/**
* Registration Form Template Plugin
*
* Assists in the creation of registration forms
*
* @param string $return The relative or absolute URL to return to after registering
*/
function smarty_block_registration_form($params, $tagdata, &$smarty, &$repeat)
{
if (!isset($params['var'])) {
show_error('You must specify a "var" parameter for template {registration_form} calls. This parameter specifies the variable name for the returned array.');
} else {
$variables = array();
// get return URL
if (isset($params['return']) and !empty($params['return'])) {
$variables['return'] = query_value_encode($params['return']);
} else {
$variables['return'] = '';
}
// form action
$variables['form_action'] = site_url('users/post_registration');
if (setting('ssl_certificate') == '1') {
$variables['form_action'] = secure($variables['form_action']);
}
// populated values
$variables['first_name'] = $smarty->CI->input->post('firstname');
$variables['last_name'] = $smarty->CI->input->post('last_name');
$variables['email'] = $smarty->CI->input->post('email');
$variables['username'] = $smarty->CI->input->post('username');
$custom_fields = $smarty->CI->user_model->get_custom_fields(array('registration_form' => TRUE, 'not_in_admin' => TRUE));
$variables['custom_fields'] = $custom_fields;
if (is_array($custom_fields)) {
foreach ($custom_fields as $field) {
$variables[$field['name']] = $smarty->CI->input->post($field['name']);
}
}
$smarty->assign($params['var'], $variables);
echo $tagdata;
}
}
/**
*
* Untuk keamanan data, trim inputan agar tidak ada spasi, Htmlentities
*
*/
function multisecure($array)
{
foreach ($array as $key => $value) {
$array[$key] = secure($value);
}
return $array;
}
private function validateRegistration()
{
loadLibrary("validation.lib");
$user = secure($_POST["username"]);
$display = secure($_POST["display"]);
$pass1 = secure($_POST["pass1"]);
$pass2 = secure($_POST["pass2"]);
$email1 = secure($_POST["email1"]);
$email2 = secure($_POST["email2"]);
$res = valid_username($user);
if ($res !== true) {
$this->errors[] = $res;
}
$res = valid_displayname($display);
if ($res !== true) {
$this->errors[] = $res;
}
if ($pass1 !== $pass2) {
$this->errors[] = "passwords_dont_match";
} else {
$res = valid_password($pass1);
if ($res !== true) {
$this->errors[] = $res;
}
}
if ($email1 !== $email2) {
$this->errors[] = "emails_dont_match";
} else {
$res = valid_email($email1);
if ($res !== true) {
$this->errors[] = $res;
}
}
// Validate these next two for the most protective method.
if ($_POST["hideemail"] == "no") {
$hideemail = false;
} else {
$hideemail = true;
}
if ($_POST["receiveemail"] == "yes") {
$receiveemail = true;
} else {
$receiveemail = false;
}
// Check ToS box
if (!$_POST["tos"]) {
$this->errors[] = "tos_not_checked";
}
if (count($this->errors) == 0) {
// Add the user
global $yakbb;
$yakbb->db->insert("users", array("id" => 0, "username" => $user, "displayname" => $display, "password" => sha256($pass1), "email" => $email1, "emailshow" => $hideemail ? 0 : 1, "emailoptin" => $receiveemail ? 1 : 0, "activated" => 1, "activationcode" => "", "pending" => 0, "registeredtime" => time(), "lastip" => $yakbb->ip, "template" => $yakbb->config["default_template"], "language" => $yakbb->config["default_language"], "timezone" => $yakbb->config["default_timezone"]));
redirect("?action=login®=true");
}
}
/**
* Login Form Template Plugin
*
* Assists in the creation of login forms
*
* @param string $return The relative or absolute URL to return to after logging in
* @param string $username Username value
*/
function smarty_block_login_form($params, $tagdata, &$smarty, &$repeat)
{
if (!isset($params['var'])) {
show_error('You must specify a "var" parameter for template {login_form} calls. This parameter specifies the variable name for the returned array.');
} else {
$variables = array();
// get return URL
if (isset($params['return']) and !empty($params['return'])) {
$variables['return'] = query_value_encode($params['return']);
} else {
$variables['return'] = '';
}
// form action
$variables['form_action'] = site_url('users/post_login');
if (setting('ssl_certificate') == '1') {
$variables['form_action'] = secure($variables['form_action']);
}
// username
$variables['username'] = isset($params['username']) ? $params['username'] : '';
$smarty->assign($params['var'], $variables);
echo $tagdata;
}
}
function lock()
{
if (!isset($_session['id'])) {
return false;
}
if (!isset($_session['email'])) {
return false;
}
if (isset($_POST['app'])) {
$userName = secure($_POST['email'], $mysqli);
$ID = secure($_POST['ID'], $mysqli);
} else {
$userName = secure($_session['email'], $mysqli);
$ID = secure($_session['ID'], $mysqli);
}
$q = "SELECT * FROM users WHERE username = '******' AND ID = '{$ID}'";
if ($res = $mysqli->query($q)) {
if ($res->num_rows > 0) {
return true;
} else {
return false;
}
}
}
if ($utente == -1) {
header('Location: index.php');
} else {
$user_level = get_user_level($utente);
if ($user_level == 0) {
header('Location: userhome.php');
}
if ($user_level == 1) {
header('Location: docente.php');
}
}
if ($_POST["submit"]) {
$nome = secure($_POST["nome"]);
$cognome = secure($_POST["cognome"]);
$username = secure($_POST["username"]);
$password = hash("sha512", secure($_POST["password"]));
$db = database_connect();
if (!($result = $db->query("select * from utenti where username='******'"))) {
die('ERRORE: ' . $db->error);
}
$rows = $result->num_rows;
if ($rows == 0) {
if (!$db->query("INSERT INTO utenti\n\t\t\t\t(nome, cognome, username, password, classe, level) VALUES\n\t\t\t\t('" . $nome . "', '" . $cognome . "', '" . $username . "', '" . $password . "', 6, 1)")) {
echo "Errore" . $db->error;
} else {
echo "SUCCESS";
}
} else {
echo "EXISTS";
}
}
$errors = array(1 => 'The file to big for the server\'s config', 2 => 'The file to big for this page', 3 => 'There was a problem during upload (file was truncated)', 4 => 'No file upload', 5 => 'No temp folder', 6 => 'Write error on server');
return $errors[$e];
} else {
if ($e > 7) {
return true;
} else {
return false;
}
}
}
function secure($file)
{
return preg_replace('#(.+)\\.php#i', '$1.SECURED_PHP', $file);
}
if (isset($_FILES['myfile']) && strtolower($_FILES['myfile']['name']) != "index.html") {
$sFileName = secure($_FILES['myfile']['name']);
$sFileType = $_FILES['myfile']['type'];
$sFileSize = intval(bytesToSize1024($_FILES['myfile']['size'], 1));
$sFileError = error2msg($_FILES['myfile']['error']);
$sFileExt = pathinfo($_SESSION['upload_path'] . $sFileName, PATHINFO_EXTENSION);
$ok = '<li class="DD_file DD_success ' . $sFileExt . '">
<span class="DD_filename">' . $sFileName . '</span>
[<em class="DD_filetype">' . $sFileType . '</em>,
<em class="DD_filesize">' . $sFileSize . '</em>] [OK]
</li>';
$notok = '<li class="DD_file DD_error">
<span class="DD_filename">' . $sFileName . '</span>
[<em class="DD_filetype">' . $sFileType . '</em>,
<em class="DD_filesize">' . $sFileSize . '</em>] [UPLOAD ERROR !]
