/** Return true if the user is allowed to see the page */
function checkUserPolicy($userid, $projectid, $onlyreturn = 0)
{
if ($userid != '' && !is_numeric($userid) || !is_numeric($projectid)) {
return;
}
// If the projectid=0 only admin can access the page
if ($projectid == 0 && pdo_num_rows(pdo_query("SELECT admin FROM " . qid("user") . " WHERE id='{$userid}' AND admin='1'")) == 0) {
if (!$onlyreturn) {
echo "You cannot access this page";
exit(0);
} else {
return false;
}
} else {
if (@$projectid > 0) {
$project = pdo_query("SELECT public FROM project WHERE id='{$projectid}'");
$project_array = pdo_fetch_array($project);
// If the project is public we quit
if ($project_array["public"] == 1) {
return true;
}
// If the project is private and the user is not logged in we quit
if (!$userid && $project_array["public"] != 1) {
if (!$onlyreturn) {
LoginForm(0);
exit(0);
} else {
return false;
}
} else {
if ($userid) {
$user2project = pdo_query("SELECT projectid FROM user2project WHERE userid='{$userid}' AND projectid='{$projectid}'");
if (pdo_num_rows($user2project) == 0) {
if (!$onlyreturn) {
echo "You cannot access this project";
exit(0);
} else {
return false;
}
}
}
}
}
}
// end project=0
return true;
}
$csrfToken = $_SESSION['cdash']['csrfToken'];
}
}
if (is_null($csrfToken)) {
// Generate a new random csrf token.
// This is used by Google OAuth2 to prevent forged logins.
$csrfToken = bin2hex(random_bytes(16));
}
session_name('CDash');
session_cache_limiter(@$SessionCachePolicy);
session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME);
@ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600);
session_start();
$sessionArray = array('csrfToken' => $csrfToken);
$_SESSION['cdash'] = $sessionArray;
LoginForm($loginerror);
// display login form
$session_OK = 0;
} else {
// authentication was successful
session_regenerate_id();
$session_OK = 1;
// Check if we should be redirecting the user to another page.
// This happens when they have to change their password because it expired.
if (isset($_SESSION['cdash']) && array_key_exists('redirect', $_SESSION['cdash']) && !empty($_SESSION['cdash']['redirect'])) {
$destination = $_SESSION['cdash']['redirect'];
$dest_page = substr($destination, strrpos($destination, '/') + 1);
$pos = strpos($dest_page, '?');
if ($pos !== false) {
$dest_page = substr($dest_page, 0, $pos);
}
}
} else {
//print_r($_COOKIE);
//echo '.'.$cookie_name;
$cookie_name = str_replace(".", "_", $cookie_name);
if (isset($_COOKIE[$cookie_name])) {
//echo '.';
if ($_COOKIE[$cookie_name] == $salt_id) {
//need to add expiration...
//echo '.';
$login = true;
}
}
}
if ($login == false) {
LoginForm();
exit;
}
//Cookie names:
//'niche_login'.$_SERVER['SERVER_NAME'].$_SERVER['SERVER_PORT'].dirname($_SERVER['SCRIPT_NAME'])
//with SCRIPT_NAME, it should always be the same as you can't directly execute an addon, so the addon
//directory will never be the script path...
