/**
* Create a new user
* @return bool - returns true on success
*/
public function userCreate()
{
$form = new sfc\Form(SSP_Path(), $this->cfg->userTable, "userCreate");
$form->errorAutoFormDisplay = false;
$form->addPlaceholder = $this->addPlaceholder;
$form->tpl = $this->tpl(array("title" => "New user"), true);
if ($this->subTpl != "") {
$form->tplf = $this->subTpl;
} else {
$form->tplf = "usercreation.tpl";
}
$form->fe("text", "FirstName", "First name");
$form->fep("width=30,required=true, sql=false");
$form->fe("text", "FamilyName", "Family name");
$form->fep("width=30,required=true, sql=false");
$form->fe("text", "email", "Email");
$form->fep("width=30,required=true, dataType=email, dbField=UserEmail");
if ($this->cfg->loginType == 1 or $this->cfg->getUserName) {
$form->fe("text", "name", "User name");
$form->fep("width=15,required=true,dataType=password, dbField=UserName");
}
$form->fe("check", "askUser", "Ask user for password (don't have to enter one)", array(0, 1));
$form->fep('sql=false');
$form->fe("password", "password", "Password");
$form->fep("width=15, dataType=password, dbField=UserPassword");
$form->fe("password", "password2", "Enter password again");
$form->fep("width=15,sql=false,dataType=password");
if ($this->cfg->fixedIpAddress) {
$form->fe("text", "ip", "IP address");
$form->fep("width=35,dataType=real, dbField=UserIp");
}
// allow flags to be set by admin
$form->fe("select", "UserAccess", "User Access rights", $this->cfg->userAccessTypeDropdown);
$form->fep("dataType=password");
$checkData = array("0", "1");
$fep = "dataType=bin";
$form->fe("check", "UserDisabled", "User Disabled", $checkData);
$form->fep($fep);
$form->fe("check", "UserPending", "User Pending program enable", $checkData);
$form->fep($fep);
$form->fe("check", "UserAdminPending", "User waiting admin vetting", $checkData);
$form->fep($fep);
$form->fe("check", "CreationFinished", "User creation finished", $checkData);
$form->fep($fep . ",deflt=true");
$form->fe("check", "UserWaiting", "Waiting for user to act on email", $checkData);
$form->fep($fep);
$form->fe("submit", "submit", "Create user");
// Check for form submission
$result = '';
if ($form->processForm($_POST)) {
if (!$form->error) {
$form->setField("email", strtolower($form->getField("email")));
if ($this->userCreateCheck($form)) {
$result = $form->create(true);
} else {
// create user
// user ID
$userId = SSP_uniqueId();
$add["UserId"] = $userId;
$add["UserDateCreated"] = time();
if ($form->getField('askUser') == 0) {
$form->setField("password", $this->session->cryptPassword($form->getField("password")));
}
$form->alsoAdd = $add;
$query = $form->querySave();
$this->db->insert($this->cfg->userTable, $form->saveFields, "SSP Admin User Creation: Creating new user ");
$data = array('UserId' => $userId, 'FirstName' => $form->getField('FirstName'), 'FamilyName' => $form->getField('FamilyName'));
$this->db->insert($this->cfg->userMiscTable, $data, "SSP Admin User Creation: Creating new user misc data");
if ($form->getField('askUser') != 0) {
// send email if new user entering password
$this->userJoinEmail($userId);
}
$result = true;
}
} else {
$result = $form->create(true);
}
} else {
$result = $form->create();
}
return $result;
}
function loginSetup()
{
// sets up the system fo an automatic login from remote
// check supplied data
if (isset($this->data["userName"]) and isset($this->data["sessionId"]) and isset($this->data["accessLevel"]) and isset($this->data["userIp"])) {
if (is_object($this->session) and method_exists($this->session, "validRemoteUser")) {
if ($this->session->validRemoteUser($this->data["userName"])) {
// check for existing remote login entry
$where = array("remoteSession" => $this->data["sessionId"], "userName" => $this->data["userName"], "userIp" => $this->data["userIp"], "localSession" => $this->session->sessionToken);
