Location: PHPKode > projects > HERMES PHP-Based Business Mgmt > hermes-0.4.1/index2.php
<?php 
/*****************************************************************************
 *                                                                           *
 *                    HERMES Main Application Server Engine                  *
 *                                                                           *
 *                        	By Chris Travers                             *
 *                                                                           *
 *****************************************************************************/

/*
 * This file is the main application server module of HERMES.  It handles the
 * base state of the application, the user authentication, and presentation 
 * engine selection.
 */


session_start();
include "config.php";
include_once "DBAL.php";
include_once "pam.d/pam.obj.php";
include_once "pam.d/pam/pam.php";

if ($HTTP_COOKIE_VARS["login"]){
	$username=$HTTP_COOKIE_VARS["login"];
}

if ($username=="" || $password== ""){
	include "login.htm";
	end;
}

setcookie("login", $username);

// Necessary due to the order in which global variables are registered.
// This is a fix for the problem where the database password is changed
// or due to a bug incorrectly serialized in the session, and then it 
// becomes impossible to correct the problem without closing all internet
// brower windows...

if (($HTTP_POST_VARS["username"] && $username !=$HTTP_POST_VARS["username"])
	|| ($HTTP_POST_VARS["password"] && 
		$password !=$HTTP_POST_VARS["password"])){

	$password=$HTTP_POST_VARS["password"];
	$current_user=login($username, $password);

	//for backward compatibility-- may be removed in the future
	//please use the $current_user object instead.

	$user_id=$current_user->uid;
	$user_is_admin=$current_user->is_admin;

} else {
	$current_user=login ($username, $password);
}


if ($debug==10){
	print "Printing out passed argument arrays:<br><pre>";
	print "Post variables:";
	print_r ($HTTP_POST_VARS);
	print "Get variables:";
	print_r ($HTTP_GET_VARS);
	print "Current_user Object:";
	print_r ($current_user);
	?></pre><?
}


//if !connected, take us to the login screen and end.

if (!$connection && !$current_user->connection["rdbms"]){
	?><h1>Login Failed.  Please check your password and try again.</h1>
	<? 
	include "login.htm";
	die;
}

// Grabbing the form_count variables-- 

$HomeRecord=SQLQuery(
	"SELECT form_count, home_form
	FROM " . $current_user->users_table . "
	WHERE login='". $current_user->login . "'"
	);

if ($UserRow=FetchArray($HomeRecord)){

	$herm_form_count=$UserRow["form_count"];

	if ($herm_form_count > 1000){
		$herm_new_form_count=$herm_form_count - 999;
	} else {
		$herm_new_form_count=$herm_form_count + 1;
	}

	if ($debug>=5){
		print "herm_form_count=$herm_form_count<br>";
		print "herm_new_form_count=$herm_new_form_count<br>";
	}

	SQLQuery ("UPDATE owners SET form_count='$herm_new_form_count'
		WHERE login='$username'");

	/* The question is how to ensure that the same entry is not resubmitted
	 * and inserted into the database as a separate record.  We make the 
	 * following assumptions in order to make this work transparently:
	 *
	 * 1: The most damaging possibility is that of a user submitting a 
	 * form twice which results in a duplicate insertion in the database.
	 * Duplicate updates which are identical are not a threat, nor are 
	 * duplicate selects.
	 * 
	 * 2: Hyperlinks will not be likely to be used to act as triggers for 
	 * inserts.  If this is done, then things become a little more 
	 * complicated (workaround-- pass form_count via hyperlink).
	 *
	 * NOTE:  This will not prevent malicious duplication of the data--
	 * there is no way to do that with such an application.  This prevents
	 * accidental duplication due to duplicate form submissions.
	 */
	if ($form_count && 
		($form_count != $herm_form_count) &&
		!file_exists("misc/locks/$username-$form_count")){


		print "HERMES has detected a 
			possible duplicate submission. This can happen if you 
			press the submit button multiple times.<br>
			In order to preserve the integrity of the information, 
			the database will not be accessed by this 
			transaction until the problem is resolved.<br><br>

			<b>What to do for now:</b> Press the refresh button on
			your browser in order to go back to your home page or
			use the hyperlinks on the left-hand side of the page.
			You can then try your transaction again.<br><br>

			If problem persists, please contact your help-desk or 
			system administrator. <br>";
		if ($debug){
			print "Form ID submitted was $form_count and HERMES was
				expecting $herm_form_count <br>";
		}
		$hermes_no_db=true;
	} else {
		$hermes_no_db=false;

		// intended to delete a lock if we have one.
		if (file_exists ("misc/locks/$username-$form_count")){
			unlink ("misc/locks/$username-$form_count");
		}
	}
	if (!$form){

		$user_id=$current_user->uid;
		session_register('password');
		session_register('user_id');
		session_register('user_is_admin');
		$user_is_admin=$UserRow["admin"];
		if ($debug>=5){
			print"UserID=$user_id<br>";
		}


/*
 * If HomeForm field is not zero or null, then use it as the default
 * Else use Customers.
 */

   
		if ($UserRow["home_form"]) 
			$form = $UserRow["home_form"];
		else 
       			$form = $default_form;
	



	} 

} else {

//displayed if user can login but is not in the Owner's table.

		print "<HTML><BODY>You are not authorized to use this tool.  
			Please contact your system or database administrator.
			</body></html>";
		die;
}

if ($hermes_engine)
	include "$hermes_engine.php";
else
	include "HermesConsole.php";
?>
Return current item: HERMES PHP-Based Business Mgmt