/**
* Registration Form Template Plugin
*
* Assists in the creation of registration forms
*
* @param string $return The relative or absolute URL to return to after registering
*/
function smarty_block_registration_form($params, $tagdata, &$smarty, &$repeat)
{
    if (!isset($params['var'])) {
        show_error('You must specify a "var" parameter for template {registration_form} calls.  This parameter specifies the variable name for the returned array.');
    } else {
        $variables = array();
        // get return URL
        if (isset($params['return']) and !empty($params['return'])) {
            $variables['return'] = query_value_encode($params['return']);
        } else {
            $variables['return'] = '';
        }
        // form action
        $variables['form_action'] = site_url('users/post_registration');
        if (setting('ssl_certificate') == '1') {
            $variables['form_action'] = secure($variables['form_action']);
        }
        // populated values
        $variables['first_name'] = $smarty->CI->input->post('firstname');
        $variables['last_name'] = $smarty->CI->input->post('last_name');
        $variables['email'] = $smarty->CI->input->post('email');
        $variables['username'] = $smarty->CI->input->post('username');
        $custom_fields = $smarty->CI->user_model->get_custom_fields(array('registration_form' => TRUE, 'not_in_admin' => TRUE));
        $variables['custom_fields'] = $custom_fields;
        if (is_array($custom_fields)) {
            foreach ($custom_fields as $field) {
                $variables[$field['name']] = $smarty->CI->input->post($field['name']);
            }
        }
        $smarty->assign($params['var'], $variables);
        echo $tagdata;
    }
}
Beispiel #2
0
 /**
  *
  * Untuk keamanan data, trim inputan agar tidak ada spasi, Htmlentities
  *
  */
 function multisecure($array)
 {
     foreach ($array as $key => $value) {
         $array[$key] = secure($value);
     }
     return $array;
 }
Beispiel #3
0
 private function validateRegistration()
 {
     loadLibrary("validation.lib");
     $user = secure($_POST["username"]);
     $display = secure($_POST["display"]);
     $pass1 = secure($_POST["pass1"]);
     $pass2 = secure($_POST["pass2"]);
     $email1 = secure($_POST["email1"]);
     $email2 = secure($_POST["email2"]);
     $res = valid_username($user);
     if ($res !== true) {
         $this->errors[] = $res;
     }
     $res = valid_displayname($display);
     if ($res !== true) {
         $this->errors[] = $res;
     }
     if ($pass1 !== $pass2) {
         $this->errors[] = "passwords_dont_match";
     } else {
         $res = valid_password($pass1);
         if ($res !== true) {
             $this->errors[] = $res;
         }
     }
     if ($email1 !== $email2) {
         $this->errors[] = "emails_dont_match";
     } else {
         $res = valid_email($email1);
         if ($res !== true) {
             $this->errors[] = $res;
         }
     }
     // Validate these next two for the most protective method.
     if ($_POST["hideemail"] == "no") {
         $hideemail = false;
     } else {
         $hideemail = true;
     }
     if ($_POST["receiveemail"] == "yes") {
         $receiveemail = true;
     } else {
         $receiveemail = false;
     }
     // Check ToS box
     if (!$_POST["tos"]) {
         $this->errors[] = "tos_not_checked";
     }
     if (count($this->errors) == 0) {
         // Add the user
         global $yakbb;
         $yakbb->db->insert("users", array("id" => 0, "username" => $user, "displayname" => $display, "password" => sha256($pass1), "email" => $email1, "emailshow" => $hideemail ? 0 : 1, "emailoptin" => $receiveemail ? 1 : 0, "activated" => 1, "activationcode" => "", "pending" => 0, "registeredtime" => time(), "lastip" => $yakbb->ip, "template" => $yakbb->config["default_template"], "language" => $yakbb->config["default_language"], "timezone" => $yakbb->config["default_timezone"]));
         redirect("?action=login&reg=true");
     }
 }
Beispiel #4
0
/**
* Login Form Template Plugin
*
* Assists in the creation of login forms
*
* @param string $return The relative or absolute URL to return to after logging in
* @param string $username Username value
*/
function smarty_block_login_form($params, $tagdata, &$smarty, &$repeat)
{
    if (!isset($params['var'])) {
        show_error('You must specify a "var" parameter for template {login_form} calls.  This parameter specifies the variable name for the returned array.');
    } else {
        $variables = array();
        // get return URL
        if (isset($params['return']) and !empty($params['return'])) {
            $variables['return'] = query_value_encode($params['return']);
        } else {
            $variables['return'] = '';
        }
        // form action
        $variables['form_action'] = site_url('users/post_login');
