filer['password'] = gen_password($password);
$user = $this->where($filer)->find();
if (!$user || 1 != $user['status']) {
$this->error = '用户不存在或已被禁用!';
return false;
}
action_log('user_login', 'member', $user['id'], $user['id']);
/* 登录用户 */
$this->autoLogin($user);
return $user;
}
function user_generate_password($email)
{
$res = sql_pe("SELECT user_id, user_name, user_passwd FROM `users` WHERE user_email=? LIMIT 1", array($email));
if (sizeof($res) == 0) {
return 2;
}
$r = $res[0];
$username = $r['user_name'];
if ($r['user_passwd'] == '' || $r['user_passwd'] == 'notagreed') {
return get_openid_domain_by_username($r['user_name']);
}
$pwd = gen_password();
//send email
if (send_email($email, 'Восстановление пароля на opencorpora.org', "Добрый день,\n\nВаш новый пароль для входа на opencorpora.org:\n\n{$pwd}\n\nРекомендуем как можно быстрее изменить его через интерфейс сайта.\n\nНапоминаем, ваш логин - {$username}\n\nOpenCorpora")) {
$md5 = md5(md5($pwd) . substr($r['user_name'], 0, 2));
sql_query("UPDATE `users` SET `user_passwd`='{$md5}' WHERE user_id=" . $r['user_id'] . " LIMIT 1");
return 1;
} else {
return 3;
}
}
*
* @author Simon Wilkinson
* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../include/sysadmin_auth.inc';
require_once '../classes/userutils.class.php';
require_once '../include/errors.inc';
$userid = check_var('userID', 'GET', true, false, true);
if (!UserUtils::userid_exists($userid, $mysqli)) {
$msg = sprintf($string['furtherassistance'], $configObject->get('support_email'), $configObject->get('support_email'));
$notice->display_notice_and_exit($mysqli, $string['pagenotfound'], $msg, $string['pagenotfound'], '../artwork/page_not_found.png', '#C00000', true, true);
}
$username = UserUtils::get_username($userid, $mysqli);
$new_password = gen_password();
$success = UserUtils::update_password($username, $new_password, $userid, $mysqli);
if (!$success) {
display_error($string['resetfailed'], $string['failuremsg'], $configObject->get('cfg_root_path') . '/artwork/exclamation_red_bg.png', '#C00000', true, true, true);
}
$mysqli->close();
?>
<!DOCTYPE html>
<html>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta http-equiv="content-type" content="text/html;charset=<?php
echo $configObject->get('cfg_page_charset');
?>
" />
<title><?php
} else {
if ($SECRET_QUESTION != $pmc_SECRET_QUESTION) {
$Error = L_ERR_PASS_3;
$field_errorSQ = true;
$SECRET_QUESTION = $pmc_SECRET_QUESTION;
} else {
if ($SECRET_ANSWER != $pmc_SECRET_ANSWER) {
$Error = L_ERR_PASS_4;
$field_errorSA = true;
} else {
$DbLink->clean_results();
$DbLink->query("SELECT count(*) FROM " . C_REG_TBL . " WHERE username='******'");
list($rows) = $DbLink->next_record();
if ($rows != 0) {
$Latin1 = $Charset != "utf-8" ? 1 : 0;
$pmc_password = gen_password();
$PWD_Hash = md5(stripslashes($pmc_password));
// Send e-mail
$send = send_email(L_PASS_9 . " [" . (C_CHAT_NAME != "" ? C_CHAT_NAME : APP_NAME) . "]", L_SET_2, L_REG_1, L_PASS_11, 1);
if (!$send) {
$Error = sprintf(L_EMAIL_VAL_Err, $Sender_email, $Sender_email);
}
if (!isset($Error) || $Error == "") {
$DbLink->clean_results();
$DbLink->query("UPDATE " . C_REG_TBL . " SET password='******', ip='{$IP}', country_code='{$COUNTRY_CODE}', country_name='{$COUNTRY_NAME}' WHERE username='******' AND email='{$EMAIL}' AND s_question='{$SECRET_QUESTION}' AND s_answer='{$SECRET_ANSWER}'");
$Message = L_PASS_8 . "<br />" . sprintf(L_PASS_10, $pmc_password);
}
}
}
}
}
/**
* Index Page for this controller.
*/
public function index()
{
//Check if we are submitting data.
$data = $this->input->post();
if ($data) {
if (empty($data['email'])) {
//Query the database for a match.
$this->db->select('users.id, users.verified, users.username, users.guild, guilds.name')->join('guilds', 'guilds.id = users.guild', 'left')->where(array('LOWER(users.username)' => strtolower($data['username']), 'users.password' => gen_password($data['password'])));
$query = $this->db->get('users');
if ($query->num_rows() > 0) {
//We have a winner.
$tmp = $query->row();
if ($tmp->verified) {
$this->session->set_userdata('user_id', $tmp->id);
$this->output->set_output("SUCCESS");
} else {
//Not verified.
$this->output->set_output("Account is not verified");
}
} else {
//No match found.
$this->output->set_output("Login information incorrect");
}
} else {
//Lowercase the email to compare it against the database.
$data['email'] = strtolower($data['email']);
//Generate a new password.
$new = substr(md5(mt_rand()), 0, 10);
$this->db->where('email', $data['email'])->update('users', array('password' => gen_password($new)));
//Check if we updated the row.
if ($this->db->affected_rows() > 0) {
//Password was changed successfully. Now we want to email the user.
$this->load->library('email');
//Prepare data we need in the email...
$rs = $this->db->select('username')->where('email', $data['email'])->get('users');
$this->email->from('*****@*****.**', 'RaidRifts');
$this->email->to($data['email']);
$this->email->subject('RaidRifts password reset');
//Build message content.
$msg = "An attempt to reset your password has been made. You can log in with the below information:\n\n";
$msg .= "Username: "******"\n";
$msg .= "Password: "******"\n\n";
$msg .= "If you feel you have received this message incorrectly, please contact us!";
$this->email->message($msg);
//Send the email.
if ($this->email->send()) {
$this->output->set_output('SUCCESS');
} else {
$this->output->set_output('Error sending email');
}
} else {
$this->output->set_output('Email address invalid');
}
}
} else {
if ($this->session->userdata('user_id')) {
//We're logging out.
$this->session->sess_destroy('user_id');
//Load up libs to redirect the user back to their page.
