function db($user, $password) { $_SESSION['UserID'] = $user; $sql = "SELECT userid,\n\t\t\t\t\t\taccesslevel\n\t\t\t\tFROM www_users\n\t\t\t\tWHERE userid='" . DB_escape_string($user) . "'\n\t\t\t\tAND (password='******'\n\t\t\t\tOR password='******')"; $Auth_Result = DB_query($sql, $_SESSION['db']); $myrow = DB_fetch_row($Auth_Result); if (DB_num_rows($Auth_Result) > 0) { $sql = 'SELECT tokenid FROM securitygroups WHERE secroleid = ' . $_SESSION['AccessLevel']; $Sec_Result = DB_query($sql, $db); $_SESSION['AllowedPageSecurityTokens'] = array(); if (DB_num_rows($Sec_Result) == 0) { return NoAuthorisation; } else { $i = 0; while ($myrow = DB_fetch_row($Sec_Result)) { $_SESSION['AllowedPageSecurityTokens'][$i] = $myrow[0]; $i++; } } return $_SESSION['db']; } else { return NoAuthorisation; } }
function db($user, $password) { $_SESSION['UserID'] = $user; $sql = "SELECT userid\n\t\t\tFROM www_users\n\t\t\tWHERE userid='" . DB_escape_string($user) . "'\n\t\t\tAND (password='******'\n\t\t\tOR password='******')"; $Auth_Result = DB_query($sql, $_SESSION['db']); $myrow = DB_fetch_row($Auth_Result); if (DB_num_rows($Auth_Result) > 0) { return $_SESSION['db']; } else { return NoAuthorisation; } }
} if (mb_strlen($_POST['BranchCode']) > 0 and $InputError != 1) { // check that the entered branch is valid for the customer code $sql = "SELECT defaultlocation\n\t\t\t\tFROM custbranch\n\t\t\t\tWHERE debtorno='" . $_SESSION['CustomerID'] . "'\n\t\t\t\tAND branchcode='" . $_POST['BranchCode'] . "'"; $ErrMsg = _('The check on validity of the customer code and branch failed because'); $DbgMsg = _('The SQL that was used to check the customer code and branch was'); $result = DB_query($sql, $db, $ErrMsg, $DbgMsg); if (DB_num_rows($result) == 0) { prnMsg(_('The entered Branch Code is not valid for the entered Customer Code'), 'error'); $InputError = 1; } else { $myrow = DB_fetch_row($result); $InventoryLocation = $myrow[0]; } if ($InputError != 1) { $sql = "INSERT INTO www_users (userid,\n\t\t\t\t\t\t\t\t\t\trealname,\n\t\t\t\t\t\t\t\t\t\tcustomerid,\n\t\t\t\t\t\t\t\t\t\tbranchcode,\n\t\t\t\t\t\t\t\t\t\tpassword,\n\t\t\t\t\t\t\t\t\t\tphone,\n\t\t\t\t\t\t\t\t\t\temail,\n\t\t\t\t\t\t\t\t\t\tpagesize,\n\t\t\t\t\t\t\t\t\t\tfullaccess,\n\t\t\t\t\t\t\t\t\t\tdefaultlocation,\n\t\t\t\t\t\t\t\t\t\tmodulesallowed,\n\t\t\t\t\t\t\t\t\t\tdisplayrecordsmax,\n\t\t\t\t\t\t\t\t\t\ttheme,\n\t\t\t\t\t\t\t\t\t\tlanguage)\n\t\t\t\t\t\t\t\t\tVALUES ('" . $_POST['UserID'] . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . $_POST['RealName'] . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . $_SESSION['CustomerID'] . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . $_POST['BranchCode'] . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . CryptPass($_POST['Password']) . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . $_POST['Phone'] . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . $_POST['Email'] . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . $_POST['PageSize'] . "',\n\t\t\t\t\t\t\t\t\t\t\t'7',\n\t\t\t\t\t\t\t\t\t\t\t'" . $InventoryLocation . "',\n\t\t\t\t\t\t\t\t\t\t\t'1,1,0,0,0,0,0,0',\n\t\t\t\t\t\t\t\t\t\t\t'" . $_SESSION['DefaultDisplayRecordsMax'] . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . $_POST['Theme'] . "',\n\t\t\t\t\t\t\t\t\t\t\t'" . $_POST['UserLanguage'] . "')"; $ErrMsg = _('The user could not be added because'); $DbgMsg = _('The SQL that was used to insert the new user and failed was'); $result = DB_query($sql, $db, $ErrMsg, $DbgMsg); prnMsg(_('A new customer login has been created'), 'success'); include 'includes/footer.inc'; exit; } } } echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">'; echo '<div>'; echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />'; echo '<table class="selection"> <tr> <td>' . _('User Login') . ':</td>
$InputError = 1; prnMsg(_('The password entered must be at least 5 characters long'), 'error'); } elseif (mb_strstr($_POST['Password'], $_POST['UserID']) != False) { $InputError = 1; prnMsg(_('The password cannot contain the user id'), 'error'); } /* Make a comma separated list of modules allowed ready to update the database*/ $i = 0; $ModulesAllowed = ''; while ($i < count($ModuleList)) { $ModulesAllowed .