-
Notifications
You must be signed in to change notification settings - Fork 0
/
management.php
145 lines (85 loc) · 4.6 KB
/
management.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
<?php
require_once("config.php");
/**
*
* Login page, self posts to become management page
*
* @author Patrick Lockley
* @version 1.0
* @copyright Copyright (c) 2008,2009 University of Nottingham
* @package
*/
require $xerte_toolkits_site->php_library_path . "login_library.php";
require $xerte_toolkits_site->php_library_path . "display_library.php";
/*
* As with index.php, check for posts and similar
*/
if((!isset($_POST["login"]))&&(!isset($_POST["password"]))){
$buffer = login_page_format_top(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "mgt_top"));
$buffer .= "<p>This is the management panel. Only site administrators can access this resource.</p>";
$buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom"));
echo $buffer;
}
/*
* Some data has been posted, interpret as a log in attempt
*/
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
/**
* Username and password left empty
*/
if(($_POST["login"]=="")&&($_POST["password"]=="")){
$buffer = login_page_format_top(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "mgt_top"));
$buffer .= "<p>Please enter your username and password</p>";
$buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom"));
echo $buffer;
/*
* Username left empty
*/
}else if($_POST["login"]==""){
$buffer = login_page_format_top(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "mgt_top"));
$buffer .= "<p>Please enter your username</p>";
$buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom"));
echo $buffer;
/*
* Password left empty
*/
}else if($_POST["password"]==""){
$buffer = login_page_format_top(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "mgt_top"));
$buffer .= "<p>Please enter your password</p>";
$buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom"));
echo $buffer;
/*
* Password and username provided, so try to authenticate
*/
}else{
if(($_POST["login"]==$xerte_toolkits_site->admin_username)&&($_POST["password"]==$xerte_toolkits_site->admin_password)){
$_SESSION['toolkits_logon_id'] = "site_administrator";
require $xerte_toolkits_site->php_library_path . "user_library.php";
$_SESSION['toolkits_logon_username'] = "adminuser";
$mysql_id=database_connect("management.php database connect success","management.php database connect fail");
/*
* Check the user is set as an admin in the usertype record in the logindetails table, and display the page
*/
echo file_get_contents($xerte_toolkits_site->website_code_path . "admin_headers");
echo "<script type=\"text/javascript\"> // JAVASCRIPT library for fixed variables\n // management of javascript is set up here\n // SITE SETTINGS\n";
echo "var site_url = \"" . $xerte_toolkits_site->site_url . "\";\n";
echo "var site_apache = \"" . $xerte_toolkits_site->apache . "\";\n";
echo "var properties_ajax_php_path = \"website_code/php/properties/\";";
echo "var management_ajax_php_path = \"website_code/php/management/\";";
echo "var ajax_php_path = \"website_code/php/\";</script>";
echo admin_page_format_top(file_get_contents($xerte_toolkits_site->website_code_path . "admin_top"));
echo file_get_contents($xerte_toolkits_site->website_code_path . "admin_middle");
}else{
/*
* Wrong password message
*/
$buffer = login_page_format_top(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_top"));
$buffer .= "<p>Sorry that password combination was not correct</p>";
$buffer .= login_page_format_bottom(file_get_contents($xerte_toolkits_site->root_file_path . $xerte_toolkits_site->website_code_path . "login_bottom"));
echo $buffer;
}
}
}
?>
</body>
</html>