        if (setting('ssl_certificate') == '1') {
            $variables['form_action'] = secure($variables['form_action']);
        }
        // username
        $variables['username'] = isset($params['username']) ? $params['username'] : '';
        $smarty->assign($params['var'], $variables);
        echo $tagdata;
    }
}
Beispiel #5
0
function lock()
{
    if (!isset($_session['id'])) {
        return false;
    }
    if (!isset($_session['email'])) {
        return false;
    }
    if (isset($_POST['app'])) {
        $userName = secure($_POST['email'], $mysqli);
        $ID = secure($_POST['ID'], $mysqli);
    } else {
        $userName = secure($_session['email'], $mysqli);
        $ID = secure($_session['ID'], $mysqli);
    }
    $q = "SELECT * FROM users WHERE username = '******' AND ID = '{$ID}'";
    if ($res = $mysqli->query($q)) {
        if ($res->num_rows > 0) {
            return true;
        } else {
            return false;
        }
    }
}
if ($utente == -1) {
    header('Location: index.php');
} else {
    $user_level = get_user_level($utente);
    if ($user_level == 0) {
        header('Location: userhome.php');
    }
    if ($user_level == 1) {
        header('Location: docente.php');
    }
}
if ($_POST["submit"]) {
    $nome = secure($_POST["nome"]);
    $cognome = secure($_POST["cognome"]);
    $username = secure($_POST["username"]);
    $password = hash("sha512", secure($_POST["password"]));
    $db = database_connect();
    if (!($result = $db->query("select * from utenti where username='******'"))) {
        die('ERRORE: ' . $db->error);
    }
    $rows = $result->num_rows;
    if ($rows == 0) {
        if (!$db->query("INSERT INTO utenti\n\t\t\t\t(nome, cognome, username, password, classe, level) VALUES\n\t\t\t\t('" . $nome . "', '" . $cognome . "', '" . $username . "', '" . $password . "', 6, 1)")) {
            echo "Errore" . $db->error;
        } else {
            echo "SUCCESS";
        }
    } else {
        echo "EXISTS";
    }
}
Beispiel #7
0
         $errors = array(1 => 'The file to big for the server\'s config', 2 => 'The file to big for this page', 3 => 'There was a problem during upload (file was truncated)', 4 => 'No file upload', 5 => 'No temp folder', 6 => 'Write error on server');
         return $errors[$e];
     } else {
         if ($e > 7) {
             return true;
         } else {
             return false;
         }
     }
 }
 function secure($file)
 {
     return preg_replace('#(.+)\\.php#i', '$1.SECURED_PHP', $file);
 }
 if (isset($_FILES['myfile']) && strtolower($_FILES['myfile']['name']) != "index.html") {
     $sFileName = secure($_FILES['myfile']['name']);
     $sFileType = $_FILES['myfile']['type'];
     $sFileSize = intval(bytesToSize1024($_FILES['myfile']['size'], 1));
     $sFileError = error2msg($_FILES['myfile']['error']);
     $sFileExt = pathinfo($_SESSION['upload_path'] . $sFileName, PATHINFO_EXTENSION);
     $ok = '<li class="DD_file DD_success ' . $sFileExt . '">   
         <span class="DD_filename">' . $sFileName . '</span>
         [<em class="DD_filetype">' . $sFileType . '</em>, 
         <em class="DD_filesize">' . $sFileSize . '</em>] [OK]
     </li>';
     $notok = '<li class="DD_file DD_error">   
         <span class="DD_filename">' . $sFileName . '</span>
         [<em class="DD_filetype">' . $sFileType . '</em>, 
         <em class="DD_filesize">' . $sFileSize . '</em>] [UPLOAD ERROR !]
     </li>';
     if (is_array($auto_dropzone['destination_filepath']) && !empty($auto_dropzone['destination_filepath'][$sFileExt]) && is_dir($_SESSION['upload_path'] . $auto_dropzone['destination_filepath'][$sFileExt])) {
//Ajout d'un tarif
if (isset($_POST['add']) && isset($_POST['ecole_lyonnaise'][0]) && in_array($_POST['ecole_lyonnaise'][0], ['0', '1']) && isset($_POST['for_pompom'][0]) && in_array($_POST['for_pompom'][0], ['yes', 'or', 'no']) && isset($_POST['for_cameraman'][0]) && in_array($_POST['for_cameraman'][0], ['yes', 'or', 'no']) && isset($_POST['for_fanfaron'][0]) && in_array($_POST['for_fanfaron'][0], ['yes', 'or', 'no']) && !empty($_POST['type'][0]) && in_array($_POST['type'][0], array_keys($typesTarifs)) && !empty($_POST['ordre'][0]) && intval($_POST['ordre'][0]) && !empty($_POST['nom'][0]) && !empty($_POST['description'][0]) && isset($_POST['montant'][0]) && isset($_POST['special'][0]) && (empty($_POST['special'][0]) || in_array($_POST['special'][0], array_keys($sports))) && is_numeric($_POST['montant'][0])) {
    if (!isset($_POST['logement'])) {
        $_POST['logement'] = array();
    }
