function login($username, $password, $skippass = false)
{
global $_SESSION;
//need id, fullname, email departmentid, ishelpdesk, homepage, update_days, updated_on, first
if ($skippass) {
$where = '';
error_debug('<b>login</b> running without password', __FILE__, __LINE__);
} else {
$where = ' AND ' . db_pwdcompare($password, 'u.password') . ' = 1';
error_debug('<b>login</b> running with password', __FILE__, __LINE__);
}
if ($user = db_grab('SELECT
u.id,
ISNULL(u.nickname, u.firstname) firstname,
u.lastname,
u.email,
' . db_pwdcompare('', 'u.password') . ' password,
u.departmentID,
d.isHelpdesk,
u.help,
u.is_admin,
u.updated_date,
u.language_id,
l.code language,
' . db_datediff('u.updated_date', 'GETDATE()') . ' update_days
FROM users u
LEFT JOIN languages l ON u.language_id = l.id
LEFT JOIN departments d ON u.departmentID = d.departmentID
WHERE u.email = \'' . $username . '\' AND u.is_active = 1' . $where)) {
//login was good
db_query('UPDATE users SET lastlogin = GETDATE() WHERE id = ' . $user['id']);
$_SESSION['user_id'] = $user['id'];
$_SESSION['is_admin'] = $user['is_admin'];
$_SESSION['email'] = $user['email'];
$_SESSION['homepage'] = '/bb/';
$_SESSION['departmentID'] = $user['departmentID'];
$_SESSION['isHelpdesk'] = $user['isHelpdesk'];
$_SESSION['update_days'] = $user['update_days'];
$_SESSION['updated_date'] = $user['updated_date'];
$_SESSION['password'] = $user['password'];
$_SESSION['language_id'] = $user['language_id'];
$_SESSION['language'] = $user['language'];
$_SESSION['full_name'] = $user['firstname'] . ' ' . $user['lastname'];
$_SESSION['isLoggedIn'] = true;
cookie('last_login', $user['email']);
cookie('last_email', $user['email']);
return true;
}
$_SESSION['user_id'] = false;
return false;
}
function login($username, $password, $skippass = false)
{
global $user;
if ($skippass) {
error_debug("<b>login</b> running without password");
$user = db_grab("SELECT u.userID, p.url FROM intranet_users u JOIN pages p ON u.homePageID = p.id WHERE u.email = '{$username}'");
} else {
error_debug("<b>login</b> running with password");
$user = db_grab("SELECT u.userID, p.url FROM intranet_users u JOIN pages p ON u.homePageID = p.id WHERE u.email = '{$username}' AND " . db_pwdcompare($password, "u.password") . " = 1");
}
if ($user["userID"]) {
db_query("UPDATE intranet_users SET lastlogin = GETDATE() WHERE userID = " . $user["userID"]);
return true;
}
return false;
}
emailPassword($_GET['id']);
}
url_query_drop("action");
} elseif (url_action("invite")) {
emailInvite($_GET['id']);
url_query_drop("action");
}
url_query_require();
echo drawTop();
$r = db_grab('SELECT
u.firstname,
u.lastname,
u.nickname,
u.bio' . langExt() . ' bio,
u.email,
' . db_pwdcompare("", "u.password") . ' password,
u.phone,
u.lastlogin,
u.title' . langExt() . ' title,
f.name office,
u.officeID,
d.departmentName,
u.organization_id,
o.title' . langExt() . ' organization,
u.homeAddress1,
u.homeAddress2,
u.homeCity,
s.stateAbbrev,
u.homeZIP,
c.title' . langExt() . ' channel,
u.homePhone,
db_query("UPDATE intranet_users SET isActive = 1, deletedBy = NULL, deletedOn = NULL, endDate = NULL, updatedBy = {$user["id"]}, updatedOn = GETDATE() WHERE userID = " . $_GET["id"]);
url_query_drop("action");
} elseif (url_action("passwd")) {
db_query("UPDATE intranet_users SET password = PWDENCRYPT('') WHERE userID = " . $_GET["id"]);
$r = db_grab("SELECT userID, email FROM intranet_users WHERE userID = " . $_GET["id"]);
email_user($r["email"], "Intranet Password Reset", drawEmptyResult($user["first"] . ' has just reset your password on the Intranet. To pick a new password, please <a href="http://' . $_josh["request"]["host"] . '/login/password_reset.php?id=' . $r["userID"] . '">follow this link</a>.'));
url_query_drop("action");
} elseif (url_action("invite")) {
$r = db_grab("SELECT nickname, email, firstname FROM intranet_users WHERE userID = " . $_GET["id"]);
$name = !$r["nickname"] ? $r["firstname"] : $r["nickname"];
email_invite($_GET["id"], $r["email"], $name);
url_query_drop("action");
}
url_query_require();
drawTop();
$r = db_grab("SELECT \n\t\tu.firstname,\n\t\tu.lastname,\n\t\tu.nickname, \n\t\tu.bio, \n\t\tu.email,\n\t\t" . db_pwdcompare("", "u.password") . " password,\n\t\tu.phone, \n\t\tu.lastlogin, \n\t\tu.title,\n\t\tf.name office, \n\t\td.departmentName,\n\t\tu.corporationID,\n\t\tc.description corporationName,\n\t\tu.homeAddress1,\n\t\tu.homeAddress2,\n\t\tu.homeCity,\n\t\ts.stateAbbrev,\n\t\tu.homeZIP,\n\t\tu.homePhone,\n\t\tu.homeCell,\n\t\tu.homeEmail,\n\t\tu.emerCont1Name,\n\t\tu.emerCont1Relationship,\n\t\tu.emerCont1Phone,\n\t\tu.emerCont1Cell,\n\t\tu.emerCont1Email,\n\t\tu.emerCont2Name,\n\t\tu.emerCont2Relationship,\n\t\tu.emerCont2Phone,\n\t\tu.emerCont2Cell,\n\t\tu.emerCont2Email,\n\t\tu.startDate,\n\t\tu.longDistanceCode,\n\t\tu.endDate,\n\t\tu.isActive,\n\t\tr.description rank\n\tFROM intranet_users u\n\tJOIN intranet_ranks r ON u.rankID = r.id\n\tLEFT JOIN organizations\t\t\tc ON u.corporationID = c.id\n\tLEFT JOIN intranet_departments\t\td ON d.departmentID\t= u.departmentID \t\t\t\t\n\tLEFT JOIN intranet_offices \t\tf ON f.id\t\t\t= u.officeID \t\t\t\t\n\tLEFT JOIN intranet_us_states\t\ts ON u.homeStateID\t= s.stateID\n\tWHERE u.userID = " . $_GET["id"]);
$r["corporationName"] = empty($r["corporationName"]) ? '<a href="organizations.php?id=0">Shared</a>' : '<a href="organizations.php?id=' . $r["corporationID"] . '">' . $r["corporationName"] . '</a>';
if (!isset($r["isActive"])) {
url_change("./");
}
echo drawJumpToStaff($_GET["id"]);
if (!$r["isActive"]) {
$msg = "This is a former staff member. ";
if ($r["endDate"]) {
$msg .= $r["nickname"] ? $r["nickname"] : $r["firstname"];
$msg .= "'s last day was " . format_date($r["endDate"]) . ".";
}
echo drawServerMessage($msg, "center");
}
?>
<table class="left" cellspacing="1">
