function Page_Main() { global $conn; $GLOBALS["Page"] =& $this; //***$conn = ew_Connect(); // Get fn / table name parameters $key = EW_RANDOM_KEY . session_id(); $fn = @$_GET["fn"] != "" ? ew_StripSlashes($_GET["fn"]) : ""; if ($fn != "" && EW_ENCRYPT_FILE_PATH) { $fn = ew_Decrypt($fn, $key); } $table = @$_GET["t"] != "" ? ew_StripSlashes($_GET["t"]) : ""; if ($table != "" && EW_ENCRYPT_FILE_PATH) { $table = ew_Decrypt($table, $key); } // Global Page Loading event (in userfn*.php) //***Page_Loading(); // Get resize parameters $resize = @$_GET["resize"] != ""; $width = @$_GET["width"] != "" ? $_GET["width"] : 0; $height = @$_GET["height"] != "" ? $_GET["height"] : 0; if (@$_GET["width"] == "" && @$_GET["height"] == "") { $width = EW_THUMBNAIL_DEFAULT_WIDTH; $height = EW_THUMBNAIL_DEFAULT_HEIGHT; } // Resize image from physical file if ($fn != "") { $fn = str_replace("", "", $fn); $fn = ew_IncludeTrailingDelimiter(ew_AppRoot(), TRUE) . $fn; if (file_exists($fn) || @fopen($fn, "rb") !== FALSE) { // Allow remote file if (ob_get_length()) { ob_end_clean(); } $pathinfo = pathinfo($fn); $ext = strtolower(@$pathinfo["extension"]); $ct = ew_ContentType("", $fn); if ($ct != "") { header("Content-type: " . $ct); } if (in_array($ext, explode(",", EW_IMAGE_ALLOWED_FILE_EXT))) { $size = @getimagesize($fn); if ($size) { header("Content-type: {$size['mime']}"); } if ($width > 0 || $height > 0) { echo ew_ResizeFileToBinary($fn, $width, $height); } else { echo file_get_contents($fn); } } elseif (in_array($ext, explode(",", EW_DOWNLOAD_ALLOWED_FILE_EXT))) { echo file_get_contents($fn); } } } // Global Page Unloaded event (in userfn*.php) //***Page_Unloaded(); // Close connection //***ew_CloseConn(); }
function Page_Main() { $GLOBALS["Page"] =& $this; $post = ew_StripSlashes($_POST); if (count($post) == 0) { die("Missing post data."); } //$sql = $qs->getValue("s"); $sql = @$post["s"]; $sql = ew_Decrypt($sql); if ($sql == "") { die("Missing SQL."); } if (strpos($sql, "{filter}") > 0) { $filters = ""; for ($i = 0; $i < 5; $i++) { // Get the filter values (for "IN") $filter = ew_Decrypt(@$post["f" . $i]); if ($filter != "") { $value = @$post["v" . $i]; if ($value == "") { if ($i > 0) { // Empty parent field //continue; // Allow ew_AddFilter($filters, "1=0"); } // Disallow continue; } $arValue = explode(",", $value); $fldtype = intval(@$post["t" . $i]); for ($j = 0, $cnt = count($arValue); $j < $cnt; $j++) { $arValue[$j] = ew_QuotedValue($arValue[$j], ew_FieldDataType($fldtype)); } $filter = str_replace("{filter_value}", implode(",", $arValue), $filter); ew_AddFilter($filters, $filter); } } $sql = str_replace("{filter}", $filters != "" ? $filters : "1=1", $sql); } // Get the query value (for "LIKE" or "=") $value = ew_AdjustSql(@$post["q"]); if ($value != "") { $sql = preg_replace('/LIKE \'(%)?\\{query_value\\}%\'/', ew_Like('\'$1{query_value}%\''), $sql); $sql = str_replace("{query_value}", $value, $sql); } // Replace {query_value_n} preg_match_all('/\\{query_value_(\\d+)\\}/', $sql, $out); $cnt = count($out[0]); for ($i = 0; $i < $cnt; $i++) { $j = $out[1][$i]; $v = ew_AdjustSql(@$post["q" . $j]); $sql = str_replace("{query_value_" . $j . "}", $v, $sql); } $this->GetLookupValues($sql); }
