From d43898c5289d58bde58ae5307470c05580313d55 Mon Sep 17 00:00:00 2001 From: Julien Mottin Date: Wed, 26 Jun 2013 16:17:59 +0200 Subject: [PATCH 1/7] Add login feature to BrewPi, to allow full read only access from the www and editing/control actions reserved to logged in users --- admin.php | 35 + beer-panel.php | 39 +- confirmreg.php | 62 ++ control-panel.php | 12 +- css/fg_membersite.css | 166 +++ css/pwdwidget.css | 48 + css/style.css | 7 + include/class.phpmailer.php | 1909 +++++++++++++++++++++++++++++++++ include/fg_membersite.php | 876 +++++++++++++++ include/formvalidator.php | 573 ++++++++++ include/membersite_config.php | 26 + index.php | 13 +- js/gen_validatorv31.js | 813 ++++++++++++++ js/login-panel.js | 66 ++ js/pwdwidget.js | 285 +++++ login-panel.php | 46 + login.php | 10 + logout.php | 40 + maintenance-panel.php | 6 +- register.php | 92 ++ thank-you-regd.html | 17 + thank-you.html | 15 + 22 files changed, 5137 insertions(+), 19 deletions(-) create mode 100644 admin.php create mode 100644 confirmreg.php create mode 100644 css/fg_membersite.css create mode 100644 css/pwdwidget.css create mode 100644 include/class.phpmailer.php create mode 100644 include/fg_membersite.php create mode 100644 include/formvalidator.php create mode 100644 include/membersite_config.php create mode 100644 js/gen_validatorv31.js create mode 100644 js/login-panel.js create mode 100644 js/pwdwidget.js create mode 100644 login-panel.php create mode 100644 login.php create mode 100644 logout.php create mode 100644 register.php create mode 100644 thank-you-regd.html create mode 100644 thank-you.html diff --git a/admin.php b/admin.php new file mode 100644 index 0000000..371c5af --- /dev/null +++ b/admin.php @@ -0,0 +1,35 @@ +. + */ +?> + + + + + Brewpi Login admin + + + +

Please follow one of the following links to handle your session to Brewpi : +

+

+ \ No newline at end of file diff --git a/beer-panel.php b/beer-panel.php index 742393c..c8b93ca 100644 --- a/beer-panel.php +++ b/beer-panel.php @@ -17,19 +17,34 @@ */ ?> + +
-
- Live LCD waiting - for update from - script... - +
+ + Live LCD waiting + for update from + script... + +
Fermenting:
- - + + CheckLogin()) + { + echo ''; + } + else { + echo ''; + echo ''; + } + ?>
@@ -37,11 +52,11 @@
diff --git a/confirmreg.php b/confirmreg.php new file mode 100644 index 0000000..4fbfc2c --- /dev/null +++ b/confirmreg.php @@ -0,0 +1,62 @@ +ConfirmUser()) + { + $fgmembersite->RedirectToURL("thank-you-regd.html"); + } +} + +?> + + + + + Confirm registration + + + + + +

Confirm registration

+

+Please enter the confirmation code in the box below +

+ + +
+
+
* required fields
+
GetErrorMessage(); ?>
+
+
+
+ +
+
+ +
+ +
+ + + +
+ + + + \ No newline at end of file diff --git a/control-panel.php b/control-panel.php index 3d0af3f..d4e70e9 100644 --- a/control-panel.php +++ b/control-panel.php @@ -26,7 +26,11 @@
  • Beer constant
  • Fridge constant
  • Off
    • - + CheckLogin()) { + echo ''; + } + ?>