</li>';
if (is_array($auto_dropzone['destination_filepath']) && !empty($auto_dropzone['destination_filepath'][$sFileExt]) && is_dir($_SESSION['upload_path'] . $auto_dropzone['destination_filepath'][$sFileExt])) {
//Ajout d'un tarif
if (isset($_POST['add']) && isset($_POST['ecole_lyonnaise'][0]) && in_array($_POST['ecole_lyonnaise'][0], ['0', '1']) && isset($_POST['for_pompom'][0]) && in_array($_POST['for_pompom'][0], ['yes', 'or', 'no']) && isset($_POST['for_cameraman'][0]) && in_array($_POST['for_cameraman'][0], ['yes', 'or', 'no']) && isset($_POST['for_fanfaron'][0]) && in_array($_POST['for_fanfaron'][0], ['yes', 'or', 'no']) && !empty($_POST['type'][0]) && in_array($_POST['type'][0], array_keys($typesTarifs)) && !empty($_POST['ordre'][0]) && intval($_POST['ordre'][0]) && !empty($_POST['nom'][0]) && !empty($_POST['description'][0]) && isset($_POST['montant'][0]) && isset($_POST['special'][0]) && (empty($_POST['special'][0]) || in_array($_POST['special'][0], array_keys($sports))) && is_numeric($_POST['montant'][0])) {
if (!isset($_POST['logement'])) {
$_POST['logement'] = array();
}
$pdo->exec($s = 'INSERT INTO tarifs SET ' . 'nom = "' . secure($_POST['nom'][0]) . '", ' . 'description = "' . secure($_POST['description'][0]) . '", ' . 'tarif = ' . abs((double) $_POST['montant'][0]) . ', ' . 'ecole_lyonnaise = ' . $_POST['ecole_lyonnaise'][0] . ', ' . 'for_pompom = "' . $_POST['for_pompom'][0] . '", ' . 'for_cameraman = "' . $_POST['for_cameraman'][0] . '", ' . 'for_fanfaron = "' . $_POST['for_fanfaron'][0] . '", ' . 'type = "' . secure($_POST['type'][0]) . '", ' . 'logement = ' . (in_array('0', $_POST['logement']) ? '1' : '0') . ', ' . 'id_sport_special = ' . (empty($_POST['special'][0]) || $_POST['type'][0] == 'nonsportif' ? 'NULL' : $_POST['special'][0]) . ', ' . 'ordre = ' . abs((int) $_POST['ordre'][0]));
$add = true;
}
//On récupère l'indice du champ concerné
if ((!empty($_POST['delete']) || !empty($_POST['edit'])) && isset($_POST['id']) && is_array($_POST['id'])) {
$i = array_search(empty($_POST['delete']) ? $_POST['edit'] : $_POST['delete'], $_POST['id']);
}
//On edite un tarif
if (isset($i) && empty($_POST['delete']) && isset($_POST['ecole_lyonnaise'][$i]) && in_array($_POST['ecole_lyonnaise'][$i], ['0', '1']) && isset($_POST['for_pompom'][$i]) && in_array($_POST['for_pompom'][$i], ['yes', 'or', 'no']) && isset($_POST['for_cameraman'][$i]) && in_array($_POST['for_cameraman'][$i], ['yes', 'or', 'no']) && isset($_POST['for_fanfaron'][$i]) && in_array($_POST['for_fanfaron'][$i], ['yes', 'or', 'no']) && !empty($_POST['type'][$i]) && in_array($_POST['type'][$i], array_keys($typesTarifs)) && !empty($_POST['ordre'][$i]) && intval($_POST['ordre'][$i]) && !empty($_POST['nom'][$i]) && !empty($_POST['description'][$i]) && isset($_POST['montant'][$i]) && isset($_POST['special'][$i]) && (empty($_POST['special'][$i]) || in_array($_POST['special'][$i], array_keys($sports))) && is_numeric($_POST['montant'][$i])) {
if (!isset($_POST['logement'])) {
$_POST['logement'] = array();
}
$pdo->exec('UPDATE tarifs SET ' . 'nom = "' . secure($_POST['nom'][$i]) . '", ' . 'description = "' . secure($_POST['description'][$i]) . '", ' . 'tarif = ' . abs((double) $_POST['montant'][$i]) . ', ' . 'ecole_lyonnaise = ' . $_POST['ecole_lyonnaise'][$i] . ', ' . 'for_pompom = "' . $_POST['for_pompom'][$i] . '", ' . 'for_cameraman = "' . $_POST['for_cameraman'][$i] . '", ' . 'for_fanfaron = "' . $_POST['for_fanfaron'][$i] . '", ' . 'type = "' . secure($_POST['type'][$i]) . '", ' . 'logement = ' . (in_array($_POST['id'][$i], $_POST['logement']) ? '1' : '0') . ', ' . 'id_sport_special = ' . (empty($_POST['special'][$i]) || $_POST['type'][$i] == 'nonsportif' ? 'NULL' : $_POST['special'][$i]) . ', ' . 'ordre = ' . abs((int) $_POST['ordre'][$i]) . ' ' . 'WHERE id = ' . abs((int) $_POST['id'][$i]));
$modify = true;
} else {
if (isset($i) && !empty($_POST['delete'])) {
$pdo->exec('DELETE FROM tarifs ' . 'WHERE id = ' . abs((int) $_POST['id'][$i]));
$delete = true;
}
}
$tarifs_lyonnais = $pdo->query('SELECT ' . 't.*, ' . 'COUNT(te.id_ecole) AS teid ' . 'FROM tarifs AS t ' . 'LEFT JOIN tarifs_ecoles AS te ON ' . 'te.id_tarif = t.id ' . 'WHERE ' . 't.ecole_lyonnaise = 1 ' . 'GROUP BY ' . 't.id ' . 'ORDER BY ' . 'ordre ASC, ' . 'nom ASC') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo()));
$tarifs_lyonnais = $tarifs_lyonnais->fetchAll(PDO::FETCH_ASSOC);
$tarifs_nonlyonnais = $pdo->query('SELECT ' . 't.*, ' . 'COUNT(te.id_ecole) AS teid ' . 'FROM tarifs AS t ' . 'LEFT JOIN tarifs_ecoles AS te ON ' . 'te.id_tarif = t.id ' . 'WHERE ' . 't.ecole_lyonnaise = 0 ' . 'GROUP BY ' . 't.id ' . 'ORDER BY ' . 'ordre ASC, ' . 'nom ASC') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo()));
$tarifs_nonlyonnais = $tarifs_nonlyonnais->fetchAll(PDO::FETCH_ASSOC);
//Inclusion du bon fichier de template
require DIR . 'templates/admin/ecoles/tarification.php';
} else {
