function check_if_unique_del($db, $table, $where)
{
$data_con = new data_abstraction();
$data_con->set_database($db);
$data_con->set_table($table);
$data_con->set_where($where);
$data_con->make_query();
if ($data_con->Num_Rows > 0) {
$data_con_del = new data_abstraction();
$data_con_del->set_query_type('DELETE');
$data_con_del->set_table($table);
$data_con_del->set_where($where);
$data_con_del->make_query();
}
}
extract($arr_form_data);
if (strlen($password) > MAX_PASSWORD_LENGTH) {
$message = 'Password must not be more than ' . MAX_PASSWORD_LENGTH . ' chars.';
$password = '';
}
//check if user exists
if ($dbh_user->check_user($username)->user_exists) {
//Good
} else {
$message = 'Specified username does not exist.';
}
if ($message == "") {
require 'password_crypto.php';
$hashed_password = cobalt_password_hash('NEW', $password, $username, $new_salt, $new_iteration, $new_method);
$data_con = new data_abstraction();
$data_con->set_query_type('UPDATE');
$data_con->set_table('user');
$data_con->set_update("`password`='{$hashed_password}', `salt`='{$new_salt}', `iteration`='{$new_iteration}', `method`='{$new_method}'");
$data_con->set_where("username='******'");
$data_con->make_query();
$message = 'The password has been successfully reset.';
$message_type = 'SYSTEM';
$password = '';
}
}
}
require 'subclasses/user_html.php';
$html = new user_html();
$html->draw_header('Reset Password', $message, $message_type);
$html->fields['password']['control_type'] = 'password';
$html->fields['password']['label'] = 'Temporary Password';
$data_con->set_query_type('INSERT');
$data_con->set_table('user_passport');
$data_con->set_fields('username, link_id');
$arr_values = array();
for ($a = 0; $a < $numLinks; $a++) {
if (isset($link[$a])) {
$arr_values[] = "'" . quote_smart($Username) . "', '{$link[$a]}'";
}
}
$data_con->set_values($arr_values);
$data_con->make_query();
$data_con->close_db();
}
//Finally: since a custom permission operation was done, set role to 0 (no role assigned)
$dbh = new data_abstraction();
$dbh->set_query_type('UPDATE');
$dbh->set_table('user');
$dbh->set_update("role_id='0'");
$dbh->set_where("username='******'");
$dbh->make_query();
$dbh->close_db();
$Role = 'No Role Assigned';
$message = 'Passport settings succesfully updated';
$message_type = 'system';
$SHOW_MODULES = TRUE;
}
}
$html_writer = new html();
$html_writer->draw_header('Set User Passports', $message, $message_type);
?>
<div class="container">
$dbh->set_table('user');
$dbh->set_update("role_id='0'");
$dbh->set_where("username='******'");
$dbh->make_query();
$dbh->close_db();
//Get the role permissions
require_once 'subclasses/user_role_links.php';
$obj_role = new user_role_links();
$obj_role->get_user_role_links($role);
$arrLink = $obj_role->dump['link_id'];
$numLinks = $obj_role->num_rows;
$obj_role->close_db();
//Assign permissions to user
$dbh = new data_abstraction();
foreach ($arrLink as $link_id) {
$dbh->set_query_type('SELECT');
$dbh->set_table('user_passport');
$dbh->set_fields('username, link_id');
$dbh->set_where("username='******' AND link_id='" . quote_smart($link_id) . "'");
$dbh->make_query();
if ($dbh->num_rows == 0) {
$dbh->set_query_type('INSERT');
$dbh->set_values("'" . quote_smart($Username) . "','" . quote_smart($link_id) . "'");
$dbh->make_query();
}
}
$dbh->close_db();
}
$message = 'Success! User passport has been updated.';
$message_type = 'system';
}
init_var($_POST['btn_delete']);
$module = $_POST['module'];
$check = array();
if (isset($_POST['check'])) {
$check = $_POST['check'];
}
if ($_POST['btn_cancel']) {
log_action('Pressed cancel button', $_SERVER['PHP_SELF']);
redirect('SetUserPassports.php');
}
if ($_POST['btn_delete']) {
if (isset($check) && is_array($check)) {
$data_con = new data_abstraction();
$data_con->set_query_type('DELETE');
$obj_role = new data_abstraction();
$obj_role->set_query_type('UPDATE');
$obj_role->set_table('user');
$obj_role->set_update("role_id='0'");
foreach ($check as $user) {
$data_con->set_table('user_passport');
$data_con->set_where("username='******' AND link_id='" . quote_smart($module) . "'");
$data_con->make_query();
