Location: PHPKode > scripts > ScreamingToDos > std-0.9/login.php
<?PHP
php_track_vars;
require "config.inc.php";
require "functions.php";
$STDversion = "0.9";

checkDefaults();

if ($auth) {
 if ($stdCookie) {
  $userdata = explode(":", $stdCookie);
  $r = qDB("SELECT username,password,usergroup FROM $usertable WHERE username=\"$userdata[0]\"");
  $d = mysql_fetch_array($r);
  $currentuser = $d[0];
  $currentgroup = $d[2];
  if ($userdata[1] != $d[1]) {
   setcookie("stdCookie","");
   showLogin("Invalid username or password!"); exit;
  } else {
   getvars($currentuser);
   if ($stdRememberMe) {
    setcookie ("stdCookie", $currentuser.":".$userdata[1], time()+15768000);
    setcookie ("stdRememberMe", $currentuser, time()+15768000);  
   }
  }
 } else if ($fromlogin) {
  $q = "SELECT username,password,usergroup FROM $usertable WHERE username=\"$currentuser\"";
  $r = qDB($q);
  $d = mysql_fetch_array($r);
  if ($d[0] == "") { showLogin("Invalid username or password!"); exit;}
  if (md5($password) != $d[1]) {
   showLogin("Invalid username or password!"); exit;
  } else {
   $currentuser = $d[0];
   $currentgroup = $d[2];
   if ($stdRememberMe) {
    setcookie ("stdCookie", $currentuser.":".md5($password), time()+15768000);
    setcookie ("stdRememberMe", $currentuser, time()+15768000); 
   } else {
    setcookie ("stdCookie",$currentuser.":".md5($password));
   }
   getvars($currentuser);
  }
 } elseif (!($fromSignup)) { showLogin(""); exit; } 
   else { $currentuser = $adminuser; }
} else { $currentuser = $adminuser; $currentgroup="admin"; getvars($adminuser); }

if (eregi("login\.[a-z]{1,4}$",$PHP_SELF)) { Header("Location:index.php"); }

$r = qDB("UPDATE $usertable SET last_logged_in=now() WHERE username=\"$currentuser\"");

