Location: PHPKode > projects > GWAAU > lib/main.php
<?php
/*
    GWAAU (Groupware Aalborg University)
    Copyright (C) 2003  	
			Anders Damm Christensen
			Andreas Bager
			Claus Methmann Christensen <hide@address.com>
			Esben Iversen Hansen
			Lars Michael Hansen
			Nils Magnus Yde Thomassen
			Thomas Ramdal

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

    INSTALL
    - extract all files to a directory
    - create a new mySQL db and import db/db.sql into it
    - set the dbvariables in database.php
    - and you are done

*/


require_once("database.php");

$hidden_hash_var='homolort';

//redirecter bruger hvis han ikke er logget paa
if ( user_isloggedin() == false && basename($_SERVER[PHP_SELF]) != "login.php" && basename($_SERVER[PHP_SELF]) != "register.php" && basename($_SERVER[PHP_SELF]) != "changepass.php" && basename($_SERVER[PHP_SELF]) != "changeemail.php"  && basename($_SERVER[PHP_SELF]) != "confirm.php" ) {
header("location:login.php");
}

function user_isloggedin()
{
	global $hidden_hash_var,$LOGGED_IN;
	//have we already run the hash checks? 
	//If so, return the pre-set var
	if (isset($LOGGED_IN)) {
		return $LOGGED_IN;
	}
	if ($_REQUEST["user_name"] && $_REQUEST["id_hash"]) {
		$hash=md5($_REQUEST["user_name"].$hidden_hash_var);
		if ($hash == $_REQUEST["id_hash"]) {
			$LOGGED_IN=true;
			return true;
		} else {
			$LOGGED_IN=false;
			return false;
		}
	} else {
		$LOGGED_IN=false;
		return false;
	}
}

function user_login($user_name,$password)
{
	global $feedback;
	if (!$user_name || !$password) {
		$feedback .=  ' Fejl i indtastning af brugernavn eller password ';
		return false;
	} else {
		$user_name=strtolower($user_name);
		$password=strtolower($password);
		$sql="SELECT * FROM user WHERE user_name='$user_name' AND password='". md5($password) ."'";
		$result=db_query($sql);
		if (!$result || db_numrows($result) < 1){
			$feedback .=  ' Forkert password - prøv igen! ';
			return false;
		} else {
			if (db_result($result,0,'is_confirmed') == '1') {
				user_set_tokens($user_name);
				header("LOCATION: index.php");
				return true;
			} else {
				$feedback .=  ' Brugeren eksisterer ikke - prøv igen! ';
				return false;
			}
		}
	}
}
	
function user_logout()
{
	setcookie('user_name','',(time()+2592000),'/','',0);
	setcookie('id_hash','',(time()+2592000),'/','',0);
}

function validate_email ($address) {
	return (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'. '[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $address));
}

function user_set_tokens($user_name_in)
{
	global $hidden_hash_var,$user_name,$id_hash;
	if (!$user_name_in) {
		$feedback .=  ' Der opstod en fejl i forbindelse med en cookie. ';
		return false;
	}
	$user_name=strtolower($user_name_in);
	$id_hash= md5($user_name.$hidden_hash_var);

	setcookie('user_name',$user_name,(time()+2592000),'/','',0);
	setcookie('id_hash',$id_hash,(time()+2592000),'/','',0);
}

function user_register($user_name,$password1,$password2,$email,$real_name) {
	global $feedback,$hidden_hash_var;

	//all vars present and passwords match?
	if ($_REQUEST["user_name"] && $_REQUEST["password1"] && $_REQUEST["password1"]==$_REQUEST["password2"] && $_REQUEST["email"] && validate_email($_REQUEST["email"])) {

		//password and name are valid? And real name greater than zero
		if (account_namevalid($_REQUEST["user_name"]) && account_pwvalid($_REQUEST["password1"] && strlen($_REQUEST["real_name"])>0)) {
			$_REQUEST["user_name"]=strtolower($_REQUEST["user_name"]);
			$_REQUEST["password1"]=strtolower($_REQUEST["password1"]);

