<?php
///////////////////////////////////////////////////////////////////////////////////////////////////////////
// Sitelok (Password Version) V2.50 //
///////////////////////////////////////////////////////////////////////////////////////////////////////////
error_reporting (E_ALL ^ E_NOTICE);
if (!empty($_GET)) while(list($name, $value) = each($_GET)) $$name = $value;
if (!empty($_POST)) while(list($name, $value) = each($_POST)) $$name = $value;
require_once("getconfig.php");
if ($sitelokaction=="modifyprofile")
require_once("sitelokapi.php");
// Don't change message text here. Change the settings in slconfig.php if necessary
if (!defined('MSG_ACCDEN'))
define("MSG_ACCDEN","Access Denied");
if (!defined('MSG_DBPROB'))
define("MSG_DBPROB","There was a database problem");
if (!defined('MSG_WRONGGROUP'))
define("MSG_WRONGGROUP","Your membership does not allow access to this page");
if (!defined('MSG_EXPIRED'))
define("MSG_EXPIRED","Access to this page is blocked because your membership has expired");
if (!defined('MSG_ACCESSFILE'))
define("MSG_ACCESSFILE","You are not allowed access to this file");
if (!defined('MSG_FILEOPEN'))
define("MSG_FILEOPEN","Sitelok could not open the file");
if (!defined('MSG_DOWNEXP'))
define("MSG_DOWNEXP","Sorry but this download link has expired");
if (!defined('MSG_TURING1'))
define("MSG_TURING1","Turing code did not match");
if (!defined('MSG_PASSEMAIL'))
define("MSG_PASSEMAIL","Your login details have been emailed to you");
if (!defined('MSG_NOMATCH'))
define("MSG_NOMATCH","No match for username or email");
if (!defined('MSG_AUTHFAIL'))
define("MSG_AUTHFAIL","Authentication failed");
if (!defined('MSG_DISABLED'))
define("MSG_DISABLED","Access is currently disabled");
if (!defined('MSG_ACCESSLOC'))
define("MSG_ACCESSLOC","Access not allowed from this location");
if (!defined('MSG_SESSEXP'))
define("MSG_SESSEXP","Session has expired");
if (!defined('MSG_INACTEXP'))
define("MSG_INACTEXP","Session was inactive and expired");
if (!defined('MSG_ENTERUSER'))
define("MSG_ENTERUSER","Please enter your username");
if (!defined('MSG_ENTERPASS'))
define("MSG_ENTERPASS","Please enter your password");
if (!defined('MSG_ENTERTURING'))
define("MSG_ENTERTURING","Please enter the displayed turing code");
if (!defined('MSG_FORGOT1'))
define("MSG_FORGOT1","Please enter your username or email address and the display Turing code");
if (!defined('MSG_FORGOT2'))
define("MSG_FORGOT2","Please enter your username or email address");
if (!defined('MSG_PASS5'))
define("MSG_PASS5","Password must be at least 5 characters long");
if (!defined('MSG_PASSNG'))
define("MSG_PASSNG","Password contains invalid characters");
if (!defined('MSG_PASSVER'))
define("MSG_PASSVER","Verify password does not match");
if (!defined('MSG_ENTERNAME'))
define("MSG_ENTERNAME","Please enter your name");
if (!defined('MSG_ENTEREMAIL'))
define("MSG_ENTEREMAIL","Please enter your valid email address");
if (!defined('MSG_USERNG'))
define("MSG_USERNG","Username contains invalid characters");
if (!defined('MSG_EMAILNG'))
define("MSG_EMAILNG","Email address is not valid");
if (!defined('MSG_PROFUPDATED'))
define("MSG_PROFUPDATED","Your profile has been updated");
if (!defined('MSG_PROFPROBLEM'))
define("MSG_PROFPROBLEM","An error occurred and your profile was NOT updated");
if (!defined('MSG_USEREXISTS'))
define("MSG_USEREXISTS","Sorry this username already exists");
if (!defined('MSG_UPLOADERROR'))
define("MSG_UPLOADERROR","File upload failed");
if (!defined('MSG_UPLOADTYPE'))
define("MSG_UPLOADTYPE","Files of this type cannot be uploaded");
$found=false;
if (!empty($_REQUEST))
{
reset($_REQUEST);
while(list($namepair, $valuepair) = each($_REQUEST))
{
$namepair=strtolower($namepair);
if ($namepair=="dbpassword") $found=true;
if ($namepair=="thispage") $found=true;
if ($namepair=="sitelokloginkey") $found=true;
if ($namepair=="groupswithaccess") $found=true;
if ($namepair=="userswithaccess") $found=true;
if ($namepair=="maxsessiontime") $found=true;
if ($namepair=="maxinactivitytime") $found=true;
if ($namepair=="filelocation") $found=true;
if ($namepair=="expiredpage") $found=true;
if ($namepair=="wronggrouppage") $found=true;
if ($namepair=="noaccesspage") $found=true;
if ($namepair=="loginpage") $found=true;
if ($namepair=="messagepage") $found=true;
if ($namepair=="logoutpage") $found=true;
if ($namepair=="allowexpireduser") $found=true;
if ($namepair=="startpage") $found=true;
if ($namepair=="dbupdate") $found=true;
if ($namepair=="demomode") $found=true;
if ($namepair=="allowsearchengine") $found=true;
if ($namepair=="searchenginegroup") $found=true;
}
}
if ($found)
{
sl_ShowMessage($MessagePage,MSG_ACCDEN);
exit;
}
$thispage=$_SERVER['PHP_SELF'];
// Trim username and password
if (isset($username))
$username=trim($username);
if (isset($password))
$password=trim($password);
// See if page has requested an override for a setting
if (isset($loginpage))
$LoginPage=$loginpage;
if (isset($expiredpage))
$ExpiredPage=$expiredpage;
if (isset($wronggrouppage))
$WrongGroupPage=$wronggrouppage;
if (isset($noaccesspage))
$NoAccessPage=$noaccesspage;
if (isset($logoutpage))
$LogoutPage=$logoutpage;
if (isset($messagepage))
$MessagePage=$messagepage;
if (isset($maxsessiontime))
$MaxSessionTime=$maxsessiontime;
if (isset($maxinactivitytime))
$MaxInactivityTime=$maxinactivitytime;
if (isset($filelocation))
$FileLocation=$filelocation;
if (!isset($RedirectAfterLogin))
$RedirectAfterLogin=1;
if (!isset($startpage))
{
$startpage=$thispage;
if ($_SERVER['REQUEST_URI']!="")
$startpage=$_SERVER['REQUEST_URI'];
else
{
if ($_SERVER['SCRIPT_NAME']!="")
{
$startpage=$_SERVER['SCRIPT_NAME'];
if ($_SERVER['QUERY_STRING']!="")
$startpage=$startpage."?".$_SERVER['QUERY_STRING'];
}
}
$startpageoveridden=false;
}
else
$startpageoveridden=true;
if (isset($allowsearchengine))
$AllowSearchEngine=$allowsearchengine;
if (isset($searchenginegroup))
$SearchEngineGroup=$searchenginegroup;
if (isset($searchenginepublicaccess))
$SearchEnginePublicAccess=$searchenginepublicaccess;
$PHPSESSID="";
if (!isset($loginredirect))
$loginredirect=0;
// Detect and authenticate search engine access if required
$slsearchengine=false;
$slsearchenginebot="";
if (($AllowSearchEngine) && ($groupswithaccess!="ADMIN") && ($groupswithaccess!="DEMOADMIN"))
{
// Check that group is allowed first
$segroupallowed=false;
$sumg=explode(",",$SearchEngineGroup);
$aug=explode(",",$groupswithaccess);
for ($k=0;$k<count($aug);$k++)
{
for ($j=0;$j<count($sumg);$j++)
{
if (($aug[$k]=="ALL") || ($aug[$k]==""))
$segroupallowed=true;
if ($sumg[$j]=="ALL")
$segroupallowed=true;
if ($sumg[$j]==$aug[$k])
$segroupallowed=true;
}
}
if ($userswithaccess!="")
{
$seuwa=explode(",",$userswithaccess);
if (!in_array("searchenginebot",$seuwa))
$segroupallowed=false;
}
if (($segroupallowed) || (in_array("PUBLIC",$aug)))
{
$botname=sl_issearchengine($_SERVER['REMOTE_ADDR'],$_SERVER['HTTP_USER_AGENT']);
if ($botname!="")
{
$slsearchengine=true;
$slsearchenginebot=$botname;
$slusername="searchenginebot";
$slpassword="";
$slpasswordclue="";
$slpasswordhash="";
$slname="Search Engine";
$slusergroups=$SearchEngineGroup;
$slcustom1="";
$slcustom2="";
$slcustom3="";
$slcustom4="";
$slcustom5="";
$slcustom6="";
$slcustom7="";
$slcustom8="";
$slcustom9="";
$slcustom10="";
$slcustom11="";
$slcustom12="";
$slcustom13="";
$slcustom14="";
$slcustom15="";
$slcustom16="";
$slcustom17="";
$slcustom18="";
$slcustom19="";
$slcustom20="";
$slcustom21="";
$slcustom22="";
$slcustom23="";
$slcustom24="";
$slcustom25="";
$slcustom26="";
$slcustom27="";
$slcustom28="";
$slcustom29="";
$slcustom30="";
$slcustom31="";
$slcustom32="";
$slcustom33="";
$slcustom34="";
$slcustom35="";
$slcustom36="";
$slcustom37="";
$slcustom38="";
$slcustom39="";
$slcustom40="";
$slcustom41="";
$slcustom42="";
$slcustom43="";
$slcustom44="";
$slcustom45="";
$slcustom46="";
$slcustom47="";
$slcustom48="";
$slcustom49="";
$slcustom50="";
$slfirstname="Search";
$sllastname="Engine";
$slemail=$SiteEmail;
$slstarttime=time();
$slaccesstime=time();
$slcreated=time();
$sljustloggedin=false;
$slpublicaccess=false;
$slordercustom="";
$sumg=explode(",",$SearchEngineGroup);
for ($k=0;$k<count($sumg);$k++)
{
$slgroupname[]=$sumg[$k];
if ($GroupNames[$sumg[$k]]!="")
$slgroupdesc[]=$GroupNames[$sumg[$k]];
else
$slgroupdesc[]=$sumg[$k]." members area";
$slgroupexpiry[]="Unlimited";
$slgroupexpiryts[]=0;
$slgroupexpirytsbyname[$sumg[$k]]=0;
$slgroupexpirybyname[$sumg[$k]]="Unlimited";
}
$slpublicaccess=false;
if (in_array("PUBLIC",$aug))
{
if ((in_array("PUBLIC",$aug)) && (!$segroupallowed))
$slpublicaccess=true;
if ($groupswithaccess=="PUBLIC")
$slpublicaccess=false;
}
}
}
}
// End of search engine detection
if ($slsearchengine==false)
{
// See if username and login saved in client cookie
$sitelokcookie=$_COOKIE['SITELOKPW'.$SessionName];
$slcookieusername="";
$slcookiepassword="";
$slcookielogin="";
if ($_SESSION['ses_sljustloggedin']==true)
{
$sljustloggedin=true;
$_SESSION['ses_sljustloggedin']=false;
}
else
$sljustloggedin=false;
if ($sitelokcookie!="")
{
$sitelokcookie=base64_decode($sitelokcookie);
$slcookieusername=strtok($sitelokcookie,"|");
$slcookiepassword=strtok("|");
$slcookielogin=strtok("|");
}
/*
// If downloading file then the session_cache_limiter is required because of a bug in IE when using SSL
if ((isset($_REQUEST['sldownload'])) || ($_REQUEST['act']=="exportselected") || ($_REQUEST['logmanageact']=="export"))
session_cache_limiter('public');
if ($SessionName!="")
session_name($SessionName);
session_start();
*/
$sitelokloginkey=$_SESSION['ses_slloginkey'];
// If $groupswithaccess is not set then make it ALL
if ((!isset($groupswithaccess)) || ($groupswithaccess==""))
$groupswithaccess="ALL";
// See if page has public access
$gwa=explode(",",$groupswithaccess);
$i=array_search("PUBLIC",$gwa);
if (is_integer($i))
{
$publicaccess=true;
unset($gwa[$i]);
$groupswithaccess=implode(",",$gwa);
}
else
$publicaccess=false;
$PHPSESSID=$_COOKIE['PHPSESSID'];
if (($slcookielogin=="2") && ($LoginType=="NORMAL") && ($CookieLogin==2))
{
$username=$slcookieusername;
$password=$slcookiepassword;
}
if (($sitelokloginkey!="LOGGEDIN") && ($sitelokhash=="") && ($password=="") && ($publicaccess==false) && ($forgotpassword!="forgotten-it"))
{
if ($NoAccessPage!="")
{
if ((strtolower(substr($NoAccessPage,0,7))=="http://") || (strtolower(substr($NoAccessPage,0,8))=="https://"))
header("Location: ".$NoAccessPage);
else
include $NoAccessPage;
exit;
}
// We need to send login page to browser unless we are doing download. In this case show warning.
