function replace_permission_tags()
{
global $config;
require_once $config['basepath'] . '/include/login.inc.php';
$login = new login();
// Check for tags: Admin, Agent, canEditForms, canViewLogs, editpages, havevtours
$login_status = $login->verify_priv('Agent');
if ($login_status !== true) {
// Use pregreplace to removed {check_agent} tags and content between them
$this->page = preg_replace('/{check_agent}(.*?){\\/check_agent}/is', '', $this->page);
$this->page = str_replace('{!check_agent}', '', $this->page);
$this->page = str_replace('{/!check_agent}', '', $this->page);
} else {
// Use strreplace to remove {check_agent} tags and leave the content.
$this->page = preg_replace('/{!check_agent}(.*?){\\/!check_agent}/is', '', $this->page);
$this->page = str_replace('{check_agent}', '', $this->page);
$this->page = str_replace('{/check_agent}', '', $this->page);
}
$login_status = $login->verify_priv('Member');
if ($login_status !== true) {
// Use pregreplace to removed {check_agent} tags and content between them
$this->page = preg_replace('/{check_member}(.*?){\\/check_member}/is', '', $this->page);
$this->page = str_replace('{!check_member}', '', $this->page);
$this->page = str_replace('{/!check_member}', '', $this->page);
$this->page = str_replace('{check_guest}', '', $this->page);
$this->page = str_replace('{/check_guest}', '', $this->page);
} else {
// Use strreplace to remove {check_agent} tags and leave the content.
$this->page = preg_replace('/{!check_member}(.*?){\\/!check_member}/is', '', $this->page);
$this->page = str_replace('{check_member}', '', $this->page);
$this->page = str_replace('{/check_member}', '', $this->page);
$this->page = preg_replace('/{check_guest}(.*?){\\/check_guest}/is', '', $this->page);
}
$login_status = $login->verify_priv('Admin');
if ($login_status !== true) {
// Use pregreplace to removed {check_agent} tags and content between them
$this->page = preg_replace('/{check_moderate_listings}(.*?){\\/check_moderate_listings}/is', '', $this->page);
$this->page = str_replace('{!check_moderate_listings}', '', $this->page);
$this->page = str_replace('{/!check_moderate_listings}', '', $this->page);
$this->page = str_replace('{!check_admin}', '', $this->page);
$this->page = str_replace('{/!check_admin}', '', $this->page);
$this->page = preg_replace('/{check_admin}(.*?){\\/check_admin}/is', '', $this->page);
} else {
if ($config['moderate_listings'] === "1") {
$this->page = str_replace('{check_moderate_listings}', '', $this->page);
$this->page = str_replace('{/check_moderate_listings}', '', $this->page);
$this->page = preg_replace('/{!check_moderate_listings}(.*?){\\/!check_moderate_listings}/is', '', $this->page);
} else {
$this->page = str_replace('{!check_moderate_listings}', '', $this->page);
$this->page = str_replace('{/!check_moderate_listings}', '', $this->page);
$this->page = preg_replace('/{check_moderate_listings}(.*?){\\/check_moderate_listings}/is', '', $this->page);
}
// Use strreplace to remove {check_agent} tags and leave the content.
$this->page = str_replace('{check_admin}', '', $this->page);
$this->page = str_replace('{/check_admin}', '', $this->page);
$this->page = preg_replace('/{!check_admin}(.*?){\\/!check_admin}/is', '', $this->page);
}
$login_status = $login->verify_priv('edit_site_config');
if ($login_status !== true) {
$this->page = preg_replace('/{check_edit_site_config}(.*?){\\/check_edit_site_config}/is', '', $this->page);
$this->page = str_replace('{!check_edit_site_config}', '', $this->page);
$this->page = str_replace('{/!check_edit_site_config}', '', $this->page);
} else {
$this->page = str_replace('{check_edit_site_config}', '', $this->page);
$this->page = str_replace('{/check_edit_site_config}', '', $this->page);
$this->page = preg_replace('/{!check_edit_site_config}(.*?){\\/!check_edit_site_config}/is', '', $this->page);
}
$login_status = $login->verify_priv('edit_member_template');
if ($login_status !== true) {
$this->page = preg_replace('/{check_edit_member_template}(.*?){\\/check_edit_member_template}/is', '', $this->page);
$this->page = str_replace('{!check_edit_member_template}', '', $this->page);
$this->page = str_replace('{/!check_edit_member_template}', '', $this->page);
