function validateData()
{
global $loc;
$valid = true;
if ($this->_barcodeNmbr == "") {
$valid = false;
$this->_barcodeNmbrError = $loc->getText("Card number is required.");
} else {
if (!ctypeAlnum($this->_barcodeNmbr)) {
$valid = FALSE;
$this->_barcodeNmbrError = $loc->getText("Card number must be all alphabetic and numeric characters.");
}
}
if ($this->_lastName == "") {
$valid = false;
$this->_lastNameError = $loc->getText("Last name is required.");
}
if ($this->_firstName == "") {
$valid = false;
$this->_firstNameError = $loc->getText("First name is required.");
}
if (strcmp($this->_status, "y") != 0 && strcmp($this->_status, "n") != 0) {
$valid = false;
$this->_statusError = $loc->getText("Status options is incorrect.");
}
return $valid;
}
function addNewUser()
{
// globals
global $DB;
global $MySelf;
global $MB_EMAIL;
// Sanitize the input.
$USERNAME = $MySelf->getUsername;
$NEW_USER = strtolower(sanitize($_POST[username]));
// supplied new username.
if (!ctypeAlnum($NEW_USER)) {
makeNotice("Only characters a-z, A-Z and 0-9 are allowed as username.", "error", "Invalid Username");
}
/* Password busines */
if ($_POST[pass1] != $_POST[pass2]) {
makeNotice("The passwords did not match!", "warning", "Passwords invalid", "index.php?action=newuser", "[retry]");
}
$PASSWORD = encryptPassword("{$_POST['pass1']}");
$PASSWORD_ENC = $PASSWORD;
/* lets see if the users (that is logged in) has sufficient
* rights to create even the most basic miner. Level 3+ is
* needed.
*/
if (!$MySelf->canAddUser()) {
makeNotice("You are not authorized to do that!", "error", "Forbidden");
}
// Lets prevent adding multiple users with the same name.
if (userExists($NEW_USER) >= 1) {
makeNotice("User already exists!", "error", "Duplicate User", "index.php?action=newuser", "[Cancel]");
}
// So we have an email address?
if (empty($_POST[email])) {
// We dont!
makeNotice("You need to supply an email address!", "error", "Account not created");
} else {
// We do. Clean it.
$NEW_EMAIL = sanitize($_POST[email]);
}
// Inser the new user into the database!
$DB->query("insert into users (username, password, email, addedby, confirmed) " . "values (?, ?, ?, ?, ?)", array("{$NEW_USER}", "{$PASSWORD_ENC}", "{$NEW_EMAIL}", $MySelf->getUsername(), "1"));
// Were we successfull?
if ($DB->affectedRows() == 0) {
makeNotice("Could not create user!", "error");
} else {
// Write the user an email.
global $SITENAME;
$mail = getTemplate("newuser", "email");
$mail = str_replace('{{USERNAME}}', "{$NEW_USER}", $mail);
$mail = str_replace('{{PASSWORD}}', "{$PASSWORD}", $mail);
$mail = str_replace('{{SITE}}', "http://" . $_SERVER['HTTP_HOST'] . "/", $mail);
$mail = str_replace('{{CORP}}', "{$SITENAME}", $mail);
$mail = str_replace('{{CREATOR}}', "{$USERNAME}", $mail);
$to = $NEW_EMAIL;
$DOMAIN = $_SERVER['HTTP_HOST'];
$subject = "Welcome to MiningBuddy";
$headers = "From:" . $MB_EMAIL;
mail($to, $subject, $mail, $headers);
makeNotice("User added and confirmation email sent.", "notice", "Account created", "index.php?action=editusers");
}
}
function validateData()
{
$valid = true;
if ($this->_copyid or $this->_barcodeNmbr != "!auto!") {
if ($this->_barcodeNmbr == "") {
$valid = false;
$this->_barcodeNmbrError = $this->_loc->getText("biblioCopyError1");
} else {
if (!ctypeAlnum($this->_barcodeNmbr)) {
$valid = false;
$this->_barcodeNmbrError = $this->_loc->getText("biblioCopyError2");
}
}
}
return $valid;
}
function validateData()
{
$valid = true;
if ($this->_barcodeNmbr == "") {
$valid = false;
$this->_barcodeNmbrError = "Card number is required.";
} else {
if (!ctypeAlnum($this->_barcodeNmbr)) {
$valid = FALSE;
$this->_barcodeNmbrError = "Card number must be all alphabetic and numeric characters.";
}
}
if ($this->_lastName == "") {
$valid = false;
$this->_lastNameError = "Last name is required.";
}
if ($this->_firstName == "") {
$valid = false;
$this->_firstNameError = "First name is required.";
}
return $valid;
}
#****************************************************************************
#* Checking for post vars. Go back to form if none found.
