if ($system->logout()) {
$res = true;
}
} else {
if ($action == "save_prefs") {
//save preferences into session
user_setPreferences($system->dbname_full(), $_REQUEST);
$res = true;
} else {
if ($action == "usr_save") {
$res = user_Update($system, $_REQUEST);
} else {
if ($action == "usr_get" && is_numeric(@$_REQUEST['UGrpID'])) {
$ugrID = $_REQUEST['UGrpID'];
if ($system->is_admin2($ugrID)) {
$res = user_getById($system->get_mysqli(), $ugrID);
if (is_array($res)) {
$res['ugr_Password'] = '';
}
} else {
$system->addError(HEURIST_REQUEST_DENIED);
}
} else {
if ($action == "groups") {
$ugr_ID = @$_REQUEST['UGrpID'] ? $_REQUEST['UGrpID'] : $system->get_user_id();
$res = user_getWorkgroups($system->get_mysqli(), $ugr_ID, true);
} else {
if ($action == "members" && @$_REQUEST['UGrpID']) {
$res = user_getWorkgroupMemebers($system->get_mysqli(), @$_REQUEST['UGrpID']);
} else {
if ($action == "svs_save") {
/**
* Send approval message to user
*/
function user_EmailApproval($system, $recID, $tmp_password, $is_approvement)
{
$mysqli = $system->get_mysqli();
$dbowner_Email = user_getDbOwner($mysqli, 'ugr_eMail');
$user = user_getById($mysqli, $recID);
//find user
if ($user) {
$ugr_Name = $user['ugr_Name'];
$ugr_FullName = $user['ugr_FirstName'] . ' ' . $user['ugr_LastName'];
$ugr_Organisation = $user['ugr_Organisation'];
$ugr_eMail = $user['ugr_eMail'];
if ($is_approvement) {
$email_text = "Your Heurist account registration has been approved.";
} else {
$email_text = "A new Heurist account has been created for you.";
}
//give them a pointer to the search page for the database
$email_text .= "\n\nLogin to the database: " . HEURIST_DBNAME . " at " . HEURIST_BASE_URL . "?db=" . HEURIST_DBNAME . "\n" . "\n\nwith the username: "******" and password: "******"\n\nTo change your password go to Profile -> My User Info in the top right menu";
}
$email_text = $email_text . "\n\nWe recommend visiting http://HeuristNetwork.org and the online Help " . "pages, which provide comprehensive overviews and step-by-step instructions for using Heurist.";
$email_title = 'User Registration: ' . $ugr_FullName . ' [' . $ugr_eMail . ']';
$rv = sendEmail($ugr_eMail, $email_title, $email_text, "From: " . $dbowner_Email);
if ($rv != 'ok') {
$system->addError(HEURIST_SYSTEM_CONFIG, 'Error_Mail_Approvement', $rv);
}
} else {
$system->addError(HEURIST_NOT_FOUND, 'User not found');
return false;
}
return true;
}
function auth_check($domain, $did, $auth, $level = 1)
{
if (!user_isLogin()) {
return false;
}
$auth = base_protect($auth);
$domain = base_protect($domain);
$did = (int) $did;
$level = (int) $level;
if (auth_checkSession($domain, $did, $auth, $level)) {
return true;
}
load_model('user.func');
$user = user_getById($_SESSION['twt_uid']);
if (!$user) {
return false;
}
$query = 'SELECT * FROM ' . table('authmap') . ' WHERE ' . '((`ownertype`="group" AND `ownerid`="' . $user['gid'] . '")' . ' OR ' . '(`ownertype`="user" AND `ownerid`="' . $user['uid'] . '"))' . ' AND `domain`="' . $domain . '"' . ' AND `did`="' . $did . '"' . ' AND `auth`="' . $auth . '"' . ' ORDER BY `iscancel` DESC LIMIT 1';
// echo $query;
global $db;
$result = $db->sql($query);
$row = $db->getRow($result);
if (!$row) {
return -1;
}
if ($row['iscancel'] != '0') {
return -2;
}
if ($row['level'] < $level) {
return -3;
}
if ($row['bindtype'] == 'group') {
return 2;
}
auth_setSession($row['domain'], $row['did'], $row['auth'], $row['level']);
return 1;
}
