// Before Process event
if($globalEvents->exists("BeforeProcessRemind"))
$globalEvents->BeforeProcessRemind($conn, $pageObject);
$strUsernameEmail = postvalue("username_email");
if(!$isUseCaptcha || ($isUseCaptcha && $pageObject->isCaptchaOk==1))
{
$tosearch=false;
$value=$strUsernameEmail;
if((string)$value!="")
$tosearch=true;
if($cipherer->isFieldEncrypted($cUserNameField))
$value = $cipherer->MakeDBValue($cUserNameField,$value,"","",true);
else
{
if(NeedQuotes($cUserNameFieldType))
$value=db_prepare_string($value);
else
$value=(0+$value);
}
$sWhere="(".GetFullFieldName($cUserNameField,"webreport_users",false)."=".$value;
$value=$strUsernameEmail;
if($cipherer->isFieldEncrypted($cEmailField))
$value = $cipherer->MakeDBValue($cEmailField,$value,"","",true);
else
{
$params["needSearchClauseObj"] = false;
$xt->assign("closewindow_attrs", 'style="display:none" id="closeWindowRegister"');
$xt->eventsObject =& $globalEvents;
$pageObject = new RegisterPage($params);
$pageObject->init();
$isUseCaptcha = $globalEvents->existsCAPTCHA(PAGE_REGISTER);
// Before Process event
if ($globalEvents->exists("BeforeProcessRegister")) {
$globalEvents->BeforeProcessRegister($pageObject);
}
//Send activation link to user's email
$includes = GetBaseScriptsForPage(false);
if (@$_GET["a"] == "activate") {
$username = base64_decode(@$_GET["u"]);
$code = @$_GET["code"];
if ($regCipherer->isFieldEncrypted("username")) {
$strUsername = $regCipherer->MakeDBValue("username", $username, "", true);
} else {
$strUsername = make_db_value("username", $username);
}
$sql = "select " . $pageObject->getFieldSQLDecrypt("password") . " from " . $pageObject->connection->addTableWrappers("ConsolidatedStockEnquiry_users") . " where " . $pageObject->getFieldSQLDecrypt("username") . "=" . $strUsername;
$qResult = $pageObject->connection->query($sql);
$verified = false;
if (!$qResult) {
echo "Invalid validation code.";
return;
}
$data = $qResult->fetchNumeric();
if (!$data) {
echo "Invalid validation code.";
return;
$returnJSON = array("success" => false, "error" => "Error: You have not permissions to read the " . $tableName . " table's data");
echo printJSON($returnJSON);
return;
}
// set db connection
$_connection = $cman->byTable($strTableName);
$pSet = new ProjectSettings($strTableName, $pageType);
$denyChecking = $pSet->allowDuplicateValues($fieldName);
$denyChecking = $denyChecking && ($strTableName != "DashboardUsers" || $fieldName != $cUserNameField && $fieldName != $cEmailField);
if ($denyChecking) {
$returnJSON = array("success" => false, "error" => "Duplicated values are allowed");
echo printJSON($returnJSON);
return;
}
$cipherer = new RunnerCipherer($strTableName, $pSet);
if ($cipherer->isFieldEncrypted($fieldName)) {
$value = $cipherer->MakeDBValue($fieldName, $value, $fieldControlType, true);
} else {
$value = make_db_value($fieldName, $value, $fieldControlType, "", $strTableName);
}
if ($value == "null") {
$fieldSQL = RunnerPage::_getFieldSQL($fieldName, $_connection, $pSet);
} else {
$fieldSQL = RunnerPage::_getFieldSQLDecrypt($fieldName, $_connection, $pSet, $cipherer);
}
$where = $fieldSQL . ($value == "null" ? ' is ' : '=') . $value;
$sql = "SELECT count(*) from " . $_connection->addTableWrappers($pSet->getOriginalTableName()) . " where " . $where;
$qResult = $_connection->query($sql);
if (!$qResult || !($data = $qResult->fetchNumeric())) {
$returnJSON = array("success" => false, "error" => "Error: Wrong SQL query");
echo printJSON($returnJSON);
function GetFullFieldName($field, $table = "", $addAs = true)
{
if ($table == "") {
global $strTableName;
$table = $strTableName;
}
$pSet = new ProjectSettings($table);
$fname = $pSet->getFullNameField($field);
