function start_session($updateUserFormatsStylesTypesPermissions)
{
global $databaseBaseURL;
// these variables are defined in 'ini.inc.php'
global $defaultMainFields;
global $filesBaseDir;
global $filesBaseURL;
global $loginEmail;
global $loginUserID;
global $loginFirstName;
global $loginLastName;
global $abbrevInstitution;
global $lastLogin;
global $referer;
// '$referer' is made globally available from within this function
global $connection;
// Initialize the session:
if (!isset($_SESSION["sessionID"])) {
// Ensure that cookies are enabled:
if (ini_get('session.use_cookies') == 0) {
// if 'session.use_cookies' is OFF for the current directory
ini_set('session.use_cookies', 1);
}
// enable storage of sessions within cookies
session_start();
$sessionID = session_id();
// get the current session ID
if (!empty($sessionID)) {
saveSessionVariable("sessionID", $sessionID);
}
}
// Set the system's locale information:
list($systemLocaleCollate, $systemLocaleCType) = setSystemLocale();
// Set the default timezone used by all date/time functions
// Note: The 'date_default_timezone_set/date_default_timezone_get' functions are available since PHP 5.1.0
if (function_exists("date_default_timezone_set") && function_exists("date_default_timezone_get")) {
@date_default_timezone_set(@date_default_timezone_get());
}
// NOTE: Upon first connection to the MySQL server, function 'connectToMySQLDatabase()' will query the
// MySQL server for the MySQL version and save it to a session variable
// Extract session variables (only necessary if register globals is OFF!):
if (isset($_SESSION['loginEmail'])) {
$loginEmail = $_SESSION['loginEmail'];
$loginUserID = $_SESSION['loginUserID'];
$loginFirstName = $_SESSION['loginFirstName'];
$loginLastName = $_SESSION['loginLastName'];
$abbrevInstitution = $_SESSION['abbrevInstitution'];
$lastLogin = $_SESSION['lastLogin'];
} elseif ($updateUserFormatsStylesTypesPermissions) {
// If the user isn't logged in we set the available export formats, citation styles, document types and permissions to
// the defaults which are specified in the 'formats', 'styles', 'types' and 'user_permissions' tables for 'user_id = 0'.
// (a 'user_id' of zero is used within these tables to indicate the default settings if the user isn't logged in)
// NOTE: As an exception, for anyone who isn't logged in, we don't load the default number of records from option
// 'records_per_page' in table 'user_options', but instead use the value given in variable '$defaultNumberOfRecords'
// in 'ini.inc.php'. Similarly, if the user isn't logged in, the list of "main fields" is taken from variable
// '$defaultMainFields' in 'ini.inc.php' and not from option 'main_fields' in table 'user_options. Same holds true
// for variable '$autoCompleteUserInput' vs. option 'show_auto_completions'.
// Get all export formats that were selected by the admin to be visible if a user isn't logged in
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_export_formats':
getVisibleUserFormatsStylesTypes(0, "format", "export");
// Get all citation formats that were selected by the admin to be visible if a user isn't logged in
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_cite_formats':
getVisibleUserFormatsStylesTypes(0, "format", "cite");
// Get all citation styles that were selected by the admin to be visible if a user isn't logged in
// and (if some styles were found) save them as semicolon-delimited string to the session variable 'user_styles':
getVisibleUserFormatsStylesTypes(0, "style", "");
// Get all document types that were selected by the admin to be visible if a user isn't logged in
// and (if some types were found) save them as semicolon-delimited string to the session variable 'user_types':
getVisibleUserFormatsStylesTypes(0, "type", "");
// Get the user permissions for the current user
// and save all allowed user actions as semicolon-delimited string to the session variable 'user_permissions':
getPermissions(0, "user", true);
// Get the default view for the current user
// and save it to the session variable 'userDefaultView':
getDefaultView(0);
// Get the default number of records per page preferred by the current user
// and save it to the session variable 'userRecordsPerPage':
getDefaultNumberOfRecords(0);
// Get the user's preference for displaying auto-completions
// and save it to the session variable 'userAutoCompletions':
getPrefAutoCompletions(0);
// Get the list of "main fields" for the current user
// and save the list of fields as comma-delimited string to the session variable 'userMainFields':
getMainFields(0);
} else {
// The scripts 'error.php', 'install.php' & 'update.php' use 'start_session(false);' so that they execute without errors
// when there isn't any database yet. However, function 'buildQuickSearchElements()' (which builds the "Quick Search" form
// in the page header) requires the session variable 'userMainFields' to be present. So we take the list of "main fields"
// directly from the global variable '$defaultMainFields' and save it as session variable (we cannot use function
// 'getMainFields()' here since this would require database access):
if (!isset($_SESSION['userMainFields'])) {
saveSessionVariable("userMainFields", $defaultMainFields);
}
}
// Set the referrer:
if (isset($_REQUEST['referer']) and !empty($_REQUEST['referer'])) {
$referer = $_REQUEST['referer'];
} elseif (isset($_SESSION['referer']) and !empty($_SESSION['referer'])) {
$referer = $_SESSION['referer'];
// get the referring URL from the superglobal '$_SESSION' variable (if any)
deleteSessionVariable("referer");
} elseif (isset($_SERVER['HTTP_REFERER']) and !empty($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
} else {
// as an example, the referrer won't be set if a user clicked on a URL of type 'show.php?record=12345' within an email announcement
$referer = "index.php";
}
// if all other attempts fail, we'll re-direct to the main page
// Verify important variables from 'ini.inc.php':
// - Ensure that the given paths/URLs end with a slash:
$databaseBaseURL = checkPath($databaseBaseURL, "URL");
$filesBaseDir = checkPath($filesBaseDir);
$filesBaseURL = checkPath($filesBaseURL, "URL");
}
function check_login($referer, $loginEmail, $loginPassword)
{
global $username;
global $password;
global $hostName;
global $databaseName;
global $connection;
global $HeaderString;
global $loginUserID;
global $loginFirstName;