$remote = $this->db->get($this->sessionStatusTable, $where, "API Interface: Checking for current remote login record");
if ($remote) {
$loginToken = $remote->id;
} else {
// create remote user login entry
$loginToken = SSP_uniqueId();
$fields = array("id" => $loginToken, "remoteSession" => $this->data["sessionId"], "userName" => $this->data["userName"], "localSession" => $this->session->sessionToken, "userIp" => $this->data["userIp"]);
$this->db->insert($this->sessionStatusTable, $fields, "API Interface: Inserting new remote login record");
}
$this->data = array("loginToken" => $loginToken);
$this->acknowledgeReply();
} else {
$this->errorReply("Invalid remote user");
}
} else {
$this->errorReply("Not an SSP system or has no validRemoteUser function");
}
} else {
$this->errorReply("Invalid data supplied for remote login");
}
}
/**
* User joinup function
*/
public function userJoin()
{
if ($this->cfg->confirmType == 0 or $this->cfg->confirmType == 3) {
$needPassword = true;
} else {
$needPassword = false;
}
$form = new sfc\Form(SSP_Path(), $this->cfg->userTable, "userJoin");
$form->tpl = $this->tpl(array("title" => "Join SSP"), true);
$form->errorAutoFormDisplay = false;
if ($this->subTpl != "") {
$form->tplf = $this->subTpl;
} else {
$form->tplf = "userJoin.tpl";
}
$form->fe("text", "firstName", "First name");
$form->fep("width=30, required=true");
$form->fe("text", "lastName", "Last name");
$form->fep("width=30, required=true");
$form->fe("text", "email", "Your email");
$form->fep("width=30,required=true, dataType=email");
if ($this->cfg->loginType == 1 or $this->cfg->getUserName) {
$form->fe("text", "name", "User name");
$form->fep("width=15,required=true,dataType=password");
}
if ($needPassword) {
$form->fe("password", "password", "Your password");
$form->fep("width=15, required=true, dataType=password, minChar=" . $this->cfg->minPassword);
$form->fe("password", "password2", "Enter password again");
$form->fep("width=15,sql=false,dataType=password,required=true");
}
if ($this->cfg->userHasSignUpOptions) {
// user has a set of options to sign up
$form->fe("select", "signUpLevel", "Type of membership", $this->cfg->userAccessSignUpDropdown);
$form->fep("dataType=int, sql=false");
}
$form->tda("loginPath", $this->cfg->logonScript);
if ($form->processForm($_POST)) {
if (!$form->error) {
$form->setField("email", strtolower($form->getField("email")));
if ($this->userCreateCheck($form)) {
return $form->create(true);
} else {
$loginData = array();
$userId = SSP_uniqueId();
$loginData["UserId"] = $userId;
$loginData["UserEmail"] = $form->getField("email");
if ($needPassword) {
$loginData["UserPassword"] = $this->session->cryptPassword($form->getField("password"));
}
if ($this->cfg->userHasSignUpOptions) {
if (isset($this->cfg->userAccessSignUpLevels[$form->getField("signUpLevel")])) {
$loginData["UserAccess"] = $this->cfg->userAccessSignUpLevels[$form->getField("signUpLevel")];
} else {
$loginData["UserAccess"] = $this->cfg->userDefault;
}
} else {
$loginData["UserAccess"] = $this->cfg->userDefault;
}
if ($this->cfg->adminCheck) {
$loginData["UserAdminPending"] = 1;
}
if ($this->cfg->confirmType != 0) {
$loginData["UserWaiting"] = 1;
}
if ($this->cfg->furtherProgram) {
$loginData["UserPending"] = 1;
}
// create login record
$this->db->insert($this->cfg->userTable, $loginData, "Inserting new member login data");
$miscData = array();
$miscData["UserId"] = $userId;
$miscData["FirstName"] = $form->getField("firstName");
$miscData["FamilyName"] = $form->getField("lastName");
$this->db->insert($this->cfg->userMiscTable, $miscData, "Inserting new member misc data");
$this->id = $userId;
$this->userFinish($userId);
return $this->welcomeScreen();
}
} else {
return $form->create(true);
}
} else {
return $form->create();
}
}
/**
* Check user account is valid for login and sets up session and remember me
* cookie if requested
* @param object $userInfo - user login information returned by the db
* @return string/bool - user's id on success else false
*/
private function logonCheck($userInfo)
{
$loginOk = false;
// if external login check ok do the rest
if ($this->userLoginCheck($userInfo)) {
// do final checks on the user and set up session info
$userOk = true;
// check user flags
foreach ($this->cfg->validUserFlags as $flagName => $validFlagValue) {
if ($userInfo->{$flagName} != $validFlagValue) {
$userOk = false;
$this->errorDesc = "Invalid user flag " . $flagName . " value required: " . $validFlagValue . " actual: " . $userInfo->{$flagName};
break;
}
}
if ($this->cfg->fixedIpAddress or $userInfo->UserIpCheck) {
// check user IP
$allowedIpAddreses = explode(',', $userInfo->UserIp);
$foundAddress = false;
foreach ($allowedIpAddreses as $ipAddress) {
if (strcasecmp(SSP_paddIp($_SERVER["REMOTE_ADDR"]), SSP_paddIp($ipAddress)) === 0) {
// Fixed ip correct
// set User ip for update into the session table
$querySet["SessionUserIp"] = $userInfo->UserIp;
$foundAddress = true;
break;
}
}
if (!$foundAddress) {
$this->errorDesc = "Current ip address {$_SERVER["REMOTE_ADDR"]} not in users list";
$userOk = false;
}
}
// check user is not already logged in
if ($userOk and !$this->cfg->allowMultipleLogin) {
$where = array("UserId" => $userInfo->UserId);
if ($this->db->get($this->cfg->sessionTable, $where, "SSP Logon: Checking for multiple logins")) {
// user already logged in
$this->errorDesc = "User already logged in";
$userOk = false;
}
}
// do final set up if everything has worked ok
if ($userOk) {
$loginOk = true;
$querySet["UserId"] = $userInfo->UserId;
if ($this->cfg->checkIpAddress) {
// set up IP address for this session
$querySet["SessionIp"] = $_SERVER["REMOTE_ADDR"];
}
if ($this->cfg->randomCheck) {
// set up random check cookie and entry
$randomCookie = mt_rand(0, 100000);
setcookie($this->cfg->randomCookie, $randomCookie, 0, $this->cfg->cookiePath, $this->cfg->cookieDomain, $this->cfg->useSSL);
$querySet["SessionRandom"] = $randomCookie;
}
if ($this->rememberMe and !$this->rememberMeLogin and $this->rememberMeSave) {
// create remember me cookie if the user was not procuced and the box was ticked
$idSet = SSP_uniqueId();
$userIdSet = $userInfo->UserId;
$timeSet = time() + $this->cfg->loginRememberMePeriod * 24 * 3600;
$rememberMeSet = array("id" => $idSet, "user_id" => $userIdSet, "date_expires" => $timeSet);
$this->db->insert($this->cfg->tableRememberMe, $rememberMeSet, "SSP Logon: creating remember me entry");
setcookie($this->cfg->loginRememberMeCookie, $idSet, $timeSet, "/", $this->cfg->cookieDomain, $this->cfg->useSSL);
}
// update session table
$where = array("SessionId" => session_id());
$this->db->update($this->cfg->sessionTable, $querySet, $where, "SSP Logon: Set up user session after succesful login");
// update login times
$oldLoginTime = $userInfo->UserDateLogon;
$currentLogonTime = time();
$fields = array("UserDateLogon" => $currentLogonTime, "UserDateLastLogon" => $oldLoginTime);
$where = array("UserId" => $userInfo->UserId);
$this->db->update($this->cfg->userTable, $fields, $where, "SSP session handling: Update login times");
}
}
if ($loginOk) {
// change the current session ID to prevent session fixation attacks
$oldSessionId = session_id();
session_regenerate_id();
$fields = array("SessionId" => session_id());
$where = array("SessionId" => $oldSessionId);
$this->db->update($this->cfg->sessionTable, $fields, $where, "SSP session handling: updating new session record after session regen");
return $userInfo->UserId;
} else {
$this->error = true;
sleep($this->cfg->logonFailDelay);
return false;
}
}
