Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //check if user is already logged in
- //check if session_username doesnt already exist and that Log In form has been submitted
- if ( isset($_POST['login']) || isset($_POST['login_x']) || isset($_POST['login_y'])){
- if( ( !empty( $_POST['name'] )) && ( !empty( $_POST['pass'] )) ){
- #trim values
- $username = $gag->escapeInput(trim($_POST['name']));
- $password = $gag->escapeInput(trim($_POST['pass']));
- $user = new Authentication($db, USERS);
- //authenticate user
- if ( $user->authenticateUser($username, $password) ){
- //check account_status
- if (!$user->accountStatus($username)){
- $message = "This Account has either not yet been activated or was deactivated for various reasons.<br>";
- $message .= " or click <a href="?main/cont/login">here</a> to contact the GoAfricaGo Team if you think your account was wrongly deactivated.";
- $smarty->assign('accountMsg', $message);
- $logon_err_content = $smarty->fetch('./logon/logon.logon_err'.VEND);
- }
- else{
- //Register login Username
- $_SESSION['loginUsername'] = $username;
- //Register remote IP-Address
- $_SESSION['loginIP'] = $_SERVER['REMOTE_ADDR'];
- #take user to their Profile page
- $mvc = 'main/user/mng/profile';
- }
- }
- else{
- $message = "This username / password combination is incorrect.<br>";
- $message .= "Please click <a href="?main/cont/login">here</a> to try again.";
- $smarty->assign('authMsg', $message);
- $smarty->assign($_POST);
- $logon_err_content = $smarty->fetch('./logon/logon.logon_err'.VEND);
- }
- }
- else{
- $message = "Both your username and password are required.";
- $smarty->assign('loginMsg', $message);
- $logon_err_content = $smarty->fetch('./logon/logon.logon_err'.VEND);
- }
- }
- else{
- #get scripts exempted from session checking
- $handle = @fopen(APP_CFGDIR.SLESS, "r");
- $ereqs = array();
- if( $handle ) {
- while ( !feof($handle) ) {
- $ereqs[] = trim(fgets($handle));
- }
- fclose($handle);
- }
- #retrieve required page or direct to a given page
- if( !isset($mvc) ){
- $wanted = array_keys($_GET, '');
- if( isset($wanted[0]) )
- $mvc = $wanted[0]; ### POINTING TO THE USERS REQUEST
- else
- $mvc = 'main/cont/home'; ### POINTING TO THE DEFAULT PAGE
- }
- #compare exempted scripts with the one required
- if( $wanted[0] != '' && substr($wanted[0],0,3) != 'biz' && !in_array($wanted[0], $ereqs) ) {
- $user = new Authentication($db, USERS);
- #check whether user has a session
- if( !$user->sessionAuthenticate() ){
- $smarty->assign('sessionMsg', $user->msg);
- $logon_err_content = $smarty->fetch('./logon/logon.logon_err'.VEND);
- unset($mvc); #this avoids execution of the wanted content script
- }
- else{
- #check whether user is required to change their passwoard
- #session chg_pass avoids execution of the whole if statement every time script is run
- #its set when user changes password successfully or when they rnt required to change their password
- #$path = $wanted;
- if( (!isset($_SESSION['chg_pass']) && substr_count($path, 'chg_pass') != 1) &&
- $user->chgPassStatus($_SESSION['loginUsername'])){
- $smarty->assign('chg_pass', "You are required to change your Password");
- $mvc = 'main/user/chg/pass';
- }
- }
- }
- }
- ?>
- <?PHP
- // start compressing and buffering
- ob_start("ob_gzhandler");
- #session_name("WEB");
- session_start();
- require_once('./config.php');
- require_once(APP_CFGDIR.'autoLoader.php' );
- $smarty =& new Smarty();
- // set the smarty-dirs
- $smarty->template_dir = TPL;
- $smarty->compile_dir = CPL;
- ## Platform Objects
- $gag = new Web($db);
- ############################################################################
- ############################################################################
- ################### SESSION INFO #########################################
