/**
* Send and email to the user
* @param string $userIdTo - to users id
* @param string $userIdFrom - user from id
* @return string - form output
*/
public function emailUser($userIdTo, $userIdFrom)
{
$form = new sfc\Form(SSP_Path(), "noTable", "emailUser");
$form->tpl = $this->tpl(array("title" => "Email member"));
$form->tplf = "sendemailtomember.tpl";
$form->errorAutoFormDisplay = false;
$form->fe("text", "subject", "Subject");
$form->fep("required=true");
$form->fe("textarea", "message", "Message");
$form->fep("required=true, width=40, lines=10");
$form->fe("submit", "submit", "Send Email");
if ($form->processForm($_POST)) {
if (!$form->error) {
// get to email
$query = sprintf("select u.%s, m.%s, m.%s from %s as u, %s as m where u.%s = ? and m.%s = u.%s", $this->db->qt("UserEmail"), $this->db->qt("FamilyName"), $this->db->qt("FirstName"), $this->cfg->userTable, $this->cfg->userMiscTable, $this->db->qt("UserId"), $this->db->qt("UserId"), $this->db->qt("UserId"));
$values = array($userIdTo);
$this->db->query($query, $values, "SSP Admin send email: Getting to email and name");
$rowTo = $this->db->fetchRow();
$emailTo = SSP_Decrypt($rowTo->UserEmail);
// get from information
$where = array("UserId" => $userIdFrom);
$rowFrom = $this->db->get($this->cfg->userMiscTable, $where, "SSP Admin send email: Getting from name");
// build email
$content["message"] = $form->getField("message");
$content["subject"] = $form->getField("subject");
$content["firstName"] = $rowFrom->FirstName;
$content["familyName"] = $rowFrom->FamilyName;
$email = new Email($this->cfg);
$result = $email->generalEmail($content, "emailmember.tpl", $this->session->userEmail, $rowFrom->FirstName . " " . $rowFrom->FamilyName, $emailTo, $rowTo->FirstName . " " . $rowTo->FamilyName);
if ($result === false) {
SSP_error('SSP Admin: failed to send email to user ' . $emailTo, E_USER_ERROR);
}
$form->tda("saved");
return $form->create(true);
} else {
return $form->create(true);
}
} else {
return $form->create();
}
}
/**
* Constructor
* @param string $pageAccessLevel - users allowed to access the page
* @param bool $pageCheckEquals - if true only this user type can access this page
* @param bool $doHistory - do history for this page
* @param ProtectConfig $config - Protected session configuration options
*/
public function __construct($pageAccessLevel = "", $pageCheckEquals = false, $doHistory = true, $config = false)
{
global $loginContent;
if ($config === false) {
$this->config = new \w34u\ssp\ProtectConfig();
} else {
$this->config = $config;
}
$this->cfg = Configuration::getConfiguration();
$this->db = SspDb::getConnection();
// set up db session handling
$handler = new SessionHandler();
session_set_save_handler(array($handler, 'open'), array($handler, 'close'), array($handler, 'read'), array($handler, 'write'), array($handler, 'destroy'), array($handler, 'gc'));
// the following prevents unexpected effects when using objects as save handlers
register_shutdown_function("session_write_close");
session_start();
$this->setupLanguage();
$this->maintenanceMode();
// turn off sql cacheing if it is set, but preserve the status to turn it back on after
if ($this->db->cache) {
$queryResultCacheing = true;
$this->db->cache = false;
} else {
$queryResultCacheing = false;
}
$pageAccessLevel = $this->checkParameters($pageAccessLevel, $pageCheckEquals);
if (isset($loginContent)) {
$_SESSION["SSP_LoginPageAddtionalContent"] = $loginContent;
}
// check https:// site, and if fail divert to correct url
if ($this->cfg->useSSL or $this->config->forceSSLPath) {
if (!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] == "off") {
// script not called using https
SSP_Divert(SSP_Path(true, true));
}
}
$this->country = "";
// do any external routines before history is called
$this->autoLogin();
if ($doHistory) {
$this->pageHistory();
}
// get all session information for valid sessions
$query = sprintf("select * from %s where %s = ? and %s = ?", $this->cfg->sessionTable, $this->db->qt("SessionId"), $this->db->qt("SessionName"));
$values = array(session_id(), session_name());
$this->db->query($query, $values, "SSP session handling: Get session information");
if ($this->db->numRows() > 0) {
// get result if existing session
$sessionInfo = $this->db->fetchRow();
$newSession = false;
} else {
$newSession = true;
$this->log("New session started");
}
// process user information if logged in.
