function process_login_form() { $email = strtolower($_POST['email']); $passhash = hash_pass($email, $_POST['pass']); // Check to see if the user/ip is temporarily banned: // An IP is banned when 10 unsuccessful attempts are made to log in from a single IP/email within 10 minutes, // regardless of whether any successful attempts were made. $attempts = DBExt::queryCount('login_attempts', array('successful=0', '(remote_ip=%s OR email=%s)', DBExt::timeInInterval('request_time', '-10m', '')), $_SERVER['REMOTE_ADDR'], $email); if ($attempts > 10) { log_attempt($email, false); alert('You have been temporarily locked out. Please wait 10 minutes before attempting to sign in again.', -1); show_login_form(''); return; } // Check for super-user login: // (the account LHSMATH and password set in CONFIG if ($email == 'lhsmath') { global $LHSMATH_PASSWORD; if ($passhash == $LHSMATH_PASSWORD) { // $LHSMATH_PASSWORD is pre-hashed log_attempt('LHSMATH', true); session_destroy(); session_name('Session'); session_start(); session_regenerate_id(true); $_SESSION['user_name'] = 'LHSMATH Super-Admin'; $_SESSION['permissions'] = '+'; $_SESSION['login_time'] = time(); $_SESSION['user_id'] = '-999'; header('Location: ' . URL::root() . '/Admin/Super_Admin'); die; } } // Validate credentials $id = DB::queryFirstField('SELECT id FROM users WHERE LOWER(email)=%s AND passhash=%s LIMIT 1', $email, $passhash); if (is_null($id)) { log_attempt($email, false); show_login_form($email); alert('Incorrect email address or password', -1); return; } // ** CREDENTIALS ARE VALIDATED AT THIS POINT ** // log_attempt($email, true); set_login_data($id); alert('Logged in!', 1); //If this page was being included, redirect back. global $being_included; if ($being_included) { header('Location: ' . $_SERVER['REQUEST_URI']); } else { header('Location: ../Home'); } }
<?php /* * Admin/Event_Reminder.php * LHS Math Club Website * * A page to be run as a cron job which reminds captains of any events coming up. */ //Currently run every Sunday by https://members.nearlyfreespeech.net/lhsmath/sites/lhsmath/cron //Next steps: Add a field "remind_when" that indicates a time to remind at. Can specify multiple comma-separated, I suppose. //auto_remind will then hold the number of notifications that have so far been sent through this. require_once '../.lib/functions.php'; cancel_templateify(); $current_events = DB::query('SELECT * FROM events WHERE auto_remind = 0 AND %l', DBExt::timeInInterval('date', '', '+17d')); $count = count($current_events); if ($count == 0) { die; } $email_bb = ''; foreach ($current_events as $event) { $description = $event["description"]; if (empty(trim($description))) { $description = "[no description]"; } $email_bb .= "[subheading][i]{$event["title"]}[/i] on {$event["date"]}[/subheading]{$description}\n\n"; } $email_bb = <<<HEREDOC Hi captains! This is a reminder that [b]{$count}[/b] events are coming up within a couple of weeks: {$email_bb}
$num_members = DBExt::queryCount('users', 'approved="1"'); $num_captains = DBExt::queryCount('users', 'permissions="C"'); $num_other_admins = DBExt::queryCount('users', 'permissions="A"'); $num_alumni = DBExt::queryCount('users', 'permissions="L"'); $num_pending_approval = DBExt::queryCount('users', 'approved="0"'); //aka permissions == 'E' or 'P' $num_banned = DBExt::queryCount('users', 'approved="-1"'); //aka permissions == 'B' //Tests $num_tests = DBExt::queryCount('tests', 'archived="0"'); $num_old_tests = DBExt::queryCount('tests', 'archived="1"'); //Calendar //Anything from 3 days ago to 7 days ahead is considered "current". $num_past_events = DBExt::queryCount('events', DBExt::timeInInterval('date', '', '-3d')); $num_future_events = DBExt::queryCount('events', DBExt::timeInInterval('date', '+7d', '')); $num_current_events = DBExt::queryCount('events', DBExt::timeInInterval('date', '-3d', '+7d')); //Files $num_member_files = DBExt::queryCount('files', 'permissions="M"'); $num_public_files = DBExt::queryCount('files', 'permissions="P"'); $num_admin_files = DBExt::queryCount('files', 'permissions="A"'); $errors_file_size = 'File does not exist.'; if (file_exists(PATH::errfile())) { $errors_file_size = filesize(PATH::errfile()); } //Version checking //--MeekroDB $included_files = get_included_files(); foreach ($included_files as $f) { if (strpos($f, 'meekro')) { $meekro_file = $f; break;
$use_rel_external_script = true; page_header('Home'); echo <<<HEREDOC <h1>Home</h1>{$welcome_msg}{$new_address_msg} HEREDOC; } ?> <h2>Welcome</h2> Welcome to the website of the Lexington High School Math Club in Lexington, MA!<br> <br> <h2>Events</h2> <div> <?php $current_events = DB::query('SELECT * FROM events WHERE %l', DBExt::timeInInterval('date', '+0d', '+20d')); $count = count($current_events); if ($count > 0) { foreach ($current_events as $event) { $date = date("F j", strtotime($event["date"])); echo "<a href='View_Event?ID={$event["event_id"]}'><b>{$event["title"]}</b> on {$date}</a><br>"; } } else { echo "[no events]"; } ?> </div> <h2>LMT</h2> The Lexington Math Tournament website is at <a href="/LMT">http://www.lhsmath.org/LMT</a>.