'.__('Please fill your Username and Password to Login!').''; } else { # if ($sysconf['captcha']['member']['enable']) { if ($sysconf['captcha']['member']['type'] == 'recaptcha') { require_once LIB.$sysconf['captcha']['member']['folder'].'/'.$sysconf['captcha']['member']['incfile']; $privatekey = $sysconf['captcha']['member']['privatekey']; $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { // What happens when the CAPTCHA was entered incorrectly session_unset(); header("location:index.php?p=member&captchaInvalid=true"); die(); } } else if ($sysconf['captcha']['member']['type'] == 'others') { # other captchas here } } # // regenerate session ID to prevent session hijacking session_regenerate_id(true); // create logon class instance $logon = new member_logon($username, $password, $sysconf['auth']['member']['method']); if ($sysconf['auth']['member']['method'] === 'LDAP') { $ldap_configs = $sysconf['auth']['member']; } if ($logon->valid($dbs)) { // write log utility::writeLogs($dbs, 'member', $username, 'Login', 'Login success for member '.$username.' from address '.$_SERVER['REMOTE_ADDR']); header('Location: index.php?p=member'); exit(); } else { // md5 password $md5_password = MD5($password); // query password $_pass_q = $dbs->query('SELECT mpasswd FROM member WHERE member_id = \''.$username.'\''); $_pass_d = $_pass_q->fetch_row(); if ($_pass_d[0] === $md5_password) { $msg = ''; $msg .= '
'; $msg .= '
'.__('Please update your password!').'
'; $msg .= '
'; $msg .= '
'; $msg .= '
'; $msg .= ''; $msg .= ''; $msg .= '
'; $msg .= '
'; $msg .= ''; $msg .= ''; $msg .= '
'; $msg .= '
'; $msg .= ''; $msg .= ''; $msg .= '
'; $msg .= '
'; $msg .= ''; $msg .= ''; $msg .= '
'; $msg .= '
'; $msg .= '
'; simbio_security::destroySessionCookie($msg, MEMBER_COOKIES_NAME, SWB, false); } else { // write log utility::writeLogs($dbs, 'member', $username, 'Login', 'Login FAILED for member '.$username.' from address '.$_SERVER['REMOTE_ADDR']); // message $msg = '
'.__('Login FAILED! Wrong username or password!').'
'; simbio_security::destroySessionCookie($msg, MEMBER_COOKIES_NAME, SWB, false); } } } } // check if member already login if (!$is_member_login) { function procChangePasswordNew($str_user, $str_curr_pass, $str_new_pass, $str_conf_new_pass) { global $dbs; // current password checking $_sql_pass_check = sprintf('SELECT member_id FROM member WHERE mpasswd=MD5(\'%s\') AND member_id=\'%s\'', $dbs->escape_string(trim($str_curr_pass)), $dbs->escape_string(trim($str_user))); $_pass_check = $dbs->query($_sql_pass_check); if ($_pass_check->num_rows == 1) { $str_new_pass = trim($str_new_pass); $str_conf_new_pass = trim($str_conf_new_pass); // password confirmation check if ($str_new_pass && $str_conf_new_pass && ($str_new_pass === $str_conf_new_pass)) { $_new_password = password_hash($str_conf_new_pass, PASSWORD_BCRYPT); $_sql_update_mpasswd = sprintf('UPDATE member SET mpasswd=\'%s\' WHERE member_id=\'%s\'', $dbs->escape_string($_new_password), $dbs->escape_string(trim($str_user))); @$dbs->query($_sql_update_mpasswd); if (!$dbs->error) { return true; } else { return CANT_UPDATE_PASSWD; } } else { return PASSWD_NOT_MATCH; } } else { return CURR_PASSWD_WRONG; } } // if there is change md5 password request if (isset($_POST['renewPass'])) { $change_pass = procChangePasswordNew($_POST['isusername'], $_POST['isoldpassword'], $_POST['isnewpassword'], $_POST['isconfirmnewpassword']); if ($change_pass === true) { $info = ''.__('Your password have been changed successfully.').''; $info_class = 'alert-success'; } else { if ($change_pass === CURR_PASSWD_WRONG) { $info = __('Current password entered WRONG! Please insert the right password!'); } else if ($change_pass === PASSWD_NOT_MATCH) { $info = __('Password confirmation FAILED! Make sure to check undercase or uppercase letters!'); } else { $info = __('Password update FAILED! ERROR ON DATABASE!'); } $info_class = 'alert-danger'; } $msg = '
'.$info.'
