/** * Delete a user * @param type $userId * @return string */ public function deleteUser($userId) { // check for valid user id, ie. hex $check = new \w34u\ssp\CheckData(); if ($check->check('hex', $userId) !== 0) { SSP_Divert($this->cfg->totalAdminScript); } // delete a user, not the current if (strcasecmp($userId, $this->session->userId) != 0) { if (isset($_POST["deleteUser"])) { $where = array("UserId" => $userId); $this->db->delete($this->cfg->userMiscTable, $where, "SSP Admin: deleting user misc data"); $this->db->delete($this->cfg->userTable, $where, "SSP Admin: deleting user login data"); SSP_Divert($this->cfg->totalAdminScript); } elseif (isset($_POST["preserveUser"])) { SSP_Divert($this->cfg->totalAdminScript); } else { // prompt to delete user $where = array("UserId" => $userId); $user = $this->db->get($this->cfg->userMiscTable, $where, "SSP Admin: Getting data to prompt for user delete"); if ($user) { $content = get_object_vars($user); $content["path"] = SSP_Path(); $page = new Template($content, "userListerDeletePrompt.tpl", false); $mainContent = array(); $mainContent["title"] = " - delete user " . $user->FirstName . " " . $user->FamilyName; $mainContent["content"] = $page->output(); $tpl = $this->tpl($mainContent); return $tpl->output(); } else { SSP_Divert($this->cfg->totalAdminScript); } } } }
/** * Login base class constructor * @param w34u\ssp\Protect $session - session object * @param w34u\ssp\Template $tpl - template in which to wrap the form * @param bool $ignoreToken - dont use a token on the login form * @param bool $createForm - create the login form */ public function __construct($session, $tpl = "", $ignoreToken = false, $createForm = true) { if ($createForm) { parent::__construct($session, $tpl, $ignoreToken); } else { $this->cfg = Configuration::getConfiguration(); $this->db = SspDb::getConnection(); } }
/** * SSP site constructor * @param Protect $session - protection object * @param bool $translateAdmin - load admin translation files * @param string $template - main template name */ function __construct($session, $translateAdmin = false, $template = false) { $this->session = $session; $this->cfg = Configuration::getConfiguration(); $this->db = SspDb::getConnection(); if ($this->cfg->translate and $translateAdmin) { Protect::$tranlator->loadFile(false, 'admin'); } if ($template !== false) { $this->template = $template; } }
public function __construct() { $this->cfg = Configuration::getConfiguration(); $this->db = SspDb::getConnection(); }
/** * Constructor * @param SSP_Protect $session - session object * @param Setup $ssp * @param string $id */ public function __construct($session, $ssp, $id = "", $templateFile = "", $generateMenus = true) { // constructor for the user admin object $this->cfg = Configuration::getConfiguration(); $this->db = SspDb::getConnection(); if ($id != "") { $this->id = $id; } elseif (is_object($session)) { $this->id = $session->userId; } $this->session = $session; $this->ssp = $ssp; $this->admin = $this->session->admin; $this->templateFile = $templateFile; $this->generateMenus = $generateMenus; }
* but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * The MIT License (MIT) for more details. * * Revision: a * Rev. Date 12/04/2005 * Descrip: Created. * * Revision: b * Rev. Date 14/01/2016 * Descrip: Composer implemented. */ namespace w34u\ssp; require "../includeheader.php"; $SSP_DB = SspDb::getConnection(); $SSP_Config = Configuration::getConfiguration(); $values = array(); $query = "CREATE TABLE `" . $SSP_Config->sessionTable . "` (\n `SessionId` char(32) NOT NULL default '',\n `UserId` char(32) NOT NULL default '',\n `SessionTime` int(11) NOT NULL default '0',\n `SessionName` varchar(30) NOT NULL default '',\n `SessionIp` varchar(40) NOT NULL default '',\n `SessionUserIp` varchar(40) NOT NULL default '',\n `SessionCheckIp` tinyint(4) NOT NULL default '0',\n `SessionRandom` int(11) NOT NULL default '0',\n `SessionData` blob NOT NULL,\n PRIMARY KEY (`SessionId`),\n KEY `SessionTime` (`SessionTime`)\n) CHARACTER SET " . $SSP_Config->connectionEncoding . " COLLATE " . $SSP_Config->tableCollation; $SSP_DB->query($query, $values, "SSP Database configuration: Creating session table"); $query = "CREATE TABLE `" . $SSP_Config->tokenTable . "` (\n `token` char(32) NOT NULL default '',\n `time` int(11) NOT NULL default '0',\n `id` varchar(50) NOT NULL default '',\n PRIMARY KEY (`token`),\n KEY `time` (`time`),\n KEY `id` (`id`)\n) CHARACTER SET " . $SSP_Config->connectionEncoding . " COLLATE " . $SSP_Config->tableCollation; $SSP_DB->query($query, $values, "SSP Database configuration: Creating token table"); $query = "CREATE TABLE `" . $SSP_Config->userTable . "` (\n `UserId` char(32) NOT NULL default '',\n `UserEmail` varchar(255) NOT NULL default '',\n `UserName` varchar(50) default NULL,\n `UserPassword` varchar(255) NOT NULL default '',\n `UserIp` varchar(30) NOT NULL default '',\n `UserIpCheck` tinyint(4) NOT NULL default '0',\n `UserAccess` varchar(20) NOT NULL default 'public',\n `lang` varchar(10) NOT NULL default '',\n `country` varchar(10) NOT NULL default '',\n `UserDateLogon` int(11) NOT NULL default '0',\n `UserDateLastLogon` int(11) NOT NULL default '0',\n `UserDateCreated` int(11) NOT NULL default '0',\n `UserDisabled` tinyint(4) NOT NULL default '0',\n `UserPending` tinyint(4) NOT NULL default '0',\n `UserAdminPending` tinyint(4) NOT NULL default '0',\n `CreationFinished` tinyint(4) NOT NULL default '0',\n `UserWaiting` tinyint(4) NOT NULL default '0',\n `UserInvisible` tinyint(4) NOT NULL default '0',\n PRIMARY KEY (`UserId`),\n KEY `UserEmail` (`UserEmail`),\n UNIQUE KEY `UserName` (`UserName`),\n KEY `UserPassword` (`UserPassword`),\n KEY `UserDisabled` (`UserDisabled`,`UserPending`,`UserAdminPending`,`CreationFinished`,`UserWaiting`)\n) CHARACTER SET " . $SSP_Config->connectionEncoding . " COLLATE " . $SSP_Config->tableCollation; $SSP_DB->query($query, $values, "SSP Database configuration: Creating login table"); $query = "CREATE TABLE `" . $SSP_Config->userMiscTable . "` (\n `UserId` char(32) NOT NULL default '',\n `Title` varchar(15) NOT NULL default '',\n `FirstName` varchar(20) NOT NULL default '',\n `Initials` varchar(5) NOT NULL default '',\n `FamilyName` varchar(30) NOT NULL default '',\n `Address` varchar(255) NOT NULL default '',\n `TownCity` varchar(30) NOT NULL default '',\n `PostCode` varchar(10) NOT NULL default '',\n `County` varchar(20) NOT NULL default '',\n `Country` varchar(5) NOT NULL default '',\n PRIMARY KEY (`UserId`)\n) CHARACTER SET " . $SSP_Config->connectionEncoding . " COLLATE " . $SSP_Config->tableCollation; $SSP_DB->query($query, $values, "SSP Database configuration: Creating user misc data table"); $query = "CREATE TABLE `" . $SSP_Config->responseTable . "` (\n `token` char(32) NOT NULL default '',\n `time` int(11) NOT NULL default '0',\n `UserId` char(32) NOT NULL default '',\n PRIMARY KEY (`token`),\n KEY `time` (`time`)\n) CHARACTER SET " . $SSP_Config->connectionEncoding . " COLLATE " . $SSP_Config->tableCollation; $SSP_DB->query($query, $values, "SSP Database configuration: Creating user misc data table"); $query = "CREATE TABLE `" . $SSP_Config->tableRememberMe . "` (\n `id` char(32) NOT NULL default '',\n `user_id` char(32) NOT NULL default '',\n `date_expires` int(11) NOT NULL default '0',\n PRIMARY KEY (`id`),\n KEY `date_expires` (`date_expires`)\n) CHARACTER SET " . $SSP_Config->connectionEncoding . " COLLATE " . $SSP_Config->tableCollation; $SSP_DB->query($query, $values, "SSP Database configuration: Creating remember me table"); $session = new Protect();
/** * Cleans up any old response tokens * @global SSP_Configure $SSP_Config * @global type $SSP_DB */ function SSP_ResponseClean() { $SSP_Config = Configuration::getConfiguration(); $SSP_DB = SspDb::getConnection(); $query = "delete from " . $SSP_Config->responseTable . " where " . $SSP_DB->qt("time") . " < ?"; $values = array(time()); $SSP_DB->query($query, $values, "SSP Functions: Cleaning up old response tokens"); }
/** * Constructor * @param string $pageAccessLevel - users allowed to access the page * @param bool $pageCheckEquals - if true only this user type can access this page * @param bool $doHistory - do history for this page * @param ProtectConfig $config - Protected session configuration options */ public function __construct($pageAccessLevel = "", $pageCheckEquals = false, $doHistory = true, $config = false) { global $loginContent; if ($config === false) { $this->config = new \w34u\ssp\ProtectConfig(); } else { $this->config = $config; } $this->cfg = Configuration::getConfiguration(); $this->db = SspDb::getConnection(); // set up db session handling $handler = new SessionHandler(); session_set_save_handler(array($handler, 'open'), array($handler, 'close'), array($handler, 'read'), array($handler, 'write'), array($handler, 'destroy'), array($handler, 'gc')); // the following prevents unexpected effects when using objects as save handlers register_shutdown_function("session_write_close"); session_start(); $this->setupLanguage(); $this->maintenanceMode(); // turn off sql cacheing if it is set, but preserve the status to turn it back on after if ($this->db->cache) { $queryResultCacheing = true; $this->db->cache = false; } else { $queryResultCacheing = false; } $pageAccessLevel = $this->checkParameters($pageAccessLevel, $pageCheckEquals); if (isset($loginContent)) { $_SESSION["SSP_LoginPageAddtionalContent"] = $loginContent; } // check https:// site, and if fail divert to correct url if ($this->cfg->useSSL or $this->config->forceSSLPath) { if (!