			//does the name exist in the database?
			$sql="SELECT * FROM user WHERE user_name='$user_name'";
			$result=db_query($sql);
			if ($result && db_numrows($result) > 0) {
				$feedback .=  ' Brugernavnet er allerede i brug ';
//				$user_name='';
				return false;
			} else {
				//create a new hash to insert into the db and the confirmation email
				$hash=md5($_REQUEST["email"].$hidden_hash_var);
				$sql="INSERT INTO user (user_name,real_name,password,email,remote_addr,confirm_hash,is_confirmed) ".
					"VALUES ('$user_name','$real_name','". md5($password1) ."','$email','$GLOBALS[REMOTE_ADDR]','$hash','0')"; // det sidste 0/1 afgør om brugeren har confirmed.
				$result=db_query($sql);
				if (!$result) {
					$feedback .= ' Fejl - '.db_error();
					return false;
				} else {
					//send the confirm email
					user_send_confirm_email($_REQUEST["email"],$hash, $_REQUEST["user_name"], $_REQUEST["password1"]);
					$feedback .= ' Tillykke du er nu registreret. Bekræft venligst via afsendt email. ';
					return true;
				}
			}
		} else {
			$feedback .=  ' Brugernavn eller password er ugyldigt. ';
			return false;
		}
	} else {
		$feedback .=  ' Fejl i indtastning. Kontroller følgende:<br><br> - Brugernavn må ikke indeholde ikke-standardtegn eller mellemrum.<br> - Gyldig emailadresse. Eksempel: hide@address.com <br> - Kodeord skal være identiske. ';
		return false;
	}
}

function user_confirm($hash,$email) {
	/*
		Call this function on the user confirmation page,
		which they arrive at when the click the link in the
		account confirmation email
	*/

	global $feedback,$hidden_hash_var;

	//verify that they didn't tamper with the email address
	$new_hash=md5($email.$hidden_hash_var);
	if ($new_hash && ($new_hash==$hash)) {

		//find this record in the db
		$sql="SELECT * FROM user WHERE confirm_hash='$hash'";
		$result=db_query($sql);
		if (!$result || db_numrows($result) < 1) {
			$feedback .= ' Fejl - kodeordet stemmer ikke overens med databasens ';
			return false;
		} else {

			//confirm the email and set account to active
			$feedback .= ' Din brugerkonto er nu aktiveret, og du er nu logget ind i systemet. ';
			user_set_tokens(db_result($result,0,'user_name'));
			$sql="UPDATE user SET email='$email',is_confirmed='1' WHERE confirm_hash='$hash'";
			$result=db_query($sql);
			return true;
		}
	} else {
		$feedback .= ' Fejl - kodeordet stemmer ikke overens med databasens hash ';
		return false;
	}

}


function user_send_confirm_email($email,$hash,$user_name,$password) {
	/*
		Used in the initial registration function
		as well as the change email address function
	*/

	$message = "Hej".
		"\n Du er nu registreret hos GWAAU.".
		"\n\n Dit brugernavn er: ".$user_name.
		"\n Dit kodeord er: ".$password.
		"\nTryk på nedenstående link, for at aktivere din brugerkonto: ".
		"\n\nhttp://www.but.auc.dk/projekt/33grd323/gw/confirm.php?hash=$hash&email=". urlencode($_REQUEST["email"]);
	mail ($_REQUEST["email"],'Aktiveringsmail',$message,'From: hide@address.com');
}

function account_pwvalid($pw) {
	global $feedback;
	if (strlen($pw) < 1) {
		$feedback .= " Du skal mindst have en karakter i dit kodeord. ";
		return false;
	}
	return true;
}

function account_namevalid($name) {
	global $feedback;
	// no spaces
	if (strrpos($name,' ') > 0) {
		$feedback .= " Brugernavn må ikke holdeholde ophold (mellemrum). ";
		return false;
	}

	// must have at least one character
	if (strspn($name,"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") == 0) {
		$feedback .= "Dit navn skal være mindst en karakter.";
		return false;
	}

	// must contain all legal characters
	if (strspn($name,"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_")
		!= strlen($name)) {
		$feedback .= " Ugyldig karakter i brugernavnet. Brug kun standardkarakterer. ";
		return false;
	}

