forked from science-ation/science-ation
Users can login and logout and look at their home pages.
This commit is contained in:
parent
56987c174a
commit
b1f2718a3c
151
account.inc.php
Normal file
151
account.inc.php
Normal file
@ -0,0 +1,151 @@
|
|||||||
|
<?
|
||||||
|
/*
|
||||||
|
This file is part of the 'Science Fair In A Box' project
|
||||||
|
SFIAB Website: http://www.sfiab.ca
|
||||||
|
|
||||||
|
Copyright (C) 2010 David Grant <dave@lightbox.org>
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or
|
||||||
|
modify it under the terms of the GNU General Public
|
||||||
|
License as published by the Free Software Foundation, version 2.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; see the file COPYING. If not, write to
|
||||||
|
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
||||||
|
Boston, MA 02111-1307, USA.
|
||||||
|
*/
|
||||||
|
?>
|
||||||
|
<?
|
||||||
|
|
||||||
|
function account_valid_user($user)
|
||||||
|
{
|
||||||
|
/* Find any character that doesn't match the valid username characters
|
||||||
|
* (^ inverts the matching remember */
|
||||||
|
$x = preg_match('[^a-zA-Z0-9@.-_]',$user);
|
||||||
|
|
||||||
|
/* If x==1, a match was found, and the input is bad */
|
||||||
|
return ($x == 1) ? false : true;
|
||||||
|
}
|
||||||
|
|
||||||
|
function account_valid_password($pass)
|
||||||
|
{
|
||||||
|
/* Same as user, but allow more characters */
|
||||||
|
$x = preg_match('[^a-zA-Z0-9 ~!@#$%^&*()-_=+|;:,<.>/?]',$pass);
|
||||||
|
|
||||||
|
/* If x==1, a match was found, and the input is bad */
|
||||||
|
if($x == 1) return false;
|
||||||
|
|
||||||
|
if(strlen($pass) < 6) return false;
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* A more strict version of isEmailAddress() */
|
||||||
|
function account_valid_email($str)
|
||||||
|
{
|
||||||
|
$x = preg_match('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str);
|
||||||
|
return ($x == 1) ? true : false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Duplicate of common.inc.php:generatePassword, which will be deleted
|
||||||
|
* eventually when ALL users are handled through this file */
|
||||||
|
function account_generate_password($pwlen=8)
|
||||||
|
{
|
||||||
|
//these are good characters that are not easily confused with other characters :)
|
||||||
|
$available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789";
|
||||||
|
$len=strlen($available) - 1;
|
||||||
|
|
||||||
|
$key="";
|
||||||
|
for($x=0;$x<$pwlen;$x++)
|
||||||
|
$key.=$available{rand(0,$len)};
|
||||||
|
return $key;
|
||||||
|
}
|
||||||
|
|
||||||
|
function account_set_password($accounts_id, $password = NULL)
|
||||||
|
{
|
||||||
|
$save_old = false;
|
||||||
|
if($password == NULL) {
|
||||||
|
$q = mysql_query("SELECT passwordset FROM accounts WHERE id='$accounts_id'");
|
||||||
|
$a = mysql_fetch_assoc($q);
|
||||||
|
/* Generate a new password */
|
||||||
|
$password = account_generate_password(12);
|
||||||
|
/* save the old password only if it's not an auto-generated one */
|
||||||
|
if($a['passwordset'] != '0000-00-00') $save_old = true;
|
||||||
|
/* Expire the password */
|
||||||
|
$save_set = "'0000-00-00'";
|
||||||
|
} else {
|
||||||
|
/* Set the password, no expiry, save the old */
|
||||||
|
$save_old = true;
|
||||||
|
$save_set = 'NOW()';
|
||||||
|
}
|
||||||
|
|
||||||
|
$p = mysql_escape_string($password);
|
||||||
|
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
|
||||||
|
$set .= "password='$p', passwordset=$save_set ";
|
||||||
|
|
||||||
|
$query = "UPDATE accounts SET $set WHERE id='$accounts_id'";
|
||||||
|
mysql_query($query);
|
||||||
|
echo mysql_error();
|
||||||
|
|
||||||
|
return $password;
|
||||||
|
}
|
||||||
|
|
||||||
|
function account_load($id)
|
||||||
|
{
|
||||||
|
$id = intval($id);
|
||||||
|
$q = mysql_query("SELECT * FROM accounts WHERE id='$id'");
|
||||||
|
if(mysql_num_rows($q) == 0) {
|
||||||
|
echo "No such account $id";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
if(mysql_num_rows($q) > 1) {
|
||||||
|
echo "More than one account returned for $id";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
$a = mysql_fetch_assoc($q);
|
||||||
|
return $a;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function account_create($username)
|
||||||
|
{
|
||||||
|
global $config;
|
||||||
|
|
||||||
|
/* Sanity check username */
|
||||||
|
if(!user_valid_user($username)) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Make sure the user doesn't exist */
|
||||||
|
$us = mysql_real_escape_string($username);
|
||||||
|
$q = mysql_query("SELECT * FROM accounts WHERE username='$us'");
|
||||||
|
if(mysql_num_rows($q)) {
|
||||||
|
return -2;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Create the account */
|
||||||
|
mysql_query("INSERT INTO accounts (`username`,`created`,`deleted`,`superuser`)
|
||||||
|
VALUES ('$us', NOW(),'no','no')");
|
||||||
|
echo mysql_error();
|
||||||
|
|
||||||
|
$accounts_id = mysql_insert_id();
|
||||||
|
|
