/** * Checks that the supplied token still exists and has not timed out. * @global SSP_Configure $SSP_Config * @global type $SSP_DB * @param string $token * @return string/bool - UserId or false on not found */ function SSP_CheckResponseToken($token) { $SSP_Config = Configuration::getConfiguration(); $SSP_DB = SspDb::getConnection(); $tokenOk = false; $check = new \w34u\ssp\CheckData(); if ($check->check('hex', $token) !== 0) { return false; } // Form token field exists $where = array("token" => $token); $row = $SSP_DB->get($SSP_Config->responseTable, $where, "SSP Functions: Finding current form token"); if ($SSP_DB->numRows()) { if ($row->time >= time()) { $tokenOk = $row->UserId; } $SSP_DB->delete($SSP_Config->responseTable, $where, "SSP Functions: Removing current form token"); } return $tokenOk; }
/** * Delete a user * @param type $userId * @return string */ public function deleteUser($userId) { // check for valid user id, ie. hex $check = new \w34u\ssp\CheckData(); if ($check->check('hex', $userId) !== 0) { SSP_Divert($this->cfg->totalAdminScript); } // delete a user, not the current if (strcasecmp($userId, $this->session->userId) != 0) { if (isset($_POST["deleteUser"])) { $where = array("UserId" => $userId); $this->db->delete($this->cfg->userMiscTable, $where, "SSP Admin: deleting user misc data"); $this->db->delete($this->cfg->userTable, $where, "SSP Admin: deleting user login data"); SSP_Divert($this->cfg->totalAdminScript); } elseif (isset($_POST["preserveUser"])) { SSP_Divert($this->cfg->totalAdminScript); } else { // prompt to delete user $where = array("UserId" => $userId); $user = $this->db->get($this->cfg->userMiscTable, $where, "SSP Admin: Getting data to prompt for user delete"); if ($user) { $content = get_object_vars($user); $content["path"] = SSP_Path(); $page = new Template($content, "userListerDeletePrompt.tpl", false); $mainContent = array(); $mainContent["title"] = " - delete user " . $user->FirstName . " " . $user->FamilyName; $mainContent["content"] = $page->output(); $tpl = $this->tpl($mainContent); return $tpl->output(); } else { SSP_Divert($this->cfg->totalAdminScript); } } } }