function replace_permission_tags() { global $config; require_once $config['basepath'] . '/include/login.inc.php'; $login = new login(); // Check for tags: Admin, Agent, canEditForms, canViewLogs, editpages, havevtours $login_status = $login->verify_priv('Agent'); if ($login_status !== true) { // Use pregreplace to removed {check_agent} tags and content between them $this->page = preg_replace('/{check_agent}(.*?){\\/check_agent}/is', '', $this->page); $this->page = str_replace('{!check_agent}', '', $this->page); $this->page = str_replace('{/!check_agent}', '', $this->page); } else { // Use strreplace to remove {check_agent} tags and leave the content. $this->page = preg_replace('/{!check_agent}(.*?){\\/!check_agent}/is', '', $this->page); $this->page = str_replace('{check_agent}', '', $this->page); $this->page = str_replace('{/check_agent}', '', $this->page); } $login_status = $login->verify_priv('Member'); if ($login_status !== true) { // Use pregreplace to removed {check_agent} tags and content between them $this->page = preg_replace('/{check_member}(.*?){\\/check_member}/is', '', $this->page); $this->page = str_replace('{!check_member}', '', $this->page); $this->page = str_replace('{/!check_member}', '', $this->page); $this->page = str_replace('{check_guest}', '', $this->page); $this->page = str_replace('{/check_guest}', '', $this->page); } else { // Use strreplace to remove {check_agent} tags and leave the content. $this->page = preg_replace('/{!check_member}(.*?){\\/!check_member}/is', '', $this->page); $this->page = str_replace('{check_member}', '', $this->page); $this->page = str_replace('{/check_member}', '', $this->page); $this->page = preg_replace('/{check_guest}(.*?){\\/check_guest}/is', '', $this->page); } $login_status = $login->verify_priv('Admin'); if ($login_status !== true) { // Use pregreplace to removed {check_agent} tags and content between them $this->page = preg_replace('/{check_moderate_listings}(.*?){\\/check_moderate_listings}/is', '', $this->page); $this->page = str_replace('{!check_moderate_listings}', '', $this->page); $this->page = str_replace('{/!check_moderate_listings}', '', $this->page); $this->page = str_replace('{!check_admin}', '', $this->page); $this->page = str_replace('{/!check_admin}', '', $this->page); $this->page = preg_replace('/{check_admin}(.*?){\\/check_admin}/is', '', $this->page); } else { if ($config['moderate_listings'] === "1") { $this->page = str_replace('{check_moderate_listings}', '', $this->page); $this->page = str_replace('{/check_moderate_listings}', '', $this->page); $this->page = preg_replace('/{!check_moderate_listings}(.*?){\\/!check_moderate_listings}/is', '', $this->page); } else { $this->page = str_replace('{!check_moderate_listings}', '', $this->page); $this->page = str_replace('{/!check_moderate_listings}', '', $this->page); $this->page = preg_replace('/{check_moderate_listings}(.*?){\\/check_moderate_listings}/is', '', $this->page); } // Use strreplace to remove {check_agent} tags and leave the content. $this->page = str_replace('{check_admin}', '', $this->page); $this->page = str_replace('{/check_admin}', '', $this->page); $this->page = preg_replace('/{!check_admin}(.*?){\\/!check_admin}/is', '', $this->page); } $login_status = $login->verify_priv('edit_site_config'); if ($login_status !== true) { $this->page = preg_replace('/{check_edit_site_config}(.*?){\\/check_edit_site_config}/is', '', $this->page); $this->page = str_replace('{!check_edit_site_config}', '', $this->page); $this->page = str_replace('{/!check_edit_site_config}', '', $this->page); } else { $this->page = str_replace('{check_edit_site_config}', '', $this->page); $this->page = str_replace('{/check_edit_site_config}', '', $this->page); $this->page = preg_replace('/{!check_edit_site_config}(.*?){\\/!check_edit_site_config}/is', '', $this->page); } $login_status = $login->verify_priv('edit_member_template'); if ($login_status !== true) { $this->page = preg_replace('/{check_edit_member_template}(.*?){\\/check_edit_member_template}/is', '', $this->page); $this->page = str_replace('{!check_edit_member_template}', '', $this->page); $this->page = str_replace('{/!check_edit_member_template}', '', $this->page); } else { $this->page = str_replace('{check_edit_member_template}', '', $this->page); $this->page = str_replace('{/check_edit_member_template}', '', $this->page); $this->page = preg_replace('/{!check_edit_member_template}(.