function main()
{
# KFD 2/17/09. If installed with Debian package, will
# have username and password of "start".
# Must force a new id now.
#
if (SessionGet('UID') == 'start') {
if (gp('user_id') != '') {
if (gp('user_id') == '') {
ErrorAdd("User Id may not be empty");
}
if (substr(gp('user_id'), 0, 5) == 'andro') {
ErrorAdd("User Id may not begin with 'andro'");
}
if (gp('password1') != gp('password2')) {
ErrorAdd("Passwords do not match");
}
if (strlen(trim(gp('password1'))) == 0) {
ErrorAdd("Password may not be empty");
}
if (!Errors()) {
$row = array('user_id' => gp('user_id'), 'member_password' => gp('password1'));
SQLX_Insert('usersroot', $row);
if (!Errors()) {
scDBConn_Pop();
SessionSet('UID', gp('user_id'));
SessionSet('PWD', gp('password1'));
scDBConn_Push();
SQL("DELETE FROM USERSROOT WHERE user_id='start'");
# Get rid of the form that replaces login
$file = fsDirTop() . 'application/x_login_form.inc.html';
$fileto = $file . '.done';
@rename($file, $fileto);
?>
<h1>New Root User Created</h1>
<p>Your new user is created.</p>
<p><a href="index.php?st2logout=1">
Return to Login Page</a></p>
<?php
return;
}
}
}
?>
<h1>New Install - Must Create User</h1>
<p>You are logged into your Node Manager with the default
username of "start" and password "start". We have to change
this right now so nobody can get into your new system.
</p>
<p>Please provide a new ROOT (superuser) user id and password
below. Andromeda will create the new user, log you in as
that user, and remove the "start" user.
</p>
<table>
<tr><td align="left">User Name
<td><input name = 'user_id' /> (may not begin with 'andro')
<tr><td align="left">Password
<td><input type="password" name = 'password1'/>
<tr><td align="left">Password (verify)
<td><input type="password" name = 'password2'/>
</table>
<input type="submit" value="Create User Now" />
<?php
return;
}
/* FUTURE X6 VERSION OF NODE MANAGER
?>
<h1>Node Manager Upgrade Required</h1>
<p>The new version of the Node Manager uses the "x6"
interface to provide a richer experience. Please click
the link below to upgrade your Node Manager. Once the
upgrade is complete, log out and back in.
</p>
<p><a href="javascript:Popup('index.php?gp_page=a_builder&gp_out=none&x2=1&txt_application=andro','Build')"
>Upgrade Node Manager Now</a>.</p>
<p><a href="?st2logout=1">Logout After Upgrade</a>.</p>
<?php
return;
*/
# <------- EARLY RETURN.
# KFD 1/10/08, The old x_welcome screen is not used anymore,
# we have the new 'cpanel' now in x6.
# ===============================================================
?>
<h1>Welcome to the Andromeda Node Manager</h1>
<?php
// Work out if there is a new release available
//
$apps = svnVersions();
$andro = a($apps, 'andro', array('svn_url' => ''));
if (trim($andro['svn_url']) == '') {
$htmlVersions = '';
} else {
$htmlVersions = @file_get_contents($andro['svn_url']);
}
$matches = array();
preg_match_all('/<li><a href=.*\\>(.*)<\\/a><\\/li>/', $htmlVersions, $matches);
$versions = ArraySafe($matches, 1, array());
if (count($versions) > 0) {
$latest = array_pop($versions);
$latest = str_replace('/', '', $latest);
// Get current latest
$current = $andro['local'];
if ($latest > $current) {
?>
<br/>
<div style="border: 5px solid gray; color: blue
font-weight: bolder; margin: 8px; padding: 0 8px 8px 8px">
<h2>New Version of Andromeda Available</h2>
<p>Version <?php
echo $latest;
?>
is available. <a href="?gp_page=a_pullsvn"
>Click Here </a> to go to the Pull Code From Subversion.
</div>
<?php
}
}
$dirs = SQL_AllRows("select * from webpaths where webpath='DEFAULT'");
?>
<div style="font-size: 120%; line-height: 120%; padding: 10px">
<h2>For First Time Users</h2>
This program is the Andromeda <b>Node Manager</b>. You use this
program to build your applications.
<br/>
<br/>
Our main documentation is <a target="_blank" href=
"http://www.andromeda-project.org/">here</a>.
<br/>
<br/>
If you want to start programming a new application right away,
<a target="_blank" href=
"http://www.andromeda-project.org/creatinganapplication.html"
>The instructions are here</a>, or you can just
<a href="?gp_page=applications&gp_mode=ins">define a new application here.</a>
<br/>
<br/>
After you defined an application, click on the "build this application"
link to create all of the directories and the empty database.</p>
<br/>
<br/>
<h2>Your Application Program Files</h2>
After building the application skeleton you can start working on the
database specification. If your application code is "test", then put
the database specification into the file
<br/>
<br/>
<b><?php
echo $dirs[0]['dir_pub'];
?>
/test/application/test.dd.yaml</b>
<br/>
<br/>
All Andromeda applications start with
a database specification. These specifications are
more powerful than anything else out there,
and you will want learn the Andromeda's
<a target="_blank" href=
"http://www.andromeda-project.org/databaseprogramming.html"
>Database Programming</a> language.
<br/>
<br/>
Once you are ready to try some custom pages, you are ready to look
at <a target="_blank" href=
"http://www.andromeda-project.org/webprogramming.html"
>Web Programming</a>.
</div>
<?php
}
function Login_Process()
{
$arg2 = $this->directlogin == true ? 'direct' : '';
// only process if user hit "post"
if (gp('gp_posted', '', false) == '') {
return;
}
vgfSet('LoginAttemptOK', false);
// Error title
vgfSet('ERROR_TITLE', '*');
// If the user supplied a loginUID, this is a post and we
// must process the request.