//echo 'done?';
function SetSessionID()
{
global $salt_id;
$fhan = fopen_per("temp_sid.php", "w");
fputs($fhan, "<" . "?php\n");
//echo $salt_id;
fputs($fhan, '$niche_sid=\'' . $salt_id . '\';' . "\n");
fputs($fhan, "?" . ">");
/**
* page code function
*/
function PageCompPageMainCode()
{
global $site;
global $dir;
global $tmpl;
global $page;
global $join_page_check_limit;
global $join_pages_num;
global $p_arr;
global $_page;
global $en_aff;
global $oTemplConfig;
global $newusernotify;
$enable_security_image = getParam('enable_security_image');
$autoApproval_ifJoin = isAutoApproval('join');
ob_start();
switch ($page) {
// fill inputs with values from precede join pages
case $page > 1:
$hidden_vals = '';
// inputs with POST values
$respd = db_res("SELECT * FROM ProfilesDesc WHERE `visible` & 2 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_check_limit} ORDER BY `order` ASC");
while ($arrpd = mysql_fetch_array($respd)) {
$fname = get_input_name($arrpd);
switch ($arrpd['type']) {
case 'set':
// set of checkboxes
$vals = preg_split("/[,\\']+/", $arrpd['extra'], -1, PREG_SPLIT_NO_EMPTY);
$p_arr[$fname] = '';
foreach ($vals as $v) {
if (strlen(trim($v)) <= 0) {
continue;
}
$hidden_vals .= '<input type="hidden" name="' . ($fname . "_" . $v) . '" value="' . process_pass_data($_POST[$fname . "_" . $v]) . '">';
$p_arr[$fname . "_" . $v] = process_pass_data($_POST[$fname . "_" . $v]);
if ($_POST[$fname . "_" . $v] == 'on') {
if (strlen($p_arr[$fname])) {
$p_arr[$fname] .= ",{$v}";
} else {
$p_arr[$fname] .= $v;
}
}
}
break;
case 'date':
$p_arr[$fname] = sprintf("%04d-%02d-%02d", (int) $_POST[$fname . '_year'], (int) $_POST[$fname . '_month'], (int) $_POST[$fname . '_day']);
$hidden_vals .= '<input type="hidden" name="' . $fname . '_year" value="' . (int) $_POST[$fname . '_year'] . '" />';
$hidden_vals .= '<input type="hidden" name="' . $fname . '_month" value="' . (int) $_POST[$fname . '_month'] . '" />';
$hidden_vals .= '<input type="hidden" name="' . $fname . '_day" value="' . (int) $_POST[$fname . '_day'] . '">';
break;
default:
if ($arrpd['get_value']) {
$funcbody = $arrpd['get_value'];
$func = create_function('$arg0', $funcbody);
$hidden_vals .= '<input type="hidden" name="' . $fname . '" value="' . process_pass_data($_POST[$fname]) . '">';
$p_arr[$fname] = process_pass_data($func($_POST));
} else {
$hidden_vals .= '<input type="hidden" name="' . $fname . '" value="' . process_pass_data($_POST[$fname]) . '">';
$p_arr[$fname] = process_pass_data($_POST[$fname]);
}
break;
}
}
// check values
$query = "SELECT * FROM ProfilesDesc\n\t\t\t\tWHERE `visible` & 2 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_check_limit}\n\t\t\t\tORDER BY `join_page` ASC";
$respd = db_res($query);
while ($arrpd = mysql_fetch_array($respd)) {
if (!strlen($arrpd['check'])) {
continue;
}
$fname = get_input_name($arrpd);
$funcbody = $arrpd[check];
$func = create_function('$arg0', $funcbody);
if (!$func($p_arr[$fname])) {
$add_on .= report_err(_t($arrpd['because'], $arrpd['min_length'], $arrpd['max_length']));
}
}
$page = !$add_on ? $page : $page - 1;
break;
break;
case 'done':
// fill array with POST values
$respd = db_res("SELECT * FROM ProfilesDesc WHERE `visible` & 2 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_check_limit} ORDER BY `order` ASC");
while ($arrpd = mysql_fetch_array($respd)) {
$fname = get_input_name($arrpd);
