Esempio n. 1
0
 public function processForm()
 {
     $user = new pdUser();
     $values = $this->form->exportValues();
     if (!get_magic_quotes_gpc()) {
         $values['username'] = addslashes($values['username']);
     }
     $user->dbLoad($this->db, $values['username']);
     if (isset($values['submit_username'])) {
         // check passwords match
         $values['password'] = md5(stripslashes($this->password_hash . $values['password']));
         if ($values['password'] != $user->password) {
             echo 'Incorrect password, please try again.';
             $this->pageError = true;
             return;
         }
         // if we get here username and password are correct,
         //register session variables and set last login time.
         $values['username'] = stripslashes($values['username']);
         $_SESSION['user'] = $user;
         // reset search results
         searchSessionInit();
         $this->access_level = $_SESSION['user']->access_level;
         if ($this->access_level == 0) {
             echo 'Your login request has not been processed yet.';
             return;
         }
         if (isset($values['redirect'])) {
             $this->redirectUrl = $values['redirect'];
             $this->redirectTimeout = 0;
         } else {
             echo '<h2>Logged in</h1>', 'You have succesfully logged in as ', $_SESSION['user']->login, '<p/>Return to <a href="index.php">main page</a>.', '</div>';
         }
     } else {
         if (isset($values['newaccount'])) {
             // check if username exists in database.
             if (isset($user->login)) {
                 echo 'Sorry, the username <strong>', $values['username'], '</strong> is already taken, please pick another one.';
                 $this->pageError = true;
                 return;
             }
             // check passwords match
             if ($values['password'] != $values['password_again']) {
                 echo 'Passwords did not match.';
                 $this->pageError = true;
                 return;
             }
             // no HTML tags in username, website, location, password
             $values['username'] = strip_tags($values['username']);
             $values['password'] = strip_tags($this->password_hash . $values['password']);
             // now we can add them to the database.  encrypt password
             $values['password'] = md5($values['password']);
             if (!get_magic_quotes_gpc()) {
                 $values['password'] = addslashes($values['password']);
                 $values['email'] = addslashes($values['email']);
             }
             $this->db->insert('user', array('login' => $values['username'], 'password' => $values['password'], 'email' => $values['email'], 'name' => $values['realname']), 'login.php');
             $this->access_level = 0;
             // only send email if running the real papersdb
             if (strpos($_SERVER['PHP_SELF'], '~papersdb')) {
                 mail(PAPERSDB_EMAIL, 'PapersDB: Login Request', 'The following user has requested editor access ' . 'level for PapersDB.' . "\n\n" . 'name: ' . $values['realname'] . "\n" . 'login: '******'username'] . "\n" . 'email: ' . $values['email']);
             }
             echo '<h2>Login Request Submitted</h1>', 'A request to create your login <b>', $values['username'], '</b> has been submitted. A confirmation email will be sent to <code>', $values['email'], '</code> when your account is ready. ', '<p/>Return to <a href="index.php">main page</a>.';
         } else {
             echo 'Could not process form<br/><pre>', print_r($values, true), '</pre>';
         }
     }
 }
Esempio n. 2
0
 /**
  * Assigns $this->access_level according to whether the user is logged
  * in or not.
  */
 private function check_login()
 {
     $this->access_level = pdUser::check_login($this->db);
 }
Esempio n. 3
0
/**
 * Returns the HTML text to display the icons to link to the PDF, view,
 * edit, or delete the publication entry.
 *
 * @param object $pub pdPublication object to display the icons for.
 * @param integer $flags the icons to display. 0x1 for the PDF/PS file,
 * 0x2 for the view icon, 0x4 for the edit icon, 0x8 for the delete icon.
 * @param string $url_prefix the prefix to use for URLs.
 * @return HTML text.
 */
function getPubIcons(&$db, &$pub, $flags = 0xf, $url_prefix = NULL)
{
    $html = '';
    $access_level = pdUser::check_login($db);
    if (!isset($url_prefix)) {
        // get url_prefix from script's name
        $url_prefix = '';
        if (strstr(relativeUrlGet(), '/')) {
            $url_prefix = '../';
        }
    }
    if ($flags & 0x1 && strtolower($pub->paper) != 'no paper') {
        $html .= '<a href="' . $pub->paperAttGetUrl() . '">';
        if (preg_match("/\\.(pdf|PDF)\$/", $pub->paper)) {
            $html .= '<img src="' . $url_prefix . 'images/pdf.gif" alt="PDF" ' . 'height="18" width="17" border="0" align="top" />';
        } else {
            if (preg_match("/\\.(ppt|PPT)\$/", $pub->paper)) {
                $html .= '<img src="' . $url_prefix . 'images/ppt.gif" alt="PPT" height="18" ' . 'width="17" border="0" align="top" />';
            } else {
                if (preg_match("/\\.(ps|PS)\$/", $pub->paper)) {
                    $html .= '<img src="' . $url_prefix . 'images/ps.gif" alt="PS" height="18" ' . 'width="17" border="0" align="top" />';
                }
            }
        }
        $html .= '</a>';
    }
    if ($flags & 0x2) {
        $html .= '<a href="' . $url_prefix . 'view_publication.php?pub_id=' . $pub->pub_id . '">' . '<img src="' . $url_prefix . 'images/viewmag.gif" title="view" alt="view" ' . ' height="16" width="16" border="0" align="top" /></a>';
    }
    if ($flags & 0x4 && $access_level > 0) {
        $html .= '<a href="' . $url_prefix . 'Admin/add_pub1.php?pub_id=' . $pub->pub_id . '">' . '<img src="' . $url_prefix . 'images/pencil.gif" title="edit" alt="edit" ' . ' height="16" width="16" border="0" align="top" />' . '</a>';
    }
    if ($flags & 0x8 && $access_level > 0) {
        $html .= '<a href="' . $url_prefix . 'Admin/delete_publication.php?pub_id=' . $pub->pub_id . '">' . '<img src="' . $url_prefix . 'images/kill.gif" title="delete" alt="delete" ' . 'height="16" width="16" border="0" align="top" /></a>';
    }
    return $html;
}