/** * Send and email to the user * @param string $userIdTo - to users id * @param string $userIdFrom - user from id * @return string - form output */ public function emailUser($userIdTo, $userIdFrom) { $form = new sfc\Form(SSP_Path(), "noTable", "emailUser"); $form->tpl = $this->tpl(array("title" => "Email member")); $form->tplf = "sendemailtomember.tpl"; $form->errorAutoFormDisplay = false; $form->fe("text", "subject", "Subject"); $form->fep("required=true"); $form->fe("textarea", "message", "Message"); $form->fep("required=true, width=40, lines=10"); $form->fe("submit", "submit", "Send Email"); if ($form->processForm($_POST)) { if (!$form->error) { // get to email $query = sprintf("select u.%s, m.%s, m.%s from %s as u, %s as m where u.%s = ? and m.%s = u.%s", $this->db->qt("UserEmail"), $this->db->qt("FamilyName"), $this->db->qt("FirstName"), $this->cfg->userTable, $this->cfg->userMiscTable, $this->db->qt("UserId"), $this->db->qt("UserId"), $this->db->qt("UserId")); $values = array($userIdTo); $this->db->query($query, $values, "SSP Admin send email: Getting to email and name"); $rowTo = $this->db->fetchRow(); $emailTo = SSP_Decrypt($rowTo->UserEmail); // get from information $where = array("UserId" => $userIdFrom); $rowFrom = $this->db->get($this->cfg->userMiscTable, $where, "SSP Admin send email: Getting from name"); // build email $content["message"] = $form->getField("message"); $content["subject"] = $form->getField("subject"); $content["firstName"] = $rowFrom->FirstName; $content["familyName"] = $rowFrom->FamilyName; $email = new Email($this->cfg); $result = $email->generalEmail($content, "emailmember.tpl", $this->session->userEmail, $rowFrom->FirstName . " " . $rowFrom->FamilyName, $emailTo, $rowTo->FirstName . " " . $rowTo->FamilyName); if ($result === false) { SSP_error('SSP Admin: failed to send email to user ' . $emailTo, E_USER_ERROR); } $form->tda("saved"); return $form->create(true); } else { return $form->create(true); } } else { return $form->create(); } }
/** * Constructor * @param string $pageAccessLevel - users allowed to access the page * @param bool $pageCheckEquals - if true only this user type can access this page * @param bool $doHistory - do history for this page * @param ProtectConfig $config - Protected session configuration options */ public function __construct($pageAccessLevel = "", $pageCheckEquals = false, $doHistory = true, $config = false) { global $loginContent; if ($config === false) { $this->config = new \w34u\ssp\ProtectConfig(); } else { $this->config = $config; } $this->cfg = Configuration::getConfiguration(); $this->db = SspDb::getConnection(); // set up db session handling $handler = new SessionHandler(); session_set_save_handler(array($handler, 'open'), array($handler, 'close'), array($handler, 'read'), array($handler, 'write'), array($handler, 'destroy'), array($handler, 'gc')); // the following prevents unexpected effects when using objects as save handlers register_shutdown_function("session_write_close"); session_start(); $this->setupLanguage(); $this->maintenanceMode(); // turn off sql cacheing if it is set, but preserve the status to turn it back on after if ($this->db->cache) { $queryResultCacheing = true; $this->db->cache = false; } else { $queryResultCacheing = false; } $pageAccessLevel = $this->checkParameters($pageAccessLevel, $pageCheckEquals); if (isset($loginContent)) { $_SESSION["SSP_LoginPageAddtionalContent"] = $loginContent; } // check https:// site, and if fail divert to correct url if ($this->cfg->useSSL or $this->config->forceSSLPath) { if (!