mf_init(); } function mf_init() { $this->basepath = realpath(dirname(__FILE__)."/../pix")."/"; $this->template_dir = realpath(dirname(__FILE__)."/../../vcars_templates"); $this->compile_dir = "/var/smarty/vcars_templates_c"; if(empty($this->DB)) $this->DB = new DB; $cnfgx = $this->DB->simpleQuery('cnfg','ky,dat','',''); foreach($cnfgx as $datx){ $this->cnfg[$datx['ky']] = $datx['dat']; } $this->no_auth = explode(',',@$this->cnfg['no_auth']); } // this function checks to see whether the user is logged in or not function _auth() { // echo "\n"; // let's go ahead and get our session started session_cache_limiter("nocache"); session_name('VCARSSESSID'); session_start(); //echo "\n"; // let's check to see if any login info has been submitted if(empty($this->DB)) $this->DB = new DB; // echo "\n"; // $cnfgx = $this->DB->simpleQuery('cnfg','ky,dat','',''); // foreach($cnfgx as $datx){ // $this->cnfg[$datx['ky']] = $datx['dat']; // } // echo "\n"; if (@$_POST["actn"] == "dologin") { $AUTH = $this->authUser(); if ($AUTH != "uberiz4t10n") { $this->authError = $AUTH; // $this->displayLogin(); // echo "\n\n"; return false; } } if(@$_REQUEST['savePOST']){ $this->params = unserialize($_REQUEST['savePOST']); }else{ $this->params = array_merge($_GET,$_POST); } if (@$_POST["actn"] == "rtrvpw") { $this->sendPassword(); } // Retrieve user object $userInfo = $this->retUser(); if($userInfo){ $this->user = unserialize($userInfo['user']); // for debugging purposes //if($_SESSION['savePOST']) echo "savePOST was found
"; else echo "savePOST was not found
"; if ($this->GetQuery("actn") == "dologin") { $this->mklog(1,""); $this->logit(0,"Login"); }else{ $this->mklog(3,serialize($_REQUEST)); } if(@$this->user->lvl > 3){ $this->manage="Y"; }else{ $this->manage="N"; } if(@$this->user->lvl > 7){ $this->assign('admin',"Y"); $this->admin="Y"; }else{ $this->assign('admin',"N"); $this->admin="N"; } $_SESSION['user'] = serialize($this->user); $this->assign('user',$this->user); // $this->updUsrAcc(); return true; }else{ // let's capture any data that may have been submitted from a form after the user has timed out if($this->GetQuery('actn') != "dologin") $_SESSION['savePOST'] = $_POST; /* this stuff is for debuggin only... trash it when you're ready echo "here is where the data should have been saved. Let's see the results of POST"; print_r($_POST); echo "

Ok, Now let's see what got stored in the session
"; print_r($_SESSION['savePOST']);*/ return false; } } function updUsrAcc() { if(empty($this->DB)) $this->DB = new DB; if($this->user->lvl < 1){ $pru['lvl']=1; $this->user->lvl = 1; $_SESSION['user'] = serialize($this->user); $nor=$this->DB->dbUpdate("members",$pru,"`uid` = ".$this->user->uid,""); } $this->updX('xint',$this->user->uid,9,time()); $this->updX('xint',$this->user->uid,10,0); } // returns the user info stored in the session function retUser() { if((time()-@$_SESSION['Login_time']) > $this->cnfg['tmo']){ // echo "\n"; session_unset(); session_destroy(); return NULL; }else{ if ($_SESSION['user'] && $_SESSION['REMOTE_ADDR'] == $_SERVER['REMOTE_ADDR']){ $ret['user'] = @$_SESSION['user']; $_SESSION['Login_time']=time(); $iv = mcrypt_create_iv(mcrypt_get_iv_size($this->cciph,$this->cmode),MCRYPT_RAND); $sso_dat = $iv . mcrypt_encrypt($this->cciph,$this->ckey,$ret['user'],$this->cmode,$iv); setcookie('vcars_sso',base64_encode($sso_dat), 0, '/', 'vcars.org'); return $ret; } else { // echo "\n"; return NULL; } } } // validates the username & password from login page function authUser() { if ((!@$_SESSION['user']) && (!@$_POST['username']) && (!@$_POST['passwd'])){ return false; } else { // here we'll go ahead and create a new db connection if needed if(empty($this->DB)) $this->DB = new DB; $res = $this->DB->simpleQuery("members","*","`call` like '".str_replace("'","''",$_POST['username'])."'",""); if (!$res) { // echo "\n\n"; $err = "ERROR: User does not exist.

