<?php
// login.php
// ----------- ist der Benutzer bereits angemeldet? -----------
if (IsLoggedIn() == true) {
// ja, bereits angemeldet
} else {
// Das Login Formular muss erst angezeit werden ...
echo '<form method=post action="userhome.php">
<table>
<tr>
<td><label>Benutzername:</label></td>
<td><input name="username" type="text"></td>
</tr>
<tr>
<td><label>Passwort: </label></td>
<td><input name="userpass" type="password" id="userpass"></td>
</tr>
</table>
<input name="login" type="submit" id="login" value="Einloggen">
</form>';
}
?>
$RootMenu->AddMenuItem(3, "Ingredients", "Ingredientslist.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(9, "Orders", "Orderslist.php?cmd=resetall", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(13, "Order Details", "OrderDetailslist.php?cmd=resetall", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(10, "Promo Codes", "PromoCodeslist.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(11, "Zip Code", "ZipCodelist.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(19, "Notifications", "Notificationslist.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(21, "Contact", "Contactlist.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(20, "Web Pages", "WebPageslist.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(38, "Dates", "HolidayDatelist.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(32, "Reports", "", -1, "");
$RootMenu->AddMenuItem(31, "Meal Assembly Report", "../system/meal_assembly_report", 32, "");
$RootMenu->AddMenuItem(30, "Packing Slips", "../system/packing_slips", 32, "");
$RootMenu->AddMenuItem(27, "Kitchen Report", "Kitchen_Reportreport.php", 32, "", IsLoggedIn());
$RootMenu->AddMenuItem(29, "Delivery Report", "Delivery_Reportreport.php", 32, "", IsLoggedIn());
$RootMenu->AddMenuItem(24, "Ingredients Report", "Ingredients_Reportreport.php", 32, "", IsLoggedIn());
$RootMenu->AddMenuItem(54, "New Reports", "", -1, "");
$RootMenu->AddMenuItem(52, "Kitchen Report Tues", "Kitchen_Report_1report.php", 54, "", IsLoggedIn());
$RootMenu->AddMenuItem(53, "Delivery Report Tues", "Delivery_Report_1report.php", 54, "", IsLoggedIn());
$RootMenu->AddMenuItem(55, "Kitchen Report Fri", "Kitchen_Report_22D2report.php", 54, "", IsLoggedIn());
$RootMenu->AddMenuItem(49, "Delivery Report Fri", "Delivery_Report_2report.php", 54, "", IsLoggedIn());
$RootMenu->AddMenuItem(56, "Meal Assembly Tues", "../system/meal_assembly_report_tues", 54, "");
$RootMenu->AddMenuItem(57, "Meal Assembly Fri", "../system/meal_assembly_report_thurs", 54, "");
$RootMenu->AddMenuItem(58, "Packing Slips Tues", "../system/packing_slips_tues", 54, "");
$RootMenu->AddMenuItem(59, "Packing Slips Fri", "../system/packing_slips_thurs", 54, "");
$RootMenu->AddMenuItem(4294967295.0, "Logout", "logout.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(4294967295.0, "Login", "login.php", -1, "", !IsLoggedIn() && substr(@$_SERVER["URL"], -1 * strlen("login.php")) != "login.php");
$RootMenu->Render();
?>
</div>
<!-- End Main Menu -->
<!-- Begin Main Menu -->
<?php
$RootMenu = new cMenu(EW_MENUBAR_ID);
// Generate all menu items
$RootMenu->IsRoot = TRUE;
$RootMenu->AddMenuItem(5, "mi_view1", $Language->MenuPhrase("5", "MenuText"), "CustomView1rpt.php", -1, "", IsLoggedIn(), FALSE);
$RootMenu->AddMenuItem(2, "mi_messages", $Language->MenuPhrase("2", "MenuText"), "messageslist.php", -1, "", IsLoggedIn(), FALSE);
$RootMenu->AddMenuItem(4, "mi_status", $Language->MenuPhrase("4", "MenuText"), "statuslist.php", -1, "", IsLoggedIn(), FALSE);
$RootMenu->AddMenuItem(-1, "mi_logout", $Language->Phrase("Logout"), "logout.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(-1, "mi_login", $Language->Phrase("Login"), "login.php", -1, "", !IsLoggedIn() && substr(@$_SERVER["URL"], -1 * strlen("login.php")) != "login.php");
$RootMenu->Render();
?>
<!-- End Main Menu -->
function SubmitEntry($gameName, $gameURL, $screenshotURL)
{
$gameName = trim($gameName);
$gameURL = trim($gameURL);
$screenshotURL = trim($screenshotURL);
//Authorize user
if (IsLoggedIn() === false) {
die("Not logged in.");
}
//Validate game name
if (strlen($gameName) < 1) {
die("Game name not provided");
}
//Validate Game URL
if (SanitizeURL($gameURL) === false) {
die("Invalid game URL");
}
//Validate Screenshot URL
if ($screenshotURL == "") {
$screenshotURL = "logo.png";
} else {
if (SanitizeURL($screenshotURL) === false) {
die("Invalid screenshot URL. Leave blank for default.");
}
}
$filesToParse = GetSortedJamFileList();
if (count($filesToParse) < 1) {
die("No jam to submit your entry to");
}
//First on the list is the current jam.
