foreach ($queryArray as $query) {
$result = queryMySQLDatabase($query);
}
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
$affectedRows = $result ? mysql_affected_rows($connection) : 0;
// get the number of rows that were modified (or return 0 if an error occurred)
if ($affectedRows == 0) {
// we'll file this additional error element here so that the 'errors' session variable isn't empty causing 'duplicate_manager.php' to re-load the form data that were submitted by the user
$errors["ignoredRecords"] = "all";
// return an appropriate error message:
$HeaderString = returnMsg("Nothing was changed by your query!", "warning", "strong", "HeaderString");
// function 'returnMsg()' is defined in 'include.inc.php'
// Write back session variables:
saveSessionVariable("errors", $errors);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
saveSessionVariable("formVars", $formVars);
// Relocate back to the 'Flag Duplicates' form (script 'duplicate_manager.php'):
header("Location: " . $referer);
exit;
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
}
// Build correct header message:
$HeaderString = returnMsg("The records below have been successfully flagged as original/duplicate records:", "", "", "HeaderString");
// function 'returnMsg()' is defined in 'include.inc.php'
// Merge all given record serial numbers:
$allRecordSerialsString = $origRecordSerial . "," . implode(",", $dupRecordSerialsArray);
// (4) Call 'show.php' which will display all affected records along with the header message
// (routing feedback output to a different script page will avoid any reload problems effectively!)
header("Location: show.php?records=" . $allRecordSerialsString);
// --------------------------------------------------------------------
// (5) CLOSE CONNECTION
// register globals is ON, or explicitly if register globals is OFF [by uncommenting the code above]).
// We need to clear these session variables here, since they would otherwise be still there on a subsequent call of 'query_manager.php'!
// Note: though we clear the session variables, the current error message (or form variables) is still available to this script via '$errors' (or '$formVars', respectively).
deleteSessionVariable("errors");
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
deleteSessionVariable("formVars");
// --------------------------------------------------------------------
// A user must be logged in to save, modify or delete any queries:
if (!isset($_SESSION['loginEmail'])) {
// return an appropriate error message:
$HeaderString = returnMsg($loc["Warning_LoginToUseSavedQueries"] . "!", "warning", "strong", "HeaderString");
// function 'returnMsg()' is defined in 'include.inc.php'
// save the URL of the currently displayed page:
$referer = $_SERVER['HTTP_REFERER'];
// Write back session variables:
saveSessionVariable("referer", $referer);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
header("Location: user_login.php");
exit;
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
}
// --------------------------------------------------------------------
// Extract the view type requested by the user (either 'Mobile', 'Print', 'Web' or ''):
// ('' will produce the default 'Web' output style)
if (isset($_REQUEST['viewType'])) {
$viewType = $_REQUEST['viewType'];
} else {
$viewType = "";
}
// Check if the script was called with parameters (like: 'query_manager.php?customQuery=1&sqlQuery=...&showQuery=...&showLinks=...')
// If so, the parameter 'customQuery=1' will be set:
} elseif (preg_match("/^suggest\$/i", $operation) and preg_match("/^(html|json)\$/i", $recordSchema)) {
// Set the appropriate mimetype & set the character encoding to the one given
// in '$contentTypeCharset' (which is defined in 'ini.inc.php'):
setHeaderContentType($exportContentType, $contentTypeCharset);
echo searchSuggestions($cqlQuery, $query);
} elseif (!isset($_REQUEST['query']) and !isset($_REQUEST['recordSchema']) and !isset($_REQUEST['maximumRecords']) and !isset($_REQUEST['startRecord']) and !isset($_REQUEST['stylesheet'])) {
showQueryPage($operation, $viewType, $showRows, $rowOffset);
} elseif (empty($cqlQuery)) {
returnDiagnostic(7, "query");
} elseif (!preg_match("/^((atom|rss)([ _]?xml)?|srw([ _]?(mods|dc))?([ _]?xml)?|html|json)\$/i", $recordSchema)) {
returnDiagnostic(66, $recordSchema);
} else {
// Write the current OpenSearch/CQL query into a session variable:
// (this session variable is used by functions 'atomCollection()' and 'citeRecords()' (in 'cite_html.php') to re-establish the original OpenSearch/CQL query;
// function 'atomCollection()' uses the OpenSearch/CQL query to output 'opensearch.php' URLs instead of 'show.php' URLs)
saveSessionVariable("cqlQuery", $cqlQuery);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
// Build the correct query URL:
// (we skip unnecessary parameters here since function 'generateURL()' and 'show.php' will use their default values for them)
$queryParametersArray = array("where" => $query, "submit" => $displayType, "viewType" => $viewType, "exportStylesheet" => $exportStylesheet);
// NOTE: The 'show.php' script allows anonymous users to query the 'cite_key' field (if a valid 'userID' is included in the query URL).
