示例#1
0
         } else {
             $message .= sprintf('<p class="alert alert-success">%s <strong>%s</strong> %s</p>', $PMF_LANG['ad_msg_savedsuc_1'], $user->getLogin(), $PMF_LANG['ad_msg_savedsuc_2']);
             $message .= '<script type="text/javascript">updateUser(' . $userId . ');</script>';
         }
     }
 }
 // delete user confirmation
 if ($userAction == 'delete_confirm' && $user->perm->checkRight($user->getUserId(), 'deluser')) {
     $message = '';
     $user = new PMF_User_CurrentUser($faqConfig);
     $userId = PMF_Filter::filterInput(INPUT_POST, 'user_list_select', FILTER_VALIDATE_INT, 0);
     if ($userId == 0) {
         $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_noId']);
         $userAction = $defaultUserAction;
     } else {
         $user->getUserById($userId);
         // account is protected
         if ($user->getStatus() == 'protected' || $userId == 1) {
             $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_protectedAccount']);
             $userAction = $defaultUserAction;
         } else {
             $twig->loadTemplate('user/delete_confirm.twig')->display(array('PMF_LANG' => $PMF_LANG, 'csrfToken' => $user->getCsrfTokenFromSession(), 'userId' => $userId, 'userLogin' => $user->getLogin()));
         }
     }
 }
 // delete user
 if ($userAction == 'delete' && $user->perm->checkRight($user->getUserId(), 'deluser')) {
     $message = '';
     $user = new PMF_User($faqConfig);
     $userId = PMF_Filter::filterInput(INPUT_POST, 'user_id', FILTER_VALIDATE_INT, 0);
     $csrfOkay = true;
 /**
  * This static method returns a valid CurrentUser object if there is one
  * in the session that is not timed out. The session-ID is updated if
  * necessary. The CurrentUser will be removed from the session, if it is
  * timed out. If there is no valid CurrentUser in the session or the
  * session is timed out, null will be returned. If the session data is
  * correct, but there is no user found in the user table, false will be
  * returned. On success, a valid CurrentUser object is returned.
  *
  * @static
  *
  * @param  PMF_Configuration $config
  *
  * @return null|PMF_User_CurrentUser
  */
 public static function getFromSession(PMF_Configuration $config)
 {
     // there is no valid user object in session
     if (!isset($_SESSION[PMF_SESSION_CURRENT_USER]) || !isset($_SESSION[PMF_SESSION_ID_TIMESTAMP])) {
         return null;
     }
     // create a new CurrentUser object
     $user = new PMF_User_CurrentUser($config);
     $user->getUserById($_SESSION[PMF_SESSION_CURRENT_USER]);
     // user object is timed out
     if ($user->sessionIsTimedOut()) {
         $user->deleteFromSession();
         $user->errors[] = 'Session timed out.';
         return null;
     }
     // session-id not found in user table
     $session_info = $user->getSessionInfo();
     $session_id = isset($session_info['session_id']) ? $session_info['session_id'] : '';
     if ($session_id == '' || $session_id != session_id()) {
         return false;
     }
     // check ip
     if ($config->get('security.ipCheck') && $session_info['ip'] != $_SERVER['REMOTE_ADDR']) {
         return false;
     }
     // session-id needs to be updated
     if ($user->sessionIdIsTimedOut()) {
         $user->updateSessionId();
     }
     // user is now logged in
     $user->_loggedIn = true;
     // save current user to session and return the instance
     $user->saveToSession();
     return $user;
 }
            } else {
                $message .= sprintf('<p class="alert alert-success">%s <strong>%s</strong> %s</p>', $PMF_LANG['ad_msg_savedsuc_1'], $user->getLogin(), $PMF_LANG['ad_msg_savedsuc_2']);
                $message .= '<script type="text/javascript">updateUser(' . $userId . ');</script>';
            }
        }
    }
    // delete user confirmation
    if ($userAction == 'delete_confirm' && $permission['deluser']) {
        $message = '';
        $user = new PMF_User_CurrentUser($faqConfig);
        $userId = PMF_Filter::filterInput(INPUT_POST, 'user_list_select', FILTER_VALIDATE_INT, 0);
        if ($userId == 0) {
            $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_noId']);
            $userAction = $defaultUserAction;
        } else {
            $user->getUserById($userId, true);
            // account is protected
            if ($user->getStatus() == 'protected' || $userId == 1) {
                $message .= sprintf('<p class="alert alert-error">%s</p>', $PMF_LANG['ad_user_error_protectedAccount']);
                $userAction = $defaultUserAction;
            } else {
                ?>
        <header>
            <h2>
                <i class="icon-user"></i> <?php 
                echo $PMF_LANG['ad_user_deleteUser'];
                ?>
 <?php 
                echo $user->getLogin();
                ?>
            </h2>