コード例 #1
0
function DoSetup()
{
    global $PathPrefix;
    if (isset($_SESSION['db']) and $_SESSION['db'] != '') {
        include $PathPrefix . 'includes/GetConfig.php';
    }
    $db = $_SESSION['db'];
    // Used a bit in the following.
    if (isset($_SESSION['DB_Maintenance'])) {
        if ($_SESSION['DB_Maintenance'] != 0) {
            if (DateDiff(Date($_SESSION['DefaultDateFormat']), ConvertSQLDate($_SESSION['DB_Maintenance_LastRun']), 'd') > $_SESSION['DB_Maintenance']) {
                /*Do the DB maintenance routing for the DB_type selected */
                DB_Maintenance($db);
                //purge the audit trail if necessary
                if (isset($_SESSION['MonthsAuditTrail'])) {
                    $sql = "DELETE FROM audittrail\n\t\t\t\t\t\t    WHERE  transactiondate <= '" . Date('Y-m-d', mktime(0, 0, 0, Date('m') - $_SESSION['MonthsAuditTrail'])) . "'";
                    $ErrMsg = _('There was a problem deleting expired audit-trail history');
                    $result = DB_query($sql, $db);
                }
                $_SESSION['DB_Maintenance_LastRun'] = Date('Y-m-d');
            }
        }
    }
    /*Check to see if currency rates need to be updated */
    if (isset($_SESSION['UpdateCurrencyRatesDaily'])) {
        if ($_SESSION['UpdateCurrencyRatesDaily'] != 0) {
            if (DateDiff(Date($_SESSION['DefaultDateFormat']), ConvertSQLDate($_SESSION['UpdateCurrencyRatesDaily']), 'd') > 0) {
                $CurrencyRates = GetECBCurrencyRates();
                // gets rates from ECB see includes/MiscFunctions.php
                /*Loop around the defined currencies and get the rate from ECB */
                $CurrenciesResult = DB_query("SELECT currabrev FROM currencies", $db);
                while ($CurrencyRow = DB_fetch_row($CurrenciesResult)) {
                    if ($CurrencyRow[0] != $_SESSION['CompanyRecord']['currencydefault']) {
                        $UpdateCurrRateResult = DB_query("UPDATE currencies SET\n\t\t\t\t\t\t\t\t\t\t\t    rate='" . GetCurrencyRate($CurrencyRow[0], $CurrencyRates) . "'\n\t\t\t\t\t\t\t\t\t\t\t    WHERE currabrev='" . $CurrencyRow[0] . "'", $db);
                    }
                }
                $_SESSION['UpdateCurrencyRatesDaily'] = Date('Y-m-d');
                $UpdateConfigResult = DB_query("UPDATE config SET confvalue = '" . Date('Y-m-d') . "' WHERE confname='UpdateCurrencyRatesDaily'", $db);
            }
        }
    }
}
コード例 #2
0
ファイル: Currencies.php プロジェクト: stateless/weberp-cvs
    or deletion of the records*/
    $sql = 'SELECT currency, currabrev, country, hundredsname, rate FROM currencies';
    $result = DB_query($sql, $db);
    echo '<table border=1>';
    echo '<tr><td></td>
    		<th>' . _('ISO4217 Code') . '</th>
    		<th>' . _('Currency Name') . '</th>
			<th>' . _('Country') . '</th>
			<th>' . _('Hundredths Name') . '</th>
			<th>' . _('Exchange Rate') . '</th>
			<th>' . _('Ex Rate - ECB') . '</th>
			</tr>';
    $k = 0;
    //row colour counter
    /*Get published currency rates from Eurpoean Central Bank */
    $CurrencyRatesArray = GetECBCurrencyRates();
    while ($myrow = DB_fetch_row($result)) {
        if ($myrow[1] == $FunctionalCurrency) {
            echo '<tr bgcolor=#FFbbbb>';
        } elseif ($k == 1) {
            echo '<tr class="EvenTableRows">';
            $k = 0;
        } else {
            echo '<tr class="OddTableRows">';
            $k++;
        }
        // Lets show the country flag
        $ImageFile = 'flags/' . strtoupper($myrow[1]) . '.gif';
        if (!file_exists($ImageFile)) {
            $ImageFile = 'flags/blank.gif';
        }
コード例 #3
0
function userLogin($Name, $Password, $SysAdminEmail = '', $db)
{
    global $debug;
    global $PathPrefix;
    if (!isset($_SESSION['AccessLevel']) or $_SESSION['AccessLevel'] == '' or isset($Name) and $Name != '') {
        /* if not logged in */
        $_SESSION['AccessLevel'] = '';
