1: <?php
2:
3: /**
4: * process.php
5: *
6: * If process.php is directly called by a logged in user he will be logged out.
7: *
8: * PHP version 8
9: *
10: * LICENSE: This program is free software: you can redistribute it and/or modify
11: * it under the terms of the GNU Affero General Public License as
12: * published by the Free Software Foundation, either version 3 of the
13: * License, or (at your option) any later version.
14: * This program is distributed in the hope that it will be useful,
15: * but WITHOUT ANY WARRANTY; without even the implied warranty of
16: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17: * GNU Affero General Public License for more details.
18: * You should have received a copy of the GNU Affero General Public License
19: * along with this program. If not, see <http://www.gnu.org/licenses/>.
20: *
21: * @category Login
22: * @package Process
23: * @author Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
24: * @author Henri Schumacher <henri.hulski@gazeta.pl>
25: * @copyright 2007-2014 Henri Schumacher
26: * @license http://www.gnu.org/licenses/agpl.html GNU Affero General Public License v3
27: * @version 1.0
28: * @link https://research.openhomeo.info/download/OpenHomeopath_1.0.2.tar.gz
29: * @see login.php
30: */
31:
32: chdir("../../..");
33: include("include/classes/login/session.php");
34:
35: /**
36: * The Process class is meant to simplify the task of processing
37: * user submitted forms, redirecting the user to the correct
38: * pages if errors are found, or if form is successful, either
39: * way. Also handles the logout procedure.
40: *
41: * @category Login
42: * @package Process
43: * @author Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
44: * @author Henri Schumacher <henri.hulski@gazeta.pl>
45: * @copyright 2007-2014 Henri Schumacher
46: * @license http://www.gnu.org/licenses/agpl.html GNU Affero General Public License v3
47: */
48: class Process {
49:
50: /**
51: *
52: * @return Process
53: * @access public
54: */
55: function __construct(){
56: global $session;
57: /* User submitted login form */
58: if(isset($_POST['sublogin'])){
59: $this->procLogin();
60: }
61: /* User submitted registration form */
62: elseif(isset($_POST['subjoin'])){
63: $this->procRegister();
64: }
65: /* User submitted forgot password form */
66: elseif(isset($_POST['subforgot'])){
67: $this->procForgotPass();
68: }
69: /* User submitted edit account form */
70: elseif(isset($_POST['subedit'])){
71: $this->procEditAccount();
72: }
73: /**
74: * The only other reason user should be directed here
75: * is if he wants to logout, which means user is
76: * logged in currently.
77: */
78: elseif($session->logged_in){
79: $this->procLogout();
80: }
81: /**
82: * Should not get here, which means user is viewing this page
83: * by mistake and therefore is redirected.
84: */
85: else{
86: $host = $_SERVER['HTTP_HOST'];
87: $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
88: $extra = "login.php";
89: header("Content-Type: text/html;charset=utf-8");
90: header("Location: ../../../$extra");
91: die();
92: }
93: }
94:
95: /**
96: * procLogin processes the user submitted login form, if errors
97: * are found, the user is redirected to correct the information,
98: * if not, the user is effectively logged in to the system.
99: *
100: * @return void
101: * @access private
102: */
103: private function procLogin(){
104: global $session, $form, $db;
105: /* Login attempt */
106: $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));
107:
108: /* Login successful */
109: if ($retval) {
110: if ($session->isAdmin()) {
111: $db->update_symptom_tables();
112: }
113: $db->update_custom_symptom_table();
114: if(isset($_POST['url'])) {
115: $url = $_POST['url'];
116: if ($url == "userinfo.php") {
117: $user = $_POST['user'];
118: $url .= "?user=$user";
119: } elseif (strpos($url, '%') !== false) {
120: list($prefix, $url) = explode('%', $url, 2);
121: if ($prefix === 'admin') {
122: $url = "admin_tools/$url";
123: }
124: }
125: header("Content-Type: text/html;charset=utf-8");
126: header("Location: ../../../$url");
127: die();
128: } else {
129: $headers = apache_request_headers();
130: if (!empty($headers['Referer']) && strpos($headers['Referer'],'login.php') === false) {
131: header("Content-Type: text/html;charset=utf-8");
132: header("Location: " . $headers['Referer']); /* Redirect browser back to referer */
133: exit;
134: } elseif (!empty($session->referrer) && strpos($session->referrer,'login.php') === false){
135: header("Content-Type: text/html;charset=utf-8");
136: header("Location: ".$session->referrer);
137: exit;
138: } else {
139: header("Content-Type: text/html;charset=utf-8");
140: header("Location: ../../../index.php");
141: }
142: }
143: }
144: /* Login failed */
145: else {
146: $_SESSION['value_array'] = $_POST;
147: $_SESSION['error_array'] = $form->getErrorArray();
148: header("Content-Type: text/html;charset=utf-8");
149: header("Location: ".$session->referrer);
150: die();
151: }
152: }
153:
154: /**
155: * procLogout - Simply attempts to log the user out of the system
156: * given that there is no logout form to process.
