function loadMenu()
{
if (LoggedIn()) {
$dir = dirname(__FILE__);
include $dir . "/pixel2menu.php";
}
}
function tmpModuleLeft()
{
// April 4, 2007, KFD. Allow a breakout here
if (function_exists('appModuleLeft')) {
$continue = appModuleLeft();
return $continue;
}
//echo "<br/>";
if (!LoggedIn()) {
return;
}
// Only display menu if
if (OptionGet('MENULEFT', 'Y') == 'Y') {
$module = SessionGet("AGMENU_MODULE");
$AGMENU = SessionGet("AGMENU");
$kount = 0;
if (isset($AGMENU[$module])) {
$desc = $AGMENU[$module]['description'];
echo "<ul class=\"nav nav-list\">";
echo "<li class=\"nav-header\">{$desc}</li>";
foreach ($AGMENU[$module]['items'] as $key => $info) {
$hExtra = ' tabindex="' . hpTabIndexNext(100) . '"';
// We may make the first item the focused item if nothing else
// has been picked yet. This code runs when rendering is going on
// and the class-specific biz code has all run already, so it will
// not override any business-specific focus setting
if (vgfGet('HTML_focus') == '') {
$hExtra .= ' ID="FIRSTSPLITMENU" NAME="FIRSTSPLITMENU" ';
vgfSet('HTML_focus', 'FIRSTSPLITMENU');
}
$kount++;
$d = '?gp_page=' . $key;
$h = hLink("mainlevel", $info['description'], $d, $hExtra);
echo "\n<li>{$h}</li>";
// Possibly two more links
if (ArraySafe($info, 'linknew') == 'Y') {
$hx = ' tabindex="' . hpTabIndexNext(100) . '" style="margin-left:30px"';
$h = hLink("mainlevel", 'New', $d . '&gp_mode=ins', $hx);
echo "\n<li>{$h}</td></li>";
}
if (ArraySafe($info, 'linksearch') == 'Y') {
$hx = ' tabindex="' . hpTabIndexNext(100) . '" style="margin-left:30px"';
$h = hLink("mainlevel", 'Search', $d . '&gp_mode=search', $hx);
echo "\n<li>{$h}</li>";
}
}
echo "</ul>";
}
}
if (isset($continue)) {
return $continue;
}
//while ($kount++ < 30) { echo "<br>"; }
}
function hWiki($table_id, $pagename, $input, $title = '')
{
$this->table_id = $table_id;
// Remove carriage returns, makes things much easier
$html = str_replace("\r", '', $input);
// Put in an "edit this page" if user is logged in
if (LoggedIn() && $table_id != '') {
echo "<br><div>";
echo '<a href="?gp_page=pages&gp_pk=' . urlencode($pagename) . '">EDIT THIS PAGE</a>';
echo "</div>";
}
// If a title was provided, put it in h1 at top
$retval = $title == '' ? '' : "<h1>" . hSanitize($title) . "</h1>";
// Break into lines and begin outputting
$ahtml = explode("\n", $html);
$mode = '';
foreach ($ahtml as $oneline) {
switch ($mode) {
case 'html':
$f4 = substr($oneline, 0, 5);
if ($f4 == "</div" || $f4 == "</pre") {
$mode = '';
$new = $oneline . "\n";
} else {
$new = $oneline . "\n";
}
break;
case 'para':
list($mode, $new) = $this->wikiProcessModePara($oneline);
$new .= "\n";
break;
case 'list':
list($mode, $new) = $this->wikiProcessModeList($oneline);
$new .= "\n";
break;
default:
list($mode, $new) = $this->wikiProcessModeBlank($oneline);
break;
}
$retval .= $new;
}
return $retval;
}
<?php
include_once "common.php";
if (LoggedIn() === true) {
$ownerid = GetUserIdByName(GetUserName());
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>3pm - Home</title>
<script type="text/javascript">
function CallParentSetTrackToPlay( divObj ) {
var trackKey = divObj.getAttribute( 'data-keycode' );
var trackId = divObj.getAttribute( 'data-trackid' );
var trackTitle = divObj.getAttribute( 'data-title' );
var trackArtist = divObj.getAttribute( 'data-artist' );
var trackAlbum = divObj.getAttribute( 'data-album' );
parent.SetTrackToPlay( trackKey, trackTitle, trackArtist, trackAlbum, trackId );
}
function ClearSelection() {
if(document.selection && document.selection.empty) {
document.selection.empty();
} else if(window.getSelection) {
var sel = window.getSelection();
sel.removeAllRanges();
}
}
document.onclick = parent.CloseUserMenu;
</script>
<link type="text/css" rel="stylesheet" href="style.css">
if (mosCountModules('right')) {
?>
<td class="right">
<div class="sidepad">
<?php
mosLoadModules('right', -2);
?>
</div>
</td>
<?php
}
?>
</tr>
</table>
<?php
if (!(vgfGet('x4') === true && LoggedIn())) {
?>
<div id="bot-footer">
<?php
mosLoadModules('footer', -1);
?>
</div>
<?php
}
?>
</div>
<?php
if (!gpExists('x4Page')) {
?>
<div id="bot-rocket">
<a href="http://www.rockettheme.com"><span class="rocket"> </span></a>
">
<textarea name='InquireText' cols='70' rows='5'></textarea>
<?php
if (LoggedIn()) {
echo "<input type='submit' value='Submit Enquiry'>";
} else {
echo "<h3> Please Login to Submit Enquiry";
}
?>
</form>
<?php
}
?>
</div>
<?php
if (LoggedIn()) {
if (!CheckApplication(Username(), $house->ID)) {
?>
<div class="EnquireBox">
<h2> Apply For Property </h2>
<!-- Application form -->
<form action="Actions.php" method="get">
<input type="hidden" name="Action" value="LeaseApplication">
<input type="hidden" name="HouseID" value="<?php
echo $house->ID;
?>
">
<div class="InputLine"> <label>Lease Start Date</label> <input type="date" name="BookingDate"> </div>
<div class="InputLine"> <label>Lease Duration</label>
<select name="Duration">
<option value="3"> 3 Months </option>
function Login_Process()
{
$arg2 = $this->directlogin == true ? 'direct' : '';
// only process if user hit "post"
if (gp('gp_posted', '', false) == '') {
return;
}
vgfSet('LoginAttemptOK', false);
// Error title
vgfSet('ERROR_TITLE', '*');
// If the user supplied a loginUID, this is a post and we
// must process the request.
