// Programmed by i-nature.com
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as
// published by the Free Software Foundation, either version 3 of the
// License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
// -----------------------------------------------------------------
//
// Page: "checking if user is logged"
session_start();
$query = "select * from admin_access where aa_username='******'ses_username']) . "' and aa_password='******'ses_password']) . "'";
$rs = mysql_query($query) or die(mysql_error());
if ($row = mysql_fetch_array($rs)) {
} else {
?>
<script>parent.location.href="index.php";</script>
<?php
die("Not logged!");
}
?>
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
// -----------------------------------------------------------------
//
// Page: "Login" - user's login
if (!isset($u_username)) {
$u_username = "";
}
if ($u_username != "") {
//deleting all old records from tree history
$query = "delete from tree_history where th_date<DATE_SUB(now(), INTERVAL 1 HOUR);";
mysql_query($query) or die(mysql_error());
$query = "select * from users where u_username='******' and u_password='******'";
$rs = mysql_query($query) or die(mysql_error());
if ($row = mysql_fetch_array($rs)) {
$_SESSION['uid'] = $row['u_id'];
$_SESSION['email'] = $row['u_email'];
$_SESSION['username'] = stripslashes($row['u_username']);
$_SESSION['name'] = stripslashes($row['u_name']);
$_SESSION['rights'] = $row['u_rights'];
if (strstr($_SESSION['http_ref'], "lost_password")) {
header("Location:index.php");
} elseif ($_SESSION['http_ref'] != "") {
header("Location:index.php?" . $_SESSION['http_ref']);
} else {
header("Location:index.php");
}
} else {
//
// Page: "Homepage" - requiring login
include "inc/conn.php";
include "inc/func.php";
include "inc/conn_admin.php";
if ($_POST['username'] != "" && $_POST['password'] != "") {
//if logged - creating session vars
session_cache_limiter('');
ini_set('session.gc_maxlifetime', '121600');
$ses_username = $_POST['username'];
$_SESSION['ses_username'] = $ses_username;
//session_register("ses_username");
$ses_password = $_POST['password'];
$_SESSION['ses_password'] = $ses_password;
//session_register("ses_password");
$query = "select * from admin_access where aa_username='******' and aa_password='******'";
$rs = mysql_query($query) or die(mysql_error());
if ($row = mysql_fetch_array($rs)) {
header("Location:frameset.html");
}
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK HREF="css/styles_admin.css" REL=stylesheet>
</head>
<body bgcolor=#E6E6E6 topmargin=0 leftmargin=0>
<br>
<center>
if ($row = mysql_fetch_array($rs)) {
$tmp = "<br><span class='error'>" . $lng[6][10] . "</span>";
}
$query = "select * from users where u_email='" . escapeChars($u_email) . "'";
$rs = mysql_query($query) or die(mysql_error());
if ($row = mysql_fetch_array($rs)) {
$tmp = "<br><span class='error'>" . $lng[6][18] . "</span>";
}
$query = "select * from users where u_name='" . escapeChars($u_name) . "'";
$rs = mysql_query($query) or die(mysql_error());
if ($row = mysql_fetch_array($rs)) {
$tmp = "<br><span class='error'>" . $lng[6][19] . "</span>";
}
if ($tmp == "") {
//inserting new user
$query = "insert into users (u_username,u_password,u_name,u_email,u_rights) values ('" . escapeChars($u_username) . "','" . pw($u_password) . "','" . escapeChars($u_name) . "','" . escapeChars($u_email) . "','" . escapeChars($u_rights) . "')";
mysql_query($query) or die(mysql_error());
$u_id = mysql_insert_id();
//mailing user
$to = $u_email;
$from = DEFAULT_EMAIL;
$subject = $lng[6][11];
$headers = "Content-type: text/plain; charset=utf-8\r\n";
$headers .= "From: " . $from . "\n\r";
$message = "\n\r" . $lng[6][12] . " " . escapeChars($u_username) . $lng[6][13] . "\n\r";
$message .= "\n\r" . $lng[6][14] . ":\n\r";
$message .= $lng[6][15] . ": " . escapeChars($u_username) . "\n\r";
$message .= $lng[6][16] . ": " . escapeChars($u_password) . "\n\r";
$message .= "\n\r" . $lng[6][17] . ": " . PROJECT_URL . "\n\r";
mail($to, $subject, $message, $headers);
//mailing administrator
for ($i = 1; $i < $cnt; $i++) {
//check for project
$p_id = 0;
$query = "select * from projects where p_name='" . escapeChars($liste[$i][0]) . "'";
$rs = mysql_query($query) or die(mysql_error());
if ($row = mysql_fetch_array($rs)) {
$p_id = $row['p_id'];
}
//check for author
$u_id = "";
$query = "select * from users where u_name='" . escapeChars($liste[$i][1]) . "'";
$rs = mysql_query($query) or die(mysql_error());
if ($row = mysql_fetch_array($rs)) {
$u_id = $row['u_id'];
} else {
