/** * presents the login screen when authenticating witth sessions * */ function loginscreen($message = "<h3>Login to PhpLabWare</h3>") { global $_SERVER, $system_settings; $PHP_SELF = $_SERVER['PHP_SELF']; if ($system_settings['secure_server']) { $server = getenv('HTTP_HOST'); if (!$server) { $server = $_SERVER['HTTP_HOST']; } $addres = "https://{$server}{$PHP_SELF}"; } else { $addres = $PHP_SELF; } $addres = url_get_string($addres); // prevent cross-site scripting: $addres = strip_xss_stuff($addres); printheader("Login to PhpLabWare"); echo "<noscript><br><align='center'><b><div id='nojs'>Javascript is not used. Although navigation of phplabware is possible without javascript, it is not actively supported and will limit functionality drastically. Please enable JavaScript to view this page properly.</div></b></align></br></noscript>\n"; echo "<form name='loginform' method='post' action='{$addres}' onSubmit='this.javascript_enabled.value=\"true\"'>\n"; echo "<input type='hidden' name='logon' value='true'>\n"; echo "<input type='hidden' name='javascript_enabled' value='0'>\n"; echo "<table align=center>\n"; echo "<tr><td colspan=2 align='center'>{$message}</td>\n"; $imstring = randomimage("frontims"); if ($imstring) { } echo "<td rowspan=6>   {$imstring}</td>"; echo "</tr>\n"; echo "<tr><td>Your login name:</td>\n"; echo "<td><input name='user' size=10 value=''></td></tr>\n"; echo "<tr><td>Password:</td>\n"; echo "<td><input type='password' name='pwd' size=10 value=''></td></tr>\n"; echo "<tr><td colspan=2 align='center'>"; if ($system_settings["secure_server"]) { echo "<input type='checkbox' name='ssl' checked>Keep a secure connection"; } echo "</td></tr>\n"; echo "<tr><td colspan=2 align='center'>"; echo "<input type='submit' name='submit' value='Login'></td></tr>\n"; echo "<tr><td colspan=2 align='center'>"; //echo "Note: Cookies must be enabled beyond this point</td></tr>\n"; echo "</table>\n</form>\n"; printfooter(); }
/** * Displays searchbar in table view * * For data of type table, recursive calls are used * The ugly stuff with _POST could be done better * it would also be nicer if a string was returned instead of writing directly */ function searchfield($db, $tableinfo, $nowfield, $_POST, $jscript) { global $USER; $LAYOUT = 16; $column = strtok($tableinfo->fields, ","); while ($column) { if (is_array($_POST) && array_key_exists($column, $_POST)) { ${$column} = $_POST[$column]; } $column = strtok(","); } // cleanup nowfield variable to avoid cross-site scripting $tmp = ${$nowfield['name']}; if (!is_array(${$nowfield['name']})) { ${$nowfield['name']} = strip_xss_stuff(${$nowfield['name']}); ${$nowfield['name']} = str_replace('<', ' ', ${$nowfield['name']}); ${$nowfield['name']} = str_replace('>', ' ', ${$nowfield['name']}); ${$nowfield['name']} = htmlspecialchars(${$nowfield['name']}, ENT_QUOTES); } if ($nowfield['datatype'] == 'int' || $nowfield['datatype'] == 'float' || $nowfield['datatype'] == 'sequence') { if (is_numeric(${$nowfield['name']})) { if (strpos($tmp, '>') !== false) { ${$nowfield['name']} = '>' . substr(${$nowfield['name']}, 1); } if (strpos($tmp, '<') !