/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin()
{
/* Check if user has been remembered */
if (isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])) {
$_SESSION['username'] = $_COOKIE['cookname'];
$_SESSION['password'] = $_COOKIE['cookpass'];
}
$result = DELPHI_LOGGED_OUT;
// assume not logged in until we find otherwise
/* Username and password have been set */
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
/* Confirm that username and password are valid */
$result = confirmUser($_SESSION['username'], $_SESSION['password']);
if ($result >= DELPHI_LOGGED_IN) {
$_SESSION['login_id'] = $result;
$result = DELPHI_LOGGED_IN;
} elseif ($result != DELPHI_REG_PENDING) {
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['password']);
unset($_SESSION['login_id']);
}
}
return $result;
}
function checkLoggedin()
{
if (isset($_SESSION['gdusername']) and isset($_SESSION['gdpassword'])) {
return true;
} elseif (isset($_COOKIE['gdusername']) && isset($_COOKIE['gdpassword'])) {
if (confirmUser($_COOKIE['gdusername'], $_COOKIE['gdpassword'])) {
createsessions($_COOKIE['gdusername'], $_COOKIE['gdpassword']);
return true;
} else {
clearsessionscookies();
return false;
}
} else {
return false;
}
}
function checkLogin()
{
/* Check if user has been remembered */
if (isset($_COOKIE['c_name']) && isset($_COOKIE['c_pass'])) {
$_SESSION['username'] = $_COOKIE['c_name'];
$_SESSION['password'] = hmac($_SESSION['key'], $_COOKIE['c_pass']);
}
/* Username and password have been set */
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
/* Confirm that username and password are valid */
if (confirmUser($_SESSION['username'], $_SESSION['password']) != 0) {
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['password']);
// reset cookies
if (isset($_COOKIE['c_name'])) {
setcookie("c_name", "", time() - 60 * 60 * 24 * 100, "/");
}
if (isset($_COOKIE['c_pass'])) {
setcookie("c_pass", "", time() - 60 * 60 * 24 * 100, "/");
}
return false;
}
// log user data
if (!isset($_SESSION['logged'])) {
$_SESSION['logged'] = true;
global $conn;
/* Add slashes if necessary (for query) */
$username = $_SESSION['username'];
$ip = $_SERVER['REMOTE_ADDR'];
if (!get_magic_quotes_gpc()) {
$username = addslashes($username);
$ip = addslashes($ip);
}
$q = "UPDATE " . DB_PREFIX . "users SET ip = '{$ip}', lastdate = " . time() . " WHERE username = '******'";
mysql_query($q, $conn);
}
return true;
} else {
return false;
}
}
/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin()
{
/* Check if user has been remembered */
if (isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])) {
$_SESSION['username'] = $_COOKIE['cookname'];
$_SESSION['password'] = $_COOKIE['cookpass'];
}
/* Username and password have been set */
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
/* Confirm that username and password are valid */
if (confirmUser($_SESSION['username'], $_SESSION['password']) != 0) {
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['password']);
return false;
}
return true;
} else {
return false;
}
}
/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin()
{
$sql = "SELECT * FROM settings";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$_SESSION['points_on'] = $row['points_on'];
$_SESSION['system_name'] = $row['system_name'];
/* Username and password have been set */
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
/* Confirm that username and password are valid */
if (confirmUser($_SESSION['username'], $_SESSION['password']) != 0) {
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['password']);
return false;
}
return true;
} else {
return false;
}
}
/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin()
{
/* Check if user has been remembered */
if (isset($_COOKIE['login_email']) && isset($_COOKIE['login_password'])) {
if (!confirmUser($_COOKIE['login_email'], $_COOKIE['login_password'])) {
/* Variables are incorrect, user not logged in */
unset($_SESSION['login_userid']);
unset($_SESSION['login_username']);
return false;
}
return true;
} else {
return false;
}
}
if ($_POST['pass2']) {
$_POST['pass2'] = cleanString($_POST['pass2'], 40);
}
if ($_POST['salt']) {
$_POST['salt'] = '';
}
if ($_POST['key']) {
$_POST['key'] = '';
}
// check for errors
$alertArr = array();
if (!$_POST['pass_field_curr']) {
$alertArr[] = $ALERT['PASS_CURR_NO'];
}
// Recheck password of registered users
if (confirmUser($_SESSION['username'], $_POST['passcurr']) != 0) {
$alertArr[] = $ALERT['PASS_CURR_WRONG'];
}
if ($_POST['pass_1'] != $_POST['pass_2']) {
$alertArr[] = $ALERT['PASS_DIFF'];
}
if (strlen($_POST['pass_field_1']) > 30) {
$alertArr[] = $ALERT['PASS_TOLONG'];
}
if ($_POST['pass_field_1'] && strlen($_POST['pass_field_1']) < 6) {
$alertArr[] = $ALERT['PASS_TOSHORT'];
}
if (strlen($_POST['email']) > 140) {
$alertArr[] = $ALERT['EMAIL_TOLONG'];
}
if ($_POST['email'] && !emailValid($_POST['email'])) {
require "libs/ext.lib.php";
// Get global variables & functions
// If form was submitted, edit entry or confirm entry or write entry
if ($_GET) {
if ($_GET['username']) {
// print form for data entry
$OUTPUT = editUser($_GET);
} else {
// Invalid use, display error
errDie("ERROR: Invalid use of module.", SELF);
}
} elseif ($_POST) {
if ($_POST['a'] == "confirm") {
// ask for confirmation
$perm = isset($_POST['perm']) ? $_POST['perm'] : '';
$OUTPUT = confirmUser($_POST);
} elseif ($_POST['a'] == "write") {
// write changes to database
$OUTPUT = writeUser($_POST);
} else {
// Invalid use, display error
errDie("ERROR: Invalid use of module.", SELF);
}
} else {
// Invalid use, display error
errDie("ERROR: Invalid use of module.", SELF);
}
# require template
require "template.php";
function editUser($_POST)
{
<?php
require "manageDB.php";
$email = $_GET['email'];
$name = $_GET['name'];
if (checkValidation($email, $name)) {
confirmUser($email);
echo "<script>alert('La registrazione è andata a buon fine. Ora puoi effettuare il login')</script>";
header("location: login.php");
}
$t->assign('message', 'You did not fill in a required field.');
$t->display('login.tpl');
die;
}
/* Spruce up username, check length */
$_POST['user'] = trim($_POST['user']);
if (strlen($_POST['user']) > 40) {
$t->assign('message', 'Sorry, the username is longer than 40 characters, please shorten it.');
$t->display('login.tpl');
die;
}
/* Checks that username is in database and password is correct
confirmUser lives in checkLogin.php
*/
$md5pass = md5($_POST['pass']);
$result = confirmUser($_POST['user'], $md5pass);
/* Check error codes */
if ($result == DELPHI_NO_SUCH_USER) {
$t->assign('message', 'That username does not exist in our database.');
$t->display('login.tpl');
die;
} else {
if ($result == DELPHI_PASSWD_WRONG) {
$t->assign('message', 'Incorrect password, please try again.');
$t->display('login.tpl');
die;
}
}
/* Username and password correct, register session variables */
$_SESSION['username'] = stripslashes($_POST['user']);
$_SESSION['password'] = $md5pass;
</div>
</div>
<br />
<div class="container">
<div class="page-header">
<h1><?php
echo _('Account activation');
?>
</h1>
</div>
<?php
$userkey = "";
if (isset($_GET["key"])) {
$userkey = $_GET["key"];
}
confirmUser($userkey);
?>
<div class="alert alert-warning" role="alert">
<p><?php
echo _('By registering I confirm that I have read:');
?>
<a href="<?php
echo $systemrules;
?>
"><?php
echo _('User Guide');
?>
</a></p>
</div>
<div class="panel panel-default">
<div class="panel-body">
function writeUser($_POST)
{
# get vars
extract($_POST);
// if(!isset($doneBtn))
// return confirmUser($_POST);
# validate input
require "libs/validate.lib.php";
$v = new validate();
$v->isOk($div, "num", 1, 20, "Invalid Branch.");