if ((isset($_REQUEST['sldownload'])) || ($_REQUEST['act']=="exportselected") || ($_REQUEST['logmanageact']=="export"))
{
sl_ShowMessage($MessagePage,"Please login to access this file.\n");
}
else
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,"");
}
exit;
}
if (($sitelokloginkey!="LOGGEDIN") && ($forgotpassword=="forgotten-it"))
{
// Check Turing code if required
if ($TuringLogin==1)
{
$turingmatch=false;
if ((strtolower($_SESSION['ses_slturingcode'])==strtolower(trim($turing))) && ($_SESSION['ses_slturingcode']!=""))
{
$turingmatch=true;
$_SESSION['ses_slturingcode']="";
}
else if ((strtolower($_SESSION['ses_slpreviousturingcode'])==strtolower(trim($turing))) && ($_SESSION['ses_slpreviousturingcode']!=""))
{
$turingmatch=true;
$_SESSION['ses_slpreviousturingcode']="";
}
if (!$turingmatch)
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_TURING1);
exit;
}
}
// User forgot password so try to match username with username or email address in database
$mysql_link=mysql_connect($DbHost,$DbUser,$DbPassword);
if ($mysql_link==0)
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_DBPROB);
exit;
}
$db=mysql_select_db($DbName,$mysql_link);
if ($db==False)
{
mysql_close($mysql_link);
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_DBPROB);
exit;
}
$sqlquery="SELECT * FROM ".$DbTableName." WHERE ".$UsernameField."=".sl_quote_smart($username)." OR ".$EmailField."=".sl_quote_smart($username);
$mysql_result=mysql_query($sqlquery,$mysql_link);
$row=mysql_fetch_array($mysql_result,MYSQL_ASSOC);
if ($row!=False)
{
$fus=$row[$UsernameField];
$fpw=$row[$PasswordField];
$fnm=$row[$NameField];
$fem=$row[$EmailField];
$fug=$row[$UsergroupsField];
$fcu1=$row[$Custom1Field];
$fcu2=$row[$Custom2Field];
$fcu3=$row[$Custom3Field];
$fcu4=$row[$Custom4Field];
$fcu5=$row[$Custom5Field];
$fcu6=$row[$Custom6Field];
$fcu7=$row[$Custom7Field];
$fcu8=$row[$Custom8Field];
$fcu9=$row[$Custom9Field];
$fcu10=$row[$Custom10Field];
$fcu11=$row[$Custom11Field];
$fcu12=$row[$Custom12Field];
$fcu13=$row[$Custom13Field];
$fcu14=$row[$Custom14Field];
$fcu15=$row[$Custom15Field];
$fcu16=$row[$Custom16Field];
$fcu17=$row[$Custom17Field];
$fcu18=$row[$Custom18Field];
$fcu19=$row[$Custom19Field];
$fcu20=$row[$Custom20Field];
$fcu21=$row[$Custom21Field];
$fcu22=$row[$Custom22Field];
$fcu23=$row[$Custom23Field];
$fcu24=$row[$Custom24Field];
$fcu25=$row[$Custom25Field];
$fcu26=$row[$Custom26Field];
$fcu27=$row[$Custom27Field];
$fcu28=$row[$Custom28Field];
$fcu29=$row[$Custom29Field];
$fcu30=$row[$Custom30Field];
$fcu31=$row[$Custom31Field];
$fcu32=$row[$Custom32Field];
$fcu33=$row[$Custom33Field];
$fcu34=$row[$Custom34Field];
$fcu35=$row[$Custom35Field];
$fcu36=$row[$Custom36Field];
$fcu37=$row[$Custom37Field];
$fcu38=$row[$Custom38Field];
$fcu39=$row[$Custom39Field];
$fcu40=$row[$Custom40Field];
$fcu41=$row[$Custom41Field];
$fcu42=$row[$Custom42Field];
$fcu43=$row[$Custom43Field];
$fcu44=$row[$Custom44Field];
$fcu45=$row[$Custom45Field];
$fcu46=$row[$Custom46Field];
$fcu47=$row[$Custom47Field];
$fcu48=$row[$Custom48Field];
$fcu49=$row[$Custom49Field];
$fcu50=$row[$Custom50Field];
// mysql_close($mysql_link);
if ($MD5passwords!=true)
{
if ($ForgottenEmail!="")
{
sl_ReadEmailTemplate($ForgottenEmail,$subject,$mailBody,$htmlformat);
}
else
{
$subject=$SiteName." login details";
$mailBody= "Your login details for $SiteName are as follows:-\n\n";
$mailBody.="Username: ".$fus."\n";
$mailBody.="Password: ".$fpw."\n\n";
$mailBody.="If you have any further problems please email us at ".$SiteEmail.".\n";
$htmlformat="";
}
sl_SendEmail($fem,$mailBody,$subject,$htmlformat,$fus,$fpw,$fnm,$fem,$fug,$fcu1,$fcu2,$fcu3,$fcu4,$fcu5,$fcu6,$fcu7,$fcu8,$fcu9,$fcu10,
$fcu11,$fcu12,$fcu13,$fcu14,$fcu15,$fcu16,$fcu17,$fcu18,$fcu19,$fcu20,$fcu21,$fcu22,$fcu23,$fcu24,$fcu25,$fcu26,$fcu27,$fcu28,$fcu29,$fcu30,
$fcu31,$fcu32,$fcu33,$fcu34,$fcu35,$fcu36,$fcu37,$fcu38,$fcu39,$fcu40,$fcu41,$fcu42,$fcu43,$fcu44,$fcu45,$fcu46,$fcu47,$fcu48,$fcu49,$fcu50);
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_PASSEMAIL);
if (substr($LogDetails,2,1)=="Y")
sl_AddToLog("Password Requested",$username,"User forgot password");
}
else
{
if ($ForgottenEmail!="")
{
sl_ReadEmailTemplate($ForgottenEmail,$subject,$mailBody,$htmlformat);
}
else
{
$newpw=sl_CreatePassword($RandomPasswordMask);
if ($SitelokLocationURL!="")
$slpwURL=$SitelokLocationURL;
else
$slpwURL="http://".$_SERVER['HTTP_HOST']."/slpw/";
$newpwhash=md5($SiteKey."3".$fus.md5($fpw.$SiteKey).$newpw);
$newpwauth="3,".$fus.",".md5($fpw.$SiteKey).",".$newpw.",".$newpwhash;
$newpwauth = base64_encode($newpwauth);
$newpwauth = rawurlencode($newpwauth);
$subject=$SiteName." login details";
$mailBody ="<html>\n";
$mailBody.="<head>\n";
$mailBody.="<title>Login details</title>\n";
$mailBody.="</head>\n";
$mailBody.="<body>\n";
$mailBody.="Login details for $SiteName. To activate your new password please click the link below.<br>\n";
$mailBody.="<br>\n";
$mailBody.="Username: ".$fus."<br>\n";
$mailBody.="Password: ".$newpw."<br><br>\n";
$mailBody.="<a href=\"".$slpwURL."linkprocess.php?auth=".$newpwauth."\">Activate Now</a><br><br>\n";
$mailBody.="If you have any further questions or problems please email us at <a href=\"mailto:".$SiteEmail."\">".$SiteEmail."</a>.<br>\n";
$mailBody.="</body>\n";
$mailBody.="</html>\n";
$htmlformat="Y";
}
sl_SendEmail($fem,$mailBody,$subject,$htmlformat,$fus,$fpw,$fnm,$fem,$fug,$fcu1,$fcu2,$fcu3,$fcu4,$fcu5,$fcu6,$fcu7,$fcu8,$fcu9,$fcu10,
$fcu11,$fcu12,$fcu13,$fcu14,$fcu15,$fcu16,$fcu17,$fcu18,$fcu19,$fcu20,$fcu21,$fcu22,$fcu23,$fcu24,$fcu25,$fcu26,$fcu27,$fcu28,$fcu29,$fcu30,
$fcu31,$fcu32,$fcu33,$fcu34,$fcu35,$fcu36,$fcu37,$fcu38,$fcu39,$fcu40,$fcu41,$fcu42,$fcu43,$fcu44,$fcu45,$fcu46,$fcu47,$fcu48,$fcu49,$fcu50);
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_PASSEMAIL);
if (substr($LogDetails,2,1)=="Y")
sl_AddToLog("Password Requested",$username,"User forgot password");
}
}
else
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_NOMATCH);
}
exit;
}
if (($sitelokloginkey!="LOGGEDIN") && ($username!=""))
{
$slpublicaccess=true;
// Clear stored Login Key to stop second attempt with same key
$_SESSION['ses_slloginkey']="";
// Check Turing code if required
if ($TuringLogin==1)
{
$turingmatch=false;
if ((strtolower($_SESSION['ses_slturingcode'])==strtolower(trim($turing))) && ($_SESSION['ses_slturingcode']!=""))
{
$turingmatch=true;
$_SESSION['ses_slturingcode']="";
}
else if ((strtolower($_SESSION['ses_slpreviousturingcode'])==strtolower(trim($turing))) && ($_SESSION['ses_slpreviousturingcode']!=""))
{
$turingmatch=true;
$_SESSION['ses_slpreviousturingcode']="";
}
if (!$turingmatch)
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_TURING1);
exit;
}
}
// First lookup username and get details
$mysql_link=mysql_connect($DbHost,$DbUser,$DbPassword);
if ($mysql_link==0)
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_DBPROB);
exit;
}
$db=mysql_select_db($DbName,$mysql_link);
if ($db==False)
{
mysql_close($mysql_link);
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_DBPROB);
exit;
}
$query="SELECT * FROM ".$DbTableName." WHERE ".$UsernameField."=".sl_quote_smart($username);
$mysql_result=mysql_query($query,$mysql_link);
if (!$row=mysql_fetch_array($mysql_result,MYSQL_ASSOC))
{
// mysql_close($mysql_link);
if ($slcookielogin=="2")
setcookie("SITELOKPW".$SessionName,"",time()-86400,"/","");
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_AUTHFAIL);
if (substr($LogDetails,1,1)=="Y")
sl_AddToLog("Login Problem",$username,"Username does not exist");
exit;
}
$created=$row[$CreatedField];
$username=$row[$UsernameField];
$Passphrase=$row[$PasswordField];
$Name=$row[$NameField];
$Enabled=$row[$EnabledField];
$Email=$row[$EmailField];
$Usergroups=$row[$UsergroupsField];
$Custom1=$row[$Custom1Field];
$Custom2=$row[$Custom2Field];
$Custom3=$row[$Custom3Field];
$Custom4=$row[$Custom4Field];
$Custom5=$row[$Custom5Field];
$Custom6=$row[$Custom6Field];
$Custom7=$row[$Custom7Field];
$Custom8=$row[$Custom8Field];
$Custom9=$row[$Custom9Field];
$Custom10=$row[$Custom10Field];
$Custom11=$row[$Custom11Field];
$Custom12=$row[$Custom12Field];
$Custom13=$row[$Custom13Field];
$Custom14=$row[$Custom14Field];
$Custom15=$row[$Custom15Field];
$Custom16=$row[$Custom16Field];
$Custom17=$row[$Custom17Field];
$Custom18=$row[$Custom18Field];
$Custom19=$row[$Custom19Field];
$Custom20=$row[$Custom20Field];
$Custom21=$row[$Custom21Field];
$Custom22=$row[$Custom22Field];
$Custom23=$row[$Custom23Field];
$Custom24=$row[$Custom24Field];
$Custom25=$row[$Custom25Field];
$Custom26=$row[$Custom26Field];
$Custom27=$row[$Custom27Field];
$Custom28=$row[$Custom28Field];
$Custom29=$row[$Custom29Field];
$Custom30=$row[$Custom30Field];
$Custom31=$row[$Custom31Field];
$Custom32=$row[$Custom32Field];
$Custom33=$row[$Custom33Field];
$Custom34=$row[$Custom34Field];
$Custom35=$row[$Custom35Field];
$Custom36=$row[$Custom36Field];
$Custom37=$row[$Custom37Field];
$Custom38=$row[$Custom38Field];
$Custom39=$row[$Custom39Field];
$Custom40=$row[$Custom40Field];
$Custom41=$row[$Custom41Field];
$Custom42=$row[$Custom42Field];
$Custom43=$row[$Custom43Field];
$Custom44=$row[$Custom44Field];
$Custom45=$row[$Custom45Field];
$Custom46=$row[$Custom46Field];
$Custom47=$row[$Custom47Field];
$Custom48=$row[$Custom48Field];
$Custom49=$row[$Custom49Field];
$Custom50=$row[$Custom50Field];
$OpenSession=$row[$SessionField];
// mysql_close($mysql_link);
// Verify password hash matches
$hash=md5($Passphrase.$sitelokloginkey);
$hash=strtolower($hash);
if ($Enabled!="Yes")
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_DISABLED);
if (substr($LogDetails,1,1)=="Y")
sl_AddToLog("Login Problem",$username,"User access disabled");
exit;
}
$loginallowed=false;
if (($LoginType=="SECURE") && ($sitelokhash==$hash))
$loginallowed=true;
if (($LoginType=="NORMAL") && ($MD5passwords==false) && (($password==$Passphrase) || ($password==md5(md5($Passphrase.$SiteKey).$SiteKey))))
$loginallowed=true;
if (($LoginType=="NORMAL") && ($MD5passwords==true) && ((md5($password.$SiteKey)==$Passphrase) || ($password==md5($Passphrase.$SiteKey))))
$loginallowed=true;
if ($loginallowed==true)
{
// Mod to limit access to X locations using cookie. The count is stored in $CookieAccessLimit custom field.
