/**
* method to check if authorized to update
* @returns boolean
*/
public static function isAuthorizedToUpdate()
{
if (!array_key_exists('HTTP_HOST', $_SERVER)) {
//command line. don't check.
return true;
}
if (array_key_exists('update_authentication', $_SESSION) && $_SESSION['update_authentication'] && array_key_exists('update_authentication_time', $_SESSION) && $_SESSION['update_authentication_time'] + self::$timeout * 60 >= time()) {
return true;
}
$_SESSION['update_authentication'] = 0;
require_once 'I2CE_UserAccess_Mechanism.php';
$userAccess = new I2CE_UserAccess_Mechanism();
if (array_key_exists('REQUEST_METHOD', $_SERVER) && $_SERVER['REQUEST_METHOD'] == "POST" && array_key_exists('password', $_POST) && $_POST['password'] && $userAccess->userHasPassword('i2ce_admin', $_POST['password'])) {
$_SESSION['update_authentication'] = 1;
$_SESSION['update_authentication_time'] = time();
return true;
}
//we are not authenticated. Ask for the password
echo "<html><body>" . I2CE_Error::$errorImage . "<div style='position:relative;left:150px;top:50px'>" . "<h2 style='color:#993300'>iHRIS Site Update</h2>" . "<div style='text-align:left;width:70%;height:30%;\n font-family:monospace;\n font-height:70%;\n overflow:none;margin-top:0;\n background-color:#ffffcc;border:dashed;border-width:3px;border-color:#ffcc99;opacity:0.8;'>" . "<form action='' method='post'>Please enter the administrative (database) password to proceed. <p style='position:relative;left:2em'><b>Password:</b><input type='password' name='password'/></p></form></div></div></body></html>";
die;
}
/**
* Gets the display name for the user
* @param string $username
* @param array $user details
* @returns string
*/
public function displayName($username, $user)
{
$details = array();
if (array_key_exists('firstname', $user) && array_key_exists('lastname', $user) && $user['lastname']) {
if ($user['firstname']) {
return $user['firstname'] . ' ' . $user['lastname'];
} else {
return $user['lastname'];
}
} else {
if (array_key_exists('commonname', $user) && $user['commonname']) {
return $user['commonname'];
} else {
return parent::displayName($username, $user);
}
}
}
/**
* Create a new instance of a dhis user access mechanism
*/
public function __construct()
{
parent::__construct();
$this->db = MDB2::singleton();
$this->passTable = $this->options['passTable'];
$this->accessTable = $this->options['accessTable'];
$this->logTable = $this->options['logTable'];
$this->detailTable = $this->options['detailTable'];
}
/**
* Perform the main actions of the page.
* @return boolean
*/
protected function action()
{
if (!parent::action()) {
return false;
}
if (!$this->hasPermission("role(admin)")) {
$this->userMessage("You do not have permission to view this page.");
return false;
}
$pos_mech = I2CE_FormStorage::getStorageMechanism("position");
$pers_pos_mech = I2CE_FormStorage::getStorageMechanism("person_position");
if (!$pos_mech instanceof I2CE_FormStorage_entry || !$pers_pos_mech instanceof I2CE_FormStorage_entry) {
I2CE::raiseMessage("Invalid storage type for position and person position forms. " . get_class($pos_mech) . get_class($pers_pos_mech));
$this->template->addFile("mass_delete_by_search_error_invalid.html");
return true;
}
$people = $this->post('people');
if (!is_array($people) || count($people) < 1) {
$this->template->addFile("mass_delete_by_search_empty.html");
} else {
$step = 'choose';
if ($this->post_exists('step')) {
$step = $this->post('step');
}
if ($step == "delete") {
if ($this->post('yes') != 'yes') {
$this->template->appendFileById("mass_delete_by_search_error_yes.html", "p", "error");
$step = "confirm";
}
$userAccess = new I2CE_UserAccess_Mechanism();
if (!$this->post_exists('admin_pass') || !$userAccess->userHasPassword('i2ce_admin', $this->post('admin_pass'))) {
$this->template->appendFileById("mass_delete_by_search_error_password.html", "p", "error");
$step = "confirm";
}
}
switch ($step) {
case "choose":
