<?php
/*
GWAAU (Groupware Aalborg University)
Copyright (C) 2003
Anders Damm Christensen
Andreas Bager
Claus Methmann Christensen <hide@address.com>
Esben Iversen Hansen
Lars Michael Hansen
Nils Magnus Yde Thomassen
Thomas Ramdal
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
INSTALL
- extract all files to a directory
- create a new mySQL db and import db/db.sql into it
- set the dbvariables in database.php
- and you are done
*/
require_once("database.php");
$hidden_hash_var='homolort';
//redirecter bruger hvis han ikke er logget paa
if ( user_isloggedin() == false && basename($_SERVER[PHP_SELF]) != "login.php" && basename($_SERVER[PHP_SELF]) != "register.php" && basename($_SERVER[PHP_SELF]) != "changepass.php" && basename($_SERVER[PHP_SELF]) != "changeemail.php" && basename($_SERVER[PHP_SELF]) != "confirm.php" ) {
header("location:login.php");
}
function user_isloggedin()
{
global $hidden_hash_var,$LOGGED_IN;
//have we already run the hash checks?
//If so, return the pre-set var
if (isset($LOGGED_IN)) {
return $LOGGED_IN;
}
if ($_REQUEST["user_name"] && $_REQUEST["id_hash"]) {
$hash=md5($_REQUEST["user_name"].$hidden_hash_var);
if ($hash == $_REQUEST["id_hash"]) {
$LOGGED_IN=true;
return true;
} else {
$LOGGED_IN=false;
return false;
}
} else {
$LOGGED_IN=false;
return false;
}
}
function user_login($user_name,$password)
{
global $feedback;
if (!$user_name || !$password) {
$feedback .= ' Fejl i indtastning af brugernavn eller password ';
return false;
} else {
$user_name=strtolower($user_name);
$password=strtolower($password);
$sql="SELECT * FROM user WHERE user_name='$user_name' AND password='". md5($password) ."'";
$result=db_query($sql);
if (!$result || db_numrows($result) < 1){
$feedback .= ' Forkert password - prøv igen! ';
return false;
} else {
if (db_result($result,0,'is_confirmed') == '1') {
user_set_tokens($user_name);
header("LOCATION: index.php");
return true;
} else {
$feedback .= ' Brugeren eksisterer ikke - prøv igen! ';
return false;
}
}
}
}
function user_logout()
{
setcookie('user_name','',(time()+2592000),'/','',0);
setcookie('id_hash','',(time()+2592000),'/','',0);
}
function validate_email ($address) {
return (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'. '[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $address));
}
function user_set_tokens($user_name_in)
{
global $hidden_hash_var,$user_name,$id_hash;
if (!$user_name_in) {
$feedback .= ' Der opstod en fejl i forbindelse med en cookie. ';
return false;
}
$user_name=strtolower($user_name_in);
$id_hash= md5($user_name.$hidden_hash_var);
setcookie('user_name',$user_name,(time()+2592000),'/','',0);
setcookie('id_hash',$id_hash,(time()+2592000),'/','',0);
}
function user_register($user_name,$password1,$password2,$email,$real_name) {
global $feedback,$hidden_hash_var;
//all vars present and passwords match?
if ($_REQUEST["user_name"] && $_REQUEST["password1"] && $_REQUEST["password1"]==$_REQUEST["password2"] && $_REQUEST["email"] && validate_email($_REQUEST["email"])) {
//password and name are valid? And real name greater than zero
if (account_namevalid($_REQUEST["user_name"]) && account_pwvalid($_REQUEST["password1"] && strlen($_REQUEST["real_name"])>0)) {
$_REQUEST["user_name"]=strtolower($_REQUEST["user_name"]);
$_REQUEST["password1"]=strtolower($_REQUEST["password1"]);
//does the name exist in the database?