"; return $err; } else { // echo "\n"; if(strtolower($_POST['passwd']) == strtolower($res[0]['pw'])) { // echo "\n"; // let's dump all the user login info into an object $user = new stdClass; while (list ($key, $val) = each ($res[0])) { $user->$key = $val; } $uacl = array(); $pgdb = $this->DB->simpleQuery('html','id,ky',"disabled = 0",'',true ); foreach($pgdb as $pgq){ $pgd[$pgq['id']] = $pgq; } $pmd = $this->DB->simpleQuery('perms','page',"user = '".$this->DB->escape($user->uid)."'",''); // echo "\n"; // echo "\n"; if($pmd&&$pgd){ foreach($pmd as $pml){ $uacl[] = $pgd[$pml['page']]['ky']; } } $user->acl = $uacl; $_SESSION['user'] = serialize($user); // let's finish up $_SESSION['REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR']; $_SESSION['Login_time']=time(); return "uberiz4t10n"; } else { $err = "ERROR: You have entered an invalid password.

"; return $err; } } } } function mklog($ltyp,$ldt){ if(empty($this->DB)) $this->DB = new DB; $lg['usr']=$this->user->call; $lg['typ']=$ltyp; $lg['stmp']=time(); $lg['txt']=$ldt; $lg['script']=$_SERVER["SCRIPT_NAME"]; if($_SERVER['REMOTE_ADDR']){ $lg['ip']=$_SERVER['REMOTE_ADDR']; }else{ $lg['ip']=$_SESSION['REMOTE_ADDR']; } $this->DB->dbWrite("ilog",$lg,""); } // this function is performed when a user does not have proper access function accessDenied() { // #@#@#@#@#@#@#@#@# bring up the error table here $this->mainBody = "not authorized"; $this->displayTmpl(); exit(); } // this function displays the login screen function displayLogin() { if(@$_REQUEST['page']!='logout') { // if the request to login is not coming from the logout command, // then the user's session has timed out. Let's make sure they don't lose their place. // ##@@## we also need to save the POST data if they have submitted it ##@@## $this->assign('formTarget',$_SERVER['REQUEST_URI']); if($_POST){ $psi=0; foreach ($_POST as $key => $value) { $TPost[$psi]['key']=$key; $TPost[$psi]['vlu']=$value; $psi++; } $this->assign('savePOST', $TPost); unset($psi); unset($TPost); unset($key); unset($value); } if(!@$this->authError) { $this->authError = "ERROR: Your session has timed out. Please sign in again.

"; } $this->assign('rsn',$this->authError); } else { $this->assign('formTarget',"/members/index.php"); if($this->authMsg){ $this->assign('rsn',$this->authMsg); } } $this->display("vcars_login.tpl"); exit(); } // gee, i dunno, this one's kinda tough!! function logout() { if(session_id()) { session_name('VCARSSESSID'); if(!isset($_SESSION)) { session_start(); } $userInfo = $this->retUser(); if ($userInfo){ $this->user = unserialize($userInfo['user']); } $this->mklog(2,""); $this->logit(0,"Logout"); $_SESSION['user'] = false; session_unset(); session_destroy(); } // destroy the user object if($this->user) unset($this->user); $this->authMsg = "NOTICE: You have been signed off.