$currentJamFile = $filesToParse[count($filesToParse) - 1];
$currentJam = json_decode(file_get_contents($currentJamFile), true);
if (isset($currentJam["entries"])) {
$entryUpdated = false;
foreach ($currentJam["entries"] as $i => $entry) {
if ($entry["author"] == IsLoggedIn()) {
//Updating existing entry
$currentJam["entries"][$i] = array("title" => "{$gameName}", "author" => "" . IsLoggedIn(), "url" => "{$gameURL}", "screenshot_url" => "{$screenshotURL}");
file_put_contents($currentJamFile, json_encode($currentJam));
$entryUpdated = true;
}
}
if (!$entryUpdated) {
//Submitting new entry
$currentJam["entries"][] = array("title" => "{$gameName}", "author" => "" . IsLoggedIn(), "url" => "{$gameURL}", "screenshot_url" => "{$screenshotURL}");
file_put_contents($currentJamFile, json_encode($currentJam));
}
}
}
function EditUserPassword($username, $newPassword1, $newPassword2)
{
global $users, $dbConn;
//Authorize user (is admin)
if (IsAdmin() === false) {
die("Only admins can edit entries.");
}
$newPassword1 = trim($newPassword1);
$newPassword2 = trim($newPassword2);
if ($newPassword1 != $newPassword2) {
die("passwords don't match");
}
$password = $newPassword1;
//Check password length
if (strlen($password) < 8) {
die("password must be longer than 8 characters");
}
//Check that the user exists
if (!isset($users[$username])) {
die("User does not exist");
return;
}
//Generate new salt, number of iterations and hashed password.
$newUserSalt = GenerateSalt();
$newUserPasswordIterations = intval(rand(10000, 20000));
$newPasswordHash = HashPassword($password, $newUserSalt, $newUserPasswordIterations);
$users[$loggedInUser["username"]]["salt"] = $newUserSalt;
$users[$loggedInUser["username"]]["password_hash"] = $newPasswordHash;
$users[$loggedInUser["username"]]["password_iterations"] = $newUserPasswordIterations;
$newUserSaltClean = mysqli_real_escape_string($dbConn, $newUserSalt);
$newPasswordHashClean = mysqli_real_escape_string($dbConn, $newPasswordHash);
$newUserPasswordIterationsClean = mysqli_real_escape_string($dbConn, $newUserPasswordIterations);
$usernameClean = mysqli_real_escape_string($dbConn, $username);
$sql = "\t\n\t\tUPDATE user\n\t\tSET\n\t\tuser_password_salt = '{$newUserSaltClean}',\n\t\tuser_password_iterations = '{$newUserPasswordIterationsClean}',\n\t\tuser_password_hash = '{$newPasswordHashClean}'\n\t\tWHERE user_username = '******';\n\t";
$data = mysqli_query($dbConn, $sql);
$sql = "";
LoadUsers();
$loggedInUser = IsLoggedIn(TRUE);
}
; // Session timeout time (seconds) var EW_SESSION_TIMEOUT_COUNTDOWN = <?php echo EW_SESSION_TIMEOUT_COUNTDOWN; ?> ; // Count down time to session timeout (seconds) var EW_SESSION_KEEP_ALIVE_INTERVAL = <?php echo EW_SESSION_KEEP_ALIVE_INTERVAL; ?> ; // Keep alive interval (seconds) var EW_RELATIVE_PATH = "<?php echo $EW_RELATIVE_PATH; ?> "; // Relative path var EW_SESSION_URL = EW_RELATIVE_PATH + "ewsession12.php"; // Session URL var EW_IS_LOGGEDIN = <?php echo IsLoggedIn() ? "true" : "false"; ?> ; // Is logged in var EW_IS_AUTOLOGIN = <?php echo IsAutoLogin() ? "true" : "false"; ?> ; // Is logged in with option "Auto login until I logout explicitly" var EW_LOGOUT_URL = EW_RELATIVE_PATH + "logout.php"; // Logout URL var EW_LOOKUP_FILE_NAME = "ewlookup12.php"; // Lookup file name var EW_AUTO_SUGGEST_MAX_ENTRIES = <?php echo EW_AUTO_SUGGEST_MAX_ENTRIES; ?> ; // Auto-Suggest max entries var EW_DISABLE_BUTTON_ON_SUBMIT = true; var EW_IMAGE_FOLDER = "phpimages/"; // Image folder var EW_UPLOAD_URL = "<?php
function DisplayHeaderMainPage($TitleTopContent = "", $MessageBeforeColumnLow = "", $ActionList = "")
{
global $DisplayHeaderMainPageIsSet;
echo " <div id=\"main\">\n";
echo " <div id=\"teaser_bg\">\n";
echo " <div id=\"teaser\" class=\"clearfix teaser_main\">\n";
if (IsLoggedIn()) {
echo " <h2>", ww("HelloUsername", LinkWithUsername($_SESSION["Username"])), "</h2>\n";
} else {
echo " <h2>", ww("YourAreNotLogged"), "</h2>\n";
}
echo " <div id=\"teaser_l\">\n";
echo "\t\t\t\t<img src=\"" . MyPict() . "\" id=\"MainUserpic\" alt=\"ProfilePicture\"/>\n";
echo " </div>\n";
echo " <div id=\"teaser_r\">\n";
echo "\t\t\t<div class=\"subcolumns\">\n";
