public function getDBName()
{
if (!self::$_dbname) {
self::$_dbname = '';
}
return self::$_dbname;
}
function process_login_form()
{
$email = strtolower($_POST['email']);
$passhash = hash_pass($email, $_POST['pass']);
// Check to see if the user/ip is temporarily banned:
// An IP is banned when 10 unsuccessful attempts are made to log in from a single IP/email within 10 minutes,
// regardless of whether any successful attempts were made.
$attempts = DBExt::queryCount('login_attempts', array('successful=0', '(remote_ip=%s OR email=%s)', DBExt::timeInInterval('request_time', '-10m', '')), $_SERVER['REMOTE_ADDR'], $email);
if ($attempts > 10) {
log_attempt($email, false);
alert('You have been temporarily locked out. Please wait 10 minutes before attempting to sign in again.', -1);
show_login_form('');
return;
}
// Check for super-user login:
// (the account LHSMATH and password set in CONFIG
if ($email == 'lhsmath') {
global $LHSMATH_PASSWORD;
if ($passhash == $LHSMATH_PASSWORD) {
// $LHSMATH_PASSWORD is pre-hashed
log_attempt('LHSMATH', true);
session_destroy();
session_name('Session');
session_start();
session_regenerate_id(true);
$_SESSION['user_name'] = 'LHSMATH Super-Admin';
$_SESSION['permissions'] = '+';
$_SESSION['login_time'] = time();
$_SESSION['user_id'] = '-999';
header('Location: ' . URL::root() . '/Admin/Super_Admin');
die;
}
}
// Validate credentials
$id = DB::queryFirstField('SELECT id FROM users WHERE LOWER(email)=%s AND passhash=%s LIMIT 1', $email, $passhash);
if (is_null($id)) {
log_attempt($email, false);
show_login_form($email);
alert('Incorrect email address or password', -1);
return;
}
// ** CREDENTIALS ARE VALIDATED AT THIS POINT ** //
log_attempt($email, true);
set_login_data($id);
alert('Logged in!', 1);
//If this page was being included, redirect back.
global $being_included;
if ($being_included) {
header('Location: ' . $_SERVER['REQUEST_URI']);
} else {
header('Location: ../Home');
}
}
<?php
/*
* Admin/Event_Reminder.php
* LHS Math Club Website
*
* A page to be run as a cron job which reminds captains of any events coming up.
*/
//Currently run every Sunday by https://members.nearlyfreespeech.net/lhsmath/sites/lhsmath/cron
//Next steps: Add a field "remind_when" that indicates a time to remind at. Can specify multiple comma-separated, I suppose.
//auto_remind will then hold the number of notifications that have so far been sent through this.
require_once '../.lib/functions.php';
cancel_templateify();
$current_events = DB::query('SELECT * FROM events WHERE auto_remind = 0 AND %l', DBExt::timeInInterval('date', '', '+17d'));
$count = count($current_events);
if ($count == 0) {
die;
}
$email_bb = '';
foreach ($current_events as $event) {
$description = $event["description"];
if (empty(trim($description))) {
$description = "[no description]";
}
$email_bb .= "[subheading][i]{$event["title"]}[/i] on {$event["date"]}[/subheading]{$description}\n\n";
}
$email_bb = <<<HEREDOC
Hi captains!
