API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 5th, 2016
101
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.95 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. //check if user is already logged in
  4. //check if session_username doesnt already exist and that Log In form has been submitted
  5. if ( isset($_POST['login']) || isset($_POST['login_x']) || isset($_POST['login_y'])){
  6.  
  7. if( ( !empty( $_POST['name'] )) && ( !empty( $_POST['pass'] )) ){
  8. #trim values
  9. $username = $gag->escapeInput(trim($_POST['name']));
  10. $password = $gag->escapeInput(trim($_POST['pass']));
  11.  
  12. $user = new Authentication($db, USERS);
  13. //authenticate user
  14. if ( $user->authenticateUser($username, $password) ){
  15. //check account_status
  16. if (!$user->accountStatus($username)){
  17. $message = "This Account has either not yet been activated or was deactivated for various reasons.<br>";
  18. $message .= " or click <a href="?main/cont/login">here</a> to contact the GoAfricaGo Team if you think your account was wrongly deactivated.";
  19. $smarty->assign('accountMsg', $message);
  20. $logon_err_content = $smarty->fetch('./logon/logon.logon_err'.VEND);
  21. }
  22. else{
  23. //Register login Username
  24. $_SESSION['loginUsername'] = $username;
  25. //Register remote IP-Address
  26. $_SESSION['loginIP'] = $_SERVER['REMOTE_ADDR'];
  27. #take user to their Profile page
  28. $mvc = 'main/user/mng/profile';
  29. }
  30. }
  31. else{
  32. $message = "This username / password combination is incorrect.<br>";
  33. $message .= "Please click <a href="?main/cont/login">here</a> to try again.";
  34. $smarty->assign('authMsg', $message);
  35. $smarty->assign($_POST);
  36. $logon_err_content = $smarty->fetch('./logon/logon.logon_err'.VEND);
  37. }
  38. }
  39. else{
  40. $message = "Both your username and password are required.";
  41. $smarty->assign('loginMsg', $message);
  42. $logon_err_content = $smarty->fetch('./logon/logon.logon_err'.VEND);
  43. }
  44. }
  45. else{
  46. #get scripts exempted from session checking
  47. $handle = @fopen(APP_CFGDIR.SLESS, "r");
  48. $ereqs = array();
  49. if( $handle ) {
  50. while ( !feof($handle) ) {
  51. $ereqs[] = trim(fgets($handle));
  52. }
  53. fclose($handle);
  54. }
  55. #retrieve required page or direct to a given page
  56. if( !isset($mvc) ){
  57. $wanted = array_keys($_GET, '');
  58. if( isset($wanted[0]) )
  59. $mvc = $wanted[0]; ### POINTING TO THE USERS REQUEST
  60. else
  61. $mvc = 'main/cont/home'; ### POINTING TO THE DEFAULT PAGE
  62. }
  63. #compare exempted scripts with the one required
  64. if( $wanted[0] != '' && substr($wanted[0],0,3) != 'biz' && !in_array($wanted[0], $ereqs) ) {
  65.  
  66. $user = new Authentication($db, USERS);
  67. #check whether user has a session
  68. if( !$user->sessionAuthenticate() ){
  69. $smarty->assign('sessionMsg', $user->msg);
  70. $logon_err_content = $smarty->fetch('./logon/logon.logon_err'.VEND);
  71. unset($mvc); #this avoids execution of the wanted content script
  72. }
  73. else{
  74. #check whether user is required to change their passwoard
  75. #session chg_pass avoids execution of the whole if statement every time script is run
  76. #its set when user changes password successfully or when they rnt required to change their password
  77. #$path = $wanted;
  78. if( (!isset($_SESSION['chg_pass']) && substr_count($path, 'chg_pass') != 1) &&
  79. $user->chgPassStatus($_SESSION['loginUsername'])){
  80.  
  81. $smarty->assign('chg_pass', "You are required to change your Password");
  82. $mvc = 'main/user/chg/pass';
  83. }
  84.  
  85. }
  86. }
  87.  
  88. }
  89. ?>
  90.  
  91. <?PHP
  92.  
  93. // start compressing and buffering
  94. ob_start("ob_gzhandler");
  95.  
  96. #session_name("WEB");
  97. session_start();
  98.  
  99. require_once('./config.php');
  100. require_once(APP_CFGDIR.'autoLoader.php' );
  101.  
  102. $smarty =& new Smarty();
  103.  
  104. // set the smarty-dirs
  105. $smarty->template_dir = TPL;
  106. $smarty->compile_dir = CPL;
  107.  
  108. ## Platform Objects
  109. $gag = new Web($db);
  110.  
  111. ############################################################################
  112. ############################################################################
  113. ################### SESSION INFO #########################################
  114.  