$userFault = false;
$needHigherLogin = false;
$userInfo = null;
if (!$newSession and trim($sessionInfo->UserId) != "") {
$where = array("UserId" => $sessionInfo->UserId);
$userInfo = $this->db->get($this->cfg->userTable, $where, "SSP Session: getting login data");
if ($this->db->numRows()) {
// user found
// check for login expiry
if ($sessionInfo->SessionTime + $this->cfg->loginExpiry > time()) {
$this->loggedIn = true;
$this->userId = $userInfo->UserId;
$this->userName = $userInfo->UserName;
$this->userAccessLevel = $userInfo->UserAccess;
if ($this->cfg->userLevels[$this->userAccessLevel] >= $this->cfg->adminLevel) {
// admin user
$this->admin = true;
}
$this->userEmail = SSP_decrypt($userInfo->UserEmail);
if (isset($userInfo->country) and trim($userInfo->country) != "") {
$this->country = $userInfo->country;
}
} else {
$this->log("Login expired");
$this->loggedIn = false;
$this->db->update($this->cfg->sessionTable, array('UserId' => ''), array('SessionId' => session_id(), 'SessionName' => session_name()), 'SSP Session: clearing user id from expired login');
}
} else {
$this->log("User not found from ID");
$userFault = true;
}
}
$pageAccess = $this->cfg->userLevels[$pageAccessLevel];
if ($this->loggedIn) {
// do security checking for user if logged in
// validate flags
$flagsValid = true;
foreach ($this->cfg->validUserFlags as $flagName => $validFlagValue) {
if ($userInfo->{$flagName} != $validFlagValue) {
$flagsValid = false;
$this->log("Invalid user flag " . $flagName . " value required: " . $validFlagValue . " actual: " . $userInfo->{$flagName});
break;
}
}
if (!$flagsValid) {
$userFault = true;
} elseif ($this->cfg->userLevels[$userInfo->UserAccess] < $pageAccess) {
// user does not have a high enough access level
$userFault = true;
$needHigherLogin = true;
// flag higher login needed
$this->log("User Access level not high enough Level: " . $userInfo->UserAccess . " " . $this->cfg->userLevels[$userInfo->UserAccess] . " Page " . $pageAccess);
} elseif ($pageCheckEquals and $this->cfg->userLevels[$userInfo->UserAccess] != $pageAccess) {
// user does not have the correct user access level
$userFault = true;
$needHigherLogin = true;
// flag different login needed
$this->log("User Access level not equal to the page's level");
} elseif ($this->cfg->checkIpAddress and SSP_trimIp($sessionInfo->SessionIp) !== SSP_trimIp($_SERVER["REMOTE_ADDR"])) {
// users IP address has changed
$userFault = true;
$this->log("User IP address changed " . SSP_paddIp($_SERVER["REMOTE_ADDR"]));
} elseif (($this->cfg->fixedIpAddress or $userInfo->UserIpCheck) and SSP_paddIp($sessionInfo->SessionUserIp) !== SSP_paddIp($_SERVER["REMOTE_ADDR"])) {
// user is at incorrect IP address
$userFault = true;
$this->log("User IP address incorrect, UserIP: " . SSP_paddIp($sessionInfo->SessionUserIp) . " Remote IP: " . SSP_paddIp($_SERVER["REMOTE_ADDR"]));
}
$userFault = $this->chackRandom($sessionInfo);
} else {
$this->log("User not logged in");
}
// handle user faults
$this->userFaultHandling($pageAccess, $userFault, $needHigherLogin, $queryResultCacheing);
// final setup of page
$this->finalSetup($userInfo);
// restore query cacheing mode
$this->db->cache = $queryResultCacheing;
}
