AEGEE-Europe statutory events application tool

. */ function echoln($t, $debugmsg=false, $layout=false) { global $setup; if( DEBUG ) { echo $t; if( !$layout ) echo "\n"; }else { echo rtrim(ltrim($t), "\n\r\0\x0B"); } } function debug($msg) { global $setup; if( DEBUG ) { echo "\n

$msg

\n"; } } function debug_array($name, $array) { global $setup; if( DEBUG ) { debug($name.":
".nl2br(strtr(print_r($array, true), array(" " => " ")))); } } function page_header($nohtml=false, $extraHeader=NULL) { global $setup, $ldap, $LDAPTRANS; // Check login if( $setup['AuthSystem']=="" ) { $setup['AuthSystem'] = "None"; } $authClass = "Auth".$setup['AuthSystem']; require_once("./include/".$authClass.".php"); $ldap = new $authClass(); if( isset($_GET['logout']) ) { //Do logout $layout=$_SESSION['layout']; $_SESSION=array(); $_SESSION['layout']=$layout; if( substr($_SERVER['PHP_SELF'], -9)=="apply.php" OR substr($_SERVER['PHP_SELF'], -9)=="board.php" ) { header("location: index.php"); exit(); } } if( $setup['AuthSystem']!="None" && isset($_POST['login']) ) { // Check login if( $ldap->auth(stripslashes($_POST['username']), stripslashes($_POST['password'])) ) { // Ok session_regenerate_id(true); $_SESSION['sess_uid'] = -10; $_SESSION['sess_name'] = stripslashes($_POST['username']); $_SESSION['sess_groups'] = $ldap->getBoardGroups(); $_SESSION['access_user'] = true; $search = array_keys($LDAPTRANS); if( $res = $ldap->getData($search) ) { for( $i=0; $i0 ) { $_SESSION['user_FirstName'] = substr($_SESSION['sess_name'], 0, $h); $_SESSION['user_LastName'] = substr($_SESSION['sess_name'], $h+1); }else { dolog("login", "Aarrgg, there is even not a space in username for '".$_SESSION['sess_name']."', leaving LastName empty.", "error"); $_SESSION['user_FirstName'] = $_SESSION['sess_name']; } } // Do some repairs if( isset($_SESSION['user_Phone']) && substr($_SESSION['user_Phone'], 0, 1)=="+" ) $_SESSION['user_Phone'] = substr($_SESSION['user_Phone'], 1); if( isset($_SESSION['user_Mobile']) && substr($_SESSION['user_Mobile'], 0, 1)=="+" ) $_SESSION['user_Mobile'] = substr($_SESSION['user_Mobile'], 1); if( isset($_SESSION['user_Fax']) && substr($_SESSION['user_Fax'], 0, 1)=="+" ) $_SESSION['user_Fax'] = substr($_SESSION['user_Fax'], 1); if( isset($_SESSION['user_CountryCode']) && strlen($_SESSION['user_CountryCode'])>0 ) { $query="SELECT `Code` FROM `CountryCodes` WHERE `ISO_2`='".addslashes($_SESSION['user_CountryCode'])."' OR `ISO_3`='".addslashes($_SESSION['user_CountryCode'])."' OR `Postal`='".addslashes($_SESSION['user_CountryCode'])."'"; if( @mysql_num_rows( $res=doquery($query) )==1 ) { $row = mysql_fetch_array($res); $_SESSION['user_CountryCode'] = $row['Code']; }else { unset($_SESSION['user_CountryCode']); } } }else { layout("login", $ldap); exit(); } } if( isset($_GET['login']) AND !($_SESSION['sess_uid']!=0) ) { //Show login page and exit ssl_redirect(); layout("login", $ldap); exit(); } if( !$nohtml ) { layout("top", $ldap, $extraHeader); layout_menu("Home"); layout_menu("Chair news"); layout_menu("Latest Agora"); layout_menu("Latest EPM"); layout_menu("About"); layout("account-top", $ldap); if( isset($_SESSION['sess_uid']) && $_SESSION['sess_uid']!=0 && $setup['AuthSystem']!="None" ) { layout("account-loggedin", $ldap); }else { layout("account-anonymous", $ldap); if( $setup['AuthSystem']!="None" ) { echoln("
login"); } } layout("account-bottom", $ldap); layout("page-top", $ldap); echoln(" Home > "); #echoln("Office > "); echoln("Statutory"); } } function page_footer($nohtml=false) { global $ldap; if( !$nohtml ) { layout("page-bottom", $ldap); layout("bottom", $ldap); } $ldap->__destruct(); } function layout($part, $ldap=null, $extraHeader=NULL) { $parts=array(); $parts[]="login"; $parts[]="top"; $parts[]="menu-top"; $parts[]="menu-bottom"; $parts[]="account-top"; $parts[]="account-anonymous"; $parts[]="account-loggedin"; $parts[]="account-bottom"; $parts[]="page-top"; $parts[]="page-bottom"; $parts[]="bottom"; $parts[]="all"; if( in_array($part, $parts) ) { if( $part=="top" ) header("Content-Type: text/html; charset=UTF-8"); if( $fd=@fopen($FULL_PATH."layout/".$_SESSION['layout']."/".$part.".html", "r") ) { $search=array(); $replace=array(); $search[]="%PHP_SELF%"; $replace[]=$_SERVER['PHP_SELF']; $search[]="%USERNAME%"; $replace[]=(isset($_SESSION['sess_name'])?$_SESSION['sess_name']:""); $search[]="%RAWENCODEUSERNAME%"; $replace[]=(isset($_SESSION['sess_name'])?rawurlencode($_SESSION['sess_name']):""); $search[]="%LAYOUTDIR%"; $replace[]="./layout/".