Ejemplo n.º 1
0
function process_login_form()
{
    $email = strtolower($_POST['email']);
    $passhash = hash_pass($email, $_POST['pass']);
    // Check to see if the user/ip is temporarily banned:
    //   An IP is banned when 10 unsuccessful attempts are made to log in from a single IP/email within 10 minutes,
    //   regardless of whether any successful attempts were made.
    $attempts = DBExt::queryCount('login_attempts', array('successful=0', '(remote_ip=%s OR email=%s)', DBExt::timeInInterval('request_time', '-10m', '')), $_SERVER['REMOTE_ADDR'], $email);
    if ($attempts > 10) {
        log_attempt($email, false);
        alert('You have been temporarily locked out. Please wait 10 minutes before attempting to sign in again.', -1);
        show_login_form('');
        return;
    }
    // Check for super-user login:
    // (the account LHSMATH and password set in CONFIG
    if ($email == 'lhsmath') {
        global $LHSMATH_PASSWORD;
        if ($passhash == $LHSMATH_PASSWORD) {
            // $LHSMATH_PASSWORD is pre-hashed
            log_attempt('LHSMATH', true);
            session_destroy();
            session_name('Session');
            session_start();
            session_regenerate_id(true);
            $_SESSION['user_name'] = 'LHSMATH Super-Admin';
            $_SESSION['permissions'] = '+';
            $_SESSION['login_time'] = time();
            $_SESSION['user_id'] = '-999';
            header('Location: ' . URL::root() . '/Admin/Super_Admin');
            die;
        }
    }
    // Validate credentials
    $id = DB::queryFirstField('SELECT id FROM users WHERE LOWER(email)=%s AND passhash=%s LIMIT 1', $email, $passhash);
    if (is_null($id)) {
        log_attempt($email, false);
        show_login_form($email);
        alert('Incorrect email address or password', -1);
        return;
    }
    // ** CREDENTIALS ARE VALIDATED AT THIS POINT ** //
    log_attempt($email, true);
    set_login_data($id);
    alert('Logged in!', 1);
    //If this page was being included, redirect back.
    global $being_included;
    if ($being_included) {
        header('Location: ' . $_SERVER['REQUEST_URI']);
    } else {
        header('Location: ../Home');
    }
}
Ejemplo n.º 2
0
<?php

/*
 * Admin/Event_Reminder.php
 * LHS Math Club Website
 *
 * A page to be run as a cron job which reminds captains of any events coming up.
 */
//Currently run every Sunday by https://members.nearlyfreespeech.net/lhsmath/sites/lhsmath/cron
//Next steps: Add a field "remind_when" that indicates a time to remind at. Can specify multiple comma-separated, I suppose.
//auto_remind will then hold the number of notifications that have so far been sent through this.
require_once '../.lib/functions.php';
cancel_templateify();
$current_events = DB::query('SELECT * FROM events WHERE auto_remind = 0 AND %l', DBExt::timeInInterval('date', '', '+17d'));
$count = count($current_events);
if ($count == 0) {
    die;
}
$email_bb = '';
foreach ($current_events as $event) {
    $description = $event["description"];
    if (empty(trim($description))) {
        $description = "[no description]";
    }
    $email_bb .= "[subheading][i]{$event["title"]}[/i] on {$event["date"]}[/subheading]{$description}\n\n";
}
$email_bb = <<<HEREDOC
Hi captains!

This is a reminder that [b]{$count}[/b] events are coming up within a couple of weeks:
{$email_bb}
Ejemplo n.º 3
0
$num_members = DBExt::queryCount('users', 'approved="1"');
$num_captains = DBExt::queryCount('users', 'permissions="C"');
$num_other_admins = DBExt::queryCount('users', 'permissions="A"');
$num_alumni = DBExt::queryCount('users', 'permissions="L"');
$num_pending_approval = DBExt::queryCount('users', 'approved="0"');
//aka permissions == 'E' or 'P'
$num_banned = DBExt::queryCount('users', 'approved="-1"');
//aka permissions == 'B'
//Tests
$num_tests = DBExt::queryCount('tests', 'archived="0"');
$num_old_tests = DBExt::queryCount('tests', 'archived="1"');
//Calendar
//Anything from 3 days ago to 7 days ahead is considered "current".
$num_past_events = DBExt::queryCount('events', DBExt::timeInInterval('date', '', '-3d'));
$num_future_events = DBExt::queryCount('events', DBExt::timeInInterval('date', '+7d', ''));
$num_current_events = DBExt::queryCount('events', DBExt::timeInInterval('date', '-3d', '+7d'));
//Files
$num_member_files = DBExt::queryCount('files', 'permissions="M"');
$num_public_files = DBExt::queryCount('files', 'permissions="P"');
$num_admin_files = DBExt::queryCount('files', 'permissions="A"');
$errors_file_size = 'File does not exist.';
if (file_exists(PATH::errfile())) {
    $errors_file_size = filesize(PATH::errfile());
}
//Version checking
//--MeekroDB
$included_files = get_included_files();
foreach ($included_files as $f) {
    if (strpos($f, 'meekro')) {
        $meekro_file = $f;
        break;
Ejemplo n.º 4
0
    $use_rel_external_script = true;
    page_header('Home');
    echo <<<HEREDOC
      <h1>Home</h1>{$welcome_msg}{$new_address_msg}

HEREDOC;
}
?>

<h2>Welcome</h2>
Welcome to the website of the Lexington High School Math Club in Lexington, MA!<br>
<br>
<h2>Events</h2>
<div>
<?php 
$current_events = DB::query('SELECT * FROM events WHERE %l', DBExt::timeInInterval('date', '+0d', '+20d'));
$count = count($current_events);
if ($count > 0) {
    foreach ($current_events as $event) {
        $date = date("F j", strtotime($event["date"]));
        echo "<a href='View_Event?ID={$event["event_id"]}'><b>{$event["title"]}</b> on {$date}</a><br>";
    }
} else {
    echo "[no events]";
}
?>
</div>

<h2>LMT</h2>
The Lexington Math Tournament website is at <a href="/LMT">http://www.lhsmath.org/LMT</a>.