function main()
{
hidden('gp_page', 'x_emailblast');
hidden('gp_table', CleanGet('gp_table', '', false));
hidden('gp_posted', 1);
$table = CleanGet('gp_table', '', false);
if ($table == '') {
ErrorAdd('Incorrect call to x_emailblast, no table parameter.' . 'This is a programming error, please contact your ' . 'technical support department');
return;
}
// Get an object for the page we need. Then
// pull the list of skeys in the current search
// and pull the rows.
//
$obj = DispatchObject($table);
$a_skeys = ContextGet("tables_" . $obj->table_id . "_skeys", array());
$l_skeys = implode(',', $a_skeys);
// get this little detail taken care of
//
$this->PageSubtitle = 'Email blast to ' . $obj->table['description'];
// Get the list of columns of interest, and pull them
// and slot them by skey, so the list of skeys can be
// used to order them
//
$lDisplayColumns = $obj->table['projections']['email'];
$aDisplayColumns = explode(',', $lDisplayColumns);
$EmailColumn = $obj->table['projections']['emailaddr'];
$sql = 'SELECT skey,' . $EmailColumn . ',' . $lDisplayColumns . ' FROM ' . $table . ' WHERE skey IN (' . $l_skeys . ')';
$DBRes = SQL($sql);
$rows = array();
while ($row = SQL_FETCH_Array($DBRes)) {
$rows[$row['skey']] = $row;
}
$okToSend = false;
if (CleanGet('gp_posted', '', false) == 1) {
if (CleanGet('txt_subject', '', false) == '') {
ErrorAdd('Please fill in a subject first');
}
if (trim(CleanGet('txt_email', '', false)) == '') {
ErrorAdd('Please fill in an email body');
}
if (!Errors()) {
$okToSend = true;
}
}
// Now that we have the results, decide whether we
// are sending out the email or
if ($okToSend) {
$this->EmailBlast($rows, $a_skeys, $EmailColumn, $aDisplayColumns);
} else {
$this->EmailHTML($rows, $a_skeys, $aDisplayColumns);
}
}
function main()
{
# KFD 2/17/09. If installed with Debian package, will
# have username and password of "start".
# Must force a new id now.
#
if (SessionGet('UID') == 'start') {
if (gp('user_id') != '') {
if (gp('user_id') == '') {
ErrorAdd("User Id may not be empty");
}
if (substr(gp('user_id'), 0, 5) == 'andro') {
ErrorAdd("User Id may not begin with 'andro'");
}
if (gp('password1') != gp('password2')) {
ErrorAdd("Passwords do not match");
}
if (strlen(trim(gp('password1'))) == 0) {
ErrorAdd("Password may not be empty");
}
if (!Errors()) {
$row = array('user_id' => gp('user_id'), 'member_password' => gp('password1'));
SQLX_Insert('usersroot', $row);
if (!Errors()) {
scDBConn_Pop();
SessionSet('UID', gp('user_id'));
SessionSet('PWD', gp('password1'));
scDBConn_Push();
SQL("DELETE FROM USERSROOT WHERE user_id='start'");
# Get rid of the form that replaces login
$file = fsDirTop() . 'application/x_login_form.inc.html';
$fileto = $file . '.done';
@rename($file, $fileto);
?>
<h1>New Root User Created</h1>
<p>Your new user is created.</p>
<p><a href="index.php?st2logout=1">
Return to Login Page</a></p>
<?php
return;
}
}
}
?>
<h1>New Install - Must Create User</h1>
<p>You are logged into your Node Manager with the default
username of "start" and password "start". We have to change
this right now so nobody can get into your new system.
</p>
<p>Please provide a new ROOT (superuser) user id and password
below. Andromeda will create the new user, log you in as
that user, and remove the "start" user.
</p>
<table>
<tr><td align="left">User Name
<td><input name = 'user_id' /> (may not begin with 'andro')
<tr><td align="left">Password
<td><input type="password" name = 'password1'/>
<tr><td align="left">Password (verify)
<td><input type="password" name = 'password2'/>
</table>
<input type="submit" value="Create User Now" />
<?php
return;
}
/* FUTURE X6 VERSION OF NODE MANAGER
?>
<h1>Node Manager Upgrade Required</h1>
<p>The new version of the Node Manager uses the "x6"
interface to provide a richer experience. Please click
the link below to upgrade your Node Manager. Once the
upgrade is complete, log out and back in.