$ale = vgaGet('login_errors', array());
$app = $GLOBALS['AG']['application'];
$em000 = isset($ale['000']) ? $ale['000'] : "That username/password combination did not work. Please try again.";
$em001 = isset($ale['001']) ? $ale['001'] : "That username/password combination did not work. Please try again.";
$em002 = isset($ale['002']) ? $ale['002'] : "That username/password combination did not work. Please try again.";
$em099 = isset($ale['099']) ? $ale['099'] : "That username/password combination did not work. Please try again.";
$terror = "";
$uid = gp('loginUID');
$uid = MakeUserID($uid);
//$uid = str_replace('@','_',$uid);
//$uid = str_replace('.','_',$uid);
$pwd = gp("loginPWD", "", false);
// First check, never allow the database server's superuser
// account
//
if ($uid == "postgres") {
ErrorAdd($em000);
if (vgfGet('loglogins', false)) {
sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt as postgres");
fwLogEntry('1011', 'Attempt login as postgres', '', $arg2);
}
return;
}
$app = $GLOBALS['AG']['application'];
if (substr($uid, 0, strlen($app)) == $app) {
ErrorAdd($em001);
if (vgfGet('loglogins', false)) {
sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt as group role");
fwLogEntry('1012', 'Attempt login as group role', $uid, $arg2);
}
return;
}
// Begin with a connection attempt.
// on fail, otherwise continue
$tcs = @SQL_CONN($uid, $pwd);
if ($tcs === false) {
ErrorAdd($em099);
if (vgfGet('loglogins', false)) {
sysLog(LOG_NOTICE, "Andromeda:{$app}:Bad login attempt server rejected");
fwLogEntry('1013', 'Server rejected username/password', $uid, $arg2);
}
return;
} else {
SQL_CONNCLOSE($tcs);
}
// The rest of this routine uses an admin connection. If we
// have an error, we must close the connection before returning!
// ...yes, yes, that's bad form, all complaints to /dev/null
//
if (vgfGet('loglogins', false)) {
fwLogEntry('1010', 'Login OK', $uid, $arg2);
}
scDBConn_Push();
// See if they are a root user. If not, do they have an
// active account?
$root = false;
$admin = false;
$group_id_eff = '';
$results = SQL("\n Select oid\n FROM pg_roles \n WHERE rolname = CAST('{$uid}' as name)\n AND rolsuper= true");
$cr = SQL_NUMROWS($results);
if ($cr != 0) {
$root = true;
} else {
$results = SQL("Select * from users WHERE LOWER(user_id)='{$uid}'" . "AND (user_disabled<>'Y' or user_disabled IS NULL)");
$cr = SQL_NUMROWS($results);
if ($cr == 0) {
scDBConn_Pop();
ErrorAdd($em002);
sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt code 002");
return;
} else {
$userinfo = SQL_Fetch_Array($results);
$group_id_eff = $userinfo['group_id_eff'];
SessionSet('user_name', $userinfo['user_name']);
}
}
// Flag if the user is an administrator
if ($root == true) {
$admin = true;
} else {
$results = SQL("select count(*) as admin from usersxgroups " . "where user_id='{$uid}' and group_id ='{$app}" . "_admin'");
$row = SQL_FETCH_ARRAY($results);
$admin = intval($row["admin"]) > 0 ? true : false;
}
// Get the users' groups
$groups = "";
if ($root) {
$results = SQL("\n select group_id \n from zdd.groups \n where COALESCE(grouplist,'')=''");
} else {
$results = SQL("select group_id from usersxgroups WHERE LOWER(user_id)='{$uid}'");
}
while ($row = SQL_FETCH_ARRAY($results)) {
$agroups[] = "'" . trim($row['group_id']) . "'";
#$groups.=ListDelim($groups)."'".trim($row["group_id"])."'";
}
$groups = array();
if (!empty($agroups)) {
$groups = implode(",", $agroups);
}
//scDBConn_Pop();
// We have a successful login. If somebody else was already
// logged in, we need to wipe out that person's session. But
// don't do this if there was an anonymous login.
