foreach ($queryArray as $query) { $result = queryMySQLDatabase($query); } // function 'queryMySQLDatabase()' is defined in 'include.inc.php' $affectedRows = $result ? mysql_affected_rows($connection) : 0; // get the number of rows that were modified (or return 0 if an error occurred) if ($affectedRows == 0) { // we'll file this additional error element here so that the 'errors' session variable isn't empty causing 'duplicate_manager.php' to re-load the form data that were submitted by the user $errors["ignoredRecords"] = "all"; // return an appropriate error message: $HeaderString = returnMsg("Nothing was changed by your query!", "warning", "strong", "HeaderString"); // function 'returnMsg()' is defined in 'include.inc.php' // Write back session variables: saveSessionVariable("errors", $errors); // function 'saveSessionVariable()' is defined in 'include.inc.php' saveSessionVariable("formVars", $formVars); // Relocate back to the 'Flag Duplicates' form (script 'duplicate_manager.php'): header("Location: " . $referer); exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< } // Build correct header message: $HeaderString = returnMsg("The records below have been successfully flagged as original/duplicate records:", "", "", "HeaderString"); // function 'returnMsg()' is defined in 'include.inc.php' // Merge all given record serial numbers: $allRecordSerialsString = $origRecordSerial . "," . implode(",", $dupRecordSerialsArray); // (4) Call 'show.php' which will display all affected records along with the header message // (routing feedback output to a different script page will avoid any reload problems effectively!) header("Location: show.php?records=" . $allRecordSerialsString); // -------------------------------------------------------------------- // (5) CLOSE CONNECTION
// register globals is ON, or explicitly if register globals is OFF [by uncommenting the code above]). // We need to clear these session variables here, since they would otherwise be still there on a subsequent call of 'query_manager.php'! // Note: though we clear the session variables, the current error message (or form variables) is still available to this script via '$errors' (or '$formVars', respectively). deleteSessionVariable("errors"); // function 'deleteSessionVariable()' is defined in 'include.inc.php' deleteSessionVariable("formVars"); // -------------------------------------------------------------------- // A user must be logged in to save, modify or delete any queries: if (!isset($_SESSION['loginEmail'])) { // return an appropriate error message: $HeaderString = returnMsg($loc["Warning_LoginToUseSavedQueries"] . "!", "warning", "strong", "HeaderString"); // function 'returnMsg()' is defined in 'include.inc.php' // save the URL of the currently displayed page: $referer = $_SERVER['HTTP_REFERER']; // Write back session variables: saveSessionVariable("referer", $referer); // function 'saveSessionVariable()' is defined in 'include.inc.php' header("Location: user_login.php"); exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< } // -------------------------------------------------------------------- // Extract the view type requested by the user (either 'Mobile', 'Print', 'Web' or ''): // ('' will produce the default 'Web' output style) if (isset($_REQUEST['viewType'])) { $viewType = $_REQUEST['viewType']; } else { $viewType = ""; } // Check if the script was called with parameters (like: 'query_manager.php?customQuery=1&sqlQuery=...&showQuery=...&showLinks=...') // If so, the parameter 'customQuery=1' will be set:
} elseif (preg_match("/^suggest\$/i", $operation) and preg_match("/^(html|json)\$/i", $recordSchema)) { // Set the appropriate mimetype & set the character encoding to the one given // in '$contentTypeCharset' (which is defined in 'ini.inc.php'): setHeaderContentType($exportContentType, $contentTypeCharset); echo searchSuggestions($cqlQuery, $query); } elseif (!isset($_REQUEST['query']) and !isset($_REQUEST['recordSchema']) and !isset($_REQUEST['maximumRecords']) and !isset($_REQUEST['startRecord']) and !isset($_REQUEST['stylesheet'])) { showQueryPage($operation, $viewType, $showRows, $rowOffset); } elseif (empty($cqlQuery)) { returnDiagnostic(7, "query"); } elseif (!preg_match("/^((atom|rss)([ _]?xml)?|srw([ _]?(mods|dc))?([ _]?xml)?