if (($CookieAccessLimit!="") && ($row[$CookieAccessLimit]!=""))
{
$accesscount=$row[$CookieAccessLimit];
// Access cookie required for access
// See if cookie exists and value correct
$slaccesscookiename="SITELOKACCESS_".$username;
$slaccesscookievalue=$_COOKIE[$slaccesscookiename];
if (($slaccesscookievalue!=md5($username.$SiteKey)) && ($accesscount<1))
{
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_ACCESSLOC);
if (substr($LogDetails,1,1)=="Y")
sl_AddToLog("Login Problem",$username,"Access not allowed from this location");
exit;
}
if (($slaccesscookievalue!=md5($username.$SiteKey)) && ($accesscount>0))
{
// Create access cookie for this location and decrement count in custom field
setcookie("SITELOKACCESS_".$username,md5($username.$SiteKey),2147483647,"/","");
$accesscount=$accesscount-1;
$query="UPDATE ".$DbTableName." SET ".$CookieAccessLimit."=".sl_quote_smart($accesscount)." WHERE ".$UsernameField."=".sl_quote_smart($username);
$mysql_result=mysql_query($query,$mysql_link);
}
}
// Store session id
$ThisSession=session_id();
$mysql_result=mysql_query("UPDATE ".$DbTableName." SET ".$SessionField."='".$ThisSession."' WHERE ".$UsernameField."=".sl_quote_smart($username),$mysql_link);
// Check if user currently has session open. If so destroy that session if concurrent logins not allowed.
if (($ConcurrentLogin==false) && ($OpenSession!=""))
{
session_id($OpenSession);
@session_destroy();
if ($SessionName!="")
session_name($SessionName);
session_id($ThisSession);
session_start();
}
$_SESSION['ses_slloginkey']="LOGGEDIN";
$sitelokloginkey="LOGGEDIN";
$slusername=$username;
$slpassword=$password;
$slpasswordclue=sl_passwordclue($slpassword);
$slpasswordhash=md5(md5($slpassword.$SiteKey).$SiteKey);
$slusergroups=$Usergroups;
$slname=$Name;
$namesarray=explode(" ",trim($name));
$slfirstname=$namesarray[0];
$sllastname=$namesarray[count($namesarray)-1];
$slemail=$Email;
$slstarttime=time();
$slaccesstime=time();
$slcreated=gmmktime(0,0,0,substr($created,2,2),substr($created,4,2),substr($created,0,2));
$slenabled=$Enabled;
$slcustom1=$Custom1;
$slcustom2=$Custom2;
$slcustom3=$Custom3;
$slcustom4=$Custom4;
$slcustom5=$Custom5;
$slcustom6=$Custom6;
$slcustom7=$Custom7;
$slcustom8=$Custom8;
$slcustom9=$Custom9;
$slcustom10=$Custom10;
$slcustom11=$Custom11;
$slcustom12=$Custom12;
$slcustom13=$Custom13;
$slcustom14=$Custom14;
$slcustom15=$Custom15;
$slcustom16=$Custom16;
$slcustom17=$Custom17;
$slcustom18=$Custom18;
$slcustom19=$Custom19;
$slcustom20=$Custom20;
$slcustom21=$Custom21;
$slcustom22=$Custom22;
$slcustom23=$Custom23;
$slcustom24=$Custom24;
$slcustom25=$Custom25;
$slcustom26=$Custom26;
$slcustom27=$Custom27;
$slcustom28=$Custom28;
$slcustom29=$Custom29;
$slcustom30=$Custom30;
$slcustom31=$Custom31;
$slcustom32=$Custom32;
$slcustom33=$Custom33;
$slcustom34=$Custom34;
$slcustom35=$Custom35;
$slcustom36=$Custom36;
$slcustom37=$Custom37;
$slcustom38=$Custom38;
$slcustom39=$Custom39;
$slcustom40=$Custom40;
$slcustom41=$Custom41;
$slcustom42=$Custom42;
$slcustom43=$Custom43;
$slcustom44=$Custom44;
$slcustom45=$Custom45;
$slcustom46=$Custom46;
$slcustom47=$Custom47;
$slcustom48=$Custom48;
$slcustom49=$Custom49;
$slcustom50=$Custom50;
$slordercustom=sl_ordercustom($slusername,$IPaddr);
$_SESSION['ses_slusername']=$slusername;
$_SESSION['ses_slpassword']=$slpassword;
$_SESSION['ses_slstarttime']=$slstarttime;
$_SESSION['ses_slaccesstime']=$slaccesstime;
$_SESSION['ses_slcreated']=$slcreated;
$_SESSION['ses_slenabled']=$slenabled;
$_SESSION['ses_slusergroups']=$Usergroups;
$_SESSION['ses_slname']=$Name;
$_SESSION['ses_slemail']=$Email;
$_SESSION['ses_slcustom1']=$Custom1;
$_SESSION['ses_slcustom2']=$Custom2;
$_SESSION['ses_slcustom3']=$Custom3;
$_SESSION['ses_slcustom4']=$Custom4;
$_SESSION['ses_slcustom5']=$Custom5;
$_SESSION['ses_slcustom6']=$Custom6;
$_SESSION['ses_slcustom7']=$Custom7;
$_SESSION['ses_slcustom8']=$Custom8;
$_SESSION['ses_slcustom9']=$Custom9;
$_SESSION['ses_slcustom10']=$Custom10;
$_SESSION['ses_slcustom11']=$Custom11;
$_SESSION['ses_slcustom12']=$Custom12;
$_SESSION['ses_slcustom13']=$Custom13;
$_SESSION['ses_slcustom14']=$Custom14;
$_SESSION['ses_slcustom15']=$Custom15;
$_SESSION['ses_slcustom16']=$Custom16;
$_SESSION['ses_slcustom17']=$Custom17;
$_SESSION['ses_slcustom18']=$Custom18;
$_SESSION['ses_slcustom19']=$Custom19;
$_SESSION['ses_slcustom20']=$Custom20;
$_SESSION['ses_slcustom21']=$Custom21;
$_SESSION['ses_slcustom22']=$Custom22;
$_SESSION['ses_slcustom23']=$Custom23;
$_SESSION['ses_slcustom24']=$Custom24;
$_SESSION['ses_slcustom25']=$Custom25;
$_SESSION['ses_slcustom26']=$Custom26;
$_SESSION['ses_slcustom27']=$Custom27;
$_SESSION['ses_slcustom28']=$Custom28;
$_SESSION['ses_slcustom29']=$Custom29;
$_SESSION['ses_slcustom30']=$Custom30;
$_SESSION['ses_slcustom31']=$Custom31;
$_SESSION['ses_slcustom32']=$Custom32;
$_SESSION['ses_slcustom33']=$Custom33;
$_SESSION['ses_slcustom34']=$Custom34;
$_SESSION['ses_slcustom35']=$Custom35;
$_SESSION['ses_slcustom36']=$Custom36;
$_SESSION['ses_slcustom37']=$Custom37;
$_SESSION['ses_slcustom38']=$Custom38;
$_SESSION['ses_slcustom39']=$Custom39;
$_SESSION['ses_slcustom40']=$Custom40;
$_SESSION['ses_slcustom41']=$Custom41;
$_SESSION['ses_slcustom42']=$Custom42;
$_SESSION['ses_slcustom43']=$Custom43;
$_SESSION['ses_slcustom44']=$Custom44;
$_SESSION['ses_slcustom45']=$Custom45;
$_SESSION['ses_slcustom46']=$Custom46;
$_SESSION['ses_slcustom47']=$Custom47;
$_SESSION['ses_slcustom48']=$Custom48;
$_SESSION['ses_slcustom49']=$Custom49;
$_SESSION['ses_slcustom50']=$Custom50;
if (substr($LogDetails,0,1)=="Y")
sl_AddToLog("Login",$slusername,"");
$sljustloggedin=true;
if (function_exists(sl_onLogin))
{
$paramdata['username']=$slusername;
$paramdata['password']=$slpassword;
$paramdata['enabled']=$slenabled;
$paramdata['name']=$slname;
$paramdata['email']=$slemail;
$paramdata['usergroups']=$slusergroups;
$paramdata['custom1']=$slcustom1;
$paramdata['custom2']=$slcustom2;
$paramdata['custom3']=$slcustom3;
$paramdata['custom4']=$slcustom4;
$paramdata['custom5']=$slcustom5;
$paramdata['custom6']=$slcustom6;
$paramdata['custom7']=$slcustom7;
$paramdata['custom8']=$slcustom8;
$paramdata['custom9']=$slcustom9;
$paramdata['custom10']=$slcustom10;
$paramdata['custom11']=$slcustom11;
$paramdata['custom12']=$slcustom12;
$paramdata['custom13']=$slcustom13;
$paramdata['custom14']=$slcustom14;
$paramdata['custom15']=$slcustom15;
$paramdata['custom16']=$slcustom16;
$paramdata['custom17']=$slcustom17;
$paramdata['custom18']=$slcustom18;
$paramdata['custom19']=$slcustom19;
$paramdata['custom20']=$slcustom20;
$paramdata['custom21']=$slcustom21;
$paramdata['custom22']=$slcustom22;
$paramdata['custom23']=$slcustom23;
$paramdata['custom24']=$slcustom24;
$paramdata['custom25']=$slcustom25;
$paramdata['custom26']=$slcustom26;
$paramdata['custom27']=$slcustom27;
$paramdata['custom28']=$slcustom28;
$paramdata['custom29']=$slcustom29;
$paramdata['custom30']=$slcustom30;
$paramdata['custom31']=$slcustom31;
$paramdata['custom32']=$slcustom32;
$paramdata['custom33']=$slcustom33;
$paramdata['custom34']=$slcustom34;
$paramdata['custom35']=$slcustom35;
$paramdata['custom36']=$slcustom36;
$paramdata['custom37']=$slcustom37;
$paramdata['custom38']=$slcustom38;
$paramdata['custom39']=$slcustom39;
$paramdata['custom40']=$slcustom40;
$paramdata['custom41']=$slcustom41;
$paramdata['custom42']=$slcustom42;
$paramdata['custom43']=$slcustom43;
$paramdata['custom44']=$slcustom44;
$paramdata['custom45']=$slcustom45;
$paramdata['custom46']=$slcustom46;
$paramdata['custom47']=$slcustom47;
$paramdata['custom48']=$slcustom48;
$paramdata['custom49']=$slcustom49;
$paramdata['custom50']=$slcustom50;
sl_onLogin($paramdata);
}
$_SESSION['ses_sljustloggedin']=true;
// See if user wants to remember login
// First handle if login page was displayed
if ($loginformused=="1")
{
if (((($remember=="1") || ($remember=="2"))) && (($LoginType=="NORMAL") && ($CookieLogin!="0")))
setcookie("SITELOKPW".$SessionName,base64_encode($username."|".$password."|".$CookieLogin),2147483647,"/","");
else
setcookie("SITELOKPW".$SessionName,"",time()-86400,"/","");
}
else
{
if (((($slcookielogin=="1") || ($slcookielogin=="2"))) && (($LoginType=="NORMAL") && ($CookieLogin!="0")))
setcookie("SITELOKPW".$SessionName,base64_encode($username."|".$password."|".$CookieLogin),2147483647,"/","");
else
setcookie("SITELOKPW".$SessionName,"",time()-86400,"/","");
}
if ((!$startpageoveridden) && ($loginredirect!=0))
{
// if user is member of group then see if it has login redirect set. Only use first group listed
if ($slusergroups!="")
{
$grouptocheck=strtok($slusergroups,"^");
$grouptocheck=strtok($grouptocheck,":");
$lgaction=$_SESSION['ses_slgrouploginaction_'.$grouptocheck];
if ($lgaction=="URL")
$startpage=$_SESSION['ses_slgrouploginvalue_'.$grouptocheck];
if (substr($lgaction,0,6)=="custom")
{
$pvar="sl".$lgaction;
$startpage=$$pvar;
}
}
}
if ($RedirectAfterLogin==1)
{
// If login page credentials sent by GET then remove the query data for security
$pos=strpos($startpage,"?");
if (is_integer($pos))
{
$query=substr($startpage,$pos+1);
$queryarray=explode("&",$query);
$newquery="";
for ($k=0;$k<count($queryarray);$k++)
{
if ((substr($queryarray[$k],0,9)!="username=") && (substr($queryarray[$k],0,9)!="password="))
{
if ($newquery!="")
$newquery.="&";
$newquery.=$queryarray[$k];
}
}
if ($newquery!="")
$newquery="?".$newquery;
$startpage=substr($startpage,0,$pos).$newquery;