if ($upshclosed) {
// *
 if ($upshclosed == "yes") { $q = "UPDATE $categorytable SET closed_show='1' WHERE owner=\"$currentuser\" AND id=\"$category\""; }
 elseif ($upshclosed == "no") { $q = "UPDATE $categorytable SET closed_show='0' WHERE owner=\"$currentuser\" AND id=\"$category\"";}
 $writedata = "index.php";
} elseif ($upshopen) {
// *
 if ($upshopen == "yes") { $q = "UPDATE $categorytable SET open_show='1' WHERE owner=\"$currentuser\" AND id=\"$category\""; }
 elseif ($upshopen == "no") { $q = "UPDATE $categorytable SET open_show='0' WHERE owner=\"$currentuser\" AND id=\"$category\""; }
 $writedata = "index.php";
} elseif ($open_sortby) {
// *
 $r = qDB("SELECT open_sortby FROM $categorytable WHERE owner=\"$currentuser\" and id=\"$category\"");
 $d = mysql_fetch_array($r);
 $old_osortorder = $d[0];
 if ($old_osortorder == $open_sortby) { $open_sortby = $open_sortby." DESC"; }
 $q = "UPDATE $categorytable SET open_sortby=\"$open_sortby\" WHERE owner=\"$currentuser\" AND ID=\"$category\"";
 $writedata = "index.php";
} elseif ($open_show_comments) {
// *
 if ($open_show_comments == "no") { $open_show_comments = '0'; } else { $open_show_comments = '1'; }
 $q = "UPDATE $categorytable SET open_show_comments=\"$open_show_comments\" WHERE owner=\"$currentuser\" AND id=\"$category\"";
 $writedata = "index.php";
} elseif ($closed_show_comments) {
// *
 if ($closed_show_comments == "no") { $closed_show_comments = '0'; } else { $closed_show_comments = '1'; }
 $q = "UPDATE $categorytable SET closed_show_comments=\"$closed_show_comments\" WHERE owner=\"$currentuser\" AND id=\"$category\"";
 $writedata = "index.php";
} elseif ($closed_sortby) {
// *
 $r = qDB("SELECT closed_sortby FROM $categorytable WHERE owner=\"$currentuser\" AND id=\"$category\"");
 $d = mysql_fetch_array($r);
 $old_csortorder = $d[0];
 if ($old_csortorder == $closed_sortby) { $closed_sortby = $closed_sortby." DESC"; }
 $q = "UPDATE $categorytable SET closed_sortby=\"$closed_sortby\" WHERE owner=\"$currentuser\" AND id=\"$category\"";
 $writedata = "index.php";
} elseif ($updatenum) {
// *
 $d = mysql_fetch_array(qDB("SELECT closed,owner FROM $todotable WHERE id=$updatenum"));
 if ($currentuser != $d["owner"]) { header("Location: index.php"); }
 if ((!($d["closed"])) && ($closed)) {
  $r = qDB("UPDATE $todotable SET closed_date=now() WHERE id=$updatenum");
 }
 $task = str_replace("\"","'",$task);
 if ($auto_open_category) {
  if ($closed) { $open_closed_text = "closed"; } else { $open_closed_text = "open"; }
  $r = qDB("UPDATE $categorytable SET ".$open_closed_text."_show='1' WHERE id=$category");
 }
 if ($owner != $currentuser) {
  $r = qDB("SELECT id FROM $categorytable WHERE category=\"$UncategorizedTasks\" AND owner=\"$owner\"");
  if (mysql_num_rows($r) == 0) {
   $q = "INSERT INTO $categorytable (category, open_sortby, closed_sortby, owner)";
   $q .= " VALUES ('$UncategorizedTasks', 'priority', 'priority', '$owner')";
   $r = qDB($q);
  }
  $r = qDB("SELECT id FROM $categorytable WHERE category=\"$UncategorizedTasks\" AND owner=\"$owner\"");
  $d= mysql_fetch_array($r);
  $category = $d[0];
 }
 if (($year == "") || ($mon == "") || ($day == "")) { $due_date_string = ""; }
 else { $due_date_string = "$year-$mon-$day"; }

 $q = "UPDATE $todotable SET priority=\"$priority\",owner=\"$owner\",task=\"$task\",due_date=\"$due_date_string\",";
 $q .= " categoryid=$category, closed=\"$closed\" WHERE id=$updatenum";
 $writedata = "index.php";
} elseif ($closenum) {
// *
 if ($auto_open_category) {
  $r = qDB("UPDATE $categorytable SET closed_show='1' WHERE id=$category");
 }
 $q = "UPDATE $todotable SET closed='1',closed_date=now() WHERE id=$closenum";
 $writedata = "index.php";
} elseif ($opennum) {
// *
 if ($auto_open_category) {
  $r = qDB("UPDATE $categorytable SET open_show='1' WHERE id=$category");
 }
 $q = "UPDATE $todotable SET closed='0' WHERE id=$opennum";
 $writedata = "index.php";
} elseif ($deletenum) {
 $d = mysql_fetch_array(qDB("SELECT owner FROM $todotable WHERE owner=\"$currentuser\"")); 
 if ($d["owner"] != $currentuser) { header("Location: $REQUEST_URI"); }
 $r = qDB("DELETE FROM $commentstable WHERE todoid=$deletenum");
 $r = qDB("DELETE FROM $todotable WHERE id=$deletenum");
 Header ("Location:index.php");
} elseif ($addcomment) {
// *
 if ($comment == "") {
  Header ( "Location:comments.php?id=$id");
 } else {
  $comment = str_replace("\"","'",$comment);
  $q = "INSERT INTO $commentstable (owner, comment, todoid, created_date) VALUES ('$owner','$comment','$id', now())";
  $writedata = "comments.php?id=$id";
 }
} elseif ($deletecomment) {
// *
 $q = "DELETE FROM $commentstable WHERE id=$deletecomment";
 $writedata = "comments.php?id=$id";
} elseif ($updatecomment) {
// *
 $comment = str_replace("\"","'",$comment);
 $q = "UPDATE $commentstable SET comment=\"$comment\" WHERE id=$updatecomment";
 $writedata = "comments.php?id=$id";
} elseif ($updatecomsort) {
// *
 $r = qDB("SELECT comments_sortby FROM $usertable WHERE username=\"$currentuser\"");
 $d = mysql_fetch_array($r);
 $old_comsortorder = $d[0];
 if ($old_comsortorder == $updatecomsort) { $updatecomsort = $updatecomsort." DESC"; }
 $q = "UPDATE $usertable SET comments_sortby=\"$updatecomsort\" WHERE username=\"$currentuser\"";
 $writedata = "comments.php?id=$id";
} elseif ($addtask) {
// *
 if ($task == "") {
  Header ("Location: $HTTP_REFERER");
 } else {

