function doLogin()
{
$conn = mysqli_connect("localhost", "root", "root", "aceTraining") or die(mysqli_error($conn));
$ea = $_POST['emaillogin'];
$pw = $_POST['passwordlogin'];
$sql = "SELECT * FROM user WHERE (email ='{$ea}' AND password = '******')";
$result = mysqli_query($conn, $sql);
$resultline = mysqli_fetch_array($result);
if ($resultline['userId'] == "") {
echo "Login Failed <br><br>";
showLogin();
} else {
$_SESSION['userId'] = $resultline['userId'];
$_SESSION['usertype'] = $resultline['usertype'];
if ($_SESSION['usertype'] == "admin") {
header('Location: Admin.php');
} else {
if ($_SESSION['usertype'] == "tutor") {
header('Location: Tutor.php');
} else {
if ($_SESSION['usertype'] == "student") {
header('Location: Student.php');
}
}
}
}
}
function showHome($loggedin)
{
if ($loggedin) {
showMainPage();
} else {
showLogin();
}
}
function processLogin($connection)
{
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$checkUsername = "******";
$result = mysqli_query($connection, $checkUsername);
if (mysqli_num_rows($result) != 0) {
$checkPassword = "******";
$result = mysqli_query($connection, $checkPassword);
if (mysqli_num_rows($result) != 0) {
$loggedUser = $_SESSION['username'] = $username;
header('Location: HomePage.php');
exit;
} else {
$err = "Invalid username or password";
//echo "Wrong password";
showLogin($err, $connection);
}
} else {
$err = "Invalid username or password";
//echo "No such username";
showLogin($err, $connection);
}
}
$rssURLArray[] = array("href" => generateURL("show.php", $defaultFeedFormat, array("where" => 'modified_date = CURDATE()'), true, $showRows), "title" => "records edited today");
}
// --------------------------------------------------------------------
// Adjust the width of the right-hand column according to the calling user agent:
// NOTE: strictly, this isn't really necessary but it helps to achieve a similar appearance of the login form on Firefox/Gecko & Safari/WebKit browsers (with all supported GUI languages)
// TODO: figure out a better way (which isn't based on user agent sniffing); the problem could also be avoided by simply stacking <input> fields & their labels on top of each other
if (isset($_SERVER['HTTP_USER_AGENT']) and preg_match("/AppleWebKit/i", $_SERVER['HTTP_USER_AGENT'])) {
$rightColumnWidth = "215";
} else {
$rightColumnWidth = "225";
}
// Get the total number of records:
$recordCount = getTotalNumberOfRecords();
// function 'getTotalNumberOfRecords()' is defined in 'include.inc.php'
// Show the login status:
showLogin();
// (function 'showLogin()' is defined in 'include.inc.php')
// (4) DISPLAY header:
// call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'):
displayHTMLhead(encodeHTML($officialDatabaseName) . " -- " . $loc["Home"], "index,follow", "Search the " . encodeHTML($officialDatabaseName), "", true, "", $viewType, $rssURLArray);
showPageHeader($HeaderString);
// Define variables holding common drop-down elements, i.e. build properly formatted <option> tag elements:
// - "Browse My Refs" form:
$dropDownFieldNameArray2 = array("author" => $loc["DropDownFieldName_Author"], "year" => $loc["DropDownFieldName_Year"], "publication" => $loc["DropDownFieldName_Publication"], "keywords" => $loc["DropDownFieldName_Keywords"], "user_keys" => $loc["DropDownFieldName_UserKeys"]);
$dropDownItems2 = buildSelectMenuOptions($dropDownFieldNameArray2, "//", "\t\t\t\t\t", true);
// function 'buildSelectMenuOptions()' is defined in 'include.inc.php'
// --------------------------------------------------------------------
?>
<table align="center" width="95%" summary="This table explains features, goals and usage of the <?php
echo encodeHTML($officialDatabaseName);
if (util::getPost('password1') === false) {
$output = showRegister('');
} else {
extract($_POST);
// print_r($_POST);
if ("" == $email) {
// echo "setting email";
$email = "";
}
if (!"" == $name) {
if ($password1 != $password2) {
// not all set
$output = showRegister("Passwords not equal");
} else {
if (CTF::register($name, $password1, $email)) {
$output = showLogin("", isset($_SESSION[Challenge::PLAYER]));
} else {
$output = showRegister("User already exists");
}
}
} else {
$output = showRegister("Name can't be empty");
}
}
break;
default:
break;
}
}
$challenge = new Challenge();
$array = $BASE_ARRAY;
function showQueryPage($operation, $viewType, $showRows, $rowOffset)
{
global $officialDatabaseName;
// defined in 'ini.inc.php'
global $displayType;
global $loc;
// defined in 'locales/core.php'
global $client;
// If there's no stored message available:
if (!isset($_SESSION['HeaderString'])) {
$HeaderString = $loc["SearchDB"] . ":";
} else {
$HeaderString = $_SESSION['HeaderString'];
// extract 'HeaderString' session variable (only necessary if register globals is OFF!)
