// Before Process event if($globalEvents->exists("BeforeProcessRemind")) $globalEvents->BeforeProcessRemind($conn, $pageObject); $strUsernameEmail = postvalue("username_email"); if(!$isUseCaptcha || ($isUseCaptcha && $pageObject->isCaptchaOk==1)) { $tosearch=false; $value=$strUsernameEmail; if((string)$value!="") $tosearch=true; if($cipherer->isFieldEncrypted($cUserNameField)) $value = $cipherer->MakeDBValue($cUserNameField,$value,"","",true); else { if(NeedQuotes($cUserNameFieldType)) $value=db_prepare_string($value); else $value=(0+$value); } $sWhere="(".GetFullFieldName($cUserNameField,"webreport_users",false)."=".$value; $value=$strUsernameEmail; if($cipherer->isFieldEncrypted($cEmailField)) $value = $cipherer->MakeDBValue($cEmailField,$value,"","",true); else {
$params["needSearchClauseObj"] = false; $xt->assign("closewindow_attrs", 'style="display:none" id="closeWindowRegister"'); $xt->eventsObject =& $globalEvents; $pageObject = new RegisterPage($params); $pageObject->init(); $isUseCaptcha = $globalEvents->existsCAPTCHA(PAGE_REGISTER); // Before Process event if ($globalEvents->exists("BeforeProcessRegister")) { $globalEvents->BeforeProcessRegister($pageObject); } //Send activation link to user's email $includes = GetBaseScriptsForPage(false); if (@$_GET["a"] == "activate") { $username = base64_decode(@$_GET["u"]); $code = @$_GET["code"]; if ($regCipherer->isFieldEncrypted("username")) { $strUsername = $regCipherer->MakeDBValue("username", $username, "", true); } else { $strUsername = make_db_value("username", $username); } $sql = "select " . $pageObject->getFieldSQLDecrypt("password") . " from " . $pageObject->connection->addTableWrappers("ConsolidatedStockEnquiry_users") . " where " . $pageObject->getFieldSQLDecrypt("username") . "=" . $strUsername; $qResult = $pageObject->connection->query($sql); $verified = false; if (!$qResult) { echo "Invalid validation code."; return; } $data = $qResult->fetchNumeric(); if (!$data) { echo "Invalid validation code."; return;
$returnJSON = array("success" => false, "error" => "Error: You have not permissions to read the " . $tableName . " table's data"); echo printJSON($returnJSON); return; } // set db connection $_connection = $cman->byTable($strTableName); $pSet = new ProjectSettings($strTableName, $pageType); $denyChecking = $pSet->allowDuplicateValues($fieldName); $denyChecking = $denyChecking && ($strTableName != "DashboardUsers" || $fieldName != $cUserNameField && $fieldName != $cEmailField); if ($denyChecking) { $returnJSON = array("success" => false, "error" => "Duplicated values are allowed"); echo printJSON($returnJSON); return; } $cipherer = new RunnerCipherer($strTableName, $pSet); if ($cipherer->isFieldEncrypted($fieldName)) { $value = $cipherer->MakeDBValue($fieldName, $value, $fieldControlType, true); } else { $value = make_db_value($fieldName, $value, $fieldControlType, "", $strTableName); } if ($value == "null") { $fieldSQL = RunnerPage::_getFieldSQL($fieldName, $_connection, $pSet); } else { $fieldSQL = RunnerPage::_getFieldSQLDecrypt($fieldName, $_connection, $pSet, $cipherer); } $where = $fieldSQL . ($value == "null" ? ' is ' : '=') . $value; $sql = "SELECT count(*) from " . $_connection->addTableWrappers($pSet->getOriginalTableName()) . " where " . $where; $qResult = $_connection->query($sql); if (!$qResult || !($data = $qResult->fetchNumeric())) { $returnJSON = array("success" => false, "error" => "Error: Wrong SQL query"); echo printJSON($returnJSON);