  if (($minutes > "") && ($hour > "") && ($ampm > "")) {
    if (strtoupper($ampm) == "PM") { $new_hour = $hour + 12; } else { $new_hour = $hour; }
    if ($new_hour == 24) { $new_hour = 0; }
    if (($month > "") && ($day > "") && ($year > "")) {
      $due_date = "$year-$month-$day $new_hour:$minutes:00";
    } else {
      $due_date = date("Y")."-".date("m")."-".date("d")." $new_hour:$minutes:00";
    }
  } elseif (($month > "") && ($day > "") && ($year > "")) {
    $due_date = "$year-$month-$day 00:00:00";
  } else {
    $due_date = "";
  }
  $task = str_replace("\"","'",$task);
  if ($auto_open_category) {
   if ($closed) { $open_closed_text = "closed_show"; } else { $open_closed_text = "open_show"; }
   $r = qDB("UPDATE $categorytable SET $open_closed_text=1 WHERE id=$category");
  }
  if ($closed) { $closedStr = "now()"; } else { $closedStr = "\"\""; }

  $q = "UPDATE $usertable SET last_todo_closed='$closed', last_todo_owner='$owner', last_todo_priority='$priority',";
  $q .= " last_todo_categoryid='$category', last_todo_month='$month', last_todo_day='$day', last_todo_year='$year',";
  $q .= " last_todo_hour='$hour', last_todo_minutes='$minutes', last_todo_ampm='$ampm' WHERE username=\"$currentuser\"";
  $r = qDB($q);

  $q = "INSERT INTO $todotable (priority, owner, task, closed, categoryid, created_date, closed_date, due_date)";
  $q .= " VALUES ('$priority', '$owner', '$task', '$closed', '$category',now(), $closedStr, '$due_date')";
  $writedata = $fromPage;
 }
} elseif ($addcat) {
// *
 $category = str_replace("\"","'",$category);
 $r = qDB("SELECT id FROM $categorytable WHERE owner=\"$owner\"");
 $categorynumrows = mysql_num_rows($r) + 1;