|html|json)\$/i", $recordSchema)) { returnDiagnostic(66, $recordSchema); } else { // Write the current OpenSearch/CQL query into a session variable: // (this session variable is used by functions 'atomCollection()' and 'citeRecords()' (in 'cite_html.php') to re-establish the original OpenSearch/CQL query; // function 'atomCollection()' uses the OpenSearch/CQL query to output 'opensearch.php' URLs instead of 'show.php' URLs) saveSessionVariable("cqlQuery", $cqlQuery); // function 'saveSessionVariable()' is defined in 'include.inc.php' // Build the correct query URL: // (we skip unnecessary parameters here since function 'generateURL()' and 'show.php' will use their default values for them) $queryParametersArray = array("where" => $query, "submit" => $displayType, "viewType" => $viewType, "exportStylesheet" => $exportStylesheet); // NOTE: The 'show.php' script allows anonymous users to query the 'cite_key' field (if a valid 'userID' is included in the query URL). // However, this requires that the cite key is passed in the 'cite_key' URL parameter. Since 'opensearch.php' uses the 'where' // parameter to pass its query, anonymous querying of the 'cite_key' field currently does not work for 'opensearch.php'. But // querying of user-specific fields will work if a user is logged in. if (isset($_SESSION['loginEmail'])) { // we only include the 'userID' parameter if the user is logged in $queryParametersArray["userID"] = $loginUserID; } // for user-specific fields (such as the 'cite_key' field), 'show.php' requires the 'userID' parameter // call 'show.php' (or 'rss.php' in case of RSS XML) with the correct query URL in order to output record details in the requested format: $queryURL = generateURL("show.php", $exportFormat, $queryParametersArray, false, $showRows, $rowOffset, "", $citeOrder);
include 'initialize/db.inc.php'; // 'db.inc.php' is included to hide username and password include 'includes/header.inc.php'; // include header include 'includes/footer.inc.php'; // include footer include 'includes/include.inc.php'; // include common functions include 'initialize/ini.inc.php'; // include common variables // -------------------------------------------------------------------- // START A SESSION: // call the 'start_session()' function (from 'include.inc.php') which will also read out available session variables: start_session(true); // -------------------------------------------------------------------- // Initialize preferred display language: // (note that 'locales.inc.php' has to be included *after* the call to the 'start_session()' function) include 'includes/locales.inc.php'; // include the locales // (1) OPEN CONNECTION, (2) SELECT DATABASE connectToMySQLDatabase(); // function 'connectToMySQLDatabase()' is defined in 'include.inc.php' $sql = "SELECT language_name FROM languages WHERE language_id = %d"; $query = mysql_query(sprintf($sql, intval($_POST['language_id']))); $data = mysql_fetch_array($query, MYSQL_ASSOC); if (isset($data['language_name'])) { saveSessionVariable("userLanguage", $data['language_name']); } else { unset($_SESSION['userLanguage']); } header('Location: index.php');
function findDuplicates($sqlQuery, $originalDisplayType) { global $tableRefs, $tableUserData; // defined in 'db.inc.php' global $alnum, $alpha, $cntrl, $dash, $digit, $graph, $lower, $print, $punct, $space, $upper, $word, $patternModifiers; // defined in 'transtab_unicode_charset.inc.php' and 'transtab_latin1_charset.inc.php' // re-assign the correct display type (i.e. the view that was active when the user clicked the 'dups' link in the header): if (!empty($originalDisplayType)) { $displayType = $originalDisplayType; } // Extract form variables provided by the 'duplicateSearch' form in 'duplicate_search.php': if (isset($_REQUEST['matchFieldsSelector'])) { if (is_string($_REQUEST['matchFieldsSelector'])) { // we accept a string containing a (e.g. comma delimited) list of field names $selectedFieldsArray = preg_split("/[^a-z_]+/", $_REQUEST['matchFieldsSelector'], -1, PREG_SPLIT_NO_EMPTY); } else { // the field list is already provided as array: $selectedFieldsArray = $_REQUEST['matchFieldsSelector']; } } else { $selectedFieldsArray = array(); } if (isset($_REQUEST['ignoreWhitespace']) and $_REQUEST['ignoreWhitespace'] == "1") { $ignoreWhitespace = "1"; } else { $ignoreWhitespace = "0"; } if (isset($_REQUEST['ignorePunctuation']) and $_REQUEST['ignorePunctuation'] == "1") { $ignorePunctuation = "1"; } else { $ignorePunctuation = "0"; } if (isset($_REQUEST['ignoreCharacterCase']) and $_REQUEST['ignoreCharacterCase'] == "1") { $ignoreCharacterCase = "1"; } else { $ignoreCharacterCase = "0"; } if (isset($_REQUEST['ignoreAuthorInitials']) and $_REQUEST['ignoreAuthorInitials'] == "1") { $ignoreAuthorInitials = "1"; } else { $ignoreAuthorInitials = "0"; } if (isset($_REQUEST['nonASCIIChars'])) { $nonASCIIChars = $_REQUEST['nonASCIIChars']; } else { $nonASCIIChars = "keep"; } // VALIDATE FORM DATA: $errors = array(); // Validate the field selector: if (empty($selectedFieldsArray)) { $errors["matchFieldsSelector"] = "You must select at least one field:"; } // Validate the 'SQL Query' field: if (empty($sqlQuery)) { $errors["sqlQuery"] = "You must specify a query string:"; } elseif (!preg_match("/^SELECT/i", $sqlQuery)) { $errors["sqlQuery"] = "You can only execute SELECT queries:"; } // Check if there were any errors: if (count($errors) > 0) { // In case of an error, we write all form variables back to the '$formVars' array // (which 'duplicate_search.php' requires to reload form values): foreach ($_REQUEST as $varname => $value) { $formVars[$varname] = $value; } // Since checkbox form fields do only get included in the '$_REQUEST' array if they were marked, // we have to add appropriate array elements for all checkboxes that weren't set: if (!isset($formVars["ignoreWhitespace"])) { $formVars["ignoreWhitespace"] = "0"; } if (!isset($formVars["ignorePunctuation"])) { $formVars["ignorePunctuation"] = "0"; } if (!isset($formVars["ignoreCharacterCase"])) { $formVars["ignoreCharacterCase"] = "0"; } if (!isset($formVars["ignoreAuthorInitials"])) { $formVars["ignoreAuthorInitials"] = "0"; } if (!isset($formVars["showLinks"])) { $formVars["showLinks"] = "0"; } // Write back session variables: saveSessionVariable("errors", $errors); // function 'saveSessionVariable()' is defined in 'include.inc.php' saveSessionVariable("formVars", $formVars); // There are errors. Relocate back to 'duplicate_search.php': header("Location: duplicate_search.php"); exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< } // CONSTRUCT SQL QUERY (1. DUPLICATE SEARCH): // To identify any duplicates within the results of the original query, we build a new query based on the original SQL query: $query = $sqlQuery; // Replace SELECT list of columns with those from '$selectedFieldsArray' (plus the 'serial' column): $selectedFieldsString = implode(", ", $selectedFieldsArray); $query = newSELECTclause("SELECT " . $selectedFieldsString . ", serial", $query, false); // function 'newSELECTclause()' is defined in 'include.inc.php' // Replace any existing ORDER BY clause with the list of columns given in '$selectedFieldsArray': $query = newORDERclause("ORDER BY " . $selectedFieldsString, $query, false); // function 'newORDERclause()' is defined in 'include.inc.php' // Fix escape sequences within the SQL query: $query = stripSlashesIfMagicQuotes($query); // RUN the query on the database through the connection: $result = queryMySQLDatabase($query); // function 'queryMySQLDatabase()' is defined in 'include.inc.php' // PROCESS RESULTS: $recordSerialsArray = array(); $duplicateRecordSerialsArray = array(); $rowsFound = @mysql_num_rows($result); // Identify any records with matching field data: if ($rowsFound > 0) { // Count the number of fields: $fieldsFound = mysql_num_fields($result); // Loop over each row in the result set: for ($rowCounter = 0; $row = @mysql_fetch_array($result); $rowCounter++) { $recordIdentifier = ""; // make sure our buffer variable is empty // For each row, loop over each field (except for the last one which is the 'serial' field): for ($i = 0; $i < $fieldsFound - 1; $i++) { // fetch the current attribute name: $fieldName = getMySQLFieldInfo($result, $i, "name"); // function 'getMySQLFieldInfo()' is defined in 'include.inc.php' // normalize author names: if ($fieldName == "author" and $ignoreAuthorInitials == "1") { // this is a stupid hack that maps the names of the '$row' array keys to those used // by the '$formVars' array (which is required by function 'parsePlaceholderString()') // (eventually, the '$formVars' array should use the MySQL field names as names for its array keys) $formVars = buildFormVarsArray($row); // function 'buildFormVarsArray()' is defined in 'include.inc.php' // ignore initials in author names: $row[$i] = parsePlaceholderString($formVars, "<:authors[0||]:>", ""); // function 'parsePlaceholderString()' is defined in 'include.inc.php' } $recordIdentifier .