// used to set messages to provide to the user (eg. 'proxy not disabled for local network');
// including <br> on the end of each message will keep the messages separate for the user
$user_messages = '';
/** Check for login - or redirect to login.php **/
$session = new DashboardSession();
// are we logged in already?
if ($session->getUsername() == '') {
//If not redirect to login page - then redirect here
//header("Location: dashboardlogin.php?redirect=dashboard.php");
// can't redirect within ajax so just return message
print "Not logged in";
exit(0);
}
$parms = new Parameters();
// create user object
$user = $kdb->getUserUsername($session->getUsername());
// check we have valid user
if ($user == null) {
print "Invalid user";
exit(0);
} elseif (!$user->isAdmin() && !$user->isSupervisor()) {
print "Insufficient permission";
exit(0);
}
// read in parameters
/* maxlines not recommended for ajax as it could result in gaps in log view although can be used to prevent excessive log entries killing browser session*/
/* Instead maxlines should be used on original, but allow multiple additional entries */
/* If used then will restrict number of lines returned within getlog */
// Not currently implemented (possible future option)
/*$maxlines = $parms->getParm('maxlines');
if ($maxlines == '') {$maxlines = 0;}*/
// all values are included in array - even if not on url
$parms = new Parameters();
// Allow messages to be sent to the web page
$message = '';
// If we have a username & password then login attempt, if not then prompt
/** logging in **/
// First check that the password is correct - as otherwise we won't allow anything
// $password is already md5 encoded, as is the value in get_values so just do direct compare
if ($parms->getParm('user') != '' && $parms->getParm('password') != '') {
$username = $parms->getParm('user');
$password = $parms->getParm('password');
if ($debug) {
print "Login attempt {$username} / {$password}";
}
// gets user object based on username
$user = $kdb->getUserUsername($username);
// check we got a user back
if ($user == null) {
if ($debug) {
print "No matching user found\n";
}
loginFail('usernamepassword');
}
// Get username and password and check - first check shouldn't hit but additional check
if ($user->getusername() != $username || md5($password) != $user->getPassword()) {
if ($debug) {
print "Login fail " . $user->getUsername() . "\n";
}
loginFail('usernamepassword');
}
/* don't need to be admin / supervisor - but normal user can only change password etc.*/
if ($db->getStatus() != 1) {
die("Unable to connect to the database");
}
// used to set messages to provide to the user (eg. 'proxy not disabled for local network');
// including <br> on the end of each message will keep the messages separate for the user
$user_messages = '';
/** Check for login - or redirect to login.php **/
$session = new DashboardSession();
// are we logged in already?
if ($session->getUsername() == '') {
//If not redirect to login page - then redirect here
header("Location: dashboardlogin.php?redirect=dashboard.php");
exit(0);
}
// create user object
$user = $kdb->getUserUsername($session->getUsername());
// check we have valid user
if ($user == null) {
header("Location: dashboardlogin.php?redirect=dashboard.php&message=notuser");
exit(0);
} elseif (!$user->isAdmin()) {
header("Location: dashboard.php?message=nopermission");
exit(0);
}
// Username used to display back to user
$username = $user->getUsername();
$parms = new Parameters();
// valid messages
// newpass, nopermission
if ($parms->getParm('action') == 'save') {
// Saved changed entry
/*** Connect to database ***/
$db = new Database($dbsettings);
$kdb = new KidsafeDB($db);
//Get parameters - check safe and return as object
// all values are included in array - even if not on url
$parms = new Parameters();
if ($db->getStatus() != 1) {
die("Unable to connect to the database");
}
// If we have a password then adding entry, if not then prompt what to add
/** Adding entry **/
// First check that the password is correct - as otherwise we won't allow anything
// $password is already md5 encoded, as is the value in get_values so just do direct compare
if ($parms->getParm('add') == 'stage2') {
// gets user object based on username
$user = $kdb->getUserUsername($parms->getParm('username'));
// check we got a user back
if ($user == null) {
if ($debug) {
print "User doesn't exist " . $parms->getParm('username') . "\n";
}
loginFail();
}
// Get username and password and check - first check shouldn't hit but additional check
if ($user->getUsername() != $parms->getParm('username') || md5($parms->getParm('password')) != $user->getPassword()) {
if ($debug) {
print "Login failure user: "******" password: "******" \n";
}
loginFail();
}
// check we have sufficient permission - ie. admin
if ($db->getStatus() != 1) {
die("Unable to connect to the database");
}
// used to set messages to provide to the user (eg. 'proxy not disabled for local network');
// including <br> on the end of each message will keep the messages separate for the user
$user_messages = '';
/** Check for login - or redirect to login.php **/
$session = new DashboardSession();
// are we logged in already?
if ($session->getUsername() == '') {
//If not redirect to login page - then redirect here
header("Location: dashboardlogin.php?redirect=password.php");
exit(0);
}
// create user object - this is local user - not the one we are changing
$user = $kdb->getUserUsername($session->getUsername());
// check we have valid user
if ($user == null) {
header("Location: dashboardlogin.php?redirect=password.php&message=notuser");
exit(0);
} elseif (!$user->isAdmin() && !$user->isSupervisor()) {
header("Location: dashboard.php?message=nopermission");
exit(0);
}
$parms = new Parameters();
// Username is of the user we are changing
$username = $parms->getParm('username');
// load chg_user
$chg_user = $kdb->getUserUsername($username);
// make sure user exists
if ($chg_user == null) {