echo "\t\t\t\t<div class=\"c38l\">\n";
echo " \t\t\t\t<div class=\"subcl\">\n";
echo " \t<p><img src=\"images/icons1616/icon_contactmember.png\" alt=\"Messages\"/>", ww("MainPageNewMessages"), "</p>\n";
echo " \t<p><img src=\"images/icons1616/icon_addcomments.png\" alt=\"Comments\"/>", ww("MainPageNewComments"), "</p>\n";
echo " \t<p><img src=\"images/icons1616/icon_myvisitors.png\" alt=\"Visitors\"/>", ww("MainPageNewVisitors"), "</p>\n";
echo " \t\t\t</div>\n";
echo " \t\t</div>\n";
echo "\t\t\t\t<div class=\"c62r\">\n";
echo "\t\t\t\t\t<div class=\"subcr\">\n";
echo "\t\t\t\t\t\t<div id=\"mapsearch\">\n";
echo "\t\t\t\t\t\t<form>\n";
echo "\t\t\t\t\t <fieldset> \n";
// echo " <label for=\"searchtext\">Search the map</label><br />\n";
echo "\t\t\t\t\t <input type=\"text\" id=\"searchtext\" name=\"searchtext\" size=\"20\" maxlength=\"30\" id=\"text-field\" value=\"Search the map!\" onfocus=\"this.value='';\"/>\n";
echo "\t\t\t\t\t <input type=\"hidden\" name=\"action\" value=\"mapsearch\" />\n";
echo "\t\t\t\t\t <input type=\"image\" src=\"" . bwlink("images/icon_go.png") . "\" id=\"submit-button\" /><br />\n";
echo "\t\t\t\t\t </fieldset>\n";
echo "\t\t\t\t\t\t</form>\n";
echo "\t\t\t\t\t\t</div>\n";
echo "\t\t\t\t\t</div>\n";
echo "\t\t\t\t</div>\n";
echo "\t\t\t</div>\n";
echo " </div>\n";
echo " </div>\n";
// no tabs >>
echo "\t <div id=\"middle_nav\" class=\"clearfix\">\n";
echo "\t\t <div id=\"nav_sub\" class=\"notabs\">\n";
echo "\t\t\t <ul>\n";
echo "\t\t\t </ul>\n";
echo "\t\t </div>\n";
echo "\t </div>\n";
echo " </div>\n";
//end teaser_bg
ShowLeftColumn($ActionList, VolMenu());
// Show the Actions
// middle column
echo "\n";
echo " <div id=\"col3\"> \n";
echo " <div id=\"col3_content\" class=\"clearfix\"> \n";
$DisplayHeaderMainPageIsSet = true;
// set this for footer function which will be in charge of calling the closing /div
}
function IsAdmin()
{
global $adminList;
$username = IsLoggedIn();
if ($username === false) {
return false;
}
if (array_search($username, $adminList) !== false) {
return true;
} else {
return false;
}
}
function SwitchToNewLang($para_newlang = "")
{
//echo $_SERVER["HTTP_ACCEPT_LANGUAGE"],"\$para_newlang=",$para_newlang;
$newlang = $para_newlang;
if (empty($newlang)) {
if (!empty($_COOKIE['LastLang'])) {
// If there is already a cookie ide set, we are going try it as language
$newlang = $_COOKIE['LastLang'];
} else {
$newlang = CV_def_lang;
// use the default one
if (isset($_SERVER["HTTP_ACCEPT_LANGUAGE"])) {
// To avoid a notice error
// Try to look in the default browser settings
$TLang = explode(",", $_SERVER["HTTP_ACCEPT_LANGUAGE"]);
for ($ii = 0; $ii < count($TLang); $ii++) {
$rr = LoadRow("SELECT languages.id AS id FROM languages,words WHERE languages.ShortCode='" . $TLang[$ii] . "' and languages.id=words.Idlanguage and words.code='WelcomeToSignup'");
if (isset($rr->id)) {
// if valid language found
$newlang = $TLang[$ii];
break;
}
}
}
// end Try to look in the default browser settings
}
}
if (!isset($_SESSION['lang']) || $_SESSION['lang'] != $newlang || !isset($_SESSION['IdLanguage'])) {
// Update lang if url lang has changed
$RowLanguage = LoadRow("SELECT SQL_CACHE id,ShortCode FROM languages WHERE ShortCode='" . $newlang . "'");
if (isset($RowLanguage->id)) {
if (isset($_SESSION['IdMember'])) {
LogStr("change to language from [" . $_SESSION['lang'] . "] to [" . $newlang . "]", "SwitchLanguage");
}
$_SESSION['lang'] = $RowLanguage->ShortCode;
$_SESSION['IdLanguage'] = $RowLanguage->id;
} else {
LogStr("problem : " . $newlang . " not found after SwitchLanguage", "Bug");
$_SESSION['lang'] = CV_def_lang;
$_SESSION['IdLanguage'] = 0;
}
setcookie('LastLang', $_SESSION['lang'], time() + 3600 * 24 * 300);
// store it as a cookie for 300 days
}
if (IsLoggedIn()) {
// if member is logged in set language preference
$rPrefLanguage = LoadRow("SELECT * FROM memberspreferences WHERE IdMember=" . $_SESSION['IdMember'] . " and IdPreference=1");
if (isset($rPrefLanguage->id)) {
$str = "UPDATE memberspreferences SET Value='" . $_SESSION['IdLanguage'] . "' WHERE id=" . $rPrefLanguage->id;
} else {