$v->isOk($username, "string", 1, 20, "Invalid user name.");
$v->isOk($password, "string", 1, 20, "Invalid password.");
$v->isOk($tool, "string", 1, 3, "Invalid tooltips selection.");
$v->isOk($ispos, "string", 1, 3, "Invalid POS user selection.");
# display errors, if any
if ($v->isError()) {
$theseErrors = "";
$errors = $v->getErrors();
foreach ($errors as $e) {
$theseErrors .= "<li class='err'>" . $e["msg"] . "</li>";
}
$theseErrors .= "<p><input type='button' onClick='JavaScript:history.back();' value='« Correct submission'>";
return $theseErrors;
}
# connect to db
db_connect();
if (!isset($admin)) {
$admin = 0;
}
if (!isset($doneBtn) or $admin == "1") {
if (isset($f2)) {
# exit if user exists
$sql = "SELECT username FROM users WHERE username = '******'";
$usrRslt = db_exec($sql) or errDie("Unable to check cubit for existing username.");
if (pg_numrows($usrRslt) > 0) {
return "\n\t\t\t\t\t<li class='err'>User, {$username}, already exists in cubit.</li>\n\t\t\t\t\t<br>\n\t\t\t\t\t" . mkQuickLinks(ql("admin-usradd.php", "Add New User"));
}
# get md5 hash of password
$password = md5($password);
$sql = "\n\t\t\t\tINSERT INTO users (\n\t\t\t\t\tusername, password, services_menu, admin, locale, div, help, empnum, payroll_groups\n\t\t\t\t) VALUES (\n\t\t\t\t\t'{$username}', '{$password}', 'L', {$admin}, '{$locale}', '{$div}', '{$tool}', '{$empnum}', '" . implode(",", $payroll_group) . "'\n\t\t\t\t)";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to cubit.");
} else {
// update the admin variable
db_exec("UPDATE users SET admin = '{$admin}' WHERE username='******'");
}
}
#remove all entries for seleted department ...
$get_dept_scripts = "SELECT script FROM deptscripts WHERE dept = '{$old_dept}'";
$run_dept_scripts = db_exec($get_dept_scripts) or errDie("Unable to get department script information.");
if (pg_numrows($run_dept_scripts) < 1) {
#no scripts for this department
} else {
while ($ddarr = pg_fetch_array($run_dept_scripts)) {
$Sql = "DELETE FROM userscripts WHERE username='******' AND script = '{$ddarr['script']}'";
$Ex = db_exec($Sql) or errDie("Unable to clear old user script permissions.");
}
}
if ($ispos == "No") {
$Sql = "DELETE FROM userscripts WHERE username = '******'";
// $Ex = db_exec($Sql);
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'top_menu.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'diary.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'diary-day.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'glodiary.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'glodiary-day.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'todo.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index_die.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index-services.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
# write permissions
if (isset($perm)) {
foreach ($perm as $key => $value) {
$sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', '{$value}')";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to cubit.");
}
}
if (isset($deps)) {
foreach ($deps as $key => $value) {
$sql = "SELECT script FROM deptscripts WHERE dept = '{$key}'";
$depRs = db_exec($sql);
while ($depscr = pg_fetch_array($depRs)) {
$sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', '{$depscr['script']}')";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to cubit.");
}
}
}
if (isset($depsrem)) {
foreach ($depsrem as $key => $value) {
$sql = "SELECT script FROM deptscripts WHERE dept = '{$key}'";
$depRs = db_exec($sql);
while ($depscr = pg_fetch_array($depRs)) {
$sql = "DELETE FROM userscripts WHERE username='******' AND script='{$depscr['script']}'";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to cubit.");
}
}
}
} else {
$Sql = "DELETE FROM userscripts WHERE username='******'";
// $Ex = db_exec($Sql);
