function confirm_is_admin() { if (!logged_on()) { header("Location: logon.php"); } if (!is_admin()) { header("Location: index.php"); } }
/** * Ensure the current user is an administrator. * * @param Session $session The session to check. */ function confirm_is_admin($session) { if (!logged_on($session)) { header("Location: logon.php"); exit; } if (!is_admin($session)) { header("Location: index.php"); exit; } }
<?php require_once "Includes/header.php"; if (!logged_on() || ENV_logged_on()) { header("Location: /Home.php"); } $query = "SELECT * FROM riot4.users WHERE id = ?"; $params = array($_SESSION['userid']); $statement = sqlsrv_query($conn, $query, $params); if (sqlsrv_has_rows($statement)) { $row = sqlsrv_fetch_array($statement); if (!is_null($row['logged_MID'])) { $msg = "Your account is beign used elsewhere.Please logoff from that environment before logging in here."; header("Location: /userPref_settings.php?Message=" . urlencode($msg)); } } if (isset($_POST['Dev_Login'])) { $Envir_ID = $_POST['Chip_ID']; $password = $_POST['OTP']; $valid = FALSE; $query = "SELECT * FROM riot4.ENV WHERE id = ?"; $params = array($Envir_ID); $statement = sqlsrv_query($conn, $query, $params); if (sqlsrv_has_rows($statement)) { $row = sqlsrv_fetch_array($statement); if ($row['OTP'] == $password) { $_SESSION['ENV_OTP'] = $row['OTP']; $_SESSION['MID'] = $row['id']; $_SESSION['ROOT'] = $row['root']; $query_update = "UPDATE riot4.users SET logged_MID = ? WHERE id = ?"; $params = array($Envir_ID, $_SESSION['userid']);
<?php if (logged_on($session)) { echo '<li><a href="/logoff.php">Sign out</a></li>' . "\n"; if (is_admin($session)) { echo '<li><a href="/addpage.php">Add</a></li>' . "\n"; echo '<li><a href="/selectpagetoedit.php">Edit</a></li>' . "\n"; echo '<li><a href="/deletepage.php">Delete</a></li>' . "\n"; } } else { echo '<li><a href="/logon.php">Login</a></li>' . "\n"; echo '<li><a href="/register.php">Register</a></li>' . "\n"; } ?> </ul> <?php if (logged_on($session)) { $username = $session->get('username'); echo "<div class=\"welcomeMessage\">Welcome, <strong>{$username}</strong></div>\n"; } ?> </section> </div> <div class="clear-fix"></div> </div> <section class="navigation" data-role="navbar"> <nav> <ul id="menu"> <?php $statement = $databaseConnection->prepare("SELECT id, menulabel FROM pages");
<?php require_once "Includes/session.php"; require_once "Includes/simplecms-config.php"; require_once "Includes/connectDB.php"; require_once "Includes/header.php"; require_once "send_email/sendgrid-php/vendor/autoload.php"; if (logged_on()) { header("Location: /index.php"); } ?> <?php /* logon.php SUBMIT button function -------------------------------------------------*/ if (isset($_POST['forgot_password'])) { $username = $_POST['username']; $emailto = $_POST['email']; $valid = FALSE; $query = " SELECT * FROM riot4.users WHERE username = ? and emailid = ?"; $params = array($username, $emailto); $statement = sqlsrv_query($conn, $query, $params); if (sqlsrv_has_rows($statement)) { $_SESSION['random_key'] = rand(10000, 99999); $_SESSION['temp_user'] = $username; $user = ''; /*removed from public visibility*/ $pass = ''; /*removed from public visibility*/ $sendgrid = new SendGrid($user, $pass); $email = new SendGrid\Email();
<?php require_once "Includes/header.php"; if (!logged_on()) { header("Location: /index.php"); } if (isset($_POST['Update'])) { $Uid = $_SESSION['userid']; $query = "SELECT * FROM riot4.settings WHERE User_ID = ? ORDER BY PrimKey DESC"; $params = array($Uid); $statement_user = sqlsrv_query($conn, $query, $params); while ($row = sqlsrv_fetch_array($statement_user)) { $d1 = $row['PrimKey']; $val = $_POST[$d1]; $query_update = "UPDATE riot4.settings SET Value = ? WHERE PrimKey = ?"; $params = array($val, $row['PrimKey']); $statement_update = sqlsrv_query($conn, $query_update, $params); } } echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"/Styles/Settings.css\">"; global $conn; $Uid = $_SESSION['userid']; $query = "SELECT * FROM riot4.settings WHERE User_ID = ? ORDER BY PrimKey DESC"; $params = array($Uid); $statement_user = sqlsrv_query($conn, $query, $params); echo "<div id=\"main\">"; echo "<h2> Preferences</h2>"; echo "<p><form action=\"userPref_settings.php\" method=\"post\"></p>"; while ($row = sqlsrv_fetch_array($statement_user)) { $d = $row['PrimKey']; $dev = $row['Device'];
<li class="nav-expander"> <a href="/Home.php#Heading">Home</a> </li> <li class="nav-expander"> <a href="/Home.php#Desc1">Device</a> </li> <li class="nav-expander"> <a href="/Home.php#Desc2">Preference</a> </li> </ul> </nav> <div id="Lowerband_right"> <ul class="dev-navigation"> <li class="nav-expander"> <?php if (logged_on() && !ENV_logged_on()) { ?> <a href="/userPref_settings.php"><div id="Settings">My Settings</div></a> <?php } if (ENV_logged_on()) { ?> <a href="/userPref_settings.php"><div id="Settings">My Settings</div></a> <a href="/env_settings.php"><div id="Settings">Env Settings</div></a> <?php } ?> </li> </ul> </div> </div>