function checkLogin ( )
{
    $oConn = new clsConnection($GLOBALS["DBHOST"], $GLOBALS["DBNAME_UMS"], $GLOBALS["DBUSER_UMS"], $GLOBALS["DBPASS_UMS"]);

    $fValid = isset($_POST["Username"], $_POST["Password"]);
    if ($oConn->c && $oConn->errmsg == "" && $fValid) {
        $username = $_POST["Username"];
        $password = $_POST["Password"];
        $cookie_value = "";
        $curr_time = time();
        if (isset($_POST["Remember"])) {
            if ($_POST["Remember"] == "ce")
                $password = decryptmesg($password);
            $cookie_value = $username . "{[<->]}" . encryptmesg($password);
            if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
                setcookie("infosys_userinfo", $cookie_value, $curr_time + 3600 * 48);
            else
                setcookie("infosys_userinfo", $cookie_value, $curr_time + 3600 * 48, $GLOBALS["ROOT_URL"], $GLOBALS["HOST_NAME"], 0);
        } else {
            if ($_POST["eRemember"] == "ce")
                $password = decryptmesg($password);
            if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
                setcookie("infosys_userinfo", $cookie_value, $curr_time + 3600 * 48);
            else
                setcookie("infosys_userinfo", $cookie_value, $curr_time - 3600 * 48, $GLOBALS["ROOT_URL"], $GLOBALS["HOST_NAME"], 0);
        }
        $oUs = new umuser($oConn);
		if ($oCps)
			$oPs = new Person($oCps);

        $oUs->SearchByLogin($username, $password);
        if ($oUs->GetRecord()) {
            if (!logged_in()) {
                $_SESSION["sysDate"] = date("d/m/Y");
				$_SESSION["sysDate0"] = TH2ENDate($_POST["nowDate"]);
                $_SESSION["sysDSave"] = $_SESSION["sysDate0"];
				$_SESSION["createUserId"] = "";
				$_SESSION["updateUserId"] = "";
                $_SESSION["logKey"] = session_id();
                $_SESSION["oU"] = new clsUser();
                $oU = &$_SESSION["oU"];
                $oU->userID = $oUs->UsID;
                $oU->userLogin = $oUs->UsLogin;
                $oU->userName = $oUs->UsName;
                $oU->userPsCode = $oUs->UsPsCode; // PersonId = UsPsCode
				if ($oCps && $oPs) {
					$oPs->SearchByKey($oUs->UsPsCode);
					$oPs->GetRecord();
					$oU->userPsCodeReg = $oPs->personCode;
				}
                $oU->userPsID = $oUs->UsPsCode;
                $oU->userDptCode = "";
                $oU->userDptName = "";
                $oU->userPosCode = $oUs->posID;
                $oU->userPosName = $oUs->posName;
                $oU->WgID = $oUs->UsWgID;
                $oU->UserQsID = $oUs->UsQsID;

                $oU->UserAnswer = $oUs->UsAnswer;
                $oU->UserEmail = $oUs->UsEmail;
                $oU->UserActive = $oUs->UsActive;
                $oU->UserAdmin = $oUs->UsAdmin;
                $oU->UserDesc = $oUs->UsDesc;
                $oU->UserPwdExpDt = $oUs->UsPwdExpDt;
                $oU->UserUpdDt = $oUs->UsUpdDt;
                $oU->UserUpdUsID = $oUs->UsUpdUsID;

				$_SESSION["createUserId"] = $oUs->UsLogin;
				$_SESSION["updateUserId"] = $oUs->UsLogin;

                $oU->userIP = getenv("REMOTE_ADDR");
                $oUs->SetSessionID($oUs->UsID, session_id());
                $oU->sessionID = session_id();

                $oUg = new umusergroup($oConn);
                $oGp = new umgpermission($oConn);
                $oUp = new umpermission($oConn);
                $oUg->RSgroupByUs($oU->userID);
                while ($oUg->GetRecord()) {
                    $oGp->RSMnByGpID($oUg->UgGpID);
                    while($oGp->GetRecord())
                        $oU->aGp[$oUg->UgGpID.$oGp->gpMnID]=array($oGp->gpX,$oGp->gpC,$oGp->gpR,$oGp->gpU,$oGp->gpD);
                }
                $oUp->RSMnByUs($oU->userID);
                while($oUp->GetRecord())
                    $oU->aUp[$oU->userID.$oUp->pmMnID]=array($oUp->pmX,$oUp->pmC,$oUp->pmR,$oUp->pmU,$oUp->pmD);