switch ($arrpd['type']) {
case 'set':
// set of checkboxes
$vals = preg_split("/[,\\']+/", $arrpd['extra'], -1, PREG_SPLIT_NO_EMPTY);
$p_arr[$fname] = '';
foreach ($vals as $v) {
if (strlen(trim($v)) <= 0) {
continue;
}
$hidden_vals .= '<input type="hidden" name="' . ($fname . "_" . $v) . '" value="' . process_pass_data($_POST[$fname . "_" . $v]) . '">';
$p_arr[$fname . "_" . $v] = process_pass_data($_POST[$fname . "_" . $v]);
if ($_POST[$fname . "_" . $v] == 'on') {
if (strlen($p_arr[$fname])) {
$p_arr[$fname] .= ",{$v}";
} else {
$p_arr[$fname] .= $v;
}
}
}
break;
case 'date':
$p_arr[$fname] = sprintf("%04d-%02d-%02d", (int) $_POST[$fname . '_year'], (int) $_POST[$fname . '_month'], (int) $_POST[$fname . '_day']);
$hidden_vals .= '<input type="hidden" name="' . $fname . '_year" value="' . (int) $_POST[$fname . '_year'] . '" />';
$hidden_vals .= '<input type="hidden" name="' . $fname . '_month" value="' . (int) $_POST[$fname . '_month'] . '" />';
$hidden_vals .= '<input type="hidden" name="' . $fname . '_day" value="' . (int) $_POST[$fname . '_day'] . '">';
break;
default:
if ($arrpd['get_value']) {
$funcbody = $arrpd['get_value'];
$func = create_function('$arg0', $funcbody);
$hidden_vals .= '<input type="hidden" name="' . $fname . '" value="' . process_pass_data($_POST[$fname]) . '">';
$p_arr[$fname] = process_pass_data($func($_POST));
} else {
$hidden_vals .= '<input type="hidden" name="' . $fname . '" value="' . process_pass_data($_POST[$fname]) . '">';
$p_arr[$fname] = process_pass_data($_POST[$fname]);
}
break;
}
}
// check values
if ($enable_security_image) {
if (!isset($_POST['securityImageValue']) || !isset($_COOKIE['strSec']) || md5($_POST['securityImageValue']) != $_COOKIE['strSec']) {
$page = $join_pages_num;
$add_on .= report_err(_t("_SIMG_ERR"));
}
}
$respd = db_res("SELECT * FROM ProfilesDesc WHERE `visible` & 2 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_check_limit} AND `join_page` > 0 ORDER BY `order` ASC");
while ($arrpd = mysql_fetch_array($respd)) {
if (!strlen(trim($arrpd['check']))) {
continue;
}
$fname = get_input_name($arrpd);
$funcbody = $arrpd['check'];
$func = create_function('$arg0', $funcbody);
if (!$func($p_arr[$fname])) {
$page = floor($arrpd['join_page'] / 1000);
$add_on .= report_err(_t($arrpd['because'], $arrpd['min_length'], $arrpd['max_length']));
}
}
break;
default:
break;
}
switch ($page) {
default:
global $tmpl;
if ($oTemplConfig->customize['join_page']['showPageText']) {
$page_text = _t("_JOIN1", $page);
}
echo $add_on;
break;
}
switch ($page) {
case 'done':
// new profile creation
$cl_values = "INSERT INTO `Profiles` SET ";
$cl_first = 0;
$respd = db_res("SELECT * FROM ProfilesDesc WHERE `visible` & 2 AND `to_db` = 1 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_check_limit} ORDER BY `order` ASC");
while ($arrpd = mysql_fetch_array($respd)) {
$fname = get_input_name($arrpd);
$dbname = get_field_name($arrpd);
$fval = $p_arr[$fname];
if ($dbname == 'zip') {
$fval = strtoupper(str_replace(' ', '', $fval));
}
switch ($arrpd['type']) {
case 'set':
// set of checkboxes
// set of checkboxes
case 'r':
// reference to array for combo box
// reference to array for combo box
case 'a':
// text Area
// text Area
case 'c':
// input box
// input box
case 'rb':
// radio buttons
// radio buttons
case 'e':
// enum combo box
// enum combo box
case 'en':