||||||
|
account_set_password($accounts_id, NULL);
|
||||||
|
|
||||||
|
$a = account_load($accounts_id);
|
||||||
|
return $a;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
if(user_valid_email($username)) {
|
||||||
|
mysql_query("UPDATE users SET email='$username' WHERE id='$uid'");
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
?>
|
@ -257,12 +257,17 @@ while($r=mysql_fetch_object($q)) {
|
|||||||
$config['dates'][$r->name]=$r->date;
|
$config['dates'][$r->name]=$r->date;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//load roles
|
||||||
|
$roles=array();
|
||||||
|
$q = mysql_query("SELECT * FROM roles");
|
||||||
|
while(($r = mysql_fetch_assoc($q))) {
|
||||||
|
$roles[$r['type']] = $r;
|
||||||
|
}
|
||||||
|
|
||||||
//and now pull the theme
|
//and now pull the theme
|
||||||
require_once("theme/{$config['theme']}/theme.php");
|
require_once("theme/{$config['theme']}/theme.php");
|
||||||
require_once("theme/{$config['theme_icons']}/icons.php");
|
require_once("theme/{$config['theme_icons']}/icons.php");
|
||||||
|
|
||||||
require_once("committee.inc.php");
|
|
||||||
|
|
||||||
//detect the browser first, so we know what icons to use - we store this in the config array as well
|
//detect the browser first, so we know what icons to use - we store this in the config array as well
|
||||||
//even though its not configurable by the fair
|
//even though its not configurable by the fair
|
||||||
if(stristr($_SERVER['HTTP_USER_AGENT'],"MSIE"))
|
if(stristr($_SERVER['HTTP_USER_AGENT'],"MSIE"))
|
||||||
@ -549,10 +554,10 @@ if(isset($_SESSION['users_type'])) {
|
|||||||
|
|
||||||
} else {
|
} else {
|
||||||
?>
|
?>
|
||||||
<form method="post" action="login.php">
|
<form method="post" action="user_login.php">
|
||||||
<input type="hidden" name="action" value="login" />
|
<input type="hidden" name="action" value="login" />
|
||||||
<table cellspacing=1 cellpadding=1><tr><td>
|
<table cellspacing=1 cellpadding=1><tr><td>
|
||||||
<?=i18n("Username")?>:</td><td><input type="email" size="14" name="user" />
|
<?=i18n("Username")?>:</td><td><input type="username" size="14" name="user" />
|
||||||
</td></tr><tr><td>
|
</td></tr><tr><td>
|
||||||
<?=i18n("Password")?>:</td><td><input type="password" size="14" name="pass" />
|
<?=i18n("Password")?>:</td><td><input type="password" size="14" name="pass" />
|
||||||
</td></tr>
|
</td></tr>
|
||||||
@ -629,40 +634,41 @@ if(is_array($nav)) {
|
|||||||
|
|
||||||
?>
|
?>
|
||||||
<?
|
<?
|
||||||
if($_SESSION['users_type'] == 'committee') {
|
|
||||||
|
if(array_key_exists('users_id', $_SESSION)) {
|
||||||
|
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/user_main.php\">".i18n("Main Page").'</a></li>';
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/user_personal.php\">".i18n("My Profile").'</a></li>';
|
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/user_personal.php\">".i18n("My Profile").'</a></li>';
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/committee_main.php\">".i18n("Committee Home").'</a></li>';
|
if(in_array('committee', $_SESSION['roles'])) {
|
||||||
if(committee_auth_has_access("admin")){
|
// echo "<li><a href=\"{$config['SFIABDIRECTORY']}/committee_main.php\">".i18n("Committee Home").'</a></li>';
|
||||||
|
}
|
||||||
|
if(in_array('admin', $_SESSION['roles'])) {
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/\">".i18n("Administration").'</a></li>';
|
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/admin/\">".i18n("Administration").'</a></li>';
|
||||||
}
|
}
|
||||||
if(committee_auth_has_access("config")){
|
if(in_array('config', $_SESSION['roles'])) {
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/config/\">".i18n("Configuration").'</a></li>';
|
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/config/\">".i18n("Configuration").'</a></li>';
|
||||||
}
|
}
|
||||||
if(committee_auth_has_access("super")){
|
if($_SESSION['superuser'] == 'yes') {
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/super/\">".i18n("System Setup").'</a></li>';
|
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/super/\">".i18n("System Setup").'</a></li>';
|
||||||
}
|
}
|
||||||
} else if($_SESSION['users_type']=="judge") {
|
if(in_array('volunteer', $_SESSION['roles'])) {
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/user_personal.php\">".i18n("My Profile").'</a></li>';
|
// echo "<li><a href=\"{$config['SFIABDIRECTORY']}/volunteer_main.php\">".i18n("Volunteer Home").'</a></li>';
|
||||||
|
}
|
||||||
|
if(in_array('sponsor', $_SESSION['roles'])) {
|
||||||
|
// echo "<li><a href=\"{$config['SFIABDIRECTORY']}/sponsor_main.php\">".i18n("Sponsor Home").'</a></li>';
|
||||||
|
}
|
||||||
|
/* FIXME: setting the schoolid should move to the user_login routine, so we can just test for
|
||||||
|
* the presence of the school/teacher/principal role here */
|
||||||
|
if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) {
|
||||||
|
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/schoolaccess.php\">".i18n("School Home").'</a></li>';
