<?php /************************************************************************************ RAANZ member page (C)2013-2023 RAANZ srp Member login and view all member related info v1 basic system v2 ported to Freeparking host/server single database login feb16 password > pword mar16 added medexpiry field may17 new freeparking database jun17 password 10 char limit jan20 added ITC marks sep21 forgotten password info in message body rather than message header sep21 disabled editing name added auto generate password included dblogin.php included memberlogin.php on save, clear plaintext password and save hash forgotten password generates, saves and sends new password nov21 corrected new password update feb22 corrected last/next annual date for aircraft listing jul22 corrected rehashing passwords jan23 reduced new password length from 10 to 8 jan23 convert to mysqli feb23 php7 compatible may23 php8.0 compatible mar24 disabled dob edit todo **************************************************************************************/ session_start(); //session variables //$_SESSION[‘loggedin’] initally null- set/cleared via admin login //$_SESSION[‘pilotid’]; $mysqli; $conn; $errmsg=””; //includes include ‘iConnect.php’; //database connect function include ‘iLogin.php’; //member login function include ‘hashme.php’; //password hash/save include ‘generatePassword.php’; //simple password generator iConnect(‘raanz_db’); //connect to database //if entry point is from logout button if (isset($_POST[‘pilotlogout’])) { $_SESSION[‘loggedin’]=””; $_SESSION[‘pilotid’]=””; } // if entry point is from member login button…. check member number/password if (isset($_POST[‘pilotlogin’])) { $_SESSION[‘loggedin’]=””; $_SESSION[‘pilotid’]=””; $pilotid=$_POST[‘pilotid’]; $pilotpw=$_POST[‘pilotpw’]; if (iLogin($pilotid,$pilotpw,0)) { $_SESSION[‘loggedin’]=’true’; $_SESSION[‘pilotid’]=$pilotid; } } //load/reload from member record if ($_SESSION[‘loggedin’]==”true”) { $pilotid=$_SESSION[‘pilotid’]; $result = mysqli_query($conn,”SELECT * FROM members WHERE (number = ‘$pilotid’)”); $row = mysqli_fetch_array($result); $pname=$row[‘fullname’]; $pnick=$row[‘nickname’]; $add1=$row[‘address1’]; $add2=$row[‘address2’]; $add3=$row[‘address3’]; $pbirth=$row[‘birthdate’]; $phone=$row[‘phone’]; $pmail=$row[’email’]; $sname=$row[‘surname’]; $pilotpw=$row[‘pword’]; //plaintext password // $hash=$row[‘hash’]; //hashed password $confirm=””; // $metpw=$row[‘metflight’]; $club=$row[‘club’]; $class=$row[‘class’]; $expiry=$row[‘expiry’]; $medexpiry=$row[‘medexpiry’]; $lastcmv=$row[‘lastcmv’]; $receipt=$row[‘receipt’]; $part61=$row[‘part61’]; $tt=$row[‘totaltime’]; $tm=$row[‘totalmicro’]; $ty=$row[‘totalyear’]; $cert=$row[‘certificate’]; $group=$row[‘groups’]; $pax=$row[‘pax’]; $frto=$row[‘frto’]; $lastbfr=$row[‘lastbfr’]; $nextbfr=$row[‘nextbfr’]; $inst=$row[‘instructor’]; $ato=$row[‘ATO’]; $ia=$row[‘IA’]; $tpilot=$row[‘testpilot’]; $tow=$row[‘tow’]; $water=$row[‘water’]; $appoint=$row[‘appointment’]; $cdate=$row[‘contactdate’]; $creason=$row[‘contactreason’]; $law=$row[‘law’]; $nav=$row[‘nav’]; $met=$row[‘met’]; $tech=$row[‘tech’]; $hf=$row[‘humanfactors’]; $gyro=$row[‘gyro’]; $para=$row[‘para’]; $frto1=$row[‘frto1’]; $itc=$row[‘ITC’]; //class lookup $classresult = mysqli_query($conn,”SELECT * FROM class WHERE (cindex = ‘$class’) “); $row = mysqli_fetch_array($classresult); if (!empty($row)) { $class = $row[‘class’]; } //club