function GetFullFieldName($field, $table = "", $addAs = true) { if ($table == "") { global $strTableName; $table = $strTableName; } $pSet = new ProjectSettings($table); $fname = $pSet->getFullNameField($field); if ($pSet->hasEncryptedFields() && !isEncryptionByPHPEnabled()) { $cipherer = new RunnerCipherer($table); return $cipherer->GetFieldName($fname, $field) . ($cipherer->isFieldEncrypted($field) && $addAs ? " as " . AddFieldWrappers($field) : ""); } return $fname; }
/** * DEPRECATED! Use RunnerPage::_getFieldSQLDecrypt instead * Return the full database field original name * * @param string $field * @param string $table The datasource table name * @param boolean $addAs OPTIONAL * * @return String * @intellisense * @deprecated */ function GetFullFieldName($field, $table = "", $addAs = true, $connection = null) { global $strTableName, $cman; if ($table == "") { $table = $strTableName; } if (!$connection) { $connection = $cman->byTable($table); } $pSet = new ProjectSettings($table); $fname = RunnerPage::_getFieldSQL($field, $connection, $pSet); if ($pSet->hasEncryptedFields() && !isEncryptionByPHPEnabled()) { $cipherer = new RunnerCipherer($table); return $cipherer->GetFieldName($fname, $field) . ($cipherer->isFieldEncrypted($field) && $addAs ? " as " . $connection->addFieldWrappers($field) : ""); } return $fname; }
/** * Login method * */ function LogIn($pUsername,$pPassword){ // username and password are stored in the database global $conn, $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cPasswordField, $cDisplayNameField; $logged = false; $strUsername = (string)$pUsername; $strPassword = (string)$pPassword; $cipherer = new RunnerCipherer("webreport_users"); $sUsername = $strUsername; $sPassword = $strPassword; if($cipherer->isFieldEncrypted($cUserNameField)) $strUsername = $cipherer->MakeDBValue($cUserNameField,$strUsername,"","",true); else { if(NeedQuotes($cUserNameFieldType)) $strUsername = db_prepare_string($strUsername); else $strUsername = (0+$strUsername); } if($cipherer->isFieldEncrypted($cPasswordField)) $strPassword = $cipherer->MakeDBValue($cPasswordField,$strPassword,"","",true); else { if(NeedQuotes($cPasswordFieldType)) $strPassword = db_prepare_string($strPassword); else $strPassword = (0+$strPassword); } $fieldList = ""; $lSet = new ProjectSettings("webreport_users", PAGE_LIST); if($lSet->GetTableData(".sqlquery")) $fieldList = $lSet->GetTableData(".sqlquery")->toSql(); if($fieldList) { if(!$this->pSet->isCaseInsensitiveUsername()) { $where = AddTableWrappers(GetFullFieldName($cUserNameField,"webreport_users",false)). "=".$strUsername." and ".AddTableWrappers(GetFullFieldName($cPasswordField,"webreport_users",false))."=".$strPassword; } else { $where = db_upper(getFullFieldName($cUserNameField,"webreport_users",false)). "=".$this->pSet->getCaseSensitiveUsername($strUsername)." and ".GetFullFieldName($cPasswordField,"webreport_users",false). "=".$strPassword; } $tempSQLQuery = $lSet->GetTableData(".sqlquery"); $tempSQLQuery->addWhere($where); $strSQL = $tempSQLQuery->toSql(); } else { $strSQL = "select * from ".AddTableWrappers("webreport_users")." where ".AddFieldWrappers($cUserNameField)."=".$strUsername." and ".AddFieldWrappers($cPasswordField)."=".$strPassword; } $rs = db_query($strSQL,$conn); $data = $cipherer->DecryptFetchedArray($rs); if($data){ if($this->pSet->getCaseSensitiveUsername(@$data[$cUserNameField])==$this->pSet->getCaseSensitiveUsername($sUsername) && @$data[$cPasswordField]==$sPassword){ $logged=true; $pDisplayUsername = $data[$cDisplayNameField]!='' ? $data[$cDisplayNameField] : $sUsername; } } if($logged && $this->isCaptchaOk) { DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword); SetAuthSessionData($pUsername, $data, $this->fromFacebook, $pPassword); return true; } else { if($this->auditObj) { $this->auditObj->LogLoginFailed($pUsername); $this->auditObj->LoginUnsuccessful($pUsername); } return false; } }