|
||||||
|
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/schoolaccess.php?action=logout\">".i18n("Logout").'</a></li>';
|
||||||
|
}
|
||||||
|
if(in_array('student', $_SESSION['roles'])) {
|
||||||
|
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/register_participants_main.php\">".i18n("Participant Home").'</a></li>';
|
||||||
|
}
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/user_login.php?action=logout\">".i18n("Logout").'</a></li>';
|
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/user_login.php?action=logout\">".i18n("Logout").'</a></li>';
|
||||||
} else if($_SESSION['users_type']=="volunteer") {
|
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/user_personal.php\">".i18n("My Profile").'</a></li>';
|
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/volunteer_main.php\">".i18n("Volunteer Home").'</a></li>';
|
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/user_login.php?action=logout\">".i18n("Logout").'</a></li>';
|
|
||||||
} else if($_SESSION['users_type']=="sponsor") {
|
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/user_personal.php\">".i18n("My Profile").'</a></li>';
|
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/sponsor_main.php\">".i18n("Sponsor Home").'</a></li>';
|
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/user_login.php?action=logout\">".i18n("Logout").'</a></li>';
|
|
||||||
} else if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) {
|
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/schoolaccess.php\">".i18n("School Home").'</a></li>';
|
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/schoolaccess.php?action=logout\">".i18n("Logout").'</a></li>';
|
|
||||||
}
|
}
|
||||||
else if($_SESSION['registration_number'] && $_SESSION['registration_id']) {
|
?>
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/register_participants_main.php\">".i18n("Participant Home").'</a></li>';
|
</ul>
|
||||||
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/register_participants.php?action=logout\">".i18n("Logout")."</a></li>\n";
|
|
||||||
} else {
|
|
||||||
}
|
|
||||||
?></ul>
|
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<?
|
<?
|
||||||
if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-7)=="/config" || substr(getcwd(),-6)=="/super") {
|
if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-7)=="/config" || substr(getcwd(),-6)=="/super") {
|
||||||
@ -695,12 +701,17 @@ if(is_array($nav)) {
|
|||||||
<div id="main">
|
<div id="main">
|
||||||
<?
|
<?
|
||||||
|
|
||||||
if(committee_auth_has_access("config") || committee_auth_has_access("admin"))
|
if(is_array($_SESSION['roles'])) {
|
||||||
committee_warnings();
|
$has_config = array_key_exists('config', $_SESSION['roles']);
|
||||||
if(committee_auth_has_access("config"))
|
$has_admin = array_key_exists('admin', $_SESSION['roles']);
|
||||||
config_warnings();
|
|
||||||
if(committee_auth_has_access("admin"))
|
if($has_config || $has_admin)
|
||||||
admin_warnings();
|
committee_warnings();
|
||||||
|
if($has_config)
|
||||||
|
config_warnings();
|
||||||
|
if($has_admin)
|
||||||
|
admin_warnings();
|
||||||
|
}
|
||||||
|
|
||||||
if(substr(getcwd(),-6)!="/admin" && substr(getcwd(),-7)!="/config" && substr(getcwd(),-6)!="/super") {
|
if(substr(getcwd(),-6)!="/admin" && substr(getcwd(),-7)!="/config" && substr(getcwd(),-6)!="/super") {
|
||||||
?>
|
?>
|
||||||
@ -730,6 +741,7 @@ else if($title)
|
|||||||
echo "<h2>".$title."</h2>";
|
echo "<h2>".$title."</h2>";
|
||||||
|
|
||||||
display_messages();
|
display_messages();
|
||||||
|
|
||||||
}
|
}
|
||||||
/* END OF send_header */
|
/* END OF send_header */
|
||||||
|
|
||||||
|
877
user.inc.php
877
user.inc.php
File diff suppressed because it is too large
Load Diff
355
user_login.php
355
user_login.php
@ -23,28 +23,27 @@
|
|||||||
*/
|
*/
|
||||||
?>
|
?>
|
||||||
<?
|
<?
|
||||||
require_once("common.inc.php");
|
require_once('common.inc.php');
|
||||||
require_once("user.inc.php");
|
require_once('account.inc.php');
|
||||||
|
require_once('user.inc.php');
|
||||||
|
|
||||||
function try_login($user, $pass) {
|
function try_login($user, $pass)
|
||||||
/* Ensure sanity of inputs, user should be an email address, but it's stored
|
{
|
||||||
* in the username field */
|
/* Ensure sanity of inputs */
|
||||||
/* FIXME: this should be user_valid_email, but can't be yet, because
|
/* User could be a username, or could be an email, check */
|
||||||
* we copy the usernames from the email field, and that field may
|
if(!account_valid_user($user) && !account_valid_email($user)) {
|
||||||
* contain a name too */
|
return false;
|
||||||
if(!isEmailAddress($user)) {
|
|
||||||
/* It's possible that it's a username */
|
|
||||||
if(!user_valid_user($user)) return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
//we cannot check for a valid_password here, because converted users dont enforce password length of 6 which user_valid_password does.
