librenms-librenms/html/network/includes/.login.inc.php.swp

b0VIM 6.1Z<>s=J<><00>frymasterlocalhost.localdomain/usr/local/apache/htdocs/login_php_0-9-2/php_lib_login_includes/login.inc.php3210#"! U
E
0P
^t
<00><00>

hX
e<00>
r%
<00>
 a<00>
<00><00>
<00><00>
t

y<00>
y<00>
qs
p<00>
<00>T	
c<00>	
@

o<00>

n.
o<00>
G
G
G
G
G
G
ad<00>
Z<00><00><00>g<00><00><00><00><00><00><00>sQ"<00>
<00>
<00>
<00>
<00>
<00>
<00>
k
N
&

<00><00><00><00><00><00>hD<00><00><00><00><00><00>uqp'<00>
<00>
<00>
J


<00>	o	%	$	<00><00>I<00>n$#<00><00>H<00><00>m#"!<00>~'&%<00><00>J<00>n%<00>
<00>
<00>
** License as published by the Free Software Foundation; either        *** modify it under the terms of the GNU Lesser General Public          *** This library is free software; you can redistribute it and/or       ***                                                                     *** Copyright (C) 2001  grant "frymaster" horwood                       *** php_lib_login - php web login/password implementation for the lazy  *.** ^^^^^^^^^                                                           *** Licensing:                                                          */*---------------------------------------------------------------------*include(dirname(__FILE__)."/languages.inc.php");		// language abstraction/localizationinclude(dirname(__FILE__)."/adodb/adodb.inc.php");		// adodb database abstractioninclude(dirname(__FILE__)."/php_lib_login.conf.php");	// configuration variables**---------------------------------------------------------------------*/** translation credits in languages.inc.php   -fm                      *** guigrrrl - talked me out of making a very bad database decision     *** per egil kummervold - found all instances of double-slash bug       *** ryan crumb - pointed out lack of dots-echo.                         *** 0-8b credits:                                                       */*---------------------------------------------------------------------***---------------------------------------------------------------------*/** uage support. translation credits in languages.inc.php     -fm      *** creator of adodb, plugged it. Navic Wiesbaden provided german lang- *** Jakob found a big security hole in the adodb library. John Lim,     *** Wojciech Kalka & David Mummery found the create-login bug. Leif     *** 0-8-1b credits:                                                     */*---------------------------------------------------------------------***---------------------------------------------------------------------*/** vikings in all my games of freeciv this year by way of thanks) -fm  *** per Inge Mathisen provided a norweigan translation (i will be the   *** 0-8-2b credits:                                                     */*---------------------------------------------------------------------***---------------------------------------------------------------------*/** 0-9b credits:                                                       */*---------------------------------------------------------------------* */ *	this release is a bug fix. *	^^^^^^^^^^^^^/*	new in 0-8-1b */ * - most of these changes are specific requests. * lib_login_show_uber_change_passwd_form * lib_login_show_uber_change_passwd_form_art * lib_login_boolean_check_valid_lp * lib_login_boolean_check_expire * $QA_SIGNUP * ^^^^^^^^^^^^^/* new in 0-8-2b */ * - group functionality is at the request of (many) specific users * lib_login_get_users_groups_html * lib_login_show_group_management_form * lib_login_do_group_change * lib_login_protect_page_heirarchy_group * lib_login_protect_page_group * lib_login_set_gid * lib_login_get_gid * ^^^^^^^^^^^/* new in 0-9b */ * includes path "more elegant" * configuration now in php_lib_login.conf.php * lib_login_super_validate_email * ^^^^^^^^^^^/* new in 0-9-2b*/	make documentation reflect reality	fix up languages with bablefish	fix password recovery	#get fancy email validator		TO DO!/***---------------------------------------------------------------------*/** php_lib_login 0-9-2b - passable security for the lazy               */*---------------------------------------------------------------------*<?phpad<00>G<00>~{]<00><00>=&<00>
<00>
<00>
<00>
<00>
y
c
M
1
/

<00><00><00><00><00>s<<00><00><00><00><00><00><00><00>gH,<00>
<00>
<00>
<00>
<00>
P
=
<
;
5
3
2
<00>	<00>	W		<00>{PN><00><00><00><00><00>\
?>/*============================ ^^^^^^^^^^^ =============================*//*============================ END OF FILE =============================*/}		$gUser = $HTTP_SESSION_VARS['gUser'];	if(strlen($HTTP_SESSION_VARS['gUser'])>0)		$gUser = $_SESSION['gUser'];	if(strlen($_SESSION['gUser'])>0)	GLOBAL $gUser;{function lib_login_globalize_session_var()**---------------------------------------------------------------------*/** fm 020926                                                           *** session var). check both new and old session arrays for it...       *** make sure that $gUser is always in the global name space (it's our  *** lib_login_globalize_session_var                                     */*---------------------------------------------------------------------*}	die;	echo $warningtwo;	$gDB->PConnect($DB_LOCATION, $DB_ACCOUNT, $DB_PASSWORD, $DB_DATABASE);	$gDB = NewADOConnection($DATABASE_SOFTWARE);	echo $warning;WARN2;		\$DATABASE_SOFTWARE $DATABASE_SOFTWARE<br>		\$DB_DATABASE $DB_DATABASE<br>		\$DB_PASSWORD *******<br>		\$DB_ACCOUNT $DB_ACCOUNT<br>		\$DB_LOCATION $DB_LOCATION<br>	$warningtwo =<<<WARN2WARN;		</font>			<p>			</font>			and include the error message below:			please contact your system adminstrator <a href="mailto:$ADMIN_EMAIL">here</a>			there has been a database failure in php_lib_login.			<font size="3">			</font><p>			database failure!			<font size="5">		<font face="Arial, Helvetica, sans-serif" color="#FFFFFF">		<html><head><body bgcolor="red">	$warning =<<<WARN		GLOBAL	$DATABASE_SOFTWARE;	GLOBAL	$DB_DATABASE;	GLOBAL	$DB_PASSWORD;	GLOBAL	$DB_ACCOUNT;	GLOBAL	$DB_LOCATION;	GLOBAL	$ADMIN_EMAIL;{function lib_login_db_failure()**---------------------------------------------------------------------*/** database. added 0-8** a little better onscreen reporting if adodb can't find or use the   *** lib_login_db_failure                                                */*---------------------------------------------------------------------*}		{echo "$warning\$TIMEOUT_IN_SECONDS is not a sane value!";die;}	if($TIMEOUT_IN_SECONDS < 15)				{echo "$warning\$MIN_PASSWORD_LENGTH is not a sane value!";die;}	if(($MIN_PASSWORD_LENGTH > 12) || ($MIN_PASSWORD_LENGTH < 0))ad<00><00>	2<00><00>|nlkW;:9<00><00>mN<00>
<00>
<00>
<00>
?
<00><00><00><00><00><00><00><00>\&%<00><00><00><00>yxw.<00>
<00>
<00>
n
i
J
I

<00>	<00>	<00>	%		<00>
<00>
<00>
<00>
f


<00>	<00>	@	<00><00><00><00>{zb`_<00><00>:<00><00><00><00><00><00><00><00>}[-&# <00><00><00><00><00><00>zyMK	<00><00><00>JC@:7<00><00><00>k"<00><00><00><00><00>iQ;*9--	GLOBAL 	$gUser;	GLOBAL	$LOG_MESSAGE;	GLOBAL 	$TIMEOUT_PAGE;	GLOBAL 	$TIMEOUT_IN_SECONDS;	GLOBAL	$FAIL_PAGE;	GLOBAL	$UBER_USER;{function lib_login_protect_page_uber()**---------------------------------------------------------------------*/** protects page so that only uber user can access it.                 *** lib_login_protect_page_uber                                         */*---------------------------------------------------------------------*}	return $gUser;			}		lib_login_refresh_timestamp();	{	else	}		die;		lib_login_no_browser_redirect("$TIMEOUT_PAGE?error=timeout");		header("Location: $TIMEOUT_PAGE?error=timeout"); 		session_destroy();		lib_login_nuke_session(); 	// kill from database	{	if(!$result->fields[0] < 1) // this index will survive a new ddl		$result = $db->Execute($sql_check_expiry);SQL;		AND		lastlogin<$expired;		WHERE	username = '$gUser'		FROM	tbl_users		SELECT	count(*)	$sql_check_expiry =<<<SQL		$expired = time() - $TIMEOUT_IN_SECONDS;			}		die;		lib_login_no_browser_redirect($FAIL_PAGE); 		header("Location: $FAIL_PAGE");	{	if(!lib_login_valid_user())		$db 	 = $gDB;		GLOBAL $gDB;	GLOBAL $gUser;	GLOBAL $TIMEOUT_PAGE;	GLOBAL $TIMEOUT_IN_SECONDS;	GLOBAL $FAIL_PAGE;{function lib_login_protect_page()**---------------------------------------------------------------------*/** polls if user is logged in... on fail force a logout                *** lib_login_protect_page                                              */*---------------------------------------------------------------------*}	return !empty($gUser);	GLOBAL $gUser;{function lib_login_valid_user()**---------------------------------------------------------------------*/**    --added j lim 06-10-0$FORM_TARGET = $FO$FORM_TARGET = $FORM_HTTP_FRONT . $HTTP_HOST . $subdir . $LIB_$FORM_TARGET = $FORM_HTTP_FRONT . $HTTP_$FORM_TARGET = $FORM_HT$FORM_TARGET = $$FORM_TARGET = $FORM_HTTP_FRONT . $HTTP_HOST . $subdir . $LIB_LOGIN_BASEDIR;if(strlen(dirname($PHP_SELF))>0) $subdir = dirname($PHP_SELF) . "/";	$FORM_HTTP_FRONT	= "http://";else	$FORM_HTTP_FRONT	= "https://";if($SECURE_SUBMIT == "TRUE")**---------------------------------------------------------------------*/** DUMP TRUSTED POST/GET VARS TO GLOBAL SPACE						   * /*-------------------------------------------------------------------- *$$session_name1 = session_id();$session_name1	= session_name();else					$PHP_SELF	= $HTTP_SERVER_VARS['PHP_SELF'];if($SUPER_GLOBALS)		$PHP_SELF	= $_SERVER['PHP_SELF'];else					$HTTP_HOST	= $HTTP_SERVER_VARS['HTTP_HOST'];if($SUPER_GLOBALS)		$HTTP_HOST	= $_SERVER['HTTP_HOST'];else					$error	= $HTTP_GET_VARS['error'];if($SUPER_GLOBALS)		$error	= $_GET['error'];}	}		}			if(strlen($HTTP_GET_VARS["$val"])>0)	$$val = $HTTP_GET_VARS["$val"];			if(strlen($HTTP_POST_VARS["$val"])>0)	$$val = $HTTP_POST_VARS["$val"];		else{		}			if(strlen($_GET["$val"])>0)				$$val = $_GET["$val"];			if(strlen($_POST["$val"])>0)			$$val = $_POST["$val"];		if($SUPER_GLOBALS){	while(list(,$val) = each($trusted_variables)){if(isset($trusted_variables)){**---------------------------------------------------------------------*/** DUMP TRUSTED POST/GET VARS TO GLOBAL SPACE						   * /*-------------------------------------------------------------------- *#echo "<p>".session_name();#echo "sid is".SID;}	$gUser = '';if (empty($gUser)){session_register('gUser');// register session and dump session contents to $gUser if register globals is off..ad<00>L(<00>o&<00><00>K<00>
q
(
<00><00>M<00><00>o&%<00>
<00>
J

<00>	<00>	l	k	L	K	$	#	<00><00>d<00><00><00>tNL<00><00><00><00><00>|b:<00><00><00><00><00><00>{a;<00><00><00><00>UTS.<00><00><00><00><00><00><00><00><00><00><00><00><00>C<00><00><00>f<00>
<00>
**---------------------------------------------------------------------*/**    --added j lim 06-10-01                                           *** returns true if viewing user is logged in, false otherwise.         *** lib_login_valid_user                                                */*---------------------------------------------------------------------*/*========================== ^^^^^^^^^^^^^^^^ =========================*//*========================== USER-FUNCTIONALS =========================*/		lib_login_sanity_check();												$gString[9]);						$gString[8], 						$gString[7], 						$gString[6], 						$gString[5],						$gString[4], $LOG_MESSAGE = 	array(	$gString[0], if(empty($gString)) $gString = build_vocab($LANGUAGE, $THIS_SITE);// load our vocab for localizationlib_login_globalize_session_var();// make sure session variable is always global in scope	$error	= $HTTP_GET_VARS['error'];if(strlen($HTTP_GET_VARS["error"])>0)	$error	= $_GET['error'];if(strlen($_GET["error"])>0)// error is always on the get line... always.}	}			$$val = $HTTP_GET_VARS["$val"];		if(strlen($HTTP_GET_VARS["$val"])>0)			$$val = $HTTP_POST_VARS["$val"];		if(strlen($HTTP_POST_VARS["$val"])>0)			$$val = $_GET["$val"];		if(strlen($_GET["$val"])>0)			$$val = $_POST["$val"];		if(strlen($_POST["$val"])>0)		while(list(,$val) = each(	else									$SUPER_GLOBALS		= false;i	else									$SUPER_GLOBALS		= false;if(phpversi	else									$SUPER_GLOBALS		= false;if(phpversion() >= 4.1)					$SUPER_GLOBALS		= true;		// are global arrays HTTP_X_VARS or _X ?else									$REGISTER_GLOBALS	= false;if((bool)ini_get("register_globals"))	$REGISTER_GLOBALS	= true;		// need to use post/get/session arrays?**---------------------------------------------------------------------*/** DETERMINE OUR ENVIRONMENT 										   */*---------------------------------------------------------------------*ini_set("session.use_trans_sid", "1");//$gDB->debug = true; //updateif(!@$gDB->PConnect($DB_LOCATION, $DB_ACCOUNT, $DB_PASSWORD, $DB_DATABASE)) {lib_login_db_failure();}$gDB = NewADOConnection($DATABASE_SOFTWARE);**---------------------------------------------------------------------*/**    --added j lim 06-10-01                                           ***  establish a persistant connection and a global session var gUser   */*---------------------------------------------------------------------*/*============================ ^^^^^^^^^^^^ ==========================*//*============================ GLOBAL-STUFF ===========================*/**---------------------------------------------------------------------*/**  6. have fun.                                                       ***  fixed... it makes doing the documentation much easier              ***  5. please provide a short synopsis of the changes you made or bugs ***  4. please comment your changes thoroughly                          ***  bution i'll cry                                                    ***  3. if possible, build in english. if i can't read your contri-     ***	steps 3 through 5                                                  ***  it's a bit messy. i'll take care of it provided you follow         ***  2. don't try and add any strings you use to languages.inc.php...   ***  regardless of the contributor                                      ***  frymaster can answer any questions about the code base in general  ***  1. credit is given to contributors in comment boxes below. however ***	welcome hackers:                                                   */*---------------------------------------------------------------------*adL<00><00><00><00><00><00><00><00>i <00><00>kiU8!
<00>
<00>
<00>
<00>
u
+