= ' ' . ','; //no any modules allowed for the suppliers $i++; } if ($InputError != 1) { $sql = "INSERT INTO www_users (userid,\n\t\t\t\t\t\t\t\t\t\trealname,\n\t\t\t\t\t\t\t\t\t\tsupplierid,\n\t\t\t\t\t\t\t\t\t\tpassword,\n\t\t\t\t\t\t\t\t\t\tphone,\n\t\t\t\t\t\t\t\t\t\temail,\n\t\t\t\t\t\t\t\t\t\tpagesize,\n\t\t\t\t\t\t\t\t\t\tfullaccess,\n\t\t\t\t\t\t\t\t\t\tdefaultlocation,\n\t\t\t\t\t\t\t\t\t\tlastvisitdate,\n\t\t\t\t\t\t\t\t\t\tmodulesallowed,\n\t\t\t\t\t\t\t\t\t\tdisplayrecordsmax,\n\t\t\t\t\t\t\t\t\t\ttheme,\n\t\t\t\t\t\t\t\t\t\tlanguage)\n\t\t\t\t\t\tVALUES ('" . $_POST['UserID'] . "',\n\t\t\t\t\t\t\t'" . $_POST['RealName'] . "',\n\t\t\t\t\t\t\t'" . $_SESSION['SupplierID'] . "',\n\t\t\t\t\t\t\t'" . CryptPass($_POST['Password']) . "',\n\t\t\t\t\t\t\t'" . $_POST['Phone'] . "',\n\t\t\t\t\t\t\t'" . $_POST['Email'] . "',\n\t\t\t\t\t\t\t'" . $_POST['PageSize'] . "',\n\t\t\t\t\t\t\t'" . $_POST['Access'] . "',\n\t\t\t\t\t\t\t'" . $_POST['DefaultLocation'] . "',\n\t\t\t\t\t\t\t'" . date($_SESSION['DefaultDateFormat']) . "',\n\t\t\t\t\t\t\t'" . $ModulesAllowed . "',\n\t\t\t\t\t\t\t'" . $_SESSION['DefaultDisplayRecordsMax'] . "',\n\t\t\t\t\t\t\t'" . $_POST['Theme'] . "',\n\t\t\t\t\t\t\t'" . $_POST['UserLanguage'] . "')"; $ErrMsg = _('The user could not be added because'); $DbgMsg = _('The SQL that was used to insert the new user and failed was'); $result = DB_query($sql, $ErrMsg, $DbgMsg); prnMsg(_('A new supplier login has been created'), 'success'); include 'includes/footer.inc'; exit; } } echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">'; echo '<div>'; echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />'; echo '<table class="selection"> <tr> <td>' . _('User Login') . ':</td> <td><input type="text" pattern="[^><+-]{4,20}" title="' . _('The user ID must has more than 4 legal characters') . '" required="required" placeholder="' . _('More than 4 characters') . '" name="UserID" size="22" maxlength="20" /></td>
function DBUpdate($db, $DatabaseName, $DBConnectType, $AdminPasswd, $AdminEmail, $AdminLanguage, $CompanyName) { $MysqlExt = $DBConnectType == 'mysql' ? true : false; //select the database to connect $Result = !$MysqlExt ? mysqli_select_db($db, $DatabaseName) : mysql_select_db($DatabaseName, $db); $sql = "UPDATE www_users\n\t\t\t\tSET password = '******',\n\t\t\t\t\temail = '" . $AdminEmail . "',\n\t\t\t\t language = '" . $AdminLanguage . "'\n\t\t\t\tWHERE userid = 'admin'"; $Result = !$MysqlExt ? mysqli_query($db, $sql) : mysql_query($sql, $db); if (!$Result) { prnMsg(_('Failed to update the email address and password of the administrator and the error is') . (!$MysqlExt ? mysqli_error($db) : mysql_error($db)), 'error'); } $sql = "UPDATE companies\n\t\t\tSET coyname = '" . (!$MysqlExt ? mysqli_real_escape_string($db, $CompanyName) : mysql_real_escape_string($CompanyName, $db)) . "'\n\t\t\tWHERE coycode = 1"; $Result = !$MysqlExt ? mysqli_query($db, $sql) : mysql_query($sql, $db); if (!$Result) { prnMsg(_('Failed to update the company name and the erroris') . (!$MysqlExt ? mysqli_error($db) : mysql_error($db)), 'error'); } }
function userLogin($Name, $Password, $db) { global $debug; if (!isset($_SESSION['AccessLevel']) or $_SESSION['AccessLevel'] == '' or isset($Name) and $Name != '') { /* if not logged in */ $_SESSION['AccessLevel'] = ''; $_SESSION['CustomerID'] = ''; $_SESSION['UserBranch'] = ''; $_SESSION['SalesmanLogin'] = ''; $_SESSION['Module'] = ''; $_SESSION['PageSize'] = ''; $_SESSION['UserStockLocation'] = ''; $_SESSION['AttemptsCounter']++; // Show login screen if (!isset($Name) or $Name == '') { return UL_SHOWLOGIN; } /* Temporary fix for old unencrypted password */ $sql = "UPDATE www_users\n\t\t\t\tSET password='******'\n\t\t\t\tWHERE password='******'"; $ErrMsg = _('Could not reset password'); $Result = DB_query($sql, $db, $ErrMsg); /* End temporary fix */ $sql = "SELECT *\n\t\t\t\t\t\tFROM www_users\n\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'\n\t\t\t\t\t\tAND (www_users.password='******')"; $ErrMsg = _('Could not retrieve user details on login because'); $debug = 1; $Auth_Result = DB_query($sql, $db, $ErrMsg); // Populate session variables with data base results if (DB_num_rows($Auth_Result) > 0) { $myrow = DB_fetch_array($Auth_Result); if ($myrow['blocked'] == 1) { //the account is blocked return UL_BLOCKED; } /*reset the attempts counter on successful login */ $_SESSION['UserID'] = $myrow['userid']; $_SESSION['AttemptsCounter'] = 0; $_SESSION['AccessLevel'] = $myrow['fullaccess']; $_SESSION['CanCreateTender'] = $myrow['cancreatetender']; $_SESSION['UserCustomerID'] = $myrow['customerid']; $_SESSION['UserBranch'] = $myrow['branchcode']; $_SESSION['UserSupplierID'] = $myrow['supplierid']; $_SESSION['DefaultPageSize'] = $myrow['pagesize']; $_SESSION['UserStockLocation'] = $myrow['defaultlocation']; $_SESSION['DefaultTag'] = $myrow['defaulttag']; $_SESSION['UserEmail'] = $myrow['email']; $_SESSION['ModulesEnabled'] = explode(",", $myrow['modulesallowed']); $_SESSION['UsersRealName'] = $myrow['realname']; $_SESSION['Theme'] = $myrow['theme']; $_SESSION['Language'] = $myrow['language']; $_SESSION['SalesmanLogin'] = $myrow['salesman']; if (isset($myrow['pdflanguage'])) { $_SESSION['PDFLanguage'] = $myrow['pdflanguage']; } else { $_SESSION['PDFLanguage'] = '0'; //default to latin western languages } if ($myrow['displayrecordsmax'] > 