$this->load->helper('url');
$this->load->library('user_agent');
redirect($this->agent->referrer());
} else {
//Invalid access to the login.
show_404("invalid_login_request");
}
}
}
public function edit()
{
session('token', gen_password(time()));
$category_id = I('category_id');
$this->content_id = I('content_id');
$condition['category_id'] = $category_id;
$condition['id'] = intval($this->content_id);
$content = D('Content')->getPages($condition);
$this->content = $content[0];
$this->category = D('Category')->where('id=%d', $category_id)->find();
$this->display('article:edit');
}
function inserisci($_POST)
{
$query = "insert into " . $this->cosa . " (";
$value = " values(";
$i = 0;
$foto = array();
$file = array();
$url = '';
if ($this->cosa == 'utenti') {
$url = HOMEPATH . "registrazione.php";
} else {
$url = ADMINPATH . "inserisci.php?cosa=" . $this->cosa;
}
if (isset($_REQUEST['url'])) {
$url = $_REQUEST['url'];
}
$int = new interfaccia($this->_properties);
$int->genera_controlli_php($url);
foreach ($this->_properties as $s) {
print $s['tipo'] . '<br />';
if ($s['tipo'] != 'file' && $s['tipo'] != 'tab' && $s['tipo'] != 'tabs' && $s['tipo'] != 'titolo' && !isset($s['onsubmit'])) {
if ($s['tipo'] == 'checkbox' && $s['nome'] != 'privacy') {
if (isset($s['unico']) && $_POST[$s['nome']] == '1') {
$query2 = "update " . $cosa . ' set ' . $s['nome'] . '=0';
}
if ($_POST[$s['nome']] != '1') {
$_POST[$s['nome']] = 0;
} else {
$_POST[$s['nome']] = 1;
}
} elseif ($s['tipo'] == 'textarea' || $s['tipo'] == 'text') {
if (isset($s['unico']) && $_POST[$s['nome']] != '') {
$unico = mysql_query("select * from " . $cosa . " where " . $s['nome'] . "='" . $_POST[$s['nome']] . "'");
if (mysql_num_rows($unico) > 0) {
header("Location: ../index.php?ins=err2");
exit;
}
}
if ($s['controllo'] == 'data') {
$_POST[$s['nome']] = my_date($_POST[$s['nome']]);
} else {
if ($s['tipo'] == 'textarea' && !isset($s['codice'])) {
if (isset($s['editor'])) {
$_POST[$s['nome']] = htmlentities($_POST[$s['nome']]);
}
} elseif (!isset($s['codice'])) {
$_POST[$s['nome']] = addslashes(htmlentities($_POST[$s['nome']]));
} else {
$_POST[$s['nome']] = addslashes($_POST[$s['nome']]);
}
}
}
if ($i == 0) {
if ($s['nome'] != 'privacy') {
$query .= $s['nome'];
$value .= "'" . $_POST[$s['nome']] . "'";
$i++;
}
} else {
if ($s['nome'] != 'privacy') {
$query .= ',' . $s['nome'];
$value .= ",'" . $_POST[$s['nome']] . "'";
}
}
} elseif (isset($s['genere']) && !isset($s['onsubmit'])) {
$file[] = $s;
} elseif (!isset($s['onsubmit'])) {
$foto[] = $s;
}
}
if (isset($query2)) {
mysql_query($query2) or die(mysql_error());
}
if ($this->cosa == 'utenti') {
$_POST['verificato'] = gen_password();
$query .= ',verificato';
$value .= ",'" . $_POST['verificato'] . "'";
}
$query .= ')';
$value .= ')';
//print $query.$value;
mysql_query($query . $value) or die(mysql_error());
$id_modello = mysql_insert_id();
$descrizione = $id_modello;
$_POST['id'] = $id_modello;
$i = 0;
if (isset($foto)) {
foreach ($foto as $f) {
if ($_FILES[$f['nome']]['tmp_name'] != '') {
$nome = ins_foto($_FILES[$f['nome']], $cosa . $i, $descrizione);
} else {
$nome = '';
}
if (strpos($nome, $cosa) || $nome == '') {
$i++;
mysql_query("update " . $cosa . " set " . $f['nome'] . "='" . $nome . "' where id_" . $cosa . "='" . $id_modello . "'") or die(mysql_error());
}
}
}
if (isset($file)) {
foreach ($file as $fi) {
$newName = 'tool' . $id_modello;
$nome = copyFile($_FILES[$fi['nome']], $newName);
if ($nome !== false) {
$i++;
mysql_query("update " . $cosa . " set " . $fi['nome'] . "='" . $nome . "' where id_" . $cosa . "='" . $id_modello . "'") or die(mysql_error());
}
}
}
if ($i == count($foto) + count($file)) {
header("Location:" . $url . "&ins=ok");
exit;
} else {
header("Location:" . $url . "&ins=err");
exit;
}
}
/**
* 验证用户密码
* @param int $uid 用户id
* @param string $password_in 密码
* @return true 验证成功,false 验证失败
* @author huajie <*****@*****.**>
*/
protected function verifyUser($uid, $password_in)
{
$password = $this->getFieldById($uid, 'password');
if (gen_password($password_in) === $password) {
return true;
}
return false;
}
public function edit_settings($data)
{
//Going into this function assuming everything is set correctly.
$errors = array();
$changes_made = false;
//First check and see if the user wanted to change their password.
if (!empty($data['old_password']) || !empty($data['new_password1']) || !empty($data['new_password2'])) {
//Load up the password helper.
$this->load->helper('password');
//For efficiency check and see if the new passwords match and have 6 characters.
if ($data['new_password1'] != $data['new_password2']) {
$errors[] = 'The passwords provided do not match.';
}
if (strlen($data['new_password1']) < 6) {
$errors[] = 'The passwords provided are too short.';
}
//All of the criteria met, update the password.
if (empty($errors)) {
$this->db->where(array('id' => $this->user->id, 'password' => gen_password($data['old_password'])))->update('users', array('password' => gen_password($data['new_password1'])));
//This means the old password is the same as the new one or the old password was wrong.
if ($this->db->affected_rows() < 1) {
$errors[] = 'The old password provided does not match.';
}
}
$changes_made = true;
}
//Check if changes were made.
if (!$changes_made) {
$errors[] = 'No settings were changed.';
}
if (empty($errors)) {
return true;
}
$this->error = implode('<br />', $errors);
return false;
}
function demobutton($displaystdformobj)
{
global $string, $language;
$this->savetodebug('Demo Info');
$this->savetodebug('Adding New Demo Button');
$postbuttonmessage = new displaystdformmessage();
$postbuttonmessage->pretext = <<<HTML
<script>
\$(function () {
\$(".slidingDiv").hide();
\$(".show_hide").show();
\$('.show_hide').click(function(){
\$(".slidingDiv").slideToggle();
});
});
</script>
HTML;
$postbuttonmessage->pretext = $postbuttonmessage->pretext . '<br><a href="#" class="show_hide">Create Demo Account</a><br/>';
$content0 = <<<HTML
<script>
function checkForm() {
if (document.newUser.new_first_names.value == "") {
alert("{$string['reqfirstname']}");
return false;
}
if (document.newUser.new_surname.value == "") {
alert("{$string['reqsurname']}");
return false;
}
if (document.newUser.new_email.value == "" || document.newUser.new_email.value == "@nottingham.ac.uk") {
alert("{$string['reqemail']}");
return false;
}
if (document.newUser.new_grade.options[document.newUser.new_grade.selectedIndex].value == "") {
alert("{$string['reqcourse']}");
return false;
}
if (document.newUser.new_username.value == "") {
alert("{$string['requsername']}");
return false;
} else {
username = document.newUser.new_username.value;
for (a = 0; a < username.length; a++) {
char = username.substr(a, 1);
if (char == '_') {
alert('{$string['usernamechars']}');
return false;
}
}
}
if (document.newUser.new_password.value == "") {
alert("{$string['reqpassword']}");
return false;
}
}
</script>
HTML;
$stfsel = '';
if (isset($_POST['new_type']) and $_POST['new_type'] == 'Staff') {
$stfsel = ' checked';
}
$stusel = '';
if (isset($_POST['new_type']) and $_POST['new_type'] == 'Student') {
$stusel = ' checked';
}
if ($stfsel === '' and $stusel === '') {
$stfsel = ' checked';
}
$content1 = <<<HTML
<div id="content">
<br/>
<form method="post" name="newUser" onsubmit="return checkForm()" action="{$_SERVER['PHP_SELF']}">
<div align="center">
<table border="0" cellspacing="1" cellpadding="0" style="background-color:#95AEC8; text-align:left">
<tr>
<td>
<table border="0" cellspacing="6" cellpadding="0" width="100%" style="background-color:white">
<tr>
<td width="32"><img src="../artwork/user_female_32.png" width="32" height="32"
alt="User Icon"/></td>
<td><table><tr>
<td class="title">{$string['register1']}</td><td>
<input type="radio" name="new_type" value="Staff" {$stfsel}>Staff User<br>
<input type="radio" name="new_type" value="Student" {$stusel}>Student User
</td>
</tr></table></td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table border="0" cellspacing="6" cellpadding="0" style="background-color:#F1F5FB">
<tr>
<td colspan="2" class="h">Your Details</td>
</tr>
<tr>
<td align="right"><span class="field">{$string['title']}</span></td>
<td>
<select id="new_users_title" name="new_users_title" size="1">
HTML;
$content2 = '';
if ($language != 'en') {
$content2 = "<option value=\"\"></option>\n";
}
$titles = explode(',', $string['title_types']);
foreach ($titles as $tmp_title) {
$content2 .= "<option value=\"{$tmp_title}\">{$tmp_title}</option>";
}
$first_names = '';
if (isset($_POST['new_first_names'])) {
$first_names = $_POST['new_first_names'];
}
$surname = '';
if (isset($_POST['new_surname'])) {
$surname = $_POST['new_surname'];
}
$email = '';
if (isset($_POST['new_email'])) {
$email = $_POST['new_email'];
}
$usrnmstyle = '';
if (!isset($_POST['new_username'])) {
$_POST['new_username'] = '';
}
if (isset($_POST['new_username']) and $this->unique_username != true) {
$usrnmstyle = ' style="background-color:#FFD9D9; color:#800000; border:1px solid #800000" value="' . $_POST['new_username'] . '"';
}
if (isset($_POST['new_password']) and $_POST['new_password'] != '') {
$newpass = $_POST['new_password'];
} else {
$newpass = gen_password();
}
$msel = '';
if (isset($_POST['new_gender']) and $_POST['new_gender'] == 'Male') {
$msel = ' selected';
}
$fsel = '';
if (isset($_POST['new_gender']) and $_POST['new_gender'] == 'Female') {
$fsel = ' selected';
}
$newgrade2 = '';
if (isset($_POST['new_grade2']) and $this->unique_coursename != true) {
$newgradestyle = ' style="background-color:#FFD9D9; color:#800000; border:1px solid #800000" value="' . $_POST['new_username'] . '"';
} elseif (isset($_POST['new_grade2'])) {
$newgradestyle = 'value="' . $_POST['new_grade2'] . '"';
}
$content3 = <<<HTML
</select></td>
</tr>
<tr>
<td align="right"><span class="field">{$string['firstnames']}</span></td>
<td><input type="text" id="new_first_names" name="new_first_names" size="40"
value="{$first_names}"/>
</td>
</tr>
<tr>
<td align="right"><span class="field">{$string['lastname']}</span></td>
<td><input type="text" id="new_surname" name="new_surname" size="40"
value="{$surname}"/></td>
</tr>
<tr>
<td align="right"><span class="field">{$string['email']}</span></td>
<td><input type="text" id="new_email" name="new_email" size="40"
value="{$email}"/></td>
</tr>
<tr>
<td align="right"><span class="field">{$string['username']}</span></td>
<td><input type="text" id="new_username" name="new_username"
size="12" {$usrnmstyle}/>
</td></tr><tr><td align="right"><span class="field">{$string['password']}</span></td><td>
<input type="text" id="new_password" name="new_password" value="{$newpass}" size="12"/></td>
</tr>
<input type="hidden" name="new_year" value="1"/>
<tr>
<td align="right"><span class="field">{$string['gender']}</span></td>
<td>
<select id="new_gender" name="new_gender" size="1">
<option value=""></option>
<option value="Male" {$msel}>{$string['male']}</option>
<option value="Female" {$fsel}>{$string['female']}</option>
</select>
</td>
</tr>
<tr>
<td colspan="2" class="h">{$string['demomodule']}</td>
</tr>
<tr>
<td align="right"><span class="field">{$string['name']}</span></td>
<td>
<input type="text" id="new_grade2" name="new_grade2" size="40"
{$newgradestyle} />
</td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td> </td>
<td><input type="hidden" name="new_welcome" value="1"/> {$this->errmess}</td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" name="createnewdemoaccount" value="{$string['createaccount']}"/>
</td>
</tr>
</table>
</td>
</tr>
</table>
</div>
<input type="hidden" size="15" name="new_sid"/>
</div>
HTML;
$content = $content0 . $content1 . $content2 . $content3;
$newbutton = new displaystdformobjbutton();
$newbutton->type = 'button';
$newbutton->value = ' Create Demo Account ';
$newbutton->pretext = <<<HTML
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.js" type="text/javascript"></script>
<script>
\$(function () {
\$(".slidingDiv").hide();
\$(".show_hide").show();
\$('.show_hide').click(function(){
\$(".slidingDiv").slideToggle();
});
});
</script>
<br>
HTML;
$newbutton->name = 'showcreatedemoaccount';
$newbutton->class = 'show_hide';
$newbutton->posttext = '<div class="slidingDiv">' . $content . '</div>';
$displaystdformobj->buttons[] = $newbutton;
return $displaystdformobj;
}
<?php
$username = '******';
$password = gen_password(16);
$role = 'Staff,SysCron';
// Add cron user to config file.
$new_lines = array("// cron user login credentials\n", "\$cfg_cron_user = '******';\n", "\$cfg_cron_passwd = '{$password}';\n");
$target_line = '$percent_decimals';
$updater_utils->add_line($string, '$cfg_cron_user', $new_lines, 28, $cfg_web_root, $target_line, -2);
// Add cron user to database.