    @@ -37,7 +41,11 @@

    - + CheckLogin()) { + echo ''; + } + ?>
    diff --git a/css/fg_membersite.css b/css/fg_membersite.css new file mode 100644 index 0000000..cbbd4a3 --- /dev/null +++ b/css/fg_membersite.css @@ -0,0 +1,166 @@ +/* +Registration/Login Form by html-form-guide.com +You can customize all the aspects of the form in this style sheet +*/ + +#fg_membersite fieldset +{ + width: 230px; + padding:20px; + border:1px solid #ccc; +-moz-border-radius: 10px; +-webkit-border-radius: 10px; +-khtml-border-radius: 10px; +border-radius: 10px; +} + +#fg_membersite legend, #fg_membersite h2 +{ + font-family : Arial, sans-serif; + font-size: 1.3em; + font-weight:bold; + color:#333; +} + +#fg_membersite label +{ + font-family : Arial, sans-serif; + font-size:0.8em; + font-weight: bold; +} + +#fg_membersite input[type="text"],#fg_membersite textarea, +#fg_membersite input[type="password"] +{ + font-family : Arial, Verdana, sans-serif; + font-size: 0.8em; + line-height:140%; + color : #000; + padding : 3px; + border : 1px solid #999; + -moz-border-radius: 5px; + -webkit-border-radius: 5px; + -khtml-border-radius: 5px; + border-radius: 5px; + +} + +#fg_membersite input[type="text"], +#fg_membersite input[type="password"] +{ + height:18px; + width:220px; +} + + #fg_membersite #scaptcha +{ + width:60px; + height:18px; +} + +#fg_membersite input[type="submit"] +{ + width:100px; + height:30px; + padding-left:0px; +} + +#fg_membersite textarea +{ + height:120px; + width:310px; +} + +#fg_membersite input[type="text"]:focus, +#fg_membersite textarea:focus +{ + color : #009; + border : 1px solid #990000; + background-color : #ffff99; + font-weight:bold; +} + +#fg_membersite .container +{ + margin-top:8px; + margin-bottom: 10px; +} + +#fg_membersite .error +{ + font-family: Verdana, Arial, sans-serif; + font-size: 0.7em; + color: #900; + background-color : #ffff00; +} + +#fg_membersite #register_password_errorloc +{ + clear:both; +} + +#fg_membersite fieldset#antispam +{ + padding:2px; + border-top:1px solid #EEE; + border-left:0; + border-right:0; + border-bottom:0; + width:350px; +} + +#fg_membersite fieldset#antispam legend +{ + font-family : Arial, sans-serif; + font-size: 0.8em; + font-weight:bold; + color:#333; +} + +#fg_membersite .short_explanation +{ + font-family : Arial, sans-serif; + font-size: 0.6em; + color:#333; +} + +/* spam_trap: This input is hidden. This is here to trick the spam bots*/ +#fg_membersite .spmhidip +{ + display:none; + width:10px; + height:3px; +} +#fg_membersite #fg_crdiv +{ + font-family : Arial, sans-serif; + font-size: 0.3em; + opacity: .2; + -moz-opacity: .2; + filter: alpha(opacity=20); +} +#fg_membersite #fg_crdiv p +{ + display:none; +} + +#fg_membersite_content li +{ +font-family : Arial, sans-serif; +padding-top:10px; +padding-bottom:10px; +} +#fg_membersite_content +{ + font-family : Arial, sans-serif; + font-size: 0.9em; + line-height: 150% +} + +#fg_membersite_content h2 +{ + font-family : Arial, sans-serif; + font-size: 1.5em; + font-weight:bold; + color:#333; +} \ No newline at end of file diff --git a/css/pwdwidget.css b/css/pwdwidget.css new file mode 100644 index 0000000..ffa61d3 --- /dev/null +++ b/css/pwdwidget.css @@ -0,0 +1,48 @@ +.pwdwidgetdiv +{ + width:225px; +} + +.pwdfield +{ + display:block; +} + +.pwdopsdiv +{ + display: block; + float: left; + margin-right:6px; +} +.pwdopsdiv a +{ + font-family : Arial, Helvetica, sans-serif; + font-size : 10px; +} + +.pwdstrengthbar +{ + float:right; + background:#cccccc; + height:4px; + margin:0; +} + +.pwdstrength +{ + float:right; + height:20px; + width:70px; + margin-top:3px; + +} +.pwdstrengthstr +{ + float:right; + clear:both; + height:14px; + margin-top:0px; + font-family : Arial, Helvetica, sans-serif; + font-size : 10px; + +} \ No newline at end of file diff --git a/css/style.css b/css/style.css index a5a908c..e3a0ce8 100644 --- a/css/style.css +++ b/css/style.css @@ -29,6 +29,13 @@ button#maintenance{ margin: 10px 10px 10px 10px; } +button#login{ + width: 200px; + float: right; + clear:right; + margin: 10px 10px 10px 10px; +} + /* Control Panel */ .google-visualization-table-td{ text-align: center !important; diff --git a/include/class.phpmailer.php b/include/class.phpmailer.php new file mode 100644 index 0000000..7fe09a7 --- /dev/null +++ b/include/class.phpmailer.php @@ -0,0 +1,1909 @@ +ContentType = 'text/html'; + } else { + $this->ContentType = 'text/plain'; + } + } + + /** + * Sets Mailer to send message using SMTP. + * @return void + */ + function IsSMTP() { + $this->Mailer = 'smtp'; + } + + /** + * Sets Mailer to send message using PHP mail() function. + * @return void + */ + function IsMail() { + $this->Mailer = 'mail'; + } + + /** + * Sets Mailer to send message using the $Sendmail program. + * @return void + */ + function IsSendmail() { + $this->Mailer = 'sendmail'; + } + + /** + * Sets Mailer to send message using the qmail MTA. + * @return void + */ + function IsQmail() { + $this->Sendmail = '/var/qmail/bin/sendmail'; + $this->Mailer = 'sendmail'; + } + + ///////////////////////////////////////////////// + // METHODS, RECIPIENTS + ///////////////////////////////////////////////// + + /** + * Adds a "To" address. + * @param string $address + * @param string $name + * @return void + */ + function AddAddress($address, $name = '') { + $cur = count($this->to); + $this->to[$cur][0] = trim($address); + $this->to[$cur][1] = $name; + } + + /** + * Adds a "Cc" address. Note: this function works + * with the SMTP mailer on win32, not with the "mail" + * mailer. + * @param string $address + * @param string $name + * @return void + */ + function AddCC($address, $name = '') { + $cur = count($this->cc); + $this->cc[$cur][0] = trim($address); + $this->cc[$cur][1] = $name; + } + + /** + * Adds a "Bcc" address. Note: this function works + * with the SMTP mailer on win32, not with the "mail" + * mailer. + * @param string $address + * @param string $name + * @return void + */ + function AddBCC($address, $name = '') { + $cur = count($this->bcc); + $this->bcc[$cur][0] = trim($address); + $this->bcc[$cur][1] = $name; + } + + /** + * Adds a "Reply-To" address. + * @param string $address + * @param string $name + * @return void + */ + function AddReplyTo($address, $name = '') { + $cur = count($this->ReplyTo); + $this->ReplyTo[$cur][0] = trim($address); + $this->ReplyTo[$cur][1] = $name; + } + + ///////////////////////////////////////////////// + // METHODS, MAIL SENDING + ///////////////////////////////////////////////// + + /** + * Creates message and assigns Mailer. If the message is + * not sent successfully then it returns false. Use the ErrorInfo + * variable to view description of the error. + * @return bool + */ + function Send() { + $header = ''; + $body = ''; + $result = true; + + if((count($this->to) + count($this->cc) + count($this->bcc)) < 1) { + $this->SetError($this->Lang('provide_address')); + return false; + } + + /* Set whether the message is multipart/alternative */ + if(!empty($this->AltBody)) { + $this->ContentType = 'multipart/alternative'; + } + + $this->error_count = 0; // reset errors + $this->SetMessageType(); + $header .= $this->CreateHeader(); + $body = $this->CreateBody(); + + if($body == '') { + return false; + } + + /* Choose the mailer */ + switch($this->Mailer) { + case 'sendmail': + $result = $this->SendmailSend($header, $body); + break; + case 'smtp': + $result = $this->SmtpSend($header, $body); + break; + case 'mail': + $result = $this->MailSend($header, $body); + break; + default: + $result = $this->MailSend($header, $body); + break; + //$this->SetError($this->Mailer . $this->Lang('mailer_not_supported')); + //$result = false; + //break; + } + + return $result; + } + + /** + * Sends mail using the $Sendmail program. + * @access private + * @return bool + */ + function SendmailSend($header, $body) { + if ($this->Sender != '') { + $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender)); + } else { + $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail)); + } + + if(!@$mail = popen($sendmail, 'w')) { + $this->SetError($this->Lang('execute') . $this->Sendmail); + return false; + } + + fputs($mail, $header); + fputs($mail, $body); + + $result = pclose($mail); + if (version_compare(phpversion(), '4.2.3') == -1) { + $result = $result >> 8 & 0xFF; + } + if($result != 0) { + $this->SetError($this->Lang('execute') . $this->Sendmail); + return false; + } + return true; + } + + /** + * Sends mail using the PHP mail() function. + * @access private + * @return bool + */ + function MailSend($header, $body) { + + $to = ''; + for($i = 0; $i < count($this->to); $i++) { + if($i != 0) { $to .= ', '; } + $to .= $this->AddrFormat($this->to[$i]); + } + + $toArr = explode(',', $to); + + $params = sprintf("-oi -f %s", $this->Sender); + if ($this->Sender != '' && strlen(ini_get('safe_mode')) < 1) { + $old_from = ini_get('sendmail_from'); + ini_set('sendmail_from', $this->Sender); + if ($this->SingleTo === true && count($toArr) > 1) { + foreach ($toArr as $key => $val) { + $rt = @mail($val, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header, $params); + } + } else { + $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header, $params); + } + } else { + if ($this->SingleTo === true && count($toArr) > 1) { + foreach ($toArr as $key => $val) { + $rt = @mail($val, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header, $params); + } + } else { + $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header); + } + } + + if (isset($old_from)) { + ini_set('sendmail_from', $old_from); + } + + if(!$rt) { + $this->SetError($this->Lang('instantiate')); + return false; + } + + return true; + } + + /** + * Sends mail via SMTP using PhpSMTP (Author: + * Chris Ryan). Returns bool. Returns false if there is a + * bad MAIL FROM, RCPT, or DATA input. + * @access private + * @return bool + */ + function SmtpSend($header, $body) { + include_once($this->PluginDir . 'class.smtp.php'); + $error = ''; + $bad_rcpt = array(); + + if(!$this->SmtpConnect()) { + return false; + } + + $smtp_from = ($this->Sender == '') ? $this->From : $this->Sender; + if(!$this->smtp->Mail($smtp_from)) { + $error = $this->Lang('from_failed') . $smtp_from; + $this->SetError($error); + $this->smtp->Reset(); + return false; + } + + /* Attempt to send attach all recipients */ + for($i = 0; $i < count($this->to); $i++) { + if(!$this->smtp->Recipient($this->to[$i][0])) { + $bad_rcpt[] = $this->to[$i][0]; + } + } + for($i = 0; $i < count($this->cc); $i++) { + if(!$this->smtp->Recipient($this->cc[$i][0])) { + $bad_rcpt[] = $this->cc[$i][0]; + } + } + for($i = 0; $i < count($this->bcc); $i++) { + if(!$this->smtp->Recipient($this->bcc[$i][0])) { + $bad_rcpt[] = $this->bcc[$i][0]; + } + } + + if(count($bad_rcpt) > 0) { // Create error message + for($i = 0; $i < count($bad_rcpt); $i++) { + if($i != 0) { + $error .= ', '; + } + $error .= $bad_rcpt[$i]; + } + $error = $this->Lang('recipients_failed') . $error; + $this->SetError($error); + $this->smtp->Reset(); + return false; + } + + if(!$this->smtp->Data($header . $body)) { + $this->SetError($this->Lang('data_not_accepted')); + $this->smtp->Reset(); + return false; + } + if($this->SMTPKeepAlive == true) { + $this->smtp->Reset(); + } else { + $this->SmtpClose(); + } + + return true; + } + + /** + * Initiates a connection to an SMTP server. Returns false if the + * operation failed. + * @access private + * @return bool + */ + function SmtpConnect() { + if($this->smtp == NULL) { + $this->smtp = new SMTP(); + } + + $this->smtp->do_debug = $this->SMTPDebug; + $hosts = explode(';', $this->Host); + $index = 0; + $connection = ($this->smtp->Connected()); + + /* Retry while there is no connection */ + while($index < count($hosts) && $connection == false) { + $hostinfo = array(); + if(preg_match('/^(.+):([0-9]+)$/i', $hosts[$index], $hostinfo)) { + $host = $hostinfo[1]; + $port = $hostinfo[2]; + } else { + $host = $hosts[$index]; + $port = $this->Port; + } + + if($this->smtp->Connect(((!empty($this->SMTPSecure))?$this->SMTPSecure.'://':'').$host, $port, $this->Timeout)) { + if ($this->Helo != '') { + $this->smtp->Hello($this->Helo); + } else { + $this->smtp->Hello($this->ServerHostname()); + } + + $connection = true; + if($this->SMTPAuth) { + if(!$this->smtp->Authenticate($this->Username, $this->Password)) { + $this->SetError($this->Lang('authenticate')); + $this->smtp->Reset(); + $connection = false; + } + } + } + $index++; + } + if(!$connection) { + $this->SetError($this->Lang('connect_host')); + } + + return $connection; + } + + /** + * Closes the active SMTP session if one exists. + * @return void + */ + function SmtpClose() { + if($this->smtp != NULL) { + if($this->smtp->Connected()) { + $this->smtp->Quit(); + $this->smtp->Close(); + } + } + } + + /** + * Sets the language for all class error messages. Returns false + * if it cannot load the language file. The default language type + * is English. + * @param string $lang_type Type of language (e.g. Portuguese: "br") + * @param string $lang_path Path to the language file directory + * @access public + * @return bool + */ + function SetLanguage($lang_type, $lang_path = 'language/') { + if(file_exists($lang_path.'phpmailer.lang-'.$lang_type.'.php')) { + include($lang_path.'phpmailer.lang-'.$lang_type.'.php'); + } elseif (file_exists($lang_path.'phpmailer.lang-en.php')) { + include($lang_path.'phpmailer.lang-en.php'); + } else { + $PHPMAILER_LANG = array(); + $PHPMAILER_LANG["provide_address"] = 'You must provide at least one ' . + $PHPMAILER_LANG["mailer_not_supported"] = ' mailer is not supported.'; + $PHPMAILER_LANG["execute"] = 'Could not execute: '; + $PHPMAILER_LANG["instantiate"] = 'Could not instantiate mail function.'; + $PHPMAILER_LANG["authenticate"] = 'SMTP Error: Could not authenticate.'; + $PHPMAILER_LANG["from_failed"] = 'The following From address failed: '; + $PHPMAILER_LANG["recipients_failed"] = 'SMTP Error: The following ' . + $PHPMAILER_LANG["data_not_accepted"] = 'SMTP Error: Data not accepted.'; + $PHPMAILER_LANG["connect_host"] = 'SMTP Error: Could not connect to SMTP host.'; + $PHPMAILER_LANG["file_access"] = 'Could not access file: '; + $PHPMAILER_LANG["file_open"] = 'File Error: Could not open file: '; + $PHPMAILER_LANG["encoding"] = 'Unknown encoding: '; + $PHPMAILER_LANG["signing"] = 'Signing Error: '; + } + $this->language = $PHPMAILER_LANG; + + return true; + } + + ///////////////////////////////////////////////// + // METHODS, MESSAGE CREATION + ///////////////////////////////////////////////// + + /** + * Creates recipient headers. + * @access private + * @return string + */ + function AddrAppend($type, $addr) { + $addr_str = $type . ': '; + $addr_str .= $this->AddrFormat($addr[0]); + if(count($addr) > 1) { + for($i = 1; $i < count($addr); $i++) { + $addr_str .= ', ' . $this->AddrFormat($addr[$i]); + } + } + $addr_str .= $this->LE; + + return $addr_str; + } + + /** + * Formats an address correctly. + * @access private + * @return string + */ + function AddrFormat($addr) { + if(empty($addr[1])) { + $formatted = $this->SecureHeader($addr[0]); + } else { + $formatted = $this->EncodeHeader($this->SecureHeader($addr[1]), 'phrase') . " <" . $this->SecureHeader($addr[0]) . ">"; + } + + return $formatted; + } + + /** + * Wraps message for use with mailers that do not + * automatically perform wrapping and for quoted-printable. + * Original written by philippe. + * @access private + * @return string + */ + function WrapText($message, $length, $qp_mode = false) { + $soft_break = ($qp_mode) ? sprintf(" =%s", $this->LE) : $this->LE; + // If utf-8 encoding is used, we will need to make sure we don't + // split multibyte characters when we wrap + $is_utf8 = (strtolower($this->CharSet) == "utf-8"); + + $message = $this->FixEOL($message); + if (substr($message, -1) == $this->LE) { + $message = substr($message, 0, -1); + } + + $line = explode($this->LE, $message); + $message = ''; + for ($i=0 ;$i < count($line); $i++) { + $line_part = explode(' ', $line[$i]); + $buf = ''; + for ($e = 0; $e $length)) { + $space_left = $length - strlen($buf) - 1; + if ($e != 0) { + if ($space_left > 20) { + $len = $space_left; + if ($is_utf8) { + $len = $this->UTF8CharBoundary($word, $len); + } elseif (substr($word, $len - 1, 1) == "=") { + $len--; + } elseif (substr($word, $len - 2, 1) == "=") { + $len -= 2; + } + $part = substr($word, 0, $len); + $word = substr($word, $len); + $buf .= ' ' . $part; + $message .= $buf . sprintf("=%s", $this->LE); + } else { + $message .= $buf . $soft_break; + } + $buf = ''; + } + while (strlen($word) > 0) { + $len = $length; + if ($is_utf8) { + $len = $this->UTF8CharBoundary($word, $len); + } elseif (substr($word, $len - 1, 1) == "=") { + $len--; + } elseif (substr($word, $len - 2, 1) == "=") { + $len -= 2; + } + $part = substr($word, 0, $len); + $word = substr($word, $len); + + if (strlen($word) > 0) { + $message .= $part . sprintf("=%s", $this->LE); + } else { + $buf = $part; + } + } + } else { + $buf_o = $buf; + $buf .= ($e == 0) ? $word : (' ' . $word); + + if (strlen($buf) > $length and $buf_o != '') { + $message .= $buf_o . $soft_break; + $buf = $word; + } + } + } + $message .= $buf . $this->LE; + } + + return $message; + } + + /** + * Finds last character boundary prior to maxLength in a utf-8 + * quoted (printable) encoded string. + * Original written by Colin Brown. + * @access private + * @param string $encodedText utf-8 QP text + * @param int $maxLength find last character boundary prior to this length + * @return int + */ + function UTF8CharBoundary($encodedText, $maxLength) { + $foundSplitPos = false; + $lookBack = 3; + while (!$foundSplitPos) { + $lastChunk = substr($encodedText, $maxLength - $lookBack, $lookBack); + $encodedCharPos = strpos($lastChunk, "="); + if ($encodedCharPos !== false) { + // Found start of encoded character byte within $lookBack block. + // Check the encoded byte value (the 2 chars after the '=') + $hex = substr($encodedText, $maxLength - $lookBack + $encodedCharPos + 1, 2); + $dec = hexdec($hex); + if ($dec < 128) { // Single byte character. + // If the encoded char was found at pos 0, it will fit + // otherwise reduce maxLength to start of the encoded char + $maxLength = ($encodedCharPos == 0) ? $maxLength : + $maxLength - ($lookBack - $encodedCharPos); + $foundSplitPos = true; + } elseif ($dec >= 192) { // First byte of a multi byte character + // Reduce maxLength to split at start of character + $maxLength = $maxLength - ($lookBack - $encodedCharPos); + $foundSplitPos = true; + } elseif ($dec < 192) { // Middle byte of a multi byte character, look further back + $lookBack += 3; + } + } else { + // No encoded character found + $foundSplitPos = true; + } + } + return $maxLength; + } + + /** + * Set the body wrapping. + * @access private + * @return void + */ + function SetWordWrap() { + if($this->WordWrap < 1) { + return; + } + + switch($this->message_type) { + case 'alt': + /* fall through */ + case 'alt_attachments': + $this->AltBody = $this->WrapText($this->AltBody, $this->WordWrap); + break; + default: + $this->Body = $this->WrapText($this->Body, $this->WordWrap); + break; + } + } + + /** + * Assembles message header. + * @access private + * @return string + */ + function CreateHeader() { + $result = ''; + + /* Set the boundaries */ + $uniq_id = md5(uniqid(time())); + $this->boundary[1] = 'b1_' . $uniq_id; + $this->boundary[2] = 'b2_' . $uniq_id; + + $result .= $this->HeaderLine('Date', $this->RFCDate()); + if($this->Sender == '') { + $result .= $this->HeaderLine('Return-Path', trim($this->From)); + } else { + $result .= $this->HeaderLine('Return-Path', trim($this->Sender)); + } + + /* To be created automatically by mail() */ + if($this->Mailer != 'mail') { + if(count($this->to) > 0) { + $result .= $this->AddrAppend('To', $this->to); + } elseif (count($this->cc) == 0) { + $result .= $this->HeaderLine('To', 'undisclosed-recipients:;'); + } + } + + $from = array(); + $from[0][0] = trim($this->From); + $from[0][1] = $this->FromName; + $result .= $this->AddrAppend('From', $from); + + /* sendmail and mail() extract Cc from the header before sending */ + if((($this->Mailer == 'sendmail') || ($this->Mailer == 'mail')) && (count($this->cc) > 0)) { + $result .= $this->AddrAppend('Cc', $this->cc); + } + + /* sendmail and mail() extract Bcc from the header before sending */ + if((($this->Mailer == 'sendmail') || ($this->Mailer == 'mail')) && (count($this->bcc) > 0)) { + $result .= $this->AddrAppend('Bcc', $this->bcc); + } + + if(count($this->ReplyTo) > 0) { + $result .= $this->AddrAppend('Reply-To', $this->ReplyTo); + } + + /* mail() sets the subject itself */ + if($this->Mailer != 'mail') { + $result .= $this->HeaderLine('Subject', $this->EncodeHeader($this->SecureHeader($this->Subject))); + } + + if($this->MessageID != '') { + $result .= $this->HeaderLine('Message-ID',$this->MessageID); + } else { + $result .= sprintf("Message-ID: <%s@%s>%s", $uniq_id, $this->ServerHostname(), $this->LE); + } + $result .= $this->HeaderLine('X-Priority', $this->Priority); + $result .= $this->HeaderLine('X-Mailer', 'PHPMailer (phpmailer.sourceforge.net) [version ' . $this->Version . ']'); + + if($this->ConfirmReadingTo != '') { + $result .= $this->HeaderLine('Disposition-Notification-To', '<' . trim($this->ConfirmReadingTo) . '>'); + } + + // Add custom headers + for($index = 0; $index < count($this->CustomHeader); $index++) { + $result .= $this->HeaderLine(trim($this->CustomHeader[$index][0]), $this->EncodeHeader(trim($this->CustomHeader[$index][1]))); + } + if (!$this->sign_key_file) { + $result .= $this->HeaderLine('MIME-Version', '1.0'); + $result .= $this->GetMailMIME(); + } + + return $result; + } + + /** + * Returns the message MIME. + * @access private + * @return string + */ + function GetMailMIME() { + $result = ''; + switch($this->message_type) { + case 'plain': + $result .= $this->HeaderLine('Content-Transfer-Encoding', $this->Encoding); + $result .= sprintf("Content-Type: %s; charset=\"%s\"", $this->ContentType, $this->CharSet); + break; + case 'attachments': + /* fall through */ + case 'alt_attachments': + if($this->InlineImageExists()){ + $result .= sprintf("Content-Type: %s;%s\ttype=\"text/html\";%s\tboundary=\"%s\"%s", 'multipart/related', $this->LE, $this->LE, $this->boundary[1], $this->LE); + } else { + $result .= $this->HeaderLine('Content-Type', 'multipart/mixed;'); + $result .= $this->TextLine("\tboundary=\"" . $this->boundary[1] . '"'); + } + break; + case 'alt': + $result .= $this->HeaderLine('Content-Type', 'multipart/alternative;'); + $result .= $this->TextLine("\tboundary=\"" . $this->boundary[1] . '"'); + break; + } + + if($this->Mailer != 'mail') { + $result .= $this->LE.$this->LE; + } + + return $result; + } + + /** + * Assembles the message body. Returns an empty string on failure. + * @access private + * @return string + */ + function CreateBody() { + $result = ''; + if ($this->sign_key_file) { + $result .= $this->GetMailMIME(); + } + + $this->SetWordWrap(); + + switch($this->message_type) { + case 'alt': + $result .= $this->GetBoundary($this->boundary[1], '', 'text/plain', ''); + $result .= $this->EncodeString($this->AltBody, $this->Encoding); + $result .= $this->LE.$this->LE; + $result .= $this->GetBoundary($this->boundary[1], '', 'text/html', ''); + $result .= $this->EncodeString($this->Body, $this->Encoding); + $result .= $this->LE.$this->LE; + $result .= $this->EndBoundary($this->boundary[1]); + break; + case 'plain': + $result .= $this->EncodeString($this->Body, $this->Encoding); + break; + case 'attachments': + $result .= $this->GetBoundary($this->boundary[1], '', '', ''); + $result .= $this->EncodeString($this->Body, $this->Encoding); + $result .= $this->LE; + $result .= $this->AttachAll(); + break; + case 'alt_attachments': + $result .= sprintf("--%s%s", $this->boundary[1], $this->LE); + $result .= sprintf("Content-Type: %s;%s" . "\tboundary=\"%s\"%s", 'multipart/alternative', $this->LE, $this->boundary[2], $this->LE.$this->LE); + $result .= $this->GetBoundary($this->boundary[2], '', 'text/plain', '') . $this->LE; // Create text body + $result .= $this->EncodeString($this->AltBody, $this->Encoding); + $result .= $this->LE.$this->LE; + $result .= $this->GetBoundary($this->boundary[2], '', 'text/html', '') . $this->LE; // Create the HTML body + $result .= $this->EncodeString($this->Body, $this->Encoding); + $result .= $this->LE.$this->LE; + $result .= $this->EndBoundary($this->boundary[2]); + $result .= $this->AttachAll(); + break; + } + + if($this->IsError()) { + $result = ''; + } else if ($this->sign_key_file) { + $file = tempnam("", "mail"); + $fp = fopen($file, "w"); + fwrite($fp, $result); + fclose($fp); + $signed = tempnam("", "signed"); + + if (@openssl_pkcs7_sign($file, $signed, "file://".$this->sign_cert_file, array("file://".$this->sign_key_file, $this->sign_key_pass), null)) { + $fp = fopen($signed, "r"); + $result = fread($fp, filesize($this->sign_key_file)); + $result = ''; + while(!feof($fp)){ + $result = $result . fread($fp, 1024); + } + fclose($fp); + } else { + $this->SetError($this->Lang("signing").openssl_error_string()); + $result = ''; + } + + unlink($file); + unlink($signed); + } + + return $result; + } + + /** + * Returns the start of a message boundary. + * @access private + */ + function GetBoundary($boundary, $charSet, $contentType, $encoding) { + $result = ''; + if($charSet == '') { + $charSet = $this->CharSet; + } + if($contentType == '') { + $contentType = $this->ContentType; + } + if($encoding == '') { + $encoding = $this->Encoding; + } + $result .= $this->TextLine('--' . $boundary); + $result .= sprintf("Content-Type: %s; charset = \"%s\"", $contentType, $charSet); + $result .= $this->LE; + $result .= $this->HeaderLine('Content-Transfer-Encoding', $encoding); + $result .= $this->LE; + + return $result; + } + + /** + * Returns the end of a message boundary. + * @access private + */ + function EndBoundary($boundary) { + return $this->LE . '--' . $boundary . '--' . $this->LE; + } + + /** + * Sets the message type. + * @access private + * @return void + */ + function SetMessageType() { + if(count($this->attachment) < 1 && strlen($this->AltBody) < 1) { + $this->message_type = 'plain'; + } else { + if(count($this->attachment) > 0) { + $this->message_type = 'attachments'; + } + if(strlen($this->AltBody) > 0 && count($this->attachment) < 1) { + $this->message_type = 'alt'; + } + if(strlen($this->AltBody) > 0 && count($this->attachment) > 0) { + $this->message_type = 'alt_attachments'; + } + } + } + + /* Returns a formatted header line. + * @access private + * @return string + */ + function HeaderLine($name, $value) { + return $name . ': ' . $value . $this->LE; + } + + /** + * Returns a formatted mail line. + * @access private + * @return string + */ + function TextLine($value) { + return $value . $this->LE; + } + + ///////////////////////////////////////////////// + // CLASS METHODS, ATTACHMENTS + ///////////////////////////////////////////////// + + /** + * Adds an attachment from a path on the filesystem. + * Returns false if the file could not be found + * or accessed. + * @param string $path Path to the attachment. + * @param string $name Overrides the attachment name. + * @param string $encoding File encoding (see $Encoding). + * @param string $type File extension (MIME) type. + * @return bool + */ + function AddAttachment($path, $name = '', $encoding = 'base64', $type = 'application/octet-stream') { + if(!@is_file($path)) { + $this->SetError($this->Lang('file_access') . $path); + return false; + } + + $filename = basename($path); + if($name == '') { + $name = $filename; + } + + $cur = count($this->attachment); + $this->attachment[$cur][0] = $path; + $this->attachment[$cur][1] = $filename; + $this->attachment[$cur][2] = $name; + $this->attachment[$cur][3] = $encoding; + $this->attachment[$cur][4] = $type; + $this->attachment[$cur][5] = false; // isStringAttachment + $this->attachment[$cur][6] = 'attachment'; + $this->attachment[$cur][7] = 0; + + return true; + } + + /** + * Attaches all fs, string, and binary attachments to the message. + * Returns an empty string on failure. + * @access private + * @return string + */ + function AttachAll() { + /* Return text of body */ + $mime = array(); + + /* Add all attachments */ + for($i = 0; $i < count($this->attachment); $i++) { + /* Check for string attachment */ + $bString = $this->attachment[$i][5]; + if ($bString) { + $string = $this->attachment[$i][0]; + } else { + $path = $this->attachment[$i][0]; + } + + $filename = $this->attachment[$i][1]; + $name = $this->attachment[$i][2]; + $encoding = $this->attachment[$i][3]; + $type = $this->attachment[$i][4]; + $disposition = $this->attachment[$i][6]; + $cid = $this->attachment[$i][7]; + + $mime[] = sprintf("--%s%s", $this->boundary[1], $this->LE); + $mime[] = sprintf("Content-Type: %s; name=\"%s\"%s", $type, $this->EncodeHeader($this->SecureHeader($name)), $this->LE); + $mime[] = sprintf("Content-Transfer-Encoding: %s%s", $encoding, $this->LE); + + if($disposition == 'inline') { + $mime[] = sprintf("Content-ID: <%s>%s", $cid, $this->LE); + } + + $mime[] = sprintf("Content-Disposition: %s; filename=\"%s\"%s", $disposition, $this->EncodeHeader($this->SecureHeader($name)), $this->LE.$this->LE); + + /* Encode as string attachment */ + if($bString) { + $mime[] = $this->EncodeString($string, $encoding); + if($this->IsError()) { + return ''; + } + $mime[] = $this->LE.$this->LE; + } else { + $mime[] = $this->EncodeFile($path, $encoding); + if($this->IsError()) { + return ''; + } + $mime[] = $this->LE.$this->LE; + } + } + + $mime[] = sprintf("--%s--%s", $this->boundary[1], $this->LE); + + return join('', $mime); + } + + /** + * Encodes attachment in requested format. Returns an + * empty string on failure. + * @access private + * @return string + */ + function EncodeFile ($path, $encoding = 'base64') { + if(!@$fd = fopen($path, 'rb')) { + $this->SetError($this->Lang('file_open') . $path); + return ''; + } + $magic_quotes = get_magic_quotes_runtime(); + set_magic_quotes_runtime(0); + $file_buffer = fread($fd, filesize($path)); + $file_buffer = $this->EncodeString($file_buffer, $encoding); + fclose($fd); + set_magic_quotes_runtime($magic_quotes); + + return $file_buffer; + } + + /** + * Encodes string to requested format. Returns an + * empty string on failure. + * @access private + * @return string + */ + function EncodeString ($str, $encoding = 'base64') { + $encoded = ''; + switch(strtolower($encoding)) { + case 'base64': + /* chunk_split is found in PHP >= 3.0.6 */ + $encoded = chunk_split(base64_encode($str), 76, $this->LE); + break; + case '7bit': + case '8bit': + $encoded = $this->FixEOL($str); + if (substr($encoded, -(strlen($this->LE))) != $this->LE) + $encoded .= $this->LE; + break; + case 'binary': + $encoded = $str; + break; + case 'quoted-printable': + $encoded = $this->EncodeQP($str); + break; + default: + $this->SetError($this->Lang('encoding') . $encoding); + break; + } + return $encoded; + } + + /** + * Encode a header string to best of Q, B, quoted or none. + * @access private + * @return string + */ + function EncodeHeader ($str, $position = 'text') { + $x = 0; + + switch (strtolower($position)) { + case 'phrase': + if (!preg_match('/[\200-\377]/', $str)) { + /* Can't use addslashes as we don't know what value has magic_quotes_sybase. */ + $encoded = addcslashes($str, "\0..\37\177\\\""); + if (($str == $encoded) && !preg_match('/[^A-Za-z0-9!#$%&\'*+\/=?^_`{|}~ -]/', $str)) { + return ($encoded); + } else { + return ("\"$encoded\""); + } + } + $x = preg_match_all('/[^\040\041\043-\133\135-\176]/', $str, $matches); + break; + case 'comment': + $x = preg_match_all('/[()"]/', $str, $matches); + /* Fall-through */ + case 'text': + default: + $x += preg_match_all('/[\000-\010\013\014\016-\037\177-\377]/', $str, $matches); + break; + } + + if ($x == 0) { + return ($str); + } + + $maxlen = 75 - 7 - strlen($this->CharSet); + /* Try to select the encoding which should produce the shortest output */ + if (strlen($str)/3 < $x) { + $encoding = 'B'; + if (function_exists('mb_strlen') && $this->HasMultiBytes($str)) { + // Use a custom function which correctly encodes and wraps long + // multibyte strings without breaking lines within a character + $encoded = $this->Base64EncodeWrapMB($str); + } else { + $encoded = base64_encode($str); + $maxlen -= $maxlen % 4; + $encoded = trim(chunk_split($encoded, $maxlen, "\n")); + } + } else { + $encoding = 'Q'; + $encoded = $this->EncodeQ($str, $position); + $encoded = $this->WrapText($encoded, $maxlen, true); + $encoded = str_replace('='.$this->LE, "\n", trim($encoded)); + } + + $encoded = preg_replace('/^(.*)$/m', " =?".$this->CharSet."?$encoding?\\1?=", $encoded); + $encoded = trim(str_replace("\n", $this->LE, $encoded)); + + return $encoded; + } + + /** + * Checks if a string contains multibyte characters. + * @access private + * @param string $str multi-byte text to wrap encode + * @return bool + */ + function HasMultiBytes($str) { + if (function_exists('mb_strlen')) { + return (strlen($str) > mb_strlen($str, $this->CharSet)); + } else { // Assume no multibytes (we can't handle without mbstring functions anyway) + return False; + } + } + + /** + * Correctly encodes and wraps long multibyte strings for mail headers + * without breaking lines within a character. + * Adapted from a function by paravoid at http://uk.php.net/manual/en/function.mb-encode-mimeheader.php + * @access private + * @param string $str multi-byte text to wrap encode + * @return string + */ + function Base64EncodeWrapMB($str) { + $start = "=?".$this->CharSet."?B?"; + $end = "?="; + $encoded = ""; + + $mb_length = mb_strlen($str, $this->CharSet); + // Each line must have length <= 75, including $start and $end + $length = 75 - strlen($start) - strlen($end); + // Average multi-byte ratio + $ratio = $mb_length / strlen($str); + // Base64 has a 4:3 ratio + $offset = $avgLength = floor($length * $ratio * .75); + + for ($i = 0; $i < $mb_length; $i += $offset) { + $lookBack = 0; + + do { + $offset = $avgLength - $lookBack; + $chunk = mb_substr($str, $i, $offset, $this->CharSet); + $chunk = base64_encode($chunk); + $lookBack++; + } + while (strlen($chunk) > $length); + + $encoded .= $chunk . $this->LE; + } + + // Chomp the last linefeed + $encoded = substr($encoded, 0, -strlen($this->LE)); + return $encoded; + } + + /** + * Encode string to quoted-printable. + * @access private + * @return string + */ + function EncodeQP( $input = '', $line_max = 76, $space_conv = false ) { + $hex = array('0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'); + $lines = preg_split('/(?:\r\n|\r|\n)/', $input); + $eol = "\r\n"; + $escape = '='; + $output = ''; + while( list(, $line) = each($lines) ) { + $linlen = strlen($line); + $newline = ''; + for($i = 0; $i < $linlen; $i++) { + $c = substr( $line, $i, 1 ); + $dec = ord( $c ); + if ( ( $i == 0 ) && ( $dec == 46 ) ) { // convert first point in the line into =2E + $c = '=2E'; + } + if ( $dec == 32 ) { + if ( $i == ( $linlen - 1 ) ) { // convert space at eol only + $c = '=20'; + } else if ( $space_conv ) { + $c = '=20'; + } + } elseif ( ($dec == 61) || ($dec < 32 ) || ($dec > 126) ) { // always encode "\t", which is *not* required + $h2 = floor($dec/16); + $h1 = floor($dec%16); + $c = $escape.$hex[$h2].$hex[$h1]; + } + if ( (strlen($newline) + strlen($c)) >= $line_max ) { // CRLF is not counted + $output .= $newline.$escape.$eol; // soft line break; " =\r\n" is okay + $newline = ''; + // check if newline first character will be point or not + if ( $dec == 46 ) { + $c = '=2E'; + } + } + $newline .= $c; + } // end of for + $output .= $newline.$eol; + } // end of while + return $output; + } + + /** + * Encode string to q encoding. + * @access private + * @return string + */ + function EncodeQ ($str, $position = 'text') { + /* There should not be any EOL in the string */ + $encoded = preg_replace("[\r\n]", '', $str); + + switch (strtolower($position)) { + case 'phrase': + $encoded = preg_replace("/([^A-Za-z0-9!*+\/ -])/e", "'='.sprintf('%02X', ord('\\1'))", $encoded); + break; + case 'comment': + $encoded = preg_replace("/([\(\)\"])/e", "'='.sprintf('%02X', ord('\\1'))", $encoded); + case 'text': + default: + /* Replace every high ascii, control =, ? and _ characters */ + $encoded = preg_replace('/([\000-\011\013\014\016-\037\075\077\137\177-\377])/e', + "'='.sprintf('%02X', ord('\\1'))", $encoded); + break; + } + + /* Replace every spaces to _ (more readable than =20) */ + $encoded = str_replace(' ', '_', $encoded); + + return $encoded; + } + + /** + * Adds a string or binary attachment (non-filesystem) to the list. + * This method can be used to attach ascii or binary data, + * such as a BLOB record from a database. + * @param string $string String attachment data. + * @param string $filename Name of the attachment. + * @param string $encoding File encoding (see $Encoding). + * @param string $type File extension (MIME) type. + * @return void + */ + function AddStringAttachment($string, $filename, $encoding = 'base64', $type = 'application/octet-stream') { + /* Append to $attachment array */ + $cur = count($this->attachment); + $this->attachment[$cur][0] = $string; + $this->attachment[$cur][1] = $filename; + $this->attachment[$cur][2] = $filename; + $this->attachment[$cur][3] = $encoding; + $this->attachment[$cur][4] = $type; + $this->attachment[$cur][5] = true; // isString + $this->attachment[$cur][6] = 'attachment'; + $this->attachment[$cur][7] = 0; + } + + /** + * Adds an embedded attachment. This can include images, sounds, and + * just about any other document. Make sure to set the $type to an + * image type. For JPEG images use "image/jpeg" and for GIF images + * use "image/gif". + * @param string $path Path to the attachment. + * @param string $cid Content ID of the attachment. Use this to identify + * the Id for accessing the image in an HTML form. + * @param string $name Overrides the attachment name. + * @param string $encoding File encoding (see $Encoding). + * @param string $type File extension (MIME) type. + * @return bool + */ + function AddEmbeddedImage($path, $cid, $name = '', $encoding = 'base64', $type = 'application/octet-stream') { + + if(!@is_file($path)) { + $this->SetError($this->Lang('file_access') . $path); + return false; + } + + $filename = basename($path); + if($name == '') { + $name = $filename; + } + + /* Append to $attachment array */ + $cur = count($this->attachment); + $this->attachment[$cur][0] = $path; + $this->attachment[$cur][1] = $filename; + $this->attachment[$cur][2] = $name; + $this->attachment[$cur][3] = $encoding; + $this->attachment[$cur][4] = $type; + $this->attachment[$cur][5] = false; + $this->attachment[$cur][6] = 'inline'; + $this->attachment[$cur][7] = $cid; + + return true; + } + + /** + * Returns true if an inline attachment is present. + * @access private + * @return bool + */ + function InlineImageExists() { + $result = false; + for($i = 0; $i < count($this->attachment); $i++) { + if($this->attachment[$i][6] == 'inline') { + $result = true; + break; + } + } + + return $result; + } + + ///////////////////////////////////////////////// + // CLASS METHODS, MESSAGE RESET + ///////////////////////////////////////////////// + + /** + * Clears all recipients assigned in the TO array. Returns void. + * @return void + */ + function ClearAddresses() { + $this->to = array(); + } + + /** + * Clears all recipients assigned in the CC array. Returns void. + * @return void + */ + function ClearCCs() { + $this->cc = array(); + } + + /** + * Clears all recipients assigned in the BCC array. Returns void. + * @return void + */ + function ClearBCCs() { + $this->bcc = array(); + } + + /** + * Clears all recipients assigned in the ReplyTo array. Returns void. + * @return void + */ + function ClearReplyTos() { + $this->ReplyTo = array(); + } + + /** + * Clears all recipients assigned in the TO, CC and BCC + * array. Returns void. + * @return void + */ + function ClearAllRecipients() { + $this->to = array(); + $this->cc = array(); + $this->bcc = array(); + } + + /** + * Clears all previously set filesystem, string, and binary + * attachments. Returns void. + * @return void + */ + function ClearAttachments() { + $this->attachment = array(); + } + + /** + * Clears all custom headers. Returns void. + * @return void + */ + function ClearCustomHeaders() { + $this->CustomHeader = array(); + } + + ///////////////////////////////////////////////// + // CLASS METHODS, MISCELLANEOUS + ///////////////////////////////////////////////// + + /** + * Adds the error message to the error container. + * Returns void. + * @access private + * @return void + */ + function SetError($msg) { + $this->error_count++; + $this->ErrorInfo = $msg; + } + + /** + * Returns the proper RFC 822 formatted date. + * @access private + * @return string + */ + function RFCDate() { + $tz = date('Z'); + $tzs = ($tz < 0) ? '-' : '+'; + $tz = abs($tz); + $tz = (int)($tz/3600)*100 + ($tz%3600)/60; + $result = sprintf("%s %s%04d", date('D, j M Y H:i:s'), $tzs, $tz); + + return $result; + } + + /** + * Returns the appropriate server variable. Should work with both + * PHP 4.1.0+ as well as older versions. Returns an empty string + * if nothing is found. + * @access private + * @return mixed + */ + function ServerVar($varName) { + global $HTTP_SERVER_VARS; + global $HTTP_ENV_VARS; + + if(!isset($_SERVER)) { + $_SERVER = $HTTP_SERVER_VARS; + if(!isset($_SERVER['REMOTE_ADDR'])) { + $_SERVER = $HTTP_ENV_VARS; // must be Apache + } + } + + if(isset($_SERVER[$varName])) { + return $_SERVER[$varName]; + } else { + return ''; + } + } + + /** + * Returns the server hostname or 'localhost.localdomain' if unknown. + * @access private + * @return string + */ + function ServerHostname() { + if ($this->Hostname != '') { + $result = $this->Hostname; + } elseif ($this->ServerVar('SERVER_NAME') != '') { + $result = $this->ServerVar('SERVER_NAME'); + } else { + $result = 'localhost.localdomain'; + } + + return $result; + } + + /** + * Returns a message in the appropriate language. + * @access private + * @return string + */ + function Lang($key) { + if(count($this->language) < 1) { + $this->SetLanguage('en'); // set the default language + } + + if(isset($this->language[$key])) { + return $this->language[$key]; + } else { + return 'Language string failed to load: ' . $key; + } + } + + /** + * Returns true if an error occurred. + * @return bool + */ + function IsError() { + return ($this->error_count > 0); + } + + /** + * Changes every end of line from CR or LF to CRLF. + * @access private + * @return string + */ + function FixEOL($str) { + $str = str_replace("\r\n", "\n", $str); + $str = str_replace("\r", "\n", $str); + $str = str_replace("\n", $this->LE, $str); + return $str; + } + + /** + * Adds a custom header. + * @return void + */ + function AddCustomHeader($custom_header) { + $this->CustomHeader[] = explode(':', $custom_header, 2); + } + + /** + * Evaluates the message and returns modifications for inline images and backgrounds + * @access public + * @return $message + */ + function MsgHTML($message,$basedir='') { + preg_match_all("/(src|background)=\"(.*)\"/Ui", $message, $images); + if(isset($images[2])) { + foreach($images[2] as $i => $url) { + // do not change urls for absolute images (thanks to corvuscorax) + if (!preg_match('/^[A-z][A-z]*:\/\//',$url)) { + $filename = basename($url); + $directory = dirname($url); + ($directory == '.')?$directory='':''; + $cid = 'cid:' . md5($filename); + $fileParts = preg_split("/\./", $filename); + $ext = $fileParts[1]; + $mimeType = $this->_mime_types($ext); + if ( strlen($basedir) > 1 && substr($basedir,-1) != '/') { $basedir .= '/'; } + if ( strlen($directory) > 1 && substr($directory,-1) != '/') { $directory .= '/'; } + if ( $this->AddEmbeddedImage($basedir.$directory.$filename, md5($filename), $filename, 'base64',$mimeType) ) { + $message = preg_replace("/".$images[1][$i]."=\"".preg_quote($url, '/')."\"/Ui", $images[1][$i]."=\"".$cid."\"", $message); + } + } + } + } + $this->IsHTML(true); + $this->Body = $message; + $textMsg = trim(strip_tags(preg_replace('/<(head|title|style|script)[^>]*>.*?<\/\\1>/s','',$message))); + if ( !empty($textMsg) && empty($this->AltBody) ) { + $this->AltBody = html_entity_decode($textMsg); + } + if ( empty($this->AltBody) ) { + $this->AltBody = 'To view this email message, open the email in with HTML compatibility!' . "\n\n"; + } + } + + /** + * Gets the mime type of the embedded or inline image + * @access private + * @return mime type of ext + */ + function _mime_types($ext = '') { + $mimes = array( + 'ai' => 'application/postscript', + 'aif' => 'audio/x-aiff', + 'aifc' => 'audio/x-aiff', + 'aiff' => 'audio/x-aiff', + 'avi' => 'video/x-msvideo', + 'bin' => 'application/macbinary', + 'bmp' => 'image/bmp', + 'class' => 'application/octet-stream', + 'cpt' => 'application/mac-compactpro', + 'css' => 'text/css', + 'dcr' => 'application/x-director', + 'dir' => 'application/x-director', + 'dll' => 'application/octet-stream', + 'dms' => 'application/octet-stream', + 'doc' => 'application/msword', + 'dvi' => 'application/x-dvi', + 'dxr' => 'application/x-director', + 'eml' => 'message/rfc822', + 'eps' => 'application/postscript', + 'exe' => 'application/octet-stream', + 'gif' => 'image/gif', + 'gtar' => 'application/x-gtar', + 'htm' => 'text/html', + 'html' => 'text/html', + 'jpe' => 'image/jpeg', + 'jpeg' => 'image/jpeg', + 'jpg' => 'image/jpeg', + 'hqx' => 'application/mac-binhex40', + 'js' => 'application/x-javascript', + 'lha' => 'application/octet-stream', + 'log' => 'text/plain', + 'lzh' => 'application/octet-stream', + 'mid' => 'audio/midi', + 'midi' => 'audio/midi', + 'mif' => 'application/vnd.mif', + 'mov' => 'video/quicktime', + 'movie' => 'video/x-sgi-movie', + 'mp2' => 'audio/mpeg', + 'mp3' => 'audio/mpeg', + 'mpe' => 'video/mpeg', + 'mpeg' => 'video/mpeg', + 'mpg' => 'video/mpeg', + 'mpga' => 'audio/mpeg', + 'oda' => 'application/oda', + 'pdf' => 'application/pdf', + 'php' => 'application/x-httpd-php', + 'php3' => 'application/x-httpd-php', + 'php4' => 'application/x-httpd-php', + 'phps' => 'application/x-httpd-php-source', + 'phtml' => 'application/x-httpd-php', + 'png' => 'image/png', + 'ppt' => 'application/vnd.ms-powerpoint', + 'ps' => 'application/postscript', + 'psd' => 'application/octet-stream', + 'qt' => 'video/quicktime', + 'ra' => 'audio/x-realaudio', + 'ram' => 'audio/x-pn-realaudio', + 'rm' => 'audio/x-pn-realaudio', + 'rpm' => 'audio/x-pn-realaudio-plugin', + 'rtf' => 'text/rtf', + 'rtx' => 'text/richtext', + 'rv' => 'video/vnd.rn-realvideo', + 'sea' => 'application/octet-stream', + 'shtml' => 'text/html', + 'sit' => 'application/x-stuffit', + 'so' => 'application/octet-stream', + 'smi' => 'application/smil', + 'smil' => 'application/smil', + 'swf' => 'application/x-shockwave-flash', + 'tar' => 'application/x-tar', + 'text' => 'text/plain', + 'txt' => 'text/plain', + 'tgz' => 'application/x-tar', + 'tif' => 'image/tiff', + 'tiff' => 'image/tiff', + 'wav' => 'audio/x-wav', + 'wbxml' => 'application/vnd.wap.wbxml', + 'wmlc' => 'application/vnd.wap.wmlc', + 'word' => 'application/msword', + 'xht' => 'application/xhtml+xml', + 'xhtml' => 'application/xhtml+xml', + 'xl' => 'application/excel', + 'xls' => 'application/vnd.ms-excel', + 'xml' => 'text/xml', + 'xsl' => 'text/xml', + 'zip' => 'application/zip' + ); + return ( ! isset($mimes[strtolower($ext)])) ? 'application/octet-stream' : $mimes[strtolower($ext)]; + } + + /** + * Set (or reset) Class Objects (variables) + * + * Usage Example: + * $page->set('X-Priority', '3'); + * + * @access public + * @param string $name Parameter Name + * @param mixed $value Parameter Value + * NOTE: will not work with arrays, there are no arrays to set/reset + */ + function set ( $name, $value = '' ) { + if ( isset($this->$name) ) { + $this->$name = $value; + } else { + $this->SetError('Cannot set or reset variable ' . $name); + return false; + } + } + + /** + * Read a file from a supplied filename and return it. + * + * @access public + * @param string $filename Parameter File Name + */ + function getFile($filename) { + $return = ''; + if ($fp = fopen($filename, 'rb')) { + while (!feof($fp)) { + $return .= fread($fp, 1024); + } + fclose($fp); + return $return; + } else { + return false; + } + } + + /** + * Strips newlines to prevent header injection. + * @access private + * @param string $str String + * @return string + */ + function SecureHeader($str) { + $str = trim($str); + $str = str_replace("\r", "", $str); + $str = str_replace("\n", "", $str); + return $str; + } + + /** + * Set the private key file and password to sign the message. + * + * @access public + * @param string $key_filename Parameter File Name + * @param string $key_pass Password for private key + */ + function Sign($cert_filename, $key_filename, $key_pass) { + $this->sign_cert_file = $cert_filename; + $this->sign_key_file = $key_filename; + $this->sign_key_pass = $key_pass; + } + +} + +?> \ No newline at end of file diff --git a/include/fg_membersite.php b/include/fg_membersite.php new file mode 100644 index 0000000..f963e59 --- /dev/null +++ b/include/fg_membersite.php @@ -0,0 +1,876 @@ +sitename = 'YourWebsiteName.com'; + $this->rand_key = '0iQx5oBk66oVZep'; + } + + function InitDB($host,$uname,$pwd,$database,$tablename) + { + $this->db_host = $host; + $this->username = $uname; + $this->pwd = $pwd; + $this->database = $database; + $this->tablename = $tablename; + + } + function SetAdminEmail($email) + { + $this->admin_email = $email; + } + + function SetWebsiteName($sitename) + { + $this->sitename = $sitename; + } + + function SetRandomKey($key) + { + $this->rand_key = $key; + } + + //-------Main Operations ---------------------- + function RegisterUser() + { + if(!isset($_POST['submitted'])) + { + return false; + } + + $formvars = array(); + + if(!$this->ValidateRegistrationSubmission()) + { + return false; + } + + $this->CollectRegistrationSubmission($formvars); + + if(!$this->SaveToDatabase($formvars)) + { + return false; + } + + // Send mail to user + /* if(!$this->SendUserConfirmationEmail($formvars)) + { + return false; + } + + // Send mail to admin + $this->SendAdminIntimationEmail($formvars); + */ + + return true; + } + + function ConfirmUser() + { + if(empty($_GET['code'])||strlen($_GET['code'])<=10) + { + $this->HandleError("Please provide the confirm code"); + return false; + } + $user_rec = array(); + if(!$this->UpdateDBRecForConfirmation($user_rec)) + { + return false; + } + + /* + // Send mails + $this->SendUserWelcomeEmail($user_rec); + $this->SendAdminIntimationOnRegComplete($user_rec); + */ + + return true; + } + + function Login() + { + if(empty($_POST['username'])) + { + $this->HandleError("UserName is empty!"); + return false; + } + + if(empty($_POST['password'])) + { + $this->HandleError("Password is empty!"); + return false; + } + + $username = trim($_POST['username']); + $password = trim($_POST['password']); + + if(!isset($_SESSION)){ session_start(); } + if(!$this->CheckLoginInDB($username,$password)) + { + return false; + } + + $_SESSION[$this->GetLoginSessionVar()] = $username; + + return true; + } + + function CheckLogin() + { + if(!isset($_SESSION)){ session_start(); } + + $sessionvar = $this->GetLoginSessionVar(); + + if(empty($_SESSION[$sessionvar])) + { + return false; + } + return true; + } + + function UserFullName() + { + return isset($_SESSION['name_of_user'])?$_SESSION['name_of_user']:''; + } + + function UserEmail() + { + return isset($_SESSION['email_of_user'])?