|
/* Don't check for a valid password, administrators can set any password they'd like, but
|
||||||
//all we can do is check if its a length >0
|
* there has to be a password */
|
||||||
//$x = user_valid_password($pass);
|
if(!strlen($pass)) {
|
||||||
if(!strlen($pass))
|
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
$user = mysql_escape_string($user);
|
$user = mysql_real_escape_string($user);
|
||||||
$q = mysql_query("SELECT id, password FROM accounts WHERE username='$user'");
|
$q = mysql_query("SELECT id,password,deleted FROM accounts WHERE username='$user'");
|
||||||
|
echo mysql_error();
|
||||||
/*
|
/*
|
||||||
$q = mysql_query("SELECT id,username,password,year,deleted
|
$q = mysql_query("SELECT id,username,password,year,deleted
|
||||||
FROM users
|
FROM users
|
||||||
@ -54,37 +53,28 @@
|
|||||||
*/
|
*/
|
||||||
if(mysql_num_rows($q) < 1) return false;
|
if(mysql_num_rows($q) < 1) return false;
|
||||||
|
|
||||||
$r = mysql_fetch_object($q);
|
$r = mysql_fetch_assoc($q);
|
||||||
|
|
||||||
/* See if the user account has been deleted */
|
/* See if the user account has been deleted */
|
||||||
// if($r->deleted == 'yes') return false; // FIXME - do we need a deleted field in the accounts table as well?
|
if($r['deleted'] == 'yes') return false;
|
||||||
|
|
||||||
/* See if the password matches */
|
/* See if the password matches */
|
||||||
if($r->password != $pass) return false;
|
if($r['password'] != $pass) return false;
|
||||||
|
|
||||||
/* Login successful */
|
/* Login successful */
|
||||||
return $r->id;
|
return $r['id'];
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If there is no session, accept a type from the URL, else,
|
/* Don't do any login stuff if they're already logged in */
|
||||||
* if there is a session, always take the session's type. The idea is
|
if(isset($_SESSION['accounts_id'])) {
|
||||||
* eventually, you'll never be able to see a login page if you're already
|
/* They're already logged in, if they're not trying to logout, don't
|
||||||
* logged in. */
|
* let them see the login page */
|
||||||
$type = false;
|
|
||||||
if(isset($_SESSION['users_type'])) {
|
|
||||||
/* They're already logged in */
|
|
||||||
$type = $_SESSION['users_type'];
|
|
||||||
/* If they're not trying to logout, don't let them see the login page */
|
|
||||||
if($_GET['action'] != 'logout') {
|
if($_GET['action'] != 'logout') {
|
||||||
message_push(error(i18n('You are already logged in, please use the [Logout] link in the upper right to logout before logging in as different user')));
|
message_push(error(i18n('You are already logged in, please use the [Logout] link in the upper right to logout before logging in as different user')));
|
||||||
header("location: {$type}_main.php");
|
header("location: user_main.php");
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
} else {
|
}
|
||||||
$type = $_GET['type'];
|
|
||||||
/* user_types is in user.inc.php */
|
|
||||||
if(!in_array($type, $user_types)) $type = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
$notice=$_GET['notice'];
|
$notice=$_GET['notice'];
|
||||||
|
|
||||||
@ -103,7 +93,8 @@
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
switch($type) {
|
/*
|
||||||
|
switch($role) {
|
||||||
case 'volunteer':
|
case 'volunteer':
|
||||||
// returns "notopenyet", "closed", or "open"
|
// returns "notopenyet", "closed", or "open"
|
||||||
$reg_open = user_volunteer_registration_status();
|
$reg_open = user_volunteer_registration_status();
|
||||||
@ -121,7 +112,7 @@
|
|||||||
$reg_open = 'notpermitted';
|
$reg_open = 'notpermitted';
|
||||||
break;
|
break;
|
||||||
case 'parent': case 'alumni': case 'principal': case 'mentor':
|
case 'parent': case 'alumni': case 'principal': case 'mentor':
|
||||||
/* Always open, because they could have been auto-created */
|
/* Always open, because they could have been auto-created
|
||||||
$reg_open = 'open';
|
$reg_open = 'open';
|
||||||
break;
|
break;
|
||||||
case 'student':
|
case 'student':
|
||||||
@ -131,133 +122,132 @@
|
|||||||
$reg_open = 'closed';
|
$reg_open = 'closed';
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if($_POST['action']=="login" )
|
*/
|
||||||
{
|
|
||||||
if($_POST['pass'] && $_POST['user'])
|
|
||||||
{
|
|
||||||
$id = try_login($_POST['user'], $_POST['pass']);
|
|
||||||
if($id == false) {
|
|
||||||
message_push(error(i18n("Invalid Email/Password")));
|
|
||||||
header("location: user_login.php?type=$type$redirect_url");
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
$u = user_load($id);
|
if($_POST['action']== 'login' ) {
|
||||||
|
|
||||||