'; simbio_security::destroySessionCookie($msg, MEMBER_COOKIES_NAME, SWB, false); } ?>
'.__('Wrong Captcha Code entered, Please write the right code!').''; } ?>
'."\n"; $_form .= ''."\n"; $_form .= ''."\n"; $_form .= ''; $_form .= ''; $_form .= ''."\n"; $_form .= ''."\n"; $_form .= ''; $_form .= ''; $_form .= ''."\n"; $_form .= ''."\n"; $_form .= ''; $_form .= ''; $_form .= ''."\n"; $_form .= ''."\n"; $_form .= ''; $_form .= ''."\n"; $_form .= '
'.__('Current Password').'
'.__('New Password').'
'.__('Confirm Password').'
'."\n"; $_form .= ''."\n"; return $_form; } /* * Function to process member's password changes * * @param string $str_curr_pass = member's current password * @param string $str_new_pass = member's new password request * @param string $str_conf_new_pass = member's new password request confirmation * @return boolean true on success, false on failed */ function procChangePassword($str_curr_pass, $str_new_pass, $str_conf_new_pass) { global $dbs; // get hash from db $_str_pass_sql = sprintf('SELECT mpasswd FROM member WHERE member_id=\'%s\'', $dbs->escape_string(trim($_SESSION['mid']))); $_str_pass_q = $dbs->query($_str_pass_sql); $_str_pass_d = $_str_pass_q->fetch_row(); $verified = password_verify($str_curr_pass, $_str_pass_d[0]); // current password checking // $_sql_pass_check = sprintf('SELECT member_id FROM member // WHERE mpasswd=MD5(\'%s\') AND member_id=\'%s\'', // $dbs->escape_string(trim($str_curr_pass)), $dbs->escape_string(trim($_SESSION['mid']))); // $_pass_check = $dbs->query($_sql_pass_check); if ($verified) { $str_new_pass = trim($str_new_pass); $str_conf_new_pass = trim($str_conf_new_pass); // password confirmation check if ($str_new_pass && $str_conf_new_pass && ($str_new_pass === $str_conf_new_pass)) { $_new_password = password_hash($str_conf_new_pass, PASSWORD_BCRYPT); $_sql_update_mpasswd = sprintf('UPDATE member SET mpasswd=\'%s\' WHERE member_id=\'%s\'', $dbs->escape_string($_new_password), $dbs->escape_string(trim($_SESSION['mid']))); @$dbs->query($_sql_update_mpasswd); if (!$dbs->error) { return true; } else { return CANT_UPDATE_PASSWD; } } else { return PASSWD_NOT_MATCH; } } else { return CURR_PASSWD_WRONG; } } /* * Function to send reservation e-mail for titles in basket * * @return array */ function sendReserveMail() { if (count($_SESSION['m_mark_biblio']) > 0) { $_ids = '('; foreach ($_SESSION['m_mark_biblio'] as $_biblio) { $_ids .= (integer)$_biblio.','; } $_ids = substr_replace($_ids, '', -1); $_ids .= ')'; } else { return array('status' => 'ERROR', 'message' => 'No Titles to reserve'); } global $dbs, $sysconf; require LIB.'phpmailer/class.phpmailer.php'; $_mail = new PHPMailer(false); $_mail->IsSMTP(); // get message template $_msg_tpl = @file_get_contents(SB.'template/reserve-mail-tpl.html'); // date $_curr_date = date('Y-m-d H:i:s'); // query $_biblio_q = $dbs->query("SELECT biblio_id, title FROM biblio WHERE biblio_id IN $_ids"); // compile reservation data $_data = ''."\n"; $_data .= ''."\n"; while ($_title_d = $_biblio_q->fetch_assoc()) { $_data .= ''; $_data .= ''."\n"; $_data .= ''; } $_data .= '
Titles to reserve
'.$_title_d['title'].'