} else {
$this->page = str_replace('{check_edit_member_template}', '', $this->page);
$this->page = str_replace('{/check_edit_member_template}', '', $this->page);
$this->page = preg_replace('/{!check_edit_member_template}(.*?){\\/!check_edit_member_template}/is', '', $this->page);
}
$login_status = $login->verify_priv('edit_agent_template');
if ($login_status !== true) {
$this->page = preg_replace('/{check_edit_agent_template}(.*?){\\/check_edit_agent_template}/is', '', $this->page);
$this->page = str_replace('{!check_edit_agent_template}', '', $this->page);
$this->page = str_replace('{/!check_edit_agent_template}', '', $this->page);
} else {
$this->page = str_replace('{check_edit_agent_template}', '', $this->page);
$this->page = str_replace('{/check_edit_agent_template}', '', $this->page);
$this->page = preg_replace('/{!check_edit_agent_template}(.*?){\\/!check_edit_agent_template}/is', '', $this->page);
}
$login_status = $login->verify_priv('edit_listing_template');
if ($login_status !== true) {
$this->page = preg_replace('/{check_edit_listing_template}(.*?){\\/check_edit_listing_template}/is', '', $this->page);
$this->page = str_replace('{!check_edit_listing_template}', '', $this->page);
$this->page = str_replace('{/!check_edit_listing_template}', '', $this->page);
} else {
$this->page = str_replace('{check_edit_listing_template}', '', $this->page);
$this->page = str_replace('{/check_edit_listing_template}', '', $this->page);
$this->page = preg_replace('/{!check_edit_listing_template}(.*?){\\/!check_edit_listing_template}/is', '', $this->page);
}
$login_status = $login->verify_priv('canViewLogs');
if ($login_status !== true) {
// Use pregreplace to removed {check_agent} tags and content between them
$this->page = preg_replace('/{check_view_logs}(.*?){\\/check_view_logs}/is', '', $this->page);
$this->page = str_replace('{!check_view_logs}', '', $this->page);
$this->page = str_replace('{/!check_view_logs}', '', $this->page);
} else {
$this->page = preg_replace('/{!check_view_logs}(.*?){\\/!check_view_logs}/is', '', $this->page);
// Use strreplace to remove {check_agent} tags and leave the content.
$this->page = str_replace('{check_view_logs}', '', $this->page);
$this->page = str_replace('{/check_view_logs}', '', $this->page);
}
$login_status = $login->verify_priv('editpages');
if ($login_status !== true) {
// Use pregreplace to removed {check_agent} tags and content between them
$this->page = preg_replace('/{check_edit_pages}(.*?){\\/check_edit_pages}/is', '', $this->page);
$this->page = str_replace('{!check_edit_pages}', '', $this->page);
$this->page = str_replace('{/!check_edit_pages}', '', $this->page);
} else {
// Use strreplace to remove {check_agent} tags and leave the content.
$this->page = str_replace('{check_edit_pages}', '', $this->page);
$this->page = str_replace('{/check_edit_pages}', '', $this->page);
$this->page = preg_replace('/{!check_edit_pages}(.*?){\\/!check_edit_pages}/is', '', $this->page);
}
$login_status = $login->verify_priv('edit_all_listings');
if ($login_status !== true) {
// Use pregreplace to removed {check_agent} tags and content between them
$this->page = preg_replace('/{check_edit_all_listings}(.*?){\\/check_edit_all_listings}/is', '', $this->page);
$this->page = str_replace('{!check_edit_all_listings}', '', $this->page);
$this->page = str_replace('{/!check_edit_all_listings}', '', $this->page);
} else {
// Use strreplace to remove {check_agent} tags and leave the content.
$this->page = str_replace('{check_edit_all_listings}', '', $this->page);
$this->page = str_replace('{/check_edit_all_listings}', '', $this->page);
$this->page = preg_replace('/{!check_edit_all_listings}(.*?){\\/!check_edit_all_listings}/is', '', $this->page);
}
$login_status = $login->verify_priv('edit_all_users');
if ($login_status !== true) {
// Use pregreplace to removed {check_agent} tags and content between them
$this->page = preg_replace('/{check_edit_all_users}(.*?){\\/check_edit_all_users}/is', '', $this->page);
$this->page = str_replace('{!check_edit_all_users}', '', $this->page);
$this->page = str_replace('{/!check_edit_all_users}', '', $this->page);
} else {
// Use strreplace to remove {check_agent} tags and leave the content.
