function Page_Main()
{
global $conn;
$GLOBALS["Page"] =& $this;
//***$conn = ew_Connect();
// Get fn / table name parameters
$key = EW_RANDOM_KEY . session_id();
$fn = @$_GET["fn"] != "" ? ew_StripSlashes($_GET["fn"]) : "";
if ($fn != "" && EW_ENCRYPT_FILE_PATH) {
$fn = ew_Decrypt($fn, $key);
}
$table = @$_GET["t"] != "" ? ew_StripSlashes($_GET["t"]) : "";
if ($table != "" && EW_ENCRYPT_FILE_PATH) {
$table = ew_Decrypt($table, $key);
}
// Global Page Loading event (in userfn*.php)
//***Page_Loading();
// Get resize parameters
$resize = @$_GET["resize"] != "";
$width = @$_GET["width"] != "" ? $_GET["width"] : 0;
$height = @$_GET["height"] != "" ? $_GET["height"] : 0;
if (@$_GET["width"] == "" && @$_GET["height"] == "") {
$width = EW_THUMBNAIL_DEFAULT_WIDTH;
$height = EW_THUMBNAIL_DEFAULT_HEIGHT;
}
// Resize image from physical file
if ($fn != "") {
$fn = str_replace("", "", $fn);
$fn = ew_IncludeTrailingDelimiter(ew_AppRoot(), TRUE) . $fn;
if (file_exists($fn) || @fopen($fn, "rb") !== FALSE) {
// Allow remote file
if (ob_get_length()) {
ob_end_clean();
}
$pathinfo = pathinfo($fn);
$ext = strtolower(@$pathinfo["extension"]);
$ct = ew_ContentType("", $fn);
if ($ct != "") {
header("Content-type: " . $ct);
}
if (in_array($ext, explode(",", EW_IMAGE_ALLOWED_FILE_EXT))) {
$size = @getimagesize($fn);
if ($size) {
header("Content-type: {$size['mime']}");
}
if ($width > 0 || $height > 0) {
echo ew_ResizeFileToBinary($fn, $width, $height);
} else {
echo file_get_contents($fn);
}
} elseif (in_array($ext, explode(",", EW_DOWNLOAD_ALLOWED_FILE_EXT))) {
echo file_get_contents($fn);
}
}
}
// Global Page Unloaded event (in userfn*.php)
//***Page_Unloaded();
// Close connection
//***ew_CloseConn();
}
function Page_Main()
{
$GLOBALS["Page"] =& $this;
$post = ew_StripSlashes($_POST);
if (count($post) == 0) {
die("Missing post data.");
}
//$sql = $qs->getValue("s");
$sql = @$post["s"];
$sql = ew_Decrypt($sql);
if ($sql == "") {
die("Missing SQL.");
}
if (strpos($sql, "{filter}") > 0) {
$filters = "";
for ($i = 0; $i < 5; $i++) {
// Get the filter values (for "IN")
$filter = ew_Decrypt(@$post["f" . $i]);
if ($filter != "") {
$value = @$post["v" . $i];
if ($value == "") {
if ($i > 0) {
// Empty parent field
//continue; // Allow
ew_AddFilter($filters, "1=0");
}
// Disallow
continue;
}
$arValue = explode(",", $value);
$fldtype = intval(@$post["t" . $i]);
for ($j = 0, $cnt = count($arValue); $j < $cnt; $j++) {
$arValue[$j] = ew_QuotedValue($arValue[$j], ew_FieldDataType($fldtype));
}
$filter = str_replace("{filter_value}", implode(",", $arValue), $filter);
ew_AddFilter($filters, $filter);
}
}
$sql = str_replace("{filter}", $filters != "" ? $filters : "1=1", $sql);
}
// Get the query value (for "LIKE" or "=")
$value = ew_AdjustSql(@$post["q"]);
if ($value != "") {
$sql = preg_replace('/LIKE \'(%)?\\{query_value\\}%\'/', ew_Like('\'$1{query_value}%\''), $sql);
$sql = str_replace("{query_value}", $value, $sql);
}
// Replace {query_value_n}
preg_match_all('/\\{query_value_(\\d+)\\}/', $sql, $out);
$cnt = count($out[0]);
for ($i = 0; $i < $cnt; $i++) {
$j = $out[1][$i];
$v = ew_AdjustSql(@$post["q" . $j]);
$sql = str_replace("{query_value_" . $j . "}", $v, $sql);
}
$this->GetLookupValues($sql);
}
function Page_Main()
{
global $conn, $Language, $gsFormError;
global $Breadcrumb;
$Breadcrumb = new cBreadcrumb();
$Breadcrumb->Add("forgotpwd", "<span id=\"ewPageCaption\">" . $Language->Phrase("RequestPwdPage") . "</span>", ew_CurrentUrl());