	// min and max length
	if (strlen($name) < 1) {
		$feedback .= " Brugernavn skal være mindst en karakter. ";
		return false;
	}
	if (strlen($name) > 15) {
		$feedback .= "Brugernavn må højst være 15 karakterer.";
		return false;
	}

	// illegal names
	if (eregi("^((root)|(bin)|(daemon)|(adm)|(lp)|(sync)|(shutdown)|(halt)|(mail)|(news)"
		. "|(uucp)|(operator)|(games)|(mysql)|(httpd)|(nobody)|(dummy)"
		. "|(www)|(cvs)|(shell)|(ftp)|(irc)|(debian)|(ns)|(download))$",$name)) {
		$feedback .= "Ugyldigt brugernavn. Ordet er reserveret til systemet.";
		return 0;
	}
	if (eregi("^(anoncvs_)",$name)) {
		$feedback .= "Brugernavnet er reserveret til CVS.";
		return false;
	}

	return true;
}

//lige og ulige
function evenodd()
{
	global $bool;
	if ($bool) {
		$bool = false;
		return "odd";
	}
	else {
		$bool = true;
		return "even";
	}
}

function getmenu()
{
	$arr_menu = array(
			"planlaegning"=>"Planlægning",
			"logbog"=>"Logbog",
			"filhaandtering"=>"Filhåndtering",
			"kommunikation"=>"Kommunikation",
			"medlemmer"=>"Medlemmer",
			"kilder"=>"Kilder",
			//"soeg"=>"Søg"
			);
	
		$arr_menu_titles = array(
			"planlaegning"=>"Gruppens planlægningsværktøjer",
			"logbog"=>"Oversigt over logbøger, samt mulighed for at: Oprette ny, rette i eksisterende og søge",
			"filhaandtering"=>"Filhåndtering",
			"kommunikation"=>"Chat, forum, postit",
			"medlemmer"=>"Oversigt og oplysninger over medlemmer",
			"kilder"=>"Gruppens samling af kilder",
			//"soeg"=>"Søg"
			);

	if ( basename($_SERVER["PHP_SELF"]) == "index.php" ) {
		$output .= "<a class='menuitem' style='color:#000000' href='index.php' title='Gå til forsiden'>Forside</a>";
	}
	else {
		$output .= "<a class='menuitem' href='index.php' title='Gå til forsiden'>Forside</a>";
	}

	foreach( $arr_menu as $key=>$val ) {
		if ( $key.".php" == basename($_SERVER["PHP_SELF"]) ) {
			$output .= " || <a class='menuitem' style='color:#000000' href='$key.php' title='$arr_menu_titles[$key]'>$val</a>";
		}
		else {
			$output .= " || <a class='menuitem' href='$key.php' title='$arr_menu_titles[$key]'>$val</a>";
		}
	}
	$output.="<br>";
	return $output;
}

function submenu($arr_heads,$arr_tails)
{
	global $mode;
	
	$heads = sizeof($arr_heads);
	$tails = sizeof($arr_tails);	
	
	if ( is_array($arr_heads) && is_array($arr_tails) ) {
		$output = "<table width='150px' cellspacing='0' cellpadding='3'>";
		$i = 0;

		foreach ( $arr_heads as $key=>$val ) {
			$i++;
			if ( $i == $heads ) {
				if ( $heads > 1 ) {
					$output .= "<tr><td class='space' colspan='2'>&nbsp;</td></tr>";
				}
//				$output .= "<tr><td class='current' width='90%'>$key</td><td class='current' align='center' width='10%'><img src='graphics/down.png'></td></tr>";
				$output .= "<tr><td class='current' width='90%'>$key</td></tr>";
			}
			else {
				$output .= "<tr><td class='head'><a class='head' href='?mode=$val'>$key</a></td><td class='head' align='center'><img src='graphics/right.png'></td></tr>";
			}
		}
		foreach ( $arr_tails as $key=>$val ) {
			if ( $val == $mode ) {
				$output .= "<tr><td colspan='2'><a class='current' href='?mode=$val'>$key</a></td></tr>";
			}
			else {
				$output .= "<tr><td colspan='2'><a class='tail' href='?mode=$val'>$key</a></td></tr>";
			}
		}
		$output .= "</table>";
	}
	else {
		//$output = "<img src='graphics/bom.jpg'>";
	}
	
	return $output;
}


function gettop()
{
	
	return "
			<table cellpadding='0' cellspacing='0' width='100%' border='0'>
				<tr>
					<td style='padding-left:0px'><a href='index.php'><img src='graphics/logo.png' border='0' alt='Forside'></a></td>
					<td style='padding-right:0px; font-size:11px; text-align:right; vertical-align:bottom;'><a class='headeritem' href='logout.php'>Log ud</a></td>
				</tr>
			</table>
			";
}

