If your account is new, it may not have been validated yet. Please check your e-mail for a validation link. If you used to be able to see this page, it probably means you pissed someone off and they took away some of your permissions. If you think you should have access to this page, please e-mail the ".sb_link(sb_url("email/send?to=&subject=Account%20Question"), "webmaster").".\n";
$newUserText = "Congratulations! \nYour account has been created. Please feel free to look around. You should receive a validation e-mail soon. To fully activate your account, you must click on the link included in it. Be sure to read the News to see what is happening and go ahead and add a new news item to introduce yourself.
";
$notesText = "Please tell us how you found out about us.";
$customGoogle = "&cof=T:000000;L:http://www.shitbag.com/images/Homebutton.jpg;BGC:FFFFFF;AH:left;AWFID:580e1015ada1f205;";
$validationMessage = "%LOGIN%,\n Your account on $domainName has been validated. E-mail sent to %LOGIN%@$domainName will now be forwarded to %EMAIL%. You also have access to the restricted areas of $domainName. Please e-mail $userAdmin if you have any questions.\n";
?>
Sorry, . You don't currently have permission to view this page.
Current user not valid.\n");
exit;
} elseif ($_SESSION['sb_curUser']->isValid()) {
$retVal = true;
} else {
sb_showLoginPage($_POST['defaultInput'],"Current user not valid. \n");
exit;
}
} else { # (!session_is_registered("sb_curUser"))
$autologgedin = false;
if ($_COOKIE["sb_autologin"]) {
$autologinparts = preg_split("/:/", $_COOKIE['sb_autologin']);
$sb_curUser = new sb_user($autologinparts[0], $autologinparts[1], $_SERVER['REMOTE_ADDR']);
setcookie("sb_autologin", "", 0,"/");
$autologgedin = true;
} else if ($_POST['action'] == "Login" || $_POST['action'] == "Continue") {
$sb_curUser = new sb_user($_POST['defaultInput'], $_POST['sb_passwd']);
} else {
sb_showLoginPage($_GET['login']);
exit;
}
if ($sb_curUser->isValid()) {
#session_destroy();
#session_start();
$uid = $sb_curUser->UID;
$_SESSION['sb_curUser'] = $sb_curUser;
session_register("sb_curUser");
if ($_POST['autologin'] == "on" || $autologgedin) {
sb_setAutoLogin("yes");
}
sb_readPrefs();
$retVal = true;
} else {
session_unregister("sb_curUser");
sb_showLoginPage($_POST['defaultInput'],"Login or password was incorrect. \n");
exit;
}
}
if ($retVal == true && $sb_curUser->passAge > sb_configGetValue("global","maxPasswordAge")) {
# $uid = $sb_curUser->UID;
# $delete = "delete from ${dbPref}userpref where userid = $uid and preference = 'autologin'";
# sb_dbQuery($delete);
sb_setAutoLogin("no");
header("Location: /site/changepassword.php?forced=1&retVal=$retVal&passAge=$sb_curUser->passAge");
}
return $retVal;
}
function sb_checkUserXPage() {
global $docRoot;
$retVal = true;
if (sb_pageCheckPerms("readable", 0)) {
$retVal = true;
} else {
$retVal = $retVal&&sb_checkUser();
$curUser = sb_getLoggedInUser();
$retVal = $retVal&&($curUser->isValid());
$retVal = $retVal&&sb_pageCheckPerms("readable", $curUser->getUID());
}
if (!$retVal) {
include("$docRoot/error/401.php");
exit;
}
return $retVal;
}
function sb_usermanGetGroupId($group) {
global $dbPref;
$retVal = false;
$groupquery = "select * "
. "from ${dbPref}user g "
. "where g.login = '$group' "
. "and g.type = 'G'"
. "";
$groupresult = sb_dbQuery($groupquery, $dbConn);
if ($row = sb_dbGetRow($groupresult)) {
$retVal = $row['userid'];
} else {
$retVal = false;
}
return $retVal;
}
function sb_checkUserXGroup($group) {
global $dbPref;
$retVal = false;
$curUser = sb_getLoggedInUser();
$userid = $curUser->getUID();
$groupquery = "select * "