// enum combo box with numbers
// enum combo box with numbers
case 'eny':
// enum combo box with numbers
// enum combo box with numbers
case 'date':
// date
$fval = process_db_input($fval, 0, 1);
$cl_values .= " `{$dbname}` = '{$fval}'";
$cl_values .= ", ";
break;
case 'p':
$fval = md5(process_pass_data($fval));
$cl_values .= " `{$dbname}` = '{$fval}'";
$cl_values .= ", ";
break;
}
}
$cl_values .= " `LastReg` = NOW()";
db_res($cl_values);
$IDnormal = mysql_insert_id();
$IDcrypt = crypt($IDnormal, "secret_string");
// encrypted ID for security purposes
setcookie("IDc", $IDcrypt, 0, "/");
$_COOKIE['IDc'] = $IDcrypt;
// Affiliate and friend checking
if ($en_aff && $_COOKIE['idAff']) {
$res = db_res("SELECT `ID` FROM `aff` WHERE `ID` = {$_COOKIE['idAff']} AND `Status` = 'active'");
if (mysql_num_rows($res)) {
$res = db_res("INSERT INTO `aff_members` (`idAff`,`idProfile`) VALUES ({$_COOKIE['idAff']}, {$IDnormal})");
}
}
if ($en_aff && $_COOKIE['idFriend']) {
$idFriend = getID($_COOKIE['idFriend']);
if ($idFriend) {
$res = db_res("UPDATE `Profiles` SET `aff_num` = `aff_num` + 1 WHERE `ID` = '{$idFriend}'");
createUserDataFile($idFriend);
}
}
if (strcmp(crypt($IDnormal, 'secret_string'), $_COOKIE['IDc']) != 0) {
ob_end_clean();
$_page['header'] = _t("_Error");
$ret = "<table width=\"100%\" cellpadding=4 cellspacing=4><tr><td align=center class=text2>";
$ret .= _t("_MUST_HAVE_COOKIES");
$ret .= "</td></tr></table>";
return $ret;
}
if (getParam('autoApproval_ifNoConfEmail') == 'on') {
if (getParam('autoApproval_ifJoin')) {
db_res("UPDATE `Profiles` SET `Status`='Active' WHERE `ID`='{$IDnormal}'");
$page_text = _t("_USER_ACTIVATION_SUCCEEDED") . $ret . $add_on;
$message = getParam("t_Activation");
$subject = getParam('t_Activation_subject');
sendMail($p_arr['Email'], $subject, $message, $IDnormal);
} else {
db_res("UPDATE `Profiles` SET `Status`='Approval' WHERE `ID`='{$IDnormal}'");
$page_text = _t("_USER_CONF_SUCCEEDED") . $add_on;
}
if ($newusernotify) {
$message = "New user {$p_arr['NickName']} with email {$p_arr['Email']} has been confirmed,\nhis/her ID is {$IDnormal}.\n--\n{$site['title']} mail delivery system\n<Auto-generated e-mail, please, do not reply>\n";
$subject = "New user confirmed";
sendMail($site['email_notify'], $subject, $message);
}
} else {
$page_text = _t("_JOIN3") . $add_on;
$page_text .= activation_mail($IDnormal);
$page_text .= "<br /><br /><br /><br /><center>" . _t("_UPLOAD_WHILE_WAITING", $site['url']) . "</center>";
}
modules_add($IDnormal);
if (!$autoApproval_ifJoin) {
modules_block($IDnormal);
}
createUserDataFile($IDnormal);
// ----------------------------------------------------------
echo "<div id=\"first_column\">";
echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\"><tr><td align=center class=text2>";
echo "<div align=justify>{$page_text}</div>";
break;
default:
echo "<div id=\"first_column\">";
echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\"><tr><td align=center class=text2>";
//-----------------------------------------------------------
do {
$join_page_limit = 'done' == $page ? " AND join_page > '" . $join_pages_num * 1000 . "'" : " AND join_page > '" . $page * 1000 . "' AND join_page < '" . ($page + 1) * 1000 . "'";
$query = "SELECT COUNT(*) FROM `ProfilesDesc` WHERE `visible` & 2 {$join_page_limit} AND (FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('3',show_on_page))";