This is a reminder that [b]{$count}[/b] events are coming up within a couple of weeks:
{$email_bb}
function process_form()
{
// INITIAL DATA FETCHING
global $name, $email, $cell, $yog, $mailings;
// so that the show_form function can use these values later
$name = htmlentities(ucwords(trim(strtolower($_POST['name']), ' \\-\'')));
foreach (array('-', '\'') as $delimiter) {
if (strpos($name, $delimiter) !== false) {
$name = implode($delimiter, array_map('ucfirst', explode($delimiter, $name)));
}
}
// forces characters after spaces, hyphens and apostrophes to be capitalized
$name = preg_replace('/[\\s\']*\\-+[\\s\']*/', '-', $name);
// removes hyphens not between two characters
$name = preg_replace('/[\\s\\-]*\'+[\\s\\-]*/', '\'', $name);
// removes apostrophes not between two characters
$name = preg_replace('/\\s+/', ' ', $name);
// removes multiple consecutive spaces
$name = preg_replace('/\\-+/', '-', $name);
// removes multiple consecutive hyphens
$name = preg_replace('/\'+/', '\'', $name);
// removes multiple consecutive apostrophes
$email = htmlentities(strtolower($_POST['email']));
$cell = htmlentities($_POST['cell']);
$yog = $_POST['yog'];
$pass = $_POST['pass1'];
$mailings = '0';
if ($_POST['mailings'] == 'Yes') {
$mailings = '1';
}
// CHECK THAT THE NAME IS VALID
if (($name = sanitize_username($name)) === false) {
alert('Your name must have only letters, hyphens, apostrophes, and spaces, and be between 3 and 30 characters long', -1);
show_form();
return;
}
if (strpos($name, ' ') == false) {
alert('Please enter both your first <span class="i">and</span> last name', -1);
show_form();
return;
}
// CHECK THAT THE EMAIL ADDRESS IS VALID
if (!val('e', $email)) {
alert('That\'s not a valid email address', -1);
show_form();
return;
}
// CHECK AND FORMAT CELL PHONE NUMBER
if ($cell != '' && ($cell = format_phone_number($cell)) === false) {
//Validate the format of the cell phone number (if it's not left blank)
alert('That\'s not a valid cell phone number', -1);
show_form();
return;
}
// CHECK THAT THE YOG IS VALID
$grade = intval(getGradeFromYOG($yog));
if ($grade < 9 || $grade > 12) {
alert('That is not a valid YOG (' . $grade . 'you have to be in high school)', -1);
show_form();
return;
}
// CHECK THAT THE PASSWORDS MATCH, MEET MINIMUM LENGTH
if ($pass != $_POST['pass2']) {
alert('The passwords that you entered do not match', -1);
show_form();
return;
}
if (strlen($pass) < 6) {
alert('Please choose a password that has at least 6 characters', -1);
show_form();
return;
}
// CHECK THAT THEY ENTERED THE RECAPTCHA CORRECTLY
// CURRENTLY BROKEN: NEED TO UPDATE RECAPTCHA
/*
$recaptcha_msg = validate_recaptcha();
if ($recaptcha_msg !== true) {
alert($recaptcha_msg, -1);
show_form();
return;
}
*/
// CHECK THAT AN ACCOUNT WITH THAT EMAIL DOES NOT ALREADY EXIST
// this is done *after* checking the reCaptcha to prevent bots from harvesting our email
// addresses via a brute-force attack.
if (DBExt::queryCount('users', 'LOWER(email)=LOWER(%s)', $email) != 0) {
alert('An account with that email address already exists', -1);
show_form();
return;
}
// CHECK THAT AN ACCOUNT WITH THE SAME NAME IN THE SAME GRADE DOES NOT EXIST
// - with the exception that if it's permissions = 'E', they probably mistyped their email and are redoing it.
if (DBExt::queryCount('users', 'LOWER(name)=%s AND yog=%i AND permissions!="E"', strtolower($name), $yog) != 0) {
alert('An account in your grade with that name already exists', -1);
show_form();
return;
}
// ** All information has been validated at this point **
$verification_code = generate_code(5);
// for verifying ownership of the email address
// Check if email address has been pre-approved
if (isset($_SESSION['PREAPPROVED']) && $email === $_SESSION['PREAPPROVED']) {
$approved = '1';
// skip Captain approval
$verification_code = '1';
// skip email verification (already done)
} else {
$approved = '0';
}
// Create database entry
$passhash = hash_pass($email, $pass);
if ($cell == '') {
$cell = 'None';
} else {
$cell = preg_replace('#[^\\d]#', '', $_POST['cell']);
}
// remove non-numbers from cell phone # again
DB::insert('users', array('name' => $name, 'email' => $email, 'passhash' => $passhash, 'cell' => $cell, 'yog' => $yog, 'mailings' => $mailings, 'approved' => $approved, 'email_verification' => $verification_code, 'registration_ip' => htmlentities(strtolower($_SERVER['REMOTE_ADDR']))));
set_login_data(DB::insertId());
// LOG THEM IN
// For pre-approved members:
if ($approved == '1') {
global $WEBMASTER_EMAIL;
$to = array($email => $name);
$subject = 'Account Created';
$body = <<<HEREDOC
Welcome to the LHS Math Club website, {$name}!
