function deleteArticle($id_article) { // Si un utilisateur est connecté if (isLoged()) { // Requete pour effacer un article par son id $req = 'DELETE FROM Article WHERE id_Article = "' . $id_article . '"'; queryDB($req); } }
<?php //Session management ini_set("session.cookie_secure", 0); session_start(); if (empty($_SESSION['token'])) { $_SESSION['token'] = base64_encode(mcrypt_create_iv(8, MCRYPT_DEV_URANDOM)); } if (!empty($_POST['action']) and isEqual($_POST['action'], "login") and !empty($_POST['username']) and !empty($_POST['password']) and !empty($_POST['CRSFtoken'])) { $user = userLogin($file_db, $_POST['username'], $_POST['password'], $_POST['CRSFtoken']); error_log($user); } elseif (isLoged()) { $user = userInfo($file_db, $_SESSION['userId']); }
<?php if (isLoged()) { //logOut ?> <footer class="wrapper"> <a class="admin" id="plugins"><?php echo $translation["admin_plugins"]; ?> </a> <a class="admin" id="CSS"><?php echo $translation["admin_css"]; ?> </a> <a class="admin" id="JS"><?php echo $translation["admin_js"]; ?> </a> <a class="admin" id="header"><?php echo $translation["admin_header"]; ?> </a> <a class="admin" id="footer"><?php echo $translation["admin_footer"]; ?> </a> <a class="admin" id="editSummary" data-lang="<?php echo $lang; ?> "><?php echo $translation["admin_summary"];
function userLogin($db, $username, $password, $token) { error_log("In function"); if (isLoged()) { //already loged in! $return = false; } else { $login = $db->prepare("SELECT id_user, username, hash, salt FROM user WHERE username LIKE :username"); $login->bindParam(":username", $username); $login->execute() or die('Unable to get userLogin'); $i = 0; foreach ($login as $user) { $i++; if ($_SESSION['token'] != $token) { //Not coming from the website $return = false; } else { $password = crypt($password, '$6$rounds=1000$' . $user['salt']); $password = explode("\$", $password); $hash = $password[4]; if ($hash != $user['hash']) { //bad password $return = false; } else { //login successful $_SESSION['userId'] = $user['id_user']; $return = $user; } //in any case, refresh the token $_SESSION['token'] = base64_encode(mcrypt_create_iv(8, MCRYPT_DEV_URANDOM)); } } if ($i === 0) { $return = false; } } return $return; }
<?php require_once 'product_model.php'; require_once 'sample-data/category.php'; require_once 'config.php'; require_once 'login_model.php'; require_once 'cart_model.php'; require_once 'order_preview_model.php'; orderPreview(); ?> <?php $categories = mainCategory($DB); isLoged(); loginTime(); $cartItems = getCartItems($_SESSION['customerId']); $subtotal = 0; $total = 0; ?> <body> <h2>Your information</h2> <span>Email: <?php echo $_SESSION['email']; ?> </span></br> <span>Name: <?php echo $_SESSION['name']; ?>
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $customCSS['time']) . ' GMT', true, 200); header('Content-Type: text/css'); echo $customCSS['CSS']; die; } if (!empty($_GET['action']) and $_GET['action'] == "customJS") { $customJS = $file_db->query("Select * FROM customJS LIMIT 0,1"); $customJS = $customJS->fetch(PDO::FETCH_ASSOC); header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $customJS['time']) . ' GMT', true, 200); header('Content-Type: application/javascript'); echo $customJS['JS']; die; } header('Content-type: application/json'); //treat request if admin and action is set if (isLoged() and !empty($_POST['action'])) { //Check for CSFR token if ($_POST['action'] == "languages") { $result = $file_db->prepare('SELECT DISTINCT(lang) FROM settings'); $result->execute() or die('AHAH'); $langs = array(); foreach ($result as $language) { $langs[] = $language['lang']; } echo JSON_encode($langs); //only request, do not show anything die; } elseif ($_POST['action'] == "tags") { $result = $file_db->prepare('SELECT DISTINCT(lang) FROM settings'); $result->execute() or die('AHAH'); foreach ($result as $language) {