$usercheck = $updater_utils->count_rows("SELECT id FROM users WHERE username = '******'");
if (!$usercheck) {
$salt = UserUtils::get_salt();
$encrypt_password = encpw($salt, $username, $password);
$updater_utils->execute_query("INSERT INTO users (username, password, surname, roles) VALUES ('{$username}', '{$encrypt_password}', '{$username}', '{$role}')", true);
}
/*
***** NOW UPDATE THE INSTALLER SCRIPT *****
*/
public function submit_edit()
{
$data = I('post.', 'htmlspecialchars');
// var_dump($data);die;
$data_user['id'] = $data['id'];
$data_user['username'] = $data['username'];
$data_user['role'] = $data['manager_role'];
$data_user['email'] = $data['email'];
$data_user['manager'] = 'Y';
if (!$data['id']) {
$data_user['password'] = gen_password($data['password']);
$data_user['create_time'] = time();
}
if ($data['manager_role'] != 'manager') {
$category_display = D('Category')->where(array('id' => array('in', explode(',', $data['cids']))))->getField('id,title', true);
$data_user['category_display'] = serialize($category_display);
}
$user_id = M('User')->saveOrUpdate($data_user);
session("highlight_id", $user_id);
redirect(U('User/index'));
}
public function forgot_pwd()
{
if (IS_POST) {
$data = $_POST;
/* 检测验证码 */
if (!check_captcha($data['captcha'])) {
session('error', '验证码输入错误!');
redirect("/forgot_pwd");
}
if (!valid_email($data['email'])) {
session('error', '邮箱格式不正确!');
redirect("/forgot_pwd");
}
$user = D('User')->field('id, email, username')->getByEmail($data['email']);
if ($user) {
$subject = "找回密码";
$this->username = $user['username'];
$repwdcode = gen_password($user['email'] . "+" . time());
$info['repwdcode'] = $repwdcode;
$result = D('User')->updateFieldsById($user['id'], $info);
if ($result) {
$url = 'http://' . $_SERVER['HTTP_HOST'] . '/user/resetpwd?rpcode=' . $repwdcode;
$this->content = '<a href="' . $url . '">' . $url . '</a>';
$html = $this->fetch("public:send_mail_template");
$from['reply'] = "*****@*****.**";
$from['name'] = "taoshuanghu";
MailApi::sendEmail($from, $data['email'], '找回密码', $html);
redirect('display_success?username='******'username'] . '&email=' . $user['email']);
} else {
$this->error("申请修改密码未通过,建议重新申请");
}
} else {
session('error', '邮箱不存在, 请重新输入');
redirect("/forgot_pwd");
}
} else {
$this->display();
}
}
?>
</td>
<td><input type="text" id="new_username" name="new_username" id="new_username" size="12" <?php
if (isset($_POST['username']) and $unique_username != true) {
echo ' style="background-color:#FFD9D9; color:#800000; border:1px solid #800000" value="' . $_POST['username'] . '"';
}
?>
required />
<?php
echo $string['password'];
?>
<input type="text" id="new_password" name="new_password" id="new_username" value="<?php
if (isset($_POST['password'])) {
echo $_POST['password'];
} else {
echo gen_password();
}
?>
" size="12" required /></td>
</tr>
<input type="hidden" name="new_year" value="1"/>
<tr>
<td align="right"><?php
echo $string['gender'];
?>
</td>
<td>
<select id="new_gender" name="new_gender" size="1" required>
<option value=""></option>
public function showMain($message = '')
{
$returnStr = $this->showNurseHeader(Language::messageSMSTitle());
$returnStr .= '<div id="wrap">';
if (isVisionTestNurse(new User($_SESSION['URID']))) {
$primkey = gen_password(10);
$returnStr .= "<form method=post>";
$returnStr .= '<input type=hidden name=' . POST_PARAM_SE . ' value="' . addslashes(USCIC_SURVEY) . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_PRIMKEY . ' value="' . addslashes(encryptC($primkey, Config::directLoginKey())) . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_LANGUAGE . ' value="' . '1' . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_URID . ' value="' . addslashes($_SESSION['URID']) . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_NEW_PRIMKEY . ' value="1">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_MODE . ' value="' . MODE_CAPI . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_SUID . ' value="' . '5' . '">';
$returnStr .= '<button type="submit" id="startsurveybtn" class="btn btn-default navbar-btn" style="width:200px">Start the vision test</button>';
$returnStr .= "</form>";
} else {
$returnStr .= $this->showNavBar();
$returnStr .= '<div class="container"><p>';
$returnStr .= $message;
if (isFieldNurse(new User($_SESSION['URID']))) {
$respondents = new Respondents();
$respondents = $respondents->getRespondentsByUrid($_SESSION['URID']);
$returnStr .= '<table cellpadding="0" cellspacing="0" border="0" class="table table-striped table-bordered" id="example">
<thead>
<tr>
<th>' . Language::labelNurseHouseholdID() . '</th><th>' . Language::labelNurseName() . '</th><th>' . Language::labelNurseDwellingID() . '</th><th>' . Language::labelNurseVillage() . '</th></tr>';
foreach ($respondents as $respondent) {
$returnStr .= '<tr>';
$refpage = 'nurse.respondent.fieldnurse';
$returnStr .= '<td>' . setSessionParamsHref(array('page' => $refpage . '.info', 'primkey' => $respondent->getPrimkey()), $respondent->getPrimkey()) . '</td>';
$returnStr .= '<td>' . $respondent->getName() . '</td><td>' . $respondent->getAddress1() . '</td><td>' . $respondent->getCity() . '</td></tr>';
}
$returnStr .= '</table>';
} else {
//lab or lab nurse mode
//respondents mode!
$returnStr .= '<h4>' . Language::labelNurseScanBarcode() . '</h4>';
$returnStr .= '<form id="searchform" role="search" autocomplete=off>';
$returnStr .= setSessionParamsPost(array("page" => "nurse.respondents.search"));
$returnStr .= '<div class="input-group" style="width:300px">
<input name="search" type="text" class="form-control" id="search">
<span class="input-group-btn">
<button id="searchbutton" class="btn btn-default" type="submit">' . Language::labelSearch() . '</button>
</span>
</div><!-- /input-group -->';
$returnStr .= '<script>$("#search").focus();</script>';
$returnStr .= '</form>';
//$returnStr .= $this->showSearch();
if (isLabNurse(new User($_SESSION['URID']))) {
$returnStr .= '<br/><hr>';
$returnStr .= '<b>' . Language::labelNurseFieldDBS() . '</b><br/><br/>';
global $db;
$query = 'select count(*) as cnt from ' . Config::dbSurveyData() . '_lab where fielddbsstatus = 1';
$result = $db->selectQuery($query);
if ($result != null) {
$row = $db->getRow($result);
if ($row['cnt'] > 0) {
$returnStr .= $this->displayInfo(Language::labelNurseToShip($row["cnt"]));
$returnStr .= '<a href="' . setSessionParams(array('page' => 'nurse.fielddbs.shiptolab')) . '" target="#">' . Language::labelNurseShipToLab() . '</a>';
$returnStr .= ' | ';
$returnStr .= '<a href="' . setSessionParams(array('page' => 'nurse.fielddbs.shiptolab.marked')) . '">' . Language::labelNurseMarkShipped() . '</a>';
} else {
$returnStr .= $this->displayInfo('There are currently no field DBS cards that need to be send to the lab');
}
}
$returnStr .= '<hr><b>' . Language::labelNurseLabName() . '</b><br/><br/>';
$returnStr .= '<a href="' . setSessionParams(array('page' => 'nurse.labblood.overview')) . '" target="#">' . Language::labelNurseLabBloodOverview() . '</a><br/>';
$returnStr .= '<a href="' . setSessionParams(array('page' => 'nurse.labdbs.overview')) . '" target="#">' . Language::labelNurseLabDBSOverview() . '</a><br/>';
//$returnStr .= ' | ';
//$returnStr .= '<a href="' . setSessionParams(array('page' => 'nurse.fielddbs.shiptolab.marked')) . '">' . 'Mark these DBS cards as "shipped"' . '</a>';
}
if (!isLabNurse(new User($_SESSION['URID']))) {
//TEST
$returnStr .= '<hr><b>' . Language::labelNurseTestLab() . '</b><br/><br/>';
$primkey = gen_password(10);
$returnStr .= "<form method=post>";
$returnStr .= '<input type=hidden name=' . POST_PARAM_SE . ' value="' . addslashes(USCIC_SURVEY) . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_PRIMKEY . ' value="' . addslashes(encryptC($primkey, Config::directLoginKey())) . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_LANGUAGE . ' value="' . '1' . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_URID . ' value="' . addslashes($_SESSION['URID']) . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_NEW_PRIMKEY . ' value="1">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_MODE . ' value="' . MODE_CAPI . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_SUID . ' value="' . '3' . '">';
$returnStr .= '<button type="submit" id="startsurveybtn" class="btn btn-default navbar-btn" style="width:200px">' . Language::labelNurseStartSurvey() . '</button>';
$returnStr .= "</form>";
$primkey = gen_password(10);
$returnStr .= "<form method=post>";
$returnStr .= '<input type=hidden name=' . POST_PARAM_SE . ' value="' . addslashes(USCIC_SURVEY) . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_PRIMKEY . ' value="' . addslashes(encryptC($primkey, Config::directLoginKey())) . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_LANGUAGE . ' value="' . '1' . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_URID . ' value="' . addslashes($_SESSION['URID']) . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_NEW_PRIMKEY . ' value="1">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_MODE . ' value="' . MODE_CAPI . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_SUID . ' value="' . '5' . '">';
$returnStr .= '<button type="submit" id="startsurveybtn" class="btn btn-default navbar-btn" style="width:200px">' . Language::labelNurseStartVision() . '</button>';
$returnStr .= "</form>";
$primkey = gen_password(10);
$returnStr .= "<form method=post>";
$returnStr .= '<input type=hidden name=' . POST_PARAM_SE . ' value="' . addslashes(USCIC_SURVEY) . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_PRIMKEY . ' value="' . addslashes(encryptC($primkey, Config::directLoginKey())) . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_LANGUAGE . ' value="' . '1' . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_URID . ' value="' . addslashes($_SESSION['URID']) . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_NEW_PRIMKEY . ' value="1">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_MODE . ' value="' . MODE_CAPI . '">';
$returnStr .= '<input type=hidden name=' . POST_PARAM_SUID . ' value="' . '6' . '">';
$returnStr .= '<button type="submit" id="startsurveybtn" class="btn btn-default navbar-btn" style="width:200px">' . Language::labelNurseAntropometrics() . '</button>';
$returnStr .= "</form>";
}
}
}
//END TEST
$returnStr .= '</p></div> </div>';
//container and wrap
$returnStr .= $this->showBottomBar();
$returnStr .= $this->showFooter(false);
return $returnStr;
}
<label><?php
echo NOTE;
?>
*</label>
<textarea rows="10" cols="25" name="note" class="form-control required <?php
echo $classe['note'];
?>
" ><?php
echo stripslashes($_POST['note']);
?>
</textarea>
</div>
<div class="col_full">
<label>Codice di sicurezza*</label><br>
<?php
$captcha = gen_password(5);
?>
<img style="margin-bottom: 10px" src="<?php
echo TOTALPATH;
?>
captcha.php?code=<?php
echo $captcha;
?>
" class="fleft"/><br><br>
<input type="text" name="jpg_captcha" style="margin-top: 15px;" class="form-control required <?php
echo $classe['jpg_captcha'];
?>
" id="jpg_captcha" value="" ><input type="hidden" name="captcha" value="<?php
echo md5(strtoupper($captcha));
?>
">
/**
* create the database and users if they do not exist
*
*/
static function createDatabase($dbname, $dbcharset)
{
global $string;
$res = self::$db->prepare("SHOW DATABASES LIKE '{$dbname}'");
$res->execute();
$res->store_result();
@ob_flush();
@flush();
if ($res->num_rows > 0) {
self::displayError(array('010' => sprintf($string['displayerror1'], $dbname)));
}
$res->close();
switch ($dbcharset) {
case 'utf8':
$collation = 'utf8_general_ci';
break;
default:
$collation = 'latin1_swedish_ci';
}
self::$db->query("CREATE DATABASE {$dbname} CHARACTER SET = {$dbcharset} COLLATE = {$collation}");
//have to use query here oldvers of php throw an error
if (self::$db->errno != 0) {
self::displayError(array('011' => $string['displayerror2']));
}
//select the newly created database
self::$db->change_user(self::$db_admin_username, self::$db_admin_passwd, self::$cfg_db_name);
//create tables
$tables = new databaseTables($dbcharset);
self::$db->autocommit(false);
while ($sql = $tables->next()) {
$res = self::$db->query($sql);
@ob_flush();
@flush();
if (self::$db->errno != 0) {
self::displayError(array('012' => $string['displayerror3'] . self::$db->error . "<br /> {$sql}"));
try {
$err = self::$db->error;
$mess = self::$db->errno;
throw new Exception("MySQL error {$err}", $mess);
} catch (Exception $e) {
echo "Error No: " . $e->getCode() . " - " . $e->getMessage() . "<br />";
}
self::$db->rollback();
}
}
self::$db->commit();
self::$cfg_db_username = self::$cfg_db_basename . '_auth';
self::$cfg_db_password = gen_password() . gen_password();
self::$cfg_db_student_user = self::$cfg_db_basename . '_stu';
self::$cfg_db_student_passwd = gen_password() . gen_password();
self::$cfg_db_staff_user = self::$cfg_db_basename . '_staff';
self::$cfg_db_staff_passwd = gen_password() . gen_password();
self::$cfg_db_external_user = self::$cfg_db_basename . '_ext';
self::$cfg_db_external_passwd = gen_password() . gen_password();
self::$cfg_db_sysadmin_user = self::$cfg_db_basename . '_sys';
self::$cfg_db_sysadmin_passwd = gen_password() . gen_password();
self::$cfg_db_sct_user = self::$cfg_db_basename . '_sct';
self::$cfg_db_sct_passwd = gen_password() . gen_password();
self::$cfg_db_inv_user = self::$cfg_db_basename . '_inv';
self::$cfg_db_inv_passwd = gen_password() . gen_password();
self::$cfg_cron_user = '******';
self::$cfg_cron_passwd = gen_password() . gen_password();
$priv_SQL = array();
//create 'database user authentication user' and grant permissions
self::$db->query("CREATE USER '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "' IDENTIFIED BY '" . self::$cfg_db_password . "'");
if (self::$db->errno != 0) {
self::displayError(array('013' => $string['wdatabaseuser'] . self::$cfg_db_username . $string['wnotcreated'] . ' ' . self::$db->error));
}
//$priv_SQL[] = "REVOKE ALL PRIVILEGES ON $dbname.* FROM '". self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".admin_access TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT ON " . $dbname . ".courses TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".client_identifiers TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".labs TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".lti_keys TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".lti_user TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".modules_student TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".paper_metadata_security TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, UPDATE, INSERT, DELETE ON " . $dbname . ".password_tokens TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".properties TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".schools TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT ON " . $dbname . ".sid TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".special_needs TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT INSERT ON " . $dbname . ".sys_errors TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT,INSERT ON " . $dbname . ".temp_users TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".users TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".users_metadata TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT INSERT ON " . $dbname . ".denied_log TO '" . self::$cfg_db_username . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "FLUSH PRIVILEGES";
foreach ($priv_SQL as $sql) {
self::$db->query($sql);
@ob_flush();
@flush();
if (self::$db->errno != 0) {
self::displayError(array('013' => $string['wdatabaseuser'] . self::$cfg_db_username . $string['wnotpermission'] . ' ' . self::$db->error));
self::$db->rollback();
}
}
self::$db->commit();
$priv_SQL = array();
//create 'database user student user' and grant permissions
self::$db->query("CREATE USER '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "' IDENTIFIED BY '" . self::$cfg_db_student_passwd . "'");
if (self::$db->errno != 0) {
self::displayError(array('013' => $string['wdatabaseuser'] . self::$cfg_db_student_user . $string['wnotcreated'] . ' ' . self::$db->error));
}
//$priv_SQL[] = "REVOKE ALL PRIVILEGES ON $dbname.* FROM '". self::$cfg_db_student_user . "'@'". self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".announcements TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".cache_median_question_marks TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".cache_paper_stats TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".cache_student_paper_marks TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".exam_announcements TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".feedback_release TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".help_log TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".help_searches TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".help_tutorial_log TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".client_identifiers TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".keywords_question TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".labs TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log0 TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log1 TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log2 TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log3 TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log4 TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log4_overall TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log5 TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log6 TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".log_extra_time TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".log_lab_end_time TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log_late TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log_metadata TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".lti_resource TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".lti_context TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".marking_override TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".modules TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT ON " . $dbname . ".modules_student TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".objectives TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".options TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".paper_feedback TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".paper_metadata_security TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".papers TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".properties TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".properties_modules TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".questions TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".question_exclude TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".question_statuses TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".reference_material TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".reference_modules TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".reference_papers TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".relationships TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".schools TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".sid TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".sessions TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".std_set TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".std_set_questions TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".state TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".student_help TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".special_needs TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT INSERT ON " . $dbname . ".sys_errors TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".temp_users TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".users TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".users_metadata TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT INSERT ON " . $dbname . ".access_log TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT INSERT ON " . $dbname . ".denied_log TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".killer_questions TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT INSERT ON " . $dbname . ".save_fail_log TO '" . self::$cfg_db_student_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "FLUSH PRIVILEGES";
foreach ($priv_SQL as $sql) {
self::$db->query($sql);
@ob_flush();
@flush();
if (self::$db->errno != 0) {
self::displayError(array('013' => $string['wdatabaseuser'] . self::$cfg_db_student_user . $string['wnotpermission'] . ' ' . self::$db->error));
self::$db->rollback();
}
}
self::$db->commit();
$priv_SQL = array();
//create 'database user external user' and grant permissions
self::$db->query("CREATE USER '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "' IDENTIFIED BY '" . self::$cfg_db_external_passwd . "'");
if (self::$db->errno != 0) {
self::displayError(array('013' => $string['wdatabaseuser'] . self::$cfg_db_external_user . $string['wnotcreated'] . ' ' . self::$db->error));
}
//$priv_SQL[] = "REVOKE ALL PRIVILEGES ON $dbname.* FROM '". self::$cfg_db_external_user . "'@'". self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT ON " . $dbname . ".help_log TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT ON " . $dbname . ".help_searches TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".keywords_question TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log0 TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log1 TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log2 TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log3 TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log4 TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log4_overall TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log5 TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log_late TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log_metadata TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".modules TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".modules_staff TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".options TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".papers TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".properties TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".questions TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".question_statuses TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".reference_material TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".reference_modules TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".reference_papers TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".review_comments TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".review_metadata TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".special_needs TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".std_set TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".std_set_questions TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".staff_help TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".student_help TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT INSERT ON " . $dbname . ".sys_errors TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".users TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT INSERT ON " . $dbname . ".access_log TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT INSERT ON " . $dbname . ".denied_log TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".properties_reviewers TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".client_identifiers TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".labs TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".properties_modules TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".log_extra_time TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".log_lab_end_time TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".schools TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".paper_metadata_security TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".modules_student TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".question_exclude TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".users_metadata TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".marking_override TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".sid TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".student_notes TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".paper_notes TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".exam_announcements TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".relationships TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".feedback_release TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".cache_paper_stats TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".paper_feedback TO '" . self::$cfg_db_external_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "FLUSH PRIVILEGES";
foreach ($priv_SQL as $sql) {
self::$db->query($sql);
@ob_flush();
@flush();
if (self::$db->errno != 0) {
self::displayError(array('013' => $string['wdatabaseuser'] . self::$cfg_db_external_user . $string['wnotpermission'] . ' ' . self::$db->error));
self::$db->rollback();
}
}
self::$db->commit();
$priv_SQL = array();
//create 'database user staff user' and grant permissions
self::$db->query("CREATE USER '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "' IDENTIFIED BY '" . self::$cfg_db_staff_passwd . "'");
if (self::$db->errno != 0) {
self::displayError(array('013' => $string['wdatabaseuser'] . self::$cfg_db_staff_user . $string['wnotcreated'] . ' ' . self::$db->error));
}
//$priv_SQL[] = "REVOKE ALL PRIVILEGES ON $dbname.* FROM '". self::$cfg_db_staff_user . "'@'". self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".* TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".cache_median_question_marks TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".cache_paper_stats TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".cache_student_paper_marks TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".ebel TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".exam_announcements TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".feedback_release TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".folders TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".folders_modules_staff TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".help_log TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".help_searches TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".help_tutorial_log TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".hofstee TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".keywords_question TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".keywords_user TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log0 TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log1 TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log2 TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log3 TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".log4 TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".log4_overall TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".log5 TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".log6 TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".log_late TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".log_metadata TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".lti_resource TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".lti_context TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".marking_override TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT ON " . $dbname . ".modules TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".modules_staff TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".modules_student TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".objectives TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".options TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".paper_metadata_security TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".paper_notes TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".paper_feedback TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".papers TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".password_tokens TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".performance_main TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".performance_details TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".properties TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".properties_modules TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".question_exclude TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".questions TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".question_statuses TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".questions_metadata TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".questions_modules TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".recent_papers TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".reference_material TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".reference_modules TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".reference_papers TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".relationships TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".review_comments TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".review_metadata TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, DELETE ON " . $dbname . ".scheduling TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".sessions TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".sid TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT INSERT ON " . $dbname . ".sms_imports TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".special_needs TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".std_set TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".std_set_questions TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".state TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".student_notes TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".temp_users TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".textbox_marking TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".textbox_remark TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".track_changes TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".users TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".users_metadata TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT ON " . $dbname . ".access_log TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT ON " . $dbname . ".denied_log TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".properties_reviewers TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT INSERT ON " . $dbname . ".sys_errors TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".killer_questions TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT ON " . $dbname . ".save_fail_log TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, UPDATE ON " . $dbname . ".toilet_breaks TO '" . self::$cfg_db_staff_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "FLUSH PRIVILEGES";
foreach ($priv_SQL as $sql) {
self::$db->query($sql);
@ob_flush();
@flush();
if (self::$db->errno != 0) {
self::displayError(array('013' => $string['wdatabaseuser'] . self::$cfg_db_staff_user . $string['wnotpermission'] . ' ' . self::$db->error));
self::$db->rollback();
}
}
self::$db->commit();
$priv_SQL = array();
//create 'database user SCT user' and grant permissions
self::$db->query("CREATE USER '" . self::$cfg_db_sct_user . "'@'" . self::$cfg_web_host . "' IDENTIFIED BY '" . self::$cfg_db_sct_passwd . "'");
if (self::$db->errno != 0) {
self::displayError(array('013' => $string['wdatabaseuser'] . self::$cfg_db_sct_user . $string['wnotcreated'] . ' ' . self::$db->error));
}
//$priv_SQL[] = "REVOKE ALL PRIVILEGES ON $dbname.* FROM '". self::$cfg_db_sct_user . "'@'". self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".options TO '" . self::$cfg_db_sct_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".paper_metadata_security TO '" . self::$cfg_db_sct_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".paper_notes TO '" . self::$cfg_db_sct_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".papers TO '" . self::$cfg_db_sct_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".properties TO '" . self::$cfg_db_sct_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".questions TO '" . self::$cfg_db_sct_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".question_statuses TO '" . self::$cfg_db_sct_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".questions_metadata TO '" . self::$cfg_db_sct_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".sct_reviews TO '" . self::$cfg_db_sct_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT INSERT ON " . $dbname . ".denied_log TO '" . self::$cfg_db_sct_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "FLUSH PRIVILEGES";
foreach ($priv_SQL as $sql) {
self::$db->query($sql);
if (self::$db->errno != 0) {
self::displayError(array('013' => $string['wdatabaseuser'] . self::$cfg_db_sct_user . $string['wnotpermission'] . ' ' . self::$db->error));
self::$db->rollback();
}
}
self::$db->commit();
$priv_SQL = array();
//create 'database user Invigilator user' and grant permissions
self::$db->query("CREATE USER '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "' IDENTIFIED BY '" . self::$cfg_db_inv_passwd . "'");
if (self::$db->errno != 0) {
self::displayError(array('013' => $string['wdatabaseuser'] . self::$cfg_db_inv_user . $string['wnotcreated'] . ' ' . self::$db->error));
}
//$priv_SQL[] = "REVOKE ALL PRIVILEGES ON $dbname.* FROM '". self::$cfg_db_inv_user . "'@'". self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".exam_announcements TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".client_identifiers TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".labs TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".log2 TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".log_metadata TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".log_extra_time TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE ON " . $dbname . ".log_lab_end_time TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".modules_student TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".paper_notes TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".properties TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".properties_modules TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".modules TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".papers TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".questions TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".question_statuses TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $dbname . ".student_notes TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".sid TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".special_needs TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $dbname . ".users TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT INSERT ON " . $dbname . ".access_log TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT INSERT ON " . $dbname . ".denied_log TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, DELETE ON " . $dbname . ".toilet_breaks TO '" . self::$cfg_db_inv_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "FLUSH PRIVILEGES";
foreach ($priv_SQL as $sql) {
self::$db->query($sql);
@ob_flush();
@flush();
if (self::$db->errno != 0) {
self::displayError(array('013' => $string['wdatabaseuser'] . self::$cfg_db_inv_user . $string['wnotpermission'] . ' ' . self::$db->error));
self::$db->rollback();
}
}
self::$db->commit();
$priv_SQL = array();
//create 'database user sysadmin user' and grant permissions
self::$db->query("CREATE USER '" . self::$cfg_db_sysadmin_user . "'@'" . self::$cfg_web_host . "' IDENTIFIED BY '" . self::$cfg_db_sysadmin_passwd . "'");
if (self::$db->errno != 0) {
self::displayError(array('013' => $string['wdatabaseuser'] . self::$cfg_db_sysadmin_user . $string['wnotcreated'] . ' ' . self::$db->error));
}
