<?php
$user = check_param("name");
$password = check_param("password");
session_start();
if (checkUser($user, $password)) {
$_SESSION["login"] = $user;
$_SESSION["begin"] = date("F d, Y, h:i:s:a");
header("Location: todolist.php");
} else {
header("Location: start.php");
}
function check_param($var)
{
if (!isset($_POST[$var]) || $_POST[$var] == "") {
die("Error: missing required parameter '{$var}'");
}
return trim($_POST[$var]);
}
function checkUser($user, $password)
{
$userfile = "users.txt";
$granted = false;
$new = true;
$users = explode("\n", file_get_contents($userfile));
foreach ($users as $each) {
# list배열에 $username,$userpass 에 아이디, 비밀번호 저장.
list($username, $userpass) = explode(":", $each);
# 기존 회원인 경우.
if ($user == trim($username) && $password == trim($userpass)) {
$granted = true;
/**
* Return a ConversationSet for all challenges in the database;
*/
function getConversationSetData($parts)
{
$groupSet = new GroupSet();
$allGroups = getGroupsByGlobal(0, -1, 'date', 'ASC');
if (!$allGroups instanceof Error) {
$count = count($allGroups->groups);
for ($i = 0; $i < $count; $i++) {
$group = $allGroups->groups[$i];
if (!$group instanceof Error) {
$groupdata = getConversationData($group->groupid);
if (count($parts) > 3) {
$subtype = check_param($parts[3], PARAM_ALPHA);
$group->filter = $subtype;
}
if ($groupdata instanceof Group) {
$groupSet->add($groupdata);
}
}
}
}
return $groupSet;
}
} else {
show_procs($dbh);
}
break;
case 'add':
if ($f_proc_name && $f_proc_code) {
$requete = "SELECT count(1) FROM procs WHERE name='{$f_proc_name}' ";
$res = mysql_query($requete, $dbh);
$nbr_lignes = mysql_result($res, 0, 0);
if (!$nbr_lignes) {
if (is_array($userautorisation)) {
$autorisations = implode(" ", $userautorisation);
} else {
$autorisations = '';
}
$param_name = check_param($f_proc_code);
if ($param_name !== true) {
error_message_history($param_name, sprintf($msg["proc_param_check_field_name"], $param_name), 1);
die;
}
$requete = "INSERT INTO procs (idproc,name,requete,comment,autorisations,num_classement, proc_notice_tpl, proc_notice_tpl_field) \n\t\t\t\tVALUES ('', '{$f_proc_name}', '{$f_proc_code}', '{$f_proc_comment}', '{$autorisations}', '{$form_classement}', '{$form_notice_tpl}', '{$form_notice_tpl_field}' ) ";
$res = mysql_query($requete, $dbh);
} else {
print "<script language='Javascript'>alert(\"{$msg['709']}\");</script>";
print "<script language='Javascript'>history.go(-1);</script>";
}
show_procs($dbh);
} else {
$requete_users = "SELECT userid, username FROM users order by username ";
$res_users = mysql_query($requete_users, $dbh);
$autorisation = array();
show_req_add_form();
break;
case 'modif':
break;
case 'update':
if ($req_name && $req_code) {
$requete = "SELECT count(1) FROM procs WHERE name='" . $req_name . "' ";
$res = mysql_query($requete, $dbh);
$nbr_lignes = mysql_result($res, 0, 0);
if (!$nbr_lignes) {
if (is_array($user_aut)) {
$autorisations = implode(" ", $user_aut);
} else {
$autorisations = '';
}
$param_name = check_param($req_code);
if ($param_name !== true) {
error_message_history($param_name, sprintf($msg['proc_param_check_field_name'], $param_name), 1);
exit;
}
$requete = "INSERT INTO procs (idproc,name,requete,comment,autorisations,num_classement) VALUES ('', '{$req_name}', '{$req_code}', '{$req_comm}', '{$autorisations}', '{$form_classement}' ) ";
$res = mysql_query($requete, $dbh);
} else {
print "<script language='Javascript'>alert(\"" . addslashes($msg[709]) . "\");</script>";
}
print "<script type='text/javascript'> document.location='./admin.php?categ=proc&sub=proc&action='</script>";
}
break;
case 'del':
break;
case 'list':
case 'create_user':
$user_fields['cu_id'] = (int) str_replace(".", "", str_pad(microtime(true), 15, "0"));
// enabled by default
$user_fields['cu_status'] = 1;
$username = $user_fields['cu_name'];
$password = $user_fields['cu_password'];
$c_error = 0;
// checks
check_param("Username", $user_fields['cu_name']);
check_param("Password", $user_fields['cu_password']);
check_param("Lastname", $user_fields['cu_lastname']);
check_param("Forename", $user_fields['cu_forename']);
check_param("Street", $user_fields['cu_street']);
check_param("City", $user_fields['cu_city']);
check_param("Country", $user_fields['cu_country']);
check_param("Phone", $user_fields['cu_phone']);
// email valid ?