. "from ${dbPref}userxgroup x "
. "left outer join ${dbPref}user g "
. "on g.userid = x.groupid "
. "where x.userid = '$userid' "
. "and g.login = '$group' "
. "and g.type = 'G' "
. "";
$groupresult = sb_dbQuery($groupquery, $dbConn);
if ($row = sb_dbGetRow($groupresult)) {
$retVal = ($row['login'] == $group);
} else {
$retVal = false;
}
return $retVal;
}
function sb_usermanShowGroupSelect($userid = 0, $dbConn = 0) {
global $dbPref;
$allGroupQuery = "select distinct login, concat(login,' (',notes,')') "
. "from ${dbPref}user "
. "where type = 'G' "
. "order by login ";
$userGroupQuery = "select login "
. "from ${dbPref}userxgroup x "
. "left outer join ${dbPref}user u "
. "on u.userid = x.groupid "
. "where x.userid = $userid ";
print("\n");
sb_dbShowGenericSelectOptions($allGroupQuery, $userGroupQuery, $dbConn);
print(" $name ";
} elseif ($useEmailForm == "LoggedIn" && sb_isUserLoggedIn()) {
$subject = ($subject == "")?"":"&subject=$subject";
$retval = "$name ";
} else {
$subject = ($subject == "")?"":"?subject=$subject";
$retval = "$name ";
}
return $retval;
}
function sb_emailLink($email, $name = "", $subject = "") {
global $_SESSION;
global $_SERVER;
global $useEmailForm;
$at = "-spam-".$_SERVER['REMOTE_ADDR']."@";
$at = "_AT_";
$email = preg_replace('/@/', $at, $email);
$name = ($name == "")?$email:$name;
if ($useEmailForm == "Always") {
$retval = "$name ";
} elseif ($useEmailForm == "LoggedIn" && sb_isUserLoggedIn()) {
$retval = "$name ";
} else {
$retval = "$name ";
}
return $retval;
}
function sb_getPref($preference) {
session_start();
global $_SESSION;
return $_SESSION['sb_prefs'][$preference];
}
function sb_readPrefs() {
session_start();
global $_SESSION;
global $dbPref;
$uid = sb_getLoggedInUID();
$select = "select * from ${dbPref}userpref where userid = $uid and hidden = 0";
$result = sb_dbQuery($select);
$expire=time()+2419200; # four weeks from now
$preferences = array();
while ($row = mysql_fetch_array($result)) {
$preferences[$row['preference']] = $row['value'];
}
$_SESSION['sb_prefs'] = $preferences;
session_register("sb_prefs");
}
function sb_savePrefs() {
session_start();
global $_SESSION;
global $dbPref;
$uid = sb_getLoggedInUID();
$preferences = $_SESSION['sb_prefs'];
$delete = "delete from ${dbPref}userpref where userid = $uid and hidden = 0";
$result = sb_dbQuery($delete);
foreach ($preferences as $preference => $value) {
$insert = "insert into ${dbPref}userpref (userid, preference, value, hidden) values ($uid, '$preference', '$value', 0)";
$result = sb_dbQuery($insert);
}
}
function sb_setAutoLogin($value){
session_start();
global $_SESSION;
global $_SERVER;
global $dbPref;
$sb_curUser = sb_getLoggedInUser();
$uid = $sb_curUser->UID;
$remoteAddr = $_SERVER['REMOTE_ADDR'];
if ($value == "no") {
setcookie("sb_autologin", $autologincookie, time()-1209600,"/");
$delete = "delete from ${dbPref}userpref where userid = $uid and preference = 'autologin' and value like('%:$remoteAddr')";
sb_dbQuery($delete);
} else if ($value == "yes") {
$autologincookie = $sb_curUser->login.":".$_SERVER['UNIQUE_ID'];
setcookie("sb_autologin", $autologincookie, time()+1209600,"/");
$autologinstring = $_SERVER['UNIQUE_ID'].":".$_SERVER['REMOTE_ADDR'];
$insert = "insert into ${dbPref}userpref (userid, preference, value) values ($uid, 'autologin', '$autologinstring')";
sb_dbQuery($insert);
} else {
return false;
}
}
function sb_printAutoLoginChoice($caption = ""){
session_start();
global $_SESSION;
global $_SERVER;
global $dbPref;
$remoteAddr = $_SERVER['REMOTE_ADDR'];
$uid = sb_getLoggedInUID();
$query = "select * "
. "from ${dbPref}userpref up "
. "where up.userid = '$uid' "