- require_once('./display/session_verify.php');
- ############################################################################
- ############################################################################
- ################ USER INFO ################################################
- $usr = $gag->getUserInfo($_SESSION['loginUsername']);
- $smarty->assign('userType', $usr['utype']);
- $smarty->assign('f_name', $usr['fname']);
- ################ left and right INFO ######################################
- $conInfo = $gag->getContactInfo();
- $smarty->assign('conInfo', $conInfo);
- $latestNews = $gag->getLatestNewsInfo();
- if( count($latestNews) == 0 ){
- $smarty->assign('noNews', 'No News Articles at the Moment');
- }else{
- $smarty->assign('latestNews', $latestNews);
- }
- $latestPubs = $gag->getLatestPubsInfo();
- if( count($latestPubs) == 0 ){
- $smarty->assign('noPubs', 'No Publications have been uploaded at the Moment');
- }else{
- $smarty->assign('latestPubs', $latestPubs);
- }
- ############################################################################
- ###########################################################################
- ################ MVC Work Starts here #####################################
- ############ Work out the required controller and then get it execeuted ####
- $func = explode('/', $mvc);
- ## front end
- switch ($func[0]) {
- ############ FOR MAIN #################################################
- case 'main':{
- $ctrl = APP_MNDIR;
- $vw = VW_MNDIR;
- switch ($func[1]) {
- ################# for the relatively static pages #############
- ## i.e. home, aboutgag etc ##################################
- case REL_STAT:{
- $ctrl .= $func[1].'/'.$func[1].FFSEP.$func[2].FEND;
- $vw .= $func[1].'/'.$func[2].VEND;
- break;
- }
- default:{
- $ctrl .= $func[1].'/'.$func[1].FFSEP.$func[2].FSEP.$func[3].FEND;
- $vw .= $func[1].'/'.$func[1].FFSEP.$func[2].FSEP.$func[3].VEND;
- }
- }
- break;
- }
- ### BACKEND ############################
- case 'bknd':{
- $ctrl = APP_BKNDIR.$func[1].'/'.$func[1].FFSEP.$func[2].FSEP.$func[3].FEND;
- $vw = VW_BKND.$func[1].'/'.$func[1].FFSEP.$func[2].FSEP.$func[3].VEND;
- break;
- }
- }
- ############################################################################
- ################ PERFORMING ACCESS CONTROL AND THEN REQUEST DISPATCHING ####
- $pageExists = false;
- if( is_file($ctrl) && $mvc != '' ){
- #check for access credentials
- $sec = new Security($db);
- if( $sec->accessCheck($_SESSION['loginUsername'], $ctrl) ){
- #path tracking for form submitting purposes
- $_SESSION['prevPath'] = $ctrl;
- $pageExists = true;
- ######################################################
- ######## DISPATCH REQUEST ###########################
- require_once($ctrl);
- }else{
- $scontent = $smarty->fetch(VW_BKND.SACCESS.VEND);
- }
- }
- elseif( isset($_POST) && isset($_POST['submit']) && is_file($_SESSION['prevPath']) ){
- $pageExists = true;
- require_once($_SESSION['prevPath']);
- }
- ############################################################################
- ############################################################################
- ################## DISPLAYING THE VIEW ###################################
- if( isset($logon_err_content) ) #### FOR CASES WHERE THERE IS NO LOGIN INFO, YET REQUIRED TO VIEW PAGE
- $smarty->assign('content', $logon_err_content);
- elseif( isset($chg_pass_content) ) ### FRO CASES WHERE USER IS REQUIRED TO CHG PWD
- $smarty->assign('content', $chg_pass_content);
- elseif( isset($pcontent) ) ### FOR PAGINATED CONTENT
- $smarty->assign('content', $pcontent);
- elseif( isset($scontent) ) ### for security violations
- $smarty->assign('content', $scontent);
- elseif( ! $pageExists )