$bPostBack = ew_IsHttpPost();
$bValidEmail = FALSE;
if ($bPostBack) {
// Setup variables
$this->Email = $_POST["email"];
$bValidEmail = $this->ValidateForm($this->Email);
if ($bValidEmail) {
$this->Action = "activate";
$this->ActivateCode = ew_Encrypt($this->Email);
} else {
$this->setFailureMessage($gsFormError);
}
// Handle email activation
} elseif (@$_GET["action"] != "") {
$this->Action = $_GET["action"];
$this->Email = @$_GET["email"];
$this->ActivateCode = @$_GET["code"];
if ($this->Email != ew_Decrypt($this->ActivateCode) || strtolower($this->Action) != "confirm") {
// Email activation
if ($this->getFailureMessage() == "") {
$this->setFailureMessage($Language->Phrase("ActivateFailed"));
}
// Set activate failed message
$this->Page_Terminate("login.php");
// Go to login page
}
}
if ($this->Action != "") {
$bEmailSent = FALSE;
// Set up filter (SQL WHERE clause) and get Return SQL
// SQL constructor in usuario class, usuarioinfo.php
$sFilter = str_replace("%e", ew_AdjustSql($this->Email), EW_USER_EMAIL_FILTER);
$this->CurrentFilter = $sFilter;
$sSql = $this->SQL();
if ($RsUser = $conn->Execute($sSql)) {
if (!$RsUser->EOF) {
$rsold = $RsUser->fields;
$bValidEmail = TRUE;
// Call User Recover Password event
$bValidEmail = $this->User_RecoverPassword($rsold);
if ($bValidEmail) {
$sUserName = $rsold['usuario'];
$sPassword = $rsold['contrasenia'];
if (EW_ENCRYPTED_PASSWORD) {
if (strtolower($this->Action) == "confirm") {
$sPassword = substr($sPassword, 0, 16);
// Use first 16 characters only
$rsnew = array('contrasenia' => $sPassword);
// Reset the password
$this->Update($rsnew);
}
} else {
$this->Action = "confirm";
// Send password directly if not MD5
}
}
} else {
$bValidEmail = FALSE;
$this->setFailureMessage($Language->Phrase("InvalidEmail"));
}
if ($bValidEmail) {
$Email = new cEmail();
if (strtolower($this->Action) == "confirm") {
$Email->Load("phptxt/forgotpwd.txt");
$Email->ReplaceContent('<!--$Password-->', $sPassword);
} else {
$Email->Load("phptxt/resetpwd.txt");
$sActivateLink = ew_FullUrl() . "?action=confirm";
$sActivateLink .= "&email=" . $this->Email;
$sActivateLink .= "&code=" . $this->ActivateCode;
$Email->ReplaceContent('<!--$ActivateLink-->', $sActivateLink);
}
$Email->ReplaceSender(EW_SENDER_EMAIL);
// Replace Sender
$Email->ReplaceRecipient($this->Email);
// Replace Recipient
$Email->ReplaceContent('<!--$UserName-->', $sUserName);
$Email->Charset = EW_EMAIL_CHARSET;
$Args = array();
if (EW_ENCRYPTED_PASSWORD && strtolower($this->Action) == "confirm") {
$Args["rs"] =& $rsnew;
}
if ($this->Email_Sending($Email, $Args)) {
$bEmailSent = $Email->Send();
}
}
$RsUser->Close();
}
if ($bEmailSent) {
if ($this->getSuccessMessage() == "") {
if (strtolower($this->Action) == "confirm") {
$this->setSuccessMessage($Language->Phrase("PwdEmailSent"));
} else {
$this->setSuccessMessage($Language->Phrase("ResetPwdEmailSent"));
}
}
// Set up success message
$this->Page_Terminate("login.php");
// Return to login page
} elseif ($bValidEmail) {
$this->setFailureMessage($Language->Phrase("FailedToSendMail"));
// Set up error message
}
}
}
function AutoLogin()
{
$AutoLogin = FALSE;
if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") {
$usr = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']);
$pwd = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Password']);
$AutoLogin = $this->ValidateUser($usr, $pwd, TRUE, FALSE);
}