// However, this requires that the cite key is passed in the 'cite_key' URL parameter. Since 'opensearch.php' uses the 'where'
// parameter to pass its query, anonymous querying of the 'cite_key' field currently does not work for 'opensearch.php'. But
// querying of user-specific fields will work if a user is logged in.
if (isset($_SESSION['loginEmail'])) {
// we only include the 'userID' parameter if the user is logged in
$queryParametersArray["userID"] = $loginUserID;
}
// for user-specific fields (such as the 'cite_key' field), 'show.php' requires the 'userID' parameter
// call 'show.php' (or 'rss.php' in case of RSS XML) with the correct query URL in order to output record details in the requested format:
$queryURL = generateURL("show.php", $exportFormat, $queryParametersArray, false, $showRows, $rowOffset, "", $citeOrder);
include 'initialize/db.inc.php';
// 'db.inc.php' is included to hide username and password
include 'includes/header.inc.php';
// include header
include 'includes/footer.inc.php';
// include footer
include 'includes/include.inc.php';
// include common functions
include 'initialize/ini.inc.php';
// include common variables
// --------------------------------------------------------------------
// START A SESSION:
// call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables:
start_session(true);
// --------------------------------------------------------------------
// Initialize preferred display language:
// (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function)
include 'includes/locales.inc.php';
// include the locales
// (1) OPEN CONNECTION, (2) SELECT DATABASE
connectToMySQLDatabase();
// function 'connectToMySQLDatabase()' is defined in 'include.inc.php'
$sql = "SELECT language_name FROM languages WHERE language_id = %d";
$query = mysql_query(sprintf($sql, intval($_POST['language_id'])));
$data = mysql_fetch_array($query, MYSQL_ASSOC);
if (isset($data['language_name'])) {
saveSessionVariable("userLanguage", $data['language_name']);
} else {
unset($_SESSION['userLanguage']);
}
header('Location: index.php');
function findDuplicates($sqlQuery, $originalDisplayType)
{
global $tableRefs, $tableUserData;
// defined in 'db.inc.php'
global $alnum, $alpha, $cntrl, $dash, $digit, $graph, $lower, $print, $punct, $space, $upper, $word, $patternModifiers;
// defined in 'transtab_unicode_charset.inc.php' and 'transtab_latin1_charset.inc.php'
// re-assign the correct display type (i.e. the view that was active when the user clicked the 'dups' link in the header):
if (!empty($originalDisplayType)) {
$displayType = $originalDisplayType;
}
// Extract form variables provided by the 'duplicateSearch' form in 'duplicate_search.php':
if (isset($_REQUEST['matchFieldsSelector'])) {
if (is_string($_REQUEST['matchFieldsSelector'])) {
// we accept a string containing a (e.g. comma delimited) list of field names
$selectedFieldsArray = preg_split("/[^a-z_]+/", $_REQUEST['matchFieldsSelector'], -1, PREG_SPLIT_NO_EMPTY);
} else {
// the field list is already provided as array:
$selectedFieldsArray = $_REQUEST['matchFieldsSelector'];
}
} else {
$selectedFieldsArray = array();
}
if (isset($_REQUEST['ignoreWhitespace']) and $_REQUEST['ignoreWhitespace'] == "1") {
$ignoreWhitespace = "1";
} else {
$ignoreWhitespace = "0";
}
if (isset($_REQUEST['ignorePunctuation']) and $_REQUEST['ignorePunctuation'] == "1") {
$ignorePunctuation = "1";
} else {
$ignorePunctuation = "0";
}
if (isset($_REQUEST['ignoreCharacterCase']) and $_REQUEST['ignoreCharacterCase'] == "1") {
$ignoreCharacterCase = "1";
} else {
$ignoreCharacterCase = "0";
}
if (isset($_REQUEST['ignoreAuthorInitials']) and $_REQUEST['ignoreAuthorInitials'] == "1") {
$ignoreAuthorInitials = "1";
} else {
$ignoreAuthorInitials = "0";
}
if (isset($_REQUEST['nonASCIIChars'])) {
$nonASCIIChars = $_REQUEST['nonASCIIChars'];
} else {
$nonASCIIChars = "keep";
}
// VALIDATE FORM DATA:
$errors = array();
// Validate the field selector:
if (empty($selectedFieldsArray)) {
$errors["matchFieldsSelector"] = "You must select at least one field:";
}
// Validate the 'SQL Query' field:
if (empty($sqlQuery)) {