"; $this->displayLogin(); } // takes a mysql-formatted timestamp and creates an array function parseDate($date) { $dateVar['month'] = substr($date, 4, 2); $dateVar['day'] = substr($date, 6, 2); $dateVar['year'] = substr($date, 0, 4); $dateVar['hour'] = substr($date, 8, 2); $dateVar['min'] = substr($date, 10, 2); $dateVar['sec'] = substr($date, 12, 2); return $dateVar; } // this is a groovy lil function. Automatically creates a date dropdown for ya!! // 'type' will be reserved for full time/date drop (5 fields) or just the date drop // 'name' is the primary name of the date fields (eg. "created" or "modified") // 'selected' is a date/time entry. if entered, it will return the proper fields as "SELECTED" function makeDateDrop($type,$name,$selected) { // let's extract all of our date info from the selected if($selected) $selDate = $this->parseDate($selected); if($type == "date-time" || $type == "date") { // ok, so first, let's create the month dropdown $myMonths = explode(",",",Jan,Feb,Mar,Apr,May,Jun,Jul,Aug,Sep,Oct,Nov,Dec"); $month = "Mo\n"; for($i=1;$i<=12;$i++) { (strlen($i) < 2) ?$val = "0".$i: $val = $i; ($selDate['month'] == $val) ? $sel = " SELECTED": $sel = ''; $month .= "".$myMonths[$i].""; } $month .= ""; // day dropdown $day = "Day\n"; for($i=1;$i<=31;$i++) { (strlen($i) < 2) ?$val = "0".$i: $val = $i; ($selDate['day'] == $val) ? $sel = " SELECTED": $sel = ''; $day .= "$val"; } $day .= ""; // year dropdown $year = "Year\n"; for($i=2004;$i>=1900;$i--) { ($selDate['year'] == $i) ? $sel = " SELECTED": $sel = ''; $year .= "$i"; } $year .= ""; // now let's create the table data we need $date = "$month\n$day\n$year\n"; } if($type == "date-time" || $type == "time") { // hour dropdown $hour = "Hour\n"; $z="0"; $ampm = explode(",","Am,Pm"); foreach($ampm as $AmPm){ for($x=0;$x<=11;$x++){ ($x == 0) ? $y = "12": $y = $x; (strlen($z) < 2) ? $z = "0".$z: next; (strlen($y) < 2) ? $disp = "0".$y: $disp = $y; ($selDate['hour'] == $disp) ? $sel = " SELECTED": $sel = ''; $hour .= "$disp$AmPm"; $z++; } } $hour .= ""; // min dropdown $min = "Min\n"; for($i=0;$i<=59;$i++) { (strlen($i) < 2) ?$val = "0".$i: $val = $i; ($selDate['min'] == $val) ? $sel = " SELECTED": $sel = ''; $min .= "$val"; } $min .= ""; // now let's create the table data we need $time = "$hour\n$min\n"; } $thisDrop = "\n\n$date$time\n\n"; return $thisDrop; } // this just puts together a date from the info submitted in the form, returns mysql timestamp format function compileDateSubmitted($type,$name,$data) { // this could maybe be a lil cleaner, but i wanna get this moving, so i did it quickly if($type == "date-time" || $type == "date") { if($data["$name".'_year'] != "" && $data["$name".'_month'] != "" && $data["$name".'_day'] != "") $retThis = $data["$name".'_year'].$data["$name".'_month'].$data["$name".'_day']; else return false; } if($type == "date-time" || $type == "time") { if($data["$name".'_hour'] != "" && $data["$name".'_min'] != "") $retThis .= $data["$name".'_hour'].$data["$name".'_min']; else return false; } return $retThis; } // this function creates a dropdown menu function makeDrop($name,$data,$selection,$onChange) { if($onChange) $onchg = " onChange=\"$onChange\""; $thisDrop = "Select"; // let's loop through our input data foreach($data as $dataRow) { $x = explode(":",$dataRow); ($selection == $x[1]) ? $sel = " SELECTED" : $sel = ''; $thisDrop .= "$x[0]"; } $thisDrop .= ""; return $thisDrop; } function makeRadio($name,$data,$selection,$onChange) { if($onChange) $onchg = " onChange=\"$onChange\""; $thisRadio = ""; // let's loop through our input data foreach($data as $dataRow) { $x = explode(":",$dataRow); ($selection == $x[1]) ? $sel = " CHECKED" : $sel = ''; if($thisRadio){$thisRadio.="
