$res = user_Update($system, $_REQUEST);
} else {
if ($action == "usr_get" && is_numeric(@$_REQUEST['UGrpID'])) {
$ugrID = $_REQUEST['UGrpID'];
if ($system->is_admin2($ugrID)) {
$res = user_getById($system->get_mysqli(), $ugrID);
if (is_array($res)) {
$res['ugr_Password'] = '';
}
} else {
$system->addError(HEURIST_REQUEST_DENIED);
}
} else {
if ($action == "groups") {
$ugr_ID = @$_REQUEST['UGrpID'] ? $_REQUEST['UGrpID'] : $system->get_user_id();
$res = user_getWorkgroups($system->get_mysqli(), $ugr_ID, true);
} else {
if ($action == "members" && @$_REQUEST['UGrpID']) {
$res = user_getWorkgroupMemebers($system->get_mysqli(), @$_REQUEST['UGrpID']);
} else {
if ($action == "svs_save") {
$res = svsSave($system, $_REQUEST);
} else {
if ($action == "svs_delete" && @$_REQUEST['ids']) {
$res = svsDelete($system, $_REQUEST['ids'], @$_REQUEST['UGrpID']);
} else {
if ($action == "svs_get") {
if (@$_REQUEST['svsIDs']) {
$res = svsGetByIds($system, $_REQUEST['svsIDs'], @$_REQUEST['UGrpID']);
} else {
$res = svsGetByUser($system, @$_REQUEST['UGrpID']);
/**
* Find user by name and password and keeps user info in current_User and in session
*
* @param mixed $username
* @param mixed $password
* @param mixed $session_type - public, shared, remember
*
* @return TRUE if login is success
*/
public function login($username, $password, $session_type)
{
if ($username && $password) {
//db_users
$user = user_getByField($this->mysqli, 'ugr_Name', $username);
if ($user) {
if ($user['ugr_Enabled'] != 'y') {
$this->addError(HEURIST_REQUEST_DENIED, "Your user profile is not active. Please contact database owner");
return false;
} else {
if (crypt($password, $user['ugr_Password']) == $user['ugr_Password']) {
$_SESSION[$this->dbname_full]['ugr_ID'] = $user['ugr_ID'];
$_SESSION[$this->dbname_full]['ugr_Name'] = $user['ugr_Name'];
$_SESSION[$this->dbname_full]['ugr_FullName'] = $user['ugr_FirstName'] . ' ' . $user['ugr_LastName'];
//@todo $_SESSION[$this->dbname_full]['user_access'] = $groups;
//$_SESSION[$this->dbname_full]['cookie_version'] = COOKIE_VERSION;
$time = 0;
if ($session_type == 'public') {
$time = 0;
} else {
if ($session_type == 'shared') {
$time = time() + 24 * 60 * 60;
//day
} else {
if ($session_type == 'remember') {
$time = time() + 30 * 24 * 60 * 60;
//30 days
$_SESSION[$this->dbname_full]['keepalive'] = true;
//refresh time on next entry
}
}
}
$cres = setcookie('heurist-sessionid', session_id(), $time, '/');
//, HEURIST_SERVER_NAME);
if (!$cres) {
}
//update login time in database
user_updateLoginTime($this->mysqli, $user['ugr_ID']);
//keep current user info
$user['ugr_FullName'] = $user['ugr_FirstName'] . ' ' . $user['ugr_LastName'];
$user['ugr_Password'] = '';
$user['ugr_Groups'] = user_getWorkgroups($this->mysqli, $user['ugr_ID']);
$user['ugr_Preferences'] = user_getDefaultPreferences();
$this->current_User = $user;
/*
$this->current_User = array(
'ugr_ID'=>$user['ugr_ID'],
'ugr_FullName'=>$user['ugr_FirstName'] . ' ' . $user['ugr_LastName'],
'ugr_Groups' => user_getWorkgroups( $this->mysqli, $user['ugr_ID'] ),
'ugr_Preferences' => user_getPreferences() );
*/
//header('Location: http://localhost/h4/index.php?db='.$this->dbname);
//vsn 3 backward capability
$h3session = $this->dbname_full . '.heurist';
$_SESSION[$h3session]['cookie_version'] = 1;
$_SESSION[$h3session]['user_name'] = $user['ugr_Name'];
$_SESSION[$h3session]['user_realname'] = $user['ugr_FullName'];
$_SESSION[$h3session]['user_id'] = $user['ugr_ID'];
$_SESSION[$h3session]['user_access'] = $user['ugr_Groups'];
$_SESSION[$h3session]['keepalive'] = $session_type == 'remember';
return true;
} else {
$this->addError(HEURIST_REQUEST_DENIED, "Password is incorrect");
return false;
}
}
} else {
$this->addError(HEURIST_REQUEST_DENIED, "User name is incorrect");
return false;
}
} else {
$this->addError(HEURIST_INVALID_REQUEST, "Username / password not defined");
//INVALID_REQUEST
return false;
}
}