$errors["sqlQuery"] = "You must specify a query string:";
} elseif (!preg_match("/^SELECT/i", $sqlQuery)) {
$errors["sqlQuery"] = "You can only execute SELECT queries:";
}
// Check if there were any errors:
if (count($errors) > 0) {
// In case of an error, we write all form variables back to the '$formVars' array
// (which 'duplicate_search.php' requires to reload form values):
foreach ($_REQUEST as $varname => $value) {
$formVars[$varname] = $value;
}
// Since checkbox form fields do only get included in the '$_REQUEST' array if they were marked,
// we have to add appropriate array elements for all checkboxes that weren't set:
if (!isset($formVars["ignoreWhitespace"])) {
$formVars["ignoreWhitespace"] = "0";
}
if (!isset($formVars["ignorePunctuation"])) {
$formVars["ignorePunctuation"] = "0";
}
if (!isset($formVars["ignoreCharacterCase"])) {
$formVars["ignoreCharacterCase"] = "0";
}
if (!isset($formVars["ignoreAuthorInitials"])) {
$formVars["ignoreAuthorInitials"] = "0";
}
if (!isset($formVars["showLinks"])) {
$formVars["showLinks"] = "0";
}
// Write back session variables:
saveSessionVariable("errors", $errors);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
saveSessionVariable("formVars", $formVars);
// There are errors. Relocate back to 'duplicate_search.php':
header("Location: duplicate_search.php");
exit;
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
}
// CONSTRUCT SQL QUERY (1. DUPLICATE SEARCH):
// To identify any duplicates within the results of the original query, we build a new query based on the original SQL query:
$query = $sqlQuery;
// Replace SELECT list of columns with those from '$selectedFieldsArray' (plus the 'serial' column):
$selectedFieldsString = implode(", ", $selectedFieldsArray);
$query = newSELECTclause("SELECT " . $selectedFieldsString . ", serial", $query, false);
// function 'newSELECTclause()' is defined in 'include.inc.php'
// Replace any existing ORDER BY clause with the list of columns given in '$selectedFieldsArray':
$query = newORDERclause("ORDER BY " . $selectedFieldsString, $query, false);
// function 'newORDERclause()' is defined in 'include.inc.php'
// Fix escape sequences within the SQL query:
$query = stripSlashesIfMagicQuotes($query);
// RUN the query on the database through the connection:
$result = queryMySQLDatabase($query);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
// PROCESS RESULTS:
$recordSerialsArray = array();
$duplicateRecordSerialsArray = array();
$rowsFound = @mysql_num_rows($result);
// Identify any records with matching field data:
if ($rowsFound > 0) {
// Count the number of fields:
$fieldsFound = mysql_num_fields($result);
// Loop over each row in the result set:
for ($rowCounter = 0; $row = @mysql_fetch_array($result); $rowCounter++) {
$recordIdentifier = "";
// make sure our buffer variable is empty
// For each row, loop over each field (except for the last one which is the 'serial' field):
for ($i = 0; $i < $fieldsFound - 1; $i++) {
// fetch the current attribute name:
$fieldName = getMySQLFieldInfo($result, $i, "name");
// function 'getMySQLFieldInfo()' is defined in 'include.inc.php'
// normalize author names:
if ($fieldName == "author" and $ignoreAuthorInitials == "1") {
// this is a stupid hack that maps the names of the '$row' array keys to those used
// by the '$formVars' array (which is required by function 'parsePlaceholderString()')
// (eventually, the '$formVars' array should use the MySQL field names as names for its array keys)
$formVars = buildFormVarsArray($row);
// function 'buildFormVarsArray()' is defined in 'include.inc.php'
// ignore initials in author names:
$row[$i] = parsePlaceholderString($formVars, "<:authors[0||]:>", "");
// function 'parsePlaceholderString()' is defined in 'include.inc.php'
}
$recordIdentifier .= $row[$i];
// merge all field values to form a unique record identifier string
}
// Normalize record identifier string:
if ($ignoreWhitespace == "1") {
// ignore whitespace
$recordIdentifier = preg_replace("/\\s+/", "", $recordIdentifier);
}
if ($ignorePunctuation == "1") {
// ignore punctuation