//henter header
function getheader($title="GWAAU")
{
	global $arr_heads, $arr_tails;

	$submenu = submenu($arr_heads, $arr_tails);

	return "
	<html>
	<head>
	<link rel='stylesheet' href='css/css.css'>
	<title>$title</title>
	</head>
	<body>
	<table cellpadding='0' cellspacing='0' class='maintable' border='0'>
		<tr>
			<td class='headerrow' colspan='2'>".gettop()."</td>
		</tr>
		<tr>
			<td class='menurow' colspan='2'>".getmenu()."
			</td>
		</tr>
		<tr>
			<td align='left' class='submenu'>$submenu
			</td>
			<td align='left' class='body'>";
}

//henter bottom
function getbottom()
{
	return "</td></tr></table></body></html>";
}


function getDeleteButton($mode,$text="Ønsker du at slette?",$button="Slet")
{
	$output = getJavaConfirmDelete($text,$mode);	
	$output .= "<input class='button' type='button' value='$button' onClick='confirm_delete()'>";
	
	return $output;	
}

/*
function choices_edit($minus=2,$text="Ønsker du at slette?")
{
	global $arr_mode;
	
	$output = "
	<input class='button' type='button' value='Ok' onclick=\"document.form.action='?mode=".mode_replace($arr_mode,"ok",$minus)."'; submit();\">
	<input class='button' type='button' value='Annuller' onclick=\"document.form.action='?mode=".mode_replace($arr_mode,"cancel",$minus)."'; submit();\">
	<input class='button' type='button' value='Anvend' onclick=\"document.form.action='?mode=".mode_replace($arr_mode,"apply",$minus)."'; submit();\">
	";

	return $output;
}
*/

function content($input)
{
	global $feedback;
	$output = getheader();
	if ($feedback) {
		$output .= "<h3>$feedback</h3>";
	}
	$output .=	"
					<table>
					<tr>
						<td class='content'>".$input."</td>					
					</tr>
					</table>
					";

	$output .= getbottom();
	return $output;					
}


//<input type='checkbox' onClick='checkall(this)'>
function getJavaCheckAll()
{
	return	"
			<script language='javascript' type='text/javascript'>
				function checkall( elem ){
					var form = document.form;
						for( i  =0; i<form.length; i++ ){
							if( form.elements[ i ].type == 'checkbox' ) {
								form.elements[ i ].checked = elem.checked;
							}
						}
				}
			</script>	
			";	
}

function getJavaConfirmDelete($text,$mode)
{
	return	"
			<script language='Javascript'>
			function confirm_delete() {
				if (confirm(\"$text\")) {
					document.form.action='?mode=$mode';
					document.form.submit();
					return true
			    }
			    return false
			}
			</script>
			";
}

//popup kalender
//<a href=\"javascript:newwindow('formfelt');\">Vælg dato</a>
function getJavaPopupCalender()
{
	return	"
			<script>
				function newwindow(field,form,fdate)
				{					
					arr_date = fdate.split('-');
					month = arr_date[1];
					year = arr_date[2];
					window.open('inc/calender.popup.php?fdate='+fdate+'&month='+month+'&year='+year+'&field='+field+'&form='+form,'','toolbar=0,location=0,scrollbars=0,width=225,height=160');
				}
			</script>
			";
}


function make_timestamp($timestamp)
{
	$arr_timestamp = split("[-]", $timestamp);
	$day = $arr_timestamp[0];
	$month = $arr_timestamp[1];
	$year = $arr_timestamp[2];
	return mktime(0,0,0,$month,$day,$year);
}

?>
Return current item: GWAAU