<00>	<00>	<00>	<00>	<00>	}	n	l	j	]	[	Y	<	9			<00><00><00><00><00><00><00>fTC'<00><00><00><00><00>n;<00><00><00><00><00><00><00><00><00><00><00><00>S
<00>x.<00><00><00><00><00><00><00><00>hecB
<00>z1<00><00>rp\LK	GLOBAL $gUser;	GLOBAL $FAIL_PAGE;{function lib_login_protect_page_group($gid)**---------------------------------------------------------------------*/** page is not a member of that group, user is redirected to $FAIL_PAGE*** accepts a group id (postive integer). if user viewing protected     *** lib_login_protect_page_group                                        */*---------------------------------------------------------------------*}	die; 	lib_login_no_browser_redirect($FAIL_PAGE);	header("Location: $FAIL_PAGE");		}			{return lib_login_validate_user();}		if($user == $gUser)	{	while(list(,$user) = each($userarray))		GLOBAL $gUser;	GLOBAL $FAIL_PAGE;{function lib_login_protect_page_userarray($userarray)**---------------------------------------------------------------------*/** in said array, page is dispalyed, otherwise, redirect to $FAIL_PAGE *** accepts an array of usernames. if user viewing protected page is    *** lib_login_protect_page_userarray                                    */*---------------------------------------------------------------------*}	return lib_login_valid_user(); 		}		lib_login_refresh_timestamp();	{	else	}		die;		lib_login_no_browser_redirect("$TIMEOUT_PAGE?error=timeout"); 		header("Location: $TIMEOUT_PAGE?error=timeout");		session_destroy();		lib_login_nuke_session(); 	// kill from database	{	if(!$result->fields[0] < 1)			$result = $db->Execute($sql_check_expiry);	SQL;		AND		lastlogin<$expired;		WHERE	username = '$gUser'		FROM	tbl_users		SELECT	count(*)	$sql_check_expiry =<<<SQL		$expired = time() - $TIMEOUT_IN_SECONDS;			}		die;		lib_login_no_browser_redirect($FAIL_PAGE);		header("Location: $FAIL_PAGE");		lib_login_write_log($LOG_MESSAGE[3], $gUser);	{	if(!($UBER_USER == $gUser))			$db = $gDB;			GLOBAL 	$gDB;	GLOBAL 	$gUser;	GLOBAL	$LOG_MESSAGE;	GLOBAL 	$TIMEOUT_PAGE;	GLOBAL 	$TIMEOUT_IN_SECONDS;	GLOBAL	$FAIL_PAGE;	GLOBAL	$UBER_USER;{function lib_login_protect_page_uber()**---------------------------------------------------------------------*/** protects page so that only uber user can access it.                 *** lib_login_protect_page_uber                                         */*---------------------------------------------------------------------*}	return $gUser;			}		lib_login_refresh_timestamp();	{	else	}		die;		lib_login_no_browser_redirect("$TIMEOUT_PAGE?error=timeout");		header("Location: $TIMEOUT_PAGE?error=timeout"); 		session_destroy();		lib_login_nuke_session(); 	// kill from database	{	if(!$result->fields[0] < 1) // this index will survive a new ddl		$result = $db->Execute($sql_check_expiry);SQL;		AND		lastlogin<$expired;		WHERE	username = '$gUser'		FROM	tbl_users		SELECT	count(*)	$sql_check_expiry =<<<SQL		$expired = time() - $TIMEOUT_IN_SECONDS;			}		die;		lib_login_no_browser_redirect($FAIL_PAGE); 		header("Location: $FAIL_PAGE");	{	if(!lib_login_valid_user())		$db 	 = $gDB;		GLOBAL $gDB;	GLOBAL $gUser;	GLOBAL $TIMEOUT_PAGE;	GLOBAL $TIMEOUT_IN_SECONDS;	GLOBAL $FAIL_PAGE;{function lib_login_protect_page()**---------------------------------------------------------------------*/** polls if user is logged in... on fail force a logout                *** lib_login_protect_page                                              */*---------------------------------------------------------------------*}	return !empty($gUser);	GLOBAL $gUser;{function lib_login_valid_user()ad#u<00><00><00><00><00>nl:'$<00><00>J<00>
<00>
<00>
<00>
<00>
<00>
<00>
s
`
G
B
A


<00><00><00><00>vIB?=-+*<00><00>O<00>
s
=
;
'



<00>	<00>	<00>	<00>	<00>	<00>	Q	>	;	<00><00>a<00><00><00><00><00><00><00>v]XW20<00><00><00><00><00>_XUSCA@<00><00>e<00><00><00><00>tYJ8*(<00><00><00>\?<<00><00><00><00><00>dF
	echo $HEADER_TAG_OPEN . $gString[10] . $HEADER_TAG_CLOSE;	// gStrings[11] = "continue"	// gStrings[10] = "this ip address has been banned!"	// some browsers don't do redirects well. so we give them a message			}		die;		lib_login_no_browser_redirect($FAIL_PAGE);			header("Location: $FAIL_PAGE");	{	if($result->fields[0] != 0)	// if the count is not zero, give the viewer the boot!		$result = $db->Execute("SELECT COUNT(*) FROM tbl_banned WHERE ip='$this_ip'");	// get the count of all the times this ip is in the banned table		$db  = $gDB;	GLOBAL	$gString;	GLOBAL 	$gDB;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL 	$FAIL_PAGE;{function lib_login_protect_page_ip($this_ip)**---------------------------------------------------------------------*/** banned and bounces banned users.                                    *** protects page from banned ips. checks to see which ips are in tbl_  *** lib_login_protect_page_ip                                           */*---------------------------------------------------------------------*}	return $gUser;		}		die;		lib_login_no_browser_redirect($FAIL_PAGE);		header("Location: $FAIL_PAGE");	{	if($result->fields[0]=="")	// so give 'em the boot!	// if no data from the query, there is no user/group combo in tbl_group		$result = $db->Execute($sql_group);SQL;		AND		username='$gUser'		WHERE	gid>='$gid'		FROM	tbl_group		SELECT	*	$sql_group =<<<SQL		}		die;		echo "error on line ".__LINE__.". gid $gid is not an integer.";		@mail($ADMIN_EMAIL, "php_lib_login group protection error", $message); // no fail msg.					"this argument is not an integer an is causing the page not to load";					"lib_login_protect_page_group() and passes the argument $gid ".		$message = "the page ".__FILE__." on line ".__LINE__." uses the call ".	{	if(!is_int($gid))	// gid must be an integer, we should check that!		lib_login_protect_page();	// first we must protect page so only logged-in users can view it		$db  = $gDB;	GLOBAL $gDB;	GLOBAL $ADMIN_EMAIL;	GLOBAL $gUser;	GLOBAL $FAIL_PAGE;{function lib_login_protect_page_heirarchy_group($gid)**---------------------------------------------------------------------*/** id higher than $gid, the viewer is bounced to $FAIL_PAGE.           *** page is not a member of that group or any other group with a group  *** accepts a group id (postive integer). if user viewing protected     *** lib_login_protect_page_heirarchy_group                              */*---------------------------------------------------------------------*}	return $gUser;		}		die;		lib_login_no_browser_redirect($FAIL_PAGE);		header("Location: $FAIL_PAGE");	{	if($result->fields[0]=="")	// so give 'em the boot!	// if no data from the query, there is no user/group combo in tbl_group		$result = $db->Execute($sql_group);SQL;		AND		username='$gUser'		WHERE	gid='$gid'		FROM	tbl_group		SELECT	*	$sql_group =<<<SQL		}		die;		echo "error on line ".__LINE__.". gid $gid is not an integer.";		@mail($ADMIN_EMAIL, "php_lib_login group protection error", $message); // no fail msg.					"this argument is not an integer an is causing the page not to load";					"lib_login_protect_page_group() and passes the argument $gid ".		$message = "the page ".__FILE__." on line ".__LINE__." uses the call ".	{	if(!is_int($gid))	// gid must be an integer, we should check that!		lib_login_protect_page();	// first we must protect page so only logged-in users can view it		$db  = $gDB;	GLOBAL $gDB;	GLOBAL $ADMIN_EMAIL;ad|<00><00><00>z0<00><00>T	<00>
<00>
<00>
<00>
<00>
<00>
x
w
i
h
=
<
!

<00><00><00><00><00><00><00>KG*<00><00><00>{tpNJI865<00>
<00>
X

<00>	{	P	M	8				<00><00><00><00><00><00><00><00>cbG4"<00><00><00><00><00>p`YIH754<00><00>Y<00><00><00>|]?0.<00><00><00><00><00><00><00>wv31!<00><00>C<00><00><00><00>mQ31	$count = lib_login_count_online_users();		GLOBAL 	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL 	$gString;{function lib_login_print_count_online_users()**---------------------------------------------------------------------*/** recent enough to not be timed out... returns in html format         *** counts number of users who are in tbl_users with a lastlogin time   *** lib_login_print_count_online_users                                  */*---------------------------------------------------------------------*}	return $count;		$count	= $result->fields[0]; // this index will survive a new ddl	$result = $db->Execute($sql_count);	SQL;		FROM	tbl_users where lastlogin>$expired;		SELECT	COUNT(*)	$sql_count =<<<SQL	$expired = time() - $TIMEOUT_IN_SECONDS;	$db 	 = $gDB;		GLOBAL 	$gDB;	GLOBAL 	$TIMEOUT_IN_SECONDS;	//GLOBAL	$SUB_HEAD_TAG_CLOSE;	//GLOBAL	$SUB_HEAD_TAG_OPEN;  {function lib_login_count_online_users()**---------------------------------------------------------------------*/** recent enough to not be timed out... returns in html format         *** counts number of users who are in tbl_users with a lastlogin time   *** lib_login_count_online_users                                        */*---------------------------------------------------------------------*}	return $gUser; 		return true; 	else 		return false;	if(!$result-> fields[0] < 1) // this index will survive a new ddl  		$result = $db-> Execute($sql_check_expiry); SQL;		AND lastlogin <$expired		WHERE username = '$gUser' 		FROM tbl_users 		SELECT count(*) 	$sql_check_expiry =<<<SQL	$expired = time() - $TIMEOUT_IN_SECONDS; 		return false;	if(!lib_login_valid_user())	// if you aren't logged in, you're expired!		$db = $gDB; 	GLOBAL $gDB; 	GLOBAL $gUser; 	GLOBAL $TIMEOUT_IN_SECONDS; 	GLOBAL $FAIL_PAGE; { function lib_login_boolean_check_expire() **---------------------------------------------------------------------*/ ** request of john chow.                                               *** have expired and true if the login is still valid. added at the     *** Check to see if the session have expired. returns false if they     *** lib_login_boolean_check_expire                                      * /*---------------------------------------------------------------------* }	return $gUser; 	} 		lib_login_refresh_timestamp(); 	{ 	else 	} 		die; 		lib_login_no_browser_redirect("$TIMEOUT_PAGE?error=timeout"); 		header("Location: $TIMEOUT_PAGE?error=timeout");		session_destroy(); 		// kill from database 		lib_login_nuke_session(); 	{ 	if(!$result-> fields[0] < 1) // this index will survive a new ddl 		$result = $db-> Execute($sql_check_expiry); SQL;		AND lastlogin <$expired		WHERE username = '$gUser' 		FROM tbl_users 		SELECT count(*) 	$sql_check_expiry =<<<SQL	$expired = time() - $TIMEOUT_IN_SECONDS; 	$db = $gDB; 	GLOBAL $gDB; 	GLOBAL $gUser; 	GLOBAL $TIMEOUT_PAGE; 	GLOBAL $TIMEOUT_IN_SECONDS; 	GLOBAL $FAIL_PAGE; { function lib_login_check_expire() **---------------------------------------------------------------------*/ ** added Steen Rab<61>l 08/15/01                                          *** expiry without having to call a page protector.                     * ** Check to see if the session have expired. allows for checking for   *** lib_login_check_expire                                              * /*---------------------------------------------------------------------* }	echo "<br><a href=\"$FAIL_PAGE\">".$gString[11]."</a>";ad#<00><00><00><00><00><00><00>DA<00><00><00><00><00>i <00>
<00>
i
g
R
C
5
3
1


<00><00><00><00><00><00>t^.<00><00><00><00><00>~ieNKI320/<00>
<00>
T

<00>	y	/	<00><00><00><00><00><00><00><00><00><00>m[GB1
<00><00><00><00>@<<00><00><00><00><00>|zdba`<00><00><<00><00><00>mFD(<00><00><00><00><00><00>vdIBA<00><00><00>zQ:75&$#}	return $html;		}		$result->MoveNext();					$SUB_HEAD_TAG_CLOSE . "</a><br>\n";					$result->Fields["username"] .					$SUB_HEAD_TAG_OPEN .					$result->Fields["email"] . "\">" . 		$html .= 	"<a href=\"mailto:" .	{	while(!$result->EOF)		$result = $db->Execute($sql_list);SQL10;		WHERE	lastlogin>$expired		FROM	tbl_users 		SELECT	username, email	$sql_list =<<<SQL10		$expired = time() - $TIMEOUT_IN_SECONDS;	$db = 	$gDB;	GLOBAL 	$gDB;	GLOBAL 	$TIMEOUT_IN_SECONDS;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;{function lib_login_list_online_users()// are logged in or not! ** fixed 06-19-01// this function will return users with a valid lastlogin whether they// oops (06-13-01)**---------------------------------------------------------------------*/** in in <br> delimited html with mailto: tags                         *** returns a list of all non-timed-out users who are currently logged  *** lib_login_list_online_users                                         */*---------------------------------------------------------------------*}	return $option_list;		}		$result->MoveNext();		}						"</option>\n";						$result->fields[0] . " (" . $result->fields[1] . ")";						"\">" .						$result->fields[0] . 		$option_list .= "<option value=\"" .		{		if($result->fields[0] != $UBER_USER) 	// don't list UBER_USER	{											// this index will survive new ddl	while(!$result->EOF)	// retreived.	// cook up a string of <options> with all usernames		$result = $db->execute($sql_group);echo $sql_group;SQL;		ORDER BY	$orderby		FROM		tbl_group		SELECT		username, gid	$sql_group =<<<SQL			$orderby = "username";	if($orderby != "gid")		$db = $gDB;	GLOBAL	$gDB;	GLOBAL	$gString;{function lib_login_get_users_groups_html($orderby)**---------------------------------------------------------------------*/** where 0 is the group id.                                            *** username (0)                                                        *** this list is suitable for using in a <select> tag and has the form: *** returns an option delimited list of usernames with thier group ids. *** lib_login_get_users_groups_html                                     */*---------------------------------------------------------------------*}	return $option_list;		}		$result->MoveNext();		}						"</option>\n";						$result->fields[0] .						"\">" .						$result->fields[0] . 		$option_list .= "<option value=\"" .		{		if($result->fields[0] != $UBER_USER) 	// don't list UBER_USER	{											// this index will survive new ddl	while(!$result->EOF)	// retreived.	// cook up a string of <options> with all usernames		$result = $db->Execute($sql_all_usernames);SQL13;		FROM	tbl_users		SELECT 	username	$sql_all_usernames =<<<SQL13			$db = 	$gDB;	GLOBAL 	$gDB;	GLOBAL	$UBER_USER;	{function lib_login_get_users_html()**---------------------------------------------------------------------*/** handy for building selects                                          *** generates an <option> list of all registered users and returns it   *** lib_login_get_users_html                                            */*---------------------------------------------------------------------*}	echo $SUB_HEAD_TAG_OPEN . $count_sentence . $SUB_HEAD_TAG_CLOSE;				{$count_sentence = $gString[14] . " $count " . $gString[15];}	if($count > 1)		{$count_sentence = $gString[13];}	if($count == 1)		{$count_sentence = $gString[12];}	if($count == 0)	ad<00>$E<00><00>kj!<00><00>n%<00>
<00>
g
9
8
<00><00><00><00><00><00>s[B,<00><00><00><00>N96<00>
<00>
w
h
\
Y
W
$
<00>	<00>	x	a			<00><00>ige<00><00><00><00><00>ZW<00><00>ysKB'$OIF<00><00><00><00><00><00>W<00>|3<00><00>qpA>.<00><00><00><00><00>u\<00>
<00>
<00>
<00>
/*---------------------------------------------------------------------*}	print "<a href=\"$LIB_LOGIN_BASEDIR"."do_logout.php\">$BODY_TAG_OPEN$linktext$BODY_TAG_CLOSE</a>";	GLOBAL	$BODY_TAG_CLOSE;	GLOBAL	$BODY_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL	$LIB_LOGIN_BASEDIR;	if (! $gUser) return;	GLOBAL $gUser;{	function lib_login_show_logout_link($linktext)	{lib_login_show_logout_link("<img src=\"$artpath\" border=\"0\">");}function lib_login_show_logout_link_art($artpath)**---------------------------------------------------------------------*/** lib_login_show_logout_link takes a string arg which is the link text*** the path to the gif, png or jpeg to show as the logout button.      *** shows link to log out. lib_login_show_logout_link_art takes one arg *** lib_login_show_logout_link_art                                      *** lib_login_show_logout_link                                          */*---------------------------------------------------------------------*}	}		echo "<input type=\"image\" src=\"$artpath\" borde*/		$form_target .= "?".SID;	if(SID)		$form_target	= "http://$form_target";	else		$form_target	= "https://$form_target";	if($SECURE_SUBMIT == "TRUE")	$form_target = $HTTP_HOST . $subdir . $LIB_LOGIN_BASEDIR . "confirm_login.php";	if(strlen(dirname($PHP_SELF))>0) $subdir = dirname($PHP_SELF) . "/";/*	// i used to do it this way... what the hell was i thinking?	echo $form_target;		$form_target .= "?".SID;	if(SID)	$form_target	= $FORM_TARGET . "/confirm_login.php";	// cook up the url to submit the form... include the SID for non-cookie users if necessary...				{print $SUB_HEAD_TAG_OPEN . $gString[83] . $SUB_HEAD_TAG_CLOSE;}	if($error=="punished")		{print $SUB_HEAD_TAG_OPEN . $gString[18] . $SUB_HEAD_TAG_CLOSE;}	if($error=="invalid")		{print $SUB_HEAD_TAG_OPEN . $gString[17] . $SUB_HEAD_TAG_CLOSE;}	if($error=="timeout")	// gStrings[83] = "you have exceeded the maximum number of login attempts..."	// gStrings[18] = "invalid username or password"	// gStrings[17] = "session has timed out"	// deals with redirect resulting from login error		}		return 1;		print "<p>";		lib_login_show_logout_link($gString[1]);		print $SUB_HEAD_TAG_OPEN . $gString[16] .  " $username" . $SUB_HEAD_TAG_CLOSE . "<br>";		// gStrings[16] = "logged in as" gStrings[1] = "logout"	{	if($username != "")	$username = lib_login_get_username_by_session();		// display "logged in as $username" and return	// if they are, no need to show the login form so we	// check and see if user is already logged in.		GLOBAL	$gString;	GLOBAL	$FORM_TARGET;	GLOBAL	$BODY_TAG_CLOSE;	GLOBAL	$BODY_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL	$LIB_LOGIN_BASEDIR;{function lib_login_show_login_form_art($error, $artpath)	{lib_login_show_login_form_art($error, "");}function lib_login_show_login_form($error)**---------------------------------------------------------------------*/** the gif, png or jpeg that will be used as the submit button.        *** load that takes a second argument $artpath. $artpath is the path to *** displays the login form. lib_login_show_login_form_art is an over-  *** lib_login_show_login_form_art** lib_login_show_login_form                                           */*---------------------------------------------------------------------*/*============================== ^^^^^^^ ==============================*//*============================== SHOWERS ==============================*/ad<00>
^<00>n%<00><00>jhXA%#<00>
<00>
<00>
<00>
U


