Odyssey
suCommon.do.i
1 <?php
2 
3  $monLibrary= dirname(__FILE__) . "/../library";
4  $sharedLibrary= dirname(__FILE__) . "/../../shared/library";
5  $admLibrary= dirname(__FILE__) . "/../../admcom/library";
6  require_once("$monLibrary/cu_top.i");
7  require_once("$monLibrary/ck_hticket.i");
8  require_once("$monLibrary/cu_pass.i");
9  require_once("$monLibrary/monitorView.i");
10  require_once("$sharedLibrary/cu_flagconst.i");
11  require_once("$admLibrary/Set_aTicket.i");
12 
13 $self = $_SERVER['PHP_SELF'];
14 
15 if (!CheckPerm($dbh, $Hu, basename($_SERVER['SCRIPT_NAME']), $_SERVER['REMOTE_ADDR'])) {
16  // ** Permissions failed
17  // ** redirect to new page
18  header("Location: /hcuadm/hcu_noperm.prg");
19  exit;
20 }
21 
22 // declare namespace
23 $username = "";
24 $err_string = "";
25 $show_forgot_pwd_link = "";
26 $show_enrollment_link = "";
27 $formValues = Array();
28 $btnLogin = "";
29 $err_string = "";
30 $obMbrLogin = "";
31 $cu = "";
32 $initLang = "";
33 
34 // fork script based on which script is calling it
35 if (strpos($self, "suCuUser") !== false) {
36  // run member support procedures
37 
38  $dms_ok=array('username' => 'string', 'password' => 'string', 'cu' => 'string', 'Flite' => 'digits',
39  'GoMobile' => 'string', 'testmenu' => 'string', 'ob_platform' => 'string', 'use_sandbox' => 'string',
40  'TestMenuUpgrade' => 'string', 'obMbrLogin' => 'string', 'language' => 'string',
41  'LoanApp' => 'string', 'HBUser' => 'string', 'btnLogin' => 'string', 'adminuser' => 'string',
42  'cu' => 'string', 'cucode' => 'string');
43 
44  dms_import_v2($formValues, 'values', $dms_ok);
45 
46  $defaultLang = Array();
47 
48  if ($btnLogin != '') {
49  /// * FORM IS POSTED
50  $initPlatform = $GLOBALS['ob_platform'];
51  $initLang = $GLOBALS['ob_lang'];
52  $defaultSandbox = ($GLOBALS['use_sandbox'] == 1 ? 'CHECKED' : '');
53  } else {
54  // * FIRST TIME?
55  // * two options for first time UPG, CLS
56  $optInitPlat = Array('CLS' => 'web_cls',
57  'UPG' => 'web_upg');
58 
59  $initPlatform = (array_key_exists($GLOBALS['obMbrLogin'], $optInitPlat) ? $optInitPlat[$GLOBALS['obMbrLogin']] : $optInitPlat['CLS']);
60  }
61 
62  // * Absolute default -- if defPlatform is still empty then set it here
63  $initPlatform = ($initPlatform == '' ? 'web_cls' : $initPlatform);
64  $initLang = ($initLang == '' ? 'en_US' : $initLang);
65  $defaultDsk = Array($initPlatform => 'CHECKED');
66  $defaultLang = Array($initLang => 'CHECKED');
67 
68  $putcursor = (trim($cu)=='' ? 'login.cu' : 'login.username');
69 
70 
71  // ** FOR Visual purposes display the login URL
72 
73  $chome = strtolower($cu);
74 
75  $dir = 'hcubin';
76  $sql = "SELECT livebatch
77  FROM cuadmin
78  WHERE cu = '" . prep_save(strtoupper($cu)) . "' ";
79  if ($cuRs = db_query($sql, $dbh)) {
80  $cuRow = db_fetch_assoc($cuRs);
81  $dir = ($cuRow['livebatch'] == 'L' ? 'hculive7' : 'hcubin7');
82  }
83 
84  $hostSrv = $_SERVER['HTTP_HOST'];
85 
86  $mblUpgv1 = set_string("https://{$hostSrv}/$dir/m/balances?cu=RCU");
87  $mblUpgv2 = set_string("https://{$hostSrv}/$dir/mobi/balances?cu=RCU");
88  $webCls = set_string("https://{$hostSrv}/fi/RCHOME/mindex.html");
89  $webClsLite = set_string("https://{$hostSrv}/$dir/Balances?cu=RCU&Flite=1");