'; // message $_message = str_ireplace(array('', '', '', ''), array($_SESSION['mid'], $_SESSION['m_name'], $_data, $_curr_date), $_msg_tpl); // e-mail setting // $_mail->SMTPDebug = 2; $_mail->SMTPAuth = $sysconf['mail']['auth_enable']; $_mail->Host = $sysconf['mail']['server']; $_mail->Port = $sysconf['mail']['server_port']; $_mail->Username = $sysconf['mail']['auth_username']; $_mail->Password = $sysconf['mail']['auth_password']; $_mail->SetFrom($sysconf['mail']['from'], $sysconf['mail']['from_name']); $_mail->AddReplyTo($sysconf['mail']['reply_to'], $sysconf['mail']['reply_to_name']); // send carbon copy off reserve e-mail to member/requester $_mail->AddCC($_SESSION['m_email'], $_SESSION['m_name']); // send reservation e-mail to librarian $_mail->AddAddress($sysconf['mail']['from'], $sysconf['mail']['from_name']); // additional recipient if (isset($sysconf['mail']['add_recipients'])) { foreach ($sysconf['mail']['add_recipients'] as $_recps) { $_mail->AddAddress($_recps['from'], $_recps['from_name']); } } $_mail->Subject = 'Reservation request from Member '.$_SESSION['m_name'].' ('.$_SESSION['m_email'].')'; $_mail->AltBody = strip_tags($_message); $_mail->MsgHTML($_message); $_sent = $_mail->Send(); if (!$_sent) { return array('status' => 'ERROR', 'message' => $_mail->ErrorInfo); utility::writeLogs($this->obj_db, 'member', isset($_SESSION['mid'])?$_SESSION['mid']:'0', 'membership', 'FAILED to send reservation e-mail to '.$_SESSION['m_email'].' ('.$_mail->ErrorInfo.')'); } else { return array('status' => 'SENT', 'message' => 'Overdue notification E-Mail have been sent to '.$_SESSION['m_email']); utility::writeLogs($this->obj_db, 'member', isset($_SESSION['mid'])?$_SESSION['mid']:'0', 'membership', 'Reservation notification e-mail sent to '.$_SESSION['m_email']); } } /* * Function to show member collection basket * * @param int number of loan records to show * @return string */ function showBasket($num_recs_show = 20) { global $dbs; // table spec $_table_spec = 'biblio AS b'; // create datagrid $_loan_list = new simbio_datagrid(); $_loan_list->table_ID = 'basket'; $_loan_list->setSQLColumn('b.biblio_id AS \''.__('Remove').'\'', 'b.title AS \''.__('Title').'\''); $_loan_list->setSQLorder('b.last_update DESC'); $_criteria = 'biblio_id = 0'; if (count($_SESSION['m_mark_biblio']) > 0) { $_ids = ''; foreach ($_SESSION['m_mark_biblio'] as $_biblio) { $_ids .= (integer)$_biblio.','; } $_ids = substr_replace($_ids, '', -1); $_criteria = "b.biblio_id IN ($_ids)"; } $_loan_list->setSQLCriteria($_criteria); $_loan_list->column_width[0] = '5%'; $_loan_list->modifyColumnContent(0, ''); // set table and table header attributes $_loan_list->table_attr = 'align="center" class="memberBasketList" cellpadding="5" cellspacing="0"'; $_loan_list->table_header_attr = 'class="dataListHeader" style="font-weight: bold;"'; $_loan_list->using_AJAX = false; // return the result $_result = '
'."\n"; $_datagrid = $_loan_list->createDataGrid($dbs, $_table_spec, $num_recs_show); if ($_loan_list->num_rows > 0) { $_actions = '
'; $_actions .= ''.__('Reserve title(s) on Basket').' '; $_actions .= ''.__('Clear Basket').' '; $_actions .= ''.__('Remove selected title(s) from Basket').' '; $_actions .= '
'; $_result .= '
'.$_loan_list->num_rows.' '.__('title(s) on basket').$_actions.'
'."\n".$_datagrid; } $_result .= "\n
"; return $_result; } /* * Function to show membership detail of logged in member * * @return string */ function showMemberDetail() { // show the member information $_detail = ''."\n"; // member notes and pending information if ($_SESSION['m_membership_pending'] || $_SESSION['m_is_expired']) { $_detail .= ''."\n"; $_detail .= ''; $_detail .= ''."\n"; } $_detail .= ''."\n"; $_detail .= ''; $_detail .= ''; $_detail .= ''."\n"; $_detail .= ''."\n"; $_detail .= ''; $_detail .= ''; $_detail .= ''."\n"; $_detail .= ''."\n"; $_detail .= ''; $_detail .= ''; $_detail .= ''."\n"; $_detail .= ''."\n"; $_detail .= '' .''; $_detail .= ''."\n"; $_detail .= '
Notes'; if ($_SESSION['m_is_expired']) { $_detail .= '
'.__('Your Membership Already EXPIRED! Please extend your membership.').'
