From f4d05bd84b2728bb5b73f0603b49e3a86ee0a304 Mon Sep 17 00:00:00 2001 From: Vladimir H Date: Sun, 14 Dec 2008 14:13:21 -0600 Subject: [PATCH] Agregando archivos faltantes para la Version 2. +Formato. --- 0_Extra/+logo.png | Bin 0 -> 1440 bytes 0_Extra/MySQL-Instrucciones.txt | 7 + 0_Extra/MySQL-Tabla_Definiciones.txt | 19 ++ 0_Extra/buho.png | Bin 0 -> 3555 bytes 0_Extra/dbtables.sql | 66 +++++ contenido/admin.php | 75 ++++++ contenido/adminprocess.php | 180 +++++++++++++ contenido/ayuda+contacto.php | 23 ++ contenido/global+404.php | 12 + contenido/index.php | 3 + contenido/sub.php | 173 +++++++++++++ contenido/usuario+editar.php | 70 ++++++ contenido/usuario+horarios.php | 361 ++++++++++++++++++++++++++ contenido/usuario+info.php | 69 +++++ contenido/usuario+ingresar.php | 49 ++++ contenido/usuario+recuperar_clave.php | 34 +++ contenido/usuario+registrar.php | 52 ++++ include/index.php | 3 + include/process.php | 195 ++++++++++++++ include/sesion.php | 461 ++++++++++++++++++++++++++++++++++ instalar.php | 4 +- reportes/+HTML/index.php | 3 + reportes/+PDF/index.php | 3 + reportes/index.php | 3 + 24 files changed, 1863 insertions(+), 2 deletions(-) create mode 100644 0_Extra/+logo.png create mode 100644 0_Extra/MySQL-Instrucciones.txt create mode 100644 0_Extra/MySQL-Tabla_Definiciones.txt create mode 100644 0_Extra/buho.png create mode 100644 0_Extra/dbtables.sql create mode 100755 contenido/admin.php create mode 100755 contenido/adminprocess.php create mode 100644 contenido/ayuda+contacto.php create mode 100644 contenido/global+404.php create mode 100644 contenido/index.php create mode 100644 contenido/sub.php create mode 100644 contenido/usuario+editar.php create mode 100644 contenido/usuario+horarios.php create mode 100644 contenido/usuario+info.php create mode 100644 contenido/usuario+ingresar.php create mode 100644 contenido/usuario+recuperar_clave.php create mode 100644 contenido/usuario+registrar.php create mode 100644 include/index.php create mode 100755 include/process.php create mode 100755 include/sesion.php create mode 100644 reportes/+HTML/index.php create mode 100644 reportes/+PDF/index.php create mode 100644 reportes/index.php diff --git a/0_Extra/+logo.png b/0_Extra/+logo.png new file mode 100644 index 0000000000000000000000000000000000000000..d208e699d313f30693a00af0591d540371770b70 GIT binary patch literal 1440 zcwVhkTQnO67>=`pxvzR?n;9}O+pOAZN?nrFHAzX*io~^LB?xhk1VOiU+Eoz^#R$5& zmvWknG$pi$%1j$tNnCnSm9`Q^=py2lv9~?#W#2jf?R)tC|9knboxvcC^nv;S0Kf=^ z^bP<3v>JB%&`))Cv#S2f`Q4(G9)R!!bO)u} z$^~BrbAebJi-ibySv;4uCwFOeQPYyX|Q2}a^sF%BcPH5Egw>oPmssg*B+L! z7m_AQb84iD!u#a~;@_QUiG-SBTNh_ZGpG9w_yE%#r{GsFMZ`YGtR^ryhgE*E@NaGm zG`CQD*XqN!SxbxsA$g~a$<1cEBZYK~u zv(tp@{OLJ8QVzYlF^^;ubXuCydh#Z)E|-A|%e}uG-T~YUV18my_R$M3Oh6e+GPfVf zySU68_zKrAYX7LO@`W!`(Dwd_*~ZcM)r}^iRSO}D%iI!O*i+x&WiNRbxrbrXdb791 zwpb*Z49+6@V#;qLDtPQLmjyA*IaWk^Ha+Ql zqo@{(oKy0r{!s)fWuXI;M%nJ5BGm}hPdV=z6!UiPV);nl5GgdocHzFG6A%JPH{2r4 zm{ye^ubiZ@G2^Bbk$M5j(1bE|+b$+|9c;tjg+0AWfBS5HOc()8o`__y(2ODcu!VWE zdXC~&tZBSh&*HL3n~Ma=e6p@vIEY^tBglg99$|gURA5B z7IPas`pGfNRy&>GtRxhV9k=JM0&%o_Uo$hRn}P5u=qw?KBlG1OOZoz}3~ZI5u$9GM zfrs{Ur7BpBbfB0}Li-L(OoF9aQ6W;c} zeC>w`vgesDr{Aq#v-DrZbdBcMO8-o93I7(88v*J%CP^MKdzM#MA|Y7MBH)zsVY7NN zU;NImwG$lCCS~fC*A&mV?Fi4&{;J<265Jn&7HlNCfW+G?DM!u6d>-S3^Id3R@03HZ z#1Uq3oH$lqD2_xW#sMcnl;q9mvVfJzrCSj?Ulg}B?X7Iw1zcd)LyZjwRJAM8g+F6xZXGeHla%wpE$@s-;Be^Dp+5w7Zqt^xu45T5?)$W!IoBU}y#BHJ) zGL;maX{%ui@Z%N^X3YUn9i6H1^sQyL1k@}4)mZcXikGv7%Q6a7xup3EPZiE2Gd~j? z@4cWNnzV+&5wRI3KsO7;?%NX(jESw 'Usuarios' +DROP TABLE IF EXISTS cLab_usr;' +CREATE TABLE cLab_usr (carnet varchar(30) primary key, clave varchar(32) not null, nombre varchar(100) not null, encargado varchar(100), catedratico varchar(100), admin tinyint(1) unsigned not null, email varchar(50), timestamp int(11) unsigned not null); + +cLab_act_usr -> 'Usuarios Activos' +DROP TABLE IF EXISTS cLab_act_usr; +CREATE TABLE cLab_act_usr (carnet varchar(30) primary key, timestamp int(11) unsigned not null); + +cLab_act_vst -> 'Visitantes Activos' +DROP TABLE IF EXISTS cLab_act_vst; +CREATE TABLE cLab_act_vst (ip varchar(15) primary key, timestamp int(11) unsigned not null); + +cLab_usr_bnd -> 'Usuarios Baneados' +DROP TABLE IF EXISTS cLab_usr_bnd; +CREATE TABLE cLab_usr_bnd (carnet varchar(30) primary key, timestamp int(11) unsigned not null); + + + +cLab_hr -> 'Horarios' diff --git a/0_Extra/buho.png b/0_Extra/buho.png new file mode 100644 index 0000000000000000000000000000000000000000..af5a0904fc3ed21e23df071bd9cfdf35246d5ed0 GIT binary patch literal 3555 zcwPbH4IJ``P)19+(vUQ3lA$vcr<2RHWjam1r0tC5(izej%5>7S4Wu=E$PAawObVe1Ax*PdwrniRx~x`v&inMkd-ft*zF@q&L9_pv)$X42p0n@!KhJsYM;`MNh6o!G z)}kB({Ay1qQtb(p2}Xp^10PV>4NO;kLe-u?8R4Y38L9F-fcZ;w09e2yLQw6=!2Bf| z+}d)SsP;4*=7WwFpaIbEy9J`aB47b=mXHml+o=-^WUDdB_d7boQd}6XS{O4BtLM*RjhrwMf+pj}Sc_PTjQK>SM)?MoJH061Y-nMxHX<^Cszt=0 z*2e@nqM1>?jq;I8xy{}SDiIkLvS%Xb1;`cv)dI=+v2%?xCd$O8zr(4Kv^#F?Fw)kB z4i6(g>&F{-i7cRE$gIDY@rhwKZgp2t^}PHLv7@gcfRB*7a!WoJl`w{RHw)E*Dll`r z@_Jb*raANPszrr@fKgkVdrJq}*5>xNwV}}jD#8qqL&!}GBbia8l;pDzCqm-NE%{uO zU80RatwmKGnRy8f)qs|M7XcARt||epG7?uM8qU=MMitGDVN+WPm`ms1h9~Zr7>akt z!vq~EH!hWeR4OEV6^as|D7pC|(TJR*1~hyTN~@}(s#st`JRbDod_|SFDN4I1g5t*L z9OqI%uPymq1nmaW=>pNkV-KU)!o14LMb-W2kXS@Ya>a(n>#pYErki-)M0gxWOcuyp zl5<#c`m;A|-#$x4L4_j6YNkmAr#fa-iH2_17{ZglboMxZJbjF%Cc;Y+@Q)%4TgxYa zExgP8MRzy!^`RXdvw!=_E#=~<3ekD}j8hl+U}FN|hbBrdmKBZH^612V?$Ll%%Wvj> zfT7oEQlHzo^uPyz9XniL^VCzYb?Z3+P(=u@3elmPmsb}W68}owLjK;LW_h4&n%K|1 zYH3Fp8+wD!U|FdFcZ96uBf^U!H&f!RT-b*%E2^TSLt;_I3k~53qWsh9E{-qX#2d!Y zqXBmUO(@OcF{;Wn!1bZwx@4lyH-%Z#sQ~@eHilM&(_(nlSe8tVV3w>UX!}s(hsS=y^2Rna630di zJ)YsejPSZY%{C4AxVi#sKB0ffKYjLw?TXp12-hN*`R8?aH5%s(Zg)^ zbF>48KiEu=_#{sOWHQLBX_}`_@qNGuc|jzkpc18E0cwHz5ZbOl#< z0aSwMyp^}%%iu!m6C&(v|07Nue1n7xkii*8Iy>EaM+cfp;bnitT3{1JwUN)h!5oC= zGDWW`CEkaWx1*_&Iy#@vaE45Hu5}$xXGW3nw^^k=n+zOl>2Qgm zjt)oQPj=B{eZC4bg~#XB#`$h}ZD_$to?x9V;i~8#q)WCr2k-1i^NOR=sv{pLj7FmD zY*^IZ}<8+GQxpgQz=MA3w86z2(g2Qc>razM%c;>Zf_a5hxg>8Q`_L zR$e{wGL2KG_zMwMsIq8mjHiK>IiKzt=?vLA2o74EV#d>2TF;gDBHPmtj@6pLY~elgE%{3@dp z!$@Nr+7fy%2YN913d?~WcL9#SN#y8jbfL7(hnisyAPD#%O2VJyW)0X9Y2Y8)w{RRF zGm2=ItAPEDOZnk7w=%K13p zpOpd!;tS|s_7P42b|me}T1(rpC;L%cFLl{b38DqaX}}7UwHh#KJRVzhD}4ZsZRq}= z(GcX=h^6Pu5zh3buzjhbm$H33+THCui@P61wdlck;d>Ag?@u1#qxjqdYycJlr>9P_ z=fDd*GkTEJhrURrBT3MnMjiv_LsuZFRH?`?2gDI3J&(t){|vuQG^1k!n4#TxV?(UL zvI=;V*?9~F==z!quwWW^>#yc9^}utKg!}8(u*N z%Dws!l^{9-T&^me<);dbr}&sKr7QYDD?fjTTrc7_j+53vTAQKcC} zObmyK@FQ~k6y8-O+O;DTa~US|vprlt$AF3R4wK}ROo_)2BEnQW z&Rg*~6DOmLF-)*wBX;-hODicQljz-d7pm%tFcbD~S~W?f3i|_9RNQkb zQCx*Q2f+mhETtSdd;dLYlrbqFR`C|+%!u0wNklD5k zKbb_6$pX>EF%IWlatX;fz!za$mFsMludC9EyGU7FuG#~}O$7by_t7Z!kN_Pt?+SWtMqiR7Rpf-h30bZpDVx?{|H( zmZU>1aJsR9znr$zS)V1b2HuX;k(oHb{UY3=N(`8u7$!0K4qs5qbsF$lU?p%$4F9Q? zPinxQ(!m1kuraG6*h@YuRUpFud3F4|Kg9;18RxB_^B^Cccdy=azBjD86fRg-7q+*Tnblob z6LC#As-Q|lE!SINAw``Y0KdZUqMhLuocbv3ZY`@sSGwKcO4#>v&e5Jk7q2B}47~#5 z;vS#a6ijjl&_ejgg%}QMz#8jwAFw3cUJ(we-PdtR2t)Am?PG_aeJT7P%dge)1j;zd zDlC5`%3^`6DlwF#2sfJu-vJI0)*vgpY(? zs}d2zK@(?}27D1*x0FcvgTu;X?}WSwyzDN{o*qnBSD{_OK*8NBO_v71;lKG957Oy$ zdQT7LKOW=uz-Jo}RZCng3-X~lv!6658!DnY#2_ra?29UWeeU^`5@K_z$nY@I+dHd8 zOaSc-zogU1XqO9^DEjanL56Pu%fjaPyrF*IyLTQiwJ=VsVI$UyI>`xgvllkkb}x!@ z1a|dfcJ+gaq5)V1o3X@yygN+Vw<2xVputu`k(NK7 z4UtILk%_5P(uwh)KEhW dHPmon{6E)g&l>zlhQ$B?002ovPDHLkV1n-YwT1uy literal 0 HcwPel00001 diff --git a/0_Extra/dbtables.sql b/0_Extra/dbtables.sql new file mode 100644 index 0000000..b8b34d2 --- /dev/null +++ b/0_Extra/dbtables.sql @@ -0,0 +1,66 @@ +# +# dbtables.sql +# +# Simplifies the task of creating all the database tables +# used by the login system. +# +# Can be run from command prompt by typing: +# +# mysql -u yourusername -D yourdatabasename < dbtables.sql +# +# That's with dbtables.sql in the mysql bin directory, but +# you can just include the path to dbtables.sql and that's +# fine too. +# +# Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC) +# Last Updated: August 13, 2004 +# + +# +# Table structure for users table +# +DROP TABLE IF EXISTS users; + +CREATE TABLE users ( + username varchar(30) primary key, + password varchar(32), + userid varchar(32), + userlevel tinyint(1) unsigned not null, + email varchar(50), + timestamp int(11) unsigned not null +); + + +# +# Table structure for active users table +# +DROP TABLE IF EXISTS active_users; + +CREATE TABLE active_users ( + username varchar(30) primary key, + timestamp int(11) unsigned not null +); + + +# +# Table structure for active guests table +# +DROP TABLE IF EXISTS active_guests; + +CREATE TABLE active_guests ( + ip varchar(15) primary key, + timestamp int(11) unsigned not null +); + + +# +# Table structure for banned users table +# +DROP TABLE IF EXISTS banned_users; + +CREATE TABLE banned_users ( + username varchar(30) primary key, + timestamp int(11) unsigned not null +); + + diff --git a/contenido/admin.php b/contenido/admin.php new file mode 100755 index 0000000..7d70295 --- /dev/null +++ b/contenido/admin.php @@ -0,0 +1,75 @@ +isAdmin()){ + header("Location: ./"); +} + +function displayUsers(){ + global $database; + $q = "SELECT username,nombre,userlevel,email,timestamp FROM ".TBL_USERS." ORDER BY userlevel DESC;"; + $result = $database->query($q); + /* Error occurred, return given name by default */ + $num_rows = mysql_numrows($result); + if(!$result || ($num_rows < 0)){ + echo "Error displaying info"; + return; + } + if($num_rows == 0){ + echo "Database table empty"; + return; + } + /* Display table contents */ + echo ''; + echo "\n"; + for($i=0; $i<$num_rows; $i++){ + $uname = mysql_result($result,$i,"username"); + $nombre = mysql_result($result,$i,"nombre"); + $ulevel = mysql_result($result,$i,"userlevel"); + $email = mysql_result($result,$i,"email"); + $time = mysql_result($result,$i,"timestamp"); + //$horarios ='Ver'; + $uname = ''.$uname.''; + echo "\n"; + } + echo "