//$priv_SQL[] = "REVOKE ALL PRIVILEGES ON $dbname.* FROM '". self::$cfg_db_sysadmin_user . "'@'". self::$cfg_web_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE, DELETE, ALTER, DROP ON " . $dbname . ".* TO '" . self::$cfg_db_sysadmin_user . "'@'" . self::$cfg_web_host . "'";
$priv_SQL[] = "FLUSH PRIVILEGES";
foreach ($priv_SQL as $sql) {
self::$db->query($sql);
@ob_flush();
@flush();
if (self::$db->errno != 0) {
echo self::$db->error . "<br />";
self::displayError(array('013' => $string['wdatabaseuser'] . self::$cfg_db_sysadmin_user . $string['wnotpermission'] . ' ' . self::$db->error));
self::$db->rollback();
}
}
self::$db->commit();
//create sysadmin user
UserUtils::create_user($_POST['SysAdmin_username'], $_POST['SysAdmin_password'], $_POST['SysAdmin_title'], $_POST['SysAdmin_first'], $_POST['SysAdmin_last'], $_POST['SysAdmin_email'], 'University Lecturer', '', '1', 'Staff,SysAdmin', '', self::$db);
//create cron user
UserUtils::create_user(self::$cfg_cron_user, self::$cfg_cron_passwd, '', '', 'cron', '', '', '', '', 'Staff,SysCron', '', self::$db);
//create 100 guest accounts
for ($i = 1; $i <= 100; $i++) {
UserUtils::create_user('user' . $i, '', 'Dr', 'A', 'User' . $i, '', 'none', '', '1', 'Student', '', self::$db);
}
self::$db->commit();
//add unknown school & faculty
$facultyID = FacultyUtils::add_faculty('UNKNOWN Faculty', self::$db);
$scoolID = SchoolUtils::add_school($facultyID, 'UNKNOWN School', self::$db);
//add traing school
$facultyID = FacultyUtils::add_faculty('Administrative and Support Units', self::$db);
$scoolID = SchoolUtils::add_school($facultyID, 'Training', self::$db);
//create special modules
module_utils::add_modules('TRAIN', 'Training Module', 1, $scoolID, '', '', 0, false, false, false, true, null, null, self::$db, 0, 0, 1, 1, '07/01');
module_utils::add_modules('SYSTEM', 'Online Help', 1, $scoolID, '', '', 0, true, true, true, true, null, null, self::$db, 0, 0, 1, 1, '07/01');
self::$db->commit();
// Create default question statuses
$statuses = array(array('name' => 'Normal', 'exclude_marking' => false, 'retired' => false, 'is_default' => true, 'change_locked' => true, 'validate' => true, 'display_warning' => 0, 'colour' => '#000000', 'display_order' => 0), array('name' => 'Retired', 'exclude_marking' => false, 'retired' => true, 'is_default' => false, 'change_locked' => true, 'validate' => false, 'display_warning' => 1, 'colour' => '#808080', 'display_order' => 1), array('name' => 'Incomplete', 'exclude_marking' => false, 'retired' => false, 'is_default' => false, 'change_locked' => false, 'validate' => false, 'display_warning' => 1, 'colour' => '#000000', 'display_order' => 2), array('name' => 'Experimental', 'exclude_marking' => true, 'retired' => false, 'is_default' => false, 'change_locked' => false, 'validate' => true, 'display_warning' => 0, 'colour' => '#808080', 'display_order' => 3), array('name' => 'Beta', 'exclude_marking' => false, 'retired' => false, 'is_default' => false, 'change_locked' => false, 'validate' => true, 'display_warning' => 1, 'colour' => '#000000', 'display_order' => 4));
foreach ($statuses as $data) {
$qs = new QuestionStatus(self::$db, $string, $data);
$qs->save();
}
//FLUSH PRIVILEGES
self::$db->query("FLUSH PRIVILEGES");
if (self::$db->errno != 0) {
self::logWarning(array('014' => $string['logwarning20']));
}
self::$db->commit();
self::$db->autocommit(false);
}
{
echo $_SESSION['msg'];
unset($_SESSION['msg']);
}
$dis = 'none';
if (isset($_SESSION['msg'])) {
$dis = block;
}
//
if (isset($_POST['email'])) {
mysql_select_db($database_contacts, $contacts);
$query_passwordcheck = "SELECT * FROM users WHERE user_email = '" . $_POST['email'] . "'";
$passwordcheck = mysql_query($query_passwordcheck, $contacts) or die(mysql_error());
$row_passwordcheck = mysql_fetch_assoc($passwordcheck);
$totalRows_passwordcheck = mysql_num_rows($passwordcheck);
$new_password = gen_password(8);
if (send_password($_POST["email"], $email_from_address, $website_address)) {
set_msg('A new password has been sent.');
header('Location: login.php');
die;
} else {
set_msg('Could not send the password.');
header('Location: password.php');
die;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
if (file_put_contents($cfg_web_root . 'config/config.inc.php', $cfg) === false) {
echo "<li class=\"error\">" . $string['couldnotwrite'] . "</li>";
}
/////////////////////// update the config file!! //////////////////////////////////////
}
// END Create SCT user
$result->free_result();
$result->close();
$cfg_db_inv_username = $cfg_db_database . '_inv';
$result = $mysqli->prepare("SELECT user FROM mysql.user WHERE user = '******'");
$result->execute();
$result->store_result();
$result->bind_result($tmp_user);
$result->fetch();
if ($result->num_rows() == 0) {
$cfg_db_inv_password = gen_password(16);
$priv_SQL = array();
//create 'database user SCT user' and grant permissions
$mysqli->query("CREATE USER '" . $cfg_db_inv_username . "'@'" . $cfg_db_host . "' IDENTIFIED BY '" . $cfg_db_inv_password . "'");
echo "<li>NEW DB USER:: {$cfg_db_inv_username} created</li>";
$priv_SQL[] = "GRANT SELECT ON " . $cfg_db_database . ".student_modules TO '" . $cfg_db_inv_username . "'@'" . $cfg_db_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $cfg_db_database . ".users TO '" . $cfg_db_inv_username . "'@'" . $cfg_db_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $cfg_db_database . ".special_needs TO '" . $cfg_db_inv_username . "'@'" . $cfg_db_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $cfg_db_database . ".sid TO '" . $cfg_db_inv_username . "'@'" . $cfg_db_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $cfg_db_database . ".ip_addresses TO '" . $cfg_db_inv_username . "'@'" . $cfg_db_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $cfg_db_database . ".labs TO '" . $cfg_db_inv_username . "'@'" . $cfg_db_host . "'";
$priv_SQL[] = "GRANT SELECT ON " . $cfg_db_database . ".properties TO '" . $cfg_db_inv_username . "'@'" . $cfg_db_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $cfg_db_database . ".student_notes TO '" . $cfg_db_inv_username . "'@'" . $cfg_db_host . "'";
$priv_SQL[] = "GRANT SELECT, INSERT, UPDATE ON " . $cfg_db_database . ".paper_notes TO '" . $cfg_db_inv_username . "'@'" . $cfg_db_host . "'";
foreach ($priv_SQL as $sql) {
$updater_utils->execute_query($sql, false);
/**
* Index Page for this controller.
*/
public function index()
{
//Check if we are submitting data.
$data = $this->input->post();
$errors = array();
if ($data && IS_VALID_AJAX) {
//Verify the username for length, and then verify against the database.
if (strlen($data['username']) < 2) {
$errors[] = "Your username was too short (2+ chars).";
} elseif (strlen($data['username']) > 16) {
$errors[] = "Your username was too long (16- chars).";
} else {
$q = $this->db->query("SELECT COUNT(*) as total FROM users WHERE `username` = {$this->db->escape(strtolower($data['username']))}");
if ($q->row()->total > 0) {
$errors[] = "This username is already taken.";
}
}
//Also verify that the password is the minimum length.
if (strlen($data['password1']) < 6) {
$errors[] = "Your password is too short (6+ chars).";
}
//Verify the user's passwords match.
if ($data['password1'] != $data['password2']) {
$errors[] = "Your passwords did not match.";
}
//Verify that the email is the correct format, then verify against the database.
if (!strlen($data['email']) || !preg_match("/^[^@]+@[a-zA-Z0-9._-]+\\.[a-zA-Z]+\$/", $data['email'])) {
$errors[] = "The email provided is invalid.";
} else {
$data['email'] = strtolower($data['email']);
$q = $this->db->query("SELECT COUNT(*) as total FROM users WHERE `email` = {$this->db->escape($data['email'])}");
if ($q->row()->total > 0) {
$errors[] = "This email address is already taken.";
}
}
//If there are errors output them for the client to fix.
if (sizeof($errors)) {
$this->output->set_output(implode('<br />', $errors));
} else {
//Prepare last stuff.
$pw = gen_password($data['password1']);
//We now want to email the user and validate their account.
$this->load->library('email');
$this->email->from('*****@*****.**', 'RaidRifts');
$this->email->to($data['email']);
$this->email->subject('Welcome to RaidRifts!');
//Build the email message.
$base_url = base_url();
$msg = "Welcome to Raidrifts, {$data['username']}!\n\n";
$msg .= "You must validate your account in order to use it. Simply visit {$base_url}register/complete/{$this->verify_gen($data['username'], $pw)}/{$data['username']}/ to verify your account.";
$this->email->message($msg);
if ($this->email->send()) {
//This means all data was valid, insert into the database.
$this->db->insert("users", array('username' => $data['username'], 'password' => $pw, 'email' => $data['email'], 'added' => date("Y-m-d H:i:s")));
//Output to the user everything went well.
$this->output->set_output('SUCCESS');
} else {
$this->output->set_output("An error occurred while processing.");
}
}
} else {
show_404("invalid_registration_request");
}
}
public function create()
{
$this->token = gen_password(microtime());
session('message_create_unique_token', $this->token);
$this->display();
}