 $q = "INSERT INTO $categorytable (category, open_sortby, closed_sortby, owner, sort_number, created_date)";
 $q = $q." VALUES ('$category', 'priority', 'priority', '$owner', $categorynumrows, now())";
 $writedata = "category.php";
} elseif ($updatecat) {
// *
 $category = str_replace("\"","'",$category);
 $q = "UPDATE $categorytable SET owner='$owner', category='$category', sort_number='$sort_number' WHERE id='$updatecat'";
 $writedata = "category.php";
} elseif ($deletecat) {
// *
 $q = "DELETE FROM $categorytable WHERE id=$deletecat";
 $r = qDB($q);
 $q = "DELETE FROM $todotable WHERE categoryid=$deletecat";
 $r = qDB($q);
 Header ("Location:category.php");
} elseif ($updatecatsort) {
// *
 $r = qDB("SELECT category_sortby FROM $usertable WHERE username=\"$currentuser\"");
 $d = mysql_fetch_array($r);
 if ($d[0] == $updatecatsort) { $updatecatsort = $updatecatsort." DESC"; }
 $q = "UPDATE $usertable SET category_sortby=\"$updatecatsort\" WHERE username=\"$currentuser\"";
 $writedata = "category.php";
} elseif ($updatepass) {
// *
  if ($userpass != $userpass2) { Header ("Location:admin.php?error=2&edituser=$updatepass"); }
  elseif ($userpass == "") { Header ("Location:admin.php?error=4&edituser=$updatepass"); }
  else {
   $userpass = md5($userpass);
   $q = "UPDATE $usertable SET password=\"$userpass\" WHERE username=\"$updatepass\"";
   if ($currentuser == $updatepass) { setcookie("stdCookie",""); setcookie ("stdCookie",$updatepass.":".$userpass); }
   $writedata = "admin.php";
  }
} elseif ($deleteuser) {
// *
 if ($currentgroup != "admin") { Header("Location:edituser.php?edituser=$currentuser"); exit; }
 if ($currentuser == $deleteuser) { Header("Location:admin.php?error=3"); exit;}
 else {
  $r = qDB("SELECT id FROM $categorytable WHERE owner=\"$deleteuser\"");
  for ($x = 1; $x <= mysql_num_rows($r); $x++) {
   $d = mysql_fetch_array($r);
   $todoR = qDB("SELECT id FROM $todotable WHERE categoryid=$d[0]");
   $todoDeleteR = qDB("DELETE FROM $todotable WHERE categoryid=$d[0]");
   for ($y = 1; $y <= mysql_num_rows($todoR); $y++) {
    $todoD = mysql_fetch_array($todoR);
    $commentDeleteR = qDB("DELETE FROM $commentstable WHERE todoid=$todoD[0]");
   }
  }
 }
 $r = qDB("DELETE FROM $categorytable WHERE owner=\"$deleteuser\"");
 $r = qDB("DELETE FROM $usertable WHERE username=\"$deleteuser\"");
 Header ("Location:admin.php");
} elseif ($addusername) {
// *
 if ($currentgroup != "admin") { Header("Location:index.php"); }
 if ((substr_count($addusername,"\"") > 0) || (substr_count($addusername,"'") > 0) || (substr_count($addusername,":") > 0)) {
  Header("Location:admin?error=4"); exit;
 } elseif ($addusername == "") {
  Header("Location:admin?error=5"); exit;
 }
 $r = qDB("SELECT username FROM $usertable WHERE username=\"$addusername\"");
 if (mysql_num_rows($r) > 0) {
  Header ("Location:admin.php?error=1");
 } else {
  if ($newpassword != $newpassword2) { Header ("Location:admin.php?error=2"); }
  else {
   $newpassword = md5($newpassword);
   $q = "INSERT INTO $usertable (username, password, usergroup, created_date, themeid)";
   $q = $q." VALUES ('$addusername', '$newpassword', '$newusergroup', now(), $themeid)";
   $r = qDB($q);
   Header ("Location:admin.php");
  }
 }
} elseif ($updateprefs) {

 $q = "UPDATE $usertable SET start_page=\"$start_page\", usergroup=\"$usergroup\", auto_open_category=$auto_open_cat,";
 $q = $q." show_empty_categories=$show_empty_categories, themeid=$themeid WHERE username=\"$updateprefs\"";
 if ($updateprefs == $currentuser) { $writedata = "edituser.php"; }
 elseif ($currentgroup == "admin") { $writedata = "edituser.php?edituser=$updateprefs"; }

} elseif ($usersortup) {
 $r = qDB("SELECT user_sortby FROM $usertable WHERE username=\"$currentuser\"");
 $d = mysql_fetch_array($r);
 $old_usortorder = $d[0];
 if ($old_usortorder == $usersortup) { $usersortup = $usersortup." DESC"; }
 $q = "UPDATE $usertable SET user_sortby=\"$usersortup\" WHERE username=\"$currentuser\"";
 $writedata = "admin.php";
}
   
if ($writedata) {
 $r = qDB($q);
 Header ("Location:$writedata");
}

getvars($currentuser);
Return current item: ScreamingToDos