$recordIdentifier = preg_replace("/[{$punct}]+/{$patternModifiers}", "", $recordIdentifier);
}
if ($ignoreCharacterCase == "1") {
// ignore character case
$recordIdentifier = strtolower($recordIdentifier);
}
if ($nonASCIIChars == "strip") {
// strip non-ASCII characters
$recordIdentifier = handleNonASCIIAndUnwantedCharacters($recordIdentifier, "\\S\\s", "strip");
} elseif ($nonASCIIChars == "transliterate") {
// transliterate non-ASCII characters
$recordIdentifier = handleNonASCIIAndUnwantedCharacters($recordIdentifier, "\\S\\s", "transliterate");
}
// Check whether the record identifier string has occurred already:
if (isset($recordSerialsArray[$recordIdentifier])) {
// this record identifier string has already been seen
$recordSerialsArray[$recordIdentifier][] = $row["serial"];
} else {
// new record identifier string
$recordSerialsArray[$recordIdentifier] = array($row["serial"]);
}
// add a new array element for this record's identifier string (and store its serial number as value within a sub-array)
}
// Collect all array elements from '$recordSerialsArray' where their sub-array contains more than one serial number:
foreach ($recordSerialsArray as $recordSerials) {
if (count($recordSerials) > 1) {
foreach ($recordSerials as $recordSerial) {
$duplicateRecordSerialsArray[] = $recordSerial;
}
}
// add this record's serial number to the array of duplicate record serials
}
} else {
// TODO!
}
if (empty($duplicateRecordSerialsArray)) {
$duplicateRecordSerialsArray[] = "0";
}
// if no duplicate records were found, the non-existing serial number '0' will result in a "nothing found" feedback
// CONSTRUCT SQL QUERY (2. DUPLICATES DISPLAY):
// To display any duplicates that were found within the results of the original query, we build again a new query based on the original SQL query:
$query = $sqlQuery;
// Replace WHERE clause:
// TODO: maybe make this into a generic function? (compare with function 'extractWHEREclause()' in 'include.inc.php')
$duplicateRecordSerialsString = implode("|", $duplicateRecordSerialsArray);
$query = preg_replace("/(?<=WHERE )(.+?)(?= ORDER BY| LIMIT| GROUP BY| HAVING| PROCEDURE| FOR UPDATE| LOCK IN|[ ;]+(SELECT|INSERT|UPDATE|DELETE|CREATE|ALTER|DROP|FILE)\\b|\$)/i", "serial RLIKE \"^(" . $duplicateRecordSerialsString . ")\$\"", $query);
// Replace any existing ORDER BY clause with the list of columns given in '$selectedFieldsArray':
$query = newORDERclause("ORDER BY " . $selectedFieldsString, $query, false);
return array($query, $displayType);
}
// (we skip unnecessary parameters here since 'search.php' will use it's default values for them)
$queryParametersArray = array("sqlQuery" => $query, "client" => $client, "formType" => "sqlSearch", "submit" => $displayType, "viewType" => $viewType, "showQuery" => $showQuery, "showLinks" => $showLinks, "showRows" => $showRows, "rowOffset" => $rowOffset, "wrapResults" => $wrapResults, "citeOrder" => $citeOrder, "citeStyle" => $citeStyle, "exportFormat" => $exportFormat, "exportType" => $exportType, "exportStylesheet" => $exportStylesheet, "citeType" => $citeType, "headerMsg" => $headerMsg);
// Save the URL of the current 'show.php' request to the 'referer' session variable:
// NOTE: since function 'start_session()' prefers '$_SESSION['referer']' over '$_SERVER['HTTP_REFERER']', this means that '$referer'
// contains a 'show.php' URL and not e.g. a '*_search.php' URL; this, in turn, can prevent the "NoPermission_ForSQL" warning
// if a user clicked the "Show All" link in the header of any of the '*_search.php' pages
// (see notes above the "NoPermission_ForSQL" error message in 'search.php')
// if (isset($_SERVER['REQUEST_URI']))
// saveSessionVariable("referer", $_SERVER['REQUEST_URI']); // function 'saveSessionVariable()' is defined in 'include.inc.php'
// Call 'search.php' in order to display record details:
if ($_SERVER['REQUEST_METHOD'] == "POST") {
// save POST data to session variable:
// NOTE: If the original request was a POST (as is the case for the refbase command line client) saving POST data to a session
// variable allows to retain large param/value strings (that would exceed the maximum string limit for GET requests).
