// mainFile.php
// This is the heart of our system. It controls all user login information as well as other functionality.
// here we'll go ahead and include our db, templating and encryption files.
require("DBnz.php");
require("Smarty.class.php");
//require("bl0f1sh.php");
// This is our main class. Notice that it is an extention of the smarty class. This will make things a lil
// cleaner for us when using the Smarty template functions.
class PAGE extends Smarty
{
function __construct()
{
$this->mf_init();
}
function mf_init()
{
$this->template_dir = realpath(dirname(__FILE__)."/../vcars_templates");
$this->compile_dir = "/var/smarty/vcars_templates_c";
}
// this function checks to see whether the user is logged in or not
function _auth()
{
// echo "\n";
// let's go ahead and get our session started
session_cache_limiter("nocache");
session_name('VCARSSESSID');
session_start();
// let's check to see if any login info has been submitted
if(empty($this->DB)) $this->DB = new DB;
// echo "\n";
$cnfgx = $this->DB->simpleQuery('cnfg','ky,dat','','');
foreach($cnfgx as $datx){
$this->cnfg[$datx['ky']] = $datx['dat'];
}
// echo "\n";
if ($_POST["actn"] == "dologin") {
$AUTH = $this->authUser();
if ($AUTH != "uberiz4t10n") {
$this->authError = $AUTH;
$this->displayLogin('loginfail');
// echo "\n\n";
return false;
}
}
if($_REQUEST['savePOST']){
$this->params = unserialize($_REQUEST['savePOST']);
}else{
$this->params = array_merge($_GET,$_POST);
}
if ($this->params["actn"] == "rtrvpw") {
$this->sendPassword();
}
// Retrieve user object
$userInfo = $this->retUser();
if($userInfo){
$this->user = unserialize($userInfo['user']);
// for debugging purposes
//if($_SESSION['savePOST']) echo "savePOST was found
"; else echo "savePOST was not found
";
if ($this->GetQuery("actn") == "dologin") {
$this->mklog(1,"");
}else{
$this->mklog(3,serialize($_REQUEST));
}
if($this->user->lvl > 3){
$this->manage="Y";
}else{
$this->manage="N";
}
if($this->user->lvl > 7){
$this->assign('admin',"Y");
$this->admin="Y";
}else{
$this->assign('admin',"N");
$this->admin="N";
}
$_SESSION['user'] = serialize($this->user);
return true;
}else{
return false;
}
}
// returns the user info stored in the session
function retUser()
{
if ($_SESSION['user'] && $_SESSION['REMOTE_ADDR'] == $_SERVER['REMOTE_ADDR']){
if((time()-$_SESSION['Login_time']) > $this->cnfg['tmo']){
session_unset();
session_destroy();
$this->displayLogin('timeout');
return NULL;
}else{
$ret['user'] = $_SESSION['user'];
$ret['group'] = $_SESSION['group'];
$_SESSION['Login_time']=time();
return $ret;
}
} else {
$this->displayLogin('nosession');
return NULL;
}
}
// validates the username & password from login page
function authUser()
{
if ((!$_SESSION['user']) && (!$_POST['username']) && (!$_POST['passwd'])){
return false;
} else {
// here we'll go ahead and create a new db connection if needed
if(empty($this->DB)) $this->DB = new DB;
$res = $this->DB->simpleQuery("users","uid,username,pwd,ema","username = '" . $this->DB->escape($_POST['username'])."'","");
if (!$res) {
// echo "\n\n";
$err = "ERROR: User does not exist.
";
return $err;
} else {
// echo "\n";
if(strtolower($_POST['passwd']) == strtolower($res[0]['pwd'])) {
// echo "\n";
// let's dump all the user login info into an object
$user = new user;
// $group = new group;
while (list ($key, $val) = each ($res[0])) { $user->$key = $val; }
$uacl = array();
$pgdb = $this->DB->simpleQuery('html','id,ky',"disabled = 0",'',true );
foreach($pgdb as $pgq){
$pgd[$pgq['id']] = $pgq;
}
$pmd = $this->DB->simpleQuery('perms','page',"user = '".$this->DB->escape($user->uid)."'",'');
// echo "\n";
// echo "\n";
if($pmd&&$pgd){
foreach($pmd as $pml){
$uacl[] = $pgd[$pml['page']]['ky'];
}
}
$user->acl = $uacl;
$_SESSION['user'] = serialize($user);
// let's finish up
$_SESSION['REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['Login_time']=time();
return "uberiz4t10n";
} else {
$err = "ERROR: You have entered an invalid password.