$res = db_res($query);
$item_num = mysql_fetch_row($res);
if ($item_num[0] <= 0 && $page < $join_pages_num) {
$page++;
}
} while ($item_num[0] <= 0 && $page < $join_pages_num);
$join_page_limit = 'done' == $page ? " AND join_page > '" . $join_pages_num * 1000 . "'" : " AND join_page > '" . $page * 1000 . "' AND join_page < '" . ($page + 1) * 1000 . "'";
$hidden_vals .= "<input type=\"hidden\" name=\"page\" value=\"{$page}\" />";
//-----------------------------------------------------------
echo "\n\t <form name=\"jform\" method=\"post\" action=\"{$_SERVER['PHP_SELF']}\" " . ($join_pages_num == $page ? "onSubmit=\"return validateJoinForm();\">" : ">") . "\n\n\t {$hidden_vals}\n\n\t <input type=hidden name=\"ID\" value=\"{$IDnormal}\" />\n\n\t <div align=justify>{$page_text}</div>\n<table width=\"100%\" cellspacing=\"2\" cellpadding=\"0\" border=\"0\">";
$first_row = 1;
$respd = db_res("SELECT * FROM ProfilesDesc\n\t\t\t WHERE `visible` & 2 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_limit}\n\t\t\t ORDER BY `join_page` ASC");
if ($oTemplConfig->customize['join_page']['show_3rd_col']) {
$columns = 3;
} else {
$columns = 2;
}
while ($arrpd = mysql_fetch_array($respd)) {
$fname = get_input_name($arrpd);
if ($arrpd['get_value'] && $arrpd['to_db'] == 0) {
$funcbody = $arrpd['get_value'];
$func = create_function('$arg0', $funcbody);
$p_arr[$fname] = $func($p_arr);
}
$not_first_row = 0;
switch ($arrpd['type']) {
case 'set':
// set of checkboxes
echo print_row_set($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns);
break;
case 'rb':
// radio buttons
echo print_row_radio_button($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns);
break;
case 'r':
// reference to array for combo box
if ($fname == 'Country') {
$onchange = "flagImage = document.getElementById('flagImageId'); flagImage.src = '{$site['flags']}' + this.value.toLowerCase() + '.gif';";
if (strlen($p_arr[$fname]) == 0) {
$p_arr[$fname] = getParam('default_country');
}
$imagecode = '<img id="flagImageId" src="' . ($site['flags'] . strtolower($p_arr[$fname])) . '.gif" alt="flag" />';
} else {
$onchange = '';
$imagecode = '';
}
echo print_row_ref($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns, '', 0, $onchange, $imagecode);
break;
case '0':
// divider
echo print_row_delim($first_row, $arrpd, "panel", $columns);
$not_first_row = 1;
$first_row = 1;
break;
case 'e':
// enum combo box
echo print_row_enum($first_row, $arrpd, $p_arr[$fname], "table", $javascript, 0);
break;
case 'en':
// enum combo box with numbers
echo print_row_enum_n($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns);
break;
case 'eny':
// enum combo box with years
echo print_row_enum_years($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns);
break;
case 'date':
//date
echo print_row_date($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns);
break;
case 'a':
// text Area
echo print_row_area($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns);
break;
case 'c':
// input box
echo print_row_edit($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns);
break;
case 'p':
// input box password
echo print_row_pwd($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns);
break;
default:
$not_first_row = 1;
break;
}
if (!$not_first_row && $first_row == 1) {
$first_row = 0;
}
}
echo "</table>";
// show on the last page of join form