/* Make sure the user we loaded is actually for the current year, if not,
|
$user = $_POST['username'];
|
||||||
* we need to duplicate the user */
|
$pass = $_POST['password'];
|
||||||
/*
|
|
||||||
if($u['year'] != $config['FAIRYEAR']) {
|
|
||||||
$id = user_dupe($u, $config['FAIRYEAR']);
|
|
||||||
$u = user_load($id);
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* Make sure $type is in their types */
|
$accounts_id = try_login($user, $pass);
|
||||||
if(!in_array($type, $u['types'])) {
|
if($accounts_id == false) {
|
||||||
/* Huh, someone is fudging with the HTML, get
|
message_push(error(i18n("Invalid Email/Password")));
|
||||||
* out before touching the session */
|
header("location: user_login.php");
|
||||||
header("location: index.php");
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
$_SESSION['name']="{$u['firstname']} {$u['lastname']}";
|
|
||||||
$_SESSION['username']=$u['username'];
|
|
||||||
$_SESSION['email']=$u['email'];
|
|
||||||
$_SESSION['users_id']=$u['id'];
|
|
||||||
$_SESSION['users_uid']=$u['uid'];
|
|
||||||
$_SESSION['users_type']=$type;
|
|
||||||
|
|
||||||
/* Load the password expiry for each user type, and
|
|
||||||
* find the longest expiry, which is the one we'll use
|
|
||||||
* for this user to determine if the passwd has
|
|
||||||
* expired. */
|
|
||||||
$longest_expiry = 0;
|
|
||||||
foreach($u['types'] as $t) {
|
|
||||||
$e = $config["{$t}_password_expiry_days"];
|
|
||||||
if($e == 0) {
|
|
||||||
/* Catch a never expire case. */
|
|
||||||
$longest_expiry = 0;
|
|
||||||
break;
|
|
||||||
} else if($e > $longest_expiry) {
|
|
||||||
$longest_expiry = $e;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if($u['passwordset'] == '0000-00-00') {
|
|
||||||
/* Force the password to expire */
|
|
||||||
$_SESSION['password_expired'] = true;
|
|
||||||
} else if($longest_expiry == 0) {
|
|
||||||
/* Never expires */
|
|
||||||
unset($_SESSION['password_expired']);
|
|
||||||
} else {
|
|
||||||
/* Check expiry */
|
|
||||||
$expires = date('Y-m-d', strtotime("{$u['passwordset']} +$longest_expiry days"));
|
|
||||||
$now = date('Y-m-d');
|
|
||||||
if($now > $expires) {
|
|
||||||
$_SESSION['password_expired'] = true;
|
|
||||||
} else {
|
|
||||||
unset($_SESSION['password_expired']);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/* If password_expired == true, the main page (or any
|
|
||||||
* other user page) will catch this and require
|
|
||||||
* them to set a password */
|
|
||||||
|
|
||||||
/* Call login functions for each type, so multirole
|
|
||||||
* users can easily switch */
|
|
||||||
foreach($u['types'] as $t) {
|
|
||||||
if(is_callable("user_{$t}_login")) {
|
|
||||||
call_user_func_array("user_{$t}_login", array($u));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
mysql_query("UPDATE users SET lastlogin=NOW()
|
|
||||||
WHERE id={$u['id']}");
|
|
||||||
|
|
||||||
/* Setup multirole so a multirole user can switch if they want to
|
|
||||||
* without logging in/out */
|
|
||||||
if(count($u['types']) > 1) {
|
|
||||||
$_SESSION['multirole'] = true;
|
|
||||||
} else {
|
|
||||||
$_SESSION['multirole'] = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* See if there is a redirect, and do that instead of
|
|
||||||
* taking them to their main page */
|
|
||||||
if($redirect != '') {
|
|
||||||
switch($redirect) {
|
|
||||||
case 'roleadd':
|
|
||||||
if(!in_array($multirole_data, $user_types))
|
|
||||||
$multirole_data = '';
|
|
||||||
|
|
||||||
header("location: user_multirole.php?action=add&type=$multirole_data");
|
|
||||||
exit;
|
|
||||||
case 'roleattached':
|
|
||||||
message_push(happy(i18n('The %1 role has been attached to your account', array($user_what[$type]))));
|
|
||||||
message_push(notice(i18n('Use the [Switch Roles] link in the upper right to change roles while you are logged in')));
|
|
||||||
header("location: {$type}_main.php");
|
|
||||||
exit;
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Is there a saved requesT_uri from a failed login attempt?, if so
|
|
||||||
* take them there */
|
|
||||||
if(array_key_exists('request_uri', $_SESSION)) {
|
|
||||||
header("location: {$_SESSION['request_uri']}");
|
|
||||||
unset($_SESSION['request_uri']);
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
header("location: {$type}_main.php");
|
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
message_push(error(i18n("Invalid Email/Password")));
|
$a = account_load($accounts_id);
|
||||||
header("location: user_login.php?type=$type");
|
|
||||||
|
/* Use the active conference to find the user id to load */
|
||||||
|