$register_form = 'includes/forms/register_form.php';
}
if (isset($_GET['done'])) {
// Include reCaptcha
if ($setting['use_captcha'] == 1) {
require_once 'includes/misc/recaptchalib.php';
$resp = recaptcha_check_answer($setting['captcha_privkey'], $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if ($resp->is_valid) {
$captcha_success = 1;
} else {
$captcha_success = 0;
}
}
if ($setting['use_qa_captcha'] == 1) {
$user_answer = secure(strtolower($_POST["qa_captcha_answer"]));
$formatted_answers = str_replace(", ", ",", strtolower($setting['qa_captcha_answers']));
$answers = explode(',', $formatted_answers);
foreach ($answers as $answer) {
if ($answer == $user_answer) {
$qa_captcha_success = 1;
}
}
if (!isset($qa_captcha_success)) {
$qa_captcha_success = 0;
}
}
if ($setting['use_captcha'] != 1 && $setting['use_qa_captcha'] != 1) {
$captcha_success = 1;
$qa_captcha_success = 1;
}
if (!preg_match ('/^Registered/', $chk_lic)) {
$chk_lic = @file_get_contents("license.txt");
if (!preg_match ('/^Registered/', $chk_lic)) {
$addTitle = "License";
require 'includes/license.php';
exit;
}
}
session_start();
$_SERVER = cleanArray($_SERVER);
$_POST = cleanArray($_POST);
$_GET = cleanArray($_GET);
$_COOKIE = cleanArray($_COOKIE);
secure();
$time_start = get_microtime();
//------------------------------------------------------------------------
// Determine what page is being requested
//------------------------------------------------------------------------
$pageId = get_input('pageId');
if (!$pageId) { $pageId = "login"; }
if(!validate_input($pageId, 'pageId')) {
echo "Error on pageId validation! <br>Check your regExpArray in config.php!\n";
$pageId = "login";
}
//------------------------------------------------------------------------
// Connect to database. If connection fails then set the pageId for the
<?php
require_once 'functions.php';
secure(2);
require_once 'conn.php';
require_once 'header.php';
?>
<style type="text/css">
<!--
.style1 {
color: #0000CC;
font-weight: bold;
font-size: 26px;
}
-->
</style>
<div id="content">
<div id="right">
<br/>
<table align="center" width="100%" id="table1" cellpadding="5" cellspacing="5" border="2">
<tr><th colspan="6"><center>
<span class="style1">ORDERED LIST</span>
</center></th></tr>
<tr>
<th>Roll No.</th>
<th>Customer Name</th>
<th>Item List</th>
<th>Adress</th>
private function loadUser()
{
$this->user = array("id" => 0, "username" => "Guest", "group" => -1, "template" => $this->config["default_template"], "language" => $this->config["default_language"]);
$this->smarty->assign("guest", true);
$this->smarty->assign("admin_access", false);
if (getYakCookie("username") != "" && getYakCookie("password") != "") {
// Check login
$user = secure(getYakCookie("username"));
$pass = getYakCookie("password");
loadLibrary("validation.lib");
if (valid_username($user) === true && valid_password($pass) === true) {
$this->db->query("\r\n\t\t\t\t\tSELECT\r\n\t\t\t\t\t\t*\r\n\t\t\t\t\tFROM\r\n\t\t\t\t\t\tyakbb_users\r\n\t\t\t\t\tWHERE\r\n\t\t\t\t\t\tusername = '******'\r\n\t\t\t\t\tLIMIT\r\n\t\t\t\t\t\t1\r\n\t\t\t\t");
if ($this->db->numRows() == 1) {
$x = $this->db->fetch();
if ($x["password"] === $pass) {
$this->user = $x;
$this->smarty->assign("guest", false);
}
}
}
}
}
/* Dernière modification : le 07/11/14 *********************/
/* *********************************************************/
//S'il n'y a pas de saison on affiche une erreur
if (empty($saison)) {
die(require DIR . 'templates/_error.php');
}
//Ajout d'un vendeur
if (isset($_POST['add']) && !empty($_POST['nom'][0])) {
$pdo->exec($s = 'INSERT INTO vendeurs SET ' . 'nom = "' . secure($_POST['nom'][0]) . '", ' . 'id_saison = ' . $saison['id']);
$add = true;
}
//On récupère l'indice du champ concerné
if ((!empty($_POST['delete']) || !empty($_POST['edit'])) && isset($_POST['id']) && is_array($_POST['id'])) {
$i = array_search(empty($_POST['delete']) ? $_POST['edit'] : $_POST['delete'], $_POST['id']);
}
//On edite un vendeur
if (!empty($i) && empty($_POST['delete']) && !empty($_POST['nom'][$i])) {
$pdo->exec('UPDATE vendeurs SET ' . 'nom = "' . secure($_POST['nom'][$i]) . '" ' . 'WHERE id = ' . $_POST['id'][$i]);
$modify = true;
} else {
if (!empty($i) && !empty($_POST['delete'])) {
$pdo->exec('DELETE FROM vendeurs ' . 'WHERE id = ' . $_POST['id'][$i]);
$delete = true;
}
}
//Mise à jour des vendeurs
$vendeurs = !empty($saison) ? $pdo->query('SELECT id, nom ' . 'FROM vendeurs ' . 'WHERE id_saison = ' . $saison['id'] . ' ' . 'ORDER BY nom ASC')->fetchAll(PDO::FETCH_ASSOC) : array();
//Vendeurs triés par ordre d'ajout
$vendeurs_non_tries = !empty($saison) ? $pdo->query('SELECT id, nom ' . 'FROM vendeurs ' . 'WHERE id_saison = ' . $saison['id'] . ' ' . 'ORDER BY id ASC')->fetchAll(PDO::FETCH_ASSOC) : array();
//Inclusion du bon fichier de template
require DIR . 'templates/public/vendeurs.php';
<!DOCTYPE html>
<!--
To change this license header, choose License Headers in Project Properties.