</p>
<p><a href="javascript:Popup('index.php?gp_page=a_builder&gp_out=none&x2=1&txt_application=andro','Build')"
>Upgrade Node Manager Now</a>.</p>
<p><a href="?st2logout=1">Logout After Upgrade</a>.</p>
<?php
return;
*/
# <------- EARLY RETURN.
# KFD 1/10/08, The old x_welcome screen is not used anymore,
# we have the new 'cpanel' now in x6.
# ===============================================================
?>
<h1>Welcome to the Andromeda Node Manager</h1>
<?php
// Work out if there is a new release available
//
$apps = svnVersions();
$andro = a($apps, 'andro', array('svn_url' => ''));
if (trim($andro['svn_url']) == '') {
$htmlVersions = '';
} else {
$htmlVersions = @file_get_contents($andro['svn_url']);
}
$matches = array();
preg_match_all('/<li><a href=.*\\>(.*)<\\/a><\\/li>/', $htmlVersions, $matches);
$versions = ArraySafe($matches, 1, array());
if (count($versions) > 0) {
$latest = array_pop($versions);
$latest = str_replace('/', '', $latest);
// Get current latest
$current = $andro['local'];
if ($latest > $current) {
?>
<br/>
<div style="border: 5px solid gray; color: blue
font-weight: bolder; margin: 8px; padding: 0 8px 8px 8px">
<h2>New Version of Andromeda Available</h2>
<p>Version <?php
echo $latest;
?>
is available. <a href="?gp_page=a_pullsvn"
>Click Here </a> to go to the Pull Code From Subversion.
</div>
<?php
}
}
$dirs = SQL_AllRows("select * from webpaths where webpath='DEFAULT'");
?>
<div style="font-size: 120%; line-height: 120%; padding: 10px">
<h2>For First Time Users</h2>
This program is the Andromeda <b>Node Manager</b>. You use this
program to build your applications.
<br/>
<br/>
Our main documentation is <a target="_blank" href=
"http://www.andromeda-project.org/">here</a>.
<br/>
<br/>
If you want to start programming a new application right away,
<a target="_blank" href=
"http://www.andromeda-project.org/creatinganapplication.html"
>The instructions are here</a>, or you can just
<a href="?gp_page=applications&gp_mode=ins">define a new application here.</a>
<br/>
<br/>
After you defined an application, click on the "build this application"
link to create all of the directories and the empty database.</p>
<br/>
<br/>
<h2>Your Application Program Files</h2>
After building the application skeleton you can start working on the
database specification. If your application code is "test", then put
the database specification into the file
<br/>
<br/>
<b><?php
echo $dirs[0]['dir_pub'];
?>
/test/application/test.dd.yaml</b>
<br/>
<br/>
All Andromeda applications start with
a database specification. These specifications are
more powerful than anything else out there,
and you will want learn the Andromeda's
<a target="_blank" href=
"http://www.andromeda-project.org/databaseprogramming.html"
>Database Programming</a> language.
<br/>
<br/>
Once you are ready to try some custom pages, you are ready to look
at <a target="_blank" href=
"http://www.andromeda-project.org/webprogramming.html"
>Web Programming</a>.
</div>
<?php
}
function ServerDel()
{
$file = gp('gpfile');
$parms = "?gp_uid=" . SessionGet('remoteUID') . "&gp_pwd=" . SessionGet('remotePWD') . "&gp_page=a_codexfer" . "&gp_app=" . trim($this->row['application']) . "&gp_action=servdel" . "&gpfile=" . urlencode($file);
$url = $this->node['node_url'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://{$url}/andro/{$parms}");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, 0);
$retval = curl_exec($ch);
curl_close($ch);
if ($retval != 1) {
ErrorAdd($retval);
} else {
$d1 = AppDir($this->row['application']) . '/ref/';
unlink($d1 . $file);
}
}
/**
* Placeholder error function since our current error system
* may not deal with processing errors that well.
