private function view()
{
global $SRC;
global $PAGES;
$curr_user = $this->curr_user;
$view_user = $this->view_user;
$all_users = $this->all_users;
$user_session_token = $this->session['user_session_token'];
$status = $this->status;
$message = null;
$color = null;
$page = $this->page;
$logged_in = 1;
clear_session();
switch ($status) {
case null:
break;
case 'incorrect_password':
$message = 'Incorrect password. Please retype current password to proceed.';
$color = 'red';
break;
case 'success':
$message = 'Successfully changed user information';
$color = 'green';
break;
default:
$message = 'Unknown error occured';
$color = 'red';
}
require_once "{$SRC}/views/changeinfo_view.php";
}
public function view()
{
global $SRC;
global $PAGES;
global $CONFIG;
clear_session();
$page = $this->page;
$user_session_token = $this->session['user_session_token'];
$status = $this->status;
$logged_in = 1;
$message = null;
$curr_user = $this->curr_user;
$view_user = $this->view_user;
$all_users = $this->all_users;
// list the register codes
$query = sprintf('SELECT * FROM %s;', $CONFIG['db']['tables']['register_codes']);
$codes = $this->db->query($query)->fetch_all(MYSQLI_ASSOC);
switch ($status) {
case null:
break;
case 'changed_user':
$message = 'Successfully changed user information.';
break;
case 'deleted_code':
$message = 'Successfully deleted register code.';
break;
case 'generated_code':
$message = 'Successfully added register code.';
break;
default:
$message = 'Unknown status code ' . htmlspecialchars($status);
}
require_once "{$SRC}/views/admin_view.php";
}
public function register()
{
global $CONFIG;
global $PAGES;
if ($this->curr_user !== null) {
// redirect to balance if logged in
redirect($PAGES['balance']);
exit;
}
$session = $this->session;
$first_name = $session['register-first-name'];
$last_name = $session['register-last-name'];
$email = $session['register-email'];
$password = $session['register-password'];
$register_code = $session['register-code'];
$register_code_table = $CONFIG['db']['tables']['register_codes'];
clear_session();
if ($this->check_valid_register_code($register_code, $register_code_table)) {
if ($this->check_email_available($email)) {
// add new user into userinfo table
$user_table = $CONFIG['db']['tables']['userinfo'];
$query = sprintf('INSERT INTO %s (first_name, last_name, email, pass_salt_hash) VALUES (?, ?, ?, ?);', $user_table);
$stmt = $this->db->prepare($query);
$hashed_pass = password_hash($password, PASSWORD_DEFAULT);
if (!$stmt->bind_param('ssss', $first_name, $last_name, $email, $hashed_pass)) {
echo 'Binding parameter failed: (' . $stmt->errno . ') ' . $stmt->error;
}
if (!$stmt->execute()) {
echo 'Execution failed: (' . $stmt->errno . ') ' . $stmt->error;
}
// add new column to transactions table
$new_id = $this->db->insert_id;
$single_trans_table = $CONFIG['db']['tables']['transactions_single'];
$query = sprintf('ALTER TABLE %s ADD COLUMN user_%d_amount FLOAT(12, 4) DEFAULT 0;', $single_trans_table, $new_id);
$this->db->query($query);
// add new column to repeatedtransactions table
$repeated_trans_table = $CONFIG['db']['tables']['transactions_repeated'];
$query = sprintf('ALTER TABLE %s ADD COLUMN user_%d_amount FLOAT(12, 4) DEFAULT 0;', $repeated_trans_table, $new_id);
$this->db->query($query);
// delete the register code that was used
$query = sprintf('DELETE FROM %s WHERE code="%s";', $register_code_table, $register_code);
$this->db->query($query);
set_session('status', 'just_registered');
redirect($PAGES['login']);
exit;
} else {
$this->status = 'email_taken';
}
} else {
$this->status = 'no_register_code';
}
$this->view();
}
function phpraid_logout()
{
// unset the session and remove all cookies
clear_session();
setcookie('username', '', time() - 2629743);
setcookie('password', '', time() - 2629743);
}
function run()
{
unregister_globals();
if (is_php_version_or_greater(4, 3, 0)) {
ini_set('session.use_only_cookies', 1);
}
$session_ok = @session_start();
if (!defined('PHP_EOL')) {
if (is_ms_windows()) {
define('PHP_EOL', "\r\n");
} else {
define('PHP_EOL', "\n");
}
}
if (!isset($_SESSION['CREATED'])) {
$_SESSION['CREATED'] = time();
} elseif (time() - $_SESSION['CREATED'] > SESSION_LIFETIME_MINUTES * 60) {
clear_session();
}
if (!isset($_SERVER)) {
$_SERVER =& $HTTP_SERVER_VARS;
}
php_sapi_name() == 'cli' && die("This script should only be run by a web server.\n");
