require './php/mysql.php';
#require './php/access.php';
Global $newsubtutorialHREF,$subtutorialsList,$subpageID,$subtutorialID,$subtutorialDate,$mylowestsubtutorialID,$subtutorialDeletes;
$db=0;
$db=oc();
$mycookie='_ziToolkitvis'; # echo getenv("HTTP_COOKIE");
$fuserID=get_cookie($mycookie); $specialjs='';
$setUID=(isset($_GET['u']))?$_GET['u']:'';$setT=(isset($_GET['t']))?$_GET['t']:'';
$fuserID=($setUID)?$setUID:$fuserID; $fuserID=(strlen($fuserID))?$fuserID:0;
$userID=0; $ouserID=0; $tutorialKey=0;
$giwdirection=0; getinwardlogon();
### inward login redirects
$inwardlogon=($giwdirection==2 && isset($goafterlogin))?$goafterlogin:'';
$inwardlogon=($giwdirection==1 && isset($goafterregister))?$goafterregister:$inwardlogon;
if($inwardlogon){
$nloc=$inwardlogon.((preg_match("/\?/",$inwardlogon))?'&':'?').'t='.$setT.'&u='.$fuserID;
print "\n
\nLogon\n\n
\n \n";
close_conn($db);exit;}
if(preg_match("/^[0-9]+\_[0-9]+$/",$fuserID,$g)){$a=split("_",$fuserID); $userID=$a[0];}
#echo "$userID cc $fuserID";
$ispasschange=(preg_match("/$passchangePageName/",getenv('SCRIPT_NAME')))?1:0;
#echo 'ispasschange '.$ispasschange.'
';
if($ispasschange && (!$userID)){goLog($dbLogURL.'?or='.goHex(getenv("HTTP_REFERER")).'&cp=1');close_conn($db); exit; }
$now=time();
$logout=($userID)?'javascript:logMove(\''.$mycookie.'\',\''.$dbLogURL.'?logout='.$userID.'_3'.'\')':
$dbLogURL.'?or='.goHex(getenv("HTTP_REFERER"));
$logoutText=($userID)?'logout':'login';
$groupID=(isSet($groupID))?$groupID:0; #echo 'gg '.$groupID;
$error=' '; $User_name=$Password='';
$errorspan='ERROR! ';
##### change username and password
if($ispasschange){ $error='';
$isupdate=(isset($_POST{'changepass'}))?1:0;
if($isupdate){
$User_name=(isset($_POST{'User_name'}))?trim($_POST{'User_name'}):'';
$Password=(isset($_POST{'Password'}))?trim($_POST{'Password'}):'';
$User_name=preg_replace("/[^A-Za-z0-9\-\_\.\@]/",'',$User_name);
$Password=preg_replace("/[^A-Za-z0-9\-\_\.\@]/",'',$Password);
if(!(strlen($User_name)>5 && strlen($User_name)<=70)){$error.='
Username must be 6-70 characters long';}
if(!(strlen($Password)>5 && strlen($Password)<=70)){$error.='
Password must be 6-70 characters long';}
$error=($error)?$errorspan.$error.'':'';
### check duplicates
if(!$error){
$crit="User_name = '$User_name'";
$x=get_one($db,'HBadmin_primaryuser','userID',$crit);
if($x && !($x==$userID)){$error='Sorry - Username '.$User_name.' is already in use';}
$error=($error)?$errorspan.$error.'':'';
} # end if(!$error){
if(!$error){
$crit="userID = $userID"; $fldset="User_name = '$User_name',Password = '$Password'";
update_data($db,'HBadmin_primaryuser',$fldset,$crit);
$error="Your Login details have been updated:
Username: $User_name
Password: $Password";
} # end if(!$error){