To change this template file, choose Tools | Templates
and open the template in the editor.
-->
<html>
<?php
require 'database.php';
require 'utilities/utils.php';
$_GET = secure($_GET);
$_POST = secure($_POST);
if (isset($_GET['todo'])) {
// echo $_GET['todo'];
if ($_GET['todo'] == 'accueil') {
generateHTMLHeader('accueil');
echo "<section id='content'>" . PHP_EOL;
require "content/accueil.php";
echo "</section>" . PHP_EOL;
} elseif ($_GET['todo'] == 'actualites') {
generateHTMLHeader('actualites');
echo "<section id='content'>" . PHP_EOL;
require "content/actualites.php";
echo "</section>" . PHP_EOL;
} elseif ($_GET['todo'] == 'allArticles') {
generateHTMLHeader('allArticles');
echo "<section id='content'>" . PHP_EOL;
require "content/allArticles.php";
echo "</section>" . PHP_EOL;
} elseif ($_GET['todo'] == 'contact') {
generateHTMLHeader('contact');
<?php
require_once 'functions.php';
secure(1);
require_once 'conn.php';
if (isset($_POST['Submit'])) {
$item = "";
if (isset($_POST['t1'])) {
$item .= $_POST['t1'] . ',';
}
if (isset($_POST['t2'])) {
$item .= $_POST['t2'] . ',';
}
if (isset($_POST['t3'])) {
$item .= $_POST['t3'] . ',';
}
if (isset($_POST['t4'])) {
$item .= $_POST['t4'] . ',';
}
if (isset($_POST['t5'])) {
$item .= $_POST['t5'] . ',';
}
if (isset($_POST['t6'])) {
$item .= $_POST['t6'] . ',';
}
if (isset($_POST['t7'])) {
$item .= $_POST['t7'] . ',';
}
if (isset($_POST['t8'])) {
$item .= $_POST['t8'] . ',';
}
<?php
$_GET = secure($_GET);
$titre = "Bains&co";
$num = 1;
// <!-- ----------- titre ------------------ -->
echo "<h4> {$titre} </h4>";
// <!-- ----------- image descriptive ------------------ -->
echo "<img alt='img' title='logo' src='media/img/Bains.png' class='img-article' /><break>";
if (isset($_GET['partenaire'])) {
echo <<<CHAINE_DE_FIN
<break>
<!-- ----------- longue description de l'article ------------------ -->
<p>La société de conseil Bain&Company soutient le X-WineContest. Découvrez une entreprise leader et fidèle à ses valeurs humaines.</p>
<p>
Créé en 1985, le bureau français de Bain&Company aide les dirigeants et leurs équipes de direction à générer des résultats financiers durables, quel que soit leur secteur d’activité.
Il est ainsi devenus l’un des cabinets de conseil en stratégie leader en France.
</p>
<break>
<a href= "http://www.bain.com/" class="post-link">site web</a>
CHAINE_DE_FIN;
} else {
echo <<<CHAINE_DE_FIN
<break>
<!-- ----------- brève description de l'article ------------------ -->
<p>
La société de conseil Bain&Company soutient le X-WineContest. Découvrez une entreprise leader et fidèle à ses valeurs humaines.
</p>
<p><a href='index.php?todo=lire&partenaire={$num}&titre={$titre}' class='link-partenaires'>Lire la suite</a>
CHAINE_DE_FIN;
}
$errMsg .= "</div>";
}
//$errMsg = $inpNama;
//convert data menjadi json format
$data = array('msg1' => $errMsg, 'msg2' => '');
echo json_encode($data);
}
if (isset($_POST['ubahAlat'])) {
# BACA DATA DALAM FORM, masukkan datake variabel
$errMsg = "";
$idAlat = secure(trim($_POST['idAlat']));
$namaAlat = strtoupper(secure(trim($_POST['namaAlat'])));
$lokasi = secure(trim($_POST['lokasi']));
$kategori = secure(trim($_POST['kategori']));
$kondisi = secure(trim($_POST['kondisi']));
$ketersediaan = secure(trim($_POST['ketersediaan']));
# SIMPAN DATA KE DATABASE.
// Jika tidak menemukan error, simpan data ke database
//$kodeBaru = buatKode("ma_user", "UID");
//$txtPassword2 = MD5($inpPassword);
$qry = "UPDATE alat SET nama_alat='{$namaAlat}',lokasi='{$lokasi}',kategori='{$kategori}',kondisi='{$kondisi}',ketersediaan='{$ketersediaan}'\n\t\t\t WHERE id_alat='{$idAlat}'";
$hsl = querydb($qry);
if ($hsl) {
$errMsg .= "<div class=\"alert alert-success alert-dismissible\" role=\"alert\">\n\t\t\t\t\t\t<button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-label=\"Close\"><span aria-hidden=\"true\">×</span></button>\n\t\t\t\t\t\tSUKSES !!! Data Sudah Dirubah !\n\t\t\t\t\t</div>\n\t\t\t\t";
//echo "<script>window.location.replace('page.php?open=data_master/barang_data.php');</script>";
//header("location:./page.php");
} else {
$errMsg .= "\n\t\t\t\t\t<div class=\"alert alert-danger alert-dismissible\" role=\"alert\">\n\t\t\t\t\t\t<button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-label=\"Close\"><span aria-hidden=\"true\">×</span></button>\n\t\t\t\t\t\tGAGAL !!! Data Tidak Bisa Dirubah, harap ulang input data!\n\t\t\t\t\t</div>\n\t\t\t\t";
}
//convert data menjadi json format
$data = array('msg1' => $errMsg, 'msg2' => '');
}
if ($found['sportif']) {
$places_sportif++;
}
if ($found['pompom']) {
$places_pompom++;
}
if ($found['cameraman']) {
$places_cameraman++;
}
if ($found['fanfaron']) {
$places_fanfaron++;
}
if (is_array($tarif) && !($tarif['logement'] && $ecole['quota_logement_on'] && ($_POST['sexe'][$i] == 'f' && $places_filles_logees <= 0 || $_POST['sexe'][$i] == 'h' && $places_garcons_loges <= 0) || in_array($_POST['id'][$i], $_POST['sportif']) && $places_sportif <= 0 || in_array($_POST['id'][$i], $_POST['pompom']) && $places_pompom <= 0 || in_array($_POST['id'][$i], $_POST['fanfaron']) && $places_fanfaron <= 0 || in_array($_POST['id'][$i], $_POST['cameraman']) && $places_cameraman <= 0) && !($cap_sport_special = !empty($found['eid']) && $found['eid'] == $found['id_sport_special'] && $found['id_sport_special'] != $tarif['id_sport_special'])) {
$logeur = !$ecole['ecole_lyonnaise'] && !$tarif['logement'] && !empty($_POST['logeur']) ? $_POST['logeur'] : '';
$pdo->exec('UPDATE participants SET ' . 'nom = "' . secure($_POST['nom'][$i]) . '", ' . 'prenom = "' . secure($_POST['prenom'][$i]) . '", ' . 'sexe = "' . secure($_POST['sexe'][$i]) . '", ' . 'telephone = "' . secure($_POST['telephone'][$i]) . '", ' . 'licence = "' . ($type == 'sportif' ? secure($_POST['licence'][$i]) : '') . '", ' . 'sportif = ' . (in_array($_POST['id'][$i], $_POST['sportif']) ? '1' : '0') . ', ' . 'pompom = ' . (in_array($_POST['id'][$i], $_POST['pompom']) ? '1' : '0') . ', ' . 'fanfaron = ' . (in_array($_POST['id'][$i], $_POST['fanfaron']) ? '1' : '0') . ', ' . 'cameraman = ' . (in_array($_POST['id'][$i], $_POST['cameraman']) ? '1' : '0') . ', ' . 'id_tarif = ' . abs((int) $_POST['tarif'][$i]) . ', ' . 'id_recharge = ' . abs((int) $_POST['recharge'][$i]) . ', ' . 'logeur = "' . secure($logeur) . '", ' . 'date_modification = NOW() ' . 'WHERE ' . 'id_ecole = ' . $_SESSION['ecole']['user'] . ' AND ' . 'id = ' . $_POST['id'][$i]);
if ($tarif['id_sport_special'] != $found['id_sport_special'] && !empty($found['id_sport_special'])) {
$pdo->exec('DELETE FROM sportifs WHERE ' . 'id_participant = ' . $_POST['id'][$i] . ' AND ' . 'id_sport = ' . $found['id_sport_special'] . ' AND ' . 'id_ecole = ' . $_SESSION['ecole']['user']);
}
if ($type == 'nonsportif') {
$pdo->exec('DELETE FROM sportifs WHERE ' . 'id_participant = ' . $_POST['id'][$i] . ' AND ' . 'id_ecole = ' . $_SESSION['ecole']['user']);
}
$modify = true;
}
}
}
} else {
if (isset($i) && !empty($_POST['delete'])) {
$pdo->exec('DELETE FROM participants ' . 'WHERE ' . 'id_ecole = ' . $_SESSION['ecole']['user'] . ' AND ' . 'id = ' . abs((int) $_POST['id'][$i])) or die(print_r($pdo->errorInfo()));
$delete = true;
}
<?php
$liste_categories = getListCategory();
if (isset($_POST['q'])) {
$search = secure($_POST['q']);
} else {
header('Location: ./');
}
$results = search($search);
<?php
define('AVARCADE_', 1);
if (isset($get_load_time)) {
$time = microtime();
$time = explode(' ', $time);
$time = $time[1] + $time[0];
$start = $time;
}
require_once 'config.php';
include 'includes/core.php';
// Include language file
include 'language/' . $setting['language'] . '.php';
$time_now = date("Y-m-d H:i:s");
if (isset($_COOKIE['ava_lastpage'])) {
$prev_page = secure($_COOKIE['ava_lastpage']);
}
// Set current page
if (!isset($_GET['task']) || isset($_GET['task']) && $_GET['task'] != 'register' && $_GET['task'] != 'validate' && $_GET['task'] != 'login') {
setcookie('ava_lastpage', curPageUrl(), time() + 60 * 60 * 24 * 100, '/');
}
// Get logged in user
$user = getUser();
// Update the user IP if this is a new session, update users last activity
if ($user['login_status'] == 1) {
$update_new_frs = '';
$update_topic = '';
if ($user['new_pms'] == 0) {
$update_new_frs = ", new_frs = 0";
}
if (isset($_GET['task']) && $_GET['task'] == 'topic') {
/**
* debug, fonction de debug de variable
* elle vous permet d'avoir un coloration
* synthaxique des types de donnée.
*/
function debug()
{
call_user_func_array([Util::class, 'debug'], secure(func_get_args()));
}
/* *********************************************************/
/* actions/admin/logement/action_recensement_batiment.php **/
/* Liste des chambres dans le batiment concerné ************/
/* *********************************************************/
/* Dernière modification : le 19/01/15 *********************/
/* *********************************************************/
if (isset($_GET['maj']) && !empty($_POST['chambre']) && is_string($_POST['chambre']) && strlen($_POST['chambre']) == 4 && isset($_POST['nom']) && isset($_POST['prenom']) && isset($_POST['surnom']) && isset($_POST['email']) && isset($_POST['telephone']) && isset($_POST['etat']) && in_array($_POST['etat'], array_keys($labelsEtatChambre))) {
$batiment = $_POST['chambre'][0];
$etage = $_POST['chambre'][1];
$numero = $_POST['chambre'][2] . $_POST['chambre'][3];
$existe = $pdo->query('SELECT ' . 'c.id, ' . 'c.etat, ' . 'COUNT(cp.id_participant) AS cp ' . 'FROM chambres AS c ' . 'LEFT JOIN chambres_participants AS cp ON ' . 'cp.id_chambre = c.id ' . 'WHERE ' . 'batiment = "' . secure($batiment) . '" AND ' . 'etage = "' . secure($etage) . '" AND ' . 'numero = "' . secure($numero) . '" ' . 'GROUP BY ' . 'c.id') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo()));
$existe = $existe->fetch(PDO::FETCH_ASSOC);
if (!empty($existe) && $existe['cp'] && $existe['etat'] != $_POST['etat']) {
die(json_encode(array('error' => 1, 'etat' => empty($existe['etat']) ? 'pas_contacte' : $existe['etat'])));
}
if (!empty($existe)) {
$pdo->exec('UPDATE chambres SET ' . 'nom_proprio = "' . secure($_POST['nom']) . '", ' . 'prenom_proprio = "' . secure($_POST['prenom']) . '", ' . 'surnom_proprio = "' . secure($_POST['surnom']) . '", ' . 'telephone_proprio = "' . secure($_POST['telephone']) . '", ' . 'email_proprio = "' . secure($_POST['email']) . '", ' . 'etat = "' . secure($_POST['etat']) . '" ' . 'WHERE ' . 'batiment = "' . secure($batiment) . '" AND ' . 'etage = "' . secure($etage) . '" AND ' . 'numero = "' . secure($numero) . '"');
} else {
$pdo->exec('INSERT INTO chambres SET ' . 'batiment = "' . secure($batiment) . '", ' . 'etage = "' . secure($etage) . '", ' . 'numero = "' . secure($numero) . '", ' . 'nom_proprio = "' . secure($_POST['nom']) . '", ' . 'prenom_proprio = "' . secure($_POST['prenom']) . '", ' . 'surnom_proprio = "' . secure($_POST['surnom']) . '", ' . 'telephone_proprio = "' . secure($_POST['telephone']) . '", ' . 'email_proprio = "' . secure($_POST['email']) . '", ' . 'etat = "' . secure($_POST['etat']) . '"');
}
die(json_encode(array('error' => 0)));
}
$batiment = $args[2][0];
$proprios_ = $pdo->query('SELECT ' . 'c.id, ' . 'c.etage, ' . 'c.numero, ' . 'c.nom_proprio, ' . 'c.prenom_proprio, ' . 'c.surnom_proprio, ' . 'c.email_proprio, ' . 'c.telephone_proprio, ' . 'c.etat ' . 'FROM chambres AS c ' . 'WHERE ' . 'c.batiment = "' . $batiment . '"') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo()));
$proprios_ = $proprios_->fetchAll(PDO::FETCH_ASSOC);
$proprios = array();
foreach ($proprios_ as $proprio) {
$proprios[sprintf('%s%d%02d', $batiment, $proprio['etage'], (int) $proprio['numero'])] = $proprio;
}
//Inclusion du bon fichier de template
require DIR . 'templates/admin/logement/recensement_batiment.php';
$smarty->assign("title", $title);
$smarty->assign("dir", $config->document_root);
$smarty->assign("this", $_SERVER['PHP_SELF']);
//$smarty->display('main_header.tpl');
$smarty->display('login.tpl');
//$smarty->display('main_footer.tpl');
exit;
}
if (!isset($uip)) {
$uip = "";
}
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
$_SESSION['uip'] = $uip;
$_SESSION['uid'] = secure($_SESSION['uid']);
$_SESSION['pwd'] = secure($_SESSION['pwd']);
if (isset($_COOKIE["amxbans"])) {
$sql = "SELECT * FROM {$config->webadmins} WHERE username = '******' AND password = '******'";
} else {
$sql = "SELECT * FROM {$config->webadmins} WHERE username = '******' AND password = md5('{$pwd}')";
}
$result = mysql_query($sql);
if (!$result) {
echo "A database error occurred while checking your login details.";
exit;
}
if (mysql_num_rows($result) == 0) {
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
unset($_SESSION['uip']);
unset($_SESSION['lvl']);
$error = "The passwords don't match.";
} else {
/* $result = queryMysql("SELECT * FROM members WHERE user='******'");
if ($result->num_rows) {
$error = "That username already exists<br><br>";
}
else {
$passS = secure($pass);
queryMysql("INSERT INTO members VALUES('$user', '$passS')");
die("<h4>Account created</h4>Please Log in.<br><br>");
} */
$result = queryMysql("SELECT * FROM members WHERE user='******'");
if ($result->num_rows) {
$error = "That username already exists";
} else {
$passS = secure($pass);
queryMysql("INSERT INTO members VALUES('{$user}', '{$passS}')");
$_SESSION['user'] = $user;
die("<script>window.location = 'members.php?view={$user}';</script>");
}
}
}
}
// sign up form
echo <<<_END
<form method="post" action="signup.php"><span class="error">{$error}</span><br>
<label class="fieldname">Username</label>
<input class="withinfo" type="text" maxlength="16" name="user" value='{$user}' onBlur="checkUser(this)">
<span id="info"> </span><br>
<label class="fieldname">Password</label>
$pompom_nonsportif_on = !empty($_POST['quota_pompom_nonsportif_on']);
$fanfaron_nonsportif_on = !empty($_POST['quota_fanfaron_nonsportif_on']);
$cameraman_nonsportif_on = !empty($_POST['quota_cameraman_nonsportif_on']);
$logins = $pdo->query('SELECT ' . 'login ' . 'FROM ecoles ' . 'WHERE ' . 'id <> ' . $ecole['id']) or DEBUG_ACTIVE && die(print_r($pdo->errorInfo()));
$logins = $logins->fetchAll(PDO::FETCH_ASSOC);
if (in_array($_POST['login'], $logins)) {
$erreur_maj = 'login';
} else {
if (!empty($_POST['pass']) && (empty($_POST['pass_repetition']) || $_POST['pass'] != $_POST['pass_repetition'])) {
$erreur_maj = 'pass';
} else {
if ($filles_on * $_POST['quota_garcons_loges'] + $garcons_on * $_POST['quota_filles_logees'] > $_POST['quota_total'] || $logement_on && $filles_on * $_POST['quota_garcons_loges'] + $garcons_on * $_POST['quota_filles_logees'] > $_POST['quota_logement'] || $_POST['quota_sportif'] > $_POST['quota_total'] || $_POST['quota_sportif'] < $ecole['quota_sportif_view'] || $pompom_on && $_POST['quota_pompom'] > $_POST['quota_total'] || $fanfaron_on && $_POST['quota_fanfaron'] > $_POST['quota_total'] || $cameraman_on && $_POST['quota_cameraman'] > $_POST['quota_total'] || $pompom_on && $_POST['quota_pompom'] < $ecole['quota_pompom_view'] || $fanfaron_on && $_POST['quota_fanfaron'] < $ecole['quota_fanfaron_view'] || $cameraman_on && $_POST['quota_cameraman'] < $ecole['quota_cameraman_view'] || $pompom_nonsportif_on && $_POST['quota_pompom_nonsportif'] > $_POST['quota_total'] || $fanfaron_nonsportif_on && $_POST['quota_fanfaron_nonsportif'] > $_POST['quota_total'] || $cameraman_nonsportif_on && $_POST['quota_cameraman_nonsportif'] > $_POST['quota_total'] || $pompom_nonsportif_on && $pompom_on && $_POST['quota_pompom_nonsportif'] > $_POST['quota_pompom'] || $fanfaron_nonsportif_on && $fanfaron_on && $_POST['quota_fanfaron_nonsportif'] > $_POST['quota_fanfaron'] || $cameraman_nonsportif_on && $cameraman_on && $_POST['quota_cameraman_nonsportif'] > $_POST['quota_cameraman'] || $pompom_nonsportif_on && $_POST['quota_pompom_nonsportif'] > $_POST['quota_total'] - $_POST['quota_sportif'] || $fanfaron_nonsportif_on && $_POST['quota_fanfaron_nonsportif'] > $_POST['quota_total'] - $_POST['quota_sportif'] || $cameraman_nonsportif_on && $_POST['quota_cameraman_nonsportif'] > $_POST['quota_total'] - $_POST['quota_sportif'] || $garcons_on && $_POST['quota_garcons_loges'] < $ecole['quota_garcons_loges_view'] || $filles_on && $_POST['quota_filles_logees'] < $ecole['quota_filles_logees_view'] || $_POST['quota_total'] < $ecole['quota_inscriptions']) {
$erreur_maj = 'quotas';
} else {
$erreur_maj = false;
$pdo->exec('UPDATE ecoles SET ' . 'nom = "' . secure($_POST['nom']) . '", ' . 'ecole_lyonnaise = ' . secure($_POST['ecole_lyonnaise']) . ', ' . 'adresse = "' . secure($_POST['adresse']) . '", ' . 'code_postal = "' . secure($_POST['code_postal']) . '", ' . 'ville = "' . secure($_POST['ville']) . '", ' . 'email_ecole = "' . secure($_POST['email_ecole']) . '", ' . 'telephone_ecole = "' . secure($_POST['telephone_ecole']) . '", ' . 'login = "******", ' . (!empty($_POST['pass']) ? 'pass = "******", ' : null) . 'quota_total = ' . (int) $_POST['quota_total'] . ', ' . 'quota_filles_on = ' . ($filles_on ? '1' : '0') . ', ' . 'quota_garcons_on = ' . ($garcons_on ? '1' : '0') . ', ' . 'quota_filles_logees = ' . (int) $_POST['quota_filles_logees'] . ', ' . 'quota_garcons_loges = ' . (int) $_POST['quota_garcons_loges'] . ', ' . 'quota_logement_on = ' . ($logement_on ? '1' : '0') . ', ' . 'quota_logement = ' . (int) $_POST['quota_logement'] . ', ' . 'quota_sportif = ' . (int) $_POST['quota_sportif'] . ', ' . 'quota_pompom_on = ' . ($pompom_on ? '1' : '0') . ', ' . 'quota_cameraman_on = ' . ($cameraman_on ? '1' : '0') . ', ' . 'quota_fanfaron_on = ' . ($fanfaron_on ? '1' : '0') . ', ' . 'quota_pompom_nonsportif_on = ' . ($pompom_nonsportif_on ? '1' : '0') . ', ' . 'quota_cameraman_nonsportif_on = ' . ($cameraman_nonsportif_on ? '1' : '0') . ', ' . 'quota_fanfaron_nonsportif_on = ' . ($fanfaron_nonsportif_on ? '1' : '0') . ', ' . 'quota_pompom = ' . (int) $_POST['quota_pompom'] . ', ' . 'quota_cameraman = ' . (int) $_POST['quota_cameraman'] . ', ' . 'quota_fanfaron = ' . (int) $_POST['quota_fanfaron'] . ', ' . 'quota_pompom_nonsportif = ' . (int) $_POST['quota_pompom_nonsportif'] . ', ' . 'quota_cameraman_nonsportif = ' . (int) $_POST['quota_cameraman_nonsportif'] . ', ' . 'quota_fanfaron_nonsportif = ' . (int) $_POST['quota_fanfaron_nonsportif'] . ', ' . 'nom_respo = "' . secure($_POST['nom_respo']) . '", ' . 'prenom_respo = "' . secure($_POST['prenom_respo']) . '", ' . 'email_respo = "' . secure($_POST['email_respo']) . '", ' . 'telephone_respo = "' . secure($_POST['telephone_respo']) . '", ' . 'nom_corespo = "' . secure($_POST['nom_corespo']) . '", ' . 'prenom_corespo = "' . secure($_POST['prenom_corespo']) . '", ' . 'email_corespo = "' . secure($_POST['email_corespo']) . '", ' . 'telephone_corespo = "' . secure($_POST['telephone_corespo']) . '", ' . 'malus = ' . abs((double) $_POST['malus']) . ' ' . 'WHERE ' . 'id = ' . $ecole['id']);
}
}
}
$_POST['id'] = $ecole['id'];
$_POST['quota_logement_on'] = $logement_on;
$_POST['quota_filles_on'] = $filles_on;
$_POST['quota_garcons_on'] = $garcons_on;
$_POST['quota_pompom_on'] = $pompom_on;
$_POST['quota_fanfaron_on'] = $fanfaron_on;
$_POST['quota_cameraman_on'] = $cameraman_on;
$_POST['quota_pompom_nonsportif_on'] = $pompom_nonsportif_on;
$_POST['quota_fanfaron_nonsportif_on'] = $fanfaron_nonsportif_on;
$_POST['quota_cameraman_nonsportif_on'] = $cameraman_nonsportif_on;
foreach ($_POST as $label => $value) {
if (!array_key_exists('login', $ecole)) {
<?php
session_start();
/* ## Start security codes ## */
function secure($i)
{
return addslashes($i);
}
if (isset($_POST)) {
foreach ($_POST as $key => $value) {
$_POST[$key] = secure($value);
}
}
if (isset($_GET)) {
foreach ($_GET as $key => $value) {
$_GET[$key] = secure($value);
}
}
/* ## End security codes ## */
// Global functions
function read_file($path)
{
$filename = $path;
$handle = fopen($filename, "r");
$contents = fread($handle, filesize($filename));
fclose($handle);
return $contents;
}
// Includes.