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] == "off") { // script not called using https SSP_Divert(SSP_Path(true, true)); } } $this->country = ""; // do any external routines before history is called $this->autoLogin(); if ($doHistory) { $this->pageHistory(); } // get all session information for valid sessions $query = sprintf("select * from %s where %s = ? and %s = ?", $this->cfg->sessionTable, $this->db->qt("SessionId"), $this->db->qt("SessionName")); $values = array(session_id(), session_name()); $this->db->query($query, $values, "SSP session handling: Get session information"); if ($this->db->numRows() > 0) { // get result if existing session $sessionInfo = $this->db->fetchRow(); $newSession = false; } else { $newSession = true; $this->log("New session started"); } // process user information if logged in. $userFault = false; $needHigherLogin = false; $userInfo = null; if (!$newSession and trim($sessionInfo->UserId) != "") { $where = array("UserId" => $sessionInfo->UserId); $userInfo = $this->db->get($this->cfg->userTable, $where, "SSP Session: getting login data"); if ($this->db->numRows()) { // user found // check for login expiry if ($sessionInfo->SessionTime + $this->cfg->loginExpiry > time()) { $this->loggedIn = true; $this->userId = $userInfo->UserId; $this->userName = $userInfo->UserName; $this->userAccessLevel = $userInfo->UserAccess; if ($this->cfg->userLevels[$this->userAccessLevel] >= $this->cfg->adminLevel) { // admin user $this->admin = true; } $this->userEmail = SSP_decrypt($userInfo->UserEmail); if (isset($userInfo->country) and trim($userInfo->country) != "") { $this->country = $userInfo->country; } } else { $this->log("Login expired"); $this->loggedIn = false; $this->db->update($this->cfg->sessionTable, array('UserId' => ''), array('SessionId' => session_id(), 'SessionName' => session_name()), 'SSP Session: clearing user id from expired login'); } } else { $this->log("User not found from ID"); $userFault = true; } } $pageAccess = $this->cfg->userLevels[$pageAccessLevel]; if ($this->loggedIn) { // do security checking for user if logged in // validate flags $flagsValid = true; foreach ($this->cfg->validUserFlags as $flagName => $validFlagValue) { if ($userInfo->{$flagName} != $validFlagValue) { $flagsValid = false; $this->log("Invalid user flag " . $flagName . " value required: " . $validFlagValue . " actual: " . $userInfo->{$flagName}); break; } } if (!$flagsValid) { $userFault = true; } elseif ($this->cfg->userLevels[$userInfo->UserAccess] < $pageAccess) { // user does not have a high enough access level $userFault = true; $needHigherLogin = true; // flag higher login needed $this->log("User Access level not high enough Level: " . $userInfo->UserAccess . " " . $this->cfg->userLevels[$userInfo->UserAccess] . " Page " . $pageAccess); } elseif ($pageCheckEquals and $this->cfg->userLevels[$userInfo->UserAccess] != $pageAccess) { // user does not have the correct user access level $userFault = true; $needHigherLogin = true; // flag different login needed $this->log("User Access level not equal to the page's level"); } elseif ($this->cfg->checkIpAddress and SSP_trimIp($sessionInfo->SessionIp) !== SSP_trimIp($_SERVER["REMOTE_ADDR"])) { // users IP address has changed $userFault = true; $this->log("User IP address changed " . SSP_paddIp($_SERVER["REMOTE_ADDR"])); } elseif (($this->cfg->fixedIpAddress or $userInfo->UserIpCheck) and SSP_paddIp($sessionInfo->SessionUserIp) !== SSP_paddIp($_SERVER["REMOTE_ADDR"])) { // user is at incorrect IP address $userFault = true; $this->log("User IP address incorrect, UserIP: " . SSP_paddIp($sessionInfo->SessionUserIp) . " Remote IP: " . SSP_paddIp($_SERVER["REMOTE_ADDR"])); } $userFault = $this->chackRandom($sessionInfo); } else { $this->log("User not logged in"); } // handle user faults $this->userFaultHandling($pageAccess, $userFault, $needHigherLogin, $queryResultCacheing); // final setup of page $this->finalSetup($userInfo); // restore query cacheing mode $this->db->cache = $queryResultCacheing; }