$_SESSION['email_of_user']:''; + } + + function LogOut() + { + session_start(); + + $sessionvar = $this->GetLoginSessionVar(); + + $_SESSION[$sessionvar]=NULL; + + unset($_SESSION[$sessionvar]); + } + + function EmailResetPasswordLink() + { + if(empty($_POST['email'])) + { + $this->HandleError("Email is empty!"); + return false; + } + $user_rec = array(); + if(false === $this->GetUserFromEmail($_POST['email'], $user_rec)) + { + return false; + } + if(false === $this->SendResetPasswordLink($user_rec)) + { + return false; + } + return true; + } + + function ResetPassword() + { + if(empty($_GET['email'])) + { + $this->HandleError("Email is empty!"); + return false; + } + if(empty($_GET['code'])) + { + $this->HandleError("reset code is empty!"); + return false; + } + $email = trim($_GET['email']); + $code = trim($_GET['code']); + + if($this->GetResetPasswordCode($email) != $code) + { + $this->HandleError("Bad reset code!"); + return false; + } + + $user_rec = array(); + if(!$this->GetUserFromEmail($email,$user_rec)) + { + return false; + } + + $new_password = $this->ResetUserPasswordInDB($user_rec); + if(false === $new_password || empty($new_password)) + { + $this->HandleError("Error updating new password"); + return false; + } + + if(false == $this->SendNewPassword($user_rec,$new_password)) + { + $this->HandleError("Error sending new password"); + return false; + } + return true; + } + + function ChangePassword() + { + if(!$this->CheckLogin()) + { + $this->HandleError("Not logged in!"); + return false; + } + + if(empty($_POST['oldpwd'])) + { + $this->HandleError("Old password is empty!"); + return false; + } + if(empty($_POST['newpwd'])) + { + $this->HandleError("New password is empty!"); + return false; + } + + $user_rec = array(); + if(!$this->GetUserFromEmail($this->UserEmail(),$user_rec)) + { + return false; + } + + $pwd = trim($_POST['oldpwd']); + + if($user_rec['password'] != md5($pwd)) + { + $this->HandleError("The old password does not match!"); + return false; + } + $newpwd = trim($_POST['newpwd']); + + if(!$this->ChangePasswordInDB($user_rec, $newpwd)) + { + return false; + } + return true; + } + + //-------Public Helper functions ------------- + function GetSelfScript() + { + return htmlentities($_SERVER['PHP_SELF']); + } + + function SafeDisplay($value_name) + { + if(empty($_POST[$value_name])) + { + return''; + } + return htmlentities($_POST[$value_name]); + } + + function RedirectToURL($url) + { + header("Location: $url"); + exit; + } + + function RedirectToURLAfterTimer($url,$sec) + { + header('Refresh: '.$sec.'; URL='.$url); + exit; + } + + function GetSpamTrapInputName() + { + return 'sp'.md5('KHGdnbvsgst'.$this->rand_key); + } + + function GetErrorMessage() + { + if(empty($this->error_message)) + { + return ''; + } + $errormsg = nl2br(htmlentities($this->error_message)); + return $errormsg; + } + //-------Private Helper functions----------- + + function HandleError($err) + { + $this->error_message .= $err."\r\n"; + } + + function HandleDBError($err) + { + $this->HandleError($err."\r\n mysqlerror:".mysql_error()); + } + + function GetFromAddress() + { + if(!empty($this->from_address)) + { + return $this->from_address; + } + + $host = $_SERVER['SERVER_NAME']; + + $from ="nobody@$host"; + return $from; + } + + function GetLoginSessionVar() + { + $retvar = md5($this->rand_key); + $retvar = 'usr_'.substr($retvar,0,10); + return $retvar; + } + + function CheckLoginInDB($username,$password) + { + if(!$this->DBLogin()) + { + $this->HandleError("Database login failed!"); + return false; + } + $username = $this->SanitizeForSQL($username); + $pwdmd5 = md5($password); + $qry = "Select name, email from $this->tablename where username='$username' and password='$pwdmd5' and confirmcode='y'"; + + $result = mysql_query($qry,$this->connection); + + if(!$result || mysql_num_rows($result) <= 0) + { + $this->HandleError("Error logging in. The username or password does not match"); + return false; + } + + $row = mysql_fetch_assoc($result); + + + $_SESSION['name_of_user'] = $row['name']; + $_SESSION['email_of_user'] = $row['email']; + + return true; + } + + function UpdateDBRecForConfirmation(&$user_rec) + { + if(!$this->DBLogin()) + { + $this->HandleError("Database login failed!"); + return false; + } + $confirmcode = $this->SanitizeForSQL($_GET['code']); + + $result = mysql_query("Select name, email from $this->tablename where confirmcode='$confirmcode'",$this->connection); + if(!$result || mysql_num_rows($result) <= 0) + { + $this->HandleError("Wrong confirm code."); + return false; + } + $row = mysql_fetch_assoc($result); + $user_rec['name'] = $row['name']; + $user_rec['email']= $row['email']; + + $qry = "Update $this->tablename Set confirmcode='y' Where confirmcode='$confirmcode'"; + + if(!mysql_query( $qry ,$this->connection)) + { + $this->HandleDBError("Error inserting data to the table\nquery:$qry"); + return false; + } + return true; + } + + function ResetUserPasswordInDB($user_rec) + { + $new_password = substr(md5(uniqid()),0,10); + + if(false == $this->ChangePasswordInDB($user_rec,$new_password)) + { + return false; + } + return $new_password; + } + + function ChangePasswordInDB($user_rec, $newpwd) + { + $newpwd = $this->SanitizeForSQL($newpwd); + + $qry = "Update $this->tablename Set password='".md5($newpwd)."' Where id_user=".$user_rec['id_user'].""; + + if(!mysql_query( $qry ,$this->connection)) + { + $this->HandleDBError("Error updating the password \nquery:$qry"); + return false; + } + return true; + } + + function GetUserFromEmail($email,&$user_rec) + { + if(!$this->DBLogin()) + { + $this->HandleError("Database login failed!"); + return false; + } + $email = $this->SanitizeForSQL($email); + + $result = mysql_query("Select * from $this->tablename where email='$email'",$this->connection); + + if(!$result || mysql_num_rows($result) <= 0) + { + $this->HandleError("There is no user with email: $email"); + return false; + } + $user_rec = mysql_fetch_assoc($result); + + + return true; + } + + function SendUserWelcomeEmail(&$user_rec) + { + $mailer = new PHPMailer(); + + $mailer->CharSet = 'utf-8'; + + $mailer->AddAddress($user_rec['email'],$user_rec['name']); + + $mailer->Subject = "Welcome to ".$this->sitename; + + $mailer->From = $this->GetFromAddress(); + + $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n". + "Welcome! Your registration with ".$this->sitename." is completed.\r\n". + "\r\n". + "Regards,\r\n". + "Webmaster\r\n". + $this->sitename; + + if(!$mailer->Send()) + { + $this->HandleError("Failed sending user welcome email."); + return false; + } + return true; + } + + function SendAdminIntimationOnRegComplete(&$user_rec) + { + if(empty($this->admin_email)) + { + return false; + } + $mailer = new PHPMailer(); + + $mailer->CharSet = 'utf-8'; + + $mailer->AddAddress($this->admin_email); + + $mailer->Subject = "Registration Completed: ".$user_rec['name']; + + $mailer->From = $this->GetFromAddress(); + + $mailer->Body ="A new user registered at ".$this->sitename."\r\n". + "Name: ".$user_rec['name']."\r\n". + "Email address: ".$user_rec['email']."\r\n"; + + if(!$mailer->Send()) + { + return false; + } + return true; + } + + function GetResetPasswordCode($email) + { + return substr(md5($email.$this->sitename.$this->rand_key),0,10); + } + + function SendResetPasswordLink($user_rec) + { + $email = $user_rec['email']; + + $mailer = new PHPMailer(); + + $mailer->CharSet = 'utf-8'; + + $mailer->AddAddress($email,$user_rec['name']); + + $mailer->Subject = "Your reset password request at ".$this->sitename; + + $mailer->From = $this->GetFromAddress(); + + $link = $this->GetAbsoluteURLFolder(). + '/resetpwd.php?email='. + urlencode($email).'&code='. + urlencode($this->GetResetPasswordCode($email)); + + $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n". + "There was a request to reset your password at ".$this->sitename."\r\n". + "Please click the link below to complete the request: \r\n".$link."\r\n". + "Regards,\r\n". + "Webmaster\r\n". + $this->sitename; + + if(!$mailer->Send()) + { + return false; + } + return true; + } + + function SendNewPassword($user_rec, $new_password) + { + $email = $user_rec['email']; + + $mailer = new PHPMailer(); + + $mailer->CharSet = 'utf-8'; + + $mailer->AddAddress($email,$user_rec['name']); + + $mailer->Subject = "Your new password for ".$this->sitename; + + $mailer->From = $this->GetFromAddress(); + + $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n". + "Your password is reset successfully. ". + "Here is your updated login:\r\n". + "username:".$user_rec['username']."\r\n". + "password:$new_password\r\n". + "\r\n". + "Login here: ".$this->GetAbsoluteURLFolder()."/login.php\r\n". + "\r\n". + "Regards,\r\n". + "Webmaster\r\n". + $this->sitename; + + if(!$mailer->Send()) + { + return false; + } + return true; + } + + function ValidateRegistrationSubmission() + { + //This is a hidden input field. Humans won't fill this field. + if(!empty($_POST[$this->GetSpamTrapInputName()]) ) + { + //The proper error is not given intentionally + $this->HandleError("Automated submission prevention: case 2 failed"); + return false; + } + + $validator = new FormValidator(); + $validator->addValidation("name","req","Please fill in Name"); + $validator->addValidation("email","email","The input for Email should be a valid email value"); + $validator->addValidation("email","req","Please fill in Email"); + $validator->addValidation("username","req","Please fill in UserName"); + $validator->addValidation("password","req","Please fill in Password"); + + + if(!$validator->ValidateForm()) + { + $error=''; + $error_hash = $validator->GetErrors(); + foreach($error_hash as $inpname => $inp_err) + { + $error .= $inpname.':'.$inp_err."\n"; + } + $this->HandleError($error); + return false; + } + return true; + } + + function CollectRegistrationSubmission(&$formvars) + { + $formvars['name'] = $this->Sanitize($_POST['name']); + $formvars['email'] = $this->Sanitize($_POST['email']); + $formvars['username'] = $this->Sanitize($_POST['username']); + $formvars['password'] = $this->Sanitize($_POST['password']); + } + + function SendUserConfirmationEmail(&$formvars) + { + $mailer = new PHPMailer(); + + $mailer->CharSet = 'utf-8'; + + $mailer->AddAddress($formvars['email'],$formvars['name']); + + $mailer->Subject = "Your registration with ".$this->sitename; + + $mailer->From = $this->GetFromAddress(); + + $confirmcode = $formvars['confirmcode']; + + $confirm_url = $this->GetAbsoluteURLFolder().'/confirmreg.php?code='.$confirmcode; + + $mailer->Body ="Hello ".$formvars['name']."\r\n\r\n". + "Thanks for your registration with ".$this->sitename."\r\n". + "Please click the link below to confirm your registration.\r\n". + "$confirm_url\r\n". + "\r\n". + "Regards,\r\n". + "Webmaster\r\n". + $this->sitename; + + if(!$mailer->Send()) + { + $this->HandleError("Failed sending registration confirmation email."); + return false; + } + return true; + } + function GetAbsoluteURLFolder() + { + $scriptFolder = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) ? 'https://' : 'http://'; + $scriptFolder .= $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']); + return $scriptFolder; + } + + function SendAdminIntimationEmail(&$formvars) + { + if(empty($this->admin_email)) + { + return false; + } + $mailer = new PHPMailer(); + + $mailer->CharSet = 'utf-8'; + + $mailer->AddAddress($this->admin_email); + + $mailer->Subject = "New registration: ".$formvars['name']; + + $mailer->From = $this->GetFromAddress(); + + $mailer->Body ="A new user registered at ".$this->sitename."\r\n". + "Name: ".$formvars['name']."\r\n". + "Email address: ".$formvars['email']."\r\n". + "UserName: ".$formvars['username']; + + if(!$mailer->Send()) + { + return false; + } + return true; + } + + function SaveToDatabase(&$formvars) + { + if(!$this->DBLogin()) + { + $this->HandleError("Database login failed!"); + return false; + } + if(!$this->Ensuretable()) + { + return false; + } + if(!$this->IsFieldUnique($formvars,'email')) + { + $this->HandleError("This email is already registered"); + return false; + } + + if(!$this->IsFieldUnique($formvars,'username')) + { + $this->HandleError("This UserName is already used. Please try another username"); + return false; + } + if(!$this->InsertIntoDB($formvars)) + { + $this->HandleError("Inserting to Database failed!"); + return false; + } + return true; + } + + function IsFieldUnique($formvars,$fieldname) + { + $field_val = $this->SanitizeForSQL($formvars[$fieldname]); + $qry = "select username from $this->tablename where $fieldname='".$field_val."'"; + $result = mysql_query($qry,$this->connection); + if($result && mysql_num_rows($result) > 0) + { + return false; + } + return true; + } + + function DBLogin() + { + + $this->connection = mysql_connect($this->db_host,$this->username,$this->pwd); + + if(!$this->connection) + { + $this->HandleDBError("Database Login failed! Please make sure that the DB login credentials provided are correct"); + return false; + } + if(!mysql_select_db($this->database, $this->connection)) + { + $this->HandleDBError('Failed to select database: '.$this->database.' Please make sure that the database name provided is correct'); + return false; + } + if(!mysql_query("SET NAMES 'UTF8'",$this->connection)) + { + $this->HandleDBError('Error setting utf8 encoding'); + return false; + } + return true; + } + + function Ensuretable() + { + $result = mysql_query("SHOW COLUMNS FROM $this->tablename"); + if(!$result || mysql_num_rows($result) <= 0) + { + return $this->CreateTable(); + } + return true; + } + + function CreateTable() + { + $qry = "Create Table $this->tablename (". + "id_user INT NOT NULL AUTO_INCREMENT ,". + "name VARCHAR( 128 ) NOT NULL ,". + "email VARCHAR( 64 ) NOT NULL ,". + "phone_number VARCHAR( 16 ) NOT NULL ,". + "username VARCHAR( 16 ) NOT NULL ,". + "password VARCHAR( 32 ) NOT NULL ,". + "confirmcode VARCHAR(32) ,". + "PRIMARY KEY ( id_user )". + ")"; + + if(!mysql_query($qry,$this->connection)) + { + $this->HandleDBError("Error creating the table \nquery was\n $qry"); + return false; + } + return true; + } + + function InsertIntoDB(&$formvars) + { + + $confirmcode = $this->MakeConfirmationMd5($formvars['email']); + + $formvars['confirmcode'] = $confirmcode; + + $insert_query = 'insert into '.$this->tablename.'( + name, + email, + username, + password, + confirmcode + ) + values + ( + "' . $this->SanitizeForSQL($formvars['name']) . '", + "' . $this->SanitizeForSQL($formvars['email']) . '", + "' . $this->SanitizeForSQL($formvars['username']) . '", + "' . md5($formvars['password']) . '", + "' . $confirmcode . '" + )'; + if(!mysql_query( $insert_query ,$this->connection)) + { + $this->HandleDBError("Error inserting data to the table\nquery:$insert_query"); + return false; + } + return true; + } + function MakeConfirmationMd5($email) + { + $randno1 = rand(); + $randno2 = rand(); + return md5($email.$this->rand_key.$randno1.''.$randno2); + } + function SanitizeForSQL($str) + { + if( function_exists( "mysql_real_escape_string" ) ) + { + $ret_str = mysql_real_escape_string( $str ); + } + else + { + $ret_str = addslashes( $str ); + } + return $ret_str; + } + + /* + Sanitize() function removes any potential threat from the + data submitted. Prevents email injections or any other hacker attempts. + if $remove_nl is true, newline chracters are removed from the input. + */ + function Sanitize($str,$remove_nl=true) + { + $str = $this->StripSlashes($str); + + if($remove_nl) + { + $injections = array('/(\n+)/i', + '/(\r+)/i', + '/(\t+)/i', + '/(%0A+)/i', + '/(%0D+)/i', + '/(%08+)/i', + '/(%09+)/i' + ); + $str = preg_replace($injections,'',$str); + } + + return $str; + } + function StripSlashes($str) + { + if(get_magic_quotes_gpc()) + { + $str = stripslashes($str); + } + return $str; + } +} +?> \ No newline at end of file diff --git a/include/formvalidator.php b/include/formvalidator.php new file mode 100644 index 0000000..7ad087d --- /dev/null +++ b/include/formvalidator.php @@ -0,0 +1,573 @@ +validator_array = array(); + $this->error_hash = array(); + $this->custom_validators=array(); + } + + function AddCustomValidator(&$customv) + { + array_push($this->custom_validators,$customv); + } + + function addValidation($variable,$validator,$error) + { + $validator_obj = new ValidatorObj(); + $validator_obj->variable_name = $variable; + $validator_obj->validator_string = $validator; + $validator_obj->error_string = $error; + array_push($this->validator_array,$validator_obj); + } + function GetErrors() + { + return $this->error_hash; + } + + function ValidateForm() + { + $bret = true; + + $error_string=""; + $error_to_display = ""; + + + if(strcmp($_SERVER['REQUEST_METHOD'],'POST')==0) + { + $form_variables = $_POST; + } + else + { + $form_variables = $_GET; + } + + $vcount = count($this->validator_array); + + + foreach($this->validator_array as $val_obj) + { + if(!$this->ValidateObject($val_obj,$form_variables,$error_string)) + { + $bret = false; + $this->error_hash[$val_obj->variable_name] = $error_string; + } + } + + if(true == $bret && count($this->custom_validators) > 0) + { + foreach( $this->custom_validators as $custom_val) + { + if(false == $custom_val->DoValidate($form_variables,$this->error_hash)) + { + $bret = false; + } + } + } + return $bret; + } + + + function ValidateObject($validatorobj,$formvariables,&$error_string) + { + $bret = true; + + $splitted = explode("=",$validatorobj->validator_string); + $command = $splitted[0]; + $command_value = ''; + + if(isset($splitted[1]) && strlen($splitted[1])>0) + { + $command_value = $splitted[1]; + } + + $default_error_message=""; + + $input_value =""; + + if(isset($formvariables[$validatorobj->variable_name])) + { + $input_value = $formvariables[$validatorobj->variable_name]; + } + + $bret = $this->ValidateCommand($command,$command_value,$input_value, + $default_error_message, + $validatorobj->variable_name, + $formvariables); + + + if(false == $bret) + { + if(isset($validatorobj->error_string) && + strlen($validatorobj->error_string)>0) + { + $error_string = $validatorobj->error_string; + } + else + { + $error_string = $default_error_message; + } + + }//if + return $bret; + } + + function validate_req($input_value, &$default_error_message,$variable_name) + { + $bret = true; + if(!isset($input_value) || + strlen($input_value) <=0) + { + $bret=false; + $default_error_message = sprintf(E_VAL_REQUIRED_VALUE,$variable_name); + } + return $bret; + } + + function validate_maxlen($input_value,$max_len,$variable_name,&$default_error_message) + { + $bret = true; + if(isset($input_value) ) + { + $input_length = strlen($input_value); + if($input_length > $max_len) + { + $bret=false; + $default_error_message = sprintf(E_VAL_MAXLEN_EXCEEDED,$variable_name); + } + } + return $bret; + } + + function validate_minlen($input_value,$min_len,$variable_name,&$default_error_message) + { + $bret = true; + if(isset($input_value) ) + { + $input_length = strlen($input_value); + if($input_length < $min_len) + { + $bret=false; + $default_error_message = sprintf(E_VAL_MINLEN_CHECK_FAILED,$min_len,$variable_name); + } + } + return $bret; + } + + function test_datatype($input_value,$reg_exp) + { + if(ereg($reg_exp,$input_value)) + { + return false; + } + return true; + } + + function validate_email($email) + { + return preg_match("/^[_\.0-9a-zA-Z-]+@([0-9a-zA-Z][0-9a-zA-Z-]+\.)+[a-zA-Z]{2,6}$/i", $email); + } + + function validate_for_numeric_input($input_value,&$validation_success) + { + + $more_validations=true; + $validation_success = true; + if(strlen($input_value)>0) + { + + if(false == is_numeric($input_value)) + { + $validation_success = false; + $more_validations=false; + } + } + else + { + $more_validations=false; + } + return $more_validations; + } + + function validate_lessthan($command_value,$input_value, + $variable_name,&$default_error_message) + { + $bret = true; + if(false == $this->validate_for_numeric_input($input_value, + $bret)) + { + return $bret; + } + if($bret) + { + $lessthan = doubleval($command_value); + $float_inputval = doubleval($input_value); + if($float_inputval >= $lessthan) + { + $default_error_message = sprintf(E_VAL_LESSTHAN_CHECK_FAILED, + $lessthan, + $variable_name); + $bret = false; + }//if + } + return $bret ; + } + + function validate_greaterthan($command_value,$input_value,$variable_name,&$default_error_message) + { + $bret = true; + if(false == $this->validate_for_numeric_input($input_value,$bret)) + { + return $bret; + } + if($bret) + { + $greaterthan = doubleval($command_value); + $float_inputval = doubleval($input_value); + if($float_inputval <= $greaterthan) + { + $default_error_message = sprintf(E_VAL_GREATERTHAN_CHECK_FAILED, + $greaterthan, + $variable_name); + $bret = false; + }//if + } + return $bret ; + } + + function validate_select($input_value,$command_value,&$default_error_message,$variable_name) + { + $bret=false; + if(is_array($input_value)) + { + foreach($input_value as $value) + { + if($value == $command_value) + { + $bret=true; + break; + } + } + } + else + { + if($command_value == $input_value) + { + $bret=true; + } + } + if(false == $bret) + { + $default_error_message = sprintf(E_VAL_SHOULD_SEL_CHECK_FAILED, + $command_value,$variable_name); + } + return $bret; + } + + function validate_dontselect($input_value,$command_value,&$default_error_message,$variable_name) + { + $bret=true; + if(is_array($input_value)) + { + foreach($input_value as $value) + { + if($value == $command_value) + { + $bret=false; + $default_error_message = sprintf(E_VAL_DONTSEL_CHECK_FAILED,$variable_name); + break; + } + } + } + else + { + if($command_value == $input_value) + { + $bret=false; + $default_error_message = sprintf(E_VAL_DONTSEL_CHECK_FAILED,$variable_name); + } + } + return $bret; + } + + + + function ValidateCommand($command,$command_value,$input_value,&$default_error_message,$variable_name,$formvariables) + { + $bret=true; + switch($command) + { + case 'req': + { + $bret = $this->validate_req($input_value, $default_error_message,$variable_name); + break; + } + + case 'maxlen': + { + $max_len = intval($command_value); + $bret = $this->validate_maxlen($input_value,$max_len,$variable_name, + $default_error_message); + break; + } + + case 'minlen': + { + $min_len = intval($command_value); + $bret = $this->validate_minlen($input_value,$min_len,$variable_name, + $default_error_message); + break; + } + + case 'alnum': + { + $bret= $this->test_datatype($input_value,"[^A-Za-z0-9]"); + if(false == $bret) + { + $default_error_message = sprintf(E_VAL_ALNUM_CHECK_FAILED,$variable_name); + } + break; + } + + case 'alnum_s': + { + $bret= $this->test_datatype($input_value,"[^A-Za-z0-9 ]"); + if(false == $bret) + { + $default_error_message = sprintf(E_VAL_ALNUM_S_CHECK_FAILED,$variable_name); + } + break; + } + + case 'num': + case 'numeric': + { + $bret= $this->test_datatype($input_value,"[^0-9]"); + if(false == $bret) + { + $default_error_message = sprintf(E_VAL_NUM_CHECK_FAILED,$variable_name); + } + break; + } + + case 'alpha': + { + $bret= $this->test_datatype($input_value,"[^A-Za-z]"); + if(false == $bret) + { + $default_error_message = sprintf(E_VAL_ALPHA_CHECK_FAILED,$variable_name); + } + break; + } + case 'alpha_s': + { + $bret= $this->test_datatype($input_value,"[^A-Za-z ]"); + if(false == $bret) + { + $default_error_message = sprintf(E_VAL_ALPHA_S_CHECK_FAILED,$variable_name); + } + break; + } + case 'email': + { + if(isset($input_value) && strlen($input_value)>0) + { + $bret= $this->validate_email($input_value); + if(false == $bret) + { + $default_error_message = E_VAL_EMAIL_CHECK_FAILED; + } + } + break; + } + case "lt": + case "lessthan": + { + $bret = $this->validate_lessthan($command_value, + $input_value, + $variable_name, + $default_error_message); + break; + } + case "gt": + case "greaterthan": + { + $bret = $this->validate_greaterthan($command_value, + $input_value, + $variable_name, + $default_error_message); + break; + } + + case "regexp": + { + if(isset($input_value) && strlen($input_value)>0) + { + if(!preg_match("$command_value",$input_value)) + { + $bret=false; + $default_error_message = sprintf(E_VAL_REGEXP_CHECK_FAILED,$variable_name); + } + } + break; + } + case "dontselect": + case "dontselectchk": + case "dontselectradio": + { + $bret = $this->validate_dontselect($input_value, + $command_value, + $default_error_message, + $variable_name); + break; + }//case + + case "shouldselchk": + case "selectradio": + { + $bret = $this->validate_select($input_value, + $command_value, + $default_error_message, + $variable_name); + break; + }//case + case "selmin": + { + $min_count = intval($command_value); + + if(isset($input_value)) + { + if($min_count > 1) + { + $bret = (count($input_value) >= $min_count )?true:false; + } + else + { + $bret = true; + } + } + else + { + $bret= false; + $default_error_message = sprintf(E_VAL_SELMIN_CHECK_FAILED,$min_count,$variable_name); + } + + break; + }//case + case "selone": + { + if(false == isset($input_value)|| + strlen($input_value)<=0) + { + $bret= false; + $default_error_message = sprintf(E_VAL_SELONE_CHECK_FAILED,$variable_name); + } + break; + } + case "eqelmnt": + { + + if(isset($formvariables[$command_value]) && + strcmp($input_value,$formvariables[$command_value])==0 ) + { + $bret=true; + } + else + { + $bret= false; + $default_error_message = sprintf(E_VAL_EQELMNT_CHECK_FAILED,$variable_name,$command_value); + } + break; + } + case "neelmnt": + { + if(isset($formvariables[$command_value]) && + strcmp($input_value,$formvariables[$command_value]) !=0 ) + { + $bret=true; + } + else + { + $bret= false; + $default_error_message = sprintf(E_VAL_NEELMNT_CHECK_FAILED,$variable_name,$command_value); + } + break; + } + + }//switch + return $bret; + }//validdate command + + +} + +?> \ No newline at end of file diff --git a/include/membersite_config.php b/include/membersite_config.php new file mode 100644 index 0000000..4e17578 --- /dev/null +++ b/include/membersite_config.php @@ -0,0 +1,26 @@ +SetWebsiteName('brewpi'); + +//Provide the email address where you want to get notifications +$fgmembersite->SetAdminEmail('julien@gueydan.eu'); + +//Provide your database login details here: +//hostname, user name, password, database name and table name +//note that the script will create the table (for example, fgusers in this case) +//by itself on submitting register.php for the first time +$fgmembersite->InitDB(/*hostname*/'localhost', + /*username*/'brewpi', + /*password*/'brewpi', + /*database name*/'brewpi', + /*table name*/'fgusers'); + +//For better security. Get a random string from this link: http://tinyurl.com/randstr +// and put it here +$fgmembersite->SetRandomKey('7Z3SQqt9bGd276BFPaht0'); + +?> \ No newline at end of file diff --git a/index.php b/index.php index ee6f23e..5c0e0fc 100644 --- a/index.php +++ b/index.php @@ -17,10 +17,11 @@ */ ?> + @@ -56,6 +58,12 @@ include 'maintenance-panel.php'; ?>
    + + @@ -73,6 +81,7 @@ + @@ -88,4 +97,4 @@ function prepareJSON($input) { return $input; } -?> +?> \ No newline at end of file diff --git a/js/gen_validatorv31.js b/js/gen_validatorv31.js new file mode 100644 index 0000000..69b812e --- /dev/null +++ b/js/gen_validatorv31.js @@ -0,0 +1,813 @@ +/* + ------------------------------------------------------------------------- + JavaScript Form Validator (gen_validatorv31.js) + Version 3.1 + Copyright (C) 2003-2008 JavaScript-Coder.com. All rights reserved. + You can freely use this script in your Web pages. + You may adapt this script for your own needs, provided these opening credit + lines are kept intact. + + The Form validation script is distributed free from JavaScript-Coder.com + For updates, please visit: + http://www.javascript-coder.com/html-form/javascript-form-validation.phtml + + Questions & comments please send to support@javascript-coder.com + ------------------------------------------------------------------------- +*/ +function Validator(frmname) +{ + this.formobj=document.forms[frmname]; + if(!this.formobj) + { + alert("Error: couldnot get Form object "+frmname); + return; + } + if(this.formobj.onsubmit) + { + this.formobj.old_onsubmit = this.formobj.onsubmit; + this.formobj.onsubmit=null; + } + else + { + this.formobj.old_onsubmit = null; + } + this.formobj._sfm_form_name=frmname; + this.formobj.onsubmit=form_submit_handler; + this.addValidation = add_validation; + this.setAddnlValidationFunction=set_addnl_vfunction; + this.clearAllValidations = clear_all_validations; + this.disable_validations = false;//new + document.error_disp_handler = new sfm_ErrorDisplayHandler(); + this.EnableOnPageErrorDisplay=validator_enable_OPED; + this.EnableOnPageErrorDisplaySingleBox=validator_enable_OPED_SB; + this.show_errors_together=true; + this.EnableMsgsTogether=sfm_enable_show_msgs_together; +} +function set_addnl_vfunction(functionname) +{ + this.formobj.addnlvalidation = functionname; +} +function sfm_enable_show_msgs_together() +{ + this.show_errors_together=true; + this.formobj.show_errors_together=true; +} +function clear_all_validations() +{ + for(var itr=0;itr < this.formobj.elements.length;itr++) + { + this.formobj.elements[itr].validationset = null; + } +} +function form_submit_handler() +{ + var bRet = true; + document.error_disp_handler.clear_msgs(); + for(var itr=0;itr < this.elements.length;itr++) + { + if(this.elements[itr].validationset && + !this.elements[itr].validationset.validate()) + { + bRet = false; + } + if(!bRet && !this.show_errors_together) + { + break; + } + } + if(!bRet) + { + document.error_disp_handler.FinalShowMsg(); + return false; + } + + if(this.addnlvalidation) + { + str =" var ret = "+this.addnlvalidation+"()"; + eval(str); + if(!ret) return ret; + } + return true; +} +function add_validation(itemname,descriptor,errstr) +{ + var condition = null; + if(arguments.length > 3) + { + condition = arguments[3]; + } + if(!this.formobj) + { + alert("Error: The form object is not set properly"); + return; + }//if + var itemobj = this.formobj[itemname]; + if(itemobj.length && isNaN(itemobj.selectedIndex) ) + //for radio button; don't do for 'select' item + { + itemobj = itemobj[0]; + } + if(!itemobj) + { + alert("Error: Couldnot get the input object named: "+itemname); + return; + } + if(!itemobj.validationset) + { + itemobj.validationset = new ValidationSet(itemobj,this.show_errors_together); + } + itemobj.validationset.add(descriptor,errstr,condition); + itemobj.validatorobj=this; +} +function validator_enable_OPED() +{ + document.error_disp_handler.EnableOnPageDisplay(false); +} + +function validator_enable_OPED_SB() +{ + document.error_disp_handler.EnableOnPageDisplay(true); +} +function sfm_ErrorDisplayHandler() +{ + this.msgdisplay = new AlertMsgDisplayer(); + this.EnableOnPageDisplay= edh_EnableOnPageDisplay; + this.ShowMsg=edh_ShowMsg; + this.FinalShowMsg=edh_FinalShowMsg; + this.all_msgs=new Array(); + this.clear_msgs=edh_clear_msgs; +} +function edh_clear_msgs() +{ + this.msgdisplay.clearmsg(this.all_msgs); + this.all_msgs = new Array(); +} +function edh_FinalShowMsg() +{ + this.msgdisplay.showmsg(this.all_msgs); +} +function edh_EnableOnPageDisplay(single_box) +{ + if(true == single_box) + { + this.msgdisplay = new SingleBoxErrorDisplay(); + } + else + { + this.msgdisplay = new DivMsgDisplayer(); + } +} +function edh_ShowMsg(msg,input_element) +{ + + var objmsg = new Array(); + objmsg["input_element"] = input_element; + objmsg["msg"] = msg; + this.all_msgs.push(objmsg); +} +function AlertMsgDisplayer() +{ + this.showmsg = alert_showmsg; + this.clearmsg=alert_clearmsg; +} +function alert_clearmsg(msgs) +{ + +} +function alert_showmsg(msgs) +{ + var whole_msg=""; + var first_elmnt=null; + for(var m in msgs) + { + if(null == first_elmnt) + { + first_elmnt = msgs[m]["input_element"]; + } + whole_msg += msgs[m]["msg"] + "\n"; + } + + alert(whole_msg); + + if(null != first_elmnt) + { + first_elmnt.focus(); + } +} +function sfm_show_error_msg(msg,input_elmt) +{ + document.error_disp_handler.ShowMsg(msg,input_elmt); +} +function SingleBoxErrorDisplay() +{ + this.showmsg=sb_div_showmsg; + this.clearmsg=sb_div_clearmsg; +} + +function sb_div_clearmsg(msgs) +{ + var divname = form_error_div_name(msgs); + show_div_msg(divname,""); +} + +function sb_div_showmsg(msgs) +{ + var whole_msg="
      \n"; + for(var m in msgs) + { + whole_msg += "
    • " + msgs[m]["msg"] + "
      • \n"; + } + whole_msg += "
    "; + var divname = form_error_div_name(msgs); + show_div_msg(divname,whole_msg); +} +function form_error_div_name(msgs) +{ + var input_element= null; + + for(var m in msgs) + { + input_element = msgs[m]["input_element"]; + if(input_element){break;} + } + + var divname =""; + if(input_element) + { + divname = input_element.form._sfm_form_name + "_errorloc"; + } + + return divname; +} +function DivMsgDisplayer() +{ + this.showmsg=div_showmsg; + this.clearmsg=div_clearmsg; +} +function div_clearmsg(msgs) +{ + for(var m in msgs) + { + var divname = element_div_name(msgs[m]["input_element"]); + show_div_msg(divname,""); + } +} +function element_div_name(input_element) +{ + var divname = input_element.form._sfm_form_name + "_" + + input_element.name + "_errorloc"; + + divname = divname.replace(/[\[\]]/gi,""); + + return divname; +} +function div_showmsg(msgs) +{ + var whole_msg; + var first_elmnt=null; + for(var m in msgs) + { + if(null == first_elmnt) + { + first_elmnt = msgs[m]["input_element"]; + } + var divname = element_div_name(msgs[m]["input_element"]); + show_div_msg(divname,msgs[m]["msg"]); + } + if(null != first_elmnt) + { + first_elmnt.focus(); + } +} +function show_div_msg(divname,msgstring) +{ + if(divname.length<=0) return false; + + if(document.layers) + { + divlayer = document.layers[divname]; + if(!divlayer){return;} + divlayer.document.open(); + divlayer.document.write(msgstring); + divlayer.document.close(); + } + else + if(document.all) + { + divlayer = document.all[divname]; + if(!divlayer){return;} + divlayer.innerHTML=msgstring; + } + else + if(document.getElementById) + { + divlayer = document.getElementById(divname); + if(!divlayer){return;} + divlayer.innerHTML =msgstring; + } + divlayer.style.visibility="visible"; + return false; +} +function ValidationDesc(inputitem,desc,error,condition) +{ + this.desc=desc; + this.error=error; + this.itemobj = inputitem; + this.condition = condition; + this.validate=vdesc_validate; +} +function vdesc_validate() +{ + if(this.condition != null ) + { + if(!eval(this.condition)) + { + return true; + } + } + if(!validateInput(this.desc,this.itemobj,this.error)) + { + this.itemobj.validatorobj.disable_validations=true; + this.itemobj.focus(); + return false; + } + return true; +} +function ValidationSet(inputitem,msgs_together) +{ + this.vSet=new Array(); + this.add= add_validationdesc; + this.validate= vset_validate; + this.itemobj = inputitem; + this.msgs_together = msgs_together; +} +function add_validationdesc(desc,error,condition) +{ + this.vSet[this.vSet.length]= + new ValidationDesc(this.itemobj,desc,error,condition); +} +function vset_validate() +{ + var bRet = true; + for(var itr=0;itr= 0) + { + if(objcheck[idxchk].checked=="1") + { + selected=true; + } + }//if + } + else + { + if(objValue.checked == "1") + { + selected=true; + }//if + }//else + + return selected; +} +function TestDontSelectChk(objValue,chkValue,strError) +{ + var pass = true; + pass = IsCheckSelected(objValue,chkValue)?false:true; + + if(pass==false) + { + if(!strError || strError.length ==0) + { + strError = "Can't Proceed as you selected "+objValue.name; + }//if + sfm_show_error_msg(strError,objValue); + + } + return pass; +} +function TestShouldSelectChk(objValue,chkValue,strError) +{ + var pass = true; + + pass = IsCheckSelected(objValue,chkValue)?true:false; + + if(pass==false) + { + if(!strError || strError.length ==0) + { + strError = "You should select"+objValue.name; + }//if + sfm_show_error_msg(strError,objValue); + + } + return pass; +} +function TestRequiredInput(objValue,strError) +{ + var ret = true; + if(eval(objValue.value.length) == 0) + { + if(!strError || strError.length ==0) + { + strError = objValue.name + " : Required Field"; + }//if + sfm_show_error_msg(strError,objValue); + ret=false; + }//if +return ret; +} +function TestMaxLen(objValue,strMaxLen,strError) +{ + var ret = true; + if(eval(objValue.value.length) > eval(strMaxLen)) + { + if(!strError || strError.length ==0) + { + strError = objValue.name + " : "+ strMaxLen +" characters maximum "; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + }//if +return ret; +} +function TestMinLen(objValue,strMinLen,strError) +{ + var ret = true; + if(eval(objValue.value.length) < eval(strMinLen)) + { + if(!strError || strError.length ==0) + { + strError = objValue.name + " : " + strMinLen + " characters minimum "; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + }//if +return ret; +} +function TestInputType(objValue,strRegExp,strError,strDefaultError) +{ + var ret = true; + + var charpos = objValue.value.search(strRegExp); + if(objValue.value.length > 0 && charpos >= 0) + { + if(!strError || strError.length ==0) + { + strError = strDefaultError; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + }//if + return ret; +} +function TestEmail(objValue,strError) +{ +var ret = true; + if(objValue.value.length > 0 && !validateEmail(objValue.value) ) + { + if(!strError || strError.length ==0) + { + strError = objValue.name+": Enter a valid Email address "; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + }//if +return ret; +} +function TestLessThan(objValue,strLessThan,strError) +{ +var ret = true; + if(isNaN(objValue.value)) + { + sfm_show_error_msg(objValue.name +": Should be a number ",objValue); + ret = false; + }//if + else + if(eval(objValue.value) >= eval(strLessThan)) + { + if(!strError || strError.length ==0) + { + strError = objValue.name + " : value should be less than "+ strLessThan; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + }//if +return ret; +} +function TestGreaterThan(objValue,strGreaterThan,strError) +{ +var ret = true; + if(isNaN(objValue.value)) + { + sfm_show_error_msg(objValue.name+": Should be a number ",objValue); + ret = false; + }//if + else + if(eval(objValue.value) <= eval(strGreaterThan)) + { + if(!strError || strError.length ==0) + { + strError = objValue.name + " : value should be greater than "+ strGreaterThan; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + }//if +return ret; +} +function TestRegExp(objValue,strRegExp,strError) +{ +var ret = true; + if( objValue.value.length > 0 && + !objValue.value.match(strRegExp) ) + { + if(!strError || strError.length ==0) + { + strError = objValue.name+": Invalid characters found "; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + }//if +return ret; +} +function TestDontSelect(objValue,dont_sel_value,strError) +{ +var ret = true; + if(objValue.value == null) + { + sfm_show_error_msg("Error: dontselect command for non-select Item",objValue); + ret = false; + } + else + if(objValue.value == dont_sel_value) + { + if(!strError || strError.length ==0) + { + strError = objValue.name+": Please Select one option "; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + } +return ret; +} +function TestSelectOneRadio(objValue,strError) +{ + var objradio = objValue.form.elements[objValue.name]; + var one_selected=false; + for(var r=0;r < objradio.length;r++) + { + if(objradio[r].checked == "1") + { + one_selected=true; + break; + } + } + if(false == one_selected) + { + if(!strError || strError.length ==0) + { + strError = "Please select one option from "+objValue.name; + } + sfm_show_error_msg(strError,objValue); + } +return one_selected; +} + +function TestFileExtension(objValue,cmdvalue,strError) +{ + var ret=false; + var found=false; + + if(objValue.value.length <= 0) + {//The 'required' validation is not done here + return true; + } + + var extns = cmdvalue.split(";"); + for(var i=0;i < extns.length;i++) + { + ext = objValue.value.substr(objValue.value.length - extns[i].length,extns[i].length); + ext = ext.toLowerCase(); + if(ext == extns[i]) + { + found=true;break; + } + } + if(!found) + { + if(!strError || strError.length ==0) + { + strError = objValue.name + " allowed file extensions are: "+cmdvalue; + }//if + sfm_show_error_msg(strError,objValue); + ret=false; + } + else + { + ret=true; + } + return ret; +} + + +function validateInput(strValidateStr,objValue,strError) +{ + var ret = true; + var epos = strValidateStr.search("="); + var command = ""; + var cmdvalue = ""; + if(epos >= 0) + { + command = strValidateStr.substring(0,epos); + cmdvalue = strValidateStr.substr(epos+1); + } + else + { + command = strValidateStr; + } + switch(command) + { + case "req": + case "required": + { + ret = TestRequiredInput(objValue,strError) + break; + }//case required + case "maxlength": + case "maxlen": + { + ret = TestMaxLen(objValue,cmdvalue,strError) + break; + }//case maxlen + case "minlength": + case "minlen": + { + ret = TestMinLen(objValue,cmdvalue,strError) + break; + }//case minlen + case "alnum": + case "alphanumeric": + { + ret = TestInputType(objValue,"[^A-Za-z0-9]",strError, + objValue.name+": Only alpha-numeric characters allowed "); + break; + } + case "alnum_s": + case "alphanumeric_space": + { + ret = TestInputType(objValue,"[^A-Za-z0-9\\s]",strError, + objValue.name+": Only alpha-numeric characters and space allowed "); + break; + } + case "num": + case "numeric": + { + ret = TestInputType(objValue,"[^0-9]",strError, + objValue.name+": Only digits allowed "); + break; + } + case "alphabetic": + case "alpha": + { + ret = TestInputType(objValue,"[^A-Za-z]",strError, + objValue.name+": Only alphabetic characters allowed "); + break; + } + case "alphabetic_space": + case "alpha_s": + { + ret = TestInputType(objValue,"[^A-Za-z\\s]",strError, + objValue.name+": Only alphabetic characters and space allowed "); + break; + } + case "email": + { + ret = TestEmail(objValue,strError); + break; + } + case "lt": + case "lessthan": + { + ret = TestLessThan(objValue,cmdvalue,strError); + break; + } + case "gt": + case "greaterthan": + { + ret = TestGreaterThan(objValue,cmdvalue,strError); + break; + }//case greaterthan + case "regexp": + { + ret = TestRegExp(objValue,cmdvalue,strError); + break; + } + case "dontselect": + { + ret = TestDontSelect(objValue,cmdvalue,strError) + break; + } + case "dontselectchk": + { + ret = TestDontSelectChk(objValue,cmdvalue,strError) + break; + } + case "shouldselchk": + { + ret = TestShouldSelectChk(objValue,cmdvalue,strError) + break; + } + case "selone_radio": + { + ret = TestSelectOneRadio(objValue,strError); + break; + } + case "file_extn": + { + ret = TestFileExtension(objValue,cmdvalue,strError); + break; + } + }//switch + return ret; +} +function VWZ_IsListItemSelected(listname,value) +{ + for(var i=0;i < listname.options.length;i++) + { + if(listname.options[i].selected == true && + listname.options[i].value == value) + { + return true; + } + } + return false; +} +function VWZ_IsChecked(objcheck,value) +{ + if(objcheck.length) + { + for(var c=0;c < objcheck.length;c++) + { + if(objcheck[c].checked == "1" && + objcheck[c].value == value) + { + return true; + } + } + } + else + { + if(objcheck.checked == "1" ) + { + return true; + } + } + return false; +} +/* + Copyright (C) 2003-2008 JavaScript-Coder.com . All rights reserved. +*/ \ No newline at end of file diff --git a/js/login-panel.js b/js/login-panel.js new file mode 100644 index 0000000..ce2308a --- /dev/null +++ b/js/login-panel.js @@ -0,0 +1,66 @@ +/* Copyright 2012 BrewPi/Julien Mottin. + * This file is part of BrewPi. + + * BrewPi is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + + * BrewPi is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with BrewPi. If not, see . + */ + +$(document).ready(function(){ + "use strict"; + + //Maintenance Panel + $('#login-panel') + .dialog({ + autoOpen: false, + title: 'Login Panel', + height: 210, + width: 300 + }).tabs(); + + // unhide after loading + $("#login-panel").css("visibility", "visible"); + + $("button#login").button({ icons: {primary: "ui-icon-newwin" } }).unbind('click').click(function(){ + $("#login-panel").dialog("open"); + }); + + $("#submit").click(function() { + // get all the inputs into an array. + var $inputs = $('#loginForm :input'); + + // not sure if you wanted this, but I thought I'd add it. + // get an associative array of just the values. + var values = {}; + $inputs.each(function() { + values[this.name] = $(this).val(); + }); + + loginToDB(values['username'],values['password']); + + }); + +}); + +function loginToDBCallback(data,status){ + $("#login-panel").dialog("close"); + if ('FAILURE'==data) { + alert("Login failed!"); + } + else { + location.reload(); + } +} + +function loginToDB(userName, passWord) { + $.post("login.php",{username:userName,password:passWord,submitted:1},loginToDBCallback); +} diff --git a/js/pwdwidget.js b/js/pwdwidget.js new file mode 100644 index 0000000..99d77cb --- /dev/null +++ b/js/pwdwidget.js @@ -0,0 +1,285 @@ +/* +* +* Password Widget 1.0 +* +* This script is distributed under the GNU Lesser General Public License. +* Read the entire license text here: http://www.gnu.org/licenses/lgpl.html +* +* Copyright (C) 2009 HTML Form Guide +* http://www.html-form-guide.com/ +*/ + +function PasswordWidget(divid,pwdname) +{ + this.maindivobj = document.getElementById(divid); + this.pwdobjname = pwdname; + + this.MakePWDWidget=_MakePWDWidget; + + this.showing_pwd=1; + this.txtShow = 'Show'; + this.txtMask = 'Mask'; + this.txtGenerate = 'Generate'; + this.txtWeak='weak'; + this.txtMedium='medium'; + this.txtGood='good'; + + this.enableShowMask=true; + this.enableGenerate=true; + this.enableShowStrength=true; + this.enableShowStrengthStr=true; + +} + +function _MakePWDWidget() +{ + var code=""; + var pwdname = this.pwdobjname; + + this.pwdfieldid = pwdname+"_id"; + + code += ""; + + this.pwdtxtfield=pwdname+"_text"; + + this.pwdtxtfieldid = this.pwdtxtfield+"_id"; + + code += ""; + + this.pwdshowdiv = pwdname+"_showdiv"; + + this.pwdshow_anch = pwdname + "_show_anch"; + + code += ""; + + this.pwdgendiv = pwdname+"_gendiv"; + + this.pwdgenerate_anch = pwdname + "_gen_anch"; + + code += ""; + + this.pwdstrengthdiv = pwdname + "_strength_div"; + + code += "
    "; + + this.pwdstrengthbar = pwdname + "_strength_bar"; + + code += "
    "; + + this.pwdstrengthstr = pwdname + "_strength_str"; + + code += "
    "; + + code += "
    "; + + this.maindivobj.innerHTML = code; + + this.pwdfieldobj = document.getElementById(this.pwdfieldid); + + this.pwdfieldobj.pwdwidget=this; + + this.pwdstrengthbar_obj = document.getElementById(this.pwdstrengthbar); + + this.pwdstrengthstr_obj = document.getElementById(this.pwdstrengthstr); + + this._showPasswordStrength = passwordStrength; + + this.pwdfieldobj.onkeyup=function(){ this.pwdwidget._onKeyUpPwdFields(); } + + this._showGeneatedPwd = showGeneatedPwd; + + this.generate_anch_obj = document.getElementById(this.pwdgenerate_anch); + + this.generate_anch_obj.pwdwidget=this; + + this.generate_anch_obj.onclick = function(){ this.pwdwidget._showGeneatedPwd(); } + + this._showpwdchars = showpwdchars; + + this.show_anch_obj = document.getElementById(this.pwdshow_anch); + + this.show_anch_obj.pwdwidget = this; + + this.show_anch_obj.onclick = function(){ this.pwdwidget._showpwdchars();} + + this.pwdtxtfield_obj = document.getElementById(this.pwdtxtfieldid); + + this.pwdtxtfield_obj.pwdwidget=this; + + this.pwdtxtfield_obj.onkeyup=function(){ this.pwdwidget._onKeyUpPwdFields(); } + + + this._updatePwdFieldValues = updatePwdFieldValues; + + this._onKeyUpPwdFields=onKeyUpPwdFields; + + if(!this.enableShowMask) + { document.getElementById(this.pwdshowdiv).style.display='none';} + + if(!this.enableGenerate) + { document.getElementById(this.pwdgendiv).style.display='none';} + + if(!this.enableShowStrength) + { document.getElementById(this.pwdstrengthdiv).style.display='none';} + + if(!this.enableShowStrengthStr) + { document.getElementById(this.pwdstrengthstr).style.display='none';} +} + +function onKeyUpPwdFields() +{ + this._updatePwdFieldValues(); + this._showPasswordStrength(); +} + +function updatePwdFieldValues() +{ + if(1 == this.showing_pwd) + { + this.pwdtxtfield_obj.value = this.pwdfieldobj.value; + } + else + { + this.pwdfieldobj.value = this.pwdtxtfield_obj.value; + } +} + +function showpwdchars() +{ + var innerText=''; + var pwdfield = this.pwdfieldobj; + var pwdtxt = this.pwdtxtfield_obj; + var field; + if(1 == this.showing_pwd) + { + this.showing_pwd=0; + innerText = this.txtMask; + + pwdtxt.value = pwdfield.value; + pwdfield.style.display='none'; + pwdtxt.style.display=''; + pwdtxt.focus(); + } + else + { + this.showing_pwd=1; + innerText = this.txtShow; + pwdfield.value = pwdtxt.value; + pwdtxt.style.display='none'; + pwdfield.style.display=''; + pwdfield.focus(); + + } + this.show_anch_obj.innerHTML = innerText; + +} + +function passwordStrength() +{ + var colors = new Array(); + colors[0] = "#cccccc"; + colors[1] = "#ff0000"; + colors[2] = "#ff5f5f"; + colors[3] = "#56e500"; + colors[4] = "#4dcd00"; + colors[5] = "#399800"; + + var pwdfield = this.pwdfieldobj; + var password = pwdfield.value + + var score = 0; + + if (password.length > 6) {score++;} + + if ( ( password.match(/[a-z]/) ) && + ( password.match(/[A-Z]/) ) ) {score++;} + + if (password.match(/\d+/)){ score++;} + + if ( password.match(/[^a-z\d]+/) ) {score++}; + + if (password.length > 12){ score++;} + + var color=colors[score]; + var strengthdiv = this.pwdstrengthbar_obj; + + strengthdiv.style.background=colors[score]; + + if (password.length <= 0) + { + strengthdiv.style.width=0; + } + else + { + strengthdiv.style.width=(score+1)*10+'px'; + } + + var desc=''; + if(password.length < 1){desc='';} + else if(score<3){ desc = this.txtWeak; } + else if(score<4){ desc = this.txtMedium; } + else if(score>=4){ desc= this.txtGood; } + + var strengthstrdiv = this.pwdstrengthstr_obj; + strengthstrdiv.innerHTML = desc; +} + +function getRand(max) +{ + return (Math.floor(Math.random() * max)); +} + +function shuffleString(mystr) +{ + var arrPwd=mystr.split(''); + + for(i=0;i< mystr.length;i++) + { + var r1= i; + var r2=getRand(mystr.length); + + var tmp = arrPwd[r1]; + arrPwd[r1] = arrPwd[r2]; + arrPwd[r2] = tmp; + } + + return arrPwd.join(""); +} + +function showGeneatedPwd() +{ + var pwd = generatePWD(); + this.pwdfieldobj.value= pwd; + this.pwdtxtfield_obj.value =pwd; + + this._showPasswordStrength(); +} + +function generatePWD() +{ + var maxAlpha = 26; + var strSymbols="~!@#$%^&*(){}?><`=-|]["; + var password=''; + for(i=0;i<3;i++) + { + password += String.fromCharCode("a".charCodeAt(0) + getRand(maxAlpha)); + } + for(i=0;i<3;i++) + { + password += String.fromCharCode("A".charCodeAt(0) + getRand(maxAlpha)); + } + for(i=0;i<3;i++) + { + password += String.fromCharCode("0".charCodeAt(0) + getRand(10)); + } + for(i=0;i<4;i++) + { + password += strSymbols.charAt(getRand(strSymbols.length)); + } + + password = shuffleString(password); + password = shuffleString(password); + password = shuffleString(password); + + return password; +} \ No newline at end of file diff --git a/login-panel.php b/login-panel.php new file mode 100644 index 0000000..cb6cc6f --- /dev/null +++ b/login-panel.php @@ -0,0 +1,46 @@ +. + */ +?> + + + +
    +
    +
    + Login +
    * required fields
    +
    + GetErrorMessage(); ?>
    +
    +
    + ' maxlength="50" />
    + +
    +
    +
    +
    + +
    +
    + +
    +
    +
    +
    \ No newline at end of file diff --git a/login.php b/login.php new file mode 100644 index 0000000..540efb6 --- /dev/null +++ b/login.php @@ -0,0 +1,10 @@ +Login(); +if ($fgmembersite->CheckLogin()) { + $fgmembersite->RedirectToURL("./"); +} +else { + echo 'FAILURE'; +} +?> diff --git a/logout.php b/logout.php new file mode 100644 index 0000000..8cd5e34 --- /dev/null +++ b/logout.php @@ -0,0 +1,40 @@ +. + */ +?> +LogOut(); +?> + + + + + Logout + + + +