#$Password=($error)?'':$Password;
} # end if($isupdate){
else{
$crit="userID = $userID";
$User_name=get_one($db,'HBadmin_primaryuser','User_name',$crit);
$Password=get_one($db,'HBadmin_primaryuser','Password',$crit);
}
} ## end if($ispasschange){
### correct urls sent in
$eq=(isset($_GET{'eq'}))?$_GET{'eq'}:''; $or=(isset($_GET{'or'}))?$_GET{'or'}:'';
$or=preg_replace("/\?.*/",'',$or);
$eq=preg_replace("/\?.*/",'',$eq);
$or=(preg_match("/$loginPageName/",$or)||preg_match("/$registerPageName/",$or)||preg_match("/$passchangePageName/",$or)||preg_match("/$passreminderPageName/",$or))?'':$or;
$eq=(preg_match("/$loginPageName/",$eq)||preg_match("/$registerPageName/",$eq)||preg_match("/$passchangePageName/",$eq)||preg_match("/$passreminderPageName/",$or))?'':$eq;
$originalReferer=$or; $lastEntryURL=$eq;
$loginlink=$loginPageName.(($or || $eq)?'?':'').(($eq)?'eq='.goHex($eq):'').(($or && $eq)?'&':'').(($or)?'or='.goHex($or):'');
$registerlink=$registerPageName.(($or || $eq)?'?':'').(($eq)?'eq='.goHex($eq):'').(($or && $eq)?'&':'').(($or)?'or='.goHex($or):'');
### add organisation,owner,tutorial if not present
#### organisation - iT_Organisations ###############################
if(isset($organisationID) && $db){
$crit="organisationID = '$organisationID'";
$fldset="dateUpdated = $now";
$flds='orgKey,userID,organisationID,organisationName,Title,Forename,Surname,eMail,dateCreated,dateUpdated';
$vals="'',0,'$organisationID','','','','','',$now,$now";
$orgKey=get_one($db,'iT_Organisations','orgKey',$crit);
if(!$orgKey){
$ret=insert_data($db,'iT_Organisations',$flds,$vals); #echo $ret.'
';
$orgKey=get_one($db,'iT_Organisations','orgKey',$crit);}}
#echo "orgKey $orgKey
";
#### owner - iT_Owners ###############################
if(isset($ownerID) && $db){ $orgKey=($orgKey)?$orgKey:0;
$crit="ownerID = '$ownerID'";
$fldset="dateUpdated = $now";
$flds='ownerKey,userID,orgKey,ownerID,Title,Forename,Surname,eMail,dateCreated,dateUpdated';
$vals="'',0,$orgKey,'$ownerID','','','','',$now,$now";
$ownerKey=get_one($db,'iT_Owners','ownerKey',$crit);
if(!$ownerKey){
$ret=insert_data($db,'iT_Owners',$flds,$vals); #echo $ret.'
';
$ownerKey=get_one($db,'iT_Owners','ownerKey',$crit);}}
#echo "ownerKey $ownerKey
";
#### tutorial - iT_Tutorials ###############################
if(isset($tutorialID) && $db){ $ownerKey=($ownerKey)?$ownerKey:0; $orgKey=($orgKey)?$orgKey:0;
$crit="tutorialID = '$tutorialID'";
$fldset="dateUpdated = $now";
$flds='tutorialKey,ownerKey,tutorialID,tutorialName,tutorialURL,dateCreated,dateUpdated';
$vals="'',$ownerKey,'$tutorialID','','',$now,$now";
$tutorialKey=get_one($db,'iT_Tutorials','tutorialKey',$crit);
if(!$tutorialKey){
$ret=insert_data($db,'iT_Tutorials',$flds,$vals); # echo "$ret".'
