//if the username is vaild show the secret question
if ($user) {
$un = $user->getUserName();
$hide = true;
$showSecretQuestion = true;
$question = $user->getSecretQuestion();
} else {
$message = "Invalid user.";
}
} else {
if (isset($_POST['answer'])) {
require_once 'lib/user.php';
$hide = true;
$userName = strtolower($_POST['validatedUsername']);
$secretAnswer = md5(strtolower(trim($_POST['answer'])));
$user = user_getUserByUsername($userName);
//if the username is set this gets the secret question of the user
if ($user) {
$un = $user->getUserName();
$question = $user->getSecretQuestion();
$answer = $user->getSecretAnswer();
//If their secret answer they provided on this form mathes what is in the database
//automatically logs the user into the site.
if ($secretAnswer == $answer) {
$_SESSION['user'] = $userName;
header('Location: ./index.php');
} else {
$message = "Invalid answer.";
$showSecretQuestion = true;
}
} else {
$f = __FILE__;
if (is_link($f)) {
$f = readlink($f);
}
// Unix compatibility
$appPath = dirname($f) . "/";
// check for authentication
if (!isset($_SESSION['user'])) {
if (!$masterBreak) {
header('Location: ./login.php');
}
} else {
// get some user maddness.
require_once $appPath . '../lib/user.php';
// Make sure the user is a true user
$globalUser = user_getUserByUsername($_SESSION['user']);
}
$set = true;
if (empty($_POST['answer'])) {
$message = "Please enter your secret answer.";
$set = false;
}
if (empty($_POST['question'])) {
$message = "Please enter your secret question.";
$set = false;
}
if (empty($_POST['newPassword'])) {
$message = "Please enter your new password.";
$set = false;
} else {
if (empty($_POST['confirm'])) {
//-->
</script>
</head>
<body>
<div id="divArchiveCenter">
<div id="divArchiveBox">
<div class="divArchivePadder">
<div><img src="master/images/archiveTorrents.gif"
alt="Torrents" /></div>
<div>
<?php
if (empty($_SESSION['user'])) {
echo '<div class="divStatus">You must be logged in to view an archive.<br /><br /><input type="button" value="Close" onclick="javascript:window.close()"/></div>';
} else {
require_once 'lib/user.php';
$userAuthLevel = user_getUserByUsername($_SESSION['user'])->getAuthLevel();
if ($userAuthLevel == 'Admin' || $userAuthLevel == 'Power User' || $userName == $_SESSION['user']) {
//get download directory from config
require_once 'lib/configuration.php';
$downloadDir = config_getConfiguration()->getDownloadLocation();
//change to config-specified directory
$userDir = $downloadDir . '/' . $userName;
//process Torrent actions
//process Torrent load
if (isset($_GET['loadTorrent'])) {
//add Torrent to Torrent Module
require_once 'lib/torrent_module_loader.php';
$torrentModule = new TorrentFunctions('localhost');
$torrentModule->addTorrentByFile($userDir . '/' . $_GET['loadTorrent'], $userDir);
//add Torrent to XML database
require_once 'lib/torrent.php';
// check if the user exists
$userNameToDelete = $_POST['delete'];
if (user_getUserByUsername($userNameToDelete)) {
// delete the user
user_removeUser($userNameToDelete);
$message = "{$userNameToDelete} has been deleted.";
} else {
$message = "That user doesn't exist.";
}
}
if (isset($_POST['update'])) {
if (isset($_POST['authLevel'])) {
if ($_POST['authLevel'] == "Admin" || $_POST['authLevel'] == "Power User" || $_POST['authLevel'] == "User") {
// check if the user exists
$userNameToUpdate = $_POST['update'];
if ($userToUpdate = user_getUserByUsername($userNameToUpdate)) {
// update the user
$userToUpdate->setAuthLevel($_POST['authLevel']);
user_updateUser($userToUpdate);
$message = "{$userNameToUpdate}'s authentication level has been updated.";
} else {
$message = "That user doesn't exist.";
}
} else {
$message = "Invalid auth level.";
}
} else {
$message = "Auth level not set.";
}
}
?>
<div id="divCenter">
<div id="divBox">
<div id="divPadder">
<div id="divLogo"><img src="./master/images/torrentSettings.gif"
alt="Torrent Settings Logo" /></div>
<?php
if (empty($_SESSION['user'])) {
echo '<div id="divStatus">You must be logged in to configure a Torrent.</div><br/><input type="button" value="Close" onClick="javascript:window.close()"/>';
} else {
if (empty($_GET['name'])) {
echo '<div id="divStatus">No Torrent name specified.</div><br/><input type="button" value="Close" onClick="javascript:window.close()"/>';
} else {
//get this user's access level
require_once 'lib/user.php';
$userName = $_SESSION['user'];
$userAuthLevel = user_getUserByUsername($userName)->getAuthLevel();
$torrentName = $_GET['name'];
//get owner of the Torrent
require_once 'lib/torrent.php';
$torrentUser = torrent_getTorrentByName($torrentName)->getUserName();
//check if the user the owner of the Torrent, an admin, or a power user
if ($userAuthLevel != 'Admin' && $userAuthLevel != 'Power User' && $userName != $torrentUser) {
echo '<div id="divStatus">You do not have permission to configure this Torrent.</div><br/><input type="button" value="Close" onClick="javascript:window.close()"/>';
} else {
//setup Torrent Module
require_once 'lib/torrent_module_loader.php';
$torrentModule = new TorrentFunctions('localhost');
//user is saving settings
if (count($_POST)) {
//map form values to constant values
$priorities = array('normal' => TorrentPriority::Normal, 'high' => TorrentPriority::High, 'doNotDownload' => TorrentPriority::DoNotDownload);
<a href="index.php">Admin</a> |
<a href="users.php">Manage Users</a> |
<a href="../logout.php">Logout</a>
</div>
</div>
<!--This is the actual form to display to the user-->
<div id="divCenter">
<!-- Base Box -->
<div id="divBox">
<div id="divPadder">
<div id="divLogo">
<img src="../master/images/adminAddUser.gif" alt="Add User Logo" /><br />
</div>
<?php
//checks to see if the person is logged in as an admin.
if (isset($_SESSION['user']) && user_getUserByUsername($_SESSION['user'])->getAuthLevel() == 'Admin') {
$createUser = false;
$username = '';
$secretQuestion = '';
$secretAnswer = '';
$usernameLabelStyle = $passwordLabelStyle = $secretQuestionLabelStyle = $secretAnswerLabelStyle = 'fieldLabel';
//user is posting back
if (count($_POST)) {
//check username field
if (!empty($_POST['username'])) {
$username = strtolower(trim($_POST['username']));
$createUser = true;
} else {
$message .= 'Please enter a username.<br />';
$usernameLabelStyle .= 'Highlight';
}