    You have logged out

    +

    Back to website

    + + + + +RedirectToURLAfterTimer("./",1); +?> \ No newline at end of file diff --git a/maintenance-panel.php b/maintenance-panel.php index 7a91db2..4669ca8 100644 --- a/maintenance-panel.php +++ b/maintenance-panel.php @@ -66,8 +66,8 @@

    Script stderr output will auto-refresh while programming if you keep this tab open

    -
    - +
    +
    @@ -380,7 +380,7 @@

    stderr:

    -
    +

    stdout:

    diff --git a/register.php b/register.php new file mode 100644 index 0000000..8824e2b --- /dev/null +++ b/register.php @@ -0,0 +1,92 @@ +RegisterUser()) + { + $fgmembersite->RedirectToURL("thank-you.html"); + } +} + +?> + + + + + Contact us + + + + + + + + +
    +
    +
    +Register + + + +
    * required fields
    + + +
    GetErrorMessage(); ?>
    +
    +
    + ' maxlength="50" />
    + +
    +
    +
    + ' maxlength="50" />
    + +
    +
    +
    + ' maxlength="50" />
    + +
    +
    +
    +
    + +
    +
    + +
    + +
    + +
    +
    + + + + + + + + \ No newline at end of file diff --git a/thank-you-regd.html b/thank-you-regd.html new file mode 100644 index 0000000..fa73073 --- /dev/null +++ b/thank-you-regd.html @@ -0,0 +1,17 @@ + + + + + Thank you! + + + +
    +

    Thanks for registering!

    +Your registration is now complete. +

    +Click here to login +

    +
    + + diff --git a/thank-you.html b/thank-you.html new file mode 100644 index 0000000..d196bc1 --- /dev/null +++ b/thank-you.html @@ -0,0 +1,15 @@ + + + + + Thank you! + + + +
    +

    Thanks for registering!

