if ($user->getRole() === 'STUDENT') {
$_SESSION['user'] = Student::createStudentFromId($userid);
} else {
$_SESSION['user'] = Teacher::createTeacherFromId($userid);
}
clearFailedLogins($userid);
$_SESSION['timeout'] = time();
$message = "User {$userid} has been successfully logged in.";
if (isset($_SESSION['url']) && isset($_SESSION['urlid']) && $userid == $_SESSION['urlid']) {
$url = $_SESSION['url'];
unset($_SESSION['url']);
unset($_SESSION['urlid']);
} else {
$url = '../portalhome.php';
}
returnToPageSuccess($message, $url);
} else {
//Check when the last failed login was
$lastFailedLogin = strtotime($user->getLastFailedLogin());
if ($lastFailedLogin + 60 * 60 > time()) {
//Within last failed login so check how many failures there've been
$attempts = $user->getLoginAttempts();
if ($attempts > 3) {
lockUser($user->getUserId());
$errorMessage = 'You have entered incorrect details too many times and have been temporarily locked out. Please come back soon and try again.';
} else {
$attempts++;
incrementFailedLogins($user->getUserId(), $attempts);
$errorMessage = 'Incorrect username/password, please try again.';
}
} else {
}
if ($type !== "NULL" && $tagId !== "") {
$query5 = "INSERT INTO TQUESTIONTAGS (`Tag ID`, `Stored Question ID`) VALUES ({$tagId}, {$sqid});";
try {
db_query_exception($query5);
} catch (Exception $ex) {
db_rollback_transaction();
$message = "There was a problem adding a tag to the worksheet, please try again.";
returnToPageErrorException($message, $ex);
}
}
}
}
db_commit_transaction();
$message = "Worksheet ({$wname}) added successfully.";
returnToPageSuccess($message, $vid);
} else {
$message = "Something went wrong adding the worksheet, please try again.";
returnToPageError($message);
}
function updateAllTags($string)
{
$updates = explode('/', $string);
foreach ($updates as $update) {
updateTag($update);
}
}
function convertTagsToArray($string)
{
$tags = explode('/', $string);
$tagsArray = [];
//Staff user
$query2 = "INSERT INTO TSTAFF (`User ID`, `Title`, `Initials`, `Classroom`, `Phone Number`)\r\n VALUES({$userid}, '{$title}', '{$initials}', '{$classroom}', '{$number}');";
}
try {
$resultArray1 = db_insert_query_exception($query2);
} catch (Exception $ex) {
if ($ex->getMessage() !== null) {
$desc = $ex->getMessage();
} else {
$desc = "Something went wrong while saving the new user.";
}
$message .= seriousError($desc);
returnToPageError($message);
}
$message = "User '{$fname} {$sname}' successfully added.";
returnToPageSuccess($message);
} else {
$desc = "Something went wrong while saving the new user.";
$message .= seriousError($desc);
returnToPageError($message);
}
function returnToPageError($message)
{
$type = 'ERROR';
if (!isset($message)) {
$message = 'Something has gone wrong';
}
infoLog($message);
$_SESSION['message'] = new Message($type, $message);
header("Location: ../createUser.php");
exit;
if (!authoriseUserRoles($userRole, ["SUPER_USER"])) {
header("Location: ../unauthorisedAccess.php");
exit;
}
}
$userid = filter_input(INPUT_POST, 'userid', FILTER_SANITIZE_NUMBER_INT);
if (isset($userid) && $userid != 0) {
$user = User::createUserLoginDetails($userid);
if ($user->getRole() === 'STUDENT') {
$_SESSION['user'] = Student::createStudentFromId($userid);
} else {
$_SESSION['user'] = Teacher::createTeacherFromId($userid);
}
unset($_SESSION['url']);
unset($_SESSION['urlid']);
returnToPageSuccess($user->getUserId());
} else {
$message = "You are unable to switch users at this time.";
returnToPageError($message);
}
function returnToPageError($message)
{
$type = 'ERROR';
if (isset($_SESSION['user'])) {
$user = $_SESSION['user'];
$userid = $user->getUserId();
$msg = "User {$userid} was unable to switch users as the id was not correctly set.";
errorLog($msg);
}
$_SESSION['message'] = new Message($type, $message);
header("Location: ../switchUser.php");
$nberror = updateAllTags($updateString, $nberror);
}
$message = "'{$wname}' successfully updated";
if (count($nberror) > 0) {
// Deal with the non=breaking errors
$message .= " with the following errors. <br>";
for ($i = 0; $i < count($nberror); $i++) {
$message .= "- " . $nberror[$i] . "<br>";
errorLog("Non-breaking error for worksheet '{$wname}': " . $nberror[$i]);
}
$message .= "Please check all of the questions before continuing.";
} else {
$message .= ".";
}
db_commit_transaction();
returnToPageSuccess($message, $version);
} else {
$type = "ERROR";
$message = "Worksheet failed to update as not all of the required details were entered.";
infoLog($message);
$_SESSION['message'] = new Message($type, $message);
if (isset($version)) {
header("Location: ../editWorksheet.php?id={$version}");
} else {
header("Location: ../viewAllWorksheets.php");
}
exit;
}
function updateAllTags($string, $nberror)
{
$updates = explode('/', $string);
if ($ex->getMessage() !== null) {
$desc = $ex->getMessage();
} else {
$desc = "Something went wrong while saving the users details.";
}
$message .= seriousError($desc);
returnToPageError($message, $userid);
}
} else {
//Not enough info to proceed
$message .= "You have not entered all of the required fields.";
returnToPageError($message, $userid);
}
$message = "User '{$fname} {$sname}' successfully updated.";
updateCurrentUser();
returnToPageSuccess($message, $userid);
} else {
$desc = "Something went wrong while saving the users details.";
$message .= seriousError($desc);
returnToPageError($message, $userid);
}
function returnToPageError($message, $userid)
{
$type = 'ERROR';
if (!isset($message)) {
$message = 'Something has gone wrong';
}
infoLog($message);
$_SESSION['message'] = new Message($type, $message);
header("Location: ../editUser.php?userid={$userid}");
exit;