if (LoggedIn()) {
$uid_previous = SessionGet('UID');
if ($uid != $uid_previous) {
//Session_Destroy();
SessionReset();
//Index_Hidden_Session_Start(false);
}
}
// We know who they are and that they can connect,
// see if there is any app-specific confirmation required
//
if (function_exists('app_login_process')) {
//echo "Calling the process now";
if (!app_login_process($uid, $pwd, $admin, $groups)) {
return;
}
}
// Protect the session from hijacking, generate a new ID
Session_regenerate_id();
// We now have a successful connection, set some
// flags and lets go
//
vgfSet('LoginAttemptOK', true);
SessionSet("UID", $uid);
SessionSet("PWD", $pwd);
SessionSet("ADMIN", $admin);
SessionSet("ROOT", $root);
SessionSet("GROUP_ID_EFF", $group_id_eff);
SessionSet("groups", $groups);
if (gp('gpz_page') == '') {
# KFD 9/12/08, extra command to not change page
if (gp('st2keep') != 1) {
gpSet('gp_page', '');
}
}
$GLOBALS['session_st'] = 'N';
// for "N"ormal
// -------------------------------------------------------------------
// We are about to make the menu. Before doing so, see if there
// are any variables set for the menu layout. Set defaults and then
// load from database.
//
$this->pmenu = array('MENU_TYPE' => vgaGet('MENU_TYPE', 'div'), 'MENU_CLASS_MODL' => vgaGet('MENU_CLASS_MODL', 'modulename'), 'MENU_CLASS_ITEM' => vgaGet('MENU_CLASS_ITEM', 'menuentry'), 'MENU_TICK' => vgaGET('MENU_TICK', ' - '));
//$sql = "SELECT * from variables WHERE variable like 'MENU%'";
//$dbres = SQL($sql);
//while ($row = SQL_FETCH_ARRAY($dbres)) {
// $this->pmenu[trim($row['variable'])]=trim($row['variable_value']);
//}
// -------------------------------------------------------------------
// KFD 10/28/06, Modified to examine "nomenu" instead of permsel
// pulls all tables user has nomenu='N'. The basic idea is
// to remove from $AGMENU the stuff they don't see
//
// GET AGMENU
$AGMENU = array();
// avoid compiler warning, populated next line
include "ddmodules.php";
// Pull distinct modules person has any menu options in.
$sq = "SELECT DISTINCT module\n FROM zdd.perm_tabs \n WHERE nomenu='N'\n AND group_id iN ({$groups})";
$modules = SQL_AllRows($sq, 'module');
$AGkeys = array_keys($AGMENU);
foreach ($AGkeys as $AGkey) {
if (!isset($modules[$AGkey])) {
unset($AGMENU[$AGkey]);
}
}
// Now recurse the remaining modules and do the same trick
// for each one, removing the tables that don't exist
foreach ($AGMENU as $module => $moduleinfo) {
$sq = "SELECT DISTINCT table_id\n FROM zdd.perm_tabs \n WHERE nomenu='N'\n AND module = '{$module}'\n AND group_id iN ({$groups})";
$tables = SQL_AllRows($sq, 'table_id');
$tkeys = array_keys($moduleinfo['items']);
foreach ($tkeys as $tkey) {
if (!isset($tables[$tkey])) {
unset($AGMENU[$module]['items'][$tkey]);
}
}
}
// KFD 12/18/06. Put all table permissions into session
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND nomenu='N'", 'table_id');
SessionSet('TABLEPERMSMENU', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permsel='Y'", 'table_id');
SessionSet('TABLEPERMSSEL', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permins='Y'", 'table_id');
SessionSet('TABLEPERMSINS', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permupd='Y'", 'table_id');
SessionSet('TABLEPERMSUPD', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permdel='Y'", 'table_id');
SessionSet('TABLEPERMSDEL', array_keys($table_perms));
//echo "<div style='background-color:white'>";
//echo "$uid $groups $group_id_eff";
//hprint_r(SessionGet('TABLEPERMSMENU'));
//hprint_r(SessionGet('TABLEPERMSSEL'));
//echo "</div>";
// KFD 7/9/07, we always use joomla templates now, don't need
// options to turn them off
//if(defined('_ANDROMEDA_JOOMLA')) {
// In a hybrid situation, put the menu into the session
SessionSet('AGMENU', $AGMENU);
//}
$HTML_Menu = "";
$WML_Menu = "";
/*
foreach ($AGMENU as $key=>$module) {
//if($key=="datadict") continue;
//if($key=="sysref") continue;
$HTML_Module="";
$WML_Module="";
foreach($module["items"] as $itemname=>$item) {
if (!isset($item["mode"])) { $item["mode"]="normal"; }
switch ($item["mode"]) {
case "normal":
$ins=false;
$extra=array();
if($item['menu_parms']<>'') {
$aextras=explode('&',$item['menu_parms']);
foreach($aextras as $aextra) {
list($var,$value)=explode("=",$aextra);
$extra[$var]=$value;
}
}
$HTML_Module.=$this->_MenuItem(
$item['description'],$itemname,$ins,$extra
);
$WML_Module.="<div>";
$WML_Module.=hLink(
'',$item['description'],'?gp_page='.$itemname
);
$WML_Module.="</div>";
break;
case "ins":
//if ($admin || isset($tables_ins[$item["name"]])) {
$HTML_Module.=$this->_MenuItem(
$item['description'],$itemname,true
);
//}
break;
