public function deleteCentre() { $users = $this->getUsers(); foreach ($users as $user) { $delUser = new eCRFUser($user); $delUser->deleteUser(); } $this->deleteFromDB(); }
public function addUser(eCRFUser $user) { $id = $user->getID(); $time = date('Y-m-d H:i:s'); if (!isset($this->firstuser)) { $this->set('firstuser', $id); $this->set('created', $time); } $this->set('lastuser', $id); $this->set('lastmod', $time); }
if (isset($_POST['sign'])) { header("Location:dataentry.php?page=signpt"); exit; } else { header("Location:dataentry.php?page=core"); exit; } } } header("Location:index.php?page={$include}"); exit; break; case 'useradm': if (isset($_POST['useradm_id'])) { foreach ($_POST['useradm_id'] as $id) { $newUser = new eCRFUser($id); if (isset($_POST['admin']) && $_POST['admin'] == 'admin' && !$user->isRegional()) { $newPriv = 10; } else { $newPriv = 15; } if ($user->isRegional() && $newUser->getCentre() != $user->getCentre()) { // Check not trying to validate someone elses users $_SESSION['error'] = "You can only validate users from your own centre"; } else { if (!$newUser->email || $newPriv == 10 && $newUser->getPrivilege() == 99 || $newPriv == 15 && $newUser->getPrivilege() == 98) { $_SESSION['error'] = "An error has occurred."; } else { $newUser->setPrivilege($newPriv); // Data entry privilege $password = $newUser->generatePassword();
protected function getEmailContact($type) { $contact = array(); if ($type == 'testregister' || $type == 'created') { $contact[] = $this; } else { if ($type === 'register' || $type === 'forgotpass') { if ($this->getPrivilege() == 98) { $contact[] = new eCRFUser($this->_adminUser); } else { $sql = "SELECT id FROM user WHERE centre_id = ?"; $pA = array('i', $this->getCentre()); $search = DB::query($sql, $pA); foreach ($search->rows as $row) { $possContact = new eCRFUser($row->id); if ($possContact->isLocalAdmin()) { $contact[] = $possContact; } } if (empty($contact)) { $contact[] = new eCRFUser($this->_adminUser); } } } else { if ($type === 'createuser') { $contact[] = new eCRFUser(11); } else { $contact[] = new eCRFUser($this->_adminUser); } } } return $contact; }
<?php $showSearch = true; if (isset($_POST['userSelect']) && is_numeric($_POST['userSelect'])) { $userEdit = new eCRFUser($_POST['userSelect']); if ($userEdit->get('email') && $userEdit->getPrivilege() >= $user->getPrivilege()) { $showSearch = false; echo "<h4>Edit the user's details below</h4>"; $form = new HTMLForm('process.php', 'post'); $fields = $trial->getFormFields($page); $form->processFields($fields, $userEdit); if (isset($_SESSION['inputErr'])) { // If any errors then add them to the form $form->addErrors($_SESSION['inputErr']); unset($_SESSION['inputErr']); } $centre = new Data($userEdit->getCentre(), 'Centre'); $form->addInputValue('usereg-country', $centre->get('country_id')); $form->addInput('hidden', 'userID', $userEdit->getID()); $form->addInput('hidden', 'page', $page); $form->addInput('hidden', 'deleteUser', 'false'); $form->addButton('Delete', array('btn-danger', 'hidden')); $form->addCancelButton('index.php?page=usereg'); $_SESSION['csrfToken'] = $token = base64_encode(openssl_random_pseudo_bytes(32)); $form->addInput('hidden', 'csrfToken', $token); echo $form->writeHTML(); } } if ($showSearch) { $sql = "SELECT *, user.id as userID, centre.name as centreName, country.name as countryName, privilege.name as privilegeName, privilege_id FROM user\n LEFT JOIN centre ON centre_id = centre.id\n LEFT JOIN country ON country_id = country.id\n LEFT JOIN privilege ON privilege_id = privilege.id"; if ($user->isLocal()) {
public function addSignInput($post) { if (isset($post['comment'])) { $this->record->set('comment', $post['comment']); $this->record->saveToDB(); } if (isset($post['presignpt'])) { if ($post['presignpt'] && $this->user->canPreSign()) { $this->record->preSignRecord(); } } if (isset($post['unpresignpt'])) { if ($post['unpresignpt'] && $this->user->canUnPreSign()) { $this->record->unPreSignRecord(); } } if (isset($post['signpt'])) { if ($post['signpt'] && $this->user->canSign()) { $this->record->signRecord(); $this->record->preSignRecord(); } } if (isset($post['unsignpt'])) { if ($post['unsignpt'] && $this->user->canUnsign()) { $this->record->unsignRecord(); } } }
} if (isset($_SESSION['csrfToken'])) { unset($_SESSION['csrfToken']); } $sql = "SELECT id FROM failed_login WHERE ip_address = ? AND failed_time > ADDDATE(NOW(), INTERVAL -5 MINUTE)"; $ip_address = $_SERVER['REMOTE_ADDR']; $pA = array('s', $ip_address); $failures = DB::query($sql, $pA); $num_failed = $failures->getRows(); $too_many_attempts = false; if ($num_failed > 3) { $_SESSION['error'] = 'Too many failed attempts from your location, please try again in 5 minutes.'; $too_many_attempts = true; } if (!$too_many_attempts && isset($_POST['username']) && isset($_POST['password'])) { $user = new eCRFUser(); $login = $user->login($_POST['username'], $_POST['password']); if ($login) { $_SESSION['user'] = $user; } } else { $login = false; } if ($too_many_attempts || !$login) { $sql = "INSERT INTO failed_login ( username, ip_address, too_many, failed_time ) VALUES ( ?, ?, ?, ? )"; $username = substr($_POST['username'], 0, 50); $failed_time = gmdate("Y-m-d H:i:s"); $pA = array('ssis', $username, $ip_address, $too_many_attempts, $failed_time); DB::query($sql, $pA); } header('Location:index.php');