157: *
158: * @return void
159: * @access private
160: */
161: private function procLogout(){
162: global $session;
163: $session->logout();
164: header("Location: ../../../login.php");
165: }
166:
167: /**
168: * procRegister - Processes the user submitted registration form,
169: * if errors are found, the user is redirected to correct the
170: * information, if not, the user is effectively registered with
171: * the system and an email is (optionally) sent to the newly
172: * created user.
173: *
174: * @return void
175: * @access private
176: */
177: private function procRegister(){
178: global $session, $form;
179: /* Convert username to all lowercase (by option) */
180: if(ALL_LOWERCASE){
181: $_POST['user'] = strtolower($_POST['user']);
182: }
183: /* Registration attempt */
184: $retval = $session->register($_POST['user'], $_POST['pass'], $_POST['pass2'], $_POST['email']);
185:
186: /* Registration Successful */
187: if($retval == 0){
188: $_SESSION['reguname'] = $_POST['user'];
189: $_SESSION['regemail'] = $_POST['email'];
190: $_SESSION['regsuccess'] = true;
191: header("Content-Type: text/html;charset=utf-8");
192: header("Location: ".$session->referrer);
193: die();
194: }
195: /* Error found with form */
196: elseif($retval == 1){
197: $_SESSION['value_array'] = $_POST;
198: $_SESSION['error_array'] = $form->getErrorArray();
199: header("Content-Type: text/html;charset=utf-8");
200: header("Location: ".$session->referrer);
201: die();
202: }
203: /* Registration attempt failed */
204: elseif($retval == 2){
205: $_SESSION['reguname'] = $_POST['user'];
206: $_SESSION['regsuccess'] = false;
207: header("Content-Type: text/html;charset=utf-8");
208: header("Location: ".$session->referrer);
209: die();
210: }
211: }
212:
213: /**
214: * procForgotPass - Validates the given username then if
215: * everything is fine, a new password is generated and
216: * emailed to the address the user gave on sign up.
217: *
218: * @return void
219: * @access private
220: */
221: private function procForgotPass(){
222: global $db, $session, $mailer, $form;
223: /* Username error checking */
224: $subuser = $_POST['lostpass'];
225: $field = "lostpass"; //Use field name for username
226: if(!$subuser || strlen($subuser = trim($subuser)) == 0){
227: $form->setError($field, " " . _("* Username not entered") . "<br>");
228: }
229: else{
230: /* Make sure username is in database */
231: $subuser = stripslashes($subuser);
232: if(strlen($subuser) < 5 || strlen($subuser) > 30 || !preg_match("/^([0-9a-z])+$/i", $subuser) || (!$db->usernameTaken($subuser))){
233: $form->setError($field, " " . _("* Username does not exist") . "<br>");
234: }
235: }
236:
237: /* Errors exist, have user correct them */
238: if($form->num_errors > 0){
239: $_SESSION['value_array'] = $_POST;
240: $_SESSION['error_array'] = $form->getErrorArray();
241: }
242: /* Generate new password and email it to user */
243: else{
244: /* Generate new password */
245: $newpass = $session->generateRandStr(8);
246:
247: /* Get email of user */
248: $usrinf = $db->getUserInfo($subuser, 'email_registered, userlevel, id_user');
249: $email = $usrinf[0];
250: $userlevel = $usrinf[1];
251:
252: /* Attempt to send the email with new password */
253: if($mailer->sendNewPass($subuser,$email,$newpass)){
254: /* Email sent, update database */
255: $db->updateUserField($subuser, "password", md5($newpass));
256: $_SESSION['forgotpass'] = true;
257: }
258: /* Email failure, do not change password */
259: else{
260: $_SESSION['forgotpass'] = false;
261: }
262: }
263:
264: header("Content-Type: text/html;charset=utf-8");
265: header("Location: ".$session->referrer);
266: die();
267: }
268:
269: /**
270: * procEditAccount - Attempts to edit the user's account
271: * information, including the password, which must be verified
272: * before a change is made.
273: *
274: * @return void
275: * @access private
276: */
277: private function procEditAccount(){
278: global $session, $form;
279: $show_active = (!empty($_POST['show_active'])) ? $_POST['show_active'] : "";
280: $hide_email = (!empty($_POST['hide_email'])) ? $_POST['hide_email'] : "";
281: /* Account edit attempt */
282: $retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['newpass2'], $_POST['email'], $_POST['real_name'], $_POST['extra'], $show_active, $hide_email, $_POST['skin'], $_POST['lang'], $_POST['sym_lang']);
283:
284: /* Account edit successful */
285: if($retval){
286: $_SESSION['useredit'] = true;
287: header("Content-Type: text/html;charset=utf-8");
288: header("Location: ".$session->referrer);
289: die();
290: }
291: /* Error found with form */
292: else{
293: $_SESSION['value_array'] = $_POST;
294: $_SESSION['error_array'] = $form->getErrorArray();
295: header("Content-Type: text/html;charset=utf-8");
296: header("Location: ".$session->referrer);
297: die();
298: }
299: }
300: };
301:
302: /* Initialize process */
303: $process = new Process;
304: