function user_auth_output_function_check($output_function_name)
{
$funcauthlevel = RestrictFunctionDict::get_output_function_auth_level($output_function_name);
if (false) {
return true;
//function not restricted
} else {
$usereidgetter = new myentitydb_Access_user();
$user_id = $usereidgetter->get_user_eid();
$authar = EntityManagementSystems::get_vals($user_id, EntDict::get_prop_id("userauthlevel"), EntDict::get_type_id("user"));
$userauthlevel = $authar[0];
//only one result; assumes user has only one level
return $userauthlevel >= $funcauthlevel;
}
}
function register_user()
{
//validation
//user name
$subject = trim($_REQUEST['pi7epi0ron0']);
//user id
$pattern = '/^[ \\.A-Za-z0-9_!@\\-#$^&*()?]*$/';
$matched = preg_match($pattern, $subject);
if (!$matched) {
$_SESSION["process_result"] = "Invalid user name. Please try again.";
return;
}
//password
$subject = trim($_REQUEST['pi8epi0ron0']);
//password
$allowedchars = "[ A-Za-z0-9_!@\\*\\(\\)\\?]";
//$allowedchars = "[ a-z]";
$required1 = "[\\d]";
$required2 = "[A-Za-z]";
$required = "(?:{$allowedchars}*{$required1})(?:{$allowedchars}*{$required2})|(?:{$allowedchars}*{$required2})(?:{$allowedchars}*{$required1})";
$pattern = "/^{$allowedchars}*{$required}{$allowedchars}*\$/";
//$pattern = "/^$allowedchars*(?:$allowedchars{6,30})(?:$allowedchars*$required1)$allowedchars*$/";
//$pattern = "/^[ a-z]*(?:[ a-z]*)(?:[ a-z]*[\d])[ a-z]*$/";
//echo "subject=$subject<br>".$pattern."<br>";
$matched = preg_match($pattern, $subject);
if (!$matched or strlen($subject) < 6 or strlen($subject) > 30) {
$_SESSION["process_result"] = "Invalid password. Please try again. Use both letter(s) and number(s). Minimum 6 characters. The following special characters are also allowed: _!@*()?";
return;
} else {
$_REQUEST['pi8epi0ron0'] = md5($subject);
}
//end password validation and md5
$account_no = $_REQUEST['acctno'];
$eids = EntityManagementSystems::get_eids($account_no, EntDict::get_prop_id("accountno"), EntDict::get_type_id("user"));
if (count($eids) == 1) {
$eid = $eids[0];
//assumes only 1 matching user in the database
$_REQUEST['eid'] = $eid;
$_REQUEST['type_id'] = 3;
$rec_xml = SecurityOperations_RecordSys::get_record_xml();
$xml = new SimpleXMLElement($rec_xml);
$passelem = $xml->xpath('/record/property[@prop_id=8]');
$passffi = $passelem[0]['ffi'];
$useridelem = $xml->xpath('/record/property[@prop_id=7]');
$useridffi = $useridelem[0]['ffi'];
$regidelem = $xml->xpath('/record/property[@prop_id=34]');
$regidffi = $regidelem[0]['ffi'];
$registered = UserRegistration::is_registered($eid);
if ($registered) {
$_SESSION["process_result"] = "Error. Account already registered";
} else {
$_REQUEST['rec_eid'] = $eid;
$_REQUEST['rec_type_id'] = 3;
$_POST["{$useridffi}"] = $_REQUEST['pi7epi0ron0'];
$_POST["{$passffi}"] = $_REQUEST['pi8epi0ron0'];
$_POST["{$regidffi}"] = 1;
SecurityOperations_RecordSys::update_user();
//$_SESSION["process_result"] = "passed:".$eid." - pi7epi0ron0=" . $_REQUEST['pi7epi0ron0']." - pi8epi0ron0=" . $_REQUEST['pi8epi0ron0'];
$_SESSION["process_result"] = "Thank you for registering. When you have received confirmation by email from New England Trade, you may then log in.";
//." - passffi: ".$passffi." , useridffi: ".$useridffi." - pi7epi0ron0=" . $_POST["$useridffi"]." - pi8epi0ron0=" . $_POST["$passffi"];
}
} else {
$eids = EntityManagementSystems::get_eids($_REQUEST['pi7epi0ron0'], EntDict::get_prop_id("userid"), EntDict::get_type_id("user"));
if (count($eids) > 0) {
$_SESSION["process_result"] = "User account already in use. Please choose another.";
return;
}
$_REQUEST['eid'] = 0;
$_REQUEST['type_id'] = 3;
$_REQUEST['pi34epi0ron0'] = 1;
$_REQUEST['pi25epi0ron0'] = -1;
//user auth level
$_REQUEST['pi33epi0ron0'] = $account_no;
SecurityOperations_RecordSys::update_user();
$new_user_eid = $_REQUEST['eid'];
//this global variable gets set in Glue
$app_entities = AppEntities_Facade::getAppEntitiesInstance();
$email_info = AppEntities_Facade::get_email_info($app_entities->user_registration_email_to_approver);
$email_info["email_message"] = str_replace("[eid]", $new_user_eid, $email_info["email_message"]);
NotificationSys::email_to_defined_email_address("registration_approver_email", $email_info["email_subject"], $email_info["email_message"]);
//$_SESSION["process_result"] = "passed:".$eid." - pi7epi0ron0=" . $_REQUEST['pi7epi0ron0']." - pi8epi0ron0=" . $_REQUEST['pi8epi0ron0'];
$_SESSION["process_result"] = "Thank you for registering. When you have received confirmation by email from New England Trade, you may then log in.";
//." - passffi: ".$passffi." , useridffi: ".$useridffi." - pi7epi0ron0=" . $_POST["$useridffi"]." - pi8epi0ron0=" . $_POST["$passffi"];
//$_SESSION["process_result"] = "Error. Account doesn't exist";
}
}
function is_active()
{
$activar = EntityManagementSystems::get_vals($this->get_user_eid(), EntDict::get_prop_id("active"), EntDict::get_type_id("user"));
$is_active = $activar[0];
//only one result; assumes user has only one active setting
if (!$is_active) {
$this->xml_string = "<login_form><errormsg>User is not active</errormsg><login>" . $_POST['login'] . "</login>" . "<password>" . $_POST['password'] . "</password></login_form>";
$this->the_msg = "User is not active";
}
return $is_active;
}