}
header("Location: ".$startpage);
exit;
}
}
else
{
if ($slcookielogin=="2")
setcookie("SITELOKPW".$SessionName,"",time()-86400,"/","");
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_AUTHFAIL);
if (substr($LogDetails,1,1)=="Y")
sl_AddToLog("Login Problem",$username,"Authentication failed");
exit;
}
}
// Valid session started already
// Setup variables that user can include in secured pages
if (($dbupdate==true) || ($DBupdate==true) || ($_SESSION['ses_UserReload']=="reload"))
{
if (!sl_UpdateUserVariables($_SESSION['ses_slusername'],true))
sl_ShowMessage($MessagePage,MSG_DBPROB);
}
else
sl_UpdateUserVariables($_SESSION['ses_slusername'],false);
if ($sitelokaction=="logout")
{
if (substr($LogDetails,0,1)=="Y")
sl_AddToLog("Logout",$slusername,"");
sl_processlogout($slusername);
@session_destroy();
setcookie(session_name(), '', time()-42000, '/');
// session_start();
// We need to send login page to browser
// $sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,"");
if ($slcookielogin=="2")
setcookie("SITELOKPW".$SessionName,"",time()-86400,"/","");
header("Location: ".$LogoutPage);
exit;
}
// If $userswithaccess is set then check current username (unless current user is ADMIN)
if ($DemoMode)
$admingroupname="DEMOADMIN";
else
$admingroupname="ADMIN";
if ($userswithaccess!="")
{
$match=0;
$umg=explode("^",$slusergroups);
for ($k=0;$k<count($umg);$k++)
{
$usrgrp=strtok($umg[$k],":");
if ($usrgrp==$admingroupname)
{
$match=1;
break;
}
}
if ($match==0)
{
$uwa=explode(",",$userswithaccess);
for ($k=0;$k<count($uwa);$k++)
{
if (strtolower($slusername)==strtolower(trim($uwa[$k])))
{
$match=1;
break;
}
}
}
if ($match==0)
{
if ($WrongGroupPage!="")
{
if ((strtolower(substr($WrongGroupPage,0,7))=="http://") || (strtolower(substr($WrongGroupPage,0,8))=="https://"))
header("Location: ".$WrongGroupPage);
else
include $WrongGroupPage;
}
else
sl_ShowMessage($MessagePage,MSG_WRONGGROUP);
exit;
}
}
$sldateexpired=0;
if ($groupswithaccess!="")
{
$match=0;
$gmexpired=0;
$slpublicaccess=false;
if ($slusergroups!="")
{
$gwa=explode(",",$groupswithaccess);
$umg=explode("^",$slusergroups);
for ($k=0;$k<count($gwa);$k++)
{
for ($j=0;$j<count($umg);$j++)
{
$usrgrp=strtok($umg[$j],":");
$grpexp=trim(strtok(":"));
$gwa[$k]=trim($gwa[$k]);
if (($usrgrp==$gwa[$k]) || (($usrgrp=="ALL") && ($gwa[$k]!=$admingroupname)) || ($usrgrp==$admingroupname) || ($gwa[$k]=="ALL"))
{
if ($grpexp!="")
{
if ($DateFormat=="DDMMYY")
{
$day=substr($grpexp,0,2);
$month=substr($grpexp,2,2);
$year=substr($grpexp,4,2);
}
if ($DateFormat=="MMDDYY")
{
$month=substr($grpexp,0,2);
$day=substr($grpexp,2,2);
$year=substr($grpexp,4,2);
}
$exptime=gmmktime(23,59,59,intval($month),intval($day),intval($year)+2000);
if (time()>$exptime)
{
$gmexpired=1;
$slexpiredgroup=$usrgrp;
$sldateexpired=$exptime;
}
else
{
$match=1;
break;
}
}
else
{
$match=1;
break;
}
}
}
if ($match==1)
break;
}
}
if (($match==0) && ($gmexpired==0) && ($publicaccess==false))
{
if ($WrongGroupPage!="")
{
if ((strtolower(substr($WrongGroupPage,0,7))=="http://") || (strtolower(substr($WrongGroupPage,0,8))=="https://"))
header("Location: ".$WrongGroupPage);
else
include $WrongGroupPage;
}
else
sl_ShowMessage($MessagePage,MSG_WRONGGROUP);
exit;
}
if (($match==0) && ($gmexpired==0) && ($publicaccess==true))
{
// If group not allowed access but page is PUBLIC then allow public access only
$slpublicaccess=true;
}
if (($match==0) && ($gmexpired==1) && ($publicaccess==true))
{
// If group not allowed access but page is PUBLIC then allow public access only
$slpublicaccess=true;
}
if (($allowexpireduser!="Y") && ($publicaccess!=true))
{
if (($match==0) && ($gmexpired==1))
{
if (substr($LogDetails,6,1)=="Y")
sl_AddToLog("Membership Expired",$slusername,"Membership expired");
// @session_destroy();
if ($ExpiredPage!="")
{
if ((strtolower(substr($ExpiredPage,0,7))=="http://") || (strtolower(substr($ExpiredPage,0,8))=="https://"))
header("Location: ".$ExpiredPage);
else
include $ExpiredPage;
}
else
sl_ShowMessage($MessagePage,MSG_EXPIRED);
exit;
}
}
}
else
{
// Handle if $groupswithaccess is empty (or was originally set with just PUBLIC)
if ($slusername!="")
$slpublicaccess=false;
else
$slpublicaccess=true;
}
// See if session has timed out
if (($MaxSessionTime!=0) && ($publicaccess==false))
{
if ((time()-$slstarttime)>$MaxSessionTime)
{
if (substr($LogDetails,0,1)=="Y")
sl_AddToLog("Logout",$slusername,"Session expired");
sl_processlogout($slusername);
@session_destroy();
setcookie(session_name(), '', time()-42000, '/');
// If downloading file then the session_cache_limiter is required because of a bug in IE when using SSL
if ((isset($_REQUEST['sldownload'])) || ($_REQUEST['act']=="exportselected") || ($_REQUEST['logmanageact']=="export"))
session_cache_limiter('public');
if ($SessionName!="")
session_name($SessionName);
session_start();
// We need to send login page to browser
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_SESSEXP);
exit;
}
}
if (($MaxSessionTime!=0) && ($publicaccess==true))
{
if ((time()-$slstarttime)>$MaxSessionTime)
{
$slpublicaccess=true;
}
}
// See if session was inactive too long
if (($MaxInactivityTime!=0) && ($publicaccess==false))
{
if ((time()-$slaccesstime)>$MaxInactivityTime)
{
if (substr($LogDetails,0,1)=="Y")
sl_AddToLog("Logout",$slusername,"Session was inactive and expired");
sl_processlogout($slusername);
@session_destroy();
setcookie(session_name(), '', time()-42000, '/');
// If downloading file then the session_cache_limiter is required because of a bug in IE when using SSL
if ((isset($_REQUEST['sldownload'])) || ($_REQUEST['act']=="exportselected") || ($_REQUEST['logmanageact']=="export"))
session_cache_limiter('public');
if ($SessionName!="")
session_name($SessionName);
session_start();
// We need to send login page to browser
$sitelokloginkey=DisplayLoginPage($LoginPage,$LoginType,MSG_INACTEXP);
exit;
}
}
if (($MaxInactivityTime!=0) && ($publicaccess==true))
{
if ((time()-$slaccesstime)>$MaxInactivityTime)
{
$slpublicaccess=true;
}
}
$slaccesstime=time();
$_SESSION['ses_slaccesstime']=$slaccesstime;
if (isset($_REQUEST['sldownload']))
{
sitelokgetfile($_REQUEST['sldownload']);
exit;
}
// if not update form submission set newcustom etc variables for form prefill
if ($sitelokaction!="modifyprofile")
{
$newusername=$slusername;
$newname=$slname;
$newemail=$slemail;
for ($k=1;$k<51;$k++)
{
$cusvar="newcustom".$k;
$cusvar2="slcustom".$k;
$$cusvar=$$cusvar2;
}
}
if ($sitelokaction=="modifyprofile")
{
// Strip slashes from form prefill variables if necessary
if (get_magic_quotes_gpc())
{
$newusername=stripslashes($newusername);
$newname=stripslashes($newname);
$newemail=stripslashes($newemail);;
for ($k=1;$k<51;$k++)
{
$cusvar="newcustom".$k;
$$cusvar=stripslashes($$cusvar);
}
}
$msg="";
$mysql_link=mysql_connect($DbHost,$DbUser,$DbPassword);
if ($mysql_link==0)
{
sl_ShowMessage($MessagePage,MSG_DBPROB);
exit;
}
$db=mysql_select_db($DbName,$mysql_link);
if ($db==False)
{
sl_ShowMessage($MessagePage,MSG_DBPROB);
mysql_close($mysql_link);
exit;
}
if (md5($clientemail.$adminemail.$allowed.$SiteKey)==$hash)
{
// Check that input is allowed
if ((isset($_REQUEST['newusername'])) && (substr($allowed,0,1)=="Y"))
{
if (!((strspn($newusername, "@-_.0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") == strlen($newusername)) && ($newusername!="")))
$msg=MSG_USERNG;
}
if ((isset($_REQUEST['newpassword'])) && ($newpassword!=""))
{
if (strspn($newpassword, $ValidPasswordChars) != strlen($newpassword))
$msg=MSG_PASSNG;
if (strlen($newpassword)<5)
$msg=MSG_PASS5;
}
if ((isset($_REQUEST['newpassword'])) && ($newpassword!="") && ($newpassword!=$verifynewpassword))
{
if ($msg=="")
$msg=MSG_PASSVER;
}
if ((isset($_REQUEST['newemail'])) && (!sl_validate_email($newemail)))
{
if ($msg=="")
$msg=MSG_EMAILNG;
}
if ((isset($_REQUEST['newemail'])) && (isset($_REQUEST['verifynewemail'])) && ($newemail!=$verifynewemail))
{
if ($msg=="")
$msg=MSG_PASSVER;
}
// If file(s) uploaded then check for errors
for ($k=1;$k<51;$k++)
{
$cusvar="newcustom".$k;
if (($_FILES[$cusvar]['name']!="") && ($_FILES[$cusvar]['error']>0))
$msg=MSG_UPLOADERROR.$_FILES[$cusvar]['error'];
}
// Validate custom fields where required
for ($k=1;$k<51;$k++)
{
$cusvar="newcustom".$k;
$cusvar2="Custom".$k."Validate";
$cusvar3="CustomTitle".$k;
$cusvar4="sl_onCustom".$k."Validate";
// First check file type if uploading (even if field has no validation)
if ($_FILES[$cusvar]['name'])
{
$ext=sl_fileextension($_FILES[$cusvar]['name']);
$ext=trim(strtolower($ext));
if (!is_integer(array_search($ext,$sl_alloweduploads)))
$msg=MSG_UPLOADTYPE;
}
if ((substr($allowed,$k+3,1)=="Y") && (($$cusvar2==1) || ($$cusvar2==3)))
{
if ($msg=="")
{
if ($_FILES[$cusvar]['name'])
$msg=call_user_func($cusvar4,$_FILES[$cusvar]['name'],$$cusvar3,1);
else
$msg=call_user_func($cusvar4,$$cusvar,$$cusvar3,1);
}
}
}
if ($msg=="")
{
// Setup query required
$Query="";
// If username is entered and allowed
if ((isset($_REQUEST['newusername'])) && ($newusername!="") && (substr($allowed,0,1)=="Y"))
{
if ($Query!="") $Query.=", ";
$Query.=$UsernameField."=".sl_quote_smart($newusername);
}
// If username is not entered (but is allowed) then use email as username
if ((!isset($_REQUEST['newusername'])) && (substr($allowed,0,1)=="Y") && (isset($_REQUEST['newemail'])))
{
if ($Query!="") $Query.=", ";
$Query.=$UsernameField."=".sl_quote_smart($newemail);