  115. require_once('./display/session_verify.php');
  116.  
  117. ############################################################################
  118. ############################################################################
  119. ################ USER INFO ################################################
  120.  
  121. $usr = $gag->getUserInfo($_SESSION['loginUsername']);
  122. $smarty->assign('userType', $usr['utype']);
  123. $smarty->assign('f_name', $usr['fname']);
  124.  
  125. ################ left and right INFO ######################################
  126. $conInfo = $gag->getContactInfo();
  127. $smarty->assign('conInfo', $conInfo);
  128.  
  129. $latestNews = $gag->getLatestNewsInfo();
  130. if( count($latestNews) == 0 ){
  131. $smarty->assign('noNews', 'No News Articles at the Moment');
  132. }else{
  133. $smarty->assign('latestNews', $latestNews);
  134. }
  135.  
  136. $latestPubs = $gag->getLatestPubsInfo();
  137. if( count($latestPubs) == 0 ){
  138. $smarty->assign('noPubs', 'No Publications have been uploaded at the Moment');
  139. }else{
  140. $smarty->assign('latestPubs', $latestPubs);
  141. }
  142. ############################################################################
  143. ###########################################################################
  144. ################ MVC Work Starts here #####################################
  145. ############ Work out the required controller and then get it execeuted ####
  146.  
  147. $func = explode('/', $mvc);
  148. ## front end
  149. switch ($func[0]) {
  150. ############ FOR MAIN #################################################
  151. case 'main':{
  152. $ctrl = APP_MNDIR;
  153. $vw = VW_MNDIR;
  154. switch ($func[1]) {
  155. ################# for the relatively static pages #############
  156. ## i.e. home, aboutgag etc ##################################
  157. case REL_STAT:{
  158. $ctrl .= $func[1].'/'.$func[1].FFSEP.$func[2].FEND;
  159. $vw .= $func[1].'/'.$func[2].VEND;
  160. break;
  161. }
  162. default:{
  163. $ctrl .= $func[1].'/'.$func[1].FFSEP.$func[2].FSEP.$func[3].FEND;
  164. $vw .= $func[1].'/'.$func[1].FFSEP.$func[2].FSEP.$func[3].VEND;
  165. }
  166. }
  167. break;
  168. }
  169. ### BACKEND ############################
  170. case 'bknd':{
  171. $ctrl = APP_BKNDIR.$func[1].'/'.$func[1].FFSEP.$func[2].FSEP.$func[3].FEND;
  172. $vw = VW_BKND.$func[1].'/'.$func[1].FFSEP.$func[2].FSEP.$func[3].VEND;
  173. break;
  174. }
  175.  
  176. }
  177.  
  178. ############################################################################
  179. ################ PERFORMING ACCESS CONTROL AND THEN REQUEST DISPATCHING ####
  180. $pageExists = false;
  181. if( is_file($ctrl) && $mvc != '' ){
  182. #check for access credentials
  183.  
  184. $sec = new Security($db);
  185. if( $sec->accessCheck($_SESSION['loginUsername'], $ctrl) ){
  186. #path tracking for form submitting purposes
  187. $_SESSION['prevPath'] = $ctrl;
  188. $pageExists = true;
  189. ######################################################
  190. ######## DISPATCH REQUEST ###########################
  191. require_once($ctrl);
  192. }else{
  193. $scontent = $smarty->fetch(VW_BKND.SACCESS.VEND);
  194. }
  195.  
  196. }
  197. elseif( isset($_POST) && isset($_POST['submit']) && is_file($_SESSION['prevPath']) ){
  198. $pageExists = true;
  199. require_once($_SESSION['prevPath']);
  200. }
  201.  
  202. ############################################################################
  203. ############################################################################
  204. ################## DISPLAYING THE VIEW ###################################
  205.  
  206. if( isset($logon_err_content) ) #### FOR CASES WHERE THERE IS NO LOGIN INFO, YET REQUIRED TO VIEW PAGE
  207. $smarty->assign('content', $logon_err_content);
  208. elseif( isset($chg_pass_content) ) ### FRO CASES WHERE USER IS REQUIRED TO CHG PWD
  209. $smarty->assign('content', $chg_pass_content);
  210. elseif( isset($pcontent) ) ### FOR PAGINATED CONTENT
  211. $smarty->assign('content', $pcontent);
  212. elseif( isset($scontent) ) ### for security violations
  213. $smarty->assign('content', $scontent);
  214. elseif( ! $pageExists )
  215. $smarty->assign('content', $smarty->fetch(DISP.PAGE_ABSENT.VEND));
  216. else{
  217. $content = $smarty->fetch($vw);
  218. $smarty->assign( 'content', $content );
  219. }
  220.  
