}
// verify that a new email was provided via POST
dbgSquirt("Checking post");
if (!isset($_POST['newemail'])) {
// error .. no post variable provided ... possibly because they've jumped
// directly to this page?
dbgSquirt("...not set");
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/changeemail.php?error=No new email was provided. Please enter one and click Save. If this error reoccurs, contact an administrator.");
exit;
}
// verify that the new email is non-blank
$newEmail = $_POST['newemail'];
dbgSquirt("Checking blank -- {$newEmail}");
if (empty($newEmail)) {
// error ... requested email is blank... bounce them back to change email page
dbgSquirt("...Empty");
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/changeemail.php?error=The new email must not be blank.");
exit;
}
// update the email for this user with the provided value
if (updateEmail($username, $newEmail)) {
// update successful
$title = "Email changed";
$heading = "Email changed";
$msg = "Email changed to <em>{$newEmail}</em>.";
} else {
// update failed
$title = "Error while changing email";
$heading = "Error while changing email";
$msg = "An error occurred while attempting to change your email. Please contact an administrator.";
}
<?php
require 'reprofunctions.php';
dbgSquirt("============= Change Email ===============");
$result = checkCookies($forceLogin, $error, FALSE);
if (!$result || $forceLogin) {
// we got an error back that occurred while checkCookies was being run,
// or authentication failed. Either way, bounce them back to the login screen
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?error={$error}");
exit;
}
$username = $_COOKIE['user'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
System: Repro
File: changeemail.php
Purpose: Allow an authenticated user to change the email address stored for them
Author: S. Chanin
-->
<html>
<head>
<link rel="stylesheet" type="text/css" href="repro_style.css" />
<title>Change Email</title>
</head>
<body>
<h1 class="title">Repro</h1>
<h1>Change Email</h1>
<hr />
function updateResource($resourceId, $username, $resource, $forwardType, $forward, $voicemail)
{
dbgSquirt("============= Function: updateResource ===========");
$db = mysql_connect("localhost", "apache", "apache") or die(mysql_error());
mysql_select_db("repro", $db) or die(mysql_error());
// first we need to get the userid from the username
$query = "select id from Users where username = '******'";
dbgSquirt("Query -- {$query}");
$result = mysql_query($query) or die(mysql_error());
$count = mysql_num_rows($result);
dbgSquirt("Rows -- {$count}");
if ($count == 1) {
// we matched, so lets get the userid of the user
$userid = mysql_result($result, 0, "id");
mysql_free_result($result);
// delete the resource
$query = "update Resources set aor='{$resource}',forwardType='{$forwardType}',forwardDestination='{$forward}',voicemail='{$voicemail}' where userid = '{$userid}' and id = '{$resourceId}'";
dbgSquirt("Query2 -- {$query}");
$result = mysql_query($query) or die(mysql_error());
$count = mysql_affected_rows();
dbgSquirt("Rows -- {$count}");
if (1 == $count && TRUE == $result) {
// no error and 1 row modified (should only be 1 row since id is
// the primary key)
$state = TRUE;
} else {
$state = FALSE;
}
} else {
$state = FALSE;
}
mysql_free_result($result);
mysql_close($db);
return $state;
}
<?php
require 'reprofunctions.php';
dbgSquirt("============= Save Modified Resource ===============");
dbgSquirt(dbgShowFile($_POST));
$result = checkCookies($forceLogin, $error, FALSE);
if (!$result || $forceLogin) {
// we got an error back that occurred while checkCookies was being run,
// or authentication failed. Either way, bounce them back to the login screen
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?error={$error}");
exit;
}
$username = $_COOKIE['user'];
$bounceURL = "Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/editresource.php?aor=" . $_POST['aor'] . "&forwardType=" . $_POST['forwardType'] . "&forward=" . $_POST['forward'] . "&voicemail=" . $_POST['voicemail'] . "&error=";
// make sure post variables have arrived
// note -- can't check for forward because if it was diabled on the previous
// screen by clicking No, it will not be sent as a POST variable
if (!isset($_POST['resourceId']) || !isset($_POST['aor']) || !isset($_POST['forwardType']) || !isset($_POST['voicemail'])) {
header($bounceURL . "The information to modify a resource was not provided. Please enter the information and click Save. If this error reoccurs, contact an administrator.");
exit;
}
// check if the user pressed cancel ... if so, back to user home
if ("Cancel" == $_POST['submit']) {
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/userhome.php");
exit;
}
// check that resourceId only contains digits
// the valid number check is for security to make sure that no one hacks the
// URL and replaces the resourceId param with something designed to screw up
// the database. In this case, there is nothing the user can fix, so send them
// back to userhome.
