Odyssey
userSupportView.prg
1 <?php
2 /**
3  * @package UserSupport (Subpackage BAM)
4  * @author SPB
5  *
6  * This script will create a banking cookie with Ca= the admin user. Then redirects to the banking side.
7  */
8 $string = array("filter" => HCUFILTER_INPUT_STRING);
9 HCU_ImportVars($parameters, "a", array("payload" => $string));
10 extract($parameters["a"]);
11 
12 $operation = is_null($operation) ? "" : trim($operation);
13 
14 $userRecord = array();
15 try {
16  $userRecord = HCU_PayloadDecode($Cu, $payload);
17 } catch(exception $e) {
18  print "No User Found";
19  exit;
20 }
21 
22 // Now apply the employee permissions.
23 // Prevent access if employee flag is true --AND--
24 // user is not the master user.
25 $isMasterUser = $Cn === strtolower(trim($Cu));
26 $preventAccess = !$isMasterUser && HCU_array_key_value("employee", $userRecord) === "Y";
27 if ($preventAccess) {
28  print "You do not have access to view employee's account.";
29  exit;
30 }
31 
32 $results = createTheCookie($dbh, $Cu, $Cn, intval($userRecord["user_id"]), intval($MEM_FORCE_RESET), $SYSENV);
33 
34 if ($results["code"] != 0) {
35  print $results["error"][0];
36 } else {
37  header("location: $http_scheme://" . $_SERVER["HTTP_HOST"] . "/banking/hcuAccounts.prg?cu=$Cu");
38 }
39 
40 /**
41  * createTheCookie ($dbh, $Cu, $Cn, $userId, $forceReset, $SYSENV)
42  * This function creates the banking cookie for use in the banking side. This cookie is non-renewable and dies on admin logout.
43  *
44  * @param $dbh -- the database connection
45  * @param $Cu -- the credit union
46  * @param $Cn -- the logged in admin user
47  * @param $userId -- the banking user
48  * @param $forceReset -- the value of the constant for the credit union
49  * @param $SYSENV -- the environment that the cookie thrives in
50  */
51 function createTheCookie ($dbh, $Cu, $Cn, $userId, $forceReset, $SYSENV) {
52  try {
53  $sql = "select failedremain, livewait, lastupdate, lastlogin, showavailable, forcechange, forceremain, trim(a.user_name),
54  userflags & $forceReset, failedlogin, pwchange, msg_tx, flagset, flagset2, flagset3, email,histdays,livebatch from ${Cu}user a, cuadmin b
55  where a.user_id = $userId and b.cu = '$Cu'";
56  $sth = db_query($sql, $dbh);
57  if (!$sth) {
58  throw new exception("select query failed!", 1);
59  }
60  if (!list($failedremain, $livewait, $lastupdate, $llog, $showavail, $fchange, $fremain, $username, $freset, $flog, $pchange, $msgTx, $flagset, $flagset2,
61  $flagset3, $email, $histdays, $livebatch)= db_fetch_array($sth,0)) {
62  throw new exception("select query failed!", 2);
63  }
64 
65  $failedremain = (is_null($failedremain) ? 5 : $failedremain);
66  $fremain = (is_null($fremain) ? 5 : $fremain);
67  $fchange = (is_null($fchange) ? 'N' : $fchange);
68 
69  $livewait = (is_null($livewait) ? "300" : $livewait);
70  $lastupdate = (trim("$lastupdate") == "" ? "Unknown" : urlencode(trim($lastupdate)));
71  $llog = (trim("$llog") == "" ? "None" : urlencode(trim($llog)));
72  $flog = (trim("$flog") == "" ? "None" : urlencode(trim($flog)));
73  $msgTx = (is_null($msgTx) ? 0 : $msgTx);
74  $flagset = (is_null($flagset) ? 0 : $flagset);
75  $flagset2 = (is_null($flagset2) ? 0 : $flagset2);
76  $flagset3 = (is_null($flagset3) ? 0 : $flagset3);
77  $showavail = (is_null($showavail) ? "_" : strtoupper(rtrim($showavail)));
78  $pchange = (is_null($pchange) ? '01/01/2001 01:01:01' : $pchange);
79  $email = (is_null($email) ? "_" : urlencode(rtrim($email)));
80  $fhdays = (is_null($histdays) ? 0 : $histdays);
81  $now = time();
82  $expires = $now + $SYSENV['ticket']['expires'];
83  $testmenu = (isset($testmenu) ? intval($testmenu) : 0);
84  $sid = strval(time());
85 
86  HCU_setcookie_env($SYSENV, "${Cu}_lang", "en_US"); // Set the language cookie
87 
88  $mycookie = "Ctime=$now&Cu=$Cu&Cn=$username&Uid=$userId&Ce=$expires&Clw=$livewait&Clu=$lastupdate&Fplog=$llog&Fflog=$flog&Ffchg=$fchange&Ffreset=$freset"
89  . "&Ffremain=$fremain&Fmsg_tx=$msgTx&Fset=$flagset&Fset2=$flagset2&Fhdays=$fhdays&Ml=$email&Fset3=$flagset3&Ca=$Cn&platform=DSK&sid=$sid";
90 
91  SetTicket(array("secret" => GetSecretKeyString(), "SYSENV" => $SYSENV), "", $mycookie);
92  } catch(exception $e) {
93  return array("error" => array($e->getMessage()), "code" => $e->getCode());
94  }
95  return array("error" => array(), "code" => 0);
96 }
Generated by   doxygen 1.8.15