function ExportEmail($EmailContent) { global $gTmpImages, $Language; $sSender = @$_GET["sender"]; $sRecipient = @$_GET["recipient"]; $sCc = @$_GET["cc"]; $sBcc = @$_GET["bcc"]; $sContentType = @$_GET["contenttype"]; // Subject $sSubject = ew_StripSlashes(@$_GET["subject"]); $sEmailSubject = $sSubject; // Message $sContent = ew_StripSlashes(@$_GET["message"]); $sEmailMessage = $sContent; // Check sender if ($sSender == "") { return "<p class=\"text-error\">" . $Language->Phrase("EnterSenderEmail") . "</p>"; } if (!ew_CheckEmail($sSender)) { return "<p class=\"text-error\">" . $Language->Phrase("EnterProperSenderEmail") . "</p>"; } // Check recipient if (!ew_CheckEmailList($sRecipient, EW_MAX_EMAIL_RECIPIENT)) { return "<p class=\"text-error\">" . $Language->Phrase("EnterProperRecipientEmail") . "</p>"; } // Check cc if (!ew_CheckEmailList($sCc, EW_MAX_EMAIL_RECIPIENT)) { return "<p class=\"text-error\">" . $Language->Phrase("EnterProperCcEmail") . "</p>"; } // Check bcc if (!ew_CheckEmailList($sBcc, EW_MAX_EMAIL_RECIPIENT)) { return "<p class=\"text-error\">" . $Language->Phrase("EnterProperBccEmail") . "</p>"; } // Check email sent count if (!isset($_SESSION[EW_EXPORT_EMAIL_COUNTER])) { $_SESSION[EW_EXPORT_EMAIL_COUNTER] = 0; } if (intval($_SESSION[EW_EXPORT_EMAIL_COUNTER]) > EW_MAX_EMAIL_SENT_COUNT) { return "<p class=\"text-error\">" . $Language->Phrase("ExceedMaxEmailExport") . "</p>"; } // Send email $Email = new cEmail(); $Email->Sender = $sSender; // Sender $Email->Recipient = $sRecipient; // Recipient $Email->Cc = $sCc; // Cc $Email->Bcc = $sBcc; // Bcc $Email->Subject = $sEmailSubject; // Subject $Email->Format = $sContentType == "url" ? "text" : "html"; $Email->Charset = EW_EMAIL_CHARSET; if ($sEmailMessage != "") { $sEmailMessage = ew_RemoveXSS($sEmailMessage); $sEmailMessage .= $sContentType == "url" ? "\r\n\r\n" : "<br><br>"; } if ($sContentType == "url") { $sUrl = ew_ConvertFullUrl(ew_CurrentPage() . "?" . $this->ExportQueryString()); $sEmailMessage .= $sUrl; // Send URL only } else { foreach ($gTmpImages as $tmpimage) { $Email->AddEmbeddedImage($tmpimage); } $sEmailMessage .= $EmailContent; // Send HTML } $Email->Content = $sEmailMessage; // Content $EventArgs = array(); $bEmailSent = FALSE; if ($this->Email_Sending($Email, $EventArgs)) { $bEmailSent = $Email->Send(); } // Check email sent status if ($bEmailSent) { // Update email sent count $_SESSION[EW_EXPORT_EMAIL_COUNTER]++; // Sent email success return "<p class=\"text-success\">" . $Language->Phrase("SendEmailSuccess") . "</p>"; // Set up success message } else { // Sent email failure return "<p class=\"text-error\">" . $Email->SendErrDescription . "</p>"; } }
function ew_QuotedValue($Value, $FldType) { if (is_null($Value)) { return "NULL"; } switch ($FldType) { case EW_DATATYPE_STRING: case EW_DATATYPE_MEMO: case EW_DATATYPE_TIME: if (EW_REMOVE_XSS) { return "'" . ew_AdjustSql(ew_RemoveXSS($Value)) . "'"; } else { return "'" . ew_AdjustSql($Value) . "'"; } case EW_DATATYPE_XML: return "'" . ew_AdjustSql($Value) . "'"; case EW_DATATYPE_BLOB: return "'" . ew_AdjustSql($Value) . "'"; case EW_DATATYPE_DATE: return "'" . ew_AdjustSql($Value) . "'"; case EW_DATATYPE_GUID: return "'" . $Value . "'"; case EW_DATATYPE_BOOLEAN: return "'" . $Value . "'"; // 'Y'|'N' or 'y'|'n' or '1'|'0' or 't'|'f' // 'Y'|'N' or 'y'|'n' or '1'|'0' or 't'|'f' default: return $Value; } }
function AutoLogin() { $AutoLogin = FALSE; if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") { $usr = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']); $pwd = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Password']); $AutoLogin = $this->ValidateUser($usr, $pwd, TRUE, FALSE); } if (!$AutoLogin && EW_ALLOW_LOGIN_BY_URL && isset($_GET["username"])) { $usr = ew_RemoveXSS(ew_StripSlashes($_GET["username"])); $pwd = ew_RemoveXSS(ew_StripSlashes(@$_GET["password"])); $enc = !empty($_GET["encrypted"]); $AutoLogin = $this->ValidateUser($usr, $pwd, TRUE, $enc); } if (!$AutoLogin && EW_ALLOW_LOGIN_BY_SESSION && isset($_SESSION[EW_PROJECT_NAME . "_Username"])) { $usr = $_SESSION[EW_PROJECT_NAME . "_Username"]; $pwd = @$_SESSION[EW_PROJECT_NAME . "_Password"]; $enc = !empty($_SESSION[EW_PROJECT_NAME . "_Encrypted"]); $AutoLogin = $this->ValidateUser($usr, $pwd, TRUE, $enc); } return $AutoLogin; }