= $row[$i]; // merge all field values to form a unique record identifier string } // Normalize record identifier string: if ($ignoreWhitespace == "1") { // ignore whitespace $recordIdentifier = preg_replace("/\\s+/", "", $recordIdentifier); } if ($ignorePunctuation == "1") { // ignore punctuation $recordIdentifier = preg_replace("/[{$punct}]+/{$patternModifiers}", "", $recordIdentifier); } if ($ignoreCharacterCase == "1") { // ignore character case $recordIdentifier = strtolower($recordIdentifier); } if ($nonASCIIChars == "strip") { // strip non-ASCII characters $recordIdentifier = handleNonASCIIAndUnwantedCharacters($recordIdentifier, "\\S\\s", "strip"); } elseif ($nonASCIIChars == "transliterate") { // transliterate non-ASCII characters $recordIdentifier = handleNonASCIIAndUnwantedCharacters($recordIdentifier, "\\S\\s", "transliterate"); } // Check whether the record identifier string has occurred already: if (isset($recordSerialsArray[$recordIdentifier])) { // this record identifier string has already been seen $recordSerialsArray[$recordIdentifier][] = $row["serial"]; } else { // new record identifier string $recordSerialsArray[$recordIdentifier] = array($row["serial"]); } // add a new array element for this record's identifier string (and store its serial number as value within a sub-array) } // Collect all array elements from '$recordSerialsArray' where their sub-array contains more than one serial number: foreach ($recordSerialsArray as $recordSerials) { if (count($recordSerials) > 1) { foreach ($recordSerials as $recordSerial) { $duplicateRecordSerialsArray[] = $recordSerial; } } // add this record's serial number to the array of duplicate record serials } } else { // TODO! } if (empty($duplicateRecordSerialsArray)) { $duplicateRecordSerialsArray[] = "0"; } // if no duplicate records were found, the non-existing serial number '0' will result in a "nothing found" feedback // CONSTRUCT SQL QUERY (2. DUPLICATES DISPLAY): // To display any duplicates that were found within the results of the original query, we build again a new query based on the original SQL query: $query = $sqlQuery; // Replace WHERE clause: // TODO: maybe make this into a generic function? (compare with function 'extractWHEREclause()' in 'include.inc.php') $duplicateRecordSerialsString = implode("|", $duplicateRecordSerialsArray); $query = preg_replace("/(?<=WHERE )(.+?)(?= ORDER BY| LIMIT| GROUP BY| HAVING| PROCEDURE| FOR UPDATE| LOCK IN|[ ;]+(SELECT|INSERT|UPDATE|DELETE|CREATE|ALTER|DROP|FILE)\\b|\$)/i", "serial RLIKE \"^(" . $duplicateRecordSerialsString . ")\$\"", $query); // Replace any existing ORDER BY clause with the list of columns given in '$selectedFieldsArray': $query = newORDERclause("ORDER BY " . $selectedFieldsString, $query, false); return array($query, $displayType); }
// (we skip unnecessary parameters here since 'search.php' will use it's default values for them) $queryParametersArray = array("sqlQuery" => $query, "client" => $client, "formType" => "sqlSearch", "submit" => $displayType, "viewType" => $viewType, "showQuery" => $showQuery, "showLinks" => $showLinks, "showRows" => $showRows, "rowOffset" => $rowOffset, "wrapResults" => $wrapResults, "citeOrder" => $citeOrder, "citeStyle" => $citeStyle, "exportFormat" => $exportFormat, "exportType" => $exportType, "exportStylesheet" => $exportStylesheet, "citeType" => $citeType, "headerMsg" => $headerMsg); // Save the URL of the current 'show.php' request to the 'referer' session variable: // NOTE: since function 'start_session()' prefers '$_SESSION['referer']' over '$_SERVER['HTTP_REFERER']', this means that '$referer' // contains a 'show.php' URL and not e.g. a '*_search.php' URL; this, in turn, can prevent the "NoPermission_ForSQL" warning // if a user clicked the "Show All" link in the header of any of the '*_search.php' pages // (see notes above the "NoPermission_ForSQL" error message in 'search.php') // if (isset($_SERVER['REQUEST_URI'])) // saveSessionVariable("referer", $_SERVER['REQUEST_URI']); // function 'saveSessionVariable()' is defined in 'include.inc.php' // Call 'search.php' in order to display record details: if ($_SERVER['REQUEST_METHOD'] == "POST") { // save POST data to session variable: // NOTE: If the original request was a POST (as is the case for the refbase command line client) saving POST data to a session // variable allows to retain large param/value strings (that would exceed the maximum string limit for GET requests). // 'search.php' will then write the saved POST data back to '$_POST' and '$_REQUEST'. (see also note and commented code below) saveSessionVariable("postData", $queryParametersArray); header("Location: search.php?client=" . $client); // we also pass the 'client' parameter in the GET request so that it's available to 'search.php' before sessions are initiated } else { $queryURL = generateURL("search.php", "html", $queryParametersArray, false); // function 'generateURL()' is defined in 'include.inc.php' header("Location: {$queryURL}"); } // NOTE: If the original request was a POST (as is the case for the refbase command line client), we must also pass the data via POST to 'search.php' // in order to retain large param/value strings (that would exceed the maximum string limit for GET requests). We could POST the data via function // 'sendPostRequest()' as shown in the commented code below. However, the problem with this is that this does NOT *redirect* to 'search.php' but // directly prints results from within this script ('show.php'). Also, the printed results include the full HTTP response, including the HTTP header. // $queryURL = ""; // foreach ($queryParametersArray as $varname => $value) // $queryURL .= "&" . $varname . "=" . rawurlencode($value); // $queryURL = trimTextPattern($queryURL, "&", true, false); // remove again param delimiter from beginning of query URL (function 'trimTextPattern()' is defined in 'include.inc.php')
$HeaderString = "<b><span class=\"warning\">Missing parameters for script 'user_options.php'!</span></b>"; // Write back session variables: saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php' // Redirect the browser back to the calling page header("Location: " . $referer); // variable '$referer' is globally defined in function 'start_session()' in 'include.inc.php' exit; } // -------------------------------------------------------------------- // Check if the logged-in user is allowed to modify his account options: if (isset($_SESSION['loginEmail']) and preg_match("/^\\d+\$/", $userID) and isset($_SESSION['user_permissions']) and !preg_match("/allow_modify_options/", $_SESSION['user_permissions'])) { // save an error message: $HeaderString = "<b><span class=\"warning\">You have no permission to modify your user account options!</span></b>"; // Write back session variables: saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php' // Redirect the browser back to the calling page header("Location: " . $referer); exit; } // -------------------------------------------------------------------- // Set header message: if (!isset($_SESSION['HeaderString'])) { if (empty($errors)) { // provide the default messages: $HeaderString = "Modify your account options:"; } else { // -> there were errors validating the user's options $HeaderString = "<b><span class=\"warning\">There were validation errors regarding the options you selected. Please check the comments above the respective fields:</span></b>"; }
// Write back session variables: saveSessionVariable("loginEmail", $loginEmail); // function 'saveSessionVariable()' is defined in 'include.inc.php' saveSessionVariable("loginUserID", $loginUserID); saveSessionVariable("loginFirstName", $loginFirstName); saveSessionVariable("loginLastName", $loginLastName); saveSessionVariable("abbrevInstitution", $abbrevInstitution); saveSessionVariable("lastLogin", $lastLogin); // If an authorized user uses 'user_details.php' to add a new user (-> 'userID' is empty!): if ((!isset($_SESSION['loginEmail']) && $addNewUsers == "everyone" && $_REQUEST['userID'] == "") | (isset($_SESSION['loginEmail']) && $loginEmail == $adminLoginEmail && $_REQUEST['userID'] == "")) { saveSessionVariable("userLanguage", $defaultLanguage); // '$defaultLanguage' is defined in 'ini.inc.php' saveSessionVariable("userRecordsPerPage", $defaultUserOptions['records_per_page']); // '$defaultUserOptions' is defined in 'ini.inc.php' saveSessionVariable("userAutoCompletions", $defaultUserOptions['show_auto_completions']); saveSessionVariable("userMainFields", $defaultUserOptions['main_fields']); } // Get all user groups specified by the current user // and (if some groups were found) save them as semicolon-delimited string to the session variable 'userGroups': getUserGroups($tableUserData, $loginUserID); // function 'getUserGroups()' is defined in 'include.inc.php' if ($loginEmail == $adminLoginEmail) { // ('$adminLoginEmail' is specified in 'ini.inc.php') // Get all user groups specified by the admin // and (if some groups were found) save them as semicolon-delimited string to the session variable 'adminUserGroups': getUserGroups($tableUsers, $loginUserID); } // function 'getUserGroups()' is defined in 'include.inc.php' // Similarly, get all queries that were saved previously by the current user // and (if some queries were found) save them as semicolon-delimited string to the session variable 'userQueries': getUserQueries($loginUserID);