  221. $smarty->display(MN_TPL);
  222.  
  223. // flush output
  224. ob_end_flush();
  225.  
  226. ?>
  227.  
  228. <?php
  229.  
  230. class Web{
  231.  
  232. private $db;
  233.  
  234. public function Web(& $db){
  235.  
  236. $this->db = $db;
  237. }
  238.  
  239. ########################################################################
  240. ############ FUNCTION FOR ESCAPING USER INPUT #########################
  241. public function escapeInput($str){
  242.  
  243. return mysql_real_escape_string($str);
  244. }
  245.  
  246. #######################################################################3
  247. ########## STRIPPING UNWANTED TAGS FROM USER INPUT ####################
  248. public function stripInput($str, $allowed = ""){
  249. $strs=explode('<',$str);
  250. $res=$strs[0];
  251. for($i=1;$i<count($strs);$i++)
  252. {
  253. if(!strpos($strs[$i],'>'))
  254. $res = $res.'<'.$strs[$i];
  255. else
  256. $res = $res.'<'.$strs[$i];
  257. }
  258. return strip_tags($res, $allowed);
  259. }
  260.  
  261. #get id for newly registered property
  262. public function getId($tableName, $id="id"){
  263.  
  264. $idSQL = "SELECT MAX($id) FROM $tableName";
  265. $this->db->query($idSQL);
  266.  
  267. return $this->db->getValue() + 1;
  268. }
  269.  
  270. #get id for newly registered property
  271. public function getIdOfLastEnteredElement($tableName, $id="id"){
  272.  
  273. $idSQL = "SELECT MAX($id) FROM $tableName";
  274. $this->db->query($idSQL);
  275.  
  276. return $this->db->getValue();
  277. }
  278.  
  279. #get user info
  280. public function getUserInfo($uname, $field="*"){
  281. $users = USERS;
  282. $SQL = "SELECT $field FROM $users WHERE uname = '{$uname}'";
  283. $user = $this->db->execute($SQL);
  284. if( $field == "*" )
  285. return $user[0];
  286. else
  287. return $user[0][$field];
  288. }
  289.  
  290. #get contact info
  291. public function getContactInfo(){
  292. $tbl = SCONTENT;
  293. $SQL = "SELECT contact_us FROM $tbl WHERE id = 'sitename'";
  294. $info = $this->db->execute($SQL);
  295. return $info[0]['contact_us'];
  296. }
  297.  
  298. #get LatestNews info
  299. public function getLatestNewsInfo(){
  300. $tbl = NEWS;
  301. $SQL = "SELECT reg_date,news_no,title,details FROM $tbl ORDER BY news_no Desc LIMIT 2";
  302. $infoArray = $this->db->execute($SQL);
  303. return $infoArray;
  304. }
  305.  
  306. #get LatestPubs info
  307. public function getLatestPubsInfo(){
  308. $tbl = PUBS;
  309. $SQL = "SELECT * FROM $tbl ORDER BY id Desc LIMIT 2";
  310. $infoArray = $this->db->execute($SQL);
  311. return $infoArray;
  312. }
  313.  
  314. #get info
  315. public function seeIfThereExistRows($tbl, $field, $values){
  316. $cond = $this->formCond($field, $values);
  317. $SQL = "SELECT * FROM $tbl";
  318. $SQL .= " WHERE $cond";
  319. $infoArray = $this->db->execute($SQL);
  320. if( count($infoArray) == 0)
  321. return false;
  322. else
  323. return true;
  324. }
  325. ########################################################################
  326. ################## Formulate SQL Where Condition STMT #################
  327. ################ params : priKey flds, value array ####################
  328. private function formCond($priKey, $values){
  329. $cond = "";
  330. if( is_array($priKey) ){ ## for a group of flds acting as a primary key
  331. #formulate sql values
  332. for($i=0;$i<sizeof($priKey);$i++){
  333. $cond .= "{$priKey[$i]} = '{$values[$i]}'";
  334. if($i < sizeof($priKey)-1 )
  335. $cond .= " AND ";
  336. }
  337. }
  338. else{
  339. $cond .= "$priKey = '$values'";
  340. }
  341. return $cond;
  342. }
  343.  
  344. ########################################################################
  345. ################## Update Info ########################################
  346. ######### params : $tblName, $field to be updated, $newValue, $id field
  347. ######### and $id Value
  348. public function updInfo($tbl, $updField, $updValue, $idField, $idValue){
  349. $cond = $this->formCond($idField, $idValue);
  350. #formulate update fld
  351. $updStr = "";
  352. if( is_array($updField) && is_array($updValue) ){
  353. for($i=0;$i<sizeof($updField);$i++){
  354. $updStr .= "{$updField[$i]} = '{$updValue[$i]}'";
  355. if($i < sizeof($updField)-1 )
  356. $updStr .= ",";
  357. }
  358. }
  359.  