Código	Nombre	Nivel	Email	Última actividad
$uname	$nombre	$ulevel	$email	$time

\n"; +} + +echo '

Centro de Administración

'; +if($form->num_errors > 0){ + echo "" + ."!*** Error con petición, por favor corregir

"; +} +echo '

Instructores registrados en el sistema:

'; +displayUsers(); + +echo '

Establecer permisos a instructor

'; +echo $form->error("upduser"); +?> + +

Quitar Instructor

+error("deluser"); ?> + \ No newline at end of file diff --git a/contenido/adminprocess.php b/contenido/adminprocess.php new file mode 100755 index 0000000..c798db9 --- /dev/null +++ b/contenido/adminprocess.php @@ -0,0 +1,180 @@ +isAdmin()){ + header("Location: ../?x=admin"); + return; + } + /* Admin submitted update user level form */ + if(isset($_POST['subupdlevel'])){ + $this->procUpdateLevel(); + } + /* Admin submitted delete user form */ + else if(isset($_POST['subdeluser'])){ + $this->procDeleteUser(); + } + /* Admin submitted delete inactive users form */ + else if(isset($_POST['subdelinact'])){ + $this->procDeleteInactive(); + } + /* Admin submitted ban user form */ + else if(isset($_POST['subbanuser'])){ + $this->procBanUser(); + } + /* Admin submitted delete banned user form */ + else if(isset($_POST['subdelbanned'])){ + $this->procDeleteBannedUser(); + } + /* Should not get here, redirect to home page */ + else{ + header("Location: ../?x=admin"); + } + } + + /** + * procUpdateLevel - If the submitted username is correct, + * their user level is updated according to the admin's + * request. + */ + function procUpdateLevel(){ + global $session, $database, $form; + /* Username error checking */ + $subuser = $this->checkUsername("upduser"); + + /* Errors exist, have user correct them */ + if($form->num_errors > 0){ + $_SESSION['value_array'] = $_POST; + $_SESSION['error_array'] = $form->getErrorArray(); + header("Location: ../?x=admin"); + } + /* Update user level */ + else{ + $database->updateUserField($subuser, "userlevel", (int)$_POST['updlevel']); + header("Location: ../?x=admin"); + } + } + + /** + * procDeleteUser - If the submitted username is correct, + * the user is deleted from the database. + */ + function procDeleteUser(){ + global $session, $database, $form; + /* Username error checking */ + $subuser = $this->checkUsername("deluser"); + + /* Errors exist, have user correct them */ + if($form->num_errors > 0){ + $_SESSION['value_array'] = $_POST; + $_SESSION['error_array'] = $form->getErrorArray(); + header("Location: ../?x=admin"); + } + /* Delete user from database */ + else{ + $q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'"; + $database->query($q); + header("Location: ../?x=admin"); + } + } + + /** + * procDeleteInactive - All inactive users are deleted from + * the database, not including administrators. Inactivity + * is defined by the number of days specified that have + * gone by that the user has not logged in. + */ + function procDeleteInactive(){ + global $session, $database; + $inact_time = $session->time - $_POST['inactdays']*24*60*60; + $q = "DELETE FROM ".TBL_USERS." WHERE timestamp < $inact_time " + ."AND userlevel != ".ADMIN_LEVEL; + $database->query($q); + header("Location: ../?x=admin"); + } + + /** + * procBanUser - If the submitted username is correct, + * the user is banned from the member system, which entails + * removing the username from the users table and adding + * it to the banned users table. + */ + function procBanUser(){ + global $session, $database, $form; + /* Username error checking */ + $subuser = $this->checkUsername("banuser"); + + /* Errors exist, have user correct them */ + if($form->num_errors > 0){ + $_SESSION['value_array'] = $_POST; + $_SESSION['error_array'] = $form->getErrorArray(); + header("Location: ../?x=admin"); + } + /* Ban user from member system */ + else{ + $q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'"; + $database->query($q); + + $q = "INSERT INTO ".TBL_BANNED_USERS." VALUES ('$subuser', $session->time)"; + $database->query($q); + header("Location: ../?x=admin"); + } + } + + /** + * procDeleteBannedUser - If the submitted username is correct, + * the user is deleted from the banned users table, which + * enables someone to register with that username again. + */ + function procDeleteBannedUser(){ + global $session, $database, $form; + /* Username error checking */ + $subuser = $this->checkUsername("delbanuser", true); + + /* Errors exist, have user correct them */ + if($form->num_errors > 0){ + $_SESSION['value_array'] = $_POST; + $_SESSION['error_array'] = $form->getErrorArray(); + header("Location: ../?x=admin"); + } + /* Delete user from database */ + else{ + $q = "DELETE FROM ".TBL_BANNED_USERS." WHERE username = '$subuser'"; + $database->query($q); + header("Location: ../?x=admin"); + } + } + + /** + * checkUsername - Helper function for the above processing, + * it makes sure the submitted username is valid, if not, + * it adds the appropritate error to the form. + */ + function checkUsername($uname, $ban=false){ + global $database, $form; + /* Username error checking */ + $subuser = $_POST[$uname]; + $field = $uname; //Use field name for username + if(!$subuser || strlen($subuser = trim($subuser)) == 0){ + $form->setError($field, "* Username not entered
"); + } + else{ + /* Make sure username is in database */ + $subuser = stripslashes($subuser); + if(strlen($subuser) < 5 || strlen($subuser) > 30 || + !eregi("^([0-9a-z])+$", $subuser) || + (!$ban && !$database->usernameTaken($subuser))){ + $form->setError($field, "* Username does not exist
"); + } + } + return $subuser; + } +}; + +/* Initialize process */ +$adminprocess = new AdminProcess; + +?> diff --git a/contenido/ayuda+contacto.php b/contenido/ayuda+contacto.php new file mode 100644 index 0000000..51e9972 --- /dev/null +++ b/contenido/ayuda+contacto.php @@ -0,0 +1,23 @@ +cLab - Contactar el administrador
+ + + '; +} +?> \ No newline at end of file diff --git a/contenido/global+404.php b/contenido/global+404.php new file mode 100644 index 0000000..c20c15e --- /dev/null +++ b/contenido/global+404.php @@ -0,0 +1,12 @@ +Sistema de Horarios- ¡Error!
+¡Lo sentimos pero Ud. ha intentado ingresar a un área de este sitio que no existe!
+Si Ud. cree que esta página debería de existir, entonces por favor notifique al Administrador.
+Puede hacerlo haciendo clic en el enlace "contacto con el Administrador" mostrado más abajo
+'; +CREAR_LINK("","Continuar","Regresar a la página principal"); +} +?> \ No newline at end of file diff --git a/contenido/index.php b/contenido/index.php new file mode 100644 index 0000000..52d0258 --- /dev/null +++ b/contenido/index.php @@ -0,0 +1,3 @@ + \ No newline at end of file diff --git a/contenido/sub.php b/contenido/sub.php new file mode 100644 index 0000000..6f073f5 --- /dev/null +++ b/contenido/sub.php @@ -0,0 +1,173 @@ +$sTexto"; +} + +/*Crear un link apropiado para GET*/ +function CREAR_LINK_GET($sAccion, $sTexto, $sTitulo) { + return "$sTexto"; +} + +function MENU_usuario(){ + global $session; + echo ' +

Usuario

'.$session->username.'