if (!$AutoLogin && EW_ALLOW_LOGIN_BY_URL && isset($_GET["username"])) {
$usr = ew_RemoveXSS(ew_StripSlashes($_GET["username"]));
$pwd = ew_RemoveXSS(ew_StripSlashes(@$_GET["password"]));
$enc = !empty($_GET["encrypted"]);
$AutoLogin = $this->ValidateUser($usr, $pwd, TRUE, $enc);
}
if (!$AutoLogin && EW_ALLOW_LOGIN_BY_SESSION && isset($_SESSION[EW_PROJECT_NAME . "_Username"])) {
$usr = $_SESSION[EW_PROJECT_NAME . "_Username"];
$pwd = @$_SESSION[EW_PROJECT_NAME . "_Password"];
$enc = !empty($_SESSION[EW_PROJECT_NAME . "_Encrypted"]);
$AutoLogin = $this->ValidateUser($usr, $pwd, TRUE, $enc);
}
return $AutoLogin;
}
function Page_Main()
{
global $Security, $Language, $UserProfile, $gsFormError;
global $Breadcrumb;
$url = substr(ew_CurrentUrl(), strrpos(ew_CurrentUrl(), "/") + 1);
$Breadcrumb = new cBreadcrumb();
$Breadcrumb->Add("login", "LoginPage", $url, "", "", TRUE);
$sPassword = "";
$sLastUrl = $Security->LastUrl();
// Get last URL
if ($sLastUrl == "") {
$sLastUrl = "index.php";
}
// If session expired, show session expired message
if (@$_GET["expired"] == "1") {
$this->setFailureMessage($Language->Phrase("SessionExpired"));
}
if (IsLoggingIn()) {
$this->Username = @$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME];
$sPassword = @$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD];
$this->LoginType = @$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE];
$bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE);
if ($bValidPwd) {
$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = "";
$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD] = "";
$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = "";
}
} else {
if (!$Security->IsLoggedIn()) {
$Security->AutoLogin();
}
$Security->LoadUserLevel();
// Load user level
$this->Username = "";
// Initialize
$encrypted = FALSE;
if (isset($_POST["username"])) {
$this->Username = ew_RemoveXSS(ew_StripSlashes($_POST["username"]));
$sPassword = ew_RemoveXSS(ew_StripSlashes(@$_POST["password"]));
$this->LoginType = strtolower(ew_RemoveXSS(@$_POST["type"]));
} else {
if (EW_ALLOW_LOGIN_BY_URL && isset($_GET["username"])) {
$this->Username = ew_RemoveXSS(ew_StripSlashes($_GET["username"]));
$sPassword = ew_RemoveXSS(ew_StripSlashes(@$_GET["password"]));
$this->LoginType = strtolower(ew_RemoveXSS(@$_GET["type"]));
$encrypted = !empty($_GET["encrypted"]);
}
}
if ($this->Username != "") {
$bValidate = $this->ValidateForm($this->Username, $sPassword);
if (!$bValidate) {
$this->setFailureMessage($gsFormError);
}
$_SESSION[EW_SESSION_USER_LOGIN_TYPE] = $this->LoginType;
// Save user login type
$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = $this->Username;
// Save login user name
$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = $this->LoginType;
// Save login type
// Max login attempt checking
if ($UserProfile->ExceedLoginRetry($this->Username)) {
$bValidate = FALSE;
$this->setFailureMessage(str_replace("%t", EW_USER_PROFILE_RETRY_LOCKOUT, $Language->Phrase("ExceedMaxRetry")));
}
} else {
if ($Security->IsLoggedIn()) {
if ($this->getFailureMessage() == "") {
$this->Page_Terminate($sLastUrl);
}
// Return to last accessed page
}
$bValidate = FALSE;
// Restore settings
if (@$_COOKIE[EW_PROJECT_NAME]['Checksum'] == strval(crc32(md5(EW_RANDOM_KEY)))) {
$this->Username = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']);
}
if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") {
$this->LoginType = "a";