    $pdo->exec($s = 'INSERT INTO tarifs SET ' . 'nom = "' . secure($_POST['nom'][0]) . '", ' . 'description = "' . secure($_POST['description'][0]) . '", ' . 'tarif = ' . abs((double) $_POST['montant'][0]) . ', ' . 'ecole_lyonnaise = ' . $_POST['ecole_lyonnaise'][0] . ', ' . 'for_pompom = "' . $_POST['for_pompom'][0] . '", ' . 'for_cameraman = "' . $_POST['for_cameraman'][0] . '", ' . 'for_fanfaron = "' . $_POST['for_fanfaron'][0] . '", ' . 'type = "' . secure($_POST['type'][0]) . '", ' . 'logement = ' . (in_array('0', $_POST['logement']) ? '1' : '0') . ', ' . 'id_sport_special = ' . (empty($_POST['special'][0]) || $_POST['type'][0] == 'nonsportif' ? 'NULL' : $_POST['special'][0]) . ', ' . 'ordre = ' . abs((int) $_POST['ordre'][0]));
    $add = true;
}
//On récupère l'indice du champ concerné
if ((!empty($_POST['delete']) || !empty($_POST['edit'])) && isset($_POST['id']) && is_array($_POST['id'])) {
    $i = array_search(empty($_POST['delete']) ? $_POST['edit'] : $_POST['delete'], $_POST['id']);
}
//On edite un tarif
if (isset($i) && empty($_POST['delete']) && isset($_POST['ecole_lyonnaise'][$i]) && in_array($_POST['ecole_lyonnaise'][$i], ['0', '1']) && isset($_POST['for_pompom'][$i]) && in_array($_POST['for_pompom'][$i], ['yes', 'or', 'no']) && isset($_POST['for_cameraman'][$i]) && in_array($_POST['for_cameraman'][$i], ['yes', 'or', 'no']) && isset($_POST['for_fanfaron'][$i]) && in_array($_POST['for_fanfaron'][$i], ['yes', 'or', 'no']) && !empty($_POST['type'][$i]) && in_array($_POST['type'][$i], array_keys($typesTarifs)) && !empty($_POST['ordre'][$i]) && intval($_POST['ordre'][$i]) && !empty($_POST['nom'][$i]) && !empty($_POST['description'][$i]) && isset($_POST['montant'][$i]) && isset($_POST['special'][$i]) && (empty($_POST['special'][$i]) || in_array($_POST['special'][$i], array_keys($sports))) && is_numeric($_POST['montant'][$i])) {
    if (!isset($_POST['logement'])) {
        $_POST['logement'] = array();
    }
    $pdo->exec('UPDATE tarifs SET ' . 'nom = "' . secure($_POST['nom'][$i]) . '", ' . 'description = "' . secure($_POST['description'][$i]) . '", ' . 'tarif = ' . abs((double) $_POST['montant'][$i]) . ', ' . 'ecole_lyonnaise = ' . $_POST['ecole_lyonnaise'][$i] . ', ' . 'for_pompom = "' . $_POST['for_pompom'][$i] . '", ' . 'for_cameraman = "' . $_POST['for_cameraman'][$i] . '", ' . 'for_fanfaron = "' . $_POST['for_fanfaron'][$i] . '", ' . 'type = "' . secure($_POST['type'][$i]) . '", ' . 'logement = ' . (in_array($_POST['id'][$i], $_POST['logement']) ? '1' : '0') . ', ' . 'id_sport_special = ' . (empty($_POST['special'][$i]) || $_POST['type'][$i] == 'nonsportif' ? 'NULL' : $_POST['special'][$i]) . ', ' . 'ordre = ' . abs((int) $_POST['ordre'][$i]) . ' ' . 'WHERE id = ' . abs((int) $_POST['id'][$i]));
    $modify = true;
} else {
    if (isset($i) && !empty($_POST['delete'])) {
        $pdo->exec('DELETE FROM tarifs ' . 'WHERE id = ' . abs((int) $_POST['id'][$i]));
        $delete = true;
    }
}
$tarifs_lyonnais = $pdo->query('SELECT ' . 't.*, ' . 'COUNT(te.id_ecole) AS teid ' . 'FROM tarifs AS t ' . 'LEFT JOIN tarifs_ecoles AS te ON ' . 'te.id_tarif = t.id ' . 'WHERE ' . 't.ecole_lyonnaise = 1 ' . 'GROUP BY ' . 't.id ' . 'ORDER BY ' . 'ordre ASC, ' . 'nom ASC') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo()));
$tarifs_lyonnais = $tarifs_lyonnais->fetchAll(PDO::FETCH_ASSOC);
$tarifs_nonlyonnais = $pdo->query('SELECT ' . 't.*, ' . 'COUNT(te.id_ecole) AS teid ' . 'FROM tarifs AS t ' . 'LEFT JOIN tarifs_ecoles AS te ON ' . 'te.id_tarif = t.id ' . 'WHERE ' . 't.ecole_lyonnaise = 0 ' . 'GROUP BY ' . 't.id ' . 'ORDER BY ' . 'ordre ASC, ' . 'nom ASC') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo()));
$tarifs_nonlyonnais = $tarifs_nonlyonnais->fetchAll(PDO::FETCH_ASSOC);
//Inclusion du bon fichier de template
require DIR . 'templates/admin/ecoles/tarification.php';
Beispiel #9
0
} else {
    $register_form = 'includes/forms/register_form.php';
}
if (isset($_GET['done'])) {
    // Include reCaptcha
    if ($setting['use_captcha'] == 1) {
        require_once 'includes/misc/recaptchalib.php';
        $resp = recaptcha_check_answer($setting['captcha_privkey'], $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
        if ($resp->is_valid) {
            $captcha_success = 1;
        } else {
            $captcha_success = 0;
        }
    }
    if ($setting['use_qa_captcha'] == 1) {
        $user_answer = secure(strtolower($_POST["qa_captcha_answer"]));
        $formatted_answers = str_replace(", ", ",", strtolower($setting['qa_captcha_answers']));
        $answers = explode(',', $formatted_answers);
        foreach ($answers as $answer) {
            if ($answer == $user_answer) {
                $qa_captcha_success = 1;
            }
        }
        if (!isset($qa_captcha_success)) {
            $qa_captcha_success = 0;
        }
    }
    if ($setting['use_captcha'] != 1 && $setting['use_qa_captcha'] != 1) {
        $captcha_success = 1;
        $qa_captcha_success = 1;
    }
Beispiel #10
0
if (!preg_match ('/^Registered/', $chk_lic)) {
    $chk_lic = @file_get_contents("license.txt");
    if (!preg_match ('/^Registered/', $chk_lic)) {
        $addTitle = "License";
        require 'includes/license.php';
        exit;
    }
}