    +Your confirmation email is on its way. Please click the link in the +email to complete the registration. +
    + + From dede7906413ea622ee9f3721a642841edc80f59d Mon Sep 17 00:00:00 2001 From: root Date: Wed, 27 Nov 2013 19:54:46 +0100 Subject: [PATCH 2/7] import vieux login rev 0.2 --- admin.php | 35 + beer-panel.php | 39 +- confirmreg.php | 62 ++ control-panel.php | 18 +- css/fg_membersite.css | 166 +++ css/pwdwidget.css | 48 + css/style.css | 7 + include/class.phpmailer.php | 1910 +++++++++++++++++++++++++++++++++ include/fg_membersite.php | 877 +++++++++++++++ include/formvalidator.php | 574 ++++++++++ include/membersite_config.php | 27 + index.php | 6 + js/gen_validatorv31.js | 813 ++++++++++++++ js/login-panel.js | 66 ++ js/pwdwidget.js | 285 +++++ login-panel.php | 46 + login.php | 10 + logout.php | 40 + maintenance-panel.php | 4 +- register.php | 92 ++ thank-you-regd.html | 17 + thank-you.html | 15 + 22 files changed, 5138 insertions(+), 19 deletions(-) create mode 100644 admin.php create mode 100644 confirmreg.php create mode 100644 css/fg_membersite.css create mode 100644 css/pwdwidget.css create mode 100644 include/class.phpmailer.php create mode 100644 include/fg_membersite.php create mode 100644 include/formvalidator.php create mode 100644 include/membersite_config.php create mode 100644 js/gen_validatorv31.js create mode 100644 js/login-panel.js create mode 100644 js/pwdwidget.js create mode 100644 login-panel.php create mode 100644 login.php create mode 100644 logout.php create mode 100644 register.php create mode 100644 thank-you-regd.html create mode 100644 thank-you.html diff --git a/admin.php b/admin.php new file mode 100644 index 0000000..371c5af --- /dev/null +++ b/admin.php @@ -0,0 +1,35 @@ +. + */ +?> + + + + + Brewpi Login admin + + + +

    Please follow one of the following links to handle your session to Brewpi : +

    +

    + \ No newline at end of file diff --git a/beer-panel.php b/beer-panel.php index bbec34f..4a77e72 100644 --- a/beer-panel.php +++ b/beer-panel.php @@ -17,12 +17,18 @@ */ ?> + +
    -
    - Live LCD waiting - for update from - script... - +
    + + Live LCD waiting + for update from + script... + +
    @@ -31,8 +37,17 @@
    - - + + CheckLogin()) + { + echo ''; + } + else { + echo ''; + echo ''; + } + ?>
    @@ -40,11 +55,11 @@
    diff --git a/confirmreg.php b/confirmreg.php new file mode 100644 index 0000000..4fbfc2c --- /dev/null +++ b/confirmreg.php @@ -0,0 +1,62 @@ +ConfirmUser()) + { + $fgmembersite->RedirectToURL("thank-you-regd.html"); + } +} + +?> + + + + + Confirm registration + + + + + +