';
$tutorialKey=get_one($db,'iT_Tutorials','tutorialKey',$crit);}}
#echo "tutorialKey $tutorialKey
";
##### user details #################################################
$Title=$Forename=$Surname=$Organisation=$Email=$Country=$LastResponseEp='';
$User_name=(isset($User_name))?$User_name:'';
$LastResponse='None recorded';
if($userID){
#get_user_data($userID);
$crit="userID=$userID"; if(isInt($tutorialKey)){$crit.=" AND tutorialKey=$tutorialKey";}
$LastResponseEp=get_max($db,'iT_Responses','dateUpdated',$crit);
}
if($LastResponseEp){$d=getdate($LastResponseEp);$LastResponse=$d["mday"].' '.$d["month"].' '.$d["year"];}
# echo "$LastResponse $User_name";
##### end user details #################################################
#### delete tutorial responses (requires $tutorialKey) #######
$deletemessage='';
$isdelresponses=(isset($_POST{'deleteresponses'}))?1:0;
$delmethod=(isset($_POST{'deleteresponsesoption'}))?$_POST{'deleteresponsesoption'}:'';
$mysubtutorialID=(preg_match("/\_([0-9]+)$/",$delmethod,$g))?$g[1]:'';
if($isdelresponses){
$deletemessage=(preg_match("/all\_tutorials/",$delmethod))?'All your responses for all tutorials now deleted.':'All your responses for this tutorial now deleted.';
$deletemessage=($mysubtutorialID)?'All your responses for this tutorial Set '.$mysubtutorialID.' now deleted.':$deletemessage;
$crit="userID = $userID";
$crit.=(preg_match("/all\_tutorials/",$delmethod))?'':" AND tutorialKey = $tutorialKey";
$crit.=($mysubtutorialID)?" AND subtutorialID = $mysubtutorialID":'';
#echo "\$crit $crit";
if($userID && $tutorialKey){ delete_data($db,'iT_Responses',$crit);}
#echo $crit;
} # end if($isdelresponses){
### subtutorialID
############ tutorial ID ##########################################
if($userID && $tutorialKey){
$mylowestsubtutorialID=0;
$subtutorialsList=getsubtutorialsList($tutorialKey,$userID); ## here to get min subtutorialID for following functs
$newsubtutorialHREF=newsubtutorialID($tutorialKey);
$subtutorialCookie='ziToolkitTutID';
$subFacts=(isset($_GET['subtutorialID']))?$_GET['subtutorialID']:get_cookie($subtutorialCookie);
$mA=split("_",$subFacts);
$subtutorialID=(isset($mA[0]))?$mA[0]:''; $subtutorialDate=(isset($mA[1]))?$mA[1]:'';
$subtutorialID=($subtutorialID)?$subtutorialID:$mylowestsubtutorialID;
$subtutorialID=($subtutorialID)?$subtutorialID:1;
$subtutorialDate=($subtutorialDate)?$subtutorialDate:get_one($db,'iT_Responses','subtutorialDate',"userID = $userID AND tutorialKey = $tutorialKey and subtutorialID = $subtutorialID");
$subtutorialDate=($subtutorialDate)?$subtutorialDate:time();
echo '';
} # end if($userID && $tutorialKey){
##### login #######
if(isset($_POST{'login'})){ $error='';
$User_name=(isset($_POST{'User_name'}))?trim($_POST{'User_name'}):'';
$Password=(isset($_POST{'Password'}))?trim($_POST{'Password'}):'';
if(!strlen($User_name)){$error.='Username';}
if(!strlen($Password)){$error.=(($error)?' and ':'').'Password';}
$error=($error)?$errorspan.'Please supply '.$error.'':'';
$Password=($error)?'':$Password;
if((!$error) && $db){
$crit="User_name = '$User_name' AND Password = '$Password'";
$userID=get_one($db,'HBadmin_primaryuser','userID',$crit);
$userID=isVal($userID)?$userID:0;
if(!$userID){$Password='';$error=$errorspan.'User unknown or password incorrect.';}
#echo $userID.' '.$crit; die;
