<?php /* * main.php - * Copyright (c) 2003 OGP Team * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; either version 2 of * the License, or (at your option) any later version. */ require_once "./include/page.inc.php"; require_once "./include/db.functions.php"; page_start(); /* ***** SESSION EXPIRATION CHECK ***************************************************** */ // frisch eingeloggt if (!isset($params->SESSION->lastAction)) { $_SESSION['lastAction'] = time(); } else { if (time() > $params->SESSION->lastAction + SESSION_MAX_LIFETIME) { page_error403("Sie waren für " . date("i", SESSION_MAX_LIFETIME) . " Minuten oder mehr inaktiv. Letzte Aktion um " . date("H:i:s", $params->SESSION->lastAction . " Uhr.")); } else { $_SESSION['lastAction'] = time(); } } /* ***** SESSION CHECK ***************************************************** */ $checksum = md5($_SERVER['HTTP_USER_AGENT'] . $_SERVER['HTTP_ACCEPT_CHARSET'] . $_SERVER['HTTP_ACCEPT_LANGUAGE']); if ($checksum != $params->SESSION->session['loginchecksum']) { page_error403(__FILE__ . ":" . __LINE__ . ": Browserfehler."); } /* FIXME doesnt work with proxy servers
// Only Administrators can access this page authorize_user(array("Administrators")); // Build the SELECT statement $select_users = "SELECT user_id, first_name, last_name, email " . " FROM users"; // Run the query $result = mysql_query($select_users); // Display the view to users $delete_user_script = <<<EOD function delete_user(user_id) { if (confirm("Are you sure you want to delete this user? " + "There's really no going back!")) { window.location = "delete_user.php?user_id=" + user_id; } } EOD; page_start("Current Users", $delete_user_script, $_REQUEST['success_message'], $_REQUEST['error_message']); ?> <div id="content"> <ul> <?php while ($user = mysql_fetch_array($result)) { $user_row = sprintf("<li><a href='show_user.php?user_id=%d'>%s %s</a> " . "(<a href='mailto:%s'>%s</a>) " . "<a href='javascript:delete_user(%d);'><img " . "class='delete_user' src='../images/delete.png' " . "width='15' /></a></li>", $user['user_id'], $user['first_name'], $user['last_name'], $user['email'], $user['email'], $user['user_id']); echo $user_row; } ?> </ul> </div> <div id="footer"></div> </body> </html>
$query = sprintf("SELECT user_id, username FROM users " . " WHERE username = '******' AND " . " password = '******';", $username, crypt($password, $username)); $results = mysql_query($query); if (mysql_num_rows($results) == 1) { $result = mysql_fetch_array($results); $user_id = $result['user_id']; setcookie('user_id', $user_id); setcookie('username', $result['username']); header("Location: show_user.php"); } else { // If user not found, issue an error $error_message = "Your username/password combination was invalid."; } } // Still in the "not signed in" part of the if // Start the page, and pass along any error message set earlier page_start("Sign In", NULL, NULL, $error_message); ?> <html> <div id="content"> <h1>Sign In to the Club</h1> <form id="signin_form" action="<?php echo $_SERVER['PHP_SELF']; ?> " method="POST"> <fieldset> <label for="username">Username:</label> <input type="text" name="username" id="username" size="20" value="<?php
equalTo: "#password" } }, messages: { password: { minlength: "Passwords must be at least 6 characters" }, confirm_password: { minlength: "Passwords must be at least 6 characters", equalTo: "Your passwords do not match." } } }); }); EOD; page_start("User Signup", $inline_javascript); ?> <div id="content"> <h1>Join the Missing Manual (Digital) Social Club</h1> <p>Please enter your online connections below:</p> <form id="signup_form" action="create_user.php" method="POST" enctype="multipart/form-data"> <fieldset> <label for="first_name">First Name:</label> <input type="text" name="first_name" size="20" class="required" /><br /> <label for="last_name">Last Name:</label> <input type="text" name="last_name" size="20" class="required" /><br /> <label for="username">Username:</label> <input type="text" name="username" size="20" class="required" /><br /> <label for="password">Password:</label>
bindtextdomain("messages", "../locales"); textdomain("messages"); bind_textdomain_codeset("messages", "UTF-8"); // ///////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////// // Set action if (isset($_POST["action"])) { $action = $_POST["action"]; } elseif (isset($_GET["action"])) { $action = $_GET["action"]; } else { $action = null; } ///////////////////////////////////////////////////////////////// phamm_print_xhtml(page_start()); $connect = PhammLDAP::phamm_connect(); // Load Plugins values in $pv $plugin = new PhammPlugin(); $pv = $plugin->plugins_load(); if (!$connect) { phamm_print_message('error', _("Connection to LDAP Server Failed!")); phamm_print_message('error', PhammLdap::phamm_error()); echo $page_exit; } // Login section $login = new PhammLogin(); // First login if (!$login->login_check() && isset($_POST["login_username"]) && isset($_POST["login_password"])) { $proposed = $login->login_dn_costructor($_POST["login_username"]); $r_bind = $login->login_try($connect, $proposed, $_POST["login_password"], $_POST["login_username"]);
$last_name = $row['last_name']; $bio = preg_replace("/[\r\n]+/", "</p><p>", $row['bio']); $email = $row['email']; $facebook_url = $row['facebook_url']; $twitter_handle = $row['twitter_handle']; $user_image = get_web_path($row['user_pic_path']); // Turn $twitter_handle into a URL $twitter_url = "http://www.twitter.com/" . substr($twitter_handle, $position + 1); if ($user_image === NULL) { $user_image = "../../images/missing_user.png"; } // To be added later } else { die("Error locating user with ID {$user_id}"); } page_start("User Porfile"); ?> <div id="content"> <div class="user_profile"> <h1><?php echo "{$first_name} {$last_name}"; ?> </h1> <p><img src="<?php echo $user_image; ?> " class="user_pic" /> <?php echo $bio;
function page_toggle() { $state = db_result(db_query("SELECT active_check FROM log ORDER BY id DESC LIMIT 1")); $o = ""; if ($state) { $o = page_stop(); } else { $o = page_start(1); } return $o; }
$result = mysql_query($select_query); if ($result) { $row = mysql_fetch_array($result); $first_name = $row['first_name']; $last_name = $row['last_name']; $bio = preg_replace("/[\r\n]+/", "</p><p>", $row['bio']); $email = $row['email']; $facebook_url = $row['facebook_url']; $twitter_handle = $row['twitter_handle']; $user_image = get_web_path($row['user_pic_path']); // Turn $twitter_handle into a URL $twitter_url = "http://www.twitter.com/" . substr($twitter_handle, $position + 1); } else { handle_error("There was a problem finding your " . "information in our system.", "Error locating user with ID {$user_id}"); } page_start("User Profile"); ?> <div id="content"> <div class="user_profile"> <h1><?php echo "{$first_name} {$last_name}"; ?> </h1> <p><img src="<?php echo $user_image; ?> " class="user_pic" /> <?php echo $bio; ?>