function usr_create($data)
{
global $kga, $conn;
// find random but unused user id
do {
$data['usr_ID'] = random_number(9);
} while (usr_get_data($data['usr_ID']));
$data = clean_data($data);
$values['usr_name'] = MySQL::SQLValue($data['usr_name']);
$values['usr_ID'] = MySQL::SQLValue($data['usr_ID'], MySQL::SQLVALUE_NUMBER);
$values['usr_grp'] = MySQL::SQLValue($data['usr_grp'], MySQL::SQLVALUE_NUMBER);
$values['usr_sts'] = MySQL::SQLValue($data['usr_sts'], MySQL::SQLVALUE_NUMBER);
$values['usr_active'] = MySQL::SQLValue($data['usr_active'], MySQL::SQLVALUE_NUMBER);
$table = $kga['server_prefix'] . "usr";
$result = $conn->InsertRow($table, $values);
if ($result === false) {
return false;
} else {
if (isset($data['usr_rate'])) {
if (is_numeric($data['usr_rate'])) {
save_rate($usr_id, NULL, NULL, $data['usr_rate']);
} else {
remove_rate($usr_id, NULL, NULL);
}
}
return $data['usr_ID'];
}
}
// = authentication method =
// =========================
require WEBROOT . 'auth/kimai.php';
$authPlugin = new KimaiAuth();
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
$banned = false;
switch ($action) {
case 'login':
$name = htmlspecialchars(trim($_REQUEST['name']));
$password = $_REQUEST['password'];
// perform login of user
if ($authPlugin->authenticate($name, $password, $userId)) {
if ($userId === false) {
$userId = usr_create(array('usr_name' => $name, 'usr_grp' => $authPlugin->getDefaultGroupId(), 'usr_sts' => 2, 'usr_active' => 1));
}
$userData = usr_get_data($userId);
if ($userData['ban'] < $kga['conf']['loginTries'] || time() - $userData['banTime'] > $kga['conf']['loginBanTime']) {
// logintries not used up OR
// bantime is over
// => grant access
$keymai = random_code(30);
setcookie("kimai_key", $keymai);
setcookie("kimai_usr", $userData['usr_name']);
loginSetKey($userId, $keymai);
header("Location: record.php");
} else {
// login attempt even though logintries are used up and bantime is not over => deny
setcookie("kimai_key", "0");
setcookie("kimai_usr", "0");
loginUpdateBan($userId);
$banned = true;
/**
* Adds a new user
*
* @param array $data username, email, and other data of the new user
* @global array $kga kimai-global-array
* @return boolean true on success, false on failure
* @author ob
*/
function usr_create($data)
{
global $kga, $pdo_conn;
$p = $kga['server_prefix'];
// find random but unused user id
do {
$data['usr_ID'] = random_number(9);
} while (usr_get_data($data['usr_ID']));
$data = clean_data($data);
$pdo_query = $pdo_conn->prepare("INSERT INTO {$p}usr (\n `usr_ID`,\n `usr_name`,\n `usr_grp`,\n `usr_sts`,\n `usr_active`\n ) VALUES (?, ?, ?, ?, ?)");
$result = $pdo_query->execute(array($data['usr_ID'], $data['usr_name'], $data['usr_grp'], $data['usr_sts'], $data['usr_active']));
if ($result == true) {
if (isset($data['usr_rate'])) {
if (is_numeric($data['usr_rate'])) {
save_rate($usr_id, NULL, NULL, $data['usr_rate']);
} else {
remove_rate($usr_id, NULL, NULL);
}
}
return $data['usr_ID'];
} else {
return false;
}
}