function Page_Main() { global $conn, $Language, $gsFormError; global $Breadcrumb; $Breadcrumb = new cBreadcrumb(); $Breadcrumb->Add("forgotpwd", "<span id=\"ewPageCaption\">" . $Language->Phrase("RequestPwdPage") . "</span>", ew_CurrentUrl()); $bPostBack = ew_IsHttpPost(); $bValidEmail = FALSE; if ($bPostBack) { // Setup variables $this->Email = $_POST["email"]; $bValidEmail = $this->ValidateForm($this->Email); if ($bValidEmail) { $this->Action = "activate"; $this->ActivateCode = ew_Encrypt($this->Email); } else { $this->setFailureMessage($gsFormError); } // Handle email activation } elseif (@$_GET["action"] != "") { $this->Action = $_GET["action"]; $this->Email = @$_GET["email"]; $this->ActivateCode = @$_GET["code"]; if ($this->Email != ew_Decrypt($this->ActivateCode) || strtolower($this->Action) != "confirm") { // Email activation if ($this->getFailureMessage() == "") { $this->setFailureMessage($Language->Phrase("ActivateFailed")); } // Set activate failed message $this->Page_Terminate("login.php"); // Go to login page } } if ($this->Action != "") { $bEmailSent = FALSE; // Set up filter (SQL WHERE clause) and get Return SQL // SQL constructor in usuario class, usuarioinfo.php $sFilter = str_replace("%e", ew_AdjustSql($this->Email), EW_USER_EMAIL_FILTER); $this->CurrentFilter = $sFilter; $sSql = $this->SQL(); if ($RsUser = $conn->Execute($sSql)) { if (!$RsUser->EOF) { $rsold = $RsUser->fields; $bValidEmail = TRUE; // Call User Recover Password event $bValidEmail = $this->User_RecoverPassword($rsold); if ($bValidEmail) { $sUserName = $rsold['usuario']; $sPassword = $rsold['contrasenia']; if (EW_ENCRYPTED_PASSWORD) { if (strtolower($this->Action) == "confirm") { $sPassword = substr($sPassword, 0, 16); // Use first 16 characters only $rsnew = array('contrasenia' => $sPassword); // Reset the password $this->Update($rsnew); } } else { $this->Action = "confirm"; // Send password directly if not MD5 } } } else { $bValidEmail = FALSE; $this->setFailureMessage($Language->Phrase("InvalidEmail")); } if ($bValidEmail) { $Email = new cEmail(); if (strtolower($this->Action) == "confirm") { $Email->Load("phptxt/forgotpwd.txt"); $Email->ReplaceContent('<!--$Password-->', $sPassword); } else { $Email->Load("phptxt/resetpwd.txt"); $sActivateLink = ew_FullUrl() . "?action=confirm"; $sActivateLink .= "&email=" . $this->Email; $sActivateLink .= "&code=" . $this->ActivateCode; $Email->ReplaceContent('<!--$ActivateLink-->', $sActivateLink); } $Email->ReplaceSender(EW_SENDER_EMAIL); // Replace Sender $Email->ReplaceRecipient($this->Email); // Replace Recipient $Email->ReplaceContent('<!--$UserName-->', $sUserName); $Email->Charset = EW_EMAIL_CHARSET; $Args = array(); if (EW_ENCRYPTED_PASSWORD && strtolower($this->Action) == "confirm") { $Args["rs"] =& $rsnew; } if ($this->Email_Sending($Email, $Args)) { $bEmailSent = $Email->Send(); } } $RsUser->Close(); } if ($bEmailSent) { if ($this->getSuccessMessage() == "") { if (strtolower($this->Action) == "confirm") { $this->setSuccessMessage($Language->Phrase("PwdEmailSent")); } else { $this->setSuccessMessage($Language->Phrase("ResetPwdEmailSent")); } } // Set up success message $this->Page_Terminate("login.php"); // Return to login page } elseif ($bValidEmail) { $this->setFailureMessage($Language->Phrase("FailedToSendMail")); // Set up error message } } }
