mf_init(); } function mf_init() { $this->template_dir = realpath(dirname(__FILE__)."/../vcars_templates"); $this->compile_dir = "/var/smarty/vcars_templates_c"; } // this function checks to see whether the user is logged in or not function _auth() { // echo "\n"; // let's go ahead and get our session started session_cache_limiter("nocache"); session_name('VCARSSESSID'); session_start(); // let's check to see if any login info has been submitted if(empty($this->DB)) $this->DB = new DB; // echo "\n"; $cnfgx = $this->DB->simpleQuery('cnfg','ky,dat','',''); foreach($cnfgx as $datx){ $this->cnfg[$datx['ky']] = $datx['dat']; } // echo "\n"; if ($_POST["actn"] == "dologin") { $AUTH = $this->authUser(); if ($AUTH != "uberiz4t10n") { $this->authError = $AUTH; $this->displayLogin('loginfail'); // echo "\n\n"; return false; } } if($_REQUEST['savePOST']){ $this->params = unserialize($_REQUEST['savePOST']); }else{ $this->params = array_merge($_GET,$_POST); } if ($this->params["actn"] == "rtrvpw") { $this->sendPassword(); } // Retrieve user object $userInfo = $this->retUser(); if($userInfo){ $this->user = unserialize($userInfo['user']); // for debugging purposes //if($_SESSION['savePOST']) echo "savePOST was found
"; else echo "savePOST was not found
"; if ($this->GetQuery("actn") == "dologin") { $this->mklog(1,""); }else{ $this->mklog(3,serialize($_REQUEST)); } if($this->user->lvl > 3){ $this->manage="Y"; }else{ $this->manage="N"; } if($this->user->lvl > 7){ $this->assign('admin',"Y"); $this->admin="Y"; }else{ $this->assign('admin',"N"); $this->admin="N"; } $_SESSION['user'] = serialize($this->user); return true; }else{ return false; } } // returns the user info stored in the session function retUser() { if ($_SESSION['user'] && $_SESSION['REMOTE_ADDR'] == $_SERVER['REMOTE_ADDR']){ if((time()-$_SESSION['Login_time']) > $this->cnfg['tmo']){ session_unset(); session_destroy(); $this->displayLogin('timeout'); return NULL; }else{ $ret['user'] = $_SESSION['user']; $ret['group'] = $_SESSION['group']; $_SESSION['Login_time']=time(); return $ret; } } else { $this->displayLogin('nosession'); return NULL; } } // validates the username & password from login page function authUser() { if ((!$_SESSION['user']) && (!$_POST['username']) && (!$_POST['passwd'])){ return false; } else { // here we'll go ahead and create a new db connection if needed if(empty($this->DB)) $this->DB = new DB; $res = $this->DB->simpleQuery("users","uid,username,pwd,ema","username = '" . $this->DB->escape($_POST['username'])."'",""); if (!$res) { // echo "\n\n"; $err = "ERROR: User does not exist.

"; return $err; } else { // echo "\n"; if(strtolower($_POST['passwd']) == strtolower($res[0]['pwd'])) { // echo "\n"; // let's dump all the user login info into an object $user = new user; // $group = new group; while (list ($key, $val) = each ($res[0])) { $user->$key = $val; } $uacl = array(); $pgdb = $this->DB->simpleQuery('html','id,ky',"disabled = 0",'',true ); foreach($pgdb as $pgq){ $pgd[$pgq['id']] = $pgq; } $pmd = $this->DB->simpleQuery('perms','page',"user = '".$this->DB->escape($user->uid)."'",''); // echo "\n"; // echo "\n"; if($pmd&&$pgd){ foreach($pmd as $pml){ $uacl[] = $pgd[$pml['page']]['ky']; } } $user->acl = $uacl; $_SESSION['user'] = serialize($user); // let's finish up $_SESSION['REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR']; $_SESSION['Login_time']=time(); return "uberiz4t10n"; } else { $err = "ERROR: You have entered an invalid password.

"; return $err; } } } } function mklog($ltyp,$ldt){ return; if(empty($this->DB)) $this->DB = new DB; $lg['usr']=$this->user->uid; $lg['typ']=$ltyp; $lg['stmp']=time(); $lg['txt']=str_replace("'","''",$ldt); $lg['script']=$_SERVER["SCRIPT_NAME"]; if($_SERVER['REMOTE_ADDR']){ $lg['ip']=$_SERVER['REMOTE_ADDR']; }else{ $lg['ip']=$_SESSION['REMOTE_ADDR']; } $this->DB->dbWrite("ilog",$lg,""); } // this function is performed when a user does not have proper access function accessDenied() { // #@#@#@#@#@#@#@#@# bring up the error table here $this->mainBody = "not authorized"; $this->displayTmpl(); exit(); } function saveInput(){ $this->assign('formTarget',$_SERVER['PHP_SELF']); if(count($_POST)>0||count($_GET)>0){ $this->assign('savePOST', serialize(array_merge($_GET,$_POST))); } } // this function displays the login screen function displayLogin($drsn) { if($drsn == 'timeout') { (!$this->authError) ? $this->authError = "ERROR: Your session has timed out. Please sign in again.