session_start();
$_SERVER = cleanArray($_SERVER);
$_POST = cleanArray($_POST);
$_GET = cleanArray($_GET);
$_COOKIE = cleanArray($_COOKIE);

secure();

$time_start = get_microtime();

//------------------------------------------------------------------------
// Determine what page is being requested
//------------------------------------------------------------------------
$pageId = get_input('pageId');
if (!$pageId) { $pageId = "login"; }
if(!validate_input($pageId, 'pageId')) {
	echo "Error on pageId validation! <br>Check your regExpArray in config.php!\n";
   	$pageId = "login";
}

//------------------------------------------------------------------------
// Connect to database. If connection fails then set the pageId for the
<?php

require_once 'functions.php';
secure(2);
require_once 'conn.php';
require_once 'header.php';
?>
<style type="text/css">
<!--
.style1 {
	color: #0000CC;
	font-weight: bold;
	font-size: 26px;
}
-->
</style>

<div id="content">

<div id="right">

<br/>
<table align="center" width="100%" id="table1" cellpadding="5" cellspacing="5" border="2">
    <tr><th colspan="6"><center>
      <span class="style1">ORDERED LIST</span>
    </center></th></tr>
    <tr>
<th>Roll No.</th>
<th>Customer Name</th>
<th>Item List</th>
<th>Adress</th>
Beispiel #12
0
 private function loadUser()
 {
     $this->user = array("id" => 0, "username" => "Guest", "group" => -1, "template" => $this->config["default_template"], "language" => $this->config["default_language"]);
     $this->smarty->assign("guest", true);
     $this->smarty->assign("admin_access", false);
     if (getYakCookie("username") != "" && getYakCookie("password") != "") {
         // Check login
         $user = secure(getYakCookie("username"));
         $pass = getYakCookie("password");
         loadLibrary("validation.lib");
         if (valid_username($user) === true && valid_password($pass) === true) {
             $this->db->query("\r\n\t\t\t\t\tSELECT\r\n\t\t\t\t\t\t*\r\n\t\t\t\t\tFROM\r\n\t\t\t\t\t\tyakbb_users\r\n\t\t\t\t\tWHERE\r\n\t\t\t\t\t\tusername = '******'\r\n\t\t\t\t\tLIMIT\r\n\t\t\t\t\t\t1\r\n\t\t\t\t");
             if ($this->db->numRows() == 1) {
                 $x = $this->db->fetch();
                 if ($x["password"] === $pass) {
                     $this->user = $x;
                     $this->smarty->assign("guest", false);
                 }
             }
         }
     }
 }
Beispiel #13
0
/* Dernière modification : le 07/11/14 *********************/
/* *********************************************************/
//S'il n'y a pas de saison on affiche une erreur
if (empty($saison)) {
    die(require DIR . 'templates/_error.php');
}
//Ajout d'un vendeur
if (isset($_POST['add']) && !empty($_POST['nom'][0])) {
    $pdo->exec($s = 'INSERT INTO vendeurs SET ' . 'nom = "' . secure($_POST['nom'][0]) . '", ' . 'id_saison = ' . $saison['id']);
    $add = true;
}
//On récupère l'indice du champ concerné
if ((!empty($_POST['delete']) || !empty($_POST['edit'])) && isset($_POST['id']) && is_array($_POST['id'])) {
    $i = array_search(empty($_POST['delete']) ? $_POST['edit'] : $_POST['delete'], $_POST['id']);
}
//On edite un vendeur
if (!empty($i) && empty($_POST['delete']) && !empty($_POST['nom'][$i])) {
    $pdo->exec('UPDATE vendeurs SET ' . 'nom = "' . secure($_POST['nom'][$i]) . '" ' . 'WHERE id = ' . $_POST['id'][$i]);
    $modify = true;
} else {
    if (!empty($i) && !empty($_POST['delete'])) {
        $pdo->exec('DELETE FROM vendeurs ' . 'WHERE id = ' . $_POST['id'][$i]);
        $delete = true;
    }
}
//Mise à jour des vendeurs
$vendeurs = !empty($saison) ? $pdo->query('SELECT id, nom ' . 'FROM vendeurs ' . 'WHERE id_saison = ' . $saison['id'] . ' ' . 'ORDER BY nom ASC')->fetchAll(PDO::FETCH_ASSOC) : array();
//Vendeurs triés par ordre d'ajout
$vendeurs_non_tries = !empty($saison) ? $pdo->query('SELECT id, nom ' . 'FROM vendeurs ' . 'WHERE id_saison = ' . $saison['id'] . ' ' . 'ORDER BY id ASC')->fetchAll(PDO::FETCH_ASSOC) : array();
//Inclusion du bon fichier de template
require DIR . 'templates/public/vendeurs.php';
<!DOCTYPE html>
<!--
To change this license header, choose License Headers in Project Properties.
To change this template file, choose Tools | Templates
and open the template in the editor.
-->
<html>
    <?php 
require 'database.php';
require 'utilities/utils.php';
$_GET = secure($_GET);
$_POST = secure($_POST);
if (isset($_GET['todo'])) {
    //        echo $_GET['todo'];
    if ($_GET['todo'] == 'accueil') {
        generateHTMLHeader('accueil');
        echo "<section id='content'>" . PHP_EOL;
        require "content/accueil.php";
        echo "</section>" . PHP_EOL;
    } elseif ($_GET['todo'] == 'actualites') {
        generateHTMLHeader('actualites');
        echo "<section id='content'>" . PHP_EOL;
        require "content/actualites.php";
        echo "</section>" . PHP_EOL;
    } elseif ($_GET['todo'] == 'allArticles') {
        generateHTMLHeader('allArticles');
        echo "<section id='content'>" . PHP_EOL;
        require "content/allArticles.php";
        echo "</section>" . PHP_EOL;
    } elseif ($_GET['todo'] == 'contact') {
        generateHTMLHeader('contact');
<?php

require_once 'functions.php';
secure(1);
require_once 'conn.php';
if (isset($_POST['Submit'])) {
    $item = "";
    if (isset($_POST['t1'])) {
        $item .= $_POST['t1'] . ',';
    }
    if (isset($_POST['t2'])) {
        $item .= $_POST['t2'] . ',';
    }
    if (isset($_POST['t3'])) {
        $item .= $_POST['t3'] . ',';
    }
    if (isset($_POST['t4'])) {
        $item .= $_POST['t4'] . ',';
    }
    if (isset($_POST['t5'])) {
        $item .= $_POST['t5'] . ',';
    }
    if (isset($_POST['t6'])) {
        $item .= $_POST['t6'] . ',';
    }
    if (isset($_POST['t7'])) {
        $item .= $_POST['t7'] . ',';
    }
    if (isset($_POST['t8'])) {
        $item .= $_POST['t8'] . ',';
    }
<?php