$sql="SELECT * FROM user WHERE user_name='$user_name'";
$result=db_query($sql);
if ($result && db_numrows($result) > 0) {
$feedback .= ' Brugernavnet er allerede i brug ';
// $user_name='';
return false;
} else {
//create a new hash to insert into the db and the confirmation email
$hash=md5($_REQUEST["email"].$hidden_hash_var);
$sql="INSERT INTO user (user_name,real_name,password,email,remote_addr,confirm_hash,is_confirmed) ".
"VALUES ('$user_name','$real_name','". md5($password1) ."','$email','$GLOBALS[REMOTE_ADDR]','$hash','0')"; // det sidste 0/1 afgør om brugeren har confirmed.
$result=db_query($sql);
if (!$result) {
$feedback .= ' Fejl - '.db_error();
return false;
} else {
//send the confirm email
user_send_confirm_email($_REQUEST["email"],$hash, $_REQUEST["user_name"], $_REQUEST["password1"]);
$feedback .= ' Tillykke du er nu registreret. Bekræft venligst via afsendt email. ';
return true;
}
}
} else {
$feedback .= ' Brugernavn eller password er ugyldigt. ';
return false;
}
} else {
$feedback .= ' Fejl i indtastning. Kontroller følgende:<br><br> - Brugernavn må ikke indeholde ikke-standardtegn eller mellemrum.<br> - Gyldig emailadresse. Eksempel: hide@address.com <br> - Kodeord skal være identiske. ';
return false;
}
}
function user_confirm($hash,$email) {
/*
Call this function on the user confirmation page,
which they arrive at when the click the link in the
account confirmation email
*/
global $feedback,$hidden_hash_var;
//verify that they didn't tamper with the email address
$new_hash=md5($email.$hidden_hash_var);
if ($new_hash && ($new_hash==$hash)) {
//find this record in the db
$sql="SELECT * FROM user WHERE confirm_hash='$hash'";
$result=db_query($sql);
if (!$result || db_numrows($result) < 1) {
$feedback .= ' Fejl - kodeordet stemmer ikke overens med databasens ';
return false;
} else {
//confirm the email and set account to active
$feedback .= ' Din brugerkonto er nu aktiveret, og du er nu logget ind i systemet. ';
user_set_tokens(db_result($result,0,'user_name'));
$sql="UPDATE user SET email='$email',is_confirmed='1' WHERE confirm_hash='$hash'";
$result=db_query($sql);
return true;
}
} else {
$feedback .= ' Fejl - kodeordet stemmer ikke overens med databasens hash ';
return false;
}
}
function user_send_confirm_email($email,$hash,$user_name,$password) {
/*
Used in the initial registration function
as well as the change email address function
*/
$message = "Hej".
"\n Du er nu registreret hos GWAAU.".
"\n\n Dit brugernavn er: ".$user_name.
"\n Dit kodeord er: ".$password.
"\nTryk på nedenstående link, for at aktivere din brugerkonto: ".