// 'search.php' will then write the saved POST data back to '$_POST' and '$_REQUEST'. (see also note and commented code below)
saveSessionVariable("postData", $queryParametersArray);
header("Location: search.php?client=" . $client);
// we also pass the 'client' parameter in the GET request so that it's available to 'search.php' before sessions are initiated
} else {
$queryURL = generateURL("search.php", "html", $queryParametersArray, false);
// function 'generateURL()' is defined in 'include.inc.php'
header("Location: {$queryURL}");
}
// NOTE: If the original request was a POST (as is the case for the refbase command line client), we must also pass the data via POST to 'search.php'
// in order to retain large param/value strings (that would exceed the maximum string limit for GET requests). We could POST the data via function
// 'sendPostRequest()' as shown in the commented code below. However, the problem with this is that this does NOT *redirect* to 'search.php' but
// directly prints results from within this script ('show.php'). Also, the printed results include the full HTTP response, including the HTTP header.
// $queryURL = "";
// foreach ($queryParametersArray as $varname => $value)
// $queryURL .= "&" . $varname . "=" . rawurlencode($value);
// $queryURL = trimTextPattern($queryURL, "&", true, false); // remove again param delimiter from beginning of query URL (function 'trimTextPattern()' is defined in 'include.inc.php')
$HeaderString = "<b><span class=\"warning\">Missing parameters for script 'user_options.php'!</span></b>";
// Write back session variables:
saveSessionVariable("HeaderString", $HeaderString);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
// Redirect the browser back to the calling page
header("Location: " . $referer);
// variable '$referer' is globally defined in function 'start_session()' in 'include.inc.php'
exit;
}
// --------------------------------------------------------------------
// Check if the logged-in user is allowed to modify his account options:
if (isset($_SESSION['loginEmail']) and preg_match("/^\\d+\$/", $userID) and isset($_SESSION['user_permissions']) and !preg_match("/allow_modify_options/", $_SESSION['user_permissions'])) {
// save an error message:
$HeaderString = "<b><span class=\"warning\">You have no permission to modify your user account options!</span></b>";
// Write back session variables:
saveSessionVariable("HeaderString", $HeaderString);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
// Redirect the browser back to the calling page
header("Location: " . $referer);
exit;
}
// --------------------------------------------------------------------
// Set header message:
if (!isset($_SESSION['HeaderString'])) {
if (empty($errors)) {
// provide the default messages:
$HeaderString = "Modify your account options:";
} else {
// -> there were errors validating the user's options
$HeaderString = "<b><span class=\"warning\">There were validation errors regarding the options you selected. Please check the comments above the respective fields:</span></b>";
}
// Write back session variables:
saveSessionVariable("loginEmail", $loginEmail);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
saveSessionVariable("loginUserID", $loginUserID);
saveSessionVariable("loginFirstName", $loginFirstName);
saveSessionVariable("loginLastName", $loginLastName);
saveSessionVariable("abbrevInstitution", $abbrevInstitution);
saveSessionVariable("lastLogin", $lastLogin);
// If an authorized user uses 'user_details.php' to add a new user (-> 'userID' is empty!):
if ((!isset($_SESSION['loginEmail']) && $addNewUsers == "everyone" && $_REQUEST['userID'] == "") | (isset($_SESSION['loginEmail']) && $loginEmail == $adminLoginEmail && $_REQUEST['userID'] == "")) {
saveSessionVariable("userLanguage", $defaultLanguage);
// '$defaultLanguage' is defined in 'ini.inc.php'
saveSessionVariable("userRecordsPerPage", $defaultUserOptions['records_per_page']);
// '$defaultUserOptions' is defined in 'ini.inc.php'
saveSessionVariable("userAutoCompletions", $defaultUserOptions['show_auto_completions']);
saveSessionVariable("userMainFields", $defaultUserOptions['main_fields']);
}
// Get all user groups specified by the current user
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'userGroups':
getUserGroups($tableUserData, $loginUserID);