": next; $this->saveInput(); $this->assign('rsn',$this->authError); // echo "\n"; } if($drsn == 'nosession') { (!$this->authError) ? $this->authError = "ERROR: No valid session information found. Please sign in again.

": next; $this->saveInput(); $this->assign('rsn',$this->authError); } if($drsn == "spw"){ $this->assign('rsn',$this->authError); } if($drsn == "loginfail"){ $this->assign('rsn',$this->authError); } if($drsn == 'logout'){ $this->assign('formTarget',"admin.php"); if($this->authMsg){ $this->assign('rsn',$this->authMsg); } } $this->title = "VCARS Admin Login"; $this->mainBody = $this->fetch("vc_login.tpl"); // $this->onLoad[]="document.Signon.username.focus();"; $this->displayTmpl("vc_admin.tpl",false); exit(); } // gee, i dunno, this one's kinda tough!! function logout() { if(session_id()) { session_name('FAMILYSESSID'); session_start(); $userInfo = $this->retUser(); if ($userInfo){ $this->user = unserialize($userInfo['user']); } $this->mklog(2,""); session_unset(); session_destroy(); } // destroy the user object if($this->user) unset($this->user); $this->authMsg = "NOTICE: You have been signed off.

"; $this->displayLogin('logout'); } // takes a mysql-formatted timestamp and creates an array function parseDate($date) { $dateVar['month'] = substr($date, 4, 2); $dateVar['day'] = substr($date, 6, 2); $dateVar['year'] = substr($date, 0, 4); $dateVar['hour'] = substr($date, 8, 2); $dateVar['min'] = substr($date, 10, 2); $dateVar['sec'] = substr($date, 12, 2); return $dateVar; } // this is a groovy lil function. Automatically creates a date dropdown for ya!! // 'type' will be reserved for full time/date drop (5 fields) or just the date drop // 'name' is the primary name of the date fields (eg. "created" or "modified") // 'selected' is a date/time entry. if entered, it will return the proper fields as "SELECTED" function makeDateDrop($type,$name,$selected) { // let's extract all of our date info from the selected if($selected) $selDate = $this->parseDate($selected); if($type == "date-time" || $type == "date") { // ok, so first, let's create the month dropdown $myMonths = explode(",",",Jan,Feb,Mar,Apr,May,Jun,Jul,Aug,Sep,Oct,Nov,Dec"); $month = "Mo\n"; for($i=1;$i<=12;$i++) { (strlen($i) < 2) ?$val = "0".$i: $val = $i; ($selDate['month'] == $val) ? $sel = " SELECTED": $sel = ''; $month .= "".$myMonths[$i].""; } $month .= ""; // day dropdown $day = "Day\n"; for($i=1;$i<=31;$i++) { (strlen($i) < 2) ?$val = "0".$i: $val = $i; ($selDate['day'] == $val) ? $sel = " SELECTED": $sel = ''; $day .= "$val"; } $day .= ""; // year dropdown $year = "Year\n"; for($i=2004;$i>=1900;$i--) { ($selDate['year'] == $i) ? $sel = " SELECTED": $sel = ''; $year .= "$i"; } $year .= ""; // now let's create the table data we need $date = "$month\n$day\n$year\n"; } if($type == "date-time" || $type == "time") { // hour dropdown $hour = "Hour\n"; $z="0"; $ampm = explode(",","Am,Pm"); foreach($ampm as $AmPm){ for($x=0;$x<=11;$x++){ ($x == 0) ? $y = "12": $y = $x; (strlen($z) < 2) ? $z = "0".$z: next; (strlen($y) < 2) ? $disp = "0".$y: $disp = $y; ($selDate['hour'] == $disp) ? $sel = " SELECTED": $sel = ''; $hour .= "$disp$AmPm"; $z++; } } $hour .= ""; // min dropdown $min = "Min\n"; for($i=0;$i<=59;$i++) { (strlen($i) < 2) ?$val = "0".$i: $val = $i; ($selDate['min'] == $val) ? $sel = " SELECTED": $sel = ''; $min .= "$val"; } $min .= ""; // now let's create the table data we need $time = "$hour\n$min\n"; } $thisDrop = "\n\n$date$time\n\n"; return $thisDrop; } // this just puts together a date from the info submitted in the form, returns mysql timestamp format function compileDateSubmitted($type,$name,$data) { // this could maybe be a lil cleaner, but i wanna get this moving, so i did it quickly if($type == "date-time" || $type == "date") { if($data["$name".'