0) { $_SESSION['DisplayRecordsMax'] = $myrow['displayrecordsmax']; } else { $_SESSION['DisplayRecordsMax'] = $_SESSION['DefaultDisplayRecordsMax']; // default comes from config.php } $sql = "UPDATE www_users SET lastvisitdate='" . date('Y-m-d H:i:s') . "'\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'"; $Auth_Result = DB_query($sql, $db); $sql = "desc securityroles canviewprices"; $result = DB_query($sql, $db); if (DB_num_rows($result) != 0) { $sql = "SELECT canviewprices FROM securityroles\n\t\t\t\t\t\t\tWHERE secroleid = '" . $_SESSION['AccessLevel'] . "'"; $ViewPricesResult = DB_query($sql, $db); $MyViewPricesRow = DB_fetch_array($ViewPricesResult); $_SESSION['CanViewPrices'] = $MyViewPricesRow['canviewprices']; } /*get the security tokens that the user has access to */ $sql = "SELECT tokenid FROM securitygroups\n\t\t\t\t\t\t\tWHERE secroleid = '" . $_SESSION['AccessLevel'] . "'"; $Sec_Result = DB_query($sql, $db); $_SESSION['AllowedPageSecurityTokens'] = array(); if (DB_num_rows($Sec_Result) == 0) { return UL_CONFIGERR; } else { $i = 0; while ($myrow = DB_fetch_row($Sec_Result)) { $_SESSION['AllowedPageSecurityTokens'][$i] = $myrow[0]; $i++; } } // Temporary shift - disable log messages - how temporary? } else { // Incorrect password // 5 login attempts, show failed login screen if (!isset($_SESSION['AttemptsCounter'])) { $_SESSION['AttemptsCounter'] = 0; } elseif ($_SESSION['AttemptsCounter'] >= 5 and isset($Name)) { /*User blocked from future accesses until sysadmin releases */ $sql = "UPDATE www_users\n\t\t\t\t\t\t\tSET blocked=1\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'"; $Auth_Result = DB_query($sql, $db); return UL_BLOCKED; } return UL_NOTVALID; } } // End of userid/password check // Run with debugging messages for the system administrator(s) but not anyone else return UL_OK; /* All is well */ }
} $_POST['ModulesAllowed'] = $ModulesAllowed; if (isset($SelectedUser) and $InputError != 1) { /*SelectedUser could also exist if submit had not been clicked this code would not run in this case cos submit is false of course see the delete code below*/ if (!isset($_POST['Cust']) or $_POST['Cust'] == NULL or $_POST['Cust'] == '') { $_POST['Cust'] = ''; $_POST['BranchCode'] = ''; } $UpdatePassword = ''; if ($_POST['Password'] != '') { $UpdatePassword = "******" . CryptPass($_POST['Password']) . "',"; } $sql = "UPDATE www_users SET realname='" . $_POST['RealName'] . "',\n\t\t\t\t\t\tcustomerid='" . $_POST['Cust'] . "',\n\t\t\t\t\t\tphone='" . $_POST['Phone'] . "',\n\t\t\t\t\t\temail='" . $_POST['Email'] . "',\n\t\t\t\t\t\t" . $UpdatePassword . "\n\t\t\t\t\t\tbranchcode='" . $_POST['BranchCode'] . "',\n\t\t\t\t\t\tsupplierid='" . $_POST['SupplierID'] . "',\n\t\t\t\t\t\tsalesman='" . $_POST['Salesman'] . "',\n\t\t\t\t\t\tpagesize='" . $_POST['PageSize'] . "',\n\t\t\t\t\t\tfullaccess='" . $_POST['Access'] . "',\n\t\t\t\t\t\tcancreatetender='" . $_POST['CanCreateTender'] . "',\n\t\t\t\t\t\ttheme='" . $_POST['Theme'] . "',\n\t\t\t\t\t\tlanguage ='" . $_POST['UserLanguage'] . "',\n\t\t\t\t\t\tdefaultlocation='" . $_POST['DefaultLocation'] . "',\n\t\t\t\t\t\tmodulesallowed='" . $ModulesAllowed . "',\n\t\t\t\t\t\tblocked='" . $_POST['Blocked'] . "',\n\t\t\t\t\t\tpdflanguage='" . $_POST['PDFLanguage'] . "',\n\t\t\t\t\t\tdepartment='" . $_POST['Department'] . "'\n\t\t\t\t\tWHERE userid = '" . $SelectedUser . "'"; prnMsg(_('The selected user record has been updated'), 'success'); } elseif ($InputError != 1) { $sql = "INSERT INTO www_users (userid,\n\t\t\t\t\t\trealname,\n\t\t\t\t\t\tcustomerid,\n\t\t\t\t\t\tbranchcode,\n\t\t\t\t\t\tsupplierid,\n\t\t\t\t\t\tsalesman,\n\t\t\t\t\t\tpassword,\n\t\t\t\t\t\tphone,\n\t\t\t\t\t\temail,\n\t\t\t\t\t\tpagesize,\n\t\t\t\t\t\tfullaccess,\n\t\t\t\t\t\tcancreatetender,\n\t\t\t\t\t\tdefaultlocation,\n\t\t\t\t\t\tmodulesallowed,\n\t\t\t\t\t\tdisplayrecordsmax,\n\t\t\t\t\t\ttheme,\n\t\t\t\t\t\tlanguage,\n\t\t\t\t\t\tpdflanguage,\n\t\t\t\t\t\tdepartment)\n\t\t\t\t\tVALUES ('" . $_POST['UserID'] . "',\n\t\t\t\t\t\t'" . $_POST['RealName'] . "',\n\t\t\t\t\t\t'" . $_POST['Cust'] . "',\n\t\t\t\t\t\t'" . $_POST['BranchCode'] . "',\n\t\t\t\t\t\t'" . $_POST['SupplierID'] . "',\n\t\t\t\t\t\t'" . $_POST['Salesman'] . "',\n\t\t\t\t\t\t'" . CryptPass($_POST['Password']) . "',\n\t\t\t\t\t\t'" . $_POST['Phone'] . "',\n\t\t\t\t\t\t'" . $_POST['Email'] . "',\n\t\t\t\t\t\t'" . $_POST['PageSize'] . "',\n\t\t\t\t\t\t'" . $_POST['Access'] . "',\n\t\t\t\t\t\t'" . $_POST['CanCreateTender'] . "',\n\t\t\t\t\t\t'" . $_POST['DefaultLocation'] . "',\n\t\t\t\t\t\t'" . $ModulesAllowed . "',\n\t\t\t\t\t\t'" . $_SESSION['DefaultDisplayRecordsMax'] . "',\n\t\t\t\t\t\t'" . $_POST['Theme'] . "',\n\t\t\t\t\t\t'" . $_POST['UserLanguage'] . "',\n\t\t\t\t\t\t'" . $_POST['PDFLanguage'] . "',\n\t\t\t\t\t\t'" . $_POST['Department'] . "')"; prnMsg(_('A new user record has been inserted'), 'success'); } if ($InputError != 1) { //run the SQL from either of the above possibilites $ErrMsg = _('The user alterations could not be processed because'); $DbgMsg = _('The SQL that was used to update the user and failed was'); $result = DB_query($sql, $db, $ErrMsg, $DbgMsg); unset($_POST['UserID']); unset($_POST['RealName']); unset($_POST['Cust']); unset($_POST['BranchCode']); unset($_POST['SupplierID']); unset($_POST['Salesman']); unset($_POST['Phone']); unset($_POST['Email']);