*
* @param string $message The error message
* @access private
*/
function errorAdd($message)
{
ErrorAdd($message);
}
function Login_Process()
{
$arg2 = $this->directlogin == true ? 'direct' : '';
// only process if user hit "post"
if (gp('gp_posted', '', false) == '') {
return;
}
vgfSet('LoginAttemptOK', false);
// Error title
vgfSet('ERROR_TITLE', '*');
// If the user supplied a loginUID, this is a post and we
// must process the request.
$ale = vgaGet('login_errors', array());
$app = $GLOBALS['AG']['application'];
$em000 = isset($ale['000']) ? $ale['000'] : "That username/password combination did not work. Please try again.";
$em001 = isset($ale['001']) ? $ale['001'] : "That username/password combination did not work. Please try again.";
$em002 = isset($ale['002']) ? $ale['002'] : "That username/password combination did not work. Please try again.";
$em099 = isset($ale['099']) ? $ale['099'] : "That username/password combination did not work. Please try again.";
$terror = "";
$uid = gp('loginUID');
$uid = MakeUserID($uid);
//$uid = str_replace('@','_',$uid);
//$uid = str_replace('.','_',$uid);
$pwd = gp("loginPWD", "", false);
// First check, never allow the database server's superuser
// account
//
if ($uid == "postgres") {
ErrorAdd($em000);
if (vgfGet('loglogins', false)) {
sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt as postgres");
fwLogEntry('1011', 'Attempt login as postgres', '', $arg2);
}
return;
}
$app = $GLOBALS['AG']['application'];
if (substr($uid, 0, strlen($app)) == $app) {
ErrorAdd($em001);
if (vgfGet('loglogins', false)) {
sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt as group role");
fwLogEntry('1012', 'Attempt login as group role', $uid, $arg2);
}
return;
}
// Begin with a connection attempt.
// on fail, otherwise continue
$tcs = @SQL_CONN($uid, $pwd);
if ($tcs === false) {
ErrorAdd($em099);
if (vgfGet('loglogins', false)) {
sysLog(LOG_NOTICE, "Andromeda:{$app}:Bad login attempt server rejected");
fwLogEntry('1013', 'Server rejected username/password', $uid, $arg2);
}
return;
} else {
SQL_CONNCLOSE($tcs);
}
// The rest of this routine uses an admin connection. If we
// have an error, we must close the connection before returning!
// ...yes, yes, that's bad form, all complaints to /dev/null
//
if (vgfGet('loglogins', false)) {
fwLogEntry('1010', 'Login OK', $uid, $arg2);
}
scDBConn_Push();
// See if they are a root user. If not, do they have an
// active account?
$root = false;
$admin = false;
$group_id_eff = '';
$results = SQL("\n Select oid\n FROM pg_roles \n WHERE rolname = CAST('{$uid}' as name)\n AND rolsuper= true");
$cr = SQL_NUMROWS($results);
if ($cr != 0) {
$root = true;
} else {
$results = SQL("Select * from users WHERE LOWER(user_id)='{$uid}'" . "AND (user_disabled<>'Y' or user_disabled IS NULL)");
$cr = SQL_NUMROWS($results);
if ($cr == 0) {
scDBConn_Pop();
ErrorAdd($em002);
sysLog(LOG_WARNING, "Andromeda:{$app}:Bad login attempt code 002");
return;
} else {
$userinfo = SQL_Fetch_Array($results);
$group_id_eff = $userinfo['group_id_eff'];
SessionSet('user_name', $userinfo['user_name']);
}
}
// Flag if the user is an administrator
if ($root == true) {
$admin = true;
} else {
$results = SQL("select count(*) as admin from usersxgroups " . "where user_id='{$uid}' and group_id ='{$app}" . "_admin'");
$row = SQL_FETCH_ARRAY($results);
$admin = intval($row["admin"]) > 0 ? true : false;
}
// Get the users' groups
$groups = "";
if ($root) {
$results = SQL("\n select group_id \n from zdd.groups \n where COALESCE(grouplist,'')=''");
} else {
$results = SQL("select group_id from usersxgroups WHERE LOWER(user_id)='{$uid}'");
}
while ($row = SQL_FETCH_ARRAY($results)) {
$agroups[] = "'" . trim($row['group_id']) . "'";
#$groups.=ListDelim($groups)."'".trim($row["group_id"])."'";
}
$groups = array();
if (!empty($agroups)) {
$groups = implode(",", $agroups);
}
//scDBConn_Pop();
// We have a successful login. If somebody else was already
// logged in, we need to wipe out that person's session. But
// don't do this if there was an anonymous login.