    Confirm registration

    +

    +Please enter the confirmation code in the box below +

    + + +
    +
    +
    * required fields
    +
    GetErrorMessage(); ?>
    +
    +
    +
    + +
    +
    + +
    + +
    + + + +
    + + + + \ No newline at end of file diff --git a/control-panel.php b/control-panel.php index bc1656b..8a652bb 100644 --- a/control-panel.php +++ b/control-panel.php @@ -26,7 +26,11 @@
  • Beer constant
  • Fridge constant
  • Off
    • - + CheckLogin() { + echo ' - - - + CheckLogin()) { + echo ''; + echo ''; + echo ''; + echo ''; + } + ?>
    diff --git a/css/fg_membersite.css b/css/fg_membersite.css new file mode 100644 index 0000000..cbbd4a3 --- /dev/null +++ b/css/fg_membersite.css @@ -0,0 +1,166 @@ +/* +Registration/Login Form by html-form-guide.com +You can customize all the aspects of the form in this style sheet +*/ + +#fg_membersite fieldset +{ + width: 230px; + padding:20px; + border:1px solid #ccc; +-moz-border-radius: 10px; +-webkit-border-radius: 10px; +-khtml-border-radius: 10px; +border-radius: 10px; +} + +#fg_membersite legend, #fg_membersite h2 +{ + font-family : Arial, sans-serif; + font-size: 1.3em; + font-weight:bold; + color:#333; +} + +#fg_membersite label +{ + font-family : Arial, sans-serif; + font-size:0.8em; + font-weight: bold; +} + +#fg_membersite input[type="text"],#fg_membersite textarea, +#fg_membersite input[type="password"] +{ + font-family : Arial, Verdana, sans-serif; + font-size: 0.8em; + line-height:140%; + color : #000; + padding : 3px; + border : 1px solid #999; + -moz-border-radius: 5px; + -webkit-border-radius: 5px; + -khtml-border-radius: 5px; + border-radius: 5px; + +} + +#fg_membersite input[type="text"], +#fg_membersite input[type="password"] +{ + height:18px; + width:220px; +} + + #fg_membersite #scaptcha +{ + width:60px; + height:18px; +} + +#fg_membersite input[type="submit"] +{ + width:100px; + height:30px; + padding-left:0px; +} + +#fg_membersite textarea +{ + height:120px; + width:310px; +} + +#fg_membersite input[type="text"]:focus, +#fg_membersite textarea:focus +{ + color : #009; + border : 1px solid #990000; + background-color : #ffff99; + font-weight:bold; +} + +#fg_membersite .container +{ + margin-top:8px; + margin-bottom: 10px; +} + +#fg_membersite .error +{ + font-family: Verdana, Arial, sans-serif; + font-size: 0.7em; + color: #900; + background-color : #ffff00; +} + +#fg_membersite #register_password_errorloc +{ + clear:both; +} + +#fg_membersite fieldset#antispam +{ + padding:2px; + border-top:1px solid #EEE; + border-left:0; + border-right:0; + border-bottom:0; + width:350px; +} + +#fg_membersite fieldset#antispam legend +{ + font-family : Arial, sans-serif; + font-size: 0.8em; + font-weight:bold; + color:#333; +} + +#fg_membersite .short_explanation +{ + font-family : Arial, sans-serif; + font-size: 0.6em; + color:#333; +} + +/* spam_trap: This input is hidden. This is here to trick the spam bots*/ +#fg_membersite .spmhidip +{ + display:none; + width:10px; + height:3px; +} +#fg_membersite #fg_crdiv +{ + font-family : Arial, sans-serif; + font-size: 0.3em; + opacity: .2; + -moz-opacity: .2; + filter: alpha(opacity=20); +} +#fg_membersite #fg_crdiv p +{ + display:none; +} + +#fg_membersite_content li +{ +font-family : Arial, sans-serif; +padding-top:10px; +padding-bottom:10px; +} +#fg_membersite_content +{ + font-family : Arial, sans-serif; + font-size: 0.9em; + line-height: 150% +} + +#fg_membersite_content h2 +{ + font-family : Arial, sans-serif; + font-size: 1.5em; + font-weight:bold; + color:#333; +} \ No newline at end of file diff --git a/css/pwdwidget.css b/css/pwdwidget.css new file mode 100644 index 0000000..ffa61d3 --- /dev/null +++ b/css/pwdwidget.css @@ -0,0 +1,48 @@ +.pwdwidgetdiv +{ + width:225px; +} + +.pwdfield +{ + display:block; +} + +.pwdopsdiv +{ + display: block; + float: left; + margin-right:6px; +} +.pwdopsdiv a +{ + font-family : Arial, Helvetica, sans-serif; + font-size : 10px; +} + +.pwdstrengthbar +{ + float:right; + background:#cccccc; + height:4px; + margin:0; +} + +.pwdstrength +{ + float:right; + height:20px; + width:70px; + margin-top:3px; + +} +.pwdstrengthstr +{ + float:right; + clear:both; + height:14px; + margin-top:0px; + font-family : Arial, Helvetica, sans-serif; + font-size : 10px; + +} \ No newline at end of file diff --git a/css/style.css b/css/style.css index 3261a31..2501e97 100644 --- a/css/style.css +++ b/css/style.css @@ -32,6 +32,13 @@ button#maintenance{ margin: 10px 10px 10px 10px; } +button#login{ + width: 200px; + float: right; + clear: right; + margin: 10px 10px 10px 10px; +} + /* Control Panel */ .google-visualization-table-td{ text-align: center !important; diff --git a/include/class.phpmailer.php b/include/class.phpmailer.php new file mode 100644 index 0000000..0c03031 --- /dev/null +++ b/include/class.phpmailer.php @@ -0,0 +1,1910 @@ +ContentType = 'text/html'; + } else { + $this->ContentType = 'text/plain'; + } + } + + /** + * Sets Mailer to send message using SMTP. + * @return void + */ + function IsSMTP() { + $this->Mailer = 'smtp'; + } + + /** + * Sets Mailer to send message using PHP mail() function. + * @return void + */ + function IsMail() { + $this->Mailer = 'mail'; + } + + /** + * Sets Mailer to send message using the $Sendmail program. + * @return void + */ + function IsSendmail() { + $this->Mailer = 'sendmail'; + } + + /** + * Sets Mailer to send message using the qmail MTA. + * @return void + */ + function IsQmail() { + $this->Sendmail = '/var/qmail/bin/sendmail'; + $this->Mailer = 'sendmail'; + } + + ///////////////////////////////////////////////// + // METHODS, RECIPIENTS + ///////////////////////////////////////////////// + + /** + * Adds a "To" address. + * @param string $address + * @param string $name + * @return void + */ + function AddAddress($address, $name = '') { + $cur = count($this->to); + $this->to[$cur][0] = trim($address); + $this->to[$cur][1] = $name; + } + + /** + * Adds a "Cc" address. Note: this function works + * with the SMTP mailer on win32, not with the "mail" + * mailer. + * @param string $address + * @param string $name + * @return void + */ + function AddCC($address, $name = '') { + $cur = count($this->cc); + $this->cc[$cur][0] = trim($address); + $this->cc[$cur][1] = $name; + } + + /** + * Adds a "Bcc" address. Note: this function works + * with the SMTP mailer on win32, not with the "mail" + * mailer. + * @param string $address + * @param string $name + * @return void + */ + function AddBCC($address, $name = '') { + $cur = count($this->bcc); + $this->bcc[$cur][0] = trim($address); + $this->bcc[$cur][1] = $name; + } + + /** + * Adds a "Reply-To" address. + * @param string $address + * @param string $name + * @return void + */ + function AddReplyTo($address, $name = '') { + $cur = count($this->ReplyTo); + $this->ReplyTo[$cur][0] = trim($address); + $this->ReplyTo[$cur][1] = $name; + } + + ///////////////////////////////////////////////// + // METHODS, MAIL SENDING + ///////////////////////////////////////////////// + + /** + * Creates message and assigns Mailer. If the message is + * not sent successfully then it returns false. Use the ErrorInfo + * variable to view description of the error. + * @return bool + */ + function Send() { + $header = ''; + $body = ''; + $result = true; + + if((count($this->to) + count($this->cc) + count($this->bcc)) < 1) { + $this->SetError($this->Lang('provide_address')); + return false; + } + + /* Set whether the message is multipart/alternative */ + if(!empty($this->AltBody)) { + $this->ContentType = 'multipart/alternative'; + } + + $this->error_count = 0; // reset errors + $this->SetMessageType(); + $header .= $this->CreateHeader(); + $body = $this->CreateBody(); + + if($body == '') { + return false; + } + + /* Choose the mailer */ + switch($this->Mailer) { + case 'sendmail': + $result = $this->SendmailSend($header, $body); + break; + case 'smtp': + $result = $this->SmtpSend($header, $body); + break; + case 'mail': + $result = $this->MailSend($header, $body); + break; + default: + $result = $this->MailSend($header, $body); + break; + //$this->SetError($this->Mailer . $this->Lang('mailer_not_supported')); + //$result = false; + //break; + } + + return $result; + } + + /** + * Sends mail using the $Sendmail program. + * @access private + * @return bool + */ + function SendmailSend($header, $body) { + if ($this->Sender != '') { + $sendmail = sprintf("%s -oi -f %s -t", escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender)); + } else { + $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail)); + } + + if(!@$mail = popen($sendmail, 'w')) { + $this->SetError($this->Lang('execute') . $this->Sendmail); + return false; + } + + fputs($mail, $header); + fputs($mail, $body); + + $result = pclose($mail); + if (version_compare(phpversion(), '4.2.3') == -1) { + $result = $result >> 8 & 0xFF; + } + if($result != 0) { + $this->SetError($this->Lang('execute') . $this->Sendmail); + return false; + } + return true; + } + + /** + * Sends mail using the PHP mail() function. + * @access private + * @return bool + */ + function MailSend($header, $body) { + + $to = ''; + for($i = 0; $i < count($this->to); $i++) { + if($i != 0) { $to .= ', '; } + $to .= $this->AddrFormat($this->to[$i]); + } + + $toArr = explode(',', $to); + + $params = sprintf("-oi -f %s", $this->Sender); + if ($this->Sender != '' && strlen(ini_get('safe_mode')) < 1) { + $old_from = ini_get('sendmail_from'); + ini_set('sendmail_from', $this->Sender); + if ($this->SingleTo === true && count($toArr) > 1) { + foreach ($toArr as $key => $val) { + $rt = @mail($val, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header, $params); + } + } else { + $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header, $params); + } + } else { + if ($this->SingleTo === true && count($toArr) > 1) { + foreach ($toArr as $key => $val) { + $rt = @mail($val, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header, $params); + } + } else { + $rt = @mail($to, $this->EncodeHeader($this->SecureHeader($this->Subject)), $body, $header); + } + } + + if (isset($old_from)) { + ini_set('sendmail_from', $old_from); + } + + if(!$rt) { + $this->SetError($this->Lang('instantiate')); + return false; + } + + return true; + } + + /** + * Sends mail via SMTP using PhpSMTP (Author: + * Chris Ryan). Returns bool. Returns false if there is a + * bad MAIL FROM, RCPT, or DATA input. + * @access private + * @return bool + */ + function SmtpSend($header, $body) { + include_once($this->PluginDir . 'class.smtp.php'); + $error = ''; + $bad_rcpt = array(); + + if(!$this->SmtpConnect()) { + return false; + } + + $smtp_from = ($this->Sender == '') ? $this->From : $this->Sender; + if(!$this->smtp->Mail($smtp_from)) { + $error = $this->Lang('from_failed') . $smtp_from; + $this->SetError($error); + $this->smtp->Reset(); + return false; + } + + /* Attempt to send attach all recipients */ + for($i = 0; $i < count($this->to); $i++) { + if(!$this->smtp->Recipient($this->to[$i][0])) { + $bad_rcpt[] = $this->to[$i][0]; + } + } + for($i = 0; $i < count($this->cc); $i++) { + if(!$this->smtp->Recipient($this->cc[$i][0])) { + $bad_rcpt[] = $this->cc[$i][0]; + } + } + for($i = 0; $i < count($this->bcc); $i++) { + if(!$this->smtp->Recipient($this->bcc[$i][0])) { + $bad_rcpt[] = $this->bcc[$i][0]; + } + } + + if(count($bad_rcpt) > 0) { // Create error message + for($i = 0; $i < count($bad_rcpt); $i++) { + if($i != 0) { + $error .= ', '; + } + $error .= $bad_rcpt[$i]; + } + $error = $this->Lang('recipients_failed') . $error; + $this->SetError($error); + $this->smtp->Reset(); + return false; + } + + if(!$this->smtp->Data($header . $body)) { + $this->SetError($this->Lang('data_not_accepted')); + $this->smtp->Reset(); + return false; + } + if($this->SMTPKeepAlive == true) { + $this->smtp->Reset(); + } else { + $this->SmtpClose(); + } + + return true; + } + + /** + * Initiates a connection to an SMTP server. Returns false if the + * operation failed. + * @access private + * @return bool + */ + function SmtpConnect() { + if($this->smtp == NULL) { + $this->smtp = new SMTP(); + } + + $this->smtp->do_debug = $this->SMTPDebug; + $hosts = explode(';', $this->Host); + $index = 0; + $connection = ($this->smtp->Connected()); + + /* Retry while there is no connection */ + while($index < count($hosts) && $connection == false) { + $hostinfo = array(); + if(preg_match('/^(.+):([0-9]+)$/i', $hosts[$index], $hostinfo)) { + $host = $hostinfo[1]; + $port = $hostinfo[2]; + } else { + $host = $hosts[$index]; + $port = $this->Port; + } + + if($this->smtp->Connect(((!empty($this->SMTPSecure))?$this->SMTPSecure.'://':'').$host, $port, $this->Timeout)) { + if ($this->Helo != '') { + $this->smtp->Hello($this->Helo); + } else { + $this->smtp->Hello($this->ServerHostname()); + } + + $connection = true; + if($this->SMTPAuth) { + if(!$this->smtp->Authenticate($this->Username, $this->Password)) { + $this->SetError($this->Lang('authenticate')); + $this->smtp->Reset(); + $connection = false; + } + } + } + $index++; + } + if(!$connection) { + $this->SetError($this->Lang('connect_host')); + } + + return $connection; + } + + /** + * Closes the active SMTP session if one exists. + * @return void + */ + function SmtpClose() { + if($this->smtp != NULL) { + if($this->smtp->Connected()) { + $this->smtp->Quit(); + $this->smtp->Close(); + } + } + } + + /** + * Sets the language for all class error messages. Returns false + * if it cannot load the language file. The default language type + * is English. + * @param string $lang_type Type of language (e.g. Portuguese: "br") + * @param string $lang_path Path to the language file directory + * @access public + * @return bool + */ + function SetLanguage($lang_type, $lang_path = 'language/') { + if(file_exists($lang_path.'phpmailer.lang-'.$lang_type.'.php')) { + include($lang_path.'phpmailer.lang-'.$lang_type.'.php'); + } elseif (file_exists($lang_path.'phpmailer.lang-en.php')) { + include($lang_path.'phpmailer.lang-en.php'); + } else { + $PHPMAILER_LANG = array(); + $PHPMAILER_LANG["provide_address"] = 'You must provide at least one ' . + $PHPMAILER_LANG["mailer_not_supported"] = ' mailer is not supported.'; + $PHPMAILER_LANG["execute"] = 'Could not execute: '; + $PHPMAILER_LANG["instantiate"] = 'Could not instantiate mail function.'; + $PHPMAILER_LANG["authenticate"] = 'SMTP Error: Could not authenticate.'; + $PHPMAILER_LANG["from_failed"] = 'The following From address failed: '; + $PHPMAILER_LANG["recipients_failed"] = 'SMTP Error: The following ' . + $PHPMAILER_LANG["data_not_accepted"] = 'SMTP Error: Data not accepted.'; + $PHPMAILER_LANG["connect_host"] = 'SMTP Error: Could not connect to SMTP host.'; + $PHPMAILER_LANG["file_access"] = 'Could not access file: '; + $PHPMAILER_LANG["file_open"] = 'File Error: Could not open file: '; + $PHPMAILER_LANG["encoding"] = 'Unknown encoding: '; + $PHPMAILER_LANG["signing"] = 'Signing Error: '; + } + $this->language = $PHPMAILER_LANG; + + return true; + } + + ///////////////////////////////////////////////// + // METHODS, MESSAGE CREATION + ///////////////////////////////////////////////// + + /** + * Creates recipient headers. + * @access private + * @return string + */ + function AddrAppend($type, $addr) { + $addr_str = $type . ': '; + $addr_str .= $this->AddrFormat($addr[0]); + if(count($addr) > 1) { + for($i = 1; $i < count($addr); $i++) { + $addr_str .= ', ' . $this->AddrFormat($addr[$i]); + } + } + $addr_str .= $this->LE; + + return $addr_str; + } + + /** + * Formats an address correctly. + * @access private + * @return string + */ + function AddrFormat($addr) { + if(empty($addr[1])) { + $formatted = $this->SecureHeader($addr[0]); + } else { + $formatted = $this->EncodeHeader($this->SecureHeader($addr[1]), 'phrase') . " <" . $this->SecureHeader($addr[0]) . ">"; + } + + return $formatted; + } + + /** + * Wraps message for use with mailers that do not + * automatically perform wrapping and for quoted-printable. + * Original written by philippe. + * @access private + * @return string + */ + function WrapText($message, $length, $qp_mode = false) { + $soft_break = ($qp_mode) ? sprintf(" =%s", $this->LE) : $this->LE; + // If utf-8 encoding is used, we will need to make sure we don't + // split multibyte characters when we wrap + $is_utf8 = (strtolower($this->CharSet) == "utf-8"); + + $message = $this->FixEOL($message); + if (substr($message, -1) == $this->LE) { + $message = substr($message, 0, -1); + } + + $line = explode($this->LE, $message); + $message = ''; + for ($i=0 ;$i < count($line); $i++) { + $line_part = explode(' ', $line[$i]); + $buf = ''; + for ($e = 0; $e $length)) { + $space_left = $length - strlen($buf) - 1; + if ($e != 0) { + if ($space_left > 20) { + $len = $space_left; + if ($is_utf8) { + $len = $this->UTF8CharBoundary($word, $len); + } elseif (substr($word, $len - 1, 1) == "=") { + $len--; + } elseif (substr($word, $len - 2, 1) == "=") { + $len -= 2; + } + $part = substr($word, 0, $len); + $word = substr($word, $len); + $buf .= ' ' . $part; + $message .= $buf . sprintf("=%s", $this->LE); + } else { + $message .= $buf . $soft_break; + } + $buf = ''; + } + while (strlen($word) > 0) { + $len = $length; + if ($is_utf8) { + $len = $this->UTF8CharBoundary($word, $len); + } elseif (substr($word, $len - 1, 1) == "=") { + $len--; + } elseif (substr($word, $len - 2, 1) == "=") { + $len -= 2; + } + $part = substr($word, 0, $len); + $word = substr($word, $len); + + if (strlen($word) > 0) { + $message .= $part . sprintf("=%s", $this->LE); + } else { + $buf = $part; + } + } + } else { + $buf_o = $buf; + $buf .= ($e == 0) ? $word : (' ' . $word); + + if (strlen($buf) > $length and $buf_o != '') { + $message .= $buf_o . $soft_break; + $buf = $word; + } + } + } + $message .= $buf . $this->LE; + } + + return $message; + } + + /** + * Finds last character boundary prior to maxLength in a utf-8 + * quoted (printable) encoded string. + * Original written by Colin Brown. + * @access private + * @param string $encodedText utf-8 QP text + * @param int $maxLength find last character boundary prior to this length + * @return int + */ + function UTF8CharBoundary($encodedText, $maxLength) { + $foundSplitPos = false; + $lookBack = 3; + while (!$foundSplitPos) { + $lastChunk = substr($encodedText, $maxLength - $lookBack, $lookBack); + $encodedCharPos = strpos($lastChunk, "="); + if ($encodedCharPos !== false) { + // Found start of encoded character byte within $lookBack block. + // Check the encoded byte value (the 2 chars after the '=') + $hex = substr($encodedText, $maxLength - $lookBack + $encodedCharPos + 1, 2); + $dec = hexdec($hex); + if ($dec < 128) { // Single byte character. + // If the encoded char was found at pos 0, it will fit + // otherwise reduce maxLength to start of the encoded char + $maxLength = ($encodedCharPos == 0) ? $maxLength : + $maxLength - ($lookBack - $encodedCharPos); + $foundSplitPos = true; + } elseif ($dec >= 192) { // First byte of a multi byte character + // Reduce maxLength to split at start of character + $maxLength = $maxLength - ($lookBack - $encodedCharPos); + $foundSplitPos = true; + } elseif ($dec < 192) { // Middle byte of a multi byte character, look further back + $lookBack += 3; + } + } else { + // No encoded character found + $foundSplitPos = true; + } + } + return $maxLength; + } + + /** + * Set the body wrapping. + * @access private + * @return void + */ + function SetWordWrap() { + if($this->WordWrap < 1) { + return; + } + + switch($this->message_type) { + case 'alt': + /* fall through */ + case 'alt_attachments': + $this->AltBody = $this->WrapText($this->AltBody, $this->WordWrap); + break; + default: + $this->Body = $this->WrapText($this->Body, $this->WordWrap); + break; + } + } + + /** + * Assembles message header. + * @access private + * @return string + */ + function CreateHeader() { + $result = ''; + + /* Set the boundaries */ + $uniq_id = md5(uniqid(time())); + $this->boundary[1] = 'b1_' . $uniq_id; + $this->boundary[2] = 'b2_' . $uniq_id; + + $result .= $this->HeaderLine('Date', $this->RFCDate()); + if($this->Sender == '') { + $result .= $this->HeaderLine('Return-Path', trim($this->From)); + } else { + $result .= $this->HeaderLine('Return-Path', trim($this->Sender)); + } + + /* To be created automatically by mail() */ + if($this->Mailer != 'mail') { + if(count($this->to) > 0) { + $result .= $this->AddrAppend('To', $this->to); + } elseif (count($this->cc) == 0) { + $result .= $this->HeaderLine('To', 'undisclosed-recipients:;'); + } + } + + $from = array(); + $from[0][0] = trim($this->From); + $from[0][1] = $this->FromName; + $result .= $this->AddrAppend('From', $from); + + /* sendmail and mail() extract Cc from the header before sending */ + if((($this->Mailer == 'sendmail') || ($this->Mailer == 'mail')) && (count($this->cc) > 0)) { + $result .= $this->AddrAppend('Cc', $this->cc); + } + + /* sendmail and mail() extract Bcc from the header before sending */ + if((($this->Mailer == 'sendmail') || ($this->Mailer == 'mail')) && (count($this->bcc) > 0)) { + $result .= $this->AddrAppend('Bcc', $this->bcc); + } + + if(count($this->ReplyTo) > 0) { + $result .= $this->AddrAppend('Reply-To', $this->ReplyTo); + } + + /* mail() sets the subject itself */ + if($this->Mailer != 'mail') { + $result .= $this->HeaderLine('Subject', $this->EncodeHeader($this->SecureHeader($this->Subject))); + } + + if($this->MessageID != '') { + $result .= $this->HeaderLine('Message-ID',$this->MessageID); + } else { + $result .= sprintf("Message-ID: <%s@%s>%s", $uniq_id, $this->ServerHostname(), $this->LE); + } + $result .= $this->HeaderLine('X-Priority', $this->Priority); + $result .= $this->HeaderLine('X-Mailer', 'PHPMailer (phpmailer.sourceforge.net) [version ' . $this->Version . ']'); + + if($this->ConfirmReadingTo != '') { + $result .= $this->HeaderLine('Disposition-Notification-To', '<' . trim($this->ConfirmReadingTo) . '>'); + } + + // Add custom headers + for($index = 0; $index < count($this->CustomHeader); $index++) { + $result .= $this->HeaderLine(trim($this->CustomHeader[$index][0]), $this->EncodeHeader(trim($this->CustomHeader[$index][1]))); + } + if (!$this->sign_key_file) { + $result .= $this->HeaderLine('MIME-Version', '1.0'); + $result .= $this->GetMailMIME(); + } + + return $result; + } + + /** + * Returns the message MIME. + * @access private + * @return string + */ + function GetMailMIME() { + $result = ''; + switch($this->message_type) { + case 'plain': + $result .= $this->HeaderLine('Content-Transfer-Encoding', $this->Encoding); + $result .= sprintf("Content-Type: %s; charset=\"%s\"", $this->ContentType, $this->CharSet); + break; + case 'attachments': + /* fall through */ + case 'alt_attachments': + if($this->InlineImageExists()){ + $result .= sprintf("Content-Type: %s;%s\ttype=\"text/html\";%s\tboundary=\"%s\"%s", 'multipart/related', $this->LE, $this->LE, $this->boundary[1], $this->LE); + } else { + $result .= $this->HeaderLine('Content-Type', 'multipart/mixed;'); + $result .= $this->TextLine("\tboundary=\"" . $this->boundary[1] . '"'); + } + break; + case 'alt': + $result .= $this->HeaderLine('Content-Type', 'multipart/alternative;'); + $result .= $this->TextLine("\tboundary=\"" . $this->boundary[1] . '"'); + break; + } + + if($this->Mailer != 'mail') { + $result .= $this->LE.$this->LE; + } + + return $result; + } + + /** + * Assembles the message body. Returns an empty string on failure. + * @access private + * @return string + */ + function CreateBody() { + $result = ''; + if ($this->sign_key_file) { + $result .= $this->GetMailMIME(); + } + + $this->SetWordWrap(); + + switch($this->message_type) { + case 'alt': + $result .= $this->GetBoundary($this->boundary[1], '', 'text/plain', ''); + $result .= $this->EncodeString($this->AltBody, $this->Encoding); + $result .= $this->LE.$this->LE; + $result .= $this->GetBoundary($this->boundary[1], '', 'text/html', ''); + $result .= $this->EncodeString($this->Body, $this->Encoding); + $result .= $this->LE.$this->LE; + $result .= $this->EndBoundary($this->boundary[1]); + break; + case 'plain': + $result .= $this->EncodeString($this->Body, $this->Encoding); + break; + case 'attachments': + $result .= $this->GetBoundary($this->boundary[1], '', '', ''); + $result .= $this->EncodeString($this->Body, $this->Encoding); + $result .= $this->LE; + $result .= $this->AttachAll(); + break; + case 'alt_attachments': + $result .= sprintf("--%s%s", $this->boundary[1], $this->LE); + $result .= sprintf("Content-Type: %s;%s" . "\tboundary=\"%s\"%s", 'multipart/alternative', $this->LE, $this->boundary[2], $this->LE.$this->LE); + $result .= $this->GetBoundary($this->boundary[2], '', 'text/plain', '') . $this->LE; // Create text body + $result .= $this->EncodeString($this->AltBody, $this->Encoding); + $result .= $this->LE.$this->LE; + $result .= $this->GetBoundary($this->boundary[2], '', 'text/html', '') . $this->LE; // Create the HTML body + $result .= $this->EncodeString($this->Body, $this->Encoding); + $result .= $this->LE.$this->LE; + $result .= $this->EndBoundary($this->boundary[2]); + $result .= $this->AttachAll(); + break; + } + + if($this->IsError()) { + $result = ''; + } else if ($this->sign_key_file) { + $file = tempnam("", "mail"); + $fp = fopen($file, "w"); + fwrite($fp, $result); + fclose($fp); + $signed = tempnam("", "signed"); + + if (@openssl_pkcs7_sign($file, $signed, "file://".$this->sign_cert_file, array("file://".$this->sign_key_file, $this->sign_key_pass), null)) { + $fp = fopen($signed, "r"); + $result = fread($fp, filesize($this->sign_key_file)); + $result = ''; + while(!feof($fp)){ + $result = $result . fread($fp, 1024); + } + fclose($fp); + } else { + $this->SetError($this->Lang("signing").openssl_error_string()); + $result = ''; + } + + unlink($file); + unlink($signed); + } + + return $result; + } + + /** + * Returns the start of a message boundary. + * @access private + */ + function GetBoundary($boundary, $charSet, $contentType, $encoding) { + $result = ''; + if($charSet == '') { + $charSet = $this->CharSet; + } + if($contentType == '') { + $contentType = $this->ContentType; + } + if($encoding == '') { + $encoding = $this->Encoding; + } + $result .= $this->TextLine('--' . $boundary); + $result .= sprintf("Content-Type: %s; charset = \"%s\"", $contentType, $charSet); + $result .= $this->LE; + $result .= $this->HeaderLine('Content-Transfer-Encoding', $encoding); + $result .= $this->LE; + + return $result; + } + + /** + * Returns the end of a message boundary. + * @access private + */ + function EndBoundary($boundary) { + return $this->LE . '--' . $boundary . '--' . $this->LE; + } + + /** + * Sets the message type. + * @access private + * @return void + */ + function SetMessageType() { + if(count($this->attachment) < 1 && strlen($this->AltBody) < 1) { + $this->message_type = 'plain'; + } else { + if(count($this->attachment) > 0) { + $this->message_type = 'attachments'; + } + if(strlen($this->AltBody) > 0 && count($this->attachment) < 1) { + $this->message_type = 'alt'; + } + if(strlen($this->AltBody) > 0 && count($this->attachment) > 0) { + $this->message_type = 'alt_attachments'; + } + } + } + + /* Returns a formatted header line. + * @access private + * @return string + */ + function HeaderLine($name, $value) { + return $name . ': ' . $value . $this->LE; + } + + /** + * Returns a formatted mail line. + * @access private + * @return string + */ + function TextLine($value) { + return $value . $this->LE; + } + + ///////////////////////////////////////////////// + // CLASS METHODS, ATTACHMENTS + ///////////////////////////////////////////////// + + /** + * Adds an attachment from a path on the filesystem. + * Returns false if the file could not be found + * or accessed. + * @param string $path Path to the attachment. + * @param string $name Overrides the attachment name. + * @param string $encoding File encoding (see $Encoding). + * @param string $type File extension (MIME) type. + * @return bool + */ + function AddAttachment($path, $name = '', $encoding = 'base64', $type = 'application/octet-stream') { + if(!@is_file($path)) { + $this->SetError($this->Lang('file_access') . $path); + return false; + } + + $filename = basename($path); + if($name == '') { + $name = $filename; + } + + $cur = count($this->attachment); + $this->attachment[$cur][0] = $path; + $this->attachment[$cur][1] = $filename; + $this->attachment[$cur][2] = $name; + $this->attachment[$cur][3] = $encoding; + $this->attachment[$cur][4] = $type; + $this->attachment[$cur][5] = false; // isStringAttachment + $this->attachment[$cur][6] = 'attachment'; + $this->attachment[$cur][7] = 0; + + return true; + } + + /** + * Attaches all fs, string, and binary attachments to the message. + * Returns an empty string on failure. + * @access private + * @return string + */ + function AttachAll() { + /* Return text of body */ + $mime = array(); + + /* Add all attachments */ + for($i = 0; $i < count($this->attachment); $i++) { + /* Check for string attachment */ + $bString = $this->attachment[$i][5]; + if ($bString) { + $string = $this->attachment[$i][0]; + } else { + $path = $this->attachment[$i][0]; + } + + $filename = $this->attachment[$i][1]; + $name = $this->attachment[$i][2]; + $encoding = $this->attachment[$i][3]; + $type = $this->attachment[$i][4]; + $disposition = $this->attachment[$i][6]; + $cid = $this->attachment[$i][7]; + + $mime[] = sprintf("--%s%s", $this->boundary[1], $this->LE); + $mime[] = sprintf("Content-Type: %s; name=\"%s\"%s", $type, $this->EncodeHeader($this->SecureHeader($name)), $this->LE); + $mime[] = sprintf("Content-Transfer-Encoding: %s%s", $encoding, $this->LE); + + if($disposition == 'inline') { + $mime[] = sprintf("Content-ID: <%s>%s", $cid, $this->LE); + } + + $mime[] = sprintf("Content-Disposition: %s; filename=\"%s\"%s", $disposition, $this->EncodeHeader($this->SecureHeader($name)), $this->LE.$this->LE); + + /* Encode as string attachment */ + if($bString) { + $mime[] = $this->EncodeString($string, $encoding); + if($this->IsError()) { + return ''; + } + $mime[] = $this->LE.$this->LE; + } else { + $mime[] = $this->EncodeFile($path, $encoding); + if($this->IsError()) { + return ''; + } + $mime[] = $this->LE.$this->LE; + } + } + + $mime[] = sprintf("--%s--%s", $this->boundary[1], $this->LE); + + return join('', $mime); + } + + /** + * Encodes attachment in requested format. Returns an + * empty string on failure. + * @access private + * @return string + */ + function EncodeFile ($path, $encoding = 'base64') { + if(!@$fd = fopen($path, 'rb')) { + $this->SetError($this->Lang('file_open') . $path); + return ''; + } + $magic_quotes = get_magic_quotes_runtime(); + set_magic_quotes_runtime(0); + $file_buffer = fread($fd, filesize($path)); + $file_buffer = $this->EncodeString($file_buffer, $encoding); + fclose($fd); + set_magic_quotes_runtime($magic_quotes); + + return $file_buffer; + } + + /** + * Encodes string to requested format. Returns an + * empty string on failure. + * @access private + * @return string + */ + function EncodeString ($str, $encoding = 'base64') { + $encoded = ''; + switch(strtolower($encoding)) { + case 'base64': + /* chunk_split is found in PHP >= 3.0.6 */ + $encoded = chunk_split(base64_encode($str), 76, $this->LE); + break; + case '7bit': + case '8bit': + $encoded = $this->FixEOL($str); + if (substr($encoded, -(strlen($this->LE))) != $this->LE) + $encoded .= $this->LE; + break; + case 'binary': + $encoded = $str; + break; + case 'quoted-printable': + $encoded = $this->EncodeQP($str); + break; + default: + $this->SetError($this->Lang('encoding') . $encoding); + break; + } + return $encoded; + } + + /** + * Encode a header string to best of Q, B, quoted or none. + * @access private + * @return string + */ + function EncodeHeader ($str, $position = 'text') { + $x = 0; + + switch (strtolower($position)) { + case 'phrase': + if (!preg_match('/[\200-\377]/', $str)) { + /* Can't use addslashes as we don't know what value has magic_quotes_sybase. */ + $encoded = addcslashes($str, "\0..\37\177\\\""); + if (($str == $encoded) && !preg_match('/[^A-Za-z0-9!#$%&\'*+\/=?^_`{|}~ -]/', $str)) { + return ($encoded); + } else { + return ("\"$encoded\""); + } + } + $x = preg_match_all('/[^\040\041\043-\133\135-\176]/', $str, $matches); + break; + case 'comment': + $x = preg_match_all('/[()"]/', $str, $matches); + /* Fall-through */ + case 'text': + default: + $x += preg_match_all('/[\000-\010\013\014\016-\037\177-\377]/', $str, $matches); + break; + } + + if ($x == 0) { + return ($str); + } + + $maxlen = 75 - 7 - strlen($this->CharSet); + /* Try to select the encoding which should produce the shortest output */ + if (strlen($str)/3 < $x) { + $encoding = 'B'; + if (function_exists('mb_strlen') && $this->HasMultiBytes($str)) { + // Use a custom function which correctly encodes and wraps long + // multibyte strings without breaking lines within a character + $encoded = $this->Base64EncodeWrapMB($str); + } else { + $encoded = base64_encode($str); + $maxlen -= $maxlen % 4; + $encoded = trim(chunk_split($encoded, $maxlen, "\n")); + } + } else { + $encoding = 'Q'; + $encoded = $this->EncodeQ($str, $position); + $encoded = $this->WrapText($encoded, $maxlen, true); + $encoded = str_replace('='.$this->LE, "\n", trim($encoded)); + } + + $encoded = preg_replace('/^(.*)$/m', " =?".$this->CharSet."?$encoding?\\1?=", $encoded); + $encoded = trim(str_replace("\n", $this->LE, $encoded)); + + return $encoded; + } + + /** + * Checks if a string contains multibyte characters. + * @access private + * @param string $str multi-byte text to wrap encode + * @return bool + */ + function HasMultiBytes($str) { + if (function_exists('mb_strlen')) { + return (strlen($str) > mb_strlen($str, $this->CharSet)); + } else { // Assume no multibytes (we can't handle without mbstring functions anyway) + return False; + } + } + + /** + * Correctly encodes and wraps long multibyte strings for mail headers + * without breaking lines within a character. + * Adapted from a function by paravoid at http://uk.php.net/manual/en/function.mb-encode-mimeheader.php + * @access private + * @param string $str multi-byte text to wrap encode + * @return string + */ + function Base64EncodeWrapMB($str) { + $start = "=?".$this->CharSet."?B?"; + $end = "?="; + $encoded = ""; + + $mb_length = mb_strlen($str, $this->CharSet); + // Each line must have length <= 75, including $start and $end + $length = 75 - strlen($start) - strlen($end); + // Average multi-byte ratio + $ratio = $mb_length / strlen($str); + // Base64 has a 4:3 ratio + $offset = $avgLength = floor($length * $ratio * .75); + + for ($i = 0; $i < $mb_length; $i += $offset) { + $lookBack = 0; + + do { + $offset = $avgLength - $lookBack; + $chunk = mb_substr($str, $i, $offset, $this->CharSet); + $chunk = base64_encode($chunk); + $lookBack++; + } + while (strlen($chunk) > $length); + + $encoded .= $chunk . $this->LE; + } + + // Chomp the last linefeed + $encoded = substr($encoded, 0, -strlen($this->LE)); + return $encoded; + } + + /** + * Encode string to quoted-printable. + * @access private + * @return string + */ + function EncodeQP( $input = '', $line_max = 76, $space_conv = false ) { + $hex = array('0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'); + $lines = preg_split('/(?:\r\n|\r|\n)/', $input); + $eol = "\r\n"; + $escape = '='; + $output = ''; + while( list(, $line) = each($lines) ) { + $linlen = strlen($line); + $newline = ''; + for($i = 0; $i < $linlen; $i++) { + $c = substr( $line, $i, 1 ); + $dec = ord( $c ); + if ( ( $i == 0 ) && ( $dec == 46 ) ) { // convert first point in the line into =2E + $c = '=2E'; + } + if ( $dec == 32 ) { + if ( $i == ( $linlen - 1 ) ) { // convert space at eol only + $c = '=20'; + } else if ( $space_conv ) { + $c = '=20'; + } + } elseif ( ($dec == 61) || ($dec < 32 ) || ($dec > 126) ) { // always encode "\t", which is *not* required + $h2 = floor($dec/16); + $h1 = floor($dec%16); + $c = $escape.$hex[$h2].$hex[$h1]; + } + if ( (strlen($newline) + strlen($c)) >= $line_max ) { // CRLF is not counted + $output .= $newline.$escape.$eol; // soft line break; " =\r\n" is okay + $newline = ''; + // check if newline first character will be point or not + if ( $dec == 46 ) { + $c = '=2E'; + } + } + $newline .= $c; + } // end of for + $output .= $newline.$eol; + } // end of while + return $output; + } + + /** + * Encode string to q encoding. + * @access private + * @return string + */ + function EncodeQ ($str, $position = 'text') { + /* There should not be any EOL in the string */ + $encoded = preg_replace("[\r\n]", '', $str); + + switch (strtolower($position)) { + case 'phrase': + $encoded = preg_replace("/([^A-Za-z0-9!*+\/ -])/e", "'='.sprintf('%02X', ord('\\1'))", $encoded); + break; + case 'comment': + $encoded = preg_replace("/([\(\)\"])/e", "'='.sprintf('%02X', ord('\\1'))", $encoded); + case 'text': + default: + /* Replace every high ascii, control =, ? and _ characters */ + $encoded = preg_replace('/([\000-\011\013\014\016-\037\075\077\137\177-\377])/e', + "'='.sprintf('%02X', ord('\\1'))", $encoded); + break; + } + + /* Replace every spaces to _ (more readable than =20) */ + $encoded = str_replace(' ', '_', $encoded); + + return $encoded; + } + + /** + * Adds a string or binary attachment (non-filesystem) to the list. + * This method can be used to attach ascii or binary data, + * such as a BLOB record from a database. + * @param string $string String attachment data. + * @param string $filename Name of the attachment. + * @param string $encoding File encoding (see $Encoding). + * @param string $type File extension (MIME) type. + * @return void + */ + function AddStringAttachment($string, $filename, $encoding = 'base64', $type = 'application/octet-stream') { + /* Append to $attachment array */ + $cur = count($this->attachment); + $this->attachment[$cur][0] = $string; + $this->attachment[$cur][1] = $filename; + $this->attachment[$cur][2] = $filename; + $this->attachment[$cur][3] = $encoding; + $this->attachment[$cur][4] = $type; + $this->attachment[$cur][5] = true; // isString + $this->attachment[$cur][6] = 'attachment'; + $this->attachment[$cur][7] = 0; + } + + /** + * Adds an embedded attachment. This can include images, sounds, and + * just about any other document. Make sure to set the $type to an + * image type. For JPEG images use "image/jpeg" and for GIF images + * use "image/gif". + * @param string $path Path to the attachment. + * @param string $cid Content ID of the attachment. Use this to identify + * the Id for accessing the image in an HTML form. + * @param string $name Overrides the attachment name. + * @param string $encoding File encoding (see $Encoding). + * @param string $type File extension (MIME) type. + * @return bool + */ + function AddEmbeddedImage($path, $cid, $name = '', $encoding = 'base64', $type = 'application/octet-stream') { + + if(!@is_file($path)) { + $this->SetError($this->Lang('file_access') . $path); + return false; + } + + $filename = basename($path); + if($name == '') { + $name = $filename; + } + + /* Append to $attachment array */ + $cur = count($this->attachment); + $this->attachment[$cur][0] = $path; + $this->attachment[$cur][1] = $filename; + $this->attachment[$cur][2] = $name; + $this->attachment[$cur][3] = $encoding; + $this->attachment[$cur][4] = $type; + $this->attachment[$cur][5] = false; + $this->attachment[$cur][6] = 'inline'; + $this->attachment[$cur][7] = $cid; + + return true; + } + + /** + * Returns true if an inline attachment is present. + * @access private + * @return bool + */ + function InlineImageExists() { + $result = false; + for($i = 0; $i < count($this->attachment); $i++) { + if($this->attachment[$i][6] == 'inline') { + $result = true; + break; + } + } + + return $result; + } + + ///////////////////////////////////////////////// + // CLASS METHODS, MESSAGE RESET + ///////////////////////////////////////////////// + + /** + * Clears all recipients assigned in the TO array. Returns void. + * @return void + */ + function ClearAddresses() { + $this->to = array(); + } + + /** + * Clears all recipients assigned in the CC array. Returns void. + * @return void + */ + function ClearCCs() { + $this->cc = array(); + } + + /** + * Clears all recipients assigned in the BCC array. Returns void. + * @return void + */ + function ClearBCCs() { + $this->bcc = array(); + } + + /** + * Clears all recipients assigned in the ReplyTo array. Returns void. + * @return void + */ + function ClearReplyTos() { + $this->ReplyTo = array(); + } + + /** + * Clears all recipients assigned in the TO, CC and BCC + * array. Returns void. + * @return void + */ + function ClearAllRecipients() { + $this->to = array(); + $this->cc = array(); + $this->bcc = array(); + } + + /** + * Clears all previously set filesystem, string, and binary + * attachments. Returns void. + * @return void + */ + function ClearAttachments() { + $this->attachment = array(); + } + + /** + * Clears all custom headers. Returns void. + * @return void + */ + function ClearCustomHeaders() { + $this->CustomHeader = array(); + } + + ///////////////////////////////////////////////// + // CLASS METHODS, MISCELLANEOUS + ///////////////////////////////////////////////// + + /** + * Adds the error message to the error container. + * Returns void. + * @access private + * @return void + */ + function SetError($msg) { + $this->error_count++; + $this->ErrorInfo = $msg; + } + + /** + * Returns the proper RFC 822 formatted date. + * @access private + * @return string + */ + function RFCDate() { + $tz = date('Z'); + $tzs = ($tz < 0) ? '-' : '+'; + $tz = abs($tz); + $tz = (int)($tz/3600)*100 + ($tz%3600)/60; + $result = sprintf("%s %s%04d", date('D, j M Y H:i:s'), $tzs, $tz); + + return $result; + } + + /** + * Returns the appropriate server variable. Should work with both + * PHP 4.1.0+ as well as older versions. Returns an empty string + * if nothing is found. + * @access private + * @return mixed + */ + function ServerVar($varName) { + global $HTTP_SERVER_VARS; + global $HTTP_ENV_VARS; + + if(!isset($_SERVER)) { + $_SERVER = $HTTP_SERVER_VARS; + if(!isset($_SERVER['REMOTE_ADDR'])) { + $_SERVER = $HTTP_ENV_VARS; // must be Apache + } + } + + if(isset($_SERVER[$varName])) { + return $_SERVER[$varName]; + } else { + return ''; + } + } + + /** + * Returns the server hostname or 'localhost.localdomain' if unknown. + * @access private + * @return string + */ + function ServerHostname() { + if ($this->Hostname != '') { + $result = $this->Hostname; + } elseif ($this->ServerVar('SERVER_NAME') != '') { + $result = $this->ServerVar('SERVER_NAME'); + } else { + $result = 'localhost.localdomain'; + } + + return $result; + } + + /** + * Returns a message in the appropriate language. + * @access private + * @return string + */ + function Lang($key) { + if(count($this->language) < 1) { + $this->SetLanguage('en'); // set the default language + } + + if(isset($this->language[$key])) { + return $this->language[$key]; + } else { + return 'Language string failed to load: ' . $key; + } + } + + /** + * Returns true if an error occurred. + * @return bool + */ + function IsError() { + return ($this->error_count > 0); + } + + /** + * Changes every end of line from CR or LF to CRLF. + * @access private + * @return string + */ + function FixEOL($str) { + $str = str_replace("\r\n", "\n", $str); + $str = str_replace("\r", "\n", $str); + $str = str_replace("\n", $this->LE, $str); + return $str; + } + + /** + * Adds a custom header. + * @return void + */ + function AddCustomHeader($custom_header) { + $this->CustomHeader[] = explode(':', $custom_header, 2); + } + + /** + * Evaluates the message and returns modifications for inline images and backgrounds + * @access public + * @return $message + */ + function MsgHTML($message,$basedir='') { + preg_match_all("/(src|background)=\"(.*)\"/Ui", $message, $images); + if(isset($images[2])) { + foreach($images[2] as $i => $url) { + // do not change urls for absolute images (thanks to corvuscorax) + if (!preg_match('/^[A-z][A-z]*:\/\//',$url)) { + $filename = basename($url); + $directory = dirname($url); + ($directory == '.')?$directory='':''; + $cid = 'cid:' . md5($filename); + $fileParts = preg_split("/\./", $filename); + $ext = $fileParts[1]; + $mimeType = $this->_mime_types($ext); + if ( strlen($basedir) > 1 && substr($basedir,-1) != '/') { $basedir .= '/'; } + if ( strlen($directory) > 1 && substr($directory,-1) != '/') { $directory .= '/'; } + if ( $this->AddEmbeddedImage($basedir.$directory.$filename, md5($filename), $filename, 'base64',$mimeType) ) { + $message = preg_replace("/".$images[1][$i]."=\"".preg_quote($url, '/')."\"/Ui", $images[1][$i]."=\"".$cid."\"", $message); + } + } + } + } + $this->IsHTML(true); + $this->Body = $message; + $textMsg = trim(strip_tags(preg_replace('/<(head|title|style|script)[^>]*>.*?<\/\\1>/s','',$message))); + if ( !empty($textMsg) && empty($this->AltBody) ) { + $this->AltBody = html_entity_decode($textMsg); + } + if ( empty($this->AltBody) ) { + $this->AltBody = 'To view this email message, open the email in with HTML compatibility!' . "\n\n"; + } + } + + /** + * Gets the mime type of the embedded or inline image + * @access private + * @return mime type of ext + */ + function _mime_types($ext = '') { + $mimes = array( + 'ai' => 'application/postscript', + 'aif' => 'audio/x-aiff', + 'aifc' => 'audio/x-aiff', + 'aiff' => 'audio/x-aiff', + 'avi' => 'video/x-msvideo', + 'bin' => 'application/macbinary', + 'bmp' => 'image/bmp', + 'class' => 'application/octet-stream', + 'cpt' => 'application/mac-compactpro', + 'css' => 'text/css', + 'dcr' => 'application/x-director', + 'dir' => 'application/x-director', + 'dll' => 'application/octet-stream', + 'dms' => 'application/octet-stream', + 'doc' => 'application/msword', + 'dvi' => 'application/x-dvi', + 'dxr' => 'application/x-director', + 'eml' => 'message/rfc822', + 'eps' => 'application/postscript', + 'exe' => 'application/octet-stream', + 'gif' => 'image/gif', + 'gtar' => 'application/x-gtar', + 'htm' => 'text/html', + 'html' => 'text/html', + 'jpe' => 'image/jpeg', + 'jpeg' => 'image/jpeg', + 'jpg' => 'image/jpeg', + 'hqx' => 'application/mac-binhex40', + 'js' => 'application/x-javascript', + 'lha' => 'application/octet-stream', + 'log' => 'text/plain', + 'lzh' => 'application/octet-stream', + 'mid' => 'audio/midi', + 'midi' => 'audio/midi', + 'mif' => 'application/vnd.mif', + 'mov' => 'video/quicktime', + 'movie' => 'video/x-sgi-movie', + 'mp2' => 'audio/mpeg', + 'mp3' => 'audio/mpeg', + 'mpe' => 'video/mpeg', + 'mpeg' => 'video/mpeg', + 'mpg' => 'video/mpeg', + 'mpga' => 'audio/mpeg', + 'oda' => 'application/oda', + 'pdf' => 'application/pdf', + 'php' => 'application/x-httpd-php', + 'php3' => 'application/x-httpd-php', + 'php4' => 'application/x-httpd-php', + 'phps' => 'application/x-httpd-php-source', + 'phtml' => 'application/x-httpd-php', + 'png' => 'image/png', + 'ppt' => 'application/vnd.ms-powerpoint', + 'ps' => 'application/postscript', + 'psd' => 'application/octet-stream', + 'qt' => 'video/quicktime', + 'ra' => 'audio/x-realaudio', + 'ram' => 'audio/x-pn-realaudio', + 'rm' => 'audio/x-pn-realaudio', + 'rpm' => 'audio/x-pn-realaudio-plugin', + 'rtf' => 'text/rtf', + 'rtx' => 'text/richtext', + 'rv' => 'video/vnd.rn-realvideo', + 'sea' => 'application/octet-stream', + 'shtml' => 'text/html', + 'sit' => 'application/x-stuffit', + 'so' => 'application/octet-stream', + 'smi' => 'application/smil', + 'smil' => 'application/smil', + 'swf' => 'application/x-shockwave-flash', + 'tar' => 'application/x-tar', + 'text' => 'text/plain', + 'txt' => 'text/plain', + 'tgz' => 'application/x-tar', + 'tif' => 'image/tiff', + 'tiff' => 'image/tiff', + 'wav' => 'audio/x-wav', + 'wbxml' => 'application/vnd.wap.wbxml', + 'wmlc' => 'application/vnd.wap.wmlc', + 'word' => 'application/msword', + 'xht' => 'application/xhtml+xml', + 'xhtml' => 'application/xhtml+xml', + 'xl' => 'application/excel', + 'xls' => 'application/vnd.ms-excel', + 'xml' => 'text/xml', + 'xsl' => 'text/xml', + 'zip' => 'application/zip' + ); + return ( ! isset($mimes[strtolower($ext)])) ? 'application/octet-stream' : $mimes[strtolower($ext)]; + } + + /** + * Set (or reset) Class Objects (variables) + * + * Usage Example: + * $page->set('X-Priority', '3'); + * + * @access public + * @param string $name Parameter Name + * @param mixed $value Parameter Value + * NOTE: will not work with arrays, there are no arrays to set/reset + */ + function set ( $name, $value = '' ) { + if ( isset($this->$name) ) { + $this->$name = $value; + } else { + $this->SetError('Cannot set or reset variable ' . $name); + return false; + } + } + + /** + * Read a file from a supplied filename and return it. + * + * @access public + * @param string $filename Parameter File Name + */ + function getFile($filename) { + $return = ''; + if ($fp = fopen($filename, 'rb')) { + while (!feof($fp)) { + $return .= fread($fp, 1024); + } + fclose($fp); + return $return; + } else { + return false; + } + } + + /** + * Strips newlines to prevent header injection. + * @access private + * @param string $str String + * @return string + */ + function SecureHeader($str) { + $str = trim($str); + $str = str_replace("\r", "", $str); + $str = str_replace("\n", "", $str); + return $str; + } + + /** + * Set the private key file and password to sign the message. + * + * @access public + * @param string $key_filename Parameter File Name + * @param string $key_pass Password for private key + */ + function Sign($cert_filename, $key_filename, $key_pass) { + $this->sign_cert_file = $cert_filename; + $this->sign_key_file = $key_filename; + $this->sign_key_pass = $key_pass; + } + +} + +?> + diff --git a/include/fg_membersite.php b/include/fg_membersite.php new file mode 100644 index 0000000..56fa289 --- /dev/null +++ b/include/fg_membersite.php @@ -0,0 +1,877 @@ +sitename = 'YourWebsiteName.com'; + $this->rand_key = '0iQx5oBk66oVZep'; + } + + function InitDB($host,$uname,$pwd,$database,$tablename) + { + $this->db_host = $host; + $this->username = $uname; + $this->pwd = $pwd; + $this->database = $database; + $this->tablename = $tablename; + + } + function SetAdminEmail($email) + { + $this->admin_email = $email; + } + + function SetWebsiteName($sitename) + { + $this->sitename = $sitename; + } + + function SetRandomKey($key) + { + $this->rand_key = $key; + } + + //-------Main Operations ---------------------- + function RegisterUser() + { + if(!isset($_POST['submitted'])) + { + return false; + } + + $formvars = array(); + + if(!$this->ValidateRegistrationSubmission()) + { + return false; + } + + $this->CollectRegistrationSubmission($formvars); + + if(!$this->SaveToDatabase($formvars)) + { + return false; + } + + // Send mail to user + /* if(!$this->SendUserConfirmationEmail($formvars)) + { + return false; + } + + // Send mail to admin + $this->SendAdminIntimationEmail($formvars); + */ + + return true; + } + + function ConfirmUser() + { + if(empty($_GET['code'])||strlen($_GET['code'])<=10) + { + $this->HandleError("Please provide the confirm code"); + return false; + } + $user_rec = array(); + if(!$this->UpdateDBRecForConfirmation($user_rec)) + { + return false; + } + + /* + // Send mails + $this->SendUserWelcomeEmail($user_rec); + $this->SendAdminIntimationOnRegComplete($user_rec); + */ + + return true; + } + + function Login() + { + if(empty($_POST['username'])) + { + $this->HandleError("UserName is empty!"); + return false; + } + + if(empty($_POST['password'])) + { + $this->HandleError("Password is empty!"); + return false; + } + + $username = trim($_POST['username']); + $password = trim($_POST['password']); + + if(!isset($_SESSION)){ session_start(); } + if(!$this->CheckLoginInDB($username,$password)) + { + return false; + } + + $_SESSION[$this->GetLoginSessionVar()] = $username; + + return true; + } + + function CheckLogin() + { + if(!isset($_SESSION)){ session_start(); } + + $sessionvar = $this->GetLoginSessionVar(); + + if(empty($_SESSION[$sessionvar])) + { + return false; + } + return true; + } + + function UserFullName() + { + return isset($_SESSION['name_of_user'])?