\n";} $thisRadio .= "$x[0]"; } return $thisRadio; } // automatically makes a state dropdown function makeStateDrop($name,$selected,$onChange) { if($onChange) $onchg = " onChange=\"$onChange\""; $myStates = explode(",","AL,AK,AR,AZ,CA,CO,CT,DC,DE,FL,GA,HI,IA,ID,IL,IN,IS,KY,AL,MA,MD,ME,MI,MN,MO,MS,MT,NC,ND,NE,NH,NJ,NM,NV,NY,OH,OK,OR,PA,RI,SC,SD,TN,TX,UT,VA,VT,WA,WI,WV,WY"); $statesDrop = "Select\n"; foreach($myStates as $thisState) { ($selected == $thisState) ? $sel = " SELECTED": $sel = ''; $statesDrop .= "$thisState\n"; } $statesDrop .= ""; return $statesDrop; } // this takes a mysql formatted timestamp and formats it into something a lil more legible function giveMyTime($stamp,$type) { if(substr($stamp, 8, 2) <= "12"){ $hour = substr($stamp, 8, 2); $AMPM = "AM"; } else { $hour = (substr($stamp, 8, 2)-12); $AMPM = "PM"; } if($type == "small"){ $MyTime = substr($stamp, 4, 2)."-".substr($stamp, 6, 2)."-".substr($stamp, 0, 4); } else { $MyTime = substr($stamp, 4, 2)."-".substr($stamp, 6, 2)."-".substr($stamp, 0, 4)." ".$hour.":".substr($stamp, 10, 2)." ".$AMPM; } return $MyTime; } // sends an email... whoopie!! function sendEmail($recipName, $recipEmail, $fromName, $fromEmail, $subject, $message, $x_headers = '') { if (!$recipName) { $recipName = $recipEmail; } if(!$fromName) { $fromName = $fromEmail; } $contactheader = "\"$recipName\" <$recipEmail>"; $fromheader = "\"$fromName\" <$fromEmail>"; $headers = ''; // $headers .= "MIME-Version: 1.0\r\n"; $mid = "<".md5($recipEmail."_".$fromEmail."_".mt_rand(1000000,9999999))."@vcars>"; $headers .= "Message-ID: $mid\r\n"; $headers .= "To: $contactheader\r\n"; $headers .= "From: $fromheader\r\n"; $headers .= "Reply-To: $fromheader\r\n"; $headers .= "Return-Path: <$fromEmail>\r\n"; $omsg=$headers.$x_headers."Subject: ".$subject."\r\n\r\n".$message; // $this->assign('msgo',$omsg); //echo "contactheader:\n".$contactheader."\n\nheaders:\n".$headers; //mail($contactheader, $subject, $message, $headers); // return mail($recipEmail, $subject, $message, $headers); // $tfn="tmp_".str_replace('@','__',$recipEmail).'_'.time().rand(0,99999).".eml"; // if($mh=fopen("/var/tmpx/".$tfn,'w')){ // fwrite($mh,$omsg,strlen($omsg)); // fclose($mh); // return rename("/var/tmpx/".$tfn,"/var/spool/postfix/maildrop/".$tfn); // }else{ // return False; // } $ph = popen("/usr/sbin/sendmail -t -i","w"); if($ph){ fputs($ph,$omsg); pclose($ph); } else { return false; } return True; } // we'll create this function to display the template, instead of calling the Smarty display function directly. // this is so we can control the subnav and some console stuff (body tag). function displayTmpl($tplfilex = "vcars_top.tpl", $dispmenux = true) { echo $this->mkPage($tplfilex, $dispmenux); } function mkPage($tplfile = "vcars_site.tpl", $dispmenu = true) { $this->assign('astg',@$this->astg); // here we're creating our JS console commands ( tag) if(@$this->onLoad){ foreach ($this->onLoad as $dat) { $data .= $dat; } $myConsole .= " onLoad=\"$data\""; } if(@$this->onBeforeUnload){ unset($data); foreach ($this->onBeforeUnload as $dat) { $data .