$res = user_Update($system, $_REQUEST); } else { if ($action == "usr_get" && is_numeric(@$_REQUEST['UGrpID'])) { $ugrID = $_REQUEST['UGrpID']; if ($system->is_admin2($ugrID)) { $res = user_getById($system->get_mysqli(), $ugrID); if (is_array($res)) { $res['ugr_Password'] = ''; } } else { $system->addError(HEURIST_REQUEST_DENIED); } } else { if ($action == "groups") { $ugr_ID = @$_REQUEST['UGrpID'] ? $_REQUEST['UGrpID'] : $system->get_user_id(); $res = user_getWorkgroups($system->get_mysqli(), $ugr_ID, true); } else { if ($action == "members" && @$_REQUEST['UGrpID']) { $res = user_getWorkgroupMemebers($system->get_mysqli(), @$_REQUEST['UGrpID']); } else { if ($action == "svs_save") { $res = svsSave($system, $_REQUEST); } else { if ($action == "svs_delete" && @$_REQUEST['ids']) { $res = svsDelete($system, $_REQUEST['ids'], @$_REQUEST['UGrpID']); } else { if ($action == "svs_get") { if (@$_REQUEST['svsIDs']) { $res = svsGetByIds($system, $_REQUEST['svsIDs'], @$_REQUEST['UGrpID']); } else { $res = svsGetByUser($system, @$_REQUEST['UGrpID']);
/** * Find user by name and password and keeps user info in current_User and in session * * @param mixed $username * @param mixed $password * @param mixed $session_type - public, shared, remember * * @return TRUE if login is success */ public function login($username, $password, $session_type) { if ($username && $password) { //db_users $user = user_getByField($this->mysqli, 'ugr_Name', $username); if ($user) { if ($user['ugr_Enabled'] != 'y') { $this->addError(HEURIST_REQUEST_DENIED, "Your user profile is not active. Please contact database owner"); return false; } else { if (crypt($password, $user['ugr_Password']) == $user['ugr_Password']) { $_SESSION[$this->dbname_full]['ugr_ID'] = $user['ugr_ID']; $_SESSION[$this->dbname_full]['ugr_Name'] = $user['ugr_Name']; $_SESSION[$this->dbname_full]['ugr_FullName'] = $user['ugr_FirstName'] . ' ' . $user['ugr_LastName']; //@todo $_SESSION[$this->dbname_full]['user_access'] = $groups; //$_SESSION[$this->dbname_full]['cookie_version'] = COOKIE_VERSION; $time = 0; if ($session_type == 'public') { $time = 0; } else { if ($session_type == 'shared') { $time = time() + 24 * 60 * 60; //day } else { if ($session_type == 'remember') { $time = time() + 30 * 24 * 60 * 60; //30 days $_SESSION[$this->dbname_full]['keepalive'] = true; //refresh time on next entry } } } $cres = setcookie('heurist-sessionid', session_id(), $time, '/'); //, HEURIST_SERVER_NAME); if (!$cres) { } //update login time in database user_updateLoginTime($this->mysqli, $user['ugr_ID']); //keep current user info $user['ugr_FullName'] = $user['ugr_FirstName'] . ' ' . $user['ugr_LastName']; $user['ugr_Password'] = ''; $user['ugr_Groups'] = user_getWorkgroups($this->mysqli, $user['ugr_ID']); $user['ugr_Preferences'] = user_getDefaultPreferences(); $this->current_User = $user; /* $this->current_User = array( 'ugr_ID'=>$user['ugr_ID'], 'ugr_FullName'=>$user['ugr_FirstName'] . ' ' . $user['ugr_LastName'], 'ugr_Groups' => user_getWorkgroups( $this->mysqli, $user['ugr_ID'] ), 'ugr_Preferences' => user_getPreferences() ); */ //header('Location: http://localhost/h4/index.php?db='.$this->dbname); //vsn 3 backward capability $h3session = $this->dbname_full . '.heurist'; $_SESSION[$h3session]['cookie_version'] = 1; $_SESSION[$h3session]['user_name'] = $user['ugr_Name']; $_SESSION[$h3session]['user_realname'] = $user['ugr_FullName']; $_SESSION[$h3session]['user_id'] = $user['ugr_ID']; $_SESSION[$h3session]['user_access'] = $user['ugr_Groups']; $_SESSION[$h3session]['keepalive'] = $session_type == 'remember'; return true; } else { $this->addError(HEURIST_REQUEST_DENIED, "Password is incorrect"); return false; } } } else { $this->addError(HEURIST_REQUEST_DENIED, "User name is incorrect"); return false; } } else { $this->addError(HEURIST_INVALID_REQUEST, "Username / password not defined"); //INVALID_REQUEST return false; } }