$_SESSION['name_of_user']:''; + } + + function UserEmail() + { + return isset($_SESSION['email_of_user'])?$_SESSION['email_of_user']:''; + } + + function LogOut() + { + session_start(); + + $sessionvar = $this->GetLoginSessionVar(); + + $_SESSION[$sessionvar]=NULL; + + unset($_SESSION[$sessionvar]); + } + + function EmailResetPasswordLink() + { + if(empty($_POST['email'])) + { + $this->HandleError("Email is empty!"); + return false; + } + $user_rec = array(); + if(false === $this->GetUserFromEmail($_POST['email'], $user_rec)) + { + return false; + } + if(false === $this->SendResetPasswordLink($user_rec)) + { + return false; + } + return true; + } + + function ResetPassword() + { + if(empty($_GET['email'])) + { + $this->HandleError("Email is empty!"); + return false; + } + if(empty($_GET['code'])) + { + $this->HandleError("reset code is empty!"); + return false; + } + $email = trim($_GET['email']); + $code = trim($_GET['code']); + + if($this->GetResetPasswordCode($email) != $code) + { + $this->HandleError("Bad reset code!"); + return false; + } + + $user_rec = array(); + if(!$this->GetUserFromEmail($email,$user_rec)) + { + return false; + } + + $new_password = $this->ResetUserPasswordInDB($user_rec); + if(false === $new_password || empty($new_password)) + { + $this->HandleError("Error updating new password"); + return false; + } + + if(false == $this->SendNewPassword($user_rec,$new_password)) + { + $this->HandleError("Error sending new password"); + return false; + } + return true; + } + + function ChangePassword() + { + if(!$this->CheckLogin()) + { + $this->HandleError("Not logged in!"); + return false; + } + + if(empty($_POST['oldpwd'])) + { + $this->HandleError("Old password is empty!"); + return false; + } + if(empty($_POST['newpwd'])) + { + $this->HandleError("New password is empty!"); + return false; + } + + $user_rec = array(); + if(!$this->GetUserFromEmail($this->UserEmail(),$user_rec)) + { + return false; + } + + $pwd = trim($_POST['oldpwd']); + + if($user_rec['password'] != md5($pwd)) + { + $this->HandleError("The old password does not match!"); + return false; + } + $newpwd = trim($_POST['newpwd']); + + if(!$this->ChangePasswordInDB($user_rec, $newpwd)) + { + return false; + } + return true; + } + + //-------Public Helper functions ------------- + function GetSelfScript() + { + return htmlentities($_SERVER['PHP_SELF']); + } + + function SafeDisplay($value_name) + { + if(empty($_POST[$value_name])) + { + return''; + } + return htmlentities($_POST[$value_name]); + } + + function RedirectToURL($url) + { + header("Location: $url"); + exit; + } + + function RedirectToURLAfterTimer($url,$sec) + { + header('Refresh: '.$sec.'; URL='.$url); + exit; + } + + function GetSpamTrapInputName() + { + return 'sp'.md5('KHGdnbvsgst'.$this->rand_key); + } + + function GetErrorMessage() + { + if(empty($this->error_message)) + { + return ''; + } + $errormsg = nl2br(htmlentities($this->error_message)); + return $errormsg; + } + //-------Private Helper functions----------- + + function HandleError($err) + { + $this->error_message .= $err."\r\n"; + } + + function HandleDBError($err) + { + $this->HandleError($err."\r\n mysqlerror:".mysql_error()); + } + + function GetFromAddress() + { + if(!empty($this->from_address)) + { + return $this->from_address; + } + + $host = $_SERVER['SERVER_NAME']; + + $from ="nobody@$host"; + return $from; + } + + function GetLoginSessionVar() + { + $retvar = md5($this->rand_key); + $retvar = 'usr_'.substr($retvar,0,10); + return $retvar; + } + + function CheckLoginInDB($username,$password) + { + if(!$this->DBLogin()) + { + $this->HandleError("Database login failed!"); + return false; + } + $username = $this->SanitizeForSQL($username); + $pwdmd5 = md5($password); + $qry = "Select name, email from $this->tablename where username='$username' and password='$pwdmd5' and confirmcode='y'"; + + $result = mysql_query($qry,$this->connection); + + if(!$result || mysql_num_rows($result) <= 0) + { + $this->HandleError("Error logging in. The username or password does not match"); + return false; + } + + $row = mysql_fetch_assoc($result); + + + $_SESSION['name_of_user'] = $row['name']; + $_SESSION['email_of_user'] = $row['email']; + + return true; + } + + function UpdateDBRecForConfirmation(&$user_rec) + { + if(!$this->DBLogin()) + { + $this->HandleError("Database login failed!"); + return false; + } + $confirmcode = $this->SanitizeForSQL($_GET['code']); + + $result = mysql_query("Select name, email from $this->tablename where confirmcode='$confirmcode'",$this->connection); + if(!$result || mysql_num_rows($result) <= 0) + { + $this->HandleError("Wrong confirm code."); + return false; + } + $row = mysql_fetch_assoc($result); + $user_rec['name'] = $row['name']; + $user_rec['email']= $row['email']; + + $qry = "Update $this->tablename Set confirmcode='y' Where confirmcode='$confirmcode'"; + + if(!mysql_query( $qry ,$this->connection)) + { + $this->HandleDBError("Error inserting data to the table\nquery:$qry"); + return false; + } + return true; + } + + function ResetUserPasswordInDB($user_rec) + { + $new_password = substr(md5(uniqid()),0,10); + + if(false == $this->ChangePasswordInDB($user_rec,$new_password)) + { + return false; + } + return $new_password; + } + + function ChangePasswordInDB($user_rec, $newpwd) + { + $newpwd = $this->SanitizeForSQL($newpwd); + + $qry = "Update $this->tablename Set password='".md5($newpwd)."' Where id_user=".$user_rec['id_user'].""; + + if(!mysql_query( $qry ,$this->connection)) + { + $this->HandleDBError("Error updating the password \nquery:$qry"); + return false; + } + return true; + } + + function GetUserFromEmail($email,&$user_rec) + { + if(!$this->DBLogin()) + { + $this->HandleError("Database login failed!"); + return false; + } + $email = $this->SanitizeForSQL($email); + + $result = mysql_query("Select * from $this->tablename where email='$email'",$this->connection); + + if(!$result || mysql_num_rows($result) <= 0) + { + $this->HandleError("There is no user with email: $email"); + return false; + } + $user_rec = mysql_fetch_assoc($result); + + + return true; + } + + function SendUserWelcomeEmail(&$user_rec) + { + $mailer = new PHPMailer(); + + $mailer->CharSet = 'utf-8'; + + $mailer->AddAddress($user_rec['email'],$user_rec['name']); + + $mailer->Subject = "Welcome to ".$this->sitename; + + $mailer->From = $this->GetFromAddress(); + + $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n". + "Welcome! Your registration with ".$this->sitename." is completed.\r\n". + "\r\n". + "Regards,\r\n". + "Webmaster\r\n". + $this->sitename; + + if(!$mailer->Send()) + { + $this->HandleError("Failed sending user welcome email."); + return false; + } + return true; + } + + function SendAdminIntimationOnRegComplete(&$user_rec) + { + if(empty($this->admin_email)) + { + return false; + } + $mailer = new PHPMailer(); + + $mailer->CharSet = 'utf-8'; + + $mailer->AddAddress($this->admin_email); + + $mailer->Subject = "Registration Completed: ".$user_rec['name']; + + $mailer->From = $this->GetFromAddress(); + + $mailer->Body ="A new user registered at ".$this->sitename."\r\n". + "Name: ".$user_rec['name']."\r\n". + "Email address: ".$user_rec['email']."\r\n"; + + if(!$mailer->Send()) + { + return false; + } + return true; + } + + function GetResetPasswordCode($email) + { + return substr(md5($email.$this->sitename.$this->rand_key),0,10); + } + + function SendResetPasswordLink($user_rec) + { + $email = $user_rec['email']; + + $mailer = new PHPMailer(); + + $mailer->CharSet = 'utf-8'; + + $mailer->AddAddress($email,$user_rec['name']); + + $mailer->Subject = "Your reset password request at ".$this->sitename; + + $mailer->From = $this->GetFromAddress(); + + $link = $this->GetAbsoluteURLFolder(). + '/resetpwd.php?email='. + urlencode($email).'&code='. + urlencode($this->GetResetPasswordCode($email)); + + $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n". + "There was a request to reset your password at ".$this->sitename."\r\n". + "Please click the link below to complete the request: \r\n".$link."\r\n". + "Regards,\r\n". + "Webmaster\r\n". + $this->sitename; + + if(!$mailer->Send()) + { + return false; + } + return true; + } + + function SendNewPassword($user_rec, $new_password) + { + $email = $user_rec['email']; + + $mailer = new PHPMailer(); + + $mailer->CharSet = 'utf-8'; + + $mailer->AddAddress($email,$user_rec['name']); + + $mailer->Subject = "Your new password for ".$this->sitename; + + $mailer->From = $this->GetFromAddress(); + + $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n". + "Your password is reset successfully. ". + "Here is your updated login:\r\n". + "username:".$user_rec['username']."\r\n". + "password:$new_password\r\n". + "\r\n". + "Login here: ".$this->GetAbsoluteURLFolder()."/login.php\r\n". + "\r\n". + "Regards,\r\n". + "Webmaster\r\n". + $this->sitename; + + if(!$mailer->Send()) + { + return false; + } + return true; + } + + function ValidateRegistrationSubmission() + { + //This is a hidden input field. Humans won't fill this field. + if(!empty($_POST[$this->GetSpamTrapInputName()]) ) + { + //The proper error is not given intentionally + $this->HandleError("Automated submission prevention: case 2 failed"); + return false; + } + + $validator = new FormValidator(); + $validator->addValidation("name","req","Please fill in Name"); + $validator->addValidation("email","email","The input for Email should be a valid email value"); + $validator->addValidation("email","req","Please fill in Email"); + $validator->addValidation("username","req","Please fill in UserName"); + $validator->addValidation("password","req","Please fill in Password"); + + + if(!$validator->ValidateForm()) + { + $error=''; + $error_hash = $validator->GetErrors(); + foreach($error_hash as $inpname => $inp_err) + { + $error .= $inpname.':'.$inp_err."\n"; + } + $this->HandleError($error); + return false; + } + return true; + } + + function CollectRegistrationSubmission(&$formvars) + { + $formvars['name'] = $this->Sanitize($_POST['name']); + $formvars['email'] = $this->Sanitize($_POST['email']); + $formvars['username'] = $this->Sanitize($_POST['username']); + $formvars['password'] = $this->Sanitize($_POST['password']); + } + + function SendUserConfirmationEmail(&$formvars) + { + $mailer = new PHPMailer(); + + $mailer->CharSet = 'utf-8'; + + $mailer->AddAddress($formvars['email'],$formvars['name']); + + $mailer->Subject = "Your registration with ".$this->sitename; + + $mailer->From = $this->GetFromAddress(); + + $confirmcode = $formvars['confirmcode']; + + $confirm_url = $this->GetAbsoluteURLFolder().'/confirmreg.php?code='.$confirmcode; + + $mailer->Body ="Hello ".$formvars['name']."\r\n\r\n". + "Thanks for your registration with ".$this->sitename."\r\n". + "Please click the link below to confirm your registration.\r\n". + "$confirm_url\r\n". + "\r\n". + "Regards,\r\n". + "Webmaster\r\n". + $this->sitename; + + if(!$mailer->Send()) + { + $this->HandleError("Failed sending registration confirmation email."); + return false; + } + return true; + } + function GetAbsoluteURLFolder() + { + $scriptFolder = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) ? 'https://' : 'http://'; + $scriptFolder .= $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']); + return $scriptFolder; + } + + function SendAdminIntimationEmail(&$formvars) + { + if(empty($this->admin_email)) + { + return false; + } + $mailer = new PHPMailer(); + + $mailer->CharSet = 'utf-8'; + + $mailer->AddAddress($this->admin_email); + + $mailer->Subject = "New registration: ".$formvars['name']; + + $mailer->From = $this->GetFromAddress(); + + $mailer->Body ="A new user registered at ".$this->sitename."\r\n". + "Name: ".$formvars['name']."\r\n". + "Email address: ".$formvars['email']."\r\n". + "UserName: ".$formvars['username']; + + if(!$mailer->Send()) + { + return false; + } + return true; + } + + function SaveToDatabase(&$formvars) + { + if(!$this->DBLogin()) + { + $this->HandleError("Database login failed!"); + return false; + } + if(!$this->Ensuretable()) + { + return false; + } + if(!$this->IsFieldUnique($formvars,'email')) + { + $this->HandleError("This email is already registered"); + return false; + } + + if(!$this->IsFieldUnique($formvars,'username')) + { + $this->HandleError("This UserName is already used. Please try another username"); + return false; + } + if(!$this->InsertIntoDB($formvars)) + { + $this->HandleError("Inserting to Database failed!"); + return false; + } + return true; + } + + function IsFieldUnique($formvars,$fieldname) + { + $field_val = $this->SanitizeForSQL($formvars[$fieldname]); + $qry = "select username from $this->tablename where $fieldname='".$field_val."'"; + $result = mysql_query($qry,$this->connection); + if($result && mysql_num_rows($result) > 0) + { + return false; + } + return true; + } + + function DBLogin() + { + + $this->connection = mysql_connect($this->db_host,$this->username,$this->pwd); + + if(!$this->connection) + { + $this->HandleDBError("Database Login failed! Please make sure that the DB login credentials provided are correct"); + return false; + } + if(!mysql_select_db($this->database, $this->connection)) + { + $this->HandleDBError('Failed to select database: '.$this->database.' Please make sure that the database name provided is correct'); + return false; + } + if(!mysql_query("SET NAMES 'UTF8'",$this->connection)) + { + $this->HandleDBError('Error setting utf8 encoding'); + return false; + } + return true; + } + + function Ensuretable() + { + $result = mysql_query("SHOW COLUMNS FROM $this->tablename"); + if(!$result || mysql_num_rows($result) <= 0) + { + return $this->CreateTable(); + } + return true; + } + + function CreateTable() + { + $qry = "Create Table $this->tablename (". + "id_user INT NOT NULL AUTO_INCREMENT ,". + "name VARCHAR( 128 ) NOT NULL ,". + "email VARCHAR( 64 ) NOT NULL ,". + "phone_number VARCHAR( 16 ) NOT NULL ,". + "username VARCHAR( 16 ) NOT NULL ,". + "password VARCHAR( 32 ) NOT NULL ,". + "confirmcode VARCHAR(32) ,". + "PRIMARY KEY ( id_user )". + ")"; + + if(!mysql_query($qry,$this->connection)) + { + $this->HandleDBError("Error creating the table \nquery was\n $qry"); + return false; + } + return true; + } + + function InsertIntoDB(&$formvars) + { + + $confirmcode = $this->MakeConfirmationMd5($formvars['email']); + + $formvars['confirmcode'] = $confirmcode; + + $insert_query = 'insert into '.$this->tablename.'( + name, + email, + username, + password, + confirmcode + ) + values + ( + "' . $this->SanitizeForSQL($formvars['name']) . '", + "' . $this->SanitizeForSQL($formvars['email']) . '", + "' . $this->SanitizeForSQL($formvars['username']) . '", + "' . md5($formvars['password']) . '", + "' . $confirmcode . '" + )'; + if(!mysql_query( $insert_query ,$this->connection)) + { + $this->HandleDBError("Error inserting data to the table\nquery:$insert_query"); + return false; + } + return true; + } + function MakeConfirmationMd5($email) + { + $randno1 = rand(); + $randno2 = rand(); + return md5($email.$this->rand_key.$randno1.''.$randno2); + } + function SanitizeForSQL($str) + { + if( function_exists( "mysql_real_escape_string" ) ) + { + $ret_str = mysql_real_escape_string( $str ); + } + else + { + $ret_str = addslashes( $str ); + } + return $ret_str; + } + + /* + Sanitize() function removes any potential threat from the + data submitted. Prevents email injections or any other hacker attempts. + if $remove_nl is true, newline chracters are removed from the input. + */ + function Sanitize($str,$remove_nl=true) + { + $str = $this->StripSlashes($str); + + if($remove_nl) + { + $injections = array('/(\n+)/i', + '/(\r+)/i', + '/(\t+)/i', + '/(%0A+)/i', + '/(%0D+)/i', + '/(%08+)/i', + '/(%09+)/i' + ); + $str = preg_replace($injections,'',$str); + } + + return $str; + } + function StripSlashes($str) + { + if(get_magic_quotes_gpc()) + { + $str = stripslashes($str); + } + return $str; + } +} +?> + diff --git a/include/formvalidator.php b/include/formvalidator.php new file mode 100644 index 0000000..88dca56 --- /dev/null +++ b/include/formvalidator.php @@ -0,0 +1,574 @@ +validator_array = array(); + $this->error_hash = array(); + $this->custom_validators=array(); + } + + function AddCustomValidator(&$customv) + { + array_push($this->custom_validators,$customv); + } + + function addValidation($variable,$validator,$error) + { + $validator_obj = new ValidatorObj(); + $validator_obj->variable_name = $variable; + $validator_obj->validator_string = $validator; + $validator_obj->error_string = $error; + array_push($this->validator_array,$validator_obj); + } + function GetErrors() + { + return $this->error_hash; + } + + function ValidateForm() + { + $bret = true; + + $error_string=""; + $error_to_display = ""; + + + if(strcmp($_SERVER['REQUEST_METHOD'],'POST')==0) + { + $form_variables = $_POST; + } + else + { + $form_variables = $_GET; + } + + $vcount = count($this->validator_array); + + + foreach($this->validator_array as $val_obj) + { + if(!$this->ValidateObject($val_obj,$form_variables,$error_string)) + { + $bret = false; + $this->error_hash[$val_obj->variable_name] = $error_string; + } + } + + if(true == $bret && count($this->custom_validators) > 0) + { + foreach( $this->custom_validators as $custom_val) + { + if(false == $custom_val->DoValidate($form_variables,$this->error_hash)) + { + $bret = false; + } + } + } + return $bret; + } + + + function ValidateObject($validatorobj,$formvariables,&$error_string) + { + $bret = true; + + $splitted = explode("=",$validatorobj->validator_string); + $command = $splitted[0]; + $command_value = ''; + + if(isset($splitted[1]) && strlen($splitted[1])>0) + { + $command_value = $splitted[1]; + } + + $default_error_message=""; + + $input_value =""; + + if(isset($formvariables[$validatorobj->variable_name])) + { + $input_value = $formvariables[$validatorobj->variable_name]; + } + + $bret = $this->ValidateCommand($command,$command_value,$input_value, + $default_error_message, + $validatorobj->variable_name, + $formvariables); + + + if(false == $bret) + { + if(isset($validatorobj->error_string) && + strlen($validatorobj->error_string)>0) + { + $error_string = $validatorobj->error_string; + } + else + { + $error_string = $default_error_message; + } + + }//if + return $bret; + } + + function validate_req($input_value, &$default_error_message,$variable_name) + { + $bret = true; + if(!isset($input_value) || + strlen($input_value) <=0) + { + $bret=false; + $default_error_message = sprintf(E_VAL_REQUIRED_VALUE,$variable_name); + } + return $bret; + } + + function validate_maxlen($input_value,$max_len,$variable_name,&$default_error_message) + { + $bret = true; + if(isset($input_value) ) + { + $input_length = strlen($input_value); + if($input_length > $max_len) + { + $bret=false; + $default_error_message = sprintf(E_VAL_MAXLEN_EXCEEDED,$variable_name); + } + } + return $bret; + } + + function validate_minlen($input_value,$min_len,$variable_name,&$default_error_message) + { + $bret = true; + if(isset($input_value) ) + { + $input_length = strlen($input_value); + if($input_length < $min_len) + { + $bret=false; + $default_error_message = sprintf(E_VAL_MINLEN_CHECK_FAILED,$min_len,$variable_name); + } + } + return $bret; + } + + function test_datatype($input_value,$reg_exp) + { + if(ereg($reg_exp,$input_value)) + { + return false; + } + return true; + } + + function validate_email($email) + { + return preg_match("/^[_\.0-9a-zA-Z-]+@([0-9a-zA-Z][0-9a-zA-Z-]+\.)+[a-zA-Z]{2,6}$/i", $email); + } + + function validate_for_numeric_input($input_value,&$validation_success) + { + + $more_validations=true; + $validation_success = true; + if(strlen($input_value)>0) + { + + if(false == is_numeric($input_value)) + { + $validation_success = false; + $more_validations=false; + } + } + else + { + $more_validations=false; + } + return $more_validations; + } + + function validate_lessthan($command_value,$input_value, + $variable_name,&$default_error_message) + { + $bret = true; + if(false == $this->validate_for_numeric_input($input_value, + $bret)) + { + return $bret; + } + if($bret) + { + $lessthan = doubleval($command_value); + $float_inputval = doubleval($input_value); + if($float_inputval >= $lessthan) + { + $default_error_message = sprintf(E_VAL_LESSTHAN_CHECK_FAILED, + $lessthan, + $variable_name); + $bret = false; + }//if + } + return $bret ; + } + + function validate_greaterthan($command_value,$input_value,$variable_name,&$default_error_message) + { + $bret = true; + if(false == $this->validate_for_numeric_input($input_value,$bret)) + { + return $bret; + } + if($bret) + { + $greaterthan = doubleval($command_value); + $float_inputval = doubleval($input_value); + if($float_inputval <= $greaterthan) + { + $default_error_message = sprintf(E_VAL_GREATERTHAN_CHECK_FAILED, + $greaterthan, + $variable_name); + $bret = false; + }//if + } + return $bret ; + } + + function validate_select($input_value,$command_value,&$default_error_message,$variable_name) + { + $bret=false; + if(is_array($input_value)) + { + foreach($input_value as $value) + { + if($value == $command_value) + { + $bret=true; + break; + } + } + } + else + { + if($command_value == $input_value) + { + $bret=true; + } + } + if(false == $bret) + { + $default_error_message = sprintf(E_VAL_SHOULD_SEL_CHECK_FAILED, + $command_value,$variable_name); + } + return $bret; + } + + function validate_dontselect($input_value,$command_value,&$default_error_message,$variable_name) + { + $bret=true; + if(is_array($input_value)) + { + foreach($input_value as $value) + { + if($value == $command_value) + { + $bret=false; + $default_error_message = sprintf(E_VAL_DONTSEL_CHECK_FAILED,$variable_name); + break; + } + } + } + else + { + if($command_value == $input_value) + { + $bret=false; + $default_error_message = sprintf(E_VAL_DONTSEL_CHECK_FAILED,$variable_name); + } + } + return $bret; + } + + + + function ValidateCommand($command,$command_value,$input_value,&$default_error_message,$variable_name,$formvariables) + { + $bret=true; + switch($command) + { + case 'req': + { + $bret = $this->validate_req($input_value, $default_error_message,$variable_name); + break; + } + + case 'maxlen': + { + $max_len = intval($command_value); + $bret = $this->validate_maxlen($input_value,$max_len,$variable_name, + $default_error_message); + break; + } + + case 'minlen': + { + $min_len = intval($command_value); + $bret = $this->validate_minlen($input_value,$min_len,$variable_name, + $default_error_message); + break; + } + + case 'alnum': + { + $bret= $this->test_datatype($input_value,"[^A-Za-z0-9]"); + if(false == $bret) + { + $default_error_message = sprintf(E_VAL_ALNUM_CHECK_FAILED,$variable_name); + } + break; + } + + case 'alnum_s': + { + $bret= $this->test_datatype($input_value,"[^A-Za-z0-9 ]"); + if(false == $bret) + { + $default_error_message = sprintf(E_VAL_ALNUM_S_CHECK_FAILED,$variable_name); + } + break; + } + + case 'num': + case 'numeric': + { + $bret= $this->test_datatype($input_value,"[^0-9]"); + if(false == $bret) + { + $default_error_message = sprintf(E_VAL_NUM_CHECK_FAILED,$variable_name); + } + break; + } + + case 'alpha': + { + $bret= $this->test_datatype($input_value,"[^A-Za-z]"); + if(false == $bret) + { + $default_error_message = sprintf(E_VAL_ALPHA_CHECK_FAILED,$variable_name); + } + break; + } + case 'alpha_s': + { + $bret= $this->test_datatype($input_value,"[^A-Za-z ]"); + if(false == $bret) + { + $default_error_message = sprintf(E_VAL_ALPHA_S_CHECK_FAILED,$variable_name); + } + break; + } + case 'email': + { + if(isset($input_value) && strlen($input_value)>0) + { + $bret= $this->validate_email($input_value); + if(false == $bret) + { + $default_error_message = E_VAL_EMAIL_CHECK_FAILED; + } + } + break; + } + case "lt": + case "lessthan": + { + $bret = $this->validate_lessthan($command_value, + $input_value, + $variable_name, + $default_error_message); + break; + } + case "gt": + case "greaterthan": + { + $bret = $this->validate_greaterthan($command_value, + $input_value, + $variable_name, + $default_error_message); + break; + } + + case "regexp": + { + if(isset($input_value) && strlen($input_value)>0) + { + if(!preg_match("$command_value",$input_value)) + { + $bret=false; + $default_error_message = sprintf(E_VAL_REGEXP_CHECK_FAILED,$variable_name); + } + } + break; + } + case "dontselect": + case "dontselectchk": + case "dontselectradio": + { + $bret = $this->validate_dontselect($input_value, + $command_value, + $default_error_message, + $variable_name); + break; + }//case + + case "shouldselchk": + case "selectradio": + { + $bret = $this->validate_select($input_value, + $command_value, + $default_error_message, + $variable_name); + break; + }//case + case "selmin": + { + $min_count = intval($command_value); + + if(isset($input_value)) + { + if($min_count > 1) + { + $bret = (count($input_value) >= $min_count )?true:false; + } + else + { + $bret = true; + } + } + else + { + $bret= false; + $default_error_message = sprintf(E_VAL_SELMIN_CHECK_FAILED,$min_count,$variable_name); + } + + break; + }//case + case "selone": + { + if(false == isset($input_value)|| + strlen($input_value)<=0) + { + $bret= false; + $default_error_message = sprintf(E_VAL_SELONE_CHECK_FAILED,$variable_name); + } + break; + } + case "eqelmnt": + { + + if(isset($formvariables[$command_value]) && + strcmp($input_value,$formvariables[$command_value])==0 ) + { + $bret=true; + } + else + { + $bret= false; + $default_error_message = sprintf(E_VAL_EQELMNT_CHECK_FAILED,$variable_name,$command_value); + } + break; + } + case "neelmnt": + { + if(isset($formvariables[$command_value]) && + strcmp($input_value,$formvariables[$command_value]) !=0 ) + { + $bret=true; + } + else + { + $bret= false; + $default_error_message = sprintf(E_VAL_NEELMNT_CHECK_FAILED,$variable_name,$command_value); + } + break; + } + + }//switch + return $bret; + }//validdate command + + +} + +?> + diff --git a/include/membersite_config.php b/include/membersite_config.php new file mode 100644 index 0000000..085ee3a --- /dev/null +++ b/include/membersite_config.php @@ -0,0 +1,27 @@ +SetWebsiteName('brewpi'); + +//Provide the email address where you want to get notifications +$fgmembersite->SetAdminEmail('julien@gueydan.eu'); + +//Provide your database login details here: +//hostname, user name, password, database name and table name +//note that the script will create the table (for example, fgusers in this case) +//by itself on submitting register.php for the first time +$fgmembersite->InitDB(/*hostname*/'localhost', + /*username*/'brewpi', + /*password*/'brewpi', + /*database name*/'brewpi', + /*table name*/'fgusers'); + +//For better security. Get a random string from this link: http://tinyurl.com/randstr +// and put it here +$fgmembersite->SetRandomKey('7Z3SQqt9bGd276BFPaht0'); + +?> + diff --git a/index.php b/index.php index 3c9a2d3..c2e81c0 100644 --- a/index.php +++ b/index.php @@ -48,6 +48,7 @@ $profileName = $settingsArray["profileName"]; $dateTimeFormat = $settingsArray["dateTimeFormat"]; $dateTimeFormatDisplay = $settingsArray["dateTimeFormatDisplay"]; +require_once("./include/membersite_config.php"); ?> @@ -74,6 +75,11 @@ include 'maintenance-panel.php'; ?> + diff --git a/js/gen_validatorv31.js b/js/gen_validatorv31.js new file mode 100644 index 0000000..69b812e --- /dev/null +++ b/js/gen_validatorv31.js @@ -0,0 +1,813 @@ +/* + ------------------------------------------------------------------------- + JavaScript Form Validator (gen_validatorv31.js) + Version 3.1 + Copyright (C) 2003-2008 JavaScript-Coder.com. All rights reserved. + You can freely use this script in your Web pages. + You may adapt this script for your own needs, provided these opening credit + lines are kept intact. + + The Form validation script is distributed free from JavaScript-Coder.com + For updates, please visit: + http://www.javascript-coder.com/html-form/javascript-form-validation.phtml + + Questions & comments please send to support@javascript-coder.com + ------------------------------------------------------------------------- +*/ +function Validator(frmname) +{ + this.formobj=document.forms[frmname]; + if(!this.formobj) + { + alert("Error: couldnot get Form object "+frmname); + return; + } + if(this.formobj.onsubmit) + { + this.formobj.old_onsubmit = this.formobj.onsubmit; + this.formobj.onsubmit=null; + } + else + { + this.formobj.old_onsubmit = null; + } + this.formobj._sfm_form_name=frmname; + this.formobj.onsubmit=form_submit_handler; + this.addValidation = add_validation; + this.setAddnlValidationFunction=set_addnl_vfunction; + this.clearAllValidations = clear_all_validations; + this.disable_validations = false;//new + document.error_disp_handler = new sfm_ErrorDisplayHandler(); + this.EnableOnPageErrorDisplay=validator_enable_OPED; + this.EnableOnPageErrorDisplaySingleBox=validator_enable_OPED_SB; + this.show_errors_together=true; + this.EnableMsgsTogether=sfm_enable_show_msgs_together; +} +function set_addnl_vfunction(functionname) +{ + this.formobj.addnlvalidation = functionname; +} +function sfm_enable_show_msgs_together() +{ + this.show_errors_together=true; + this.formobj.show_errors_together=true; +} +function clear_all_validations() +{ + for(var itr=0;itr < this.formobj.elements.length;itr++) + { + this.formobj.elements[itr].validationset = null; + } +} +function form_submit_handler() +{ + var bRet = true; + document.error_disp_handler.clear_msgs(); + for(var itr=0;itr < this.elements.length;itr++) + { + if(this.elements[itr].validationset && + !this.elements[itr].validationset.validate()) + { + bRet = false; + } + if(!bRet && !this.show_errors_together) + { + break; + } + } + if(!bRet) + { + document.error_disp_handler.FinalShowMsg(); + return false; + } + + if(this.addnlvalidation) + { + str =" var ret = "+this.addnlvalidation+"()"; + eval(str); + if(!ret) return ret; + } + return true; +} +function add_validation(itemname,descriptor,errstr) +{ + var condition = null; + if(arguments.length > 3) + { + condition = arguments[3]; + } + if(!this.formobj) + { + alert("Error: The form object is not set properly"); + return; + }//if + var itemobj = this.formobj[itemname]; + if(itemobj.length && isNaN(itemobj.selectedIndex) ) + //for radio button; don't do for 'select' item + { + itemobj = itemobj[0]; + } + if(!itemobj) + { + alert("Error: Couldnot get the input object named: "+itemname); + return; + } + if(!itemobj.validationset) + { + itemobj.validationset = new ValidationSet(itemobj,this.show_errors_together); + } + itemobj.validationset.add(descriptor,errstr,condition); + itemobj.validatorobj=this; +} +function validator_enable_OPED() +{ + document.error_disp_handler.EnableOnPageDisplay(false); +} + +function validator_enable_OPED_SB() +{ + document.error_disp_handler.EnableOnPageDisplay(true); +} +function sfm_ErrorDisplayHandler() +{ + this.msgdisplay = new AlertMsgDisplayer(); + this.EnableOnPageDisplay= edh_EnableOnPageDisplay; + this.ShowMsg=edh_ShowMsg; + this.FinalShowMsg=edh_FinalShowMsg; + this.all_msgs=new Array(); + this.clear_msgs=edh_clear_msgs; +} +function edh_clear_msgs() +{ + this.msgdisplay.clearmsg(this.all_msgs); + this.all_msgs = new Array(); +} +function edh_FinalShowMsg() +{ + this.msgdisplay.showmsg(this.all_msgs); +} +function edh_EnableOnPageDisplay(single_box) +{ + if(true == single_box) + { + this.msgdisplay = new SingleBoxErrorDisplay(); + } + else + { + this.msgdisplay = new DivMsgDisplayer(); + } +} +function edh_ShowMsg(msg,input_element) +{ + + var objmsg = new Array(); + objmsg["input_element"] = input_element; + objmsg["msg"] = msg; + this.all_msgs.push(objmsg); +} +function AlertMsgDisplayer() +{ + this.showmsg = alert_showmsg; + this.clearmsg=alert_clearmsg; +} +function alert_clearmsg(msgs) +{ + +} +function alert_showmsg(msgs) +{ + var whole_msg=""; + var first_elmnt=null; + for(var m in msgs) + { + if(null == first_elmnt) + { + first_elmnt = msgs[m]["input_element"]; + } + whole_msg += msgs[m]["msg"] + "\n"; + } + + alert(whole_msg); + + if(null != first_elmnt) + { + first_elmnt.focus(); + } +} +function sfm_show_error_msg(msg,input_elmt) +{ + document.error_disp_handler.ShowMsg(msg,input_elmt); +} +function SingleBoxErrorDisplay() +{ + this.showmsg=sb_div_showmsg; + this.clearmsg=sb_div_clearmsg; +} + +function sb_div_clearmsg(msgs) +{ + var divname = form_error_div_name(msgs); + show_div_msg(divname,""); +} + +function sb_div_showmsg(msgs) +{ + var whole_msg=""; + var divname = form_error_div_name(msgs); + show_div_msg(divname,whole_msg); +} +function form_error_div_name(msgs) +{ + var input_element= null; + + for(var m in msgs) + { + input_element = msgs[m]["input_element"]; + if(input_element){break;} + } + + var divname =""; + if(input_element) + { + divname = input_element.form._sfm_form_name + "_errorloc"; + } + + return divname; +} +function DivMsgDisplayer() +{ + this.showmsg=div_showmsg; + this.clearmsg=div_clearmsg; +} +function div_clearmsg(msgs) +{ + for(var m in msgs) + { + var divname = element_div_name(msgs[m]["input_element"]); + show_div_msg(divname,""); + } +} +function element_div_name(input_element) +{ + var divname = input_element.form._sfm_form_name + "_" + + input_element.name + "_errorloc"; + + divname = divname.replace(/[\[\]]/gi,""); + + return divname; +} +function div_showmsg(msgs) +{ + var whole_msg; + var first_elmnt=null; + for(var m in msgs) + { + if(null == first_elmnt) + { + first_elmnt = msgs[m]["input_element"]; + } + var divname = element_div_name(msgs[m]["input_element"]); + show_div_msg(divname,msgs[m]["msg"]); + } + if(null != first_elmnt) + { + first_elmnt.focus(); + } +} +function show_div_msg(divname,msgstring) +{ + if(divname.length<=0) return false; + + if(document.layers) + { + divlayer = document.layers[divname]; + if(!divlayer){return;} + divlayer.document.open(); + divlayer.document.write(msgstring); + divlayer.document.close(); + } + else + if(document.all) + { + divlayer = document.all[divname]; + if(!divlayer){return;} + divlayer.innerHTML=msgstring; + } + else + if(document.getElementById) + { + divlayer = document.getElementById(divname); + if(!divlayer){return;} + divlayer.innerHTML =msgstring; + } + divlayer.style.visibility="visible"; + return false; +} +function ValidationDesc(inputitem,desc,error,condition) +{ + this.desc=desc; + this.error=error; + this.itemobj = inputitem; + this.condition = condition; + this.validate=vdesc_validate; +} +function vdesc_validate() +{ + if(this.condition != null ) + { + if(!eval(this.condition)) + { + return true; + } + } + if(!validateInput(this.desc,this.itemobj,this.error)) + { + this.itemobj.validatorobj.disable_validations=true; + this.itemobj.focus(); + return false; + } + return true; +} +function ValidationSet(inputitem,msgs_together) +{ + this.vSet=new Array(); + this.add= add_validationdesc; + this.validate= vset_validate; + this.itemobj = inputitem; + this.msgs_together = msgs_together; +} +function add_validationdesc(desc,error,condition) +{ + this.vSet[this.vSet.length]= + new ValidationDesc(this.itemobj,desc,error,condition); +} +function vset_validate() +{ + var bRet = true; + for(var itr=0;itr= 0) + { + if(objcheck[idxchk].checked=="1") + { + selected=true; + } + }//if + } + else + { + if(objValue.checked == "1") + { + selected=true; + }//if + }//else + + return selected; +} +function TestDontSelectChk(objValue,chkValue,strError) +{ + var pass = true; + pass = IsCheckSelected(objValue,chkValue)?false:true; + + if(pass==false) + { + if(!strError || strError.length ==0) + { + strError = "Can't Proceed as you selected "+objValue.name; + }//if + sfm_show_error_msg(strError,objValue); + + } + return pass; +} +function TestShouldSelectChk(objValue,chkValue,strError) +{ + var pass = true; + + pass = IsCheckSelected(objValue,chkValue)?true:false; + + if(pass==false) + { + if(!strError || strError.length ==0) + { + strError = "You should select"+objValue.name; + }//if + sfm_show_error_msg(strError,objValue); + + } + return pass; +} +function TestRequiredInput(objValue,strError) +{ + var ret = true; + if(eval(objValue.value.length) == 0) + { + if(!strError || strError.length ==0) + { + strError = objValue.name + " : Required Field"; + }//if + sfm_show_error_msg(strError,objValue); + ret=false; + }//if +return ret; +} +function TestMaxLen(objValue,strMaxLen,strError) +{ + var ret = true; + if(eval(objValue.value.length) > eval(strMaxLen)) + { + if(!strError || strError.length ==0) + { + strError = objValue.name + " : "+ strMaxLen +" characters maximum "; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + }//if +return ret; +} +function TestMinLen(objValue,strMinLen,strError) +{ + var ret = true; + if(eval(objValue.value.length) < eval(strMinLen)) + { + if(!strError || strError.length ==0) + { + strError = objValue.name + " : " + strMinLen + " characters minimum "; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + }//if +return ret; +} +function TestInputType(objValue,strRegExp,strError,strDefaultError) +{ + var ret = true; + + var charpos = objValue.value.search(strRegExp); + if(objValue.value.length > 0 && charpos >= 0) + { + if(!strError || strError.length ==0) + { + strError = strDefaultError; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + }//if + return ret; +} +function TestEmail(objValue,strError) +{ +var ret = true; + if(objValue.value.length > 0 && !validateEmail(objValue.value) ) + { + if(!strError || strError.length ==0) + { + strError = objValue.name+": Enter a valid Email address "; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + }//if +return ret; +} +function TestLessThan(objValue,strLessThan,strError) +{ +var ret = true; + if(isNaN(objValue.value)) + { + sfm_show_error_msg(objValue.name +": Should be a number ",objValue); + ret = false; + }//if + else + if(eval(objValue.value) >= eval(strLessThan)) + { + if(!strError || strError.length ==0) + { + strError = objValue.name + " : value should be less than "+ strLessThan; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + }//if +return ret; +} +function TestGreaterThan(objValue,strGreaterThan,strError) +{ +var ret = true; + if(isNaN(objValue.value)) + { + sfm_show_error_msg(objValue.name+": Should be a number ",objValue); + ret = false; + }//if + else + if(eval(objValue.value) <= eval(strGreaterThan)) + { + if(!strError || strError.length ==0) + { + strError = objValue.name + " : value should be greater than "+ strGreaterThan; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + }//if +return ret; +} +function TestRegExp(objValue,strRegExp,strError) +{ +var ret = true; + if( objValue.value.length > 0 && + !objValue.value.match(strRegExp) ) + { + if(!strError || strError.length ==0) + { + strError = objValue.name+": Invalid characters found "; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + }//if +return ret; +} +function TestDontSelect(objValue,dont_sel_value,strError) +{ +var ret = true; + if(objValue.value == null) + { + sfm_show_error_msg("Error: dontselect command for non-select Item",objValue); + ret = false; + } + else + if(objValue.value == dont_sel_value) + { + if(!strError || strError.length ==0) + { + strError = objValue.name+": Please Select one option "; + }//if + sfm_show_error_msg(strError,objValue); + ret = false; + } +return ret; +} +function TestSelectOneRadio(objValue,strError) +{ + var objradio = objValue.form.elements[objValue.name]; + var one_selected=false; + for(var r=0;r < objradio.length;r++) + { + if(objradio[r].checked == "1") + { + one_selected=true; + break; + } + } + if(false == one_selected) + { + if(!strError || strError.length ==0) + { + strError = "Please select one option from "+objValue.name; + } + sfm_show_error_msg(strError,objValue); + } +return one_selected; +} + +function TestFileExtension(objValue,cmdvalue,strError) +{ + var ret=false; + var found=false; + + if(objValue.value.length <= 0) + {//The 'required' validation is not done here + return true; + } + + var extns = cmdvalue.split(";"); + for(var i=0;i < extns.length;i++) + { + ext = objValue.value.substr(objValue.value.length - extns[i].length,extns[i].length); + ext = ext.toLowerCase(); + if(ext == extns[i]) + { + found=true;break; + } + } + if(!found) + { + if(!strError || strError.length ==0) + { + strError = objValue.name + " allowed file extensions are: "+cmdvalue; + }//if + sfm_show_error_msg(strError,objValue); + ret=false; + } + else + { + ret=true; + } + return ret; +} + + +function validateInput(strValidateStr,objValue,strError) +{ + var ret = true; + var epos = strValidateStr.search("="); + var command = ""; + var cmdvalue = ""; + if(epos >= 0) + { + command = strValidateStr.substring(0,epos); + cmdvalue = strValidateStr.substr(epos+1); + } + else + { + command = strValidateStr; + } + switch(command) + { + case "req": + case "required": + { + ret = TestRequiredInput(objValue,strError) + break; + }//case required + case "maxlength": + case "maxlen": + { + ret = TestMaxLen(objValue,cmdvalue,strError) + break; + }//case maxlen + case "minlength": + case "minlen": + { + ret = TestMinLen(objValue,cmdvalue,strError) + break; + }//case minlen + case "alnum": + case "alphanumeric": + { + ret = TestInputType(objValue,"[^A-Za-z0-9]",strError, + objValue.name+": Only alpha-numeric characters allowed "); + break; + } + case "alnum_s": + case "alphanumeric_space": + { + ret = TestInputType(objValue,"[^A-Za-z0-9\\s]",strError, + objValue.name+": Only alpha-numeric characters and space allowed "); + break; + } + case "num": + case "numeric": + { + ret = TestInputType(objValue,"[^0-9]",strError, + objValue.name+": Only digits allowed "); + break; + } + case "alphabetic": + case "alpha": + { + ret = TestInputType(objValue,"[^A-Za-z]",strError, + objValue.name+": Only alphabetic characters allowed "); + break; + } + case "alphabetic_space": + case "alpha_s": + { + ret = TestInputType(objValue,"[^A-Za-z\\s]",strError, + objValue.name+": Only alphabetic characters and space allowed "); + break; + } + case "email": + { + ret = TestEmail(objValue,strError); + break; + } + case "lt": + case "lessthan": + { + ret = TestLessThan(objValue,cmdvalue,strError); + break; + } + case "gt": + case "greaterthan": + { + ret = TestGreaterThan(objValue,cmdvalue,strError); + break; + }//case greaterthan + case "regexp": + { + ret = TestRegExp(objValue,cmdvalue,strError); + break; + } + case "dontselect": + { + ret = TestDontSelect(objValue,cmdvalue,strError) + break; + } + case "dontselectchk": + { + ret = TestDontSelectChk(objValue,cmdvalue,strError) + break; + } + case "shouldselchk": + { + ret = TestShouldSelectChk(objValue,cmdvalue,strError) + break; + } + case "selone_radio": + { + ret = TestSelectOneRadio(objValue,strError); + break; + } + case "file_extn": + { + ret = TestFileExtension(objValue,cmdvalue,strError); + break; + } + }//switch + return ret; +} +function VWZ_IsListItemSelected(listname,value) +{ + for(var i=0;i < listname.options.length;i++) + { + if(listname.options[i].selected == true && + listname.options[i].value == value) + { + return true; + } + } + return false; +} +function VWZ_IsChecked(objcheck,value) +{ + if(objcheck.length) + { + for(var c=0;c < objcheck.length;c++) + { + if(objcheck[c].checked == "1" && + objcheck[c].value == value) + { + return true; + } + } + } + else + { + if(objcheck.checked == "1" ) + { + return true; + } + } + return false; +} +/* + Copyright (C) 2003-2008 JavaScript-Coder.com . All rights reserved. +*/ \ No newline at end of file diff --git a/js/login-panel.js b/js/login-panel.js new file mode 100644 index 0000000..ce2308a --- /dev/null +++ b/js/login-panel.js @@ -0,0 +1,66 @@ +/* Copyright 2012 BrewPi/Julien Mottin. + * This file is part of BrewPi. + + * BrewPi is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + + * BrewPi is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License + * along with BrewPi. If not, see . + */ + +$(document).ready(function(){ + "use strict"; + + //Maintenance Panel + $('#login-panel') + .dialog({ + autoOpen: false, + title: 'Login Panel', + height: 210, + width: 300 + }).tabs(); + + // unhide after loading + $("#login-panel").css("visibility", "visible"); + + $("button#login").button({ icons: {primary: "ui-icon-newwin" } }).unbind('click').click(function(){ + $("#login-panel").dialog("open"); + }); + + $("#submit").click(function() { + // get all the inputs into an array. + var $inputs = $('#loginForm :input'); + + // not sure if you wanted this, but I thought I'd add it. + // get an associative array of just the values. + var values = {}; + $inputs.each(function() { + values[this.name] = $(this).val(); + }); + + loginToDB(values['username'],values['password']); + + }); + +}); + +function loginToDBCallback(data,status){ + $("#login-panel").dialog("close"); + if ('FAILURE'==data) { + alert("Login failed!"); + } + else { + location.reload(); + } +} + +function loginToDB(userName, passWord) { + $.post("login.php",{username:userName,password:passWord,submitted:1},loginToDBCallback); +} diff --git a/js/pwdwidget.js b/js/pwdwidget.js new file mode 100644 index 0000000..99d77cb --- /dev/null +++ b/js/pwdwidget.js @@ -0,0 +1,285 @@ +/* +* +* Password Widget 1.0 +* +* This script is distributed under the GNU Lesser General Public License. +* Read the entire license text here: http://www.gnu.org/licenses/lgpl.html +* +* Copyright (C) 2009 HTML Form Guide +* http://www.html-form-guide.com/ +*/ + +function PasswordWidget(divid,pwdname) +{ + this.maindivobj = document.getElementById(divid); + this.pwdobjname = pwdname; + + this.MakePWDWidget=_MakePWDWidget; + + this.showing_pwd=1; + this.txtShow = 'Show'; + this.txtMask = 'Mask'; + this.txtGenerate = 'Generate'; + this.txtWeak='weak'; + this.txtMedium='medium'; + this.txtGood='good'; + + this.enableShowMask=true; + this.enableGenerate=true; + this.enableShowStrength=true; + this.enableShowStrengthStr=true; + +} + +function _MakePWDWidget() +{ + var code=""; + var pwdname = this.pwdobjname; + + this.pwdfieldid = pwdname+"_id"; + + code += ""; + + this.pwdtxtfield=pwdname+"_text"; + + this.pwdtxtfieldid = this.pwdtxtfield+"_id"; + + code += ""; + + this.pwdshowdiv = pwdname+"_showdiv"; + + this.pwdshow_anch = pwdname + "_show_anch"; + + code += ""; + + this.pwdgendiv = pwdname+"_gendiv"; + + this.pwdgenerate_anch = pwdname + "_gen_anch"; + + code += ""; + + this.pwdstrengthdiv = pwdname + "_strength_div"; + + code += "
    "; + + this.pwdstrengthbar = pwdname + "_strength_bar"; + + code += "
    "; + + this.pwdstrengthstr = pwdname + "_strength_str"; + + code += "
    "; + + code += "
    "; + + this.maindivobj.innerHTML = code; + + this.pwdfieldobj = document.getElementById(this.pwdfieldid); + + this.pwdfieldobj.pwdwidget=this; + + this.pwdstrengthbar_obj = document.getElementById(this.pwdstrengthbar); + + this.pwdstrengthstr_obj = document.getElementById(this.pwdstrengthstr); + + this._showPasswordStrength = passwordStrength; + + this.pwdfieldobj.onkeyup=function(){ this.pwdwidget._onKeyUpPwdFields(); } + + this._showGeneatedPwd = showGeneatedPwd; + + this.generate_anch_obj = document.getElementById(this.pwdgenerate_anch); + + this.generate_anch_obj.pwdwidget=this; + + this.generate_anch_obj.onclick = function(){ this.pwdwidget._showGeneatedPwd(); } + + this._showpwdchars = showpwdchars; + + this.show_anch_obj = document.getElementById(this.pwdshow_anch); + + this.show_anch_obj.pwdwidget = this; + + this.show_anch_obj.onclick = function(){ this.pwdwidget._showpwdchars();} + + this.pwdtxtfield_obj = document.getElementById(this.pwdtxtfieldid); + + this.pwdtxtfield_obj.pwdwidget=this; + + this.pwdtxtfield_obj.onkeyup=function(){ this.pwdwidget._onKeyUpPwdFields(); } + + + this._updatePwdFieldValues = updatePwdFieldValues; + + this._onKeyUpPwdFields=onKeyUpPwdFields; + + if(!this.enableShowMask) + { document.getElementById(this.pwdshowdiv).style.display='none';} + + if(!this.enableGenerate) + { document.getElementById(this.pwdgendiv).style.display='none';} + + if(!this.enableShowStrength) + { document.getElementById(this.pwdstrengthdiv).style.display='none';} + + if(!this.enableShowStrengthStr) + { document.getElementById(this.pwdstrengthstr).style.display='none';} +} + +function onKeyUpPwdFields() +{ + this._updatePwdFieldValues(); + this._showPasswordStrength(); +} + +function updatePwdFieldValues() +{ + if(1 == this.showing_pwd) + { + this.pwdtxtfield_obj.value = this.pwdfieldobj.value; + } + else + { + this.pwdfieldobj.value = this.pwdtxtfield_obj.value; + } +} + +function showpwdchars() +{ + var innerText=''; + var pwdfield = this.pwdfieldobj; + var pwdtxt = this.pwdtxtfield_obj; + var field; + if(1 == this.showing_pwd) + { + this.showing_pwd=0; + innerText = this.txtMask; + + pwdtxt.value = pwdfield.value; + pwdfield.style.display='none'; + pwdtxt.style.display=''; + pwdtxt.focus(); + } + else + { + this.showing_pwd=1; + innerText = this.txtShow; + pwdfield.value = pwdtxt.value; + pwdtxt.style.display='none'; + pwdfield.style.display=''; + pwdfield.focus(); + + } + this.show_anch_obj.innerHTML = innerText; + +} + +function passwordStrength() +{ + var colors = new Array(); + colors[0] = "#cccccc"; + colors[1] = "#ff0000"; + colors[2] = "#ff5f5f"; + colors[3] = "#56e500"; + colors[4] = "#4dcd00"; + colors[5] = "#399800"; + + var pwdfield = this.pwdfieldobj; + var password = pwdfield.value + + var score = 0; + + if (password.length > 6) {score++;} + + if ( ( password.match(/[a-z]/) ) && + ( password.match(/[A-Z]/) ) ) {score++;} + + if (password.match(/\d+/)){ score++;} + + if ( password.match(/[^a-z\d]+/) ) {score++}; + + if (password.length > 12){ score++;} + + var color=colors[score]; + var strengthdiv = this.pwdstrengthbar_obj; + + strengthdiv.style.background=colors[score]; + + if (password.length <= 0) + { + strengthdiv.style.width=0; + } + else + { + strengthdiv.style.width=(score+1)*10+'px'; + } + + var desc=''; + if(password.length < 1){desc='';} + else if(score<3){ desc = this.txtWeak; } + else if(score<4){ desc = this.txtMedium; } + else if(score>=4){ desc= this.txtGood; } + + var strengthstrdiv = this.pwdstrengthstr_obj; + strengthstrdiv.innerHTML = desc; +} + +function getRand(max) +{ + return (Math.floor(Math.random() * max)); +} + +function shuffleString(mystr) +{ + var arrPwd=mystr.split(''); + + for(i=0;i< mystr.length;i++) + { + var r1= i; + var r2=getRand(mystr.length); + + var tmp = arrPwd[r1]; + arrPwd[r1] = arrPwd[r2]; + arrPwd[r2] = tmp; + } + + return arrPwd.join(""); +} + +function showGeneatedPwd() +{ + var pwd = generatePWD(); + this.pwdfieldobj.value= pwd; + this.pwdtxtfield_obj.value =pwd; + + this._showPasswordStrength(); +} + +function generatePWD() +{ + var maxAlpha = 26; + var strSymbols="~!@#$%^&*(){}?><`=-|]["; + var password=''; + for(i=0;i<3;i++) + { + password += String.fromCharCode("a".charCodeAt(0) + getRand(maxAlpha)); + } + for(i=0;i<3;i++) + { + password += String.fromCharCode("A".charCodeAt(0) + getRand(maxAlpha)); + } + for(i=0;i<3;i++) + { + password += String.fromCharCode("0".charCodeAt(0) + getRand(10)); + } + for(i=0;i<4;i++) + { + password += strSymbols.charAt(getRand(strSymbols.length)); + } + + password = shuffleString(password); + password = shuffleString(password); + password = shuffleString(password); + + return password; +} \ No newline at end of file diff --git a/login-panel.php b/login-panel.php new file mode 100644 index 0000000..cb6cc6f --- /dev/null +++ b/login-panel.php @@ -0,0 +1,46 @@ +. + */ +?> + + + +
    +
    +
    + Login +
    * required fields
    +
    + GetErrorMessage(); ?>
    +
    +
    + ' maxlength="50" />
    + +
    +
    +
    +
    + +
    +
    + +
    +
    +
    +
    \ No newline at end of file diff --git a/login.php b/login.php new file mode 100644 index 0000000..540efb6 --- /dev/null +++ b/login.php @@ -0,0 +1,10 @@ +Login(); +if ($fgmembersite->CheckLogin()) { + $fgmembersite->RedirectToURL("./"); +} +else { + echo 'FAILURE'; +} +?> diff --git a/logout.php b/logout.php new file mode 100644 index 0000000..8cd5e34 --- /dev/null +++ b/logout.php @@ -0,0 +1,40 @@ +. + */ +?> +LogOut(); +?> + + + + + Logout + + + +