$ale = vgaGet('login_errors', array());
$app = $GLOBALS['AG']['application'];
$em000 = isset($ale['000']) ? $ale['000'] : "That username/password combination did not work. Please try again.";
$em001 = isset($ale['001']) ? $ale['001'] : "That username/password combination did not work. Please try again.";
$em002 = isset($ale['002']) ? $ale['002'] : "That username/password combination did not work. Please try again.";
$em099 = isset($ale['099']) ? $ale['099'] : "That username/password combination did not work. Please try again.";
$terror = "";
$uid = gp('loginUID');
$uid = MakeUserID($uid);
//$uid = str_replace('@','_',$uid);
//$uid = str_replace('.','_',$uid);
$pwd = gp("loginPWD", "", false);
// First check, never allow the database server's superuser
// account
//
if ($uid == "postgres") {
ErrorAdd($em000);
if (vgfGet('loglogins', false)) {
sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt as postgres");
fwLogEntry('1011', 'Attempt login as postgres', '', $arg2);
}
return;
}
$app = $GLOBALS['AG']['application'];
if (substr($uid, 0, strlen($app)) == $app) {
ErrorAdd($em001);
if (vgfGet('loglogins', false)) {
sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt as group role");
fwLogEntry('1012', 'Attempt login as group role', $uid, $arg2);
}
return;
}
// Begin with a connection attempt.
// on fail, otherwise continue
$tcs = @SQL_CONN($uid, $pwd);
if ($tcs === false) {
ErrorAdd($em099);
if (vgfGet('loglogins', false)) {
sysLog(LOG_NOTICE, "Andromeda:{$app}:Bad login attempt server rejected");
fwLogEntry('1013', 'Server rejected username/password', $uid, $arg2);
}
return;
} else {
SQL_CONNCLOSE($tcs);
}
// The rest of this routine uses an admin connection. If we
// have an error, we must close the connection before returning!
// ...yes, yes, that's bad form, all complaints to /dev/null
//
if (vgfGet('loglogins', false)) {
fwLogEntry('1010', 'Login OK', $uid, $arg2);
}
scDBConn_Push();
// See if they are a root user. If not, do they have an
// active account?
$root = false;
$admin = false;
$group_id_eff = '';
$results = SQL("\n Select oid\n FROM pg_roles \n WHERE rolname = CAST('{$uid}' as name)\n AND rolsuper= true");
$cr = SQL_NUMROWS($results);
if ($cr != 0) {
$root = true;
} else {
$results = SQL("Select * from users WHERE LOWER(user_id)='{$uid}'" . "AND (user_disabled<>'Y' or user_disabled IS NULL)");
$cr = SQL_NUMROWS($results);
if ($cr == 0) {
scDBConn_Pop();
ErrorAdd($em002);
sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt code 002");
return;
} else {
$userinfo = SQL_Fetch_Array($results);
$group_id_eff = $userinfo['group_id_eff'];
SessionSet('user_name', $userinfo['user_name']);
}
}
// Flag if the user is an administrator
if ($root == true) {
$admin = true;
} else {
$results = SQL("select count(*) as admin from usersxgroups " . "where user_id='{$uid}' and group_id ='{$app}" . "_admin'");
$row = SQL_FETCH_ARRAY($results);
$admin = intval($row["admin"]) > 0 ? true : false;
}
// Get the users' groups
$groups = "";
if ($root) {
$results = SQL("\n select group_id \n from zdd.groups \n where COALESCE(grouplist,'')=''");
} else {
$results = SQL("select group_id from usersxgroups WHERE LOWER(user_id)='{$uid}'");
}
while ($row = SQL_FETCH_ARRAY($results)) {
$agroups[] = "'" . trim($row['group_id']) . "'";
#$groups.=ListDelim($groups)."'".trim($row["group_id"])."'";
}
$groups = array();
if (!empty($agroups)) {
$groups = implode(",", $agroups);
}
//scDBConn_Pop();
// We have a successful login. If somebody else was already
// logged in, we need to wipe out that person's session. But
// don't do this if there was an anonymous login.
if (LoggedIn()) {
$uid_previous = SessionGet('UID');
if ($uid != $uid_previous) {
//Session_Destroy();
SessionReset();
//Index_Hidden_Session_Start(false);
}
}
// We know who they are and that they can connect,
// see if there is any app-specific confirmation required
//
if (function_exists('app_login_process')) {
//echo "Calling the process now";
if (!app_login_process($uid, $pwd, $admin, $groups)) {
return;
}
}
// Protect the session from hijacking, generate a new ID
Session_regenerate_id();
// We now have a successful connection, set some
// flags and lets go
//
vgfSet('LoginAttemptOK', true);
SessionSet("UID", $uid);
SessionSet("PWD", $pwd);
SessionSet("ADMIN", $admin);
SessionSet("ROOT", $root);
SessionSet("GROUP_ID_EFF", $group_id_eff);
SessionSet("groups", $groups);
if (gp('gpz_page') == '') {
# KFD 9/12/08, extra command to not change page
if (gp('st2keep') != 1) {
gpSet('gp_page', '');
}
}
$GLOBALS['session_st'] = 'N';
// for "N"ormal
// -------------------------------------------------------------------
// We are about to make the menu. Before doing so, see if there
// are any variables set for the menu layout. Set defaults and then
// load from database.