} elseif (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "rememberusername") {
$this->LoginType = "u";
} else {
$this->LoginType = "";
}
}
$bValidPwd = FALSE;
if ($bValidate) {
// Call Logging In event
$bValidate = $this->User_LoggingIn($this->Username, $sPassword);
if ($bValidate) {
$bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE, $encrypted);
// Manual login
if (!$bValidPwd) {
if ($this->getFailureMessage() == "") {
$this->setFailureMessage($Language->Phrase("InvalidUidPwd"));
}
// Invalid user id/password
}
} else {
if ($this->getFailureMessage() == "") {
$this->setFailureMessage($Language->Phrase("LoginCancelled"));
}
// Login cancelled
}
}
}
if ($bValidPwd) {
// Write cookies
if ($this->LoginType == "a") {
// Auto login
setcookie(EW_PROJECT_NAME . '[AutoLogin]', "autologin", EW_COOKIE_EXPIRY_TIME);
// Set autologin cookie
setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME);
// Set user name cookie
setcookie(EW_PROJECT_NAME . '[Password]', ew_Encrypt($sPassword), EW_COOKIE_EXPIRY_TIME);
// Set password cookie
setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME);
} elseif ($this->LoginType == "u") {
// Remember user name
setcookie(EW_PROJECT_NAME . '[AutoLogin]', "rememberusername", EW_COOKIE_EXPIRY_TIME);
// Set remember user name cookie
setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME);
// Set user name cookie
setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME);
} else {
setcookie(EW_PROJECT_NAME . '[AutoLogin]', "", EW_COOKIE_EXPIRY_TIME);
// Clear auto login cookie
}
$this->WriteAuditTrailOnLogin($this->Username);
// Call loggedin event
$this->User_LoggedIn($this->Username);
$this->Page_Terminate($sLastUrl);
// Return to last accessed URL
} elseif ($this->Username != "" && $sPassword != "") {
// Call user login error event
$this->User_LoginError($this->Username, $sPassword);
}
}
function AutoLogin()
{
if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") {
$usr = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']);
$pwd = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Password']);
$AutoLogin = $this->ValidateUser($usr, $pwd, TRUE);
} else {
$AutoLogin = FALSE;
}
return $AutoLogin;
}
function Page_Main()
{
global $UserTableConn, $Language, $gsFormError;
global $Breadcrumb;
$Breadcrumb = new cBreadcrumb();
$Breadcrumb->Add("forgotpwd", "RequestPwdPage", ew_CurrentUrl(), "", "", TRUE);
$bPostBack = ew_IsHttpPost();
$bValidEmail = FALSE;
if ($bPostBack) {
// Setup variables
$this->Email = $_POST["email"];
$bValidEmail = $this->ValidateForm($this->Email);
if ($bValidEmail) {
if (EW_ENCRYPTED_PASSWORD) {
$this->Action = "reset";
} else {
$this->Action = "confirm";
}
// Send password directly if not MD5
$this->ActivateCode = ew_Encrypt($this->Email);
} else {
$this->setFailureMessage($gsFormError);
}
// Handle email activation
} elseif (@$_GET["action"] != "") {
$this->Action = $_GET["action"];
$this->Email = @$_GET["email"];
$this->ActivateCode = @$_GET["code"];
if ($this->Email != ew_Decrypt($this->ActivateCode) || strtolower($this->Action) != "confirm" && strtolower($this->Action) != "reset") {
// Email activation
if ($this->getFailureMessage() == "") {
$this->setFailureMessage($Language->Phrase("ActivateFailed"));
}
// Set activate failed message
$this->Page_Terminate("login.php");
// Go to login page
}
if (strtolower($this->Action) == "reset") {
$this->Action = "resetpassword";
}
}
if ($this->Action != "") {
$bEmailSent = FALSE;