*?){\\/!check_edit_member_template}/is', '', $this->page); } $login_status = $login->verify_priv('edit_agent_template'); if ($login_status !== true) { $this->page = preg_replace('/{check_edit_agent_template}(.*?){\\/check_edit_agent_template}/is', '', $this->page); $this->page = str_replace('{!check_edit_agent_template}', '', $this->page); $this->page = str_replace('{/!check_edit_agent_template}', '', $this->page); } else { $this->page = str_replace('{check_edit_agent_template}', '', $this->page); $this->page = str_replace('{/check_edit_agent_template}', '', $this->page); $this->page = preg_replace('/{!check_edit_agent_template}(.*?){\\/!check_edit_agent_template}/is', '', $this->page); } $login_status = $login->verify_priv('edit_listing_template'); if ($login_status !== true) { $this->page = preg_replace('/{check_edit_listing_template}(.*?){\\/check_edit_listing_template}/is', '', $this->page); $this->page = str_replace('{!check_edit_listing_template}', '', $this->page); $this->page = str_replace('{/!check_edit_listing_template}', '', $this->page); } else { $this->page = str_replace('{check_edit_listing_template}', '', $this->page); $this->page = str_replace('{/check_edit_listing_template}', '', $this->page); $this->page = preg_replace('/{!check_edit_listing_template}(.*?){\\/!check_edit_listing_template}/is', '', $this->page); } $login_status = $login->verify_priv('canViewLogs'); if ($login_status !== true) { // Use pregreplace to removed {check_agent} tags and content between them $this->page = preg_replace('/{check_view_logs}(.*?){\\/check_view_logs}/is', '', $this->page); $this->page = str_replace('{!check_view_logs}', '', $this->page); $this->page = str_replace('{/!check_view_logs}', '', $this->page); } else { $this->page = preg_replace('/{!check_view_logs}(.*?){\\/!check_view_logs}/is', '', $this->page); // Use strreplace to remove {check_agent} tags and leave the content. $this->page = str_replace('{check_view_logs}', '', $this->page); $this->page = str_replace('{/check_view_logs}', '', $this->page); } $login_status = $login->verify_priv('editpages'); if ($login_status !== true) { // Use pregreplace to removed {check_agent} tags and content between them $this->page = preg_replace('/{check_edit_pages}(.*?){\\/check_edit_pages}/is', '', $this->page); $this->page = str_replace('{!check_edit_pages}', '', $this->page); $this->page = str_replace('{/!check_edit_pages}', '', $this->page); } else { // Use strreplace to remove {check_agent} tags and leave the content. $this->page = str_replace('{check_edit_pages}', '', $this->page); $this->page = str_replace('{/check_edit_pages}', '', $this->page); $this->page = preg_replace('/{!check_edit_pages}(.*?){\\/!check_edit_pages}/is', '', $this->page); } $login_status = $login->verify_priv('edit_all_listings'); if ($login_status !== true) { // Use pregreplace to removed {check_agent} tags and content between them $this->page = preg_replace('/{check_edit_all_listings}(.*?){\\/check_edit_all_listings}/is', '', $this->page); $this->page = str_replace('{!check_edit_all_listings}', '', $this->page); $this->page = str_replace('{/!check_edit_all_listings}', '', $this->page); } else { // Use strreplace to remove {check_agent} tags and leave the content. $this->page = str_replace('{check_edit_all_listings}', '', $this->page); $this->page = str_replace('{/check_edit_all_listings}', '', $this->page); $this->page = preg_replace('/{!check_edit_all_listings}(.*?){\\/!check_edit_all_listings}/is', '', $this->page); } $login_status = $login->verify_priv('edit_all_users'); if ($login_status !== true) { // Use pregreplace to removed {check_agent} tags and content between them $this->page = preg_replace('/{check_edit_all_users}(.*?){\\/check_edit_all_users}/is', '', $this->page); $this->page = str_replace('{!check_edit_all_users}', '', $this->page); $this->page = str_replace('{/!check_edit_all_users}', '', $this->page); } else { // Use strreplace to remove {check_agent} tags and leave the content. $this->page = str_replace('{check_edit_all_users}', '', $this->page); $this->page = str_replace('{/check_edit_all_users}', '', $this->page); $this->page = preg_replace('/{!check_edit_all_users}(.