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'top_menu.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'diary.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'diary-day.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'glodiary.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'glodiary-day.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'todo.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index_die.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index-services.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'pos-invoice-new.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'pos-slip.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'pos-invoice-print.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index-sales.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to cubit.");
}
// if(isset($doneBtn)){
// $get_real_scripts = "SELECT distinct(script) FROM userscripts WHERE username = '******'";
// $run_real_scripts = db_exec($get_real_scripts) or errDie ("Unable to get script information.");
// if(pg_numrows($run_real_scripts) < 1){
// return "No Scripts Permission For This User Found.";
// }
// $remove_all_temp = "DELETE FROM userscripts WHERE username = '******'";
// $run_remove_temp = db_exec($remove_all_temp) or errDie ("Unable to remove temporary permission files.");
//
// while ($sc_arr = pg_fetch_array ($run_real_scripts)){
// $insert_this_perm = "INSERT INTO userscripts (username,script) VALUES ('$username', '$sc_arr[script]')";
// $run_insert_perm = db_exec($insert_this_perm) or errDie ("Unable to update permission information.");
// }
// }
if (!isset($doneBtn)) {
return confirmUser($_POST);
}
# status report
$writeUser = "******" . TMPL_tblDflts . " width='50%'>\n\t\t\t<tr>\n\t\t\t\t<th>New user added to cubit</th>\n\t\t\t</tr>\n\t\t\t<tr class='datacell'>\n\t\t\t\t<td>New user, {$username}, was successfully added to Cubit.</td>\n\t\t\t</tr>\n\t\t</table>\n\t\t<p>\n\t\t<table border='0' cellpadding='2' cellspacing='1'>\n\t\t\t<tr>\n\t\t\t\t<th>Quick Links</th>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td><a href='admin-usradd.php'>Add another user</a></td>\n\t\t\t</tr>\n\t\t\t<script>document.write(getQuicklinkSpecial());</script>\n\t\t</table>";
return enterUser($username, "<li class='yay'>Successfully added {$username}</li><br>");
return $writeUser;
}
//get action var: action|''
$action = isset($_POST['action']) ? $_POST['action'] : "";
//controls what to show in the front page
switch ($action) {
case 'create':
createUser();
break;
case 'adminCreate':
if ($_POST['usr_pwd'] == $_POST['usr_cpwd']) {
addUser();
} else {
echo 'Please check your password.';
}
break;
case 'confirmUser':
confirmUser();
break;
case 'deleteUser':
deleteUser();
break;
case 'edit':
editUser();
break;
case 'search':
searchUser();
break;
case 'logout':
logout();
break;
case 'searchById':
searchById();
*/
require "libs/settings.php";
// Get global variables & functions
// If form was submitted, edit entry or confirm entry or write entry
if ($_GET) {
if ($_GET['username']) {
// print form for data entry
$OUTPUT = editUser($_GET['username']);
} else {
// Invalid use, display error
errDie("ERROR: Invalid use of module.", SELF);
}
} elseif ($_POST) {
if ($_POST['a'] == "confirm") {
// ask for confirmation
$OUTPUT = confirmUser($_POST['oldusrnme'], $_POST['username'], $_POST['chgpass'], $_POST['password'], $_POST['password2'], $_POST['perm'], $_POST['depart']);
} elseif ($_POST['a'] == "write") {
// write changes to database
$OUTPUT = writeUser($_POST['oldusrnme'], $_POST['username'], $_POST['MD5_PASS'], $_POST['depart']);
} else {
// Invalid use, display error
errDie("ERROR: Invalid use of module.", SELF);
}
} else {
// Invalid use, display error
errDie("ERROR: Invalid use of module.", SELF);
}
# require template
require "libs/template.php";
/*
* Functions