$str = "INSERT INTO memberspreferences(IdPreference,IdMember,Value,created) VALUES(1," . $_SESSION['IdMember'] . ",'" . $_SESSION['IdLanguage'] . "',now() )";
}
sql_query($str);
}
// end if Is Logged in
if (!isset($_SESSION['IdLanguage'])) {
bw_error("SwitchToNewLang internal failure. IdLanguage still not set.");
}
}
<html>
<head>
<link rel="stylesheet" Type="text/css" href="styles.css">
</head>
<?php
require "header.inc.php";
$user = IsLoggedIn();
$comand = "DELETE FROM active_users WHERE user = {$user}";
$query = mysql_query($comand);
Header("Location: ./index.php");
?>
</html>
function DisplayFaq($TFaq)
{
global $title;
$IdFaq = GetParam("IdFaq", 0);
$argv = $_SERVER["argv"];
if (isset($argv[1])) {
$IdFaq = $argv[1];
}
if ($IdFaq == 0) {
$title = ww('FaqPage');
} elseif ($TFaq[0]->PageTitle != "") {
$title = ww($TFaq[0]->PageTitle);
} else {
$title = ww("FaqQ_" . $TFaq[0]->QandA);
}
include "header.php";
Menu1("faq.php", ww('FaqPage'));
// Displays the top menu
Menu2("faq.php", ww('GetAnswers'));
echo "\n";
echo " <div id=\"main\">\n";
echo " <div id=\"teaser_bg\">\n";
echo " <div id=\"teaser\">\n";
echo " <h1>", $title, " </h1>\n";
echo " </div>\n";
//menugetanswers("faq.php", $title); // Display the generic header
echo " </div>\n";
// Content with just two columns
echo "\n";
echo " <div id=\"col3\" class=\"twocolumns\">\n";
echo " <div id=\"col3_content\" class=\"clearfix\">\n";
$iiMax = count($TFaq);
$LastCat = "";
// Display the list of the questions
echo "<div class=\"info\">\n";
for ($ii = 0; $ii < $iiMax; $ii++) {
if ($LastCat != $TFaq[$ii]->CategoryName) {
$LastCat = $TFaq[$ii]->CategoryName;
if (HasRight("Faq") > 0) {
echo "[<a href=\"faq.php?action=insert&IdCategory=", $TFaq[$ii]->IdCategory, "\">insert new faq in this category</a>]\n";
}
if ($IdFaq == 0) {
if ($ii > 0) {
echo "</ul><br/>\n";
}
echo " <h3>", ww($TFaq[$ii]->CategoryName), "</h3>\n<ul>\n";
}
}
$Q = ww("FaqQ_" . $TFaq[$ii]->QandA);
if ($IdFaq == 0) {
echo "<li>";
}
if ($TFaq[$ii]->QandA == "") {
$Q = " new ";
}
if (HasRight("Faq") > 0) {
if ($TFaq[$ii]->QandA == "") {
echo " [<a href=\"faq.php?action=edit&IdFaq=", $TFaq[$ii]->id, "\">edit this new faq</a>]\n";
} else {
echo " [<a href=\"faq.php?action=edit&IdFaq=", $TFaq[$ii]->id, "\">edit</a>]\n";
}
}
// echo " <a href=\"" . $_SERVER["PHP_SELF"] . "?IdFaq=", $TFaq[$ii]->id, "\">", $Q, "</a>";
if ($IdFaq == 0) {
if (IsLoggedIn()) {
echo " <a href=\"faq.php?IdFaq=" . $TFaq[$ii]->id . "\">", $Q, "</a></li>\n";
} else {
// If not login provide links to specific files
$ss = "select code from words where code=\"FaqA_" . $TFaq[$ii]->QandA . "\" and IdLanguage=" . $_SESSION["IdLanguage"];
// echo $ss ;
$rFak = LoadRow($ss);
if (empty($rFak->code)) {
echo " <a href=\"faq_" . $TFaq[$ii]->QandA . "_en.php\">", $Q, "</a></li>\n";
// Force english if the text is not yet translated to avoid several page with the same english default text
} else {
echo " <a href=\"faq_" . $TFaq[$ii]->QandA . "_" . $_SESSION["lang"] . ".php\">", $Q, "</a></li>\n";
}
}
}
}
// end of for $ii
if ($IdFaq == 0) {
echo "</ul><br/>\n";
}
// Display the list of the answers
for ($ii = 0; $ii < $iiMax and (IsLoggedIn() or $IdFaq != 0); $ii++) {
// echo " <div class=\"clear\" />\n";
if ($IdFaq == 0) {
echo " <h3>", ww($TFaq[$ii]->CategoryName), "</h3>";
}
$Q = ww("FaqQ_" . $TFaq[$ii]->QandA);
$A = ww("FaqA_" . $TFaq[$ii]->QandA);
if ($IdFaq == 0) {
echo "<h4><a name=\"", $TFaq[$ii]->id, "\"></a> ", $Q, "</h4>\n";
}
echo "<p>", str_replace("\n", "", $A), "</p>\n";
}
if (IsAdmin()) {
echo "<br/><p><a href=\"faq.php?action=rebuildextraphpfiles\">rebuild extra php files</a></p>";
}
include "footer.php";
exit(0);
}
function EvaluateMyEvents()
{
global $_SYSHCVOL;
if (isset($_SESSION['IdMember'])) {
$memberId = $_SESSION['IdMember'];
} else {
$memberId = false;
}
// REMOTE_ADDR is not set when run via CLI
if (isset($_SERVER['REMOTE_ADDR'])) {
$ipAsInt = intval(ip2long($_SERVER['REMOTE_ADDR']));
} else {
$ipAsInt = intval(ip2long('127.0.0.1'));
}
MOD_online::get()->iAmOnline($ipAsInt, $memberId);
if (!IsLoggedIn()) {
return;
// if member not identified, no more evaluation needed
}
if ($_SYSHCVOL['EvaluateEventMessageReceived'] == "Yes") {