// Set up filter (SQL WHERE clause) and get Return SQL
// SQL constructor in user class, userinfo.php
$sFilter = str_replace("%e", ew_AdjustSql($this->Email, EW_USER_TABLE_DBID), EW_USER_EMAIL_FILTER);
$this->CurrentFilter = $sFilter;
$sSql = $this->SQL();
if ($RsUser = $UserTableConn->Execute($sSql)) {
if (!$RsUser->EOF) {
$rsold = $RsUser->fields;
$bValidEmail = TRUE;
// Call User Recover Password event
$bValidEmail = $this->User_RecoverPassword($rsold);
if ($bValidEmail) {
$sUserName = $rsold['CODE'];
$sPassword = $rsold['PASS'];
}
} else {
$bValidEmail = FALSE;
$this->setFailureMessage($Language->Phrase("InvalidEmail"));
}
$RsUser->Close();
if ($bValidEmail) {
if (strtolower($this->Action) == "resetpassword") {
// Reset password
$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = $sUserName;
// Save login user name
$_SESSION[EW_SESSION_STATUS] = "passwordreset";
$this->Page_Terminate("changepwd.php");
} else {
$Email = new cEmail();
if (strtolower($this->Action) == "confirm") {
$Email->Load(EW_EMAIL_FORGOTPWD_TEMPLATE);
$Email->ReplaceContent('<!--$Password-->', $sPassword);
} else {
$Email->Load(EW_EMAIL_RESETPWD_TEMPLATE);
$sActivateLink = ew_FullUrl() . "?action=reset";
$sActivateLink .= "&email=" . $this->Email;
$sActivateLink .= "&code=" . $this->ActivateCode;
$Email->ReplaceContent('<!--$ActivateLink-->', $sActivateLink);
}
$Email->ReplaceSender(EW_SENDER_EMAIL);
// Replace Sender
$Email->ReplaceRecipient($this->Email);
// Replace Recipient
$Email->ReplaceContent('<!--$UserName-->', $sUserName);
$Args = array();
if (EW_ENCRYPTED_PASSWORD && strtolower($this->Action) == "confirm") {
$Args["rs"] =& $rsnew;
}
if ($this->Email_Sending($Email, $Args)) {
$bEmailSent = $Email->Send();
}
}
}
}
if ($bEmailSent) {
if ($this->getSuccessMessage() == "") {
if (strtolower($this->Action) == "confirm") {
$this->setSuccessMessage($Language->Phrase("PwdEmailSent"));
} else {
$this->setSuccessMessage($Language->Phrase("ResetPwdEmailSent"));
}
}
// Set up success message
$this->Page_Terminate("login.php");
// Return to login page
} elseif ($bValidEmail) {
$this->setFailureMessage($Email->SendErrDescription);
// Set up error message
}
}
}
function Page_Main()
{
global $Security, $Language, $UserProfile, $gsFormError;
global $Breadcrumb;
$Breadcrumb = new cBreadcrumb();
$Breadcrumb->Add("login", "<span id=\"ewPageCaption\">" . $Language->Phrase("LoginPage") . "</span>", ew_CurrentUrl());
$sPassword = "";
$sLastUrl = $Security->LastUrl();
// Get last URL
if ($sLastUrl == "") {
$sLastUrl = "index.php";
}
if (IsLoggingIn()) {
$this->Username = @$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME];
$sPassword = @$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD];
$this->LoginType = @$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE];
$bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE);
if ($bValidPwd) {
$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = "";
$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD] = "";
$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = "";
}
} else {
if (!$Security->IsLoggedIn()) {
$Security->AutoLogin();
}
$this->Username = "";
// Initialize
if (@$_POST["username"] != "") {
// Setup variables
$this->Username = ew_RemoveXSS(ew_StripSlashes(@$_POST["username"]));
$sPassword = ew_RemoveXSS(ew_StripSlashes(@$_POST["password"]));
$this->LoginType = strtolower(ew_RemoveXSS(@$_POST["type"]));
}
if ($this->Username != "") {