$obj_role->set_where("username='******'");
$obj_role->make_query();
}
$data_con->close_db();
$obj_role->close_db();
} else {
$message = "Please select at least one user.";
}
}
function log_action($action, $module = '')
{
if (isset($_SESSION['user'])) {
$username = quote_smart($_SESSION['user']);
} else {
$username = '******';
}
if ($module == '') {
$module = $_SERVER['SCRIPT_NAME'];
}
$date = date("m-d-Y");
$real_time = date("G:i:s");
$new_date = explode("-", $date);
$new_time = explode(":", $real_time);
$timestamp = mktime($new_time[0], $new_time[1], $new_time[2], $new_date[0], $new_date[1], $new_date[2]);
$date_time = date("l, F d, Y -- h:i:s a");
$ip_address = get_ip();
$action = quote_smart($action);
$data_con = new data_abstraction();
$data_con->set_query_type('INSERT');
$data_con->set_table('system_log');
$data_con->set_fields('ip_address, user, datetime, action, module');
$data_con->set_values("'{$ip_address}', '{$username}', '{$timestamp}', '{$action}', '{$module}'");
$data_con->make_query(TRUE, FALSE);
}
if (isset($_POST['passportGroup'])) {
$passportGroup = $_POST['passportGroup'];
if ($passportGroup != "All Groups") {
$filter = "AND a.passport_group_id = '" . quote_smart($passportGroup) . "'";
} else {
$filter = "";
}
}
if ($_POST['btn_submit']) {
if (is_array($_POST['module'])) {
$arr_module = $_POST['module'];
} else {
$arr_module = array();
}
$mod_update_con = new data_abstraction();
$mod_update_con->set_query_type('UPDATE');
$mod_update_con->set_table('user_links');
$data_con = new data_abstraction();
$data_con->set_fields('link_id, status');
$data_con->set_table('user_links a');
$data_con->set_where("name!='Module Control' {$filter}");
$data_con->set_order('a.descriptive_title');
$result = $data_con->make_query()->result;
for ($a = 0; $a < $data_con->num_rows; $a++) {
$data = $result->fetch_assoc();
extract($data);
$new_module_status = 'Off';
if (in_array($link_id, $arr_module)) {
$new_module_status = 'On';
}
if ($new_module_status == $status) {
$group_field3 = $_POST['group_field3'];
}
$message = 'Report saved successfully!';
$message_type = 'system';
} else {
$message = 'Please enter a Report Name in order to save the report';
}
}
if ($_POST['btn_delete']) {
if (trim($_POST['chosen_report']) != '') {
log_action('Pressed delete button');
$reporter_mod_name = $reporter->session_array_name;
$chosen_report = $_POST['chosen_report'];
//Delete any existing report with the same report_name + module_name in order to effectively overwrite similarly named reports
$dbh = new data_abstraction();
$dbh->set_query_type('DELETE');
$dbh->set_table('cobalt_reporter');
$dbh->set_where('module_name = ? AND report_name = ?');
$bind_params = array('ss', $reporter_mod_name, $chosen_report);
$dbh->stmt_prepare($bind_params);
$dbh->stmt_execute();
} else {
$message = 'Please choose a saved report to delete';
}
}
if ($_POST['btn_submit']) {
log_action('Pressed submit button');
if (!isset($_POST['show_field']) || !is_array($_POST['show_field'])) {
$message = 'Please check at least one column to be used for the report.';
$show_field = array();
} else {
$data_con->set_table('user_role_links');
$data_con->set_where("role_id='" . quote_smart($role_id) . "' AND link_id IN ({$completeList})");
$data_con->make_query();
$data_con->close_db();
}
} else {
$data_con = new data_abstraction();
$data_con->set_query_type('DELETE');
$data_con->set_table('user_role_links');
$data_con->set_where("role_id='" . quote_smart($role_id) . "'");
$data_con->make_query();
$data_con->close_db();
}
//FIXME: Make this a batch insert instead of a looped single insert.
$data_con = new data_abstraction();
$data_con->set_query_type('INSERT');
for ($a = 0; $a < $numLinks; $a++) {
if (isset($link[$a])) {
$data_con->set_table('user_role_links');
$data_con->set_fields('role_id, link_id');
$data_con->set_values("'" . quote_smart($role_id) . "', '{$link[$a]}'");
$data_con->make_query();
}
}
$data_con->close_db();
$message = 'Role privileges succesfully updated';
$message_type = 'system';
}
}
$html_writer = new html();
$html_writer->draw_header('Role Permissions', $message, $message_type);
