public function processForm()
{
$user = new pdUser();
$values = $this->form->exportValues();
if (!get_magic_quotes_gpc()) {
$values['username'] = addslashes($values['username']);
}
$user->dbLoad($this->db, $values['username']);
if (isset($values['submit_username'])) {
// check passwords match
$values['password'] = md5(stripslashes($this->password_hash . $values['password']));
if ($values['password'] != $user->password) {
echo 'Incorrect password, please try again.';
$this->pageError = true;
return;
}
// if we get here username and password are correct,
//register session variables and set last login time.
$values['username'] = stripslashes($values['username']);
$_SESSION['user'] = $user;
// reset search results
searchSessionInit();
$this->access_level = $_SESSION['user']->access_level;
if ($this->access_level == 0) {
echo 'Your login request has not been processed yet.';
return;
}
if (isset($values['redirect'])) {
$this->redirectUrl = $values['redirect'];
$this->redirectTimeout = 0;
} else {
echo '<h2>Logged in</h1>', 'You have succesfully logged in as ', $_SESSION['user']->login, '<p/>Return to <a href="index.php">main page</a>.', '</div>';
}
} else {
if (isset($values['newaccount'])) {
// check if username exists in database.
if (isset($user->login)) {
echo 'Sorry, the username <strong>', $values['username'], '</strong> is already taken, please pick another one.';
$this->pageError = true;
return;
}
// check passwords match
if ($values['password'] != $values['password_again']) {
echo 'Passwords did not match.';
$this->pageError = true;
return;
}
// no HTML tags in username, website, location, password
$values['username'] = strip_tags($values['username']);
$values['password'] = strip_tags($this->password_hash . $values['password']);
// now we can add them to the database. encrypt password
$values['password'] = md5($values['password']);
if (!get_magic_quotes_gpc()) {
$values['password'] = addslashes($values['password']);
$values['email'] = addslashes($values['email']);
}
$this->db->insert('user', array('login' => $values['username'], 'password' => $values['password'], 'email' => $values['email'], 'name' => $values['realname']), 'login.php');
$this->access_level = 0;
// only send email if running the real papersdb
if (strpos($_SERVER['PHP_SELF'], '~papersdb')) {
mail(PAPERSDB_EMAIL, 'PapersDB: Login Request', 'The following user has requested editor access ' . 'level for PapersDB.' . "\n\n" . 'name: ' . $values['realname'] . "\n" . 'login: '******'username'] . "\n" . 'email: ' . $values['email']);
}
echo '<h2>Login Request Submitted</h1>', 'A request to create your login <b>', $values['username'], '</b> has been submitted. A confirmation email will be sent to <code>', $values['email'], '</code> when your account is ready. ', '<p/>Return to <a href="index.php">main page</a>.';
} else {
echo 'Could not process form<br/><pre>', print_r($values, true), '</pre>';
}
}
}
/**
* Assigns $this->access_level according to whether the user is logged
* in or not.
*/
private function check_login()
{
$this->access_level = pdUser::check_login($this->db);
}
/**
* Returns the HTML text to display the icons to link to the PDF, view,
* edit, or delete the publication entry.
*
* @param object $pub pdPublication object to display the icons for.
* @param integer $flags the icons to display. 0x1 for the PDF/PS file,
* 0x2 for the view icon, 0x4 for the edit icon, 0x8 for the delete icon.
* @param string $url_prefix the prefix to use for URLs.
* @return HTML text.
*/
function getPubIcons(&$db, &$pub, $flags = 0xf, $url_prefix = NULL)
{
$html = '';
$access_level = pdUser::check_login($db);
if (!isset($url_prefix)) {
// get url_prefix from script's name
$url_prefix = '';
if (strstr(relativeUrlGet(), '/')) {
$url_prefix = '../';
}
}
if ($flags & 0x1 && strtolower($pub->paper) != 'no paper') {
$html .= '<a href="' . $pub->paperAttGetUrl() . '">';
if (preg_match("/\\.(pdf|PDF)\$/", $pub->paper)) {
$html .= '<img src="' . $url_prefix . 'images/pdf.gif" alt="PDF" ' . 'height="18" width="17" border="0" align="top" />';
} else {
if (preg_match("/\\.(ppt|PPT)\$/", $pub->paper)) {
$html .= '<img src="' . $url_prefix . 'images/ppt.gif" alt="PPT" height="18" ' . 'width="17" border="0" align="top" />';
} else {
if (preg_match("/\\.(ps|PS)\$/", $pub->paper)) {
$html .= '<img src="' . $url_prefix . 'images/ps.gif" alt="PS" height="18" ' . 'width="17" border="0" align="top" />';
}
}
}
$html .= '</a>';
}
if ($flags & 0x2) {
$html .= '<a href="' . $url_prefix . 'view_publication.php?pub_id=' . $pub->pub_id . '">' . '<img src="' . $url_prefix . 'images/viewmag.gif" title="view" alt="view" ' . ' height="16" width="16" border="0" align="top" /></a>';
}
if ($flags & 0x4 && $access_level > 0) {
$html .= '<a href="' . $url_prefix . 'Admin/add_pub1.php?pub_id=' . $pub->pub_id . '">' . '<img src="' . $url_prefix . 'images/pencil.gif" title="edit" alt="edit" ' . ' height="16" width="16" border="0" align="top" />' . '</a>';
}
if ($flags & 0x8 && $access_level > 0) {
$html .= '<a href="' . $url_prefix . 'Admin/delete_publication.php?pub_id=' . $pub->pub_id . '">' . '<img src="' . $url_prefix . 'images/kill.gif" title="delete" alt="delete" ' . 'height="16" width="16" border="0" align="top" /></a>';
}
return $html;
}