";
return $err;
}
}
}
}
function mklog($ltyp,$ldt){
return;
if(empty($this->DB)) $this->DB = new DB;
$lg['usr']=$this->user->uid;
$lg['typ']=$ltyp;
$lg['stmp']=time();
$lg['txt']=str_replace("'","''",$ldt);
$lg['script']=$_SERVER["SCRIPT_NAME"];
if($_SERVER['REMOTE_ADDR']){
$lg['ip']=$_SERVER['REMOTE_ADDR'];
}else{
$lg['ip']=$_SESSION['REMOTE_ADDR'];
}
$this->DB->dbWrite("ilog",$lg,"");
}
// this function is performed when a user does not have proper access
function accessDenied()
{
// #@#@#@#@#@#@#@#@# bring up the error table here
$this->mainBody = "not authorized";
$this->displayTmpl();
exit();
}
function saveInput(){
$this->assign('formTarget',$_SERVER['PHP_SELF']);
if(count($_POST)>0||count($_GET)>0){
$this->assign('savePOST', serialize(array_merge($_GET,$_POST)));
}
}
// this function displays the login screen
function displayLogin($drsn)
{
if($drsn == 'timeout') {
(!$this->authError) ? $this->authError = "ERROR: Your session has timed out. Please sign in again.
": next;
$this->saveInput();
$this->assign('rsn',$this->authError);
// echo "\n";
}
if($drsn == 'nosession') {
(!$this->authError) ? $this->authError = "ERROR: No valid session information found. Please sign in again.
": next;
$this->saveInput();
$this->assign('rsn',$this->authError);
}
if($drsn == "spw"){
$this->assign('rsn',$this->authError);
}
if($drsn == "loginfail"){
$this->assign('rsn',$this->authError);
}
if($drsn == 'logout'){
$this->assign('formTarget',"admin.php");
if($this->authMsg){
$this->assign('rsn',$this->authMsg);
}
}
$this->title = "VCARS Admin Login";
$this->mainBody = $this->fetch("vc_login.tpl");
// $this->onLoad[]="document.Signon.username.focus();";
$this->displayTmpl("vc_admin.tpl",false);
exit();
}
// gee, i dunno, this one's kinda tough!!
function logout()
{
if(session_id()) {
session_name('FAMILYSESSID');
session_start();
$userInfo = $this->retUser();
if ($userInfo){
$this->user = unserialize($userInfo['user']);
}
$this->mklog(2,"");
session_unset();
session_destroy();
}
// destroy the user object
if($this->user) unset($this->user);
$this->authMsg = "NOTICE: You have been signed off.
";
$this->displayLogin('logout');
}
// takes a mysql-formatted timestamp and creates an array
function parseDate($date)
{
$dateVar['month'] = substr($date, 4, 2);
$dateVar['day'] = substr($date, 6, 2);
$dateVar['year'] = substr($date, 0, 4);
$dateVar['hour'] = substr($date, 8, 2);
$dateVar['min'] = substr($date, 10, 2);
$dateVar['sec'] = substr($date, 12, 2);
return $dateVar;
}
// this is a groovy lil function. Automatically creates a date dropdown for ya!!
// 'type' will be reserved for full time/date drop (5 fields) or just the date drop
// 'name' is the primary name of the date fields (eg. "created" or "modified")
// 'selected' is a date/time entry. if entered, it will return the proper fields as "SELECTED"
function makeDateDrop($type,$name,$selected)
{
// let's extract all of our date info from the selected
if($selected) $selDate = $this->parseDate($selected);
if($type == "date-time" || $type == "date") {
// ok, so first, let's create the month dropdown
$myMonths = explode(",",",Jan,Feb,Mar,Apr,May,Jun,Jul,Aug,Sep,Oct,Nov,Dec");
$month = "";
// day dropdown
$day = "";
// year dropdown
$year = "";
// now let's create the table data we need
$date = "