/* FIXME: Need to be able to handle the case where there is no
|
||||||
|
* active conference, but one step at a time */
|
||||||
|
$q = mysql_query("SELECT id FROM users WHERE accounts_id=$accounts_id AND conferences_id={$_SESSION['conferenceid']}");
|
||||||
|
if(mysql_num_rows($q) == 0) {
|
||||||
|
/* FIXME: this should probably just return false, but for now, see if there's an error */
|
||||||
|
echo "No user for that conference";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
if(mysql_num_rows($q) > 1) {
|
||||||
|
echo "DATABASE ERROR: More than one user for account $accounts_id conference {$_SESSION['conferenceid']}";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
$uid = mysql_fetch_assoc($q);
|
||||||
|
$id = $uid['id'];
|
||||||
|
|
||||||
|
$u = user_load($id);
|
||||||
|
|
||||||
|
$_SESSION['name']="{$u['firstname']} {$u['lastname']}";
|
||||||
|
$_SESSION['username']=$u['username'];
|
||||||
|
$_SESSION['email']=$u['email'];
|
||||||
|
$_SESSION['users_id']=$u['id'];
|
||||||
|
$_SESSION['accounts_id']=$u['accounts_id'];
|
||||||
|
$_SESSION['roles']=array_keys($u['roles']);
|
||||||
|
$_SESSION['superuser'] = ($a['superuser'] == 'yes') ? 'yes' : 'no';
|
||||||
|
|
||||||
|
/* Load the password expiry for each user role, and
|
||||||
|
* find the longest expiry, which is the one we'll use
|
||||||
|
* for this user to determine if the passwd has
|
||||||
|
* expired. */
|
||||||
|
$longest_expiry = 0;
|
||||||
|
foreach(array_keys($u['roles']) as $r) {
|
||||||
|
$e = $config["{$r}_password_expiry_days"];
|
||||||
|
if($e == 0) {
|
||||||
|
/* Catch a never expire case. */
|
||||||
|
$longest_expiry = 0;
|
||||||
|
break;
|
||||||
|
} else if($e > $longest_expiry) {
|
||||||
|
$longest_expiry = $e;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if($u['passwordset'] == '0000-00-00') {
|
||||||
|
/* Force the password to expire */
|
||||||
|
$_SESSION['password_expired'] = true;
|
||||||
|
} else if($longest_expiry == 0) {
|
||||||
|
/* Never expires */
|
||||||
|
unset($_SESSION['password_expired']);
|
||||||
|
} else {
|
||||||
|
/* Check expiry */
|
||||||
|
$expires = date('Y-m-d', strtotime("{$u['passwordset']} +$longest_expiry days"));
|
||||||
|
$now = date('Y-m-d');
|
||||||
|
if($now > $expires) {
|
||||||
|
$_SESSION['password_expired'] = true;
|
||||||
|
} else {
|
||||||
|
unset($_SESSION['password_expired']);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/* If password_expired == true, the main page (or any
|
||||||
|
* other user page) will catch this and require
|
||||||
|
* them to set a password */
|
||||||
|
|
||||||
|
/* Call login functions for each role */
|
||||||
|
foreach(array_keys($u['roles']) as $r) {
|
||||||
|
if(is_callable("user_{$r}_login")) {
|
||||||
|
call_user_func_array("user_{$r}_login", array($u));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// mysql_query("UPDATE accounts SET lastlogin=NOW()
|
||||||
|
// WHERE id={$u['id']}");
|
||||||
|
|
||||||
|
/* Setup multirole so a multirole user can switch if they want to
|
||||||
|
* without logging in/out */
|
||||||
|
/* if(count($u['roes']) > 1) {
|
||||||
|
$_SESSION['multirole'] = true;
|
||||||
|
} else {
|
||||||
|
$_SESSION['multirole'] = false;
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
/* See if there is a redirect, and do that instead of
|
||||||
|
* taking them to their main page */
|
||||||
|
/* if($redirect != '') {
|
||||||
|
switch($redirect) {
|
||||||
|
case 'roleadd':
|
||||||
|
if(!user_valid_role($multirole_data))
|
||||||
|
$multirole_data = '';
|
||||||
|
|
||||||
|
header("location: user_multirole.php?action=add&role=$multirole_data");
|
||||||
|
exit;
|
||||||
|
case 'roleattached':
|
||||||
|
message_push(happy(i18n('The %1 role has been attached to your account', array($roles[$role]['name']))));
|
||||||
|
message_push(notice(i18n('Use the [Switch Roles] link in the upper right to change roles while you are logged in')));
|
||||||
|
header("location: {$role}_main.php");
|
||||||
|
exit;
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
/* Is there a saved requesT_uri from a failed login attempt?, if so
|
||||||
|
* take them there */
|
||||||
|
if(array_key_exists('request_uri', $_SESSION)) {
|
||||||
|
header("location: {$_SESSION['request_uri']}");
|
||||||
|
unset($_SESSION['request_uri']);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
header("location: user_main.php");
|
||||||
exit;
|
exit;
|
||||||
}
|
|
||||||
else if($_GET['action']=="logout")
|
} else if($_GET['action']=='logout') {
|
||||||
{
|
|
||||||
/* Session keys to skip on logout */
|
/* Session keys to skip on logout */
