function execSignup($username, $password, $confirmpw, $firstname, $lastname, $gender) { if ($username == "" || !isValidUsername($username)) { return "Username is empty or invalid!"; } if ($password == "" || !isValidPassword($password)) { return "Password is empty or invalid!"; } if ($confirmpw == "" || !isValidPassword($confirmpw)) { return "Confirm Password is empty or invalid!"; } if ($firstname == "" || !isValidName($firstname)) { return "First Name is empty or invalid!"; } if ($lastname == "" || !isValidName($lastname)) { return "Last Name is empty or invalid!"; } if ($gender == "" || !isValidGender($gender)) { return "Gender is empty or invalid!"; } $userDAO = new UserDAO(); //verify username exist $result = $userDAO->getUserByUsername($username); if ($result !== null) { return "Username exists, please change to another one!"; } //verify $password == $confirmpw if ($password != $confirmpw) { return "Password and Confirm Password must be same!"; } $roleDAO = new RoleDAO(); $role = $roleDAO->getRoleByID(3); //normal user $departmentDAO = new DepartmentDAO(); $depart = $departmentDAO->getDepartmentByID(1); //root department $encryptPW = encryptPassword($password); $photoURL = "photo/default.png"; $user = new User($role, $depart, $username, $encryptPW, $firstname, $lastname, $gender, $photoURL); if ($userDAO->insertUser($user) === true) { return true; } else { return "Insert user into table error, please contact administrator!"; } }
function execLogin($username, $password) { $username = (string) $username; $password = (string) $password; if ($username == "" || $password == "") { return "Username or password can not be empty!"; } if (!isValidUsername($username) || !isValidPassword($password)) { return "Username or password is invalid!"; } $userDAO = new UserDAO(); $user = $userDAO->getUserByUsername($username); if ($user === null || !verifyPassword($password, $user->getPassword())) { return "There is no user account matching the Username and Password provided."; } if ($user->getRole()->getRoleID() == "4") { return "This user was forbidden to login!"; } login($user->getUserID()); return true; }
/** * Get all public annotations for a particular point in the text of a particular URL. * * @param $url string * @param $username string * @param $block string * @return array Annotations */ function &getVisibleAnnotationsByUrlUserBlock($url, $username, $block, $all) { $annotations = array(); $currentUser = Request::getUser(); $query = 'SELECT a.*' . ', u.username AS userlogin' . ", concat(u.first_name,' ',u.middle_name,' ',u.last_name) AS username" . ' FROM annotations a' . ' JOIN users u ON u.user_id=a.userid' . ' WHERE '; $queryParams = array(); if ($url) { array_push($queryParams, $url); $query .= "a.url=?"; } else { $query .= '1=1'; } // Only fetch annotations visible to the current user $findUserId = 0; if ($username) { $userdao = new UserDAO(); $tuser = $userdao->getUserByUsername($username); if ($tuser) { if ($currentUser && ($currentUser->getUsername() == $username || $all)) { $query .= " AND a.userid=?"; } elseif ($username) { $query .= ' AND a.access_perms&' . AN_ACCESS_PUBLIC . ' AND a.userid=?'; } array_push($queryParams, $tuser->getUserId()); } else { $query .= ' AND 1=0'; } } elseif (!$all) { $query .= ' AND a.access_perms&' . AN_ACCESS_PUBLIC; } if ($block) { // This implementation ignores the word and char fields of point $testBlockStr = $block->getPaddedPathStr(); $query .= " AND a.start_block <= ? AND a.end_block >= ?"; array_push($queryParams, $testBlockStr, $testBlockStr); } $query .= " ORDER BY a.start_block, a.start_line, a.start_word, a.start_char"; $result =& $this->retrieve($query, $queryParams); if (DEBUG_ANNOTATION_QUERY) { echo "\n<p>" . htmlspecialchars($query) . "</p>\n"; echo "<p>"; for ($i = 0; $i < count($queryParams); ++$i) { echo ($i > 0 ? ' , ' : '') . $queryParams[$i]; } echo "</p>\n"; } $annotations = array(); while (!$result->EOF) { $annotations[] =& $this->_returnAnnotationfromRow($result->GetRowAssoc(false)); $result->MoveNext(); } $result->Close(); unset($result); return $annotations; }