<00>}5<00><00>\<00>
<00>
<
<00>	<00>	}	_		<00><00>}{eP6<00><00><00><00><00><00>teWU<00><00><00><00>RQM
<00><00><00>]1
<00><00>rfc%"<00><00><00><00><00>OJ30<00><00><00><00>\!<00>
<00>
<00>
<00>
<00>
		if($artpath == "")		// deal with the art button vs. form button stuff.HTML;				<input type="text" name="reminduser"><p>			$SUB_HEAD_TAG_OPEN $gString[21] $SUB_HEAD_TAG_CLOSE<br>			<form method="POST" action="$right_here?iteration=2">		print <<<HTML		// gStrings[21] = "enter your username"				$right_here = substr($right_here, 0, strpos($right_here, '?'));		// strip GET info off URI	{	if($iteration == "1")	 */	 * Second Iteration ---------------------------------------------	/*		}		print $HEADER_TAG_OPEN . $gString[20] . " " . $iteration . $HEADER_TAG_CLOSE . "<br>";		// gStrings[20] = "password reminder step "	{	else // only print header if we're _not_ showing the link...	}		return 1;				$BODY_TAG_OPEN . $gString[19] . $BODY_TAG_CLOSE ."</a>"; 		print 	"<a href=\"$right_here?iteration=1\">".		// gStrings[19] = "forgot your password?"				$right_here  = $right_here[0];		$right_here	 = explode("?", $right_here);		// so strip off all data after ? in URL (including ?)		// the URI may have GET vars on the URL that will cause probs	{	if($iteration == "")  //show link to reload	 */	 * First Iteration ----------------------------------------------	/*	$right_here .= $REQUEST_URI; // does this work with IIS ????			return 1;	if($QA_SIGNUP == "FALSE")	// should probably not permit the password reminder to run. bail now.	// first, if $QA_SIGNUP is false, there are no questions for users to answer, so we		$db = 	$gDB;	GLOBAL 	$gDB;	GLOBAL	$gString;	GLOBAL	$QA_SIGNUP;	GLOBAL 	$LOG_MESSAGE;	GLOBAL	$BODY_TAG_CLOSE;	GLOBAL	$BODY_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL 	$THIS_SITE;	GLOBAL	$REQUEST_URI;{function lib_login_forgot_password_art($iteration, $reminduser, $answer, $artpath)		{lib_login_forgot_password_art($iteration, $reminduser, $answer, "");}function lib_login_forgot_password($iteration, $reminduser, $answer)// better but still clunky...**--------------------------------------------------------------------*/** or jpeg to be used for the submit buttons.** the art version accepts an extra arg for the path to the gif, png  *** substitutes following forms and data in place.                     *** user's logged email. This call reloads its calling page and        *** answer and if true generates a new password and emails it to the   *** question with a form to poll for answer. third iteration tests the *** poll user for their login name third iteration retreives the       *** "forgot password" href link. second iteration displays form to     * ** page 3 times, incrementing  $iteration. first call shows the       *** answering the question. this function calls it's residing          *** answer during signup, they can get a new password via email by     *** if user's forget their password and have filled in a question/     *** lib_login_forgot_password_art                                      *** lib_login_forgot_password                                          */*--------------------------------------------------------------------*}	return "<a href=\"$LIB_LOGIN_BASEDIR"."do_logout.php\">";		GLOBAL	$LIB_LOGIN_BASEDIR;	if (! $gUser) return;	GLOBAL $gUser;{function lib_login_return_logout_link()**---------------------------------------------------------------------*/** print lib_login_return_logout_link() . "text or art here" . "</a>"; *** function. usage should be something like:                           *** returns the first half of an <a href> tag that links to the logout  *** lib_login_return_logout_link                                        *ad-Y<00><00><00>SP1.,*&<00><00><00><00><00>fcC@$<00>
<00>
<00>
k
T
Q
N
/
<00><00><00><00><00><00><00>}QN6<00><00><00>|_D2$<00>
<00>
<00>
<00>
<00>
<00>
;
4
<00>	<00>	<00>	<00>	<00>	<00>	<00>	}	x	a	^	6	3			<00><00><00><00><00><00>kh&<00><00><00><00><00><00>@<00><00><00><00><00><00>W51<00><00><00><00><00><00>}y?
<00><00><00><00>E<00><00><00><00><00><00><00>jOJF:754<00><00>YX** lib_login_show_create_acct_form_art                                 *** lib_login_show_create_acct_form                                     */*---------------------------------------------------------------------*}	}		return 1;		}			}						$SUB_HEAD_TAG_CLOSE;						$gString[30] .				print 	$SUB_HEAD_TAG_OPEN .			{			else			}									$SUB_HEAD_TAG_CLOSE;						"<p>" . $gString[29] . 				print 	$SUB_HEAD_TAG_OPEN .				lib_login_write_log($LOG_MESSAGE[5], $reminduser);				@mail($user_email, $gString[28], $message); // no fail msg.				$message = $gString[27] . "<p>\n $new_pass";							{			if($result)			// gString[29] = "your new password has been mailed to you"			// gString[28] = "new password for $THIS_SITE"			// gString[27] = "your new password for $THIS_SITE is"						$result = $db->Execute($sql_update_password);			SQL3;				WHERE	username='$reminduser'				SET		password='$md5password'				UPDATE	tbl_users			$sql_update_password =<<<SQL3						$md5password = md5($new_pass);			$new_pass = lib_login_create_random_passwd();		{		else		}			print $gString[26] . "</a><br>";			print "<a href=\"$right_here?iteration=1\">";			print "<br>" . $SUB_HEAD_TAG_OPEN . $gString[25] . $SUB_HEAD_TAG_CLOSE . "<br>";			$right_here = substr($right_here, 0, strpos($right_here, '?'));		{		if($correct_answer != $answer)		// gString[26] = "try again?"		// gString[25] = "wrong answer"				$user_email		= $result->fields[1];	// works in strings		$correct_answer = $result->fields[0];	// easier to remember and				$result = $db->Execute($sql_get_answer_email);SQL2;			WHERE	username='$reminduser'			FROM	tbl_users			SELECT	answer, email		$sql_get_answer_email =<<<SQL2				// Get answer and email at once				$reminduser = urldecode($reminduser);	{	if($iteration == "3")	 */	 * Fourth Iteration ----------------------------------------------	/*			}		return 1;					{echo "<input type=\"image\" src=\"$artpath\" border=\"0\" name=\"submit\"></form>";}		else			{echo "<input type=\"submit\" value=\"submit\" name=\"submit\"></form>";}		if($artpath == "")HTML2;				<input type="text" name="answer"><p>			$SUB_HEAD_TAG_CLOSE<br>			$gString[24]			$SUB_HEAD_TAG_OPEN			$BODY_TAG_CLOSE<p>			$question 			$BODY_TAG_OPEN			$SUB_HEAD_TAG_CLOSE<br>			$gString[23] $reminduser:			$SUB_HEAD_TAG_OPEN			<form method="POST" action="$right_here?iteration=3&reminduser=$url_reminduser">		print <<<HTML2		// gString[24] = "answer"		// gString[23] = "question for "		// Poll for an answer				$url_reminduser = urlencode($reminduser);				}			return 1;					$BODY_TAG_CLOSE;					$gString[22] . 		{	print 	$BODY_TAG_OPEN . 		if($question == "")		// gStrings[22] = "you did not supply a question when you..."		// No question entered, bail														// WARNING!!		$question = $result->fields[3]; // this index will NOT survive new ddl		$result = $db->Execute($sql_get_question);SQL;			WHERE	username='$reminduser'			FROM	tbl_users			SELECT	*		$sql_get_question =<<<SQL				// Retreive question for user				$right_here = substr($right_here, 0, strpos($right_here, '?'));		// Strip GET info off URI	{	if($iteration == "2")	 */	 * Third Iteration ----------------------------------------------	/*			}		return 1; // arbitrary value					{echo "<input type=\"image\" src=\"$artpath\" border=\"0\" name=\"submit\"></form>";}		else			{echo "<input type=\"submit\" value=\"submit\" name=\"submit\"></form>";}ad<00>
h<00>n$<00><00><00>~|`L2<00>
<00>
<00>
<00>
<00>
<00>
<00>
h
f
1

<00><00><00>c`B?<00><00><00><00><00>jM0<00>
<00>
<00>
x
h
;


<00>	<00>	o	5		<00><00><00><00>V%<00><00><00>_$<00><00><00><00><00><00><00><00>0-" <00><00>D<00><00>i <00><00>IG<00><00><00><00><00><00>qT<#<00>
<00>
<00>
<00>
	// deal with error or success message from redirect		GLOBAL	$gString;	GLOBAL	$QA_SIGNUP;	GLOBAL	$BODY_TAG_CLOSE;	GLOBAL	$BODY_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL	$UBER_USER;	GLOBAL	$LIB_LOGIN_BASEDIR;{function lib_login_show_create_account_mailback_form_art($error, $email, $artpath)		{lib_login_show_create_account_mailback_form_art($error, $email, "");}function lib_login_show_create_account_mailback_form($error, $email)**---------------------------------------------------------------------*/** button.                                                             *** that is the path to the gif, png or jpeg to be used for the submit  *** user-submitted email address. the art version accepts an extra arg  *** show the form that creates an account and mails the password to the *** lib_login_show_create_account_mailback_form_art                     *** lib_login_show_create_account_mailback_form                         */*---------------------------------------------------------------------*}	return 1;				{echo "<input type=\"image\" src=\"$artpath\" border=\"0\" name=\"submit\"></form>";}	else		{echo "<input type=\"submit\" value=\"submit\" name=\"submit\"></form>";}	if($artpath == "")		}HTML3;				<input type="text" name="answer"><p>			$SUB_HEAD_TAG_OPEN $gString[24]:$SUB_HEAD_TAG_CLOSE<br>				<input type="text" name="question"><p>			$SUB_HEAD_TAG_OPEN $gString[35]:$SUB_HEAD_TAG_CLOSE<br>			$BODY_TAG_OPEN $gString[34] $BODY_TAG_CLOSE<p>		print <<<HTML3	{	if($QA_SIGNUP == "TRUE")	// the new user to enter a question and answer.	// if $QA_SIGNUP is set to true then we want to show fields for 	HTML2;			<input type="text" name="email"><p>		$SUB_HEAD_TAG_OPEN $gString[33]:$SUB_HEAD_TAG_CLOSE<br>			<input type="password" name="passwordagain"><p>		$SUB_HEAD_TAG_OPEN $gString[32]:$SUB_HEAD_TAG_CLOSE<br>			<input type="password" name="password"><p>		$SUB_HEAD_TAG_OPEN $gString[3]: $SUB_HEAD_TAG_CLOSE<br>			<input type="text" name="username"><p>		$SUB_HEAD_TAG_OPEN $gString[2]: $SUB_HEAD_TAG_CLOSE<br>		<form method="POST" action="$form_target">	print <<<HTML2	// gStrings[35] = "question"	// gStrings[24] = "answer"	// gStrings[34] = explanation of mailback password resetting	// gStrings[33] = "email"	// gStrings[32] = "repeat password"	// gStrings[3] = "password"	// gStrings[2] = "username"	//print the form...	$form_target = $LIB_LOGIN_BASEDIR . "do_create_login.php";		}				$SUB_HEAD_TAG_CLOSE;				$gString[78] . 		print 	$SUB_HEAD_TAG_OPEN . 		// gStrings[78] = "the account has been created"	{	else if($error == "success")	}				$SUB_HEAD_TAG_OPEN . $error  . $SUB_HEAD_TAG_CLOSE;		print 	$SUB_HEAD_TAG_OPEN . $gString[31] . "<p>" . $SUB_HEAD_TAG_CLOSE .	{	if(($error != "") && ($error != "success"))	// gStrings[31] = "error"	// deal with error or success message from redirect		$error = urldecode($error);		GLOBAL	$gString;	GLOBAL	$QA_SIGNUP;	GLOBAL	$BODY_TAG_CLOSE;	GLOBAL	$BODY_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL	$UBER_USER;	GLOBAL	$LIB_LOGIN_BASEDIR;{function lib_login_show_create_acct_form_art($error, $artpath)		{lib_login_show_create_acct_form_art($error, "");}function lib_login_show_create_acct_form($error)**---------------------------------------------------------------------*/** as the path to the gif, png or jpeg to be used for the submit button*** shows form to create user account. art version accepts extra arg    *ad'<00>
e<00><00>z<00><00><00>`P#<00>
<00>
<00>
R
+
$
#
<00><00><00><00>h.<00><00><00><00><00><00><00>{/)<00>
<00>
<00>
<00>
<
<00>	<00>	a		<00><00>ig(&
<00><00><00><00><00>kXFD
<00><00><00>yYDA"<00><00><00><00><00><00>Q5<00><00><00>wG
<00><00><00><00>oi<00><00><00><00><00>a<00>
<00>
** shows a form that allows the uberuser to change the password of an  *** lib_login_show_uber_change_passwd_form_art                          *** lib_login_show_uber_change_passwd_form                              */*---------------------------------------------------------------------*}	return 1; //arbitrary				{echo "<input type=\"image\" src=\"$artpath\" border=\"0\" name=\"submit\"></form>";}	else		{echo "<input type=\"submit\" value=\"submit\" name=\"submit\"></form>";}	if($artpath == "")	HTML3;		<input type="password" name="newpasswordagain"><p>		$SUB_HEAD_TAG_OPEN $gString[39] $SUB_HEAD_TAG_CLOSE<br>		<input type="password" name="newpassword"><p>		$SUB_HEAD_TAG_OPEN $gString[38] $SUB_HEAD_TAG_CLOSE<br>		<form method="POST" action="$form_target">	print <<<HTML3	// $gString[39] = "repeat password"	// $gString[38] = "new password"	// display the form itself	$form_target = $LIB_LOGIN_BASEDIR . "update_password.php";		}				$BODY_TAG_CLOSE;				"$gString[37]<p>" .				$BODY_TAG_OPEN . 		print 	$HEADER_TAG_OPEN . "<br>$gString[36].<br>" . $HEADER_TAG_CLOSE .	{	else if ($error == "success")	}				$BODY_TAG_CLOSE;				urldecode($error) . "<p>" .				$BODY_TAG_OPEN . 		print 	$HEADER_TAG_OPEN . "<br>$gString[31].<br>" . $HEADER_TAG_CLOSE . 	{	if(($error != "") && ($error != "success"))	// redirect.	// deal with error or success message from		GLOBAL	$gString;	GLOBAL	$LANGUAGE;	GLOBAL	$BODY_TAG_CLOSE;	GLOBAL	$BODY_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL	$LIB_LOGIN_BASEDIR;{function lib_login_show_update_pass_form_art($error, $artpath)		{lib_login_show_update_pass_form_art($error, "");}function lib_login_show_update_pass_form($error)**---------------------------------------------------------------------*/** button.                                                             *** arg which is the path to the gif, png or jpeg to use for the submit *** shows form users uses to change password, art version accepts extra *** lib_login_show_update_pass_form_art                                 *** lib_login_show_update_pass_form                                     */*---------------------------------------------------------------------*}		{echo "<input type=\"image\" src=\"$artpath\" border=\"0\" name=\"submit\"></form>";}	else		{echo "<input type=\"submit\" value=\"submit\" name=\"submit\"></form>";}	if($artpath == "")				}HTML4;				<input type="text" name="answer"><p>			$SUB_HEAD_TAG_OPEN $gString[24]:$SUB_HEAD_TAG_CLOSE<br>				<input type="text" name="question"><p>			$SUB_HEAD_TAG_OPEN $gString[35]$SUB_HEAD_TAG_CLOSE<br>			$BODY_TAG_OPEN $gString[34]: $BODY_TAG_CLOSE <p>		print <<<HTML4	{	if($QA_SIGNUP == "TRUE")	// if $QA_SIGNUP is set to true then we want to show the fields for question and answerHTML3;			<input type="text" name="email"><p>		$SUB_HEAD_TAG_OPEN $gString[33]:$SUB_HEAD_TAG_CLOSE<br>			<input type="text" name="username"><p>		$SUB_HEAD_TAG_OPEN $gString[2]:$SUB_HEAD_TAG_CLOSE<br>		<input type="hidden" name="cache" value="random">		<form method="POST" action="$form_target">	print <<<HTML3	$form_target = $LIB_LOGIN_BASEDIR . "do_create_login.php";			{print $HEADER_TAG_OPEN . $gString[29] . "$HEADER_TAG_CLOSE \n";}	else if($error == "success")		{print $HEADER_TAG_OPEN . $gString[31] . $HEADER_TAG_CLOSE . $SUB_HEAD_TAG_OPEN . $error . $SUB_HEAD_TAG_CLOSE . "\n";}	if(($error != "") && ($error != "success"))	// gStrings[29] = "your new password has been mailed to you"	// gStrings[31] = "error"ad<00>
r<00>nK
<00><00><00>GE)<00>
<00>
<00>
<00>
<00>
x
v
J
H