function getPrefAutoCompletions($userID) { global $loginEmail; global $adminLoginEmail; // these variables are defined in 'ini.inc.php' global $autoCompleteUserInput; $userOptionsArray = array(); // initialize array variable // Get all user options for the current user: // note that if the user isn't logged in (userID=0), we don't load the pref setting from option // 'show_auto_completions' in table 'user_options' (where 'user_id = 0'). Instead, we'll take // the setting from variable '$autoCompleteUserInput' in 'ini.inc.php'. if ($userID != 0) { $userOptionsArray = getUserOptions($userID); } // Extract the setting which defines whether auto-completions shall be displayed for text entered by the user: if (!empty($userOptionsArray) and !empty($userOptionsArray['show_auto_completions'])) { $showAutoCompletions = $userOptionsArray['show_auto_completions']; } else { $showAutoCompletions = $autoCompleteUserInput; } // by default, we take the pref setting from the global variable '$autoCompleteUserInput' // We'll only update the appropriate session variable if either a normal user is logged in -OR- the admin is logged in and views his own user options page if ($loginEmail != $adminLoginEmail or $loginEmail == $adminLoginEmail && $userID == getUserID($loginEmail)) { // Write results into a session variable: saveSessionVariable("userAutoCompletions", $showAutoCompletions); } return $showAutoCompletions; }
function check_login($referer, $loginEmail, $loginPassword) { global $username; global $password; global $hostName; global $databaseName; global $connection; global $HeaderString; global $loginUserID; global $loginFirstName; global $loginLastName; global $adminLoginEmail; global $abbrevInstitution; global $tableAuth, $tableUserData, $tableUsers; // defined in 'db.inc.php' global $loc; // Get the two character salt from the email address collected from the challenge $salt = substr($loginEmail, 0, 2); // Encrypt the loginPassword collected from the challenge (so that we can compare it to the encrypted passwords that are stored in the 'auth' table) $crypted_password = crypt($loginPassword, $salt); // CONSTRUCT SQL QUERY: $query = "SELECT user_id FROM {$tableAuth} WHERE email = " . quote_smart($loginEmail) . " AND password = "******"errors"); } // function 'deleteSessionVariable()' is defined in 'include.inc.php' if (isset($_SESSION['formVars'])) { // delete the 'formVars' session variable: deleteSessionVariable("formVars"); } // function 'deleteSessionVariable()' is defined in 'include.inc.php' $userID = $row["user_id"]; // extract the user's userID from the last query // Now we need to get the user's first name and last name (e.g., in order to display them within the login welcome message) $query = "SELECT user_id, first_name, last_name, abbrev_institution, language, last_login FROM {$tableUsers} WHERE user_id = " . quote_smart($userID); // CONSTRUCT SQL QUERY $result = queryMySQLDatabase($query); // RUN the query on the database through the connection (function 'queryMySQLDatabase()' is defined in 'include.inc.php') $row2 = mysql_fetch_array($result); // EXTRACT results: fetch the one row into the array '$row2' // Save the fetched user details to the session file: // Write back session variables: saveSessionVariable("loginEmail", $loginEmail); // function 'saveSessionVariable()' is defined in 'include.inc.php' saveSessionVariable("loginUserID", $row2["user_id"]); saveSessionVariable("loginFirstName", $row2["first_name"]); saveSessionVariable("loginLastName", $row2["last_name"]); saveSessionVariable("abbrevInstitution", $row2["abbrev_institution"]); saveSessionVariable("userLanguage", $row2["language"]); saveSessionVariable("lastLogin", $row2["last_login"]); // Get all user groups specified by the current user // and (if some groups were found) save them as semicolon-delimited string to the