- $smarty->assign('content', $smarty->fetch(DISP.PAGE_ABSENT.VEND));
- else{
- $content = $smarty->fetch($vw);
- $smarty->assign( 'content', $content );
- }
- $smarty->display(MN_TPL);
- // flush output
- ob_end_flush();
- ?>
- <?php
- class Web{
- private $db;
- public function Web(& $db){
- $this->db = $db;
- }
- ########################################################################
- ############ FUNCTION FOR ESCAPING USER INPUT #########################
- public function escapeInput($str){
- return mysql_real_escape_string($str);
- }
- #######################################################################3
- ########## STRIPPING UNWANTED TAGS FROM USER INPUT ####################
- public function stripInput($str, $allowed = ""){
- $strs=explode('<',$str);
- $res=$strs[0];
- for($i=1;$i<count($strs);$i++)
- {
- if(!strpos($strs[$i],'>'))
- $res = $res.'<'.$strs[$i];
- else
- $res = $res.'<'.$strs[$i];
- }
- return strip_tags($res, $allowed);
- }
- #get id for newly registered property
- public function getId($tableName, $id="id"){
- $idSQL = "SELECT MAX($id) FROM $tableName";
- $this->db->query($idSQL);
- return $this->db->getValue() + 1;
- }
- #get id for newly registered property
- public function getIdOfLastEnteredElement($tableName, $id="id"){
- $idSQL = "SELECT MAX($id) FROM $tableName";
- $this->db->query($idSQL);
- return $this->db->getValue();
- }
- #get user info
- public function getUserInfo($uname, $field="*"){
- $users = USERS;
- $SQL = "SELECT $field FROM $users WHERE uname = '{$uname}'";
- $user = $this->db->execute($SQL);
- if( $field == "*" )
- return $user[0];
- else
- return $user[0][$field];
- }
- #get contact info
- public function getContactInfo(){
- $tbl = SCONTENT;
- $SQL = "SELECT contact_us FROM $tbl WHERE id = 'sitename'";
- $info = $this->db->execute($SQL);
- return $info[0]['contact_us'];
- }
- #get LatestNews info
- public function getLatestNewsInfo(){
- $tbl = NEWS;
- $SQL = "SELECT reg_date,news_no,title,details FROM $tbl ORDER BY news_no Desc LIMIT 2";
- $infoArray = $this->db->execute($SQL);
- return $infoArray;
- }
- #get LatestPubs info
- public function getLatestPubsInfo(){
- $tbl = PUBS;
- $SQL = "SELECT * FROM $tbl ORDER BY id Desc LIMIT 2";
- $infoArray = $this->db->execute($SQL);
- return $infoArray;
- }
- #get info
- public function seeIfThereExistRows($tbl, $field, $values){
- $cond = $this->formCond($field, $values);
- $SQL = "SELECT * FROM $tbl";
- $SQL .= " WHERE $cond";
- $infoArray = $this->db->execute($SQL);
- if( count($infoArray) == 0)
- return false;
- else
- return true;
- }
- ########################################################################
- ################## Formulate SQL Where Condition STMT #################
- ################ params : priKey flds, value array ####################
- private function formCond($priKey, $values){
- $cond = "";
- if( is_array($priKey) ){ ## for a group of flds acting as a primary key
- #formulate sql values
- for($i=0;$i<sizeof($priKey);$i++){
- $cond .= "{$priKey[$i]} = '{$values[$i]}'";
- if($i < sizeof($priKey)-1 )
- $cond .= " AND ";
- }
- }
- else{
- $cond .= "$priKey = '$values'";
- }
- return $cond;
- }
- ########################################################################
- ################## Update Info ########################################
- ######### params : $tblName, $field to be updated, $newValue, $id field
- ######### and $id Value
- public function updInfo($tbl, $updField, $updValue, $idField, $idValue){
- $cond = $this->formCond($idField, $idValue);
- #formulate update fld
- $updStr = "";
- if( is_array($updField) && is_array($updValue) ){
- for($i=0;$i<sizeof($updField);$i++){
- $updStr .= "{$updField[$i]} = '{$updValue[$i]}'";
- if($i < sizeof($updField)-1 )
- $updStr .= ",";
- }
- }
- if( is_array($updField) )
