Location: PHPKode > projects > HERMES PHP-Based Business Mgmt > hermes-0.4.1/index2.php
 *                                                                           *
 *                    HERMES Main Application Server Engine                  *
 *                                                                           *
 *                        	By Chris Travers                             *
 *                                                                           *

 * This file is the main application server module of HERMES.  It handles the
 * base state of the application, the user authentication, and presentation 
 * engine selection.

include "config.php";
include_once "DBAL.php";
include_once "pam.d/pam.obj.php";
include_once "pam.d/pam/pam.php";

if ($HTTP_COOKIE_VARS["login"]){

if ($username=="" || $password== ""){
	include "login.htm";

setcookie("login", $username);

// Necessary due to the order in which global variables are registered.
// This is a fix for the problem where the database password is changed
// or due to a bug incorrectly serialized in the session, and then it 
// becomes impossible to correct the problem without closing all internet
// brower windows...

if (($HTTP_POST_VARS["username"] && $username !=$HTTP_POST_VARS["username"])
	|| ($HTTP_POST_VARS["password"] && 
		$password !=$HTTP_POST_VARS["password"])){

	$current_user=login($username, $password);

	//for backward compatibility-- may be removed in the future
	//please use the $current_user object instead.


} else {
	$current_user=login ($username, $password);

if ($debug==10){
	print "Printing out passed argument arrays:<br><pre>";
	print "Post variables:";
	print_r ($HTTP_POST_VARS);
	print "Get variables:";
	print_r ($HTTP_GET_VARS);
	print "Current_user Object:";
	print_r ($current_user);

//if !connected, take us to the login screen and end.

if (!$connection && !$current_user->connection["rdbms"]){
	?><h1>Login Failed.  Please check your password and try again.</h1>
	include "login.htm";

// Grabbing the form_count variables-- 

	"SELECT form_count, home_form
	FROM " . $current_user->users_table . "
	WHERE login='". $current_user->login . "'"

if ($UserRow=FetchArray($HomeRecord)){


	if ($herm_form_count > 1000){
		$herm_new_form_count=$herm_form_count - 999;
	} else {
		$herm_new_form_count=$herm_form_count + 1;

	if ($debug>=5){
		print "herm_form_count=$herm_form_count<br>";
		print "herm_new_form_count=$herm_new_form_count<br>";

	SQLQuery ("UPDATE owners SET form_count='$herm_new_form_count'
		WHERE login='$username'");

	/* The question is how to ensure that the same entry is not resubmitted
	 * and inserted into the database as a separate record.  We make the 
	 * following assumptions in order to make this work transparently:
	 * 1: The most damaging possibility is that of a user submitting a 
	 * form twice which results in a duplicate insertion in the database.
	 * Duplicate updates which are identical are not a threat, nor are 
	 * duplicate selects.
	 * 2: Hyperlinks will not be likely to be used to act as triggers for 
	 * inserts.  If this is done, then things become a little more 
	 * complicated (workaround-- pass form_count via hyperlink).
	 * NOTE:  This will not prevent malicious duplication of the data--
	 * there is no way to do that with such an application.  This prevents
	 * accidental duplication due to duplicate form submissions.
	if ($form_count && 
		($form_count != $herm_form_count) &&

		print "HERMES has detected a 
			possible duplicate submission. This can happen if you 
			press the submit button multiple times.<br>
			In order to preserve the integrity of the information, 
			the database will not be accessed by this 
			transaction until the problem is resolved.<br><br>

			<b>What to do for now:</b> Press the refresh button on
			your browser in order to go back to your home page or
			use the hyperlinks on the left-hand side of the page.
			You can then try your transaction again.<br><br>

			If problem persists, please contact your help-desk or 
			system administrator. <br>";
		if ($debug){
			print "Form ID submitted was $form_count and HERMES was
				expecting $herm_form_count <br>";
	} else {

		// intended to delete a lock if we have one.
		if (file_exists ("misc/locks/$username-$form_count")){
			unlink ("misc/locks/$username-$form_count");
	if (!$form){

		if ($debug>=5){

 * If HomeForm field is not zero or null, then use it as the default
 * Else use Customers.

		if ($UserRow["home_form"]) 
			$form = $UserRow["home_form"];
       			$form = $default_form;


} else {

//displayed if user can login but is not in the Owner's table.

		print "<HTML><BODY>You are not authorized to use this tool.  
			Please contact your system or database administrator.

if ($hermes_engine)
	include "$hermes_engine.php";
	include "HermesConsole.php";
Return current item: HERMES PHP-Based Business Mgmt