*?){\\/!check_edit_all_users}/is', '', $this->page); } $login_status = $login->verify_priv('edit_property_classes'); if ($login_status !== true) { // Use pregreplace to removed {check_agent} tags and content between them $this->page = preg_replace('/{check_edit_listing_classes}(.*?){\\/check_edit_listing_classes}/is', '', $this->page); $this->page = str_replace('{!check_edit_listing_classes}', '', $this->page); $this->page = str_replace('{/!check_edit_listing_classes}', '', $this->page); } else { // Use strreplace to remove {check_agent} tags and leave the content. $this->page = str_replace('{check_edit_listing_classes}', '', $this->page); $this->page = str_replace('{/check_edit_listing_classes}', '', $this->page); $this->page = preg_replace('/{!check_edit_listing_classes}(.*?){\\/!check_edit_listing_classes}/is', '', $this->page); } $login_status = $login->verify_priv('havevtours'); if ($login_status !== true) { // Use pregreplace to removed {check_agent} tags and content between them $this->page = preg_replace('/{check_have_vtours}(.*?){\\/check_have_vtours}/is', '', $this->page); $this->page = str_replace('{!check_have_vtours}', '', $this->page); $this->page = str_replace('{/!check_have_vtours}', '', $this->page); } else { // Use strreplace to remove {check_agent} tags and leave the content. $this->page = preg_replace('/{!check_have_vtours}(.*?){\\/!check_have_vtours}/is', '', $this->page); $this->page = str_replace('{check_have_vtours}', '', $this->page); $this->page = str_replace('{/check_have_vtours}', '', $this->page); } $login_status = $login->verify_priv('havefiles'); if ($login_status !== true) { // Use pregreplace to removed {check_agent} tags and content between them $this->page = preg_replace('/{check_have_files}(.*?){\\/check_have_files}/is', '', $this->page); $this->page = str_replace('{!check_have_files}', '', $this->page); $this->page = str_replace('{/!check_have_files}', '', $this->page); } else { // Use strreplace to remove {check_agent} tags and leave the content. $this->page = preg_replace('/{!check_have_files}(.*?){\\/!check_have_files}/is', '', $this->page); $this->page = str_replace('{check_have_files}', '', $this->page); $this->page = str_replace('{/check_have_files}', '', $this->page); } if (isset($_GET['printer_friendly']) && $_GET['printer_friendly'] == 'yes') { $this->page = preg_replace('/{hide_printer_friendly}(.*?){\\/hide_printer_friendly}/is', '', $this->page); $this->page = str_replace('{show_printer_friendly}', '', $this->page); $this->page = str_replace('{/show_printer_friendly}', '', $this->page); } else { $this->page = preg_replace('/{show_printer_friendly}(.*?){\\/show_printer_friendly}/is', '', $this->page); $this->page = str_replace('{hide_printer_friendly}', '', $this->page); $this->page = str_replace('{/hide_printer_friendly}', '', $this->page); } $login_status = $login->verify_priv('can_manage_addons'); if ($login_status !== true) { // Use pregreplace to removed {check_agent} tags and content between them $this->page = preg_replace('/{check_addon_manager}(.*?){\\/check_addon_manager}/is', '', $this->page); $this->page = str_replace('{!check_addon_manager}', '', $this->page); $this->page = str_replace('{/!check_addon_manager}', '', $this->page); } else { // Use strreplace to remove {check_agent} tags and leave the content. $this->page = preg_replace('/{!check_addon_manager}(.*?){\\/!check_addon_manager}/is', '', $this->page); $this->page = str_replace('{check_addon_manager}', '', $this->page); $this->page = str_replace('{/check_addon_manager}', '', $this->page); } //can_access_blog_manager $login_status = $login->verify_priv('can_access_blog_manager'); if ($login_status !== true) { // Use pregreplace to removed {check_agent} tags and content between them $this->page = preg_replace('/{check_access_blog_manager}(.*?){\\/check_access_blog_manager}/is', '', $this->page); $this->page = str_replace('{!check_access_blog_manager}', '', $this->page); $this->page = str_replace('{/!check_access_blog_manager}', '', $this->page); } else { // Use strreplace to remove {check_agent} tags and leave the content. $this->page = preg_replace('/{!check_access_blog_manager}(.*?){\\/!check_access_blog_manager}/is', '', $this->page); $this->page = str_replace('{check_access_blog_manager}', '', $this->page); $this->page = str_replace('{/check_access_blog_manager}', '', $this->page); } }
function loginCheck($priv_level_needed, $internal = false) { global $conn, $config, $lang; // Load misc Class $display = ''; $checked = login::check_login(); if (!$checked and !isset($_POST['user_name'])) { if ($internal !== true) { return login::display_login($priv_level_needed); } else { return false; } } elseif (isset($_POST['user_name'])) { if (!$_POST['user_name'] || !$_POST['user_pass']) { if ($internal !== true) { $display .= $lang['required_field_not_filled']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } /* Spruce up username, check length */ $_POST['user_name'] = trim($_POST['user_name']); if (strlen($_POST['user_name']) > 30) { if ($internal !== true) { $display .= $lang['username_excessive_length']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } /* Checks that username is in database and password is correct */ $md5pass = md5($_POST['user_pass']); $result = login::confirm_user($_POST['user_name'], $md5pass); /* Check error codes */ if ($result == 1) { if ($internal !== true) { $display .= $lang['nonexistent_username']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } else { if ($result == 2) { if ($internal !== true) { $display .= $lang['incorrect_password']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } else { if ($result == 3) { if ($internal !== true) { $display .= $lang['inactive_user']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } } } } if (isset($_POST['user_name']) || $checked) { /* Username and password correct, register session variables */ if (isset($_POST['user_name'])) { $_POST['user_name'] = stripslashes($_POST['user_name']); $_SESSION['username'] = $_POST['user_name']; $_SESSION['userpassword'] = $md5pass; } require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); $username = $misc->make_db_safe($_SESSION['username']); $sql = 'SELECT * FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_user_name= ' . $username; $recordSet = $conn->Execute($sql); $_SESSION['userID'] = $recordSet->fields['userdb_id']; $_SESSION['admin_privs'] = $recordSet->fields['userdb_is_admin']; $_SESSION['active'] = $recordSet->fields['userdb_active']; $_SESSION['isAgent'] = $recordSet->fields['userdb_is_agent']; $_SESSION['featureListings'] = $recordSet->fields['userdb_can_feature_listings']; $_SESSION['viewLogs'] = $recordSet->fields['userdb_can_view_logs']; $_SESSION['moderator'] = $recordSet->fields['userdb_can_moderate']; $_SESSION['editpages'] = $recordSet->fields['userdb_can_edit_pages']; $_SESSION['havevtours'] = $recordSet->fields['userdb_can_have_vtours']; $_SESSION['havefiles'] = $recordSet->fields['userdb_can_have_files']; $_SESSION['is_member'] = 'yes'; // Removed in 2.1 // $_SESSION['editForms'] = $recordSet->fields['userdb_can_edit_forms']; // New Permissions with OR 2.1 $_SESSION['edit_site_config'] = $recordSet->fields['userdb_can_edit_site_config']; $_SESSION['edit_member_template'] = $recordSet->fields['userdb_can_edit_member_template']; $_SESSION['edit_agent_template'] = $recordSet->fields['userdb_can_edit_agent_template']; $_SESSION['edit_listing_template'] = $recordSet->fields['userdb_can_edit_listing_template']; $_SESSION['export_listings'] = $recordSet->fields['userdb_can_export_listings']; $_SESSION['edit_all_listings'] = $recordSet->fields['userdb_can_edit_all_listings']; $_SESSION['edit_all_users'] = $recordSet->fields['userdb_can_edit_all_users']; $_SESSION['edit_property_classes'] = $recordSet->fields['userdb_can_edit_property_classes']; $_SESSION['edit_expiration'] = $recordSet->fields['userdb_can_edit_expiration']; $_SESSION['blog_user_type'] = $recordSet->fields['userdb_blog_user_type']; $_SESSION['can_manage_addons'] = $recordSet->fields['userdb_can_manage_addons']; /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his md5 encrypted password. We set them both to * expire in 100 days. Now, next time he comes to our site, we will * log him in automatically. */ if (isset($_POST['remember'])) { setcookie('cookname', $_SESSION['username'], time() + 60 * 60 * 24 * 100, '/'); setcookie('cookpass', $_SESSION['userpassword'], time() + 60 * 60 * 24 * 100, '/'); } if (!login::verify_priv($priv_level_needed)) { if ($internal !== true) { $display .= $lang['access_denied']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } else { return true; } } }