_year'] != "" && $data["$name".'_month'] != "" && $data["$name".'_day'] != "") $retThis = $data["$name".'_year'].$data["$name".'_month'].$data["$name".'_day']; else return false; } if($type == "date-time" || $type == "time") { if($data["$name".'_hour'] != "" && $data["$name".'_min'] != "") $retThis .= $data["$name".'_hour'].$data["$name".'_min']; else return false; } return $retThis; } // this function creates a dropdown menu function makeDrop($name,$data,$selection,$onChange) { if($onChange) $onchg = " onChange=\"$onChange\""; $thisDrop = "Select"; // let's loop through our input data foreach($data as $dataRow) { $x = explode(":",$dataRow); ($selection == $x[1]) ? $sel = " SELECTED" : $sel = ''; $thisDrop .= "$x[0]"; } $thisDrop .= ""; return $thisDrop; } function makeRadio($name,$data,$selection,$onChange) { if($onChange) $onchg = " onChange=\"$onChange\""; $thisRadio = ""; // let's loop through our input data foreach($data as $dataRow) { $x = explode(":",$dataRow); ($selection == $x[1]) ? $sel = " CHECKED" : $sel = ''; if($thisRadio){$thisRadio.="
\n";} $thisRadio .= "$x[0]"; } return $thisRadio; } // automatically makes a state dropdown function makeStateDrop($name,$selected,$onChange) { if($onChange) $onchg = " onChange=\"$onChange\""; $myStates = explode(",","AL,AK,AR,AZ,CA,CO,CT,DC,DE,FL,GA,HI,IA,ID,IL,IN,IS,KY,AL,MA,MD,ME,MI,MN,MO,MS,MT,NC,ND,NE,NH,NJ,NM,NV,NY,OH,OK,OR,PA,RI,SC,SD,TN,TX,UT,VA,VT,WA,WI,WV,WY"); $statesDrop = "Select\n"; foreach($myStates as $thisState) { ($selected == $thisState) ? $sel = " SELECTED": $sel = ''; $statesDrop .= "$thisState\n"; } $statesDrop .= ""; return $statesDrop; } // this takes a mysql formatted timestamp and formats it into something a lil more legible function giveMyTime($stamp,$type) { if(substr($stamp, 8, 2) <= "12"){ $hour = substr($stamp, 8, 2); $AMPM = "AM"; } else { $hour = (substr($stamp, 8, 2)-12); $AMPM = "PM"; } if($type == "small"){ $MyTime = substr($stamp, 4, 2)."-".substr($stamp, 6, 2)."-".substr($stamp, 0, 4); } else { $MyTime = substr($stamp, 4, 2)."-".substr($stamp, 6, 2)."-".substr($stamp, 0, 4)." ".$hour.":".substr($stamp, 10, 2)." ".$AMPM; } return $MyTime; } // sends an email... whoopie!! function sendEmail($recipName, $recipEmail, $fromName, $fromEmail, $subject, $message, $x_headers = '') { if (!$recipName) { $recipName = $recipEmail; } if(!$fromName) { $fromName = $fromEmail; } $contactheader = "\"$recipName\" <$recipEmail>"; $fromheader = "\"$fromName\" <$fromEmail>"; $headers = ''; // $headers .= "MIME-Version: 1.0\r\n"; $mid = "<".md5($eml."_".$fma."_".mt_rand(1000000,9999999))."@vcars>"; $headers .= "Message-ID: $mid\r\n"; $headers .= "To: $contactheader\r\n"; $headers .= "From: $fromheader\r\n"; $headers .= "Reply-To: $fromheader\r\n"; $headers .= "Return-Path: <$fromEmail>\r\n"; $omsg=$headers.$x_headers."Subject: ".$subject."\r\n\r\n".$message; // $this->assign('msgo',$omsg); //echo "contactheader:\n".$contactheader."\n\nheaders:\n".$headers; //mail($contactheader, $subject, $message, $headers); // return mail($recipEmail, $subject, $message, $headers); // $tfn="tmp_".str_replace('@','__',$recipEmail).'_'.time().rand(0,99999).".eml"; // if($mh=fopen("/var/tmpx/".$tfn,'w')){ // fwrite($mh,$omsg,strlen($omsg)); // fclose($mh); // return rename("/var/tmpx/".$tfn,"/var/spool/postfix/maildrop/".$tfn); // }else{ // return False; // } $ph = popen("/usr/sbin/sendmail -t -i -r $fromEmail","w"); if($ph){ fputs($ph,$omsg); pclose($ph); } else { return false; } return True; } // we'll create this function to display the template, instead of calling the Smarty display function directly. // this is so we can control the subnav and some console stuff (body tag). function displayTmpl($tplfilex = "vcars_site.tpl", $dispmenux = true) { echo $this->mkPage($tplfilex, $dispmenux); } function mkPage($tplfile = "vcars_site.tpl", $dispmenu = true) { $myConsole = ''; // here we're creating our JS console commands ( tag) if(@$this->onLoad){ foreach ($this->onLoad as $dat) { $data .= $dat; } $myConsole .= " onLoad=\"$data\""; } if(@$this->onBeforeUnload){ unset($data); foreach ($this->onBeforeUnload as $dat) { $data .= $dat; } $myConsole .= " onBeforeUnload=\"$data\""; } if(count(@$this->onUnLoad) > 0) { unset($data); foreach ($this->onUnLoad as $dat) { $data .= $dat; } $myConsole .= " onUnLoad=\"$data\""; } if(count(@$this->onClick) > 0) { unset($data); foreach ($this->onClick as $dat) { $data .= $dat; } $myConsole .= " onClick=\"$data\""; } $this->assign('console',$myConsole); // Let's check to see which nav we need to load if(@$this->user->userID) { $this->assign('user',$this->user); } $this->assign('mainBody',$this->mainBody); $this->assign('title',$this->title); if($dispmenu){$this->getMenu();} // header("Expires: Tue, 01 Jan 1970 00:00:00 GMT"); // header("Cache-Control: no-store, no-cache, must-revalidate"); // header("Cache-Control: post-check=0, pre-check=0", false); // header("Pragma: no-cache"); $this->assign('cryear',date('Y')); // $lvlx=intval($this->user->lvl); $this->assign('cpg',@$this->page); // $this->assign('lvl',$lvlx); // if($lvlx > 0){ // $this->assign('username',$this->user->username); // } // we should have everything we need now, so let's display the template // echo "\n\n"; return $this->fetch($tplfile); } function getMenu(){ if(empty($this->DB)) $this->DB = new DB; $menudat = $this->DB->simpleQuery('html','ky,lnktxt,line,htmlfile','showmenu = 1 and disabled = 0','ORDER BY line,lkord'); $lml = -1; $lrc = -1; foreach($menudat as $mnx => $mdat){ $mln = $mdat['line']; if($mln != $lml){ $menudat[$mnx]['rowbegin'] = 1; if($lrc > -1){ $menudat[$lrc]['rowend'] = 1; } } $lml = $mln; $lrc = $mnx; } $menudat[$lrc]['rowend'] = 1; $this->assign('mnu',$menudat); // echo "\n"; } function GetQuery($iptx) { $optx = $_GET[$iptx]; if(!$optx){ $optx = $_POST[$iptx]; } return $optx; } function myFormatDate($mfdidt) { return strftime("%b %d, %Y %H:%M",$mfdidt); // return date('M d, Y H:i (T)',$mfdidt); // return date('M d, Y H:i',$mfdidt)." (".getenv('TZ').")"; } function validAddr($ieml){ return ereg('^[0-9a-z][-0-9a-z_.]*\@[0-9a-z][-0-9a-z_.]*\.[0-9a-z]*$',$ieml); } function sendPassword() { $usnm = $this->params['username']; $usr = $this->DB->simpleQuery("users","uid,username,pwd,ema,fname,lname","username = '".$this->params['username']."'",""); if($usr){ $msg=" Your user ID for VCARS Admin is ".$usr[0]['username']." Your password is ".$usr[0]['pwd']." You may login at http://".$_SERVER['HTTP_HOST']."/admin.php If you would prefer a password that is easier to remember, you may change it in the 'User Profile' page after logging in. Please do NOT reply to this message as this address is not monitored. Direct any correspondence to admin@curtiscomp.com\n"; if($this->sendEmail($usr[0]['fname'].' '.$usr[0]['lname'],$usr[0]['ema'],'VCARS','passwords@curtiscomp.com','VCARS Admin password for '.$usr[0]['username'],$msg)){ $rsn = 'The password for '.$usr[0]['username'].' has been sent to the registered eMail address.'; // $rsn .= "(".$usr[0]['ema'].")"; }else{ $rsn = 'There was a problem sending the password for '.$usr[0]['eml'].' to this eMail address.'; } }else{ $rsn = 'Record not found.'; } $this->authError = $rsn; $this->displayLogin('spw'); } } /*## END OF PAGE CLASS ##*/ // just some user & acct vars... class user { /* this is just an internal placeholder for the user's login info obj */ } ?>