lookup $clubresult = mysqli_query($conn,”SELECT * FROM clubs WHERE (clubid = ‘$club’) “); $row = mysqli_fetch_array($clubresult); if (!empty($row)) { $club = $row[‘clubname’]; } //certificate lookup $certresult = mysqli_query($conn,”SELECT * FROM certificate WHERE (cert = ‘$cert’) “); $row = mysqli_fetch_array($certresult); if (!empty($row)) { $cert = $row[‘type’]; } //instructor lookup $instresult = mysqli_query($conn,”SELECT * FROM members WHERE (number = ‘$inst’) “); $row = mysqli_fetch_array($instresult); if (!empty($row)) { $inst = $row[‘fullname’]; } //last reason lookup $lcresult = mysqli_query($conn,”SELECT * FROM contactreason WHERE (crindex = ‘$creason’) “); $row = mysqli_fetch_array($lcresult); if (!empty($row)) { $creason = $row[‘reason’]; } //contact log lookup $log = mysqli_query($conn,”SELECT contactlog.date, contactlog.notes, contactreason.reason FROM contactlog LEFT JOIN contactreason ON contactlog.reason=contactreason.crindex WHERE (member = {$_SESSION[‘pilotid’]}) ORDER BY date DESC “); //aircraft lookup $aircraft = mysqli_query($conn,”SELECT * FROM aircraft WHERE (member = {$_SESSION[‘pilotid’]}) “); } // if entry point is from update button if (isset($_POST[‘update’])) { //overlay database variables with user variables $pilotid=$_SESSION[‘pilotid’]; $pname=$_POST[‘pname’]; $pnick=$_POST[‘pnick’]; $add1=$_POST[‘add1’]; $add2=$_POST[‘add2’]; $add3=$_POST[‘add3’]; $pbirth=$_POST[‘pbirth’]; $phone=$_POST[‘phone’]; $pmail=$_POST[‘pmail’]; $newpw=$_POST[‘newpw’]; $confirm=$_POST[‘confirm’]; //and save to database mysqli_query($conn,”UPDATE members SET nickname=’$pnick’, address1=’$add1′, address2=’$add2′, address3=’$add3′, phone=’$phone’, email=’$pmail’ WHERE number=’$pilotid'”); //echo(“update: ” . mysqli_error($conn)); //clear pilotpw to stop rehashing it $pilotpw=null; //handle new password update if (!empty($newpw)) { if ($newpw==$confirm) { $pilotpw=$newpw; } else { echo(“<p style= \"color:red;\">New password and confirm do not match</p>\n”); } } //migrate from plaintext to hashed password if (!empty($pilotpw)) { hashme($pilotid,$pilotpw); echo(“<p style= \"color:red;\">Upgrading to secure password</p>\n”); } } // if entry point is from lost password…generate, send, hash new password if (!empty($_POST[‘lpass’])) { $pilotid=$_POST[‘pilotid’]; $result = mysqli_query($conn,”SELECT * FROM members WHERE (number = ‘$pilotid’) “); $row = mysqli_fetch_array($result); if (empty($row)) { echo(“<p style= \"color:red;\">Unknown Member number</p>\n”); } elseif (empty($row[’email’])) { echo(“<p style= \"color:red;\">No email address for that Member</p>\n”); } else { $newpw=generatePassword(8); hashme($pilotid,$newpw); mail($row[’email’],”New RAANZ database password”,”Your new RAANZ database password is $newpw \n From the RAANZ database”); echo(“<p style= \"color:green;\">Your password has been emailed to “.$row[’email’].”</p>\n”); } } // if entry point is from auto generate password if (isset($_POST[‘generate’])) { $newpw=generatePassword(8); $confirm=$newpw; } ?> <html> <head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>myRAANZ</title> <!--[if IE]> <script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <style type="text/css"> <!