  360. if( is_array($updField) )
  361. $SQL = "UPDATE $tbl SET {$updStr}";
  362. else
  363. $SQL = "UPDATE $tbl SET $updField = '{$updValue}'";
  364.  
  365. $SQL .= " WHERE $cond";
  366. if( $this->db->query($SQL) )
  367. return true;
  368. else
  369. return false;
  370. }
  371.  
  372. ########################################################################
  373. ############### Info Exists ##########################################
  374. ########### pararms : tblName, field to check, tblKey, keyValue ######
  375. public function infoExists($tbl, $fld, $idVal, $priKey = "id"){
  376. $cond = $this->formCond($priKey, $idVal);
  377.  
  378. $SQL = "SELECT $fld FROM $tbl WHERE $cond";
  379. $info = $this->db->execute($SQL);
  380. if( $info[0][$fld] != '' )
  381. return true;
  382. else
  383. return false;
  384. }
  385.  
  386. ########################################################################
  387. ################# Row Exists for a given fld value ###################
  388. ############# params : tbl, fld, fldVal ################################
  389. public function rowExists($tbl, $fld, $fldVal, $extra = "1"){
  390. $cond = $this->formCond($fld, $fldVal);
  391.  
  392. $SQL = "SELECT * FROM $tbl WHERE $cond AND $extra LIMIT 1";
  393. $row = $this->db->execute($SQL);
  394. if( count($row) == 1 )
  395. return true;
  396. else
  397. return false;
  398. }
  399.  
  400. ########################################################################
  401. ################ Del Info ############################################
  402. ############## params : $tbl, keyFld, keyVal
  403. public function delInfo($tbl, $key, $val){
  404. $cond = $this->formCond($key, $val);
  405.  
  406. $delSQL = "DELETE FROM $tbl WHERE $cond";
  407.  
  408. if( $this->db->query($delSQL) ){
  409. return true;
  410. }
  411. else{
  412. return false;
  413. }
  414. }
  415.  
  416. ########################################################################
  417. ################ Fetch All ###########################################
  418. ############## params : tblName #######################################
  419. public function fetchAll($tbl, $flds = "*", $order = "id ASC", $clause = "1"){
  420. $SQL = "SELECT $flds FROM $tbl WHERE $clause ORDER BY $order";
  421. $records = $this->db->execute($SQL);
  422. return rstripslashes($records);
  423. }
  424.  
  425. ########################################################################
  426. ################ Fetch Record By Id with an extra cond ##############
  427. ########## params : tblName, tblKey, keyValue, fldWanted ##############
  428. public function fetchById($tbl, $priKey, $keyVal, $fld = "*", $wClause = "1"){
  429. $cond = $this->formCond($priKey, $keyVal);
  430.  
  431. $SQL = "SELECT $fld FROM $tbl WHERE $cond AND $wClause";
  432. $info = $this->db->execute($SQL);
  433. if( $fld == "*" || strpos($fld,',') )
  434. return rstripslashes($info[0]);
  435. else
  436. return rstripslashes($info[0][$fld]);
  437. }
  438.  
  439. ########################################################################
  440. ################## Fetch Group of Records By Id with an extra cond ####
  441. ################ params : as in the above func ########################
  442. public function fetchGroupById($tbl, $priKey, $keyVal, $fld = "*", $cond = "1"){
  443. $pkeyCond = $this->formCond($priKey, $keyVal);
  444.  
  445. $SQL = "SELECT $fld FROM $tbl WHERE $pkeyCond AND $cond";
  446. $data = $this->db->execute($SQL);
  447.  
  448. return rstripslashes($data);
  449. }
  450.  
  451. ########################################################################
  452. ############ fetch last registered info esp for articles, news #######
  453. ######### params : $tbl, $tblKey(s), $keyVal(s), $orderBy, $required Fields
  454. public function fetchLatest($tbl, $key, $kVals, $order, $fld = "*"){
  455. if( $key != '' )
  456. $cond = $this->formCond($key, $kVals);
  457. else
  458. $cond = 1;
  459.  
  460. $SQL = "SELECT $fld FROM $tbl";
  461. $SQL .= " WHERE $cond";
  462. $SQL .= " ORDER BY $order DESC LIMIT 1";
  463. $info = $this->db->execute($SQL);
  464. if( $fld == "*" || strpos($fld,',') )
  465. return rstripslashes($info[0]);
  466. else
  467. return rstripslashes($info[0][$fld]);
  468. }
  469.  
  470. }
  471.  
  472. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!