function AutoLogin() { $AutoLogin = FALSE; if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") { $usr = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']); $pwd = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Password']); $AutoLogin = $this->ValidateUser($usr, $pwd, TRUE, FALSE); } if (!$AutoLogin && EW_ALLOW_LOGIN_BY_URL && isset($_GET["username"])) { $usr = ew_RemoveXSS(ew_StripSlashes($_GET["username"])); $pwd = ew_RemoveXSS(ew_StripSlashes(@$_GET["password"])); $enc = !empty($_GET["encrypted"]); $AutoLogin = $this->ValidateUser($usr, $pwd, TRUE, $enc); } if (!$AutoLogin && EW_ALLOW_LOGIN_BY_SESSION && isset($_SESSION[EW_PROJECT_NAME . "_Username"])) { $usr = $_SESSION[EW_PROJECT_NAME . "_Username"]; $pwd = @$_SESSION[EW_PROJECT_NAME . "_Password"]; $enc = !empty($_SESSION[EW_PROJECT_NAME . "_Encrypted"]); $AutoLogin = $this->ValidateUser($usr, $pwd, TRUE, $enc); } return $AutoLogin; }
function Page_Main() { global $Security, $Language, $UserProfile, $gsFormError; global $Breadcrumb; $url = substr(ew_CurrentUrl(), strrpos(ew_CurrentUrl(), "/") + 1); $Breadcrumb = new cBreadcrumb(); $Breadcrumb->Add("login", "LoginPage", $url, "", "", TRUE); $sPassword = ""; $sLastUrl = $Security->LastUrl(); // Get last URL if ($sLastUrl == "") { $sLastUrl = "index.php"; } // If session expired, show session expired message if (@$_GET["expired"] == "1") { $this->setFailureMessage($Language->Phrase("SessionExpired")); } if (IsLoggingIn()) { $this->Username = @$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME]; $sPassword = @$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD]; $this->LoginType = @$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE]; $bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE); if ($bValidPwd) { $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = ""; $_SESSION[EW_SESSION_USER_PROFILE_PASSWORD] = ""; $_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = ""; } } else { if (!$Security->IsLoggedIn()) { $Security->AutoLogin(); } $Security->LoadUserLevel(); // Load user level $this->Username = ""; // Initialize $encrypted = FALSE; if (isset($_POST["username"])) { $this->Username = ew_RemoveXSS(ew_StripSlashes($_POST["username"])); $sPassword = ew_RemoveXSS(ew_StripSlashes(@$_POST["password"])); $this->LoginType = strtolower(ew_RemoveXSS(@$_POST["type"])); } else { if (EW_ALLOW_LOGIN_BY_URL && isset($_GET["username"])) { $this->Username = ew_RemoveXSS(ew_StripSlashes($_GET["username"])); $sPassword = ew_RemoveXSS(ew_StripSlashes(@$_GET["password"])); $this->LoginType = strtolower(ew_RemoveXSS(@$_GET["type"])); $encrypted = !empty($_GET["encrypted"]); } } if ($this->Username != "") { $bValidate = $this->ValidateForm($this->Username, $sPassword); if (!$bValidate) { $this->setFailureMessage($gsFormError); } $_SESSION[EW_SESSION_USER_LOGIN_TYPE] = $this->LoginType; // Save user login type $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = $this->Username; // Save login user name $_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = $this->LoginType; // Save login type // Max login attempt checking if ($UserProfile->ExceedLoginRetry($this->Username)) { $bValidate = FALSE; $this->setFailureMessage(str_replace("%t", EW_USER_PROFILE_RETRY_LOCKOUT, $Language->Phrase("ExceedMaxRetry"))); } } else { if ($Security->IsLoggedIn()) { if ($this->getFailureMessage() == "") { $this->Page_Terminate($sLastUrl); } // Return to last accessed page } $bValidate = FALSE; // Restore settings if (@$_COOKIE[EW_PROJECT_NAME]['Checksum'] == strval(crc32(md5(EW_RANDOM_KEY)))) { $this->Username = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']); } if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") { $this->LoginType = "a"; } elseif (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "rememberusername") { $this->LoginType = "u"; } else { $this->LoginType = ""; } } $bValidPwd = FALSE; if ($bValidate) { // Call Logging In event $bValidate = $this->User_LoggingIn($this->Username, $sPassword); if ($bValidate) { $bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE, $encrypted); // Manual login if (!