public function deleteCentre()
{
$users = $this->getUsers();
foreach ($users as $user) {
$delUser = new eCRFUser($user);
$delUser->deleteUser();
}
$this->deleteFromDB();
}
public function addUser(eCRFUser $user)
{
$id = $user->getID();
$time = date('Y-m-d H:i:s');
if (!isset($this->firstuser)) {
$this->set('firstuser', $id);
$this->set('created', $time);
}
$this->set('lastuser', $id);
$this->set('lastmod', $time);
}
if (isset($_POST['sign'])) {
header("Location:dataentry.php?page=signpt");
exit;
} else {
header("Location:dataentry.php?page=core");
exit;
}
}
}
header("Location:index.php?page={$include}");
exit;
break;
case 'useradm':
if (isset($_POST['useradm_id'])) {
foreach ($_POST['useradm_id'] as $id) {
$newUser = new eCRFUser($id);
if (isset($_POST['admin']) && $_POST['admin'] == 'admin' && !$user->isRegional()) {
$newPriv = 10;
} else {
$newPriv = 15;
}
if ($user->isRegional() && $newUser->getCentre() != $user->getCentre()) {
// Check not trying to validate someone elses users
$_SESSION['error'] = "You can only validate users from your own centre";
} else {
if (!$newUser->email || $newPriv == 10 && $newUser->getPrivilege() == 99 || $newPriv == 15 && $newUser->getPrivilege() == 98) {
$_SESSION['error'] = "An error has occurred.";
} else {
$newUser->setPrivilege($newPriv);
// Data entry privilege
$password = $newUser->generatePassword();
protected function getEmailContact($type)
{
$contact = array();
if ($type == 'testregister' || $type == 'created') {
$contact[] = $this;
} else {
if ($type === 'register' || $type === 'forgotpass') {
if ($this->getPrivilege() == 98) {
$contact[] = new eCRFUser($this->_adminUser);
} else {
$sql = "SELECT id FROM user WHERE centre_id = ?";
$pA = array('i', $this->getCentre());
$search = DB::query($sql, $pA);
foreach ($search->rows as $row) {
$possContact = new eCRFUser($row->id);
if ($possContact->isLocalAdmin()) {
$contact[] = $possContact;
}
}
if (empty($contact)) {
$contact[] = new eCRFUser($this->_adminUser);
}
}
} else {
if ($type === 'createuser') {
$contact[] = new eCRFUser(11);
} else {
$contact[] = new eCRFUser($this->_adminUser);
}
}
}
return $contact;
}
<?php
$showSearch = true;
if (isset($_POST['userSelect']) && is_numeric($_POST['userSelect'])) {
$userEdit = new eCRFUser($_POST['userSelect']);
if ($userEdit->get('email') && $userEdit->getPrivilege() >= $user->getPrivilege()) {
$showSearch = false;
echo "<h4>Edit the user's details below</h4>";
$form = new HTMLForm('process.php', 'post');
$fields = $trial->getFormFields($page);
$form->processFields($fields, $userEdit);
if (isset($_SESSION['inputErr'])) {
// If any errors then add them to the form
$form->addErrors($_SESSION['inputErr']);
unset($_SESSION['inputErr']);
}
$centre = new Data($userEdit->getCentre(), 'Centre');
$form->addInputValue('usereg-country', $centre->get('country_id'));
$form->addInput('hidden', 'userID', $userEdit->getID());
$form->addInput('hidden', 'page', $page);
$form->addInput('hidden', 'deleteUser', 'false');
$form->addButton('Delete', array('btn-danger', 'hidden'));
$form->addCancelButton('index.php?page=usereg');
$_SESSION['csrfToken'] = $token = base64_encode(openssl_random_pseudo_bytes(32));
$form->addInput('hidden', 'csrfToken', $token);
echo $form->writeHTML();
}
}
if ($showSearch) {
$sql = "SELECT *, user.id as userID, centre.name as centreName, country.name as countryName, privilege.name as privilegeName, privilege_id FROM user\n LEFT JOIN centre ON centre_id = centre.id\n LEFT JOIN country ON country_id = country.id\n LEFT JOIN privilege ON privilege_id = privilege.id";
if ($user->isLocal()) {
public function addSignInput($post)
{
if (isset($post['comment'])) {
$this->record->set('comment', $post['comment']);
$this->record->saveToDB();
}
if (isset($post['presignpt'])) {
if ($post['presignpt'] && $this->user->canPreSign()) {
$this->record->preSignRecord();
}
}
if (isset($post['unpresignpt'])) {
if ($post['unpresignpt'] && $this->user->canUnPreSign()) {
$this->record->unPreSignRecord();
}
}
if (isset($post['signpt'])) {
if ($post['signpt'] && $this->user->canSign()) {
$this->record->signRecord();
$this->record->preSignRecord();
}
}
if (isset($post['unsignpt'])) {
if ($post['unsignpt'] && $this->user->canUnsign()) {
$this->record->unsignRecord();
}
}
}
}
if (isset($_SESSION['csrfToken'])) {
unset($_SESSION['csrfToken']);
}
$sql = "SELECT id FROM failed_login WHERE ip_address = ? AND failed_time > ADDDATE(NOW(), INTERVAL -5 MINUTE)";
$ip_address = $_SERVER['REMOTE_ADDR'];
$pA = array('s', $ip_address);
$failures = DB::query($sql, $pA);
$num_failed = $failures->getRows();
$too_many_attempts = false;
if ($num_failed > 3) {
$_SESSION['error'] = 'Too many failed attempts from your location, please try again in 5 minutes.';
$too_many_attempts = true;
}
if (!$too_many_attempts && isset($_POST['username']) && isset($_POST['password'])) {
$user = new eCRFUser();
$login = $user->login($_POST['username'], $_POST['password']);
if ($login) {
$_SESSION['user'] = $user;
}
} else {
$login = false;
}
if ($too_many_attempts || !$login) {
$sql = "INSERT INTO failed_login ( username, ip_address, too_many, failed_time ) VALUES ( ?, ?, ?, ? )";
$username = substr($_POST['username'], 0, 50);
$failed_time = gmdate("Y-m-d H:i:s");
$pA = array('ssis', $username, $ip_address, $too_many_attempts, $failed_time);
DB::query($sql, $pA);
}
header('Location:index.php');