<00><00><00>VKH*'<00><00>f[XV<00>
<00>

s
c
W
P
#





<00>	<00>	W	U	T		<00>y0<00><00>T#<00><00><00><00><00>v[?"
<00><00><00><00><00><00>uIF<00><00><00><00><00>b <00><00><00><00><00>vf9<00><00><00><00><00><00><00><00>KE<00>
<00>
<00>
<00>
<00>
}			{echo "<input type=\"image\" src=\"$artpath\" border=\"0\" name=\"submit\"></form>";}	else		{echo "<input type=\"submit\" value=\"submit\" name=\"submit\"></form>";}	if($artpath == "")	HTML4;		<p>		</select>			$option_list			<option>		<select name="delusername">		$SUB_HEAD_TAG_OPEN $gString[41]:$SUB_HEAD_TAG_CLOSE<p>		<form method="POST" action="$form_target">	print <<<HTML4	// $gString[41] = "delete user:"	$form_target = $LIB_LOGIN_BASEDIR . "delete_user.php";		}				"<p>";				$SUB_HEAD_TAG_OPEN . "$gString[36]" . $SUB_HEAD_TAG_CLOSE .		print 	$HEADER_TAG_OPEN . "$gString[36]." . $HEADER_TAG_CLOSE .		// gStrings[40] = "the user has been deleted"	{	else if($error == "success")	}				"<p>";				$SUB_HEAD_TAG_OPEN . urldecode($error) . $SUB_HEAD_TAG_CLOSE .		print 	$HEADER_TAG_OPEN . "$gString[31]." . $HEADER_TAG_CLOSE .	{	if(($error != "") && ($error !="success"))	// redirect.	// deal with error or success message from		$option_list = lib_login_get_users_html();		GLOBAL	$gString;	GLOBAL	$BODY_TAG_CLOSE;	GLOBAL	$BODY_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL	$LIB_LOGIN_BASEDIR;{function lib_login_show_delete_user_form_art($error, $artpath)		{lib_login_show_delete_user_form_art($error, "");}function lib_login_show_delete_user_form($error)**---------------------------------------------------------------------*/** button                                                              *** which is the path to the gif, png, jpeg to be used for the submit   *** shows form to delete user account. art version takes an extra arg   *** lib_login_show_delete_user_form_art                                 *** lib_login_show_delete_user_form                                     */*---------------------------------------------------------------------*}		{echo "<input type=\"image\" src=\"$artpath\" border=\"0\" name=\"submit\"></form>";}	else		{echo "<input type=\"submit\" value=\"submit\" name=\"submit\"></form>";}	if($artpath == "")HTML4;		<p>		<input type="password" name="newpassword">		<br>		</select>			$option_list			<option>		<select name="username">		$SUB_HEAD_TAG_OPEN change password:$SUB_HEAD_TAG_CLOSE<p>		<form method="POST" action="$form_target">	print <<<HTML4		$form_target = $LIB_LOGIN_BASEDIR . "uber_change_password.php";		}				"<p>";				$SUB_HEAD_TAG_OPEN . "the password has been updated" . $SUB_HEAD_TAG_CLOSE .		print 	$HEADER_TAG_OPEN . "success<br>" . $HEADER_TAG_CLOSE .		// gStrings[40] = "the user has been deleted"	{	else if($error == "success")	}				"<p>";				$SUB_HEAD_TAG_OPEN . urldecode($error) . $SUB_HEAD_TAG_CLOSE .		print 	$HEADER_TAG_OPEN . "$gString[31].<br>" . $HEADER_TAG_CLOSE .	{	if(($error != "") && ($error !="success"))	// redirect.	// deal with error or success message from		$option_list = lib_login_get_users_html();		GLOBAL	$gString;	GLOBAL	$BODY_TAG_CLOSE;	GLOBAL	$BODY_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL	$LIB_LOGIN_BASEDIR;{function lib_login_show_uber_change_passwd_form_art($error, $artpath)	{lib_login_show_uber_change_passwd_form_art($error, "");}function lib_login_show_uber_change_passwd_form($error)**---------------------------------------------------------------------*/** to be used as the submit button** for the uber user. art version takes a path to the gif, jpg or png  *** user. form points to uber_change_password.php which is protected    *adn
<00>
<00>n%<00><00>omYI;<00>
<00>
<00>
<00>
<00>
<00>
<00>
f
L
3
1
<00><00><00><00><00>pa4<00><00><00>H<<00>
<00>
<00>
t
l
<
	

<00>	<00>	<00>	<00>	<00>	w	q	p	n	m	$	<00><00>I<00>ljZL8"<00><00><00><00><00>y_]<00><00><00><00>^A<00><00><00><00><00><00><00>ZDC<00><00><00><00>m&<00><00><00>-<00>
	$yesterday_mn_timestamp = mktime(0, 0, 0, $today_array['mon'], ($today_array['mday']-1), $today_array['year']);	$today_mn_timestamp = mktime(0, 0, 0, $today_array['mon'], $today_array['mday'], $today_array['year']);	 */	 *										variable $daterange passed by the form	 *		$startday_mn_timestamp		-> a timestamp for x days ago at midnight where x is the 	 *		$yesterday_mn_timestamp		-> a timestamp for yesterday at midnight	 *		$today_mn_timestamp			-> a timestamp for today at midnight	/* these are the timestamps we need.	$today_array = getdate($rightnow);	// this is an array of units (ie month, day, year, hour...) for right now	$rightnow = time(); 	// this is the latest timestamp we will retreive logs for		}		echo "<b>$gString[46]</b>$gString[47]<p>";		$viewdates = "today";	{	if(!isset($viewdates))	// $gString[47] = "no days selected for viewing, defaulting to today"	// $gString[46] = "warning"	// if the user doesn't select a date range to view we set to "today"			lib_login_add_banned_ip($bannedip);	if($bannedip != "")	// lets call lib_login_add_banned_ip to ban the ip	// when user clicks on ban button, ip to ban is passed here on reload.			$orderby = "timestamp";	if(!isset($orderby))	// must order the log by something, timestamp by default		$db = $gDB;	GLOBAL	$DATABASE_SOFTWARE;	GLOBAL	$SUCCESS_UBER_PAGE;	GLOBAL	$gString;	GLOBAL	$REQUEST_URI;	GLOBAL	$HTTP_HOST;	GLOBAL	$gDB;	GLOBAL	$gUser;{function lib_login_show_logs($viewdates, $daterange, $orderby, $bannedip)**---------------------------------------------------------------------*/** the field $orderby.                                                 *** viewdates (either "today", "yesterday" or x days ago), ordered by   *** displays in html format the logs for the dates specified in         *** lib_login_show_logs                                                 */*---------------------------------------------------------------------*}FORM;		</form>		</table>		</tr>			<td colspan="2" align="right"><input type="submit" name="submit" value="submit"></td>		<tr>		</tr><tr>			</td>				<input type="text" size="3" name="daterange"> 				$BODY_TAG_OPEN $gString[45] $BODY_TAG_CLOSE			<td>			<td><input type="radio" name="viewdates" value="range"></td>		</tr><tr>			<td>$BODY_TAG_OPEN $gString[44] $BODY_TAG_CLOSE</td>			<td><input type="radio" name="viewdates" value="yesterday"></td>		</tr><tr>			<td>$BODY_TAG_OPEN $gString[43] $BODY_TAG_CLOSE</td>			<td><input type="radio" name="viewdates" value="today"></td>		</tr><tr>			<td colspan="2">$SUB_HEAD_TAG_OPEN $gString[42] $SUB_HEAD_TAG_CLOSE</td>		<tr>		<table border="0">		<form method="POST" action="$form_target">	print <<<FORM	// $gString[45] = "last"	// $gString[44] = "yesterday"	// $gString[43] = "today"	// $gString[42] = "show logs for:"	// print the form	$form_target = $LIB_LOGIN_BASEDIR . "show_logs.php";			return 0; // arbitrary	if($gUser != $UBER_USER)	// bail if not uber user	$db = 	$gDB;	GLOBAL	$LIB_LOGIN_BASEDIR;	GLOBAL	$gString;		GLOBAL	$SECURE_SUBMIT;	GLOBAL	$HTTP_HOST;	GLOBAL	$BODY_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$gDB;	GLOBAL	$gUser;	GLOBAL	$UBER_USER;{function lib_login_show_log_form()**---------------------------------------------------------------------*/** this function is by default protected for the uberuser.             *** shows the form that the uber user uses to display the log info.     *** lib_login_show_log_form                                             */*---------------------------------------------------------------------*adK<00><00><00><00>z_\D8(<00><00><00><00><00>ZW8,<00>
<00>
<00>
<00>
<00>
<00>
<00>
[
P
.
#
 



<00><00>bC@'<00><00><00><00>
<00>
<00>
<00>
<00>
<00>
<00>

s
c
B

<00>	<00>	<00>	<00>	<00>	x	m	j	h	A	?	<00><00>o21<00><00><00><00>O0<00><00><00><00><00>|b<00><00><00><00>ul_E<00><00><00><00><00>hVM@&<00><00><00><00><00><00><00><00>qnOK4$ <00><00><00><00><00><00><00>njKJ		if($result->fields[3] == "")						$username = $result->fields[2];		else			$username = "not logged";		if($result->fields[2] == "")					}			$ipban = "bannedip=$ip";			$ip = $result->fields[1];		{		else		}			$ipban = "";			$ip = "not logged";		{		if($result->fields[1] == "")				$the_date = date("M d Y H:i:s", $result->fields[0]);	{	while(!$result->EOF)	// loop through all our data and format it	HTML;		</tr>			</b></td>				</a>					$gString[52]			<td align="center"><b>			</b></td>				</a>					$gString[51]				<a href="$url?orderby=action&viewdates=$viewdates&daterange=$daterange">			<td align="center"><b>			</b></td>				</a>					$gString[2]				<a href="$url?orderby=username&viewdates=$viewdates&daterange=$daterange">			<td align="center"><b>			</b></td>				</a>					$gString[50]				<a href="$url?orderby=ip&viewdates=$viewdates&daterange=$daterange">			<td align="center"><b>			</b></td>				</a>					$gString[49]				<a href="$url?orderby=timestamp&viewdates=$viewdates&daterange=$daterange">			<td align="center"><b>		<tr>		<table  align="left" border="2">	print <<<HTML	// $gString[52] = "ban this ip"	// $gString[51] = "message"	// $gString[2] = "username"	// $gString[50] = "ip address"	// $gString[49] = "timestamp"	// print out the header with links on each column name to re-order the data by that column			$url = substr($url, 0, strpos($url, '?'));	if(strpos($url, '?') > 0)	// Strip GET info off $url to avoid annoying double ? urls	$url = sprintf("%s%s%s","http://",$HTTP_HOST,$REQUEST_URI);	// by clicking on the column name they want to reorder by	// $orderby on the GET line... this is done so users can reorder the listing	// we need the url of the viewing page so we can call it with the new		$result = $db->Execute($get_log_sql);		}		"</h3>";		date("M d Y H:i:s",$rightnow) .		" to " .		date("M d Y H:i:s",$startday_mn_timestamp) .	echo "<h3>log of activity from " .SQL3;			ORDER BY '$orderby'			AND		timestamp > '$startday_mn_timestamp'			WHERE	timestamp < '$rightnow'			FROM	tbl_log			SELECT *			$get_log_sql =<<<SQL3	{	if($viewdates == "range")	// range: select everything from midnight x days ago and right now.	}		"</h3>";		date("M d Y H:i:s",$today_mn_timestamp) .		" to " .		date("M d Y H:i:s",$yesterday_mn_timestamp) .	echo "<h3>log of activity from " .SQL2;			ORDER BY '$orderby'			AND		timestamp > '$yesterday_mn_timestamp'			WHERE	timestamp < '$today_mn_timestamp'			FROM	tbl_log			SELECT *			$get_log_sql =<<<SQL2	{	if($viewdates == "yesterday")	// yesterday: select everything from midnight yesterday and midnight today	echo "<br><center><a href=\"$SUCCESS_UBER_PAGE\">$gString[48]</a></center><br>";	// $gString[48] = "go back"		}		"</h3>";		date("M d Y H:i:s",$rightnow) .		" to " .		date("M d Y H:i:s",$today_mn_timestamp) .	echo "<h3>log of activity from " .	}SQLpostgres;			ORDER BY $orderby			AND		timestamp > '$today_mn_timestamp'			WHERE	timestamp < '$rightnow'			FROM	tbl_log			SELECT *		$get_log_sql =<<<SQLpostgres	{	if($DATABASE_SOFTWARE == "postgres")// workaround for postgres bug -- fixed by jason hair 11-20-01SQL1;			ORDER BY '$orderby'			AND		timestamp > '$today_mn_timestamp'			WHERE	timestamp < '$rightnow'			FROM	tbl_log			SELECT *		$get_log_sql =<<<SQL1	{	if($viewdates == "today")	// today: select all data from midnight today and right now	$startday_mn_timestamp = $today_mn_timestamp - (86400 * $daterange); ad#<00><00><00><00><00><00>g/<00><00><00>7<00>
<00>
<00>
<00>
<00>
<00>
<00>
<00>
{
2
<00><00>sqaS7<00><00><00><00><00>v+)<00>
<00>
<00>
<00>
<00>
<00>
<00>
q
Z
H
B
A
@

