break;
// Authentication
// Authentication
case "auth":
if (isset($_GET['action'])) {
switch ($_GET['action']) {
case "login":
if (isset($_POST['username']) && isset($_POST['password'])) {
Authentication::logUserIn($_POST['username'], $_POST['password']);
} else {
header(ROOT . "user.php?mode=auth&action=login");
}
Authentication::blockPageToVisitors();
break;
case "logout":
Authentication::logUserOut();
break;
}
}
break;
case "suspended":
if (isset($_SESSION['user_id_suspended'])) {
$sql = "SELECT * FROM `users` WHERE user_id = '" . $_SESSION['user_id_suspended'] . "'";
$result = openRailwayCore::dbQuery($sql);
$user = mysql_fetch_assoc($result);
if ($user['suspended'] == 1) {
openRailwayCore::pageHeader("Account suspended");
$template = new Template();
$template->set_custom_template(FROOT . "theme/" . STYLE, 'default');
$template->set_filenames(array('body' => 'suspended.html'));
$template->display('body');
<?php
Authentication::accessLevelController(8, '>');
// Deal with logout form
if (isset($_GET['action']) && $_GET['action'] == "force" && isset($_POST['uid'])) {
Authentication::logUserOut($_POST['uid'], openRailwayCore::createInteractionIdentifier(), 1);
}
$sql = "SELECT * FROM `sessions`";
$result = openRailwayCore::dbQuery($sql);
$main = new Template();
$main->set_custom_template("includes/", 'default');
$main->assign_var('ROOT', ROOT);
while ($sessions = mysql_fetch_assoc($result)) {
$ipGeoLoc = array();
$ipGeoLoc = Authentication::checkIPLocation($sessions['user_ip']);
if ($ipGeoLoc['town'] == '') {
$geoLoc = null;
} else {
$geoLoc = $ipGeoLoc['town'] . ", " . $ipGeoLoc['state'] . ", " . $ipGeoLoc['country'];
}
$main->assign_block_vars('usr_sess', array('SESSID' => $sessions['session_id'], 'LOGIN' => date("d-M-Y H:i:s", $sessions['log_in_time']), 'LASTACTIVE' => date("d-M-Y H:i:s", $sessions['last_active_time']), 'UID' => $sessions['user_id'], 'SID' => $sessions['staff_id'], 'IP' => $sessions['user_ip'], 'GEOLOC' => $geoLoc, 'UA' => $sessions['user_agent'], 'SAL' => $sessions['session_access_level']));
}
$main->set_filenames(array('main' => "usr_sess.html"));
$main->display('main');
/**
* Suspends a user account
* @param integer $uid The user account to suspend
*/
public static function suspendUser($uid, $interaction = null, $system = null)
{
if (!isset($interaction)) {
$interaction = openRailwayCore::createInteractionIdentifier();
}
$sql = "UPDATE `users` SET `suspended` = '1' WHERE user_id = '" . $uid . "'";
$result = openRailwayCore::dbQuery($sql);
if ($system == 1) {
$eventString = "User (UID: " . $uid . ") suspended by openRailway system";
Authentication::logUserOut($uid, $interaction, 1);
} else {
$eventString = "User (UID: " . $uid . ") suspended by user (UID: " . $_SESSION['user_id'] . ")";
Authentication::logUserOut($uid, $interaction, 0);
}
openRailwayCore::logEvent(time(), $interaction, $_SESSION['user_id'], 5, 1, $eventString);
}