global $loginLastName;
global $adminLoginEmail;
global $abbrevInstitution;
global $tableAuth, $tableUserData, $tableUsers;
// defined in 'db.inc.php'
global $loc;
// Get the two character salt from the email address collected from the challenge
$salt = substr($loginEmail, 0, 2);
// Encrypt the loginPassword collected from the challenge (so that we can compare it to the encrypted passwords that are stored in the 'auth' table)
$crypted_password = crypt($loginPassword, $salt);
// CONSTRUCT SQL QUERY:
$query = "SELECT user_id FROM {$tableAuth} WHERE email = " . quote_smart($loginEmail) . " AND password = "******"errors");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
if (isset($_SESSION['formVars'])) {
// delete the 'formVars' session variable:
deleteSessionVariable("formVars");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
$userID = $row["user_id"];
// extract the user's userID from the last query
// Now we need to get the user's first name and last name (e.g., in order to display them within the login welcome message)
$query = "SELECT user_id, first_name, last_name, abbrev_institution, language, last_login FROM {$tableUsers} WHERE user_id = " . quote_smart($userID);
// CONSTRUCT SQL QUERY
$result = queryMySQLDatabase($query);
// RUN the query on the database through the connection (function 'queryMySQLDatabase()' is defined in 'include.inc.php')
$row2 = mysql_fetch_array($result);
// EXTRACT results: fetch the one row into the array '$row2'
// Save the fetched user details to the session file:
// Write back session variables:
saveSessionVariable("loginEmail", $loginEmail);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
saveSessionVariable("loginUserID", $row2["user_id"]);
saveSessionVariable("loginFirstName", $row2["first_name"]);
saveSessionVariable("loginLastName", $row2["last_name"]);
saveSessionVariable("abbrevInstitution", $row2["abbrev_institution"]);
saveSessionVariable("userLanguage", $row2["language"]);
saveSessionVariable("lastLogin", $row2["last_login"]);
// Get all user groups specified by the current user
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'userGroups':
getUserGroups($tableUserData, $row2["user_id"]);
// function 'getUserGroups()' is defined in 'include.inc.php'
if ($loginEmail == $adminLoginEmail) {
// ('$adminLoginEmail' is specified in 'ini.inc.php')
// Get all user groups specified by the admin
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'adminUserGroups':
getUserGroups($tableUsers, $row2["user_id"]);
}
// function 'getUserGroups()' is defined in 'include.inc.php'
// Get all user queries that were saved previously by the current user
// and (if some queries were found) save them as semicolon-delimited string to the session variable 'userQueries':
getUserQueries($row2["user_id"]);
// function 'getUserQueries()' is defined in 'include.inc.php'
// Get all export formats that were selected previously by the current user
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_export_formats':
getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "export");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all citation formats that were selected previously by the current user
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_cite_formats':
getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "cite");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all citation styles that were selected previously by the current user
// and (if some styles were found) save them as semicolon-delimited string to the session variable 'user_styles':
getVisibleUserFormatsStylesTypes($row2["user_id"], "style", "");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all document types that were selected previously by the current user
// and (if some types were found) save them as semicolon-delimited string to the session variable 'user_types':
getVisibleUserFormatsStylesTypes($row2["user_id"], "type", "");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get the user permissions for the current user
// and save all allowed user actions as semicolon-delimited string to the session variable 'user_permissions':
getPermissions($row2["user_id"], "user", true);
// function 'getPermissions()' is defined in 'include.inc.php'
// Get the default view for the current user
// and save it to the session variable 'userDefaultView':
getDefaultView($row2["user_id"]);
// function 'getDefaultView()' is defined in 'include.inc.php'
// Get the default number of records per page preferred by the current user
// and save it to the session variable 'userRecordsPerPage':
getDefaultNumberOfRecords($row2["user_id"]);
// function 'getDefaultNumberOfRecords()' is defined in 'include.inc.php'
// Get the user's preference for displaying auto-completions
// and save it to the session variable 'userAutoCompletions':
getPrefAutoCompletions($row2["user_id"]);
// function 'getPrefAutoCompletions()' is defined in 'include.inc.php'
// Get the list of "main fields" for the current user
// and save the list of fields as comma-delimited string to the session variable 'userMainFields':
getMainFields($row2["user_id"]);
// function 'getMainFields()' is defined in 'include.inc.php'
// We also update the user's entry within the 'users' table:
$query = "UPDATE {$tableUsers} SET " . "last_login = NOW(), " . "logins = logins+1 " . "WHERE user_id = {$userID}";
// RUN the query on the database through the connection:
$result = queryMySQLDatabase($query);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
if (!preg_match("#/(error|user_login|install)\\.php#i", $referer)) {
header("Location: " . $referer);
} else {
header("Location: index.php");
}
// back to main page
} else {
// Ensure 'loginEmail' is not registered, so the user is not logged in
if (isset($_SESSION['loginEmail'])) {
// delete the 'loginEmail' session variable:
deleteSessionVariable("loginEmail");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
// Save an error message:
$HeaderString = "<b><span class=\"warning\">" . $loc["LoginFailedYouProvidedAnIncorrectEmailAddressOrPassword"] . "</span></b>";
// Write back session variables:
saveSessionVariable("HeaderString", $HeaderString);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
login_page($referer);
}
// -------------------
// (5) CLOSE the database connection:
disconnectFromMySQLDatabase();
// function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'
}