$cloud_email = new clouduser();
if (strcmp($user_fields['cu_email'], "@localhost")) {
if (!$cloud_email->checkEmail($user_fields['cu_email'])) {
$strMsg = "Email address is invalid. <br>";
$c_error = 1;
redirect($strMsg, 'tab0', "cloud-user.php");
exit(0);
}
}
// password min 6 characters
if (strlen($user_fields['cu_password']) < 6) {
$strMsg .= "Password must be at least 6 characters long <br>";
$c_error = 1;
redirect($strMsg, 'tab0', "cloud-user.php");
/** run tests on a function. the code is passed in $txt */
function check_function($name, $txt, $offset)
{
global $API_params;
if (preg_match_all('/zend_parse_parameters(?:_ex\\s*\\([^,]+,[^,]+|\\s*\\([^,]+),\\s*"([^"]*)"\\s*,\\s*([^{;]*)/S', $txt, $matches, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
$GLOBALS['current_function'] = $name;
foreach ($matches as $m) {
$GLOBALS['error_few_vars_given'] = false;
update_lineno($offset + $m[2][1]);
$vars = get_vars(substr($txt, 0, $m[0][1]));
// limit var search to current location
$params = get_params($vars, $m[2][0]);
$optional = $varargs = false;
$last_last_char = $last_char = '';
$j = -1;
$len = strlen($m[1][0]);
for ($i = 0; $i < $len; ++$i) {
switch ($char = $m[1][0][$i]) {
// separator for optional parameters
case '|':
if ($optional) {
error("more than one optional separator at char #{$i}");
} else {
$optional = true;
if ($i == $len - 1) {
error("unnecessary optional separator");
}
}
break;
// separate_zval_if_not_ref
// separate_zval_if_not_ref
case '/':
if (!in_array($last_char, array('r', 'z'))) {
error("the '/' specifier cannot be applied to '{$last_char}'");
}
break;
// nullable arguments
// nullable arguments
case '!':
if (!in_array($last_char, array('a', 'C', 'f', 'h', 'o', 'O', 'r', 's', 't', 'z', 'Z'))) {
error("the '!' specifier cannot be applied to '{$last_char}'");
}
break;
case '&':
if (version_compare(VERSION, '6', 'ge')) {
if ($last_char == 's' || $last_last_char == 's' && $last_char == '!') {
check_param($params, ++$j, 'UConverter*', $optional);
} else {
error("the '&' specifier cannot be applied to '{$last_char}'");
}
} else {
error("unknown char ('&') at column {$i}");
}
break;
case '+':
case '*':
if (version_compare(VERSION, '6', 'ge')) {
if ($varargs) {
error("A varargs specifier can only be used once. repeated char at column {$i}");
} else {
check_param($params, ++$j, 'zval****', $optional);
check_param($params, ++$j, 'int*', $optional);
$varargs = true;
}
} else {
error("unknown char ('{$char}') at column {$i}");
}
break;
default:
if (isset($API_params[$char])) {
foreach ($API_params[$char] as $exp) {
check_param($params, ++$j, $exp, $optional);
}
} else {
error("unknown char ('{$char}') at column {$i}");
}
}
$last_last_char = $last_char;
$last_char = $char;
}
}
}
}
/** run tests on a function. the code is passed in $txt */
function check_function($name, $txt, $offset)
{
global $API_params;
$regex = '/
(?: zend_parse_parameters(?:_throw)? \\s*\\([^,]+
| zend_parse_(?:parameters_ex|method_parameters) \\s*\\([^,]+,[^,]+
| zend_parse_method_parameters_ex \\s*\\([^,]+,[^,]+,[^,+]
)
,\\s*"([^"]*)"\\s*
,\\s*([^{;]*)
/Sx';
if (preg_match_all($regex, $txt, $matches, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
$GLOBALS['current_function'] = $name;
foreach ($matches as $m) {
$GLOBALS['error_few_vars_given'] = false;
update_lineno($offset + $m[2][1]);
$vars = get_vars(substr($txt, 0, $m[0][1]));
// limit var search to current location
$params = get_params($vars, $m[2][0]);
$optional = $varargs = false;
$last_char = '';
$j = -1;
$spec = $m[1][0];
$len = strlen($spec);
for ($i = 0; $i < $len; ++$i) {
$char = $spec[$i];
switch ($char = $spec[$i]) {
// separator for optional parameters
case '|':
if ($optional) {
error("more than one optional separator at char #{$i}");
} else {
$optional = true;
if ($i == $len - 1) {
error("unnecessary optional separator");
}
}
break;
// separate_zval_if_not_ref
// separate_zval_if_not_ref
case '/':
if (in_array($last_char, array('l', 'L', 'd', 'b'))) {
error("the '/' specifier should not be applied to '{$last_char}'");