<00>	<00>	<00>	h	%	<00><00><00><00><00><00>r]X?;8
<00><00>|cPMK<00><00><00><00>romM-
<00><00><00><00>|tP;(<00><00><00><00>g^V3<00><00><00><00><00>h_	<00><00><00><00><00><00>ydM;#"				$SUB_HEAD_TAG_CLOSE					$gString[58]				$SUB_HEAD_TAG_OPEN				<td colspan="2">			<tr>			</tr>				</td>					</select>						$banned_opts					<select name=bannedips[] multiple size=9>				<td align="right" valign="top">				</td>					<input type="submit" value="&lt;&lt; $gString[57]" name="submitunban">					<p>					<input type="submit" value="$gString[56] &gt;&gt;" name="submitban">				<td align="center">				</td>					<br>					</select>						$unbanned_opts					<select name=unbannedips[] multiple size=9>				<td align="left" valign="top">			<tr>			</tr>				<td>$SUB_HEAD_TAG_OPEN $gString[55] $SUB_HEAD_TAG_CLOSE</td>				<td></td>				<td>$SUB_HEAD_TAG_OPEN $gString[54] $SUB_HEAD_TAG_CLOSE</td>			<tr>			</tr>				</td>				$HEADER_TAG_CLOSE					$gString[53]:				$HEADER_TAG_OPEN				<td colspan="3" align="center">			<tr>		<table>	<form action="php_lib_login_includes/do_ip_ban.php" method="POST">	print <<<FORM	// $gString[55] = "unban"	// $gString[55] = "ban"	// $gString[55] = "banned ips"	// $gString[54] = "logged ips"	// $gString[53] = "ip banning"		}		$result2->MoveNext();							$result2->fields[0] . "</option>";		$banned_opts .= 	"<option value=\"".$result2->fields[0]."\">" .	{	while(!$result2->EOF)	// cook up a list of ips that are banned. in option tags.		}		$removeflag = 0;		$result2->MoveFirst();		$result->MoveNext();								$result->fields[0] . "</option>";			$unbanned_opts .= 	"<option value=\"".$result->fields[0]."\">" .		if(($removeflag == 0) && ($result->fields[0] != ""))				}			$result2->MoveNext();								$removeflag = 1;			if($result2->fields[0] == $result->fields[0])		{		while(!$result2->EOF)		// remove ips that are in banned	{	while(!$result->EOF)	// is important for database neutrality.	// way to do this but it allows for the most neutral sql... which	// banned and put them in <option> tags. this is not the easiest	// cook up the list of ips that are in the log and are not already		$result2 = $db->Execute($sql_banned);	$result  = $db->Execute($sql_unbanned);SQL2;		FROM	tbl_banned		SELECT 	distinct(ip)	$sql_banned =<<<SQL2	// get list of all banned ips in option tagsSQL;		FROM	tbl_log		SELECT	distinct(ip)	$sql_unbanned =<<<SQL	// get a list of all unbanned ips in option tags			echo $SUB_HEAD_TAG_OPEN . urldecode($error) . $HEADER_TAG_CLOSE. "<br>";	if(isset($error))	// we may have an error message.. we should display that:		$db = $gDB;	GLOBAL	$gString;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$gDB;	GLOBAL	$gUser;{function lib_login_show_ip_ban_form($error)**---------------------------------------------------------------------*/** shows the form used to ban and unban ips                            *** lib_login_show_ip_ban_form                                          */*---------------------------------------------------------------------*}		echo "</table>"; // close our table.		}		$result->MoveNext();		print "</tr>\n";		"ban</a></b></td>\n";		"<a href=\"$url?$ipban&orderby=action&viewdates=$viewdates&daterange=$daterange\">" . 		print "<td align=\"left\"><b>" . 		print "<td align=\"left\"><b>" . $message . "</b></td>\n";		print "<td align=\"left\"><b>" . $username . "</b></td>\n";		print "<td align=\"left\"><b>" . $ip . "</b></td>\n";		print "<td align=\"left\"><b>" . $the_date . "</b></td>\n";		print "<tr>\n";						$message = $result->fields[3];		else			$message = "not logged";ad t<00><00><00><00><00><00><00><00>{yx/<00><00>T
<00>
<00>
<00>
<00>
<00>
<00>
<00>
2
0
<00><00><00><00>j["<00><00><00><00><00>O<00>
<00>
<00>
<00>
<00>
<00>
<00>
<00>
x
.
-
<00>	<00>	R			<00>w-<00><00><00><00><00><00><00><00>Y9<00><00><00>{8<00><00><00><00><00><00><00>ro`@=;<00><00><00><00><00><00><00><00>/-<00><00><00><00><00><00><00>g1/<00><00><00>HF	// do our ban/unban. we have received two submit buttons and two			$db->Execute("INSERT INTO tbl_banned (ip) VALUES ('".$ip_to_ban."')");	if(isset($submitban) && isset($ip_to_ban))	// and there is an ip_to_ban we insert it.	// first we insert the ip entered manually. if the ban button is hit			$goback = substr($goback, 0, strpos($goback, '?'));	if(strpos($goback, '?')>0)	$goback = GetReferer();	// build our return url		$db = $gDB;	GLOBAL	$gString;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$gDB;	GLOBAL	$gUser;{function lib_login_do_ip_ban($submitban, $submitunban, $unbannedips, $bannedips, $ip_to_ban)}			return $gString[31].$usererrors;	else		return "success";	if(count($usererrors)==0)	// return either success or the "error" plus the list of usernames that errored.		}			$usererrors.= " ".$thisuser;		if(!$result)				$result = $db->execute($sql_group);SQL;			WHERE	username='$thisuser'			SET		gid='$gid'			UPDATE	tbl_group		$sql_group =<<<SQL				$thisuser = $users[$i];	{	for($i=0;$i<count($users);$i++)	// add that username to the $usererrors array for error reporting	// build an update sql and execute it. if an error ocurrs then	// loop through each of the usernames in the $users array				return $gString[86];		if(strpos("0123456789", $gid[$i])=="")	for($i=0;$i<strlen($gid);$i++)	// $gString[86] = "gid must be an integer"	// gid must be an int so return an error if it isn't		$db = $gDB;	GLOBAL	$gString;	GLOBAL	$gDB;	GLOBAL	$gUser;{function lib_login_do_group_change($users, $gid)**---------------------------------------------------------------------*/** do_update_group.php                                                 *** names have the gid of $gid. this function should be only called by  *** integer. updates tbl_group so that all users in the array of user-  *** accepts an array of usernames and a group id which is a positive    *** lib_login_do_group_change                                           */*---------------------------------------------------------------------*/*======================== ^^^^^^^^^^^^^^^^^^^^ =======================*//*======================== INTERNAL-FUNCTIONALS =======================*/}FORM;	<br>	</form>		<input name="submit" value="sumit" type="submit">		<input type="text" name="newgid" value="0" size="3"><br><br>		$BODY_TAG_OPEN <b> $gString[85] </b> $BODY_TAG_CLOSE		<br><br>		</select>		$option_list		<select name=usernames[] multiple size=9>	<form method="POST" action="php_lib_login_includes/do_update_group.php">	$SUB_HEAD_TAG_OPEN $gString[84] $SUB_HEAD_TAG_CLOSE <p>	print <<<FORM	// $gString[85] = "new group id"	// $gString[84] = "group management"		$option_list = lib_login_get_users_groups_html("gid");	// get an <option> delimited list of all users and their group id			echo $SUB_HEAD_TAG_OPEN . urldecode($giderror) . $SUB_HEAD_TAG_CLOSE . "<p>";		GLOBAL	$gString;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;{function lib_login_show_group_management_form($giderror)**---------------------------------------------------------------------*/** given user or users                                                 *** displays the form used by the admin to change the group ids for any *** lib_login_show_group_management_form                                */*---------------------------------------------------------------------*}FORM;	</form>		</table>			</tr>				</td>				<td>				</td>				<input type="text" name="ip_to_ban" value="" size="15">				<br>ad1)y<00>y;<00><00><00>\Z'<00>
<00>
<00>
<00>
z
U
S

<00><00><00><00><00>?<00><00>}m\ZY<00>
~
5
<00>	<00>	<00>	<00>	t	c	U	S	A	4	#					<00><00><00><00><00><00><00><00>E<00><00>iHF7&<00><00><00><00>pWB9(	<00><00><00><00><00><00><00><00>[YL=7'%$<00><00>I<00><00><00><00><00><00><00><00><00>m?=<00><00><00><00><00><00>usr)(/*---------------------------------------------------------------------*}	$gUser = $username;	$_SESSION['gUser'] = $username;	$db->Execute($sql_update_session);SQL2;		WHERE	username='$username'		UPDATE tbl_users set lastlogin=$timestamp	$sql_update_session =<<<SQL2		$expired = $timestamp - $TIMEOUT_IN_SECONDS;	$timestamp = time();			$db = 	$gDB;	GLOBAL 	$gUser;	GLOBAL 	$gDB;	GLOBAL 	$TIMEOUT_IN_SECONDS;{function lib_login_log_session($username)**---------------------------------------------------------------------*/** updates lastlogin so that user is now considered logged in          *** lib_login_log_session                                               */*---------------------------------------------------------------------*}		return false;	else		return true;	if($result)		$result =	$db->execute($sql_insert);				$db->execute($sql_delete);SQL2;		VALUES	('$gUser', '$gid')				(username, gid)		INTO	tbl_group		INSERT	$sql_insert =<<<SQL2	SQL;		WHERE	username='$gUser'		FROM	tbl_group		DELETE	$sql_delete =<<<SQL	// delete then insert.		// rather than messing with deciding to insert or update, we'll just			return 0;	if($gid==0)	// zero is default gid, so no sense running the setter if $gid is 0		$db = 	$gDB;	GLOBAL 	$gUser;	GLOBAL 	$gDB;{function lib_login_set_gid($gid)**---------------------------------------------------------------------*/** sets the gid of the current user to $gid                            *** lib_login_set_gid                                                   */*---------------------------------------------------------------------*}		return $result->fields[0];	else		return 0;	if($result->fields[0] == "")		$result = $db->Execute($sql_gid);SQL;		WHERE	username='$gUser'		FROM	tbl_group		SELECT	gid	$sql_gid =<<<SQL		$db = 	$gDB;	GLOBAL 	$gUser;	GLOBAL 	$gDB;{function lib_login_get_gid()**---------------------------------------------------------------------*/** of zero.                                                            *** current user is not in tbl_group then s/he automatically has a gid  *** returns the group id number of the current viewing user. if the     *** lib_login_get_gid                                                   */*---------------------------------------------------------------------*}		return $gUser;	GLOBAL $gUser;{function lib_login_get_username_by_session()**---------------------------------------------------------------------*/** returns the gUser var... a global of username if user logged in     *** lib_login_get_username_by_session                                   */*---------------------------------------------------------------------*}	lib_login_no_browser_redirect($goback);	header("Location: $goback"); 	// go back to the page that called show_ip_ban_form()		// $gString[59] = "no ips selected"		urlencode($gString[59]);		$goback = $goback . "?error=" . 	else				$db->Execute("DELETE FROM tbl_banned WHERE ip='".$ip."';");				while(list(,$ip) = each($bannedips))	else if(isset($submitunban) && isset($bannedips))				$db->Execute("INSERT INTO tbl_banned (ip) VALUES ('".$ip."')");		while(list(,$ip) = each($unbannedips))	if(isset($submitban) && isset($unbannedips))	// neither are set, modify goback to have an error on the get line.	// is set run a set of deletes from the bannedips array. if 	// set of inserts from the unbannedips array. if the unban button	// arrays from multiple selects. if the banned button is set run aad<00>
y<00>n%<00><00>v,<00>
<00>
<00>
<00>
<00>
<00>
<00>
<00>
m
S
N
M
&
$
#
<00><00>H<00><00>qoS9
<00>
<00>
<00>
<00>
j
Z
K
9
+
)


<00>	<00>	<00>	<00>	<00>	f	?	<		<00><00><00><00><00>vGD<00><00><00><00><00>x\Y1<00><00><00><00><00><00><00>nTNM!<00><00><00><00><00>d*# <00><00><00>WPMKJ
<00>o&	<00>}]=;<00>
<00>
		$password = md5($password); //store encrypted passwords only		$password = trim("$password");	$username = trim("$username");{function lib_login_boolean_check_valid_lp($username, $password)**---------------------------------------------------------------------*/** the request of john chow.** table of users. returns true if it is, false if it is not. added at *** accepts a username/password combo and checks to see if it is in the *** lib_login_boolean_check_valid_lp                                    */*---------------------------------------------------------------------*}	}		die;		lib_login_no_browser_redirect("$goback?error=".urlencode($gString[63]));				urlencode($gString[63]));		header ("Location: $goback?error=" . 		// $gString[63] = "failed updating password"	{	else	}		die;		lib_login_no_browser_redirect("$goback?error=success");		header ("Location: $goback?error=success");		lib_login_write_log($LOG_MESSAGE[4], $username);	{	if($result)	// or fail message.	// return to calling page with error either success		$result = $db->Execute($sql_update_pass);	SQL9;		WHERE	username='$gUser'		SET	password='$md5password'		UPDATE	tbl_users	$sql_update_pass =<<<SQL9			}		die;		lib_login_no_browser_redirect("$goback?error=".urlencode($gString[62]));				urlencode($gString[62]));		header ("Location: $goback?error=" . 	{	if($newpassword == $gUser)	// $gString[62] = "password same as username"		}		die;		lib_login_no_browser_redirect("$goback?error=".urlencode($gString[61]));				urlencode($gString[61]));		header ("Location: $goback?error=" . 	{	if(strlen($newpassword)<$MIN_PASSWORD_LENGTH)	// $gString[61] = "password too short"			}		die;		lib_login_no_browser_redirect("$goback?error=".urlencode($gString[60]));				urlencode($gString[60]));		header ("Location: $goback?error=" . 	{	if($newpassword != $newpasswordagain)	// $gString[60] = "passwords do not match"		$md5password	= md5($newpassword);			$goback = substr($goback, 0, strpos($goback, '?'));	if(strpos($goback, '?') != "")	$goback = GetReferer();		$db = 	$gDB;	GLOBAL	$gString;	GLOBAL 	$gDB;	GLOBAL	$gUser;	GLOBAL	$MIN_PASSWORD_LENGTH;	GLOBAL	$LOG_MESSAGE;	GLOBAL	$LOGOUT_PAGE;	GLOBAL	$BODY_TAG_CLOSE;	GLOBAL	$BODY_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL	$LIB_LOGIN_BASEDIR;{function lib_login_update_password($newpassword, $newpasswordagain)**---------------------------------------------------------------------*/** current users password in tbl_users                                 *** accepts a password twice (for validation checking) and updates the  *** lib_login_update_password                                           */*---------------------------------------------------------------------*}	$db->Execute($sql_refresh_timestamp);SQL;		WHERE	username='$gUser'		SET		lastlogin=$timestamp		UPDATE 	tbl_users	$sql_refresh_timestamp =<<<SQL		$timestamp = time();		$db = 	$gDB;	GLOBAL	$gDB;	GLOBAL	$gUser;{function lib_login_refresh_timestamp()**---------------------------------------------------------------------*/** -added frymaster 06-16-01** page protecting functions.                                          *** protected pages or pages calling this function. called by all       *** timer and preventing timeouts as long as the user is loading        *** updates lastlogin to current time thus refreshing the "idle time"   *** lib_login_refresh_timestamp                                         *ad<00>
q<00><00><00><00><00><00><00>USA1+<00><00>><00>
<00>
<00>
O
M
9
%

<00><00><00><00><00>lQB531
<00><00><00>nG <00>
<00>
<00>
<00>
<00>
a
8
5
2
<00>	<00>	<00>	c		<00>j=<00><00><00><00><00>~|\<:<00><00><00><00>lB#!<00>t<00><00><00>mi6<00><00><00><00><00><00><00>~|`S@!<00><00><00>\[Y$<00>
<00>
<00>
	// therefor the l/p is wrong so we redirect to the login page	// if the field is NULL, no rows were returned and,		$result  = $db->Execute($sql_valid_lp_test);	**----------------------------------*/	** test for valid l/p               *	/*----------------------------------*SQL;		AND 	password='$password'		WHERE 	username='$username' 		FROM 	tbl_users 		SELECT 	* 	$sql_valid_lp_test =<<<SQL		}							lib_login_enact_bad_attempt_punishment($username);		if(lib_login_test_bad_attempts($username))		}			die;			lib_login_no_browser_redirect("$login_page?error=punished");			header("Location: $login_page?error=punished");		{		if(lib_login_test_bad_attempt_punishment($username))	{	if($PUNISH_BAD_ATTEMPTS == "TRUE" && $username != $UBER_USER)	// failed login attempts and punish them if necessary.	// see if they should be put on punishment time because they have exceeded their max	// are not allowed to login and should be bounced. if they aren't we should check and	// first we should check to see if the user is on punishment time. if they are, they		$login_page = $login_page[0];	$login_page = explode("?", $login_page);	$login_page = GetReferer(); // oops... maybe referer not login page...	// strip GET off of URL	// this the link back to the login page...			$password = md5($password); //store encrypted passwords only		$password = trim("$password");	$username = trim("$username");			}		return $UBER_USER;		}			echo $gString[66] . $HEADER_TAG_CLOSE;			echo "$HEADER_TAG_OPEN $gString[65]:<p> <b>$foo</b><p>";			echo "$HEADER_TAG_OPEN $gString[64] $HEADER_TAG_CLOSE";			//                is completely insecure"			// $gString[66] = "please consult your configuration and try again. this system 			//                "the data given. the following exception has been thrown:"			// $gString[65] = "php_lib_login was unable to create the uber user account with 			// $gString[64] = "a serious error has ocurred in creating the uber user account"		{			if($foo != "success")		$foo = lib_login_create_account($UBER_USER, $UBER_PASS, $UBER_PASS, $ADMIN_EMAIL, "", "");			{		!lib_login_account_exists($UBER_USER))		($password == $UBER_PASS) && 	if (($username == $UBER_USER) && 	// this is not as insecure as it looks...		**----------------------------------*/	** of the function...               *	** otherwise we pass on to the rest *	** exists. if not, we make one.     *	** see if an account for it already *	** that combo is called we test to  *	** $UBER_PASS as a password. when   *	** uberuser account starts with     *	/*----------------------------------*			$db = $gDB;	GLOBAL 	$gDB;	GLOBAL	$BAD_ATTEMPTS_MAX;	GLOBAL	$PUNISH_BAD_ATTEMPTS;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$LOG_MESSAGE;	GLOBAL 	$ADMIN_EMAIL;	GLOBAL	$UBER_PASS;	GLOBAL	$UBER_USER;{function lib_login_check_valid_lp($username, $password)// added bad attempt punishment 0-8**---------------------------------------------------------------------*/** on failure with $error set to nature of error                       *** accepts a username and password, confirms their validity. redirects *** lib_login_check_valid_lp                                            */*---------------------------------------------------------------------*}		return true;	else		return false;	if($result->EOF)		$result  = $db->Execute($sql_valid_lp_test);SQL;		AND 	password='$password'		WHERE 	username='$username' 		FROM 	tbl_users 		SELECT 	* 	$sql_valid_lp_test =<<<SQLad	<00>
p<00><00><00><00><00><00><00>XUR<00><00><00><00>W<00>
<00>
<00>
<00>
^
0
,
<00><00><00><00><00>><00><00>c<00>
<00>
P

