break; case "reload" : forceReload(); break; case "denied" : deniedAlert(); break; case "login" : include_once "${_UMS_PATH}clsUmUser.php"; include_once "${_UMS_PATH}clsUmPermission.php"; include_once "${_UMS_PATH}clsUmGPermission.php"; include_once "${_UMS_PATH}clsUmUserGroup.php"; checkLogin(); break; case "logout" : default: forceLogout(); break; } } else { // Common mode if (isset($GLOBALS["SECURE_LOG"]) && !$GLOBALS["SECURE_LOG"] && $GLOBALS["_PROTOCOL"] == "https://") { header("Location: http://" . $GLOBALS["_INFO_INDEX"]); } else { if (logged_in()) { include_once "${_UMS_PATH}clsUmUserGroup.php"; include_once "${_UMS_PATH}clsUmGroup.php"; postLoginPage(); } else { preLoginPage(); session_stop(); // cleanup sess_* file. }
function checkLogin ( ) { $oConn = new clsConnection($GLOBALS["DBHOST"], $GLOBALS["DBNAME_UMS"], $GLOBALS["DBUSER_UMS"], $GLOBALS["DBPASS_UMS"]); $fValid = isset($_POST["Username"], $_POST["Password"]); if ($oConn->c && $oConn->errmsg == "" && $fValid) { $username = $_POST["Username"]; $password = $_POST["Password"]; $cookie_value = ""; $curr_time = time(); if (isset($_POST["Remember"])) { if ($_POST["Remember"] == "ce") $password = decryptmesg($password); $cookie_value = $username . "{[<->]}" . encryptmesg($password); if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') setcookie("infosys_userinfo", $cookie_value, $curr_time + 3600 * 48); else setcookie("infosys_userinfo", $cookie_value, $curr_time + 3600 * 48, $GLOBALS["ROOT_URL"], $GLOBALS["HOST_NAME"], 0); } else { if ($_POST["eRemember"] == "ce") $password = decryptmesg($password); if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') setcookie("infosys_userinfo", $cookie_value, $curr_time + 3600 * 48); else setcookie("infosys_userinfo", $cookie_value, $curr_time - 3600 * 48, $GLOBALS["ROOT_URL"], $GLOBALS["HOST_NAME"], 0); } $oUs = new umuser($oConn); if ($oCps) $oPs = new Person($oCps); $oUs->SearchByLogin($username, $password); if ($oUs->GetRecord()) { if (!logged_in()) { $_SESSION["sysDate"] = date("d/m/Y"); $_SESSION["sysDate0"] = TH2ENDate($_POST["nowDate"]); $_SESSION["sysDSave"] = $_SESSION["sysDate0"]; $_SESSION["createUserId"] = ""; $_SESSION["updateUserId"] = ""; $_SESSION["logKey"] = session_id(); $_SESSION["oU"] = new clsUser(); $oU = &$_SESSION["oU"]; $oU->userID = $oUs->UsID; $oU->userLogin = $oUs->UsLogin; $oU->userName = $oUs->UsName; $oU->userPsCode = $oUs->UsPsCode; // PersonId = UsPsCode if ($oCps && $oPs) { $oPs->SearchByKey($oUs->UsPsCode); $oPs->GetRecord(); $oU->userPsCodeReg = $oPs->personCode; } $oU->userPsID = $oUs->UsPsCode; $oU->userDptCode = ""; $oU->userDptName = ""; $oU->userPosCode = $oUs->posID; $oU->userPosName = $oUs->posName; $oU->WgID = $oUs->UsWgID; $oU->UserQsID = $oUs->UsQsID; $oU->UserAnswer = $oUs->UsAnswer; $oU->UserEmail = $oUs->UsEmail; $oU->UserActive = $oUs->UsActive; $oU->UserAdmin = $oUs->UsAdmin; $oU->UserDesc = $oUs->UsDesc; $oU->UserPwdExpDt = $oUs->UsPwdExpDt; $oU->UserUpdDt = $oUs->UsUpdDt; $oU->UserUpdUsID = $oUs->UsUpdUsID; $_SESSION["createUserId"] = $oUs->UsLogin; $_SESSION["updateUserId"] = $oUs->UsLogin; $oU->userIP = getenv("REMOTE_ADDR"); $oUs->SetSessionID($oUs->UsID, session_id()); $oU->sessionID = session_id(); $oUg = new umusergroup($oConn); $oGp = new umgpermission($oConn); $oUp = new umpermission($oConn); $oUg->RSgroupByUs($oU->userID); while ($oUg->GetRecord()) { $oGp->RSMnByGpID($oUg->UgGpID); while($oGp->GetRecord()) $oU->aGp[$oUg->UgGpID.