<?php $showSearch = true; if (isset($_POST['userSelect']) && is_numeric($_POST['userSelect'])) { $userEdit = new eCRFUser($_POST['userSelect']); if ($userEdit->get('email') && $userEdit->getPrivilege() >= $user->getPrivilege()) { $showSearch = false; echo "<h4>Edit the user's details below</h4>"; $form = new HTMLForm('process.php', 'post'); $fields = $trial->getFormFields($page); $form->processFields($fields, $userEdit); if (isset($_SESSION['inputErr'])) { // If any errors then add them to the form $form->addErrors($_SESSION['inputErr']); unset($_SESSION['inputErr']); } $centre = new Data($userEdit->getCentre(), 'Centre'); $form->addInputValue('usereg-country', $centre->get('country_id')); $form->addInput('hidden', 'userID', $userEdit->getID()); $form->addInput('hidden', 'page', $page); $form->addInput('hidden', 'deleteUser', 'false'); $form->addButton('Delete', array('btn-danger', 'hidden')); $form->addCancelButton('index.php?page=usereg'); $_SESSION['csrfToken'] = $token = base64_encode(openssl_random_pseudo_bytes(32)); $form->addInput('hidden', 'csrfToken', $token); echo $form->writeHTML(); } } if ($showSearch) { $sql = "SELECT *, user.id as userID, centre.name as centreName, country.name as countryName, privilege.name as privilegeName, privilege_id FROM user\n LEFT JOIN centre ON centre_id = centre.id\n LEFT JOIN country ON country_id = country.id\n LEFT JOIN privilege ON privilege_id = privilege.id"; if ($user->isLocal()) {
exit; break; case 'useradm': if (isset($_POST['useradm_id'])) { foreach ($_POST['useradm_id'] as $id) { $newUser = new eCRFUser($id); if (isset($_POST['admin']) && $_POST['admin'] == 'admin' && !$user->isRegional()) { $newPriv = 10; } else { $newPriv = 15; } if ($user->isRegional() && $newUser->getCentre() != $user->getCentre()) { // Check not trying to validate someone elses users $_SESSION['error'] = "You can only validate users from your own centre"; } else { if (!$newUser->email || $newPriv == 10 && $newUser->getPrivilege() == 99 || $newPriv == 15 && $newUser->getPrivilege() == 98) { $_SESSION['error'] = "An error has occurred."; } else { $newUser->setPrivilege($newPriv); // Data entry privilege $password = $newUser->generatePassword(); // Generate new password $newUser->setPassword($password, $user->getKey()); // Set it for the user $email = $newUser->writeEmail('created', $user, $password); // Send email with username and password $mail = $trial->sendEmail($email); if ($mail) { $newUser->saveToDB(); if (isset($_SESSION['message'])) { $_SESSION['message'] = "Users successfully validated.";
public function checkPageLogin($page) { // Takes requested page, ensures it exists and ensures privilege to access it $checkPage = NULL; // If database offline then auto logout if ($this->isOffline() && $this->getUser() && $this->user->getPrivilege() != 1) { $page = 'logout'; } if ($page == 'logout') { // Special case for logout if ($this->getUser()) { $this->user->logout(); unset($this->user); $checkPage = $page; } } else { $sql = "SELECT id, privilege_id FROM pages WHERE name = ? AND active = 1"; // Get required privilege for page $pA = array('s', $page); $result = DB::query($sql, $pA); if ($result->getRows()) { $rp = $result->privilege_id; if (isset($this->user)) { if ($rp == 100) { // 100 privilege pages only available when not logged on $checkPage = NULL; } else { if ($this->user->getPrivilege() <= $rp) { $checkPage = $page; } } } else { if ($rp == 100) { $checkPage = $page; } } $showPage = $this->parseBranches($result->id); if (!$showPage) { $checkPage = NULL; } } } return $checkPage; }