} else {
$message .= sprintf('<p class="alert alert-success">%s <strong>%s</strong> %s</p>', $PMF_LANG['ad_msg_savedsuc_1'], $user->getLogin(), $PMF_LANG['ad_msg_savedsuc_2']);
$message .= '<script type="text/javascript">updateUser(' . $userId . ');</script>';
}
}
}
// delete user confirmation
if ($userAction == 'delete_confirm' && $user->perm->checkRight($user->getUserId(), 'deluser')) {
$message = '';
$user = new PMF_User_CurrentUser($faqConfig);
$userId = PMF_Filter::filterInput(INPUT_POST, 'user_list_select', FILTER_VALIDATE_INT, 0);
if ($userId == 0) {
$message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_noId']);
$userAction = $defaultUserAction;
} else {
$user->getUserById($userId);
// account is protected
if ($user->getStatus() == 'protected' || $userId == 1) {
$message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_protectedAccount']);
$userAction = $defaultUserAction;
} else {
$twig->loadTemplate('user/delete_confirm.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'userId' => $userId, 'userLogin' => $user->getLogin()));
}
}
}
// delete user
if ($userAction == 'delete' && $user->perm->checkRight($user->getUserId(), 'deluser')) {
$message = '';
$user = new PMF_User($faqConfig);
$userId = PMF_Filter::filterInput(INPUT_POST, 'user_id', FILTER_VALIDATE_INT, 0);
$csrfOkay = true;
/**
* This static method returns a valid CurrentUser object if there is one
* in the session that is not timed out. The session-ID is updated if
* necessary. The CurrentUser will be removed from the session, if it is
* timed out. If there is no valid CurrentUser in the session or the
* session is timed out, null will be returned. If the session data is
* correct, but there is no user found in the user table, false will be
* returned. On success, a valid CurrentUser object is returned.
*
* @static
*
* @param PMF_Configuration $config
*
* @return null|PMF_User_CurrentUser
*/
public static function getFromSession(PMF_Configuration $config)
{
// there is no valid user object in session
if (!isset($_SESSION[PMF_SESSION_CURRENT_USER]) || !isset($_SESSION[PMF_SESSION_ID_TIMESTAMP])) {
return null;
}
// create a new CurrentUser object
$user = new PMF_User_CurrentUser($config);
$user->getUserById($_SESSION[PMF_SESSION_CURRENT_USER]);
// user object is timed out
if ($user->sessionIsTimedOut()) {
$user->deleteFromSession();
$user->errors[] = 'Session timed out.';
return null;
}
// session-id not found in user table
$session_info = $user->getSessionInfo();
$session_id = isset($session_info['session_id']) ? $session_info['session_id'] : '';
if ($session_id == '' || $session_id != session_id()) {
return false;
}
// check ip
if ($config->get('security.ipCheck') && $session_info['ip'] != $_SERVER['REMOTE_ADDR']) {
return false;
}
// session-id needs to be updated
if ($user->sessionIdIsTimedOut()) {
$user->updateSessionId();
}
// user is now logged in
$user->_loggedIn = true;
// save current user to session and return the instance
$user->saveToSession();
return $user;
}
} else {
$message .= sprintf('<p class="alert alert-success">%s <strong>%s</strong> %s</p>', $PMF_LANG['ad_msg_savedsuc_1'], $user->getLogin(), $PMF_LANG['ad_msg_savedsuc_2']);
$message .= '<script type="text/javascript">updateUser(' . $userId . ');</script>';
}
}
}
// delete user confirmation
if ($userAction == 'delete_confirm' && $permission['deluser']) {
$message = '';
$user = new PMF_User_CurrentUser($faqConfig);
$userId = PMF_Filter::filterInput(INPUT_POST, 'user_list_select', FILTER_VALIDATE_INT, 0);
if ($userId == 0) {
$message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_noId']);
$userAction = $defaultUserAction;
} else {
$user->getUserById($userId, true);
// account is protected
if ($user->getStatus() == 'protected' || $userId == 1) {
$message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_protectedAccount']);
$userAction = $defaultUserAction;
} else {
?>
<header>
<h2>
<i class="icon-user"></i> <?php
echo $PMF_LANG['ad_user_deleteUser'];
?>
<?php
echo $user->getLogin();
?>
</h2>