}
if ((isset($_REQUEST['newpassword'])) && ($newpassword!="") && ($newpassword==$verifynewpassword) && (substr($allowed,1,1)=="Y"))
{
if ($Query!="") $Query.=", ";
if ($MD5passwords)
$Query.=$PasswordField."=".sl_quote_smart(md5($newpassword.$SiteKey));
else
$Query.=$PasswordField."=".sl_quote_smart($newpassword);
}
if ((isset($_REQUEST['newname'])) && (substr($allowed,2,1)=="Y"))
{
if ($Query!="") $Query.=", ";
$Query.=$NameField."=".sl_quote_smart($newname);
}
if ((isset($_REQUEST['newemail'])) && (substr($allowed,3,1)=="Y"))
{
if ($Query!="") $Query.=", ";
$Query.=$EmailField."=".sl_quote_smart($newemail);
}
$uploadprefix=(string)time()."_";
// If profile folder exists in $FileLocation then use that
if (is_dir($FileLocation."profile"))
$uploadprefix="profile/".$uploadprefix;
for ($k=1;$k<51;$k++)
{
$cusvar="newcustom".$k;
$cusvar2="Custom".$k."Field";
$cusvar3="newcustom".$k."clear";
if ((substr($allowed,$k+3,1)=="Y") && (substr($allowed,$k+3,1)=="Y"))
{
if ($_FILES[$cusvar]['name']!="")
{
if ($Query!="") $Query.=", ";
$Query.=$$cusvar2."=".sl_quote_smart($uploadprefix.$_FILES[$cusvar]['name']);
}
else
{
// If upload field but no file uploaded this time don't overwrite unless newcustomXclear field set
if (!isset($_FILES[$cusvar]['error']))
{
if ($Query!="") $Query.=", ";
$Query.=$$cusvar2."=".sl_quote_smart($$cusvar);
}
else
{
if ($$cusvar3!="")
{
if ($Query!="") $Query.=", ";
$Query.=$$cusvar2."=".sl_quote_smart("");
}
}
}
}
}
if ($Query!="")
{
$Query="UPDATE ".$DbTableName." SET ".$Query." WHERE ".$UsernameField."=".sl_quote_smart($slusername);
if ($DemoMode)
$mysql_result=true;
else
$mysql_result=mysql_query($Query,$mysql_link);
if ($mysql_result==true)
{
if ((isset($_REQUEST['newusername'])) && ($newusername!="") && (substr($allowed,0,1)=="Y"))
{
$oldusername=$slusername;
$slusername=$_SESSION['ses_slusername']=$newusername;
if ($oldusername!=$slusername)
sl_usernamechanged($oldusername,$slusername);
}
// If username is not entered (but is allowed) then use email as username
if ((!isset($_REQUEST['newusername'])) && (substr($allowed,0,1)=="Y") && (isset($_REQUEST['newemail'])))
{
$oldusername=$slusername;
$slusername=$_SESSION['ses_slusername']=$newemail;
if ($oldusername!=$slusername)
sl_usernamechanged($oldusername,$slusername);
}
if ((isset($_REQUEST['newpassword'])) && ($newpassword!="") && (substr($allowed,1,1)=="Y"))
{
$slpassword=$_SESSION['ses_slpassword']=$newpassword;
$slpasswordclue=sl_passwordclue($slpassword);
$slpasswordhash=md5(md5($slpassword.$SiteKey).$SiteKey);
}
if ((isset($_REQUEST['newname'])) && (substr($allowed,2,1)=="Y"))
$slname=$newname=$_SESSION['ses_slname']=$newname;
if ((isset($_REQUEST['newemail'])) && (substr($allowed,3,1)=="Y"))
$slemail=$newemail=$_SESSION['ses_slemail']=$newemail;
for ($k=1;$k<51;$k++)
{
$cusvar="newcustom".$k;
$cusvar2="ses_slcustom".$k;
$cusvar3="slcustom".$k;
$cusvar4="newcustom".$k."clear";
if (substr($allowed,$k+3,1)=="Y")
{
if ($_FILES[$cusvar]['name']!="")
{
// Handle upload
// Delete any existing file pointed to
if (($$cusvar3!="") && (file_exists($FileLocation.$$cusvar3)))
@unlink($FileLocation.$$cusvar3);
// Move uploaded file
if (!@move_uploaded_file($_FILES[$cusvar]['tmp_name'], $FileLocation.$uploadprefix.$_FILES[$cusvar]['name']))
$msg=MSG_UPLOADERROR.$_FILES[$cusvar]['error'];
$$cusvar=$uploadprefix.$_FILES[$cusvar]['name'];
$$cusvar3=$$cusvar;
$_SESSION[$cusvar2]=$$cusvar;
}
else
{
if (!isset($_FILES[$cusvar]['error']))
{
$$cusvar3=$$cusvar;
$_SESSION[$cusvar2]=$$cusvar;
}
else
{
if ($$cusvar4!="")
{
// Clear custom field and delete file pointed to if it exists
if (($$cusvar3!="") && (file_exists($FileLocation.$$cusvar3)))
@unlink($FileLocation.$$cusvar3);
$$cusvar3="";
$_SESSION[$cusvar2]="";
}
}
}
}
}
// If any modifygroup[] inputs are in the form then process them here
for ($k=0;$k<count($modifygroup);$k++)
{
$auth = rawurldecode($modifygroup[$k]);
$auth=base64_decode($auth);
$linkvars=explode(",",$auth);
$function = trim($linkvars[0]);
if ($function=="1") // add group
{
$setgroup = trim($linkvars[1]);
$setgroupexpiry = trim($linkvars[2]);
$hash = md5($SiteKey . $function . session_id() . $setgroup . $setgroupexpiry);
$verifyhash = trim($linkvars[3]);
$verifyhash = trim($verifyhash); // Clean up problem with strtok
if ($verifyhash==$hash)
sl_addgroup($setgroup,$setgroupexpiry,"","");
}
if ($function=="2") // remove group
{
$setgroup = trim($linkvars[1]);
$hash = md5($SiteKey . $function . session_id() . $setgroup);
$verifyhash = trim($linkvars[2]);
$verifyhash = trim($verifyhash); // Clean up problem with strtok
if ($verifyhash==$hash)
sl_removegroup($setgroup,"","");
}
if ($function=="3") // replace group
{
$setgroup = trim($linkvars[1]);
$setnewgroup = trim($linkvars[2]);
$setgroupexpiry = trim($linkvars[3]);
$hash = md5($SiteKey . $function . session_id() . $setgroup . $setnewgroup . $setgroupexpiry);
$verifyhash = trim($linkvars[4]);
$verifyhash = trim($verifyhash); // Clean up problem with strtok
if ($verifyhash==$hash)
sl_replacegroup($setgroup,$setnewgroup,$setgroupexpiry,"","");
}
if ($function=="4") // extend group
{
$setgroup = trim($linkvars[1]);
$setgroupexpiry = trim($linkvars[2]);
$setexpirytype = trim($linkvars[3]);
$hash = md5($SiteKey . $function . session_id() . $setgroup . $setgroupexpiry . $setexpirytype);
$verifyhash = trim($linkvars[4]);
$verifyhash = trim($verifyhash); // Clean up problem with strtok
if ($verifyhash==$hash)
sl_extendgroup($setgroup,$setgroupexpiry,$setexpirytype,"","");
}
}
if (substr($LogDetails,7,1)=="Y")
sl_AddToLog("User Modify",$slusername,"");
$msg=MSG_PROFUPDATED;
if ($clientemail!="")
{
if (sl_ReadEmailTemplate($clientemail,$subject,$mailBody,$htmlformat))
{
sl_SendEmail($slemail,$mailBody,$subject,$htmlformat,$slusername,$slpassword,$slname,$slemail,$slusergroups,$slcustom1,$slcustom2,$slcustom3,$slcustom4,$slcustom5,$slcustom6,$slcustom7,$slcustom8,$slcustom9,$slcustom10,
$slcustom11,$slcustom12,$slcustom13,$slcustom14,$slcustom15,$slcustom16,$slcustom17,$slcustom18,$slcustom19,$slcustom20,$slcustom21,$slcustom22,$slcustom23,$slcustom24,$slcustom25,$slcustom26,$slcustom27,$slcustom28,$slcustom29,$slcustom30,
$slcustom31,$slcustom32,$slcustom33,$slcustom34,$slcustom35,$slcustom36,$slcustom37,$slcustom38,$slcustom39,$slcustom40,$slcustom41,$slcustom42,$slcustom43,$slcustom44,$slcustom45,$slcustom46,$slcustom47,$slcustom48,$slcustom49,$slcustom50);
}
}
if ($adminemail!="")
{
if (sl_ReadEmailTemplate($adminemail,$subject,$mailBody,$htmlformat))
{
sl_SendEmail($SiteEmail,$mailBody,$subject,$htmlformat,$slusername,$slpassword,$slname,$slemail,$slusergroups,$slcustom1,$slcustom2,$slcustom3,$slcustom4,$slcustom5,$slcustom6,$slcustom7,$slcustom8,$slcustom9,$slcustom10,
$slcustom11,$slcustom12,$slcustom13,$slcustom14,$slcustom15,$slcustom16,$slcustom17,$slcustom18,$slcustom19,$slcustom20,$slcustom21,$slcustom22,$slcustom23,$slcustom24,$slcustom25,$slcustom26,$slcustom27,$slcustom28,$slcustom29,$slcustom30,
$slcustom31,$slcustom32,$slcustom33,$slcustom34,$slcustom35,$slcustom36,$slcustom37,$slcustom38,$slcustom39,$slcustom40,$slcustom41,$slcustom42,$slcustom43,$slcustom44,$slcustom45,$slcustom46,$slcustom47,$slcustom48,$slcustom49,$slcustom50);
}
}
if (function_exists(sl_onModifyUser))
{
if ($oldusername!="")
$paramdata['oldusername']=$oldusername;
else
$paramdata['oldusername']=$slusername;
$paramdata['username']=$slusername;
$paramdata['password']=$slpassword;
$paramdata['enabled']="Yes";
$paramdata['name']=$slname;
$paramdata['email']=$slemail;
$paramdata['usergroups']=$slusergroups;
$paramdata['custom1']=$slcustom1;
$paramdata['custom2']=$slcustom2;
$paramdata['custom3']=$slcustom3;
$paramdata['custom4']=$slcustom4;
$paramdata['custom5']=$slcustom5;
$paramdata['custom6']=$slcustom6;
$paramdata['custom7']=$slcustom7;
$paramdata['custom8']=$slcustom8;
$paramdata['custom9']=$slcustom9;
$paramdata['custom10']=$slcustom10;
$paramdata['custom11']=$slcustom11;
$paramdata['custom12']=$slcustom12;
$paramdata['custom13']=$slcustom13;
$paramdata['custom14']=$slcustom14;
$paramdata['custom15']=$slcustom15;
$paramdata['custom16']=$slcustom16;
$paramdata['custom17']=$slcustom17;
$paramdata['custom18']=$slcustom18;
$paramdata['custom19']=$slcustom19;
$paramdata['custom20']=$slcustom20;
$paramdata['custom21']=$slcustom21;
$paramdata['custom22']=$slcustom22;
$paramdata['custom23']=$slcustom23;
$paramdata['custom24']=$slcustom24;
$paramdata['custom25']=$slcustom25;
$paramdata['custom26']=$slcustom26;
$paramdata['custom27']=$slcustom27;
$paramdata['custom28']=$slcustom28;
$paramdata['custom29']=$slcustom29;
$paramdata['custom30']=$slcustom30;
$paramdata['custom31']=$slcustom31;
$paramdata['custom32']=$slcustom32;
$paramdata['custom33']=$slcustom33;
$paramdata['custom34']=$slcustom34;
$paramdata['custom35']=$slcustom35;
$paramdata['custom36']=$slcustom36;
$paramdata['custom37']=$slcustom37;
$paramdata['custom38']=$slcustom38;
$paramdata['custom39']=$slcustom39;
$paramdata['custom40']=$slcustom40;
$paramdata['custom41']=$slcustom41;
$paramdata['custom42']=$slcustom42;
$paramdata['custom43']=$slcustom43;
$paramdata['custom44']=$slcustom44;
$paramdata['custom45']=$slcustom45;
$paramdata['custom46']=$slcustom46;
$paramdata['custom47']=$slcustom47;
$paramdata['custom48']=$slcustom48;
$paramdata['custom49']=$slcustom49;
$paramdata['custom50']=$slcustom50;
sl_onModifyUser($paramdata);
}
// If $modsuccesspage is set redirect.