-- h1 { font-family: Arial; font-size: 20px; background: #ffffff; color: black; } h2 { font-family: Arial; font-size: 12px; background: #ffffff; color: black; } ph { font-family: Arial; font-size: 14px; font-weight: bold; background: #cccccc; color: black; } small { font-family: Arial; font-size: 8px; background: #ffffff; color: black; } pm { font-family: Arial; font-size: 12px; color: black; } thdr { font-family: Arial; font-size: 10px; font-weight: normal; background: #ffffff; color: black; } tbody { font-family: Arial; font-size: 12px; font-weight: normal; background: #ffffff; color: black; } bodyb { font-family: Arial; font-size: 14px; font-weight: bold; background: #ffffff; color: black; } sideh { font-family: Arial; font-size: 14px; font-weight: bold; background: #cccccc; color: black; } sideb { font-family: Arial; font-size: 12px; font-weight: bold; background: #cccccc; color: black; } siden { font-family: Arial; font-size: 12px; font-weight: normal; background: #cccccc; color: black; } select { height: 15px; font-size: 12px; } form input{ height: 20px; font-size: 14px; font-weight: bold; color: black; max-height: 50px } checkbox{ height: 50px; font-size: 10px; max-height: 12em } radio { height: 12px; font-family: Arial; font-size: 10px; } input.smallcheck { height: 10px; width: 10px; } input.smallradio { height: 10px; width: 10px; } --> </style> </head> <body> <?php echo $errmsg; ?> <form action="myRAANZ.php" method="post"> <img decoding="async" src="logo.bmp" alt="RAANZ logo" height="55" width="180" style="float:left;"> <br><h1>myRAANZ member page</h1> <table border = "0" cellpadding = "5"> <tr> <td align = "right">Pilot:</td> <?php if (empty($_SESSION['loggedin'])) { ?> <td><input type="text" name="pilotid" size="6" maxlength="6" placeholder="RAANZ no" value="<?=$pilotid;?>“></td> <td><input type="password" name="pilotpw" size="10" maxlength="10" placeholder="RAANZ password" value="<?=$pilotpw;?>“></td> <td><input type="submit" name="pilotlogin" style="background-color: #00ff00; font-weight: bold;" value=" LOGIN "> <td><input type="submit" name="lpass" style="background-color: #8888ff; font-weight: bold;" value="Forgotten Password"> <?php } else { ?> <td colspan = "2"><input type="text" name="$pname" size="34" maxlength="35" value="<?=$pname;?>” readonly></td> <td><input type="submit" name="pilotlogout" style="background-color: #ff8888; font-weight: bold;" value="LOGOUT"> <?php } ?> </tr> </table> <?php if (!empty($_SESSION['loggedin'])) { ?> <table border = "0" cellpadding = "5"> <tr> <td bgcolor="#cccccc" valign="top"> <sideh>Quick RAANZ links<br> <br> <sideb><a href="http://www.raanz.org.nz/wiki/pmwiki.php">Home page</a><br><br> <sideb><a href="http://www.raanz.org.nz/wiki/uploads/Admin/RAANZFitProperDeclaration.pdf">FPP form</a><br> <sideb><a href="http://raanz.org.nz/wiki/uploads/Site/RAANZMedicalDeclaration.pdf">Medical form</a><br> <sideb><a href="http://raanz.org.nz/wiki/uploads/Main/structurechart.pdf">Certificate chart</a><br> <sideb><a href="http://raanz.org.nz/wiki/pmwiki.php?n=Admin.Services">Fees & services</a><br> <sideb><a href="http://raanz.org.nz/wiki/pmwiki.php?n=Main.Admin#pay">How to pay</a><br><br> <br> <sideh>Quick external links<br> </td> <td> <hr> <table border="0" cellpadding = "0"> <tr> <td colspan="3"><bodyb>Member personal data (some fields editable by member)</td> </tr> <tr> <td align="right"><thdr>Name</td> <td><input type="text" name="pname" size="30" maxlength="30" placeholder="name" value="<?=$pname;?>” disabled></td> <td align="right"><thdr>Nickname</td> <td><input type="text" name="pnick" size="30" maxlength="30" placeholder="nickname" value="<?