$IdMember = $_SESSION['IdMember'];
$str = "select count(*) as cnt from messages where IdReceiver=" . $IdMember . " and WhenFirstRead='0000-00-00 00:00:00' and (not FIND_IN_SET('receiverdeleted',DeleteRequest)) and Status='Sent'";
// echo "str=$str<br> /";
$rr = LoadRow($str);
$_SESSION['NbNotRead'] = $rr->cnt;
} else {
$_SESSION['NbNotRead'] = 0;
}
}
function RightScope($RightName, $Scope = "")
{
global $_SYSHCVOL;
if (!IsLoggedIn()) {
return 0;
}
// No need to search for right if no member logged
$IdMember = $_SESSION['IdMember'];
if (!isset($_SESSION['Right_' . $RightName]) or $_SESSION['Param']->ReloadRightsAndFlags == 'Yes') {
$str = "SELECT SQL_CACHE Scope,Level FROM rightsvolunteers,rights WHERE IdMember={$IdMember} AND rights.id=rightsvolunteers.IdRight AND rights.Name='{$RightName}'";
$qry = mysql_query($str) or die("function RightScope");
$right = mysql_fetch_object(mysql_query($str));
// LoadRow not possible because of recusivity
if (!isset($right->Level)) {
return "";
// Return false if the Right does'nt exist for this member in the DB
}
$_SESSION['RightLevel_' . $RightName] = $right->Level;
$_SESSION['RightScope_' . $RightName] = $right->Scope;
}
return $_SESSION['RightScope_' . $RightName];
}
function SavePref($PrefName, $PrefValue)
{
if (!IsLoggedIn()) {
DieWithMsg("userlib.php->SavePref", "Call to SavePref while not logged in.");
}
if (!isset($_SESSION["Prefs"])) {
DieWithMsg("userlib.php->SavePref", '$_SESSION["Prefs"] Not set!');
}
$_SESSION["Prefs"][$PrefName] = $PrefValue;
SavePrefsForUser(GetUserID(), $_SESSION["Prefs"]);
}
function AddTheme($newTheme, $isBot)
{
global $themes, $dbConn, $ip, $userAgent;
if ($isBot) {
$user = "******";
} else {
//Authorize user (logged in)
$user = IsLoggedIn();
if ($user === false) {
die("Not logged in.");
}
}
$newTheme = trim($newTheme);
if ($newTheme == "") {
die("Theme is blank");
}
foreach ($themes as $i => $theme) {
if (strtolower($theme["theme"]) == strtolower($newTheme)) {
//Theme is already suggested
die("This theme has already been suggested.");
return;
}
}
$clean_ip = mysqli_real_escape_string($dbConn, $ip);
$clean_userAgent = mysqli_real_escape_string($dbConn, $userAgent);
$clean_newTheme = mysqli_real_escape_string($dbConn, $newTheme);
$clean_userName = mysqli_real_escape_string($dbConn, $user["username"]);
//Insert new theme
$sql = "\n\t\tINSERT INTO theme\n\t\t(theme_datetime, theme_ip, theme_user_agent, theme_text, theme_author)\n\t\tVALUES (Now(), '{$clean_ip}', '{$clean_userAgent}', '{$clean_newTheme}', '{$clean_userName}');";
$data = mysqli_query($dbConn, $sql);
$sql = "";
LoadThemes();
}
<title>One hour game jam</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="bs/css/bootstrap.min.css" rel="stylesheet">
<link href="css/site.css" rel="stylesheet">
<script src='js/1hgj.js' type='text/javascript'></script>
</head>
<body>
<div class="container">
<?php
print $mustache->render(file_get_contents("template/header.html"), $dictionary);
?>
<div class="row">
<div class="col-md-2">
<?php
if (IsLoggedIn() === false) {
print $mustache->render(file_get_contents("template/menu_guest.html"), $dictionary);
} else {
if (IsAdmin()) {
print $mustache->render(file_get_contents("template/menu_admin.html"), $dictionary);
} else {
print $mustache->render(file_get_contents("template/menu_user.html"), $dictionary);
}
}
print $mustache->render(file_get_contents("template/menu_shared.html"), $dictionary);
?>
</div>
<?php
switch ($page) {
case "main":
/**
* Creates an Auth Ticket for a given IP Address, Time To Live, Resource Id, and Username
*
* @param string $ipaddress ip address for the ticket
* @param string $minutes_to_live lifespan of the ticket
* @param string $reource_id id of the resource to authorize
* @param string $user_name username to create the ticket for
* @param array $render_params value to use for rendering html
*/
function CreateAuthTicket($ip_address, $minutes_to_live, $resource_id, $username, &$render_params)
{
if (!IsLoggedIn($render_params)) {
$render_params['error_message'] = SetError("Must be logged in to a valid EDAS service to cretate an authorization ticket");
return;
}
try {