    You have logged out

    +

    Back to website

    + + + + +RedirectToURLAfterTimer("./",1); +?> \ No newline at end of file diff --git a/maintenance-panel.php b/maintenance-panel.php index 51c2ccf..bc04786 100644 --- a/maintenance-panel.php +++ b/maintenance-panel.php @@ -66,7 +66,7 @@

    Script stderr output will auto-refresh while programming if you keep this tab open

    -
    +
    @@ -410,7 +410,7 @@

    stderr:

    -
    +

    stdout:

    diff --git a/register.php b/register.php new file mode 100644 index 0000000..8824e2b --- /dev/null +++ b/register.php @@ -0,0 +1,92 @@ +RegisterUser()) + { + $fgmembersite->RedirectToURL("thank-you.html"); + } +} + +?> + + + + + Contact us + + + + + + + + +
    +
    +
    +Register + + + +
    * required fields
    + + +
    GetErrorMessage(); ?>
    +
    +
    + ' maxlength="50" />
    + +
    +
    +
    + ' maxlength="50" />
    + +
    +
    +
    + ' maxlength="50" />
    + +
    +
    +
    +
    + +
    +
    + +
    + +
    + +
    +
    + + + + + + + + \ No newline at end of file diff --git a/thank-you-regd.html b/thank-you-regd.html new file mode 100644 index 0000000..fa73073 --- /dev/null +++ b/thank-you-regd.html @@ -0,0 +1,17 @@ + + + + + Thank you! + + + +
    +

    Thanks for registering!

    +Your registration is now complete. +

    +Click here to login +

    +
    + + diff --git a/thank-you.html b/thank-you.html new file mode 100644 index 0000000..d196bc1 --- /dev/null +++ b/thank-you.html @@ -0,0 +1,15 @@ + + + + + Thank you! + + + +
    +

    Thanks for registering!

    +Your confirmation email is on its way. Please click the link in the +email to complete the registration. +
    + + From af71d506298b2b0c331f4acdaa139b37eabe7164 Mon Sep 17 00:00:00 2001 From: Julien Mottin Date: Thu, 28 Nov 2013 09:13:37 +0100 Subject: [PATCH 3/7] fix login import --- .gitignore | 7 ++++++- control-panel.php | 4 ++-- index.php | 1 + 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 777c2b1..82e8b78 100644 --- a/.gitignore +++ b/.gitignore @@ -169,4 +169,9 @@ docs/build userSettings.json do_not_run_brewpi config_user.php -.idea/* \ No newline at end of file +.idea/* + +############# +## database +############# +phpmyadmin diff --git a/control-panel.php b/control-panel.php index 8a652bb..3eb0685 100644 --- a/control-panel.php +++ b/control-panel.php @@ -27,8 +27,8 @@
  • Fridge constant
  • Off
    • CheckLogin() { - echo ''; } ?>
    diff --git a/index.php b/index.php index c2e81c0..bc1df6c 100644 --- a/index.php +++ b/index.php @@ -101,6 +101,7 @@ + From cc3275380c6235f3765d113a486b4df776e4a51e Mon Sep 17 00:00:00 2001 From: "julien@gueydan.eu" Date: Fri, 29 Nov 2013 07:37:43 +0100 Subject: [PATCH 4/7] Force login to modify beer name --- beer-panel.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/beer-panel.php b/beer-panel.php index 4a77e72..b104b5f 100644 --- a/beer-panel.php +++ b/beer-panel.php @@ -33,7 +33,15 @@
    - Fermenting: + Fermenting: + CheckLogin()) { + echo '' . $beerName . ''; + } + else { + echo $beerName; + } + ?>
    From 88e743c61ce399168859be3a4bde2eaa475ee866 Mon Sep 17 00:00:00 2001 From: Brewpi Gueydan Build Date: Fri, 29 Nov 2013 06:47:05 +0000 Subject: [PATCH 5/7] add include/membersite_config.php to ignore list --- .gitignore | 2 ++ include/membersite_config.php | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 82e8b78..49b8d34 100644 --- a/.gitignore +++ b/.gitignore @@ -175,3 +175,5 @@ config_user.php ## database ############# phpmyadmin +include/membersite_config.php + diff --git a/include/membersite_config.php b/include/membersite_config.php index 085ee3a..67fbb7a 100644 --- a/include/membersite_config.php +++ b/include/membersite_config.php @@ -15,13 +15,13 @@ //by itself on submitting register.php for the first time $fgmembersite->InitDB(/*hostname*/'localhost', /*username*/'brewpi', - /*password*/'brewpi', + /*password*/'3sUurPWsLyS8Wpse', /*database name*/'brewpi', /*table name*/'fgusers'); //For better security. Get a random string from this link: http://tinyurl.com/randstr // and put it here -$fgmembersite->SetRandomKey('7Z3SQqt9bGd276BFPaht0'); +$fgmembersite->SetRandomKey('7Z3Sqt9Gd276TA6FPaht0'); ?> From 392941b5aba7086bd1c7602e3bea18e89bf01bde Mon Sep 17 00:00:00 2001 From: "julien@gueydan.eu" Date: Fri, 29 Nov 2013 07:57:21 +0100 Subject: [PATCH 6/7] remove membersite_config from tracking --- include/membersite_config.php | 27 --------------------------- 1 file changed, 27 deletions(-) delete mode 100644 include/membersite_config.php diff --git a/include/membersite_config.php b/include/membersite_config.php deleted file mode 100644 index 67fbb7a..0000000 --- a/include/membersite_config.php +++ /dev/null @@ -1,27 +0,0 @@ -SetWebsiteName('brewpi'); - -//Provide the email address where you want to get notifications -$fgmembersite->SetAdminEmail('julien@gueydan.eu'); - -//Provide your database login details here: -//hostname, user name, password, database name and table name -//note that the script will create the table (for example, fgusers in this case) -//by itself on submitting register.php for the first time -$fgmembersite->InitDB(/*hostname*/'localhost', - /*username*/'brewpi', - /*password*/'3sUurPWsLyS8Wpse', - /*database name*/'brewpi', - /*table name*/'fgusers'); - -//For better security. Get a random string from this link: http://tinyurl.com/randstr -// and put it here -$fgmembersite->SetRandomKey('7Z3Sqt9Gd276TA6FPaht0'); - -?> - From cdea21ec65ad4d1c1c6d3f2d6acc5489fba3f19a Mon Sep 17 00:00:00 2001 From: "julien@gueydan.eu" Date: Fri, 29 Nov 2013 07:59:27 +0100 Subject: [PATCH 7/7] deliver a membersite_config.php example file --- include/membersite_config.php.example | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 include/membersite_config.php.example diff --git a/include/membersite_config.php.example b/include/membersite_config.php.example new file mode 100644 index 0000000..256d035 --- /dev/null +++ b/include/membersite_config.php.example @@ -0,0 +1,27 @@ +SetWebsiteName('brewpi'); + +//Provide the email address where you want to get notifications +$fgmembersite->SetAdminEmail('julien@gueydan.eu'); + +//Provide your database login details here: +//hostname, user name, password, database name and table name +//note that the script will create the table (for example, fgusers in this case) +//by itself on submitting register.php for the first time +$fgmembersite->InitDB(/*hostname*/'localhost', + /*username*/'brewpi', + /*password*/'brewpi', + /*database name*/'brewpi', + /*table name*/'fgusers'); + +//For better security. Get a random string from this link: http://tinyurl.com/randstr +// and put it here +$fgmembersite->SetRandomKey('7Z3Sqt9Gd276TA6FPaht0'); + +?> +