. "and up.preference = 'autologin' "
. "and up.value like('%:$remoteAddr') "
. "";
$result = sb_dbQuery($query, $dbConn);
if ($row = mysql_fetch_array($result)) {
$yesselected = " selected";
} else {
$noselected = " selected";
}
print("$caption\n");
print("Yes \n");
print("No \n");
print(' ');
}
function sb_usermanPrintPrefChoice($preference, $default = "") {
session_start();
global $_SESSION;
global $_SERVER;
$uid = sb_getLoggedInUID();
sb_usermanPrintUserPrefChoice($uid, $preference, $default);
}
function sb_usermanPrintUserPrefChoice($userid, $preference, $default = "") {
global $dbPref;
$query = "select * "
. "from ${dbPref}userpref up "
. "where up.userid = '$userid' "
. "and up.preference = '$preference' "
. "and up.hidden = 0 "
. "";
$result = sb_dbQuery($query, $dbConn);
if ($row = mysql_fetch_array($result)) {
$yesselected = ($row['value'] == "yes")?" selected":"";
$noselected = "";
} else {
$yesselected = ($default == "yes")?" selected":"";
$noselected = ($default == "no")?" selected":"";
}
print("\n");
print("No \n");
print("Yes \n");
print(' ');
}
function sb_usermanSetPref($preference, $value, $valuematch = "") {
session_start();
global $_SESSION;
global $_SERVER;
$sb_curUser = sb_getLoggedInUser();
$uid = $sb_curUser->UID;
return sb_usermanSetUserPref($uid, $preference, $value, $valuematch);
}
function sb_usermanSetUserPref($userid, $preference, $value, $valuematch = "") {
global $dbPref;
$morewhere = ($valuematch != "")?" and value like('$valuematch')":"";
$delete = "delete from ${dbPref}userpref "
. "where userid = $userid "
. "and preference = '$preference' "
. "and hidden = 0" . $morewhere;
$insert = "insert into ${dbPref}userpref (userid, preference, value, hidden) "
. "values ($userid, '$preference', '$value', 0)";
$rc = sb_dbQuery($delete);
if ($value != "clear") {
$rc = sb_dbQuery($insert);
}
return $rc;
}
function sb_usermanDeleteUser($userid) {
global $dbPref;
$myinfo = "delete from ${dbPref}userpref "
. "where userid = $userid";
$result = sb_dbQuery($myinfo, $dbConn);
$myinfo = "delete from ${dbPref}pagexuser "
. "where userid = $userid";
$result = sb_dbQuery($myinfo, $dbConn);
$myinfo = "delete from ${dbPref}userxgroup "
. "where userid = $userid";
$result = sb_dbQuery($myinfo, $dbConn);
$myinfo = "delete from ${dbPref}user "
. "where userid = $userid";
$result = sb_dbQuery($myinfo, $dbConn);
}
function sb_usermanDeletePerson($personid) {
global $dbPref;
$myinfo = "select * from ${dbPref}person p "
. "where personid = $personid";
$result = sb_dbQuery($myinfo, $dbConn);
if ($row = mysql_fetch_array($result)) {
$myinfo = "delete from ${dbPref}image "
. "where imageid in ('".$row["imageid"]."')";
$result = sb_dbQuery($myinfo, $dbConn);
$myinfo = "delete from ${dbPref}phone "
. "where phoneid in ('".$row["phoneid"]."')";
$result = sb_dbQuery($myinfo, $dbConn);
$myinfo = "delete from ${dbPref}address "
. "where addressid in ('".$row["addressid"]."')";
$result = sb_dbQuery($myinfo, $dbConn);
$myinfo = "delete from ${dbPref}personxclub "
. "where personid = $personid";
$result = sb_dbQuery($myinfo, $dbConn);
$myinfo = "update ${dbPref}club "
. "set clubrepid = 0 "
. "where clubrepid = $personid";
$result = sb_dbQuery($myinfo, $dbConn);
$myinfo = "select * from ${dbPref}user u "
. "where personid = $personid";
$result = sb_dbQuery($myinfo, $dbConn);
if ($userrow = mysql_fetch_array($result)) {
sb_usermanDeleteUser($userrow["userid"]);
}
$myinfo = "delete from ${dbPref}person "
. "where personid = $personid";
sb_dbQuery($myinfo, $dbConn);
}
}
function sb_usermanCreatePerson($fname, $mname, $lname, $email, $idnumber = "", $phone = "", $pnotes = "", $birthday = "") {
global $dbPref;
$phoneid = "0";
if ($phone != "") {
$insert = "insert into ${dbPref}phone "
. "(description, number, visible) "
. "values ('Phone', '$phone', 1) ";
sb_dbQuery($insert);
$phoneid = sb_dbGetInsertID();
}
if ($birthday != "") {
$birthday = strftime("%Y-%m-%d", strtotime($birthday));
}
$insert = "insert into ${dbPref}person "
. "(fname, mname, lname, email, phoneid, notes, birthday";
$insert .= ($idnumber == "")?"":", idnumber";
$insert .= ") values ('$fname', '$mname', '$lname', '$email', '$phoneid', '$pnotes', '$birthday'";
$insert .= ($idnumber == "")?"":", '$idnumber'";
$insert .= ") ";
sb_dbQuery($insert);
$personid = sb_dbGetInsertID();
return $personid;
}
function sb_usermanResetPassword($login, $email, $reason, $who = "") {
global $_SERVER, $dbPref, $domainName;
$dbConn = sb_dbGetConn();
$select = "select userid, login, u.notes as unotes "
. "from ${dbPref}user u "
. "left outer join ${dbPref}person p on p.personid = u.personid "
. "where login = '$login' and p.email = '$email'";
$result = sb_dbQuery($select, $dbConn);
if ($row = mysql_fetch_array($result)) {
$who = ($who == "")?$row["login"]:$who;
$timestamp = date("Ymd H:i");
$newnotes = $row['unotes'];
$newnotes .= "\n$timestamp - $who - Password Reset: $reason";
$password = sb_crypt(uniqid(rand()),$login);
$userid = $row["userid"];
$update = "update ${dbPref}user set notes = '$newnotes', password = '" . sb_crypt($password) . "', last_pass_change = 0 where userid = $userid";
$rc = sb_dbQuery($update, $dbConn);
$subject = "$domainName password request";
$headers = "From: ${_SERVER['SERVER_ADMIN']}\n"
. "Reply-To: ${_SERVER['SERVER_ADMIN']}\n"
. "X-Mailer: PHP/" . phpversion() . "\n";
$headers .= ($bccWebmaster == 1)?"bcc: ${_SERVER['SERVER_ADMIN']}\n":"";
if ($rc) {
$message = "Here is your new password for $domainName: $password\n"
. "Please change it as soon as you log in.\n"
. "If you have any problems, please e-mail the "
. "webmaster: ${_SERVER['SERVER_ADMIN']}\n\n"
. "Password reset reason:\n$reason";
$rc = 0;
} else {
$message = "There was a failed attempt to chane your password for $domainName\n"
. "If you did not ask for your password to be reset, this is probably nothing to worry about."
. "If you did ask for your password to be reset, please forward this e-mail to the "
. "webmaster: ${_SERVER['SERVER_ADMIN']}\n\n"
. "Password reset reason:\n$reason\n"
. "Password reset error:\n".sb_dbError($dbConn)."\n";
$rc = -2;
}
mail($email, $subject, $message, $headers);
} else {
$rc = -1;
}
return $rc;
}
function sb_usermanChangePassword($login, $password, $personid, $unotes = "") {
global $_SERVER, $dbPref;
$dbConn = sb_dbGetConn();
$select = "select * "
. "from ${dbPref}user u "
. "left outer join ${dbPref}person p on p.personid = u.personid "
. "where login = '$login' and p.email = '$email'";
$result = sb_dbQuery($select, $dbConn);
if ($row = mysql_fetch_array($result)) {
$password = sb_crypt(uniqid(rand()),$login);
$subject = "$domainName password request";
$message = "Here is your new password for $domainName: $password\n"
. "Please change it as soon as you log in.\n"
. "If you have any problems, please e-mail the "
. "webmaster: ${_SERVER['SERVER_ADMIN']}\n\n";
$headers = "From: ${_SERVER['SERVER_ADMIN']}\n"
. "Reply-To: ${_SERVER['SERVER_ADMIN']}\n"
. "X-Mailer: PHP/" . phpversion() . "\n";
$headers .= ($bccWebmaster == 1)?"bcc: ${_SERVER['SERVER_ADMIN']}\n":"";
mail($email, $subject, $message, $headers);
$userid = $row["userid"];
$update = "update ${dbPref}user set password = '" . sb_crypt($password) . "', last_pass_change = 0 where userid = $userid";