$ErrMsg = _('The user alterations could not be processed because'); $DbgMsg = _('The SQL that was used to update the user and failed was'); $result = DB_query($sql, $db, $ErrMsg, $DbgMsg); prnMsg(_('The user settings have been updated') . '. ' . _('Be sure to remember your password for the next time you login'), 'success'); $sql = "SELECT fullaccess FROM www_users\n\t\tWHERE userid= '" . trim($_SESSION['UserID']) . "'"; $result = DB_query($sql, $db); $myrow = DB_fetch_row($result); $user = $myrow[0]; if ($user == 7) { $sql = "UPDATE debtorsmaster\n\t\t\t\tSET boxno='" . $_POST['boxno'] . "',\n\t\t\t\t\ttown='" . $_POST['town'] . "',\n\t\t\t\t\tzip='" . $_POST['zip'] . "',\n\t\t\t\t\tstate='" . $_POST['state'] . "',\n\t\t\t\t\tmobileno='" . $_POST['mobileno'] . "',\n\t\t\t\t\trelationship='" . $_POST['relationship'] . "',\n\t\t\t\t\tgname='" . $_POST['gname'] . "',\n\t\t\t\t\tgboxno='" . $_POST['gboxno'] . "',\n\t\t\t\t\tgtown='" . $_POST['gtown'] . "',\n\t\t\t\t\tgstate='" . $_POST['gstate'] . "',\n\t\t\t\t\tgmobileno='" . $_POST['gmobileno'] . "',\n\t\t\t\t\temail='" . $_POST['email'] . "'\n\t\t\t\tWHERE debtorno = '" . $_SESSION['UserID'] . "'"; $ErrMsg = _('The student alterations could not be processed because'); $DbgMsg = _('The SQL that was used to update the user and failed was'); $result = DB_query($sql, $db, $ErrMsg, $DbgMsg); } } else { $sql = "UPDATE www_users\n\t\t\t\tSET email='" . $_POST['email'] . "',\n\t\t\t\t\tpassword='******'pass']) . "'\n\t\t\t\tWHERE userid = '" . $_SESSION['UserID'] . "'"; $ErrMsg = _('The user alterations could not be processed because'); $DbgMsg = _('The SQL that was used to update the user and failed was'); $result = DB_query($sql, $db, $ErrMsg, $DbgMsg); prnMsg(_('The user settings have been updated'), 'success'); $sql = "SELECT fullaccess FROM www_users\n\t\tWHERE userid= '" . trim($_SESSION['UserID']) . "'"; $result = DB_query($sql, $db); $myrow = DB_fetch_row($result); $user = $myrow[0]; if ($user == 7) { $sql = "UPDATE debtorsmaster\n\t\t\t\tSET boxno='" . $_POST['boxno'] . "',\n\t\t\t\t\ttown='" . $_POST['town'] . "',\n\t\t\t\t\tzip='" . $_POST['zip'] . "',\n\t\t\t\t\tstate='" . $_POST['state'] . "',\n\t\t\t\t\tmobileno='" . $_POST['mobileno'] . "',\n\t\t\t\t\trelationship='" . $_POST['relationship'] . "',\n\t\t\t\t\tgname='" . $_POST['gname'] . "',\n\t\t\t\t\tgboxno='" . $_POST['gboxno'] . "',\n\t\t\t\t\tgtown='" . $_POST['gtown'] . "',\n\t\t\t\t\tgstate='" . $_POST['gstate'] . "',\n\t\t\t\t\tgmobileno='" . $_POST['gmobileno'] . "',\n\t\t\t\t\temail='" . $_POST['email'] . "'\n\t\t\t\tWHERE debtorno = '" . $_SESSION['UserID'] . "'"; $ErrMsg = _('The student alterations could not be processed because'); $DbgMsg = _('The SQL that was used to update the user and failed was'); $result = DB_query($sql, $db, $ErrMsg, $DbgMsg); } }
$InputError = 1; prnMsg(_('The password and password confirmation fields entered do not match'), 'error'); } else { $UpdatePassword = '******'; } } if ($InputError != 1) { // no errors if ($UpdatePassword != 'Y') { $sql = "UPDATE www_users\n\t\t\t\tSET displayrecordsmax='" . $_POST['DisplayRecordsMax'] . "',\n\t\t\t\t\ttheme='" . $_POST['Theme'] . "',\n\t\t\t\t\tlanguage='" . $_POST['Language'] . "',\n\t\t\t\t\temail='" . $_POST['email'] . "',\n\t\t\t\t\tpdflanguage='" . $_POST['PDFLanguage'] . "'\n\t\t\t\tWHERE userid = '" . $_SESSION['UserID'] . "'"; $ErrMsg = _('The user alterations could not be processed because'); $DbgMsg = _('The SQL that was used to update the user and failed was'); $result = DB_query($sql, $db, $ErrMsg, $DbgMsg); prnMsg(_('The user settings have been updated') . '. ' . _('Be sure to remember your password for the next time you login'), 'success'); } else { $sql = "UPDATE www_users\n\t\t\t\tSET displayrecordsmax='" . $_POST['DisplayRecordsMax'] . "',\n\t\t\t\t\ttheme='" . $_POST['Theme'] . "',\n\t\t\t\t\tlanguage='" . $_POST['Language'] . "',\n\t\t\t\t\temail='" . $_POST['email'] . "',\n\t\t\t\t\tpdflanguage='" . $_POST['PDFLanguage'] . "',\n\t\t\t\t\tpassword='******'Password']) . "'\n\t\t\t\tWHERE userid = '" . $_SESSION['UserID'] . "'"; $ErrMsg = _('The user alterations could not be processed because'); $DbgMsg = _('The SQL that was used to update the user and failed was'); $result = DB_query($sql, $db, $ErrMsg, $DbgMsg); prnMsg(_('The user settings have been updated'), 'success'); } // update the session variables to reflect user changes on-the-fly $_SESSION['DisplayRecordsMax'] = $_POST['DisplayRecordsMax']; $_SESSION['Theme'] = trim($_POST['Theme']); /*already set by session.inc but for completeness */ $theme = $_SESSION['Theme']; $_SESSION['Language'] = trim($_POST['Language']); $_SESSION['PDFLanguage'] = $_POST['PDFLanguage']; include 'includes/LanguageSetup.php'; } }