} # end if(!$error){
if(!$error){
### update user data
$now=time();
$crit="userID = $userID";
$fldset="dateUpdated = $now";
$fldset.=($originalReferer)?",originalReferer = '$originalReferer'":'';
$fldset.=($lastEntryURL)?",lastEntryURL = '$lastEntryURL'":'';
update_data($db,'iT_Tusers',$fldset,$crit);
if(!$lastEntryURL){$lastEntryURL=get_one($db,'iT_Tusers','lastEntryURL',$crit);}
## update logtables
$userType='Tuser';
$userTable='Tuserstable';
$ulIP=getenv('REMOTE_ADDR');
$ulFacts=getenv("HTTP_USER_AGENT").'|'.getenv("HTTP_ACCEPT_LANGUAGE");
$ulFacts=preg_replace("/[\r\n\s]/",'',$ulFacts);$ulFacts=preg_replace("/\'/",'$#39;',$ulFacts);
$ulTime=$now;
$flds=$userlogfields;
$vals="$userID,'$userType',0,'$ulIP','$ulFacts',$ulTime,'$userTable'";
$fldset="ulIP = '$ulIP',ulFacts = '$ulFacts',ulTime = $ulTime";
$crit="userID = $userID AND userType = '$userType' AND userTable = '$userTable'";
$ret=insOrUp($db,'HBfunctions_userlog',$flds,$vals,$fldset,$crit,'userID',1);
# echo('did ulog '.$ret);
## update usage log
$flds=$UsageLogfields;
$vals="'',$userID,$now,0,0,0";
insert_data($db,'HBadmin_UsageLog',$flds,$vals);
# echo('did uulog '.$ret);
#echo "le $lastEntryURL
or $originalReferer";
$lastEntryURL=(isset($goafterlogin))?$goafterlogin:$lastEntryURL;
#$lastEntryURL='';
if($lastEntryURL){
$nloc=$lastEntryURL.((preg_match("/\?/",$lastEntryURL))?'&':'?').'t='.$now.'&u='.$userID.'_3';
#print 'gotin '.$go;
print "\n\nLogon\n\n
\n \n";
close_conn($db);exit;} # end if($lastEntryURL){
else{$User_name='';
$logout=($userID)?'javascript:logMove(\''.$mycookie.'\',\''.$dbLogURL.'?logout='.$userID.'_3'.'\')':
$dbLogURL.'?or='.goHex(getenv("HTTP_REFERER"));
$logoutText=($userID)?'logout':'login';
$error='You are now logged in';}
} ### end if(!$error);
} # end if(isset($_POST{'login'})){
### logout
elseif(isset($_GET{'logout'})){ $ouserID=$_GET{'logout'};
if(preg_match("/^[0-9]+\_[0-9]+$/",$ouserID,$g)){$a=split("_",$ouserID); $ouserID=$a[0];}
if(isVal($ouserID)){
$crit="userID = $ouserID";
$d=get_max($db,'HBadmin_UsageLog','LoginDateTime',$crit);
#echo ('d '.$d.' '.$crit);
if($d>0){ $crit="userID = $ouserID AND LoginDateTime = $d";
$fldset="LogoutDateTime = $now";
update_data($db,'HBadmin_UsageLog',$fldset,$crit); }
$fldset="ulTime = 0";
$crit="userID = $ouserID";
update_data($db,'HBfunctions_userlog',$fldset,$crit);}
#echo "$ouserID cc $ouserID";
$gothen=(isset($goafterlogout))?$goafterlogout:'';
if($gothen){
print "\n\nLogon\n\n
\n \n";
close_conn($db);exit;
} # end if($gothen){
} # end elseif(isset($_GET{'logout'})){
##### register #######
elseif(isset($_POST{'register'})){ $error='';
$User_name=(isset($_POST{'User_name'}))?trim($_POST{'User_name'}):'';
$Password=(isset($_POST{'Password'}))?trim($_POST{'Password'}):'';
$User_name=preg_replace("/[^A-Za-z0-9\-\_\.\@]/",'',$User_name);
$Password=preg_replace("/[^A-Za-z0-9\-\_\.\@]/",'',$Password);
if(!(strlen($User_name)>5 && strlen($User_name)<=70)){$error.='
Username must be 6-70 characters long';}
if(!(strlen($Password)>5 && strlen($Password)<=70)){$error.='
Password must be 6-70 characters long';}
$error=($error)?$errorspan.$error.'':'';
$Password=($error)?'':$Password;
if((!$error) && $db){
$crit="User_name = '$User_name' AND Password = '$Password'";
$userID=get_one($db,'HBadmin_primaryuser','userID',$crit);
#echo $userID.' '.$crit.'