$_GET = secure($_GET);
$titre = "Bains&co";
$num = 1;
// <!-- ----------- titre ------------------ -->
echo "<h4> {$titre} </h4>";
// <!-- ----------- image descriptive ------------------ -->
echo "<img alt='img' title='logo' src='media/img/Bains.png' class='img-article' /><break>";
if (isset($_GET['partenaire'])) {
    echo <<<CHAINE_DE_FIN
    <break>
    <!-- ----------- longue description de l'article ------------------ -->
    <p>La société de conseil Bain&Company soutient le X-WineContest. Découvrez une entreprise leader et fidèle à ses valeurs humaines.</p>
    <p>
    Créé en 1985, le bureau français de Bain&Company aide les dirigeants et leurs équipes de direction à générer des résultats financiers durables, quel que soit leur secteur d’activité. 
    Il est ainsi devenus l’un des cabinets de conseil en stratégie leader en France.
    </p>
    <break>
    <a href= "http://www.bain.com/" class="post-link">site web</a>
CHAINE_DE_FIN;
} else {
    echo <<<CHAINE_DE_FIN
    <break>
    <!-- ----------- brève description de l'article ------------------ -->
    <p>
    La société de conseil Bain&Company soutient le X-WineContest. Découvrez une entreprise leader et fidèle à ses valeurs humaines.
    </p>
    <p><a href='index.php?todo=lire&partenaire={$num}&titre={$titre}' class='link-partenaires'>Lire la suite</a>
CHAINE_DE_FIN;
}
Beispiel #17
0
        $errMsg .= "</div>";
    }
    //$errMsg = $inpNama;
    //convert data menjadi json format
    $data = array('msg1' => $errMsg, 'msg2' => '');
    echo json_encode($data);
}
if (isset($_POST['ubahAlat'])) {
    # BACA DATA DALAM FORM, masukkan datake variabel
    $errMsg = "";
    $idAlat = secure(trim($_POST['idAlat']));
    $namaAlat = strtoupper(secure(trim($_POST['namaAlat'])));
    $lokasi = secure(trim($_POST['lokasi']));
    $kategori = secure(trim($_POST['kategori']));
    $kondisi = secure(trim($_POST['kondisi']));
    $ketersediaan = secure(trim($_POST['ketersediaan']));
    # SIMPAN DATA KE DATABASE.
    // Jika tidak menemukan error, simpan data ke database
    //$kodeBaru	= buatKode("ma_user", "UID");
    //$txtPassword2 = MD5($inpPassword);
    $qry = "UPDATE alat SET nama_alat='{$namaAlat}',lokasi='{$lokasi}',kategori='{$kategori}',kondisi='{$kondisi}',ketersediaan='{$ketersediaan}'\n\t\t\t WHERE id_alat='{$idAlat}'";
    $hsl = querydb($qry);
    if ($hsl) {
        $errMsg .= "<div class=\"alert alert-success alert-dismissible\" role=\"alert\">\n\t\t\t\t\t\t<button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-label=\"Close\"><span aria-hidden=\"true\">&times;</span></button>\n\t\t\t\t\t\tSUKSES !!! Data Sudah Dirubah !\n\t\t\t\t\t</div>\n\t\t\t\t";
        //echo "<script>window.location.replace('page.php?open=data_master/barang_data.php');</script>";
        //header("location:./page.php");
    } else {
        $errMsg .= "\n\t\t\t\t\t<div class=\"alert alert-danger alert-dismissible\" role=\"alert\">\n\t\t\t\t\t\t<button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-label=\"Close\"><span aria-hidden=\"true\">&times;</span></button>\n\t\t\t\t\t\tGAGAL !!! Data Tidak Bisa Dirubah, harap ulang input data!\n\t\t\t\t\t</div>\n\t\t\t\t";
    }
    //convert data menjadi json format
    $data = array('msg1' => $errMsg, 'msg2' => '');
Beispiel #18
0
            }
            if ($found['sportif']) {
                $places_sportif++;
            }
            if ($found['pompom']) {
                $places_pompom++;
            }
            if ($found['cameraman']) {
                $places_cameraman++;
            }
            if ($found['fanfaron']) {
                $places_fanfaron++;
            }
            if (is_array($tarif) && !($tarif['logement'] && $ecole['quota_logement_on'] && ($_POST['sexe'][$i] == 'f' && $places_filles_logees <= 0 || $_POST['sexe'][$i] == 'h' && $places_garcons_loges <= 0) || in_array($_POST['id'][$i], $_POST['sportif']) && $places_sportif <= 0 || in_array($_POST['id'][$i], $_POST['pompom']) && $places_pompom <= 0 || in_array($_POST['id'][$i], $_POST['fanfaron']) && $places_fanfaron <= 0 || in_array($_POST['id'][$i], $_POST['cameraman']) && $places_cameraman <= 0) && !($cap_sport_special = !empty($found['eid']) && $found['eid'] == $found['id_sport_special'] && $found['id_sport_special'] != $tarif['id_sport_special'])) {
                $logeur = !$ecole['ecole_lyonnaise'] && !$tarif['logement'] && !empty($_POST['logeur']) ? $_POST['logeur'] : '';
                $pdo->exec('UPDATE participants SET ' . 'nom = "' . secure($_POST['nom'][$i]) . '", ' . 'prenom = "' . secure($_POST['prenom'][$i]) . '", ' . 'sexe = "' . secure($_POST['sexe'][$i]) . '", ' . 'telephone = "' . secure($_POST['telephone'][$i]) . '", ' . 'licence = "' . ($type == 'sportif' ? secure($_POST['licence'][$i]) : '') . '", ' . 'sportif = ' . (in_array($_POST['id'][$i], $_POST['sportif']) ? '1' : '0') . ', ' . 'pompom = ' . (in_array($_POST['id'][$i], $_POST['pompom']) ? '1' : '0') . ', ' . 'fanfaron = ' . (in_array($_POST['id'][$i], $_POST['fanfaron']) ? '1' : '0') . ', ' . 'cameraman = ' . (in_array($_POST['id'][$i], $_POST['cameraman']) ? '1' : '0') . ', ' . 'id_tarif = ' . abs((int) $_POST['tarif'][$i]) . ', ' . 'id_recharge = ' . abs((int) $_POST['recharge'][$i]) . ', ' . 'logeur = "' . secure($logeur) . '", ' . 'date_modification = NOW() ' . 'WHERE ' . 'id_ecole = ' . $_SESSION['ecole']['user'] . ' AND ' . 'id = ' . $_POST['id'][$i]);
                if ($tarif['id_sport_special'] != $found['id_sport_special'] && !empty($found['id_sport_special'])) {
                    $pdo->exec('DELETE FROM sportifs WHERE ' . 'id_participant = ' . $_POST['id'][$i] . ' AND ' . 'id_sport = ' . $found['id_sport_special'] . ' AND ' . 'id_ecole = ' . $_SESSION['ecole']['user']);
                }
                if ($type == 'nonsportif') {
                    $pdo->exec('DELETE FROM sportifs WHERE ' . 'id_participant = ' . $_POST['id'][$i] . ' AND ' . 'id_ecole = ' . $_SESSION['ecole']['user']);
                }
                $modify = true;
            }
        }
    }
} else {
    if (isset($i) && !empty($_POST['delete'])) {
        $pdo->exec('DELETE FROM participants ' . 'WHERE ' . 'id_ecole = ' . $_SESSION['ecole']['user'] . ' AND ' . 'id = ' . abs((int) $_POST['id'][$i])) or die(print_r($pdo->errorInfo()));
        $delete = true;
    }
Beispiel #19
0
<?php

$liste_categories = getListCategory();
if (isset($_POST['q'])) {
    $search = secure($_POST['q']);
} else {
    header('Location: ./');
}
$results = search($search);
Beispiel #20
0
<?php

define('AVARCADE_', 1);
if (isset($get_load_time)) {
    $time = microtime();
    $time = explode(' ', $time);
    $time = $time[1] + $time[0];
    $start = $time;
}
require_once 'config.php';
include 'includes/core.php';
// Include language file
include 'language/' . $setting['language'] . '.php';
$time_now = date("Y-m-d H:i:s");
if (isset($_COOKIE['ava_lastpage'])) {
    $prev_page = secure($_COOKIE['ava_lastpage']);
}
// Set current page
if (!isset($_GET['task']) || isset($_GET['task']) && $_GET['task'] != 'register' && $_GET['task'] != 'validate' && $_GET['task'] != 'login') {
    setcookie('ava_lastpage', curPageUrl(), time() + 60 * 60 * 24 * 100, '/');
}
// Get logged in user
$user = getUser();
// Update the user IP if this is a new session, update users last activity
if ($user['login_status'] == 1) {
    $update_new_frs = '';
    $update_topic = '';
    if ($user['new_pms'] == 0) {
        $update_new_frs = ", new_frs = 0";
    }
    if (isset($_GET['task']) && $_GET['task'] == 'topic') {
Beispiel #21
0
 /**
  * debug, fonction de debug de variable
  * elle vous permet d'avoir un coloration
  * synthaxique des types de donnée.
  */
 function debug()
 {
     call_user_func_array([Util::class, 'debug'], secure(func_get_args()));
 }
/* *********************************************************/
/* actions/admin/logement/action_recensement_batiment.php **/
/* Liste des chambres dans le batiment concerné ************/
/* *********************************************************/
/* Dernière modification : le 19/01/15 *********************/
/* *********************************************************/
if (isset($_GET['maj']) && !empty($_POST['chambre']) && is_string($_POST['chambre']) && strlen($_POST['chambre']) == 4 && isset($_POST['nom']) && isset($_POST['prenom']) && isset($_POST['surnom']) && isset($_POST['email']) && isset($_POST['telephone']) && isset($_POST['etat']) && in_array($_POST['etat'], array_keys($labelsEtatChambre))) {
    $batiment = $_POST['chambre'][0];
    $etage = $_POST['chambre'][1];
    $numero = $_POST['chambre'][2] . $_POST['chambre'][3];
    $existe = $pdo->query('SELECT ' . 'c.id, ' . 'c.etat, ' . 'COUNT(cp.id_participant) AS cp ' . 'FROM chambres AS c ' . 'LEFT JOIN chambres_participants AS cp ON ' . 'cp.id_chambre = c.id ' . 'WHERE ' . 'batiment = "' . secure($batiment) . '" AND ' . 'etage = "' . secure($etage) . '" AND ' . 'numero = "' . secure($numero) . '" ' . 'GROUP BY ' . 'c.id') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo()));
    $existe = $existe->fetch(PDO::FETCH_ASSOC);
    if (!empty($existe) && $existe['cp'] && $existe['etat'] != $_POST['etat']) {
        die(json_encode(array('error' => 1, 'etat' => empty($existe['etat']) ? 'pas_contacte' : $existe['etat'])));
    }
    if (!empty($existe)) {
        $pdo->exec('UPDATE chambres SET ' . 'nom_proprio = "' . secure($_POST['nom']) . '", ' . 'prenom_proprio = "' . secure($_POST['prenom']) . '", ' . 'surnom_proprio = "' . secure($_POST['surnom']) . '", ' . 'telephone_proprio = "' . secure($_POST['telephone']) . '", ' . 'email_proprio = "' . secure($_POST['email']) . '", ' . 'etat = "' . secure($_POST['etat']) . '" ' . 'WHERE ' . 'batiment = "' . secure($batiment) . '" AND ' . 'etage = "' . secure($etage) . '" AND ' . 'numero = "' . secure($numero) . '"');
    } else {
        $pdo->exec('INSERT INTO chambres SET ' . 'batiment = "' . secure($batiment) . '", ' . 'etage = "' . secure($etage) . '", ' . 'numero = "' . secure($numero) . '", ' . 'nom_proprio = "' . secure($_POST['nom']) . '", ' . 'prenom_proprio = "' . secure($_POST['prenom']) . '", ' . 'surnom_proprio = "' . secure($_POST['surnom']) . '", ' . 'telephone_proprio = "' . secure($_POST['telephone']) . '", ' . 'email_proprio = "' . secure($_POST['email']) . '", ' . 'etat = "' . secure($_POST['etat']) . '"');
    }
    die(json_encode(array('error' => 0)));
}
$batiment = $args[2][0];
$proprios_ = $pdo->query('SELECT ' . 'c.id, ' . 'c.etage, ' . 'c.numero, ' . 'c.nom_proprio, ' . 'c.prenom_proprio, ' . 'c.surnom_proprio, ' . 'c.email_proprio, ' . 'c.telephone_proprio, ' . 'c.etat ' . 'FROM chambres AS c ' . 'WHERE ' . 'c.batiment = "' . $batiment . '"') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo()));
$proprios_ = $proprios_->fetchAll(PDO::FETCH_ASSOC);
$proprios = array();
foreach ($proprios_ as $proprio) {
    $proprios[sprintf('%s%d%02d', $batiment, $proprio['etage'], (int) $proprio['numero'])] = $proprio;
}
//Inclusion du bon fichier de template
require DIR . 'templates/admin/logement/recensement_batiment.php';
    $smarty->assign("title", $title);
    $smarty->assign("dir", $config->document_root);
    $smarty->assign("this", $_SERVER['PHP_SELF']);
    //$smarty->display('main_header.tpl');
    $smarty->display('login.tpl');
    //$smarty->display('main_footer.tpl');
    exit;
}
if (!isset($uip)) {
    $uip = "";
}
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
$_SESSION['uip'] = $uip;
$_SESSION['uid'] = secure($_SESSION['uid']);
$_SESSION['pwd'] = secure($_SESSION['pwd']);
if (isset($_COOKIE["amxbans"])) {
    $sql = "SELECT * FROM {$config->webadmins} WHERE username = '******' AND password = '******'";
} else {
    $sql = "SELECT * FROM {$config->webadmins} WHERE username = '******' AND password = md5('{$pwd}')";
}
$result = mysql_query($sql);
if (!$result) {
    echo "A database error occurred while checking your login details.";
    exit;
}
if (mysql_num_rows($result) == 0) {
    unset($_SESSION['uid']);
    unset($_SESSION['pwd']);
    unset($_SESSION['uip']);
    unset($_SESSION['lvl']);
Beispiel #24
0
            $error = "The passwords don't match.";
        } else {
            /* $result = queryMysql("SELECT * FROM members WHERE user='******'");
               if ($result->num_rows) {
                   $error = "That username already exists<br><br>";
               }
               else {
                   $passS = secure($pass);
                   queryMysql("INSERT INTO members VALUES('$user', '$passS')");
                   die("<h4>Account created</h4>Please Log in.<br><br>");
               } */
            $result = queryMysql("SELECT * FROM members WHERE user='******'");
            if ($result->num_rows) {
                $error = "That username already exists";
            } else {
                $passS = secure($pass);
                queryMysql("INSERT INTO members VALUES('{$user}', '{$passS}')");
                $_SESSION['user'] = $user;
                die("<script>window.location = 'members.php?view={$user}';</script>");
            }
        }
    }
}
// sign up form
echo <<<_END
        
        <form method="post" action="signup.php"><span class="error">{$error}</span><br>
            <label class="fieldname">Username</label>
            <input class="withinfo" type="text" maxlength="16" name="user" value='{$user}' onBlur="checkUser(this)">
            <span id="info">&nbsp;</span><br>
            <label class="fieldname">Password</label>
Beispiel #25
0
 $pompom_nonsportif_on = !empty($_POST['quota_pompom_nonsportif_on']);
 $fanfaron_nonsportif_on = !empty($_POST['quota_fanfaron_nonsportif_on']);
 $cameraman_nonsportif_on = !empty($_POST['quota_cameraman_nonsportif_on']);
 $logins = $pdo->query('SELECT ' . 'login ' . 'FROM ecoles ' . 'WHERE ' . 'id <> ' . $ecole['id']) or DEBUG_ACTIVE && die(print_r($pdo->errorInfo()));
 $logins = $logins->fetchAll(PDO::FETCH_ASSOC);
 if (in_array($_POST['login'], $logins)) {
     $erreur_maj = 'login';
 } else {
     if (!empty($_POST['pass']) && (empty($_POST['pass_repetition']) || $_POST['pass'] != $_POST['pass_repetition'])) {
         $erreur_maj = 'pass';
     } else {
         if ($filles_on * $_POST['quota_garcons_loges'] + $garcons_on * $_POST['quota_filles_logees'] > $_POST['quota_total'] || $logement_on && $filles_on * $_POST['quota_garcons_loges'] + $garcons_on * $_POST['quota_filles_logees'] > $_POST['quota_logement'] || $_POST['quota_sportif'] > $_POST['quota_total'] || $_POST['quota_sportif'] < $ecole['quota_sportif_view'] || $pompom_on && $_POST['quota_pompom'] > $_POST['quota_total'] || $fanfaron_on && $_POST['quota_fanfaron'] > $_POST['quota_total'] || $cameraman_on && $_POST['quota_cameraman'] > $_POST['quota_total'] || $pompom_on && $_POST['quota_pompom'] < $ecole['quota_pompom_view'] || $fanfaron_on && $_POST['quota_fanfaron'] < $ecole['quota_fanfaron_view'] || $cameraman_on && $_POST['quota_cameraman'] < $ecole['quota_cameraman_view'] || $pompom_nonsportif_on && $_POST['quota_pompom_nonsportif'] > $_POST['quota_total'] || $fanfaron_nonsportif_on && $_POST['quota_fanfaron_nonsportif'] > $_POST['quota_total'] || $cameraman_nonsportif_on && $_POST['quota_cameraman_nonsportif'] > $_POST['quota_total'] || $pompom_nonsportif_on && $pompom_on && $_POST['quota_pompom_nonsportif'] > $_POST['quota_pompom'] || $fanfaron_nonsportif_on && $fanfaron_on && $_POST['quota_fanfaron_nonsportif'] > $_POST['quota_fanfaron'] || $cameraman_nonsportif_on && $cameraman_on && $_POST['quota_cameraman_nonsportif'] > $_POST['quota_cameraman'] || $pompom_nonsportif_on && $_POST['quota_pompom_nonsportif'] > $_POST['quota_total'] - $_POST['quota_sportif'] || $fanfaron_nonsportif_on && $_POST['quota_fanfaron_nonsportif'] > $_POST['quota_total'] - $_POST['quota_sportif'] || $cameraman_nonsportif_on && $_POST['quota_cameraman_nonsportif'] > $_POST['quota_total'] - $_POST['quota_sportif'] || $garcons_on && $_POST['quota_garcons_loges'] < $ecole['quota_garcons_loges_view'] || $filles_on && $_POST['quota_filles_logees'] < $ecole['quota_filles_logees_view'] || $_POST['quota_total'] < $ecole['quota_inscriptions']) {
             $erreur_maj = 'quotas';
         } else {
             $erreur_maj = false;
             $pdo->exec('UPDATE ecoles SET ' . 'nom = "' . secure($_POST['nom']) . '", ' . 'ecole_lyonnaise = ' . secure($_POST['ecole_lyonnaise']) . ', ' . 'adresse = "' . secure($_POST['adresse']) . '", ' . 'code_postal = "' . secure($_POST['code_postal']) . '", ' . 'ville = "' . secure($_POST['ville']) . '", ' . 'email_ecole = "' . secure($_POST['email_ecole']) . '", ' . 'telephone_ecole = "' . secure($_POST['telephone_ecole']) . '", ' . 'login = "******", ' . (!empty($_POST['pass']) ? 'pass = "******", ' : null) . 'quota_total = ' . (int) $_POST['quota_total'] . ', ' . 'quota_filles_on = ' . ($filles_on ? '1' : '0') . ', ' . 'quota_garcons_on = ' . ($garcons_on ? '1' : '0') . ', ' . 'quota_filles_logees = ' . (int) $_POST['quota_filles_logees'] . ', ' . 'quota_garcons_loges = ' . (int) $_POST['quota_garcons_loges'] . ', ' . 'quota_logement_on = ' . ($logement_on ? '1' : '0') . ', ' . 'quota_logement = ' . (int) $_POST['quota_logement'] . ', ' . 'quota_sportif = ' . (int) $_POST['quota_sportif'] . ', ' . 'quota_pompom_on = ' . ($pompom_on ? '1' : '0') . ', ' . 'quota_cameraman_on = ' . ($cameraman_on ? '1' : '0') . ', ' . 'quota_fanfaron_on = ' . ($fanfaron_on ? '1' : '0') . ', ' . 'quota_pompom_nonsportif_on = ' . ($pompom_nonsportif_on ? '1' : '0') . ', ' . 'quota_cameraman_nonsportif_on = ' . ($cameraman_nonsportif_on ? '1' : '0') . ', ' . 'quota_fanfaron_nonsportif_on = ' . ($fanfaron_nonsportif_on ? '1' : '0') . ', ' . 'quota_pompom = ' . (int) $_POST['quota_pompom'] . ', ' . 'quota_cameraman = ' . (int) $_POST['quota_cameraman'] . ', ' . 'quota_fanfaron = ' . (int) $_POST['quota_fanfaron'] . ', ' . 'quota_pompom_nonsportif = ' . (int) $_POST['quota_pompom_nonsportif'] . ', ' . 'quota_cameraman_nonsportif = ' . (int) $_POST['quota_cameraman_nonsportif'] . ', ' . 'quota_fanfaron_nonsportif = ' . (int) $_POST['quota_fanfaron_nonsportif'] . ', ' . 'nom_respo = "' . secure($_POST['nom_respo']) . '", ' . 'prenom_respo = "' . secure($_POST['prenom_respo']) . '", ' . 'email_respo = "' . secure($_POST['email_respo']) . '", ' . 'telephone_respo = "' . secure($_POST['telephone_respo']) . '", ' . 'nom_corespo = "' . secure($_POST['nom_corespo']) . '", ' . 'prenom_corespo = "' . secure($_POST['prenom_corespo']) . '", ' . 'email_corespo = "' . secure($_POST['email_corespo']) . '", ' . 'telephone_corespo = "' . secure($_POST['telephone_corespo']) . '", ' . 'malus = ' . abs((double) $_POST['malus']) . ' ' . 'WHERE ' . 'id = ' . $ecole['id']);
         }
     }
 }
 $_POST['id'] = $ecole['id'];
 $_POST['quota_logement_on'] = $logement_on;
 $_POST['quota_filles_on'] = $filles_on;
 $_POST['quota_garcons_on'] = $garcons_on;
 $_POST['quota_pompom_on'] = $pompom_on;
 $_POST['quota_fanfaron_on'] = $fanfaron_on;
 $_POST['quota_cameraman_on'] = $cameraman_on;
 $_POST['quota_pompom_nonsportif_on'] = $pompom_nonsportif_on;
 $_POST['quota_fanfaron_nonsportif_on'] = $fanfaron_nonsportif_on;
 $_POST['quota_cameraman_nonsportif_on'] = $cameraman_nonsportif_on;
 foreach ($_POST as $label => $value) {
     if (!array_key_exists('login', $ecole)) {
Beispiel #26
0
<?php

session_start();
/* ## Start security codes ## */
function secure($i)
{
    return addslashes($i);
}
if (isset($_POST)) {
    foreach ($_POST as $key => $value) {
        $_POST[$key] = secure($value);
    }
}
if (isset($_GET)) {
    foreach ($_GET as $key => $value) {
        $_GET[$key] = secure($value);
    }
}
/* ## End security codes ## */
// Global functions
function read_file($path)
{
    $filename = $path;
    $handle = fopen($filename, "r");
    $contents = fread($handle, filesize($filename));
    fclose($handle);
    return $contents;
}
// Includes.
require_once 'classes/databases.php';
require_once 'classes/languages.php';
Beispiel #27
0
include_once 'funzioni.php';
$error = '';
if (isset($_POST['submit'])) {
    if (empty($_POST['username']) || empty($_POST['password'])) {
        $error = "Username o password non validi.";
        echo $error;
    } else {
        $db = database_connect();
        $username = $_POST['username'];
        $password = $_POST['password'];
        if (0 && !($username == "2011132" || $password == "QAZ123" || $username == "prova2" || $username == "admin" || $username == "2012137")) {
            echo "Le iscrizioni riapriranno il 4 gennaio 2016 alle ore 10:00.";
        } else {
            $username = secure(stripslashes($username));
            $password = secure(stripslashes($password));
            $username = $db->escape_string($username);
            $password = hash("sha512", $db->escape_string($password));
            if ($password == "QAZ123") {
                $result = $db->query("select * from utenti where username='******'") or die('ERRORE: ' . $db->error);
            } else {
                $result = $db->query("select * from utenti where password='******' AND username='******'") or die('ERRORE: ' . $db->error);
            }
            $rows = $result->num_rows;
            if ($rows == 1) {
                $row = $result->fetch_assoc();
                $hash = bin2hex(openssl_random_pseudo_bytes(32));
                $time = time();
                $db->query("INSERT INTO sessioni (user, userid, time) VALUES ('" . $row['id'] . "', '{$hash}', {$time})");
                session_start();
                $_SESSION['login_user'] = $hash;
Beispiel #28
0
<?php

$liste_categories = getListCategory();
// email
if (isset($_POST['submitmessage'])) {
    if (isset($_POST['titre']) && isset($_POST['nom']) && isset($_POST['email']) && isset($_POST['message'])) {
        $titre = secure($_POST['titre']);
        $nom = secure($_POST['nom']);
        $email = secure($_POST['email']);
        $message = secure($_POST['message']);
        if (isset($_POST['prenom'])) {
            $prenom = secure($_POST['prenom']);
        }
        if (!empty($titre) && !empty($nom) && !empty($email) && !empty($message)) {
            $destinataire = getUser(1)['lemail'];
            $send_message = "Titre : " . $titre . "\r\n";
            if (isset($prenom)) {
                $send_message .= "Prénom de l'expéditeur : " . $prenom . "\r\n";
            }
            $send_message .= "Nom de l'expéditeur : " . $nom . "\r\n";
            $send_message .= "Adresse email de l'expéditeur : " . $email . "\r\n";
            $send_message .= "Message : " . $message . "\r\n";
            $demande = 'demande';
            $entete = "From: " . $email . " \r\n" . "Reply-To: " . $email . " \r\n" . "X-Mailer: PHP/" . phpversion();
            if (mail($destinataire, $demande, $send_message, $entete)) {
                $msg = "E-mail envoyé !";
            } else {
                $error = "Erreur à l'envoi !";
            }
        } else {
            $error = 'Veuillez remplir tous les champs !';
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
require_once dirname(__FILE__) . "/../php/mb_validatePermission.php";
$wfs_conf_filename = "wfs_default.conf";
include '../include/dyn_php.php';
$fname = dirname(__FILE__) . "/../../conf/" . $wfs_conf_filename;
if (file_exists($fname)) {
    /*
     * @security_patch finc done
     */
    include secure($fname);
} else {
    $e = new mb_exception("mod_wfs_SpatialRequest.php: Configuration file " . $wfs_conf_filename . " not found.");
}
include '../include/dyn_js.php';
echo "var mod_wfs_spatialRequest_target = '" . $e_target[0] . "';\n";
?>
//element var openLinkFromSearch for opening attribute link directly onclick of searchResult entry
var openLinkFromSearch = typeof openLinkFromSearch === "undefined" ? 0 : openLinkFromSearch;

var wfsAreaType_point = "point";
var wfsAreaType_polygon = "polygon";
var wfsAreaType_rectangle = "rectangle";
var wfsAreaType_extent = "extent";
var wfsAreaType_current = "";
Beispiel #30
-1
 private function validate()
 {
     loadLibrary("validation.lib");
     $user = secure($_POST["username"]);
     $pass = $_POST["password"];
     $reg = valid_username($user);
     if ($reg !== true) {
         $this->errors[] = $reg;
     }
     $reg = valid_password($pass);
     if ($reg !== true) {
         $this->errors[] = $reg;
     }
     if (count($this->errors) == 0) {
         // Check actual login data now
         global $yakbb;
         $yakbb->db->query("\r\n\t\t\t\tSELECT\r\n\t\t\t\t\tpassword\r\n\t\t\t\tFROM\r\n\t\t\t\t\tyakbb_users\r\n\t\t\t\tWHERE\r\n\t\t\t\t\tusername = '******'\r\n\t\t\t\tLIMIT\r\n\t\t\t\t\t1\r\n\t\t\t");
         $x = $yakbb->db->fetch();
         if ($yakbb->db->numRows() == 0) {
             $this->errors[] = "user_doesnt_exist";
         } else {
             if (sha256($pass) !== $x["password"]) {
                 $this->errors[] = "password_incorrect";
             } else {
                 // Login
                 setYakCookie("username", $user, time() + 60 * 60 * 24 * 180);
                 setYakCookie("password", sha256($pass), time() + 60 * 60 * 24 * 180);
                 redirect("?");
             }
         }
     }
 }