function login($username, $password, $skippass = false) { global $_SESSION; //need id, fullname, email departmentid, ishelpdesk, homepage, update_days, updated_on, first if ($skippass) { $where = ''; error_debug('<b>login</b> running without password', __FILE__, __LINE__); } else { $where = ' AND ' . db_pwdcompare($password, 'u.password') . ' = 1'; error_debug('<b>login</b> running with password', __FILE__, __LINE__); } if ($user = db_grab('SELECT u.id, ISNULL(u.nickname, u.firstname) firstname, u.lastname, u.email, ' . db_pwdcompare('', 'u.password') . ' password, u.departmentID, d.isHelpdesk, u.help, u.is_admin, u.updated_date, u.language_id, l.code language, ' . db_datediff('u.updated_date', 'GETDATE()') . ' update_days FROM users u LEFT JOIN languages l ON u.language_id = l.id LEFT JOIN departments d ON u.departmentID = d.departmentID WHERE u.email = \'' . $username . '\' AND u.is_active = 1' . $where)) { //login was good db_query('UPDATE users SET lastlogin = GETDATE() WHERE id = ' . $user['id']); $_SESSION['user_id'] = $user['id']; $_SESSION['is_admin'] = $user['is_admin']; $_SESSION['email'] = $user['email']; $_SESSION['homepage'] = '/bb/'; $_SESSION['departmentID'] = $user['departmentID']; $_SESSION['isHelpdesk'] = $user['isHelpdesk']; $_SESSION['update_days'] = $user['update_days']; $_SESSION['updated_date'] = $user['updated_date']; $_SESSION['password'] = $user['password']; $_SESSION['language_id'] = $user['language_id']; $_SESSION['language'] = $user['language']; $_SESSION['full_name'] = $user['firstname'] . ' ' . $user['lastname']; $_SESSION['isLoggedIn'] = true; cookie('last_login', $user['email']); cookie('last_email', $user['email']); return true; } $_SESSION['user_id'] = false; return false; }
function login($username, $password, $skippass = false) { global $user; if ($skippass) { error_debug("<b>login</b> running without password"); $user = db_grab("SELECT u.userID, p.url FROM intranet_users u JOIN pages p ON u.homePageID = p.id WHERE u.email = '{$username}'"); } else { error_debug("<b>login</b> running with password"); $user = db_grab("SELECT u.userID, p.url FROM intranet_users u JOIN pages p ON u.homePageID = p.id WHERE u.email = '{$username}' AND " . db_pwdcompare($password, "u.password") . " = 1"); } if ($user["userID"]) { db_query("UPDATE intranet_users SET lastlogin = GETDATE() WHERE userID = " . $user["userID"]); return true; } return false; }
emailPassword($_GET['id']); } url_query_drop("action"); } elseif (url_action("invite")) { emailInvite($_GET['id']); url_query_drop("action"); } url_query_require(); echo drawTop(); $r = db_grab('SELECT u.firstname, u.lastname, u.nickname, u.bio' . langExt() . ' bio, u.email, ' . db_pwdcompare("", "u.password") . ' password, u.phone, u.lastlogin, u.title' . langExt() . ' title, f.name office, u.officeID, d.departmentName, u.organization_id, o.title' . langExt() . ' organization, u.homeAddress1, u.homeAddress2, u.homeCity, s.stateAbbrev, u.homeZIP, c.title' . langExt() . ' channel, u.homePhone,
db_query("UPDATE intranet_users SET isActive = 1, deletedBy = NULL, deletedOn = NULL, endDate = NULL, updatedBy = {$user["id"]}, updatedOn = GETDATE() WHERE userID = " . $_GET["id"]); url_query_drop("action"); } elseif (url_action("passwd")) { db_query("UPDATE intranet_users SET password = PWDENCRYPT('') WHERE userID = " . $_GET["id"]); $r = db_grab("SELECT userID, email FROM intranet_users WHERE userID = " . $_GET["id"]); email_user($r["email"], "Intranet Password Reset", drawEmptyResult($user["first"] . ' has just reset your password on the Intranet. To pick a new password, please <a href="http://' . $_josh["request"]["host"] . '/login/password_reset.php?id=' . $r["userID"] . '">follow this link</a>.')); url_query_drop("action"); } elseif (url_action("invite")) { $r = db_grab("SELECT nickname, email, firstname FROM intranet_users WHERE userID = " . $_GET["id"]); $name = !$r["nickname"] ? $r["firstname"] : $r["nickname"]; email_invite($_GET["id"], $r["email"], $name); url_query_drop("action"); } url_query_require(); drawTop(); $r = db_grab("SELECT \n\t\tu.firstname,\n\t\tu.lastname,\n\t\tu.nickname, \n\t\tu.bio, \n\t\tu.email,\n\t\t" . db_pwdcompare("", "u.password") . " password,\n\t\tu.phone, \n\t\tu.lastlogin, \n\t\tu.title,\n\t\tf.name office, \n\t\td.departmentName,\n\t\tu.corporationID,\n\t\tc.description corporationName,\n\t\tu.homeAddress1,\n\t\tu.homeAddress2,\n\t\tu.homeCity,\n\t\ts.stateAbbrev,\n\t\tu.homeZIP,\n\t\tu.homePhone,\n\t\tu.homeCell,\n\t\tu.homeEmail,\n\t\tu.emerCont1Name,\n\t\tu.emerCont1Relationship,\n\t\tu.emerCont1Phone,\n\t\tu.emerCont1Cell,\n\t\tu.emerCont1Email,\n\t\tu.emerCont2Name,\n\t\tu.emerCont2Relationship,\n\t\tu.emerCont2Phone,\n\t\tu.emerCont2Cell,\n\t\tu.emerCont2Email,\n\t\tu.startDate,\n\t\tu.longDistanceCode,\n\t\tu.endDate,\n\t\tu.isActive,\n\t\tr.description rank\n\tFROM intranet_users u\n\tJOIN intranet_ranks r ON u.rankID = r.id\n\tLEFT JOIN organizations\t\t\tc ON u.corporationID = c.id\n\tLEFT JOIN intranet_departments\t\td ON d.departmentID\t= u.departmentID \t\t\t\t\n\tLEFT JOIN intranet_offices \t\tf ON f.id\t\t\t= u.officeID \t\t\t\t\n\tLEFT JOIN intranet_us_states\t\ts ON u.homeStateID\t= s.stateID\n\tWHERE u.userID = " . $_GET["id"]); $r["corporationName"] = empty($r["corporationName"]) ? '<a href="organizations.php?id=0">Shared</a>' : '<a href="organizations.php?id=' . $r["corporationID"] . '">' . $r["corporationName"] . '</a>'; if (!isset($r["isActive"])) { url_change("./"); } echo drawJumpToStaff($_GET["id"]); if (!$r["isActive"]) { $msg = "This is a former staff member. "; if ($r["endDate"]) { $msg .= $r["nickname"] ? $r["nickname"] : $r["firstname"]; $msg .= "'s last day was " . format_date($r["endDate"]) . "."; } echo drawServerMessage($msg, "center"); } ?> <table class="left" cellspacing="1">