<?php
require 'reprofunctions.php';
dbgSquirt("============= Add Resource ===============");
$result = checkCookies($forceLogin, $error, FALSE);
if (!$result || $forceLogin) {
// we got an error back that occurred while checkCookies was being run,
// or authentication failed. Either way, bounce them back to the login screen
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?error={$error}");
exit;
}
$username = $_COOKIE['user'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
System: Repro
File: addresource.php
Purpose: Allows an authenticated user to add additional resources to their
profile
Author: S. Chanin
-->
<html>
<head>
<link rel="stylesheet" type="text/css" href="repro_style.css" />
<title>Add Resource</title>
<script type="text/javascript">
<!--
function disableForward() {
document.resourceForm.forward.value = ""
document.resourceForm.forward.disabled = true
<?php
require 'reprofunctions.php';
dbgSquirt("============= Modify Resource ===============");
dbgSquirt("GET --" . dbgShowFile($_GET));
dbgSquirt("POST --" . dbgShowFile($_POST));
$result = checkCookies($forceLogin, $error, FALSE);
if (!$result || $forceLogin) {
// we got an error back that occurred while checkCookies was being run,
// or authentication failed. Either way, bounce them back to the login screen
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?error={$error}");
exit;
}
$username = $_COOKIE['user'];
$bounceURL = "Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/userhome.php?error=";
// make sure post variables have arrived. We should always get a resourceId,
// name, and either an edit or a delete
if (!(isset($_POST['resourceId']) && isset($_POST['aor']) && (isset($_POST['edit']) || isset($_POST['delete'])))) {
header($bounceURL . "The information to modify a resource was not provided. Please enter the information and click Save. If this error reoccurs, contact an administrator.");
exit;
}
// check that resourceId is non-blank ... this shouldn't happen since this is
// a system provided invisible field
if (empty($_POST['resourceId']) || empty($_POST['aor'])) {
header($bounceURL . "The resource to be modified was not specified. Please click one of the Add or Delete buttons. If you see this message again, please contact an administrator.");
exit;
}
$resourceId = $_POST['resourceId'];
$aor = $_POST['aor'];
//see if the operation is Edit or Delete
if ("Delete" == $_POST['delete']) {
<?php
require 'reprofunctions.php';
dbgSquirt("============= Change Password ===============");
$result = checkCookies($forceLogin, $error, FALSE);
if (!$result || $forceLogin) {
// we got an error back that occurred while checkCookies was being run,
// or authentication failed. Either way, bounce them back to the login screen
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?error={$error}");
exit;
}
$username = $_COOKIE['user'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
System: Repro
File: changepassword.php
Purpose: Allow an authenticated user to change the password stored for them
Author: S. Chanin
-->
<html>
<head>
<link rel="stylesheet" type="text/css" href="repro_style.css" />
<title>Change Password</title>
</head>
<body>
<h1 class="title">Repro</h1>
<h1>Change Password</h1>
<hr />
<?php
require 'reprofunctions.php';
dbgSquirt("============= Edit Resource ===============");
dbgSquirt("GET --" . dbgShowFile($_GET));
$result = checkCookies($forceLogin, $error, FALSE);
if (!$result || $forceLogin) {
// we got an error back that occurred while checkCookies was being run,
// or authentication failed. Either way, bounce them back to the login screen
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?error={$error}");
exit;
}
$username = $_COOKIE['user'];
$bounceURL = "Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/userhome.php?error=";
// this page is only entered via GET's
// all of these should be set all the time, even though they might be
// empty... if they aren't set, something is strange about how we got to this
// page
if (!isset($_GET['resourceId']) || !isset($_GET['aor']) || !isset($_GET['forwardType']) || !isset($_GET['forward']) || !isset($_GET['voicemail'])) {
header($bounceURL . "Information missing in request to modify a resource. Please try again. If this error reoccurs, please contact an administrator.");
exit;
}
$resourceId = $_GET['resourceId'];
$aor = $_GET['aor'];
$forwardType = $_GET['forwardType'];
$forward = $_GET['forward'];
$voicemail = $_GET['voicemail'];
// make sure resourceId isn't blank. Other fields could be blank
if (empty($resourceId)) {
header($bounceURL . "Information missing in request to modify a resource. Please try again. If this error reoccurs, please contact an administrator.");
exit;
}
}
}
} else {
// no post variables supplied
dbgSquirt('No post variables');
$error = "Authentication error -- you must enter a username and password.";
}
} else {
// forceLogin was FALSE ... that means the cookie's were valid
// so get username from the cookie
$username = $_COOKIE['user'];
}
// after checking cookies and post variables, if a login is still needed, then
// redirect
dbgSquirt("After post check -- forceLogin = {$forceLogin}");
if ($forceLogin) {
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?error={$error}");
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
System: Repro
File: userhome.php
Purpose: User Home Page. This displays the users personal information and
allows changes to be made.
Author: S. Chanin
-->
<?php
require 'reprofunctions.php';
dbgSquirt("============= Change Fullname ===============");
$result = checkCookies($forceLogin, $error, FALSE);
if (!$result || $forceLogin) {
// we got an error back that occurred while checkCookies was being run,
// or authentication failed. Either way, bounce them back to the login screen
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?error={$error}");
exit;
}
$username = $_COOKIE['user'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
System: Repro
File: changefullname.php
Purpose: Allow an authenticated user to change the fullname stored for them
Author: S. Chanin
-->
<html>
<head>
<link rel="stylesheet" type="text/css" href="repro_style.css" />
<title>Change Fullname</title>
</head>
<body>
<h1 class="title">Repro</h1>
<h1>Change Fullname</h1>
<hr />
if ($newPassword == $currentPassword) {
// error ... password entries shouldn't match ... what's the point of changing
dbgSquirt("Trying to reuse the current password");
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/changepassword.php?error=The new password is the same as the existing password.");
exit;
}
// make sure the current password they entered matches
$encryptedPassword = createPassword($username, $currentPassword);
$result = validateUser($username, $encryptedPassword);
dbgSquirt("Verifying current password");
if ("A" != $result) {
// either didn't match, or user is unverified or disabled
// only way a user should end up here and be unverified or disabled is if
// an admin changed their account status in the middle of a session.
// but we'll check for it anyway...
dbgSquirt("...doesn't match an active user");
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/changepassword.php?error=Current password doesn't match an active user. Please try again. If you receive this error again, contact an administrator.");
exit;
}
// update the password for this user with the provided value
$encryptedPassword = createPassword($username, $newPassword);
if (updatePassword($username, $encryptedPassword)) {
// update successful
$title = "Password changed";
$heading = "Password changed";
$msg = "Password successfully updated.";
} else {
// update failed
$title = "Error while changing password";
$heading = "Error while changing password";
$msg = "An error occurred while attempting to change your password. Please contact an administrator.";