<?php include_once "./includes/application_top.php"; //wrap_session_start(); // see if somebody is logged in and notify them if not $display_login_form = true; // default if (isset($_REQUEST['username']) && isset($_REQUEST['login'])) { // they have just tried logging in if (login($_REQUEST['username'], $_REQUEST['passwd'])) { // if they are in the database register the user id //$valid_user = $_REQUEST['username']; wrap_session_register("valid_user", $_REQUEST['username']); $display_login_form = false; $page_info_message = "Login Successful!"; } else { // login failed, show error page $display_login_form = true; $page_error_message = "You could not be logged in. Please try again."; } } elseif (wrap_session_is_registered("valid_user")) { // logged in $display_login_form = false; } else { // they are not logged in, show login page output $display_login_form = true; if (!empty($_REQUEST['origin']) && $_REQUEST['origin'] != FILENAME_LOGOUT && $_REQUEST['origin'] != FILENAME_LOGIN) { $page_error_message = "You are not logged in. You must login to use this page."; } } // redirect back to "origin" page
//$valid_user = $_REQUEST['username']; $_SESSION['valid_user'] = $_REQUEST['username']; wrap_session_register("valid_user"); $display_login_form = false; $page_info_message = "Login Successful!"; // we know we have a valid user, now check if they are entitled to admin privileges if (is_admin($_REQUEST['username'])) { wrap_session_register("admin_user"); } elseif ($_SESSION['BUDDY_LIST_EMAILS_SEND']) { // check if this user has any pending buddies - we only want to do this for non-admins and if buddy lists are switched on $_SESSION['number_pending_buddies'] = pending_buddies($_REQUEST['username']); } // set some session info about their privileges // can block book? if (can_block_book($_REQUEST['username'])) { wrap_session_register("block_book"); } //booking credits remaining $_SESSION['booking_credits'] = remaining_booking_credits($_REQUEST['username']); // Member check // check if the user is a member or not - but only if they are not an admin as this flag is not used for admins if (!wrap_session_is_registered("admin_user")) { $_SESSION['is_member'] = is_member($_REQUEST['username']); } //can they view other users bookings? if (is_admin($_REQUEST['username'])) { //admins can always see everyone elses bookings $_SESSION['SHOW_USER_DETAILS'] = true; } else { //how about regular users? This will depend on the site wide value set by an admin $result = wrap_db_query("SELECT function_value FROM " . SETTINGS_TABLE . " WHERE name = 'user_details_viewing' LIMIT 0,1 ;");
$page_title = "User Registration Problem"; $page_error_message = "The passwords you entered do not match. Please try again."; $_POST['passwd2'] = ''; } elseif (strlen($_POST['passwd']) < 6 || strlen($_POST['passwd']) > 16) { // check password length $page_title = "User Registration Problem"; $page_error_message = "Your password must be between 6 and 16 characters. Please try again."; } if ($page_error_message == '') { // attempt to register if no error message $reg_result = register($_POST['username'], $_POST['passwd'], $_POST['firstname'], $_POST['lastname'], $_POST['groups'], $_POST['email']); if ($reg_result) { // register session variable //$valid_user = $_POST['username']; $_SESSION['valid_user'] = $_POST['username']; wrap_session_register("valid_user", "valid_user"); $page_title = "Registration Successful!"; } else { // register problem: username taken, database error $page_title = "User Registration Problem"; $page_error_message = $reg_result; } } } // end of $_POST['register'] != "" $page_title = "Booking Calendar - User Registration"; $page_title_bar = "User Registration:"; include_once "header.php"; if ($reg_result) { // Registration Successful! Provide link to display wants page. echo "Your registration was successful!.<br /><br />";