<00>	<00>	O		<00><00>TQA3$<00><00><00><00><00>{ecEB-+<00><00><00><00><00><00><00>~fdc<00><00>?<00><00><00><00><00>sa_A&<00><00><00><00><00>qcTA42<00><00><00><00>hA<00>
<00>
	$returnval = lib_login_validate_account_data($username, 		**----------------------------------*/	** choose appropriate passwords!    *	** end users cannot be trusted to   *	/*----------------------------------*			{return "$username  $gString[67]"; die;}	if(lib_login_account_exists($username))	// $gString[67] = "is already taken"		$db = $gDB;	GLOBAL  $gString;	GLOBAL 	$gDB;	GLOBAL	$LOG;	GLOBAL	$LOG_MESSAGE;	GLOBAL	$BODY_TAG_CLOSE;	GLOBAL	$BODY_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL 	$MY_EMAIL_DOMAIN;	GLOBAL	$MIN_PASSWORD_LENGTH;{									$answer)									$question,									$email,									$passwordagain,									$password, function lib_login_create_account(	$username, **---------------------------------------------------------------------*/** of it.                                                              *** takes name, password, email, question and answer and makes an acct  *** lib_login_create_account                                            */*---------------------------------------------------------------------*}	return 1; // arbitrary		$db->Execute($sql_log);		SQL;		VALUES	('$rightnow', '$ip', '$username', '$action')				(timestamp, ip, username, action)		INTO 	tbl_log 		INSERT 	$sql_log =<<<SQL		$rightnow = time();			$ip = getenv('REMOTE_ADDR');			$username = $gUser;	if($username == "")	// if passed username is null, user current logged in user			return 0; // arbitrary	if($LOG != "TRUE")	// if no logging, return		$db = $gDB;	GLOBAL 	$gDB;	GLOBAL	$LOG;	GLOBAL	$gUser;{	function lib_login_write_log($action, $username)**---------------------------------------------------------------------*/** 		create account			6                                      *** 		mailback password		5                                      *** 		change password			4                                      ***   	UBER USER VIOLATION		3                                      ***		FAILED LOGIN UBER		2                                      *** 		FAILED LOGIN			1                                      *** 		login					0                                      *** element of the global array $LOG_MESSAGES. the array is defined as  *** only done when loggin in failures. the action is passed as an       *** currently logged in user is used. explicit passing of a username is *** the username is usually passed as null and the username of the the  *** ction accepts an array of log messages and a username. note that    *** certain actions will be logged if $LOG is set to "TRUE". this fun-  *** lib_login_write_log                                                 */*---------------------------------------------------------------------*}	return ($result->Fields["username"]);	lib_login_write_log($LOG_MESSAGE[0], $username);						{lib_login_clear_bad_attempts($username);}	if($PUNISH_BAD_ATTEMPTS == "TRUE")	// a successful login - clear the bad attempts, write the log, return the username		}		die; // don't let the rest of the code run if login fails!!		lib_login_no_browser_redirect("$login_page?error=invalid");		header("Location: $login_page?error=invalid");					{lib_login_write_bad_attempt($username);}		if($PUNISH_BAD_ATTEMPTS == "TRUE" && $username != $UBER_USER)		// this bad attempt!		// if we have set a max on bad login attempts then we should log							lib_login_write_log($LOG_MESSAGE[1], $username);		else			lib_login_write_log($LOG_MESSAGE[2], $username);		if($username == $UBER_USER)					{	if($result->EOF)adD<00><00><00><00><00><00>~W0	<00><00><00><00>qJ"	<00>
<00>
<00>
<00>
<00>
<00>
<00>
z
k
Y
H
B
A
?





<00>
<00>
<00>
<00>
<00>
<00>
<00>
<00>
<00>
V
U
S
3
"






<00>	s	*	<00><00><00><00><00><00>tkZ=76<00><00><00><00><00><00><00>;<00><00>_53<00><00><00><00><00>nl3<00><00><00><00><00><00><00><00><00><00><00><00>~L<00><00>=<00><00><00>DC**---------------------------------------------------------------------*/** -added frymaster 06-12-01** they don't or null if they do                                       *** criteria for a valid login account. returns an error message if     *** takes a name, password and email address and sees if they meet the  *** lib_login_validate_account_data                                     */*---------------------------------------------------------------------*}	}		return ($gString[69] . " - " . $username);		// $gString[69] = "unable to delete this user "	{	else	}		return urlencode("success");	{	if($result)		}		$result = lib_login_remove_account($username);	{	else	}		return $gString[68];	{		if($username == $UBER_USER)	// $gString[68] = "cannot delete the uber user account"		GLOBAL	$gString;	GLOBAL	$BODY_TAG_CLOSE;	GLOBAL	$BODY_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL	$UBER_USER;{function lib_login_delete_user($username)**---------------------------------------------------------------------*/** turning with html formatting                                        *** a wrapper for lib_login_remove_account. adds error checking and re- *** lib_login_delete_user                                               */*---------------------------------------------------------------------*}		{return false;}	else		{return true;}	if($result)		$result = $db->Execute($sql_delete_account);SQL6;		WHERE	username='$username'		FROM	tbl_users		DELETE	$sql_delete_account =<<<SQL6		$db = 	$gDB;	GLOBAL 	$gDB;{function lib_login_remove_account($username)**---------------------------------------------------------------------*/** removes the account for $username from the database.                *** lib_login_remove_account                                            */*---------------------------------------------------------------------*}			{return false;}	else		{return true;}	if($result->RecordCount() > 0)		$result = $db->Execute($sql_account_exists);SQL7;		WHERE	username='$username'		FROM	tbl_users		SELECT 	* 	$sql_account_exists =<<<SQL7		$db = $gDB;	GLOBAL 	$gDB;{function lib_login_account_exists($username)**---------------------------------------------------------------------*/** database. true if it does, false if it doesn't                      *** determines whether the account with $username already exists in the *** lib_login_account_exists                                            */*---------------------------------------------------------------------*}	}		return "success";			lib_login_write_log($LOG_MESSAGE[6], $username);		if($LOG == "TRUE")	{	if($result)			$result = $db->Execute($sql_insert_lp);	SQL5;				 '$answer');				 '$question',				 '$email',				 '$md5password',		VALUES 	('$username', 				 answer)				 question,				 email,				 password,				(username, 		INTO	tbl_users		INSERT	$sql_insert_lp =<<<SQL5	**----------------------------------*/	** insert the l/p and return NULL   *	/*----------------------------------*		$md5password = md5($password);	**----------------------------------*/	** the system...                    *	** to store a plaintext password on *	** md5 hash here means we don't have*	/*----------------------------------*			{return $returnval; die;}	if(isset($returnval))												 $email);												 $passwordagain, 												 $password, ad<00>
c<00><00><00>nP<"<00><00><00><00>Z?<00>
<00>
<00>
<00>
<00>
`
]
1
<00><00><00><00><00><00>qo+	<00><00><00>><00>
<00>
<00>
<00>
a

<00>	<00>	<00>	~	|	{	z	1	<00><00>V
<00>zJH<00>yifdVTS
<00>x/<00><00>TD<00><00><00><00><00><00><00><00>ycIDB <00><00>B<00>
<00>
<00>
**---------------------------------------------------------------------*/** banned ips. returns a success or fail message.                      *** takes an ip address called bannedip and adds it to the database of  *** lib_login_add_banned_ip                                             */*---------------------------------------------------------------------*}	$db->Execute($sql_nuke_session);	SQL;		WHERE	username='$gUser'		SET		lastlogin=NULL		UPDATE	tbl_users	$sql_nuke_session =<<<SQL		$db = 	$gDB;	GLOBAL	$gUser;	GLOBAL 	$gDB;{function lib_login_nuke_session()**---------------------------------------------------------------------*/** -changed fm ** call erases lastlogin.                                              *** a user logs out they will still have a valid lastlogin time. this   *** by checking the lastlogin timestamp against the current time. if    *** users_html, lib_login_list_online_users) determine who is logged in *** lots of functions (ie lib_login_count_online_users, lib_login_get_  *** lib_login_nuke_session                                              */*---------------------------------------------------------------------*}	return true;		}		return false;	if (!getmxrr($main_domain[0], $validate_email_temp) && !checkdnsrr($main_domain[0],"ANY")){	eregi("([-]?[0-9a-z])*\.[a-z]{2,3}$.?", $domain, $main_domain);	list($user, $domain)  = split ("@", $email, 2);{function lib_login_super_validate_email($email)**---------------------------------------------------------------------*/** -fm 020922                                                          *** returns true if valid, false otherwise                              *** more resource intensive but it may be worth it...                   *** does a name lookup on the email domain to see if it is valid...     *** lib_login_super_validate_email                                      */*---------------------------------------------------------------------*}	return $returnval;			{$returnval = 	$gString[71];}	if((trim(substr($email, strrpos($email, '@') + 1)) == $MY_EMAIL_DOMAIN)	&& ($username != $UBER_USER))	// the uber user is allowed to have an email address in this domain!	// this can be deactivated by setting $MY_EMAIL_DOMAIN to NULL				{$returnval = 	$gString[73];}		if(!lib_login_super_validate_email($email))	if($SUPER_VALIDATE_EMAIL == "TRUE")				{$returnval = 	$gString[73];}//" 	if(!eregi("^[0-9a-z_]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,3}.?$", $email, $check))				{$returnval = 	$gString[71];}	if(trim(substr($email, strrpos($email, '@') + 1)) == "localhost")				{$returnval = 	$gString[71];}	if(trim(substr($email, strrpos($email, '@') + 1)) == "127.0.0.1")				{$returnval = 	$gString[72];}	if($email == "")				{$returnval = 	$gString[31] . " " . $gString[62];}	if($password == $username)				{$returnval = 	$gString[70] . $MIN_PASSWORD_LENGTH;}	if(strlen($password)<$MIN_PASSWORD_LENGTH)				{$returnval = 	$gString[60];}	if($password != $passwordagain)	// $gString[73] = "invalid email address "	// $gString[72] = "email is a mandatory field "	// $gString[71] = "localhost is not a valid domain for email "	// $gString[31] = "error"	// $gString[62] = "password same as username"	// $gString[70] = "password is too short. minimum length	// $gString[60] = "passwords do not match"		GLOBAL	$gString;	GLOBAL	$SUPER_VALIDATE_EMAIL;	GLOBAL	$MY_EMAIL_DOMAIN;	GLOBAL	$UBER_USER;	GLOBAL	$MIN_PASSWORD_LENGTH;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;{function lib_login_validate_account_data($username, $password, $passwordagain, $email)ad
<00><00><00><00><00><00><00><00>o;!
<00><00><00><00><00><00><00><00><00>a)<00>
<00>
<00>
<00>
<00>
t
+
<00><00>O <00><00><00><00><00><00>r[YE<*
<00>
<00>
<00>
{
n
C
=




<00>	{	2	<00><00>om^PN<00><00><00><00><00>O
<00><00><00><00>zutK<00><00><00><00><00>}|3<00><00>X<00><00><00><00><00><00>mC52<00><00><00><00><00><00><00>Z**  lib_login_enact_bad_attempt_punishment                             */*---------------------------------------------------------------------*}	$result = $db->Execute($sql_clear_tries);SQL;		WHERE	username='$username'		SET		tries='0'		UPDATE	tbl_users	$sql_clear_tries =<<<SQL				{return 1;}	if(!lib_login_account_exists($username))	// in continuing...	// if this is not a valid username then there's no point		$db = 	$gDB;	GLOBAL 	$gDB;{function lib_login_clear_bad_attempts($username)**---------------------------------------------------------------------*/** 	should be set to zero. this function does that                     ***  when a user logs on successfully, his or her bad attempt counts    ***  lib_login_clear_bad_attempts                                       */*---------------------------------------------------------------------*}	$result = $db->Execute($sql_bad_attempt);	SQL2;		WHERE	username='$username'		SET		tries='$tries_increment'		UPDATE	tbl_users	$sql_bad_attempt =<<<SQL2		$tries_increment = $result->fields[0] + 1;	$result = $db->Execute($sql_get_tries);SQL;		WHERE	username='$username'		FROM	tbl_users		SELECT	tries	$sql_get_tries	=<<<SQL	// common denominator to ensure database neutrality. sorry.		// efficient approach, but we need to keep the sql to the lowest	// then increment then update it. this is far from the most	// first we are going to select the current tries count			{return 1;}	if(!lib_login_account_exists($username))	// in continuing...	// if this is not a valid username then there's no point		$db = 	$gDB;	GLOBAL 	$gDB;{function lib_login_write_bad_attempt($username)**---------------------------------------------------------------------*/** 	it increments tries in tbl_tries by one for that user.             ***  this function is called if the user has made a bad login attempt.  ***  lib_login_write_bad_attempt                                        */*---------------------------------------------------------------------*}		return $gString[77] . " - " . $bannedip;		else		return $gString[76] . " - " . $bannedip;	if($result)	// $gString[77] = "there was an error un-banning this ip "	// $gString[76] = "this ip has been un-banned "		$result = $db->Execute($ban_sql);SQL;		WHERE	ip='$bannedip'		FROM	tbl_banned		DELETE	$sql_unban =<<<SQL			return $gString[74];	if($gUser != $UBER_USER)	// $gString[74] = "only administrator can ban ips"	// don't let plebs ban ips!		$db = 	$gDB;	GLOBAL	$gString;	GLOBAL	$gUser;	GLOBAL 	$gDB;{function lib_login_delete_banned_ip($bannedip)**---------------------------------------------------------------------*/** no longer banned.                                                   *** removes the ip bannedip from the banned ip database. this ip is now *** lib_login_delete_banned_ip                                          */*---------------------------------------------------------------------*}		return $gString[75] . " - " . $bannedip;	else		return $bannedip . " - " . $gString[10];	if($result)	// $gString[75] = "there was an error banning this ip"	// $gString[10] = "this ip has been banned"		$result = $db->Execute($ban_sql);SQL;		VALUES	('$bannedip')				(ip)		INTO	tbl_banned		INSERT		$ban_sql =<<<SQL				return $gString[74];	if($gUser != $UBER_USER)	// $gString[74] = "only administrator can ban ips"	// don't let plebs ban ips!			$db = 	$gDB;	GLOBAL 	$UBER_USER;	GLOBAL	$gUser;	GLOBAL 	$gDB;{function lib_login_add_banned_ip($bannedip)ad<00>
o<00>n&<00><00>YW;,<00>
<00>
<00>
<00>
<00>
<00>
<00>
<00>
<00>
^
\
[

<00><00>9<00><00>a<00>
<00>
<00>
<00>
<00>
<00>
<00>
<00>
h
c
b
>
<


	
<00>	<00>	<00>	<00>	e		<00><00>A<00><00><00><00><00><00>\NK8)<00><00><00><00><00><00><00><00>~|{2<00><00>Y<00><00><00>|WU0-<00><00>ld(<00><00>~C:<00>
<00>
<00>
<00>
<00>
<00>
	{	else	}NOTE1;			or you can continue by clicking the &quot;continue&quot; link below.			</ol>				<li>clicking on the reload button on your browser</li>				<li>clicking &quot;OK&quot;</li>				<li>checking the box labeled &quot;enable automatic redirection&quot;</li>				<li>clicking on the &quot;sequrity tab&quot;</li>				<li>opening your preferences (under the file menu)</li>			<ol>			to enable automatic redirection. this can be done by:			for Opera to work properly with this site, you will need			you appear to be using the Opera web browser. in order		$note =<<<NOTE1	{	if(substr($agent, 0, 5) == "Opera")		$agent = getenv('HTTP_USER_AGENT');	//phpinfo();die;{function lib_login_no_browser_redirect($url)**---------------------------------------------------------------------*/** 	way.** 	show a polite message with a continue link to get them on their    ***	doesn't properly support the header() redirect. this function will ***	some people are still using netscape 3 (believe it or not!) that   ***  lib_login_no_browser_redirect                                      */*---------------------------------------------------------------------*}	return false;				{return true;}	if($result->fields[0] >= $BAD_ATTEMPTS_MAX)			$result = $db->Execute($sql_test);SQL;		WHERE	username='$username'		FROM	tbl_users		SELECT	tries	$sql_test =<<<SQL				{return 1;}	if(!lib_login_account_exists($username))	// in continuing...	// if this is not a valid username then there's no point		$db = 	$gDB;	GLOBAL 	$gDB;	GLOBAL	$BAD_ATTEMPTS_MAX;{function lib_login_test_bad_attempts($username)**---------------------------------------------------------------------*/**	TEMPTS_MAX. returns true if they have, false if they haven't       *** 	the maximum number of bad login attempts as defined in $BAD_AT-    ***  tests whether the account of $username has equalled or exceeded    ***  lib_login_test_bad_attempts                                        */*---------------------------------------------------------------------*}	return false;				return true;	if(time() < $result->fields[0])		$result = $db->Execute($sql_test);SQL;		WHERE	username='$username'		FROM	tbl_users		SELECT	nextlogin	$sql_test =<<<SQL		$db = 	$gDB;	GLOBAL 	$gDB;{function lib_login_test_bad_attempt_punishment($username)**---------------------------------------------------------------------*/**	login is forbidden and true is returned. otherwise false           ***	is earlier than the timestamp set by the punishment. if it is,     ***	seconds. this function tests to see whether the current timestamp  ***	attempts s/he is suspended from login in for $BAD_ATTEMPTS_WAIT    ***	when a user exceeds the maximum number of consecutive bad login    ***  lib_login_test_bad_attempt_punishment                              */*---------------------------------------------------------------------*}	$result = $db->Execute($sql_punish);SQL;		WHERE	username='$username'		SET		nextlogin='$nextlogin'		UPDATE	tbl_users	$sql_punish =<<<SQL			$nextlogin = time() + $BAD_ATTEMPTS_WAIT;		$db = 	$gDB;	GLOBAL 	$gDB;	GLOBAL	$BAD_ATTEMPTS_WAIT;{function lib_login_enact_bad_attempt_punishment($username)**---------------------------------------------------------------------*/**	the user cannot attempt to login again until that timestamp expires***	seconds in $BAD_ATTEMPTS_WAIT is added to the current timestamp.   *** 	maximum number of consecutive failed login attempts. the number of ***  this function is only called if the user has exceeded his or her   *ad,<00>
n<00><00>w:<00><00><00><00><00><00><00>m6* <00>
<00>
<00>
<00>
<00>
<00>
<00>
<00>
<00>
<00>
<00>
9
<00><00>^<00><00><00><00><00><00><00>q^<<00>
<00>
<00>
<00>
<00>
<00>
<00>
<00>
r
(
'
<00>	<00>	L		<00><00><00><00>cM

