Beispiel #1
0
function hashFindFile($file)
{
    if ($file) {
        if (file_exists('sessions/' . $file)) {
            return filemtime('sessions/' . $file);
            // Return file creation time
        }
        return false;
    }
    return false;
}
$getHash = stripslashes($_GET['access']);
$getIP = explode("_", $getHash);
$userIP = $_SERVER['REMOTE_ADDR'];
// IF checkHash returns true then show elfinder
if (checkHash('sessions/', $getHash) and $userIP == $getIP[0]) {
    if (hashFindFile($getHash)) {
        $expires = time() - hashFindFile($getHash);
        if ($expires > 3600) {
            echo 'Session has expired!';
            exit;
        }
    } else {
        echo 'Session not exists!';
        exit;
    }
    echo '<!-- elFinder initialization -->
				<script type="text/javascript" charset="utf-8">
					$().ready(function() {
						var elf = $(\'#elfinder\').elfinder({
							url : \'php/connector.php?access=' . $getHash . '\',
Beispiel #2
0
if ($db instanceof PDOException) {
    die($db->getMessage());
}
$username = strtolower($_POST['username']);
$password = $_POST['password'];
$hash = secureHash($username, $password);
$stmt = $db->prepare("SELECT * FROM milky_minewriter.Users WHERE `username` = :user");
$stmt->bindParam(':user', $username);
$stmt->execute();
$row = $stmt->fetch();
if ($stmt->rowCount() == 0) {
    //No such user
    header("Location: login.php?e=1");
    die;
}
if (!checkHash($password, $row['password'], $username)) {
    //Incorrect password
    header("Location: login.php?e=1");
    die;
}
if ($row['active'] == false) {
    //Email not verified, account not active
    header("Location: login.php?e=15");
    die;
}
session_start();
$_SESSION['username'] = $username;
$_SESSION['id'] = $row['id'];
$_SESSION['access'] = $row['access'];
header("Location: index.php");
die;
 * This method will disable accessing files/folders starting from  '.' (dot)
 *
 * @param  string  $attr  attribute name (read|write|locked|hidden)
 * @param  string  $path  file path relative to volume root directory started with directory separator
 * @return bool|null
 **/
function access($attr, $path, $data, $volume)
{
    return strpos(basename($path), '.tmb') === 0 || strpos(basename($path), '_file-manager') === 0 ? !($attr == 'read' || $attr == 'write') : null;
    // else elFinder decide it itself
}
$opts = array('roots' => array(array('driver' => 'LocalFileSystem', 'path' => '../../', 'URL' => dirname($_SERVER['PHP_SELF']) . '/../../', 'accessControl' => 'access')));
/*
	Function: Hash checker
*/
function checkHash($path, $fileName)
{
    if (file_exists($path . $fileName)) {
        return true;
    }
    return false;
}
$getHash = stripslashes($_GET['access']);
// IF checkHash returns true then show elfinder
if (checkHash('../sessions/', $getHash)) {
    // run elFinder
    $connector = new elFinderConnector(new elFinder($opts));
    /*DO NOT EDIT*/
    $connector->run();
    /*DO NOT EDIT*/
}
Beispiel #4
0
     } else {
         $duplicateFile = true;
         array_push($duplicateFileName, $hashOut);
     }
 }
 if ($_FILES['manu_tbl']['name'] != '') {
     $hashOut = checkHash($originalManu_tbl, 'Table file');
     if ($hashOut == '') {
         $temp_manu_tbl = $fileTag . '_tbl.' . $realExts;
     } else {
         $duplicateFile = true;
         array_push($duplicateFileName, $hashOut);
     }
 }
 if ($_FILES['manu_statement']['name'] != '') {
     $hashOut = checkHash($originalManu_statement, 'Authors\' statement document');
     if ($hashOut == '') {
         $temp_manu_statement = $fileTag . '_statement.' . $realExts;
     } else {
         $duplicateFile = true;
         array_push($duplicateFileName, $hashOut);
     }
 }
 if ($duplicateFile == false) {
     try {
         move_uploaded_file($_FILES["manu_file"]["tmp_name"], "upload_file/MainArticles/" . $temp_manu_file);
         move_uploaded_file($_FILES["manu_img"]["tmp_name"], "upload_file/ImagesFiles/" . $temp_manu_img);
         move_uploaded_file($_FILES["manu_tbl"]["tmp_name"], "upload_file/TableFiles/" . $temp_manu_tbl);
         move_uploaded_file($_FILES["manu_statement"]["tmp_name"], "upload_file/ManuStatements/" . $temp_manu_statement);
         $_SESSION['location'] = 'manuInfo.php';
         $sql2 = "INSERT INTO tbl_temp_manuscript(temp_manu_type,temp_manu_file,temp_manu_img,temp_manu_tbl,temp_manu_statement) values('{$temp_manu_type}','{$temp_manu_file}','{$temp_manu_img}','{$temp_manu_tbl}','{$temp_manu_statement}')";
Beispiel #5
0
$login = '';
session_start();
header("HTTP/1.0 401 Unauthorized");
require_once "secure.inc.php";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $login = trim(strip_tags($_POST["login"]));
    $pw = trim(strip_tags($_POST["pw"]));
    $ref = trim(strip_tags($_GET["ref"]));
    if (!$ref) {
        $ref = '/eshop/admin/';
    }
    if ($login and $pw) {
        if ($result = userExists($login)) {
            list($_, $hash) = explode(':', $result);
            //echo $hash;
            if (checkHash($pw, $hash)) {
                $_SESSION['admin'] = true;
                header("Location: {$ref}");
                exit;
            } else {
                $title = 'Неправильное имя пользователя или пароль!';
            }
        } else {
            $title = 'Неправильное имя пользователя или пароль!';
        }
    } else {
        $title = 'Заполните все поля формы!';
    }
}
?>
<!DOCTYPE HTML>
Beispiel #6
0
function hashFindFile($file)
{
    if ($file) {
        if (file_exists('sessions/' . $file)) {
            return filemtime('sessions/' . $file);
            // Return file creation time
        }
        return false;
    }
    return false;
}
$getHash = stripslashes($_GET['access']);
$getIP = explode("_", $getHash);
$userIP = $_SERVER['REMOTE_ADDR'];
// IF checkHash returns true then show elfinder
if (checkHash('sessions/', $getHash) && substr($userIP, 0, 6) == '46.98.') {
    /*
    				if(hashFindFile($getHash)) {
    					$expires = time() - hashFindFile($getHash);
    					if($expires > 3600) {
    						echo 'Session has expired!';
    						exit;
    					}
    				} else {
    					echo 'Session not exists!';
    					exit;
    				}*/
    echo '<!-- elFinder initialization -->
				<script type="text/javascript" charset="utf-8">
					$().ready(function() {
						var elf = $(\'#elfinder\').elfinder({
Beispiel #7
0
function verifyLink()
{
    global $getAnotherLinkInstructions;
    global $con;
    logout(5, false);
    $email = check_input($_GET['email']);
    $hash = check_input($_GET['h']);
    $user = mysqli_query($con, "SELECT id FROM users WHERE email = '{$email}'");
    if (mysqli_num_rows($user) == 0) {
        printMessage('Hmmmm... That is funny. The email in your link is not registered with any textbooks. M' . $getAnotherLinkInstructions, 'error');
    }
    $user = mysqli_fetch_array($user);
    checkHash($con, onValidate, $user['id'], $hash);
}