#****************************************************************************
if (count($_POST) == 0 && count($_GET) == 0) {
header("Location: ../circ/checkin_form.php?reset=Y");
exit;
}
if ($_GET[barcodeNmbr]) {
$barcode = trim($_GET[barcodeNmbr]);
} else {
$barcode = trim($_POST["barcodeNmbr"]);
}
#****************************************************************************
#* Edit input
#****************************************************************************
if (!ctypeAlnum($barcode)) {
$pageErrors["barcodeNmbr"] = $loc->getText("shelvingCartErr1");
$postVars["barcodeNmbr"] = $barcode;
$_SESSION["postVars"] = $postVars;
$_SESSION["pageErrors"] = $pageErrors;
header("Location: ../circ/checkin_form.php");
exit;
}
#****************************************************************************
#* Ready copy record
#****************************************************************************
$copyQ = new BiblioCopyQuery();
$copyQ->connect();
if ($copyQ->errorOccurred()) {
$copyQ->close();
displayErrorPage($copyQ);
function auth()
{
// Globals
global $DB;
global $TIMEMARK;
global $IGB;
// Handle possible logouts, activations et all.
include_once './functions/login/preAuth.php';
// Trust, INC.
$alert = getConfig("trustSetting");
if ($IGB && $alert == 2) {
// So we are an IGB call and we want passwordless logins.
// Check for a previous "Login"
$MySelf = authKeyIsValid();
// Now we check if MySelf is "true" if it is, we have a valid login.
if ($MySelf == false) {
/*
* Okay here we want passwordless logins. We also have no previous active login.
* This means we now have to search the database for a matching username.
*/
global $EVE_Charname;
$MySelf = authVerify(sanitize($EVE_Charname), false, true);
/*
* If we were successfull $MySelf does now contain a userrecord, or is false on failure.
*/
if ($MySelf == false) {
/*
* No such user found. To avoid a login loop we will now break the cycle and
* present the user with the request account form.
*/
makeNotice("You do not belong here. Leave at once!", "warning", "ACCESS DENIED");
die;
global $page;
$page = makeRequestAccountPage(true) . makeFooter();
print $page;
} else {
/*
* Here we found a matching user. What we do now is to create an auth key
* for this user, drop other logins from the database and store the login time.
*/
createAuthKey($MySelf);
$DB->query("update users set lastlogin = '******' where username = '******'");
$_SESSION['MySelf'] = base64_encode(serialize($MySelf));
// Beta Warning.
global $IS_BETA;
if ($IS_BETA && $_SESSION[betawarning] != $MySelf->getLastlogin()) {
$_SESSION[betawarning] = $MySelf->getLastlogin();
makeNotice("You are using a beta version of MiningBuddy. Be aware that some functions may not " . "be ready for production servers, and that there may be bugs around. You have been warned.", "warning", "Beta Warning");
}
}
}
} else {
/*
* Lets see wether there is a login request, this has priority over
* anything else. We dont want to create a login loop.
*/
if (isset($_POST['login'])) {
/*
* So we have a login post. We will now check the username and
* password combination against the database. Lets see if it is
* a legit user or a fraud^wtypo.
*/
// The dynamical banning module.
checkBan();
$SUPPLIED_USERNAME = strtolower(sanitize($_POST['username']));
// Check for validity.
if (!ctypeAlnum($SUPPLIED_USERNAME)) {
makeNotice("Invalid username. Only characters a-z, A-Z and 0-9 are allowed.", "error", "Invalid Username");
}
if (!isset($_SESSION['testauth'])) {
$SUPPLIED_PASSWORD = sha1($_POST['password']);
// Lets check the password.
$MySelf = authVerify($SUPPLIED_USERNAME, $SUPPLIED_PASSWORD);
} else {
$MySelf = authVerify($SUPPLIED_USERNAME, false);
}
if ($MySelf == false) {
// Lets try again, shall we?
makeLoginPage($SUPPLIED_USERNAME);
} else {
if ($MySelf->isValid()) {
// storing the new login time.
$DB->query("update users set lastlogin = '******' where username = '******'");
// Create the auth-key.
createAuthKey($MySelf);
}
}
// We are done here.
$_SESSION['MySelf'] = base64_encode(serialize($MySelf));
// Beta Warning.
global $IS_BETA;
if ($IS_BETA && $_SESSION['betawarning'] != $MySelf->getLastlogin()) {
$_SESSION[betawarning] = $MySelf->getLastlogin();
makeNotice("You are using a beta version of MiningBuddy. Be aware that some functions may not " . "be ready for production servers, and that there may be bugs around. You have been warned.", "warning", "Beta Warning");
} else {
header("Location: index.php?{$_SERVER['QUERY_STRING']}");
die;
}
}
/*
* This is to check wether the user still has a valid login ticket.
*/
$MySelf = authKeyIsValid();
if ($MySelf == false) {
$_SESSION['lastModDisplay'] = false;
session_destroy();
makeLoginPage();
die;
}
}
/*
* Print motd. (Only on login) - and only if set.
*/
$MOTD = getTemplate("motd", "announce");
if (!$_SESSION['seenMotd'] && !empty($MOTD)) {
$_SESSION['seenMotd'] = true;
makeNotice(nl2br(stripslashes($MOTD)), "notice", "Announcement");
}
return $MySelf;
}
function requestAccount()
{
// globals
global $DB;
global $MySelf;
global $TIMEMARK;
global $MB_EMAIL;
// Generate random Password
$PASSWORD = base64_encode(rand(111111111111.0, 999999999999.0));
$PASSWORD_ENC = encryptPassword($PASSWORD);
// Sanitize the input.