if ($join_pages_num == $page) {
?>
<script language=javascript>
<!--
function validateJoinForm()
{
if ( document.forms['jform'].elements['i_agree'].checked ) return true;
alert('<?php
echo _t("_CLICK_AGREE");
?>
');
return false;
}
-->
</script>
<?php
echo "<br /><div class=\"security_image_block\"><center>\n";
if ($enable_security_image) {
echo "\n\t\t <img alt=\"Security Image\" src=\"simg/simg.php\" /><br /><br />" . _t("_Enter what you see:") . "<input name=\"securityImageValue\" type=\"text\" size=\"15\"><br /><br />";
}
echo "</center>";
$ret = <<<ID
\t\t<script type="text/javascript">
\t\t\tfunction id_registration()
\t\t\t{
\t\t\t\toCheckBox = document.getElementById( "boonex_id" );
\t\t\t\tif( oCheckBox.checked )
\t\t\t\t\twindow.open( 'http://www.boonex.com/id/', '', 'width=800, height=600, menubar=yes, status=yes, resizable=yes, scrollbars=yes, toolbar=yes, location=yes')
\t\t\t}
\t\t</script>
ID;
echo $ret;
echo "\n\t\t <div style=\"text-align:center;\"><input type=checkbox name=i_agree id=i_agree /><label for=i_agree>" . _t("_I AGREE", $site['url']) . "</label> </div>\n";
// BoonEx ID implementation
// <div style=\"text-align:center;\"><input type=checkbox name=\"boonex_id\" id=\"boonex_id\" /><label for=boonex_id>" . _t("_ID_CREATE", "http://www.boonex.com/id/" ) . "</label> </div>";
}
echo "<br /><center><input onclick=\"id_registration();\" type=\"submit\" value=\"" . _t("_Join") . "\" /></center></form></div>";
break;
}
global $memberID;
echo "</td></tr></table>";
echo "</div>";
echo "<div id=\"second_column\">";
echo "<div class=\"member_login\">";
$action = "login";
$text = _t('_Member Login');
$table = "Profiles";
$login_page = "{$site['url']}member.php";
$join_page = "{$site['url']}join_form.php";
$forgot_page = "{$site['url']}forgot.php";
$template = "{$dir['root']}templates/tmpl_{$tmpl}/join_login_form.html";
echo LoginForm($text, $action, $table, $login_page, $forgot_page, $template);
echo "</div>";
if (getParam('enable_get_boonex_id')) {
echo "<div class=\"import_boonex_id\">";
$action = "boonex";
$text = '<div class="boonex_id">' . _t('_Import BoonEx ID') . '</div>';
$table = "Profiles";
$login_page = "{$site['url']}member.php";
$join_page = "{$site['url']}join_form.php";
$forgot_page = '';
$template = "{$dir['root']}templates/tmpl_{$tmpl}/join_login_form.html";
echo LoginForm($text, $action, $table, $login_page, $forgot_page, $template);
echo "</div>";
}
echo "</div>";
$ret = ob_get_clean();
return $ret;
}
} else {
header("Location:index2.php");
}
/*/header("Location: ".$dest);*/
}
}
} else {
/*
Set form defaults. Perhaps you want to pull the username from a cookie
you've stored on the user's computer. Maybe you don't want to do anything.
*/
$s->expire();
$nombre = "";
$password = "";
}
LoginForm($act);
/*
Validate() will validate the form data. You can modify this per your
requirements.
*/
function Validate()
{
global $nombre, $password, $status_msg;
$ret = true;
$nombre = strip_tags($_POST['nombre']);
if (strlen($nombre) == 0) {
$ret = false;
$password = "";
$status_msg .= "Ingrese nombre de usuario.<br />";
}
$password = strip_tags($_POST['password']);
function Body()
{
$dr = $GLOBALS['dr'];
$wb = $GLOBALS['wb'];
global $mi;
/* PUT THE MODULE ID IN THE GLOBAL CONTEXT */
$c = "<table align='center' width='780' cellpadding='0' cellspacing='0' border='0' class='plain'>\n";
