$smarty->register_modifier('htmlsafe', 'htmlsafe');
$smarty->register_modifier('urlsafe', 'urlsafe');
$smarty->register_modifier('urlencode', 'urlencode');
$smarty->register_modifier('outhtml', 'outhtml');
$smarty->register_modifier('htmlout', 'outhtml');
//common typo
$smarty->register_modifier('urlescape', 'urlencode');
//common typo
$install_tables_exists = checkTableExists(TB_PREFIX . "biller");
if ($install_tables_exists == true) {
$install_data_exists = checkDataExists();
}
//TODO - add this as a function in sql_queries.php or a class file
//if ( ($install_tables_exists != false) AND ($install_data_exists != false) )
if ($install_tables_exists != false) {
if (getNumberOfDoneSQLPatches() > "196") {
$sql = "SELECT * from " . TB_PREFIX . "extensions WHERE (domain_id = :id OR domain_id = 0 ) ORDER BY domain_id ASC";
$sth = dbQuery($sql, ':id', $auth_session->domain_id) or die(htmlsafe(end($dbh->errorInfo())));
while ($this_extension = $sth->fetch()) {
$DB_extensions[$this_extension['name']] = $this_extension;
}
$config->extension = $DB_extensions;
}
}
// If no extension loaded, load Core
if (!$config->extension) {
$extension_core = new Zend_Config(array('core' => array('id' => 1, 'domain_id' => 1, 'name' => 'core', 'description' => 'Core part of Simple Invoices - always enabled', 'enabled' => 1)));
$config->extension = $extension_core;
}
include_once './include/language.php';
include_once './include/functions.php';
$user_table = getNumberOfDoneSQLPatches() < "161" ? "users" : "user";
$user_email = getNumberOfDoneSQLPatches() < "184" ? "user_email" : "email";
$user_password = getNumberOfDoneSQLPatches() < "184" ? "user_password" : "password";
$authAdapter->setTableName(TB_PREFIX . $user_table)->setIdentityColumn($user_email)->setCredentialColumn($user_password)->setCredentialTreatment('MD5(?)');
$userEmail = $_POST['user'];
$password = $_POST['pass'];
// Set the input credential values (e.g., from a login form)
$authAdapter->setIdentity($userEmail)->setCredential($password);
// Perform the authentication query, saving the result
$result = $authAdapter->authenticate();
if ($result->isValid()) {
Zend_Session::start();
/*
* grab user data from the database
*/
$PatchesDone = getNumberOfDoneSQLPatches();
//patch 147 adds user_role table - need to accomodate pre and post patch 147
if ($PatchesDone < "147") {
$result = $zendDb->fetchRow("\n\t\t\t\tSELECT \n\t\t\t\t\tu.user_id AS id, u.user_email, u.user_name\n\t\t\t\tFROM \n\t\t\t\t\t" . TB_PREFIX . "users u\n\t\t\t\tWHERE \n\t\t\t\t\tuser_email = ?", $userEmail);
$result['role_name'] = "administrator";
} elseif ($PatchesDone < "184") {
$result = $zendDb->fetchRow("\n\t\t\t\tSELECT \n\t\t\t\t\tu.user_id AS id, u.user_email, u.user_name, r.name AS role_name, u.user_domain_id\n\t\t\t\tFROM \n\t\t\t\t\t" . TB_PREFIX . "user u \n\t\t\t\t\tLEFT JOIN " . TB_PREFIX . "user_role r ON (u.user_role_id = r.id)\n\t\t\t\tWHERE \n\t\t\t\t\tu.user_email = ?", $userEmail);
} elseif ($PatchesDone < "292") {
$result = $zendDb->fetchRow("\n\t\t\t\tSELECT \n\t\t\t\t\tu.id, u.email, r.name AS role_name, u.domain_id, 0 AS user_id\n\t\t\t\tFROM \n\t\t\t\t\t" . TB_PREFIX . "user u \n\t\t\t\t\tLEFT JOIN " . TB_PREFIX . "user_role r ON (u.role_id = r.id)\n\t\t\t\tWHERE \n\t\t\t\t\tu.email = ? AND u.enabled = '" . ENABLED . "'", $userEmail);
// Customer / Biller User ID available on and after Patch 292
} else {
$result = $zendDb->fetchRow("\n\t\t\t\tSELECT \n\t\t\t\t\tu.id, u.email, r.name AS role_name, u.domain_id, u.user_id\n\t\t\t\tFROM \n\t\t\t\t\t" . TB_PREFIX . "user u \n\t\t\t\t\tLEFT JOIN " . TB_PREFIX . "user_role r ON (u.role_id = r.id)\n\t\t\t\tWHERE \n\t\t\t\t\tu.email = ? AND u.enabled = '" . ENABLED . "'", $userEmail);
}
/*
* chuck the user details sans password into the Zend_auth session
*/
function checkDataExists()
{
$test = getNumberOfDoneSQLPatches();
if ($test > 0) {
return true;
} else {
return false;
}
}
FROM
si_users u
WHERE
user_email = ?', $userEmail);
$result['role_name'] = "administrator";
}
if (getNumberOfDoneSQLPatches() >= "147" && getNumberOfDoneSQLPatches() < "184") {
$result = $zendDb->fetchRow('
SELECT
u.user_id as id, u.user_email, u.user_name, r.name as role_name, u.user_domain_id
FROM
si_user u, si_user_role r
WHERE
u.user_email = ? AND u.user_role_id = r.id', $userEmail);
}
if (getNumberOfDoneSQLPatches() >= "184") {
$result = $zendDb->fetchRow("\r\n\t\t\t\tSELECT \r\n\t\t\t\t\tu.id, u.email, r.name as role_name, u.domain_id\r\n\t\t\t\tFROM \r\n\t\t\t\t\tsi_user u, si_user_role r \r\n\t\t\t\tWHERE \r\n\t\t\t\t\tu.email = ? AND u.role_id = r.id AND u.enabled = '" . ENABLED . "'", $userEmail);
}
/*
* chuck the user details sans password into the Zend_auth session
*/
$authNamespace = new Zend_Session_Namespace('Zend_Auth');
foreach ($result as $key => $value) {
$authNamespace->{$key} = $value;
}
header('Location: .');
} else {
$errorMessage = 'Sorry, wrong user / password';
}
}
if ($_POST['action'] == 'login' && (empty($_POST['user']) or empty($_POST['pass']))) {