$oGp->gpMnID]=array($oGp->gpX,$oGp->gpC,$oGp->gpR,$oGp->gpU,$oGp->gpD); } $oUp->RSMnByUs($oU->userID); while($oUp->GetRecord()) $oU->aUp[$oU->userID.$oUp->pmMnID]=array($oUp->pmX,$oUp->pmC,$oUp->pmR,$oUp->pmU,$oUp->pmD); $oU->deptId = 0; $oU->deptName = ""; $oU->deptCode = ""; if ($oU->userLogin != strtolower($GLOBALS["ADMIN_LOGIN"])) { $db = $GLOBALS["DBNAME_EPERSON"]; $qstring = "select Department.deptId, Department.deptCode, Department.deptName from $db.Department, $db.Person where Person.personId = $oU->userPsID and Person.deptId = Department.deptId"; $dbres = mysql_query($qstring, $oConn->c); if (mysql_num_rows($dbres) > 0) { $row = mysql_fetch_assoc($dbres); $oU->deptId = $row["deptId"]; $oU->deptCode = $row["deptCode"]; $oU->deptName = $row["deptName"]; $oU->userDptCode = $row["deptCode"]; $oU->userDptName = $row["deptName"]; } } else { $oU->deptId = 0; $oU->deptCode = ""; $oU->deptName = "-- ¼Ùé´ÙáÅÃкº --"; $oU->userDptCode = ""; $oU->userDptName = "-- ¼Ùé´ÙáÅÃкº --"; } if ($oU->deptName == "") $oU->deptName = "< äÁèÊѧ¡Ñ´Ë¹èǧҹã´æ >"; printLoginSuccess(); } else { // unexpected event forceLogout(); } } else { printLoginFail(); } $oConn->Disconnect(); } else { if ($GLOBALS["DEBUG_MODE"]) { if ($oConn->errmsg != "") extended_debug_code(preg_replace("/[\r\n]/", "", $oConn->errmsg)); else prologin_debug_code(); } else { printLoginFail(); } } }
$sender = DAL::get()->find('User', $msg['senderId']); if ($sender->isNull()) $senderName = ''; else $senderName = $sender->name; $msg['content'] = str_replace(array('"', "\n"), array('\\"', '\\n'), str_replace("\r\n", "\n", preg_replace('~([^>="\']|^)(http://[0-9a-zA-Z/&#?%=,_\-\.]+)~', '\1<a href="\2" target="_blank">\2</a>', $msg['content']))); $msg['title'] = str_replace(array('"', "\n"), array('\\"', '\\n'), str_replace("\r\n", "\n", $msg['title'])); $msg['sender'] = str_replace(array('"', "\n"), array('\\"', '\\n'), str_replace("\r\n", "\n", $senderName)); if ($msgCount > 1) $msgNext = 1; } else { //avoid unexpected error $msgNext = 0; } } forceLogout($username, $time); $popupDoctorAppDiv = $popupSendUrlDiv = '""'; if (false == $user->isNull() && canPopupDoctorAppDiv($user)) { $popupDoctorAppDiv = getPopupDiv($user); } if (false == $user->isNull() && canSendDoctorAppDiv($user)) { $popupSendUrlDiv = getPopupSendUrlDiv(); } $result = '{"verion":"'.$code_version.'","msg_count":'.(int)$msgCount.',"user_name":"'.$username.'","msg_id":"'.$msg['id'].'","msg_senderid":"'.$msg['senderId'].'","msg_sender":"'.$msg['sender'].'","msg_title":"'.$msg['title'].'","msg_content":"'.$msg['content'].'","msg_next":"'.$msgNext.'","popup_div":'.$popupDoctorAppDiv.',"popup_sendurl_div":'.$popupSendUrlDiv.'}'; } else { $result = '{}'; }