function check_if_unique_del($db, $table, $where) { $data_con = new data_abstraction(); $data_con->set_database($db); $data_con->set_table($table); $data_con->set_where($where); $data_con->make_query(); if ($data_con->Num_Rows > 0) { $data_con_del = new data_abstraction(); $data_con_del->set_query_type('DELETE'); $data_con_del->set_table($table); $data_con_del->set_where($where); $data_con_del->make_query(); } }
extract($arr_form_data); if (strlen($password) > MAX_PASSWORD_LENGTH) { $message = 'Password must not be more than ' . MAX_PASSWORD_LENGTH . ' chars.'; $password = ''; } //check if user exists if ($dbh_user->check_user($username)->user_exists) { //Good } else { $message = 'Specified username does not exist.'; } if ($message == "") { require 'password_crypto.php'; $hashed_password = cobalt_password_hash('NEW', $password, $username, $new_salt, $new_iteration, $new_method); $data_con = new data_abstraction(); $data_con->set_query_type('UPDATE'); $data_con->set_table('user'); $data_con->set_update("`password`='{$hashed_password}', `salt`='{$new_salt}', `iteration`='{$new_iteration}', `method`='{$new_method}'"); $data_con->set_where("username='******'"); $data_con->make_query(); $message = 'The password has been successfully reset.'; $message_type = 'SYSTEM'; $password = ''; } } } require 'subclasses/user_html.php'; $html = new user_html(); $html->draw_header('Reset Password', $message, $message_type); $html->fields['password']['control_type'] = 'password'; $html->fields['password']['label'] = 'Temporary Password';
$data_con->set_query_type('INSERT'); $data_con->set_table('user_passport'); $data_con->set_fields('username, link_id'); $arr_values = array(); for ($a = 0; $a < $numLinks; $a++) { if (isset($link[$a])) { $arr_values[] = "'" . quote_smart($Username) . "', '{$link[$a]}'"; } } $data_con->set_values($arr_values); $data_con->make_query(); $data_con->close_db(); } //Finally: since a custom permission operation was done, set role to 0 (no role assigned) $dbh = new data_abstraction(); $dbh->set_query_type('UPDATE'); $dbh->set_table('user'); $dbh->set_update("role_id='0'"); $dbh->set_where("username='******'"); $dbh->make_query(); $dbh->close_db(); $Role = 'No Role Assigned'; $message = 'Passport settings succesfully updated'; $message_type = 'system'; $SHOW_MODULES = TRUE; } } $html_writer = new html(); $html_writer->draw_header('Set User Passports', $message, $message_type); ?> <div class="container">
$dbh->set_table('user'); $dbh->set_update("role_id='0'"); $dbh->set_where("username='******'"); $dbh->make_query(); $dbh->close_db(); //Get the role permissions require_once 'subclasses/user_role_links.php'; $obj_role = new user_role_links(); $obj_role->get_user_role_links($role); $arrLink = $obj_role->dump['link_id']; $numLinks = $obj_role->num_rows; $obj_role->close_db(); //Assign permissions to user $dbh = new data_abstraction(); foreach ($arrLink as $link_id) { $dbh->set_query_type('SELECT'); $dbh->set_table('user_passport'); $dbh->set_fields('username, link_id'); $dbh->set_where("username='******' AND link_id='" . quote_smart($link_id) . "'"); $dbh->make_query(); if ($dbh->num_rows == 0) { $dbh->set_query_type('INSERT'); $dbh->set_values("'" . quote_smart($Username) . "','" . quote_smart($link_id) . "'"); $dbh->make_query(); } } $dbh->close_db(); } $message = 'Success! User passport has been updated.'; $message_type = 'system'; }
init_var($_POST['btn_delete']); $module = $_POST['module']; $check = array(); if (isset($_POST['check'])) { $check = $_POST['check']; } if ($_POST['btn_cancel']) { log_action('Pressed cancel button', $_SERVER['PHP_SELF']); redirect('SetUserPassports.php'); } if ($_POST['btn_delete']) { if (isset($check) && is_array($check)) { $data_con = new data_abstraction(); $data_con->set_query_type('DELETE'); $obj_role = new data_abstraction(); $obj_role->set_query_type('UPDATE'); $obj_role->set_table('user'); $obj_role->set_update("role_id='0'"); foreach ($check as $user) { $data_con->set_table('user_passport'); $data_con->set_where("username='******' AND link_id='" . quote_smart($module) . "'"); $data_con->make_query(); $obj_role->set_where("username='******'"); $obj_role->make_query(); } $data_con->close_db(); $obj_role->close_db(); } else { $message = "Please select at least one user."; } }
