/** * method to check if authorized to update * @returns boolean */ public static function isAuthorizedToUpdate() { if (!array_key_exists('HTTP_HOST', $_SERVER)) { //command line. don't check. return true; } if (array_key_exists('update_authentication', $_SESSION) && $_SESSION['update_authentication'] && array_key_exists('update_authentication_time', $_SESSION) && $_SESSION['update_authentication_time'] + self::$timeout * 60 >= time()) { return true; } $_SESSION['update_authentication'] = 0; require_once 'I2CE_UserAccess_Mechanism.php'; $userAccess = new I2CE_UserAccess_Mechanism(); if (array_key_exists('REQUEST_METHOD', $_SERVER) && $_SERVER['REQUEST_METHOD'] == "POST" && array_key_exists('password', $_POST) && $_POST['password'] && $userAccess->userHasPassword('i2ce_admin', $_POST['password'])) { $_SESSION['update_authentication'] = 1; $_SESSION['update_authentication_time'] = time(); return true; } //we are not authenticated. Ask for the password echo "<html><body>" . I2CE_Error::$errorImage . "<div style='position:relative;left:150px;top:50px'>" . "<h2 style='color:#993300'>iHRIS Site Update</h2>" . "<div style='text-align:left;width:70%;height:30%;\n font-family:monospace;\n font-height:70%;\n overflow:none;margin-top:0;\n background-color:#ffffcc;border:dashed;border-width:3px;border-color:#ffcc99;opacity:0.8;'>" . "<form action='' method='post'>Please enter the administrative (database) password to proceed. <p style='position:relative;left:2em'><b>Password:</b><input type='password' name='password'/></p></form></div></div></body></html>"; die; }
/** * Gets the display name for the user * @param string $username * @param array $user details * @returns string */ public function displayName($username, $user) { $details = array(); if (array_key_exists('firstname', $user) && array_key_exists('lastname', $user) && $user['lastname']) { if ($user['firstname']) { return $user['firstname'] . ' ' . $user['lastname']; } else { return $user['lastname']; } } else { if (array_key_exists('commonname', $user) && $user['commonname']) { return $user['commonname']; } else { return parent::displayName($username, $user); } } }
/** * Create a new instance of a dhis user access mechanism */ public function __construct() { parent::__construct(); $this->db = MDB2::singleton(); $this->passTable = $this->options['passTable']; $this->accessTable = $this->options['accessTable']; $this->logTable = $this->options['logTable']; $this->detailTable = $this->options['detailTable']; }
/** * Perform the main actions of the page. * @return boolean */ protected function action() { if (!parent::action()) { return false; } if (!$this->hasPermission("role(admin)")) { $this->userMessage("You do not have permission to view this page."); return false; } $pos_mech = I2CE_FormStorage::getStorageMechanism("position"); $pers_pos_mech = I2CE_FormStorage::getStorageMechanism("person_position"); if (!$pos_mech instanceof I2CE_FormStorage_entry || !$pers_pos_mech instanceof I2CE_FormStorage_entry) { I2CE::raiseMessage("Invalid storage type for position and person position forms. " . get_class($pos_mech) . get_class($pers_pos_mech)); $this->template->addFile("mass_delete_by_search_error_invalid.html"); return true; } $people = $this->post('people'); if (!is_array($people) || count($people) < 1) { $this->template->addFile("mass_delete_by_search_empty.html"); } else { $step = 'choose'; if ($this->post_exists('step')) { $step = $this->post('step'); } if ($step == "delete") { if ($this->post('yes') != 'yes') { $this->template->appendFileById("mass_delete_by_search_error_yes.html", "p", "error"); $step = "confirm"; } $userAccess = new I2CE_UserAccess_Mechanism(); if (!$this->post_exists('admin_pass') || !