<?php
require 'reprofunctions.php';
dbgSquirt("============= Save Modified Resource ===============");
dbgSquirt(dbgShowFile($_POST));
$result = checkCookies($forceLogin, $error, FALSE);
if (!$result || $forceLogin) {
// we got an error back that occurred while checkCookies was being run,
// or authentication failed. Either way, bounce them back to the login screen
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?error={$error}");
exit;
}
$username = $_COOKIE['user'];
$bounceURL = "Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/editresource.php?aor=" . $_POST['aor'] . "&forwardType=" . $_POST['forwardType'] . "&forward=" . $_POST['forward'] . "&voicemail=" . $_POST['voicemail'] . "&error=";
// make sure post variables have arrived
// note -- can't check for forward because if it was diabled on the previous
// screen by clicking No, it will not be sent as a POST variable
if (!isset($_POST['resourceId']) || !isset($_POST['aor']) || !isset($_POST['forwardType']) || !isset($_POST['voicemail'])) {
header($bounceURL . "The information to modify a resource was not provided. Please enter the information and click Save. If this error reoccurs, contact an administrator.");
exit;
}
// check if the user pressed cancel ... if so, back to user home
if ("Cancel" == $_POST['submit']) {
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/userhome.php");
exit;
}
// check that resourceId only contains digits
// the valid number check is for security to make sure that no one hacks the
// URL and replaces the resourceId param with something designed to screw up
// the database. In this case, there is nothing the user can fix, so send them
// back to userhome.
<?php
require 'reprofunctions.php';
dbgSquirt("============= Modify Resource ===============");
dbgSquirt("GET --" . dbgShowFile($_GET));
dbgSquirt("POST --" . dbgShowFile($_POST));
$result = checkCookies($forceLogin, $error, FALSE);
if (!$result || $forceLogin) {
// we got an error back that occurred while checkCookies was being run,
// or authentication failed. Either way, bounce them back to the login screen
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?error={$error}");
exit;
}
$username = $_COOKIE['user'];
$bounceURL = "Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/userhome.php?error=";
// make sure post variables have arrived. We should always get a resourceId,
// name, and either an edit or a delete
if (!(isset($_POST['resourceId']) && isset($_POST['aor']) && (isset($_POST['edit']) || isset($_POST['delete'])))) {
header($bounceURL . "The information to modify a resource was not provided. Please enter the information and click Save. If this error reoccurs, contact an administrator.");
exit;
}
// check that resourceId is non-blank ... this shouldn't happen since this is
// a system provided invisible field
if (empty($_POST['resourceId']) || empty($_POST['aor'])) {
header($bounceURL . "The resource to be modified was not specified. Please click one of the Add or Delete buttons. If you see this message again, please contact an administrator.");
exit;
}
$resourceId = $_POST['resourceId'];
$aor = $_POST['aor'];
//see if the operation is Edit or Delete
if ("Delete" == $_POST['delete']) {
function checkCookies(&$forceLogin, &$error, $ignoreBlanks)
{
$forceLogin = TRUE;
$error = "";
global $sessionDuration;
dbgSquirt("==============Function: checkCoookies ==============");
dbgSquirt('Cookie --' . dbgShowFile($_COOKIE));
if (isset($_COOKIE['user']) && !empty($_COOKIE['user']) && isset($_COOKIE['authentication']) && !empty($_COOKIE['authentication'])) {
// both user and authentication cookies are set and non-blank
// dbgSquirt("Cookies set and non-empty");
$userCookie = $_COOKIE['user'];
$authenticationCookie = $_COOKIE['authentication'];
$time = time();
// dbgSquirt("Getting salt");
if (getSalt($salt)) {
// dbgSquirt("...salt gotten");
// dbgSquirt("Encrypting");
if (sha1($userCookie . $salt) == $authenticationCookie) {
// authentication passed
// so reset expiration on cookies
// dbgSquirt("Cookie matches encryption");
// dbgSquirt("Resetting cookies");
// dbgSquirt("Time -- $time");
// dbgSquirt("Time + Duration -- ". ($time+$sessionDuration));
$result = setcookie("user", $userCookie, $time + $sessionDuration);
$result1 = setcookie("authentication", $authenticationCookie, $time + $sessionDuration);
if (TRUE == $result && TRUE == $result1) {
// everything worked
// dbgSquirt("Everything worked ... no need to forceLogin");
$forceLogin = FALSE;
} else {
$error = "Internal error -- problem while creating cookies. Please contact an administrator.";
}
} else {
// credentials in cookies don't match.
// dbgSquirt("Cookie does NOT match encryption");
$error = "Authentication error -- The supplied credentials don't match our stored values. Please reauthenticate and try again.";
}
} else {
// dbgSquirt("...error while getting salt");
// error while trying to get salt value
$error = "Internal error -- unable to validate supplied credentials. Please reauthenticate and try again.";
}
} else {
// cookies were unset or contained empty values
// dbgSquirt("Cookies unset or empty");
if (FALSE == $ignoreBlanks) {
$error = "Please log in.";
}
}
dbgSquirt("Returning -- " . empty($error));
return empty($error);
}
<?php
require 'reprofunctions.php';
dbgSquirt("============= Edit Resource ===============");
dbgSquirt("GET --" . dbgShowFile($_GET));
$result = checkCookies($forceLogin, $error, FALSE);
if (!$result || $forceLogin) {
// we got an error back that occurred while checkCookies was being run,
// or authentication failed. Either way, bounce them back to the login screen
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?error={$error}");
exit;
}
$username = $_COOKIE['user'];
$bounceURL = "Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/userhome.php?error=";
// this page is only entered via GET's
// all of these should be set all the time, even though they might be
// empty... if they aren't set, something is strange about how we got to this
// page
if (!isset($_GET['resourceId']) || !isset($_GET['aor']) || !isset($_GET['forwardType']) || !isset($_GET['forward']) || !isset($_GET['voicemail'])) {
header($bounceURL . "Information missing in request to modify a resource. Please try again. If this error reoccurs, please contact an administrator.");
exit;
}
$resourceId = $_GET['resourceId'];
$aor = $_GET['aor'];
$forwardType = $_GET['forwardType'];
$forward = $_GET['forward'];
$voicemail = $_GET['voicemail'];
// make sure resourceId isn't blank. Other fields could be blank
if (empty($resourceId)) {
header($bounceURL . "Information missing in request to modify a resource. Please try again. If this error reoccurs, please contact an administrator.");
exit;