#$HTML_Module.=
# "\n<font class=\"tablename\">- <a href=\"index.php?gp_page=".$itemname."\">".
# $item["description"]."</a></font><br />";
}
}
// the module is defined AFTER its contents so it can be
// left off if it has no entries
if ($HTML_Module!="") {
$HTML_Menu.=$this->_MenuModule($module['description']);
$HTML_Menu.=$HTML_Module;
}
if ($WML_Module!="") {
$WML_Menu.="<div><b>".$module['description']."</b></div>";
$WML_Menu.=$WML_Module;
}
}
*/
DynamicSave("menu_" . $uid . ".php", $HTML_Menu);
DynamicSave("menu_wml_" . $uid . ".php", $WML_Menu);
// -------------------------------------------------------------------
// Fetch and cache user preferences
if (vgaGet('member_profiles')) {
cacheMember_Profiles();
}
// -------------------------------------------------------------------
// Now find the user's table permissions more precisely table by table
$sql = "select p.table_id,\n\t\t\t\tmax(case when p.permins='Y' then 1 else 0 end) as permins,\n\t\t\t\tmax(case when p.permupd='Y' then 1 else 0 end) as permupd,\n\t\t\t\tmax(case when p.permdel='Y' then 1 else 0 end) as permdel,\n\t\t\t\tmax(case when p.permsel='Y' then 1 else 0 end) as permsel\n\t\t\t\tfrom zdd.perm_tabs P\n\t\t\t\tWHERE group_id in ({$groups})\n\t\t\t\tGROUP BY p.table_id";
//echo $sql;
$results = SQL($sql);
$HTML_Perms = "<?php\n\$table_perms = array();\n";
while ($row = SQL_FETCH_ARRAY($results)) {
$tn = $row["table_id"];
$ti = $row["permins"];
$tu = $row["permupd"];
$td = $row["permdel"];
$ts = $row["permsel"];
$HTML_Perms .= "\$table_perms[\"{$tn}\"]=array(\"ins\"=>{$ti},\"upd\"=>{$tu},\"del\"=>{$td},\"sel\"=>{$ts});\n";
}
$HTML_Perms .= "?>\n";
DynamicSave("perms_" . $uid . ".php", $HTML_Perms);
/* October 28, 2006, KFD. Rem'd this all out, column and row security
made this irrelevant
// -------------------------------------------------------------------
// Find out if this user has any UID Columns, columns that create
// filters on the user's UID
$sql = "Select column_id FROM groupuids WHERE group_id IN ($groups)";
//echo $sql;
$results = SQL($sql);
$groupuids = array();
while ($row = SQL_FETCH_ARRAY($results)) {
//echo "Found this one".$row["column_id"];
$groupuids[$row["column_id"]] = $row["column_id"];
}
SessionSet("groupuids",$groupuids);
*/
scDBConn_Pop();
return;
}
function Login()
{
global $CFG, $dbConn;
// Are they already logged in?
if ($_SESSION['loggedin']) {
LoggedIn();
}
// Are they coming for the first time?
if (!$_REQUEST['username']) {
// Yes, so give them the login page.
require "./skins/{$CFG['skin']}/login.tpl.php";
exit;
}
// Grab the values (if any) the user posted.
$strPostedUsername = $dbConn->sanitize($_REQUEST['username']);
$strPostedPassword = $_REQUEST['password'];
// Get the member information of the member whose username was specified.
$dbConn->query("SELECT * FROM citizen WHERE username='******' AND reghash IS NULL");
// Was the username of a real member?
if ($aSQLResult = $dbConn->getresult(TRUE)) {
// Yes, so do the passwords match?
if ($aSQLResult['passphrase'] == md5($strPostedPassword)) {
// Store the member information into the session.
LoadUser($aSQLResult);
// Delete any guest entries from the session table.
$dbConn->query("DELETE FROM guest WHERE id='" . session_id() . "'");
// Do they wanna be remembered?
if ($aSQLResult['autologin']) {
setcookie('activeuserid', $_SESSION['userid'], $CFG['globaltime'] + 2592000, $CFG['paths']['cookies']);
setcookie('activepassword', $aSQLResult['passphrase'], $CFG['globaltime'] + 2592000, $CFG['paths']['cookies']);
}
// Show them the success page.