= $dat; } $myConsole .= " onBeforeUnload=\"$data\""; } if(count(@$this->onUnLoad) > 0) { unset($data); foreach ($this->onUnLoad as $dat) { $data .= $dat; } $myConsole .= " onUnLoad=\"$data\""; } if(count(@$this->onClick) > 0) { unset($data); foreach ($this->onClick as $dat) { $data .= $dat; } $myConsole .= " onClick=\"$data\""; } $this->assign('console',@$myConsole); $this->assign('mainBody',$this->mainBody); $this->assign('title',$this->title); $this->getMenuX(); if($dispmenu){$this->getMenu();} // let's only send these headers if DB debugging is off if(@$this->DB->DBdebug != true) { // DB debugging is off. so let's disable caching header("Expires: Tue, 01 Jan 1970 00:00:00 GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); } $this->assign('cryear',date('Y')); // $lvlx=intval($this->user->lvl); $this->assign('cpg',@$this->page); // $this->assign('lvl',$lvlx); // if($lvlx > 0){ // $this->assign('username',$this->user->username); // } /* $mnu = $this->DB->simpleQuery('MenuItems','id,vlu,txt,subm,smdef','mnu=0 and lvl <= '.$lvlx,'order by dord'); $this->assign('menu',$mnu); $sbm=0; foreach($mnu as $mnl){ if($mnl['vlu'] == $this->page){ $sbm=$mnl['subm']; $smd=$mnl['smdef']; $this->assign('mnid',$mnl['id']); } } $this->assign('sbm',$sbm); if($sbm){ $smnu = $this->DB->simpleQuery('MenuItems','id,vlu,txt','mnu='.$sbm.' and lvl <= '.$lvlx,'order by dord'); $this->assign('smenu',$smnu); if(!$this->spage){ foreach($smnu as $sml){ if($sml['id']==$smd){ $this->spage=$sml['vlu']; } } } $this->assign('cspg',$this->spage); }*/ // we should have everything we need now, so let's display the template return $this->fetch($tplfile); } function getMenuX(){ if(empty($this->DB)) $this->DB = new DB; $menuline = $this->DB->simpleQuery('pages','ky,lnktxt,linkonly,txt','line=0 AND showmenu=1','order by lkord'); $this->assign('menuline',$menuline); } function getMenu(){ if(empty($this->DB)) $this->DB = new DB; $menudat = $this->DB->simpleQuery('html','ky,lnktxt,line,htmlfile','showmenu = 1 and disabled = 0','ORDER BY line,lkord'); $lml = -1; $lrc = -1; foreach($menudat as $mnx => $mdat){ $mln = $mdat['line']; if($mln != $lml){ $menudat[$mnx]['rowbegin'] = 1; if($lrc > -1){ $menudat[$lrc]['rowend'] = 1; } } $lml = $mln; $lrc = $mnx; } $menudat[$lrc]['rowend'] = 1; $this->assign('mnu',$menudat); // echo "\n"; } function getAds($Restrict) { if(empty($this->DB)) $this->DB = new DB; $cnfgx = $this->DB->simpleQuery('cnfg','ky,dat','',''); foreach($cnfgx as $ky => $datx){ $this->cnfg[$datx['ky']] = $datx['dat']; } $tt=time(); srand($tt); // $cfg = $this->DB->simpleQuery('spdb.cnfg','dat',"ky LIKE 'adn'",''); $adn=$this->cnfg['adn']; if($adn < 1){ $adn=1; } $lFlg = True; while($lFlg){ $t2=rand(1,$adn); $adx = $this->DB->simpleQuery('spdb.ads','adtx,outside','idx = '.$t2,''); $lFlg=$Restrict; if(!($adx[0]['outside'] == 'Y')){ $lFlg = False; } } $tadx = $this->DB->simpleQuery('spdb.tads','adtx','idx = '.$t2,''); $this->ads=$adx[0]['adtx']; $this->tads=$tadx[0]['adtx']; $this->assign('adcd',$this->ads); $this->assign('tads',$this->tads); return false; } function GetQuery($iptx) { $optx = @$_GET[$iptx]; if(!$optx){ $optx = @$_POST[$iptx]; } return $optx; } function myFormatDate($mfdidt) { return strftime("%b %d, %Y %H:%M",$mfdidt); // return date('M d, Y H:i (T)',$mfdidt); // return date('M d, Y H:i',$mfdidt)." (".getenv('TZ').")"; } function validAddr($ieml){ return ereg('^[0-9a-z][-0-9a-z_.]