$this->page = str_replace('{check_edit_all_users}', '', $this->page);
$this->page = str_replace('{/check_edit_all_users}', '', $this->page);
$this->page = preg_replace('/{!check_edit_all_users}(.*?){\\/!check_edit_all_users}/is', '', $this->page);
}
$login_status = $login->verify_priv('edit_property_classes');
if ($login_status !== true) {
// Use pregreplace to removed {check_agent} tags and content between them
$this->page = preg_replace('/{check_edit_listing_classes}(.*?){\\/check_edit_listing_classes}/is', '', $this->page);
$this->page = str_replace('{!check_edit_listing_classes}', '', $this->page);
$this->page = str_replace('{/!check_edit_listing_classes}', '', $this->page);
} else {
// Use strreplace to remove {check_agent} tags and leave the content.
$this->page = str_replace('{check_edit_listing_classes}', '', $this->page);
$this->page = str_replace('{/check_edit_listing_classes}', '', $this->page);
$this->page = preg_replace('/{!check_edit_listing_classes}(.*?){\\/!check_edit_listing_classes}/is', '', $this->page);
}
$login_status = $login->verify_priv('havevtours');
if ($login_status !== true) {
// Use pregreplace to removed {check_agent} tags and content between them
$this->page = preg_replace('/{check_have_vtours}(.*?){\\/check_have_vtours}/is', '', $this->page);
$this->page = str_replace('{!check_have_vtours}', '', $this->page);
$this->page = str_replace('{/!check_have_vtours}', '', $this->page);
} else {
// Use strreplace to remove {check_agent} tags and leave the content.
$this->page = preg_replace('/{!check_have_vtours}(.*?){\\/!check_have_vtours}/is', '', $this->page);
$this->page = str_replace('{check_have_vtours}', '', $this->page);
$this->page = str_replace('{/check_have_vtours}', '', $this->page);
}
$login_status = $login->verify_priv('havefiles');
if ($login_status !== true) {
// Use pregreplace to removed {check_agent} tags and content between them
$this->page = preg_replace('/{check_have_files}(.*?){\\/check_have_files}/is', '', $this->page);
$this->page = str_replace('{!check_have_files}', '', $this->page);
$this->page = str_replace('{/!check_have_files}', '', $this->page);
} else {
// Use strreplace to remove {check_agent} tags and leave the content.
$this->page = preg_replace('/{!check_have_files}(.*?){\\/!check_have_files}/is', '', $this->page);
$this->page = str_replace('{check_have_files}', '', $this->page);
$this->page = str_replace('{/check_have_files}', '', $this->page);
}
if (isset($_GET['printer_friendly']) && $_GET['printer_friendly'] == 'yes') {
$this->page = preg_replace('/{hide_printer_friendly}(.*?){\\/hide_printer_friendly}/is', '', $this->page);
$this->page = str_replace('{show_printer_friendly}', '', $this->page);
$this->page = str_replace('{/show_printer_friendly}', '', $this->page);
} else {
$this->page = preg_replace('/{show_printer_friendly}(.*?){\\/show_printer_friendly}/is', '', $this->page);
$this->page = str_replace('{hide_printer_friendly}', '', $this->page);
$this->page = str_replace('{/hide_printer_friendly}', '', $this->page);
}
$login_status = $login->verify_priv('can_manage_addons');
if ($login_status !== true) {
// Use pregreplace to removed {check_agent} tags and content between them
$this->page = preg_replace('/{check_addon_manager}(.*?){\\/check_addon_manager}/is', '', $this->page);
$this->page = str_replace('{!check_addon_manager}', '', $this->page);
$this->page = str_replace('{/!check_addon_manager}', '', $this->page);
} else {
// Use strreplace to remove {check_agent} tags and leave the content.
$this->page = preg_replace('/{!check_addon_manager}(.*?){\\/!check_addon_manager}/is', '', $this->page);
$this->page = str_replace('{check_addon_manager}', '', $this->page);
$this->page = str_replace('{/check_addon_manager}', '', $this->page);
}
//can_access_blog_manager
$login_status = $login->verify_priv('can_access_blog_manager');
if ($login_status !== true) {
// Use pregreplace to removed {check_agent} tags and content between them
$this->page = preg_replace('/{check_access_blog_manager}(.*?){\\/check_access_blog_manager}/is', '', $this->page);
$this->page = str_replace('{!check_access_blog_manager}', '', $this->page);
$this->page = str_replace('{/!check_access_blog_manager}', '', $this->page);
} else {
// Use strreplace to remove {check_agent} tags and leave the content.