LoggedIn();
}
}
// Invalid username/password pair given.
Msg("Wrong username or password specified. Click <a href=\"member.php?action=login\">here</a> to go back and try again. Click <a href=\"member.php?action=forgotdetails\">here</a> if you've forgotten your member details.");
}
function ShowBooking($Booking, $Manager)
{
$date = $Booking->GetStringDate();
$usr = GetUserByUsername($Booking->HostUsername);
echo "<div class='BookingEntry'> \n\t\t<h3> {$date} </h3>\n\t\t<h4> Manager Name: {$usr->Name} </h4>\n\t\t<h4> Manager Phone: {$usr->PhoneNumber} </h4>\n\t\t<form action='Actions.php' method='get'>\n\t\t<input type='hidden' name='BookingID' value='{$Booking->ID}'>\n\t\t<input type='hidden' name='HouseID' value='{$Booking->HouseID}'> ";
if (LoggedIn()) {
if ($Manager) {
echo "<input type='submit' value='Delete'>\n\t\t\t\t<input type='hidden' name='Action' value='DeleteBooking'></form></div>";
} else {
if (CheckBooking($Booking->ID, Username())) {
echo "<input type='submit' value='Unregister'>\n\t\t\t\t\t<input type='hidden' name='Action' value='UnregisterBooking'></form></div>";
} else {
echo "<input type='submit' value='Register'>\n\t\t\t\t\t<input type='hidden' name='Action' value='RegisterBooking'></form></div>";
}
}
} else {
echo "<h4> Please Login to Register for Open House</h4> </form></div>";
}
}
/**
* KFD 2/23/08, Put frequently used links over on the left
* all of the time
*
*/
function appModuleLeft()
{
$retVal = '';
$hasContent = false;
if (!LoggedIn()) {
return false;
}
$retVal .= "<ul class=\"nav nav-list\">";
$retVal .= "<li class=\"nav-header\">Updates</li>";
$retVal .= '<li>';
$retVal .= '<a class="small" href="?gp_page=a_pullsvn">Pull Code From Subversion</a>';
$retVal .= '</li>';
// Display either applications or instances, depending upon
// which we have here
# KFD 4/15/08, make this unconditional
#$ds =OptionGet('DEV_STATION','Y');
#$boa=OptionGet( 'BUILD_ALL_APPS','N');
#if($ds=='Y' || $boa == 'Y') {
if (True) {
$apps = SQL_AllRows("Select * from applications order by application");
if (!empty($apps)) {
$hasContent = true;
$retVal .= '<li class="nav-header">Applications</li>';
foreach ($apps as $app) {
$retVal .= '<li>';
$retVal .= '<a class="pull-left" href="?gp_page=applications&gp_skey=' . $app['skey'] . '">';
$retVal .= $app['application'];
$retVal .= '</a>';
$retVal .= ' ';
$retVal .= hLinkBuild($app['application'], 'Build');
$retVal .= '</li>';
}
}
}
$instances = SQL_ALLROWS("Select * from instances\n order by application,instance");
if (!empty($instances) > 0) {
$hasContent = true;
$retVal .= '<li class="nav-header">Instances</li>';
foreach ($instances as $i) {
$retVal .= '<li>';
$retVal .= '<a class="pull-left" href="?gp_page=instances&bp_skey=' . $i['skey'] . '">';
$retVal .= $i['application'] . ' / ' . $i['instance'];
$retVal .= '</a>';
$retVal .= '<a class=" pull-right small" href="?gp_page=instances_p&gp_app=' . trim($i['application']) . '&gp_inst=' . $i['instance'] . '">';
$retVal .= 'Build/Upgrade';
$retVal .= '</a>';
$retVal .= '</li>';
}
}
$retVal .= '</ul>';
$retVal .= '<div style="clear:both;"></div>';
return $hasContent !== false ? $retVal : false;
}
function AdminNavigation()
{
$output = "<nav class=\"admin-panel\"><ul><li>";
$output .= "<a title = \"Website Content\" href=\"../public/manage_content.php\">Website Content</a>";
$output .= "</li>";
$output .= "<li>";
$output .= "<a title = \"Admins\" href=\"../public/manage_admin.php\">Admins</a>";
$output .= "</li>";
$output .= "<li>";
$output .= "<a title = \"LogOut\" href=\"../public/admin_logout.php\">Log out</a>";
$output .= "</li></ul></nav>";
if (LoggedIn()) {
return $output;
}
}
function _loginUser()
{
if ($_POST['userlogin']) {
#check fields
$logindata['username'] = trim($_POST['login_username']);
$logindata['password'] = trim($_POST['login_password']);
$errors = false;
foreach ($logindata as $key => $value) {
if (!$value) {
$this->forms['userlogin']['fields'][$key]['bgrd'] = '_error';
$errors = true;
} else {
$this->forms['userlogin']['fields'][$key]['value'] = $value;
}
}
#empty fields
if ($errors) {
$this->forms['userlogin']['errormessage'] = "Feld leer!";
} else {
$return = getUserByLogin($logindata['username'], $logindata['password']);
if (!$return || $return['activation']) {
#login wrong
$this->forms['userlogin']['errormessage'] = "Login/Passwort falsch!";
addToLogfile("Login fehlgeschlagen, User " . $logindata['username'], "Login/Logout");
} else {
#login ok
#save id and password in session
$sessionuserdata['id'] = $return['uid'];
$sessionuserdata['password'] = $return['password'];
$_SESSION['sessionuserdata'] = $sessionuserdata;
LoggedIn($return['uid']);
addToLogfile("Login", "Login/Logout", $return['uid']);
setcookie('menuitems');
$this->_header("index.php");
}
}
}
$this->template->assign('title', 'Login');
$this->template->assign('forms', $this->forms);
$this->template->display('index_login.html');
exit;
}
function index_hidden_template($mode)