        $_SESSION['CustomerID'] = '';
        $_SESSION['UserBranch'] = '';
        $_SESSION['SalesmanLogin'] = '';
        $_SESSION['Module'] = '';
        $_SESSION['PageSize'] = '';
        $_SESSION['UserStockLocation'] = '';
        $_SESSION['AttemptsCounter']++;
        // Show login screen
        if (!isset($Name) or $Name == '') {
            $_SESSION['DatabaseName'] = '';
            $_SESSION['CompanyName'] = '';
            return UL_SHOWLOGIN;
        }
        /* The SQL to get the user info must use the * syntax because the field name could change between versions if the fields are specifed directly then the sql fails and the db upgrade will fail */
        $sql = "SELECT *\n\t\t\t\tFROM www_users\n\t\t\t\tWHERE www_users.userid='" . $Name . "'";
        $ErrMsg = _('Could not retrieve user details on login because');
        $debug = 1;
        $PasswordVerified = false;
        $Auth_Result = DB_query($sql, $ErrMsg);
        if (DB_num_rows($Auth_Result) > 0) {
            $myrow = DB_fetch_array($Auth_Result);
            if (VerifyPass($Password, $myrow['password'])) {
                $PasswordVerified = true;
            } elseif (isset($GLOBALS['CryptFunction'])) {
                /*if the password stored in the DB was compiled the old way,
                 * the previous comparison will fail,
                 * try again with the old hashing algorithm,
                 * then re-hash the password using the new algorithm.
                 * The next version should not have $CryptFunction any more for new installs.
                 */
                switch ($GLOBALS['CryptFunction']) {
                    case 'sha1':
                        if ($myrow['password'] == sha1($Password)) {
                            $PasswordVerified = true;
                        }
                        break;
                    case 'md5':
                        if ($myrow['password'] == md5($Password)) {
                            $PasswordVerified = true;
                        }
                        break;
                    default:
                        if ($myrow['password'] == $Password) {
                            $PasswordVerified = true;
                        }
                }
                if ($PasswordVerified) {
                    $sql = "UPDATE www_users SET password = '******'" . " WHERE userid = '" . $Name . "';";
                    DB_query($sql);
                }
            }
        }
        // Populate session variables with data base results
        if ($PasswordVerified) {
            if ($myrow['blocked'] == 1) {
                //the account is blocked
                return UL_BLOCKED;
            }
            /*reset the attempts counter on successful login */
            $_SESSION['UserID'] = $myrow['userid'];
            $_SESSION['AttemptsCounter'] = 0;
            $_SESSION['AccessLevel'] = $myrow['fullaccess'];
            $_SESSION['CustomerID'] = $myrow['customerid'];
            $_SESSION['UserBranch'] = $myrow['branchcode'];
            $_SESSION['DefaultPageSize'] = $myrow['pagesize'];
            $_SESSION['UserStockLocation'] = $myrow['defaultlocation'];
            $_SESSION['UserEmail'] = $myrow['email'];
            $_SESSION['ModulesEnabled'] = explode(",", $myrow['modulesallowed']);
            $_SESSION['UsersRealName'] = $myrow['realname'];
            $_SESSION['Theme'] = $myrow['theme'];
            $_SESSION['Language'] = $myrow['language'];
            $_SESSION['SalesmanLogin'] = $myrow['salesman'];
            $_SESSION['CanCreateTender'] = $myrow['cancreatetender'];
            $_SESSION['AllowedDepartment'] = $myrow['department'];
            $_SESSION['ShowDashboard'] = $myrow['showdashboard'];
            if (isset($myrow['pdflanguage'])) {
                $_SESSION['PDFLanguage'] = $myrow['pdflanguage'];
            } else {
                $_SESSION['PDFLanguage'] = '0';
