示例#1
0
文件: usereg.php 项目: uhtoff/eCRF
<?php

$showSearch = true;
if (isset($_POST['userSelect']) && is_numeric($_POST['userSelect'])) {
    $userEdit = new eCRFUser($_POST['userSelect']);
    if ($userEdit->get('email') && $userEdit->getPrivilege() >= $user->getPrivilege()) {
        $showSearch = false;
        echo "<h4>Edit the user's details below</h4>";
        $form = new HTMLForm('process.php', 'post');
        $fields = $trial->getFormFields($page);
        $form->processFields($fields, $userEdit);
        if (isset($_SESSION['inputErr'])) {
            // If any errors then add them to the form
            $form->addErrors($_SESSION['inputErr']);
            unset($_SESSION['inputErr']);
        }
        $centre = new Data($userEdit->getCentre(), 'Centre');
        $form->addInputValue('usereg-country', $centre->get('country_id'));
        $form->addInput('hidden', 'userID', $userEdit->getID());
        $form->addInput('hidden', 'page', $page);
        $form->addInput('hidden', 'deleteUser', 'false');
        $form->addButton('Delete', array('btn-danger', 'hidden'));
        $form->addCancelButton('index.php?page=usereg');
        $_SESSION['csrfToken'] = $token = base64_encode(openssl_random_pseudo_bytes(32));
        $form->addInput('hidden', 'csrfToken', $token);
        echo $form->writeHTML();
    }
}
if ($showSearch) {
    $sql = "SELECT *, user.id as userID, centre.name as centreName, country.name as countryName, privilege.name as privilegeName, privilege_id FROM user\n        LEFT JOIN centre ON centre_id = centre.id\n        LEFT JOIN country ON country_id = country.id\n        LEFT JOIN privilege ON privilege_id = privilege.id";
    if ($user->isLocal()) {
示例#2
0
文件: process.php 项目: uhtoff/eCRF
     exit;
     break;
 case 'useradm':
     if (isset($_POST['useradm_id'])) {
         foreach ($_POST['useradm_id'] as $id) {
             $newUser = new eCRFUser($id);
             if (isset($_POST['admin']) && $_POST['admin'] == 'admin' && !$user->isRegional()) {
                 $newPriv = 10;
             } else {
                 $newPriv = 15;
             }
             if ($user->isRegional() && $newUser->getCentre() != $user->getCentre()) {
                 // Check not trying to validate someone elses users
                 $_SESSION['error'] = "You can only validate users from your own centre";
             } else {
                 if (!$newUser->email || $newPriv == 10 && $newUser->getPrivilege() == 99 || $newPriv == 15 && $newUser->getPrivilege() == 98) {
                     $_SESSION['error'] = "An error has occurred.";
                 } else {
                     $newUser->setPrivilege($newPriv);
                     // Data entry privilege
                     $password = $newUser->generatePassword();
                     // Generate new password
                     $newUser->setPassword($password, $user->getKey());
                     // Set it for the user
                     $email = $newUser->writeEmail('created', $user, $password);
                     // Send email with username and password
                     $mail = $trial->sendEmail($email);
                     if ($mail) {
                         $newUser->saveToDB();
                         if (isset($_SESSION['message'])) {
                             $_SESSION['message'] = "Users successfully validated.";
示例#3
0
文件: ecrflib.php 项目: uhtoff/eCRF
 public function checkPageLogin($page)
 {
     // Takes requested page, ensures it exists and ensures privilege to access it
     $checkPage = NULL;
     // If database offline then auto logout
     if ($this->isOffline() && $this->getUser() && $this->user->getPrivilege() != 1) {
         $page = 'logout';
     }
     if ($page == 'logout') {
         // Special case for logout
         if ($this->getUser()) {
             $this->user->logout();
             unset($this->user);
             $checkPage = $page;
         }
     } else {
         $sql = "SELECT id, privilege_id FROM pages WHERE name = ? AND active = 1";
         // Get required privilege for page
         $pA = array('s', $page);
         $result = DB::query($sql, $pA);
         if ($result->getRows()) {
             $rp = $result->privilege_id;
             if (isset($this->user)) {
                 if ($rp == 100) {
                     // 100 privilege pages only available when not logged on
                     $checkPage = NULL;
                 } else {
                     if ($this->user->getPrivilege() <= $rp) {
                         $checkPage = $page;
                     }
                 }
             } else {
                 if ($rp == 100) {
                     $checkPage = $page;
                 }
             }
             $showPage = $this->parseBranches($result->id);
             if (!$showPage) {
                 $checkPage = NULL;
             }
         }
     }
     return $checkPage;
 }