session variable 'userGroups': getUserGroups($tableUserData, $row2["user_id"]); // function 'getUserGroups()' is defined in 'include.inc.php' if ($loginEmail == $adminLoginEmail) { // ('$adminLoginEmail' is specified in 'ini.inc.php') // Get all user groups specified by the admin // and (if some groups were found) save them as semicolon-delimited string to the session variable 'adminUserGroups': getUserGroups($tableUsers, $row2["user_id"]); } // function 'getUserGroups()' is defined in 'include.inc.php' // Get all user queries that were saved previously by the current user // and (if some queries were found) save them as semicolon-delimited string to the session variable 'userQueries': getUserQueries($row2["user_id"]); // function 'getUserQueries()' is defined in 'include.inc.php' // Get all export formats that were selected previously by the current user // and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_export_formats': getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "export"); // function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php' // Get all citation formats that were selected previously by the current user // and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_cite_formats': getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "cite"); // function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php' // Get all citation styles that were selected previously by the current user // and (if some styles were found) save them as semicolon-delimited string to the session variable 'user_styles': getVisibleUserFormatsStylesTypes($row2["user_id"], "style", ""); // function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php' // Get all document types that were selected previously by the current user // and (if some types were found) save them as semicolon-delimited string to the session variable 'user_types': getVisibleUserFormatsStylesTypes($row2["user_id"], "type", ""); // function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php' // Get the user permissions for the current user // and save all allowed user actions as semicolon-delimited string to the session variable 'user_permissions': getPermissions($row2["user_id"], "user", true); // function 'getPermissions()' is defined in 'include.inc.php' // Get the default view for the current user // and save it to the session variable 'userDefaultView': getDefaultView($row2["user_id"]); // function 'getDefaultView()' is defined in 'include.inc.php' // Get the default number of records per page preferred by the current user // and save it to the session variable 'userRecordsPerPage': getDefaultNumberOfRecords($row2["user_id"]); // function 'getDefaultNumberOfRecords()' is defined in 'include.inc.php' // Get the user's preference for displaying auto-completions // and save it to the session variable 'userAutoCompletions': getPrefAutoCompletions($row2["user_id"]); // function 'getPrefAutoCompletions()' is defined in 'include.inc.php' // Get the list of "main fields" for the current user // and save the list of fields as comma-delimited string to the session variable 'userMainFields': getMainFields($row2["user_id"]); // function 'getMainFields()' is defined in 'include.inc.php' // We also update the user's entry within the 'users' table: $query = "UPDATE {$tableUsers} SET " . "last_login = NOW(), " . "logins = logins+1 " . "WHERE user_id = {$userID}"; // RUN the query on the database through the connection: $result = queryMySQLDatabase($query); // function 'queryMySQLDatabase()' is defined in 'include.inc.php' if (!preg_match("#/(error|user_login|install)\\.php#i", $referer)) { header("Location: " . $referer); } else { header("Location: index.php"); } // back to main page } else { // Ensure 'loginEmail' is not registered, so the user is not logged in if (isset($_SESSION['loginEmail'])) { // delete the 'loginEmail' session variable: deleteSessionVariable("loginEmail"); } // function 'deleteSessionVariable()' is defined in 'include.inc.php' // Save an error message: $HeaderString = "<b><span class=\"warning\">" . $loc["LoginFailedYouProvidedAnIncorrectEmailAddressOrPassword"] . "</span></b>"; // Write back session variables: saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php' login_page($referer); } // ------------------- // (5) CLOSE the database connection: disconnectFromMySQLDatabase(); // function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php' }