- $SQL = "UPDATE $tbl SET {$updStr}";
- else
- $SQL = "UPDATE $tbl SET $updField = '{$updValue}'";
- $SQL .= " WHERE $cond";
- if( $this->db->query($SQL) )
- return true;
- else
- return false;
- }
- ########################################################################
- ############### Info Exists ##########################################
- ########### pararms : tblName, field to check, tblKey, keyValue ######
- public function infoExists($tbl, $fld, $idVal, $priKey = "id"){
- $cond = $this->formCond($priKey, $idVal);
- $SQL = "SELECT $fld FROM $tbl WHERE $cond";
- $info = $this->db->execute($SQL);
- if( $info[0][$fld] != '' )
- return true;
- else
- return false;
- }
- ########################################################################
- ################# Row Exists for a given fld value ###################
- ############# params : tbl, fld, fldVal ################################
- public function rowExists($tbl, $fld, $fldVal, $extra = "1"){
- $cond = $this->formCond($fld, $fldVal);
- $SQL = "SELECT * FROM $tbl WHERE $cond AND $extra LIMIT 1";
- $row = $this->db->execute($SQL);
- if( count($row) == 1 )
- return true;
- else
- return false;
- }
- ########################################################################
- ################ Del Info ############################################
- ############## params : $tbl, keyFld, keyVal
- public function delInfo($tbl, $key, $val){
- $cond = $this->formCond($key, $val);
- $delSQL = "DELETE FROM $tbl WHERE $cond";
- if( $this->db->query($delSQL) ){
- return true;
- }
- else{
- return false;
- }
- }
- ########################################################################
- ################ Fetch All ###########################################
- ############## params : tblName #######################################
- public function fetchAll($tbl, $flds = "*", $order = "id ASC", $clause = "1"){
- $SQL = "SELECT $flds FROM $tbl WHERE $clause ORDER BY $order";
- $records = $this->db->execute($SQL);
- return rstripslashes($records);
- }
- ########################################################################
- ################ Fetch Record By Id with an extra cond ##############
- ########## params : tblName, tblKey, keyValue, fldWanted ##############
- public function fetchById($tbl, $priKey, $keyVal, $fld = "*", $wClause = "1"){
- $cond = $this->formCond($priKey, $keyVal);
- $SQL = "SELECT $fld FROM $tbl WHERE $cond AND $wClause";
- $info = $this->db->execute($SQL);
- if( $fld == "*" || strpos($fld,',') )
- return rstripslashes($info[0]);
- else
- return rstripslashes($info[0][$fld]);
- }
- ########################################################################
- ################## Fetch Group of Records By Id with an extra cond ####
- ################ params : as in the above func ########################
- public function fetchGroupById($tbl, $priKey, $keyVal, $fld = "*", $cond = "1"){
- $pkeyCond = $this->formCond($priKey, $keyVal);
- $SQL = "SELECT $fld FROM $tbl WHERE $pkeyCond AND $cond";
- $data = $this->db->execute($SQL);
- return rstripslashes($data);
- }
- ########################################################################
- ############ fetch last registered info esp for articles, news #######
- ######### params : $tbl, $tblKey(s), $keyVal(s), $orderBy, $required Fields
- public function fetchLatest($tbl, $key, $kVals, $order, $fld = "*"){
- if( $key != '' )
- $cond = $this->formCond($key, $kVals);
- else
- $cond = 1;
- $SQL = "SELECT $fld FROM $tbl";
- $SQL .= " WHERE $cond";
- $SQL .= " ORDER BY $order DESC LIMIT 1";
- $info = $this->db->execute($SQL);
- if( $fld == "*" || strpos($fld,',') )
- return rstripslashes($info[0]);
- else
- return rstripslashes($info[0][$fld]);
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement