$smarty->register_modifier('htmlsafe', 'htmlsafe'); $smarty->register_modifier('urlsafe', 'urlsafe'); $smarty->register_modifier('urlencode', 'urlencode'); $smarty->register_modifier('outhtml', 'outhtml'); $smarty->register_modifier('htmlout', 'outhtml'); //common typo $smarty->register_modifier('urlescape', 'urlencode'); //common typo $install_tables_exists = checkTableExists(TB_PREFIX . "biller"); if ($install_tables_exists == true) { $install_data_exists = checkDataExists(); } //TODO - add this as a function in sql_queries.php or a class file //if ( ($install_tables_exists != false) AND ($install_data_exists != false) ) if ($install_tables_exists != false) { if (getNumberOfDoneSQLPatches() > "196") { $sql = "SELECT * from " . TB_PREFIX . "extensions WHERE (domain_id = :id OR domain_id = 0 ) ORDER BY domain_id ASC"; $sth = dbQuery($sql, ':id', $auth_session->domain_id) or die(htmlsafe(end($dbh->errorInfo()))); while ($this_extension = $sth->fetch()) { $DB_extensions[$this_extension['name']] = $this_extension; } $config->extension = $DB_extensions; } } // If no extension loaded, load Core if (!$config->extension) { $extension_core = new Zend_Config(array('core' => array('id' => 1, 'domain_id' => 1, 'name' => 'core', 'description' => 'Core part of Simple Invoices - always enabled', 'enabled' => 1))); $config->extension = $extension_core; } include_once './include/language.php'; include_once './include/functions.php';
$user_table = getNumberOfDoneSQLPatches() < "161" ? "users" : "user"; $user_email = getNumberOfDoneSQLPatches() < "184" ? "user_email" : "email"; $user_password = getNumberOfDoneSQLPatches() < "184" ? "user_password" : "password"; $authAdapter->setTableName(TB_PREFIX . $user_table)->setIdentityColumn($user_email)->setCredentialColumn($user_password)->setCredentialTreatment('MD5(?)'); $userEmail = $_POST['user']; $password = $_POST['pass']; // Set the input credential values (e.g., from a login form) $authAdapter->setIdentity($userEmail)->setCredential($password); // Perform the authentication query, saving the result $result = $authAdapter->authenticate(); if ($result->isValid()) { Zend_Session::start(); /* * grab user data from the database */ $PatchesDone = getNumberOfDoneSQLPatches(); //patch 147 adds user_role table - need to accomodate pre and post patch 147 if ($PatchesDone < "147") { $result = $zendDb->fetchRow("\n\t\t\t\tSELECT \n\t\t\t\t\tu.user_id AS id, u.user_email, u.user_name\n\t\t\t\tFROM \n\t\t\t\t\t" . TB_PREFIX . "users u\n\t\t\t\tWHERE \n\t\t\t\t\tuser_email = ?", $userEmail); $result['role_name'] = "administrator"; } elseif ($PatchesDone < "184") { $result = $zendDb->fetchRow("\n\t\t\t\tSELECT \n\t\t\t\t\tu.user_id AS id, u.user_email, u.user_name, r.name AS role_name, u.user_domain_id\n\t\t\t\tFROM \n\t\t\t\t\t" . TB_PREFIX . "user u \n\t\t\t\t\tLEFT JOIN " . TB_PREFIX . "user_role r ON (u.user_role_id = r.id)\n\t\t\t\tWHERE \n\t\t\t\t\tu.user_email = ?", $userEmail); } elseif ($PatchesDone < "292") { $result = $zendDb->fetchRow("\n\t\t\t\tSELECT \n\t\t\t\t\tu.id, u.email, r.name AS role_name, u.domain_id, 0 AS user_id\n\t\t\t\tFROM \n\t\t\t\t\t" . TB_PREFIX . "user u \n\t\t\t\t\tLEFT JOIN " . TB_PREFIX . "user_role r ON (u.role_id = r.id)\n\t\t\t\tWHERE \n\t\t\t\t\tu.email = ? AND u.enabled = '" . ENABLED . "'", $userEmail); // Customer / Biller User ID available on and after Patch 292 } else { $result = $zendDb->fetchRow("\n\t\t\t\tSELECT \n\t\t\t\t\tu.id, u.email, r.name AS role_name, u.domain_id, u.user_id\n\t\t\t\tFROM \n\t\t\t\t\t" . TB_PREFIX . "user u \n\t\t\t\t\tLEFT JOIN " . TB_PREFIX . "user_role r ON (u.role_id = r.id)\n\t\t\t\tWHERE \n\t\t\t\t\tu.email = ? AND u.enabled = '" . ENABLED . "'", $userEmail); } /* * chuck the user details sans password into the Zend_auth session */
function checkDataExists() { $test = getNumberOfDoneSQLPatches(); if ($test > 0) { return true; } else { return false; } }
FROM si_users u WHERE user_email = ?', $userEmail); $result['role_name'] = "administrator"; } if (getNumberOfDoneSQLPatches() >= "147" && getNumberOfDoneSQLPatches() < "184") { $result = $zendDb->fetchRow(' SELECT u.user_id as id, u.user_email, u.user_name, r.name as role_name, u.user_domain_id FROM si_user u, si_user_role r WHERE u.user_email = ? AND u.user_role_id = r.id', $userEmail); } if (getNumberOfDoneSQLPatches() >= "184") { $result = $zendDb->fetchRow("\r\n\t\t\t\tSELECT \r\n\t\t\t\t\tu.id, u.email, r.name as role_name, u.domain_id\r\n\t\t\t\tFROM \r\n\t\t\t\t\tsi_user u, si_user_role r \r\n\t\t\t\tWHERE \r\n\t\t\t\t\tu.email = ? AND u.role_id = r.id AND u.enabled = '" . ENABLED . "'", $userEmail); } /* * chuck the user details sans password into the Zend_auth session */ $authNamespace = new Zend_Session_Namespace('Zend_Auth'); foreach ($result as $key => $value) { $authNamespace->{$key} = $value; } header('Location: .'); } else { $errorMessage = 'Sorry, wrong user / password'; } } if ($_POST['action'] == 'login' && (empty($_POST['user']) or empty($_POST['pass']))) {