if ($modsuccesspage!="")
{
header("Location: ".$modsuccesspage);
exit;
}
}
}
else
{
if (isset($_REQUEST['newusername']))
$msg=MSG_USEREXISTS;
else
$msg=MSG_PROFPROBLEM;
}
}
else
{
if ($msg=="")
$msg=MSG_PROFUPDATED;
}
}
else
$msg=MSG_PROFPROBLEM;
// mysql_close($mysql_link);
}
} // ($slsearchengine==false)
function DisplayLoginPage($LoginPage,$LoginType,$msg)
{
global $_SESSION,$startpage,$LoginKey;
global $slcookieusername,$slcookiepassword,$slcookielogin,$CookieLogin;
global $TuringLogin,$SitelokLocationURL,$SitelokLocation;
// Display login page
// First create unique session based login key
$CharAllowed="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
srand((double) microtime() * 1000000);
$LoginKey="";
for ($k=0;$k<32;$k++)
{
$r=rand(0,61);
$LoginKey=$LoginKey.$CharAllowed[$r];
}
$_SESSION['ses_slloginkey']=$LoginKey;
if ($LoginPage!="")
{
if (file_exists($LoginPage))
{
$slpublicaccess=true;
include $LoginPage;
}
else
{
if (file_exists($SitelokLocation.$LoginPage))
{
$slpublicaccess=true;
include $SitelokLocation.$LoginPage;
}
else
$LoginPage="";
}
}
if ($LoginPage=="")
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-type" content="text/html;charset=UTF-8">
<title>Please login</title>
<style type="text/css">
<!--
p.normal {
font-size:12pt;
font-family: arial;
margin: 20px 20px 0px 20px;
padding: 0px 0px 0px 0px;
}
p.heading {
font-size:16pt;
font-family: arial;
font-weight: bold;
margin: 20px 20px 0px 20px;
padding: 0px 0px 0px 0px;
}
p.message {
font-size:10pt;
font-family: arial;
color: red;
font-weight: bold;
margin: 0px 0px 8px 0px;
padding: 0px 0px 0px 0px;
}
p.autostore {
font-size:10pt;
font-family: arial;
color: red;
margin: 20px 20px 0px 20px;
padding: 0px 0px 0px 0px;
}
p.forgot {
font-size:10pt;
font-family: arial;
color: blue;
margin: 20px 20px 20px 20px;
padding: 0px 0px 0px 0px;
}
input.textfield {
font-size:10pt;
font-family: arial;
}
input.buttonfield {
font-size:12pt;
font-family: arial;
margin: 0px 0px 20px 0px;
}
a {
font-size:10pt;
font-family: arial;
margin: 0px 0px 20px 0px;
padding: 0px 0px 0px 0px;
}
-->
</style>
</head>
<body OnLoad="document.siteloklogin.username.focus();">
<p class="normal" align="center"> </p>
<p class="normal" align="center"> </p>
<p class="normal" align="center"> </p>
<?php
if ($msg!="")
print "<p class=\"message\" align=\"center\">".$msg."</p>\n";
print "<form name=\"siteloklogin\"";
if ($LoginType=="SECURE")
print " autocomplete=\"off\"";
print " action=\"$startpage\" method=\"POST\" onSubmit=\"return validatelogin()\">\n";
siteloklogin();
?>
<table bgcolor="#a0b8c8" border="0" cellpadding="2" cellspacing="0" align="center">
<tr>
<td>
<table bgcolor="#ffffff" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<table bgcolor="#ffffff" border="0" cellspacing="4" cellpadding="3">
<tr>
<td align="center">
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#EEEEEE" align="center">
<tr>
<td align="center" colspan="3">
<p class="heading">Please login</p>
</td>
</tr>
<tr>
<td></td>
<td align="right"><p class="normal">Username:</p></td>
<td><p class="normal"><input type="text" name="username" value="<?php echo $slcookieusername; ?>" maxlength="50" size="20" class="textfield"></p></td>
</tr>
<tr>
<td></td>
<td align="right"><p class="normal">Password:</p></td>
<td><p class="normal"><input type="password" name="password" value="<?php echo $slcookieusername; ?>" maxlength="50" size="20" class="textfield"></p></td>
</tr>
<?php
if ($TuringLogin==1)
{
if ($SitelokLocationURL!="")
{
$slpwURLparts=getUrlParts($SitelokLocationURL);
$slpwURL="/".$slpwURLparts[resource];
}
else
$slpwURL="http://".$_SERVER['HTTP_HOST']."/slpw/";
?>
<tr>
<td></td>
<td align="right"><p class="normal">CAPTCHA:</p></td>
<td><p class="normal"><input type="text" name="turing" value="" maxlength="5" size="8" class="textfield"> <img src="<?php echo $slpwURL; ?>turingimage.php" width="60" height="30" align="top" alt="CAPTCHA"></p></td>
</tr>
<?php
}
if ($CookieLogin==1)
{
?>
<tr>
<td align="center" colspan="3">
<p class="autostore"><input type="checkbox" name="remember" value="1" <?php if ($slcookielogin=="1") echo "checked"; ?>>Remember me</p>
</td>
</tr>
<?php
}
if ($CookieLogin==2)
{
?>
<tr>
<td align="center" colspan="3">
<p class="autostore"><input type="checkbox" name="remember" value="2">Automatic login</p>
</td>
</tr>
<?php
}
?>
<tr>
<td align="center" colspan="3">
<p class="normal"><input type="Submit" name="login" value="Login" class="buttonfield"></p>
</td>
</tr>
<tr>
<td align="center" colspan="3">
<p><a href="javascript: void forgotpw()" title="Forgot your password? Enter username or email & click link" class="forgot">Forgot your password?</a></p>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
return($LoginKey);
}
function siteloklogin()
{
global $LoginType,$LoginKey;
global $TuringLogin;
print "<script language=\"javascript\" type=\"text/javascript\">\n";
print "<!-- JavaScript\n";
print "function validatelogin(form)\n";
print "{\n";
print " if (document.siteloklogin.username.value==\"\")\n";
print " {\n";
print " alert(\"".MSG_ENTERUSER."\")\n";
print " document.siteloklogin.username.focus()\n";
print " return(false)\n";
print " }\n";
print " if (document.siteloklogin.password.value==\"\")\n";
print " {\n";
print " alert(\"".MSG_ENTERPASS."\")\n";
print " document.siteloklogin.password.focus()\n";
print " return(false)\n";
print " }\n";
if ($TuringLogin==1)
{
print " if (document.siteloklogin.turing.value==\"\")\n";
print " {\n";
print " alert(\"".MSG_ENTERTURING."\")\n";
print " document.siteloklogin.turing.focus()\n";
print " return(false)\n";
print " }\n";
}
print " var LoginType=\"$LoginType\";\n";
print " if (LoginType==\"NORMAL\")\n";
print " return(true);\n";
print " document.siteloklogin.sitelokhash.value=MD5(document.siteloklogin.password.value+document.siteloklogin.loginkey.value)\n";
print " document.siteloklogin.password.value=\"********\"\n";
print " return(true)\n";
print "}\n";
print "function forgotpw(form)\n";
print "{\n";
print " if (document.siteloklogin.username.value==\"\")\n";
print " {\n";
if ($TuringLogin==1)
print " alert(\"".MSG_FORGOT1."\")\n";
else
print " alert(\"".MSG_FORGOT2."\")\n";
print " document.siteloklogin.username.focus()\n";
print " return(false)\n";
print " }\n";
if ($TuringLogin==1)
{
print " if (document.siteloklogin.turing.value==\"\")\n";
print " {\n";
print " alert(\"".MSG_ENTERTURING."\")\n";
print " document.siteloklogin.turing.focus()\n";
print " return(false)\n";
print " }\n";
}
print " document.siteloklogin.forgotpassword.value=\"forgotten-it\"\n";
print " document.siteloklogin.submit()\n";
print " return(true)\n";
print "}\n";
if ($LoginType=="SECURE")
{
print "\n";
print "\n";
print "function array(n) {\n";
print " for(i=0;i<n;i++) this[i]=0;\n";
print " this.length=n;\n";
print "}\n";
print "\n";
print "function integer(n) { return n%(0xffffffff+1); }\n";
print "\n";
print "function shr(a,b) {\n";
print " a=integer(a);\n";
print " b=integer(b);\n";
print " if (a-0x80000000>=0) {\n";
print " a=a%0x80000000;\n";
print " a>>=b;\n";
print " a+=0x40000000>>(b-1);\n";
print " } else\n";
print " a>>=b;\n";
print " return a;\n";
print "}\n";
print "\n";
print "function shl1(a) {\n";
print " a=a%0x80000000;\n";
print " if (a&0x40000000==0x40000000)\n";
print " {\n";
print " a-=0x40000000;\n";
print " a*=2;\n";
print " a+=0x80000000;\n";
print " } else\n";
print " a*=2;\n";
print " return a;\n";
print "}\n";
print "\n";
print "function shl(a,b) {\n";
print " a=integer(a);\n";
print " b=integer(b);\n";
print " for (var i=0;i<b;i++) a=shl1(a);\n";
print " return a;\n";
print "}\n";
print "\n";
print "function and(a,b) {\n";
print " a=integer(a);\n";
print " b=integer(b);\n";
print " var t1=(a-0x80000000);\n";
print " var t2=(b-0x80000000);\n";
print " if (t1>=0)\n";
print " if (t2>=0)\n";
print " return ((t1&t2)+0x80000000);\n";
print " else\n";
print " return (t1&b);\n";
print " else\n";
print " if (t2>=0)\n";
print " return (a&t2);\n";
print " else\n";
print " return (a&b);\n";
print "}\n";
print "\n";
print "function or(a,b) {\n";
print " a=integer(a);\n";
print " b=integer(b);\n";
print " var t1=(a-0x80000000);\n";
print " var t2=(b-0x80000000);\n";
print " if (t1>=0)\n";
print " if (t2>=0)\n";
print " return ((t1|t2)+0x80000000);\n";
print " else\n";
print " return ((t1|b)+0x80000000);\n";
print " else\n";
print " if (t2>=0)\n";
print " return ((a|t2)+0x80000000);\n";
print " else\n";
print " return (a|b);\n";
print "}\n";
print "\n";
print "function xor(a,b) {\n";
print " a=integer(a);\n";
print " b=integer(b);\n";
print " var t1=(a-0x80000000);\n";
print " var t2=(b-0x80000000);\n";
print " if (t1>=0)\n";
print " if (t2>=0)\n";
print " return (t1^t2);\n";
print " else\n";
print " return ((t1^b)+0x80000000);\n";
print " else\n";
print " if (t2>=0)\n";
print " return ((a^t2)+0x80000000);\n";
print " else\n";
print " return (a^b);\n";
print "}\n";
print "\n";
print "function not(a) {\n";
print " a=integer(a);\n";
print " return (0xffffffff-a);\n";
print "}\n";
print "\n";
print " var state = new array(4);\n";
print " var count = new array(2);\n";
print " count[0] = 0;\n";
print " count[1] = 0;\n";
print " var buffer = new array(64);\n";
print " var transformBuffer = new array(16);\n";
print " var digestBits = new array(16);\n";
print "\n";
print " var S11 = 7;\n";
print " var S12 = 12;\n";
print " var S13 = 17;\n";
print " var S14 = 22;\n";
print " var S21 = 5;\n";
print " var S22 = 9;\n";
print " var S23 = 14;\n";
print " var S24 = 20;\n";
print " var S31 = 4;\n";
print " var S32 = 11;\n";
print " var S33 = 16;\n";
print " var S34 = 23;\n";
print " var S41 = 6;\n";
print " var S42 = 10;\n";
print " var S43 = 15;\n";
print " var S44 = 21;\n";
print "\n";
print " function F(x,y,z) {\n";
print " return or(and(x,y),and(not(x),z));\n";
print " }\n";
print "\n";
print " function G(x,y,z) {\n";
print " return or(and(x,z),and(y,not(z)));\n";
print " }\n";
print "\n";
print " function H(x,y,z) {\n";
print " return xor(xor(x,y),z);\n";
print " }\n";
print "\n";
print " function I(x,y,z) {\n";
print " return xor(y ,or(x , not(z)));\n";
print " }\n";
print "\n";
print " function rotateLeft(a,n) {\n";
print " return or(shl(a, n),(shr(a,(32 - n))));\n";
print " }\n";
print "\n";
print " function FF(a,b,c,d,x,s,ac) {\n";
print " a = a+F(b, c, d) + x + ac;\n";
print " a = rotateLeft(a, s);\n";
print " a = a+b;\n";
print " return a;\n";
print " }\n";
print "\n";
print " function GG(a,b,c,d,x,s,ac) {\n";
print " a = a+G(b, c, d) +x + ac;\n";
print " a = rotateLeft(a, s);\n";
print " a = a+b;\n";
print " return a;\n";
print " }\n";
print "\n";
print " function HH(a,b,c,d,x,s,ac) {\n";
print " a = a+H(b, c, d) + x + ac;\n";
print " a = rotateLeft(a, s);\n";
print " a = a+b;\n";
print " return a;\n";
print " }\n";
print "\n";
print " function II(a,b,c,d,x,s,ac) {\n";
print " a = a+I(b, c, d) + x + ac;\n";
print " a = rotateLeft(a, s);\n";
print " a = a+b;\n";
print " return a;\n";
print " }\n";
print "\n";
print " function transform(buf,offset) {\n";
print " var a=0, b=0, c=0, d=0;\n";
print " var x = transformBuffer;\n";
print "\n";
print " a = state[0];\n";
print " b = state[1];\n";
print " c = state[2];\n";
print " d = state[3];\n";
print "\n";
print " for (i = 0; i < 16; i++) {\n";
print " x[i] = and(buf[i*4+offset],0xff);\n";
print " for (j = 1; j < 4; j++) {\n";
print " x[i]+=shl(and(buf[i*4+j+offset] ,0xff), j * 8);\n";
print " }\n";
print " }\n";
print "\n";
print " /* Round 1 */\n";
print " a = FF ( a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */\n";
