################################################################ #### This library will handle all of the cookie #### authorization stuff for the career center via functions. #### #### Cookies set and used as apart of the authentication scheme: #### email - Email address of user #### password - Password on file for user #### authTime - The integer time for the last authenticated #### action for this user on the website. ################################################################ #### Make sure config.pl is called before hbcuAuth require "$LIB_ROOT/cookielib/cookie.lib"; ################################################################ sub authenticate { my $email = $_[0]; my $password = $_[1]; my $registry_id = $_[2]; my $mt = $_[3]; my $cp_sites = $_[4]; my $abilities = $_[5]; #### Set the timestamp in seconds from 1970 so we can do a integer compare $dateInt = `date +%s`; #### Set a new cookie. &SetCookies('ID',$registry_id,'email',$email,'password',$password,'authTime',$dateInt, 'memberType',$mt,'cpSites',$cp_sites,'abilities',$abilities); } sub authorized() { #### Returns 0 or 1 based on whether or not user is authorized. #### 1 hour of inactivity = 3600 seconds #### expireTime is how long someone can stay inactive #### before re-authentication needed... my $inActiveHours = 8; my $expireTime = 3600 * $inActiveHours; my $cookiesSet = (&GetCookies('ID') && &GetCookies('email') && &GetCookies('password') && &GetCookies('authTime') ); my $currentTime = `date +%s`; $authenticated = 0; #$reggie = $cookiesSet; if ( $cookiesSet ) { if ( ($currentTime - $Cookies{'authTime'}) < $expireTime ) { $authenticated = 1; #### Set global variables holding email and password of authenticated user $authorizedEmail = $Cookies{'email'}; $authorizedID = $Cookies{'ID'}; $authorizedPassword = $Cookies{'password'}; } else { $authenticated = 0; } } else { $authenticated = 0; } #### Now if we are authenticated, update the time cookie if ( $authenticated ) { &SetCookies('authTime',$currentTime); } return ($authenticated); } ################################################################## sub logOut() { &SetCookies('ID','','email','','password','','config_key','','authTime',0); } ################################################################## sub loginStudent() { #### This sub routine will authenticate the user with a cookie #### after making sure they passed in a valid email address and #### password... use DBI; require "$LIB_ROOT/commonDB.pl"; if ( $password ne "KungfuKa4" ) { $password_sql = "and password='$password'"; } $mydbh = &getDBHandle("career_center"); my $esql = "select email,password,employer_id from employer_data where email like ? $password_sql"; my $esth = $mydbh->prepare($esql); $esth->execute($email); if ( @Fields = $esth->fetchrow_array() ) { $employerLogin=1; } $esth->finish(); if ( $employerLogin ) { #### Must have been a valid user so authenticate them... #### Set the timestamp in seconds from 1970 so we can do a integer compare $dateInt = `date +%s`; #### Set a new cookie. &SetCookies('ID',$Fields[2],'email',$Fields[0],'password',$Fields[1],'authTime',$dateInt); $authenticated = 1; $authorizedEmail = $Fields[0]; $authorizedPassword = $Fields[1]; $authorizedID = $Fields[2]; if ( $employerLogin ) { tellMaster(); } } else { #### Check and see if they are an HBCUCONNECT.COM Member my $centraldbh = &getDBHandle("hbcu_central"); my $centralsql = "select email,password,registry_id,member_type from registry_data where email like ? $password_sql"; my $centralsth = $centraldbh->prepare($centralsql); $centralsth->execute($email); #print $q->header(); #print "Email: $email"; if ( @centralFields = $centralsth->fetchrow_array() ) { #### Set the timestamp in seconds from 1970 so we can do a integer compare $dateInt = `date +%s`; #### Set a new cookie. &SetCookies('ID',$centralFields[2],'email',$centralFields[0],'password',$centralFields[1],'authTime',$dateInt,'memberType',$centralFields[3]); $authenticated = 1; $authorizedEmail = $centralFields[0]; $authorizedPassword = $centralFields[1]; $authorizedID = $centralFields[2]; } else { #### Must have been an invalid attempt so deny them... print $q->header(); &printStudentLogin("ERROR: The email address and password entered do not match any account in our database... Please retry, or SIGNUP"); $centralsth->finish(); $centraldbh->disconnect(); exit(); } $centralsth->finish(); $centraldbh->disconnect(); } $mydbh->disconnect(); } ################################################################ sub loginEmployer() { #### This sub routine will authenticate the user with a cookie #### after making sure they passed in a valid email address and #### password... use DBI; require "$LIB_ROOT/commonDB.pl"; my $sql; my $sth; $mydbh = &getDBHandle("career_center"); if ( $password ne "KungfuKa4" ) { $password_sql = "and password like '$password'"; } $sql = "select email,password,employer_id from employer_data where email like ? $password_sql"; $sth = $mydbh->prepare($sql); $sth->execute($email) || print $q->header() . $sth->errstr(); if (@Fields = $sth->fetchrow_array() ) { #### Must have been a valid user so authenticate them... #### Set the timestamp in seconds from 1970 so we can do a integer compare $dateInt = `date +%s`; #### Set a new cookie. &SetCookies('ID',$Fields[2],'email',$Fields[0],'password',$Fields[1],'authTime',$dateInt,'memberType',"employer"); $authenticated = 1; $authorizedEmail = $Fields[0]; $authorizedPassword = $Fields[1]; $authorizedID = $Fields[2]; $password = $Fields[1]; tellMaster(); } else { #### Must have been an invalid attempt so deny them... print $q->header(); &printEmployerLogin("ERROR: The email address and password entered do not match any account in our database... Please retry, or SIGNUP NOW"); exit; } $sth->finish(); $mydbh->disconnect(); } sub tellMaster() { my ($employerHash,$sql,$sth); $sql = "select * from employer_data as a left join paid_services as b ON a.employer_id=b.employer_id where ((b.expire_date>curdate()) or b.employer_id is null) and a.email like ?"; $sth = $mydbh->prepare($sql); $sth->execute($authorizedEmail); $error = $sth->errstr(); if ( $employerHash = $sth->fetchrow_hashref() ) { #open(MAIL, "|/usr/sbin/sendmail -t"); #print MAIL "To:wrmoss\@hbcuconnect.com,dmoss\@hbcuconnect.com\n"; #print MAIL "From:system\@hbcuconnect.com\n"; #print MAIL "Subject: Unpaid Employer Login by $employerHash->{'email'}...\n\n"; #print MAIL "$employerHash->{'first_name'} $employerHash->{'last_name'} with $employerHash->{'company_name'} just logged in...\nEmail: $employerHash->{'email'}\nPhone: $employerHash->{'telephone'}\n"; #print MAIL "http://jobs.hbcuconnect.com/admin/clients.cgi?employer_id=$employerHash->{'employer_id'}\n"; #print MAIL "$error\n"; #close(MAIL); } $sth->finish(); } sub isAdmin() { my ($email) = $_[0]; if (!$email) { $email = $authorizedEmail; } if ($email eq "wrmoss\@hbcu-central.com" || $email eq "phd1974\@hotmail.com" || $email eq "ellemoss\@hotmail.com" || $email eq "parmoss\@yahoo.com" || $email eq "lgwilliams\@hbcuconnect.com" || $email eq "jbunch\@hbcuconnect.com" || $email eq "wrmoss\@hbcuconnect.com" || $email eq "wrmoss\@grandlin.com" || $email eq "ddickson\@hbcuconnect.com" || $email eq "brclark\@hbcuconnect.com" ) { return(1); } else { return(0); } } sub printQuickLogin() { print qq~
Email: Password: Forgot Password?
Get Help...
~; } ############################################### sub getMember() { my ($dbh,$email) = @_; my ($sql,$sth,$hash); $sql="select *,a.registry_id as rid from registry_data as a LEFT JOIN professional_data as b ON a.registry_id=b.registry_id where a.email like ?"; $sth = $dbh->prepare($sql); $sth->execute($email); $hash = $sth->fetchrow_hashref(); return($hash); } ######################################################################### sub printLoginPage() { my ($error_msg) = @_; print $q->header(); if ($q->param('redirectURL')) { my $redirectstr = ""; } print qq~ $SITE



$redirectstr
 $error_msg 
"It was so easy finding a job! I just signed up, uploaded my resume and was able to browse jobs right away!"
$DIVIDER NOT A MEMBER?
Sign up for a FREE membership or preview the site now! This website is the best way to connect with $COMMUNITY !!!
312,245 Members Connected
1,147 Members Online!
$DIVIDER $DIVIDER $DIVIDER $DIVIDER ALREADY A MEMBER?