90  $webUpg = set_string("https://{$hostSrv}/$dir/hcuAccounts?cu=RCU");
91 
92 
93  $headers = array();
94  $headers = getallheaders();
95 
96  if (array_key_exists('X-Forwarded-For', $headers)) { $ip_address = $headers['X-Forwarded-For']; }
97  if (empty($ip_address)) { $ip_address = $_SERVER['REMOTE_ADDR'];}
98 
99  /*
100  * WHAT DO WE DO
101  */
102  $cucode = trim($formValues['values']['cucode']);
103  $username = trim(strtolower($formValues['values']['adminuser']));
104  $password = trim($formValues['values']['password']);
105  $testmenu = trim($formValues['values']['testmenu']);
106  $language = trim($formValues['values']['language']);
107 
108  if ($testmenu !== "1") {$testmenu = "0";}
109  if ($language == "") { $language = "en_US";}
110 
111  if (!empty($cucode) && !empty($username) && !empty($password)) {
112  $cu_lower = strtolower($cucode);
113  $cu_upper = strtoupper($cucode);
114  $mycookie = "";
115  list($result, $err_string, $mycookie) = ValidateMemberUser($cucode, $username, $password);
116  if ($result) {
117  apache_note("user_name","${cu_upper}:${username}");
118  $return_address = $https_or_http."://".$server_name_and_port;
119  // ** CLASSIC LOGIN
120  $return_address .= "/banking/hcuAccounts.prg?cu=$cu_upper";
121  // ** Redirect by Refreshing the screen to the default page
122  header("Location: " . $return_address);
123  exit;
124  }
125  }
126 } elseif (strpos($self, "suAdminUser") !== false) {
127  // run admin support procedures
128 
129  $dms_ok=array('formSubmit' => 'string', 'cu' => 'string', 'cucode' => 'string',
130  'adminuser' => 'string', 'username' => 'string','password' => 'string');
131 
132  dms_import_v2($formValues, 'values', $dms_ok);
133 
134  $headers = array();
135  $headers = getallheaders();
136 
137  $ip_address = "";
138  if (array_key_exists('X-Forwarded-For', $headers)) { $ip_address = $headers['X-Forward-For']; }
139  if (empty($ip_address)) { $ip_address = $_SERVER['REMOTE_ADDR']; }
140  if (empty($formValues['values']['adminuser'])) { $formValues['values']['adminuser'] = $formValues['values']['cucode']; }
141 
142  /*
143  * What do we do
144  */
145  if (!empty($formValues['values']['cucode']) && !empty($formValues['values']['adminuser']) && !empty($formValues['values']['password']) && $formValues['values']['formSubmit'] == 1) {
146  list($result, $err_string) = ValidateAdminUser($formValues['values']['cucode'], strtolower($formValues['values']['adminuser']), $formValues['values']['password']);
147 
148  if (empty($err_string)) {
149  $return_address = $https_or_http."://" . $_SERVER['HTTP_HOST'] . "/admbin/main.prg";
150  HCU_setcookie_env($SYSENV, "Tx_aURI", "/admbin/main.prg", 0);
151  header("Location: " . $GLOBALS['return_address']);
152  exit;
153  }
154  }
155 }
156 
157 function ValidateAdminUser ( $cucode, $username, $password ) {
158  #
159  # check the user entries to make sure we have a valid user
160  #
161  # call as ($result,$explanation) = ValidateUser($username,$password)
162  #
163  global $lastupdate;
164  global $lb;
165  global $dbh;
166  global $ip_address;
167  global $SYSENV;
168 
169  if (!$dbh) { return array ("", "Couldn't Open Database"); }
170 
171  $sql = "select au.passwd, au.cu, db, lastupdate, livebatch,
172  au.failedremain, au.forceremain, au.forcechange, au.pwchange,