{
# KFD 1/10/08. If x6 is set, we follow a completely different
# path, x6 settings win out.
$flagx6 = configGet('flag_x6', 'N');
$x6template = configGet('x6_template', '');
$x6group = configGet('x6_group', '');
if ($flagx6 == 'Y') {
# In x6, we consider the "app_template()" function first,
# if it returns something it always wins.
if (function_exists('app_template')) {
vgfSet('template', app_template());
} else {
if ($x6template == '') {
vgfSet('template', 'x6');
} else {
if (!LoggedIn() || inGroup($x6group)) {
vgfSet('template', $x6template);
} else {
vgfSet('template', 'x6');
}
}
}
} else {
# this is old x2/x4 mode, begin by obtaining a
# 'candidate' they may have been set
$candidate = vgfGet('template');
# KFD 7/23/08. Give application a chance to
# play with setting
if (function_exists('app_template')) {
vgfSet('template', app_template($candidate));
}
# KFD 7/23/08. If no template has been set by vgfSet,
# and the candidate is not empty, pick it
if ($candidate != '' && vgfGet('template') == '') {
vgfSet('template', $candidate);
}
# KFD 7/23/08. Finally, if we still don't have something,
# pick according to mode
if (vgfGet('template') == '') {
if ($mode == 'x4') {
vgfSet('template', 'pixel2');
} else {
vgfSet('template', 'rt_pixel');
}
}
}
# KFD 9/2/08. We still have one customer with a public
# interface that is not a Joomla template. If the
# template is "*" then we DO NOT set up Joomla
# compatibility. The application will use its own
# file in the application directory that is specified
# with vgaSet('html_pub').
if (vgfGet('template') == '*') {
return;
}
# Tell the JOOMLA files that we are legit
# Fool them, that is...
define("_ANDROMEDA_JOOMLA", 1);
define("_JOOMLA_ANDROMEDA", 1);
# Activate the template by creating public $J and calling funcs
global $J, $AG;
$J['TEMPLATE'] = vgfGet('template');
JoomlaCompatibility($J['TEMPLATE']);
$aphp = $AG['dirs']['root'] . '/templates/' . $J['TEMPLATE'] . '/andromeda.php';
if (file_exists($aphp)) {
include $aphp;
}
# <----- EARLY RETURN
# The rest of this is totally superseded, and can
# be removed after we go live with Beta 1
return;
/*
global $AG;
# KFD 7/3/08. Have the vgfGet() value override anything else
#
if(vgfGet('template')<>'') {
# Assign the template to spots where the legacy code will find it
$AG['template'] = vgfGet('template');
}
// First conditional fix contributed by Don Organ 9/07, $AG['template']
// was getting lost on passes 2+
if(ArraySafe($AG,'template')<>'') {
SessionSet('TEMPLATE',$AG['template']);
}
else {
if(SessionGet("TEMPLATE")=='') {
if(!file_exists(fsDirTop().'templates')) {
// There is no templates directory, so stop looking
SessionSet('TEMPLATE','*');
}
else {
if(ArraySafe($AG,'template')<>'') {
// if the app or instance specified a template at build time,
// use that.
SessionSet('TEMPLATE',$AG['template']);
}
else {
// At this point nobody has told us what to do, pick the
// first template we can find.
// Big change by KFD 3/15/08 If we do not know what
// template to use, prefer to pick rt_pixel, our
// default template, unless we find another one.
// In that case we assume that template is there for
// a reason and we use it.