'.CREAR_LINK("include/process.php","Salir", "Salir del sistema").'
'. CREAR_LINK_GET("usuario+info&usr=".$session->username, 'Mi Perfil', "Ver los datos de su perfil").'
'.CREAR_LINK_GET("ingresar", "Ingresar", "Si ya esta registrado puede volver a ingresar al sistema con este enlace").'

'; +} + + +function MENU_en_linea(){ + global $session, $database; + echo '

En línea ('. ($database->num_active_users + $database->num_active_guests) . ')

Usuarios: ' . $database->num_active_users . '
Visitantes: ' . $database->num_active_guests . '
'.$uname.'

+ '; +} +function MENU_informacion() { + echo + '

Información

+ +

'; +} +function MENU_gestion() { +global $session; + if($session->logged_in){ + echo '

Gestión

'; + } + if($session->isAdmin()){ + echo + ' +

Instructores

+ +

Horarios

+ +

+ '; + } + if($session->logged_in && !$session->isAdmin()){ + echo + ' +

Horarios

+ +

+ '; + } +} + +function CONTENIDO_mostrar_principal() { + global $session; + /* Verificamos si es permitido ver el sitio sin estar registrado, si no forzamor a ir al registro*/ + switch ($_SESSION[_ACC_]) { + case "infosis": break; + case "ayuda contacto": break; + case "rpr clave": break; + default: if (!$session->logged_in){$_SESSION[_ACC_] = "ingresar";} + } + switch ($_SESSION[_ACC_] ) { + + case "usuario info": + CONTENIDO_usuario_info(); + break; + + case "rpr clave": + CONTENIDO_recuperar_clave(); + break; + + case "admin": + if($session->isAdmin()){ + CONTENIDO_admin(); + break; + } + + case "registro": + if($session->isAdmin()){ + CONTENIDO_usuario_registrar(); + break; + } + + case "ingresar": + CONTENIDO_usuario_ingresar(); + break; + + case "ayuda contacto": + CONTENIDO_ayuda_contacto() ; + break; + + case "infosis": + echo phpinfo(); + break; + + case "horarios": + CONTENIDO_horarios(); + break; + + default: + CONTENIDO_global_404(); + } + if(!$session->isAdmin()){ + echo '

Sugerencias y Consultas: '. CREAR_LINK_GET("ayuda+contacto","contacto con el Administrador", "Útil para obtener ayuda, hacer comentarios y reportar errores al Adminsitrador de este sitio"); + } +} +?> \ No newline at end of file diff --git a/contenido/usuario+editar.php b/contenido/usuario+editar.php new file mode 100644 index 0000000..691b5a8 --- /dev/null +++ b/contenido/usuario+editar.php @@ -0,0 +1,70 @@ +User Account Edit Success!"; + echo "

$session->username, your account has been successfully updated.

"; +} +else{ +/** + * If user is not logged in, then do not display anything. + * If user is logged in, then display the form to edit + * account information, with the current email address + * already in the field. + */ +if($session->logged_in || $session->isAdmin()){ +?> + +

Editar cuenta del Instructor: username; ?>

+num_errors > 0){ + echo "".$form->num_errors." error(s) found"; +} +?> + + + \ No newline at end of file diff --git a/contenido/usuario+horarios.php b/contenido/usuario+horarios.php new file mode 100644 index 0000000..bf21c02 --- /dev/null +++ b/contenido/usuario+horarios.php @@ -0,0 +1,361 @@ + + + + + Reporte de Instructores + + +'; + for ($i=0; $i < 4; $i++) { + $_SESSION['tipo'] = $i; + $s = $s . DE_0; + $_SESSION['taller'] = 'LSA'; + $s = $s . MOSTRAR_HORARIOS_ECHO(); + $_SESSION['taller'] = 'LID'; + $s = $s . MOSTRAR_HORARIOS_ECHO(); + $_SESSION['taller'] = 'LAI'; + $s = $s . MOSTRAR_HORARIOS_ECHO(); + $_SESSION['taller'] = 'LIV'; + $s = $s . MOSTRAR_HORARIOS_ECHO(); + $s = $s . DE_1; + $_SESSION['taller'] = 'TPP'; + $s = $s . MOSTRAR_HORARIOS_ECHO(); + $_SESSION['taller'] = 'TIS'; + $s = $s . MOSTRAR_HORARIOS_ECHO(); + $_SESSION['taller'] = 'TAS'; + $s = $s . MOSTRAR_HORARIOS_ECHO(); + $_SESSION['taller'] = 'TEC'; + $s = $s . MOSTRAR_HORARIOS_ECHO(); + $s = $s . ""; + } + $myFile = "tmp/".time().".html"; + $fh = fopen($myFile, 'w') or die("/tmp/ bloqueado"); + fwrite($fh, $s); + fclose($fh); + + //PDF + require_once dirname(__FILE__) . 'include/HTML_ToPDF.php'; + echo 'Descargar reportes [HTML]'; + return; +} +if(!$session->isAdmin()||isset($_GET['forzar'])){ +global $session, $database; + + +if (isset($_GET['forzar'])) { +$tmp_usuario = $_GET['forzar']; +} else { +$tmp_usuario = $session->username; +} +$req_user_info = $database->getUserInfo($tmp_usuario ); +$_SESSION['tipo'] = $req_user_info['tipo']; +switch ($req_user_info['departamento']) { +case 0: + echo DE_0; + $_SESSION['taller'] = 'LSA'; + MOSTRAR_HORARIOS(); + $_SESSION['taller'] = 'LID'; + MOSTRAR_HORARIOS(); + $_SESSION['taller'] = 'LAI'; + MOSTRAR_HORARIOS(); + $_SESSION['taller'] = 'LIV'; + MOSTRAR_HORARIOS(); + break; +case 1: + echo DE_1; + $_SESSION['taller'] = 'TPP'; + MOSTRAR_HORARIOS(); + $_SESSION['taller'] = 'TIS'; + MOSTRAR_HORARIOS(); + $_SESSION['taller'] = 'TAS'; + MOSTRAR_HORARIOS(); + $_SESSION['taller'] = 'TEC'; + MOSTRAR_HORARIOS(); + break; +} +} + + +//Registro del instructor seleccionado. +if (isset($_POST['query'])) { + + global $session, $link; + global $link, $base, $motor, $usuario, $clave; + + echo $_POST['tipo']."