$bValidPwd) { if ($this->getFailureMessage() == "") { $this->setFailureMessage($Language->Phrase("InvalidUidPwd")); } // Invalid user id/password } } else { if ($this->getFailureMessage() == "") { $this->setFailureMessage($Language->Phrase("LoginCancelled")); } // Login cancelled } } } if ($bValidPwd) { // Write cookies if ($this->LoginType == "a") { // Auto login setcookie(EW_PROJECT_NAME . '[AutoLogin]', "autologin", EW_COOKIE_EXPIRY_TIME); // Set autologin cookie setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME); // Set user name cookie setcookie(EW_PROJECT_NAME . '[Password]', ew_Encrypt($sPassword), EW_COOKIE_EXPIRY_TIME); // Set password cookie setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME); } elseif ($this->LoginType == "u") { // Remember user name setcookie(EW_PROJECT_NAME . '[AutoLogin]', "rememberusername", EW_COOKIE_EXPIRY_TIME); // Set remember user name cookie setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME); // Set user name cookie setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME); } else { setcookie(EW_PROJECT_NAME . '[AutoLogin]', "", EW_COOKIE_EXPIRY_TIME); // Clear auto login cookie } $this->WriteAuditTrailOnLogin($this->Username); // Call loggedin event $this->User_LoggedIn($this->Username); $this->Page_Terminate($sLastUrl); // Return to last accessed URL } elseif ($this->Username != "" && $sPassword != "") { // Call user login error event $this->User_LoginError($this->Username, $sPassword); } }
function AutoLogin() { if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") { $usr = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']); $pwd = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Password']); $AutoLogin = $this->ValidateUser($usr, $pwd, TRUE); } else { $AutoLogin = FALSE; } return $AutoLogin; }
function Page_Main() { global $UserTableConn, $Language, $gsFormError; global $Breadcrumb; $Breadcrumb = new cBreadcrumb(); $Breadcrumb->Add("forgotpwd", "RequestPwdPage", ew_CurrentUrl(), "", "", TRUE); $bPostBack = ew_IsHttpPost(); $bValidEmail = FALSE; if ($bPostBack) { // Setup variables $this->Email = $_POST["email"]; $bValidEmail = $this->ValidateForm($this->Email); if ($bValidEmail) { if (EW_ENCRYPTED_PASSWORD) { $this->Action = "reset"; } else { $this->Action = "confirm"; } // Send password directly if not MD5 $this->ActivateCode = ew_Encrypt($this->Email); } else { $this->setFailureMessage($gsFormError); } // Handle email activation } elseif (@$_GET["action"] != "") { $this->Action = $_GET["action"]; $this->Email = @$_GET["email"]; $this->ActivateCode = @$_GET["code"]; if ($this->Email != ew_Decrypt($this->ActivateCode) || strtolower($this->Action) != "confirm" && strtolower($this->Action) != "reset") { // Email activation if ($this->getFailureMessage() == "") { $this->setFailureMessage($Language->Phrase("ActivateFailed")); } // Set activate failed message $this->Page_Terminate("login.php"); // Go to login page } if (strtolower($this->Action) == "reset") { $this->Action = "resetpassword"; } } if ($this->Action != "") { $bEmailSent = FALSE; // Set up filter (SQL WHERE clause) and get Return SQL // SQL constructor in user class, userinfo.php $sFilter = str_replace("%e", ew_AdjustSql($this->Email, EW_USER_TABLE_DBID), EW_USER_EMAIL_FILTER); $this->CurrentFilter = $sFilter; $sSql = $this->SQL(); if ($RsUser = $UserTableConn->Execute($sSql)) { if (!