$client = new ExternalAccessClient($_SESSION['svc_url'], $_SESSION['userticket'], $_SESSION['impersonation_username']);
//ensure we have a valid, unexpired ticket before calling Create
$identTicket = $client->QueryIdentityTicketProperties($_SESSION['userticket'], 120, false);
if ($identTicket->Properties->ExpirationTime >= date('c')) {
$ticket = $client->CreateAuthTicket($ip_address, $minutes_to_live, $resource_id, $username, $_SESSION['userticket']);
$render_params['auth_ticket_results'] = PrePrint($ticket);
$render_params['auth_ticket_properties'] = PrePrint($client->QueryAuthTicketProperties($ticket->AuthTicketId, $minutes_to_live, false, $_SESSION['userticket']));
$render_params["ipaddress"] = $ip_address;
$render_params["minutes_to_live"] = $minutes_to_live;
$render_params["resource_id"] = $resource_id;
$render_params["user_name"] = $username;
} else {
$render_params['error_message'] = SetError('User ticket expired');
return;
}
} catch (Exception $ex) {
throw $ex;
}
return;
}
function AllowListMenu($TableName)
{
if (IsLoggedIn()) {
// Get user level ID list as array
$userlevels = CurrentUserLevels();
// Get user level ID list as array
} else {
// Get anonymous user id
$userlevels = array(-2);
}
if (in_array("-1", $userlevels)) {
return TRUE;
} else {
$priv = 0;
if (is_array(@$_SESSION[EW_SESSION_AR_USER_LEVEL_PRIV])) {
foreach ($_SESSION[EW_SESSION_AR_USER_LEVEL_PRIV] as $row) {
if (strval($row[0]) == strval($TableName) && in_array($row[1], $userlevels)) {
$thispriv = $row[2];
if (is_null($thispriv)) {
$thispriv = 0;
}
$thispriv = intval($thispriv);
$priv = $priv | $thispriv;
}
}
}
return $priv & EW_ALLOW_LIST;
}
}
<?php
require_once 'configuration.php';
require_once 'view_helper.php';
require_once 'authenticate.php';
if (!isset($_GET['name'])) {
exit;
} else {
$view_name = $_GET['name'];
}
//var_dump($_POST);
//var_dump($_COOKIE);
$view_data = array();
if (count($_POST) > 0) {
require_once VIEW_BASE_PATH . "{$view_name}_view_save.php";
}
if (($user_info = IsLoggedIn()) === false) {
$view_data['is_logged_in'] = false;
} else {
$view_data['is_logged_in'] = true;
$view_data['user_id'] = $user_info['user_id'];
$view_data['user_info'] = $user_info;
}
if (($html = LoadFile(VIEW_BASE_PATH . "{$view_name}_view.html", $view_data)) !== false) {
echo $html;
}
function ew_Info()
{
global $Security;
ew_WritePaths();
echo "CurrentUserName() = " . CurrentUserName() . "<br>";
echo "CurrentUserID() = " . CurrentUserID() . "<br>";
echo "CurrentParentUserID() = " . CurrentParentUserID() . "<br>";
echo "IsLoggedIn() = " . (IsLoggedIn() ? "TRUE" : "FALSE") . "<br>";
echo "IsAdmin() = " . (IsAdmin() ? "TRUE" : "FALSE") . "<br>";
echo "IsSysAdmin() = " . (IsSysAdmin() ? "TRUE" : "FALSE") . "<br>";
if (isset($Security)) {
$Security->ShowUserLevelInfo();
}
}
<?php
require_once "include.inc.php";
if (!IsLoggedIn()) {
Header("Location: .");
exit(0);
}
$result = $database->query("SELECT * FROM questions WHERE id=" . addslashes($_GET["dict"]));
$row = $result->fetch_array();
$result = $database->query("SELECT * FROM rank WHERE account='" . $_SESSION["account"] . "' AND dict=" . addslashes($_GET["dict"]));
if ($result->num_rows) {
$database->query("UPDATE rank SET score = score + 1 WHERE account='" . $_SESSION["account"] . "' AND dict=" . addslashes($_GET["dict"]));
} else {
$database->query("INSERT INTO rank (`account`, `dict`, `score`) VALUES ('" . $_SESSION["account"] . "', " . addslashes($_GET["dict"]) . ", 1)");
}
<?php
chdir("../../");
include_once "php/site.php";
$usr = IsLoggedIn();
if ($usr == false) {
print json_encode(array("ERROR" => "Not logged in"));
die;
}
$clean_ip = mysqli_real_escape_string($dbConn, $ip);
$clean_userAgent = mysqli_real_escape_string($dbConn, $userAgent);
$clean_username = mysqli_real_escape_string($dbConn, $usr["username"]);
if (!isset($_GET["themeID"])) {
print json_encode(array("ERROR" => "Theme ID not set"));
die;
}
if (!isset($_GET["vote"])) {
print json_encode(array("ERROR" => "Vote type not set"));
die;
}
$voteThemeID = intval(trim($_GET["themeID"]));
$vote = intval($_GET["vote"]);
//Check if the theme exists
$sql = "SELECT theme_id FROM theme WHERE theme_deleted != 1 AND theme_id = {$voteThemeID}";