"; + + if(!$_POST['tipo']) { + echo '

Registro fallido del Instructor

'; + return; + } + +$link = @mysql_connect($motor, $usuario, $clave) or die('Por favor revise sus datos, puesto que se produjo el siguiente error:

' . mysql_error() . '

'); +mysql_select_db($base, $link) or die('!->La base de datos seleccionada "'.$base.'" no existe'); +//Verificamos que no tenga otro laboratorio al mismo tiempo. +$q = "SELECT * FROM horarios WHERE username='". $_POST['tipo'] ."' AND dia='".$_SESSION['dia']."' AND posicion='".$_SESSION['posicion']."';"; +//echo $q."
"; +$resultados = @mysql_query($q, $link) or die('!->Ocurrió un error mientras se revisaba la disponibilidad del instructor.'); +$num_rows = mysql_numrows($resultados); +//$num_rows > 0 significa que el muchacho ya tiene asignado otro laboratorio a la misma hora :) +if ($num_rows > 0) { +echo +' +

Registro de Intructor abortado

+Lo sentimos, pero este Instructor ya tiene otros laboratorios asignados el mismo día y hora. +'; +echo CONTINUAR; +return; +} +//Insertamos al instructor en el horario. +$q = "INSERT INTO horarios VALUES ('".$_POST['tipo'] ." ', ' " . $_SESSION['taller'] . "','".$_SESSION['dia']."','".$_SESSION['posicion']."')"; +@mysql_query($q, $link) or die('!->Ocurrió un error en la ultima etapa de la adición de usuarios.'); +echo +' +

Registro exitoso del Intrusctor

+'; +echo CONTINUAR; +return; +} + +if (isset($_GET['t']) && isset($_GET['d']) && isset($_GET['h'])&& isset($_GET['o'])) { + //Agregar o eliminar usuario de horario + global $session, $link; + global $link, $base, $motor, $usuario, $clave; + $_SESSION['taller'] = $_GET['t']; + $_SESSION['dia'] = $_GET['d']; + $_SESSION['posicion'] = $_GET['h']; + $link = @mysql_connect($motor, $usuario, $clave) or die('Por favor revise sus datos, puesto que se produjo el siguiente error:

' . mysql_error() . '

'); + mysql_select_db($base, $link) or die('!->La base de datos seleccionada "'.$base.'" no existe'); + + //Agregar + if ($_GET['o'] == 'a') { + // ¿Hay alguien(es) en ese departamente y con ese cargo? + $q = "SELECT username, nombre FROM users WHERE departamento='".$_SESSION['dpto'] ."' AND tipo='" . $_SESSION['tipo'] . "'"; + $resultados = @mysql_query($q, $link); + $num_rows = mysql_numrows($resultados); + + echo + ' + + '; + } else { + if ($session->isAdmin()) { + //eliminar + $q = "DELETE FROM horarios WHERE username LIKE '%".$_GET['u']."%' AND taller LIKE '%".$_GET['t']."%' AND dia = '".$_GET['d']."' AND posicion = '".$_GET['h']."';"; + //echo $q; + mysql_select_db($base, $link) or die('!->La operación de eliminación no pudo ser completada'); + echo "

".$_GET['u']." ha sido removido del horario.
"; + echo CONTINUAR; + } + } +return; +} + +function OBTENER_TIPO($taller,$dia, $hora) { + global $session, $link; + // ¿Hay alguien(es) en esa posición? + $q = "SELECT users.username, nombre FROM users, horarios WHERE users.username = horarios.username and taller like '%$taller%' AND tipo = '". $_SESSION['tipo']. "' AND dia='$dia' AND posicion='$hora'"; + //echo $q; + $resultados = @mysql_query($q, $link); + $num_rows = mysql_numrows($resultados); + + if($num_rows > 0){ + $msj=""; + for($i=0; $i<$num_rows; $i++){ + $uname = mysql_result($resultados,$i,"nombre"); + $uinfo = mysql_result($resultados,$i,"username"); + $msj = $msj.''.$uname.'[X]
'; + } + }else { + if (!$session->isAdmin()||isset($_GET['reporte'])) {$msj="Sin Asignar";} + } + if ($session->isAdmin() && !isset($_GET['reporte'])){ + if( ($num_rows == 0 && $num_rows < 9) || ($_SESSION['tipo'] == 0 )){ + $msj=$msj .'Asignar'; + } + } + return "".$msj.""; +} + +function MOSTRAR_HORARIOS() { +global $link, $base, $motor, $usuario, $clave; +$link = @mysql_connect($motor, $usuario, $clave) or die('Por favor revise sus datos, puesto que se produjo el siguiente error:

' . mysql_error() . '

'); +mysql_select_db($base, $link) or die('!->La base de datos seleccionada "'.$base.'" no existe'); +echo ' +

Taller '.$_SESSION['taller'].' - '; +switch ($_SESSION['tipo']) +{ +case 0: echo TI_0; break; +case 1: echo TI_1; break; +case 2: echo TI_2; break; +case 3: echo TI_3; break; +} + +echo +'

+ + +'; +for ($i=450; $i<=1170; $i+=60){ +echo "". OBTENER_TIPO($_SESSION['taller'], 1, $i).OBTENER_TIPO($_SESSION['taller'], 2, $i).OBTENER_TIPO($_SESSION['taller'], 3, $i).OBTENER_TIPO($_SESSION['taller'], 4, $i).OBTENER_TIPO($_SESSION['taller'], 5, $i).OBTENER_TIPO($_SESSION['taller'], 6, $i).""; +} +echo "

Horario	Lunes	Martes	Miercoles	Jueves	Viernes	Sabado
". date("h:ia", mktime(0,$i)) . "

"; +mysql_close($link); +} +function MOSTRAR_HORARIOS_ECHO() { +global $link, $base, $motor, $usuario, $clave; +$link = @mysql_connect($motor, $usuario, $clave) or die('Por favor revise sus datos, puesto que se produjo el siguiente error:

' . mysql_error() . '

'); +mysql_select_db($base, $link) or die('!->La base de datos seleccionada "'.$base.'" no existe'); +$salida = +' +

Taller '.$_SESSION['taller'].' - '; +switch ($_SESSION['tipo']) +{ +case 0: $salida = $salida .TI_0; break; +case 1: $salida = $salida .TI_1; break; +case 2: $salida = $salida .TI_2; break; +case 3: $salida = $salida .TI_3; break; +} + +$salida = $salida . +'

+ + +'; +for ($i=450; $i<=1170; $i+=60){ +$salida = $salida ."". OBTENER_TIPO($_SESSION['taller'], 1, $i).OBTENER_TIPO($_SESSION['taller'], 2, $i).OBTENER_TIPO($_SESSION['taller'], 3, $i).OBTENER_TIPO($_SESSION['taller'], 4, $i).OBTENER_TIPO($_SESSION['taller'], 5, $i).OBTENER_TIPO($_SESSION['taller'], 6, $i).""; +} +$salida = $salida ."

Horario	Lunes	Martes	Miercoles	Jueves	Viernes	Sabado
". date("h:ia", mktime(0,$i)) . "

"; +mysql_close($link); +return $salida; +} + + +$paso = $_POST['paso']; +/* +0. Selección de departamento. +$_POST['dpto'] +1. Selección de taller. +$_POST['taller'] +2. Filto ocupacion del instructor +$_POST['tipo'] +*/ +echo '

Visor de Horarios

'; +switch ($paso) { +case 0: + echo + ' + + '; + break; +case 1: + $_SESSION['dpto'] = $_POST['dpto']; + echo + ' + + '; + echo '

'.$_SESSION['dpto']; + break; + +case 2: + $_SESSION['taller'] = $_POST['taller']; + echo + ' + + '; + echo '

'.$_SESSION['dpto']."->".$_SESSION['taller']; + break; +case 3: + $_SESSION['tipo'] = $_POST['tipo']; + MOSTRAR_HORARIOS(); + echo '

'-$_SESSION['dpto']."->".$_SESSION['taller']."->".$_SESSION['tipo'].'
'; +break; +default: + exit; +} +} +?> \ No newline at end of file diff --git a/contenido/usuario+info.php b/contenido/usuario+info.php new file mode 100644 index 0000000..9c5cf45 --- /dev/null +++ b/contenido/usuario+info.php @@ -0,0 +1,69 @@ +usernameTaken($req_user)){ + die("Usuario no registrado"); +} + +/* Logged in user viewing own account */ +if(strcmp($session->username,$req_user) == 0){ + echo "

Mi cuenta

"; +} +/* Visitor not viewing own account */ +else{ + echo "

Información del usuario

"; +} + +/* Display requested user information */ +$req_user_info = $database->getUserInfo($req_user); + +echo "Código de usuario: ".$req_user_info['username']."
"; +echo "Nombre de usuario: ".$req_user_info['nombre']."
"; +echo "Encargado: ".$req_user_info['encargado']."
"; +echo "Catedrático: ".$req_user_info['catedratico']."
"; +echo "Tipo de Instructor: "; +switch ($req_user_info['tipo']) { +case 0: + echo TI_0; + break; +case 1: + echo TI_1; + break; +case 2: + echo TI_2; + break; +case 3: + echo TI_3; + break; +default: + echo "Tipo de instructor desconocido"; + break; +} +echo"
"; +echo "Departamento: "; +switch ($req_user_info['departamento']) { +case 0: + echo DE_0; + break; +case 1: + echo DE_1; + break; +} +echo"
"; +echo "Email: ".$req_user_info['email']."
"; + +if(strcmp($session->username,$req_user) == 0 || $session->isAdmin()){ + echo "
Editar información de la cuenta
"; +} +} +?> \ No newline at end of file diff --git a/contenido/usuario+ingresar.php b/contenido/usuario+ingresar.php new file mode 100644 index 0000000..30996eb --- /dev/null +++ b/contenido/usuario+ingresar.php @@ -0,0 +1,49 @@ +logged_in){ + echo "

¡Bienvenido!

