Has anyone figured out how to create a user registration form for BT Server? I am sure it's possible, maybe by having the details inserted into the database?

nevermind, David helped answer this on another thread, so I am well on my way! I will share my results here soon.

Try this.... 1) Open index.php (the login page in the /BT-server folder), the root folder. 2) Add an HTML link to this screen, point it to 'register.php' in the same directory. 3) Copy /BT-server/admin/user_add.php, save it as 'register.php' in the /root (same directory as index.php, the login page) 4) Replace all occurances of ../ in this file. There will be three of these. One at the very top for the config file. Remove this, make it require_once(config.php). The config.php file is in the same directory so the ../ is not needed. Two more for images. Change these from ../ to images. Like <img src=images/arr_right> 5) Remove two lines of code. Line 9, remove this so a visitor can come to this page without having to be logged in. Line 10, remove this so the visitor does not need to be an admin user. 6) Line 15, change the title of the page to 'Register' or whatever you want to show in the browser title bar 7) Add a link to this page to 'go back' to the login screen. The login is index.php At this point you should be able to go to 'register' and 'back' without any trouble but you have some more work to do.... 8) On the register.php page (your new page), remove the 'user type' drop down list. You don't want new users to choose their own type ;-). 9) Line 33. This is where the userType variable is being set form the choice in the drop down list your removed. Change this to: $userType = 'normal' so new users are normal users instead of admin users. 9) On the register.php page, scroll down to about line 154 or so. This is where the 'User Created Successfully' message shows when an admin person adds a new user. Remember, this page was in the /admin folder so an admin person was using the previous script. Remove the two links to the other admin screens that show when the new user was added by an admin. Put whatever message you want here, like... 'Welcome new user' That should work. I didn't test it but it's not a tough thing. Things to consider....Do you want to send an email to the new user? Do you really want to allow 'just anyone' to register to use your self-hosted software? Trust us on this, it's a major thing to allow the entire world to use your panel. Good luck, bet you can do this in :15 minutes. If you can, be sure to share your results on the forum.

Forgot. Remove the 'left side' admin menu from the HTML. This is line 128 through about line 138. No need to show a new visitor the admin links! Funny.

LOL I just got done creating a register.php - however it took me about 3 hours since I didn't check here for such a quick answer David! LOL So, after trying to use a generic script to insert a new user into the database, I thought of using add_user in the admin side as a starting point, and WALA had it pretty much figured out past that point. Just wish I had checked here first for your hints :) So, now that I have a working register.php file, how hard would it be for me to put the new user's status as un-confirmed in the database until approved by an admin?

by the way, here is a copy of the register.php in case anyone would like to try it out: <?php require_once(config.php); //User Object $guid = ; if(isset($_SESSION[APP_LOGGEDIN_COOKIE_NAME])) $guid = fnFormInput($_SESSION[APP_LOGGEDIN_COOKIE_NAME]); //user object (may or may not be logged in)... $thisUser = new User($guid); $thisUser -> fnUpdateLastRequest($guid); //meta-tag used for redirecting after logging in... $metaRedirect = ; //we may be arriving here after clicking logout. if(isset($_GET[logOut]) || isset($_GET[timedOut])){ $bolDoLogOut = false; if(isset($_GET[logOut])){ if($_GET[logOut] == 1) $bolDoLogOut = true; } if(isset($_GET[timedOut])){ if($_GET[timedOut] == 1) $bolDoLogOut = true; } if($bolDoLogOut){ //make sure user is logged out... $thisUser -> fnUpdateLastRequest($guid, 0); $thisUser -> infoArray[isLoggedIn] = 0; $thisUser->infoArray[guid] = ; //kill cookie and session setcookie(APP_LOGGEDIN_COOKIE_NAME, , time() - 3600); $_SESSION[APP_LOGGEDIN_COOKIE_NAME] = ; //destroy the session. session_destroy(); //erase guid for user... $guid = ; } }//isset($_GET[logOut]) //init page object $thisPage = new Page(); $strMessage = ; $bolDone = false; $bolDidLogIn = false; $bolPassed = true; $dtNow = fnMySqlNow(); $command = fnGetReqVal(command, , $myRequestVars); $logInId = fnGetReqVal(logInId, , $myRequestVars); $logInPassword = fnGetReqVal(logInPassword, , $myRequestVars); $remember = fnGetReqVal(remember, 0, $myRequestVars); $email = fnGetReqVal(email, , $myRequestVars); //creates a random password function fnCreateRandomPassword(){ $chars = ABCDEFGHIJKLMNOPQRSTUVWXYZ023456789; srand((double)microtime()*1000000); $i = 0; $pass = ; while ($i <= 7) { $num = rand() % 33; $tmp = substr($chars, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } //######################################################################## //form submit for login... if($isFormPost && strtoupper($command) == LOGIN){ if(strlen($logInPassword) < 4 || strlen($logInPassword) > 100 ){ $bolPassed = false; $strMessage .= <br />Invalid Password; } //if valid if($bolPassed){ //user class $thisUser = new User(); $tmpGuid = $thisUser->fnIsValidLogin($logInId, $logInPassword); if(strlen($tmpGuid) > 2){ //remember user's login id for about 90 days if they checked remember me //Note: DO NOT REMEMBER PASSWORDS IN COOKIES. EVER. if($remember == 1){ setcookie(APP_REMEMBER_COOKIE_NAME, $tmpGuid, time()+60*60*24*100, /); setcookie(APP_REMEMBER_COOKIE_NAME . -checked, 1, time()+60*60*24*100, /); }else{ setcookie(APP_REMEMBER_COOKIE_NAME, 0, time()+60*60*24*100, /); setcookie(APP_REMEMBER_COOKIE_NAME . -checked, 0, time()+60*60*24*100, /); } //set session var for this users guid... $_SESSION[APP_LOGGEDIN_COOKIE_NAME] = $tmpGuid; //set cookie var for this users guid... setcookie(APP_LOGGEDIN_COOKIE_NAME, $tmpGuid, time()+60*60*24*100, /); //flag user as logged in.... $thisUser -> infoArray[guid] = $tmpGuid; $thisUser -> infoArray[isLoggedIn] = 1; $thisUser -> fnUpdateLastRequest($tmpGuid, 1); //flag as done... $bolDone = true; $bolDidLogIn = true; //create the message to display in the HTML with a link to the users account screen... $strMessage = <div class='doneDiv'><b>Login successful.</b></div>; $strMessage .= <div style='padding-top:5px;'>; $strMessage .= <a href=' . APP_URL . /account/?id= . md5($tmpGuid) . ' target='_self'>Use this link</a> to continue to your account if you're not automatically re-directed.; $strMessage .= </div>; $strMessage .= <div style='padding-top:5px;'>; $strMessage .= Be sure to logout when you're done with your session.; $strMessage .= </div>; //setup the meta-redirect tag (3 second delay)... $metaRedirect = \n<meta http-equiv=\refresh\ content=\3;url= . APP_URL . /account/?id= . md5($tmpGuid) . \>; }else{ //invalid user $bolDidLogIn = false; $strMessage .= <br />Login failed.; } }//if passed }//form submit for login... //form submit forgot password if($isFormPost && strtoupper($command) == FORGOTPASSWORD){ if(!fnIsEmailValid($email)){ $bolPassed = false; $strMessage .= <br />Please enter a valid email address; } //used when sending $uid = ; $ownerGuid = ; $firstName = ; $lastName = ; if($bolPassed){ //fetch account info $strSql = SELECT U.id, U.guid, U.email, U.logInId, U.logInPassword, U.firstName, U.lastName ; $strSql .= FROM . TBL_USERS . AS U ; $strSql .= WHERE U.email = ' . $email . ' LIMIT 0,1; $res = fnDbGetResult($strSql, APP_DB_HOST, APP_DB_NAME, APP_DB_USER, APP_DB_PASS); if($res){ $numRows = mysql_num_rows($res); if($numRows > 0){ $row = mysql_fetch_array($res); $uid = fnFormOutput($row['id']); $ownerGuid = fnFormOutput($row['guid']); $firstName = fnFormOutput($row['firstName']); $lastName = fnFormOutput($row['lastName']); }else{ $bolPassed = false; $strMessage = <br />Your login information could not be located. Are you sure you entered the correct email address?; }//end if rows }else{ $bolPassed = false; $strMessage = <br />Your login information could not be located. Are you sure you entered the correct email address?; }//select_db if(fnIsEmailValid($email) && $ownerGuid != ){ //create a random, temporary password $newPassword = fnCreateRandomPassword(); //update users password to the temporary password.. $strSql = UPDATE . TBL_USERS . SET logInPassword = ' . md5($newPassword) . ', modifiedUTC = ' . $dtNow . '; $strSql .= WHERE guid = ' . $ownerGuid . ' ; //make sure we have an app name... $controlPanelName = Application Name Not setup on Admin > Settings screen; if(defined(APP_ADMIN_EMAIL)){ $controlPanelName = APP_APPLICATION_NAME; } //make sure we have a URL.. $appURL = Application URL Not setup on Admin > Settings screen; if(defined(APP_URL)){ $appURL = APP_URL; } //build the email message... $emailContent = $controlPanelName; $emailContent .= \n\nA request was made to re-set your password. If you did not make this ; $emailContent .= request please contact a system administrator immediately.; $emailContent .= \n\nSystem administrators work hard to protect your privacy and they ; $emailContent .= need to hear from you if this request was made by someone other than you.; $emailContent .= \n\nPassword: . $newPassword; $emailContent .= \n\nLogin here: . $appURL; $emailContent .= \n\nPlease keep your password safe to prevent unauthorized access to your account. ; $emailContent .= After logging in, visit your account settings to re-set your password. ; //send the message... //(toAddress, toName, fromAddress, fromName, subject, body, commandSeperatedAttachs) if(defined(APP_ADMIN_EMAIL)){ if(fnIsEmailValid(APP_ADMIN_EMAIL)){ if(fnSendTextEmail($email, $firstName . . $lastName, APP_ADMIN_EMAIL, $controlPanelName, Re-Set Password, $emailContent)){ //flag $bolDone = true; $strMessage = <b>Password Reset</b>; $strMessage .= <div style='padding-top:15px;'>Your account password has been re-set to a temporary password. We sent the new password to....</div>; $strMessage .= <div style='padding-top:5px;font-size:13pt;font-weight:bold;'> . strtolower(fnFormOutput($email)) . </div>; $strMessage .= <div style='padding-top:5px;'>Be sure to re-set your password after using the temporary password in the email.</div>; $strMessage .= <div style='padding-top:5px;'><a href='#' onclick=\fnShowLogIn();return false;\ title='OK'><img alt=\arrow\ src='images/arr_right.gif' />OK, Hide this message</a></div>; //execute update statement to set new password... fnExecuteNonQuery($strSql, APP_DB_HOST, APP_DB_NAME, APP_DB_USER, APP_DB_PASS); //flag as done... $email = ; $bolDone = true; }else{ //flag $bolDone = false; $strMessage = <span style='color:red;font-weight:bold;'>There was a problem sending an email to <b> . strtolower(fnFormOutput($email)) . </b></span>; $strMessage .= <br />Your account information was found but the system had trouble sending you an email.; }//end if sent. //admin email no good }else{ //flag $bolDone = false; $strMessage = <span style='color:red;font-weight:bold;'>There was a problem sending an email to <b> . strtolower(fnFormOutput($email)) . </b></span>; $strMessage .= <br />The administrtor email on the Admin > Server Settings screen is not a valid email address.; } //admin email not defined }else{ //flag $bolDone = false; $strMessage = <span style='color:red;font-weight:bold;'>There was a problem sending an email to <b> . strtolower(fnFormOutput($email)) . </b></span>; $strMessage .= <br />There is no administrtor email setup on the Admin > Server Settings screen.; } }//valid email address. }//if passed }//form submit forgot password //if form was not submitted... if(!$isFormPost){ $tempGuid = ; $tempRemember = ; if(isset($_COOKIE[APP_REMEMBER_COOKIE_NAME])) $tempGuid = $_COOKIE[APP_REMEMBER_COOKIE_NAME]; if(isset($_COOKIE[APP_REMEMBER_COOKIE_NAME . -checked])) $tempRemember = $_COOKIE[APP_REMEMBER_COOKIE_NAME . -checked]; if(strlen($tempGuid) > 1 && $tempRemember == 1){ $strSql = SELECT U.logInId FROM . TBL_USERS . AS U WHERE U.guid = ' . $tempGuid . ' LIMIT 0, 1; $logInId = fnGetOneValue($strSql, APP_DB_HOST, APP_DB_NAME, APP_DB_USER, APP_DB_PASS); if(strlen($logInId) > 1){ $remember = 1; } }//strlen(tempGuid) }//not submitted. //the css for each box depends on command... $cssLogIn = block; $cssForgotPassword = none; if(strtoupper($command) == LOGIN){ $cssLogIn = block; $cssForgotPassword = none; } if(strtoupper($command) == FORGOTPASSWORD){ $cssLogIn = none; $cssForgotPassword = block; } //if we just logged in, add a meta-redirect... if($metaRedirect != ){ $thisPage->customHeaders = $metaRedirect; } //######################################################################## //form submit for register new user $firstName = fnGetReqVal(firstName,, $myRequestVars); $lastName = fnGetReqVal(lastName,, $myRequestVars); $email = fnGetReqVal(email,, $myRequestVars); $emailConfirm = fnGetReqVal(emailConfirm, , $myRequestVars); $logInId = fnGetReqVal(logInId,, $myRequestVars); $logInPassword = fnGetReqVal(logInPassword,, $myRequestVars); $confirmPassword = fnGetReqVal(confirmPassword,, $myRequestVars); $userType = fnGetReqVal(userType,, $myRequestVars); //######################################################################## //form submit for register new user if($isFormPost){ $newUser = new User(); //init new, empty user $bolPassed = true; if(strlen($firstName) < 1){ $bolPassed = false; $strMessage .= <br />First Name Required; } if(strlen($lastName) < 1){ $bolPassed = false; $strMessage .= <br />Last Name Required; } if(!fnIsEmailValid($email) ){ $bolPassed = false; $strMessage .= <br />Valid Email Required. This needs to be an email address that literally exists and works.; }else{ //make sure emails match if(strtoupper($email) != strtoupper($emailConfirm)){ $bolPassed = false; $strMessage .= <br />Email Addresses Don't Match; }else{ //see if it exists... if($newUser->fnIsEmailInUse($email)){ $bolPassed = false; $strMessage .= <br />Email Address Already Registered. You cannot use this email address; } } } $logInId = strtoupper($email); if(strlen($logInPassword) < 4){ $bolPassed = false; $strMessage .= <br />Password required (at least 4 characters); }else{ if(strtoupper($logInPassword) != strtoupper($confirmPassword)){ $bolPassed = false; $strMessage .= <br />Passwords do not match; } } if(strlen($userType) < 1){ $bolPassed = false; $strMessage .= <br />User Type Required; } //if passed if($bolPassed){ //misc vars. $dtNow = fnMySqlNow(); $userGuid = strtoupper(fnCreateGuid()); //create a new user $objUser = new User(); $objUser->infoArray['guid'] = $userGuid; $objUser->infoArray['userType'] = $userType; $objUser->infoArray['firstName'] = $firstName; $objUser->infoArray['lastName'] = $lastName; $objUser->infoArray['email'] = strtolower($email); $objUser->infoArray['logInId'] = strtolower($email); $objUser->infoArray['logInPassword'] = md5($logInPassword); $objUser->infoArray['dateStampUTC'] = $dtNow; $objUser->infoArray['modifiedUTC'] = $dtNow; $objUser->infoArray['lastPageRequest'] = $dtNow; $objUser->infoArray['isLoggedIn'] = 0; $objUser->infoArray['timeZone'] = 0; $objUser->infoArray['pageRequests'] = 0; $objUser->infoArray['status'] = confirmed; $objUser->infoArray['hideFromControlPanel'] = 0; $objUser->fnInsert(); //flag as done $bolDone = true; }//bolPassed }//form submit register //print html... echo $thisPage->fnGetPageHeaders(); echo $thisPage->fnGetBodyStart(); echo $thisPage->fnGetTopNavBar($thisUser->infoArray['guid']); ?> <script type=text/javascript> //sumbit on enter (password field) function onEnter( evt,frm){ var keyCode = null; if(evt.which){ keyCode = evt.which; }else if(evt.keyCode){ keyCode = evt.keyCode; } if(13 == keyCode){ frm.btnLogin.click(); return false; } return true; } //focus document.body.onload = function(){ var theForm = document.forms[0]; try{ if(theForm.logInId.value != && theForm.logInPassword.value != ){ theForm.btnLogin.focus(); }else{ document.forms[0].logInId.focus(); document.forms[0].logInId.select(); } }catch(er){ } } function fnShowForgotPassword(){ document.getElementById(messageBox).style.display = none; document.getElementById(forgotPasswordInfo).style.display = block; document.getElementById(logInInfo).style.display = none; } function fnShowLogIn(){ document.getElementById(messageBox).style.display = none; document.getElementById(forgotPasswordInfo).style.display = none; document.getElementById(logInInfo).style.display = block; } function fnSubmit(theCommand){ document.forms[0].command.value = theCommand; document.forms[0].submit(); } </script> <input type=hidden name=command id=command value=<?php echo $command;?>/> <div class='content'> <fieldset class='colorLightBg'> <div class='contentBox colorLightBg minHeight'> <div class='contentBand colorBandBg'> Create New Account </div> <div style='padding:10px;'> <?php if($bolDone ){ ?> <div class='doneDiv'> <b>Account Created Successfully. You May Now Login!</b> <p><a href='index.php'>Click Here to Login</a></p> <!-- div style='padding-top:10px;'> <a href=<?php * echo APP_URL;?>/admin/users.php?viewStyle=<?php echo $viewStyle; **/?>><img src=../images/arr_right.gif alt=arrow/>Manage Users</a> </div> <div style='padding-top:10px;'> <a href=<?php * echo APP_URL;?>/account/?viewStyle=<?php echo $viewStyle; **/ ?>><img src=../images/arr_right.gif alt=arrow/>Account Home</a> </div> </div> <?php }?> <?php if(!$bolDone) { ?> <?php if($strMessage != ){ ?> <div class='errorDiv'> <?php echo $strMessage;?> </div> <?php } ?> <div style='padding:10px;float:left;margin-right:20px;'> <label>First Name</label> <input type=text value=<?php echo fnFormOutput($firstName)?> name=firstName id=firstName maxlength='50' style=width:200px;/> <label>Last Name</label> <input type=text value=<?php echo fnFormOutput($lastName)?> name=lastName id=lastName maxlength='50' style=width:200px;/> <label>Email Address</label> <input type=text value=<?php echo fnFormOutput($email)?> name=email id=email maxlength='100' style=width:200px;/> <label>Re-Enter Email</label> <input type=text value=<?php echo fnFormOutput($emailConfirm)?> name=emailConfirm id=emailConfirm maxlength='100' style=width:200px;/> <label>Choose a Password</label> <input type=password value=<?php echo fnFormOutput($logInPassword)?> name=logInPassword id=logInPassword maxlength='100' style=width:200px;/> <label>Confirm Password</label> <input type=password value=<?php echo fnFormOutput($confirmPassword)?> name=confirmPassword id=confirmPassword maxlength='100' style=width:200px;/> <input type=hidden name=userType value=normal></input> <div style='padding-top:5px;'> <input type=button class=buttonSubmit value=submit onclick=document.forms[0].submit();> <input type=button class=buttonCancel value=cancel onclick=document.location.href='<?php echo APP_URL;?>/admin/users.php?viewStyle=<?php echo $viewStyle;?>';> </div> </div> <?php } ?> </div> <!--content box--> </div> <!--box right--> </div> </fieldset> <?php echo $thisPage->fnGetBottomNavBar();?> </div> <?php echo $thisPage->fnGetBodyEnd(); ?>

I agree about making new users not confirmed by default until approved by admin or triggered by a paypal IPN or alertpay IPN or something. I noticed there is a user status field in the users table, is there a way to set that to un-confirmed by default through this form? Also, how would I add a field in the admin-side user's table that would let me set users to confirmed or un-confirmed? maybe just a column that holds little green check icon for confirmed or a red x for not-activated-yet. This is fun!

Unconfirmed; Just set the 'status = unconfirmed' in the User Object before it does 'insert' The next trick will be automating how to set them as 'confirmed' Maybe another file or landing page that the user visits from a link in the email you send them?

awesome, found it! yes, i guess the best thing to do is have a welcome email sent with a link to a script that activates their account. then once you add payment, you could use the same script to listen for the paypal IPN right?

That would work. All depends on what you're trying to do. Souns like you want to charge folks to do what we do for free? LOL

Along this line, my question is how would you give a normally user the ability to work on a shared app, but limit their ability to create an app. Also would it be possible to share just a portion of an app without granting access to all screens? Fred

Interesting question Fred, that would definitely be useful letting staff or more than one person share an app development process. However I fear must be too complicated especially if you were to restrict or allow access to certain parts of an app... that would require more granular access control options I would think. Of course I am only speculating. I am working next on using this same registration form to send email to the user with a confirmation link. I saw in the credits that this system use phpmail and also smtp.. David would phpmail work for this or would i have to go through smtp for an outbound message?

@jasonthewebmaster: You could just use the function fnSendTextEmail($toAddress, $toName, $fromAddress, $fromName, $subject, $body, $commaSeperatedAttachs) method in the utiltities. class. See how this is used in the BT-server/index.php (forgot password) method. Should work find. App Permission: Have a look at any screen in the /bt_v15/bt_app folder. These are all the screens used to manage an application. The index.php page in this folder is the 'landing page' for an app. We call this App Home. We anticipated this quesiton, and hope to continue developing the 'who can manage what apps' idea. Today, becuase we thought about this in advance, all the 'who can manage this app' logic is controlled by one method: fnCanManageApp(). This is in the /includes/class.App.php file. All this method does is check to see if the person logged in is an Admin or the apps owner. If so, all good. If not, no good. To extend this, and to allow a user to manage apps they did not create, but not make them admins, you'll need to do a few things. I'm engineering as I type so ignore obivous missed thoughts.... a) Make a table called app_access or something. This table would hold a record for userGuid and appGuid and appAccessPassword. b) The fnCanManageApp() method would do a query to check this table. If the person isn't the owner, or an admin, they would need a record in that table in order to manage the app. c) Admins and app owners could 'allow others' to manage their apps. Probabaly an invitiation by the app owner. d) One person could have many apps in this table that they are 'allowed' to manage that they don't own. This logic would require a few methods and screens to grant or revoke the access to a certain app. Maybe an 'app admins' link in the apps control panel. Only the owner and admins would see this link. This link would lead to a page to allow the owner / admin to 'invite' an email address to admin their app. An email could go out, with a link leading to a landing page that asked the user to confirm the app's 'access password' my two cents.

Thanks for the contributions to this thread everyone. @jasonthewebmaster I see you are working on continuing the registration piece to automate the confirmed process for users. I too am interested in this type of functionality. Will you be posting that here in the forum as well? Thanks, Richard Wing skype - richardwing

Man I still cant get this to work I think my HTML link that points to the register.php is wrong or in the wrong place. What should the HTML link look like and where should it go on the php directory. Or does someone have the php file we could just download and install

@Photo P: Post the URL to you install so the gang can see the landing page where the 'register' link is. Should be easy to see where the HTML is broken if we can see it.

Hi - I'm stuck on this step: 2) Add an HTML link to this screen, point it to 'register.php' in the same directory. Any help would be appreciated. Here's my index.php code: <?php require_once(config.php); //User Object $guid = ; if(isset($_SESSION[APP_LOGGEDIN_COOKIE_NAME])) $guid = fnFormInput($_SESSION[APP_LOGGEDIN_COOKIE_NAME]); //user object (may or may not be logged in)... $thisUser = new User($guid); $thisUser -> fnUpdateLastRequest($guid); //meta-tag used for redirecting after logging in... $metaRedirect = ; //we may be arriving here after clicking logout. if(isset($_GET[logOut]) || isset($_GET[timedOut])){ $bolDoLogOut = false; if(isset($_GET[logOut])){ if($_GET[logOut] == 1) $bolDoLogOut = true; } if(isset($_GET[timedOut])){ if($_GET[timedOut] == 1) $bolDoLogOut = true; } if($bolDoLogOut){ //make sure user is logged out... $thisUser -> fnUpdateLastRequest($guid, 0); $thisUser -> infoArray[isLoggedIn] = 0; $thisUser->infoArray[guid] = ; //kill cookie and session setcookie(APP_LOGGEDIN_COOKIE_NAME, , time() - 3600); $_SESSION[APP_LOGGEDIN_COOKIE_NAME] = ; //destroy the session. session_destroy(); //erase guid for user... $guid = ; } }//isset($_GET[logOut]) //init page object $thisPage = new Page(); $strMessage = ; $bolDone = false; $bolDidLogIn = false; $bolPassed = true; $dtNow = fnMySqlNow(); $command = fnGetReqVal(command, , $myRequestVars); $logInId = fnGetReqVal(logInId, , $myRequestVars); $logInPassword = fnGetReqVal(logInPassword, , $myRequestVars); $remember = fnGetReqVal(remember, 0, $myRequestVars); $email = fnGetReqVal(email, , $myRequestVars); //creates a random password function fnCreateRandomPassword(){ $chars = ABCDEFGHIJKLMNOPQRSTUVWXYZ023456789; srand((double)microtime()*1000000); $i = 0; $pass = ; while ($i <= 7) { $num = rand() % 33; $tmp = substr($chars, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } //######################################################################## //form submit for login... if($isFormPost && strtoupper($command) == LOGIN){ if(strlen($logInPassword) < 4 || strlen($logInPassword) > 100 ){ $bolPassed = false; $strMessage .= <br />Invalid Password; } //if valid if($bolPassed){ //user class $thisUser = new User(); $tmpGuid = $thisUser->fnIsValidLogin($logInId, $logInPassword); if(strlen($tmpGuid) > 2){ //remember user's login id for about 90 days if they checked remember me //Note: DO NOT REMEMBER PASSWORDS IN COOKIES. EVER. if($remember == 1){ setcookie(APP_REMEMBER_COOKIE_NAME, $tmpGuid, time()+60*60*24*100, /); setcookie(APP_REMEMBER_COOKIE_NAME . -checked, 1, time()+60*60*24*100, /); }else{ setcookie(APP_REMEMBER_COOKIE_NAME, 0, time()+60*60*24*100, /); setcookie(APP_REMEMBER_COOKIE_NAME . -checked, 0, time()+60*60*24*100, /); } //set session var for this users guid... $_SESSION[APP_LOGGEDIN_COOKIE_NAME] = $tmpGuid; //set cookie var for this users guid... setcookie(APP_LOGGEDIN_COOKIE_NAME, $tmpGuid, time()+60*60*24*100, /); //flag user as logged in.... $thisUser -> infoArray[guid] = $tmpGuid; $thisUser -> infoArray[isLoggedIn] = 1; $thisUser -> fnUpdateLastRequest($tmpGuid, 1); //flag as done... $bolDone = true; $bolDidLogIn = true; //create the message to display in the HTML with a link to the users account screen... $strMessage = <div class='doneDiv'><b>Login successful.</b></div>; $strMessage .= <div style='padding-top:5px;'>; $strMessage .= <a href=' . APP_URL . /account/?id= . md5($tmpGuid) . ' target='_self'>Use this link</a> to continue to your account if you're not automatically re-directed.; $strMessage .= </div>; $strMessage .= <div style='padding-top:5px;'>; $strMessage .= Be sure to logout when you're done with your session.; $strMessage .= </div>; //setup the meta-redirect tag (3 second delay)... $metaRedirect = \n<meta http-equiv=\refresh\ content=\3;url= . APP_URL . /account/?id= . md5($tmpGuid) . \>; }else{ //invalid user $bolDidLogIn = false; $strMessage .= <br />Login failed.; } }//if passed }//form submit for login... //form submit forgot password if($isFormPost && strtoupper($command) == FORGOTPASSWORD){ if(!fnIsEmailValid($email)){ $bolPassed = false; $strMessage .= <br />Please enter a valid email address; } //used when sending $uid = ; $ownerGuid = ; $firstName = ; $lastName = ; if($bolPassed){ //fetch account info $strSql = SELECT U.id, U.guid, U.email, U.logInId, U.logInPassword, U.firstName, U.lastName ; $strSql .= FROM . TBL_USERS . AS U ; $strSql .= WHERE U.email = ' . $email . ' LIMIT 0,1; $res = fnDbGetResult($strSql, APP_DB_HOST, APP_DB_NAME, APP_DB_USER, APP_DB_PASS); if($res){ $numRows = mysql_num_rows($res); if($numRows > 0){ $row = mysql_fetch_array($res); $uid = fnFormOutput($row['id']); $ownerGuid = fnFormOutput($row['guid']); $firstName = fnFormOutput($row['firstName']); $lastName = fnFormOutput($row['lastName']); }else{ $bolPassed = false; $strMessage = <br />Your login information could not be located. Are you sure you entered the correct email address?; }//end if rows }else{ $bolPassed = false; $strMessage = <br />Your login information could not be located. Are you sure you entered the correct email address?; }//select_db if(fnIsEmailValid($email) && $ownerGuid != ){ //create a random, temporary password $newPassword = fnCreateRandomPassword(); //update users password to the temporary password.. $strSql = UPDATE . TBL_USERS . SET logInPassword = ' . md5($newPassword) . ', modifiedUTC = ' . $dtNow . '; $strSql .= WHERE guid = ' . $ownerGuid . ' ; //make sure we have an app name... $controlPanelName = Application Name Not setup on Admin > Settings screen; if(defined(APP_ADMIN_EMAIL)){ $controlPanelName = APP_APPLICATION_NAME; } //make sure we have a URL.. $appURL = Application URL Not setup on Admin > Settings screen; if(defined(APP_URL)){ $appURL = APP_URL; } //build the email message... $emailContent = $controlPanelName; $emailContent .= \n\nA request was made to re-set your password. If you did not make this ; $emailContent .= request please contact a system administrator immediately.; $emailContent .= \n\nSystem administrators work hard to protect your privacy and they ; $emailContent .= need to hear from you if this request was made by someone other than you.; $emailContent .= \n\nPassword: . $newPassword; $emailContent .= \n\nLogin here: . $appURL; $emailContent .= \n\nPlease keep your password safe to prevent unauthorized access to your account. ; $emailContent .= After logging in, visit your account settings to re-set your password. ; //send the message... //(toAddress, toName, fromAddress, fromName, subject, body, commandSeperatedAttachs) if(defined(APP_ADMIN_EMAIL)){ if(fnIsEmailValid(APP_ADMIN_EMAIL)){ if(fnSendTextEmail($email, $firstName . . $lastName, APP_ADMIN_EMAIL, $controlPanelName, Re-Set Password, $emailContent)){ //flag $bolDone = true; $strMessage = <b>Password Reset</b>; $strMessage .= <div style='padding-top:15px;'>Your account password has been re-set to a temporary password. We sent the new password to....</div>; $strMessage .= <div style='padding-top:5px;font-size:13pt;font-weight:bold;'> . strtolower(fnFormOutput($email)) . </div>; $strMessage .= <div style='padding-top:5px;'>Be sure to re-set your password after using the temporary password in the email.</div>; $strMessage .= <div style='padding-top:5px;'><a href='#' onclick=\fnShowLogIn();return false;\ title='OK'><img alt=\arrow\ src='images/arr_right.gif' />OK, Hide this message</a></div>; //execute update statement to set new password... fnExecuteNonQuery($strSql, APP_DB_HOST, APP_DB_NAME, APP_DB_USER, APP_DB_PASS); //flag as done... $email = ; $bolDone = true; }else{ //flag $bolDone = false; $strMessage = <span style='color:red;font-weight:bold;'>There was a problem sending an email to <b> . strtolower(fnFormOutput($email)) . </b></span>; $strMessage .= <br />Your account information was found but the system had trouble sending you an email.; }//end if sent. //admin email no good }else{ //flag $bolDone = false; $strMessage = <span style='color:red;font-weight:bold;'>There was a problem sending an email to <b> . strtolower(fnFormOutput($email)) . </b></span>; $strMessage .= <br />The administrtor email on the Admin > Server Settings screen is not a valid email address.; } //admin email not defined }else{ //flag $bolDone = false; $strMessage = <span style='color:red;font-weight:bold;'>There was a problem sending an email to <b> . strtolower(fnFormOutput($email)) . </b></span>; $strMessage .= <br />There is no administrtor email setup on the Admin > Server Settings screen.; } }//valid email address. }//if passed }//form submit forgot password //if form was not submitted... if(!$isFormPost){ $tempGuid = ; $tempRemember = ; if(isset($_COOKIE[APP_REMEMBER_COOKIE_NAME])) $tempGuid = $_COOKIE[APP_REMEMBER_COOKIE_NAME]; if(isset($_COOKIE[APP_REMEMBER_COOKIE_NAME . -checked])) $tempRemember = $_COOKIE[APP_REMEMBER_COOKIE_NAME . -checked]; if(strlen($tempGuid) > 1 && $tempRemember == 1){ $strSql = SELECT U.logInId FROM . TBL_USERS . AS U WHERE U.guid = ' . $tempGuid . ' LIMIT 0, 1; $logInId = fnGetOneValue($strSql, APP_DB_HOST, APP_DB_NAME, APP_DB_USER, APP_DB_PASS); if(strlen($logInId) > 1){ $remember = 1; } }//strlen(tempGuid) }//not submitted. //the css for each box depends on command... $cssLogIn = block; $cssForgotPassword = none; if(strtoupper($command) == LOGIN){ $cssLogIn = block; $cssForgotPassword = none; } if(strtoupper($command) == FORGOTPASSWORD){ $cssLogIn = none; $cssForgotPassword = block; } //if we just logged in, add a meta-redirect... if($metaRedirect != ){ $thisPage->customHeaders = $metaRedirect; } //print html... echo $thisPage->fnGetPageHeaders(); echo $thisPage->fnGetBodyStart(); echo $thisPage->fnGetTopNavBar($thisUser->infoArray['guid']); ?> <script type=text/javascript> //sumbit on enter (password field) function onEnter( evt,frm){ var keyCode = null; if(evt.which){ keyCode = evt.which; }else if(evt.keyCode){ keyCode = evt.keyCode; } if(13 == keyCode){ frm.btnLogin.click(); return false; } return true; } //focus document.body.onload = function(){ var theForm = document.forms[0]; try{ if(theForm.logInId.value != && theForm.logInPassword.value != ){ theForm.btnLogin.focus(); }else{ document.forms[0].logInId.focus(); document.forms[0].logInId.select(); } }catch(er){ } } function fnShowForgotPassword(){ document.getElementById(messageBox).style.display = none; document.getElementById(forgotPasswordInfo).style.display = block; document.getElementById(logInInfo).style.display = none; } function fnShowLogIn(){ document.getElementById(messageBox).style.display = none; document.getElementById(forgotPasswordInfo).style.display = none; document.getElementById(logInInfo).style.display = block; } function fnSubmit(theCommand){ document.forms[0].command.value = theCommand; document.forms[0].submit(); } </script> <input type=hidden name=command id=command value=<?php echo $command;?>/> <div class='content'> <fieldset class='colorLightBg'> <div class='contentBox colorLightBg minHeight'> <div class='contentBand colorBandBg'> Welcome </div> <div style='padding:15px;'> <!--show message if arriving here while logged in --> <?php if(strlen($thisUser->infoArray[guid]) > 1 && !$bolDidLogIn){ ?> <div class='doneDiv'> You are logged in as <b><?php echo fnFormOutput($thisUser->infoArray[firstName] . . $thisUser->infoArray[lastName]);?></b> </div> <div style='padding-top:5px;'> <a href=<?php echo APP_URL . /account;?> title='Account'><img src=images/arr_right.gif alt=arrow>Show my account control panel</a> </div> <div style='padding-top:5px;'> <a href=<?php echo APP_URL . /?logOut=1;?> title='Logout'><img src=images/arr_right.gif alt=arrow>Logout</a> </div> <?php } ?> <!--show message if we just logged in, else show login form --> <?php if($bolDidLogIn) { ?> <?php echo $strMessage;?> <div style='margin-left:auto;margin-right:auto;width:75px;'> <img src='images/gif-loading-small.gif' alt='loading'/> </div> <?php } ?> <!--show login form if we are not logged in --> <?php if(strlen($thisUser->infoArray[guid]) < 1){?> <div id=messageBox name=messageBox> <?php if($strMessage != && !$bolDone){ ?> <div class='errorDiv'> <?php echo $strMessage;?> </div> <?php } ?> <?php if($strMessage != && $bolDone){ ?> <div class='doneDiv'> <?php echo $strMessage;?> </div> <?php } ?> </div> <?php if(isset($_GET[timedOut])){ ?> <?php if($_GET[timedOut] == 1){ ?> <div class='errorDiv'> <br/>Your logged in session has ended. </div> <br/> <?php } ?> <?php } ?> <?php if(isset($_GET[logOut])){ ?> <?php if($_GET[logOut] == 1){ ?> <div class='doneDiv'> You have been logged out. </div> <br/> <?php } ?> <?php } ?> <div id=logInInfo style=display:<?php echo $cssLogIn;?>> <label>Login Id   <span style='font-weight:normal;'><i>usually your email address</i></span></label> <input type=text value=<?php echo strtolower(fnFormOutput($logInId));?> name=logInId id=logInId maxlength=75 /> <label>Password</label> <input type=password value=<?php echo fnFormOutput($logInPassword);?> name=logInPassword id=logInPassword maxlength=20 onkeypress=return onEnter(event,this.form); /> <div class=pcheckbox> <input type=checkbox value=1 <?php echo fnGetChecked($remember, 1);?> name=remember id=remember /> Remember My Login Id </div> <div class='pcheckbox' style='padding-top:5px;;'> <input type=button id=btnLogin class=buttonSubmit value=login onclick=fnSubmit('logIn');return false; /> </div> <div style='padding-top:10px;'> <a href='#' onclick=fnShowForgotPassword();return false; title='Forgot password'><img alt=arrow src='images/arr_right.gif' />Forgot password?</a> </div> </div> <div id=forgotPasswordInfo style=display:<?php echo $cssForgotPassword;?>> <?php if(!$bolDone){ ?> <label>Enter your Email Address</label> <input type=text value=<?php echo strtolower(fnFormOutput($email));?> name=email id=email maxlength=150 /> <div style='padding-top:5px;;'> <input type=button id=btnSubmitForgot class=buttonSubmit value=submit onclick=fnSubmit('forgotPassword');return false; /> </div> <div style='padding-top:10px;'> <a href='#' onclick=fnShowLogIn();return false; title='Cancel'><img alt=arrow src='images/arr_right.gif' />Cancel, Show Login</a> </div> <?php } ?> </div> <?php } ?> </div> </div> </fieldset> <?php echo $thisPage->fnGetBottomNavBar();?> </div> <?php echo $thisPage->fnGetBodyEnd(); ?>