$data = mysqli_query($dbConn, $sql);
$sql = "";
if (mysqli_num_rows($data) == 0) {
print json_encode(array("ERROR" => "Theme does not exist."));
die;
}
//Check if there is already a vote by this user for this theme
function LoadNavBar()
{
if (IsLoggedIn()) {
print "Welcome back " . $_SESSION['user'] . ". Add an update to the <a href=\"updatetimeline.php\">timeline</a>, edit your <a href=\"profile.php\">profile</a>, or <a href=\"logout.php\">logout</a>";
} else {
print 'If you\'re a contributor, feel free to <a href="login.php">login</a>. If you want to play, <a href="mailto:planetrefi@daemonsong.com">drop us a line.</a>';
}
print $sidebar;
}
</script>
<meta name="generator" content="PHPMaker v10.0.2">
</head>
<body>
<?php
if (ew_IsMobile()) {
?>
<div data-role="page">
<div data-role="header">
<a href="mobilemenu.php"><?php
echo $Language->Phrase("MobileMenu");
?>
</a>
<h1 id="ewPageTitle"></h1>
<?php
if (IsLoggedIn()) {
?>
<a href="logout.php"><?php
echo $Language->Phrase("Logout");
?>
</a>
<?php
} elseif (substr(ew_ScriptName(), 0 - strlen("login.php")) != "login.php") {
?>
<a href="login.php"><?php
echo $Language->Phrase("Login");
?>
</a>
<?php
}
?>
function SubmitEntry($gameName, $gameURL, $gameURLWeb, $gameURLWin, $gameURLMac, $gameURLLinux, $gameURLiOS, $gameURLAndroid, $screenshotURL, $description)
{
global $loggedInUser, $_FILES, $dbConn, $ip, $userAgent, $jams;
$gameName = trim($gameName);
$gameURL = trim($gameURL);
$gameURLWeb = trim($gameURLWeb);
$gameURLWin = trim($gameURLWin);
$gameURLMac = trim($gameURLMac);
$gameURLLinux = trim($gameURLLinux);
$gameURLiOS = trim($gameURLiOS);
$gameURLAndroid = trim($gameURLAndroid);
$screenshotURL = trim($screenshotURL);
$description = trim($description);
//Authorize user
if (IsLoggedIn() === false) {
die("Not logged in.");
}
//Validate game name
if (strlen($gameName) < 1) {
die("Game name not provided");
}
$urlValid = FALSE;
//Validate that at least one of the provided game URLs is valid
if (SanitizeURL($gameURL) !== false) {
$urlValid = TRUE;
}
if (SanitizeURL($gameURLWeb) !== false) {
$urlValid = TRUE;
}
if (SanitizeURL($gameURLWin) !== false) {
$urlValid = TRUE;
}
if (SanitizeURL($gameURLMac) !== false) {
$urlValid = TRUE;
}
if (SanitizeURL($gameURLLinux) !== false) {
$urlValid = TRUE;
}
if (SanitizeURL($gameURLiOS) !== false) {
$urlValid = TRUE;
}
if (SanitizeURL($gameURLAndroid) !== false) {
$urlValid = TRUE;
}
//Did at least one url pass validation?
if ($urlValid == FALSE) {
die("Invalid game url");
}
//Validate description
if (strlen($description) <= 0) {
die("Invalid description");
}
//Check that a jam exists
$currentJam = GetCurrentJamNumberAndID();
if ($currentJam == null || $currentJam["NUMBER"] == 0) {
die("No jam to submit to");
}
if (count($jams) == 0) {
die("No jam to submit to");
}
$currentJamNumber = intval($currentJam["NUMBER"]);
$jam_folder = "data/jams/jam_{$currentJamNumber}";
//print $loggedInUser["username"];
if (isset($_FILES["screenshotfile"]) && $_FILES["screenshotfile"] != null && $_FILES["screenshotfile"]["size"] != 0) {
$uploadPass = 0;
$imageFileType = strtolower(pathinfo($_FILES["screenshotfile"]["name"], PATHINFO_EXTENSION));
$target_file = $jam_folder . "/" . $loggedInUser["username"] . "." . $imageFileType;
$check = getimagesize($_FILES["screenshotfile"]["tmp_name"]);
if ($check !== false) {
$uploadPass = 1;
} else {
die("Uploaded screenshot is not an image");
$uploadPass = 0;
}
if ($_FILES["screenshotfile"]["size"] > 5000000) {
die("Uploaded screenshot is too big (max 5MB)");
$uploadPass = 0;
}
if ($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif") {
die("Uploaded screenshot is not jpeg, png or gif");
$uploadPass = 0;
}
if ($uploadPass == 1) {
if (!file_exists($jam_folder)) {
mkdir($jam_folder);
file_put_contents($jam_folder . "/.htaccess", "Order allow,deny\nAllow from all");
}
move_uploaded_file($_FILES["screenshotfile"]["tmp_name"], $target_file);
$screenshotURL = $target_file;
}
}
//Validate Screenshot URL
if ($screenshotURL == "") {
$screenshotURL = "logo.png";
}
$currentJam = $jams[0];
if (isset($currentJam["entries"])) {
$entryUpdated = false;