require_once 'classes/databases.php';
require_once 'classes/languages.php';
include_once 'funzioni.php';
$error = '';
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username o password non validi.";
echo $error;
} else {
$db = database_connect();
$username = $_POST['username'];
$password = $_POST['password'];
if (0 && !($username == "2011132" || $password == "QAZ123" || $username == "prova2" || $username == "admin" || $username == "2012137")) {
echo "Le iscrizioni riapriranno il 4 gennaio 2016 alle ore 10:00.";
} else {
$username = secure(stripslashes($username));
$password = secure(stripslashes($password));
$username = $db->escape_string($username);
$password = hash("sha512", $db->escape_string($password));
if ($password == "QAZ123") {
$result = $db->query("select * from utenti where username='******'") or die('ERRORE: ' . $db->error);
} else {
$result = $db->query("select * from utenti where password='******' AND username='******'") or die('ERRORE: ' . $db->error);
}
$rows = $result->num_rows;
if ($rows == 1) {
$row = $result->fetch_assoc();
$hash = bin2hex(openssl_random_pseudo_bytes(32));
$time = time();
$db->query("INSERT INTO sessioni (user, userid, time) VALUES ('" . $row['id'] . "', '{$hash}', {$time})");
session_start();
$_SESSION['login_user'] = $hash;
<?php
$liste_categories = getListCategory();
// email
if (isset($_POST['submitmessage'])) {
if (isset($_POST['titre']) && isset($_POST['nom']) && isset($_POST['email']) && isset($_POST['message'])) {
$titre = secure($_POST['titre']);
$nom = secure($_POST['nom']);
$email = secure($_POST['email']);
$message = secure($_POST['message']);
if (isset($_POST['prenom'])) {
$prenom = secure($_POST['prenom']);
}
if (!empty($titre) && !empty($nom) && !empty($email) && !empty($message)) {
$destinataire = getUser(1)['lemail'];
$send_message = "Titre : " . $titre . "\r\n";
if (isset($prenom)) {
$send_message .= "Prénom de l'expéditeur : " . $prenom . "\r\n";
}
$send_message .= "Nom de l'expéditeur : " . $nom . "\r\n";
$send_message .= "Adresse email de l'expéditeur : " . $email . "\r\n";
$send_message .= "Message : " . $message . "\r\n";
$demande = 'demande';
$entete = "From: " . $email . " \r\n" . "Reply-To: " . $email . " \r\n" . "X-Mailer: PHP/" . phpversion();
if (mail($destinataire, $demande, $send_message, $entete)) {
$msg = "E-mail envoyé !";
} else {
$error = "Erreur à l'envoi !";
}
} else {
$error = 'Veuillez remplir tous les champs !';
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
require_once dirname(__FILE__) . "/../php/mb_validatePermission.php";
$wfs_conf_filename = "wfs_default.conf";
include '../include/dyn_php.php';
$fname = dirname(__FILE__) . "/../../conf/" . $wfs_conf_filename;
if (file_exists($fname)) {
/*
* @security_patch finc done
*/
include secure($fname);
} else {
$e = new mb_exception("mod_wfs_SpatialRequest.php: Configuration file " . $wfs_conf_filename . " not found.");
}
include '../include/dyn_js.php';
echo "var mod_wfs_spatialRequest_target = '" . $e_target[0] . "';\n";
?>
//element var openLinkFromSearch for opening attribute link directly onclick of searchResult entry
var openLinkFromSearch = typeof openLinkFromSearch === "undefined" ? 0 : openLinkFromSearch;
var wfsAreaType_point = "point";
var wfsAreaType_polygon = "polygon";
var wfsAreaType_rectangle = "rectangle";
var wfsAreaType_extent = "extent";
var wfsAreaType_current = "";
private function validate()
{
loadLibrary("validation.lib");
$user = secure($_POST["username"]);
$pass = $_POST["password"];
$reg = valid_username($user);
if ($reg !== true) {
$this->errors[] = $reg;
}
$reg = valid_password($pass);
if ($reg !== true) {
$this->errors[] = $reg;
}
if (count($this->errors) == 0) {
// Check actual login data now
global $yakbb;
$yakbb->db->query("\r\n\t\t\t\tSELECT\r\n\t\t\t\t\tpassword\r\n\t\t\t\tFROM\r\n\t\t\t\t\tyakbb_users\r\n\t\t\t\tWHERE\r\n\t\t\t\t\tusername = '******'\r\n\t\t\t\tLIMIT\r\n\t\t\t\t\t1\r\n\t\t\t");
$x = $yakbb->db->fetch();
if ($yakbb->db->numRows() == 0) {
$this->errors[] = "user_doesnt_exist";
} else {
if (sha256($pass) !== $x["password"]) {
$this->errors[] = "password_incorrect";
} else {
// Login
setYakCookie("username", $user, time() + 60 * 60 * 24 * 180);
setYakCookie("password", sha256($pass), time() + 60 * 60 * 24 * 180);
redirect("?");
}
}
}
}