// Note: though we clear the session variable, the current message is still available to this script via '$HeaderString':
deleteSessionVariable("HeaderString");
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
}
// For HTML output, we'll need to reset the value of the '$displayType' variable
// (which, by default, is set to "Export"; see above); otherwise, the 'originalDisplayType'
// parameter in the 'quickSearch' form of the page header would be incorrectly set to "Export"
$displayType = "";
// if '$displayType' is empty, 'show.php' will use the default view that's given in session variable 'userDefaultView'
// Show the login status:
showLogin();
// (function 'showLogin()' is defined in 'include.inc.php')
// DISPLAY header:
// call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'):
displayHTMLhead(encodeHTML($officialDatabaseName) . " -- " . $loc["Search"], "index,follow", "Search the " . encodeHTML($officialDatabaseName), "", true, "", $viewType, array());
if (!preg_match("/^Mobile\$/i", $viewType) and !preg_match("/^inc/i", $client)) {
// Note: we omit the visible header in mobile view ('viewType=Mobile') and for include mechanisms!
showPageHeader($HeaderString);
}
// Define variables holding common drop-down elements, i.e. build properly formatted <option> tag elements:
$dropDownConditionals1Array = array("contains" => $loc["contains"], "does not contain" => $loc["contains not"], "is equal to" => $loc["equal to"], "is not equal to" => $loc["equal to not"], "starts with" => $loc["starts with"], "ends with" => $loc["ends with"]);
$dropDownItems1 = buildSelectMenuOptions($dropDownConditionals1Array, "//", "\t\t\t", true);
// function 'buildSelectMenuOptions()' is defined in 'include.inc.php'
$dropDownConditionals2Array = array("is greater than" => $loc["is greater than"], "is less than" => $loc["is less than"], "is within range" => $loc["is within range"], "is within list" => $loc["is within list"]);
$dropDownItems2 = buildSelectMenuOptions($dropDownConditionals2Array, "//", "\t\t\t", true);
$dropDownFieldNames1Array = array("author" => $loc["DropDownFieldName_Author"], "address" => $loc["DropDownFieldName_Address"], "corporate_author" => $loc["DropDownFieldName_CorporateAuthor"], "thesis" => $loc["DropDownFieldName_Thesis"], "", "title" => $loc["DropDownFieldName_Title"], "orig_title" => $loc["DropDownFieldName_OrigTitle"], "", "year" => $loc["DropDownFieldName_Year"], "publication" => $loc["DropDownFieldName_Publication"], "abbrev_journal" => $loc["DropDownFieldName_AbbrevJournal"], "editor" => $loc["DropDownFieldName_Editor"], "", "volume_numeric" => $loc["DropDownFieldName_Volume"], "issue" => $loc["DropDownFieldName_Issue"], "pages" => $loc["DropDownFieldName_Pages"], "", "series_title" => $loc["DropDownFieldName_SeriesTitle"], "abbrev_series_title" => $loc["DropDownFieldName_AbbrevSeriesTitle"], "series_editor" => $loc["DropDownFieldName_SeriesEditor"], "series_volume_numeric" => $loc["DropDownFieldName_SeriesVolume"], "series_issue" => $loc["DropDownFieldName_SeriesIssue"], "", "publisher" => $loc["DropDownFieldName_Publisher"], "place" => $loc["DropDownFieldName_Place"], "", "edition" => $loc["DropDownFieldName_Edition"], "medium" => $loc["DropDownFieldName_Medium"], "issn" => $loc["DropDownFieldName_Issn"], "isbn" => $loc["DropDownFieldName_Isbn"], "", "language" => $loc["DropDownFieldName_Language"], "summary_language" => $loc["DropDownFieldName_SummaryLanguage"], "", "keywords" => $loc["DropDownFieldName_Keywords"], "abstract" => $loc["DropDownFieldName_Abstract"], "", "area" => $loc["DropDownFieldName_Area"], "expedition" => $loc["DropDownFieldName_Expedition"], "conference" => $loc["DropDownFieldName_Conference"], "", "doi" => $loc["DropDownFieldName_Doi"], "url" => $loc["DropDownFieldName_Url"]);
