function flights_submit($args)
{
global $opMode, $CONF;
//global $DBGlvl,$DEBUG_OUTPUT; $DBGlvl=255;
require_once dirname(__FILE__) . "/FN_flight.php";
$username = $args[0];
$passwd = $args[1];
$igcURL = $args[2];
$igcFilename = $args[3];
$private = $args[4];
$cat = $args[5];
$linkURL = $args[6];
$comments = $args[7];
$glider = $args[8];
$clientID = $args[9];
$clientPass = $args[10];
global $db, $CONF;
$allowUploadWithoutPassword = 0;
if ($clientID) {
if (clientCheck($clientID, $clientPass)) {
if ($CONF['servers']['list'][$clientID]['allowUploadWithoutPassword']) {
$allowUploadWithoutPassword = 1;
}
} else {
return new IXR_Error(200, "Client {$clientID} authentication failed");
}
}
if ($CONF['userdb']['password_users_table']) {
$dbTable = $CONF['userdb']['password_users_table'];
} else {
}
$sql = "SELECT " . $CONF['userdb']['user_id_field'] . ", " . $CONF['userdb']['username_field'] . ", " . $CONF['userdb']['password_field'] . " FROM " . $CONF['userdb']['users_table'] . " WHERE LOWER(" . $CONF['userdb']['username_field'] . ") = '" . strtolower($username) . "'";
if (!($result = $db->sql_query($sql))) {
return new IXR_Error(200, "Error in obtaining userdata for {$username}");
}
$passwordHashed = '';
if ($CONF['userdb']['password_users_table']) {
$sql2 = "SELECT " . $CONF['userdb']['password_username_field'] . ", " . $CONF['userdb']['password_password_field'] . " FROM " . $CONF['userdb']['password_users_table'] . " WHERE LOWER(" . $CONF['userdb']['password_username_field'] . ") = '" . strtolower($username) . "'";
if (!($result2 = $db->sql_query($sql2))) {
return new IXR_Error(200, "Error in obtaining userdata2 for {$username}");
}
if ($row2 = $db->sql_fetchrow($result2)) {
$passwordHashed = $row2[$CONF['userdb']['password_password_field']];
}
}
//echo "$passwordHashed %";
$passwdProblems = 0;
if ($row = $db->sql_fetchrow($result)) {
if (!$passwordHashed) {
$passwordHashed = $row[$CONF['userdb']['password_field']];
}
if (function_exists('leonardo_check_password')) {
// phpbb3 has custom way of hashing passwords
if (!leonardo_check_password($passwd, $passwordHashed)) {
$passwdProblems = 1;
}
} else {
if (md5($passwd) != $passwordHashed) {
$passwdProblems = 1;
}
}
} else {
return new IXR_Error(200, "Error in obtaining userdata for {$username}");
}
// check if the client is authrorized to by pass passord so that it can mass upload flights
if ($passwdProblems && !$allowUploadWithoutPassword) {
return new IXR_Error(201, "Error in password for {$username}");
}
$userID = $row['user_id'];
//$filename = dirname(__FILE__)."/flights/".$igcFilename;
$filename = LEONARDO_ABS_PATH . '/' . $CONF['paths']['tmpigc'] . '/' . $igcFilename;
if (!($handle = fopen($filename, 'w'))) {
return new IXR_Error(202, "Cannot open file ({$filename})");
}
// $igcURL=html_entity_decode($igcURL);
$igcURL = rawurldecode($igcURL);
// return new IXR_Error(203, "Cannot get igcURL ($igcURL)");
$igcStr = fetchURL($igcURL, 10);
// timeout 10 secs
if (!$igcStr) {
return new IXR_Error(203, "Cannot get igcURL ({$igcURL})");
}
if (!fwrite($handle, $igcStr)) {
return new IXR_Error(204, "Cannot write to file ({$filename})");
}
@fclose($handle);
error_reporting(0);
ob_start();
list($errCode, $flightID) = addFlightFromFile($filename, 0, $userID, array('private' => $private, 'cat' => $cat, 'category' => 1, 'linkURL' => $linkURL, 'comments' => $comments, 'glider' => $glider));
$errorBuffer = ob_get_contents();
ob_end_clean();
$flightID += 0;
if ($errCode == 1 && $flightID != 0) {
// all ok
// return new IXR_Error(500,htmlspecialchars("flightID:$flightID^errCode:$errCode^" ));
return $flightID;
} else {
if ($errCode == 1 && $flightID == 0) {
$errStr = "The IGC file did not contain a valid flight";
//.urlencode($DEBUG_OUTPUT);
} else {
$errStr = htmlspecialchars(getAddFlightErrMsg($errCode, $flightID));
}
// $errStr.=htmlspecialchars("#----------\n".$errorBuffer);
return new IXR_Error(500, $errStr);
}
}
$sql = "SELECT ".$CONF['userdb']['user_id_field'].", ".$CONF['userdb']['username_field'].", ".$CONF['userdb']['password_field'].