if (LoggedIn()) {
$uid_previous = SessionGet('UID');
if ($uid != $uid_previous) {
//Session_Destroy();
SessionReset();
//Index_Hidden_Session_Start(false);
}
}
// We know who they are and that they can connect,
// see if there is any app-specific confirmation required
//
if (function_exists('app_login_process')) {
//echo "Calling the process now";
if (!app_login_process($uid, $pwd, $admin, $groups)) {
return;
}
}
// Protect the session from hijacking, generate a new ID
Session_regenerate_id();
// We now have a successful connection, set some
// flags and lets go
//
vgfSet('LoginAttemptOK', true);
SessionSet("UID", $uid);
SessionSet("PWD", $pwd);
SessionSet("ADMIN", $admin);
SessionSet("ROOT", $root);
SessionSet("GROUP_ID_EFF", $group_id_eff);
SessionSet("groups", $groups);
if (gp('gpz_page') == '') {
# KFD 9/12/08, extra command to not change page
if (gp('st2keep') != 1) {
gpSet('gp_page', '');
}
}
$GLOBALS['session_st'] = 'N';
// for "N"ormal
// -------------------------------------------------------------------
// We are about to make the menu. Before doing so, see if there
// are any variables set for the menu layout. Set defaults and then
// load from database.
//
$this->pmenu = array('MENU_TYPE' => vgaGet('MENU_TYPE', 'div'), 'MENU_CLASS_MODL' => vgaGet('MENU_CLASS_MODL', 'modulename'), 'MENU_CLASS_ITEM' => vgaGet('MENU_CLASS_ITEM', 'menuentry'), 'MENU_TICK' => vgaGET('MENU_TICK', ' - '));
//$sql = "SELECT * from variables WHERE variable like 'MENU%'";
//$dbres = SQL($sql);
//while ($row = SQL_FETCH_ARRAY($dbres)) {
// $this->pmenu[trim($row['variable'])]=trim($row['variable_value']);
//}
// -------------------------------------------------------------------
// KFD 10/28/06, Modified to examine "nomenu" instead of permsel
// pulls all tables user has nomenu='N'. The basic idea is
// to remove from $AGMENU the stuff they don't see
//
// GET AGMENU
$AGMENU = array();
// avoid compiler warning, populated next line
include "ddmodules.php";
// Pull distinct modules person has any menu options in.