//
$this->pmenu = array('MENU_TYPE' => vgaGet('MENU_TYPE', 'div'), 'MENU_CLASS_MODL' => vgaGet('MENU_CLASS_MODL', 'modulename'), 'MENU_CLASS_ITEM' => vgaGet('MENU_CLASS_ITEM', 'menuentry'), 'MENU_TICK' => vgaGET('MENU_TICK', ' - '));
//$sql = "SELECT * from variables WHERE variable like 'MENU%'";
//$dbres = SQL($sql);
//while ($row = SQL_FETCH_ARRAY($dbres)) {
// $this->pmenu[trim($row['variable'])]=trim($row['variable_value']);
//}
// -------------------------------------------------------------------
// KFD 10/28/06, Modified to examine "nomenu" instead of permsel
// pulls all tables user has nomenu='N'. The basic idea is
// to remove from $AGMENU the stuff they don't see
//
// GET AGMENU
$AGMENU = array();
// avoid compiler warning, populated next line
include "ddmodules.php";
// Pull distinct modules person has any menu options in.
$sq = "SELECT DISTINCT module\n FROM zdd.perm_tabs \n WHERE nomenu='N'\n AND group_id iN ({$groups})";
$modules = SQL_AllRows($sq, 'module');
$AGkeys = array_keys($AGMENU);
foreach ($AGkeys as $AGkey) {
if (!isset($modules[$AGkey])) {
unset($AGMENU[$AGkey]);
}
}
// Now recurse the remaining modules and do the same trick
// for each one, removing the tables that don't exist
foreach ($AGMENU as $module => $moduleinfo) {
$sq = "SELECT DISTINCT table_id\n FROM zdd.perm_tabs \n WHERE nomenu='N'\n AND module = '{$module}'\n AND group_id iN ({$groups})";
$tables = SQL_AllRows($sq, 'table_id');
$tkeys = array_keys($moduleinfo['items']);
foreach ($tkeys as $tkey) {
if (!isset($tables[$tkey])) {
unset($AGMENU[$module]['items'][$tkey]);
}
}
}
// KFD 12/18/06. Put all table permissions into session
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND nomenu='N'", 'table_id');
SessionSet('TABLEPERMSMENU', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permsel='Y'", 'table_id');
SessionSet('TABLEPERMSSEL', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permins='Y'", 'table_id');
SessionSet('TABLEPERMSINS', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permupd='Y'", 'table_id');
SessionSet('TABLEPERMSUPD', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permdel='Y'", 'table_id');
SessionSet('TABLEPERMSDEL', array_keys($table_perms));
//echo "<div style='background-color:white'>";
//echo "$uid $groups $group_id_eff";
//hprint_r(SessionGet('TABLEPERMSMENU'));
//hprint_r(SessionGet('TABLEPERMSSEL'));
//echo "</div>";
// KFD 7/9/07, we always use joomla templates now, don't need
// options to turn them off
//if(defined('_ANDROMEDA_JOOMLA')) {
// In a hybrid situation, put the menu into the session
SessionSet('AGMENU', $AGMENU);
//}
$HTML_Menu = "";
$WML_Menu = "";
/*
foreach ($AGMENU as $key=>$module) {
//if($key=="datadict") continue;
//if($key=="sysref") continue;
$HTML_Module="";
$WML_Module="";
foreach($module["items"] as $itemname=>$item) {
if (!isset($item["mode"])) { $item["mode"]="normal"; }
switch ($item["mode"]) {
case "normal":
$ins=false;
$extra=array();
if($item['menu_parms']<>'') {
$aextras=explode('&',$item['menu_parms']);
foreach($aextras as $aextra) {
list($var,$value)=explode("=",$aextra);
$extra[$var]=$value;
}
}
$HTML_Module.=$this->_MenuItem(
$item['description'],$itemname,$ins,$extra
);
$WML_Module.="<div>";
$WML_Module.=hLink(
'',$item['description'],'?gp_page='.$itemname
);
$WML_Module.="</div>";
break;
case "ins":
//if ($admin || isset($tables_ins[$item["name"]])) {
$HTML_Module.=$this->_MenuItem(
$item['description'],$itemname,true
);
//}
break;
#$HTML_Module.=
# "\n<font class=\"tablename\">- <a href=\"index.php?gp_page=".$itemname."\">".
# $item["description"]."</a></font><br />";
}
}
// the module is defined AFTER its contents so it can be
// left off if it has no entries
if ($HTML_Module!="") {
$HTML_Menu.=$this->_MenuModule($module['description']);
$HTML_Menu.=$HTML_Module;
}
if ($WML_Module!="") {
$WML_Menu.="<div><b>".$module['description']."</b></div>";
$WML_Menu.=$WML_Module;
}
}
*/
DynamicSave("menu_" . $uid . ".php", $HTML_Menu);
DynamicSave("menu_wml_" . $uid . ".php", $WML_Menu);
// -------------------------------------------------------------------
// Fetch and cache user preferences
if (vgaGet('member_profiles')) {
cacheMember_Profiles();
}
// -------------------------------------------------------------------
// Now find the user's table permissions more precisely table by table
$sql = "select p.table_id,\n\t\t\t\tmax(case when p.permins='Y' then 1 else 0 end) as permins,\n\t\t\t\tmax(case when p.permupd='Y' then 1 else 0 end) as permupd,\n\t\t\t\tmax(case when p.permdel='Y' then 1 else 0 end) as permdel,\n\t\t\t\tmax(case when p.permsel='Y' then 1 else 0 end) as permsel\n\t\t\t\tfrom zdd.perm_tabs P\n\t\t\t\tWHERE group_id in ({$groups})\n\t\t\t\tGROUP BY p.table_id";
//echo $sql;
$results = SQL($sql);
$HTML_Perms = "<?php\n\$table_perms = array();\n";
while ($row = SQL_FETCH_ARRAY($results)) {
$tn = $row["table_id"];
$ti = $row["permins"];
$tu = $row["permupd"];
$td = $row["permdel"];
$ts = $row["permsel"];
$HTML_Perms .= "\$table_perms[\"{$tn}\"]=array(\"ins\"=>{$ti},\"upd\"=>{$tu},\"del\"=>{$td},\"sel\"=>{$ts});\n";
}
$HTML_Perms .= "?>\n";
DynamicSave("perms_" . $uid . ".php", $HTML_Perms);
/* October 28, 2006, KFD. Rem'd this all out, column and row security
made this irrelevant
// -------------------------------------------------------------------
// Find out if this user has any UID Columns, columns that create
// filters on the user's UID
$sql = "Select column_id FROM groupuids WHERE group_id IN ($groups)";
//echo $sql;
$results = SQL($sql);
$groupuids = array();
while ($row = SQL_FETCH_ARRAY($results)) {
//echo "Found this one".$row["column_id"];
$groupuids[$row["column_id"]] = $row["column_id"];
}
SessionSet("groupuids",$groupuids);
*/
scDBConn_Pop();
return;
}
function CheckRemoteUID($node)
{
// If the node we were last on is not the current one, wipe
// out any memory of previous UID and PWD
if (SessionGet('remoteNODE') != $node) {
SessionSet('remoteUID', '');
SessionSet('remotePWD', '');
SessionSet('remoteNODE', $node);
}
// Already a user? Fine, go back.