" FROM ".$CONF['userdb']['users_table']." WHERE ".$CONF['userdb']['username_field']." = '$user'";
if ( !($result = $db->sql_query($sql)) )
{
echo "Invalid user data<BR>";
exit;
}
$passwdProblems=0;
if( $row = $db->sql_fetchrow($result) ) {
$passwordHashed=$row['user_password'];
if ( function_exists('leonardo_check_password') ) { // phpbb3 has custom way of hashing passwords
if( ! leonardo_check_password($pass,$passwordHashed) ) $passwdProblems=1;
} else {
if( md5($pass) != $passwordHashed ) $passwdProblems=1;
}
//if( md5($pass) != $row['user_password'] ) $passwdProblems=1;
} else $passwdProblems=1;
if ($passwdProblems) {
echo "Invalid user data<BR></BODY></HTML>";
exit;
}
$userID=$row['user_id'];
$filename = LEONARDO_ABS_PATH.'/'.$CONF['paths']['tmpigc'].'/'.$_POST['igcfn'].".igc";
}
if (isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout'])) {
if ((isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login'])) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin']))) {
$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
$sql = "SELECT user_id, username, user_password, user_active, user_level\n\t\t\tFROM " . USERS_TABLE . "\n\t\t\tWHERE username = '******'", "''", $username) . "'";
if (!($result = $db->sql_query($sql))) {
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}
if ($row = $db->sql_fetchrow($result)) {
if ($row['user_level'] != ADMIN && $board_config['board_disable']) {
redirect(append_sid(getLeonardoLink(array('op' => $CONF_main_page)), true));
} else {
if (function_exists('leonardo_check_password')) {
// phpbb3 has custom way of hashing passwords
if (leonardo_check_password($password, $row['user_password'])) {
$passwdIsOK = 1;
} else {
$passwdIsOK = 0;
}
} else {
if (md5($password) == $row['user_password']) {
$passwdIsOK = 1;
} else {
$passwdIsOK = 0;
}
}
if ($passwdIsOK && $row['user_active']) {
$autologin = isset($HTTP_POST_VARS['autologin']) ? TRUE : 0;
$admin = isset($HTTP_POST_VARS['admin']) ? 1 : 0;
$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
log_msg($pname."=".$pval."\r\n");
}
}*/
$user = str_replace("\\'", "''", $_POST['user']);
$pass = str_replace("\\'", "''", $_POST['pass']);
$sql = "SELECT " . $CONF['userdb']['user_id_field'] . ", " . $CONF['userdb']['username_field'] . ", " . $CONF['userdb']['password_field'] . " FROM " . $CONF['userdb']['users_table'] . " WHERE " . $CONF['userdb']['username_field'] . " = '{$user}'";
if (!($result = $db->sql_query($sql))) {
echo "Invalid user data<BR>";
exit;
}
$passwdProblems = 0;
if ($row = $db->sql_fetchrow($result)) {
$passwordHashed = $row['user_password'];
if (function_exists('leonardo_check_password')) {
// phpbb3 has custom way of hashing passwords
if (!leonardo_check_password($pass, $passwordHashed)) {
$passwdProblems = 1;
}
} else {
if (md5($pass) != $passwordHashed) {
$passwdProblems = 1;
}
}
//if( md5($pass) != $row['user_password'] ) $passwdProblems=1;
} else {
$passwdProblems = 1;
}
if ($passwdProblems) {
echo "Invalid user data<BR></BODY></HTML>";
exit;
}