"; + echo "$session->username, Ud. ha ingresado al sistema.
"; + if($session->isAdmin()){ + echo 'Puede encontrar sus herramientas administrativas en los menús laterales
'; + } + echo '

'; + echo CREAR_LINK_GET("usuario+info&usr=$session->username", "Continuar a Mi Perfil" , "Avanzar hacia su perfil"); + + return; + } + + /* Fallo en el registro */ + if(isset($_SESSION['regsuccess']) && $_SESSION['regsuccess'] == false){ + echo "

Error - Por favor intentelo de nuevo.

"; + } + + /* Empezar en limpio */ + unset($_SESSION['regsuccess']); +?> +

Ingreso al Sistema de Horarios

+ +
+ + \ No newline at end of file diff --git a/contenido/usuario+recuperar_clave.php b/contenido/usuario+recuperar_clave.php new file mode 100644 index 0000000..e6b39ec --- /dev/null +++ b/contenido/usuario+recuperar_clave.php @@ -0,0 +1,34 @@ +Nueva Clave Generada"; + echo "

Tu nueva clave ha sido generada y enviada a el correo asociado con tu cuenta. " + ."Continuar.

"; + } + else{ + echo "

Fallo al Recuperar Contraseña

"; + echo "

Hubo un error mientras se te enviaba el corrreo con la nueva clave, asi que tu clave no a sido cambiada." + ."Continuar.

"; + } + + unset($_SESSION['forgotpass']); +} +function CONTENIDO_recuperar_clave(){ +global $form; +echo ' +

Recuperación de Constraseña

+Una nueva clave será envíada a tu cuenta de correo y será asociada a tu usuario.

' . $form->error("user") . +' +'; +} +?> \ No newline at end of file diff --git a/contenido/usuario+registrar.php b/contenido/usuario+registrar.php new file mode 100644 index 0000000..35608c4 --- /dev/null +++ b/contenido/usuario+registrar.php @@ -0,0 +1,52 @@ +Registrado."; + echo "

'".$_SESSION['reguname']."' ha sido agregado a la base de datos.

"; + }else{ + echo "

Registro fallido

"; + echo "

Lo sentimos pero el registro para el usuario ".$_SESSION['reguname']." a fallado.