$sq = "SELECT DISTINCT module\n FROM zdd.perm_tabs \n WHERE nomenu='N'\n AND group_id iN ({$groups})";
$modules = SQL_AllRows($sq, 'module');
$AGkeys = array_keys($AGMENU);
foreach ($AGkeys as $AGkey) {
if (!isset($modules[$AGkey])) {
unset($AGMENU[$AGkey]);
}
}
// Now recurse the remaining modules and do the same trick
// for each one, removing the tables that don't exist
foreach ($AGMENU as $module => $moduleinfo) {
$sq = "SELECT DISTINCT table_id\n FROM zdd.perm_tabs \n WHERE nomenu='N'\n AND module = '{$module}'\n AND group_id iN ({$groups})";
$tables = SQL_AllRows($sq, 'table_id');
$tkeys = array_keys($moduleinfo['items']);
foreach ($tkeys as $tkey) {
if (!isset($tables[$tkey])) {
unset($AGMENU[$module]['items'][$tkey]);
}
}
}
// KFD 12/18/06. Put all table permissions into session
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND nomenu='N'", 'table_id');
SessionSet('TABLEPERMSMENU', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permsel='Y'", 'table_id');
SessionSet('TABLEPERMSSEL', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permins='Y'", 'table_id');
SessionSet('TABLEPERMSINS', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permupd='Y'", 'table_id');
SessionSet('TABLEPERMSUPD', array_keys($table_perms));
$table_perms = SQL_AllRows("Select distinct table_id FROM zdd.perm_tabs\n WHERE group_id IN ({$groups})\n AND permdel='Y'", 'table_id');
SessionSet('TABLEPERMSDEL', array_keys($table_perms));
//echo "<div style='background-color:white'>";
//echo "$uid $groups $group_id_eff";
//hprint_r(SessionGet('TABLEPERMSMENU'));
//hprint_r(SessionGet('TABLEPERMSSEL'));
//echo "</div>";
// KFD 7/9/07, we always use joomla templates now, don't need
// options to turn them off
//if(defined('_ANDROMEDA_JOOMLA')) {
// In a hybrid situation, put the menu into the session
SessionSet('AGMENU', $AGMENU);
//}
$HTML_Menu = "";
$WML_Menu = "";
/*
foreach ($AGMENU as $key=>$module) {
//if($key=="datadict") continue;
//if($key=="sysref") continue;
$HTML_Module="";
$WML_Module="";
foreach($module["items"] as $itemname=>$item) {
if (!isset($item["mode"])) { $item["mode"]="normal"; }
switch ($item["mode"]) {
case "normal":
$ins=false;
$extra=array();
if($item['menu_parms']<>'') {
$aextras=explode('&',$item['menu_parms']);
foreach($aextras as $aextra) {
list($var,$value)=explode("=",$aextra);
$extra[$var]=$value;
}
}
$HTML_Module.=$this->_MenuItem(
$item['description'],$itemname,$ins,$extra
);
$WML_Module.="<div>";
$WML_Module.=hLink(
'',$item['description'],'?gp_page='.$itemname
);
$WML_Module.="</div>";
break;
case "ins":
//if ($admin || isset($tables_ins[$item["name"]])) {
$HTML_Module.=$this->_MenuItem(
$item['description'],$itemname,true
);
//}
break;
#$HTML_Module.=
# "\n<font class=\"tablename\">- <a href=\"index.php?gp_page=".$itemname."\">".
# $item["description"]."</a></font><br />";
}
}
// the module is defined AFTER its contents so it can be
// left off if it has no entries
if ($HTML_Module!="") {
$HTML_Menu.=$this->_MenuModule($module['description']);
$HTML_Menu.=$HTML_Module;
}
if ($WML_Module!="") {
$WML_Menu.="<div><b>".$module['description']."</b></div>";
$WML_Menu.=$WML_Module;
}
}
*/
DynamicSave("menu_" . $uid . ".php", $HTML_Menu);
DynamicSave("menu_wml_" . $uid . ".php", $WML_Menu);
// -------------------------------------------------------------------
// Fetch and cache user preferences
if (vgaGet('member_profiles')) {
cacheMember_Profiles();
}
// -------------------------------------------------------------------
// Now find the user's table permissions more precisely table by table
$sql = "select p.table_id,\n\t\t\t\tmax(case when p.permins='Y' then 1 else 0 end) as permins,\n\t\t\t\tmax(case when p.permupd='Y' then 1 else 0 end) as permupd,\n\t\t\t\tmax(case when p.permdel='Y' then 1 else 0 end) as permdel,\n\t\t\t\tmax(case when p.permsel='Y' then 1 else 0 end) as permsel\n\t\t\t\tfrom zdd.perm_tabs P\n\t\t\t\tWHERE group_id in ({$groups})\n\t\t\t\tGROUP BY p.table_id";
//echo $sql;
$results = SQL($sql);
$HTML_Perms = "<?php\n\$table_perms = array();\n";
while ($row = SQL_FETCH_ARRAY($results)) {
$tn = $row["table_id"];
$ti = $row["permins"];
$tu = $row["permupd"];
$td = $row["permdel"];
$ts = $row["permsel"];
$HTML_Perms .= "\$table_perms[\"{$tn}\"]=array(\"ins\"=>{$ti},\"upd\"=>{$tu},\"del\"=>{$td},\"sel\"=>{$ts});\n";
}
$HTML_Perms .= "?>\n";
DynamicSave("perms_" . $uid . ".php", $HTML_Perms);
/* October 28, 2006, KFD. Rem'd this all out, column and row security
made this irrelevant
// -------------------------------------------------------------------
// Find out if this user has any UID Columns, columns that create
// filters on the user's UID
$sql = "Select column_id FROM groupuids WHERE group_id IN ($groups)";
//echo $sql;
$results = SQL($sql);
$groupuids = array();
while ($row = SQL_FETCH_ARRAY($results)) {
//echo "Found this one".$row["column_id"];
$groupuids[$row["column_id"]] = $row["column_id"];
}
SessionSet("groupuids",$groupuids);
*/
scDBConn_Pop();
return;
}
$table_cols[$key]["value"] = $resval;
$AG["xmlrpc"]["rets"][] = $resval;
}
}
/* Working code for one value;
// Needs improvement, works only for single values
$AG["xmlrpc"]["rets"] = array();
foreach ($table_cols as $key=>$col) {
if ($col["UPD"] == "N") {
$table_cols[$key]["value"] = $v->scalarval();
$AG["xmlrpc"]["rets"][] = $v->scalarval();
}
}
*/
} else {
ErrorAdd("XML RPC Error call " . $callcode . " Fault Code and reason: " . $response->faultCode() . ", " . $response->faultString());
}
}
// on a silent call, there is nothing more to be done, exit
//
if ($stmode == "silent") {
return;
}
// ==========================================================================
// Now comes HTML
// ==========================================================================
?>
<h1>Interactive Test of XML RPC Call</h1>
<p>Testing call code<b>: <?php
echo $callcode;
function ehTBodyFromRows(&$rows, $columns = array(), $options = array())
{
// For alternating dark/lite
$flag_alt = false;
if (isset($options['alternate'])) {
$flag_alt = true;
}
$cssRow = 'dlite';
// Error check the parameters
if (!is_array($rows)) {
ErrorAdd("ehTBodyFromRows: 1st parm must be array of rows");
}
if (!is_array($columns)) {
ErrorAdd("ehTBodyFromRows: 2nd parm must be array of columns");
}
// Create columns if it was not provided.
if (count($columns) == 0) {
$colspre = array_keys($rows[0]);
foreach ($colspre as $colname) {
if (!is_numeric($colname)) {
if ($colname != 'skey') {
$columns[$colname] = array();
}
}
}
}
// Now flesh out various defaults, set hidden vars
foreach ($columns as $colname => $colopts) {
if (isset($colopts['cpage']) && !isset($colopts['ccol'])) {
$columns[$colname]['ccol'] = 'skey';
}
if (isset($columns[$colname]['ccol'])) {
hidden('gp_' . $columns[$colname]['ccol'], '');
}
}
// Run through the rows and output them
$makehidden = '';
foreach ($rows as $row) {
echo "<tr>";
foreach ($columns as $colname => $colopts) {
$value = $row[$colname];
if (isset($colopts['cpage'])) {
$pg = $colopts['cpage'];
$ccol = $colopts['ccol'];
$cval = $row[$ccol];
$js = "SetAction('gp_page','{$pg}','gp_{$ccol}','{$cval}')";
$value = '<a href="javascript:' . $js . '">' . $value . '</a>';
}
echo hTD($cssRow, $value);
if ($flag_alt) {
$cssRow = $cssRow == 'dlite' ? 'ddark' : 'dlite';
}
}
echo "</tr>";
}
}
function ErrorComprehensive($onerr)
{
// POSTGRES hardcode, this is what they put in the beginning of a
// string of errors.
