<?php
require 'db.php';
/**
* Grabs the user info from $_SERVER and inserts it into a table.
* @param $dbc - The db connection object.
*/
function logUser($dbc)
{
$ipAddress = $dbc->real_escape_string($_SERVER['REMOTE_ADDR']);
$userAgent = $dbc->real_escape_string($_SERVER['HTTP_USER_AGENT']);
$sql = "INSERT INTO user_tracking\n (ip_address, user_agent)\n VALUES('{$ipAddress}','{$userAgent}')";
$dbc->query($sql);
}
logUser($dbc);
//Close Connection.
$dbc->close();
function logNelQuery($query)
{
global $uid;
/*
$f = fopen("./nel_queries.log", "a");
fwrite($f, date("Y/m/d H:i:s")." ".sprintf("%-16s", $admlogin)." $query\n");
fclose($f);
*/
logUser($uid, "QUERY=" . $query);
}
if (strncmp($var, "current_select_", 15) == 0) {
$sel[] = $value;
}
}
}
$sel = array_unique($sel);
if (isset($update) && count($update > 0)) {
if (count($update) > 1) {
$query = "[" . join(",", $update) . "]";
$query = factorizeQuery($query);
} else {
$query = $update[0];
}
$executeQuery = $query;
$bef = microtime();
logUser($uid, "UPDATE=" . $executeQuery);
$qstate = nel_query($executeQuery, $updateResult);
$aft = microtime();
list($usec, $sec) = explode(" ", $bef);
$bef = (double) $sec + (double) $usec;
list($usec, $sec) = explode(" ", $aft);
$aft = (double) $sec + (double) $usec;
$tm = (int) (($aft - $bef) * 1000.0);
$queryResult = "Executed {$executeQuery}<br>{$tm} milliseconds computation time<br>\n";
}
} else {
if (isset($executeQuery)) {
$bef = microtime();
$qstate = nel_query($executeQuery, $updateResult);
$aft = microtime();
list($usec, $sec) = explode(" ", $bef);
function step3_verifyUser($form_data)
{
global $BL, $conf, $custom_fields;
$err = $BL->customers->validate($form_data, $custom_fields);
$product_data = $BL->products->find(array("WHERE `plan_price_id`='" . (isset($_SESSION['product_id']) ? $BL->utils->quoteSmart($_SESSION['product_id']) : 0) . "'"));
$server_default = $BL->products->getServerForProduct(isset($_SESSION['product_id']) ? $_SESSION['product_id'] : 0);
if (empty($err) && isset($product_data[0]['acc_method']) && $product_data[0]['acc_method'] == 2 && !empty($form_data['dom_user'])) {
if (!empty($server_default['username_min_length']) && strlen($form_data['dom_user']) < $server_default['username_min_length']) {
$err = $BL->props->lang['username_is_short'] . $server_default['username_min_length'];
}
if (!empty($server_default['username_max_length']) && strlen($form_data['dom_user']) > $server_default['username_max_length']) {
$err = $BL->props->lang['username_is_large'] . $server_default['username_max_length'];
}
if ($BL->checkAccountExistInServer($server_default, $form_data['dom_user'])) {
$err = $BL->props->lang['err_user_exist'];
}
}
$form_data['selected_server_id'] = isset($server_default['server_id']) ? $server_default['server_id'] : 0;
$objResponse = new xajaxResponse(CHARSET);
if (empty($err)) {
$objResponse->addScriptCall("toggleTbodyOff", "error_section");
$_SESSION['customer'] = $form_data;
$objResponse->loadXML(logUser($_SESSION['sld'] . "." . $_SESSION['tld'] . "-" . $BL->getFriendlyName($_SESSION['product_id'])));
$AVAILABLE_SPECIALS = getQualifiedSpecials();
$_SESSION['specials'] = array();
foreach ($AVAILABLE_SPECIALS as $special) {
$_SESSION['specials'][] = $special['special_id'];
}
if (count($AVAILABLE_SPECIALS) > 1) {
$objResponse->loadXML(reload('step4', 'step4'));
} elseif (isset($AVAILABLE_SPECIALS[0]) && $AVAILABLE_SPECIALS[0]['new_order']) {
$_SESSION['specials']['SELECTED'] = $AVAILABLE_SPECIALS[0]['special_id'];
$objResponse->loadXML(reload('step5', 'step5'));
} elseif (isset($AVAILABLE_SPECIALS[0])) {
$_SESSION['specials']['SELECTED'] = $AVAILABLE_SPECIALS[0]['special_id'];
$objResponse->loadXML(reload('step6', 'step6'));
} else {
$objResponse->loadXML(reload('step6', 'step6'));
}
} else {
$objResponse->addScriptCall("toggleTbodyOn", "error_section");