if ($pSet->hasEncryptedFields() && !isEncryptionByPHPEnabled()) {
$cipherer = new RunnerCipherer($table);
return $cipherer->GetFieldName($fname, $field) . ($cipherer->isFieldEncrypted($field) && $addAs ? " as " . AddFieldWrappers($field) : "");
}
return $fname;
}
/**
* DEPRECATED! Use RunnerPage::_getFieldSQLDecrypt instead
* Return the full database field original name
*
* @param string $field
* @param string $table The datasource table name
* @param boolean $addAs OPTIONAL
*
* @return String
* @intellisense
* @deprecated
*/
function GetFullFieldName($field, $table = "", $addAs = true, $connection = null)
{
global $strTableName, $cman;
if ($table == "") {
$table = $strTableName;
}
if (!$connection) {
$connection = $cman->byTable($table);
}
$pSet = new ProjectSettings($table);
$fname = RunnerPage::_getFieldSQL($field, $connection, $pSet);
if ($pSet->hasEncryptedFields() && !isEncryptionByPHPEnabled()) {
$cipherer = new RunnerCipherer($table);
return $cipherer->GetFieldName($fname, $field) . ($cipherer->isFieldEncrypted($field) && $addAs ? " as " . $connection->addFieldWrappers($field) : "");
}
return $fname;
}
/**
* Login method
*
*/
function LogIn($pUsername,$pPassword){
// username and password are stored in the database
global $conn, $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cPasswordField, $cDisplayNameField;
$logged = false;
$strUsername = (string)$pUsername;
$strPassword = (string)$pPassword;
$cipherer = new RunnerCipherer("webreport_users");
$sUsername = $strUsername;
$sPassword = $strPassword;
if($cipherer->isFieldEncrypted($cUserNameField))
$strUsername = $cipherer->MakeDBValue($cUserNameField,$strUsername,"","",true);
else
{
if(NeedQuotes($cUserNameFieldType))
$strUsername = db_prepare_string($strUsername);
else
$strUsername = (0+$strUsername);
}
if($cipherer->isFieldEncrypted($cPasswordField))
$strPassword = $cipherer->MakeDBValue($cPasswordField,$strPassword,"","",true);
else
{
if(NeedQuotes($cPasswordFieldType))
$strPassword = db_prepare_string($strPassword);
else
$strPassword = (0+$strPassword);
}
$fieldList = "";
$lSet = new ProjectSettings("webreport_users", PAGE_LIST);
if($lSet->GetTableData(".sqlquery"))
$fieldList = $lSet->GetTableData(".sqlquery")->toSql();
if($fieldList)
{
if(!$this->pSet->isCaseInsensitiveUsername()) {
$where = AddTableWrappers(GetFullFieldName($cUserNameField,"webreport_users",false)).
"=".$strUsername." and ".AddTableWrappers(GetFullFieldName($cPasswordField,"webreport_users",false))."=".$strPassword;
} else {
$where = db_upper(getFullFieldName($cUserNameField,"webreport_users",false)).
"=".$this->pSet->getCaseSensitiveUsername($strUsername)." and ".GetFullFieldName($cPasswordField,"webreport_users",false).
"=".$strPassword;
}
$tempSQLQuery = $lSet->GetTableData(".sqlquery");
$tempSQLQuery->addWhere($where);
$strSQL = $tempSQLQuery->toSql();
}
else
{
$strSQL = "select * from ".AddTableWrappers("webreport_users")." where ".AddFieldWrappers($cUserNameField)."=".$strUsername." and ".AddFieldWrappers($cPasswordField)."=".$strPassword;
}
$rs = db_query($strSQL,$conn);
$data = $cipherer->DecryptFetchedArray($rs);
if($data){
if($this->pSet->getCaseSensitiveUsername(@$data[$cUserNameField])==$this->pSet->getCaseSensitiveUsername($sUsername) && @$data[$cPasswordField]==$sPassword){
$logged=true;
$pDisplayUsername = $data[$cDisplayNameField]!='' ? $data[$cDisplayNameField] : $sUsername;
}
}
if($logged && $this->isCaptchaOk)
{
DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword);
SetAuthSessionData($pUsername, $data, $this->fromFacebook, $pPassword);
return true;
}
else {
if($this->auditObj)
{
$this->auditObj->LogLoginFailed($pUsername);
$this->auditObj->LoginUnsuccessful($pUsername);
}
return false;
}
}
