public function FirstName() { if (StakeLeader::IsLoggedIn()) { return $this->FirstName; } $formal = false; $callings = $this->Callings(); $merited = array("Bishop", "Bishopric 1st Counselor", "Bishopric 2nd Counselor", "High Counselor"); // First check for calling foreach ($callings as $c) { if ($c->Name == "Bishop") { return "Bishop"; } // Bishop gets own title if (in_array($c->Name, $merited)) { $formal = true; break; } } // Now check age if not already decided if (!$formal) { $secondsPerYear = 31557600; $formal = floor(abs(strtotime(now()) - strtotime($this->Birthday)) / $secondsPerYear) > 30; } return $formal ? Gender::RenderLDS($this->Gender) : $this->FirstName; }
public static function IsLoggedIn() { // To prevent possible session hijacking, compare IP addresses // from what they logged in with to what the current client has. // If it's different, the session ID was probably intercepted. // In that case, do a full, deliberate logout. if (isset($_SESSION['ipaddress']) && $_SESSION['ipaddress'] != $_SERVER['REMOTE_ADDR']) { StakeLeader::Logout(); } return isset($_SESSION['stakeLeaderID']) && isset($_SESSION['ipaddress']) && isset($_SESSION['timestamp']) && $_SESSION['stakeLeaderID'] > 0 && $_SESSION['ipaddress'] == $_SERVER['REMOTE_ADDR']; }
<?php /* This file helps insert a new stake leader account into the system. Make sure only the webmaster can access it. */ exit; // SAFETY LINE; comment-out or remove this line to use this file. require_once "../lib/init.php"; $leader = new StakeLeader(); $leader->Email = ""; // Stake leader's email address $leader->SetPassword(""); // Stake leader's account password $leader->StakeID = 0; // ID number of the stake he belongs to (Stakes table, column `ID`) $leader->Gender = Gender::Male; // Usually this is Male... $leader->Calling = ""; // Calling of the stake leader, for example: "Stake Presidency Second Counselor" or "Stake President" or "Stake Executive Secretary" $leader->Title = ""; // Title of the stake leader, for example: "President" or "Brother" $leader->FirstName = ""; // First name of the stake leader (required) $leader->MiddleName = ""; // Middle name or initial of the stake leader; not required $leader->LastName = ""; // Last name of the stake leader $leader->Save(); // Saves the leader. echo "<pre>";
<?php require_once "lib/init.php"; if (Member::IsLoggedIn() || StakeLeader::IsLoggedIn()) { header("Location: /directory"); } ?> <!DOCTYPE html> <html> <head> <title><?php echo SHORT_SITE_NAME; ?> </title> <?php include "includes/head.php"; ?> <!-- Facebook OpenGraph tags (for sharing) --> <meta name="description" content="Sign up so your ward can get your membership records. You'll also get a custom directory and abilities to text and email."> <meta property="og:image" content="http://<?php echo $_SERVER['SERVER_NAME']; echo SITE_LARGE_IMG; ?> "> <meta property="og:title" content="Welcome — <?php echo SITE_NAME; ?> "> <meta property="og:site_name" content="<?php echo SITE_NAME; ?>
public function Start() { // Necessary fields must be basically valid if ($this->Started > 0 || $this->Finished > 0 || !$this->StakeID && !$this->WardID || !$this->SenderID || !$this->Message || !$this->Recipients || count($this->Recipients) == 0) { return false; } // Populate the sender name and email fields for preservation purposes if ($this->IsMemberSender()) { $mem = Member::Load($this->SenderID); $this->SenderName = $mem->FirstName() . " " . $mem->LastName; $this->SenderPhone = $mem->PhoneNumber; } else { $leader = StakeLeader::Load($this->SenderID); $this->SenderName = $leader->Title . " " . $leader->FirstName . " " . $leader->LastName; $this->SenderPhone = $leader->PhoneNumber; } // We leave sendsms.php to set and save the "start" timestamp; we don't do it here. $this->Save(); // See EmailJob.php for any explanation about this last part $docroot = DOCROOT; $smspwd = SMS_JOB_PASSWORD; $cmd = "php {$docroot}/api/sendsms.php {$this->ID} {$smspwd}"; exec("/usr/bin/nohup {$cmd} &> error_log &"); return true; }
public function Start() { // Necessary fields must be filled out if ($this->Started > 0 || $this->Ended > 0 || !$this->MemberID && !$this->StakeLeaderID || !$this->Subject || !$this->Message || !$this->Recipients) { return; } // Populate the sender name and email fields for preservation purposes if ($this->IsMemberSender()) { $mem = Member::Load($this->MemberID); $this->SenderName = $mem->FirstName() . " " . $mem->LastName; $this->SenderEmail = $mem->Email; } else { $leader = StakeLeader::Load($this->StakeLeaderID); $this->SenderName = $leader->Title . " " . $leader->LastName; $this->SenderEmail = $leader->Email; } // We leave sendemails.php to set and save the "start" timestamp; we don't do it here. $this->Save(); // Call the worker process to run in the background. We pass in the ID // of the EmailJob so it can load all its info and process it. The worker // process sends the emails at a throttled rate. // The & tells it to go into the background, and the /dev/null thing // means any output can be discarded. The funky string "DKQl..." is a // password for internal use to help verify that the request is a valid one // from a legit source. $docroot = DOCROOT; $pwd = EMAIL_JOB_PASSWORD; $cmd = "php {$docroot}/api/sendemails.php {$this->ID} {$pwd}"; exec("/usr/bin/nohup {$cmd} &> error_log &"); }