*\@[0-9a-z][-0-9a-z_.]*\.[0-9a-z]*$',$ieml); } function getFAQ(){ if(empty($this->DB)) $this->DB = new DB; $faqa = $this->DB->simpleQuery('faq','id,short,full','enabled = 1','order by rdr'); if($faqa){ $this->assign('fqa',$faqa); $ftx=$this->fetch('fam_faq.tpl'); $this->assign('faqtx',$ftx); } return; } function updX($tbl,$rid,$typ,$dat){ if(empty($this->DB)) $this->DB = new DB; $fid = $this->DB->simpleQuery($tbl,'id','rid = '.$rid.' AND typ = '.$typ,''); if($fid){ $pr['dat']=$dat; $this->DB->dbUpdate($tbl,$pr,'rid = '.$rid.' AND typ = '.$typ,''); }else{ $prs['rid']=$rid; $prs['typ']=$typ; $prs['dat']=$dat; $this->DB->dbWrite($tbl,$prs,""); } } function mkProfArray($anm,$cid){ if(empty($this->DB)) $this->DB = new DB; $xtrf=$this->DB->simpleQuery('xfld,xftyp','xfld.id,xfld.typ,xfld.name,sname,tblmnam,tblnam,formord,quotes,xdat',"formshow > 0 AND tblnam='$anm' AND xfld.typ=xftyp.id",'ORDER BY formord'); $ixx=0; foreach($xtrf as $xtrfl){ $flnums[$xtrfl['typ']][$xtrfl['formord']]=$xtrfl['id']; $fldtbls[$xtrfl['formord']]=$xtrfl['tblmnam']; $flds[$ixx]['xname']=$xtrfl['name']; $flds[$ixx]['name']=$xtrfl['sname']; $flds[$ixx]['typ']=$xtrfl['typ']; $flds[$ixx]['quotes']=$xtrfl['quotes']; $flds[$ixx]['id']=$xtrfl['id']; $flds[$ixx]['val']=''; $fldx[$xtrfl['id']]=$ixx; if($xtrfl['typ']==6){ $flds[$ixx]['ch']=$this->DB->simpleQuery('xchoices','idx,txt','fid='.$xtrfl['xdat'],'ORDER BY idx'); } $ixx++; } // echo "\n"; foreach($flnums as $fld => $fldqx){ $xtqd=$this->DB->simpleQuery($fldtbls[$fld],'typ,dat','typ IN ('.implode(',',$fldqx).') AND rid='.$cid,''); if($xtqd){ foreach($xtqd as $xtql){ $flds[$fldx[$xtql['typ']]]['val']=$xtql['dat']; } } // echo "\n"; } $this->ftbls=$fldtbls; return $flds; } function sendPassword() { $err = true; $usnm = $_POST['username']; $usr = $this->DB->simpleQuery("members","`uid`,`call`,`pw`,`eml`,`FirstName`,`LastName`","`call` LIKE '".$_POST['username']."'",""); if($usr){ $msg=" Your user ID for VCARS Admin is ".$usr[0]['call']." Your password is ".$usr[0]['pw']." You may login at http://www.vcars.org/members/ If you would prefer a password that is easier to remember, you may change it in the 'User Profile' page after logging in. Please do NOT reply to this message as this address is not monitored. Direct any correspondence to admin@vcars.org\n"; if($this->sendEmail($usr[0]['FirstName'].' '.$usr[0]['LastName'],$usr[0]['eml'],'VCARS','passwords@vcars.org','VCARS Admin password for '.$usr[0]['call'],$msg)){ $rsn = 'The password for '.$usr[0]['call'].' has been sent to this eMail address.'; $error = false; // $rsn .= "(".$usr[0]['eml'].")"; }else{ $rsn = 'There was a problem sending the password for '.$usr[0]['eml'].' to this eMail address.'; } }else{ $rsn = 'Record not found.'; } $this->authError = $rsn; echo "\n\n"; // $this->displayLogin(); $this->logit(0,"Password ".(($err)?"send failed":"sent")); return false; } function MonthName($mn) { return date('F',($mn * 2592000)-864000); } function logit($typ,$tx) { if(empty($this->DB)) $this->DB = new DB; $lga = array( 'Stamp' => date('Y-m-d'), 'User' => $this->user->call, 'Type' => $typ, 'Entry' => $tx ); $this->DB->dbWrite('log',$lga,''); } } /*## END OF PAGE CLASS ##*/ // just some user & acct vars... class vcars_user { /* this is just an internal placeholder for the user's login info obj */ }