$page = get_request_parameter('page');
$host = get_request_parameter('host');
$clear = get_request_parameter('clear');
$ini = get_request_parameter('ini');
$timeout = get_request_parameter('timeout');
if ($timeout) {
$_SESSION['timing_out'] = 1;
$_SESSION['initial_run'] = 0;
}
if (!empty($host)) {
if ($host == 'ngd') {
$_SESSION['not_go_daddy'] = 1;
}
}
if (!empty($ini)) {
$_SESSION['use_ini_method'] = 1;
}
if (!empty($clear)) {
clear_session();
unset($_SESSION['not_go_daddy']);
unset($_SESSION['use_ini_method']);
unset($_SESSION['server_type']);
} else {
$stype = get_request_parameter('stype');
$hostprovider = get_request_parameter('hostprovider');
$hosturl = get_request_parameter('hosturl');
if (!empty($hostprovider)) {
$_SESSION['hostprovider'] = $hostprovider;
$_SESSION['hosturl'] = $hosturl;
}
$server_type = find_server_type($stype, false, true);
}
if ($session_ok && !$timeout && !isset($_SESSION['initial_run']) && empty($page)) {
$_SESSION['initial_run'] = 1;
initial_page();
@session_write_close();
exit;
} else {
$_SESSION['initial_run'] = 0;
}
if (empty($_SESSION['server_type'])) {
$_SESSION['server_type'] = SERVER_UNKNOWN;
}
if (empty($page) || !function_exists($page . "_page")) {
$page = get_default_page();
}
$fn = "{$page}_page";
$fn();
@session_write_close();
exit(0);
}
* @author Andreas Goetz <*****@*****.**>
*/
function clear_session()
{
$_SESSION['vdb'] = array();
// get script folder for cookie path
$subdir = substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/')) . '/';
setcookie('VDBuserid', '', time() - 7200, $subdir);
setcookie('VDBusername', '', time() - 7200, $subdir);
setcookie('VDBpassword', '', time() - 7200, $subdir);
}
// make sure caches are clean
clear_permission_cache();
// Cookie exists but user and pass wasn't given? -> logout
if (!isset($username) && !isset($password) && isset($_COOKIE['VDBusername']) && isset($_COOKIE['VDBpassword'])) {
clear_session();
redirect('login.php?error=' . urlencode($lang['msg_loggedoff']));
}
// login not yet successful
$login = false;
// Check that user entered stuff in username and password boxes
if (!empty($username) && !empty($password)) {
// Lets check the format of username to make sure its ok
if (!preg_match('/[a-z]/i', $username)) {
$error = $lang['msg_invalidchar'];
} else {
$res = runSQL("SELECT passwd, id FROM " . TBL_USERS . " WHERE name='{$username}'");
// if the md5 of the entered password = whats in the database then
// set all the cookies up again
if (md5($password) == $res[0]['passwd']) {
$userid = $res[0]['id'];
function set_main_data()
{
//sets the users universal main_data variable
if (!isset($_SESSION['id']) || !isset($_SESSION['email'])) {
return false;
}
//set variables
$tid = sql_filter($_SESSION['id']);
//users id
$tuser = sql_filter($_SESSION['email']);
//users email
$tsessionid = sql_filter(session_id());
//users current session id
$sql = sql_query("SELECT * FROM `users` WHERE id='{$tid}' AND session_id='{$tsessionid}' AND email='{$tuser}' LIMIT 1");
if (sql_count($sql) > 0) {
return sql_fetch($sql);
}
//main users data
//check if logged in somewhere else
if (isset($_COOKIE['PHPSESSID'])) {
//account logged in somewhere else
clear_session();
session_start();
notices_set('Your account was logged in at another location. <a href="password">If you were unaware of this, please change your password »</a>', 'alert');
} else {
//session expired
clear_session();
session_start();
notices_set('You have been logged out for inactivity.', 'alert');
}
//no good
return false;
}
function choose_next_mode()
{
global $session_data;
if (@$_REQUEST['zoteroEntryPoint']) {
$session_data['mode'] = 'zotero request parsing';
return;
}
$session_data['prev-mode'] = @$session_data['mode'] ? $session_data['mode'] : '';
// allow the user to keep re-visiting the entry insertion page as long as there are records to disambiguate
if ($session_data['prev-mode'] == 'entry insertion' && (count(@$session_data['disambig-biblios']) > 0 || count(@$session_data['disambig-ancestor-biblios']) > 0)) {
$session_data['mode'] = 'entry insertion';
return;
}
/*
if (@$_REQUEST['clear-session'] == 'Yes') {
$session_data['mode'] = 'clear session';
return;
} else if (@$_REQUEST['clear-session'] == 'No') {
$session_data['mode'] = 'file selection';
return;
}
*/