$dir = $AG['dirs']['root'].'templates/';
$DIR = opendir($dir);
$rt_pixel = false;
while (false!==($filename = readdir($DIR))) {
if ($filename=='.') continue;
if ($filename=='..') continue;
if ($filename=='andro_classic') continue;
if ($filename=='x4') continue;
// DO 2-1-2008 Added to ignore SVN directory
if ($filename=='.svn') continue;
if ($filename=='rt_pixel') $rt_pixel = true;
if (is_dir($dir.$filename)) {
SessionSet('TEMPLATE',scFileName($filename));
break;
}
}
closedir($DIR);
// Here is where we pick rt_pixel if we could not
// find anything else
if($rt_pixel && SessionGet('TEMPLATE','')=='') {
SessionSet('TEMPLATE',$rt_pixel);
}
}
}
}
}
// Now if a template was identified
if(SessionGet("TEMPLATE")<>'*') {
// Notify any code that may need to know that we are in a hybrid
// Andromeda-joomla situation. This is for both template code and
// Andromeda code. We define both variables in case people forget
// which one we defined.
define("_ANDROMEDA_JOOMLA",1);
define("_JOOMLA_ANDROMEDA",1);
// Activate the template by creating public $J and calling funcs
global $J;
$J['TEMPLATE']=SessionGet('TEMPLATE');
JoomlaCompatibility($J['TEMPLATE']);
$aphp=$AG['dirs']['root'].'/templates/'.$J['TEMPLATE'].'/andromeda.php';
if(file_exists($aphp)) {
include($aphp);
}
}
*/
}
function delfile()
{
# If user is not logged in and not in file maintenance,
# quietly ignore
if (!LoggedIn()) {
return;
}
if (!inGroup('filemaint')) {
return;
}
$filename = fsDirTop() . 'apppub/' . gp('file');
unlink($filename);
}
function mosShowListMenu($menutype)
{
// -------------------------------------------------------
// Andromeda Code: If we are in an Andromeda situation
// then everything is vastly simplified, we already have
// the menu and we don't do much conversion
// -------------------------------------------------------
if (defined('_ANDROMEDA_JOOMLA')) {
if (!LoggedIn()) {
return;
}
// KFD 7/6/07, cache the menu so we don't have to do
// this on every call.
// Cachegrind cost to build menu : 259 / 199
// Cachegrind cost logging in : 140
// Cachegrind cost login, cache to session: 2!!!!
// Cachegrind cost to cache to disk : 400!
# KFD 4/17/08, rebuild menu if they switched modes
# KFD 6/21/08, simplify this by just looking at x4Welcome
#$menu_mode = gpExists('x4Page')
# ? (vgfGet('x4menu',false)==true ? 'x4' : 'classic')
# : 'classic';
$menu_mode = configGet('x4welcome', 'N') == 'Y' ? 'x4' : 'classic';
vgfSet('menu_mode', $menu_mode);
# KFD 6/21/08 (END)
if ($menu_mode != SessionGet('menu_mode')) {
sessionSet('menu', '');
sessionSet('menu_mode', $menu_mode);
}
$menu = SessionGet('menu', '');
if ($menu != '') {
echo $menu;
return;
}
ob_start();
$children = array();
$open = array();
$indents = array(array("<ul>", "<li>", "</li>", "</ul>"));
$class_sfx = null;
$hilightid = SessionGET('AGMENU_MODULE');
$hilightid = '';
$menus = SessionGET("AGMENU");
foreach ($menus as $menuid => $menuinfo) {
//if($menuid=='datadict') continue;
//if($menuid=='sysref') continue;
$x = new joomla_fake();
$x->type = 'url';
$x->id = $menuid;
if (sessionGet('menu_mode') == 'x4') {
$x->link = 'javascript:void(0);';
} else {
$x->link = "?x_module=" . urlencode($menuid);
}
$x->browserNav = '';
$x->name = $menuinfo['description'];
$children[0][] = $x;
foreach ($menuinfo['items'] as $page => $pageinfo) {
$x = new joomla_fake();
$x->type = 'url';
$x->id = $page;
# KFD 6/26/08, the vgfX(x4) was experimental, get rid of it
#if(vgfGet('x4')===true) {
# $pd = $pageinfo['description'];
# $x->link="javascript:x4Page('$page','$pd')";
#}
#else {
# KFD 6/26/08, work out the menu mode first
$xmode = 'x2';
if (sessionGet('menu_mode') == 'x4') {
$xmode = a($pageinfo, 'uix2', 'N') == 'Y' ? 'x2' : 'x4';
}
if ($xmode == 'x4') {
$x->link = '?x4Page=' . urlencode($page);
$x->link .= '&x4Return=' . vgaGet('nopage', 'menu');
} else {
$x->link = "?x_module={$menuid}&x2=1&gp_page=" . urlencode($page);
}
if (ArraySafe($pageinfo, 'menu_parms') != '') {
$x->link .= '&' . urlencode($pageinfo['menu_parms']);
}
#}
$x->browserNav = '';
$x->name = $pageinfo['description'];
$children[$menuid][] = $x;
}
}
mosRecurseListMenu(0, 0, $children, $open, $indents, $class_sfx, $hilightid);
$menu = ob_get_clean();
echo $menu;
SessionSet('menu', $menu);
//$fsMenuFileHTML=ob_get_clean();
//file_put_contents($fsMenuFile,$fsMenuFileHTML);
//echo $fsMenuFileHTML;
return;
}
// -------------------------------------------------------
// Andromeda Code: END
// -------------------------------------------------------
