// mainFile.php
// This is the heart of our system. It controls all user login information as well as other functionality.
// here we'll go ahead and include our db, templating and encryption files.
require("DBn.php");
require("Smarty.class.php");
//require("bl0f1sh.php");
// This is our main class. Notice that it is an extention of the smarty class. This will make things a lil
// cleaner for us when using the Smarty template functions.
class PAGE extends Smarty
{
private $ckey = 'a0xyli+OiiMFOffr09JiOA==';
private $cmode = MCRYPT_MODE_CBC;
private $cciph = MCRYPT_RIJNDAEL_256;
function __construct()
{
$this->mf_init();
}
function mf_init()
{
$this->basepath = realpath(dirname(__FILE__)."/../pix")."/";
$this->template_dir = realpath(dirname(__FILE__)."/../../vcars_templates");
$this->compile_dir = "/var/smarty/vcars_templates_c";
if(empty($this->DB)) $this->DB = new DB;
$cnfgx = $this->DB->simpleQuery('cnfg','ky,dat','','');
foreach($cnfgx as $datx){
$this->cnfg[$datx['ky']] = $datx['dat'];
}
$this->no_auth = explode(',',@$this->cnfg['no_auth']);
}
// this function checks to see whether the user is logged in or not
function _auth()
{
// echo "\n";
// let's go ahead and get our session started
session_cache_limiter("nocache");
session_name('VCARSSESSID');
session_start();
//echo "\n";
// let's check to see if any login info has been submitted
if(empty($this->DB)) $this->DB = new DB;
// echo "\n";
// $cnfgx = $this->DB->simpleQuery('cnfg','ky,dat','','');
// foreach($cnfgx as $datx){
// $this->cnfg[$datx['ky']] = $datx['dat'];
// }
// echo "\n";
if (@$_POST["actn"] == "dologin") {
$AUTH = $this->authUser();
if ($AUTH != "uberiz4t10n") {
$this->authError = $AUTH;
// $this->displayLogin();
// echo "\n\n";
return false;
}
}
if(@$_REQUEST['savePOST']){
$this->params = unserialize($_REQUEST['savePOST']);
}else{
$this->params = array_merge($_GET,$_POST);
}
if (@$_POST["actn"] == "rtrvpw") {
$this->sendPassword();
}
// Retrieve user object
$userInfo = $this->retUser();
if($userInfo){
$this->user = unserialize($userInfo['user']);
// for debugging purposes
//if($_SESSION['savePOST']) echo "savePOST was found
"; else echo "savePOST was not found
";
if ($this->GetQuery("actn") == "dologin") {
$this->mklog(1,"");
$this->logit(0,"Login");
}else{
$this->mklog(3,serialize($_REQUEST));
}
if(@$this->user->lvl > 3){
$this->manage="Y";
}else{
$this->manage="N";
}
if(@$this->user->lvl > 7){
$this->assign('admin',"Y");
$this->admin="Y";
}else{
$this->assign('admin',"N");
$this->admin="N";
}
$_SESSION['user'] = serialize($this->user);
$this->assign('user',$this->user);
// $this->updUsrAcc();
return true;
}else{
// let's capture any data that may have been submitted from a form after the user has timed out
if($this->GetQuery('actn') != "dologin") $_SESSION['savePOST'] = $_POST;
/* this stuff is for debuggin only... trash it when you're ready
echo "here is where the data should have been saved. Let's see the results of POST";
print_r($_POST);
echo "
Ok, Now let's see what got stored in the session
";
print_r($_SESSION['savePOST']);*/
return false;
}
}
function updUsrAcc()
{
if(empty($this->DB)) $this->DB = new DB;
if($this->user->lvl < 1){
$pru['lvl']=1;
$this->user->lvl = 1;
$_SESSION['user'] = serialize($this->user);
$nor=$this->DB->dbUpdate("members",$pru,"`uid` = ".$this->user->uid,"");
}
$this->updX('xint',$this->user->uid,9,time());
$this->updX('xint',$this->user->uid,10,0);
}
// returns the user info stored in the session
function retUser()
{
if((time()-@$_SESSION['Login_time']) > $this->cnfg['tmo']){
// echo "\n";
session_unset();
session_destroy();
return NULL;
}else{
if ($_SESSION['user'] && $_SESSION['REMOTE_ADDR'] == $_SERVER['REMOTE_ADDR']){
$ret['user'] = @$_SESSION['user'];
$_SESSION['Login_time']=time();
$iv = mcrypt_create_iv(mcrypt_get_iv_size($this->cciph,$this->cmode),MCRYPT_RAND);
$sso_dat = $iv . mcrypt_encrypt($this->cciph,$this->ckey,$ret['user'],$this->cmode,$iv);
setcookie('vcars_sso',base64_encode($sso_dat), 0, '/', 'vcars.org');
return $ret;
} else {
// echo "\n";
return NULL;
}
}
}
// validates the username & password from login page
function authUser()
{
if ((!@$_SESSION['user']) && (!@$_POST['username']) && (!@$_POST['passwd'])){
return false;
} else {
// here we'll go ahead and create a new db connection if needed
if(empty($this->DB)) $this->DB = new DB;
$res = $this->DB->simpleQuery("members","*","`call` like '".str_replace("'","''",$_POST['username'])."'","");
if (!$res) {
// echo "\n\n";
$err = "ERROR: User does not exist.
