// used to set messages to provide to the user (eg. 'proxy not disabled for local network'); // including <br> on the end of each message will keep the messages separate for the user $user_messages = ''; /** Check for login - or redirect to login.php **/ $session = new DashboardSession(); // are we logged in already? if ($session->getUsername() == '') { //If not redirect to login page - then redirect here //header("Location: dashboardlogin.php?redirect=dashboard.php"); // can't redirect within ajax so just return message print "Not logged in"; exit(0); } $parms = new Parameters(); // create user object $user = $kdb->getUserUsername($session->getUsername()); // check we have valid user if ($user == null) { print "Invalid user"; exit(0); } elseif (!$user->isAdmin() && !$user->isSupervisor()) { print "Insufficient permission"; exit(0); } // read in parameters /* maxlines not recommended for ajax as it could result in gaps in log view although can be used to prevent excessive log entries killing browser session*/ /* Instead maxlines should be used on original, but allow multiple additional entries */ /* If used then will restrict number of lines returned within getlog */ // Not currently implemented (possible future option) /*$maxlines = $parms->getParm('maxlines'); if ($maxlines == '') {$maxlines = 0;}*/
// all values are included in array - even if not on url $parms = new Parameters(); // Allow messages to be sent to the web page $message = ''; // If we have a username & password then login attempt, if not then prompt /** logging in **/ // First check that the password is correct - as otherwise we won't allow anything // $password is already md5 encoded, as is the value in get_values so just do direct compare if ($parms->getParm('user') != '' && $parms->getParm('password') != '') { $username = $parms->getParm('user'); $password = $parms->getParm('password'); if ($debug) { print "Login attempt {$username} / {$password}"; } // gets user object based on username $user = $kdb->getUserUsername($username); // check we got a user back if ($user == null) { if ($debug) { print "No matching user found\n"; } loginFail('usernamepassword'); } // Get username and password and check - first check shouldn't hit but additional check if ($user->getusername() != $username || md5($password) != $user->getPassword()) { if ($debug) { print "Login fail " . $user->getUsername() . "\n"; } loginFail('usernamepassword'); } /* don't need to be admin / supervisor - but normal user can only change password etc.*/
if ($db->getStatus() != 1) { die("Unable to connect to the database"); } // used to set messages to provide to the user (eg. 'proxy not disabled for local network'); // including <br> on the end of each message will keep the messages separate for the user $user_messages = ''; /** Check for login - or redirect to login.php **/ $session = new DashboardSession(); // are we logged in already? if ($session->getUsername() == '') { //If not redirect to login page - then redirect here header("Location: dashboardlogin.php?redirect=dashboard.php"); exit(0); } // create user object $user = $kdb->getUserUsername($session->getUsername()); // check we have valid user if ($user == null) { header("Location: dashboardlogin.php?redirect=dashboard.php&message=notuser"); exit(0); } elseif (!$user->isAdmin()) { header("Location: dashboard.php?message=nopermission"); exit(0); } // Username used to display back to user $username = $user->getUsername(); $parms = new Parameters(); // valid messages // newpass, nopermission if ($parms->getParm('action') == 'save') { // Saved changed entry
/*** Connect to database ***/ $db = new Database($dbsettings); $kdb = new KidsafeDB($db); //Get parameters - check safe and return as object // all values are included in array - even if not on url $parms = new Parameters(); if ($db->getStatus() != 1) { die("Unable to connect to the database"); } // If we have a password then adding entry, if not then prompt what to add /** Adding entry **/ // First check that the password is correct - as otherwise we won't allow anything // $password is already md5 encoded, as is the value in get_values so just do direct compare if ($parms->getParm('add') == 'stage2') { // gets user object based on username $user = $kdb->getUserUsername($parms->getParm('username')); // check we got a user back if ($user == null) { if ($debug) { print "User doesn't exist " . $parms->getParm('username') . "\n"; } loginFail(); } // Get username and password and check - first check shouldn't hit but additional check if ($user->getUsername() != $parms->getParm('username') || md5($parms->getParm('password')) != $user->getPassword()) { if ($debug) { print "Login failure user: "******" password: "******" \n"; } loginFail(); } // check we have sufficient permission - ie. admin
if ($db->getStatus() != 1) { die("Unable to connect to the database"); } // used to set messages to provide to the user (eg. 'proxy not disabled for local network'); // including <br> on the end of each message will keep the messages separate for the user $user_messages = ''; /** Check for login - or redirect to login.php **/ $session = new DashboardSession(); // are we logged in already? if ($session->getUsername() == '') { //If not redirect to login page - then redirect here header("Location: dashboardlogin.php?redirect=password.php"); exit(0); } // create user object - this is local user - not the one we are changing $user = $kdb->getUserUsername($session->getUsername()); // check we have valid user if ($user == null) { header("Location: dashboardlogin.php?redirect=password.php&message=notuser"); exit(0); } elseif (!$user->isAdmin() && !$user->isSupervisor()) { header("Location: dashboard.php?message=nopermission"); exit(0); } $parms = new Parameters(); // Username is of the user we are changing $username = $parms->getParm('username'); // load chg_user $chg_user = $kdb->getUserUsername($username); // make sure user exists if ($chg_user == null) {