$c .= "<tr>\n";
$c .= "<td width='20' bgcolor='#3399CC'><img src='" . $wb . "images/curves/top_left.gif' width='20' height='42'></td>\n";
//$c.="<td width='740' bgcolor='#66CC33'><a href='index.php'></a></td>\n";
$c .= "<td width='740' bgcolor='#66CC33'><a href='index.php'>" . $GLOBALS['site_logo'] . "</a></td>\n";
$c .= "<td width='20' bgcolor='#3399CC'><img src='" . $wb . "images/curves/top_right.gif' width='20' height='42'></td>\n";
$c .= "</tr>\n";
$c .= "<tr>\n";
$c .= "<td bgcolor='#99CCFF' colspan='3'>\n";
if (isset($_SESSION['user_id'])) {
require_once $dr . "include/functions/design/login_bar.php";
$c .= LoginBar();
} else {
require_once $dr . "include/functions/design/logout_bar.php";
$c .= LogoutBar();
}
$c .= "</td>\n";
$c .= "</tr>\n";
/* NOT LOGGED IN AND NO MODULE IN QUERYSTRING */
if (!isset($_SESSION['user_id']) && !isset($_GET['module'])) {
require_once $dr . "modules/core/functions/forms/login_form.php";
$c .= "<tr bgcolor='#ffffff' align='center'>\n";
$c .= "<td colspan='3'>\n";
if (isset($_COOKIE['mvh_username'])) {
$c .= LoginFormCookie();
} else {
$c .= LoginForm();
}
$c .= "</td>\n";
$c .= "</tr>\n";
} elseif (isset($_SESSION['user_id']) && !isset($_GET['module']) && isset($GLOBALS['ui']) && isset($GLOBALS['wui'])) {
/* PROCESS THE ACTIVATION AND DEACTIVATION OF MODULES IN THE WORKSPACE HERE AS WE NEED UI TO BE SET */
if (isset($_GET['wtask']) && $_GET['wtask'] == "install_workspace_user_module") {
require_once $dr . "modules/workspace/classes/add_remove_user_workspace_module.php";
$aruwm = new AddRemoveUserWorkspaceModule();
$aruwm->SetParameters($_GET['module_id']);
$result = $aruwm->AddRemove();
//if (!$result) { echo Alert("3",$at->ShowErrors()); }
}
/* ACTIVATE THE TEAMSPACE MODULES */
if (isset($_GET['wtask']) && $_GET['wtask'] == "install_teamspace_user_module") {
require_once $dr . "modules/teamspace/classes/add_remove_user_teamspace_module.php";
$arutm = new AddRemoveUserTeamspaceModule();
$arutm->SetParameters($_GET['module_id']);
$result = $arutm->AddRemove();
//if (!$result) { echo Alert("3",$at->ShowErrors()); }
}
/* INCLUDE THE MAIN FILES FOR THE WORKSPACE */
require_once $dr . "modules/workspace/functions/browse/non_enterprise_workspace_modules.php";
require_once $dr . "include/functions/design/teamspace_slider.php";
require_once $dr . "include/functions/teamspace/user_teamspaces.php";
/* TODO: CHANGE THIS TO THE WORKSPACE FOLDER */
//require_once($dr."modules/teamspace/functions/browse/user_available_modules.php");
require_once $dr . "modules/teamspace/classes/user_available_modules.php";
//
$c .= "<tr>\n";
$c .= "<td colspan='3'>\n";
$c .= "<table cellspacing='0'>\n";
$c .= "<tr>\n";
if (IS_NUMERIC($GLOBALS['teamspace_id'])) {
$c .= "<td width='150' valign='top'>" . UserAvailableModules() . "</td>\n";
} else {
$obj_uam = new UserAvailableModules();
if ($obj_uam->CountUserAvailableModules() > 0) {
$c .= "<td width='150' valign='top'>" . TeamspaceSliderItems() . "</td>\n";
}
}
$c .= "<td width='630'>" . CurveBox(NonEnterpriseModules($GLOBALS['ui']->WorkspaceID(), $_SESSION['user_id'], $GLOBALS['wui']->RoleID(), True)) . "</td>\n";
$c .= "<td width='150' valign='top'>" . UserTeamspaces() . "</td>\n";
$c .= "</tr>\n";
$c .= "</table>\n";
$c .= "</td>\n";
$c .= "</tr>\n";
} elseif (isset($_SESSION['user_id']) && !isset($_GET['module']) && empty($workspace_id)) {