global $database, $my, $cur_template, $Itemid;
global $mosConfig_absolute_path, $mosConfig_live_site, $mosConfig_shownoauth;
$class_sfx = null;
$hilightid = null;
/* If a user has signed in, get their user type */
$intUserType = 0;
if ($my->gid) {
switch ($my->usertype) {
case 'Super Administrator':
$intUserType = 0;
break;
case 'Administrator':
$intUserType = 1;
break;
case 'Editor':
$intUserType = 2;
break;
case 'Registered':
$intUserType = 3;
break;
case 'Author':
$intUserType = 4;
break;
case 'Publisher':
$intUserType = 5;
break;
case 'Manager':
$intUserType = 6;
break;
}
} else {
/* user isn't logged in so make their usertype 0 */
$intUserType = 0;
}
if ($mosConfig_shownoauth) {
$database->setQuery("SELECT m.*, count(p.parent) as cnt" . "\nFROM #__menu AS m" . "\nLEFT JOIN #__menu AS p ON p.parent = m.id" . "\nWHERE m.menutype='{$menutype}' AND m.published='1'" . "\nGROUP BY m.id ORDER BY m.parent, m.ordering ");
} else {
$database->setQuery("SELECT m.*, sum(case when p.published=1 then 1 else 0 end) as cnt" . "\nFROM #__menu AS m" . "\nLEFT JOIN #__menu AS p ON p.parent = m.id" . "\nWHERE m.menutype='{$menutype}' AND m.published='1' AND m.access <= '{$my->gid}'" . "\nGROUP BY m.id ORDER BY m.parent, m.ordering ");
}
$rows = $database->loadObjectList('id');
echo $database->getErrorMsg();
//work out if this should be highlighted
$sql = "SELECT m.* FROM #__menu AS m" . "\nWHERE menutype='" . $menutype . "' AND m.published='1'";
$database->setQuery($sql);
$subrows = $database->loadObjectList('id');
$maxrecurse = 5;
$parentid = $Itemid;
//this makes sure toplevel stays hilighted when submenu active
while ($maxrecurse-- > 0) {
$parentid = getParentRow($subrows, $parentid);
if (isset($parentid) && $parentid >= 0 && $subrows[$parentid]) {
if (vgfGet('menu_mode') != 'x4') {
$hilightid = $parentid;
}
} else {
break;
}
}
if (vgfGet('menu_mode') == 'x4') {
$hilightid = '';
}
//echo "<!--[if lte IE 7]>\n";
include_once "{$mosConfig_absolute_path}/templates/" . $cur_template . "/js/ie.js";
//echo "<![endif]-->\n";
$indents = array(array("<ul>", "<li>", "</li>", "</ul>"));
// establish the hierarchy of the menu
$children = array();
// first pass - collect children
foreach ($rows as $v) {
$pt = $v->parent;
$list = @$children[$pt] ? $children[$pt] : array();
array_push($list, $v);
$children[$pt] = $list;
}
// second pass - collect 'open' menus
$open = array($Itemid);
$count = 20;
// maximum levels - to prevent runaway loop
$id = $Itemid;
while (--$count) {
if (isset($rows[$id]) && $rows[$id]->parent > 0) {
$id = $rows[$id]->parent;
$open[] = $id;
} else {
break;
}
}
$class_sfx = null;
mosRecurseListMenu(0, 0, $children, $open, $indents, $class_sfx, $hilightid);
}
<?php
$id = $_GET['id'];
include 'common-code/login.php';
if (!LoggedIn()) {
header("location:login.php");
}
$conn = dbConnect();
?>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Zealicon 2015</title>
<!-- Core CSS - Include with every page -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="font-awesome/css/font-awesome.css" rel="stylesheet">
<!-- Page-Level Plugin CSS - Tables -->
<link href="css/plugins/dataTables/dataTables.bootstrap.css" rel="stylesheet">
<!-- SB Admin CSS - Include with every page -->
<link href="css/sb-admin.css" rel="stylesheet">
</head>
<body>
/**
* This is an experimental routine.
*
* This routine is used by public websites that accept user registration
* information. The idea is that after you create their account you call
* this routine to log them in, saving them the annoyance of having to
* re-type their username/password at a login screen.
*
* string $UID User ID
* string $PWD Password
*/
function Login($UID, $PWD)
{
// Make it look like the UID and PWD were passed in on the
// request, that's where x_login wants to find them.
gpSet('loginUID', $UID);
gpSet('loginPWD', $PWD);
// Create and run the login object
$obj_login = DispatchObject('x_login');
$obj_login->Login_Process();
// If the login worked, disconnect whatever previous connection
// we had and connect back as this user. This usually means an
// anonymous connection is killed.
if (LoggedIn()) {
scDBConn_Pop();
scDBConn_PUsh();
}
}
function tmpModuleMenuRight()
{
if (!LoggedIn()) {
return;
}
$extra = '';
if (!vgfGet('x4Welcome', false) && gpExists('x4Page')) {
$extra = '<li><a href="?index.php">Classic</a>';
}
?>
<ul>
<?php
echo $extra;
?>
<li><a href='?st2logout=1'>Logout</a></li>
</ul>
<?php
return false;
}
