Location: PHPKode > scripts > Particle Gallery > auth.php
<?php
define("IN_SCRIPT", true);

require("includes/global.php");
$pagetitle = "Authorisation";

// check for actions
if ($_POST["username"] <> ""){
	$errormsg = $usr->signin($_POST["username"], $_POST["password"], $_POST["from"]);
	$usr->Auth(0);
} elseif ($_GET["do"] == "signout"){
	$usr->signout();
	
	if ($_GET["from"] <> ""){
		redirect($_GET["from"]);
	} else {
		redirect("index.php");
	}
} elseif ($_POST["do"] == "editprofile"){
	$errormsg = $usr->profile();
} elseif ($_POST["do"] == "register"){
	$errormsg = $usr->register();
} elseif ($_POST["do"] == "recover"){
	$errormsg = $usr->getpassword($_POST["email"]);
} elseif ($_POST["do"] == "deletemessage"){
	$errormsg = deletemessage($_POST["messageid"]);
} elseif ($_POST["do"] == "managemessages"){
	$errormsg = managemessages($_POST["ids"], $_POST["decision"], $_POST["allids"]);
}

// work out breadcrumbs
$bread = breadcrumbs("auth");

include("includes/page_header.php");

// work out main content
if ($_GET["page"] == "register"){
	if ($config["enableregistrations"] == "true" || $usr->Access > 2){
		// register page
		$t->set_var("DEFAULT_USERNAME", htmlspecialchars(un($_POST["rusername"])));
		$t->set_var("DEFAULT_EMAIL", htmlspecialchars(un($_POST["email"])));
		$t->set_file("page_content", "auth_register");
	} else {
		$t->set_file("page_content", "auth_noregister");
	}
	
} elseif ($_GET["page"] == "profile"){
	// my profile page
	$usr->Auth(1);
	$sql = "SELECT * FROM " . $dbprefix . "users WHERE userid = " . dbSecure(intval($_SESSION["userid"]));
	$pro = $db->execute($sql);
	if ($pro->rows < 1){ die("Unable to locate your profile!"); }
	
	if ($_POST["do"] == "editprofile"){
		$t->set_var("DEFAULT_EMAIL", un($_POST["email"]));
	} else {
		$t->set_var("DEFAULT_EMAIL", $pro->fields["email"]);
	}
	
	$t->set_var("FORM_LINK", "auth.php?page=profile");
	$t->set_var("LINK_SIGNOUT", "auth.php?do=signout");
	$t->set_file("page_content", "auth_profile");
	
} elseif ($usr->Access > 0){
	if ($usr->Access > 1){
		// get list of albums in need of moderation
		$sql = "SELECT DISTINCT albumid FROM " . $dbprefix . "images WHERE visible = 0 ORDER BY postdate ASC LIMIT 0, 20";
		$als = $db->execute($sql);
		$t->set_file("listbit", "listbit");
		if ($als->rows < 1){
			$t->set_file("listbit", "listbit_nolink");
			$t->set_var("LIST_TEXT", "None");
			$t->parse("ALBUM_ITEMS", "listbit");
		} else { do {
			$t->set_var("LIST_LINK", "viewalbum.php?albumid=" . $als->fields["albumid"]);
			$t->set_var("LIST_TEXT", fetchalbum($als->fields["albumid"], 1));
			$t->parse("ALBUM_ITEMS", "listbit", true);
		} while ($als->loop()); }
		
		// get list of images in need of moderation
		$sql = "SELECT * FROM " . $dbprefix . "reported ORDER BY postdate ASC LIMIT 0, 20";
		$rep = $db->execute($sql);
		$t->set_file("listbit", "listbit");
		if ($rep->rows < 1){
			$t->set_file("listbit", "listbit_nolink");
			$t->set_var("LIST_TEXT", "None");
			$t->parse("IMAGE_ITEMS", "listbit");
		} else { do {
			$t->set_var("LIST_LINK", "viewimage.php?imageid=" . $rep->fields["imageid"]);
			$t->set_var("LIST_TEXT", "#" . $rep->fields["imageid"] . " \"" . $rep->fields["reason"] . "\"");
			$t->parse("IMAGE_ITEMS", "listbit", true);
		} while ($rep->loop()); }
		
		$t->set_file("moderatepanel", "auth_cp_moderate");
		$t->parse("MODERATION_PANEL", "moderatepanel");
	}
	
	// viewing a message
	if ($_GET["messageid"] <> ""){
		$sql = "SELECT * FROM " . $dbprefix . "messages WHERE toid = " . dbSecure(intval($_SESSION["userid"])) . " AND messageid = " . dbSecure(intval($_GET["messageid"]));
		$vue = $db->execute($sql);
		if ($vue->rows < 1){
			$errormsg = "The message could not be found";
		} else {
			$sql = "UPDATE " . $dbprefix . "messages SET hasread = 1 WHERE messageid = " . intval($vue->fields["messageid"]);
			$db->execute($sql);
			
			$t->set_file("message", "auth_cp_messages_read");
			$t->set_var("MESSAGE_ID", $vue->fields["messageid"]);
			$t->set_var("MESSAGE_TITLE", $vue->fields["title"]);
			$t->set_var("MESSAGE_FROM", fetchsender($vue->fields["fromid"]));
			$t->set_var("MESSAGE_DATE", date($config["dateformat"], $vue->fields["postdate"]));
			$t->set_var("MESSAGE_BODY", bbcode($vue->fields["message"]));
			$t->set_var("FORM_LINK", "auth.php");
			$t->parse("VIEW_MESSAGE", "message");
		}
	}
	
	// check for messages
	$sql = "SELECT * FROM " . $dbprefix . "messages WHERE toid = " . dbSecure(intval($_SESSION["userid"])) . " ORDER BY postdate DESC LIMIT 0, 1000";
	$mes = $db->execute($sql);
	
	$t->set_file("messagerow", "auth_cp_messages_row");
	$allids = "";
	
	if ($mes->rows > 0){ do {
		if ($mes->fields["hasread"] == 0){
			$t->set_var("MESSAGE_FONT", "bold");
		} else {
			$t->set_var("MESSAGE_FONT", "normal");
		}
		
		$t->set_var("MESSAGE_ID", $mes->fields["messageid"]);
		$t->set_var("MESSAGE_TITLE", $mes->fields["title"]);
		$t->set_var("MESSAGE_DATE", date($config["dateformat"], $mes->fields["postdate"]));
		$t->set_var("MESSAGE_FROM", fetchsender($mes->fields["fromid"]));
		$t->set_var("MESSAGE_LINK", "auth.php?messageid=" . $mes->fields["messageid"]);
		$t->parse("MESSAGEROWS", "messagerow", true);
		$allids .= $mes->fields["messageid"] . ",";
	} while ($mes->loop()); }
	
	// work out all message ids
	$allids = substr($allids, 0, -1);
	$t->set_var("MESSAGES_ALLIDS", $allids);
	
	if ($mes->rows > 0){
		$t->set_file("messages", "auth_cp_messages");
	} else {
		$t->set_file("messages", "auth_cp_messages_none");
	}
	
	$t->set_var("FORM_LINK", "auth.php");
	$t->parse("MY_MESSAGES", "messages");
	
	$t->set_var("USERNAME", $_SESSION["username"]);
	$t->set_var("LINK_PROFILE", "auth.php?page=profile");
	$t->set_var("LINK_SIGNOUT", "auth.php?do=signout");
	$t->set_var("LINK_MYIMAGES", "search.php?order=date&amp;user=" . $_SESSION["username"]);
	$t->set_file("page_content", "auth_cp");
	
} elseif ($_GET["page"] == "recover"){
	$t->set_var("DEFAULT_EMAIL", htmlspecialchars(un($_POST["email"])));
	$t->set_file("page_content", "auth_recover");

} else {
	if ($config["enableregistrations"] == "true"){
		$t->set_var("REGISTER_LINK", '<a href="auth.php?page=register">Register</a>');
	}
	
	if ($_POST["username"] <> ""){
		$t->set_var("DEFAULT_FROM", un($_POST["from"]));
	} else {
		$t->set_var("DEFAULT_FROM", $_GET["from"]);
	}
	
	$t->set_var("RECOVER_LINK", "auth.php?page=recover");
	$t->set_var("FORM_LINK", "auth.php");
	$t->set_var("DEFAULT_USERNAME", htmlspecialchars(un($_POST["username"])));
	$t->set_file("page_content", "auth_signin");
}

// parse in error message?
if ($errormsg <> ""){
	$t->set_file("noticebox", "errorbox");
	$t->set_var("MESSAGE", $errormsg);
	$t->parse("ERRORMSG", "noticebox");
}

// parse it in
$t->parse("page_all", "page_content", true);

include("includes/page_footer.php");
?>
Web-based Email Marketing Software for sending email newsletters
Return current item: Particle Gallery