/** calculate and validate the node_id to display * * this tries to determine a valid node to display based on the node the user * requested and the area that the user may or may not have requested. * * Basic assumption is that the visitor has indeed view access to * area $area_id. This means that the user is allowed to see the nodes * in this area that are not under embargo (and not expired). * We do have a complete overview of all nodes in this area in the array $tree. * (See {@link tree_build()} for more information about the tree structure) * * The parameter $requested_node is either an integer, indicating the user * explicitly specified a node number in the page request, or null, indicating * that the user did not explicitly specify a node. In the latter case * the user may or may not have explicitly requested an area. * * There are several cases we need to handle * - if no node is explicitly requested, we need to identify the default page in the area * - if the node is under embargo the node does not exist (from the POV of the user) * - if the requested node is a section, we need to identify the default page in that section * * @param array &$tree a reference to the complete tree in area $area_id * @param int $area_id the area where we are looking for a node * @param int|null $requested_node the node_id the user requested or NULL if none was specified * @return bool|int FALSE if no suitable node found or a valid $node_id */ function calculate_node_id(&$tree, $area_id, $requested_node) { if (is_null($requested_node)) { return calculate_default_page($tree, $tree[0]['first_child_id']); } $node_id = intval($requested_node); if (!isset($tree[$node_id])) { logger("calculate_node_id(): weird: node '{$node_id}' not set in tree for area '{$area_id}'", WLOG_DEBUG); return FALSE; } if (is_under_embargo($tree, $node_id) || is_expired($node_id, $tree)) { return FALSE; } return $tree[$node_id]['is_page'] ? $node_id : calculate_default_page($tree, $tree[$node_id]['first_child_id']); }
function do_login($requested_page, $outinfo = FALSE, $hh = FALSE) { // do login/ses sion code - returns array - 2/12/09, 3/8/09 global $hide_dispatched, $hide_status_groups; @session_start(); global $expiry, $istest; $now = mysql_format_date(time() - intval(get_variable('delta_mins')) * 60); $the_sid = isset($_SESSION['id']) ? $_SESSION['id'] : null; // 7/3/11 $warn = array_key_exists('expires', $_SESSION) && $now > $_SESSION['expires'] ? "Log-in has expired due to inactivity. Please log in again." : ""; $internet = get_variable("internet"); // 8/22/10 $temp = implode(";", $_SESSION); if (array_key_exists('user_id', $_SESSION) && is_expired($_SESSION['user_id'])) { $the_date = mysql_format_date($expiry); $sess_key = session_id(); // not expired $query = "UPDATE `{$GLOBALS['mysql_prefix']}user` SET `expires`= '{$the_date}' WHERE `sid` = '{$sess_key}' LIMIT 1"; $result = mysql_query($query) or do_error("", 'mysql query failed', mysql_error(), basename(__FILE__), __LINE__); $_SESSION['expires'] = $expiry; $warn = ""; if ($internet == 3) { set_filenames($internet); } // possible change to filenames based on connect status - 8/31/10 } else { // not logged in; now either get form data or db check form entries if (array_key_exists('frm_passwd', $_POST)) { // first, db check // 6/25/10 $categories = array(); // 3/15/11 $query = "SELECT * FROM `{$GLOBALS['mysql_prefix']}assigns` WHERE `clear` <> 'NULL'"; // 3/15/11 $result = mysql_query($query) or do_error($query, 'mysql query failed', mysql_error(), basename(__FILE__), __LINE__); $num_disp = mysql_num_rows($result); // if ($num_disp > 0 && $hide_dispatched == 1) { $category_butts[0] = "Deployed"; $i = 1; } else { $i = 0; } if ($hide_status_groups == 1) { // 3/15/11 $query = "SELECT DISTINCT `group` FROM `{$GLOBALS['mysql_prefix']}un_status` ORDER BY `group` ASC"; $result = mysql_query($query) or do_error($query, 'mysql query failed', mysql_error(), basename(__FILE__), __LINE__); while ($row = stripslashes_deep(mysql_fetch_assoc($result))) { $categories[$i] = $row['group']; $i++; } unset($result); } else { $categories[$i] = "Available"; $i++; $categories[$i] = "Not Available"; } $fac_categories = array(); $i = 0; $query = "SELECT * FROM `{$GLOBALS['mysql_prefix']}fac_types` ORDER BY `name` ASC"; $result = mysql_query($query) or do_error($query, 'mysql query failed', mysql_error(), basename(__FILE__), __LINE__); while ($row = stripslashes_deep(mysql_fetch_assoc($result))) { $fac_categories[$i] = $row['name']; $i++; } unset($result); $query = "SELECT * FROM `{$GLOBALS['mysql_prefix']}user` \n\t\t\t\tWHERE `user`=" . quote_smart($_POST['frm_user']) . " \t \n\t\t\t\tAND (`passwd`=PASSWORD(" . quote_smart($_POST['frm_passwd']) . ") \n\t\t\t\tOR `passwd`=MD5(" . quote_smart(strtolower($_POST['frm_passwd'])) . " )) \n\t\t\t\tLIMIT 1"; $result = mysql_query($query) or do_error("", 'mysql query failed', mysql_error(), basename(__FILE__), __LINE__); if (mysql_affected_rows() == 1) { $row = stripslashes_deep(mysql_fetch_assoc($result)); if ($row['sortorder'] == NULL) { $row['sortorder'] = "date"; } $dir = $row['sort_desc'] ? " DESC " : ""; $sid = session_id(); // 1/8/10 $browser = checkBrowser(FALSE); $the_date = mysql_format_date($expiry); $query = "UPDATE `{$GLOBALS['mysql_prefix']}user` SET \n\t\t\t\t\t`sid` = '{$sid}', \n\t\t\t\t\t`expires`= '{$the_date}', \n\t\t\t\t\t`login` = '{$now}', \n\t\t\t\t\t`_from`= '{$_SERVER['REMOTE_ADDR']}', \n\t\t\t\t\t`browser` = '{$browser}' \n\t\t\t\t\tWHERE `id` = {$row['id']} LIMIT 1"; $result = mysql_query($query) or do_error("", 'mysql query failed', mysql_error(), basename(__FILE__), __LINE__); $_SESSION['id'] = $sid; $_SESSION['expires'] = time(); $_SESSION['user_id'] = $row['id']; $_SESSION['user'] = $row['user']; $_SESSION['level'] = $row['level']; $_SESSION['login_at'] = $now; $_SESSION['scr_height'] = $_POST['scr_height']; $_SESSION['scr_width'] = $_POST['scr_width']; // monitor dimensions this user $_SESSION['allow_dirs'] = TRUE; // allow directions $_SESSION['show_closed'] = TRUE; // show closed dispatched $_SESSION['sortorder'] = $row['sortorder'] == NULL ? "date" : $row['sortorder']; $_SESSION['sort_desc'] = $row['sort_desc'] == NULL ? " DESC " : $row['sort_desc']; $_SESSION['ticket_per_page'] = 0; $_SESSION['show_hide_unit'] = "s"; // show/hide units $_SESSION['show_hide_unav'] = "s"; // show/hide unavailable units - 4/27/10 $_SESSION['show_hide_fac'] = "h"; // show/hide facilities - 3/8/10 $_SESSION['unit_flag_1'] = ""; // unit id where status or position change $_SESSION['unit_flag_2'] = ""; // usage tbd 4/7/10 $_SESSION['tick_flag_1'] = ""; // usage tbd 4/7/10 $_SESSION['tick_flag_2'] = ""; // usage tbd 4/7/10 $_SESSION['fac_flag_2'] = 2; // 2/16/11 $_SESSION['list_type'] = 0; // 12/2/10 $_SESSION['show_hide_Deployed'] = "s"; // Show all deployed tickets 3/15/11 $_SESSION['day_night'] = $_POST['frm_daynight']; // 01/20/11 Set Day or Night Colors $_SESSION['hide_controls'] = "s"; // 3/15/11 $_SESSION['incs_list'] = "s"; // 3/15/11 $_SESSION['resp_list'] = "s"; // 3/15/11 $_SESSION['facs_list'] = "s"; // 3/15/11 $_SESSION['regions_boxes'] = "s"; // 6/10/11 $_SESSION['user_unit_id'] = $row['responder_id']; //3/19/11 $_SESSION['show_hide_upper'] = "Show Menu"; //6/10/11 foreach ($categories as $key => $value) { // 3/15/11 $sess_flag = "show_hide_" . $value; $_SESSION[$sess_flag] = "s"; } foreach ($fac_categories as $key => $value) { // 3/15/11 $fac_sess_flag = "show_hide_fac_" . $value; $_SESSION[$fac_sess_flag] = "h"; } $temp = implode(";", $_SESSION); set_filenames($internet); // 8/31/10 do_log($GLOBALS['LOG_SIGN_IN'], 0, 0, $row['id']); // log it // 7/21/10 $query = "DELETE FROM `{$GLOBALS['mysql_prefix']}ticket` WHERE `status` = {$GLOBALS['STATUS_RESERVED']} AND `_by` = {$_SESSION['user_id']};"; $result = mysql_query($query); $to = ""; $subject = "Tickets Login"; $message = "From: " . gethostbyaddr($_SERVER['REMOTE_ADDR']) . "\nBrowser:" . $_SERVER['HTTP_USER_AGENT']; $message .= "\nBy: " . $_POST['frm_user']; $message .= "\nScreen: " . $_POST['scr_width'] . " x " . $_POST['scr_height']; $message .= "\nReferrer: " . $_POST['frm_referer']; // @mail ($to, $subject, $message); // 1/11/09 header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', FALSE); header('Pragma: no-cache'); $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); $unit_id = get_unit(); // 3/19/11 $level = $row['level']; if ($level == $GLOBALS['LEVEL_UNIT']) { // 3/1/12 $extra = 'mobile.php'; } else { if ($level == $GLOBALS['LEVEL_STATS']) { $extra = 'stats_scr.php?stats=stats'; } else { $extra = 'main.php?log_in=1'; } } // $extra = (($row['level']== $GLOBALS['LEVEL_UNIT']) ||($unit_id))? 'mobile.php' : 'main.php?log_in=1'; // 8/29/10 header("Location: http://{$host}{$uri}/{$extra}"); // to top of calling script exit; } // end if (mysql_affected_rows()==1) } // end if((!empty($_POST))&&(check_for_rows(...) // if no form data or values fail @session_destroy(); // 4/29/10 ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD><TITLE>Tickets - free open source computer-aided dispatch software (CAD)</TITLE> <META HTTP-EQUIV=="Description" CONTENT="free, open source, CAD, dispatch, emergency response, ARES Teams, RACES Teams, amateur radio " /> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"> <META HTTP-EQUIV="Expires" CONTENT="0"> <META HTTP-EQUIV="Cache-Control" CONTENT="NO-CACHE"> <META HTTP-EQUIV="Pragma" CONTENT="NO-CACHE"> <META HTTP-EQUIV="Content-Script-Type" CONTENT="text/javascript"> <META HTTP-EQUIV="Script-date" CONTENT="1/23/10"> <LINK REL=StyleSheet HREF="stylesheet.php?version=<?php print time(); ?> " TYPE="text/css"> <!-- 3/15/11 --> <STYLE type="text/css"> input {background-color:transparent;} /* Benefit IE radio buttons */ </STYLE> <SCRIPT defer="defer"> <!-- 11/18/10 --> String.prototype.trim = function () { return this.replace(/^\s*(\S*(\s+\S+)*)\s*$/, "$1"); }; function getBrowserWidth(){ var val=""; if (window.innerWidth){ var val= window.innerWidth;} else if (document.documentElement && document.documentElement.clientWidth != 0){ var val= document.documentElement.clientWidth; } else if (window.screen.width && window.screen.width != 0){ var val= window.screen.width; } else if (document.body){var val= document.body.clientWidth;} return(isNaN(val))? 