// function 'getUserGroups()' is defined in 'include.inc.php'
if ($loginEmail == $adminLoginEmail) {
// ('$adminLoginEmail' is specified in 'ini.inc.php')
// Get all user groups specified by the admin
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'adminUserGroups':
getUserGroups($tableUsers, $loginUserID);
}
// function 'getUserGroups()' is defined in 'include.inc.php'
// Similarly, get all queries that were saved previously by the current user
// and (if some queries were found) save them as semicolon-delimited string to the session variable 'userQueries':
getUserQueries($loginUserID);
function getPrefAutoCompletions($userID)
{
global $loginEmail;
global $adminLoginEmail;
// these variables are defined in 'ini.inc.php'
global $autoCompleteUserInput;
$userOptionsArray = array();
// initialize array variable
// Get all user options for the current user:
// note that if the user isn't logged in (userID=0), we don't load the pref setting from option
// 'show_auto_completions' in table 'user_options' (where 'user_id = 0'). Instead, we'll take
// the setting from variable '$autoCompleteUserInput' in 'ini.inc.php'.
if ($userID != 0) {
$userOptionsArray = getUserOptions($userID);
}
// Extract the setting which defines whether auto-completions shall be displayed for text entered by the user:
if (!empty($userOptionsArray) and !empty($userOptionsArray['show_auto_completions'])) {
$showAutoCompletions = $userOptionsArray['show_auto_completions'];
} else {
$showAutoCompletions = $autoCompleteUserInput;
}
// by default, we take the pref setting from the global variable '$autoCompleteUserInput'
// We'll only update the appropriate session variable if either a normal user is logged in -OR- the admin is logged in and views his own user options page
if ($loginEmail != $adminLoginEmail or $loginEmail == $adminLoginEmail && $userID == getUserID($loginEmail)) {
// Write results into a session variable:
saveSessionVariable("userAutoCompletions", $showAutoCompletions);
}
return $showAutoCompletions;
}
function check_login($referer, $loginEmail, $loginPassword)
{
global $username;
global $password;
global $hostName;
global $databaseName;
global $connection;
global $HeaderString;
global $loginUserID;
global $loginFirstName;
global $loginLastName;
global $adminLoginEmail;
global $abbrevInstitution;
global $tableAuth, $tableUserData, $tableUsers;
// defined in 'db.inc.php'
global $loc;
// Get the two character salt from the email address collected from the challenge
$salt = substr($loginEmail, 0, 2);
// Encrypt the loginPassword collected from the challenge (so that we can compare it to the encrypted passwords that are stored in the 'auth' table)
$crypted_password = crypt($loginPassword, $salt);
// CONSTRUCT SQL QUERY:
$query = "SELECT user_id FROM {$tableAuth} WHERE email = " . quote_smart($loginEmail) . " AND password = "******"errors");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
if (isset($_SESSION['formVars'])) {
// delete the 'formVars' session variable:
deleteSessionVariable("formVars");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
$userID = $row["user_id"];
// extract the user's userID from the last query
// Now we need to get the user's first name and last name (e.g., in order to display them within the login welcome message)
$query = "SELECT user_id, first_name, last_name, abbrev_institution, language, last_login FROM {$tableUsers} WHERE user_id = " . quote_smart($userID);
// CONSTRUCT SQL QUERY
$result = queryMySQLDatabase($query);
// RUN the query on the database through the connection (function 'queryMySQLDatabase()' is defined in 'include.inc.php')
$row2 = mysql_fetch_array($result);
// EXTRACT results: fetch the one row into the array '$row2'
// Save the fetched user details to the session file:
// Write back session variables:
saveSessionVariable("loginEmail", $loginEmail);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
saveSessionVariable("loginUserID", $row2["user_id"]);
saveSessionVariable("loginFirstName", $row2["first_name"]);
saveSessionVariable("loginLastName", $row2["last_name"]);
saveSessionVariable("abbrevInstitution", $row2["abbrev_institution"]);
saveSessionVariable("userLanguage", $row2["language"]);
saveSessionVariable("lastLogin", $row2["last_login"]);
// Get all user groups specified by the current user