}
$objResponse->addAssign("error_msg", "innerHTML", $err);
return $objResponse;
}
} else {
$dispServ = "<a href='" . $_SERVER['PHP_SELF'] . "?preselServ={$addr}'>{$service}</a>";
}
echo "<tr><td {$dcolor}>{$dshard}</td><td {$dcolor}>{$dserver}</td><td {$dcolor}>{$dispServ}</td></tr></a>\n";
$pshard = $shard;
$pserver = $server;
}
echo "</table>\n";
echo "</td>\n";
echo "<td width=30> </td>\n";
echo "<td>\n";
echo "<table border=0><form method=post action='" . $_SERVER['PHP_SELF'] . "' name='cmdform'>\n";
echo "<tr><th align=left>Service Path</th><th align=left>Command (exact service syntax)</th></tr>\n";
echo "<tr><td><input name=preselServ value='{$preselServ}' size=32 maxlength=256></td>\n";
echo "<td><input name=execCommand value='" . stripslashes($execCommand) . "' size=50 maxlength=20480></td>\n";
echo "<td><input type=submit value=Execute></td></tr>\n";
echo "</form></table>\n";
if (isset($preselServ) && $preselServ != "" && isset($execCommand) && $execCommand != "") {
$fullCmd = $preselServ . "." . stripslashes($execCommand);
logUser($uid, "SYS_COMMAND=" . $fullCmd);
$qstate = nel_query($preselServ . "." . stripslashes($execCommand), $commandResult);
}
if ($commandResult) {
echo "<textarea rows=60 cols=300 readOnly style='font-family: Terminal, Courier; font-size: 10pt;'>" . stripslashes($commandResult) . "</textarea>\n";
}
echo "</td>\n";
echo "</tr></table>\n";
echo "<script type='text/javascript'><!--\n";
echo "if (document.cmdform) { document.cmdform.execCommand.focus(); }\n";
echo "// --></script>\n";
htmlEpilog();
<?php
include_once '../clases/fotos.php';
include_once '../clases/usuarios.php';
include_once '../clases/bd.php';
switch ($_POST["method"]) {
case "new":
newUser();
break;
case "log":
logUser();
break;
case "fot":
fotUser();
break;
case "get":
getUser();
break;
case "act-social":
actSocial();
break;
case "act-nat":
actNat();
break;
case "act-jur":
actJur();
break;
case "act-email":
actEmail();
break;
case "act-seudonimo":
actSeudonimo();
function auth(&$error)
{
global $command, $sessionAuth, $admcookielogin, $admcookiepassword, $sessionAuth;
global $admlogin, $admpassword, $uid, $gid, $useCookie, $group, $HTTP_POST_VARS;
unset($error);
switch ($HTTP_POST_VARS["command"]) {
case "logout":
addToLog("Logout!");
$uid = $sessionAuth["uid"];
logUser($uid, "LOGOUT");
//session_unregister("sessionAuth");
unset($_SESSION["sessionAuth"]);
session_destroy();
// erases cookies
eraseCookies();
unset($admlogin);
unset($admpassword);
unset($admcookielogin);
unset($admcookiepassword);
unset($uid);
htmlProlog($_SERVER['PHP_SELF'], "Logout", false);
echo "<center>\n";
echo "You are not logged any more<br>\n";
echo "Click <a href='index.php'>here</a> to login<br>\n";
echo "</center>\n";
htmlEpilog();
die;
break;
case "chPassword":
addToLog("Change pass!");
global $chOldPass, $chNewPass, $chConfirmNewPass;
if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group))) {
$error = "Invalid login '{$admlogin}'";
eraseCookies();
return 0;
}
if (crypt($chOldPass, "NL") == $admpassword && $chNewPass == $chConfirmNewPass) {
sqlquery("UPDATE user SET password='******' WHERE uid='{$uid}'");
$admpassword = $chNewPass;
addToLog("Changed password to '{$chNewPass}':'" . crypt($chNewPass, "NL") . "'");
//session_unregister("sessionAuth");
unset($_SESSION["sessionAuth"]);
session_destroy();
}
case "login":
$admpassword = crypt($admpassword, "NL");
addToLog("Login! -- admlogin='******', admpassword='******'");
if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group))) {
$error = "Invalid login '{$admlogin}'";
print $error;
eraseCookies();
return 0;
}
$sessionAuth = array("admlogin" => $admlogin, "admpassword" => $admpassword, "uid" => $uid);
//session_register("sessionAuth");
$_SESSION["sessionAuth"] = $sessionAuth;
if ($useCookie) {
