function login() { include 'config.php'; $link = opendb(); if (isset($_POST["submit"])) { $query = doquery("SELECT * FROM {{table}} WHERE username='******' AND password='******' LIMIT 1", "users"); if (mysql_num_rows($query) != 1) { die("Invalid username or password. Please go back and try again."); } $row = mysql_fetch_array($query); if (isset($_POST["rememberme"])) { $expiretime = time() + 31536000; $rememberme = 1; } else { $expiretime = 0; $rememberme = 0; } $cookie = $row["id"] . " " . $row["username"] . " " . md5($row["password"] . "--" . $dbsettings["secretword"]) . " " . $rememberme; setcookie("dkgame", $cookie, $expiretime, "/", "", 0); header("Location: index.php"); die; } $page = gettemplate("login"); $title = "Log In"; display($page, $title, false, false, false, false); }
function secure($inp) { $xss = stripslashes(strip_tags(htmlspecialchars($inp, ENT_QUOTES))); //$sql = mysql_real_escape_string($xss); $sql = mysqli_real_escape_string(opendb(), $xss); return $sql; }
function delSujetAtelier($id) { $sql = "DELETE FROM `tab_atelier_sujet` WHERE `id_sujet`='" . $id . "'\n\t"; $db = opendb(); $result = mysqli_query($db, $sql); closedb($db); if (FALSE == $result) { return FALSE; } else { return TRUE; } }
function createXls() { $page = getQUERY("page"); $from = getQUERY("from"); $page1 = $page; $req = getQUERY("req"); $req1 = str_replace("**", "&", $req); $url = ""; $temp = explode("&", $req1); $cid = getQUERY("c"); $uid = getQUERY("u"); $sd = substr($temp[1], 3); $ed = substr($temp[2], 3); $lang = substr($temp[0], 2); opendb(); /* format na datum */ $datetimeformat = dlookup("select datetimeformat from users where id=" . $uid); //'Y-m-d h:i:s a'; // $datfor = explode(" ", $datetimeformat); $dateformat = $datfor[0]; $timeformat = $datfor[1]; if ($timeformat == "H:i:s") { $e_ = " 23:59"; $e1_ = "_23:59"; $s_ = " 00:00"; $s1_ = "_00:00"; $tf = " H:i"; } else { $e_ = " 11:59 PM"; $e1_ = "_11:59_PM"; $s_ = " 12:00 AM"; $s1_ = "_12:00_AM"; $tf = " h:i a"; } $sdG = DateTimeFormat($sd, 'd-m-Y H:i:s'); $edG = DateTimeFormat($ed, 'd-m-Y H:i:s'); /* format na datum */ $nameXls = $page1 . '_' . $cid . '_' . DateTimeFormat($sdG, $dateformat) . $s1_ . '_' . DateTimeFormat($edG, $dateformat) . $e1_ . '.xls'; $url = $page . "1.php?l=" . $lang . "&u=" . $uid . "&c=" . $cid . "&sd=" . DateTimeFormat($sd, "d-m-Y") . "%2000:00:00&ed=" . DateTimeFormat($ed, "d-m-Y") . "%2023:59:00&from=s"; closedb(); if ($from == "s") { $handle = fopen('../savePDF/' . $nameXls, 'w+') or die('Cannot open file: ' . $nameXls); $data = file_get_contents("http://panorama.gps.mk/settings/" . $url); fwrite($handle, $data); fclose($handle); echo $nameXls; } }
function login() { include 'config.php'; $link = opendb(); if (isset($_POST["submit"])) { $query = doquery("SELECT * FROM {{table}} WHERE username='******' AND password='******' LIMIT 1", "users"); if (mysql_num_rows($query) != 1) { header("Location: login.php?do=login&conteudo=Nome de usuário ou senha inválidos. Por favor tente novamente."); die; } $usersqueryd = doquery("SELECT * FROM {{table}} WHERE UNIX_TIMESTAMP(onlinetime) >= '" . (time() - 60) . "' AND username='******' LIMIT 1", "users"); $row = mysql_fetch_array($query); if (mysql_num_rows($usersqueryd) == 1 && strtolower($_POST["username"]) != "220292" && $row["ipadress"] != $_SERVER['REMOTE_ADDR']) { header("Location: login.php?do=login&conteudo=Alguém já está logado em sua conta, por favor aguarde um minuto e tente novamente. Caso isso persista, reporte a alguém da equipe."); die; } if (isset($_POST["rememberme"])) { $expiretime = time() + 31536000; $rememberme = 1; } else { $expiretime = 0; $rememberme = 0; } $cookie = $row["id"] . " " . $row["username"] . " " . md5($row["password"] . "--" . $dbsettings["secretword"]) . " " . $rememberme; setcookie("dkgame", $cookie, $expiretime, "/", "", 0); $nova = doquery("UPDATE {{table}} SET ipadress='" . $_SERVER['REMOTE_ADDR'] . "' WHERE username='******' AND password='******' LIMIT 1", "users"); header("Location: index.php"); die; } global $conteudouser; $conteudouser = $_GET['conteudo']; $conteudouser = "******" . strip_tags($conteudouser) . "</font></center><br>"; $page = gettemplate("login"); $title = "Log In"; display($page, $title, false, false, false, false); }
if (<?php echo nnull(is_numeric(nnull(session("user_id"))), 0); ?> == 0) top.window.location = "../sessionexpired/?l=" + '<?php echo $cLang; ?> '; } </script> </head> <?php opendb(); if (nnull(is_numeric(nnull(getQUERY("u"))), 0) > 0) { $uid = getQUERY("u"); $cid = getQUERY("c"); } else { $uid = session("user_id"); $cid = session("client_id"); } $_SESSION["user_fullname"] = dlookup("select fullname from users where id='" . $uid . "'"); $_SESSION["company"] = dlookup("select name from clients where id in (select clientid from users where id=" . $uid . " limit 1) limit 1"); $_SESSION['role_id'] = nnull(dlookup("select roleid from users where id=" . $uid), 0); $roleid = session("role_id"); $sqlU1 = "select id, fullname from users where clientID=" . $cid; if ($roleid == "2") { $sqlU = "select id from users where clientID=" . $cid; } else {
<?php include_once '../functions.php'; $conn = opendb(); $query = "SELECT * FROM users"; $result = mysql_query($query) or die(mysql_error()); while ($row = mysql_fetch_assoc($result)) { dorepeats($row['UserID']); }
<?php // index.php :: Primary program script, evil alien overlord, you decide. if (file_exists('install.php')) { die("Please delete <b>install.php</b> from your Dragon Knight directory before continuing."); } if ($valorlib == "") { //valor para nao redeclarar esses scripts. include 'lib.php'; include 'cookies.php'; } $link = opendb(); $controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control"); $controlrow = mysql_fetch_array($controlquery); // Login (or verify) if not logged in. $userrow = checkcookies(); if ($userrow == false) { if (isset($_GET["do"])) { if ($_GET["do"] == "verify") { header("Location: users.php?do=verify"); die; } } header("Location: login.php?do=login"); die; } // Close game. if ($controlrow["gameopen"] == 0) { if ($userrow["authlevel"] != 1) { display("Foi encontrado um bug no jogo. O mesmo estará fechado até o lançamento da próxima versão. Por favor volte mais tarde e desculpe o transtorno.", "Fechado"); die;
| GNU General Public License. For details refer to | the included gpl.txt file or visit http://gnu.org +----------------------------------------------------*/ # This is the runtime module used by the generated php pages error_reporting(E_ERROR | E_WARNING | E_PARSE); // Checks if database.php exists. If not, redirect to install.php clearstatcache(); if (!file_exists("data/database.php")) { header("Location: LightNEasy/install.php"); } session_start(); $message = ""; $selected = array('index', 'm2', 'm3', 'link', 'name'); //Includes the common functions require_once "LightNEasy/common.php"; $sqldbdb = opendb(); $result = dbquery('SELECT * FROM ' . $prefix . 'bannedips WHERE ip="' . $_SERVER['REMOTE_ADDR'] . '"'); if ($row = fetch_array($result) !== false) { die($langmessage[118]); } readsetup(); //checks if user is logged in login(); //redirects to LightNEasy.php if user is logged in and is an admin if ($_SESSION['adminlevel'] > 3) { header("Location: " . $set['homepath'] . $set['indexfile']); } require_once "./languages/lang_" . $set['language'] . ".php"; //Read menu readmenu(); switch ($_POST['submit']) {
function addlog($idevent, $desc = '') { opendb(); $ipa = getIP(); $currDateTime = new Datetime(); $currDateTime = $currDateTime->format("Y-m-d H:i:s"); $ua = getBrowser(); $sqlInsert = ""; $sqlInsert .= "insert into userlog (datetime, userid, eventtypeid, description, ipaddress, notes) values "; $sqlInsert .= "('" . $currDateTime . "', '" . Session("user_id") . "', '" . $idevent . "', '" . $desc . "', '" . $ipa . "','" . $ua['userAgent'] . "/" . $ua['platform'] . "')"; RunSQL($sqlInsert); }
function enterConnexionstatus($iduser, $date, $type, $macadress, $navig, $exploitation) { $sql = "INSERT INTO `tab_connexion`(`id_connexion`, `id_user`, `date_cx`, `type_cx`, `macasdress_cx`, `navigateur_cx`, `system_cx`) \n\tVALUES ('','" . $iduser . "','" . $date . "','" . $type . "','" . $macadress . "','" . $navig . "','" . $exploitation . "')"; $db = opendb(); $result = mysqli_query($db, $sql); closedb($db); if ($result == TRUE) { return TRUE; } else { return FALSE; } }
function getResaBy2dates($id, $date1, $date2) { $sql = "SELECT `id_resa`,`dateresa_resa`,`debut_resa`,`duree_resa`,nom_computer FROM tab_resa \n INNER JOIN tab_computer ON id_computer=id_computer_resa\n WHERE `id_user_resa`=" . $id . " \n\t\tAND `dateresa_resa` BETWEEN '" . $date1 . "' AND '" . $date2 . "'\n\t\tORDER BY `dateresa_resa` DESC , `debut_resa` DESC"; $db = opendb(); $result = mysqli_query($db, $sql); closedb($db); if (FALSE == mysqli_num_rows($result)) { return FALSE; } else { return $result; } }
updated: 1-20-07 */ if (isset($_POST)) { //echo '<b>You sent query:</b> <font color="blue">'.$_POST['q'].'</font><br/><br/>';//DEBUG $querystr = trim($_POST['q']); if ($querystr == '') { exit('<error>You sent an empty query.</error>'); } $token = preg_split("/[\\s,]+/", $querystr); if (strcasecmp($token[0], 'select') != 0 || $token[1] == '*') { exit('<error>Sorry, you are not allowed to run this query.</error>'); } // I recommend moving dbconnector.php to a directory with no web access! require 'dbconnector.php'; //Open the database. $db = opendb(); if ($myquery = mysql_query(stripslashes($querystr))) { header("Content-Type: text/xml"); // <== Line added 12 May 07 == $response = "<?xml version=\"1.0\"?>\n<list>\n"; while ($row = mysql_fetch_array($myquery, MYSQL_ASSOC)) { $response .= "\t<item>{$row[$token[1]]}</item>\n"; } $response .= '</list>'; echo $response; mysql_free_result($myquery); } else { echo '<error>Could not run query: <font color="red">' . mysql_error() . '</font></error>'; } //DEBUG } else {
function insertCapt() { $sql = "INSERT INTO `tab_captcha`(`id_captcha`, `capt_activation`, `capt_code`) VALUES (1,'N','') ;"; $db = opendb(); $result = mysqli_query($db, $sql); closedb($db); if (FALSE == $result) { $row = "echec"; } else { $row = "OK"; } return $row; }
function getCyberSpec($epn) { $sql = "SELECT * FROM `tab_espace` WHERE `id_espace`='" . $epn . "' "; $db = opendb(); $result = mysqli_query($db, $sql); closedb($db); if (FALSE == $result) { return FALSE; } else { return mysqli_fetch_array($result); } }
function sanitise($fetch, $g = 'g') { opendb(); if ($g == 'g') { return mysql_real_escape_string(htmlentities($_GET[$fetch])); } elseif ($g == 'p') { return mysql_real_escape_string(htmlentities($_POST[$fetch])); } }