$i++; } $_POST['ModulesAllowed'] = $ModulesAllowed; if ($SelectedUser and $InputError != 1) { if (!isset($_POST['Cust']) or $_POST['Cust'] == NULL or $_POST['Cust'] == '') { $_POST['Cust'] = ''; $_POST['BranchCode'] = ''; } $UpdatePassword = ""; if ($_POST['Password'] != "") { $UpdatePassword = "******" . CryptPass($_POST['Password']) . "',"; } $sql = "UPDATE www_users SET realname='" . $_POST['RealName'] . "',phone='" . $_POST['Phone'] . "',\n\t\temail='" . $_POST['Email'] . "'," . $UpdatePassword . "salesman='" . $_POST['Salesman'] . "',\n\t\tfullaccess='" . $_POST['Access'] . "',modulesallowed='" . $ModulesAllowed . "',blocked='" . $_POST['Blocked'] . "'\n\t\tWHERE userid = '" . $SelectedUser . "'"; prnMsg(_('The selected user record has been updated'), 'success'); } elseif ($InputError != 1) { $sql = "INSERT INTO www_users (userid,realname,password,phone,email,fullaccess,modulesallowed,theme)\n\t\tVALUES ('" . $_POST['UserID'] . "','" . $_POST['RealName'] . "','" . CryptPass($_POST['Password']) . "',\n\t\t'" . $_POST['Phone'] . "','" . $_POST['Email'] . "','" . $_POST['Access'] . "','" . $ModulesAllowed . "','professional')"; prnMsg(_('A new user record has been inserted'), 'success'); } if ($InputError != 1) { $ErrMsg = _('The user alterations could not be processed because'); $DbgMsg = _('The SQL that was used to update the user and failed was'); $result = DB_query($sql, $db, $ErrMsg, $DbgMsg); unset($_POST['UserID']); unset($_POST['RealName']); unset($_POST['Salesman']); unset($_POST['Phone']); unset($_POST['Email']); unset($_POST['Password']); unset($_POST['PageSize']); unset($_POST['Access']); unset($_POST['DefaultLocation']);
function userLogin($Name, $Password, $SysAdminEmail = '', $db) { global $debug; if (!isset($_SESSION['AccessLevel']) or $_SESSION['AccessLevel'] == '' or isset($Name) and $Name != '') { /* if not logged in */ $_SESSION['AccessLevel'] = ''; $_SESSION['CustomerID'] = ''; $_SESSION['UserBranch'] = ''; $_SESSION['SalesmanLogin'] = ''; $_SESSION['Module'] = ''; $_SESSION['PageSize'] = ''; $_SESSION['UserStockLocation'] = ''; $_SESSION['AttemptsCounter']++; // Show login screen if (!isset($Name) or $Name == '') { $_SESSION['DatabaseName'] = ''; $_SESSION['CompanyName'] = ''; return UL_SHOWLOGIN; } /* The SQL to get the user info must use the * syntax because the field name could change between versions if the fields are specifed directly then the sql fails and the db upgrade will fail */ $sql = "SELECT *\n\t\t\t\tFROM www_users\n\t\t\t\tWHERE www_users.userid='" . $Name . "'\n\t\t\t\tAND (www_users.password='******'\n\t\t\t\tOR www_users.password='******')"; $ErrMsg = _('Could not retrieve user details on login because'); $debug = 1; $Auth_Result = DB_query($sql, $db, $ErrMsg); // Populate session variables with data base results if (DB_num_rows($Auth_Result) > 0) { $myrow = DB_fetch_array($Auth_Result); if ($myrow['blocked'] == 1) { //the account is blocked return UL_BLOCKED; } /*reset the attempts counter on successful login */ $_SESSION['UserID'] = $myrow['userid']; $_SESSION['AttemptsCounter'] = 0; $_SESSION['AccessLevel'] = $myrow['fullaccess']; $_SESSION['CustomerID'] = $myrow['customerid']; $_SESSION['UserBranch'] = $myrow['branchcode']; $_SESSION['DefaultPageSize'] = $myrow['pagesize']; $_SESSION['UserStockLocation'] = $myrow['defaultlocation']; $_SESSION['UserEmail'] = $myrow['email']; $_SESSION['ModulesEnabled'] = explode(",", $myrow['modulesallowed']); $_SESSION['UsersRealName'] = $myrow['realname']; $_SESSION['Theme'] = $myrow['theme']; $_SESSION['Language'] = $myrow['language']; $_SESSION['SalesmanLogin'] = $myrow['salesman']; $_SESSION['CanCreateTender'] = $myrow['cancreatetender']; $_SESSION['AllowedDepartment'] = $myrow['department']; if (isset($myrow['pdflanguage'])) { $_SESSION['PDFLanguage'] = $myrow['pdflanguage']; } else { $_SESSION['PDFLanguage'] = '0'; //default to latin western languages } if ($myrow['displayrecordsmax'] > 0) { $_SESSION['DisplayRecordsMax'] = $myrow['displayrecordsmax']; } else { $_SESSION['DisplayRecordsMax'] = $_SESSION['DefaultDisplayRecordsMax']; // default comes from config.php } $sql = "UPDATE www_users SET lastvisitdate='" . date('Y-m-d H:i:s') . "'\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'"; $Auth_Result = DB_query($sql, $db); /*get the security tokens that the user has access to */ $sql = "SELECT