"; + } +$_SESSION['post-post'] = false; +} +?> +

Registros de Instructores

+num_errors > 0){ + echo "$form->num_errors error(s) found"; +} +?> + + \ No newline at end of file diff --git a/include/index.php b/include/index.php new file mode 100644 index 0000000..52d0258 --- /dev/null +++ b/include/index.php @@ -0,0 +1,3 @@ + \ No newline at end of file diff --git a/include/process.php b/include/process.php new file mode 100755 index 0000000..58888a0 --- /dev/null +++ b/include/process.php @@ -0,0 +1,195 @@ +";} +} + +class Process +{ + /* Class constructor */ + function Process(){ + global $session; + /* User submitted login form */ + if(isset($_POST['sublogin'])){ + $this->procLogin(); + } + /* User submitted registration form */ + else if(isset($_POST['subjoin'])){ + $this->procRegister(); + } + /* User submitted forgot password form */ + else if(isset($_POST['subforgot'])){ + $this->procForgotPass(); + } + /* User submitted edit account form */ + else if(isset($_POST['subedit'])){ + $this->procEditAccount(); + } + /** + * The only other reason user should be directed here + * is if he wants to logout, which means user is + * logged in currently. + */ + else if($session->logged_in){ + DEPURAR ('ok Logout'); + $this->procLogout(); + } + /** + * Should not get here, which means user is viewing this page + * by mistake and therefore is redirected. + */ + else{ + header("Location: ../"); + } + } + + /** + * procLogin - Processes the user submitted login form, if errors + * are found, the user is redirected to correct the information, + * if not, the user is effectively logged in to the system. + */ + function procLogin(){ + global $session, $form; + /* Login attempt */ + $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember'])); + + /* Login successful */ + if($retval){ + $_SESSION['regsuccess'] = true; + } + /* Login failed */ + else{ + $_SESSION['regsuccess'] = false; + $_SESSION['value_array'] = $_POST; + $_SESSION['error_array'] = $form->getErrorArray(); + } + header("Location:../?accion=ingresar"); + } + + /** + * procLogout - Simply attempts to log the user out of the system + * given that there is no logout form to process. + */ + function procLogout(){ + global $session; + $retval = $session->logout(); + header("Location: ../"); + } + + /** + * procRegister - Processes the user submitted registration form, + * if errors are found, the user is redirected to correct the + * information, if not, the user is effectively registered with + * the system and an email is (optionally) sent to the newly + * created user. + */ + function procRegister(){ + global $session, $form; + /* Convert username to all lowercase (by option) */ + if(ALL_LOWERCASE){ + $_POST['user'] = strtolower($_POST['user']); + } + /* Registration attempt */ + $retval = $session->register($_POST['user'], $_POST['pass'], $_POST['email'],$_POST['nombre'], $_POST['encargado'], $_POST['catedratico'], $_POST['tipo'], $_POST['departamento']); + + /* Registration Successful */ + if($retval == 0){ + $_SESSION['regsuccess'] = true; + $_SESSION['reguname'] = $_POST['user']; + } + /* Error found with form */ + else if($retval == 1){ + $_SESSION['value_array'] = $_POST; + $_SESSION['error_array'] = $form->getErrorArray(); + } + /* Registration attempt failed */ + else if($retval == 2){ + $_SESSION['reguname'] = $_POST['user']; + $_SESSION['regsuccess'] = false; + + } + $_SESSION['post-post'] = true; + header("Location: ./?x=registro"); +} + + /** + * procForgotPass - Validates the given username then if + * everything is fine, a new password is generated and + * emailed to the address the user gave on sign up. + */ + function procForgotPass(){ + global $database, $session, $mailer, $form; + /* Username error checking */ + $subuser = $_POST['user']; + $field = "user"; //Use field name for username + if(!$subuser || strlen($subuser = trim($subuser)) == 0){ + $form->setError($field, "* Username not entered
"); + } + else{ + /* Make sure username is in database */ + $subuser = stripslashes($subuser); + if(strlen($subuser) < 5 || strlen($subuser) > 30 || + !eregi("^([0-9a-z])+$", $subuser) || + (!$database->usernameTaken($subuser))){ + $form->setError($field, "* Username does not exist
"); + } + } + + /* Errors exist, have user correct them */ + if($form->num_errors > 0){ + $_SESSION['value_array'] = $_POST; + $_SESSION['error_array'] = $form->getErrorArray(); + } + /* Generate new password and email it to user */ + else{ + /* Generate new password */ + $newpass = $session->generateRandStr(8); + + /* Get email of user */ + $usrinf = $database->getUserInfo($subuser); + $email = $usrinf['email']; + + /* Attempt to send the email with new password */ + if($mailer->sendNewPass($subuser,$email,$newpass)){ + /* Email sent, update database */ + $database->updateUserField($subuser, "password", md5($newpass)); + $_SESSION['forgotpass'] = true; + } + /* Email failure, do not change password */ + else{ + $_SESSION['forgotpass'] = false; + } + } + + header("Location: ./?x=rpr+clave"); + } + + /** + * procEditAccount - Attempts to edit the user's account + * information, including the password, which must be verified + * before a change is made. + */ + function procEditAccount(){ + global $session, $form; + /* Account edit attempt */ + $retval = $session->editAccount($_POST['curpass'], $_POST['newpass'], $_POST['email']); + + /* Account edit successful */ + if($retval){ + $_SESSION['useredit'] = true; + header("Location: ".$session->referrer); + } + /* Error found with form */ + else{ + $_SESSION['value_array'] = $_POST; + $_SESSION['error_array'] = $form->getErrorArray(); + header("Location: ".$session->referrer); + } + } +}; + +/* Initialize process */ +$process = new Process; + +?> diff --git a/include/sesion.php b/include/sesion.php new file mode 100755 index 0000000..1b5f7f2 --- /dev/null +++ b/include/sesion.php @@ -0,0 +1,461 @@ +time = time(); + $this->startSession(); + } + + /** + * startSession - Performs all the actions necessary to + * initialize this session object. Tries to determine if the + * the user has logged in already, and sets the variables + * accordingly. Also takes advantage of this page load to + * update the active visitors tables. + */ + function startSession(){ + global $database; //The database connection + session_start(); //Tell PHP to start the session + + /* Determine if user is logged in */ + $this->logged_in = $this->checkLogin(); + + /** + * Set guest value to users not logged in, and update + * active guests table accordingly. + */ + if(!$this->logged_in){ + $this->username = $_SESSION['username'] = GUEST_NAME; + $this->userlevel = GUEST_LEVEL; + $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time); + } + /* Update users last active timestamp */ + else{ + $database->addActiveUser($this->username, $this->time); + } + + /* Remove inactive visitors from database */ + $database->removeInactiveUsers(); + $database->removeInactiveGuests(); + + /* Set referrer page */ + if(isset($_SESSION['url'])){ + $this->referrer = $_SESSION['url']; + }else{ + $this->referrer = "/"; + } + + /* Set current url */ + $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF']; + } + + /** + * checkLogin - Checks if the user has already previously + * logged in, and a session with the user has already been + * established. Also checks to see if user has been remembered. + * If so, the database is queried to make sure of the user's + * authenticity. Returns true if the user has logged in. + */ + function checkLogin(){ + global $database; //The database connection + /* Check if user has been remembered */ + if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){ + $this->username = $_SESSION['username'] = $_COOKIE['cookname']; + $this->userid = $_SESSION['userid'] = $_COOKIE['cookid']; + DEPURAR ("Check Login: " . $this->username); + } + + DEPURAR ("Check Login GUEST_NAME: " . GUEST_NAME); + /* Username and userid have been set and not guest */ + if(isset($_SESSION['username']) && isset($_SESSION['userid']) && + $_SESSION['username'] != GUEST_NAME){ + DEPURAR ("Check Login: Username and userid have been set and not guest"); + /* Confirm that username and userid are valid */ + if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){ + echo "Check Login: Variables are incorrect, user not logged in
"; + /* Variables are incorrect, user not logged in */ + unset($_SESSION['username']); + unset($_SESSION['userid']); + return false; + } + DEPURAR ("Check Login SESSION[username]: " . $_SESSION['username']); + /* User is logged in, set class variables */ + $this->userinfo = $database->getUserInfo($_SESSION['username']); + $this->username = $this->userinfo['username']; + $this->userid = $this->userinfo['userid']; + $this->userlevel = $this->userinfo['userlevel']; + DEPURAR ("Check Login IN!"); + return true; + } + /* User not logged in */ + else{ + DEPURAR("Check Login NOT IN!"); + return false; + } + } + + /** + * login - The user has submitted his username and password + * through the login form, this function checks the authenticity + * of that information in the database and creates the session. + * Effectively logging in the user if all goes well. + */ + function login($subuser, $subpass, $subremember){ + global $database, $form; //The database and form object + DEPURAR ("Login:".$subuser); + /* Username error checking */ + $field = "user"; //Use field name for username + if(!$subuser || strlen($subuser = trim($subuser)) == 0){ + $form->setError($field, "* No se ingreso Código o Carné del Instructor"); + } + else{ + /* Check if username is not alphanumeric */ + if(!eregi("^([0-9a-z])*$", $subuser)){ + $form->setError($field, "* Username not alphanumeric"); + } + } + + /* Password error checking */ + $field = "pass"; //Use field name for password + if(!$subpass){ + $form->setError($field, "* Olvidó ingresar la clave"); + } + + /* Return if form errors exist */ + if($form->num_errors > 0){ + return false; + } + DEPURAR ("Login: Checks 1 passed"); + /* Checks that username is in database and password is correct */ + $subuser = stripslashes($subuser); + $result = $database->confirmUserPass($subuser, md5($subpass)); + + /* Check error codes */ + if($result == 1){ + $field = "user"; + $form->setError($field, "* Código o Carné de Instructor no encontrado"); + DEPURAR ("Login: Not user"); + } + else if($result == 2){ + $field = "pass"; + $form->setError($field, "* Clave inválida"); + DEPURAR ("Login: Not Pass"); + } + + /* Return if form errors exist */ + if($form->num_errors > 0){ + return false; + } + DEPURAR ("Login: Checks 2 passed"); + /* Username and password correct, register session variables */ + $this->userinfo = $database->getUserInfo($subuser); + $this->username = $_SESSION['username'] = $this->userinfo['username']; + $this->userid = $_SESSION['userid'] = $this->generateRandID(); + $this->userlevel = $this->userinfo['userlevel']; + + /* Insert userid into database and update active users table */ + $database->updateUserField($this->username, "userid", $this->userid); + $database->addActiveUser($this->username, $this->time); + $database->removeActiveGuest($_SERVER['REMOTE_ADDR']); + + /** + * This is the cool part: the user has requested that we remember that + * he's logged in, so we set two cookies. One to hold his username, + * and one to hold his random value userid. It expires by the time + * specified in constants.php. Now, next time he comes to our site, we will + * log him in automatically, but only if he didn't log out before he left. + */ + if($subremember){ + setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH); + setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH); + } + DEPURAR ("Login: IN"); + /* Login completed successfully */ + return true; + } + + /** + * logout - Gets called when the user wants to be logged out of the + * website. It deletes any cookies that were stored on the users + * computer as a result of him wanting to be remembered, and also + * unsets session variables and demotes his user level to guest. + */ + function logout(){ + global $database; //The database connection + /** + * Delete cookies - the time must be in the past, + * so just negate what you added when creating the + * cookie. + */ + if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){ + setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH); + setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH); + } + + /* Unset PHP session variables */ + unset($_SESSION['username']); + unset($_SESSION['userid']); + + /* Reflect fact that user has logged out */ + $this->logged_in = false; + + /** + * Remove from active users table and add to + * active guests tables. + */ + $database->removeActiveUser($this->username); + $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time); + + /* Set user level to guest */ + $this->username = GUEST_NAME; + $this->userlevel = GUEST_LEVEL; + } + + /** + * register - Gets called when the user has just submitted the + * registration form. Determines if there were any errors with + * the entry fields, if so, it records the errors and returns + * 1. If no errors were found, it registers the new user and + * returns 0. Returns 2 if registration failed. + */ + function register($subuser, $subpass, $subemail, $nombre, $encargado, $catedratico, $tipo, $departamento){ + global $database, $form, $mailer; //The database, form and mailer object + + /* Username error checking */ + $field = "user"; //Use field name for username + if(!$subuser || strlen($subuser = trim($subuser)) == 0){ + $form->setError($field, "* Username not entered"); + } + else{ + /* Spruce up username, check length */ + $subuser = stripslashes($subuser); + if(strlen($subuser) < 5){ + $form->setError($field, "* Username below 5 characters"); + } + else if(strlen($subuser) > 30){ + $form->setError($field, "* Username above 30 characters"); + } + /* Check if username is not alphanumeric */ + else if(!eregi("^([0-9a-z])+$", $subuser)){ + $form->setError($field, "* Username not alphanumeric"); + } + /* Check if username is reserved */ + else if(strcasecmp($subuser, GUEST_NAME) == 0){ + $form->setError($field, "* Username reserved word"); + } + /* Check if username is already in use */ + else if($database->usernameTaken($subuser)){ + $form->setError($field, "* Username already in use"); + } + /* Check if username is banned */ + else if($database->usernameBanned($subuser)){ + $form->setError($field, "* Username banned"); + } + } + + /* Password error checking */ + $field = "pass"; //Use field name for password + if(!$subpass){ + $form->setError($field, "* Password not entered"); + } + else{ + /* Spruce up password and check length*/ + $subpass = stripslashes($subpass); + if(strlen($subpass) < 4){ + $form->setError($field, "* Password too short"); + } + /* Check if password is not alphanumeric */ + else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){ + $form->setError($field, "* Password not alphanumeric"); + } + /** + * Note: I trimmed the password only after I checked the length + * because if you fill the password field up with spaces + * it looks like a lot more characters than 4, so it looks + * kind of stupid to report "password too short". + */ + } + + /* Email error checking */ + $field = "email"; //Use field name for email + if(!$subemail || strlen($subemail = trim($subemail)) == 0){ + $form->setError($field, "* Email not entered"); + } + else{ + /* Check if valid email address */ + $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" + ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" + ."\.([a-z]{2,}){1}$"; + if(!eregi($regex,$subemail)){ + $form->setError($field, "* Email invalid"); + } + $subemail = stripslashes($subemail); + } + + /* Errors exist, have user correct them */ + if($form->num_errors > 0){ + return 1; //Errors with form + } + /* No errors, add the new account to the */ + else{ + if($database->addNewUser($subuser, md5($subpass), $subemail, $nombre, $encargado, $catedratico, $tipo, $departamento)){ + if(EMAIL_WELCOME){ + $mailer->sendWelcome($subuser,$subemail,$subpass); + } + return 0; //New user added succesfully + }else{ + return 2; //Registration attempt failed + } + } + } + + /** + * editAccount - Attempts to edit the user's account information + * including the password, which it first makes sure is correct + * if entered, if so and the new password is in the right + * format, the change is made. All other fields are changed + * automatically. + */ + function editAccount($subcurpass, $subnewpass, $subemail){ + global $database, $form; //The database and form object + /* New password entered */ + if($subnewpass){ + /* Current Password error checking */ + $field = "curpass"; //Use field name for current password + if(!$subcurpass){ + $form->setError($field, "* Current Password not entered"); + } + else{ + /* Check if password too short or is not alphanumeric */ + $subcurpass = stripslashes($subcurpass); + if(strlen($subcurpass) < 4 || + !eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){ + $form->setError($field, "* Current Password incorrect"); + } + /* Password entered is incorrect */ + if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){ + $form->setError($field, "* Current Password incorrect"); + } + } + + /* New Password error checking */ + $field = "newpass"; //Use field name for new password + /* Spruce up password and check length*/ + $subpass = stripslashes($subnewpass); + if(strlen($subnewpass) < 4){ + $form->setError($field, "* New Password too short"); + } + /* Check if password is not alphanumeric */ + else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){ + $form->setError($field, "* New Password not alphanumeric"); + } + } + /* Change password attempted */ + else if($subcurpass){ + /* New Password error reporting */ + $field = "newpass"; //Use field name for new password + $form->setError($field, "* New Password not entered"); + } + + /* Email error checking */ + $field = "email"; //Use field name for email + if($subemail && strlen($subemail = trim($subemail)) > 0){ + /* Check if valid email address */ + $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*" + ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*" + ."\.([a-z]{2,}){1}$"; + if(!eregi($regex,$subemail)){ + $form->setError($field, "* Email invalid"); + } + $subemail = stripslashes($subemail); + } + + /* Errors exist, have user correct them */ + if($form->num_errors > 0){ + return false; //Errors with form + } + + /* Update password since there were no errors */ + if($subcurpass && $subnewpass){ + $database->updateUserField($this->username,"password",md5($subnewpass)); + } + + /* Change Email */ + if($subemail){ + $database->updateUserField($this->username,"email",$subemail); + } + + /* Success! */ + return true; + } + + /** + * isAdmin - Returns true if currently logged in user is + * an administrator, false otherwise. + */ + function isAdmin(){ + return ($this->userlevel == ADMIN_LEVEL || + $this->username == ADMIN_NAME); + } + + /** + * generateRandID - Generates a string made up of randomized + * letters (lower and upper case) and digits and returns + * the md5 hash of it to be used as a userid. + */ + function generateRandID(){ + return md5($this->generateRandStr(16)); + } + + /** + * generateRandStr - Generates a string made up of randomized + * letters (lower and upper case) and digits, the length + * is a specified parameter. + */ + function generateRandStr($length){ + $randstr = ""; + for($i=0; $i<$length; $i++){ + $randnum = mt_rand(0,61); + if($randnum < 10){ + $randstr .= chr($randnum+48); + }else if($randnum < 36){ + $randstr .= chr($randnum+55); + }else{ + $randstr .= chr($randnum+61); + } + } + return $randstr; + } +}; + + +/** + * Initialize session object - This must be initialized before + * the form object because the form uses session variables, + * which cannot be accessed unless the session has started. + */ +$session = new Session; + +/* Initialize form object */ +$form = new Form; + +?> diff --git a/instalar.php b/instalar.php index 04fb9dc..1592455 100755 --- a/instalar.php +++ b/instalar.php @@ -44,10 +44,10 @@ echo ' Clave: -
Administración +

Administración

Nombre Administrador: - + Correo electrónico: diff --git a/reportes/+HTML/index.php b/reportes/+HTML/index.php new file mode 100644 index 0000000..52d0258 --- /dev/null +++ b/reportes/+HTML/index.php @@ -0,0 +1,3 @@ + \ No newline at end of file diff --git a/reportes/+PDF/index.php b/reportes/+PDF/index.php new file mode 100644 index 0000000..52d0258 --- /dev/null +++ b/reportes/+PDF/index.php @@ -0,0 +1,3 @@ + \ No newline at end of file diff --git a/reportes/index.php b/reportes/index.php new file mode 100644 index 0000000..52d0258 --- /dev/null +++ b/reportes/index.php @@ -0,0 +1,3 @@ + \ No newline at end of file -- 2.11.4.GIT

Clave actual:	">	error("curpass"); ?>
Nueva clave:	">	error("newpass"); ?>
Email:	userinfo['email']; +}else{ + echo $form->value("email"); +} +?>"> +	error("email"); ?>
+ +

Usuario o Carné:
Clave de acceso:
Recordarme:	value("remember")){ echo "checked"; } ?> +' />

Carné:	">	error("user"); ?>
Clave:	">	error("pass"); ?>
Email:	">	error("email"); ?>
Nombre:
Encargado:
Catedrático:
Tipo:	+ +
Departamento:	+ +
+ +

Usuario o Carné: