public function __construct() { pdHtmlPage::__construct('logout'); if ($this->access_level <= 0) { die('You are not logged in so you cannot log out.'); } unset($_SESSION['user']); searchSessionInit(); // kill session variables $_SESSION = array(); // reset session array session_destroy(); // destroy session. header('Location: index.php'); }
public function processForm() { $user = new pdUser(); $values = $this->form->exportValues(); if (!get_magic_quotes_gpc()) { $values['username'] = addslashes($values['username']); } $user->dbLoad($this->db, $values['username']); if (isset($values['submit_username'])) { // check passwords match $values['password'] = md5(stripslashes($this->password_hash . $values['password'])); if ($values['password'] != $user->password) { echo 'Incorrect password, please try again.'; $this->pageError = true; return; } // if we get here username and password are correct, //register session variables and set last login time. $values['username'] = stripslashes($values['username']); $_SESSION['user'] = $user; // reset search results searchSessionInit(); $this->access_level = $_SESSION['user']->access_level; if ($this->access_level == 0) { echo 'Your login request has not been processed yet.'; return; } if (isset($values['redirect'])) { $this->redirectUrl = $values['redirect']; $this->redirectTimeout = 0; } else { echo '<h2>Logged in</h1>', 'You have succesfully logged in as ', $_SESSION['user']->login, '<p/>Return to <a href="index.php">main page</a>.', '</div>'; } } else { if (isset($values['newaccount'])) { // check if username exists in database. if (isset($user->login)) { echo 'Sorry, the username <strong>', $values['username'], '</strong> is already taken, please pick another one.'; $this->pageError = true; return; } // check passwords match if ($values['password'] != $values['password_again']) { echo 'Passwords did not match.'; $this->pageError = true; return; } // no HTML tags in username, website, location, password $values['username'] = strip_tags($values['username']); $values['password'] = strip_tags($this->password_hash . $values['password']); // now we can add them to the database. encrypt password $values['password'] = md5($values['password']); if (!get_magic_quotes_gpc()) { $values['password'] = addslashes($values['password']); $values['email'] = addslashes($values['email']); } $this->db->insert('user', array('login' => $values['username'], 'password' => $values['password'], 'email' => $values['email'], 'name' => $values['realname']), 'login.php'); $this->access_level = 0; // only send email if running the real papersdb if (strpos($_SERVER['PHP_SELF'], '~papersdb')) { mail(PAPERSDB_EMAIL, 'PapersDB: Login Request', 'The following user has requested editor access ' . 'level for PapersDB.' . "\n\n" . 'name: ' . $values['realname'] . "\n" . 'login: '******'username'] . "\n" . 'email: ' . $values['email']); } echo '<h2>Login Request Submitted</h1>', 'A request to create your login <b>', $values['username'], '</b> has been submitted. A confirmation email will be sent to <code>', $values['email'], '</code> when your account is ready. ', '<p/>Return to <a href="index.php">main page</a>.'; } else { echo 'Could not process form<br/><pre>', print_r($values, true), '</pre>'; } } }