                //default to latin western languages
            }
            if ($myrow['displayrecordsmax'] > 0) {
                $_SESSION['DisplayRecordsMax'] = $myrow['displayrecordsmax'];
            } else {
                $_SESSION['DisplayRecordsMax'] = $_SESSION['DefaultDisplayRecordsMax'];
                // default comes from config.php
            }
            $sql = "UPDATE www_users SET lastvisitdate='" . date('Y-m-d H:i:s') . "'\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'";
            $Auth_Result = DB_query($sql);
            /*get the security tokens that the user has access to */
            $sql = "SELECT tokenid\n\t\t\t\t\tFROM securitygroups\n\t\t\t\t\tWHERE secroleid =  '" . $_SESSION['AccessLevel'] . "'";
            $Sec_Result = DB_query($sql);
            $_SESSION['AllowedPageSecurityTokens'] = array();
            if (DB_num_rows($Sec_Result) == 0) {
                return UL_CONFIGERR;
            } else {
                $i = 0;
                $UserIsSysAdmin = FALSE;
                while ($myrow = DB_fetch_row($Sec_Result)) {
                    if ($myrow[0] == 15) {
                        $UserIsSysAdmin = TRUE;
                    }
                    $_SESSION['AllowedPageSecurityTokens'][$i] = $myrow[0];
                    $i++;
                }
            }
            /*User is logged in so get configuration parameters  - save in session*/
            include $PathPrefix . 'includes/GetConfig.php';
            if (isset($_SESSION['DB_Maintenance'])) {
                if ($_SESSION['DB_Maintenance'] > 0) {
                    //run the DB maintenance script
                    if (DateDiff(Date($_SESSION['DefaultDateFormat']), ConvertSQLDate($_SESSION['DB_Maintenance_LastRun']), 'd') >= $_SESSION['DB_Maintenance']) {
                        /*Do the DB maintenance routing for the DB_type selected */
                        DB_Maintenance();
                        $_SESSION['DB_Maintenance_LastRun'] = Date('Y-m-d');
                        /* Audit trail purge only runs if DB_Maintenance is enabled */
                        if (isset($_SESSION['MonthsAuditTrail'])) {
                            $sql = "DELETE FROM audittrail\n\t\t\t\t\t\t\t\t\tWHERE  transactiondate <= '" . Date('Y-m-d', mktime(0, 0, 0, Date('m') - $_SESSION['MonthsAuditTrail'])) . "'";
                            $ErrMsg = _('There was a problem deleting expired audit-trail history');
                            $result = DB_query($sql);
                        }
                    }
                }
            }
            /*Check to see if currency rates need to be updated */
            if (isset($_SESSION['UpdateCurrencyRatesDaily'])) {
                if ($_SESSION['UpdateCurrencyRatesDaily'] != 0) {
                    /* Only run the update to currency rates if today is after the last update i.e. only runs once a day */
                    if (DateDiff(Date($_SESSION['DefaultDateFormat']), ConvertSQLDate($_SESSION['UpdateCurrencyRatesDaily']), 'd') > 0) {
                        if ($_SESSION['ExchangeRateFeed'] == 'ECB') {
                            $CurrencyRates = GetECBCurrencyRates();
                            // gets rates from ECB see includes/MiscFunctions.php
                            /*Loop around the defined currencies and get the rate from ECB */
                            if ($CurrencyRates != false) {
                                $CurrenciesResult = DB_query("SELECT currabrev FROM currencies");
                                while ($CurrencyRow = DB_fetch_row($CurrenciesResult)) {
                                    if ($CurrencyRow[0] != $_SESSION['CompanyRecord']['currencydefault']) {
                                        $UpdateCurrRateResult = DB_query("UPDATE currencies SET rate='" . GetCurrencyRate($CurrencyRow[0], $CurrencyRates) . "'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE currabrev='" . $CurrencyRow[0] . "'", $db);