if (isset($_SESSION['loginEmail'])) {
// we only include the 'file' field if the user is logged in
$dropDownFieldNames1Array["file"] = $loc["DropDownFieldName_File"];
}
$dropDownFieldNames1Array[] = "";
$dropDownFieldNames1Array["notes"] = $loc["DropDownFieldName_Notes"];
if (isset($_SESSION['loginEmail'])) {
// we only include the 'location' field if the user is logged in
$dropDownFieldNames1Array["location"] = $loc["DropDownFieldName_Location"];
}
$dropDownFieldNames2Array = array("call_number" => $loc["DropDownFieldName_CallNumber"], "", "serial" => $loc["DropDownFieldName_Serial"], "type" => $loc["DropDownFieldName_Type"], "approved" => $loc["DropDownFieldName_Approved"], "", "created_date" => $loc["DropDownFieldName_CreatedDate"], "created_time" => $loc["DropDownFieldName_CreatedTime"]);
if (isset($_SESSION['loginEmail'])) {
// we only include the 'created_by' field if the user is logged in
$dropDownFieldNames2Array["created_by"] = $loc["DropDownFieldName_CreatedBy"];
}
$dropDownFieldNames2Array[] = "";
$dropDownFieldNames2Array["modified_date"] = $loc["DropDownFieldName_ModifiedDate"];
$dropDownFieldNames2Array["modified_time"] = $loc["DropDownFieldName_ModifiedTime"];
if (isset($_SESSION['loginEmail'])) {
// we only include the 'modified_by' field if the user is logged in
$dropDownFieldNames2Array["modified_by"] = $loc["DropDownFieldName_ModifiedBy"];
}
$dropDownItems3 = buildSelectMenuOptions(array_merge($dropDownFieldNames1Array, $dropDownFieldNames2Array), "//", "\t\t\t", true);
$dropDownConditionals3Array = array("html" => "html", "atom" => "Atom XML", "rss" => "RSS XML", "srw_dc" => "SRW_DC XML", "srw_mods" => "SRW_MODS XML");
$dropDownItems4 = buildSelectMenuOptions($dropDownConditionals3Array, "//", "\t\t\t", true);
// Map CQL indexes to refbase field names:
$indexNamesArray = mapCQLIndexes();
// function 'mapCQLIndexes()' is defined in 'webservice.inc.php'
// --------------------------------------------------------------------
// TODO: when the simple CQL Query Builder interface is done, a call to 'opensearch.php' (or 'opensearch.php?operation=simple')
// should activate that simple GUI-based interface (currently, it activates the advanced interface that you'd normally only
// get via 'opensearch.php?operation=cql' or 'opensearch.php?operation=advanced')
// if (preg_match("/^(advanced|CQL)$/i", $operation))
showQueryFormAdvanced($dropDownItems1, $dropDownItems2, $dropDownItems3, $dropDownItems4, $showRows, $rowOffset, $indexNamesArray, $viewType);
// let's you enter a standard CQL query directly
// else
// showQueryFormSimple($dropDownItems1, $dropDownItems2, $dropDownItems3, $dropDownItems4, $showRows, $rowOffset, $indexNamesArray, $viewType); // let's you build a CQL query via dropdown menues
// --------------------------------------------------------------------
// DISPLAY THE HTML FOOTER:
// call the 'showPageFooter()' and 'displayHTMLfoot()' functions (which are defined in 'footer.inc.php')
if (!preg_match("/^Mobile\$/i", $viewType) and !preg_match("/^inc/i", $client)) {
// Note: we omit the visible footer in mobile view ('viewType=Mobile') and for include mechanisms!
showPageFooter($HeaderString);
}
displayHTMLfoot();
}
function checkLogin($user, $hashed_pass, $uid = 0)
{
global $dbName, $adminloggedIn, $loggedIn, $cookie, $warn, $step, $failImg, $lang;
global $tempData, $userName, $fullname, $password, $userId, $userToken, $pageData, $groupData, $userOptions, $userIds;
global $fb, $hardDemo;
if ($db = new PDO('sqlite:' . $dbName . '-settings.db')) {
//Is admin Login?