}
break;
// nullable arguments
// nullable arguments
case '!':
if (in_array($last_char, array('l', 'L', 'd', 'b'))) {
check_param($params, ++$j, 'zend_bool*', $optional);
}
break;
// variadic arguments
// variadic arguments
case '+':
case '*':
if ($varargs) {
error("A varargs specifier can only be used once. repeated char at column {$i}");
} else {
check_param($params, ++$j, 'zval**', $optional);
check_param($params, ++$j, 'int*', $optional);
$varargs = true;
}
break;
case 's':
case 'p':
check_param($params, ++$j, 'char**', $optional, $allow_uninit = true);
check_param($params, ++$j, 'size_t*', $optional, $allow_uninit = true);
if ($optional && !$params[$j - 1][2] && !$params[$j][2] && $params[$j - 1][0] !== '**dummy**' && $params[$j][0] !== '**dummy**') {
error("one of optional vars {$params[$j - 1][0]} or {$params[$j][0]} must be initialized", 1);
}
break;
case 'C':
// C must always be initialized, independently of whether it's optional
check_param($params, ++$j, 'zend_class_entry**', false);
break;
default:
if (!isset($API_params[$char])) {
error("unknown char ('{$char}') at column {$i}");
}
// If an is_null flag is in use, only that flag is required to be
// initialized
$allow_uninit = $i + 1 < $len && $spec[$i + 1] === '!' && in_array($char, array('l', 'L', 'd', 'b'));
foreach ($API_params[$char] as $exp) {
check_param($params, ++$j, $exp, $optional, $allow_uninit);
}
}
$last_char = $char;
}
}
}
}
<link rel="stylesheet" href="leaflet.draw.ie.css" />
<![endif]-->
<script src="lib/leaflet/leaflet.js"></script>
<script src="lib/leaflet.draw/leaflet.draw.js"></script>
<script src="lib/leaflet.polylineDecorator/leaflet.polylineDecorator.js"></script>
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
</head>
<body>
<div id="header">
<a href='.'><img id='logo' src='images/logo.svg' alt='Geowiki'></a>
<?php
$name = $_REQUEST['id'];
if (check_param($_REQUEST)) {
$c = file_get_contents("{$data_path}/{$_REQUEST['id']}/map.json");
if ($c) {
$c = json_decode($c, true);
if (is_array($c) && array_key_exists('title', $c)) {
$name = $c['title'];
}
}
}
?>
<span id="title"><?php
print $name;
?>
</span>
</div>
<div id="map"></div>
case "edit":
// check post param
$id = check_param("id");
$name = check_param("name");
$pay = check_param("pay");
$boost = check_param("boost");
$quality = check_param("quality");
$sql = <<<EOF
UPDATE {$TB}
SET name="{$name}", pay={$pay}, boost={$boost}, quality={$quality}
WHERE uid={$id};
EOF;
break;
case "del":
// check post param
$id = check_param("id");
$sql = <<<EOF
DELETE FROM {$TB}
WHERE uid={$id};
EOF;
break;
default:
exit;
break;
}
$ret = $db->exec($sql);
if (!$ret) {
echo $db->lastErrorMsg();
} else {
//echo "Records created successfully\n";
}
function ajax_save_remove_feature($param, $postdata)
{
global $data_path;
if (!check_param($param)) {
return array('saved' => false, 'error' => 'Invalid ID');
}
git_init();
if (array_key_exists('rev', $param)) {
git_checkout($param['rev']);
}
// create directory for map data
$path = "{$data_path}/{$param['id']}";
if (!is_dir($path)) {
mkdir($path);
}
$feature_id = $postdata;
git_exec("rm " . shell_escape("{$param['id']}/_" . $feature_id . '.json'));
git_commit("remove feature");
$rev = git_rev();
if (!git_merge()) {
return array('saved' => false, 'rev' => $rev, 'error' => "Conflict when merging changes. Please reload and re-do changes.");
}
return array('saved' => true, 'rev' => $rev);
}
$userId = $_SESSION['user_id'];
if (!empty($userId)) {
$user = User::findById($userId);
$friendId = check_param($_REQUEST['friend_id']);
$giftType = check_param($_REQUEST['gift_type']);
$amount = check_param($_REQUEST['amount']);
if (!empty($friendId)) {
$result = $user->sendGift($friendId, $giftType, $amount);
}
}
echo $result;
exit;
} else {
if ($mode == 'send_request_bonus') {
$result = 0;
$userId = $_SESSION['user_id'];
if (!empty($userId)) {
$user = User::findById($userId);
$count = check_param($_REQUEST['count']);
if (!empty($count)) {
$result = $user->addGift($count);
}
}
echo $result;
exit;
}
}
}
}
}
}