<00>x/<00><00><00><00><00><00><00>L<00>pKI3<00><00>?<00><00>}{dH43<00><00><00><00><00><00>A<00>
<00>
** returns the login name of $UBER_USER                                *** lib_login_whois_uberuser                                            */*---------------------------------------------------------------------*}		{return $SUCCESS_PAGE;}	else		{return $SUCCESS_UBER_PAGE;}		if($username == $UBER_USER)	GLOBAL $UBER_USER;	GLOBAL $SUCCESS_UBER_PAGE;	GLOBAL $SUCCESS_PAGE;{function lib_login_get_success_page($username)**---------------------------------------------------------------------*/** different for the uberuser than for normal users                    *** returns the page for redirect on successful login. note that it is  ***  lib_login_get_success_page                                         */*---------------------------------------------------------------------*}	return $ADMIN_EMAIL;	GLOBAL $ADMIN_EMAIL;{function lib_login_get_admin_email()**---------------------------------------------------------------------*/**  returns variable for admin's email                                 ***  lib_login_get_admin_email                                          */*---------------------------------------------------------------------*}	return $THIS_SITE;	GLOBAL $THIS_SITE;{function lib_login_get_this_site()**---------------------------------------------------------------------*/**  returns variable for this site                                     ***  lib_login_get_this_site                                            */*---------------------------------------------------------------------*}	return $goback;		$goback = $HTTP_SERVER_VARS['HTTP_REFERER'];	if (empty($goback)) 	$goback = getenv('HTTP_REFERER');	global $HTTP_SERVER_VARS;{function GetReferer()**---------------------------------------------------------------------*/**    --added j lim 06-10-01                                           ***  returns http_referer page... works with iis                        ***  GetReferer                                                         */*---------------------------------------------------------------------*/*============================== ^^^^^^^ ==============================*//*============================== GETTERS ==============================*/}		return false;	else		return true;	if($result)		$result = $db->Execute($sql_change);SQL;		WHERE	username='$username'		SET		password='$md5newpassword'		UPDATE	tbl_users	$sql_change =<<<SQL		$md5newpassword = md5($newpassword);		$db = 	$gDB;	GLOBAL 	$gDB;{function lib_login_change_password_for_user($username, $newpassword)**---------------------------------------------------------------------*/** 	username. returns true on success and false on fail.               ***  takes a username and a password and updates the password for that  ***  lib_login_change_password_by_uber                                  */*---------------------------------------------------------------------*}	die;	HTML;		</body></html>			</font>			</strong>				<a href="$url">click here to continue</a>				<p>&nbsp;</p>				<p>&nbsp;</p>				<p>&nbsp;</p>				$note			<strong>			<font face="Arial, Helvetica, sans-serif" size="4">		<body bgcolor="#FFFFFF" text="#000000">		<head><title>oops!</title><head>	print <<<HTML	}NOTE2;			browser that is capable of redirection.			although it is highly recommended that you upgrade to a			click on the &quot;continue&quot; link below to continue,			url redirection which is necessary for this site. you can			you appear to be using a browser that does not support		$note =<<<NOTE2ad(<00>
o<00><00><00>|hfe<00><00>A<00>
<00>
<00>
<00>
p
\
H
8
6
4
<00><00><00><00><00><00><00><00><00>N<00>r\ZG3!<00>
<00>
<00>
<00>
<00>
<00>
<00>
m
#
"
<00>	<00>	G	<00><00><00><00><00><00>_]LJI<00>n%<00><00><00>dbD)
<00><00><00><00><00><00>h+<00><00><00><00>U
<00><00><00><00>n>
<00><00><00><00><00><00>]?<00>
<00>
<00>
<00>
		}			{echo "$warning\$BAD_ATTEMPTS_WAIT is not a sane value!";die;}		if($BAD_ATTEMPTS_WAIT <=0 )			{echo "$warning\$BAD_ATTEMPTS_MAX is not a sane value!";die;}		if($BAD_ATTEMPTS_MAX < 2)	{	if($PUNISH_BAD_ATTEMPTS == "TRUE")			$LIB_LOGIN_BASEDIR .= "/";	if($LIB_LOGIN_BASEDIR[strlen($LIB_LOGIN_BASEDIR)-1] != "/")	$LIB_LOGIN_BASEDIR = trim($LIB_LOGIN_BASEDIR);	// ends with a slash... if it doesn't we'll add one!	// before we go crazy, we should check and make sure that $LIB_LOGIN_BASEDIRWARN;		</font>			<p>			</font>			this site by clicking <a href="mailto:$ADMIN_EMAIL">here</a>			has failed a sanity check. please contact the adminstrator of			one or more of the configuration variables for php_lib_login			<font size="3">			</font><p>			configuration sanity failure!			<font size="5">		<font face="Arial, Helvetica, sans-serif" color="#FFFFFF">		<html><head><body bgcolor="red">	$warning =<<<WARN		GLOBAL	$LIB_LOGIN_BASEDIR;	GLOBAL	$ADMIN_EMAIL;	GLOBAL	$TIMEOUT_IN_SECONDS;	GLOBAL	$MIN_PASSWORD_LENGTH;	GLOBAL	$BAD_ATTEMPTS_WAIT;	GLOBAL	$BAD_ATTEMPTS_MAX;	GLOBAL	$PUNISH_BAD_ATTEMPTS;{function lib_login_sanity_check()// added 0-8**---------------------------------------------------------------------*/** the ability of users, mistakes do happen... we should do a check.  *** make this library unusable. although i have the highest regard for  *** people might set some config  variables to values that will         *** lib_login_sanity_check                                              */*---------------------------------------------------------------------*}	return $fourth;		$fourth = substr($third, 0, 6);	$third = md5($second);	$second = $first * (int)time();	$first = rand(0, 100);{function lib_login_create_random_passwd()**---------------------------------------------------------------------*/** cooks up a reasonably random password                               *** lib_login_create_random_passwd                                      */*---------------------------------------------------------------------*/*============================ ^^^^^^^^^^ =============================*//*============================ GENERATORS =============================*/}	return $gString;		if(empty($gString)) $gString = $gString = build_vocab($LANGUAGE, $THIS_SITE);		GLOBAL	$gString;	GLOBAL $THIS_SITE;	GLOBAL $LANGUAGE;{function getgString()**---------------------------------------------------------------------*/** returns the language-specific string array                          *** getgString                                                          */*---------------------------------------------------------------------*}	}		die;		lib_login_no_browser_redirect($FAIL_PAGE);		header("Location: $FAIL_PAGE");			{	if(($PUBLIC_SIGNUP == "FALSE") && ($gUser != $UBER_USER))			GLOBAL	$gUser;	GLOBAL	$FAIL_PAGE;	GLOBAL	$UBER_USER;	GLOBAL	$PUBLIC_SIGNUP;{function lib_login_protect_signup()**---------------------------------------------------------------------*/** checks these requirements and bounces accordingly.                  *** is set to false, only uber user can create new accounts. this func  *** this call is used to protect do_create_login.php. if $PUBLIC_SIGNUP *** lib_login_protect_signup                                            */*---------------------------------------------------------------------*}	return $UBER_USER;	GLOBAL $UBER_USER;{function lib_login_whois_uberuser()**---------------------------------------------------------------------*/ad6<00>
[<00>n%<00><00>J
<00>
o
&
<00><00>K
<00>n%<00>
<00>
<00>
<00>
x
]
:

<00>	<00>	<00>	<00>	<00>	h	E	&		<00><00><00>yI<00><00><00>}aI*<00><00><00><00>zU8 <00><00><00><00>pT5<00><00><00>]PA%<00><00><00><00><00>lQ8'<00><00><00>n<00>
<00>
<00>
// cat login.inc.php | grep -e '^function' -e '\/\*\=' | grep -v '\^' | sed -e 's/\/\*\=*//g' | sed -e 's/\=*\*\/$//g' | sed -e 's/^function//g' | cut -d\( -f1 | sed -e 's/^ /**  /g'// the following command... ugly but it works.// the above function table of conetents can be generated with**---------------------------------------------------------------------*/**  END OF FILE **  lib_login_db_failure**  lib_login_sanity_check**  lib_login_create_random_passwd**  GENERATORS **  getgString**  lib_login_protect_signup**  lib_login_whois_uberuser**  lib_login_get_success_page**  lib_login_get_admin_email**  lib_login_get_this_site**  GetReferer**  GETTERS **  lib_login_no_browser_redirect**  lib_login_test_bad_attempts**  lib_login_test_bad_attempt_punishment**  lib_login_enact_bad_attempt_punishment**  lib_login_clear_bad_attempts**  lib_login_write_bad_attempt**  lib_login_delete_banned_ip**  lib_login_add_banned_ip**  lib_login_nuke_session**  lib_login_validate_account_data**  lib_login_delete_user**  lib_login_remove_account**  lib_login_account_exists**  lib_login_create_account**  lib_login_write_log**  lib_login_check_valid_lp**  lib_login_boolean_check_valid_lp**  lib_login_update_password**  lib_login_refresh_timestamp**  lib_login_log_session**  lib_login_get_username_by_session**  lib_login_do_ip_ban**  INTERNAL-FUNCTIONALS **  lib_login_show_ip_ban_form**  lib_login_show_logs**  lib_login_show_log_form**  lib_login_show_delete_user_form_art**  lib_login_show_delete_user_form**  lib_login_show_update_pass_form_art**  lib_login_show_update_pass_form**  lib_login_show_create_account_mailback_form_art**  lib_login_show_create_account_mailback_form**  lib_login_show_create_acct_form_art**  lib_login_show_create_acct_form**  lib_login_forgot_password_art**  lib_login_forgot_password**  lib_login_return_logout_link**  lib_login_show_logout_link**  lib_login_show_logout_link_art**  lib_login_show_login_form_art**  lib_login_show_login_form**  SHOWERS **  lib_login_list_online_users**  lib_login_get_users_html**  lib_login_print_count_online_users**  lib_login_count_online_users**  lib_login_boolean_check_expire**  lib_login_check_expire**  lib_login_protect_page_ip**  lib_login_protect_page_userarray**  lib_login_protect_page_uber**  lib_login_protect_page**  lib_login_valid_user**  USER-FUNCTIONALS **  ^^^^^^^^^^^^^^^^^^^^^^^^^^^                                        ***  Fucntion Table of Contents:                                        */*---------------------------------------------------------------------***---------------------------------------------------------------------*/** 02111-1307  USA                                                     *** Boston, MA                                                          *** 59 Temple Place, Suite 330,                                         *** the Free Software Foundation, Inc.,                                 *** License along with this library; if not, write to                   *** You should have received a copy of the GNU Lesser General Public    ***                                                                     *** Lesser General Public License for more details.                     *** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU   *** but WITHOUT ANY WARRANTY; without even the implied warranty of      *** This library is distributed in the hope that it will be useful,     ***                                                                     *** version 2.1 of the License, or (at your option) any later version.  *ad<00><00>	0<00><00><00><00><00><00>M<00><00><00><00><00><00>EB<9<00>
<00>
<00>
<00>
<00>
<00>
J


<00>
<00>
<00>
<00>
<00>
<00>
h
O
<00>	<00>	<00>	<00>		k	/*------------------/*------------------------------/*---------------------------------------------------------------------*}	print "<a href=\"$LIB_LOGIN_BASEDIR"."do_logout.php\">$BODY_TAG_OPEN$linktext$BODY_TAG_CLOSE</a>";	GLOBAL	$BODY_TAG_CLOSE;	GLOBAL	$BODY_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL	$LIB_LOGIN_BASEDIR;	if (! $gUser) return;	GLOBAL $gUser;{	function lib_login_show_logout_link($linktext)	{lib_login_show_logout_link("<img src=\"$artpath\" border=\"0\">");}function lib_login_show_logout_link_art($artpath)**---------------------------------------------------------------------*/** lib_login_show_logout_link takes a string arg which is the link text*** the path to the gif, png or jpeg to show as the logout button.      *** shows link to log out. lib_login_show_logout_link_art takes one arg *** lib_login_show_logout_link_art                                      *** lib_login_show_logout_link                                          */*---------------------------------------------------------------------*}	}		echo "<input type=\"image\" src=\"$artpath\" border=\"0\" name=\"submit\"></form>";	{	else	}		echo "<input type=\"submit\" name=\"submit\" value=\"submit\"></form>";	{	if($artpath == "")	HTML1;		<input type="password" name="password"><br>		$SUB_HEAD_TAG_OPEN $gString[3] $SUB_HEAD_TAG_CLOSE<br>		<input type="text" name="username" value=""><br><br>		$SUB_HEAD_TAG_OPEN $gString[2] $SUB_HEAD_TAG_CLOSE<br>	<form method="POST" action="$form_target">	print <<<HTML1	// gStrings[3] = "password"	// gStrings[2] = "username"		ad<00>
Wa<00><00><00><00><00><00>v][Y#<00><00><00><00><00>_D%<00>
<00>
<00>
<00>
g
[

<00><00><00>[O<00><00><00><00><00>/'
v
-
<00>	<00>	Q			<00><00><00><00><00><00>sfd*<00><00><00>|gA?<00><00><00>}zb520<00><00><00><00>onH<00>j61<00>W		$yesterday_mn_timestamp = mktime(0, 0, 0, $today_array['mon'], ($today_array['mday']-1), $today_array['year']);	$today_mn_timestamp = mktime(0, 0, 0, $today_array['mon'], $today_array['mday'], $today_array['year']);	 */	 *										variable $daterange passed by the form	 *		$startday_mn_timestamp		-> a timestamp for x days ago at midnight where x is the 	 *		$yesterday_mn_timestamp		-> a timestamp for yesterday at midnight	 *		$today_mn_timestamp			-> a timestamp for today at midnight	/* these are the timestamps we need.	$today_array = getdate($rightnow);	// this is an array of units (ie month, day, year, hour...) for right now	$rightnow = time(); 	// this is the latest timestamp we will retreive logs for		}		echo "<b>$gString[46]</b>$gString[47]<p>";		$viewdates = "today";	{	if(!isset($viewdates))	// $gString[47] = "no days selected for viewing, defaulting to today"	// $gString[46] = "warning"	// if the user doesn't select a date range to view we set to "today"			lib_login_add_banned_ip($bannedip);	if($bannedip != "")	// lets call lib_login_add_banned_ip to ban the ip	// when user clicks on ban button, ip to ban is passed here on reload.			$orderby = "timestamp";	if(!isset($orderby))	// must order the log by something, timestamp by default		$db = $gDB;	GLOBAL	$DATABASE_SOFTWARE;	GLOBAL	$SUCCESS_UBER_PAGE;	GLOBAL	$gString;	GLOBAL	$REQUEST_URI;	GLOBAL	$HTTP_HOST;	GLOBAL	$gDB;	GLOBAL	$gUser;{function lib_login_show_logs($viewdates, $daterange, $orderby, $bannedip)**---------------------------------------------------------------------*/** the field $orderby.                                                 *** viewdates (either "today", "yesterday" or x days ago), ordered by   *** displays in html format the logs for the dates specified in         *** lib_login_show_logs                                                 */*---------------------------------------------------------------------*}FORM;		</form>		</table>		</tr>			<td colspan="2" align="right"><input type="submit" name="submit" value="submit"></td>		<tr>		</tr><tr>			</td>				<input type="text" size="3" name="daterange"> 				$BODY_TAG_OPEN $gString[45] $BODY_TAG_CLOSE			<td>			<td><input type="radio" name="viewdates" value="range"></td>		</tr><tr>			<td>$BODY_TAG_OPEN $gString[44] $BODY_TAG_CLOSE</td>			<td><input type="radio" name="viewdates" value="yesterday"></td>		</tr><tr>			<td>$BODY_TAG_OPEN $gString[43] $BODY_TAG_CLOSE</td>			<td><input type="radio" name="viewdates" value="today"></td>		</tr><tr>			<td colspan="2">$SUB_HEAD_TAG_OPEN $gString[42] $SUB_HEAD_TAG_CLOSE</td>		<tr>		<table border="0">		<form method="POST" action="$form_target">	print <<<FORM	// $gString[45] = "last"	// $gString[44] = "yesterday"	// $gString[43] = "today"	// $gString[42] = "show logs for:"	// print the form		$form_target	= "http://$HTTP_HOST/$form_target";	else		$form_target	= "https://$HTTP_HOST/$form_target";	if($SECURE_SUBMIT ==  "TRUE")	$form_target = $LIB_LOGIN_BASEDIR . "show_logs.php";				return 0; // arbitrary	if($gUser != $UBER_USER)	// bail if not uber user	$db = 	$gDB;	GLOBAL	$LIB_LOGIN_BASEDIR;	GLOBAL	$gString;	GLOBAL	$BODY_TAG_CLOSE;ad <00><00><00><00><00><00><00><00><00><00>j=630<00><00><00><00><00><00><00>\Y<9<00>
<00>
}
v
s
m
j
I
F
D
#
!
 