function Page_Main() { global $Security, $Language, $UserProfile, $gsFormError; global $Breadcrumb; $url = substr(ew_CurrentUrl(), strrpos(ew_CurrentUrl(), "/") + 1); $Breadcrumb = new cBreadcrumb(); $Breadcrumb->Add("login", "LoginPage", $url, "", "", TRUE); $sPassword = ""; $sLastUrl = $Security->LastUrl(); // Get last URL if ($sLastUrl == "") { $sLastUrl = "index.php"; } // If session expired, show session expired message if (@$_GET["expired"] == "1") { $this->setFailureMessage($Language->Phrase("SessionExpired")); } if (IsLoggingIn()) { $this->Username = @$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME]; $sPassword = @$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD]; $this->LoginType = @$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE]; $bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE); if ($bValidPwd) { $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = ""; $_SESSION[EW_SESSION_USER_PROFILE_PASSWORD] = ""; $_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = ""; } } else { if (!$Security->IsLoggedIn()) { $Security->AutoLogin(); } $Security->LoadUserLevel(); // Load user level $this->Username = ""; // Initialize $encrypted = FALSE; if (isset($_POST["username"])) { $this->Username = ew_RemoveXSS(ew_StripSlashes($_POST["username"])); $sPassword = ew_RemoveXSS(ew_StripSlashes(@$_POST["password"])); $this->LoginType = strtolower(ew_RemoveXSS(@$_POST["type"])); } else { if (EW_ALLOW_LOGIN_BY_URL && isset($_GET["username"])) { $this->Username = ew_RemoveXSS(ew_StripSlashes($_GET["username"])); $sPassword = ew_RemoveXSS(ew_StripSlashes(@$_GET["password"])); $this->LoginType = strtolower(ew_RemoveXSS(@$_GET["type"])); $encrypted = !empty($_GET["encrypted"]); } } if ($this->Username != "") { $bValidate = $this->ValidateForm($this->Username, $sPassword); if (!$bValidate) { $this->setFailureMessage($gsFormError); } $_SESSION[EW_SESSION_USER_LOGIN_TYPE] = $this->LoginType; // Save user login type $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = $this->Username; // Save login user name $_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = $this->LoginType; // Save login type // Max login attempt checking if ($UserProfile->ExceedLoginRetry($this->Username)) { $bValidate = FALSE; $this->setFailureMessage(str_replace("%t", EW_USER_PROFILE_RETRY_LOCKOUT, $Language->Phrase("ExceedMaxRetry"))); } } else { if ($Security->IsLoggedIn()) { if ($this->getFailureMessage() == "") { $this->Page_Terminate($sLastUrl); } // Return to last accessed page } $bValidate = FALSE; // Restore settings if (@$_COOKIE[EW_PROJECT_NAME]['Checksum'] == strval(crc32(md5(EW_RANDOM_KEY)))) { $this->Username = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']); } if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") { $this->LoginType = "a"; } elseif (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "rememberusername") { $this->LoginType = "u"; } else { $this->LoginType = ""; } } $bValidPwd = FALSE; if ($bValidate) { // Call Logging In event $bValidate = $this->User_LoggingIn($this->Username, $sPassword); if ($bValidate) { $bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE, $encrypted); // Manual login if (!$bValidPwd) { if ($this->getFailureMessage() == "") { $this->setFailureMessage($Language->Phrase("InvalidUidPwd")); } // Invalid user id/password } } else { if ($this->getFailureMessage() == "") { $this->setFailureMessage($Language->Phrase("LoginCancelled")); } // Login cancelled } } } if ($bValidPwd) { // Write cookies if ($this->LoginType == "a") { // Auto login setcookie(EW_PROJECT_NAME . '[AutoLogin]', "autologin", EW_COOKIE_EXPIRY_TIME); // Set autologin cookie setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME); // Set user name cookie setcookie(EW_PROJECT_NAME . '[Password]', ew_Encrypt($sPassword), EW_COOKIE_EXPIRY_TIME); // Set password cookie setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME); } elseif ($this->LoginType == "u") { // Remember user name setcookie(EW_PROJECT_NAME . '[AutoLogin]', "rememberusername", EW_COOKIE_EXPIRY_TIME); // Set remember user name cookie setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME); // Set user name cookie setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME); } else { setcookie(EW_PROJECT_NAME . '[AutoLogin]', "", EW_COOKIE_EXPIRY_TIME); // Clear auto login cookie } $this->WriteAuditTrailOnLogin($this->Username); // Call loggedin event $this->User_LoggedIn($this->Username); $this->Page_Terminate($sLastUrl); // Return to last accessed URL } elseif ($this->Username != "" && $sPassword != "") { // Call user login error event $this->User_LoginError($this->Username, $sPassword); } }