$userAccess->userHasPassword('i2ce_admin', $this->post('admin_pass'))) { $this->template->appendFileById("mass_delete_by_search_error_password.html", "p", "error"); $step = "confirm"; } } switch ($step) { case "choose": $this->template->addFile("mass_delete_by_search_form.html"); $msgNode = $this->template->addFile("mass_delete_by_search_confirm_message.html"); foreach ($people as $person) { $persObj = I2CE_FormFactory::instance()->createContainer($person); $persObj->populate(); $persNode = $this->template->appendFileById("mass_delete_by_search_each.html", "li", "search_list"); $this->template->setDisplayDataImmediate("people[]", array('value' => $person, 'id' => "check_{$person}"), $persNode); $this->template->setDisplayDataImmediate("person_name", $persObj->surname . ', ' . $persObj->firstname, $persNode); $label = $this->template->query("label[@name='search_label']", $persNode); if ($label->length == 1) { $label->item(0)->setAttribute("for", "check_{$person}"); } } break; case "confirm": $list = $this->getDeleteList($people); if ($list === null) { $this->template->addFile("mass_delete_by_search_error_notfound.html"); } elseif (count($list) < 1) { I2CE::raiseMessage("Invalid return data from getDeleteList!"); $this->template->addFile("mass_delete_by_search_error_unkonwn.html"); } else { $formNode = $this->template->addFile("mass_delete_by_search_form.html"); $this->template->setDisplayDataImmediate("step", "delete"); $addNode = $this->template->addFile("mass_delete_by_search_authenticate_form.html"); $would_delete = I2CE_FormStorage_entry::massDelete($list, array()); $msgNode = $this->template->addFile("mass_delete_by_search_delete_count.html"); $this->template->setDisplayDataImmediate("delete_count", $would_delete, $msgNode); foreach ($people as $person) { $persObj = I2CE_FormFactory::instance()->createContainer($person); $persObj->populate(); $persNode = $this->template->appendFileById("mass_delete_by_search_each_final.html", "li", "search_list"); $this->template->setDisplayDataImmediate("people[]", $person, $persNode); $this->template->setDisplayDataImmediate("person_name", $persObj->surname . ', ' . $persObj->firstname, $persNode); } } break; case "delete": $list = $this->getDeleteList($people); if ($list === null) { $this->template->addFile("mass_delete_by_search_error_notfound.html"); } elseif (count($list) < 1) { I2CE::raiseMessage("Invalid return data from getDeleteList!"); $this->template->addFile("mass_delete_by_search_error_unkonwn.html"); } else { $formNode = $this->template->addFile("mass_delete_by_search_form.html"); $this->template->setDisplayDataImmediate("step", "delete"); $addNode = $this->template->addFile("mass_delete_by_search_authenticate_form.html"); I2CE_ModuleFactory::callHooks("pre_mass_delete_person", $people, $this->post()); if (($deleted = I2CE_FormStorage_entry::massDelete($list, array(), false)) !== false) { $node = $this->template->addFile("mass_delete_by_search_success.html"); $this->template->setDisplayDataImmediate("delete_count", $deleted, $node); if (I2CE_ModuleFactory::instance()->isEnabled("CachedForms")) { $forms = I2CE_FormFactory::instance()->getNames(); $success = array(); $failure = array(); foreach ($forms as $form) { try { $cachedForm = new I2CE_CachedForm($form); } catch (Exception $e) { $success[] = $form; continue; } if (!$cachedForm->dropTable()) { $failure[] = $form; } } if (count($failure) > 0) { $this->template->addFile("mass_delete_by_search_cache_fail.html", "p"); } else { $this->template->addFile("mass_delete_by_search_cache_success.html", "p"); } } } else { I2CE::raiseError("An error occurred trying to mass delete by search."); $this->template->addFile("mass_delete_by_search_error_unkonwn.html"); } } break; } } }
/** * Log the user out of the system. * @global array */ public function logout() { if (!$this->logged_in()) { return; } I2CE_UserAccess_Mechanism::unsetSession(); unset($_SESSION['referal']); $this->logged_in = false; $userAccess = I2CE::getUserAccess(); if (!$userAccess instanceof I2CE_UserAccess_Mechanism) { I2CE::raiseError("No user access mechanism set"); return false; } $userAccess->logActivity($this->username, 'logout'); }