'; } if ($_SESSION['m_membership_pending']) { $_detail .= '
'.__('Membership currently in pending state, no loan transaction can be made yet.').'
'; } $_detail .= '
'.__('Member Name').''.$_SESSION['m_name'].''.__('Member ID').''.$_SESSION['mid'].'
'.__('Member Email').''.$_SESSION['m_email'].''.__('Member Type').''.$_SESSION['m_member_type'].'
'.__('Register Date').''.$_SESSION['m_register_date'].''.__('Expiry Date').''.$_SESSION['m_expire_date'].'
'.__('Institution').''.$_SESSION['m_institution'].'
'."\n"; return $_detail; } /* callback function to show overdue */ function showOverdue($obj_db, $array_data) { $_curr_date = date('Y-m-d'); if (simbio_date::compareDates($array_data[3], $_curr_date) == $_curr_date) { return ''.$array_data[3].' '.__('OVERDUED').''; } else { return $array_data[3]; } } /* * Function to show list of logged in member loan * * @param int number of loan records to show * @return string */ function showLoanList($num_recs_show = 20) { global $dbs; require SIMBIO.'simbio_GUI/table/simbio_table.inc.php'; require SIMBIO.'simbio_DB/datagrid/simbio_dbgrid.inc.php'; require SIMBIO.'simbio_GUI/paging/simbio_paging.inc.php'; require SIMBIO.'simbio_UTILS/simbio_date.inc.php'; // table spec $_table_spec = 'loan AS l LEFT JOIN member AS m ON l.member_id=m.member_id LEFT JOIN item AS i ON l.item_code=i.item_code LEFT JOIN biblio AS b ON i.biblio_id=b.biblio_id'; // create datagrid $_loan_list = new simbio_datagrid(); $_loan_list->disable_paging = true; $_loan_list->table_ID = 'loanlist'; $_loan_list->setSQLColumn('l.item_code AS \''.__('Item Code').'\'', 'b.title AS \''.__('Title').'\'', 'l.loan_date AS \''.__('Loan Date').'\'', 'l.due_date AS \''.__('Due Date').'\''); $_loan_list->setSQLorder('l.loan_date DESC'); $_criteria = sprintf('m.member_id=\'%s\' AND l.is_lent=1 AND is_return=0 ', $_SESSION['mid']); $_loan_list->setSQLCriteria($_criteria); // modify column value $_loan_list->modifyColumnContent(3, 'callback{showOverdue}'); // set table and table header attributes $_loan_list->table_attr = 'align="center" class="memberLoanList" cellpadding="5" cellspacing="0"'; $_loan_list->table_header_attr = 'class="dataListHeader" style="font-weight: bold;"'; $_loan_list->using_AJAX = false; // return the result $_result = $_loan_list->createDataGrid($dbs, $_table_spec, $num_recs_show); $_result = '
'.$_loan_list->num_rows.' '.__('item(s) currently on loan').' | Download All Current Loan
'."\n".$_result; return $_result; } /* Experimental Loan History - start */ function showLoanHist($num_recs_show = 20) { global $dbs; // table spec $_table_spec = 'loan AS l LEFT JOIN member AS m ON l.member_id=m.member_id LEFT JOIN item AS i ON l.item_code=i.item_code LEFT JOIN biblio AS b ON i.biblio_id=b.biblio_id'; // create datagrid $_loan_hist = new simbio_datagrid(); $_loan_hist->disable_paging = true; $_loan_hist->table_ID = 'loanhist'; $_loan_hist->setSQLColumn('l.item_code AS \''.__('Item Code').'\'', 'b.title AS \''.__('Title').'\'', 'l.loan_date AS \''.__('Loan Date').'\'', 'l.return_date AS \''.__('Return Date').'\''); $_loan_hist->setSQLorder('l.loan_date DESC'); $_criteria = sprintf('m.member_id=\'%s\' AND l.is_lent=1 AND is_return=1 ', $_SESSION['mid']); $_loan_hist->setSQLCriteria($_criteria); // modify column value #$_loan_hist->modifyColumnContent(3, 'callback{showOverdue}'); // set table and table header attributes $_loan_hist->table_attr = 'align="center" class="memberLoanList" cellpadding="5" cellspacing="0"'; $_loan_hist->table_header_attr = 'class="dataListHeader" style="font-weight: bold;"'; $_loan_hist->using_AJAX = false; // return the result $_result = $_loan_hist->createDataGrid($dbs, $_table_spec, $num_recs_show); $_result = '
 '.$_loan_hist->num_rows.' '.__('item(s) loan history').' | Download All Loan History
'."\n".$_result; return $_result; } /* Experimental Loan History - end */ // if there is change password request if (isset($_POST['changePass']) && $sysconf['auth']['member']['method'] == 'native') { $change_pass = procChangePassword($_POST['currPass'], $_POST['newPass'], $_POST['newPass2']); if ($change_pass === true) { $info = ''.__('Your password have been changed successfully.').''; } else { if ($change_pass === CURR_PASSWD_WRONG) { $info = __('Current password entered WRONG! Please insert the right password!'); } else if ($change_pass === PASSWD_NOT_MATCH) { $info = __('Password confirmation FAILED! Make sure to check undercase or uppercase letters!'); } else { $info = __('Password update FAILED! ERROR ON DATABASE!'); } $info = ''.$info.''; } } // send reserve e-mail if (isset($_POST['sendReserve'])) { $mail = sendReserveMail(); // die(); if ($mail['status'] != 'ERROR') { $info = __('Reservation e-mail sent successfully!'); } else { $info = ''.__(sprintf('Reservation e-mail FAILED to sent with error: %s Please contact administrator!', $mail['message'])).''; } } // biblio basket add process if (isset($_POST['biblio'])) { if (!is_array($_POST['biblio']) && is_scalar($_POST['biblio'])) { $_tmp_biblio = $_POST['biblio']; unset($_POST['biblio']); $_POST['biblio'][] = $_tmp_biblio; } // check reserve limit if ( (count($_SESSION['m_mark_biblio'])+count($_POST['biblio'])) > $sysconf['max_biblio_mark'] ) { $info = 'Maximum '.$sysconf['max_biblio_mark'].' titles can be added to basket!'; } else { foreach ($_POST['biblio'] as $biblio) { $biblio = (integer)$biblio; $_SESSION['m_mark_biblio'][$biblio] = $biblio; } } } // biblio basket remove process if (isset($_GET['rm_biblio'])) { if (!is_array($_GET['rm_biblio']) && is_scalar($_GET['rm_biblio'])) { $_tmp_biblio = $_GET['rm_biblio']; unset($_GET['rm_biblio']); $_GET['rm_biblio'][] = $_tmp_biblio; } foreach ($_GET['rm_biblio'] as $biblio) { $biblio = (integer)$biblio; unset($_SESSION['m_mark_biblio'][$biblio]); } } // biblio basket item removal process if (isset($_POST['basketRemove']) && isset($_POST['basket']) && count($_POST['basket']) > 0) { foreach ($_POST['basket'] as $basket_item) { unset($_SESSION['m_mark_biblio'][$basket_item]); } } // biblio basket clear process if (isset($_POST['clear_biblio'])) { $_SESSION['m_mark_biblio'] = array(); } // show all echo '
'; echo '
'.__('Member Detail').'
'."\n"; echo '
'; echo '
'; echo showMemberDetail(); echo '
'; echo '
'; echo '
'.__('Your Current Loan').'
'."\n"; echo '
'; echo '
'; echo showLoanList(); echo '
'; echo '
'; echo '
'.__('Your Loan History').'
'."\n"; echo '
'; echo showLoanHist(); echo '
'; echo '
'; echo '
'.__('Your Title Basket').'
'."\n"; echo showBasket(); echo '
'; // change password only form NATIVE authentication, not for others such as LDAP if ($sysconf['auth']['member']['method'] == 'native') { echo '
'; echo '
'.__('Change Password').'
'."\n"; echo '
'; echo changePassword(); } ?>