=$pnick;?>“></td> </tr> <tr> <td align="right"><thdr>Address 1</td> <td><input type="text" name="add1" size="30" maxlength="30" placeholder="address1" value="<?=$add1;?>“></td> <td align="right"><thdr>Birthdate</td> <td><input type="date" name="pbirth" value="<?=$pbirth;?>” disabled/></td> </tr> <tr> <td align="right"><thdr>Address 2</td> <td><input type="text" name="add2" size="30" maxlength="30" placeholder="address2" value="<?=$add2;?>“></td> <td align="right"><thdr>Phone</td> <td><input type="text" name="phone" size="20" maxlength="20" placeholder="phone" value="<?=$phone;?>“></td> </tr> <tr> <td align="right"><thdr>Address 3</td> <td><input type="text" name="add3" size="30" maxlength="30" placeholder="address3" value="<?=$add3;?>“></td> <td align="right"><thdr>email</td> <td><input type="text" name="pmail" size="50" maxlength="50" placeholder="email" value="<?=$pmail;?>“></td> </tr> <tr> <td align="right"><thdr>New password</td> <td> <input type="text" name="newpw" size="10" maxlength="10" value="<?=$newpw;?>” > <input type="submit" name="generate" style="background-color: #8888ff; font-weight: bold;" value="auto"> </td> </tr> <td align="right"><thdr>Confirm</td> <td><input type="text" name="confirm" size="10" maxlength="10" value="<?=$confirm;?>” ></td> <td></td> <td><input type="submit" name="update" style="background-color: #00ff00; font-weight: bold;" value="SAVE CHANGES"> <tr> </tr> </table> <hr> <table border="0" cellpadding = "0"> <tr> <td colspan="4"><bodyb>Member record (not editable- contact RAANZ if any errors)</td> </tr> <tr> <td align="right"><thdr>Surname</td> <td><input type="text" name="sname" size="20" maxlength="20" value="<?=$sname;?>” disabled></td> <td align="right"><thdr>MetFlight password</td> <td><input type="text" name="metpw" size="4" maxlength="4" value="<?=$metpw;?>” disabled></td> <td align="right"><thdr>Club</td> <td><input type="text" name="club" size="20" maxlength="20" value="<?=$club;?>” disabled></td> </tr> <tr> <td align="right"><thdr>Member class</td> <td><input type="text" name="class" size="20" maxlength="20" value="<?=$class;?>” disabled></td> <td align="right"><thdr>Member expiry</td> <td><input type="text" name="expiry" size="20" maxlength="20" <?php echo((strtotime($expiry) < time()) ? 'style="background:#ff8888;" ': ' ') ?> value=”<?=$expiry;?>” disabled></td> <td align="right"><thdr>Receipt</td> <td><input type="text" name="receipt" size="20" maxlength="20" value="<?=$receipt;?>” disabled></td> </tr> <tr> <td align="right"><thdr>Last CMV</td> <td><input type="text" name="lastcmv" size="20" maxlength="20" value="<?=$lastcmv;?>” disabled></td> <td align="right"><thdr>Part 61</td> <td><input type="text" name="part61" size="20" maxlength="20" value="<?=$part61;?>” disabled></td> <td align="right"><thdr>FRTO</td> <td><input type="text" name="frto" size="20" maxlength="20" value="<?=$frto;?>” disabled></td> </tr> <tr> <td align="right"><thdr>Total time</td> <td><input type="text" name="tt" size="20" maxlength="20" value="<?=$tt;?>” disabled></td> <td align="right"><thdr>Total micro</td> <td><input type="text" name="tm" size="20" maxlength="20" value="<?=$tm;?>” disabled></td> <td align="right"><thdr>Total last 12mth</td> <td><input type="text" name="ty" size="20" maxlength="20" value="<?=$ty;?>” disabled></td> </tr> <tr> <td align="right"><thdr>Certificate</td> <td><input type="text" name="cert" size="30" maxlength="30" value="<?