";
return $err;
} else {
// echo "\n";
if(strtolower($_POST['passwd']) == strtolower($res[0]['pw'])) {
// echo "\n";
// let's dump all the user login info into an object
$user = new stdClass;
while (list ($key, $val) = each ($res[0])) { $user->$key = $val; }
$uacl = array();
$pgdb = $this->DB->simpleQuery('html','id,ky',"disabled = 0",'',true );
foreach($pgdb as $pgq){
$pgd[$pgq['id']] = $pgq;
}
$pmd = $this->DB->simpleQuery('perms','page',"user = '".$this->DB->escape($user->uid)."'",'');
// echo "\n";
// echo "\n";
if($pmd&&$pgd){
foreach($pmd as $pml){
$uacl[] = $pgd[$pml['page']]['ky'];
}
}
$user->acl = $uacl;
$_SESSION['user'] = serialize($user);
// let's finish up
$_SESSION['REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['Login_time']=time();
return "uberiz4t10n";
} else {
$err = "ERROR: You have entered an invalid password.
";
return $err;
}
}
}
}
function mklog($ltyp,$ldt){
if(empty($this->DB)) $this->DB = new DB;
$lg['usr']=$this->user->call;
$lg['typ']=$ltyp;
$lg['stmp']=time();
$lg['txt']=$ldt;
$lg['script']=$_SERVER["SCRIPT_NAME"];
if($_SERVER['REMOTE_ADDR']){
$lg['ip']=$_SERVER['REMOTE_ADDR'];
}else{
$lg['ip']=$_SESSION['REMOTE_ADDR'];
}
$this->DB->dbWrite("ilog",$lg,"");
}
// this function is performed when a user does not have proper access
function accessDenied()
{
// #@#@#@#@#@#@#@#@# bring up the error table here
$this->mainBody = "not authorized";
$this->displayTmpl();
exit();
}
// this function displays the login screen
function displayLogin()
{
if(@$_REQUEST['page']!='logout') {
// if the request to login is not coming from the logout command,
// then the user's session has timed out. Let's make sure they don't lose their place.
// ##@@## we also need to save the POST data if they have submitted it ##@@##
$this->assign('formTarget',$_SERVER['REQUEST_URI']);
if($_POST){
$psi=0;
foreach ($_POST as $key => $value) {
$TPost[$psi]['key']=$key;
$TPost[$psi]['vlu']=$value;
$psi++;
}
$this->assign('savePOST', $TPost);
unset($psi);
unset($TPost);
unset($key);
unset($value);
}
if(!@$this->authError) {
$this->authError = "ERROR: Your session has timed out. Please sign in again.
";
}
$this->assign('rsn',$this->authError);
} else {
$this->assign('formTarget',"/members/index.php");
if($this->authMsg){
$this->assign('rsn',$this->authMsg);
}
}
$this->display("vcars_login.tpl");
exit();
}
// gee, i dunno, this one's kinda tough!!
function logout()
{
if(session_id()) {
session_name('VCARSSESSID');
if(!isset($_SESSION)) {
session_start();
}
$userInfo = $this->retUser();
if ($userInfo){
$this->user = unserialize($userInfo['user']);
}
$this->mklog(2,"");
$this->logit(0,"Logout");
$_SESSION['user'] = false;
session_unset();
session_destroy();
}
// destroy the user object
if($this->user) unset($this->user);
$this->authMsg = "NOTICE: You have been signed off.
";
$this->displayLogin();
}
// takes a mysql-formatted timestamp and creates an array
function parseDate($date)
{
$dateVar['month'] = substr($date, 4, 2);
$dateVar['day'] = substr($date, 6, 2);
$dateVar['year'] = substr($date, 0, 4);
$dateVar['hour'] = substr($date, 8, 2);
$dateVar['min'] = substr($date, 10, 2);
$dateVar['sec'] = substr($date, 12, 2);
return $dateVar;
}
// this is a groovy lil function. Automatically creates a date dropdown for ya!!
// 'type' will be reserved for full time/date drop (5 fields) or just the date drop
// 'name' is the primary name of the date fields (eg. "created" or "modified")
// 'selected' is a date/time entry. if entered, it will return the proper fields as "SELECTED"
function makeDateDrop($type,$name,$selected)
{
// let's extract all of our date info from the selected
if($selected) $selDate = $this->parseDate($selected);
if($type == "date-time" || $type == "date") {
// ok, so first, let's create the month dropdown
$myMonths = explode(",",",Jan,Feb,Mar,Apr,May,Jun,Jul,Aug,Sep,Oct,Nov,Dec");
$month = "";
// day dropdown
$day = "";
// year dropdown
$year = "";
// now let's create the table data we need
$date = "