$statement = $db->prepare("SELECT * FROM Settings");
if ($statement) {
$statement->execute();
} else {
showHTML("{$failImg} Error while checking login/cookie information. Settings Database opened OK but statement execution failed.");
}
$tempData = $statement->fetchAll();
if (strcasecmp($user, $tempData[0]['admin']) == 0 && $hashed_pass === md5(decrypt($tempData[0]['adminpass']))) {
$adminloggedIn = true;
$cookie = base64_encode("{$user}:" . $hashed_pass);
setcookie('FBMPGPLogin', $cookie);
if (isset($_GET['logs'])) {
showLogs();
} elseif (isset($_GET['rg']) && !$hardDemo) {
//This refresh is used for Admin Token Install
authRedirect();
} elseif (isset($_GET['users'])) {
require_once 'includes/showusers.php';
} elseif (isset($_GET['crons'])) {
require_once 'includes/showcrons.php';
} elseif (isset($_GET['clogs'])) {
if (file_exists($dbName . '-logs.db')) {
unlink($dbName . '-logs.db');
}
header("Location: ./?logs");
exit;
} else {
showHTML(include_once 'includes/admin.php', $lang['Admin Panel']);
}
}
} else {
showHTML("{$failImg} Failed to open settings database while checking login information. Exiting...");
}
if ($db = new PDO('sqlite:' . $dbName . '-users.db')) {
$statement = $db->prepare("SELECT COUNT(*) FROM FB WHERE username = \"{$user}\"");
if ($statement) {
$statement->execute();
} else {
showHTML("{$failImg} Error while checking login/cookie information. Users Database opened OK but statement execution failed.");
}
if ($statement->fetchColumn() > 0) {
if ($uid) {
$statement = $db->prepare("SELECT * FROM FB WHERE username = \"{$user}\" AND userid = \"{$uid}\"");
} else {
$statement = $db->prepare("SELECT * FROM FB WHERE username = \"{$user}\"");
}
if ($statement) {
$statement->execute();
} else {
showHTML("{$failImg} Users Database query failed while checking login information");
}
$tempData = $statement->fetchAll();
if (!$tempData) {
$warn = $lang['User does not exist'];
showLogin();
}
$userName = $tempData[0]['username'];
$password = decrypt($tempData[0]['password']);
$userToken = $tempData[0]['usertoken'];
$fullname = $tempData[0]['fullname'];
$pageData = $tempData[0]['pagedata'];
$groupData = $tempData[0]['groupdata'];
$userId = $tempData[0]['userid'];
$userOptions = readOptions($tempData[0]['useroptions']);
$userOptions = checkUserOptions($userOptions);
$userOptions['lastActive'] = time();
saveUserOptions();
if ($uid) {
$statement = $db->prepare("SELECT * FROM FB WHERE username = \"{$user}\"");
if ($statement) {
$statement->execute();
} else {
showHTML("{$failImg} Users Database query failed while checking id information");
}
$tempData = $statement->fetchAll();
}
foreach ($tempData as $s) {
$userIds[$s['fullname']] = $s['userid'];
}
}
} else {
showHTML("{$failImg} Failed to open users database while checking login information. Exiting...");
}
if (strcasecmp($user, $userName) != 0 || $hashed_pass != md5($password)) {
if (isset($_POST['un'])) {
$warn = $lang['Incorrect login info'];
}
showLogin();
}
$cookie = base64_encode("{$userName}:" . md5($password));
$loggedIn = true;
}
echo " [<a target='_blank' href='{$atom_url}'>{$mode} ATOM FEED</a>] ";
if ($mode === 'PREVIEW') {
echo " [<a target='_blank' href='{$admin_url}vfp/static/flatplan.html?atom=" . rawurlencode($atom_url) . "'>{$mode} Visual Flat Plan</a>]";
}
}
}
}
if (!empty($atom)) {
$preview_base = 'http://' . $this_title . '.' . $this_app['name'] . '.' . $this_app['user'] . $ppdomains['PREVIEW'] . dirname(parse_url($atom, PHP_URL_PATH)) . '/';
showSingleEdition($user, $opds, $atom, $edition_file_root, $edition_zip_root, $preview_base, $edition_thumbs_root);
} elseif (!empty($opds)) {
showEditionsAndCovers($user, $opds, $edition_file_root);
} elseif (!empty($user)) {
showAppList($apps, $user);
} else {
showLogin($apps);
}
if (count($_REQUEST) === 0) {
echo '<br><a href="?hosts">[hosts file entries]</a>';
}
echo "<h3>That's all folks</h3>";
function showSingleEdition($user, $opds, $atom, $edition_file_root, $edition_zip_root, $preview_base, $edition_thumbs_root)
{
$entries = array();
//$save_path = $edition_file_root . 'opds/' . hash('md5', $opds). '/atom/' . hash('md5', $atom). 'contents.xml';
$save_path = pugpig_get_local_save_path($edition_file_root, $atom);
//echo "** Atom: $save_path<br />";
$entries[$atom] = $save_path;
$entries = _pugpig_package_download_batch("Atom Feed", $entries);
// Read the ATOM from the file
$fhandle = fopen($entries[$atom], 'r');
function login_page($referer)
{
global $HeaderString;
global $viewType;
global $loginWelcomeMsg;
global $loginStatus;
global $loginLinks;
global $officialDatabaseName;
global $loc;
// Show login status (should be logged out!)