$RsUser->EOF) { $rsold = $RsUser->fields; $bValidEmail = TRUE; // Call User Recover Password event $bValidEmail = $this->User_RecoverPassword($rsold); if ($bValidEmail) { $sUserName = $rsold['CODE']; $sPassword = $rsold['PASS']; } } else { $bValidEmail = FALSE; $this->setFailureMessage($Language->Phrase("InvalidEmail")); } $RsUser->Close(); if ($bValidEmail) { if (strtolower($this->Action) == "resetpassword") { // Reset password $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = $sUserName; // Save login user name $_SESSION[EW_SESSION_STATUS] = "passwordreset"; $this->Page_Terminate("changepwd.php"); } else { $Email = new cEmail(); if (strtolower($this->Action) == "confirm") { $Email->Load(EW_EMAIL_FORGOTPWD_TEMPLATE); $Email->ReplaceContent('<!--$Password-->', $sPassword); } else { $Email->Load(EW_EMAIL_RESETPWD_TEMPLATE); $sActivateLink = ew_FullUrl() . "?action=reset"; $sActivateLink .= "&email=" . $this->Email; $sActivateLink .= "&code=" . $this->ActivateCode; $Email->ReplaceContent('<!--$ActivateLink-->', $sActivateLink); } $Email->ReplaceSender(EW_SENDER_EMAIL); // Replace Sender $Email->ReplaceRecipient($this->Email); // Replace Recipient $Email->ReplaceContent('<!--$UserName-->', $sUserName); $Args = array(); if (EW_ENCRYPTED_PASSWORD && strtolower($this->Action) == "confirm") { $Args["rs"] =& $rsnew; } if ($this->Email_Sending($Email, $Args)) { $bEmailSent = $Email->Send(); } } } } if ($bEmailSent) { if ($this->getSuccessMessage() == "") { if (strtolower($this->Action) == "confirm") { $this->setSuccessMessage($Language->Phrase("PwdEmailSent")); } else { $this->setSuccessMessage($Language->Phrase("ResetPwdEmailSent")); } } // Set up success message $this->Page_Terminate("login.php"); // Return to login page } elseif ($bValidEmail) { $this->setFailureMessage($Email->SendErrDescription); // Set up error message } } }
function Page_Main() { global $Security, $Language, $UserProfile, $gsFormError; global $Breadcrumb; $Breadcrumb = new cBreadcrumb(); $Breadcrumb->Add("login", "<span id=\"ewPageCaption\">" . $Language->Phrase("LoginPage") . "</span>", ew_CurrentUrl()); $sPassword = ""; $sLastUrl = $Security->LastUrl(); // Get last URL if ($sLastUrl == "") { $sLastUrl = "index.php"; } if (IsLoggingIn()) { $this->Username = @$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME]; $sPassword = @$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD]; $this->LoginType = @$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE]; $bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE); if ($bValidPwd) { $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = ""; $_SESSION[EW_SESSION_USER_PROFILE_PASSWORD] = ""; $_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = ""; } } else { if (!$Security->IsLoggedIn()) { $Security->AutoLogin(); } $this->Username = ""; // Initialize if (@$_POST["username"] != "") { // Setup variables $this->Username = ew_RemoveXSS(ew_StripSlashes(@$_POST["username"])); $sPassword = ew_RemoveXSS(ew_StripSlashes(@$_POST["password"])); $this->LoginType = strtolower(ew_RemoveXSS(@$_POST["type"])); } if ($this->Username != "") { $bValidate = $this->ValidateForm($this->Username, $sPassword); if (!