setupCookies($admlogin, $admpassword);
}
logUser($uid, "LOGIN");
return 1;
break;
default:
if (!isset($sessionAuth) || $sessionAuth["admlogin"] == "") {
print "no sessionauth or admlogin is blank";
if (!isset($admcookielogin)) {
addToLog("cookie not set");
return false;
} else {
$admlogin = $admcookielogin;
$admpassword = $admcookiepassword;
}
} else {
$admlogin = $sessionAuth["admlogin"];
$admpassword = $sessionAuth["admpassword"];
$uid = $sessionAuth["uid"];
}
if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group))) {
if (!$uid) {
$error = "Invalid login '{$admlogin}'";
eraseCookies();
return false;
}
}
$sessionAuth = array("admlogin" => $admlogin, "admpassword" => $admpassword, "uid" => $uid);
//session_register("sessionAuth");
$_SESSION["sessionAuth"] = $sessionAuth;
if ($useCookie) {
setupCookies($admlogin, $admpassword);
} else {
eraseCookies();
}
//logUser($uid, "BROWSE");
return 1;
break;
}
}
fwrite($fp, "<GDFORM_VARIABLE NAME={$emailLtr}.User's_FINAL_TEST_SCORE END>\n");
//show results to user & tell HRC rep if user passed the test
echo '<h2><span style="#008000"><b>Results:</b></span></h2>';
$count++;
$emailLtr = emailLetter($count);
fwrite($fp, "<GDFORM_VARIABLE NAME={$emailLtr}.Result START>\n");
if ($numCorrect > 14) {
echo "<h2>Congratulations {$name}, you passed the test! </h2>";
fwrite($fp, "PASS\n");
//write user to log file
logUser($name, $mbrNum, $email, "PASS", "no errors in processing");
} else {
echo "<h3>At this time, {$name} did not pass this Judge's test.</h3>";
fwrite($fp, "FAIL\n");
//write user to log file
logUser($name, $mbrNum, $email, "FAIL", "no errors in processing");
}
fwrite($fp, "<GDFORM_VARIABLE NAME={$emailLtr}.Result END>\n");
echo "<h3>Your score is {$numCorrect} (out of 20)";
echo " and it has been emailed to an HRC Representative.</h3>";
//for those who passed, let them know which ones they missed
$numWrong = count($wrongAnswers);
if ($numCorrect > 14 && $numWrong > 0) {
echo "<h4>You missed the following question(s): ";
for ($i = $numWrong; $i > 0; $i--) {
echo "{$wrongAnswers[$numWrong - $i]}";
if ($i > 1) {
echo ", ";
}
}
echo "</h4>";
$stmt = $dbConn->prepare($sql);
$stmt->execute(array(":username" => $username, "password" => $password));
return $stmt->fetch();
}
function logUser($username, $timestamp)
{
global $dbConn;
$sql = "INSERT INTO userLogs (username, timestamp)\n\tVALUES (:username, :timestamp)";
$stmt = $dbConn->prepare($sql);
$stmt->execute(array(":username" => $username, ":timestamp" => $timestamp));
return $stmt;
}
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
if (strlen($username) == 0 || strlen($password) == 0) {
print "<center><br><br>Invalid entry, <a href='javascript:history.back()'>try again</a><center>";
} else {
$login = login($username, $password);
$logUser = logUser($username, time());
if (isset($login[0])) {
$_SESSION['user'] = $username;
print "<center><br><br>Login was successful, click <a href='index.php'>here</a> to continue<br>";
} else {
print "<center><br><br>Incorrect username or password, <a href='javascript:history.back()'>try again</a></center>";
}
}
}
if (!isset($_POST['username'])) {
print "<title>Login</title>\n\t\t<center>\n\t\t<html>\n\t\t<body>\n\t\t\t<form action=\"login.php\" method=\"post\">\n\t\t\t<table>\n\t\t\t<tr><td colspan=2 align=center><h3>Login</h3></td></tr>\n\t\t\t<tr><td colspan=2 align=center> </td></tr>\n\t\t\t<tr><td>Username:</td><td><input type=\"text\" name=\"username\"></td></tr>\n\t\t\t<tr><td>Password:</td><td><input type=\"text\" name=\"password\"></tr>\n\t\t\t<tr><td colspan=2 align=center><input type=\"submit\" name='submitButton'></td>\n\t\t\t<tr><td colspan=2> </td></tr>\n\t\t\t<tr><td colspan=2 align=center><a href=\"register.php\">Or you can register here</a></td></tr>\n\n\t\t</form>\n\t\t</body>\n\t\t</html></center>";
}
