<?php
/*
* main.php -
* Copyright (c) 2003 OGP Team
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of
* the License, or (at your option) any later version.
*/
require_once "./include/page.inc.php";
require_once "./include/db.functions.php";
page_start();
/* ***** SESSION EXPIRATION CHECK ***************************************************** */
// frisch eingeloggt
if (!isset($params->SESSION->lastAction)) {
$_SESSION['lastAction'] = time();
} else {
if (time() > $params->SESSION->lastAction + SESSION_MAX_LIFETIME) {
page_error403("Sie waren für " . date("i", SESSION_MAX_LIFETIME) . " Minuten oder mehr inaktiv. Letzte Aktion um " . date("H:i:s", $params->SESSION->lastAction . " Uhr."));
} else {
$_SESSION['lastAction'] = time();
}
}
/* ***** SESSION CHECK ***************************************************** */
$checksum = md5($_SERVER['HTTP_USER_AGENT'] . $_SERVER['HTTP_ACCEPT_CHARSET'] . $_SERVER['HTTP_ACCEPT_LANGUAGE']);
if ($checksum != $params->SESSION->session['loginchecksum']) {
page_error403(__FILE__ . ":" . __LINE__ . ": Browserfehler.");
}
/* FIXME doesnt work with proxy servers
// Only Administrators can access this page
authorize_user(array("Administrators"));
// Build the SELECT statement
$select_users = "SELECT user_id, first_name, last_name, email " . " FROM users";
// Run the query
$result = mysql_query($select_users);
// Display the view to users
$delete_user_script = <<<EOD
function delete_user(user_id) {
if (confirm("Are you sure you want to delete this user? " +
"There's really no going back!")) {
window.location = "delete_user.php?user_id=" + user_id;
}
}
EOD;
page_start("Current Users", $delete_user_script, $_REQUEST['success_message'], $_REQUEST['error_message']);
?>
<div id="content">
<ul>
<?php
while ($user = mysql_fetch_array($result)) {
$user_row = sprintf("<li><a href='show_user.php?user_id=%d'>%s %s</a> " . "(<a href='mailto:%s'>%s</a>) " . "<a href='javascript:delete_user(%d);'><img " . "class='delete_user' src='../images/delete.png' " . "width='15' /></a></li>", $user['user_id'], $user['first_name'], $user['last_name'], $user['email'], $user['email'], $user['user_id']);
echo $user_row;
}
?>
</ul>
</div>
<div id="footer"></div>
</body>
</html>
$query = sprintf("SELECT user_id, username FROM users " . " WHERE username = '******' AND " . " password = '******';", $username, crypt($password, $username));
$results = mysql_query($query);
if (mysql_num_rows($results) == 1) {
$result = mysql_fetch_array($results);
$user_id = $result['user_id'];
setcookie('user_id', $user_id);
setcookie('username', $result['username']);
header("Location: show_user.php");
} else {
// If user not found, issue an error
$error_message = "Your username/password combination was invalid.";
}
}
// Still in the "not signed in" part of the if
// Start the page, and pass along any error message set earlier
page_start("Sign In", NULL, NULL, $error_message);
?>
<html>
<div id="content">
<h1>Sign In to the Club</h1>
<form id="signin_form"
action="<?php
echo $_SERVER['PHP_SELF'];
?>
"
method="POST">
<fieldset>
<label for="username">Username:</label>
<input type="text" name="username" id="username" size="20"
value="<?php
equalTo: "#password"
}
},
messages: {
password: {
minlength: "Passwords must be at least 6 characters"
},
confirm_password: {
minlength: "Passwords must be at least 6 characters",
equalTo: "Your passwords do not match."
}
}
});
});
EOD;
page_start("User Signup", $inline_javascript);
?>
<div id="content">
<h1>Join the Missing Manual (Digital) Social Club</h1>
<p>Please enter your online connections below:</p>
<form id="signup_form" action="create_user.php"
method="POST" enctype="multipart/form-data">
<fieldset>
<label for="first_name">First Name:</label>
<input type="text" name="first_name" size="20" class="required" /><br />
<label for="last_name">Last Name:</label>
<input type="text" name="last_name" size="20" class="required" /><br />
<label for="username">Username:</label>
<input type="text" name="username" size="20" class="required" /><br />
<label for="password">Password:</label>
bindtextdomain("messages", "../locales");
textdomain("messages");
bind_textdomain_codeset("messages", "UTF-8");
//
/////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////
// Set action
if (isset($_POST["action"])) {
$action = $_POST["action"];
} elseif (isset($_GET["action"])) {
$action = $_GET["action"];
} else {
$action = null;
}
/////////////////////////////////////////////////////////////////
phamm_print_xhtml(page_start());
$connect = PhammLDAP::phamm_connect();
// Load Plugins values in $pv
$plugin = new PhammPlugin();
$pv = $plugin->plugins_load();
if (!$connect) {
phamm_print_message('error', _("Connection to LDAP Server Failed!"));
phamm_print_message('error', PhammLdap::phamm_error());
echo $page_exit;
}
// Login section
$login = new PhammLogin();
// First login
if (!$login->login_check() && isset($_POST["login_username"]) && isset($_POST["login_password"])) {
$proposed = $login->login_dn_costructor($_POST["login_username"]);
$r_bind = $login->login_try($connect, $proposed, $_POST["login_password"], $_POST["login_username"]);
$last_name = $row['last_name'];
$bio = preg_replace("/[\r\n]+/", "</p><p>", $row['bio']);
$email = $row['email'];
$facebook_url = $row['facebook_url'];
$twitter_handle = $row['twitter_handle'];
$user_image = get_web_path($row['user_pic_path']);
// Turn $twitter_handle into a URL
$twitter_url = "http://www.twitter.com/" . substr($twitter_handle, $position + 1);
if ($user_image === NULL) {
$user_image = "../../images/missing_user.png";
}
// To be added later
} else {
die("Error locating user with ID {$user_id}");
}
page_start("User Porfile");
?>
<div id="content">
<div class="user_profile">
<h1><?php
echo "{$first_name} {$last_name}";
?>
</h1>
<p><img src="<?php
echo $user_image;
?>
" class="user_pic" />
<?php
echo $bio;
function page_toggle()
{
$state = db_result(db_query("SELECT active_check FROM log ORDER BY id DESC LIMIT 1"));
$o = "";
if ($state) {
$o = page_stop();
} else {
$o = page_start(1);
}
return $o;
}
$result = mysql_query($select_query);
if ($result) {
$row = mysql_fetch_array($result);
$first_name = $row['first_name'];
$last_name = $row['last_name'];
$bio = preg_replace("/[\r\n]+/", "</p><p>", $row['bio']);
$email = $row['email'];
$facebook_url = $row['facebook_url'];
$twitter_handle = $row['twitter_handle'];
$user_image = get_web_path($row['user_pic_path']);
// Turn $twitter_handle into a URL
$twitter_url = "http://www.twitter.com/" . substr($twitter_handle, $position + 1);
} else {
handle_error("There was a problem finding your " . "information in our system.", "Error locating user with ID {$user_id}");
}
page_start("User Profile");
?>
<div id="content">
<div class="user_profile">
<h1><?php
echo "{$first_name} {$last_name}";
?>
</h1>
<p><img src="<?php
echo $user_image;
?>
" class="user_pic" />
<?php
echo $bio;
?>