                $oU->deptId = 0;
                $oU->deptName = "";
                $oU->deptCode = "";
                if ($oU->userLogin != strtolower($GLOBALS["ADMIN_LOGIN"])) {
					
                    $db = $GLOBALS["DBNAME_EPERSON"];
                    $qstring = "select Department.deptId, Department.deptCode, Department.deptName from $db.Department, $db.Person where Person.personId = $oU->userPsID and Person.deptId = Department.deptId";

					$dbres = mysql_query($qstring, $oConn->c);
                    if (mysql_num_rows($dbres) > 0) {
                        $row = mysql_fetch_assoc($dbres);
                        $oU->deptId = $row["deptId"];
                        $oU->deptCode = $row["deptCode"];
                        $oU->deptName = $row["deptName"];
                        $oU->userDptCode = $row["deptCode"];
                        $oU->userDptName = $row["deptName"];
                    }
                } else {
                    $oU->deptId = 0;
                    $oU->deptCode = "";
                    $oU->deptName = "-- ¼Ùé´ÙáÅÃкº --";
                    $oU->userDptCode = "";
                    $oU->userDptName = "-- ¼Ùé´ÙáÅÃкº --";
                }
                if ($oU->deptName == "")
                    $oU->deptName = "&lt;&nbsp;äÁèÊѧ¡Ñ´Ë¹èǧҹã´æ&nbsp;&gt;";
                printLoginSuccess();
            } else {
                // unexpected event
                forceLogout();
            }
        } else {
            printLoginFail();
        }
        $oConn->Disconnect();
    } else {
        if ($GLOBALS["DEBUG_MODE"]) {
            if ($oConn->errmsg != "")
                extended_debug_code(preg_replace("/[\r\n]/", "", $oConn->errmsg));
            else
                prologin_debug_code();
        } else {
            printLoginFail();
        }
    }
}
Example #2
0
function getSubmenu ($oC, $MnID, $UsID, $GpID, $x, &$Stm)
{  
    global $oU;
    $oUp = new umpermission($oC);
    $oGp = new umgpermission($oC);
    $oMn = new ummenu($oC);
    $oMn->SearchByKey($MnID);
    $oMn->GetRecord();
    $flg = 1;
    $oUp->SearchByKey($UsID, $MnID);
    if ($oUp->GetRecord()) {
        $flg = $oUp->pmX;
    } else {
        $oGp->SearchByKey($GpID, $MnID);
        if ($oGp->GetRecord()) {
            $flg = $oGp->gpX;
        }		
    }

    if ($flg == $x){
        if ($oMn->MnLevel > 0){
			
            if ($oMn->MnNameT != "-") {
				
                if (trim($oMn->MnURL) <> "") {
                    $Stm .= str_pad("", 5 * 6 * $oMn->MnLevel,  "&nbsp;", STR_PAD_RIGHT)."<img src=\"" . $GLOBALS["_INFO_URL"] . "/img/submenu_mini.gif\" align=\"middle\" border=\"0\" alt=\"\">";
                    $Stm .= "&nbsp;<a href=\"$oMn->MnURL\" style=\"font-weight: bold; color: #11387D;\">" . trim($oMn->MnNameT) . "</a>";
                } else {
                    $Stm .= str_pad("", 5 * 6 * $oMn->MnLevel,  "&nbsp;", STR_PAD_RIGHT)."<img src=\"" . $GLOBALS["_INFO_URL"] . "/img/submenu_mini_cyan.gif\" align=\"middle\" border=\"0\" alt=\"\">";
                    $Stm .= "<span style=\"font-weight: bold; color: #777777;\">&nbsp;" . trim($oMn->MnNameT) . "</span>";
                }
                $Stm .= "<br>\n";
            }
        }
        $oMn->RSmenuByParentMn($MnID);
    }
    while ($oMn->GetRecord()) {
        getSubmenu($oC, $oMn->MnID, $UsID, $GpID, $flg, $Stm);
    }
}