getUserQueries($loginUserID); // function 'getUserQueries()' is defined in 'include.inc.php' // Relocate back to the 'Edit Query' form (script 'query_manager.php'): header("Location: " . $_SERVER['HTTP_REFERER']); // w.r.t. to '$_SERVER['HTTP_REFERER']' vs '$referer' see NOTE above exit; // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> !EXIT! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< } } elseif ($queryAction == "add") { // Get the query id that was created: $queryID = @mysql_insert_id($connection); } // find out the unique ID number of the newly created query (Note: this function should be called immediately after the // SQL INSERT statement! After any subsequent query it won't be possible to retrieve the auto_increment identifier value for THIS record!) // update the 'userQueries' session variable: getUserQueries($loginUserID); // function 'getUserQueries()' is defined in 'include.inc.php' // Build correct header message: if ($queryAction == "add") { $HeaderString = $loc["SavedQueryAdded"]; } elseif ($queryAction == "edit") { $HeaderString = $loc["SavedQueryEdited"]; } elseif ($queryAction == "delet") { $HeaderString = $loc["SavedQueryDeleted"]; } $HeaderString = returnMsg($HeaderString, "", "", "HeaderString"); // function 'returnMsg()' is defined in 'include.inc.php' // (4) Call 'index.php' which will display the header message // (routing feedback output to a different script page will avoid any reload problems effectively!) header("Location: index.php"); // --------------------------------------------------------------------
function check_login($referer, $loginEmail, $loginPassword) { global $username; global $password; global $hostName; global $databaseName; global $connection; global $HeaderString; global $loginUserID; global $loginFirstName; global $loginLastName; global $adminLoginEmail; global $abbrevInstitution; global $tableAuth, $tableUserData, $tableUsers; // defined in 'db.inc.php' global $loc; // Get the two character salt from the email address collected from the challenge $salt = substr($loginEmail, 0, 2); // Encrypt the loginPassword collected from the challenge (so that we can compare it to the encrypted passwords that are stored in the 'auth' table) $crypted_password = crypt($loginPassword, $salt); // CONSTRUCT SQL QUERY: $query = "SELECT user_id FROM {$tableAuth} WHERE email = " . quote_smart($loginEmail) . " AND password = "******"errors"); } // function 'deleteSessionVariable()' is defined in 'include.inc.php' if (isset($_SESSION['formVars'])) { // delete the 'formVars' session variable: deleteSessionVariable("formVars"); } // function 'deleteSessionVariable()' is defined in 'include.inc.php' $userID = $row["user_id"]; // extract the user's userID from the last query // Now we need to get the user's first name and last name (e.g., in order to display them within the login welcome message) $query = "SELECT user_id, first_name, last_name, abbrev_institution, language, last_login FROM {$tableUsers} WHERE user_id = " . quote_smart($userID); // CONSTRUCT SQL QUERY $result = queryMySQLDatabase($query); // RUN the query on the database through the connection (function 'queryMySQLDatabase()' is defined in 'include.inc.php') $row2 = mysql_fetch_array($result); // EXTRACT results: fetch the one row into the array '$row2' // Save the fetched user details to the session file: // Write back session variables: saveSessionVariable("loginEmail", $loginEmail); // function 'saveSessionVariable()' is defined in 'include.inc.php' saveSessionVariable("loginUserID", $row2["user_id"]); saveSessionVariable("loginFirstName", $row2["first_name"]); saveSessionVariable("loginLastName", $row2["last_name"]); saveSessionVariable("abbrevInstitution", $row2["abbrev_institution"]); saveSessionVariable("userLanguage", $row2["language"]); saveSessionVariable("lastLogin", $row2["last_login"]); // Get all user groups specified by the current user // and (if some groups were found) save them as semicolon-delimited string to the session variable 'userGroups': getUserGroups($tableUserData, $row2["user_id"]); // function 'getUserGroups()' is defined in 'include.inc.php' if ($loginEmail == $adminLoginEmail) { // ('$adminLoginEmail' is specified in 'ini.inc.php') // Get all user groups specified by the admin // and (if some groups were found) save them as semicolon-delimited string to the session variable 'adminUserGroups': getUserGroups($tableUsers, $row2["user_id"]); } // function 'getUserGroups()' is defined in 'include.inc.php' // Get all user queries that were saved previously by the current user // and (if some queries were found) save them as semicolon-delimited string to the session variable 'userQueries': getUserQueries($row2["user_id"]); // function 'getUserQueries()' is defined in 'include.inc.php' // Get all export formats that were selected previously by the current user // and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_export_formats': getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "export"); // function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php' // Get all citation formats that were selected previously by the current user // and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_cite_formats': getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "cite"); // function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php' // Get all citation styles that were selected previously by the current user // and (if some styles were found) save them as semicolon-delimited string to the session variable 'user_styles': getVisibleUserFormatsStylesTypes($row2["user_id"], "style", ""); // function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php' // Get all document types that were selected previously by the current user // and (if some types were found) save them as semicolon-delimited string to the session variable 'user_types': getVisibleUserFormatsStylesTypes($row2["user_id"], "type", ""); // function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php' // Get the user permissions for the current user // and save all allowed user actions as semicolon-delimited string to the session variable 'user_permissions': getPermissions($row2["user_id"], "user", true); // function 'getPermissions()' is defined in 'include.inc.php' // Get the default view for the current user // and save it to the session variable 'userDefaultView': getDefaultView($row2["user_id"]); // function 'getDefaultView()' is defined in 'include.inc.php' // Get the default number of records per page preferred by the current user // and save it to the session variable 'userRecordsPerPage': getDefaultNumberOfRecords($row2["user_id"]); // function 'getDefaultNumberOfRecords()' is defined in 'include.inc.php' // Get the user's preference for displaying auto-completions // and save it to the session variable 'userAutoCompletions': getPrefAutoCompletions($row2["user_id"]); // function 'getPrefAutoCompletions()' is defined in 'include.inc.php' // Get the list of "main fields" for the current user // and save the list of fields as comma-delimited string to the session variable 'userMainFields': getMainFields($row2["user_id"]); // function 'getMainFields()' is defined in 'include.inc.php' // We also update the user's entry within the 'users' table: $query = "UPDATE {$tableUsers} SET " . "last_login = NOW(), " . "logins = logins+1 " . "WHERE user_id = {$userID}"; // RUN the query on the database through the connection: $result = queryMySQLDatabase($query); // function 'queryMySQLDatabase()' is defined in 'include.inc.php' if (!preg_match("#/(error|user_login|install)\\.php#i", $referer)) { header("Location: " . $referer); } else { header("Location: index.php"); } // back to main page } else { // Ensure 'loginEmail' is not registered, so the user is not logged in if (isset($_SESSION['loginEmail'])) { // delete the 'loginEmail' session variable: deleteSessionVariable("loginEmail"); } // function 'deleteSessionVariable()' is defined in 'include.inc.php' // Save an error message: $HeaderString = "<b><span class=\"warning\">" . $loc["LoginFailedYouProvidedAnIncorrectEmailAddressOrPassword"] . "</span></b>"; // Write back session variables: saveSessionVariable("HeaderString", $HeaderString); // function 'saveSessionVariable()' is defined in 'include.inc.php' login_page($referer); } // ------------------- // (5) CLOSE the database connection: disconnectFromMySQLDatabase(); // function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php' }