$bValidate) { $this->setFailureMessage($gsFormError); } $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = $this->Username; // Save login user name $_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = $this->LoginType; // Save login type } else { if ($Security->IsLoggedIn()) { if ($this->getFailureMessage() == "") { $this->Page_Terminate($sLastUrl); } // Return to last accessed page } $bValidate = FALSE; // Restore settings if (@$_COOKIE[EW_PROJECT_NAME]['Checksum'] == strval(crc32(md5(EW_RANDOM_KEY)))) { $this->Username = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']); } if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") { $this->LoginType = "a"; } elseif (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "rememberusername") { $this->LoginType = "u"; } else { $this->LoginType = ""; } } $bValidPwd = FALSE; if ($bValidate) { // Call Logging In event $bValidate = $this->User_LoggingIn($this->Username, $sPassword); if ($bValidate) { $bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE); // Manual login if (!$bValidPwd) { if ($this->getFailureMessage() == "") { $this->setFailureMessage($Language->Phrase("InvalidUidPwd")); } // Invalid user id/password } } else { if ($this->getFailureMessage() == "") { $this->setFailureMessage($Language->Phrase("LoginCancelled")); } // Login cancelled } } } if ($bValidPwd) { // Write cookies if ($this->LoginType == "a") { // Auto login setcookie(EW_PROJECT_NAME . '[AutoLogin]', "autologin", EW_COOKIE_EXPIRY_TIME); // Set autologin cookie setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME); // Set user name cookie setcookie(EW_PROJECT_NAME . '[Password]', ew_Encrypt($sPassword), EW_COOKIE_EXPIRY_TIME); // Set password cookie setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME); } elseif ($this->LoginType == "u") { // Remember user name setcookie(EW_PROJECT_NAME . '[AutoLogin]', "rememberusername", EW_COOKIE_EXPIRY_TIME); // Set remember user name cookie setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME); // Set user name cookie setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME); } else { setcookie(EW_PROJECT_NAME . '[AutoLogin]', "", EW_COOKIE_EXPIRY_TIME); // Clear auto login cookie } // Call loggedin event $this->User_LoggedIn($this->Username); $this->Page_Terminate($sLastUrl); // Return to last accessed URL } elseif ($this->Username != "" && $sPassword != "") { // Call user login error event $this->User_LoginError($this->Username, $sPassword); } }
function Page_Main() { global $conn, $Security, $Language, $gsFormError, $objForm; global $Breadcrumb; // Set up Breadcrumb $Breadcrumb = new cBreadcrumb(); $Breadcrumb->Add("register", "<span id=\"ewPageCaption\">" . $Language->Phrase("RegisterPage") . "</span>", ew_CurrentUrl()); $bUserExists = FALSE; if (@$_POST["a_register"] != "") { // Get action $this->CurrentAction = $_POST["a_register"]; $this->LoadFormValues(); // Get form values // Validate form if (!