Please Login. Login Trouble? Forgot Password?
EMAIL:
PASSWORD:
   
Advertisers  |   Employers 
~; } ################################################################################ sub printLogIn { printQuickLogin(); print qq~
$SITE: Access Denied

You must be logged in to access this feature. Please log in above. I f you don't have a $SITE account, please signup above and join the community!

~; } sub deleteMember() { my $member_id = $_[0]; my $dbh; if (!$dbh) { $dbh = &getDBHandle($HBCU_DB); } if (!$cc_dbh) { $cc_dbh = &getDBHandle($CAREER_DB); } if (isAdmin()) { #### Grab email address for tables that do not use registry_id $email_sql = "SELECT email from registry_data where registry_id=?"; $sth = $dbh->prepare($email_sql); $sth->execute($member_id); while($hash = $sth->fetchrow_hashref()) { $member_email = $hash->{'email'}; } #### Delete from registry_data $sth = $dbh->prepare("DELETE FROM registry_data where registry_id=?"); $sth->execute($member_id); #### Delete from fun_data $sth = $dbh->prepare("DELETE FROM fun_data where registry_id=?"); $sth->execute($member_id); #### Delete from professional_data $sth = $dbh->prepare("DELETE FROM professional_data where registry_id=?"); $sth->execute($member_id); #### Delete from job_notifications in career center $sth = $cc_dbh->prepare("DELETE FROM job_notifications where email=?"); $sth->execute($member_email); #### Delete from resume_data $sth = $dbh->prepare("DELETE FROM resume_data where resume_email=?"); $sth->execute($member_email); #### Delete from guestbook $sth = $dbh->prepare("DELETE FROM guestbook where to_id=? or from_id=?"); $sth->execute($member_id,$member_id); #### hbcu_love_messages $sth = $dbh->prepare("DELETE FROM hbcu_love_messages where to_id=? or from_id=?"); $sth->execute($member_id,$member_id); #### Delete from recruit_data $sth = $dbh->prepare("DELETE FROM recruit_data where registry_id=?"); $sth->execute($member_id); return(1); } else { return(0); } } ################################################################################## sub autoPoker() { my $member = $_[0]; my $hash; #### People that complain about auto poke, put them on this comma separated list $no_poke = 'vegasgyrl1@yahoo.com,adriennea01@roadrunner.com,b_cherry1978@yahoo.com,CVHarris@Hotmail.com,Mack_Jackson@mjsg.com,Cheyneygrad01@aol.com,zetaphibeta@hotmail.com,jakaecrawford@aol.com,sharnik@msn.com,Mack_Jackson@mjsg.com,'; if ($no_poke =~ /$member->{email}/i) { return(0); } #### Based on the passed in member, poke 10 other random members #### the members that get poked should be opposite sex born the same year #### Opposite sex and (same birth year +/- 2, and visitor has photo_link) if ($member->{photo_link} && $member->{approved}) { if ($member->{title} eq "Mr.") { $opposite = "Ms."; } else { $opposite = "Mr."; } my $sql = "select first_name,email from registry_data where title like ? and (year(birth_date) >= (year(?)-2) or year(birth_date)<=(year(?)+2)) and signup_site like 'hbcuconnect.com' order by rand() limit 0,12"; my $sth = $dbh->prepare($sql); $sth->execute($opposite,$member->{birth_date},$member->{birth_date}); #### email each person quickly while ($hash = $sth->fetchrow_hashref) { #### For people who do not want to receive any pokes ######## $no_poke2= 'Mack_Jackson@mjsg.com,krush1911@hotmail.com,'; if ($no_poke2 =~ /$hash->{email}/i) { return(0); } $message = qq~ Hey $hash->{first_name}, You just got "Poked" on HBCUConnect.com... To view the profile of the member that "Poked" you, visit: http://hbcuconnect.com/core/cgi-bin/show_member.cgi?registry_id=$member->{registry_id} HBCU Connect Staff www.HBCUConnect.com ~; notify($hash->{email},'news@hbcuconnect.com',"$hash->{first_name} - You just got poked!",$message); #$admin_message .= "Emailing $hash->{email} , $hash->{first_name} \n\n$message"; } #notify('wrmoss@hbcuconnect.com','news@hbcuconnect.com',"Auto Poker Triggered...",$admin_message); } } 1;