if (SessionGet('remoteUID') != '') {
return true;
}
// If they posted a uid/pw, assume it is ok and go back
// and tell them to continue. Notice we don't check or anything,
// to do that we'd have to have a function on the remote server
// that told us if a login was ok, and we kind of don't really
// want that, it could be abused.
if (gp('remoteUID') != '') {
SessionSet('remoteUID', gp('remoteUID'));
SessionSet('remotePWD', gp('remotePWD'));
return true;
}
?>
<p>
The authoritative node for this application is <b><?php
echo $node;
?>
</b>.
Please provide your user id and password for that node.
</p>
<table>
<tr><td style="text-align: right">Remote user id
<td style="text-align: left"><input name="remoteUID" id="remoteUID"
tabindex="<?php
echo hpTabIndexNext(100);
?>
">
<tr><td style="text-align: right">Remote password
<td style="text-align: left"><input name="remotePWD" type="password"
tabindex="<?php
echo hpTabIndexNext(100);
?>
">
</table>
<br/>
<input type="submit" value="Save" tabindex="<?php
echo hpTabIndexNext(100);
?>
">
<?php
vgfSet('HTML_focus', 'remoteUID');
// Since we don't have a remote uid/pwd anymore, return false
// so they don't display the rest of the page
return false;
}
$uid = $_POST['login'];
}
if (isset($_POST['pass'])) {
$pas = $_POST['pass'];
}
if (isset($_POST['posted'])) {
$pst = $_POST['posted'];
}
if (isset($pst)) {
if ($pst == 1) {
$pas = $_POST['pass'];
if (EntryVerifySession($uid, $pas) == 1) {
$query = "SELECT *\n\t\t\t\t\t\tFROM users\n\t\t\t\t\t\tWhere User_Name='" . $uid . "';";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
$mysid = SessionSet($row[0], $pas, $uid, $row[3], $row[4], $row[5]);
RedirectParent($mysid, "../members/index.php");
exit;
}
$err = "<center><font color=red>{$lit_logfail}</font></center>";
}
}
//include "../lib/header.base.php";
echo "<body onLoad='setfocus()' bgcolor='#F3F3F3' text='#000000'>\n";
echo "<center>\n";
echo "<form action='login.php' target=_self method='post'>\n";
echo "<table border='0' cellspacing='0' cellpadding='2' class='box-table'>\n";
if ($do == 1) {
echo "<tr>";
echo "<td>";
echo "Session expiree";
function main()
{
$this->PageSubtitle = "Imports";
// Process uploaded files if there are any
if (!gpExists('gp_xajax')) {
foreach ($_FILES as $onefile) {
if (!$onefile['error']) {
// Generate a previously unused name, give up after 20 tries
$dir = $GLOBALS['AG']['dirs']['root'] . 'tmp/';
$count = 0;
while (true) {
$fn = $onefile['name'] . '.' . rand(1000, 9999);
$fs = $dir . $fn;
if (!file_exists($fs)) {
break;
}
$count++;
if ($count > 20) {
$fn = '';
break;
}
}
if ($fn == '') {
continue;
}
// skip this file, we couldn't name it
// If we got to here, then we have a good name to use, lets copy
// the file over.
move_uploaded_file($onefile['tmp_name'], $fs);
$newfile = array('name' => $onefile['name'], 'uname' => $fs, 'type' => $onefile['type'], 'error' => $onefile['error'], 'size' => $onefile['size']);
vgfSet('files', array($newfile));
break;
// only do one file!
}
}
}
// Routing
if (gp('gp_fbproc') == '1') {
return $this->fbProc();
}
if (gpExists('gp_xajax')) {
return $this->xAjax();
}
// Obtain the basic parameters we need on this page, and then assign
// them to hidden variables so that FORM POSTs will return here.
$tid = gp('gp_table_id');
$t = DD_TableRef(gp('gp_table_id'));
hidden('gp_page', 'x_import');
hidden('gp_nofile', '');
hidden('gp_table_id', gp('gp_table_id'));
// Process requests. If they uploaded a file, save the
// info to the session. If they requested file destroy,
// throw it away.
$files = vgfGet('files', array());
$fi = null;
if (isset($files[0])) {
$fi = $files[0];
SessionSet('importfile', $fi);
}
if (gp('gp_nofile') == 1) {
SessionUnSet('importfile');
$fi = null;
}
// If a file is uploaded we just output the div and then call
// back for the content
// On this branch we
// - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// BEGIN HTML
// - - - - - - - - - - - - - - - - - - - - - - - - - - - -
?>
<h1>Table Import</h1>
<p><b>Destination Table:</b><?php
echo hLinkPage('', $tid);
?>
</p>
<p><b>Table Name in Database:</b> <?php
echo $tid;
?>
.
</p>
<p>This is standardized import program that can accept file
uploads in the popular "CSV" format. The first row is expected
to name columns, and all subsequent rows are expected to
contain comma-separated values.
</p>
<p>This routine will match known column names and display the
columns that will be imported.
</p>
<hr />
<?php
if ($fi) {
?>
<div id="xajax"></div>
<div id="xajaxm"></div>
<script type="text/javascript">
</script>
<?php
elementAdd('scriptend', "andrax('?gp_page=x_import&gp_table_id=" . gp("gp_table_id") . "&gp_xajax=1');");
return;
} else {
?>
<h2>File Upload</h2>
<p>Please upload a file to process.
<p><?php
echo hFileUpload();
?>
<?php
}
}
/**
* When this is called on a system using Point-of-Sale [[Security]], any
* further action will require a user to authenticate again. This is
* usually done after a sales order is saved, or a credit memo made, or
* any other type of transaction is completed and the terminal is expected
* to be left open for the next user.
*/
function POSClear()
{
SessionSet("POS_PAGE", "", 'FW');
}
$AG['gp'] = array_merge($_POST, $_GET);
if (get_magic_quotes_gpc() == 1) {
foreach ($AG['gp'] as $key => $value) {
$AG['gp'][$key] = stripslashes($value);
}
}
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// Connect to database. This is not in a function because we
// never need to call it except for here. Earlier versions of
// Andromeda support multiple connections as other users and
// even to other databases, but the db side of things is now
// complete enough that we don't need that any more.
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
if (SessionGet('UID') == '') {
SessionSet('UID', $AG['application']);
SessionSet('PWD', $AG['application']);
}
$xstr = " dbname=" . $AG['application'] . " user="******" password=" . SessionGet('PWD');
if (function_exists('pg_connect')) {
$AG['dbconn'] = @pg_connect($xstr, PGSQL_CONNECT_FORCE_NEW);
} else {
$AG['dbconn'] = false;
}
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// Dispatching
// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// x4 naming conventions for GET/POST parameters are:
// x4x* control parameters
// x4c_* contents of widgets like input and textarea
// x4w_* where clause values for selects, updates and deletes
//
function DoTests(&$steps)
{
$this->error = '';
// If they manually forced a rollback to an earlier step,
// we will catch it below
$rb = gp('stepreset', '-1');
// look for flags that indicate manual approval of steps
if (gp('pgconfig') == 1) {
sessionSet('pgconfig', true);
}
if (gp('pgsuper') == 1) {
sessionSet('pgsuper', true);
}
// If they provided credentials, try to post them
if (gpExists('loginUID')) {
if (substr(strtolower(gp('loginUID')), 0, 5) == 'andro') {
ErrorAdd("Superuser account may not begin with 'andro'");
} else {
SessionSet('xUID', gp('loginUID'));
SessionSet('xPWD', gp('loginPWD'));
}
}
$finished = false;
foreach ($steps as $current_step => $step) {
switch ($current_step) {
case 0:
if (!function_exists('pg_connect')) {
$finished = true;
}
break;
case 1:
// If forcing rollback to here, clear user credentials
if ($rb == 1) {
SessionUnset('xUID');
SessionUnSet('xPWD');
}
// Test if they gave us uid/pwd and if it works
if (SessionGet('xUID') == '') {
$finished = true;
} else {
$cs = SQL_ConnString(SessionGet('xUID'), SessionGet('xPWD'), 'postgres');
$this->dbx = @pg_connect($cs);
if (!$this->dbx) {
$this->error = "Could Not Connect with that Username/Password";
$finished = true;
}
}
break;
case 2:
// Since we got a connection, try to get versions
$res = SQL2("Select version()", $this->dbx);
$row = SQL_Fetch_Array($res);
$x = explode(' ', $row['version']);
$this->pgversion = $x[0] . ' ' . $x[1];
$vers = explode('.', $x[1]);
$vers = $vers[0] . '.' . $vers[1];
if ($vers < 8.1) {
$finished = true;
}
break;
case 3:
if ($rb == 3) {
$this->andro = 1;
$finished = true;
break;
}
$cs = SQL_ConnString(SessionGet('xUID'), SessionGet('xPWD'), 'andro');
$this->dba = @pg_connect($cs);
if (!$this->dba) {
$finished = true;
$this->andro = 0;
} else {
pg_close($this->dba);
$file = $GLOBALS['AG']['dirs']['generated'] . 'ddmodules.php';
if (!file_exists($file)) {
$finished = true;
$this->andro = 1;
}
}
break;
case 4:
// Initialize the node manager
SessionSet('UID', SessionGet('xUID'));
SessionSet('PWD', SessionGet('xPWD'));
scDBConn_Push();
$dir_pub = realpath(dirname(__FILE__) . '/../..');
if (strpos(ArraySafe($_ENV, 'OS', ''), 'indows') !== false) {
$dir_pub = str_replace("\\", "\\\\", $dir_pub);
}
$row = array('webpath' => 'DEFAULT', 'dir_pub' => $dir_pub, 'description' => 'Default Web Path');
$table_dd = dd_TableRef('webpaths');
SQLX_UpdateorInsert($table_dd, $row);
/*
$table_dd=dd_TableRef('nodes');
$row=array(
'node'=>'DHOST2'
,'description'=>"Andromeda Master Node"
,'node_url'=>'dhost2.secdat.com'
);
SQLX_UpdateorInsert($table_dd,$row);
$row=array(
'node'=>'LOCAL'
,'description'=>"Local Node"
,'node_url'=>'localhost'
);
SQLX_UpdateorInsert($table_dd,$row);
*/
$table_dd = dd_TableRef('applications');
$row = array('application' => 'andro', 'description' => "Andromeda Node Manager", 'appspec' => 'andro.dd.yaml', 'node' => 'LOCAL', 'webpath' => 'DEFAULT');
SQLX_UpdateorInsert($table_dd, $row);
scDBConn_Pop();
SessionSet('UID', 'andro');
SessionSet('PWD', 'andro');
break;
case 5:
break;
default:
$finished = true;
}
// if we are clear, stop now
if ($finished) {
break;
}
}
for ($x = 0; $x < $current_step; $x++) {
$steps[$x][0] = true;
}
return $current_step;
}
function index_hidden_page()
{
global $AG;
$sessok = !LoggedIn() ? false : true;
// KFD 3/6/08, moved here from the main stream of index_hidden
// because these are relevant only to page processing
if (gpExists('x_module')) {
SessionSet('AGMENU_MODULE', gp('x_module'));
} elseif (vgaGet('nomodule') != '' && SessionGet('AGMENU_MODULE') == '') {
SessionSet('AGMENU_MODULE', vgaGet('nomodule'));
}
// If the search flag is set, we need to know what class for this
// application handles searchs
if (gpExists('gp_search')) {
gpSet('gp_page', vgaGet('SEARCH_CLASS'));
}
// Load up a list of pages that public users are allowed to see,
// with home and password always there.
global $MPPages;
// allows it to be in applib
$MP = array();
//$MPPages= array();
// This is the old method, load $MPPages from its own file
if (file_exists_incpath('appPublicMenu.php')) {
include_once 'appPublicMenu.php';
}
if (!is_array($MPPages)) {
$MPPages = array();
}
$MPPages['x_home'] = 'Home Page';
$MPPages['x_login'] = '******';
$MPPages['x_noauth'] = 'Authorization Required';
$MPPages['x_password'] = "******";
$MPPages['x_mpassword'] = "******";
$MPPages['x_paypalipn'] = 'Paypal IPN';
// If the install page exists, it will be used, no getting
// around it.
$install = $GLOBALS['AG']['dirs']['application'] . 'install.php';
$instal2 = $GLOBALS['AG']['dirs']['application'] . 'install.done.php';
if (file_exists($install)) {
if (gp('gp_install') == 'finish') {
rename($install, $instal2);
} else {
$MPPages['install'] = 'install';
gpSet('gp_page', 'install');
}
}
// First pass is to look for the "flaglogin" flag. This says save all
// current page settings and go to login screen. They will be restored
// on a successful login. Very useful for links that say "Login to
// see nifty stuff..."
if (gp('gp_flaglogin') == '1') {
gpSet('gp_flaglogin', '');
gpToSession();
gpSet('gp_page', 'x_login');
}
// Second pass redirection, pick default page if there
// is none, and verify public pages.
//
$gp_page = gp('gp_page');
if ($gp_page == '') {
if (vgfGet('LoginAttemptOK') === true && vgfGet('x4') === true) {
$gp_page = 'x4init';
gpSet('gp_page', 'x4init');
SessionSet('TEMPLATE', 'x4');
} else {
if (function_exists('appNoPage')) {
$gp_page = appNoPage();
} else {
if (!LoggedIn()) {
$gp_page = FILE_EXISTS_INCPATH('x_home.php') ? 'x_home' : 'x_login';
} else {
// KFD 3/2/07, pull vga stuff to figure defaults
if (vgaGet('nopage') != '') {
$gp_page = vgaGet('nopage');
} else {
$gp_page = 'x_welcome';
}
}
}
}
}
// If they are trying to access a restricted page and are not
// logged in, cache their request and redirect to login page
if (!$sessok && !isset($MPPages[$gp_page])) {
if (vgfGet('loglogins', false)) {
fwLogEntry('1014', 'Page access w/o login', $gp_page);
}
gpToSession();
$gp_page = 'x_login';
}
// If pos is activated and the current requested page does not
// match what they are cleared for, redirect to login
if (vgaGet('POS_SECURITY', false) == true && SessionGet('ADMIN') == false) {
if (SessionGet('POS_PAGE', '', 'FW') != $gp_page) {
gpToSession();
$gp_page = 'x_login';
}
}
gpSet('gp_page', $gp_page);
// Make any database saves. Do this universally, even if save
// was not selected. If errors, reset to previous request.
//if(gp('gp_save')=='1') processPost();
processPost();
if (Errors()) {
gpSetFromArray('gp_', aFromGp('gpx_'));
}
// Put Userid where HTML forms can find it
//vgfSet("UID",SessionGet("UID"));
//if (vgfSet("UID")=="") { vgfSet("UID","Not Logged In"); }
// THIS IS NEWER X_TABLE2 version of drilldown commands,
// considerably simpler than the older ones. It makes use of
// three gp_dd variables.
//
// Notice how we process drillbacks FIRST, allowing a link
// to contain both drillback and drilldown, for the super-nifty
// effect of a "drill-across"
hidden('gp_dd_page');
hidden('gp_dd_skey');
hidden('gp_dd_back');
if (intval(gp('gp_dd_back')) > 0 && $sessok) {
// this is drillback
$dd = ContextGet('drilldown', array());
$back = intval(gp('gp_dd_back'));
if (count($dd) >= $back) {
$spot = count($dd) - $back;
$aback = $dd[$spot];
gpSet('gp_skey', $aback['skey']);
gpSet('gp_page', $aback['page']);
$gp_page = $aback['page'];
gpSet('gpx_skey', $aback['skey']);
gpSet('gpx_page', $aback['page']);
gpSetFromArray('parent_', $aback['parent']);
if (!gpExists('gp_mode')) {
gpSet('gp_mode', 'upd');
}
$dd = $spot == 0 ? array() : array_slice($dd, 0, $spot);
ContextSet('drilldown', $dd);
ContextSet('drilldown_top', $aback['page']);
//ContextSet('drilldown_level',count($dd));
}
}
if (gp('gp_dd_page') != '' && $sessok) {
// this is drilldown...
$matches = DrillDownMatches();
$matches = array_merge($matches, aFromGP('parent_'));
$dd = ContextGet('drilldown', array());
$newdd = array('matches' => $matches, 'parent' => aFromGP('parent_'), 'skey' => gp('gpx_skey'), 'page' => gp('gpx_page'));
$dd[] = $newdd;
ContextSet('drilldown', $dd);
ContextSet('drilldown_top', gp('gp_dd_page'));
//ContextSet('drilldown_level',count($dd));
// having saved the stack, redirect to new page.
$tnew = gp('gp_dd_page');
$gp_page = $tnew;
gpSet('gp_page', $tnew);
if (gp('gp_dd_skey') != '') {
gpSet('gp_skey', gp('gp_dd_skey'));
gpSet('gp_mode', 'upd');
}
// Clear search of new page, set filters to blank
processPost_TableSearchResultsClear($tnew);
ConSet('table', $tnew, 'search', array());
}
// If no drilldown commands were received, and we are not on
// the page that is the top, user must have picked a new page
// altogether, wipe out the drilldown stack
if (gp('gp_page') != ContextGet('drilldown_top', '')) {
ContextSet('drilldown', array());
ContextSet('drilldown_top', '');
}
// Must always have these on the user's form. These can
// be retired with x_Table, they are for old drilldown
//
hidden("dd_page", "");
hidden("dd_ddc", "");
hidden("dd_ddv", "");
hidden("dd_ddback", "");
hidden("dd_action", "searchexecute");
hidden("dd_skey", "");
// Load user preferences just before display
UserPrefsLoad();
$dir = $GLOBALS['AG']['dirs']['root'] . 'application/';
if (file_exists($dir . $gp_page . ".page.yaml")) {
include 'androPage.php';
$obj_page = new androPage();
if ($obj_page->flag_buffer) {
ob_start();
}
$obj_page->main($gp_page);
if ($obj_page->flag_buffer) {
vgfSet("HTML", ob_get_clean());
//ob_end_clean();
}
vgfSet("PageSubtitle", $obj_page->PageSubtitle);
} else {
$obj_page = DispatchObject($gp_page);
if ($obj_page->flag_buffer) {
ob_start();
}
$obj_page->main();
if ($obj_page->flag_buffer && vgfGet('HTML') == '') {
vgfSet("HTML", ob_get_contents());
ob_end_clean();
}
vgfSet("PageSubtitle", $obj_page->PageSubtitle);
}
// Save context onto the page. Note that it is not really
// protected by these methods, just compressed and obscured.
//
$t2 = serialize($GLOBALS['AG']['clean']['gpContext']);
$t2 = gzcompress($t2);
$t2 = base64_encode($t2);
Hidden('gpContext', $t2);
// KFD 3/7/07, give the app the final opportunity to process
// things before the display, while logged in.
if (function_exists('appdisplaypre')) {
appDisplayPre();
}
// ...and write output and we are done. Assume if there was
// no buffering that the output is already done.
if ($obj_page->flag_buffer != false) {
// Work out what template we are using
index_hidden_template('x2');
// KFD 5/30/07, send back only main content if asked
if (gp('ajxBUFFER') == 1) {
echo "andromeda_main_content|";
ehStandardContent();
echo "|-|_focus|" . vgfGet('HTML_focus');
$ajax = ElementReturn('ajax', array());
echo '|-|' . implode('|-|', $ajax);
echo '|-|_title|' . vgfGet('PageTitle');
} elseif (defined('_VALID_MOS')) {
// This is the default branch, using a Joomla template
// DUPLICATE ALERT: This code copied into
// index_hidden_x4Dispatch() above
global $J;
$mainframe = $J['mainframe'];
$my = $J['my'];
$mosConfig_absolute_path = $J['mC_absolute_path'];
$mosConfig_live_site = $J['mC_live_site'];
$template_color = $J['template_color'];
$template_color = 'red';
$file = $GLOBALS['AG']['dirs']['root'] . '/templates/' . $mainframe->GetTemplate() . "/index.php";
include $file;
} elseif ($obj_page->html_template !== '') {
// This is newer style, let the class specify the template.
include $obj_page->html_template . '.php';
} else {
// This is old style, defaults to "html_main.php", can be
// set also by vgaSet() or by gp(gp_out)
$html_main = vgaGet('html_main') == '' ? 'html_main' : vgaGet('html_main');
switch (CleanGet("gp_out", "", false)) {
case "print":
include "html_print.php";
break;
case "info":
include "html_info.php";
break;
case "":
include $html_main . ".php";
break;
default:
}
}
}
}
function mosShowListMenu($menutype)
{
// -------------------------------------------------------
// Andromeda Code: If we are in an Andromeda situation
// then everything is vastly simplified, we already have
// the menu and we don't do much conversion
// -------------------------------------------------------
if (defined('_ANDROMEDA_JOOMLA')) {
if (!LoggedIn()) {
return;
}
// KFD 7/6/07, cache the menu so we don't have to do
// this on every call.
// Cachegrind cost to build menu : 259 / 199
// Cachegrind cost logging in : 140
// Cachegrind cost login, cache to session: 2!!!!
// Cachegrind cost to cache to disk : 400!
# KFD 4/17/08, rebuild menu if they switched modes
# KFD 6/21/08, simplify this by just looking at x4Welcome
#$menu_mode = gpExists('x4Page')
# ? (vgfGet('x4menu',false)==true ? 'x4' : 'classic')
# : 'classic';
$menu_mode = configGet('x4welcome', 'N') == 'Y' ? 'x4' : 'classic';
vgfSet('menu_mode', $menu_mode);
# KFD 6/21/08 (END)
if ($menu_mode != SessionGet('menu_mode')) {
sessionSet('menu', '');
sessionSet('menu_mode', $menu_mode);
}
$menu = SessionGet('menu', '');
if ($menu != '') {
echo $menu;
return;
}
ob_start();
$children = array();
$open = array();
$indents = array(array("<ul>", "<li>", "</li>", "</ul>"));
$class_sfx = null;
$hilightid = SessionGET('AGMENU_MODULE');
$hilightid = '';
$menus = SessionGET("AGMENU");
foreach ($menus as $menuid => $menuinfo) {
//if($menuid=='datadict') continue;
//if($menuid=='sysref') continue;
$x = new joomla_fake();
$x->type = 'url';
$x->id = $menuid;
if (sessionGet('menu_mode') == 'x4') {
$x->link = 'javascript:void(0);';
} else {
$x->link = "?x_module=" . urlencode($menuid);
}
$x->browserNav = '';
$x->name = $menuinfo['description'];
$children[0][] = $x;
foreach ($menuinfo['items'] as $page => $pageinfo) {
$x = new joomla_fake();
$x->type = 'url';
$x->id = $page;
# KFD 6/26/08, the vgfX(x4) was experimental, get rid of it
#if(vgfGet('x4')===true) {
# $pd = $pageinfo['description'];
# $x->link="javascript:x4Page('$page','$pd')";
#}
#else {
# KFD 6/26/08, work out the menu mode first
$xmode = 'x2';
if (sessionGet('menu_mode') == 'x4') {
$xmode = a($pageinfo, 'uix2', 'N') == 'Y' ? 'x2' : 'x4';
}
if ($xmode == 'x4') {
$x->link = '?x4Page=' . urlencode($page);
$x->link .= '&x4Return=' . vgaGet('nopage', 'menu');
} else {
$x->link = "?x_module={$menuid}&x2=1&gp_page=" . urlencode($page);
}
if (ArraySafe($pageinfo, 'menu_parms') != '') {
$x->link .= '&' . urlencode($pageinfo['menu_parms']);
}
#}
$x->browserNav = '';
$x->name = $pageinfo['description'];
$children[$menuid][] = $x;
}
}
mosRecurseListMenu(0, 0, $children, $open, $indents, $class_sfx, $hilightid);
$menu = ob_get_clean();
echo $menu;
SessionSet('menu', $menu);
//$fsMenuFileHTML=ob_get_clean();
//file_put_contents($fsMenuFile,$fsMenuFileHTML);
//echo $fsMenuFileHTML;
return;
}
// -------------------------------------------------------
// Andromeda Code: END
// -------------------------------------------------------
global $database, $my, $cur_template, $Itemid;
global $mosConfig_absolute_path, $mosConfig_live_site, $mosConfig_shownoauth;
$class_sfx = null;
$hilightid = null;
/* If a user has signed in, get their user type */
$intUserType = 0;
if ($my->gid) {
switch ($my->usertype) {
case 'Super Administrator':
$intUserType = 0;
break;
case 'Administrator':
$intUserType = 1;
break;
case 'Editor':
$intUserType = 2;
break;
case 'Registered':
$intUserType = 3;
break;
case 'Author':
$intUserType = 4;
break;
case 'Publisher':
$intUserType = 5;
break;
case 'Manager':
$intUserType = 6;
break;
}
} else {
/* user isn't logged in so make their usertype 0 */
$intUserType = 0;
}
if ($mosConfig_shownoauth) {
$database->setQuery("SELECT m.*, count(p.parent) as cnt" . "\nFROM #__menu AS m" . "\nLEFT JOIN #__menu AS p ON p.parent = m.id" . "\nWHERE m.menutype='{$menutype}' AND m.published='1'" . "\nGROUP BY m.id ORDER BY m.parent, m.ordering ");
} else {
$database->setQuery("SELECT m.*, sum(case when p.published=1 then 1 else 0 end) as cnt" . "\nFROM #__menu AS m" . "\nLEFT JOIN #__menu AS p ON p.parent = m.id" . "\nWHERE m.menutype='{$menutype}' AND m.published='1' AND m.access <= '{$my->gid}'" . "\nGROUP BY m.id ORDER BY m.parent, m.ordering ");
}
$rows = $database->loadObjectList('id');
echo $database->getErrorMsg();
//work out if this should be highlighted
$sql = "SELECT m.* FROM #__menu AS m" . "\nWHERE menutype='" . $menutype . "' AND m.published='1'";
$database->setQuery($sql);
$subrows = $database->loadObjectList('id');
$maxrecurse = 5;
$parentid = $Itemid;
//this makes sure toplevel stays hilighted when submenu active
while ($maxrecurse-- > 0) {
$parentid = getParentRow($subrows, $parentid);
if (isset($parentid) && $parentid >= 0 && $subrows[$parentid]) {
if (vgfGet('menu_mode') != 'x4') {
$hilightid = $parentid;
}
} else {
break;
}
}
if (vgfGet('menu_mode') == 'x4') {
$hilightid = '';
}
//echo "<!--[if lte IE 7]>\n";
include_once "{$mosConfig_absolute_path}/templates/" . $cur_template . "/js/ie.js";
//echo "<![endif]-->\n";
$indents = array(array("<ul>", "<li>", "</li>", "</ul>"));
// establish the hierarchy of the menu
$children = array();
// first pass - collect children
foreach ($rows as $v) {
$pt = $v->parent;
$list = @$children[$pt] ? $children[$pt] : array();
array_push($list, $v);
$children[$pt] = $list;
}
// second pass - collect 'open' menus
$open = array($Itemid);
$count = 20;
// maximum levels - to prevent runaway loop
$id = $Itemid;
while (--$count) {
if (isset($rows[$id]) && $rows[$id]->parent > 0) {
$id = $rows[$id]->parent;
$open[] = $id;
} else {
break;
}
}
$class_sfx = null;
mosRecurseListMenu(0, 0, $children, $open, $indents, $class_sfx, $hilightid);
}