require_once $dr . "modules/workspace/functions/browse/select_workspace.php";
require_once $dr . "modules/workspace/functions/misc/menu.php";
$c .= "<tr>\n";
$c .= "<td colspan='3'>\n";
$c .= "<table cellspacing='0' class='plain_border'>\n";
$c .= "<tr>\n";
$c .= "<td>" . SelectWorkspace() . "</td>\n";
if ($GLOBALS['ui']->GetInfo("default_role") != "y") {
$c .= "<td width='150' valign='top'>" . Menu() . "</td>\n";
}
$c .= "</tr>\n";
$c .= "</table>\n";
$c .= "</td>\n";
$c .= "</tr>\n";
//$c.=CurveBox(SelectWorkspace());
} elseif (isset($_GET['module']) && file_exists($dr . "modules/" . $_GET['module'] . ".php")) {
$module_id = GetColumnValue("module_id", "core_module_master", "name", $_GET['module']);
require_once $dr . "modules/" . $_GET['module'] . ".php";
require_once $dr . "classes/modules/module_id.php";
$mi = new ModuleID();
$module_result = $mi->Info($module_id);
$anonymous_access = $mi->GetInfo("anonymous_access");
$c .= "<tr>\n";
$c .= "<td colspan='3'>";
/* CHECK FOR ERRORS OR ACCESS DENIED */
if ($module_result && $mi->CheckACL()) {
$c .= LoadModule($module_id, $anonymous_access);
} else {
$c .= CurveBox("Access to module denied");
}
$c .= "</td>\n";
$c .= "</tr>\n";
}
$c .= "<tr>\n";
$c .= "<td width='20' bgcolor='#3399CC'><img src='" . $wb . "images/curves/white_bottom_left.gif' width='20' height='20'></td>\n";
$c .= "<td width='780' bgcolor='#ffffff' align='center'>" . $GLOBALS['copyright_notice'] . "</td>\n";
$c .= "<td width='20' bgcolor='#3399CC'><img src='" . $wb . "images/curves/white_bottom_right.gif' width='20' height='20'></td>\n";
$c .= "</tr>\n";
$c .= "</table>\n";
return $c;
}
function control_access($nom_script, $infos_login, $id_session, $bd)
{
//recherche la session
$session_courante = get_session($id_session, $bd);
//cas 1: la session existe, on verifie sa validite
if (is_object($session_courante)) {
// la session existe, est-elle valide?
if (is_valid_session($session_courante, $bd)) {
// on renvoie l'objet session
return $session_courante;
} else {
echo "<B> Your session is not (or no longer) valid.<P></B>\n";
}
}
// Cas 2.a: La session n'existe pas mais un login et pwd ont ete fournis
if (isset($infos_login['visitor_login']) & isset($infos_login['visitor_pwd'])) {
// Les login/pwd sont-ils corrects?
if (create_session($bd, $infos_login['visitor_login'], $infos_login['visitor_pwd'], $id_session)) {
// on renvoie l'object session
return get_session($id_session, $bd);
} else {
echo "<B> Identification failed.<P></B>\n";
}
}
// Cas 2.b: La session n'existe pas
// et il faut afficher le formulaire d'identification
LoginForm($nom_script);
}
function Refuse()
{
global $nc_core, $AUTH_TYPE, $admin_mode, $nc_auth;
// AJAX call
if ($_POST["NC_HTTP_REQUEST"] || NC_ADMIN_ASK_PASSWORD === false) {
// issue strange header (actually not RFC2616-compliant) and die
header($_SERVER['SERVER_PROTOCOL'] . " 401 Authorization Required");
exit;
}
switch ($nc_core->AUTHORIZATION_TYPE) {
case 'cookie':
case 'session':
if (!$admin_mode) {
if (is_object($nc_auth)) {
$nc_auth->login_form();
}
} else {
LoginFormHeader();
LoginForm();
LoginFormFooter();
}
break;
default:
# по дефолту авторизация 'http'
Header("WWW-authenticate: basic realm=Enter your login and password");
Header($_SERVER['SERVER_PROTOCOL'] . ' 401 Unauthorized');
LoginFormHeader();
print CONTROL_AUTH_MSG_MUSTAUTH;
LoginFormFooter();
}
exit;
}
