break;
case "reload" :
forceReload();
break;
case "denied" :
deniedAlert();
break;
case "login" :
include_once "${_UMS_PATH}clsUmUser.php";
include_once "${_UMS_PATH}clsUmPermission.php";
include_once "${_UMS_PATH}clsUmGPermission.php";
include_once "${_UMS_PATH}clsUmUserGroup.php";
checkLogin();
break;
case "logout" :
default: forceLogout();
break;
}
} else {
// Common mode
if (isset($GLOBALS["SECURE_LOG"]) && !$GLOBALS["SECURE_LOG"] && $GLOBALS["_PROTOCOL"] == "https://") {
header("Location: http://" . $GLOBALS["_INFO_INDEX"]);
} else {
if (logged_in()) {
include_once "${_UMS_PATH}clsUmUserGroup.php";
include_once "${_UMS_PATH}clsUmGroup.php";
postLoginPage();
} else {
preLoginPage();
session_stop(); // cleanup sess_* file.
}
function checkLogin ( )
{
$oConn = new clsConnection($GLOBALS["DBHOST"], $GLOBALS["DBNAME_UMS"], $GLOBALS["DBUSER_UMS"], $GLOBALS["DBPASS_UMS"]);
$fValid = isset($_POST["Username"], $_POST["Password"]);
if ($oConn->c && $oConn->errmsg == "" && $fValid) {
$username = $_POST["Username"];
$password = $_POST["Password"];
$cookie_value = "";
$curr_time = time();
if (isset($_POST["Remember"])) {
if ($_POST["Remember"] == "ce")
$password = decryptmesg($password);
$cookie_value = $username . "{[<->]}" . encryptmesg($password);
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
setcookie("infosys_userinfo", $cookie_value, $curr_time + 3600 * 48);
else
setcookie("infosys_userinfo", $cookie_value, $curr_time + 3600 * 48, $GLOBALS["ROOT_URL"], $GLOBALS["HOST_NAME"], 0);
} else {
if ($_POST["eRemember"] == "ce")
$password = decryptmesg($password);
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
setcookie("infosys_userinfo", $cookie_value, $curr_time + 3600 * 48);
else
setcookie("infosys_userinfo", $cookie_value, $curr_time - 3600 * 48, $GLOBALS["ROOT_URL"], $GLOBALS["HOST_NAME"], 0);
}
$oUs = new umuser($oConn);
if ($oCps)
$oPs = new Person($oCps);
$oUs->SearchByLogin($username, $password);
if ($oUs->GetRecord()) {
if (!logged_in()) {
$_SESSION["sysDate"] = date("d/m/Y");
$_SESSION["sysDate0"] = TH2ENDate($_POST["nowDate"]);
$_SESSION["sysDSave"] = $_SESSION["sysDate0"];
$_SESSION["createUserId"] = "";
$_SESSION["updateUserId"] = "";
$_SESSION["logKey"] = session_id();
$_SESSION["oU"] = new clsUser();
$oU = &$_SESSION["oU"];
$oU->userID = $oUs->UsID;
$oU->userLogin = $oUs->UsLogin;
$oU->userName = $oUs->UsName;
$oU->userPsCode = $oUs->UsPsCode; // PersonId = UsPsCode
if ($oCps && $oPs) {
$oPs->SearchByKey($oUs->UsPsCode);
$oPs->GetRecord();
$oU->userPsCodeReg = $oPs->personCode;
}
$oU->userPsID = $oUs->UsPsCode;
$oU->userDptCode = "";
$oU->userDptName = "";
$oU->userPosCode = $oUs->posID;
$oU->userPosName = $oUs->posName;
$oU->WgID = $oUs->UsWgID;
$oU->UserQsID = $oUs->UsQsID;
$oU->UserAnswer = $oUs->UsAnswer;
$oU->UserEmail = $oUs->UsEmail;
$oU->UserActive = $oUs->UsActive;
$oU->UserAdmin = $oUs->UsAdmin;
$oU->UserDesc = $oUs->UsDesc;
$oU->UserPwdExpDt = $oUs->UsPwdExpDt;
$oU->UserUpdDt = $oUs->UsUpdDt;
$oU->UserUpdUsID = $oUs->UsUpdUsID;
$_SESSION["createUserId"] = $oUs->UsLogin;
$_SESSION["updateUserId"] = $oUs->UsLogin;