$onerr = str_replace('ERROR:', '', $onerr);
$onerr = str_replace("\t", '', $onerr);
// Save the raw error if a programmer wants to do something with it
$errsraw = vgfGet('errorsRAW', array());
$errsraw[] = $onerr;
vgfSet('errorsRAW', $errsraw);
// Get previously created list of errors
$colerrs = vgfGet('errorsCOL', array());
// Get the column, error, and text, then see if the
// application has overridden them.
if (!empty($onerr)) {
list($column, $error, $text) = explode(',', $onerr, 3);
$errorStrings = vgfGet('errorStrings', array());
if (isset($errorStrings[$error])) {
$text = $errorStrings[$error];
}
$column = trim($column);
if ($column == '*') {
// A table-level error begins with an asterisk, report this
// as an old-fashioned error that appears at the top of the page
ErrorAdd($text);
} else {
// This is a column level error. It is being stored for
// display later.
$colerrs[$column][] = $text;
// KFD 6/27/07, by putting this here, every error gets reported
// both at its column level and at the top
ErrorAdd($column . ": " . $text);
}
vgfSet('errorsCOL', $colerrs);
}
}
function X_EMAIL_SEND($em)
{
$retval = false;
//scDBConn_Push('admin');
if (SQLX_TrxLevel() > 0) {
ErrorAdd("ERROR: Cannot send an email within a transaction");
} else {
if (configGet('email_fromaddr')) {
$from_addr = configGet('email_fromaddr');
$from_name = configGet('email_fromname');
} else {
$from_addr = trim(OPTION_GET("EMAILFROM_ADDR"));
$from_name = trim(OPTION_GET("EMAILFROM_NAME"));
}
$smtp_server = trim(OPTION_GET('SMTP_SERVER', 'localhost'));
if ($from_addr == "") {
ErrorAdd("The system's return email address, defined in system variable " . "EMAILFROM_ADDR, must be set to a valid email address. " . HTMLE_A_STD("System Variables", "variables", ""));
} else {
if ($from_name != "") {
$from_name = '"' . $from_name . '"';
}
$from = "From: " . $from_name . " <" . $from_addr . ">";
include_once 'Mail.php';
$recipients = $em["email_to"];
$headers['From'] = $from_name . "<" . $from_addr . ">";
$headers['To'] = $em["email_to"];
$headers['Subject'] = $em["email_subject"];
$headers['Date'] = date("D, j M Y H:i:s O", time());
foreach ($em['headers'] as $hname => $hval) {
$headers[$hname] = $hval;
}
$body = $em["email_message"];
$params['sendmail_path'] = '/usr/lib/sendmail';
$params['host'] = $smtp_server;
// Create the mail object using the Mail::factory method
$mail_object = Mail::factory('smtp', $params);
$mail_object->send($recipients, $headers, $body);
if (!$mail_object) {
ErrorAdd("Email was not accepted by server");
} else {
$table_ref = DD_TableRef('adm_emails');
SQLX_Insert($table_ref, $em, false);
$retval = false;
}
}
}
//scDBConn_Pop();
return $retval;
}
function DoTests(&$steps)
{
$this->error = '';
// If they manually forced a rollback to an earlier step,
// we will catch it below
$rb = gp('stepreset', '-1');
// look for flags that indicate manual approval of steps
if (gp('pgconfig') == 1) {
sessionSet('pgconfig', true);
}
if (gp('pgsuper') == 1) {
sessionSet('pgsuper', true);
}
// If they provided credentials, try to post them
if (gpExists('loginUID')) {
if (substr(strtolower(gp('loginUID')), 0, 5) == 'andro') {
ErrorAdd("Superuser account may not begin with 'andro'");
} else {
SessionSet('xUID', gp('loginUID'));
SessionSet('xPWD', gp('loginPWD'));
}
}
$finished = false;
foreach ($steps as $current_step => $step) {
switch ($current_step) {
case 0:
if (!function_exists('pg_connect')) {
$finished = true;
}
break;
case 1:
// If forcing rollback to here, clear user credentials
