public function __construct()
{
pdHtmlPage::__construct('logout');
if ($this->access_level <= 0) {
die('You are not logged in so you cannot log out.');
}
unset($_SESSION['user']);
searchSessionInit();
// kill session variables
$_SESSION = array();
// reset session array
session_destroy();
// destroy session.
header('Location: index.php');
}
public function processForm()
{
$user = new pdUser();
$values = $this->form->exportValues();
if (!get_magic_quotes_gpc()) {
$values['username'] = addslashes($values['username']);
}
$user->dbLoad($this->db, $values['username']);
if (isset($values['submit_username'])) {
// check passwords match
$values['password'] = md5(stripslashes($this->password_hash . $values['password']));
if ($values['password'] != $user->password) {
echo 'Incorrect password, please try again.';
$this->pageError = true;
return;
}
// if we get here username and password are correct,
//register session variables and set last login time.
$values['username'] = stripslashes($values['username']);
$_SESSION['user'] = $user;
// reset search results
searchSessionInit();
$this->access_level = $_SESSION['user']->access_level;
if ($this->access_level == 0) {
echo 'Your login request has not been processed yet.';
return;
}
if (isset($values['redirect'])) {
$this->redirectUrl = $values['redirect'];
$this->redirectTimeout = 0;
} else {
echo '<h2>Logged in</h1>', 'You have succesfully logged in as ', $_SESSION['user']->login, '<p/>Return to <a href="index.php">main page</a>.', '</div>';
}
} else {
if (isset($values['newaccount'])) {
// check if username exists in database.
if (isset($user->login)) {
echo 'Sorry, the username <strong>', $values['username'], '</strong> is already taken, please pick another one.';
$this->pageError = true;
return;
}
// check passwords match
if ($values['password'] != $values['password_again']) {
echo 'Passwords did not match.';
$this->pageError = true;
return;
}
// no HTML tags in username, website, location, password
$values['username'] = strip_tags($values['username']);
$values['password'] = strip_tags($this->password_hash . $values['password']);
// now we can add them to the database. encrypt password
$values['password'] = md5($values['password']);
if (!get_magic_quotes_gpc()) {
$values['password'] = addslashes($values['password']);
$values['email'] = addslashes($values['email']);
}
$this->db->insert('user', array('login' => $values['username'], 'password' => $values['password'], 'email' => $values['email'], 'name' => $values['realname']), 'login.php');
$this->access_level = 0;
// only send email if running the real papersdb
if (strpos($_SERVER['PHP_SELF'], '~papersdb')) {
mail(PAPERSDB_EMAIL, 'PapersDB: Login Request', 'The following user has requested editor access ' . 'level for PapersDB.' . "\n\n" . 'name: ' . $values['realname'] . "\n" . 'login: '******'username'] . "\n" . 'email: ' . $values['email']);
}
echo '<h2>Login Request Submitted</h1>', 'A request to create your login <b>', $values['username'], '</b> has been submitted. A confirmation email will be sent to <code>', $values['email'], '</code> when your account is ready. ', '<p/>Return to <a href="index.php">main page</a>.';
} else {
echo 'Could not process form<br/><pre>', print_r($values, true), '</pre>';
}
}
}