$oU->userIP = getenv("REMOTE_ADDR");
$oUs->SetSessionID($oUs->UsID, session_id());
$oU->sessionID = session_id();
$oUg = new umusergroup($oConn);
$oGp = new umgpermission($oConn);
$oUp = new umpermission($oConn);
$oUg->RSgroupByUs($oU->userID);
while ($oUg->GetRecord()) {
$oGp->RSMnByGpID($oUg->UgGpID);
while($oGp->GetRecord())
$oU->aGp[$oUg->UgGpID.$oGp->gpMnID]=array($oGp->gpX,$oGp->gpC,$oGp->gpR,$oGp->gpU,$oGp->gpD);
}
$oUp->RSMnByUs($oU->userID);
while($oUp->GetRecord())
$oU->aUp[$oU->userID.$oUp->pmMnID]=array($oUp->pmX,$oUp->pmC,$oUp->pmR,$oUp->pmU,$oUp->pmD);
$oU->deptId = 0;
$oU->deptName = "";
$oU->deptCode = "";
if ($oU->userLogin != strtolower($GLOBALS["ADMIN_LOGIN"])) {
$db = $GLOBALS["DBNAME_EPERSON"];
$qstring = "select Department.deptId, Department.deptCode, Department.deptName from $db.Department, $db.Person where Person.personId = $oU->userPsID and Person.deptId = Department.deptId";
$dbres = mysql_query($qstring, $oConn->c);
if (mysql_num_rows($dbres) > 0) {
$row = mysql_fetch_assoc($dbres);
$oU->deptId = $row["deptId"];
$oU->deptCode = $row["deptCode"];
$oU->deptName = $row["deptName"];
$oU->userDptCode = $row["deptCode"];
$oU->userDptName = $row["deptName"];
}
} else {
$oU->deptId = 0;
$oU->deptCode = "";
$oU->deptName = "-- ¼Ùé´ÙáÅÃкº --";
$oU->userDptCode = "";
$oU->userDptName = "-- ¼Ùé´ÙáÅÃкº --";
}
if ($oU->deptName == "")
$oU->deptName = "< äÁèÊѧ¡Ñ´Ë¹èǧҹã´æ >";
printLoginSuccess();
} else {
// unexpected event
forceLogout();
}
} else {
printLoginFail();
}
$oConn->Disconnect();
} else {
if ($GLOBALS["DEBUG_MODE"]) {
if ($oConn->errmsg != "")
extended_debug_code(preg_replace("/[\r\n]/", "", $oConn->errmsg));
else
prologin_debug_code();
} else {
printLoginFail();
}
}
}
$sender = DAL::get()->find('User', $msg['senderId']);
if ($sender->isNull())
$senderName = '';
else
$senderName = $sender->name;
$msg['content'] = str_replace(array('"', "\n"), array('\\"', '\\n'), str_replace("\r\n", "\n", preg_replace('~([^>="\']|^)(http://[0-9a-zA-Z/&#?%=,_\-\.]+)~', '\1<a href="\2" target="_blank">\2</a>', $msg['content'])));
$msg['title'] = str_replace(array('"', "\n"), array('\\"', '\\n'), str_replace("\r\n", "\n", $msg['title']));
$msg['sender'] = str_replace(array('"', "\n"), array('\\"', '\\n'), str_replace("\r\n", "\n", $senderName));
if ($msgCount > 1) $msgNext = 1;
} else {
//avoid unexpected error
$msgNext = 0;
}
}
forceLogout($username, $time);
$popupDoctorAppDiv = $popupSendUrlDiv = '""';
if (false == $user->isNull() && canPopupDoctorAppDiv($user))
{
$popupDoctorAppDiv = getPopupDiv($user);
}
if (false == $user->isNull() && canSendDoctorAppDiv($user))
{
$popupSendUrlDiv = getPopupSendUrlDiv();
}
$result = '{"verion":"'.$code_version.'","msg_count":'.(int)$msgCount.',"user_name":"'.$username.'","msg_id":"'.$msg['id'].'","msg_senderid":"'.$msg['senderId'].'","msg_sender":"'.$msg['sender'].'","msg_title":"'.$msg['title'].'","msg_content":"'.$msg['content'].'","msg_next":"'.$msgNext.'","popup_div":'.$popupDoctorAppDiv.',"popup_sendurl_div":'.$popupSendUrlDiv.'}';
} else {
$result = '{}';
}
