<?php
$showSearch = true;
if (isset($_POST['userSelect']) && is_numeric($_POST['userSelect'])) {
$userEdit = new eCRFUser($_POST['userSelect']);
if ($userEdit->get('email') && $userEdit->getPrivilege() >= $user->getPrivilege()) {
$showSearch = false;
echo "<h4>Edit the user's details below</h4>";
$form = new HTMLForm('process.php', 'post');
$fields = $trial->getFormFields($page);
$form->processFields($fields, $userEdit);
if (isset($_SESSION['inputErr'])) {
// If any errors then add them to the form
$form->addErrors($_SESSION['inputErr']);
unset($_SESSION['inputErr']);
}
$centre = new Data($userEdit->getCentre(), 'Centre');
$form->addInputValue('usereg-country', $centre->get('country_id'));
$form->addInput('hidden', 'userID', $userEdit->getID());
$form->addInput('hidden', 'page', $page);
$form->addInput('hidden', 'deleteUser', 'false');
$form->addButton('Delete', array('btn-danger', 'hidden'));
$form->addCancelButton('index.php?page=usereg');
$_SESSION['csrfToken'] = $token = base64_encode(openssl_random_pseudo_bytes(32));
$form->addInput('hidden', 'csrfToken', $token);
echo $form->writeHTML();
}
}
if ($showSearch) {
$sql = "SELECT *, user.id as userID, centre.name as centreName, country.name as countryName, privilege.name as privilegeName, privilege_id FROM user\n LEFT JOIN centre ON centre_id = centre.id\n LEFT JOIN country ON country_id = country.id\n LEFT JOIN privilege ON privilege_id = privilege.id";
if ($user->isLocal()) {
exit;
break;
case 'useradm':
if (isset($_POST['useradm_id'])) {
foreach ($_POST['useradm_id'] as $id) {
$newUser = new eCRFUser($id);
if (isset($_POST['admin']) && $_POST['admin'] == 'admin' && !$user->isRegional()) {
$newPriv = 10;
} else {
$newPriv = 15;
}
if ($user->isRegional() && $newUser->getCentre() != $user->getCentre()) {
// Check not trying to validate someone elses users
$_SESSION['error'] = "You can only validate users from your own centre";
} else {
if (!$newUser->email || $newPriv == 10 && $newUser->getPrivilege() == 99 || $newPriv == 15 && $newUser->getPrivilege() == 98) {
$_SESSION['error'] = "An error has occurred.";
} else {
$newUser->setPrivilege($newPriv);
// Data entry privilege
$password = $newUser->generatePassword();
// Generate new password
$newUser->setPassword($password, $user->getKey());
// Set it for the user
$email = $newUser->writeEmail('created', $user, $password);
// Send email with username and password
$mail = $trial->sendEmail($email);
if ($mail) {
$newUser->saveToDB();
if (isset($_SESSION['message'])) {
$_SESSION['message'] = "Users successfully validated.";
public function checkPageLogin($page)
{
// Takes requested page, ensures it exists and ensures privilege to access it
$checkPage = NULL;
// If database offline then auto logout
if ($this->isOffline() && $this->getUser() && $this->user->getPrivilege() != 1) {
$page = 'logout';
}
if ($page == 'logout') {
// Special case for logout
if ($this->getUser()) {
$this->user->logout();
unset($this->user);
$checkPage = $page;
}
} else {
$sql = "SELECT id, privilege_id FROM pages WHERE name = ? AND active = 1";
// Get required privilege for page
$pA = array('s', $page);
$result = DB::query($sql, $pA);
if ($result->getRows()) {
$rp = $result->privilege_id;
if (isset($this->user)) {
if ($rp == 100) {
// 100 privilege pages only available when not logged on
$checkPage = NULL;
} else {
if ($this->user->getPrivilege() <= $rp) {
$checkPage = $page;
}
}
} else {
if ($rp == 100) {
$checkPage = $page;
}
}
$showPage = $this->parseBranches($result->id);
if (!$showPage) {
$checkPage = NULL;
}
}
}
return $checkPage;
}