$query = "insert into users (u_username,u_password,u_email,u_name,u_rights) values ('" . escapeChars($liste[$i][1]) . "','" . pw('tmp') . "','*****@*****.**','" . escapeChars($liste[$i][1]) . "',0)";
mysql_query($query) or die(mysql_error());
$u_id = mysql_insert_id();
//mailing administrator
$to = DEFAULT_EMAIL;
$from = DEFAULT_EMAIL;
$subject = $lng[6][21];
$headers = "Content-type: text/plain; charset=utf-8\r\n";
$headers .= "From: " . $from . "\n\r";
$message = "\n\r" . $lng[6][5] . ": " . escapeChars($u_name) . "\n\r";
//$message .= $lng[6][6].": ".escapeChars($u_email)."\n\r";
mail($to, $subject, $message, $headers);
}
//check for keywords
$keywords = "";
if ($liste[$i][6] != "") {
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
// -----------------------------------------------------------------
//
// Page: "Lost password" - sending back username and password
if ($u_email != "") {
$query = "select * from users where u_email='" . escapeChars($u_email) . "'";
$rs = mysql_query($query) or die(mysql_error());
if ($row = mysql_fetch_array($rs)) {
//creating new password
$tmp_pass = uniqid(10);
$query = "update users set u_password='******' where u_email='" . escapeChars($u_email) . "'";
mysql_query($query) or die(mysql_error());
//mailing user
$to = $u_email;
$from = DEFAULT_EMAIL;
$subject = $lng[7][6];
$headers = "Content-type: text/plain; charset=utf-8\r\n";
$headers .= "From: " . $from . "\n\r";
$message .= "\n\r" . $lng[7][7] . ":\n\r";
$message .= $lng[7][8] . ": " . escapeChars($row['u_username']) . "\n\r";
$message .= $lng[7][9] . ": " . $tmp_pass . "\n\r";
$message .= "\n\r" . $lng[7][10] . ": " . PROJECT_URL . "\n\r";
mail($to, $subject, $message, $headers);
$tmp = "<br><span class='error'>" . $lng[7][4] . "</span>";
header("Location:index.php?inc=login&lp=yes");
} else {
// -----------------------------------------------------------------
//
// Page: "Modify/Insert single User " - modifiyng/inserting the data for a single user
include "inc/conn.php";
include "inc/func.php";
include "inc/conn_admin.php";
if ($_POST['action'] == "insert" && $aa_id == "") {
//inserting new user
$query = "insert into admin_access (aa_username,aa_password) values ('" . escapeChars($_POST['aa_username']) . "','" . pw($_POST['aa_password']) . "')";
mysql_query($query) or die($query . "<br/>" . mysql_error());
$aa_id = mysql_insert_id();
}
if ($_POST['action'] == "update" && $_POST['aa_id'] != "") {
//updating user
if ($aa_password != "") {
$query = "update admin_access set aa_username='******'aa_username']) . "',aa_password='******'aa_password']) . "' where aa_id=" . $_POST['aa_id'];
} else {
$query = "update admin_access set aa_username='******'aa_username']) . "' where aa_id=" . $_POST['aa_id'];
}
mysql_query($query) or die($query . "<br>" . mysql_error());
if ($_SESSION['ses_username'] == $us_tmp) {
$_SESSION['ses_username'] = $_POST['aa_username'];
$_SESSION['ses_password'] = $_POST['aa_password'];
}
}
if ($aa_id != "") {
//getting data for the selected user from previous page
$query = "select * from admin_access where aa_id=" . $aa_id;
$rs = mysql_query($query) or die(mysql_error());
if ($row = mysql_fetch_array($rs)) {
$aa_id = htmlspecialchars($row['aa_id']);
$query = "select * from users where u_email='" . escapeChars($u_email) . "' and u_id<>" . $_SESSION['uid'];
$rs = mysql_query($query) or die(mysql_error());
if ($row = mysql_fetch_array($rs)) {
$tmp = "<br><span class='error'>" . $lng[6][18] . "</span>";
}
$query = "select * from users where u_name='" . escapeChars($u_name) . "' and u_id<>" . $_SESSION['uid'];
$rs = mysql_query($query) or die(mysql_error());
if ($row = mysql_fetch_array($rs)) {
$tmp = "<br><span class='error'>" . $lng[6][19] . "</span>";
}
//updating user
if ($tmp == "") {
if ($u_password == "") {
$query = "update users set u_username='******',u_name='" . escapeChars($u_name) . "',u_email='" . escapeChars($u_email) . "' where u_id=" . $_SESSION['uid'];
} else {
$query = "update users set u_username='******',u_password='******',u_name='" . escapeChars($u_name) . "',u_email='" . escapeChars($u_email) . "' where u_id=" . $_SESSION['uid'];
}
mysql_query($query) or die(mysql_error());
//changing session vars
$_SESSION['email'] = $u_email;
$_SESSION['username'] = $u_username;
$_SESSION['name'] = $u_name;
$tmp = "<br><span class='error'>" . $lng[8][2] . "</span>";
}
}
$query = "select * from users where u_id='" . $_SESSION['uid'] . "'";
$rs = mysql_query($query) or die(mysql_error());
if ($row = mysql_fetch_array($rs)) {
$u_username = htmlspecialchars($row['u_username']);
$u_password = htmlspecialchars($row['u_password']);
$u_name = htmlspecialchars($row['u_name']);