$bValidate = $this->ValidateForm($this->Username, $sPassword);
if (!$bValidate) {
$this->setFailureMessage($gsFormError);
}
$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = $this->Username;
// Save login user name
$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = $this->LoginType;
// Save login type
} else {
if ($Security->IsLoggedIn()) {
if ($this->getFailureMessage() == "") {
$this->Page_Terminate($sLastUrl);
}
// Return to last accessed page
}
$bValidate = FALSE;
// Restore settings
if (@$_COOKIE[EW_PROJECT_NAME]['Checksum'] == strval(crc32(md5(EW_RANDOM_KEY)))) {
$this->Username = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']);
}
if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") {
$this->LoginType = "a";
} elseif (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "rememberusername") {
$this->LoginType = "u";
} else {
$this->LoginType = "";
}
}
$bValidPwd = FALSE;
if ($bValidate) {
// Call Logging In event
$bValidate = $this->User_LoggingIn($this->Username, $sPassword);
if ($bValidate) {
$bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE);
// Manual login
if (!$bValidPwd) {
if ($this->getFailureMessage() == "") {
$this->setFailureMessage($Language->Phrase("InvalidUidPwd"));
}
// Invalid user id/password
}
} else {
if ($this->getFailureMessage() == "") {
$this->setFailureMessage($Language->Phrase("LoginCancelled"));
}
// Login cancelled
}
}
}
if ($bValidPwd) {
// Write cookies
if ($this->LoginType == "a") {
// Auto login
setcookie(EW_PROJECT_NAME . '[AutoLogin]', "autologin", EW_COOKIE_EXPIRY_TIME);
// Set autologin cookie
setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME);
// Set user name cookie
setcookie(EW_PROJECT_NAME . '[Password]', ew_Encrypt($sPassword), EW_COOKIE_EXPIRY_TIME);
// Set password cookie
setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME);
} elseif ($this->LoginType == "u") {
// Remember user name
setcookie(EW_PROJECT_NAME . '[AutoLogin]', "rememberusername", EW_COOKIE_EXPIRY_TIME);
// Set remember user name cookie
setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME);
// Set user name cookie
setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME);
} else {
setcookie(EW_PROJECT_NAME . '[AutoLogin]', "", EW_COOKIE_EXPIRY_TIME);
// Clear auto login cookie
}
// Call loggedin event
$this->User_LoggedIn($this->Username);
$this->Page_Terminate($sLastUrl);
// Return to last accessed URL
} elseif ($this->Username != "" && $sPassword != "") {
// Call user login error event
$this->User_LoginError($this->Username, $sPassword);
}
}
function Page_Main()
{
global $conn, $Security, $Language, $gsFormError, $objForm;
global $Breadcrumb;
// Set up Breadcrumb
$Breadcrumb = new cBreadcrumb();
$Breadcrumb->Add("register", "<span id=\"ewPageCaption\">" . $Language->Phrase("RegisterPage") . "</span>", ew_CurrentUrl());
$bUserExists = FALSE;
if (@$_POST["a_register"] != "") {
// Get action
$this->CurrentAction = $_POST["a_register"];
$this->LoadFormValues();
// Get form values
// Validate form
if (!$this->ValidateForm()) {
$this->CurrentAction = "I";
// Form error, reset action
$this->setFailureMessage($gsFormError);
}
} else {
$this->CurrentAction = "I";
// Display blank record
$this->LoadDefaultValues();
// Load default values
}
// Handle email activation
if (@$_GET["action"] != "") {
$sAction = $_GET["action"];
$sEmail = @$_GET["email"];
$sCode = @$_GET["token"];
@(list($sApprovalCode, $sUsr, $sPwd) = explode(",", $sCode, 3));