foreach ($currentJam["entries"] as $i => $entry) {
if ($entry["author"] == $loggedInUser["username"]) {
//Updating existing entry
$existingScreenshot = $currentJam["entries"][$i]["screenshot_url"];
if ($screenshotURL == "logo.png") {
if ($existingScreenshot != "" && $existingScreenshot != "logo.png") {
$screenshotURL = $existingScreenshot;
}
}
$escapedGameName = mysqli_real_escape_string($dbConn, $gameName);
$escapedGameURL = mysqli_real_escape_string($dbConn, $gameURL);
$escapedGameURLWeb = mysqli_real_escape_string($dbConn, $gameURLWeb);
$escapedGameURLWin = mysqli_real_escape_string($dbConn, $gameURLWin);
$escapedGameURLMac = mysqli_real_escape_string($dbConn, $gameURLMac);
$escapedGameURLLinux = mysqli_real_escape_string($dbConn, $gameURLLinux);
$escapedGameURLiOS = mysqli_real_escape_string($dbConn, $gameURLiOS);
$escapedGameURLAndroid = mysqli_real_escape_string($dbConn, $gameURLAndroid);
$escapedScreenshotURL = mysqli_real_escape_string($dbConn, $screenshotURL);
$escapedDescription = mysqli_real_escape_string($dbConn, $description);
$escapedAuthorName = mysqli_real_escape_string($dbConn, $entry["author"]);
$escaped_jamNumber = mysqli_real_escape_string($dbConn, $currentJamNumber);
$sql = "\n\t\t\t\tUPDATE entry\n\t\t\t\tSET\n\t\t\t\t\tentry_title = '{$escapedGameName}',\n\t\t\t\t\tentry_url = '{$escapedGameURL}',\n\t\t\t\t\tentry_url_web = '{$escapedGameURLWeb}',\n\t\t\t\t\tentry_url_windows = '{$escapedGameURLWin}',\n\t\t\t\t\tentry_url_mac = '{$escapedGameURLMac}',\n\t\t\t\t\tentry_url_linux = '{$escapedGameURLLinux}',\n\t\t\t\t\tentry_url_ios = '{$escapedGameURLiOS}',\n\t\t\t\t\tentry_url_android = '{$escapedGameURLAndroid}',\n\t\t\t\t\tentry_screenshot_url = '{$escapedScreenshotURL}',\n\t\t\t\t\tentry_description = '{$escapedDescription}'\n\t\t\t\tWHERE \n\t\t\t\t\tentry_author = '{$escapedAuthorName}'\n\t\t\t\tAND entry_jam_number = {$escaped_jamNumber};\n\n\t\t\t\t";
$data = mysqli_query($dbConn, $sql);
$sql = "";
$entryUpdated = true;
}
}
if (!$entryUpdated) {
$jamData = GetCurrentJamNumberAndID();
$escaped_ip = mysqli_real_escape_string($dbConn, $ip);
$escaped_userAgent = mysqli_real_escape_string($dbConn, $userAgent);
$escaped_jamId = mysqli_real_escape_string($dbConn, $jamData["ID"]);
$escaped_jamNumber = mysqli_real_escape_string($dbConn, $jamData["NUMBER"]);
$escaped_gameName = mysqli_real_escape_string($dbConn, $gameName);
$escaped_description = mysqli_real_escape_string($dbConn, $description);
$escaped_aurhor = mysqli_real_escape_string($dbConn, $loggedInUser["username"]);
$escaped_gameURL = mysqli_real_escape_string($dbConn, $gameURL);
$escaped_gameURLWeb = mysqli_real_escape_string($dbConn, $gameURLWeb);
$escaped_gameURLWin = mysqli_real_escape_string($dbConn, $gameURLWin);
$escaped_gameURLMac = mysqli_real_escape_string($dbConn, $gameURLMac);
$escaped_gameURLLinux = mysqli_real_escape_string($dbConn, $gameURLLinux);
$escaped_gameURLiOS = mysqli_real_escape_string($dbConn, $gameURLiOS);
$escaped_gameURLAndroid = mysqli_real_escape_string($dbConn, $gameURLAndroid);
$escaped_ssURL = mysqli_real_escape_string($dbConn, $screenshotURL);
$sql = "\n\t\t\t\tINSERT INTO entry\n\t\t\t\t(entry_id,\n\t\t\t\tentry_datetime,\n\t\t\t\tentry_ip,\n\t\t\t\tentry_user_agent,\n\t\t\t\tentry_jam_id,\n\t\t\t\tentry_jam_number,\n\t\t\t\tentry_title,\n\t\t\t\tentry_description,\n\t\t\t\tentry_author,\n\t\t\t\tentry_url,\n\t\t\t\tentry_url_web,\n\t\t\t\tentry_url_windows,\n\t\t\t\tentry_url_mac,\n\t\t\t\tentry_url_linux,\n\t\t\t\tentry_url_ios,\n\t\t\t\tentry_url_android,\n\t\t\t\tentry_screenshot_url)\n\t\t\t\tVALUES\n\t\t\t\t(null,\n\t\t\t\tNow(),\n\t\t\t\t'{$escaped_ip}',\n\t\t\t\t'{$escaped_userAgent}',\n\t\t\t\t{$escaped_jamId},\n\t\t\t\t{$escaped_jamNumber},\n\t\t\t\t'{$escaped_gameName}',\n\t\t\t\t'{$escaped_description}',\n\t\t\t\t'{$escaped_aurhor}',\n\t\t\t\t'{$escaped_gameURL}',\n\t\t\t\t'{$escaped_gameURLWeb}',\n\t\t\t\t'{$escaped_gameURLWin}',\n\t\t\t\t'{$escaped_gameURLMac}',\n\t\t\t\t'{$escaped_gameURLLinux}',\n\t\t\t\t'{$escaped_gameURLiOS}',\n\t\t\t\t'{$escaped_gameURLAndroid}',\n\t\t\t\t'{$escaped_ssURL}');\n\t\t\t";
$data = mysqli_query($dbConn, $sql);
$sql = "";
}
}
LoadEntries();
}