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] == "off") { // script not called using https SSP_Divert(SSP_Path(true, true)); } } $this->country = ""; // do any external routines before history is called $this->autoLogin(); if ($doHistory) { $this->pageHistory(); } // get all session information for valid sessions $query = sprintf("select * from %s where %s = ? and %s = ?", $this->cfg->sessionTable, $this->db->qt("SessionId"), $this->db->qt("SessionName")); $values = array(session_id(), session_name()); $this->db->query($query, $values, "SSP session handling: Get session information"); if ($this->db->numRows() > 0) { // get result if existing session $sessionInfo = $this->db->fetchRow(); $newSession = false; } else { $newSession = true; $this->log("New session started"); } // process user information if logged in. $userFault = false; $needHigherLogin = false; $userInfo = null; if (!$newSession and trim($sessionInfo->UserId) != "") { $where = array("UserId" => $sessionInfo->UserId); $userInfo = $this->db->get($this->cfg->userTable, $where, "SSP Session: getting login data"); if ($this->db->numRows()) { // user found // check for login expiry if ($sessionInfo->SessionTime + $this->cfg->loginExpiry > time()) { $this->loggedIn = true; $this->userId = $userInfo->UserId; $this->userName = $userInfo->UserName; $this->userAccessLevel = $userInfo->UserAccess; if ($this->cfg->userLevels[$this->userAccessLevel] >= $this->cfg->adminLevel) { // admin user $this->admin = true; } $this->userEmail = SSP_decrypt($userInfo->UserEmail); if (isset($userInfo->country) and trim($userInfo->country) != "") { $this->country = $userInfo->country; } } else { $this->log("Login expired"); $this->loggedIn = false; $this->db->update($this->cfg->sessionTable, array('UserId' => ''), array('SessionId' => session_id(), 'SessionName' => session_name()), 'SSP Session: clearing user id from expired login'); } } else { $this->log("User not found from ID"); $userFault = true; } } $pageAccess = $this->cfg->userLevels[$pageAccessLevel]; if ($this->loggedIn) { // do security checking for user if logged in // validate flags $flagsValid = true; foreach ($this->cfg->validUserFlags as $flagName => $validFlagValue) { if ($userInfo->{$flagName} != $validFlagValue) { $flagsValid = false; $this->log("Invalid user flag " . $flagName . " value required: " . $validFlagValue . " actual: " . $userInfo->{$flagName}); break; } } if (!$flagsValid) { $userFault = true; } elseif ($this->cfg->userLevels[$userInfo->UserAccess] < $pageAccess) { // user does not have a high enough access level $userFault = true; $needHigherLogin = true; // flag higher login needed $this->log("User Access level not high enough Level: " . $userInfo->UserAccess . " " . $this->cfg->userLevels[$userInfo->UserAccess] . " Page " . $pageAccess); } elseif ($pageCheckEquals and $this->cfg->userLevels[$userInfo->UserAccess] != $pageAccess) { // user does not have the correct user access level $userFault = true; $needHigherLogin = true; // flag different login needed $this->log("User Access level not equal to the page's level"); } elseif ($this->cfg->checkIpAddress and SSP_trimIp($sessionInfo->SessionIp) !== SSP_trimIp($_SERVER["REMOTE_ADDR"])) { // users IP address has changed $userFault = true; $this->log("User IP address changed " . SSP_paddIp($_SERVER["REMOTE_ADDR"])); } elseif (($this->cfg->fixedIpAddress or $userInfo->UserIpCheck) and SSP_paddIp($sessionInfo->SessionUserIp) !== SSP_paddIp($_SERVER["REMOTE_ADDR"])) { // user is at incorrect IP address $userFault = true; $this->log("User IP address incorrect, UserIP: " . SSP_paddIp($sessionInfo->SessionUserIp) . " Remote IP: " . SSP_paddIp($_SERVER["REMOTE_ADDR"])); } $userFault = $this->chackRandom($sessionInfo); } else { $this->log("User not logged in"); } // handle user faults $this->userFaultHandling($pageAccess, $userFault, $needHigherLogin, $queryResultCacheing); // final setup of page $this->finalSetup($userInfo); // restore query cacheing mode $this->db->cache = $queryResultCacheing; }
/** * Login base class constructor * @param w34u\ssp\Protect $session - session object * @param w34u\ssp\Template $tpl - template in which to wrap the form * @param bool $ignoreToken - dont use a token on the login form */ public function __construct($session, $tpl = "", $ignoreToken = false) { $this->session = $session; $this->cfg = Configuration::getConfiguration(); $this->db = SspDb::getConnection(); $this->rememberMe = $this->cfg->loginRememberMe; // define the form to login $form = $this->loginScreenDefine($tpl, $ignoreToken); // process the form on submit $this->processForm($form); }