"\n\nhttp://www.but.auc.dk/projekt/33grd323/gw/confirm.php?hash=$hash&email=". urlencode($_REQUEST["email"]);
mail ($_REQUEST["email"],'Aktiveringsmail',$message,'From: hide@address.com');
}
function account_pwvalid($pw) {
global $feedback;
if (strlen($pw) < 1) {
$feedback .= " Du skal mindst have en karakter i dit kodeord. ";
return false;
}
return true;
}
function account_namevalid($name) {
global $feedback;
// no spaces
if (strrpos($name,' ') > 0) {
$feedback .= " Brugernavn må ikke holdeholde ophold (mellemrum). ";
return false;
}
// must have at least one character
if (strspn($name,"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") == 0) {
$feedback .= "Dit navn skal være mindst en karakter.";
return false;
}
// must contain all legal characters
if (strspn($name,"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_")
!= strlen($name)) {
$feedback .= " Ugyldig karakter i brugernavnet. Brug kun standardkarakterer. ";
return false;
}
// min and max length
if (strlen($name) < 1) {
$feedback .= " Brugernavn skal være mindst en karakter. ";
return false;
}
if (strlen($name) > 15) {
$feedback .= "Brugernavn må højst være 15 karakterer.";
return false;
}
// illegal names
if (eregi("^((root)|(bin)|(daemon)|(adm)|(lp)|(sync)|(shutdown)|(halt)|(mail)|(news)"
. "|(uucp)|(operator)|(games)|(mysql)|(httpd)|(nobody)|(dummy)"
. "|(www)|(cvs)|(shell)|(ftp)|(irc)|(debian)|(ns)|(download))$",$name)) {
$feedback .= "Ugyldigt brugernavn. Ordet er reserveret til systemet.";
return 0;
}
if (eregi("^(anoncvs_)",$name)) {
$feedback .= "Brugernavnet er reserveret til CVS.";
return false;
}
return true;
}
//lige og ulige
function evenodd()
{
global $bool;
if ($bool) {
$bool = false;
return "odd";
}
else {
$bool = true;
return "even";
}
}
function getmenu()
{
$arr_menu = array(
"planlaegning"=>"Planlægning",
"logbog"=>"Logbog",
"filhaandtering"=>"Filhåndtering",
"kommunikation"=>"Kommunikation",
"medlemmer"=>"Medlemmer",
"kilder"=>"Kilder",
//"soeg"=>"Søg"
);
$arr_menu_titles = array(
"planlaegning"=>"Gruppens planlægningsværktøjer",
"logbog"=>"Oversigt over logbøger, samt mulighed for at: Oprette ny, rette i eksisterende og søge",
"filhaandtering"=>"Filhåndtering",
"kommunikation"=>"Chat, forum, postit",
"medlemmer"=>"Oversigt og oplysninger over medlemmer",
"kilder"=>"Gruppens samling af kilder",
//"soeg"=>"Søg"
);
if ( basename($_SERVER["PHP_SELF"]) == "index.php" ) {
$output .= "<a class='menuitem' style='color:#000000' href='index.php' title='Gå til forsiden'>Forside</a>";
}
else {
$output .= "<a class='menuitem' href='index.php' title='Gå til forsiden'>Forside</a>";
}
foreach( $arr_menu as $key=>$val ) {
if ( $key.".php" == basename($_SERVER["PHP_SELF"]) ) {
$output .= " || <a class='menuitem' style='color:#000000' href='$key.php' title='$arr_menu_titles[$key]'>$val</a>";
}
else {
$output .= " || <a class='menuitem' href='$key.php' title='$arr_menu_titles[$key]'>$val</a>";
}
}
$output.="<br>";
return $output;
}
function submenu($arr_heads,$arr_tails)
{
global $mode;
$heads = sizeof($arr_heads);
$tails = sizeof($arr_tails);
if ( is_array($arr_heads) && is_array($arr_tails) ) {
$output = "<table width='150px' cellspacing='0' cellpadding='3'>";
$i = 0;
foreach ( $arr_heads as $key=>$val ) {
$i++;
if ( $i == $heads ) {
if ( $heads > 1 ) {
$output .= "<tr><td class='space' colspan='2'> </td></tr>";
}
// $output .= "<tr><td class='current' width='90%'>$key</td><td class='current' align='center' width='10%'><img src='graphics/down.png'></td></tr>";
$output .= "<tr><td class='current' width='90%'>$key</td></tr>";
}
else {
$output .= "<tr><td class='head'><a class='head' href='?mode=$val'>$key</a></td><td class='head' align='center'><img src='graphics/right.png'></td></tr>";
}
}
foreach ( $arr_tails as $key=>$val ) {
if ( $val == $mode ) {
$output .= "<tr><td colspan='2'><a class='current' href='?mode=$val'>$key</a></td></tr>";
}
else {
$output .= "<tr><td colspan='2'><a class='tail' href='?mode=$val'>$key</a></td></tr>";
}
}
$output .= "</table>";
}
else {
//$output = "<img src='graphics/bom.jpg'>";
}
return $output;
}
function gettop()
{
return "
<table cellpadding='0' cellspacing='0' width='100%' border='0'>
<tr>
<td style='padding-left:0px'><a href='index.php'><img src='graphics/logo.png' border='0' alt='Forside'></a></td>
<td style='padding-right:0px; font-size:11px; text-align:right; vertical-align:bottom;'><a class='headeritem' href='logout.php'>Log ud</a></td>
</tr>
</table>
";
}
//henter header
function getheader($title="GWAAU")
{
global $arr_heads, $arr_tails;
$submenu = submenu($arr_heads, $arr_tails);
return "
<html>
<head>
<link rel='stylesheet' href='css/css.css'>
<title>$title</title>
</head>
<body>
<table cellpadding='0' cellspacing='0' class='maintable' border='0'>
<tr>
<td class='headerrow' colspan='2'>".gettop()."</td>
</tr>
<tr>
<td class='menurow' colspan='2'>".getmenu()."
