<?php
define('ROOT_PATH', '');
require_once ROOT_PATH . 'functions.php';
require_once ROOT_PATH . 'classes/recaptchalib.php';
/*
login.php
Login, logout, whatever.
*/
if (posted('logout')) {
logout();
alert('Successfully logged out.', 1);
} elseif (csrfVerify()) {
if (limit_attempts('login', 10, 300)) {
alert('Too many attempts. (no more than ten in five minutes)', -1);
} elseif (posted('login')) {
//Is the submit button submitted for all browsers? hm
//Naturally all this stuff is useless without proper SSL security. Shhhhhhhhhhh.
if (loginEmailPass($_POST['email'], $_POST['pass'])) {
reset_attempts('login');
if (isset($_SESSION['login_redirect_back'])) {
//--todo-- redirect back immediately, don't redirect
$lr = $_SESSION['login_redirect_back'];
alert('Logged in!', 1, basename($lr));
unset($_SESSION['login_redirect_back']);
header('Location: ' . $lr);
} else {
alert('Successfully logged in!', 1);
}
} else {
logout();
define('ROOT_PATH', '');
require_once ROOT_PATH . 'functions.php';
restrictAccess('u');
//xuca
/*
input.php
Input of questions into the database.
*/
$unparsed = '';
$lastErr = error_get_clear();
if (isset($_SERVER['CONTENT_LENGTH']) && (int) $_SERVER['CONTENT_LENGTH'] > convert_to_bytes(ini_get('post_max_size'))) {
echo 'File(s) too large.';
$error = true;
}
if (csrfVerify() && (posted("copypaste") || filed("fileupload") || posted("directentry"))) {
echo '<div style="font-size:0.8em;border:solid 1px #000000;display:inline-block;padding:5px;">
<i>We are processing your questions right now...</i><br><br>';
if (posted("directentry")) {
$err = '';
try {
$q = new qIO();
$q->addByArray($_POST["Q"]);
$q->commit();
} catch (Exception $e) {
$err = "Error: " . $e->getMessage();
}
if ($err == '') {
echo "Questions entered successfully, with Question-IDs <b>" . arrayToRanges($q->getQIDs()) . "</b><br><br><br>";
} else {
echo $err;
}
foreach ($fullname as $name => $full) {
$count = count($ruleSet[$name]);
$checkboxoptions .= '<div><b>' . $full . '</b> ';
if (csrfVerify() && posted($name)) {
$_SESSION["randq"][$name] = $_POST[$name];
} elseif (!array_key_exists($name, $_SESSION["randq"])) {
$_SESSION["randq"][$name] = NULL;
}
//Remembering in $_SESSION
for ($i = 0; $i < $count; $i++) {
$checkboxoptions .= '<label>' . $ruleSet[$name][$i] . ' <input type="checkbox" name="' . $name . '[]" value="' . $i . '" ' . (is_array($_SESSION["randq"][$name]) && in_array($i, $_SESSION["randq"][$name]) || $_SESSION["randq"][$name] === NULL ? 'checked' : '') . ' /></label> ';
}
$checkboxoptions .= '</div>';
}
$_SESSION["randq"]["numqs"] = normRange(csrfVerify() ? POST("numqs") : NULL, 1, $MAX_NUMQS, $DEFAULT_NUMQS);
$checkboxoptions .= "<b>Number of Questions</b> (max {$MAX_NUMQS}) <input type='number' name='numqs' value='{$_SESSION["randq"]["numqs"]}' min='1' max='{$MAX_NUMQS}'/>";
//Using the session variables set above to get random questions.
//--todo-- what's the point of "add" if you're only doing it this once? Overhead w/ $Q? Really OP.
if ($E = $q->clear()->addRand($_SESSION["randq"]["QParts"], $_SESSION["randq"]["Subjects"], $_SESSION["randq"]["QTypes"], $_SESSION["randq"]["numqs"])->error) {
alert($E, -1);
}
$checkboxoptions .= '<input type="hidden" name="qidcsv" value="' . implode(',', $q->getQIDs()) . '" />' . '<br><input type="submit" value="Next" onclick="return confirm(\'Not all questions are revealed. Are you sure?\');"/>' . '<br><br><div><b>Export Below as Document:</b> <select name="docexport"><option value="QIDCSV">Question-ID comma-separated values</option><option value="HTML">HTML</option></select><input type="submit" name="getDoc" value="Export"/></div>';
?>
<!--div class='question'>
<span style='display:inline-block;width:40%;'>[QID %QID%]</span><span style='display:inline-block;width:59%;text-align:right;font-size:0.8em;'><a href="#" class="editbtn">[Edit]</a></span>
<div>Mark as Bad: <input type="checkbox" name="markBad[]" value="%N%"/></div>
<input type="hidden" name="qids[]" value="%QID%"/>
<div style='font-weight:bold;text-align:center;' class="part">%PART%</div>
<div><span class="subject">%SUBJECT%</span> <i><span class="type">%TYPE%</span></i> <span class="qtext">%QUESTION%</span></div>
<div style="font-size:0.9em;">%MCOPTIONS%</div>
<?php
define('ROOT_PATH', '');
require_once ROOT_PATH . 'functions.php';
restrictAccess('a');
//xuca
//separate face of this page: "Are you sure?"
//echo $_SESSION["admin-ver"]=genRandStr();
//if($_POST["admin-ver"]===$_SESSION["admin-ver"])
//for particularly dangerous ones "Reenter password to do this action"
echo '<b style="color:green">';
if (csrfVerify()) {
if (isset($_POST["logout"])) {
session_total_reset();
die("logged out");
} elseif (isset($_POST["truncQs"])) {
DB::query("TRUNCATE TABLE questions");
alert("TRUNCATE TABLE executed.<br><br>", 1);
} elseif (isset($_POST["timesViewed"])) {
DB::query("UPDATE questions SET TimesViewed=0");
alert("All questions' times-viewed-s zeroed.<br><br>", 1);
} elseif (isset($_POST["markBad"])) {
DB::query("UPDATE questions SET MarkBad=0");
alert("All questions' marked-as-bad-s zeroed.<br><br>", 1);
} elseif (isset($_POST["optimizeTables"])) {
DB::query("OPTIMIZE TABLE users,questions");
alert("OPTIMIZE TABLE executed<br><br>", 1);
} elseif (isset($_POST["qInt"])) {
//Subject in {0,1,2,3,4}
//isB and isSA in {0,1}
//Question not blank or null