print " d = FF ( d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */\n";
print " c = FF ( c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */\n";
print " b = FF ( b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */\n";
print " a = FF ( a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */\n";
print " d = FF ( d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */\n";
print " c = FF ( c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */\n";
print " b = FF ( b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */\n";
print " a = FF ( a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */\n";
print " d = FF ( d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */\n";
print " c = FF ( c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */\n";
print " b = FF ( b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */\n";
print " a = FF ( a, b, c, d, x[12], S11, 0x6b901122); /* 13 */\n";
print " d = FF ( d, a, b, c, x[13], S12, 0xfd987193); /* 14 */\n";
print " c = FF ( c, d, a, b, x[14], S13, 0xa679438e); /* 15 */\n";
print " b = FF ( b, c, d, a, x[15], S14, 0x49b40821); /* 16 */\n";
print "\n";
print " /* Round 2 */\n";
print " a = GG ( a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */\n";
print " d = GG ( d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */\n";
print " c = GG ( c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */\n";
print " b = GG ( b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */\n";
print " a = GG ( a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */\n";
print " d = GG ( d, a, b, c, x[10], S22, 0x2441453); /* 22 */\n";
print " c = GG ( c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */\n";
print " b = GG ( b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */\n";
print " a = GG ( a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */\n";
print " d = GG ( d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */\n";
print " c = GG ( c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */\n";
print " b = GG ( b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */\n";
print " a = GG ( a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */\n";
print " d = GG ( d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */\n";
print " c = GG ( c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */\n";
print " b = GG ( b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */\n";
print "\n";
print " /* Round 3 */\n";
print " a = HH ( a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */\n";
print " d = HH ( d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */\n";
print " c = HH ( c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */\n";
print " b = HH ( b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */\n";
print " a = HH ( a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */\n";
print " d = HH ( d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */\n";
print " c = HH ( c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */\n";
print " b = HH ( b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */\n";
print " a = HH ( a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */\n";
print " d = HH ( d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */\n";
print " c = HH ( c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */\n";
print " b = HH ( b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */\n";
print " a = HH ( a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */\n";
print " d = HH ( d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */\n";
print " c = HH ( c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */\n";
print " b = HH ( b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */\n";
print "\n";
print " /* Round 4 */\n";
print " a = II ( a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */\n";
print " d = II ( d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */\n";
print " c = II ( c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */\n";
print " b = II ( b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */\n";
print " a = II ( a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */\n";
print " d = II ( d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */\n";
print " c = II ( c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */\n";
print " b = II ( b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */\n";
print " a = II ( a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */\n";
print " d = II ( d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */\n";
print " c = II ( c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */\n";
print " b = II ( b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */\n";
print " a = II ( a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */\n";
print " d = II ( d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */\n";
print " c = II ( c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */\n";
print " b = II ( b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */\n";
print "\n";
print " state[0] +=a;\n";
print " state[1] +=b;\n";
print " state[2] +=c;\n";
print " state[3] +=d;\n";
print "\n";
print " }\n";
print "\n";
print " function init() {\n";
print " count[0]=count[1] = 0;\n";
print " state[0] = 0x67452301;\n";
print " state[1] = 0xefcdab89;\n";
print " state[2] = 0x98badcfe;\n";
print " state[3] = 0x10325476;\n";
print " for (i = 0; i < digestBits.length; i++)\n";
print " digestBits[i] = 0;\n";
print " }\n";
print "\n";
print " function update(b) {\n";
print " var index,i;\n";
print "\n";
print " index = and(shr(count[0],3) , 0x3f);\n";
print " if (count[0]<0xffffffff-7)\n";
print " count[0] += 8;\n";
print " else {\n";
print " count[1]++;\n";
print " count[0]-=0xffffffff+1;\n";
print " count[0]+=8;\n";
print " }\n";
print " buffer[index] = and(b,0xff);\n";
print " if (index >= 63) {\n";
print " transform(buffer, 0);\n";
print " }\n";
print " }\n";
print "\n";
print " function finish() {\n";
print " var bits = new array(8);\n";
print " var padding;\n";
print " var i=0, index=0, padLen=0;\n";
print "\n";
print " for (i = 0; i < 4; i++) {\n";
print " bits[i] = and(shr(count[0],(i * 8)), 0xff);\n";
print " }\n";
print " for (i = 0; i < 4; i++) {\n";
print " bits[i+4]=and(shr(count[1],(i * 8)), 0xff);\n";
print " }\n";
print " index = and(shr(count[0], 3) ,0x3f);\n";
print " padLen = (index < 56) ? (56 - index) : (120 - index);\n";
print " padding = new array(64);\n";
print " padding[0] = 0x80;\n";
print " for (i=0;i<padLen;i++)\n";
print " update(padding[i]);\n";
print " for (i=0;i<8;i++)\n";
print " update(bits[i]);\n";
print "\n";
print " for (i = 0; i < 4; i++) {\n";
print " for (j = 0; j < 4; j++) {\n";
print " digestBits[i*4+j] = and(shr(state[i], (j * 8)) , 0xff);\n";
print " }\n";
print " }\n";
print " }\n";
print "\n";
print "/* End of the MD5 algorithm */\n";
print "\n";
print "function hexa(n) {\n";
print " var hexa_h = \"0123456789abcdef\";\n";
print " var hexa_c=\"\";\n";
print " var hexa_m=n;\n";
print " for (hexa_i=0;hexa_i<8;hexa_i++) {\n";
print " hexa_c=hexa_h.charAt(Math.abs(hexa_m)%16)+hexa_c;\n";
print " hexa_m=Math.floor(hexa_m/16);\n";
print " }\n";
print " return hexa_c;\n";
print "}\n";
print "\n";
print "\n";
print "var ascii=\"01234567890123456789012345678901\" +\n";
print " \" !\\\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\"+\n";
print " \"[\\\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\";\n";
print "\n";
print "function MD5(entree)\n";
print "{\n";
print " var l,s,k,ka,kb,kc,kd;\n";
print "\n";
print " init();\n";
print " for (k=0;k<entree.length;k++) {\n";
print " l=entree.charAt(k);\n";
print " update(ascii.lastIndexOf(l));\n";
print " }\n";
print " finish();\n";
print " ka=kb=kc=kd=0;\n";
print " for (i=0;i<4;i++) ka+=shl(digestBits[15-i], (i*8));\n";
print " for (i=4;i<8;i++) kb+=shl(digestBits[15-i], ((i-4)*8));\n";
print " for (i=8;i<12;i++) kc+=shl(digestBits[15-i], ((i-8)*8));\n";
print " for (i=12;i<16;i++) kd+=shl(digestBits[15-i], ((i-12)*8));\n";
print " s=hexa(kd)+hexa(kc)+hexa(kb)+hexa(ka);\n";
print " return s;\n";
print "}\n";
}
print "\n";
print "\n";
print "// - JavaScript - -->\n";
print "</script>\n";
print "<input type=\"hidden\" name=\"loginformused\" value=\"1\">\n";
print "<input type=\"hidden\" name=\"forgotpassword\" value=\"\">\n";
if ($LoginType=="SECURE")
{
print "<input type=\"hidden\" name=\"loginkey\" value=\"$LoginKey\">\n";
print "<input type=\"hidden\" name=\"sitelokhash\" value=\"\">\n";
}
}
function siteloklogout()
{
global $thispage;
$link=$thispage."?sitelokaction=logout";
print($link);
}
function siteloklink($fname,$dialog,$expiry=0,$param1="",$param2="")
{
global $thispage,$SiteKey,$NoFilename,$slDownloadURL,$ExtraPathFilename,$slusername;
if ($expiry != 0)
{
if (strlen($expiry) == 12)
$expirytime = mktime(substr($expiry, 8, 2), substr($expiry, 10, 2), 0, substr($expiry, 4, 2), substr($expiry, 6, 2), substr($expiry, 0, 4), -1);
else
$expirytime = time() + ($expiry * 60);
}
else
$expirytime = 0;
$auth=md5($SiteKey.$fname.$expirytime.$slusername.$param1.$param2);
$link=$fname.",".$expirytime.",".$slusername.",".$param1.",".$param2.",".$dialog.",".$auth;
$link=base64_encode($link);
$link=rawurlencode($link);
if ($slDownloadURL!="")
{
$lurlparts=getUrlParts($slDownloadURL);
$lurl="/".$lurlparts[resource];
}
// Get filename only
$fnameonly=strtok($fname,":");
$fnameonly=basename($fnameonly);
// Remove any query from fname
$pos=strpos($fnameonly,"?");
if (is_integer($pos))
$fnameonly=substr($fnameonly,0,$pos);
if($ExtraPathFilename==1)
$link=$lurl."/".$fnameonly."?sldownload=".$link;
else
$link=$lurl."?sldownload=".$link;
if ($NoFilename!=1)
$link .= "/".$fnameonly;
print $link;
}
function sitelokgetfile($download)
{
global $FileLocation,$FileLocations,$SiteKey,$slusername,$LogDetails;
global $ServerTimeAdjust;
// Remove any /filename from end
$pos=strrpos($download,"/");
if (is_integer($pos))
$download=substr($download,0,$pos);
$download=base64_decode($download);
$fields=explode(",",$download);
$fname=$fields[0];
$expirytime=$fields[1];
$username=$fields[2];
$param1=$fields[3];
$param2=$fields[4];
$dialog=$fields[5];
$hash=$fields[6];
$verifyhash=md5($SiteKey.$fname.$expirytime.$username.$param1.$param2);
if ($verifyhash!=$hash)
{
sl_ShowMessage($MessagePage,MSG_ACCESSFILE);
if (substr($LogDetails,4,1)=="Y")
sl_AddToLog("Download Problem",$slusername,"Not allowed access to ".$fname);
exit;
}
if ($username!=$slusername)
{
sl_ShowMessage($MessagePage,MSG_ACCESSFILE);
if (substr($LogDetails,4,1)=="Y")
sl_AddToLog("Download Problem",$slusername,"Not allowed access to ".$fname);
exit;
}
// Check link hasn't expired
if ($expirytime!=0)
{
$curtime=time();
if ($curtime>$expirytime)
{
sl_ShowMessage($MessagePage,MSG_DOWNEXP);
if (substr($LogDetails,4,1)=="Y")
sl_AddToLog("Download Problem",$slusername,"Download link expired for ".$fname);
exit;
}
}
// Close session to allow parallel downloads
session_write_close();
$fnametolog=$fname;
// Make full path or url to file
$fname=strtok($fname,":");
$loc=strtok(":");
if ($loc=="")
$link=$FileLocation.$fname;
else
$link=$FileLocations[$loc].$fname;
// Replace any ; with | to handle S3 locations
$link=str_replace(";","|",$link);
// If download path is for S3 then handle it now
if (substr(trim(strtolower($link)),0,3)=="s3|")
{
if (function_exists(sl_onDownload))
sl_onDownload($slusername,$link,$loc,$param1,$param2);
$url=sl_get_s3_url($link,time()+$ServerTimeAdjust,"GET");
if (substr($LogDetails,3,1)=="Y")
sl_AddToLog("Download",$slusername,$fnametolog);
header("Location: ".$url);
exit;
}
$ext=sl_fileextension($link);
// If download link is html or php page then just include it.