</td>
</tr>
<tr>
<td align='left' class='submenu'>$submenu
</td>
<td align='left' class='body'>";
}
//henter bottom
function getbottom()
{
return "</td></tr></table></body></html>";
}
function getDeleteButton($mode,$text="Ønsker du at slette?",$button="Slet")
{
$output = getJavaConfirmDelete($text,$mode);
$output .= "<input class='button' type='button' value='$button' onClick='confirm_delete()'>";
return $output;
}
/*
function choices_edit($minus=2,$text="Ønsker du at slette?")
{
global $arr_mode;
$output = "
<input class='button' type='button' value='Ok' onclick=\"document.form.action='?mode=".mode_replace($arr_mode,"ok",$minus)."'; submit();\">
<input class='button' type='button' value='Annuller' onclick=\"document.form.action='?mode=".mode_replace($arr_mode,"cancel",$minus)."'; submit();\">
<input class='button' type='button' value='Anvend' onclick=\"document.form.action='?mode=".mode_replace($arr_mode,"apply",$minus)."'; submit();\">
";
return $output;
}
*/
function content($input)
{
global $feedback;
$output = getheader();
if ($feedback) {
$output .= "<h3>$feedback</h3>";
}
$output .= "
<table>
<tr>
<td class='content'>".$input."</td>
</tr>
</table>
";
$output .= getbottom();
return $output;
}
//<input type='checkbox' onClick='checkall(this)'>
function getJavaCheckAll()
{
return "
<script language='javascript' type='text/javascript'>
function checkall( elem ){
var form = document.form;
for( i =0; i<form.length; i++ ){
if( form.elements[ i ].type == 'checkbox' ) {
form.elements[ i ].checked = elem.checked;
}
}
}
</script>
";
}
function getJavaConfirmDelete($text,$mode)
{
return "
<script language='Javascript'>
function confirm_delete() {
if (confirm(\"$text\")) {
document.form.action='?mode=$mode';
document.form.submit();
return true
}
return false
}
</script>
";
}
//popup kalender
//<a href=\"javascript:newwindow('formfelt');\">Vælg dato</a>
function getJavaPopupCalender()
{
return "
<script>
function newwindow(field,form,fdate)
{
arr_date = fdate.split('-');
month = arr_date[1];
year = arr_date[2];
window.open('inc/calender.popup.php?fdate='+fdate+'&month='+month+'&year='+year+'&field='+field+'&form='+form,'','toolbar=0,location=0,scrollbars=0,width=225,height=160');
}
</script>
";
}
function make_timestamp($timestamp)
{
$arr_timestamp = split("[-]", $timestamp);
$day = $arr_timestamp[0];
$month = $arr_timestamp[1];
$year = $arr_timestamp[2];
return mktime(0,0,0,$month,$day,$year);
}
?>