// Keep users logged in for a month... TODO: This doesn't work?? $SESSION_LIFETIME = 60 * 60 * 24 * 30; session_set_cookie_params($SESSION_LIFETIME); ini_set('session.gc_maxlifetime', $SESSION_LIFETIME); // Start session... we'll need it session_start(); require_once "common.php"; // Open a persistent connection to the database $DB = new DB(); // If the user is logged in, update last activity. // They could be a leader or a regular member. $MEMBER = Member::Current(); $LEADER = null; $WARD = null; if ($MEMBER) { $MEMBER->UpdateLastActivity(); } else { $LEADER = StakeLeader::Current(); if ($LEADER) { $LEADER->UpdateLastActivity(); } } if ($MEMBER) { $WARD = Ward::Load($MEMBER->WardID); } else { if ($LEADER) { $WARD = Ward::Load($_SESSION['wardID']); } } $USER = $MEMBER ? $MEMBER : $LEADER; define('IS_MOBILE', isMobile());
<?php require_once "../lib/init.php"; @($eml = trim($_POST['eml'])); @($pwd = trim($_POST['pwd'])); // Login; returns null if bad credentials. // First see if they're a regular member... $m = Member::Login($eml, $pwd); // Where to potentially redirect the member after login $afterLogin = isset($_SESSION['after_login']) ? $_SESSION['after_login'] : "******"; if (!$m) { // No? Maybe a stake leader? $s = StakeLeader::Login($eml, $pwd); if (!$s) { Response::Send(400); } else { // Choose the first ward in the stake... alphabetically I guess... as default view for them. $r = mysql_fetch_array(DB::Run("SELECT ID FROM Wards WHERE StakeID='{$s->StakeID}' AND Deleted != 1 ORDER BY Name ASC LIMIT 1")); $_SESSION['wardID'] = $r['ID']; // Stake leader logged in. Response::Send(200, $afterLogin); } } else { Response::Send(200, $afterLogin); }
} // Verify that the credentials ID matches the token $credID = DB::Safe($credID); $token = DB::Safe($token); $r = DB::Run("SELECT 1 FROM `PwdResetTokens` WHERE `CredentialsID`='{$credID}' AND `Token`='{$token}' LIMIT 1"); if (mysql_num_rows($r) == 0) { Response::Send(400, "Account ID and token do not appear to match. Maybe try again from the link in your email?"); } // Get account object (Member or Leader) -- first we have to determine which type it is $q2 = DB::Run("SELECT * FROM Credentials WHERE ID='{$credID}' LIMIT 1"); $r = mysql_fetch_array($q2); $memberID = $r['MemberID']; $leaderID = $r['StakeLeaderID']; $user = null; if ($memberID && !$leaderID) { $user = @Member::Load($memberID); } else { if ($leaderID && !$memberID) { $user = @StakeLeader::Load($leaderID); } } if (!$user) { Response::Send(500, "Could not load account with ID '{$memberID}' or '{$leaderID}', from credentials ID {$credID} -- please report this exact error message. Thanks..."); } // Reset password. if (!$user->ChangePassword($pwd1)) { // This function deletes the token from the DB for us Response::Send(500, "Could not reset your password for some reason... please report this."); } // In the clear! Response::Send(200);
<?php require_once "lib/init.php"; // Make sure they're first logged in protectPage(0, true); if ($MEMBER) { // Perform member logout if (!Member::Logout()) { // Uh oh. // Attempt to perform manual, "hard-wired" logout... $_SESSION['userID'] = 0; if (isset($_SESSION['userID'])) { unset($_SESSION['userID']); } session_destroy(); } } else { // Perform leader logout if (!StakeLeader::Logout()) { // Same spiel as above... $_SESSION['stakeLeaderID'] = 0; if (isset($_SESSION['stakeLeaderID'])) { unset($_SESSION['stakeLeaderID']); } session_destroy(); } } header("Location: /");
function errorHandler($level, $errorMsg, $file, $line) { // Don't handle it if the error was suppressed (maybe with @) (or error reporting is off) if (!error_reporting()) { return true; } $errorType; if ($level == E_USER_ERROR) { $errorType = "Error"; } else { if ($level == E_USER_WARNING) { $errorType = "Warning"; } else { if ($level == E_USER_NOTICE) { $errorType = "Notice"; } else { $errorType = "Unknown"; } } } $alertSubject = $errorType . ": " . $errorMsg; $alertBody = "FILE: {$file}\r\nLINE: {$line}\r\nPROBLEM: {$errorType}: {$errorMsg}\r\n"; // See if there's a logged-in user $user = Member::Current(); if (!$user) { $user = StakeLeader::Current(); } if ($user) { $alertBody .= "Currently logged-in user:\r\n" . print_r($user, true); } $alertBody .= "\r\n\r\n--\r\nAutomatically generated by the PHP error handling subsystem for debugging purposes."; $mail = new Mailer(); $mail->FromAndReplyTo(ERR_HANDLE_FROM_NAME, EMAIL_BLACKHOLE); $mail->Subject($alertSubject); $mail->Body($alertBody); $mail->To(WEBMASTER_NAME, WEBMASTER_EMAIL); $mail->Send(); // Write this to the server's internal log file... error_log("{$errorType}: {$errorMsg} in {$file} on line {$line}\n", LOG_TYPE, LOG_FILE); // Don't execute PHP's internal error handler return true; }