if ($session_data['prev-mode'] == '' && @$_FILES['import_file']['name']) {
$session_data['prev-mode'] = 'file selection';
}
switch ($session_data['prev-mode']) {
case 'file selection':
// might progress to file parsing, might stay at file selection
postmode_file_selection();
break;
case 'file parsing':
case 'zotero request parsing':
// might skip over rectype selection if there are no unknown rectypes
postmode_file_parsing();
break;
case 'print rectype selection':
// user might have selected "set all to X", or "choose between X, Y, Z"
postmode_print_rectype_selection();
break;
case 'apply rectype heuristic':
// only one way forward
$session_data['mode'] = 'crosswalking';
break;
case 'crosswalking':
// only one way forward
$session_data['mode'] = 'entry insertion';
break;
case '':
$heurist_import_count = 0;
if (is_array(@$_SESSION[HEURIST_SESSION_DB_PREFIX . 'heurist'])) {
foreach ($_SESSION[HEURIST_SESSION_DB_PREFIX . 'heurist'] as $name => $val) {
if (strpos($name, 'heurist-import-') === 0) {
++$heurist_import_count;
}
}
}
if ($heurist_import_count > 0) {
// get rid of old import data automatically
clear_session();
}
case 'finished':
case 'entry insertion':
default:
$session_data['mode'] = 'file selection';
}
}
/**
* send the current cell map as reference for ajax
*/
private function check_table()
{
$cell_map = $this->get_cells();
$rows = 0;
$columns = 0;
$this->get_dimensions($cell_map, $rows, $columns);
// get the actual dimensions
$return['reference'] = $cell_map;
clear_session();
echo json_encode($return, JSON_FORCE_OBJECT);
// should be in the view but wtvr
}
function is_seller_failure2()
{
clear_session();
$_SESSION['role'] = ROLE_BUYER;
assert(!is_seller());
}
private function transaction_delete()
{
$table = $this->get_transaction_table();
$session = $this->session;
$transaction_id = $session['trans-id'];
$is_repeated = $session['trans-is-repeated'];
if ($is_repeated) {
$table->delete_repeated_transaction($transaction_id);
} else {
$table->delete_single_transaction($transaction_id);
}
clear_session();
$this->status = 'delete_transaction_success';
$this->view();
}
function check_logoutcode($code)
{
//echo " I am checking logout";
switch ($code) {
case 1:
#clear_session();
return 'You have successfully logged out.';
break;
case 2:
#clear_session();
return 'Sorry, your session has expired, please login again.';
break;
case 3:
#clear_session();
$err = $_SESSION['error'] == '' ? 'Bad login or password.' : $_SESSION['error'];
$_SESSION = array();
return $err;
break;
case 4:
clear_session();
return 'You do not have permission to set up S3DB database.';
break;
case 5:
clear_session();
return 'Your account no longer active.';
break;
case 6:
clear_session();
return 'You do not have administrator privilege on this action.';
break;
case 7:
clear_session();
return 'You need to setup your config.inc.php first';
break;
case 8:
#clear_session();
$_SESSION = array();
return 'To recover your password, type your username and click "forgot password" again. You will get an email with instructions.';
break;
case 9:
clear_session();
return 'User ' . $_REQUEST['login'] . ' was not found';
break;
case 10:
clear_session();
return 'An email was sent to verify your account';
break;
default:
return ' ';
}
}
public function recover()
{
global $CONFIG;
global $PAGES;
global $SRC;
global $LIB;
$email = $this->session['login-email'];
$entered_code = $this->session['recovery-code'];
$curr_user = null;
foreach ($this->all_users as $user) {
if ($user->email === $email) {
$curr_user = $user;
break;
}
}
clear_session();
$rec_code_table = $CONFIG['db']['tables']['recovery_codes'];
if ($curr_user != null) {
$code = null;
$query = sprintf('SELECT code FROM %s WHERE user_id=%s;', $rec_code_table, $curr_user->id);
$result = $this->db->query($query);
if ($entry = $result->fetch_assoc()) {
$code = $entry['code'];
}
if ($entered_code === $code) {
$user_table = $CONFIG['db']['tables']['userinfo'];
$hashed_pass = password_hash($code, PASSWORD_DEFAULT);
$query = sprintf('UPDATE %s SET pass_salt_hash="%s" WHERE id=%s;', $user_table, $hashed_pass, $curr_user->id);
$this->db->query($query);
$query = sprintf('DELETE FROM %s WHERE user_id=%s;', $rec_code_table, $curr_user->id);
$this->db->query($query);
$this->status = 'recovery_done';
} else {
$this->status = 'wrong_recovery';
}
} else {
$this->status = 'wrong_recovery';
}
$this->view();
}