|
||||||
$skip = array('debug', 'lang', 'messages');
|
$skip = array('debug', 'lang', 'messages');
|
||||||
|
|
||||||
@ -266,30 +256,29 @@
|
|||||||
unset($_SESSION['username']);
|
unset($_SESSION['username']);
|
||||||
unset($_SESSION['email']);
|
unset($_SESSION['email']);
|
||||||
unset($_SESSION['users_id']);
|
unset($_SESSION['users_id']);
|
||||||
unset($_SESSION['users_type']);
|
unset($_SESSION['accounts_id']);
|
||||||
|
unset($_SESSION['roles']);
|
||||||
|
unset($_SESSION['superuser']);
|
||||||
|
|
||||||
/* Take care of anything else */
|
/* Take care of anything else */
|
||||||
$keys = array_diff(array_keys($_SESSION), $skip);
|
$keys = array_diff(array_keys($_SESSION), $skip);
|
||||||
foreach($keys as $k) unset($_SESSION[$k]);
|
foreach($keys as $k) unset($_SESSION[$k]);
|
||||||
|
|
||||||
message_push(notice(i18n("You have been successfully logged out")));
|
message_push(notice(i18n("You have been successfully logged out")));
|
||||||
if($type != '')
|
header("Location: user_login.php{$redirect_url}");
|
||||||
header("Location: user_login.php?type={$type}{$redirect_url}");
|
|
||||||
else
|
|
||||||
header("Location: user_login.php{$redirect_url}");
|
|
||||||
exit;
|
exit;
|
||||||
}
|
|
||||||
else if($_GET['action']=="recover")
|
|
||||||
{
|
|
||||||
send_header("{$user_what[$type]} - Password Recovery",
|
|
||||||
array("{$user_what[$type]} Login" => "user_login.php?type=$type"));
|
|
||||||
|
|
||||||
$recover_link = "user_login.php?type=$type&action=recover";
|
} else if($_GET['action']=='recover') {
|
||||||
|
send_header("Password Recovery",
|
||||||
|
array("Login" => "user_login.php?role=$role"));
|
||||||
|
|
||||||
|
$recover_link = "user_login.php?role=$role&action=recover";
|
||||||
|
|
||||||
?>
|
?>
|
||||||
<br />
|
<br />
|
||||||
<?=i18n('Password recovery will reset your password to a new random password, and then email you that password. Enter your name and email address below, then click on the \'Reset\' button. The name and email must exactly match the ones you used to register. Sometimes the email takes a few minutes to send so be patient.')?><br />
|
<?=i18n('Password recovery will reset your password to a new random password, and then email you that password. Enter your name and email address below, then click on the \'Reset\' button. The name and email must exactly match the ones you used to register. Sometimes the email takes a few minutes to send so be patient.')?><br />
|
||||||
<br />
|
<br />
|
||||||
<form method="post" action="user_login.php?type=<?=$type?>">
|
<form method="post" action="user_login.php?role=<?=$role?>">
|
||||||
<input type="hidden" name="action" value="recoverconfirm" />
|
<input type="hidden" name="action" value="recoverconfirm" />
|
||||||
<table>
|
<table>
|
||||||
<tr><td>
|
<tr><td>
|
||||||
@ -327,7 +316,7 @@
|
|||||||
/* Check name match */
|
/* Check name match */
|
||||||
if(strcasecmp($r->firstname, $fn)!=0 || strcasecmp($r->lastname, $ln)!=0) {
|
if(strcasecmp($r->firstname, $fn)!=0 || strcasecmp($r->lastname, $ln)!=0) {
|
||||||
message_push(error(i18n("The name you entered does not match the one in your account")));
|
message_push(error(i18n("The name you entered does not match the one in your account")));
|
||||||
header("Location: user_login.php?type=$type");
|
header("Location: user_login.php?role=$role");
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -336,7 +325,7 @@
|
|||||||
|
|
||||||
/* volunteer_recover_password, judge_recover_password, student_recover_password,
|
/* volunteer_recover_password, judge_recover_password, student_recover_password,
|
||||||
committee_recover_password */
|
committee_recover_password */
|
||||||
email_send("{$type}_recover_password",
|
email_send("{$role}_recover_password",
|
||||||
$email,
|
$email,
|
||||||
array("FAIRNAME"=>i18n($config['fairname'])),
|
array("FAIRNAME"=>i18n($config['fairname'])),
|
||||||
array( "PASSWORD"=>$password,
|
array( "PASSWORD"=>$password,
|
||||||
@ -344,32 +333,32 @@
|
|||||||
);
|
);
|
||||||
|
|
||||||
message_push(notice(i18n("Your password has been sent to your email address")));
|
message_push(notice(i18n("Your password has been sent to your email address")));
|
||||||
header("Location: user_login.php?type=$type");
|
header("Location: user_login.php?role=$role");
|
||||||
exit;
|
exit;
|
||||||
} else {
|
} else {
|
||||||
message_push(error(i18n("Could not find your email address for recovery")));
|
message_push(error(i18n("Could not find your email address for recovery")));
|
||||||
header("Location: user_login.php?type=$type");
|
header("Location: user_login.php?role=$role");