== false) { ${$nowfield['name']} = '<' . substr(${$nowfield['name']}, 1); } } } if ($nowfield['datatype'] == 'link') { echo "<td style='width: 10%'> </td>\n"; } elseif ($nowfield['name'] == 'ownerid') { //if ($list) { $rowners = $db->Execute("SELECT ownerid FROM {$tableinfo->realname}"); while ($rowners && !$rowners->EOF) { $ownerids[] = $rowners->fields[0]; $rowners->MoveNext(); } if ($ownerids) { $ownerlist = implode(',', $ownerids); } if ($ownerlist) { $rowners2 = $db->Execute("SELECT lastname,id FROM users WHERE id IN ({$ownerlist})"); $text = $rowners2->GetMenu2("{$nowfield['name']}", ${$nowfield[name]}, true, false, 0, "style='width: 80%' {$jscript}"); echo "<td style='width:10%'>{$text}</td>\n"; } else { echo "<td style='width:10%'> </td>\n"; } } elseif ($nowfield['datatype'] == 'int' || $nowfield['datatype'] == 'float' || $nowfield['datatype'] == 'sequence' || $nowfield['datatype'] == 'date') { echo " <td style='width: 10%'><input type='text' name='{$nowfield['name']}' value='" . ${$nowfield[name]} . "'size=5 align='middle'></td>\n"; } elseif ($nowfield['datatype'] == 'text' || $nowfield['datatype'] == 'file') { echo " <td style='width: 25%'><input type='text' name='{$nowfield['name']}' value='" . ${$nowfield[name]} . "'size=7></td>\n"; } elseif ($nowfield['datatype'] == 'textlong') { echo " <td style='width: 10%'><input type='text' name='{$nowfield['name']}' value='" . ${$nowfield[name]} . "'size=8></td>\n"; } elseif ($nowfield['datatype'] == 'pulldown' || $nowfield['datatype'] == 'mpulldown') { echo "<td style='width: 10%'>"; $rpull = $db->Execute("SELECT typeshort,id from {$nowfield['ass_t']} ORDER by sortkey,type"); if ($rpull) { if ($nowfield['datatype'] == 'mpulldown') { $text = $rpull->GetMenu2("{$nowfield['name']}", ${$nowfield[name]}, false, true, 10, "style='width: 100%' align='left'"); } else { $text = $rpull->GetMenu2("{$nowfield['name']}", ${$nowfield[name]}, true, false, 0, "style='width: 80%' {$jscript}"); } } else { $text = " "; } echo "{$text}\n"; // Draw a modify icon to let qualified users change the pulldown menus if ($USER['permissions'] & $LAYOUT && $_SESSION['javascript_enabled']) { $jscript2 = " onclick='MyWindow=window.open (\"general.php?tablename=" . $tableinfo->name . "&edit_type={$nowfield['ass_t']}&jsnewwindow=true&formname={$formname}&selectname={$nowfield['name']}" . SID . "\",\"type\",\"scrollbars,resizable,toolbar,status,menubar,width=600,height=400\");MyWindow.focus()'"; echo "<A href=\"javascript:void(0)\" {$jscript2}> <img src=\"icons/edit_modify.png\" alt=\"modify {$nowfield['name']}\" title=\"modify {$nowfield['label']}\" border=\"0\"/></A>\n"; //echo "<input type='button' name='edit_button' value='Edit $nowfield[label]' $jscript2><br>\n"; } echo "</td>\n"; } elseif ($nowfield['datatype'] == 'table') { $ass_tableinfo = new tableinfo($db, $nowfield['ass_table_name'], false); $rasslk = $db->Execute("SELECT columnname FROM {$ass_tableinfo->desname} WHERE id={$nowfield['ass_column']}"); $ass_Allfields = getvalues($db, $ass_tableinfo, $rasslk->fields[0]); // scary acks, their ugliness shows that we need to reorganize some stuff $ass_Allfields[0]['name'] = $nowfield['name']; $ass_tableinfo->fields = "{$nowfield['name']}"; searchfield($db, $ass_tableinfo, $ass_Allfields[0], $_POST, $jscript); } elseif ($nowfield["datatype"] == "image") { echo "<td style='width: 10%'> </td>"; } }