if (($ext==".php") || ($ext==".html") || ($ext==".htm"))
{
// If there are any GET variables in the filename then set those in $_GET and $_REQUEST
$pos=strpos($link,"?");
if (is_integer($pos))
{
$fquery=substr($link,$pos+1);
$link=substr($link,0,$pos);
}
if ($fquery!="")
{
$fvars=explode("&",$fquery);
for ($k=0;$k<count($fvars);$k++)
{
$fvar=strtok($fvars[$k],"=");
$fval=strtok("=");
if ($fvar!="")
{
$_GET[$fvar]=$fval;
$_REQUEST[$fvar]=$fval;
}
}
}
include ($link);
exit;
}
// See if link is local path or URL
$i=strrpos($link,"/");
$fname=substr($link,$i+1,strlen($link)-$i);
$mimetype=sl_getmimetype($link);
$pos=strpos(strtolower($link),"http://");
if (!is_integer($pos))
{
// If link is a local path then get local path and handle resume & download managers
$fsize=@filesize($link);
/* is resume requested? */
$headers = sl_xgetallheaders();
if(isset($headers["Range"]))
{
header("HTTP/1.1 206 Partial content");
$val=split("=",$headers["Range"]);
if(ereg("^-",$val[1]))
{
$slen = ereg_replace("-","",$val[1]);
$sfrom = $fsize - $slen;
if ((strtolower(ini_get('zlib.output_compression'))!="on") && (ini_get('zlib.output_compression')!="1"))
header("Content-Length: ".$slen);
}
else if(ereg("-$",$val[1]))
{
$sfrom = ereg_replace("-","",$val[1]);
$slen = $fsize - $sfrom;
if ((strtolower(ini_get('zlib.output_compression'))!="on") && (ini_get('zlib.output_compression')!="1"))
header("Content-Length: ".(string)((int)$fsize-(int)$sfrom));
}
else if(is_integer(strpos($val[1],"-")))
{
$ranges=split("-",$val[1]);
$sfrom = $ranges[0];
$slen = $ranges[1]-$ranges[0];
if ((strtolower(ini_get('zlib.output_compression'))!="on") && (ini_get('zlib.output_compression')!="1"))
header("Content-Length: ".(string)((int)$fsize-(int)$sfrom));
}
$br = $sfrom."-".(string)($fsize-1)."/".$fsize;
header("Content-Range: bytes $br");
if (($dialog==1) || ($mimetype==""))
{
header("Content-type: application/octet-stream\n");
header("Connection: close");
}
else
{
header("Content-type: $mimetype\n");
header("Connection: close");
}
if (function_exists(sl_onDownload))
{
if ($sfrom == 0)
sl_onDownload($slusername,$link,$loc,$param1,$param2);
}
if (!($fh=@fopen($link,"rb")))
{
if (substr($LogDetails,4,1)=="Y")
sl_AddToLog("Download Problem",$slusername,"Could not open ".$fname);
sl_ShowMessage($MessagePage,MSG_FILEOPEN);
exit;
}
if (($sfrom == 0) && (substr($LogDetails,3,1)=="Y"))
sl_AddToLog("Download",$slusername,$fnametolog);
fseek($fh, $sfrom);
sl_xfpassthru($fh);
}
else
{
$size=@filesize($link);
if (function_exists(sl_onDownload))
sl_onDownload($slusername,$link,$loc,$param1,$param2);
if (!($fh=@fopen($link,"rb")))
{
if (substr($LogDetails,4,1)=="Y")
sl_AddToLog("Download Problem",$slusername,"Could not open ".$fname);
sl_ShowMessage($MessagePage,MSG_FILEOPEN);
exit;
}
if (substr($LogDetails,3,1)=="Y")
sl_AddToLog("Download",$slusername,$fnametolog);
if (($dialog==1) || ($mimetype==""))
{
header("Content-type: application/octet-stream\n");
header("Content-disposition: attachment; filename=\"".$fname."\"\n");
}
else
{
header("Content-type: $mimetype\n");
}
header("Content-transfer-encoding: binary\n");
if ((strtolower(ini_get('zlib.output_compression'))!="on") && (ini_get('zlib.output_compression')!="1"))
header("Content-Length: ".$size."\n");
sl_xfpassthru($fh);
}
}
else
{
// link is a URL rather than local path so do simple download
$link=str_replace(" ","%20",$link);
$size=sl_filesize_remote($link);
if (function_exists(sl_onDownload))
sl_onDownload($slusername,$link,$loc,$param1,$param2);
if (!($fh=@fopen($link,"rb")))
{
if (substr($LogDetails,4,1)=="Y")
sl_AddToLog("Download Problem",$slusername,"Could not open ".$fname);
sl_ShowMessage($MessagePage,MSG_FILEOPEN);
exit;
}
if (substr($LogDetails,3,1)=="Y")
sl_AddToLog("Download",$slusername,$fnametolog);
$mimetype=sl_getmimetype($link);
if (($dialog==1) || ($mimetype==""))
{
header("Content-type: application/octet-stream\n");
header("Content-disposition: attachment; filename=\"".$fname."\"\n");
}
else
{
header("Content-type: $mimetype\n");
}
header("Content-transfer-encoding: binary\n");
if ((strtolower(ini_get('zlib.output_compression'))!="on") && (ini_get('zlib.output_compression')!="1"))
{
if ((int)$size>0)
header("Content-Length: ".$size."\n");
}
sl_xfpassthru($fh);
}
}
function sl_getmimetype($fn)
{
$mt['.jpg']="image/jpeg";
$mt['.gif']="image/gif";
$mt['.cgm']="image/cgm";
$mt['.gif']="image/gif";
$mt['.htm']="text/html";
$mt['.html']="text/html";
$mt['.txt']="text/plain";
$mt['.pdf']="application/pdf";
$mt['.mpg']="video/mpeg";
$mt['.mpeg']="video/mpeg";
$mt['.rm']="audio/x-pn-realaudio";
$mt['.wmv']="video/x-ms-wmv";
$mt['.swf']="application/x-shockwave-flash";
$mt['.mov']="video/quicktime";
$mt['.asf']="video/x-ms-asf";
$mt['.asx']="video/x-ms-asf";
$mt['.rm']="audio/x-realaudio";
$mt['.ram']="audio/x-pn-realaudio";
$mt['.mp4']="video/quicktime";
$i=strrpos($fn,".");
$ext=substr($fn,$i,strlen($fn)-$i);
$ext=strtolower($ext);
if (isset($mt[$ext]))
$mimetype=$mt[$ext];
else
$mimetype="";
return($mimetype);
}
function sitelokmodify($clientemail="",$adminemail="",$modsuccesspage="",$allowed="NYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY")
{
global $SiteKey, $ValidPasswordChars;
// To allow for backward compatibility $allowed could be parameter 6 instead of 7.
if (((strlen($modsuccesspage)==14) || (strlen($modsuccesspage)==54))&& (strtolower(substr($modsuccesspage,0,4))!="http"))
{
$allowed=$modsuccesspage;
$modsuccesspage="";
}
if ($allowed=="")
$allowed="YNYYNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN";
if (strlen($allowed)<54)
{
for ($k=strlen($allowed);$k<54;$k++)
{
if (($k==0) || ($k==2) || ($k==3))
$allowed.="Y";
else
$allowed.="N";
}
}
print "<script language=\"javascript\" type=\"text/javascript\">\n";
print "<!-- JavaScript\n";
print "function validateprofile()\n";
print "{\n";
print " if (document.sitelokmodify.newpassword)\n";
print " {\n";
print " if ((document.sitelokmodify.newpassword.value.length<5) && (document.sitelokmodify.newpassword.value!=\"\"))\n";
print " {\n";
print " alert(\"".MSG_PASS5."\")\n";
print " document.sitelokmodify.newpassword.focus()\n";
print " return(false)\n";
print " }\n";
print " prob=0\n";
print " str=document.sitelokmodify.newpassword.value;\n";
print " for (k=0;k<str.length;k++)\n";
print " {\n";
print " if (\"".$ValidPasswordChars."\".indexOf(str.charAt(k))==-1)\n";
print " {\n";
print " prob=1\n";
print " }\n";
print " }\n";
print " if (prob==1)\n";
print " {\n";
print " alert(\"".MSG_PASSNG."\");\n";
print " document.sitelokmodify.newpassword.focus();\n";
print " return(false)\n";
print " }\n";
print " if (document.sitelokmodify.newpassword)\n";
print " {\n";
print " if (document.sitelokmodify.newpassword.value!=document.sitelokmodify.verifynewpassword.value)\n";
print " {\n";
print " alert(\"".MSG_PASSVER."\")\n";
print " document.sitelokmodify.verifynewpassword.focus()\n";
print " return(false)\n";
print " }\n";
print " }\n";
print " }\n";
print " if (document.sitelokmodify.newname)\n";
print " {\n";
print " if (document.sitelokmodify.newname.value==\"\")\n";
print " {\n";
print " alert(\"".MSG_ENTERNAME."\")\n";
print " document.sitelokmodify.newname.focus()\n";
print " return(false)\n";
print " }\n";
print " }\n";
print " if (document.sitelokmodify.newemail)\n";
print " {\n";
print " if (ValidEmail(document.sitelokmodify.newemail.value)==false)\n";
print " {\n";
print " alert(\"".MSG_ENTEREMAIL."\")\n";
print " document.sitelokmodify.newemail.focus()\n";
print " return(false)\n";
print " }\n";
print " }\n";
print " return(true)\n";
print "}\n";
print "function ValidEmail (emailStr)\n";
print "{\n";
print "var emailPat=/^(.+)@(.+)$/\n";
print "var specialChars=\"\\\\(\\\\)<>@,;:\\\\\\\\\\\\\\\"\\\\.\\\\[\\\\]\"\n";
print "var validChars=\"\\[^\\\\s\" + specialChars + \"\\]\"\n";
print "var quotedUser=\"(\\\"[^\\\"]*\\\")\"\n";
print "var ipDomainPat=/^\[(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\]$/\n";
print "var atom=validChars + '+'\n";
print "var word=\"(\" + atom + \"|\" + quotedUser + \")\"\n";
print "var userPat=new RegExp(\"^\" + word + \"(\\\\.\" + word + \")*$\")\n";
print "var domainPat=new RegExp(\"^\" + atom + \"(\\\\.\" + atom +\")*$\")\n";
print "var matchArray=emailStr.match(emailPat)\n";
print "if (matchArray==null)\n";
print " return false\n";
print "var user=matchArray[1]\n";
print "var domain=matchArray[2]\n";
print "if (user.match(userPat)==null)\n";
print " return false\n";
print "var IPArray=domain.match(ipDomainPat)\n";
print "if (IPArray!=null) {\n";
print " for (var i=1;i<=4;i++)\n";
print " {\n";
print " if (IPArray[i]>255)\n";
print " return false\n";
print " }\n";
print " return true\n";
print "}\n";
print "var domainArray=domain.match(domainPat)\n";
print "if (domainArray==null)\n";
print " return false\n";
print "var atomPat=new RegExp(atom,\"g\")\n";
print "var domArr=domain.match(atomPat)\n";
print "var len=domArr.length\n";
print "if (domArr[domArr.length-1].length<2 ||\n";
print " domArr[domArr.length-1].length>4)\n";
print " return false\n";
print "if (len<2)\n";
print " return false\n";
print "return true;\n";
print "}\n";
print "// - JavaScript - -->\n";
print "</script>\n";
print "<input type=\"hidden\" name=\"sitelokaction\" value=\"modifyprofile\">\n";
print "<input type=\"hidden\" name=\"clientemail\" value=\"$clientemail\">\n";
print "<input type=\"hidden\" name=\"adminemail\" value=\"$adminemail\">\n";
print "<input type=\"hidden\" name=\"allowed\" value=\"$allowed\">\n";
print "<input type=\"hidden\" name=\"modsuccesspage\" value=\"$modsuccesspage\">\n";
$hash=md5($clientemail.$adminemail.$allowed.$SiteKey);
print "<input type=\"hidden\" name=\"hash\" value=\"$hash\">\n";
}
?>
Pastie << self Blog