function Page_Main() { global $Security, $Language, $UserProfile, $gsFormError; global $Breadcrumb; $Breadcrumb = new cBreadcrumb(); $Breadcrumb->Add("login", "<span id=\"ewPageCaption\">" . $Language->Phrase("LoginPage") . "</span>", ew_CurrentUrl()); $sPassword = ""; $sLastUrl = $Security->LastUrl(); // Get last URL if ($sLastUrl == "") { $sLastUrl = "index.php"; } if (IsLoggingIn()) { $this->Username = @$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME]; $sPassword = @$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD]; $this->LoginType = @$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE]; $bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE); if ($bValidPwd) { $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = ""; $_SESSION[EW_SESSION_USER_PROFILE_PASSWORD] = ""; $_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = ""; } } else { if (!$Security->IsLoggedIn()) { $Security->AutoLogin(); } $this->Username = ""; // Initialize if (@$_POST["username"] != "") { // Setup variables $this->Username = ew_RemoveXSS(ew_StripSlashes(@$_POST["username"])); $sPassword = ew_RemoveXSS(ew_StripSlashes(@$_POST["password"])); $this->LoginType = strtolower(ew_RemoveXSS(@$_POST["type"])); } if ($this->Username != "") { $bValidate = $this->ValidateForm($this->Username, $sPassword); if (!$bValidate) { $this->setFailureMessage($gsFormError); } $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = $this->Username; // Save login user name $_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = $this->LoginType; // Save login type } else { if ($Security->IsLoggedIn()) { if ($this->getFailureMessage() == "") { $this->Page_Terminate($sLastUrl); } // Return to last accessed page } $bValidate = FALSE; // Restore settings if (@$_COOKIE[EW_PROJECT_NAME]['Checksum'] == strval(crc32(md5(EW_RANDOM_KEY)))) { $this->Username = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']); } if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") { $this->LoginType = "a"; } elseif (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "rememberusername") { $this->LoginType = "u"; } else { $this->LoginType = ""; } } $bValidPwd = FALSE; if ($bValidate) { // Call Logging In event $bValidate = $this->User_LoggingIn($this->Username, $sPassword); if ($bValidate) { $bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE); // Manual login if (!$bValidPwd) { if ($this->getFailureMessage() == "") { $this->setFailureMessage($Language->Phrase("InvalidUidPwd")); } // Invalid user id/password } } else { if ($this->getFailureMessage() == "") { $this->setFailureMessage($Language->Phrase("LoginCancelled")); } // Login cancelled } } } if ($bValidPwd) { // Write cookies if ($this->LoginType == "a") { // Auto login setcookie(EW_PROJECT_NAME . '[AutoLogin]', "autologin", EW_COOKIE_EXPIRY_TIME); // Set autologin cookie setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME); // Set user name cookie setcookie(EW_PROJECT_NAME . '[Password]', ew_Encrypt($sPassword), EW_COOKIE_EXPIRY_TIME); // Set password cookie setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME); } elseif ($this->LoginType == "u") { // Remember user name setcookie(EW_PROJECT_NAME . '[AutoLogin]', "rememberusername", EW_COOKIE_EXPIRY_TIME); // Set remember user name cookie setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME); // Set user name cookie setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME); } else { setcookie(EW_PROJECT_NAME . '[AutoLogin]', "", EW_COOKIE_EXPIRY_TIME); // Clear auto login cookie } // Call loggedin event $this->User_LoggedIn($this->Username); $this->Page_Terminate($sLastUrl); // Return to last accessed URL } elseif ($this->Username != "" && $sPassword != "") { // Call user login error event $this->User_LoginError($this->Username, $sPassword); } }
function ew_QuotedValue($Value, $FldType) { if (is_null($Value)) { return "NULL"; } switch ($FldType) { case EW_DATATYPE_STRING: case EW_DATATYPE_MEMO: case EW_DATATYPE_TIME: if (EW_REMOVE_XSS) { return "'" . ew_AdjustSql(ew_RemoveXSS($Value)) . "'"; } else { return "'" . ew_AdjustSql($Value) . "'"; } case EW_DATATYPE_BLOB: return "'" . ew_AdjustSql($Value) . "'"; case EW_DATATYPE_DATE: return EW_IS_MSACCESS ? "#" . ew_AdjustSql($Value) . "#" : "'" . ew_AdjustSql($Value) . "'"; case EW_DATATYPE_GUID: if (EW_IS_MSACCESS) { if (strlen($Value) == 38) { return "{guid " . $Value . "}"; } elseif (strlen($Value) == 36) { return "{guid {" . $Value . "}}"; } } else { return "'" . $Value . "'"; } case EW_DATATYPE_BOOLEAN: // enum('Y'/'N') or enum('1'/'0') return "'" . $Value . "'"; default: return $Value; } }