<?php
include_once "./includes/application_top.php";
//wrap_session_start();
// see if somebody is logged in and notify them if not
$display_login_form = true;
// default
if (isset($_REQUEST['username']) && isset($_REQUEST['login'])) {
// they have just tried logging in
if (login($_REQUEST['username'], $_REQUEST['passwd'])) {
// if they are in the database register the user id
//$valid_user = $_REQUEST['username'];
wrap_session_register("valid_user", $_REQUEST['username']);
$display_login_form = false;
$page_info_message = "Login Successful!";
} else {
// login failed, show error page
$display_login_form = true;
$page_error_message = "You could not be logged in. Please try again.";
}
} elseif (wrap_session_is_registered("valid_user")) {
// logged in
$display_login_form = false;
} else {
// they are not logged in, show login page output
$display_login_form = true;
if (!empty($_REQUEST['origin']) && $_REQUEST['origin'] != FILENAME_LOGOUT && $_REQUEST['origin'] != FILENAME_LOGIN) {
$page_error_message = "You are not logged in. You must login to use this page.";
}
}
// redirect back to "origin" page
//$valid_user = $_REQUEST['username'];
$_SESSION['valid_user'] = $_REQUEST['username'];
wrap_session_register("valid_user");
$display_login_form = false;
$page_info_message = "Login Successful!";
// we know we have a valid user, now check if they are entitled to admin privileges
if (is_admin($_REQUEST['username'])) {
wrap_session_register("admin_user");
} elseif ($_SESSION['BUDDY_LIST_EMAILS_SEND']) {
// check if this user has any pending buddies - we only want to do this for non-admins and if buddy lists are switched on
$_SESSION['number_pending_buddies'] = pending_buddies($_REQUEST['username']);
}
// set some session info about their privileges
// can block book?
if (can_block_book($_REQUEST['username'])) {
wrap_session_register("block_book");
}
//booking credits remaining
$_SESSION['booking_credits'] = remaining_booking_credits($_REQUEST['username']);
// Member check
// check if the user is a member or not - but only if they are not an admin as this flag is not used for admins
if (!wrap_session_is_registered("admin_user")) {
$_SESSION['is_member'] = is_member($_REQUEST['username']);
}
//can they view other users bookings?
if (is_admin($_REQUEST['username'])) {
//admins can always see everyone elses bookings
$_SESSION['SHOW_USER_DETAILS'] = true;
} else {
//how about regular users? This will depend on the site wide value set by an admin
$result = wrap_db_query("SELECT function_value FROM " . SETTINGS_TABLE . " WHERE name = 'user_details_viewing' LIMIT 0,1 ;");
$page_title = "User Registration Problem";
$page_error_message = "The passwords you entered do not match. Please try again.";
$_POST['passwd2'] = '';
} elseif (strlen($_POST['passwd']) < 6 || strlen($_POST['passwd']) > 16) {
// check password length
$page_title = "User Registration Problem";
$page_error_message = "Your password must be between 6 and 16 characters. Please try again.";
}
if ($page_error_message == '') {
// attempt to register if no error message
$reg_result = register($_POST['username'], $_POST['passwd'], $_POST['firstname'], $_POST['lastname'], $_POST['groups'], $_POST['email']);
if ($reg_result) {
// register session variable
//$valid_user = $_POST['username'];
$_SESSION['valid_user'] = $_POST['username'];
wrap_session_register("valid_user", "valid_user");
$page_title = "Registration Successful!";
} else {
// register problem: username taken, database error
$page_title = "User Registration Problem";
$page_error_message = $reg_result;
}
}
}
// end of $_POST['register'] != ""
$page_title = "Booking Calendar - User Registration";
$page_title_bar = "User Registration:";
include_once "header.php";
if ($reg_result) {
// Registration Successful! Provide link to display wants page.
echo "Your registration was successful!.<br /><br />";