<00><00>D<00><00>{yeU
<00>
<00>
<00>
<00>
<00>
<00>
<00>
F
<00>	<00>	k	!	<00><00><00><00><00><00><00><00>X=;	<00><00><00>d<00>~wtr^SB/<00><00><00><00>jgE<00><00><00><00>g<00><00>B
<00><00><00><00><00><00>oTR P	// gid must be an integer, we should check that!		lib_login_protect_page();	// first we must protect page so only logged-in users can view it		$db  = $gDB;	GLOBAL $gDB;	GLOBAL $ADMIN_EMAIL;	GLOBAL $gUser;	GLOBAL $FAIL_PAGE;{function lib_login_protect_page_heirarchy_group($gid)**---------------------------------------------------------------------*/** id higher than $gid, the viewer is bounced to $FAIL_PAGE.           *** page is not a member of that group or any other group with a group  *** accepts a group id (postive integer). if user viewing protected     *** lib_login_protect_page_heirarchy_group                              */*---------------------------------------------------------------------*}	return $gUser;		}		die;		lib_login_no_browser_redirect($FAIL_PAGE);		header("Location: $FAIL_PAGE");	{	if($result->fields[0]=="")	// so give 'em the boot!	// if no data from the query, there is no user/group combo in tbl_group		$result = $db->Execute($sql_group);SQL;		AND		username='$gUser'		WHERE	gid='$gid'		FROM	tbl_group		SELECT	*	$sql_group =<<<SQL		}		die;		echo "error on line ".__LINE__.". gid $gid is not an integer.";		@mail($ADMIN_EMAIL, "php_lib_login group protection error", $message); // no fail msg.					"this argument is not an integer an is causing the page not to load";					"lib_login_protect_page_group() and passes the argument $gid ".		$message = "the page ".__FILE__." on line ".__LINE__." uses the call ".	{	if(!is_int($gid))	// gid must be an integer, we should check that!		lib_login_protect_page();	// first we must protect page so only logged-in users can view it		$db  = $gDB;	GLOBAL $gDB;	GLOBAL $ADMIN_EMAIL;	GLOBAL $gUser;	GLOBAL $FAIL_PAGE;{function lib_login_protect_page_group($gid)**---------------------------------------------------------------------*/** page is not a member of that group, user is redirected to $FAIL_PAGE*** accepts a group id (postive integer). if user viewing protected     *** lib_login_protect_page_group                                        */*---------------------------------------------------------------------*}	die; 	lib_login_no_browser_redirect($FAIL_PAGE);	header("Location: $FAIL_PAGE");		}			{return lib_login_validate_user();}		if($user == $gUser)	{	while(list(,$user) = each($userarray))		GLOBAL $gUser;	GLOBAL $FAIL_PAGE;{function lib_login_protect_page_userarray($userarray)**---------------------------------------------------------------------*/** in said array, page is dispalyed, otherwise, redirect to $FAIL_PAGE *** accepts an array of usernames. if user viewing protected page is    *** lib_login_protect_page_userarray                                    */*---------------------------------------------------------------------*}	return lib_login_valid_user(); 		}		lib_login_refresh_timestamp();	{	else	}		die;		lib_login_no_browser_redirect("$TIMEOUT_PAGE?error=timeout"); 		header("Location: $TIMEOUT_PAGE?error=timeout");		session_destroy();		lib_login_nuke_session(); 	// kill from database	{	if(!$result->fields[0] < 1)			$result = $db->Execute($sql_check_expiry);	SQL;		AND		lastlogin<$expired;		WHERE	username = '$gUser'		FROM	tbl_users		SELECT	count(*)	$sql_check_expiry =<<<SQL		$expired = time() - $TIMEOUT_IN_SECONDS;			}		die;		lib_login_no_browser_redirect($FAIL_PAGE);		header("Location: $FAIL_PAGE");		lib_login_write_log($LOG_MESSAGE[3], $gUser);	{	if(!($UBER_USER == $gUser))			$db = $gDB;			GLOBAL 	$gDB;ad<00>
t<00><00><00>[<00>unkiUJ9%<00>
<00>
<00>
|
`
]
;




<00><00><00><00>]<00><00>TR=#<00>
<00>
<00>
<00>
<00>
E
C

<00>	<00>	<00>	<00>	<00>	<00>	<00>	I		<00><00><00>~4<00><00>W<00><00><00><00>jRA21#"<00><00><00><00><00><00>zyKI
<00><00><00><00>A95.*<00><00><00><00>[<00><00>5
<00>
<00>
<00>
	GLOBAL $FAIL_PAGE; { function lib_login_boolean_check_expire() **---------------------------------------------------------------------*/ ** request of john chow.                                               *** have expired and true if the login is still valid. added at the     *** Check to see if the session have expired. returns false if they     *** lib_login_boolean_check_expire                                      * /*---------------------------------------------------------------------* }	return $gUser; 	} 		lib_login_refresh_timestamp(); 	{ 	else 	} 		die; 		lib_login_no_browser_redirect("$TIMEOUT_PAGE?error=timeout"); 		header("Location: $TIMEOUT_PAGE?error=timeout");		session_destroy(); 		// kill from database 		lib_login_nuke_session(); 	{ 	if(!$result-> fields[0] < 1) // this index will survive a new ddl 		$result = $db-> Execute($sql_check_expiry); SQL;		AND lastlogin <$expired		WHERE username = '$gUser' 		FROM tbl_users 		SELECT count(*) 	$sql_check_expiry =<<<SQL	$expired = time() - $TIMEOUT_IN_SECONDS; 	$db = $gDB; 	GLOBAL $gDB; 	GLOBAL $gUser; 	GLOBAL $TIMEOUT_PAGE; 	GLOBAL $TIMEOUT_IN_SECONDS; 	GLOBAL $FAIL_PAGE; { function lib_login_check_expire() **---------------------------------------------------------------------*/ ** added Steen Rab<61>l 08/15/01                                          *** expiry without having to call a page protector.                     * ** Check to see if the session have expired. allows for checking for   *** lib_login_check_expire                                              * /*---------------------------------------------------------------------* }	echo "<br><a href=\"$FAIL_PAGE\">".$gString[11]."</a>";	echo $HEADER_TAG_OPEN . $gString[10] . $HEADER_TAG_CLOSE;	// gStrings[11] = "continue"	// gStrings[10] = "this ip address has been banned!"	// some browsers don't do redirects well. so we give them a message			}		die;		lib_login_no_browser_redirect($FAIL_PAGE);			header("Location: $FAIL_PAGE");	{	if($result->fields[0] != 0)	// if the count is not zero, give the viewer the boot!		$result = $db->Execute("SELECT COUNT(*) FROM tbl_banned WHERE ip='$this_ip'");	// get the count of all the times this ip is in the banned table		$db  = $gDB;	GLOBAL	$gString;	GLOBAL 	$gDB;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL 	$FAIL_PAGE;{function lib_login_protect_page_ip($this_ip)**---------------------------------------------------------------------*/** banned and bounces banned users.                                    *** protects page from banned ips. checks to see which ips are in tbl_  *** lib_login_protect_page_ip                                           */*---------------------------------------------------------------------*}	return $gUser;		}		die;		lib_login_no_browser_redirect($FAIL_PAGE);		header("Location: $FAIL_PAGE");	{	if($result->fields[0]=="")	// so give 'em the boot!	// if no data from the query, there is no user/group combo in tbl_group		$result = $db->Execute($sql_group);SQL;		AND		username='$gUser'		WHERE	gid>='$gid'		FROM	tbl_group		SELECT	*	$sql_group =<<<SQL		}		die;		echo "error on line ".__LINE__.". gid $gid is not an integer.";		@mail($ADMIN_EMAIL, "php_lib_login group protection error", $message); // no fail msg.					"this argument is not an integer an is causing the page not to load";					"lib_login_protect_page_group() and passes the argument $gid ".		$message = "the page ".__FILE__." on line ".__LINE__." uses the call ".	{	if(!is_int($gid))adDH|<00><00><00><00><00><00><00>gWV+*<00><00><00><00><00><00>}8(!<00>
<00>
<00>
<00>
j
!
<00><00>fdD%<00><00><00><00><00><00><00>kfd?><00>
<00>
<00>
<00>
<00>
<00>
T

<00>	x	J	H	5		<00><00><00><00><00><00><00>cS<00><00><00><00><00>8<00><00>\86!<00><00><00><00><00><00><00>RC-<00><00><00><00>vhM84
<00><00><00>l#<00><00>HGF** where 0 is the group id.                                            *** username (0)                                                        *** this list is suitable for using in a <select> tag and has the form: *** returns an option delimited list of usernames with thier group ids. *** lib_login_get_users_groups_html                                     */*---------------------------------------------------------------------*}	return $option_list;		}		$result->MoveNext();		}						"</option>\n";						$result->fields[0] .						"\">" .						$result->fields[0] . 		$option_list .= "<option value=\"" .		{		if($result->fields[0] != $UBER_USER) 	// don't list UBER_USER	{											// this index will survive new ddl	while(!$result->EOF)	// retreived.	// cook up a string of <options> with all usernames		$result = $db->Execute($sql_all_usernames);SQL13;		FROM	tbl_users		SELECT 	username	$sql_all_usernames =<<<SQL13			$db = 	$gDB;	GLOBAL 	$gDB;	GLOBAL	$UBER_USER;	{function lib_login_get_users_html()**---------------------------------------------------------------------*/** handy for building selects                                          *** generates an <option> list of all registered users and returns it   *** lib_login_get_users_html                                            */*---------------------------------------------------------------------*}	echo $SUB_HEAD_TAG_OPEN . $count_sentence . $SUB_HEAD_TAG_CLOSE;				{$count_sentence = $gString[14] . " $count " . $gString[15];}	if($count > 1)		{$count_sentence = $gString[13];}	if($count == 1)		{$count_sentence = $gString[12];}	if($count == 0)		$count = lib_login_count_online_users();		GLOBAL 	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL 	$gString;{function lib_login_print_count_online_users()**---------------------------------------------------------------------*/** recent enough to not be timed out... returns in html format         *** counts number of users who are in tbl_users with a lastlogin time   *** lib_login_print_count_online_users                                  */*---------------------------------------------------------------------*}	return $count;		$count	= $result->fields[0]; // this index will survive a new ddl	$result = $db->Execute($sql_count);	SQL;		FROM	tbl_users where lastlogin>$expired;		SELECT	COUNT(*)	$sql_count =<<<SQL	$expired = time() - $TIMEOUT_IN_SECONDS;	$db 	 = $gDB;		GLOBAL 	$gDB;	GLOBAL 	$TIMEOUT_IN_SECONDS;	//GLOBAL	$SUB_HEAD_TAG_CLOSE;	//GLOBAL	$SUB_HEAD_TAG_OPEN;  {function lib_login_count_online_users()**---------------------------------------------------------------------*/** recent enough to not be timed out... returns in html format         *** counts number of users who are in tbl_users with a lastlogin time   *** lib_login_count_online_users                                        */*---------------------------------------------------------------------*}	return $gUser; 		return true; 	else 		return false;	if(!$result-> fields[0] < 1) // this index will survive a new ddl  		$result = $db-> Execute($sql_check_expiry); SQL;		AND lastlogin <$expired		WHERE username = '$gUser' 		FROM tbl_users 		SELECT count(*) 	$sql_check_expiry =<<<SQL	$expired = time() - $TIMEOUT_IN_SECONDS; 		return false;	if(!lib_login_valid_user())	// if you aren't logged in, you're expired!		$db = $gDB; 	GLOBAL $gDB; 	GLOBAL $gUser; 	GLOBAL $TIMEOUT_IN_SECONDS; ad
<00>
y<00><00><00>oaTR;" <00><00><00><00><00><00><00>\M7<00>
<00>
<00>
<00>
r
6
!





<00><00><00><00><00>U<00>yf<00>
<00>
<00>
<00>
<00>
t
e
W
-
+

<00>	<00>	<00>	<00>	<00>	<00>	<00>	<00>	<00>	g	>	$	
	<00><00><00><00><00><00><00><00>_<00><00>a<00><00><<00><00><00><00><00>qV:<00><00><00><00><00><00>i3
<00><00><00>}#<00><00><00><00><00><00>zH<00>
F	// gStrings[83] = "you have exceeded the maximum number of login attempts..."	// gStrings[18] = "invalid username or password"	// gStrings[17] = "session has timed out"	// deals with redirect resulting from login error		}		return 1;		print "<p>";		lib_login_show_logout_link($gString[1]);		print $SUB_HEAD_TAG_OPEN . $gString[16] .  " $username" . $SUB_HEAD_TAG_CLOSE . "<br>";		// gStrings[16] = "logged in as" gStrings[1] = "logout"	{	if($username != "")	$username = lib_login_get_username_by_session();		// display "logged in as $username" and return	// if they are, no need to show the login form so we	// check and see if user is already logged in.		GLOBAL	$PHP_SELF;	GLOBAL	$gString;	GLOBAL	$HTTP_HOST;	GLOBAL	$SECURE_SUBMIT;	GLOBAL	$BODY_TAG_CLOSE;	GLOBAL	$BODY_TAG_OPEN;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;	GLOBAL	$HEADER_TAG_CLOSE;	GLOBAL	$HEADER_TAG_OPEN;	GLOBAL	$LIB_LOGIN_BASEDIR;{function lib_login_show_login_form_art($error, $artpath)	{lib_login_show_login_form_art($error, "");}function lib_login_show_login_form($error)**---------------------------------------------------------------------*/** the gif, png or jpeg that will be used as the submit button.        *** load that takes a second argument $artpath. $artpath is the path to *** displays the login form. lib_login_show_login_form_art is an over-  *** lib_login_show_login_form_art** lib_login_show_login_form                                           */*---------------------------------------------------------------------*/*============================== ^^^^^^^ ==============================*//*============================== SHOWERS ==============================*/}	return $html;		}		$result->MoveNext();					$SUB_HEAD_TAG_CLOSE . "</a><br>\n";					$result->Fields["username"] .					$SUB_HEAD_TAG_OPEN .					$result->Fields["email"] . "\">" . 		$html .= 	"<a href=\"mailto:" .	{	while(!$result->EOF)		$result = $db->Execute($sql_list);SQL10;		WHERE	lastlogin>$expired		FROM	tbl_users 		SELECT	username, email	$sql_list =<<<SQL10		$expired = time() - $TIMEOUT_IN_SECONDS;	$db = 	$gDB;	GLOBAL 	$gDB;	GLOBAL 	$TIMEOUT_IN_SECONDS;	GLOBAL	$SUB_HEAD_TAG_CLOSE;	GLOBAL	$SUB_HEAD_TAG_OPEN;{function lib_login_list_online_users()// are logged in or not! ** fixed 06-19-01// this function will return users with a valid lastlogin whether they// oops (06-13-01)**---------------------------------------------------------------------*/** in in <br> delimited html with mailto: tags                         *** returns a list of all non-timed-out users who are currently logged  *** lib_login_list_online_users                                         */*---------------------------------------------------------------------*}	return $option_list;		}		$result->MoveNext();		}						"</option>\n";						$result->fields[0] . " (" . $result->fields[1] . ")";						"\">" .						$result->fields[0] . 		$option_list .= "<option value=\"" .		{		if($result->fields[0] != $UBER_USER) 	// don't list UBER_USER	{											// this index will survive new ddl	while(!$result->EOF)	// retreived.	// cook up a string of <options> with all usernames		$result = $db->execute($sql_group);echo $sql_group;SQL;		ORDER BY	$orderby		FROM		tbl_group		SELECT		username, gid	$sql_group =<<<SQL			$orderby = "username";	if($orderby != "gid")		$db = $gDB;	GLOBAL	$gDB;	GLOBAL	$gString;{function lib_login_get_users_groups_html($orderby)**---------------------------------------------------------------------*/ad<00>r <00><00><00><00><00>=<;<00><00><00><00><00><00><00>}|{xwvu+<00>
<00>
<00>
N

<00>r,<00>