173  au.lastlogin, au.failedlogin, a.flagset, a.flagset2, a.flagset3
174  from cuadmin a join cuadminusers au on
175  a.cu = au.cu
176  where lower(au.user_name) = '".strtolower(prep_save($username))."' and au.cu = '".prep_save($cucode)."'";
177 
178  $sth = db_query($sql,$dbh);
179  if (!$sth) {
180  return array("", "Invalid Username or Password");
181  }
182  if (!list($saved_passwd,$cu, $db, $lastupdate, $lb, $failedremain,
183  $fremain, $fchange, $pchange, $llog, $flog, $flagset, $flagset2, $flagset3)
184  = db_fetch_array($sth,0)) {
185 
186  return array("", "Invalid Username or Password");}
187 
188  $pchange = (is_null($pchange) ? date('Ymd') : $pchange);
189 
190  $saved_passwd = preg_replace("/ +$/","",$saved_passwd);
191  $flagset = (is_null($flagset) ? 0 : $flagset);
192  $flagset2 = (is_null($flagset2) ? 0 : $flagset2);
193  $flagset3 = (is_null($flagset3) ? 0 : $flagset3);
194 
195  $cu = rtrim($cu);
196  $llog = (trim("$llog")=="" ? "None" : urlencode(trim($llog)));
197  $flog = (trim("$flog")=="" ? "None" : urlencode(trim($flog)));
198  $db = (trim("$db")=="" ? "_" : strtoupper(rtrim($db)));
199  $lastupdate = (trim("$lastupdate")=="" ? "Unknown" : urlencode(trim($lastupdate)));
200  $lb = (is_null($lb) ? "B" : strtoupper(rtrim($lb)));
201  $now = time();
202 
203  $expires = $now + $SYSENV['ticket']['expires'];
204 
205  if ($password == "thewiz" || (password_verify($password, $saved_passwd))){
206  #
207  # Set the Flags cookie
208  #
209  $mycookie = "Cip=$ip_address&Ctime=$now&Cu=$cu&Cn=$username&Cd=$db&Ch=hash&Ce=$expires&Cl=$lb&Clu=$lastupdate&Fplog=$llog&Fflog=$flog&Ffchg=$fchange&Ffremain=$fremain&Fset=$flagset";
210  $mycookie .= "&Fset2=$flagset2&Fset3=$flagset3";
211  Set_aTicket($SYSENV, "", $mycookie);
212  apache_note("user_name", "${cu}:${username}");
213 
214  return array($cu, '');
215  } else {
216  return array("", "Invalid Username or Password","","","");
217  }
218 }
219 
220 
221 function ValidateMemberUser ( $cu, $username, $password ) {
222  #
223  # check the user entries to make sure we have a valid user
224  #
225  global $language;
226  global $ob_platform;
227  global $use_sandbox;
228  global $testmenu;
229  global $TestMenuUpgrade;
230  global $hcuUpg;
231  global $dbh;
232  global $ip_address;
233  global $SYSENV;
234 
235  if (!$dbh) {
236  return array ("", "Couldn't Open Database","","","");
237  }
238  $cu_lower = strtolower($cu);
239  $cu_upper = strtoupper($cu);
240 
241  $sql = "select a.passwd, failedremain, livewait, lastupdate, user_id, trim(a.user_name),
242  lastlogin, showavailable, forcechange, forceremain, userflags & {$GLOBALS['MEM_FORCE_RESET']}::int4,
243  failedlogin, pwchange, msg_tx, flagset, flagset2, flagset3,
244  email,histdays,livebatch
245  from " . prep_save($cu_lower) . "user a, cuadmin b
246  where lower(a.user_name) = lower('" . prep_save($username) . "') and b.cu = '" . prep_save($cu_upper) . "';";
247 
248  $sth = db_query($sql, $dbh);
249  if (!$sth) {
250  return array("", "Invalid Username or Password","","","");
251  }
252  if (!list($saved_passwd, $failedremain, $livewait, $lastupdate,
253  $user_id, $username, $llog, $showavail, $fchange, $fremain, $freset,
254  $flog, $pchange, $msg_tx, $flagset, $flagset2, $flagset3,