=$cert;?>” disabled></td> <td align="right"><thdr>Groups</td> <td><input type="text" name="group" size="20" maxlength="20" value="<?=$group;?>” disabled></td> <td align="right"><thdr>Passenger rating</td> <td><input type="text" name="pax" size="20" maxlength="20" value="<?=$pax;?>” disabled></td> </tr> <tr> <td align="right"><thdr>Last BFR</td> <td><input type="text" name="lastbfr" size="30" maxlength="30" value="<?=$lastbfr;?>” disabled></td> <td align="right"><thdr>Next BFR</td> <td><input type="text" name="nextbfr" size="20" maxlength="20" <?php echo((strtotime($nextbfr) < time()) ? 'style="background:#ff8888;" ': ' ') ?> value=”<?=$nextbfr;?>” disabled></td> <td align="right"><thdr>Instructor</td> <td><input type="text" name="inst" size="20" maxlength="20" value="<?=$inst;?>” disabled></td> </tr> <tr> <td align="right"><thdr>ATO</td> <td><input type="text" size="30" maxlength="30" value="<?=$ato;?>” disabled></td> <td align="right"><thdr>IA</td> <td><input type="text" size="20" maxlength="20" value="<?=$ia;?>” disabled></td> <td align="right"><thdr>Test pilot</td> <td><input type="text" size="20" maxlength="20" value="<?=$tpilot;?>” disabled></td> </tr> <tr> <td align="right"><thdr>Tow rating</td> <td><input type="text" size="30" maxlength="30" value="<?=$tow;?>” disabled></td> <td align="right"><thdr>Water rating</td> <td><input type="text" size="20" maxlength="20" value="<?=$water;?>” disabled></td> <td align="right"><thdr>Appointments</td> <td><input type="text" size="20" maxlength="20" value="<?=$appoint;?>” disabled></td> </tr> <tr> <td align="right"><thdr>Last contact</td> <td><input type="text" size="30" maxlength="30" value="<?=$cdate;?>” disabled></td> <td align="right"><thdr>Reason</td> <td><input type="text" size="20" maxlength="20" value="<?=$creason;?>” disabled></td> <td align="right"><thdr>Medical expiry</td> <td><input type="text" name="medexpiry" size="20" maxlength="20" <?php echo((strtotime($medexpiry) < time()) ? 'style="background:#ff8888;" ': ' ') ?> value=”<?=$medexpiry;?>” disabled></td> </tr> </table> <hr> <table border="0" cellpadding = "0"> <tr> <td colspan="10"><bodyb>Exams</td> </tr> <tr> <td><thdr>Law</td> <td><input type="text" size="3" maxlength="3" placeholder="law" value="<?=$law;?>“<?php echo(($law<70)? 'style="background:#ff8888;" ': ' ')?> disabled></td> <td><thdr>Nav</td> <td><input type="text" size="3" maxlength="3" placeholder="nav" value="<?=$nav;?>” <?php echo(($nav<70)? 'style="background:#ff8888;" ': ' ')?> disabled></td> <td><thdr>Met</td> <td><input type="text" size="3" maxlength="3" placeholder="met" value="<?=$met;?>” <?php echo(($met<70)? 'style="background:#ff8888;" ': ' ')?> disabled></td> <td><thdr>Tech</td> <td><input type="text" size="3" maxlength="3" placeholder="tech" value="<?=$tech;?>” <?php echo(($tech<70)? 'style="background:#ff8888;" ': ' ')?> disabled></td> <td><thdr>HF</td> <td><input type="text" size="3" maxlength="3" placeholder="hf" value="<?=$hf;?>” <?php echo(($hf<70)? 'style="background:#ff8888;" ': ' ')?> disabled></td> <td><thdr>Gyro</td> <td><input type="text" size="3" maxlength="3" placeholder="gyro" value="<?=$gyro;?>” <?php echo(($gyro<70)? 'style="background:#ff8888;" ': ' ')?> disabled></td> <td><thdr>Para</td> <td><input type="text" size="3" maxlength="3" placeholder="para" value="<?=$para;?>” <?php echo(($para<70)? 'style="background:#ff8888;" ': ' ')?> disabled></td> <td><thdr>FRTO</td> <td><input type="text" size="3" maxlength="3" placeholder="frto" value="<?=$frto1;?>” <?php echo(($frto1<70)? 'style="background:#ff8888;" ': ' ')?> disabled></td> <td><thdr>ITC</td> <td><input type="text" size="3" maxlength="3" placeholder="itc" value="<?=$itc;?>” <?php echo(($itc<70)? 'style="background:#ff8888;" ': ' ')?> disabled></td> </tr> </table> <hr> <table border="0" cellpadding = "2"> <tr> <td colspan="10"><bodyb>Contact log (since May 2011)</td> </tr> <tr> <td><thdr>Date</td> <td><thdr>Reason</td> <td><thdr>Notes</td> </tr> <?php while($row = mysqli_fetch_array($log)) { echo "<tr>“; echo “<td>” . $row[‘date’] . “</td>“; echo “<td>” . $row[‘reason’] . “</td>“; echo “<td>” . $row[‘notes’] . “</td>“; echo “</tr>“; } ?> </table> <hr> <?php //if any aircraft owned by pilot... while($row = mysqli_fetch_array($aircraft)) { //next annual calc $nextannual=date('Y-m-d',strtotime($row['idate']."+ 1 year")); //IA lookup $iaresult = mysqli_query($conn,"SELECT * FROM members WHERE (number = {$row['IA']}) "); $iarow = mysqli_fetch_array($iaresult); ?> <table border="0" cellpadding = "2"> <tr> <td colspan="10"><bodyb>Aircraft record</td> </tr> <tr> <td align="right"><thdr>Rego</td> <td><input type="text" size="5" maxlength="5" value="<?=$row['reg'];?>” disabled></td> <td align="right"><thdr>Type</td> <td><input type="text" size="20" maxlength="20" value="<?=$row['model'];?>” disabled></td> <td align="right"><thdr>Engine</td> <td><input type="text" size="20" maxlength="20" value="<?=$row['engine'];?>” disabled></td> <td align="right"><thdr>Prop</td> <td><input type="text" size="20" maxlength="20" value="<?=$row['prop'];?>” disabled></td> </tr> <tr> <td align="right"><thdr>Last FPV</td> <td><input type="text" size="10" maxlength="10" value="<?=$row['FPV'];?>” disabled></td> <td align="right"><thdr>Last annual</td> <td><input type="text" size="20" maxlength="20" value="<?=$row['idate'];?>” disabled></td> <td align="right"><thdr>Next annual</td> <td><input type="text" size="20" maxlength="20" <?php echo((strtotime($nextannual) < time()) ? 'style="background:#ff8888;" ': ' ') ?>value=”<?=$nextannual;?>” disabled></td> <td align="right"><thdr>IA</td> <td><input type="text" size="20" maxlength="20" value="<?=$iarow['fullname'];?>” disabled></td> </tr> <tr> <td align="right"><thdr>TT</td> <td><input type="text" size="10" maxlength="10" value="<?=$row['TT'];?>” disabled></td> <td align="right"><thdr>T12mth</td> <td><input type="text" size="20" maxlength="20" value="<?=$row['12mth'];?>” disabled></td> <td align="right"><thdr>Notes</td> <td colspan="3"><input type="text" size="54" maxlength="55" value="<?=$row['defects'];?>” disabled></td> </tr> </table> <?php $acid=$row['reg']; $log = mysqli_query($conn,"SELECT contactlog.date, contactlog.notes, contactreason.reason FROM contactlog LEFT JOIN contactreason ON contactlog.reason=contactreason.crindex WHERE (member = '$acid') ORDER BY date ASC "); ?> <table border="0" cellpadding = "2"> <tr> <td colspan="10"><bodyb>Annual Inspection log (since May 2011)</td> </tr> <tr> <td><thdr>Date</td> <td><thdr>Reason</td> <td><thdr>Notes</td> </tr> <?php while($acrow = mysqli_fetch_array($log)) { echo "<tr>“; echo “<td>” . $acrow[‘date’] . “</td>“; echo “<td>” . $acrow[‘reason’] . “</td>“; echo “<td>” . $acrow[‘notes’] . “</td>“; echo “</tr>“; } ?> </table> <hr> <?php } ?> </td> <td> </td> </tr> </table> <?php } ?> </body> </html>