function log_action($action, $module = '') { if (isset($_SESSION['user'])) { $username = quote_smart($_SESSION['user']); } else { $username = '******'; } if ($module == '') { $module = $_SERVER['SCRIPT_NAME']; } $date = date("m-d-Y"); $real_time = date("G:i:s"); $new_date = explode("-", $date); $new_time = explode(":", $real_time); $timestamp = mktime($new_time[0], $new_time[1], $new_time[2], $new_date[0], $new_date[1], $new_date[2]); $date_time = date("l, F d, Y -- h:i:s a"); $ip_address = get_ip(); $action = quote_smart($action); $data_con = new data_abstraction(); $data_con->set_query_type('INSERT'); $data_con->set_table('system_log'); $data_con->set_fields('ip_address, user, datetime, action, module'); $data_con->set_values("'{$ip_address}', '{$username}', '{$timestamp}', '{$action}', '{$module}'"); $data_con->make_query(TRUE, FALSE); }
if (isset($_POST['passportGroup'])) { $passportGroup = $_POST['passportGroup']; if ($passportGroup != "All Groups") { $filter = "AND a.passport_group_id = '" . quote_smart($passportGroup) . "'"; } else { $filter = ""; } } if ($_POST['btn_submit']) { if (is_array($_POST['module'])) { $arr_module = $_POST['module']; } else { $arr_module = array(); } $mod_update_con = new data_abstraction(); $mod_update_con->set_query_type('UPDATE'); $mod_update_con->set_table('user_links'); $data_con = new data_abstraction(); $data_con->set_fields('link_id, status'); $data_con->set_table('user_links a'); $data_con->set_where("name!='Module Control' {$filter}"); $data_con->set_order('a.descriptive_title'); $result = $data_con->make_query()->result; for ($a = 0; $a < $data_con->num_rows; $a++) { $data = $result->fetch_assoc(); extract($data); $new_module_status = 'Off'; if (in_array($link_id, $arr_module)) { $new_module_status = 'On'; } if ($new_module_status == $status) {
$group_field3 = $_POST['group_field3']; } $message = 'Report saved successfully!'; $message_type = 'system'; } else { $message = 'Please enter a Report Name in order to save the report'; } } if ($_POST['btn_delete']) { if (trim($_POST['chosen_report']) != '') { log_action('Pressed delete button'); $reporter_mod_name = $reporter->session_array_name; $chosen_report = $_POST['chosen_report']; //Delete any existing report with the same report_name + module_name in order to effectively overwrite similarly named reports $dbh = new data_abstraction(); $dbh->set_query_type('DELETE'); $dbh->set_table('cobalt_reporter'); $dbh->set_where('module_name = ? AND report_name = ?'); $bind_params = array('ss', $reporter_mod_name, $chosen_report); $dbh->stmt_prepare($bind_params); $dbh->stmt_execute(); } else { $message = 'Please choose a saved report to delete'; } } if ($_POST['btn_submit']) { log_action('Pressed submit button'); if (!isset($_POST['show_field']) || !is_array($_POST['show_field'])) { $message = 'Please check at least one column to be used for the report.'; $show_field = array(); } else {
$data_con->set_table('user_role_links'); $data_con->set_where("role_id='" . quote_smart($role_id) . "' AND link_id IN ({$completeList})"); $data_con->make_query(); $data_con->close_db(); } } else { $data_con = new data_abstraction(); $data_con->set_query_type('DELETE'); $data_con->set_table('user_role_links'); $data_con->set_where("role_id='" . quote_smart($role_id) . "'"); $data_con->make_query(); $data_con->close_db(); } //FIXME: Make this a batch insert instead of a looped single insert. $data_con = new data_abstraction(); $data_con->set_query_type('INSERT'); for ($a = 0; $a < $numLinks; $a++) { if (isset($link[$a])) { $data_con->set_table('user_role_links'); $data_con->set_fields('role_id, link_id'); $data_con->set_values("'" . quote_smart($role_id) . "', '{$link[$a]}'"); $data_con->make_query(); } } $data_con->close_db(); $message = 'Role privileges succesfully updated'; $message_type = 'system'; } } $html_writer = new html(); $html_writer->draw_header('Role Permissions', $message, $message_type);