3
require('reprofunctions.php');
4
dbgSquirt("============= userhome ===============");
7
/* There is a bug here ... if a user has authenticated successfully (and hence
8
the cookies for username and passwordMD5 are set) and then they use BACK
9
to go back to the login page, enter some values for username and
10
password, and click login, then what they just typed will be ignored,
11
and they will remain logged in under their original credentials. */
13
// this variable controls whether the user is forced back to the main page to
14
// login. For safety, the default value is to force you back.
19
if (!checkCookies($forceLogin,$error,TRUE)) {
20
// we got an error back that occurred while checkCookies was being run
21
dbgSquirt('Error from checkCookies');
22
header("Location: http://" . $_SERVER['HTTP_HOST'] .
23
dirname($_SERVER['PHP_SELF']) . "/index.php?error=$error");
27
// if the cookie's didn't pass authentication, or if the cookie's passed BUT
28
// we've received new values for POST that don't match on username (they did
29
// a BACK to the login page w/o a logout and then did a new login), then
30
// try to authenticate via the POSTED values been supplied.
31
if (isset($_POST['username']) && ($_POST['username'] != $_COOKIE['user']))
35
dbgSquirt('forceLogin is still true... checking post variables');
36
if (isset($_POST['username']) || isset($_POST['password'])) {
37
// we have one or more post variables
38
dbgSquirt('Post variables are set');
39
if (empty($_POST['username']) || empty($_POST['password'])) {
40
// can't have empty values for username or password
41
dbgSquirt('...but one is empty');
42
$error = "Authentication error -- you must enter a username and password.";
44
// we have non-empty values for username and password from POST so
46
dbgSquirt('...both are non-empty [good]');
47
$username = $_POST['username'];
48
$password = $_POST['password'];
49
$encryptedPassword = createPassword($username,$password);
51
$state = validateUser($username,$encryptedPassword);
53
dbgSquirt('Not a valid user');
54
$error = "Authentication error -- Invalid username/password combination.";
55
} else if ("A" == $state) {
56
// active account and username/password match
57
dbgSquirt('Active account matched.');
59
// if we haven't already looked up the salt, do so now
62
dbgSquirt('Getting salt');
63
$result = getSalt($salt); }
65
if (FALSE == $result) {
66
// uh-oh ... we got an error getting the salt
67
dbgSquirt('Error in getSalt');
68
$error = "Internal error -- failure while processing login. Please contact an administrator.";
70
dbgSquirt('Extending cookies');
71
dbgSquirt("Time -- $time");
72
dbgSquirt("Time + Duration -- ". ($time+$sessionDuration));
73
$result = setcookie("user",$username,$time+$sessionDuration);
74
$result1 = setcookie("authentication",sha1($username . $salt),
75
$time+$sessionDuration);
77
if ((TRUE == $result) && (TRUE == $result1)) {
79
dbgSquirt('Everything worked.');
82
dbgSquirt('Error while creating cookies');
83
$error = "Internal error -- problem while creating cookies. Please contact an administrator.";
86
} else if ("U" == $state) {
88
dbgSquirt('Unverified Account');
89
$error="This account has not been verified. Please check for the verification email you were sent as part of the signup process.";
90
} else if ("D" == $state) {
92
dbgSquirt('Disabled Account');
93
$error = "This account has been disabled.";
95
// should not happen ... checked return value from validateUser
96
dbgSquirt('Unknown return code from validateUser');
97
$error = "Internal Error -- error validating username/password. Please try again. This this error reoccurs, please contact an administrator.";
101
// no post variables supplied
102
dbgSquirt('No post variables');
103
$error = "Authentication error -- you must enter a username and password.";
106
// forceLogin was FALSE ... that means the cookie's were valid
107
// so get username from the cookie
108
$username = $_COOKIE['user'];
111
// after checking cookies and post variables, if a login is still needed, then
113
dbgSquirt("After post check -- forceLogin = $forceLogin");
115
header("Location: http://" . $_SERVER['HTTP_HOST'] .
116
dirname($_SERVER['PHP_SELF']) .
117
"/index.php?error=$error");
122
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
127
Purpose: User Home Page. This displays the users personal information and
128
allows changes to be made.
134
<link rel="stylesheet" type="text/css" href="repro_style.css" />
139
<h1 class="title">Repro</h1>
141
<h1>User Home Page</h1>
145
// if we've looped back due to an error, show the message
146
if (isset($_GET["error"]) && !empty($_GET['error'])) {
147
echo '<p class="error">' . $_GET["error"] . "</p>\n";
149
if (!lookupUserInformation($username,$id,$fullname,$domain,$email)) {
150
echo "<h2>Error -- Error while accessing account information</h2>\n";
151
echo "<p>Please contact your administrator for assistance.</p>\n";
154
<!-- show basic user information with the user -->
155
<table border="0" cellpadding="5">
158
<td><h2><?php echo $username ?></h2></td>
163
<td><?php echo $fullname ?></td>
164
<td><a href="changefullname.php">Change Fullname</a></td>
170
<td><a href="changepassword.php">Change Password</a></td>
175
<td><?php echo $email ?></td>
176
<td><a href="changeemail.php">Change Email</a></td>
181
<td><?php echo $domain ?></td>
185
<!-- now show the resources associated with the user -->
188
<th class="header">Address</th><th class="header">Forward</th>
189
<th class="header">Voicemail</th><th class="header">Edit</th><th class="header">Delete</th>
192
$result = getResourcesByUsername($username,$resources);
193
// print "<br />Final Result --";
194
// print_r($resources);
195
foreach ($resources as $r) {
202
$forwardType = $r[2];
207
echo '<form method="post" action="modifyresource.php">'."\n";
208
echo "<td>$aor</td>\n";
209
if ("Y" == $forwardType)
210
echo "<td>$forward</td>\n";
212
echo "<td> </td>\n";
213
echo "<td>$voicemail</td>\n";
215
echo '<td><input type="submit" name="edit" id="edit" value="Edit"/></td>'."\n";
216
echo '<td><input type="submit" name="delete" id="delete" value="Delete"/></td>'."\n";
217
echo '<input type="hidden" name="resourceId" id="resourceId" value="' . $id .'" />'."\n";
218
echo '<input type="hidden" name="aor" id="aor" value="' . $aor .'" />'."\n";
219
echo '<input type="hidden" name="forwardType" id="forwardType" value="' . $forwardType .'" />'."\n";
220
echo '<input type="hidden" name="forward" id="forward" value="' . $forward .'" />'."\n";
221
echo '<input type="hidden" name="voicemail" id="voicemail" value="' . $voicemail .'" />'."\n";
227
<form method="post" action="addresource.php">
228
<input type="submit" name="addResource" id="addResource" value="Add Resource" />
233
<br /><hr /><a href="logout.php">Logout</a>