# should use sb_useradminResetPassword($login, $password);
# or maybe just ($login) and have it take care of generating password
# and e-mail, etc.
sb_dbQuery($update, $dbConn);
}
}
function sb_usermanCreateUser($login, $password, $personid, $unotes = "", $expire = 0) {
global $dbPref;
$password = sb_crypt($password);
$key = uniqid(rand());
$last_pass_change = ($expire)?"0":"now()";
$insert = "insert into ${dbPref}user "
. "(personid, secretkey, login, password, notes, type, last_pass_change) "
. "values ('$personid', '$key', '$login', '$password', '$unotes', 'U', $last_pass_change) ";
sb_dbQuery($insert);
$userid = sb_dbGetInsertID();
return $userid;
}
function sb_usermanSetUserGroups($userid, $grouparray) {
global $dbPref;
if (is_array($grouparray)) {
$groups = "'".join("', '", $grouparray)."'";
$select = "select userid as groupid "
. "from ${dbPref}user "
. "where type = 'G' "
. "and login in ($groups)";
$result = sb_dbQuery($select);
while($row = sb_dbGetRow($result)) {
$groupid = $row['groupid'];
$insert = "insert into ${dbPref}userxgroup (userid, groupid)"
. " values ('$userid', '$groupid')";
$rc = sb_dbQuery($insert);
}
}
}
function sb_usermanCheckForLogin($login) {
global $dbPref;
$select = "select * from ${dbPref}user "
. "where login = '$login'";
$result = sb_dbQuery($select);
if ($row = sb_dbGetRow($result)) {
return 1;
} else {
return 0;
}
}
function sb_usermanGetUserInfo($userid) {
global $dbPref;
$select = "select login, fname, mname, lname, p.email as email, secretkey, "
. "u.notes as unotes, p.notes as pnotes, p.imageid as imageid "
. "from ${dbPref}user u "
. "left outer join ${dbPref}person p "
. "on u.personid = p.personid "
. "where userid = '$userid'";
$result = sb_dbQuery($select);
if ($row = sb_dbGetRow($result)) {
$row['imageurl'] = "/people/show_image.php?imageid=${row['imageid']}";
return $row;
} else {
return array();
}
}
function sb_usermanValidateUser($login, $key) {
global $dbPref;
$options = sb_configGetSection("global");
$validateForward = $options['validateForward'];
$validateGroup = $options['validateGroup'];
$validateNews = $options['validateNews'];
$curUser = sb_getLoggedInUser();
$userid = $curUser->getUID();
if ($validateForward) {
$forwardquery = "insert into ${dbPref}userxgroup "
. "values ($userid, $userid)";
sb_dbQuery($forwardquery);
}
if ($validateGroup) {
$update = "update ${dbPref}user "
. "set emailEnable = 1 "
. "where login = '$login' "
. "and secretkey = '$key' ";
sb_dbQuery($update);
}
if ($validateNews) {
$rc = sb_usermanSetPref('newnewsnotify', 'yes');
}
}
function sb_usermanSendValidationEmail($userid, $extraText = "") {
$options = sb_configGetSection("global");
$emailWebmaster = $options['emailWebmaster'];
$emailValidate = $options['emailValidate'];
$domainName = $options['domainName'];
$serverName = ($options['serverName'] != "")?$options['serverName']:$domainName;
$userAdmin = ($options['userAdmin'] != "")?$options['userAdmin']:"useradmin@$domainName";
$userinfo = sb_usermanGetUserInfo($userid);
extract($userinfo);
$subject = "$domainName new user account";
$message = "A new user account on $domainName has been created using this email address.\n\n"
. "Login: $login\n"
. "Name: $fname $mname $lname\n"
. "E-mail: $email\n"
. "Notes: $notes\n\n";
if ($emailValidate == 1) {
$message .= "If this is you, please go to http://$serverName".sb_url("site/newuser.php?validateUser=$login&superSecretKey=$secretkey")." to validate. You will be required to re-login to take advantage of your new permissions.\n\n"
. "If this is not you, please go to http://$serverName".sb_url("site/newuser.php?removeUser=$login&superSecretKey=$secretkey")." to remove the account and stop future mailings.\n\n";
}
$message .= $extraText;
sb_mailSend($subject, $message, $email, $userAdmin);
if ($emailWebmaster == 1) {
$subject = "$domainName new user";
$message = "A new user account has been created.\n"
. "Login: $login\n"
. "Name: $fname $mname $lname\n"
. "E-mail: $email\n"
. "Notes: $notes\n"
. "Please go to http://$serverName".sb_url("admin/user.php?validateUser=$login")." to validate this user.\n";
sb_mailSend($subject, $message, $userAdmin, $userAdmin);
}
print($newUserText);
}
?>