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'userGroups':
getUserGroups($tableUserData, $row2["user_id"]);
// function 'getUserGroups()' is defined in 'include.inc.php'
if ($loginEmail == $adminLoginEmail) {
// ('$adminLoginEmail' is specified in 'ini.inc.php')
// Get all user groups specified by the admin
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'adminUserGroups':
getUserGroups($tableUsers, $row2["user_id"]);
}
// function 'getUserGroups()' is defined in 'include.inc.php'
// Get all user queries that were saved previously by the current user
// and (if some queries were found) save them as semicolon-delimited string to the session variable 'userQueries':
getUserQueries($row2["user_id"]);
// function 'getUserQueries()' is defined in 'include.inc.php'
// Get all export formats that were selected previously by the current user
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_export_formats':
getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "export");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all citation formats that were selected previously by the current user
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_cite_formats':
getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "cite");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all citation styles that were selected previously by the current user
// and (if some styles were found) save them as semicolon-delimited string to the session variable 'user_styles':
getVisibleUserFormatsStylesTypes($row2["user_id"], "style", "");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all document types that were selected previously by the current user
// and (if some types were found) save them as semicolon-delimited string to the session variable 'user_types':
getVisibleUserFormatsStylesTypes($row2["user_id"], "type", "");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get the user permissions for the current user
// and save all allowed user actions as semicolon-delimited string to the session variable 'user_permissions':
getPermissions($row2["user_id"], "user", true);
// function 'getPermissions()' is defined in 'include.inc.php'
// Get the default view for the current user
// and save it to the session variable 'userDefaultView':
getDefaultView($row2["user_id"]);
// function 'getDefaultView()' is defined in 'include.inc.php'
// Get the default number of records per page preferred by the current user
// and save it to the session variable 'userRecordsPerPage':
getDefaultNumberOfRecords($row2["user_id"]);
// function 'getDefaultNumberOfRecords()' is defined in 'include.inc.php'
// Get the user's preference for displaying auto-completions
// and save it to the session variable 'userAutoCompletions':
getPrefAutoCompletions($row2["user_id"]);
// function 'getPrefAutoCompletions()' is defined in 'include.inc.php'
// Get the list of "main fields" for the current user
// and save the list of fields as comma-delimited string to the session variable 'userMainFields':
getMainFields($row2["user_id"]);
// function 'getMainFields()' is defined in 'include.inc.php'
// We also update the user's entry within the 'users' table:
$query = "UPDATE {$tableUsers} SET " . "last_login = NOW(), " . "logins = logins+1 " . "WHERE user_id = {$userID}";
// RUN the query on the database through the connection:
$result = queryMySQLDatabase($query);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
if (!preg_match("#/(error|user_login|install)\\.php#i", $referer)) {
header("Location: " . $referer);
} else {
header("Location: index.php");
}
// back to main page
} else {
// Ensure 'loginEmail' is not registered, so the user is not logged in
if (isset($_SESSION['loginEmail'])) {
// delete the 'loginEmail' session variable:
deleteSessionVariable("loginEmail");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
// Save an error message:
$HeaderString = "<b><span class=\"warning\">" . $loc["LoginFailedYouProvidedAnIncorrectEmailAddressOrPassword"] . "</span></b>";
// Write back session variables:
saveSessionVariable("HeaderString", $HeaderString);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
login_page($referer);
}
// -------------------
// (5) CLOSE the database connection:
disconnectFromMySQLDatabase();
// function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'
}
