break; // Authentication // Authentication case "auth": if (isset($_GET['action'])) { switch ($_GET['action']) { case "login": if (isset($_POST['username']) && isset($_POST['password'])) { Authentication::logUserIn($_POST['username'], $_POST['password']); } else { header(ROOT . "user.php?mode=auth&action=login"); } Authentication::blockPageToVisitors(); break; case "logout": Authentication::logUserOut(); break; } } break; case "suspended": if (isset($_SESSION['user_id_suspended'])) { $sql = "SELECT * FROM `users` WHERE user_id = '" . $_SESSION['user_id_suspended'] . "'"; $result = openRailwayCore::dbQuery($sql); $user = mysql_fetch_assoc($result); if ($user['suspended'] == 1) { openRailwayCore::pageHeader("Account suspended"); $template = new Template(); $template->set_custom_template(FROOT . "theme/" . STYLE, 'default'); $template->set_filenames(array('body' => 'suspended.html')); $template->display('body');
<?php Authentication::accessLevelController(8, '>'); // Deal with logout form if (isset($_GET['action']) && $_GET['action'] == "force" && isset($_POST['uid'])) { Authentication::logUserOut($_POST['uid'], openRailwayCore::createInteractionIdentifier(), 1); } $sql = "SELECT * FROM `sessions`"; $result = openRailwayCore::dbQuery($sql); $main = new Template(); $main->set_custom_template("includes/", 'default'); $main->assign_var('ROOT', ROOT); while ($sessions = mysql_fetch_assoc($result)) { $ipGeoLoc = array(); $ipGeoLoc = Authentication::checkIPLocation($sessions['user_ip']); if ($ipGeoLoc['town'] == '') { $geoLoc = null; } else { $geoLoc = $ipGeoLoc['town'] . ", " . $ipGeoLoc['state'] . ", " . $ipGeoLoc['country']; } $main->assign_block_vars('usr_sess', array('SESSID' => $sessions['session_id'], 'LOGIN' => date("d-M-Y H:i:s", $sessions['log_in_time']), 'LASTACTIVE' => date("d-M-Y H:i:s", $sessions['last_active_time']), 'UID' => $sessions['user_id'], 'SID' => $sessions['staff_id'], 'IP' => $sessions['user_ip'], 'GEOLOC' => $geoLoc, 'UA' => $sessions['user_agent'], 'SAL' => $sessions['session_access_level'])); } $main->set_filenames(array('main' => "usr_sess.html")); $main->display('main');
/** * Suspends a user account * @param integer $uid The user account to suspend */ public static function suspendUser($uid, $interaction = null, $system = null) { if (!isset($interaction)) { $interaction = openRailwayCore::createInteractionIdentifier(); } $sql = "UPDATE `users` SET `suspended` = '1' WHERE user_id = '" . $uid . "'"; $result = openRailwayCore::dbQuery($sql); if ($system == 1) { $eventString = "User (UID: " . $uid . ") suspended by openRailway system"; Authentication::logUserOut($uid, $interaction, 1); } else { $eventString = "User (UID: " . $uid . ") suspended by user (UID: " . $_SESSION['user_id'] . ")"; Authentication::logUserOut($uid, $interaction, 0); } openRailwayCore::logEvent(time(), $interaction, $_SESSION['user_id'], 5, 1, $eventString); }