$_SESSION['layout']."/"; $search[]="%QUERY_STRING%"; $replace[]=preg_replace("/logout/", "", $_SERVER['QUERY_STRING']); if( $ldap==null ) { $search[] = "%AUTH_SYSTEM_NAME%"; $replace[] = "aegee.org"; $search[] = "%AUTH_REGISTRATION_URL%"; $replace[] = "http://www.aegee.org/"; }else { $search[] = "%AUTH_SYSTEM_NAME%"; $replace[] = $ldap->getSystemName(); $search[] = "%AUTH_REGISTRATION_URL%"; $replace[] = $ldap->getRegistrationUrl(); } if( $extraHeader == NULL ) { $search[] = "%EXTRAHEADER%"; $replace[] = ""; }else { $search[] = "%EXTRAHEADER%"; $replace[] = $extraHeader; } while( !feof($fd) ) { echoln( str_replace($search, $replace, fgets($fd, 4096)), false, true ); } fclose ($fd); } }else { // Not valid } } function layout_img($img) { $imgs=array(); $imgs[]="previous.gif"; $imgs[]="next.gif"; $imgs[]="list.gif"; if( in_array($img, $imgs) ) { return "./layout/".$_SESSION['layout']."/image/".$img; }else { // Not valid return ""; } } function layout_menu($item) { layout("menu-top"); echoln("\t\t\t\t\t\t\t\t\t\t".$item); layout("menu-bottom"); } /* admin_header($empty=false) * Show the page header * @param: empty: when true, do not output anything if login is ok (useful for downloads or images) * @return: - */ function admin_header($nomenu=false, $nohtml=false) { global $ldap, $LDAPTRANS, $setup; ssl_redirect(); // always switch to https // Check login $ldap = new AegeeOrg_Account("ldap://karl.aegee.RWTH-Aachen.DE", "o=AEGEE, c=FR"); if( isset($_GET['logout']) AND $_SESSION['sess_uid']!=0 ) { //Do logout dolog("login", "'".$_SESSION['sess_name']."' logged out", "info"); $layout=$_SESSION['layout']; $_SESSION=array(); $_SESSION['layout']=$layout; } if( isset($_SESSION['privstatementagree']) && $_SESSION['privstatementagree']=="ask" ) { if( $_SERVER['REQUEST_METHOD']=="POST" AND isset($_POST['agreeprivstatement']) ) { admin_setaccess($_SESSION['privstatementagree_access']); $_SESSION['privstatementagree'] = NULL; $_SESSION['privstatementagree_access'] = NULL; dolog("login", "'".$_SESSION['sess_name']."' agreed to privacy statement", "info"); $query = "UPDATE `users` SET `privstatementagree`='yes' WHERE `uid`=".addslashes($_SESSION['sess_uid']); doquery($query); } } if( !isset($_SESSION['sess_uid']) OR $_SESSION['sess_uid']<1 ) { // Check login if( isset($_POST['username']) && isset($_POST['password']) && $ldap->Auth($_POST['username'], $_POST['password']) ) { // user/password ok, now check if user has admin access $query="SELECT `uid`, `user`, `access`, `privstatementagree` FROM `users` WHERE `user`='".addslashes($_POST['username'])."'"; if( @mysql_num_rows( $res=doquery($query) )==1 ) { // admin access granted $row = mysql_fetch_array($res); session_regenerate_id(true); $_SESSION['sess_uid'] = $row['uid']; $_SESSION['sess_name'] = $row['user']; admin_setaccess($row['access']); dolog("login", "'".$_SESSION['sess_name']."' logged in from ".get_remote_address()." (".$_SERVER["REMOTE_HOST"].")", "info"); }else { // No access to admin page layout("login"); exit(); } }else { // Wrong user/password layout("login"); exit(); } } // User logged in if( !$nohtml ) { echoln(""); echoln(""); echoln(" "); echoln(" "); echoln(" AEGEE-Europe statutory events application tool"); echoln(" "); if( $nomenu ) { echoln(" "); }else { echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln("

"); echoln("User: ".$_SESSION['sess_name']." [Logout]"); if( isset($_REQUEST['show']) ) { echoln("

Help"); }else { echoln("

Help"); } if( in_array($_SESSION['sess_access'], array("view", "edit", "jc", "localorg", "chair", "admin")) ) { // View functions echoln("

View functions:"); echoln("

Activity log *"); } echoln("

"); // Adminstrator functions echoln("

Administrator functions:"); echoln("

Users *"); } if( in_array($_SESSION['sess_access'], array("chair", "admin")) ) { echoln("
Information *"); } if( in_array($_SESSION['sess_access'], array("jc", "localorg", "chair", "admin")) ) { #echoln("
Changelog *"); } echoln("

"); } // Copyright echoln("

"); echoln("

"); } } } /* admin_footer($empty=false) * Show the page footer * @param: empty: when true, do not output anything if login is ok (useful for downloads or images) * @return: - */ function admin_footer($nomenu=false, $nohtml=false) { global $ldap; if( !$nohtml ) { if( !$nomenu ) { echoln("

"); } echoln(" "); echoln(""); } $ldap->Shutdown(); } ?>