showLogin();
// (function 'showLogin()' is defined in 'include.inc.php')
// If there's no stored message available:
if (!isset($_SESSION['HeaderString'])) {
$HeaderString = $loc['YouNeedToLoginInOrderToMakeChangesToTheDatabase'];
} else {
$HeaderString = $_SESSION['HeaderString'];
// extract 'HeaderString' session variable (only necessary if register globals is OFF!)
// Note: though we clear the session variable, the current message is still available to this script via '$HeaderString':
deleteSessionVariable("HeaderString");
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
}
// Call the 'displayHTMLhead()' and 'showPageHeader()' functions (which are defined in 'header.inc.php'):
displayHTMLhead(encodeHTML($officialDatabaseName) . " -- User Login", "index,follow", "User login page. You must be logged in to the " . encodeHTML($officialDatabaseName) . " in order to add, edit or delete records", "", false, "", $viewType, array());
showPageHeader($HeaderString);
// Build the login form:
// Note: we use the fact here, that a page can have both, a GET and POST request.
// (if you POST, but add ?blah=foo to the end of the action URL, the client will GET, then POST)
?>
<form method="POST" action="user_login.php?referer=<?php
echo rawurlencode($referer);
?>
">
<div class="row">
<div class="small-12 column">
<div class="row">
<div class="small-2 columns">
<label for=""><?php
echo $loc["EmailAddress"];
?>
:</label>
</div>
<div class="small-10 columns">
<input type="text" name="loginEmail" size="30">
</div>
</div>
</div>
</div>
<div class="row">
<div class="small-12 column">
<div class="row">
<div class="small-2 columns">
<label for=""><?php
echo $loc["EmailAdressPassword"];
?>
:</label>
</div>
<div class="small-10 columns">
<input type="password" name="loginPassword" size="30">
</div>
</div>
</div>
</div>
<div class="row">
<div class="small-12 column">
<input class="button secondary right" style="margin-bottom: 15px" type="submit" value="Login">
</div>
</div>
<!--<table align="center" border="0" cellpadding="2" cellspacing="5" width="95%" summary="This table holds a login form for the --><?php
//echo encodeHTML($officialDatabaseName);
?>
<!--">-->
<!-- <tr>-->
<!-- <td width="174" valign="bottom">-->
<!-- <b>--><?php
//echo $loc["EmailAddress"];
?>
<!--:</b>-->
<!-- </td>-->
<!-- <td valign="bottom">-->
<!-- <input type="text" name="loginEmail" size="30">-->
<!-- </td>-->
<!-- </tr>-->
<!-- <tr>-->
<!-- <td valign="bottom">-->
<!-- <b>--><?php
//echo $loc["EmailAdressPassword"];
?>
<!--:</b>-->
<!-- </td>-->
<!-- <td valign="bottom">-->
<!-- <input type="password" name="loginPassword" size="30">-->
<!-- </td>-->
<!-- </tr>-->
<!-- <tr>-->
<!-- <td valign="bottom">-->
<!-- -->
<!-- </td>-->
<!-- <td valign="bottom">-->
<!-- <input class="button secondary" type="submit" value="Login">-->
<!-- </td>-->
<!-- </tr>-->
<!--</table>-->
</form><?php
// --------------------------------------------------------------------
// DISPLAY THE HTML FOOTER:
// call the 'showPageFooter()' and 'displayHTMLfoot()' functions (which are defined in 'footer.inc.php')
showPageFooter($HeaderString);
displayHTMLfoot();
// --------------------------------------------------------------------
}