$this->ValidateForm()) { $this->CurrentAction = "I"; // Form error, reset action $this->setFailureMessage($gsFormError); } } else { $this->CurrentAction = "I"; // Display blank record $this->LoadDefaultValues(); // Load default values } // Handle email activation if (@$_GET["action"] != "") { $sAction = $_GET["action"]; $sEmail = @$_GET["email"]; $sCode = @$_GET["token"]; @(list($sApprovalCode, $sUsr, $sPwd) = explode(",", $sCode, 3)); $sApprovalCode = ew_Decrypt($sApprovalCode); $sUsr = ew_Decrypt($sUsr); $sPwd = ew_Decrypt($sPwd); if ($sEmail == $sApprovalCode) { if (strtolower($sAction) == "confirm") { // Email activation if ($this->ActivateEmail($sEmail)) { // Activate this email if ($this->getSuccessMessage() == "") { $this->setSuccessMessage($Language->Phrase("ActivateAccount")); } // Set up message acount activated $this->Page_Terminate("cciaglogin.php"); // Go to login page } } } if ($this->getFailureMessage() == "") { $this->setFailureMessage($Language->Phrase("ActivateFailed")); } // Set activate failed message $this->Page_Terminate("cciaglogin.php"); // Go to login page } switch ($this->CurrentAction) { case "I": // Blank record, no action required break; case "A": // Add // Check for duplicate User ID $sFilter = str_replace("%u", ew_AdjustSql($this->usuario->CurrentValue), EW_USER_NAME_FILTER); // Set up filter (SQL WHERE clause) and get return SQL // SQL constructor in usuario class, usuarioinfo.php $this->CurrentFilter = $sFilter; $sUserSql = $this->SQL(); if ($rs = $conn->Execute($sUserSql)) { if (!$rs->EOF) { $bUserExists = TRUE; $this->RestoreFormValues(); // Restore form values $this->setFailureMessage($Language->Phrase("UserExists")); // Set user exist message } $rs->Close(); } if (!$bUserExists) { $this->SendEmail = TRUE; // Send email on add success if ($this->AddRow()) { // Add record // Load user email $sReceiverEmail = $this->_email->CurrentValue; if ($sReceiverEmail == "") { // Send to recipient directly $sReceiverEmail = EW_RECIPIENT_EMAIL; $sBccEmail = ""; } else { // Bcc recipient $sBccEmail = EW_RECIPIENT_EMAIL; } // Set up email content if ($sReceiverEmail != "") { $Email = new cEmail(); $Email->Load("phptxt/cciagregister.txt"); $Email->ReplaceSender(EW_SENDER_EMAIL); // Replace Sender $Email->ReplaceRecipient($sReceiverEmail); // Replace Recipient if ($sBccEmail != "") { $Email->AddBcc($sBccEmail); } // Add Bcc $Email->ReplaceContent('<!--FieldCaption_email-->', $this->_email->FldCaption()); $Email->ReplaceContent('<!--email-->', strval($this->_email->FormValue)); $sActivateLink = ew_FullUrl() . "?action=confirm"; $sActivateLink .= "&email=" . $this->_email->CurrentValue; $sToken = ew_Encrypt($this->_email->CurrentValue) . "," . ew_Encrypt($this->usuario->CurrentValue) . "," . ew_Encrypt($this->contrasenia->FormValue); $sActivateLink .= "&token=" . $sToken; $Email->ReplaceContent("<!--ActivateLink-->", $sActivateLink); $Email->Charset = EW_EMAIL_CHARSET; // Get new recordset $this->CurrentFilter = $this->KeyFilter(); $sSql = $this->SQL(); $rsnew = $conn->Execute($sSql); $Args = array(); $Args["rs"] = $rsnew->fields; $bEmailSent = FALSE; if ($this->Email_Sending($Email, $Args)) { $bEmailSent = $Email->Send(); } // Send email failed if (!$bEmailSent) { $this->setFailureMessage($Email->SendErrDescription); } } if ($this->getSuccessMessage() == "") { $this->setSuccessMessage($Language->Phrase("RegisterSuccessActivate")); } // Activate success $this->Page_Terminate("cciaglogin.php"); // Return } else { $this->RestoreFormValues(); // Restore form values } } } // Render row if ($this->CurrentAction == "F") { // Confirm page $this->RowType = EW_ROWTYPE_VIEW; // Render view } else { $this->RowType = EW_ROWTYPE_ADD; // Render add } $this->ResetAttrs(); $this->RenderRow(); }