tokenid FROM securitygroups\n\t\t\t\t\t\t\tWHERE secroleid = '" . $_SESSION['AccessLevel'] . "'"; $Sec_Result = DB_query($sql, $db); $_SESSION['AllowedPageSecurityTokens'] = array(); if (DB_num_rows($Sec_Result) == 0) { return UL_CONFIGERR; } else { $i = 0; $UserIsSysAdmin = FALSE; while ($myrow = DB_fetch_row($Sec_Result)) { if ($myrow[0] == 15) { $UserIsSysAdmin = TRUE; } $_SESSION['AllowedPageSecurityTokens'][$i] = $myrow[0]; $i++; } } // check if only maintenance users can access webERP $sql = "SELECT confvalue FROM config WHERE confname = 'DB_Maintenance'"; $Maintenance_Result = DB_query($sql, $db); if (DB_num_rows($Maintenance_Result) == 0) { return UL_CONFIGERR; } else { $myMaintenanceRow = DB_fetch_row($Maintenance_Result); if ($myMaintenanceRow[0] == -1 and $UserIsSysAdmin == FALSE) { // the configuration setting has been set to -1 ==> Allow SysAdmin Access Only // the user is NOT a SysAdmin return UL_MAINTENANCE; } } } else { // Incorrect password // 5 login attempts, show failed login screen if (!isset($_SESSION['AttemptsCounter'])) { $_SESSION['AttemptsCounter'] = 0; } elseif ($_SESSION['AttemptsCounter'] >= 5 and isset($Name)) { /*User blocked from future accesses until sysadmin releases */ $sql = "UPDATE www_users\n\t\t\t\t\t\t\tSET blocked=1\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'"; $Auth_Result = DB_query($sql, $db); if ($SysAdminEmail != '') { $EmailSubject = _('User access blocked') . ' ' . $Name; $EmailText = _('User ID') . ' ' . $Name . ' - ' . $Password . ' - ' . _('has been blocked access at') . ' ' . Date('Y-m-d H:i:s') . ' ' . _('from IP') . ' ' . $_SERVER["REMOTE_ADDR"] . ' ' . _('due to too many failed attempts.'); if ($_SESSION['SmtpSetting'] == 0) { mail($SysAdminEmail, $EmailSubject, $EmailText); } else { include 'includes/htmlMimeMail.php'; $mail = new htmlMimeMail(); $mail->setSubject($EmailSubject); $mail->setText($EmailText); $result = SendmailBySmtp($mail, array($SysAdminEmail)); } } return UL_BLOCKED; } return UL_NOTVALID; } } // End of userid/password check // Run with debugging messages for the system administrator(s) but not anyone else return UL_OK; /* All is well */ }
function userLogin($Name, $Password, $db) { if (!isset($_SESSION['AccessLevel']) or $_SESSION['AccessLevel'] == '' or isset($Name) and $Name != '') { /* if not logged in */ $_SESSION['AccessLevel'] = ''; $_SESSION['CustomerID'] = ''; $_SESSION['UserBranch'] = ''; $_SESSION['SalesmanLogin'] = ''; $_SESSION['Module'] = ''; $_SESSION['PageSize'] = ''; $_SESSION['UserStockLocation'] = ''; $_SESSION['AttemptsCounter']++; // Show login screen if (!isset($Name) or $Name == '') { return UL_SHOWLOGIN; } $sql = "SELECT www_users.fullaccess,\n\t\t\t\t\t\t\t\t\twww_users.customerid,\n\t\t\t\t\t\t\t\t\twww_users.lastvisitdate,\n\t\t\t\t\t\t\t\t\twww_users.pagesize,\n\t\t\t\t\t\t\t\t\twww_users.defaultlocation,\n\t\t\t\t\t\t\t\t\twww_users.branchcode,\n\t\t\t\t\t\t\t\t\twww_users.modulesallowed,\n\t\t\t\t\t\t\t\t\twww_users.blocked,\n\t\t\t\t\t\t\t\t\twww_users.realname,\n\t\t\t\t\t\t\t\t\twww_users.theme,\n\t\t\t\t\t\t\t\t\twww_users.displayrecordsmax,\n\t\t\t\t\t\t\t\t\twww_users.userid,\n\t\t\t\t\t\t\t\t\twww_users.language,\n\t\t\t\t\t\t\t\t\twww_users.salesman,\n\t\t\t\t\t\t\t\t\twww_users.pdflanguage\n\t\t\t\t\t\tFROM www_users\n\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'\n\t\t\t\t\t\tAND (www_users.password='******'\n\t\t\t\t\t\tOR www_users.password='******')"; $Auth_Result = DB_query($sql, $db); // Populate session variables with data base results if (DB_num_rows($Auth_Result) > 0) { $myrow = DB_fetch_array($Auth_Result); if ($myrow[7] == 1) { //the account is blocked return UL_BLOCKED; } /*reset the attempts counter on successful login */ $_SESSION['AttemptsCounter'] = 0; $_SESSION['AccessLevel'] = $myrow['fullaccess']; $_SESSION['CustomerID'] = $myrow['customerid']; $_SESSION['UserBranch'] = $myrow['branchcode']; $_SESSION['DefaultPageSize'] = $myrow['pagesize']; $_SESSION['UserStockLocation'] = $myrow['defaultlocation']; $_SESSION['ModulesEnabled'] = explode(",", $myrow['modulesallowed']); $_SESSION['UsersRealName'] = $myrow['realname']; $_SESSION['Theme'] = $myrow['theme']; // $_SESSION['UserID'] = $myrow[11]; $_SESSION['Language'] = $myrow['language']; $_SESSION['SalesmanLogin'] = $myrow['salesman']; $_SESSION['PDFLanguage'] = $myrow['pdflanguage']; if ($myrow[10] > 0) { $_SESSION['DisplayRecordsMax'] = $myrow['displayrecordsmax']; } else { $_SESSION['DisplayRecordsMax'] = $_SESSION['DefaultDisplayRecordsMax']; // default comes from config.php } $_SESSION['UserID'] = $myrow['userid']; $sql = "UPDATE www_users SET lastvisitdate='" . date("Y-m-d H:i:s") . "'\n\t\t\t\t\tWHERE www_users.userid='" . $Name . "'"; $Auth_Result = DB_query($sql, $db); /*get the security tokens that the user has access to */ $sql = 'SELECT tokenid FROM securitygroups WHERE secroleid = ' . $_SESSION['AccessLevel']; $Sec_Result = DB_query($sql, $db); $_SESSION['AllowedPageSecurityTokens'] = array(); if (DB_num_rows($Sec_Result) == 0) { return UL_CONFIGERR; } else { $i = 0; while ($myrow = DB_fetch_row($Sec_Result)) { $_SESSION['AllowedPageSecurityTokens'][$i] = $myrow[0]; $i++; } } // Temporary shift - disable log messages. } else { // Incorrect password // 5 login attempts, show failed login screen if (!isset($_SESSION['AttemptsCounter'])) { $_SESSION['AttemptsCounter'] = 0; } elseif ($_SESSION['AttemptsCounter'] >= 5 and isset($Name)) { /*User blocked from future accesses until sysadmin releases */ $sql = "UPDATE www_users\n\t\t\t\t\t\tSET blocked=1\n\t\t\t\t\tWHERE www_users.userid='" . $Name . "'"; $Auth_Result = DB_query($sql, $db); return UL_BLOCKED; } return UL_NOTVALID; } } // End of userid/password check // Run with debugging messages for the system administrator(s) but not anyone else return UL_OK; /* All is well */ }
function userLogin($Name, $Password, $SysAdminEmail = '', $db) { global $debug; global $PathPrefix; if (!isset($_SESSION['AccessLevel']) or $_SESSION['AccessLevel'] == '' or isset($Name) and $Name != '') { /* if not logged in */ $_SESSION['AccessLevel'] = ''; $_SESSION['CustomerID'] = ''; $_SESSION['UserBranch'] = ''; $_SESSION['SalesmanLogin'] = ''; $_SESSION['Module'] = ''; $_SESSION['PageSize'] = ''; $_SESSION['UserStockLocation'] = ''; $_SESSION['AttemptsCounter']++; // Show login screen if (!isset($Name) or $Name == '') { $_SESSION['DatabaseName'] = ''; $_SESSION['CompanyName'] = ''; return UL_SHOWLOGIN; } /* The SQL to get the user info must use the * syntax because the field name could change between versions if the fields are specifed directly then the sql fails and the db upgrade will fail */ $sql = "SELECT *\n\t\t\t\tFROM www_users\n\t\t\t\tWHERE www_users.userid='" . $Name . "'"; $ErrMsg = _('Could not retrieve user details on login because'); $debug = 1; $PasswordVerified = false; $Auth_Result = DB_query($sql, $ErrMsg); if (DB_num_rows($Auth_Result) > 0) { $myrow = DB_fetch_array($Auth_Result); if (VerifyPass($Password, $myrow['password'])) { $PasswordVerified = true; } elseif (isset($GLOBALS['CryptFunction'])) { /*if the password stored in the DB was compiled the old way, * the previous comparison will fail, * try again with the old hashing algorithm, * then re-hash the password using the new algorithm. * The next version should not have $CryptFunction any more for new installs. */ switch ($GLOBALS['CryptFunction']) { case 'sha1': if ($myrow['password'] == sha1($Password)) { $PasswordVerified = true; } break; case 'md5': if ($myrow['password'] == md5($Password)) { $PasswordVerified = true; } break; default: if ($myrow['password'] == $Password) { $PasswordVerified = true; } } if ($PasswordVerified) { $sql = "UPDATE www_users SET password = '******'" . " WHERE userid = '" . $Name . "';"; DB_query($sql); } } } // Populate session variables with data base results if ($PasswordVerified) { if ($myrow['blocked'] == 1) { //the account is blocked return UL_BLOCKED; } /*reset the attempts counter on successful login */ $_SESSION['UserID'] = $myrow['userid']; $_SESSION['AttemptsCounter'] = 0; $_SESSION['AccessLevel'] = $myrow['fullaccess']; $_SESSION['CustomerID'] = $myrow['customerid']; $_SESSION['UserBranch'] = $myrow['branchcode']; $_SESSION['DefaultPageSize'] = $myrow['pagesize']; $_SESSION['UserStockLocation'] = $myrow['defaultlocation']; $_SESSION['UserEmail'] = $myrow['email']; $_SESSION['ModulesEnabled'] = explode(",", $myrow['modulesallowed']); $_SESSION['UsersRealName'] = $myrow['realname']; $_SESSION['Theme'] = $myrow['theme']; $_SESSION['Language'] = $myrow['language']; $_SESSION['SalesmanLogin'] = $myrow['salesman']; $_SESSION['CanCreateTender'] = $myrow['cancreatetender']; $_SESSION['AllowedDepartment'] = $myrow['department']; $_SESSION['ShowDashboard'] = $myrow['showdashboard']; if (isset($myrow['pdflanguage'])) { $_SESSION['PDFLanguage'] = $myrow['pdflanguage']; } else { $_SESSION['PDFLanguage'] = '0'; //default to latin western languages } if ($myrow['displayrecordsmax'] > 0) { $_SESSION['DisplayRecordsMax'] = $myrow['displayrecordsmax']; } else { $_SESSION['DisplayRecordsMax'] = $_SESSION['DefaultDisplayRecordsMax']; // default comes from config.php } $sql = "UPDATE www_users SET lastvisitdate='" . date('Y-m-d H:i:s') . "'\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'"; $Auth_Result = DB_query($sql); /*get the security tokens that the user has access to */ $sql = "SELECT tokenid\n\t\t\t\t\tFROM securitygroups\n\t\t\t\t\tWHERE secroleid = '" . $_SESSION['AccessLevel'] . "'"; $Sec_Result = DB_query($sql); $_SESSION['AllowedPageSecurityTokens'] = array(); if (DB_num_rows($Sec_Result) == 0) { return UL_CONFIGERR; } else { $i = 0; $UserIsSysAdmin = FALSE; while ($myrow = DB_fetch_row($Sec_Result)) { if ($myrow[0] == 15) { $UserIsSysAdmin = TRUE; } $_SESSION['AllowedPageSecurityTokens'][$i] = $myrow[0]; $i++; } } /*User is logged in so get configuration parameters - save in session*/ include $PathPrefix . 