* * All rights reserved. No warranty, explicit or implicit, provided. */ require_once 'common/tnt-config.php'; #$url="https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; # echo $url; #if(substr($_SERVER['REQUEST_URI'],10,4)=="1099") { header("Location:https://hourworld.org/bank/index.htm?hw=1099"); } #-------------------------------------------------------------- # LOGIN PAGE # Server-side: # 1. Start a session # 2. Clear the session # 3. Generate a random challenge string # 4. Save the challenge string in the session # 5. Expose the challenge string to the page via a hidden input field # # Client-side: # 1. When the completes the form and clicks on Login button # 2. Validate the form (i.e. verify that all the fields have been filled out) # 3. Set the hidden response field to HEX(MD5(server-generated-challenge + user-supplied-password)) # 4. Submit the form #-------------------------------------------------------------- if(!isset($_SESSION)) { session_start(); } session_unset(); srand(); $challenge = ""; for ($i = 0; $i < 80; $i++) { $challenge .= dechex(rand(0, 15)); } $_SESSION['challenge'] = $challenge; ?> We'll be in touch!"; $lblName = getMessage('lblName'); #"Name"; $lblEmail = getMessage('lblEmail'); #"Email"; $lblPhone = getMessage('lblPhone'); #"Phone"; $loginOK = getMessage('loginOK'); #"It's OK! - Login and we'll take you to your time bank."; $lblTOS = getMessage('lblTOS'); #"TOS"; $lblPrivacy = getMessage('lblPrivacy'); #"Privacy"; $pathTOS = getMessage('pathTOS'); #"path to TOS"; $pathPrivacy = getMessage('pathPrivacy'); #"path to Privacy"; $pathHELP = getMessage('pathHELP'); #"Help.pdf" # Get the failed login message if any if(isset($_REQUEST['msg'])) { $msg = $_REQUEST['msg']; } else { $msg = ""; } if(!isset($_REQUEST['panel'])) { $panel=0; } else { $panel = $_REQUEST['panel']; } ?> <?php echo $orgName." ".$caption; ?>
"; echo "$homepage"; } else { echo "$homepage"; } } else { if($OrgImg=="") { $OrgImg = $orgEID.'.jpg'; } $logoName = '../db_images/'.$OrgImg; if(file_exists($logoName)) { echo "$homepage"; } } ?>
"; #echo "
".date('l jS F, Y')."
"; if($_SESSION['lang']=="es") { echo "
".get_date_spanish(time())." ".get_date_spanish(time(),true,'Y')."
"; } elseif($_SESSION['lang']=="cs") { echo "
".get_date_czech(time())." ".get_date_czech(time(),true,'Y')."
"; } elseif($_SESSION['lang']=="fr") { echo "
".get_date_french(time())." ".get_date_french(time(),true,'Y')."
"; } elseif($_SESSION['lang']=="it") { echo "
".get_date_italian(time())." ".get_date_italian(time(),true,'Y')."
"; } else { echo "
".date('l jS F, Y')."
"; } $orgCSZ = str_replace("Phone","
$lblPhone",$orgCSZ); echo "
$orgCSZ
"; ?>
$loginOK"; } if(isset($_COOKIE['cookname'])) { $remUser = $_COOKIE['cookname']; #UpdateRec("tbl_memXtra","remUser",$remUser,"EID=$orgEID AND memID=$m"); } else { $remUser = ""; } if($orgEID==1000) { $remUser = "admin" . "@hourworld.org"; $remPW = "Mona@123"; } ?>
$lblEmail "; ?>   $lblPass "; if($orgEID==1000) { echo ""; } else { echo ""; } echo "   "; echo "
$lblTOS $lblPrivacy
"; echo "
"; if($orgEID != 1000) { echo "
$Instr4"; #Can't Login? } else { echo "
$Instr4"; } echo "
"; ?>
"; if($orgEID!=1000) { echo "
"; if($_SESSION['lang']=="fr") { echo ""; } else { echo ""; } ?>
"; ?>
$orgMotto
"; ?>
"; echo ""; } else { #Not a member? Apply here. echo "
"; echo "
"; } ?>
".DLookup("Eblast","tbl_Eblast","EID=$orgEID AND msgType=6 AND Category='Admin' AND PostNum=1",$dbh)."

"; ?>

$lblContact

$orgCSZ
$TicketInstr

"; echo "
"; echo ""; echo "$lblName

"; echo "$lblEmail  
"; echo " "; echo ""; echo ""; echo "
"; } #if the member has submitted a ticket with the form if(isset($_POST['openCoord']) AND filter_var($_POST['cEmail'],FILTER_VALIDATE_EMAIL) AND filter_var($_POST['cName'], FILTER_VALIDATE_REGEXP,array("options"=>array("regexp"=>"/^[-a-zA-Z0-9 .,']+$/") ))) { $browser = new Browser(); $local = $browser->__toString(); $cEmail = $_POST['cEmail']; $cName = $_POST['cName']; #lookup the admin user for hOurworld set to receive 'G' General mail for SendTo and ReplyTo $to = Dlookup("Email","tbl_admin","EID=$orgEID AND GenMail='T'",$dbh); $subject = "Question from $cName - posted from the login form."; $body = $subject . "\n\n
" . $_POST['coord']." \n\n
Member Name: $cName \n\n
Email: $cEmail \n\n
$local"; $body = FormatString(TAbr($body)); #thank the user and let them know we'll be in touch, apologize if there has been an inconvenience $res = simpleEmail($cEmail,$cName,$to,$subject,$body); if($res) { echo "

$ContactMsg

"; } else { echo "Problem sending mail."; } } else { if(isset($_POST['openCoord'])) { if(!filter_var($_POST['cEmail'],FILTER_VALIDATE_EMAIL)) { echo "

Please enter a valid email address!

"; } if(!filter_var($_POST['cName'], FILTER_VALIDATE_REGEXP,array("options"=>array("regexp"=>"/^[-a-zA-Z0-9 .,']+$/")))) { echo "

Please enter a valid first name!

"; } } } ?>

Failed username / password combination."; echo "

$Instr4

"; } ?>
".DLookup("Eblast","tbl_Eblast","EID=$orgEID AND msgType=8 AND Category='Admin' AND PostNum=7",$dbh)."

"; ?>
".DLookup("Eblast","tbl_Eblast","EID=777 AND msgType=8 AND Category='AdminUK' AND PostNum=7",$dbh)."

"; } ?>
".DLookup("Eblast","tbl_Eblast","EID=777 AND msgType=8 AND Category='Admin' AND PostNum=7",$dbh)."

"; } ?>
".DLookup("Eblast","tbl_Eblast","EID=$orgEID AND msgType=7 AND Category='Admin' AND PostNum=4",$dbh)."

"; } else { echo "

New Exchanges

"; $getTB = "SELECT OrgName, OrgCSZ, Country FROM `tbl_OrgInfo` WHERE EID != 1516 ORDER BY `tbl_OrgInfo`.`unixTime` DESC LIMIT 20"; $resTB = $dbh->query($getTB); while($rowTB = $resTB->fetch_array(MYSQLI_ASSOC)) { echo "".$rowTB['OrgName']."
".$rowTB['OrgCSZ']."
"; } $resTB->free(); } ?>