$sApprovalCode = ew_Decrypt($sApprovalCode);
$sUsr = ew_Decrypt($sUsr);
$sPwd = ew_Decrypt($sPwd);
if ($sEmail == $sApprovalCode) {
if (strtolower($sAction) == "confirm") {
// Email activation
if ($this->ActivateEmail($sEmail)) {
// Activate this email
if ($this->getSuccessMessage() == "") {
$this->setSuccessMessage($Language->Phrase("ActivateAccount"));
}
// Set up message acount activated
$this->Page_Terminate("cciaglogin.php");
// Go to login page
}
}
}
if ($this->getFailureMessage() == "") {
$this->setFailureMessage($Language->Phrase("ActivateFailed"));
}
// Set activate failed message
$this->Page_Terminate("cciaglogin.php");
// Go to login page
}
switch ($this->CurrentAction) {
case "I":
// Blank record, no action required
break;
case "A":
// Add
// Check for duplicate User ID
$sFilter = str_replace("%u", ew_AdjustSql($this->usuario->CurrentValue), EW_USER_NAME_FILTER);
// Set up filter (SQL WHERE clause) and get return SQL
// SQL constructor in usuario class, usuarioinfo.php
$this->CurrentFilter = $sFilter;
$sUserSql = $this->SQL();
if ($rs = $conn->Execute($sUserSql)) {
if (!$rs->EOF) {
$bUserExists = TRUE;
$this->RestoreFormValues();
// Restore form values
$this->setFailureMessage($Language->Phrase("UserExists"));
// Set user exist message
}
$rs->Close();
}
if (!$bUserExists) {
$this->SendEmail = TRUE;
// Send email on add success
if ($this->AddRow()) {
// Add record
// Load user email
$sReceiverEmail = $this->_email->CurrentValue;
if ($sReceiverEmail == "") {
// Send to recipient directly
$sReceiverEmail = EW_RECIPIENT_EMAIL;
$sBccEmail = "";
} else {
// Bcc recipient
$sBccEmail = EW_RECIPIENT_EMAIL;
}
// Set up email content
if ($sReceiverEmail != "") {
$Email = new cEmail();
$Email->Load("phptxt/cciagregister.txt");
$Email->ReplaceSender(EW_SENDER_EMAIL);
// Replace Sender
$Email->ReplaceRecipient($sReceiverEmail);
// Replace Recipient
if ($sBccEmail != "") {
$Email->AddBcc($sBccEmail);
}
// Add Bcc
$Email->ReplaceContent('<!--FieldCaption_email-->', $this->_email->FldCaption());
$Email->ReplaceContent('<!--email-->', strval($this->_email->FormValue));
$sActivateLink = ew_FullUrl() . "?action=confirm";
$sActivateLink .= "&email=" . $this->_email->CurrentValue;
$sToken = ew_Encrypt($this->_email->CurrentValue) . "," . ew_Encrypt($this->usuario->CurrentValue) . "," . ew_Encrypt($this->contrasenia->FormValue);
$sActivateLink .= "&token=" . $sToken;
$Email->ReplaceContent("<!--ActivateLink-->", $sActivateLink);
$Email->Charset = EW_EMAIL_CHARSET;
// Get new recordset
$this->CurrentFilter = $this->KeyFilter();
$sSql = $this->SQL();
$rsnew = $conn->Execute($sSql);
$Args = array();
$Args["rs"] = $rsnew->fields;
$bEmailSent = FALSE;
if ($this->Email_Sending($Email, $Args)) {
$bEmailSent = $Email->Send();
}
// Send email failed
if (!$bEmailSent) {
$this->setFailureMessage($Email->SendErrDescription);
}
}
if ($this->getSuccessMessage() == "") {
$this->setSuccessMessage($Language->Phrase("RegisterSuccessActivate"));
}
// Activate success
$this->Page_Terminate("cciaglogin.php");
// Return
} else {
$this->RestoreFormValues();
// Restore form values
}
}
}
// Render row
if ($this->CurrentAction == "F") {
// Confirm page
$this->RowType = EW_ROWTYPE_VIEW;
// Render view
} else {
$this->RowType = EW_ROWTYPE_ADD;
// Render add
}
$this->ResetAttrs();
$this->RenderRow();
}
function Page_Main()
{
global $conn;
$GLOBALS["Page"] =& $this;
$post = ew_StripSlashes($_POST);
if (count($post) == 0) {