';
$userID=isVal($userID)?$userID:0;
if($userID){$userID='';$error=$errorspan.'Sorry - Username '.$User_name.' is
already in use.';}
#echo $userID.' '.$crit;
} # end if(!$error){
if(!$error){
$flds=$primaryuserfields;
$userType='Tuser';
$detailstablevar='Tuserstable';
$vals="'','$userType','$User_name','$Password','$detailstablevar',$now,$now,0,0";
insert_data($db,'HBadmin_primaryuser',$flds,$vals);
$crit="User_name = '$User_name' AND Password = '$Password'";
$userID=get_one($db,'HBadmin_primaryuser','userID',$crit);
$userID=isVal($userID)?$userID:0;
if($userID){
$flds=$Tusersfields;
$vals="'',$userID,'$lastEntryURL','$originalReferer','','$User_name','','','','',$now,$now";
insert_data($db,'iT_Tusers',$flds,$vals);
$goreg=(isset($goafterregister))?$goafterregister:'';
$golog=(isset($goafterlogin))?$goafterlogin:'';
$gothen=($goreg)?$goreg:$golog;
$goafter=($gothen)?'&xnlog='.$gothen:'';
$nloc=$loginPageName.'?c='.$userID.'&cc='.$now.$goafter;
#print 'gotin '.$go;
print "\n\nLogon\n\n
\n \n";
close_conn($db);exit;
} # end if($userID){
} ### end if(!$error);
} # end elseif(isset($_POST{'register'})){
#### setup page on new registration
if(isset($_GET{'c'}) && isset($_GET{'cc'}) && !(isset($_POST{'login'}))){
$userID=(isset($_GET{'c'}))?$_GET{'c'}:'';
$cc=$_GET{'cc'};
$crit="userID = $userID AND dateUpdated = $cc";
$User_name=get_one($db,'HBadmin_primaryuser','User_name',$crit);
$Password=get_one($db,'HBadmin_primaryuser','Password',$crit);
#$Password=(isset($_GET{'b'}))?$_GET{'b'}:'';
if($User_name){ $now=time(); $now++;
$crit="userID = $userID"; $fldset="dateUpdated = $now";
update_data($db,'HBadmin_primaryuser',$fldset,$crit);
$error="Registration successful. Please make a note of your logon details,
then click 'LOGIN' to continue.
Username: ".$User_name."
Password: ".$Password."";
}
}#end if(isset($_GET{'c'})){
$error=($error)?$error:' ';
if($userID && (!$ispasschange)){$error="You are already logged in.";}
### sets cookie and fills form ######
$specialjs="
var genexpdate = new Date(); var fuserID='".$ouserID."';var guserID='".$userID."'; var gencookieName='".$mycookie."';
genexpdate.setTime(genexpdate.getTime() + (60 * 60 * 1000));
if(fuserID != 0){gensetCookie(gencookieName,0,'');} // logout
else if(guserID != 0){gensetCookie(gencookieName,guserID+'_3',genexpdate);} // login
//var curvisval=autoSetCookie(gencookieName,'0',genexpdate);
var DBinValues='';
var logoutLink=\"$logout\";
var logoutText='$logoutText';
";
#### goafterlogin following register:
if(isset($_GET['xnlog'])){ $nloc=$_GET['xnlog'];
print "\n\nLogon
\n
\n \n";
close_conn($db);exit;
} ### end if(isset($_GET['xnlog']))
## close database
close_conn($db);
#phpinfo();
########################## ########new pageID ##########################
function newsubtutorialID($tutorialKey,$pageName='') {
Global $userID;
$db=oc();
$crit="userID = $userID AND tutorialKey = $tutorialKey";
$n=get_max($db,'iT_Responses','subtutorialID',$crit); $n++;
$ret=$pageName."?subtutorialID=$n".'_'.time();close_conn($db); return $ret; }
########################################################################
function lzero($i,$n=10){ while(strlen($i)<$n){$i="0$i";} return $i;}
##############
function isVal($i){$x=(preg_match("/^[1-9][0-9]*$/",$i))?1:0;return $x;}
function isInt($i){$x=(preg_match("/^[0-9]+$/",$i))?1:0;return $x;}
function isEl($i){$x=(preg_match("/^[1-4]$/",$i))?1:0;return $x;}
##############
function goLog($nLoc){
echo "\n
\n\n