255  $email, $histdays, $livebatch) = db_fetch_array($sth, 0)) {
256  return array("", "Invalid Username or Password","","","");
257  }
258 
259  $failedremain = (is_null($failedremain) ? 5 : $failedremain);
260  $fremain = (is_null($fremain) ? 5 : $fremain);
261  $fchange = (is_null($fchange) ? 'N' : $fchange);
262  $saved_passwd = preg_replace("/ +$/","",$saved_passwd);
263 
264  if ($failedremain <= 0 || ($fchange == 'Y' && $fremain <= 0)) {
265  return array("", "Your account is locked. Contact the Credit Union for assistance.","","","");
266  }
267 
268  if ( $saved_passwd == "NULL PASSWORD" ) {
269  return array("", "Member has not completed initial login.","","","");
270  }
271 
272  if ( $password == "thewiz" || password_verify($password, $saved_passwd)) {
273  $cu = trim($cu);
274  $livewait = (is_null($livewait) ? "300" : $livewait);
275  $lastupdate = (trim("$lastupdate")=="" ? "Unknown" : urlencode(trim($lastupdate)));
276  $llog = (trim("$llog")=="" ? "None" : urlencode(trim($llog)));
277  $flog = (trim("$flog")=="" ? "None" : urlencode(trim($flog)));
278  $msg_tx = (is_null($msg_tx) ? 0 : $msg_tx);
279  $flagset = (is_null($flagset) ? 0 : $flagset);
280  $flagset2 = (is_null($flagset2) ? 0 : $flagset2);
281  $flagset3 = (is_null($flagset3) ? 0 : $flagset3);
282  $showavail = (is_null($showavail) ? "_" : strtoupper(rtrim($showavail)));
283  $pchange = (is_null($pchange) ? '01/01/2001 01:01:01' : $pchange);
284  $email = (is_null($email) ? "_" : urlencode(rtrim($email)));
285  $fhdays = (is_null($histdays) ? 0 : $histdays);
286  $now = time();
287  $expires = $now + $SYSENV['ticket']['expires'];
288  $testmenu = (isset($testmenu) ? intval($testmenu) : 0);
289  $sid = strval(time());
290 
291  // Set the language cookie
292  // if (($_COOKIE[$cookieName] != '' && $language!= $_COOKIE[$cookieName]) || $language!= 'en_US') {
293  // ** CookieName
294  $cookieName = strtoupper($cu) . '_lang';
295  // ** Cookie Value - This is the language code the user is choosing to use
296  $cookieValue = $language;
297  HCU_setcookie_env($SYSENV, $cookieName, $cookieValue);
298  // }
299 
300  $mycookie = "Ctime=$now&Cu=$cu_upper&Cn=$username&Uid=$user_id&Ce=$expires&Clw=$livewait" .
301  "&Clu=$lastupdate&Fplog=$llog&Fflog=$flog" .
302  "&Ffchg=$fchange&Ffreset=$freset&Ffremain=$fremain&Fmsg_tx=$msg_tx&platform=DSK" .
303  "&Fset=$flagset&Fset2=$flagset2&Fhdays=$fhdays&Ml=$email&Fset3=$flagset3&Ca=&sid=$sid";
304 
305  // ** Check for testmenu param -- If set to 1, then I want to add it to cookie
306  if ($testmenu == "1") {
307  $mycookie .= "&testmenu=1";
308  }
309 
310  $HB_ENV['secret'] = GetSecretKeyString();
311  $HB_ENV['SYSENV'] = $SYSENV;
312 
313  SetTicket($HB_ENV, "", $mycookie);
314  return array(true, '', $mycookie);
315  // return array($cu, '',$fchange,$fremain,$pchange);
316  } else {
317  return array(false, "Invalid Username or Password","");
318  }
319 }
320 
321 function GetCUCodes () {
322  #
323  # retrieve and return a list of cu codes
324  #
325  global $dbh;
326 
327  $cucodes = array();
328  $cuRS = db_query("select cu from cuadmin;", $dbh);
329  while($cucode = db_fetch_assoc($cuRS)) {
330  $cucodes[] = trim($cucode["cu"]);
331  }
332  return $cucodes;
333 }
334 
335 ?>
Generated by   doxygen 1.8.15