die("Missing post data.");
}
//$sql = $qs->getValue("s");
$sql = @$post["s"];
$sql = ew_Decrypt($sql);
if ($sql == "") {
die("Missing SQL.");
}
$dbid = @$post["d"];
$conn = ew_Connect($dbid);
// Global Page Loading event (in userfn*.php)
Page_Loading();
if (ob_get_length()) {
// Clear output
ob_clean();
}
if (strpos($sql, "{filter}") > 0) {
$filters = "";
$ar = preg_grep('/^f\\d+$/', array_keys($post));
foreach ($ar as $key) {
// Get the filter values (for "IN")
$filter = ew_Decrypt(@$post[$key]);
if ($filter != "") {
$i = preg_replace('/^f/', '', $key);
$value = @$post["v" . $i];
if ($value == "") {
if ($i > 0) {
// Empty parent field
//continue; // Allow
ew_AddFilter($filters, "1=0");
}
// Disallow
continue;
}
$arValue = explode(",", $value);
$fldtype = intval(@$post["t" . $i]);
$flddatatype = ew_FieldDataType($fldtype);
$bValidData = TRUE;
for ($j = 0, $cnt = count($arValue); $j < $cnt; $j++) {
if ($flddatatype == EW_DATATYPE_NUMBER && !is_numeric($arValue[$j])) {
$bValidData = FALSE;
break;
} else {
$arValue[$j] = ew_QuotedValue($arValue[$j], $flddatatype, $dbid);
}
}
if ($bValidData) {
$filter = str_replace("{filter_value}", implode(",", $arValue), $filter);
} else {
$filter = "1=0";
}
$fn = @$post["fn" . $i];
if ($fn == "" || !function_exists($fn)) {
$fn = "ew_AddFilter";
}
$fn($filters, $filter);
}
}
$sql = str_replace("{filter}", $filters != "" ? $filters : "1=1", $sql);
}
// Get the query value (for "LIKE" or "=")
$value = ew_AdjustSql(@$_GET["q"], $dbid);
// Get the query value from querystring
if ($value == "") {
$value = ew_AdjustSql(@$post["q"], $dbid);
}
// Get the value from post
if ($value != "") {
$sql = preg_replace('/LIKE \'(%)?\\{query_value\\}%\'/', ew_Like('\'$1{query_value}%\'', $dbid), $sql);
$sql = str_replace("{query_value}", $value, $sql);
}
// Replace {query_value_n}
preg_match_all('/\\{query_value_(\\d+)\\}/', $sql, $out);
$cnt = count($out[0]);
for ($i = 0; $i < $cnt; $i++) {
$j = $out[1][$i];
$v = ew_AdjustSql(@$post["q" . $j], $dbid);
$sql = str_replace("{query_value_" . $j . "}", $v, $sql);
}
$this->GetLookupValues($sql, $dbid);
$result = ob_get_contents();
// Global Page Unloaded event (in userfn*.php)
Page_Unloaded();
if (ob_get_length()) {
// Clear output
ob_clean();
}
// Close connection
ew_CloseConn();
// Output
echo $result;
}
function AutoLogin()
{
if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") {
$usr = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']);
$pwd = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Password']);
$AutoLogin = $this->ValidateUser($usr, $pwd, TRUE);
if ($AutoLogin) {
ew_WriteAuditTrail("log", ew_StdCurrentDateTime(), ew_ScriptName(), $usr, $GLOBALS["Language"]->Phrase("AuditTrailAutoLogin"), ew_CurrentUserIP(), "", "", "", "");
}
} else {
$AutoLogin = FALSE;
}
return $AutoLogin;
}
function Page_Main()
{
global $Language;
// Load filter
$filter = @$_GET["f"];
$filter = ew_Decrypt($filter);
if ($filter == "") {
$filter = "0=1";
}
// Set up foreign keys from filter
$this->SetupForeignKeysFromFilter($filter);
// Call Recordset Selecting event
$this->Recordset_Selecting($filter);
// Load recordset
$filter = $this->ApplyUserIDFilters($filter);
$this->Recordset = $this->LoadRs($filter);
$this->TotalRecs = $this->Recordset ? $this->Recordset->RecordCount() : 0;
// Call Recordset Selected event
$this->Recordset_Selected($this->Recordset);
$this->LoadListRowValues($this->Recordset);
$this->RenderOtherOptions();
}