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
message_push(error(i18n("Email address error")));
|
message_push(error(i18n("Email address error")));
|
||||||
header("Location: user_login.php?type=$type");
|
header("Location: user_login.php?role=$role");
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
send_header("{$user_what[$type]} - Login", array());
|
send_header("Login", array());
|
||||||
|
|
||||||
$recover_link = "user_login.php?type=$type&action=recover";
|
$recover_link = "user_login.php?role=$role&action=recover";
|
||||||
$new_link = "user_new.php?type=$type";
|
$new_link = "user_new.php?role=$role";
|
||||||
|
|
||||||
?>
|
?>
|
||||||
<form method="post" action="user_login.php?type=<?="$type$redirect_url"?>">
|
<form method="post" action="user_login.php?role=<?="$role$redirect_url"?>">
|
||||||
<input type="hidden" name="action" value="login" />
|
<input type="hidden" name="action" value="login" />
|
||||||
<table><tr><td>
|
<table><tr><td>
|
||||||
<?=i18n("Email")?>:</td><td><input type="text" size="20" name="user" />
|
<?=i18n("Email")?>:</td><td><input type="text" size="20" name="username" />
|
||||||
</td></tr><tr><td>
|
</td></tr><tr><td>
|
||||||
<?=i18n("Password")?>:</td><td><input type="password" size="20" name="pass" />
|
<?=i18n("Password")?>:</td><td><input type="password" size="20" name="password" />
|
||||||
</td></tr>
|
</td></tr>
|
||||||
<tr><td colspan=2>
|
<tr><td colspan=2>
|
||||||
<input type="submit" value=<?=i18n("Login")?> />
|
<input type="submit" value=<?=i18n("Login")?> />
|
||||||
@ -391,7 +380,7 @@
|
|||||||
);
|
);
|
||||||
break;
|
break;
|
||||||
case 'open':
|
case 'open':
|
||||||
echo i18n("If you would like to register as a new {$user_what[$type]}, <a href=\"$new_link\">click here</a>.<br />");
|
echo i18n("If you would like to register as a new {$roles[$role]['name']}, <a href=\"$new_link\">click here</a>.<br />");
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'closed':
|
case 'closed':
|
||||||
|
66
user_main.php
Normal file
66
user_main.php
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
<?
|
||||||
|
/*
|
||||||
|
This file is part of the 'Science Fair In A Box' project
|
||||||
|
SFIAB Website: http://www.sfiab.ca
|
||||||
|
|
||||||
|
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
|
||||||
|
Copyright (C) 2005 James Grant <james@lightbox.org>
|
||||||
|
Copyright (C) 2007 David Grant <dave@lightbox.org>
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or
|
||||||
|
modify it under the terms of the GNU General Public
|
||||||
|
License as published by the Free Software Foundation, version 2.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; see the file COPYING. If not, write to
|
||||||
|
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
||||||
|
Boston, MA 02111-1307, USA.
|
||||||
|
*/
|
||||||
|
?>
|
||||||
|
<?
|
||||||
|
require_once("common.inc.php");
|
||||||
|
require_once("user.inc.php");
|
||||||
|
|
||||||
|
if(!array_key_exists('users_id', $_SESSION)) {
|
||||||
|
message_push(error("Login first"));
|
||||||
|
header("location: index.php");
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
$u = user_load($_SESSION['users_id']);
|
||||||
|
|
||||||
|
send_header("Main Page", array());
|
||||||
|
|
||||||
|
//only display the named greeting if we have their name
|
||||||
|
echo i18n("Hello <b>%1</b>",array($_SESSION['name']));
|
||||||
|
echo "<br />";
|
||||||
|
echo "<br />";
|
||||||
|
|
||||||
|
echo "This is a placeholder for hte main user page until all the specific user-role pages are removed. For now, here is the mainpage for each role you have: ";
|
||||||
|
echo "<br />";
|
||||||
|
echo "<br />";
|
||||||
|
|
||||||
|
foreach(array_keys($u['roles']) as $r) {
|
||||||
|
echo "<a href=\"{$r}_main.php\">".$roles[$r]['name']." Main Page</a><br />";
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "<br />";
|
||||||
|
echo "<br />";
|
||||||
|
|
||||||
|
echo "<br />";
|
||||||
|
echo i18n('Other Options and Things To Do').':<br />';
|
||||||
|
echo '<ul>';
|
||||||
|
echo '<li><a href="user_password.php">'.i18n('Change Password').'</a> - '.i18n('Change your password').'</li>';
|
||||||
|
echo '<li><a href="user_activate.php">'.i18n('Activate/Deactivate Roles').'</a> - '.
|
||||||
|
i18n('Activate/Deactiate/Remove/Delete roles or your entire account').
|
||||||
|
'</li>';
|
||||||
|
echo '<li>'.i18n('To logout, use the [Logout] link in the upper-right of the page').'</li>';
|
||||||
|
echo '</ul>';
|
||||||
|
|
||||||
|
send_footer();
|
||||||
|
?>
|
Loading…
Reference in New Issue
Block a user