if ($rb == 1) {
SessionUnset('xUID');
SessionUnSet('xPWD');
}
// Test if they gave us uid/pwd and if it works
if (SessionGet('xUID') == '') {
$finished = true;
} else {
$cs = SQL_ConnString(SessionGet('xUID'), SessionGet('xPWD'), 'postgres');
$this->dbx = @pg_connect($cs);
if (!$this->dbx) {
$this->error = "Could Not Connect with that Username/Password";
$finished = true;
}
}
break;
case 2:
// Since we got a connection, try to get versions
$res = SQL2("Select version()", $this->dbx);
$row = SQL_Fetch_Array($res);
$x = explode(' ', $row['version']);
$this->pgversion = $x[0] . ' ' . $x[1];
$vers = explode('.', $x[1]);
$vers = $vers[0] . '.' . $vers[1];
if ($vers < 8.1) {
$finished = true;
}
break;
case 3:
if ($rb == 3) {
$this->andro = 1;
$finished = true;
break;
}
$cs = SQL_ConnString(SessionGet('xUID'), SessionGet('xPWD'), 'andro');
$this->dba = @pg_connect($cs);
if (!$this->dba) {
$finished = true;
$this->andro = 0;
} else {
pg_close($this->dba);
$file = $GLOBALS['AG']['dirs']['generated'] . 'ddmodules.php';
if (!file_exists($file)) {
$finished = true;
$this->andro = 1;
}
}
break;
case 4:
// Initialize the node manager
SessionSet('UID', SessionGet('xUID'));
SessionSet('PWD', SessionGet('xPWD'));
scDBConn_Push();
$dir_pub = realpath(dirname(__FILE__) . '/../..');
if (strpos(ArraySafe($_ENV, 'OS', ''), 'indows') !== false) {
$dir_pub = str_replace("\\", "\\\\", $dir_pub);
}
$row = array('webpath' => 'DEFAULT', 'dir_pub' => $dir_pub, 'description' => 'Default Web Path');
$table_dd = dd_TableRef('webpaths');
SQLX_UpdateorInsert($table_dd, $row);
/*
$table_dd=dd_TableRef('nodes');
$row=array(
'node'=>'DHOST2'
,'description'=>"Andromeda Master Node"
,'node_url'=>'dhost2.secdat.com'
);
SQLX_UpdateorInsert($table_dd,$row);
$row=array(
'node'=>'LOCAL'
,'description'=>"Local Node"
,'node_url'=>'localhost'
);
SQLX_UpdateorInsert($table_dd,$row);
*/
$table_dd = dd_TableRef('applications');
$row = array('application' => 'andro', 'description' => "Andromeda Node Manager", 'appspec' => 'andro.dd.yaml', 'node' => 'LOCAL', 'webpath' => 'DEFAULT');
SQLX_UpdateorInsert($table_dd, $row);
scDBConn_Pop();
SessionSet('UID', 'andro');
SessionSet('PWD', 'andro');
break;
case 5:
break;
default:
$finished = true;
}
// if we are clear, stop now
if ($finished) {
break;
}
}
for ($x = 0; $x < $current_step; $x++) {
$steps[$x][0] = true;
}
return $current_step;
}
function MD5_ForgotPage3()
{
$UID = gp('uid');
$md5 = gp('md5');
$pw1 = gp('pw1');
$pw2 = gp('pw2');
fwLogEntry('1025', 'PW Change Attempt', $UID);
if ($pw1 != $pw2) {
ErrorAdd("Password values did not match");
}
if (strlen($pw1) < 6) {
ErrorAdd("Password must be at least 5 characters");
}
if (!preg_match("/[0-9]/", $pw1)) {
ErrorAdd("Password must contain at least one numeric digit");
}
if (!preg_match("/[a-z]/", $pw1)) {
ErrorAdd("Password must contain at least one lower case character");
}
if (!preg_match("/[A-Z]/", $pw1)) {
ErrorAdd("Password must contain at least one upper case character");
}
if (strpos(strtolower($pw1), strtolower($UID)) !== false) {
ErrorAdd("You cannot use your user_id in your password!");
}
if (Errors()) {
echo hErrors();
gpSet('gpp', '2');
ErrorsClear();
return;
}
$row = array('user_id' => $UID, 'md5' => $md5, 'member_password' => $pw1);
SQLX_Insert('users_pwverifies', $row);
if (Errors()) {
echo hErrors();
gpSet('gpp', '2');
ErrorsClear();
return;
} else {
fwLogEntry('1026', 'PW Change Success', $UID);
?>
<p>Your password has been set, you can now
<a href="?gp_page=x_login">Login</a>.
<?php
}
}