1024: val; } function getBrowserHeight(){ var val=""; if (window.innerHeight){ var val= window.innerHeight;} else if (document.documentElement && document.documentElement.clientHeight != 0){ var val= document.documentElement.clientHeight; } else if (window.screen.height && window.screen.height != 0){ var val= window.screen.height; } else if (document.body){var val= document.body.clientHeight;} return(isNaN(val))? 740: val; } function Set_Cookie( name, value, expires, path, domain, secure ) { var today = new Date(); // set time in milliseconds today.setTime( today.getTime() ); if ( expires ) { expires = expires * 1000 * 60 ; } var expires_date = new Date( today.getTime() + (expires) ); document.cookie = name + "=" +escape( value ) + ( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) + //expires.toGMTString() ( ( path ) ? ";path=" + path : "" ) + ( ( domain ) ? ";domain=" + domain : "" ) + ( ( secure ) ? ";secure" : "" ); } // if the expires variable is set, make the correct expires time, the // current script below will set it for x number of days, to make it // for hours, delete * 24, for minutes, delete * 60 * 24 // alert('expires ' + expires_date.toGMTString());// this is for testing purposes only // alert( 'today ' + today.toGMTString() );// this is for testing purpose only function Get_Cookie( check_name ) { var a_all_cookies = document.cookie.split( ';' ); // first we'll split this cookie up into name/value pairs var a_temp_cookie = ''; // note: document.cookie only returns name=value, not the other components var cookie_name = ''; var cookie_value = ''; var b_cookie_found = false; // set boolean t/f default f var i = ''; for ( i = 0; i < a_all_cookies.length; i++ ) { a_temp_cookie = a_all_cookies[i].split( '=' ); // plit each name=value pair cookie_name = a_temp_cookie[0].replace(/^\s+|\s+$/g, ''); // and trim left/right whitespace if ( cookie_name == check_name ){ // if the extracted name matches passed check_name b_cookie_found = true; if ( a_temp_cookie.length > 1 ){ // we need to handle case where cookie has no value but exists (no = sign, that is): cookie_value = unescape( a_temp_cookie[1].replace(/^\s+|\s+$/g, '') ); } return cookie_value;// note that in cases where cookie is initialized but no value, null is returned break; } a_temp_cookie = null; cookie_name = ''; } if ( !b_cookie_found ) { return null; } } // end function Get_Cookie( function do_hh_onload () { // 2/24/09 document.login_form.scr_width.value=getBrowserWidth(); document.login_form.scr_height.value=getBrowserHeight(); document.login_form.frm_user.focus(); } // end function function do_onload () { if (this.window.name!="main") {self.close();} // in a popup if(self.location.href==parent.location.href) { // prevent frame jump self.location.href = 'index.php'; }; try { // should always be true parent.frames["upper"].document.getElementById("whom").innerHTML = "<?php echo NOT_STR; ?> " ; parent.frames["upper"].document.getElementById("level").innerHTML = "<?php echo NA_STR; ?