Your account has been created. If you have any questions about the site, please email
the webmaster at {$WEBMASTER_EMAIL}
HEREDOC;
send_email($to, $subject, $body, $WEBMASTER_EMAIL);
$_SESSION['HOME_welcome'] = 'Welcome to the LHS Math Club website, ' . $name . '!';
header('Location: Home');
}
$_SESSION['ACCOUNT_do_send_verification_email'] = true;
header('Location: Verify_Email');
}
*/
get_header();
?>
<?php
while (have_posts()) {
the_post();
?>
<?php
get_template_part('content', 'page');
}
// end of the loop.
?>
<?php
$post = isset($_POST['massages']) ? htmlspecialchars(nl2br(trim($_POST['massages']))) : null;
if ($post) {
$data = array('content' => $post);
$rs = DBExt::insertByArray("ls_contact_msg", $data);
if ($rs) {
echo '<script>showRs();</script>';
}
}
?>
<?php
get_sidebar();
get_footer();
?>
$num_pending_approval = DBExt::queryCount('users', 'approved="0"');
//aka permissions == 'E' or 'P'
$num_banned = DBExt::queryCount('users', 'approved="-1"');
//aka permissions == 'B'
//Tests
$num_tests = DBExt::queryCount('tests', 'archived="0"');
$num_old_tests = DBExt::queryCount('tests', 'archived="1"');
//Calendar
//Anything from 3 days ago to 7 days ahead is considered "current".
$num_past_events = DBExt::queryCount('events', DBExt::timeInInterval('date', '', '-3d'));
$num_future_events = DBExt::queryCount('events', DBExt::timeInInterval('date', '+7d', ''));
$num_current_events = DBExt::queryCount('events', DBExt::timeInInterval('date', '-3d', '+7d'));
//Files
$num_member_files = DBExt::queryCount('files', 'permissions="M"');
$num_public_files = DBExt::queryCount('files', 'permissions="P"');
$num_admin_files = DBExt::queryCount('files', 'permissions="A"');
$errors_file_size = 'File does not exist.';
if (file_exists(PATH::errfile())) {
$errors_file_size = filesize(PATH::errfile());
}
//Version checking
//--MeekroDB
$included_files = get_included_files();
foreach ($included_files as $f) {
if (strpos($f, 'meekro')) {
$meekro_file = $f;
break;
}
}
preg_match('@meekrodb\\.([0-9\\.]+)\\.class.php$@i', $meekro_file, $matches);
if (!empty($matches)) {
$use_rel_external_script = true;
page_header('Home');
echo <<<HEREDOC
<h1>Home</h1>{$welcome_msg}{$new_address_msg}
HEREDOC;
}
?>
<h2>Welcome</h2>
Welcome to the website of the Lexington High School Math Club in Lexington, MA!<br>
<br>
<h2>Events</h2>
<div>
<?php
$current_events = DB::query('SELECT * FROM events WHERE %l', DBExt::timeInInterval('date', '+0d', '+20d'));
$count = count($current_events);
if ($count > 0) {
foreach ($current_events as $event) {
$date = date("F j", strtotime($event["date"]));
echo "<a href='View_Event?ID={$event["event_id"]}'><b>{$event["title"]}</b> on {$date}</a><br>";
}
} else {
echo "[no events]";
}
?>
</div>
<h2>LMT</h2>
The Lexington Math Tournament website is at <a href="/LMT">http://www.lhsmath.org/LMT</a>.
static function pageRows($start = 0, $end = 0, $tableName = null, $where = null)
{
return DBExt::pageRows($start, $end, $tableName, $where);
}