$NEW_USER = strtolower(sanitize($_POST[username]));
// supplied new username.
// Lets prevent adding multiple users with the same name.
if (userExists($NEW_USER)) {
makeNotice("Your account was not created because there is already an account with the same username. Please pick another. " . "If you forgot your password, please use the password recovery link on the login page.", "error", "Account not created");
}
// So we have a username?
if (strlen($_POST[username]) < 3) {
makeNotice("Your username must be longer than 3 letters.", "error", "Invalid Username");
}
// Let me rephrase: Do we have a VALID username?
if (!ctypeAlnum($_POST[username])) {
makeNotice("Only characters a-z, A-Z, 0-9 and spaces are allowed as username.", "error", "Invalid Username");
}
// So we have an email address?
if (empty($_POST[email])) {
// We dont!
makeNotice("You need to supply an email address!", "error", "Account not created");
} else {
// We do. Clean it.
$NEW_EMAIL = sanitize($_POST[email]);
// Valid one, too?
if (!checkEmailAddress($NEW_EMAIL)) {
makeNotice("You need to supply a valid email address!", "error", "Account not created");
}
}
// Is it the very first account?
$count = $DB->query("SELECT * FROM users");
if ($count->numRows() == 0) {
$temp = $DB->query("INSERT INTO `users` (`username`, `password`, `email`, `addedby`," . " `lastlogin`, `confirmed`, `emailvalid`, `emailcode`, `optIn`, `canLogin`," . " `canJoinRun`, `canCreateRun`, `canCloseRun`, `canDeleteRun`, `canAddHaul`," . " `canChangePwd`, `canChangeEmail`, `canChangeOre`, `canAddUser`, `canSeeUsers`," . " `canDeleteUser`, `canEditRank`, `canManageUser`, `canEditEvents`, `canDeleteEvents`," . " `canSeeEvents`, `isOfficial`, `isLottoOfficial`, `isAccountant`, `preferences`, `isAdmin`, `rank`) " . "VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)", array(stripcslashes($NEW_USER), $PASSWORD_ENC, $NEW_EMAIL, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1));
// Check for success, catch database errors.
if (gettype($temp) != "DB_Error" && $DB->affectedRows() == 1) {
// Success! New superuser created, send a confirmation email.
$email = "Superuser information: Username " . stripcslashes($NEW_USER) . ", Password {$PASSWORD} - change this as soon as possible!";
global $VERSION;
$headers = "From:" . $MB_EMAIL;
mail("{$NEW_EMAIL}", "Superuser login information (" . $VERSION . ")", $email, $headers);
unset($email);
// Inform the user.
makeNotice("New Superuser created:<br>Username: "******"<br>Password: {$PASSWORD}");
} else {
// Something went wrong!
makeNotice("Failed creating the superuser!<br><br>" . $temp->getMessage(), "error", "Database Error!");
}
} else {
// Lets avoid multiple accounts per email address!
$otherAccsDS = $DB->query("SELECT COUNT(email) AS count FROM users WHERE email = '{$NEW_EMAIL}' ");
$otherAccs = $otherAccsDS->fetchRow();
if ($otherAccs[count] > 0) {
makeNotice("There is already an account with your supplied eMail address. If you lost " . "your password please use the password recovery feature.", "error", "Account not requested", "index.php", "[cancel]");
}
// Inser the new user into the database!
$CODE = rand(111111111111.0, 9999999999999.0);
$DB->query("insert into users (username, password, email, " . "addedby, emailcode) " . "values (?, ?, ?, ?, ?)", array(stripcslashes($NEW_USER), "{$PASSWORD_ENC}", "{$NEW_EMAIL}", $MySelf->getID(), "{$CODE}"));
// Were we successful?
if ($DB->affectedRows() == 0) {
// No!
makeNotice("Could not create user!", "error");
} else {
// Load more globals
global $SITENAME;
global $URL;
global $VERSION;
// Assemble the activation url.
$ACTIVATE = $URL . "/index.php?action=activate&code={$CODE}";
// Send a confirmation email
$EMAIL = getTemplate("accountrequest", "email");
$EMAIL = str_replace("{{IP}}", "{$_SERVER['REMOTE_ADDR']}", $EMAIL);
$EMAIL = str_replace("{{URL}}", "{$URL}", $EMAIL);
$EMAIL = str_replace("{{DATE}}", date("r", $TIMEMARK), $EMAIL);
$EMAIL = str_replace("{{ACTIVATE}}", "{$ACTIVATE}", $EMAIL);
$EMAIL = str_replace("{{CORP}}", "{$SITENAME}", $EMAIL);
$to = $NEW_EMAIL;
$DOMAIN = $_SERVER['HTTP_HOST'];
$headers = "From:" . $MB_EMAIL;
mail($to, $VERSION, $EMAIL, $headers);
makeNotice("A confirmation email has been sent to your supplied email address.<br>Please follow the instructions therein.", "notice", "Account created");
}
}
}