$this->page = preg_replace('/{!check_access_blog_manager}(.*?){\\/!check_access_blog_manager}/is', '', $this->page);
$this->page = str_replace('{check_access_blog_manager}', '', $this->page);
$this->page = str_replace('{/check_access_blog_manager}', '', $this->page);
}
}
function loginCheck($priv_level_needed, $internal = false)
{
global $conn, $config, $lang;
// Load misc Class
$display = '';
$checked = login::check_login();
if (!$checked and !isset($_POST['user_name'])) {
if ($internal !== true) {
return login::display_login($priv_level_needed);
} else {
return false;
}
} elseif (isset($_POST['user_name'])) {
if (!$_POST['user_name'] || !$_POST['user_pass']) {
if ($internal !== true) {
$display .= $lang['required_field_not_filled'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
}
/* Spruce up username, check length */
$_POST['user_name'] = trim($_POST['user_name']);
if (strlen($_POST['user_name']) > 30) {
if ($internal !== true) {
$display .= $lang['username_excessive_length'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
}
/* Checks that username is in database and password is correct */
$md5pass = md5($_POST['user_pass']);
$result = login::confirm_user($_POST['user_name'], $md5pass);
/* Check error codes */
if ($result == 1) {
if ($internal !== true) {
$display .= $lang['nonexistent_username'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
} else {
if ($result == 2) {
if ($internal !== true) {
$display .= $lang['incorrect_password'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
} else {
if ($result == 3) {
if ($internal !== true) {
$display .= $lang['inactive_user'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
}
}
}
}
if (isset($_POST['user_name']) || $checked) {
/* Username and password correct, register session variables */
if (isset($_POST['user_name'])) {
$_POST['user_name'] = stripslashes($_POST['user_name']);
$_SESSION['username'] = $_POST['user_name'];
$_SESSION['userpassword'] = $md5pass;
}
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$username = $misc->make_db_safe($_SESSION['username']);
$sql = 'SELECT * FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_user_name= ' . $username;
$recordSet = $conn->Execute($sql);
$_SESSION['userID'] = $recordSet->fields['userdb_id'];
$_SESSION['admin_privs'] = $recordSet->fields['userdb_is_admin'];
$_SESSION['active'] = $recordSet->fields['userdb_active'];
$_SESSION['isAgent'] = $recordSet->fields['userdb_is_agent'];
$_SESSION['featureListings'] = $recordSet->fields['userdb_can_feature_listings'];
$_SESSION['viewLogs'] = $recordSet->fields['userdb_can_view_logs'];
$_SESSION['moderator'] = $recordSet->fields['userdb_can_moderate'];
$_SESSION['editpages'] = $recordSet->fields['userdb_can_edit_pages'];
$_SESSION['havevtours'] = $recordSet->fields['userdb_can_have_vtours'];
$_SESSION['havefiles'] = $recordSet->fields['userdb_can_have_files'];
$_SESSION['is_member'] = 'yes';
// Removed in 2.1
// $_SESSION['editForms'] = $recordSet->fields['userdb_can_edit_forms'];
// New Permissions with OR 2.1
$_SESSION['edit_site_config'] = $recordSet->fields['userdb_can_edit_site_config'];
$_SESSION['edit_member_template'] = $recordSet->fields['userdb_can_edit_member_template'];
$_SESSION['edit_agent_template'] = $recordSet->fields['userdb_can_edit_agent_template'];
$_SESSION['edit_listing_template'] = $recordSet->fields['userdb_can_edit_listing_template'];
$_SESSION['export_listings'] = $recordSet->fields['userdb_can_export_listings'];
$_SESSION['edit_all_listings'] = $recordSet->fields['userdb_can_edit_all_listings'];
$_SESSION['edit_all_users'] = $recordSet->fields['userdb_can_edit_all_users'];
$_SESSION['edit_property_classes'] = $recordSet->fields['userdb_can_edit_property_classes'];
$_SESSION['edit_expiration'] = $recordSet->fields['userdb_can_edit_expiration'];
$_SESSION['blog_user_type'] = $recordSet->fields['userdb_blog_user_type'];
$_SESSION['can_manage_addons'] = $recordSet->fields['userdb_can_manage_addons'];
/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his md5 encrypted password. We set them both to
* expire in 100 days. Now, next time he comes to our site, we will
* log him in automatically.
*/
if (isset($_POST['remember'])) {
setcookie('cookname', $_SESSION['username'], time() + 60 * 60 * 24 * 100, '/');
setcookie('cookpass', $_SESSION['userpassword'], time() + 60 * 60 * 24 * 100, '/');
}
if (!login::verify_priv($priv_level_needed)) {
if ($internal !== true) {
$display .= $lang['access_denied'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
} else {
return true;
}
}
}