'includes/GetConfig.php'; if (isset($_SESSION['DB_Maintenance'])) { if ($_SESSION['DB_Maintenance'] > 0) { //run the DB maintenance script if (DateDiff(Date($_SESSION['DefaultDateFormat']), ConvertSQLDate($_SESSION['DB_Maintenance_LastRun']), 'd') >= $_SESSION['DB_Maintenance']) { /*Do the DB maintenance routing for the DB_type selected */ DB_Maintenance(); $_SESSION['DB_Maintenance_LastRun'] = Date('Y-m-d'); /* Audit trail purge only runs if DB_Maintenance is enabled */ if (isset($_SESSION['MonthsAuditTrail'])) { $sql = "DELETE FROM audittrail\n\t\t\t\t\t\t\t\t\tWHERE transactiondate <= '" . Date('Y-m-d', mktime(0, 0, 0, Date('m') - $_SESSION['MonthsAuditTrail'])) . "'"; $ErrMsg = _('There was a problem deleting expired audit-trail history'); $result = DB_query($sql); } } } } /*Check to see if currency rates need to be updated */ if (isset($_SESSION['UpdateCurrencyRatesDaily'])) { if ($_SESSION['UpdateCurrencyRatesDaily'] != 0) { /* Only run the update to currency rates if today is after the last update i.e. only runs once a day */ if (DateDiff(Date($_SESSION['DefaultDateFormat']), ConvertSQLDate($_SESSION['UpdateCurrencyRatesDaily']), 'd') > 0) { if ($_SESSION['ExchangeRateFeed'] == 'ECB') { $CurrencyRates = GetECBCurrencyRates(); // gets rates from ECB see includes/MiscFunctions.php /*Loop around the defined currencies and get the rate from ECB */ if ($CurrencyRates != false) { $CurrenciesResult = DB_query("SELECT currabrev FROM currencies"); while ($CurrencyRow = DB_fetch_row($CurrenciesResult)) { if ($CurrencyRow[0] != $_SESSION['CompanyRecord']['currencydefault']) { $UpdateCurrRateResult = DB_query("UPDATE currencies SET rate='" . GetCurrencyRate($CurrencyRow[0], $CurrencyRates) . "'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE currabrev='" . $CurrencyRow[0] . "'", $db); } } } } else { $CurrenciesResult = DB_query("SELECT currabrev FROM currencies"); while ($CurrencyRow = DB_fetch_row($CurrenciesResult)) { if ($CurrencyRow[0] != $_SESSION['CompanyRecord']['currencydefault']) { $UpdateCurrRateResult = DB_query("UPDATE currencies SET rate='" . google_currency_rate($CurrencyRow[0]) . "'\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE currabrev='" . $CurrencyRow[0] . "'", $db); } } } $_SESSION['UpdateCurrencyRatesDaily'] = Date('Y-m-d'); $UpdateConfigResult = DB_query("UPDATE config SET confvalue = '" . Date('Y-m-d') . "' WHERE confname='UpdateCurrencyRatesDaily'"); } } } /* Set the logo if not yet set. * will be done only once per session and each time * we are not in session (i.e. before login) */ if (empty($_SESSION['LogoFile'])) { /* find a logo in companies/CompanyDir */ if (file_exists($PathPrefix . 'companies/' . $_SESSION['DatabaseName'] . '/logo.png')) { $_SESSION['LogoFile'] = 'companies/' . $_SESSION['DatabaseName'] . '/logo.png'; } elseif (file_exists($PathPrefix . 'companies/' . $_SESSION['DatabaseName'] . '/logo.jpg')) { $_SESSION['LogoFile'] = 'companies/' . $_SESSION['DatabaseName'] . '/logo.jpg'; } } if (!isset($_SESSION['DB_Maintenance'])) { return UL_CONFIGERR; } else { if ($_SESSION['DB_Maintenance'] == -1 and !in_array(15, $_SESSION['AllowedPageSecurityTokens'])) { // the configuration setting has been set to -1 ==> Allow SysAdmin Access Only // the user is NOT a SysAdmin return UL_MAINTENANCE; } } } else { // Incorrect password // 5 login attempts, show failed login screen if (!isset($_SESSION['AttemptsCounter'])) { $_SESSION['AttemptsCounter'] = 0; } elseif ($_SESSION['AttemptsCounter'] >= 5 and isset($Name)) { /*User blocked from future accesses until sysadmin releases */ $sql = "UPDATE www_users\n\t\t\t\t\t\t\tSET blocked=1\n\t\t\t\t\t\t\tWHERE www_users.userid='" . $Name . "'"; $Auth_Result = DB_query($sql); if ($SysAdminEmail != '') { $EmailSubject = _('User access blocked') . ' ' . $Name; $EmailText = _('User ID') . ' ' . $Name . ' - ' . $Password . ' - ' . _('has been blocked access at') . ' ' . Date('Y-m-d H:i:s') . ' ' . _('from IP') . ' ' . $_SERVER["REMOTE_ADDR"] . ' ' . _('due to too many failed attempts.'); if ($_SESSION['SmtpSetting'] == 0) { mail($SysAdminEmail, $EmailSubject, $EmailText); } else { include 'includes/htmlMimeMail.php'; $mail = new htmlMimeMail(); $mail->setSubject($EmailSubject); $mail->setText($EmailText); $result = SendmailBySmtp($mail, array($SysAdminEmail)); } } return UL_BLOCKED; } return UL_NOTVALID; } } // End of userid/password check // Run with debugging messages for the system administrator(s) but not anyone else return UL_OK; /* All is well */ }