$this->template->addFile("mass_delete_by_search_form.html");
$msgNode = $this->template->addFile("mass_delete_by_search_confirm_message.html");
foreach ($people as $person) {
$persObj = I2CE_FormFactory::instance()->createContainer($person);
$persObj->populate();
$persNode = $this->template->appendFileById("mass_delete_by_search_each.html", "li", "search_list");
$this->template->setDisplayDataImmediate("people[]", array('value' => $person, 'id' => "check_{$person}"), $persNode);
$this->template->setDisplayDataImmediate("person_name", $persObj->surname . ', ' . $persObj->firstname, $persNode);
$label = $this->template->query("label[@name='search_label']", $persNode);
if ($label->length == 1) {
$label->item(0)->setAttribute("for", "check_{$person}");
}
}
break;
case "confirm":
$list = $this->getDeleteList($people);
if ($list === null) {
$this->template->addFile("mass_delete_by_search_error_notfound.html");
} elseif (count($list) < 1) {
I2CE::raiseMessage("Invalid return data from getDeleteList!");
$this->template->addFile("mass_delete_by_search_error_unkonwn.html");
} else {
$formNode = $this->template->addFile("mass_delete_by_search_form.html");
$this->template->setDisplayDataImmediate("step", "delete");
$addNode = $this->template->addFile("mass_delete_by_search_authenticate_form.html");
$would_delete = I2CE_FormStorage_entry::massDelete($list, array());
$msgNode = $this->template->addFile("mass_delete_by_search_delete_count.html");
$this->template->setDisplayDataImmediate("delete_count", $would_delete, $msgNode);
foreach ($people as $person) {
$persObj = I2CE_FormFactory::instance()->createContainer($person);
$persObj->populate();
$persNode = $this->template->appendFileById("mass_delete_by_search_each_final.html", "li", "search_list");
$this->template->setDisplayDataImmediate("people[]", $person, $persNode);
$this->template->setDisplayDataImmediate("person_name", $persObj->surname . ', ' . $persObj->firstname, $persNode);
}
}
break;
case "delete":
$list = $this->getDeleteList($people);
if ($list === null) {
$this->template->addFile("mass_delete_by_search_error_notfound.html");
} elseif (count($list) < 1) {
I2CE::raiseMessage("Invalid return data from getDeleteList!");
$this->template->addFile("mass_delete_by_search_error_unkonwn.html");
} else {
$formNode = $this->template->addFile("mass_delete_by_search_form.html");
$this->template->setDisplayDataImmediate("step", "delete");
$addNode = $this->template->addFile("mass_delete_by_search_authenticate_form.html");
I2CE_ModuleFactory::callHooks("pre_mass_delete_person", $people, $this->post());
if (($deleted = I2CE_FormStorage_entry::massDelete($list, array(), false)) !== false) {
$node = $this->template->addFile("mass_delete_by_search_success.html");
$this->template->setDisplayDataImmediate("delete_count", $deleted, $node);
if (I2CE_ModuleFactory::instance()->isEnabled("CachedForms")) {
$forms = I2CE_FormFactory::instance()->getNames();
$success = array();
$failure = array();
foreach ($forms as $form) {
try {
$cachedForm = new I2CE_CachedForm($form);
} catch (Exception $e) {
$success[] = $form;
continue;
}
if (!$cachedForm->dropTable()) {
$failure[] = $form;
}
}
if (count($failure) > 0) {
$this->template->addFile("mass_delete_by_search_cache_fail.html", "p");
} else {
$this->template->addFile("mass_delete_by_search_cache_success.html", "p");
}
}
} else {
I2CE::raiseError("An error occurred trying to mass delete by search.");
$this->template->addFile("mass_delete_by_search_error_unkonwn.html");
}
}
break;
}
}
}
/**
* Log the user out of the system.
* @global array
*/
public function logout()
{
if (!$this->logged_in()) {
return;
}
I2CE_UserAccess_Mechanism::unsetSession();
unset($_SESSION['referal']);
$this->logged_in = false;
$userAccess = I2CE::getUserAccess();
if (!$userAccess instanceof I2CE_UserAccess_Mechanism) {
I2CE::raiseError("No user access mechanism set");
return false;
}
$userAccess->logActivity($this->username, 'logout');
}