                                    }
                                }
                            }
                        } else {
                            $CurrenciesResult = DB_query("SELECT currabrev FROM currencies");
                            while ($CurrencyRow = DB_fetch_row($CurrenciesResult)) {
                                if ($CurrencyRow[0] != $_SESSION['CompanyRecord']['currencydefault']) {
                                    $UpdateCurrRateResult = DB_query("UPDATE currencies SET rate='" . google_currency_rate($CurrencyRow[0]) . "'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE currabrev='" . $CurrencyRow[0] . "'", $db);
                                }
                            }
                        }
                        $_SESSION['UpdateCurrencyRatesDaily'] = Date('Y-m-d');
                        $UpdateConfigResult = DB_query("UPDATE config SET confvalue = '" . Date('Y-m-d') . "' WHERE confname='UpdateCurrencyRatesDaily'");
                    }
                }
            }
            /* Set the logo if not yet set.
             * will be done only once per session and each time
             * we are not in session (i.e. before login)
             */
            if (empty($_SESSION['LogoFile'])) {
                /* find a logo in companies/CompanyDir */
                if (file_exists($PathPrefix . 'companies/' . $_SESSION['DatabaseName'] . '/logo.png')) {
                    $_SESSION['LogoFile'] = 'companies/' . $_SESSION['DatabaseName'] . '/logo.png';
                } elseif (file_exists($PathPrefix . 'companies/' . $_SESSION['DatabaseName'] . '/logo.jpg')) {
                    $_SESSION['LogoFile'] = 'companies/' . $_SESSION['DatabaseName'] . '/logo.jpg';
                }
            }
            if (!isset($_SESSION['DB_Maintenance'])) {
                return UL_CONFIGERR;
            } else {
                if ($_SESSION['DB_Maintenance'] == -1 and !in_array(15, $_SESSION['AllowedPageSecurityTokens'])) {
                    // the configuration setting has been set to -1 ==> Allow SysAdmin Access Only
                    // the user is NOT a SysAdmin
                    return UL_MAINTENANCE;
                }
            }
        } else {
            // Incorrect password
            // 5 login attempts, show failed login screen
            if (!isset($_SESSION['AttemptsCounter'])) {
                $_SESSION['AttemptsCounter'] = 0;
            } elseif ($_SESSION['AttemptsCounter'] >= 5 and isset($Name)) {
                /*User blocked from future accesses until sysadmin releases */
                $sql = "UPDATE www_users\n\t\t\t\t\t\t\tSET blocked=1\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'";
                $Auth_Result = DB_query($sql);
                if ($SysAdminEmail != '') {
                    $EmailSubject = _('User access blocked') . ' ' . $Name;
                    $EmailText = _('User ID') . ' ' . $Name . ' - ' . $Password . ' - ' . _('has been blocked access at') . ' ' . Date('Y-m-d H:i:s') . ' ' . _('from IP') . ' ' . $_SERVER["REMOTE_ADDR"] . ' ' . _('due to too many failed attempts.');
                    if ($_SESSION['SmtpSetting'] == 0) {
                        mail($SysAdminEmail, $EmailSubject, $EmailText);
                    } else {
                        include 'includes/htmlMimeMail.php';
                        $mail = new htmlMimeMail();
                        $mail->setSubject($EmailSubject);
                        $mail->setText($EmailText);
                        $result = SendmailBySmtp($mail, array($SysAdminEmail));
                    }
                }
                return UL_BLOCKED;
            }
            return UL_NOTVALID;
        }
    }
    // End of userid/password check
    // Run with debugging messages for the system administrator(s) but not anyone else
    return UL_OK;
    /* All is well */
}