function Page_Main() { global $conn; $GLOBALS["Page"] =& $this; $post = ew_StripSlashes($_POST); if (count($post) == 0) { die("Missing post data."); } //$sql = $qs->getValue("s"); $sql = @$post["s"]; $sql = ew_Decrypt($sql); if ($sql == "") { die("Missing SQL."); } $dbid = @$post["d"]; $conn = ew_Connect($dbid); // Global Page Loading event (in userfn*.php) Page_Loading(); if (ob_get_length()) { // Clear output ob_clean(); } if (strpos($sql, "{filter}") > 0) { $filters = ""; $ar = preg_grep('/^f\\d+$/', array_keys($post)); foreach ($ar as $key) { // Get the filter values (for "IN") $filter = ew_Decrypt(@$post[$key]); if ($filter != "") { $i = preg_replace('/^f/', '', $key); $value = @$post["v" . $i]; if ($value == "") { if ($i > 0) { // Empty parent field //continue; // Allow ew_AddFilter($filters, "1=0"); } // Disallow continue; } $arValue = explode(",", $value); $fldtype = intval(@$post["t" . $i]); $flddatatype = ew_FieldDataType($fldtype); $bValidData = TRUE; for ($j = 0, $cnt = count($arValue); $j < $cnt; $j++) { if ($flddatatype == EW_DATATYPE_NUMBER && !is_numeric($arValue[$j])) { $bValidData = FALSE; break; } else { $arValue[$j] = ew_QuotedValue($arValue[$j], $flddatatype, $dbid); } } if ($bValidData) { $filter = str_replace("{filter_value}", implode(",", $arValue), $filter); } else { $filter = "1=0"; } $fn = @$post["fn" . $i]; if ($fn == "" || !function_exists($fn)) { $fn = "ew_AddFilter"; } $fn($filters, $filter); } } $sql = str_replace("{filter}", $filters != "" ? $filters : "1=1", $sql); } // Get the query value (for "LIKE" or "=") $value = ew_AdjustSql(@$_GET["q"], $dbid); // Get the query value from querystring if ($value == "") { $value = ew_AdjustSql(@$post["q"], $dbid); } // Get the value from post if ($value != "") { $sql = preg_replace('/LIKE \'(%)?\\{query_value\\}%\'/', ew_Like('\'$1{query_value}%\'', $dbid), $sql); $sql = str_replace("{query_value}", $value, $sql); } // Replace {query_value_n} preg_match_all('/\\{query_value_(\\d+)\\}/', $sql, $out); $cnt = count($out[0]); for ($i = 0; $i < $cnt; $i++) { $j = $out[1][$i]; $v = ew_AdjustSql(@$post["q" . $j], $dbid); $sql = str_replace("{query_value_" . $j . "}", $v, $sql); } $this->GetLookupValues($sql, $dbid); $result = ob_get_contents(); // Global Page Unloaded event (in userfn*.php) Page_Unloaded(); if (ob_get_length()) { // Clear output ob_clean(); } // Close connection ew_CloseConn(); // Output echo $result; }
function AutoLogin() { if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") { $usr = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']); $pwd = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Password']); $AutoLogin = $this->ValidateUser($usr, $pwd, TRUE); if ($AutoLogin) { ew_WriteAuditTrail("log", ew_StdCurrentDateTime(), ew_ScriptName(), $usr, $GLOBALS["Language"]->Phrase("AuditTrailAutoLogin"), ew_CurrentUserIP(), "", "", "", ""); } } else { $AutoLogin = FALSE; } return $AutoLogin; }
function Page_Main() { global $Language; // Load filter $filter = @$_GET["f"]; $filter = ew_Decrypt($filter); if ($filter == "") { $filter = "0=1"; } // Set up foreign keys from filter $this->SetupForeignKeysFromFilter($filter); // Call Recordset Selecting event $this->Recordset_Selecting($filter); // Load recordset $filter = $this->ApplyUserIDFilters($filter); $this->Recordset = $this->LoadRs($filter); $this->TotalRecs = $this->Recordset ? $this->Recordset->RecordCount() : 0; // Call Recordset Selected event $this->Recordset_Selected($this->Recordset); $this->LoadListRowValues($this->Recordset); $this->RenderOtherOptions(); }