> " ; parent.frames["upper"].document.getElementById("script").innerHTML = "login"; } catch(e) { } document.login_form.scr_width.value=screen.width; // 1/23/10 document.login_form.scr_height.value=screen.height; // document.login_form.frm_user.focus(); // parent.upper.hide_butts(); // 1/21/09 } // end function do onload () <?php if (get_variable('call_board') == 2) { // 7/7/09 ?> try { // 8/10/10 parent.calls.location.href = 'board.php'; } catch (e) { } <?php // print "\tparent.calls.location.href = 'board.php';\n"; // reload to show 'waiting' message 6/19/09 } print "\tparent.upper.location.href = 'top.php';\n"; // reload and initialize top frame 6/19/09 ?> window.setTimeout("document.forms[0].frm_user.focus()", 1000); </SCRIPT> </HEAD> <?php print $hh ? "\n\t<BODY onLoad = 'do_hh_onload()'>\n" : "\n\t<BODY onLoad = 'do_onload()'>\n"; // 2/24/09 ?> <!-- <BODY onLoad = "do_onload()"> 11/6/10 --> <CENTER><BR /> <?php if (get_variable('_version') != '') { print "<SPAN style='FONT-WEIGHT: bold; FONT-SIZE: 15px; COLOR: #000000;'>" . get_variable('login_banner') . "</SPAN><BR /><BR />"; } ?> </FONT> <FORM METHOD="post" ACTION="<?php print $requested_page; ?> " NAME="login_form" onSubmit="return true;"> <TABLE BORDER=0> <?php if (array_key_exists('frm_passwd', $_POST)) { $warn = "Login failed. Pls enter correct values and try again."; } if (!empty($warn)) { print "<TR CLASS='odd'><TH COLSPAN='99'><FONT CLASS='warn'>\n\t\t\t{$warn}\n\t\t\t</FONT><BR /><BR /></TH></TR>"; } $temp = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ""; $my_click = $_SERVER["HTTP_HOST"] == "127.0.0.1" ? " onClick = \"document.login_form.frm_user.value='admin';document.login_form.frm_passwd.value='admin';\"" : ""; // print (array_key_exists ('frm_user', $_POST))? $_POST['frm_user'] . "/" : ""; // print (array_key_exists ('frm_passwd', $_POST))? $_POST['frm_passwd']: ""; ?> <TR CLASS='even'><TD ROWSPAN=6 VALIGN='middle' ALIGN='left' bgcolor=#EFEFEF><BR /><BR /> <IMG BORDER=0 SRC='open_source_button.png' <?php print $my_click; ?> ><BR /><BR /> <img src="php.png" /> </TD><TD CLASS="td_label"><?php print get_text("User"); ?> :</TD> <TD><INPUT TYPE="text" NAME="frm_user" MAXLENGTH="255" SIZE="30" onChange = "document.login_form.frm_user.value = document.login_form.frm_user.value.trim();" VALUE=""></TD></TR> <TR CLASS='odd'><TD CLASS="td_label"><?php print get_text("Password"); ?> : </TD> <TD><INPUT TYPE="password" NAME="frm_passwd" MAXLENGTH="255" SIZE="30" onChange = "document.login_form.frm_passwd.value = document.login_form.frm_passwd.value.trim();" VALUE=""></TD></TR> <TR CLASS="even"><TD COLSPAN=2> </TD></TR> <TR CLASS='odd'><TD CLASS="td_label">Colors: </TD> <TD><INPUT TYPE="radio" NAME="frm_daynight" VALUE="Day" checked>Day <INPUT TYPE="radio" NAME="frm_daynight" value="Night">Night</TD></TR> <TR CLASS="even"><TD COLSPAN=2> </TD></TR> <TR CLASS='even'><TD></TD><TD><INPUT TYPE="submit" VALUE="<?php print get_text("Log In"); ?> "></TD></TR> <TR CLASS='even'><TD COLSPAN=3 ALIGN='center'><BR /> Visitors may login as <B>guest</B> with password <B>guest</B>. </TD></TR> <TR CLASS='even'><TD COLSPAN=3> </TD></TR> <TR CLASS='even'><TD COLSPAN=3> </TD></TR> </TABLE> <INPUT TYPE='hidden' NAME = 'scr_width' VALUE=''> <INPUT TYPE='hidden' NAME = 'scr_height' VALUE=''> <INPUT TYPE='hidden' NAME = 'frm_referer' VALUE="<?php print $temp; ?> "> </FORM><BR /><BR /> <a href="http://www.ticketscad.org/"><SPAN CLASS='text_small'>Tickets CAD Project home</SPAN></a> </CENTER></HTML> <?php exit; // no return value } }