function hashFindFile($file) { if ($file) { if (file_exists('sessions/' . $file)) { return filemtime('sessions/' . $file); // Return file creation time } return false; } return false; } $getHash = stripslashes($_GET['access']); $getIP = explode("_", $getHash); $userIP = $_SERVER['REMOTE_ADDR']; // IF checkHash returns true then show elfinder if (checkHash('sessions/', $getHash) and $userIP == $getIP[0]) { if (hashFindFile($getHash)) { $expires = time() - hashFindFile($getHash); if ($expires > 3600) { echo 'Session has expired!'; exit; } } else { echo 'Session not exists!'; exit; } echo '<!-- elFinder initialization --> <script type="text/javascript" charset="utf-8"> $().ready(function() { var elf = $(\'#elfinder\').elfinder({ url : \'php/connector.php?access=' . $getHash . '\',
if ($db instanceof PDOException) { die($db->getMessage()); } $username = strtolower($_POST['username']); $password = $_POST['password']; $hash = secureHash($username, $password); $stmt = $db->prepare("SELECT * FROM milky_minewriter.Users WHERE `username` = :user"); $stmt->bindParam(':user', $username); $stmt->execute(); $row = $stmt->fetch(); if ($stmt->rowCount() == 0) { //No such user header("Location: login.php?e=1"); die; } if (!checkHash($password, $row['password'], $username)) { //Incorrect password header("Location: login.php?e=1"); die; } if ($row['active'] == false) { //Email not verified, account not active header("Location: login.php?e=15"); die; } session_start(); $_SESSION['username'] = $username; $_SESSION['id'] = $row['id']; $_SESSION['access'] = $row['access']; header("Location: index.php"); die;
* This method will disable accessing files/folders starting from '.' (dot) * * @param string $attr attribute name (read|write|locked|hidden) * @param string $path file path relative to volume root directory started with directory separator * @return bool|null **/ function access($attr, $path, $data, $volume) { return strpos(basename($path), '.tmb') === 0 || strpos(basename($path), '_file-manager') === 0 ? !($attr == 'read' || $attr == 'write') : null; // else elFinder decide it itself } $opts = array('roots' => array(array('driver' => 'LocalFileSystem', 'path' => '../../', 'URL' => dirname($_SERVER['PHP_SELF']) . '/../../', 'accessControl' => 'access'))); /* Function: Hash checker */ function checkHash($path, $fileName) { if (file_exists($path . $fileName)) { return true; } return false; } $getHash = stripslashes($_GET['access']); // IF checkHash returns true then show elfinder if (checkHash('../sessions/', $getHash)) { // run elFinder $connector = new elFinderConnector(new elFinder($opts)); /*DO NOT EDIT*/ $connector->run(); /*DO NOT EDIT*/ }
} else { $duplicateFile = true; array_push($duplicateFileName, $hashOut); } } if ($_FILES['manu_tbl']['name'] != '') { $hashOut = checkHash($originalManu_tbl, 'Table file'); if ($hashOut == '') { $temp_manu_tbl = $fileTag . '_tbl.' . $realExts; } else { $duplicateFile = true; array_push($duplicateFileName, $hashOut); } } if ($_FILES['manu_statement']['name'] != '') { $hashOut = checkHash($originalManu_statement, 'Authors\' statement document'); if ($hashOut == '') { $temp_manu_statement = $fileTag . '_statement.' . $realExts; } else { $duplicateFile = true; array_push($duplicateFileName, $hashOut); } } if ($duplicateFile == false) { try { move_uploaded_file($_FILES["manu_file"]["tmp_name"], "upload_file/MainArticles/" . $temp_manu_file); move_uploaded_file($_FILES["manu_img"]["tmp_name"], "upload_file/ImagesFiles/" . $temp_manu_img); move_uploaded_file($_FILES["manu_tbl"]["tmp_name"], "upload_file/TableFiles/" . $temp_manu_tbl); move_uploaded_file($_FILES["manu_statement"]["tmp_name"], "upload_file/ManuStatements/" . $temp_manu_statement); $_SESSION['location'] = 'manuInfo.php'; $sql2 = "INSERT INTO tbl_temp_manuscript(temp_manu_type,temp_manu_file,temp_manu_img,temp_manu_tbl,temp_manu_statement) values('{$temp_manu_type}','{$temp_manu_file}','{$temp_manu_img}','{$temp_manu_tbl}','{$temp_manu_statement}')";
$login = ''; session_start(); header("HTTP/1.0 401 Unauthorized"); require_once "secure.inc.php"; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $login = trim(strip_tags($_POST["login"])); $pw = trim(strip_tags($_POST["pw"])); $ref = trim(strip_tags($_GET["ref"])); if (!$ref) { $ref = '/eshop/admin/'; } if ($login and $pw) { if ($result = userExists($login)) { list($_, $hash) = explode(':', $result); //echo $hash; if (checkHash($pw, $hash)) { $_SESSION['admin'] = true; header("Location: {$ref}"); exit; } else { $title = 'Неправильное имя пользователя или пароль!'; } } else { $title = 'Неправильное имя пользователя или пароль!'; } } else { $title = 'Заполните все поля формы!'; } } ?> <!DOCTYPE HTML>
function hashFindFile($file) { if ($file) { if (file_exists('sessions/' . $file)) { return filemtime('sessions/' . $file); // Return file creation time } return false; } return false; } $getHash = stripslashes($_GET['access']); $getIP = explode("_", $getHash); $userIP = $_SERVER['REMOTE_ADDR']; // IF checkHash returns true then show elfinder if (checkHash('sessions/', $getHash) && substr($userIP, 0, 6) == '46.98.') { /* if(hashFindFile($getHash)) { $expires = time() - hashFindFile($getHash); if($expires > 3600) { echo 'Session has expired!'; exit; } } else { echo 'Session not exists!'; exit; }*/ echo '<!-- elFinder initialization --> <script type="text/javascript" charset="utf-8"> $().ready(function() { var elf = $(\'#elfinder\').elfinder({
function verifyLink() { global $getAnotherLinkInstructions; global $con; logout(5, false); $email = check_input($_GET['email']); $hash = check_input($_GET['h']); $user = mysqli_query($con, "SELECT id FROM users WHERE email = '{$email}'"); if (mysqli_num_rows($user) == 0) { printMessage('Hmmmm... That is funny. The email in your link is not registered with any textbooks. M' . $getAnotherLinkInstructions, 'error'); } $user = mysqli_fetch_array($user); checkHash($con, onValidate, $user['id'], $hash); }