* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
require_once "inc/toolkit.inc.php";
include_once "inc/header.inc.php";
verify_permission('user_edit_own') ? $perm_edit_own = "1" : ($perm_edit_own = "0");
verify_permission('user_edit_others') ? $perm_edit_others = "1" : ($perm_edit_others = "0");
verify_permission('user_is_ueberuser') ? $perm_is_godlike = "1" : ($perm_is_godlike = "0");
if (!(isset($_GET['id']) && v_num($_GET['id']))) {
error(ERR_INV_INPUT);
include_once "inc/footer.inc.php";
exit;
} else {
$uid = $_GET['id'];
}
if (isset($_POST['commit'])) {
if (is_valid_user($uid)) {
$zones = $_POST['zone'];
if (delete_user($uid, $zones)) {
success(SUC_USER_DEL);
}
} else {
header("Location: users.php");
exit;
}
} else {
if ($uid != $_SESSION['userid'] && $perm_edit_others == "0" || $uid == $_SESSION['userid'] && $perm_is_godlike == "0") {
error(ERR_PERM_DEL_USER);
include_once "inc/footer.inc.php";
exit;
} else {
$fullname = get_fullname_from_userid($uid);
function delete_owner_from_zone($zone_id, $user_id)
{
global $db;
if (verify_permission('zone_meta_edit_others') || verify_permission('zone_meta_edit_own') && verify_user_is_owner_zoneid($_GET["id"])) {
// User is allowed to make change to meta data of this zone.
if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id)) {
// TODO: Next if() required, why not just execute DELETE query?
if ($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=" . $db->quote($user_id, 'integer') . " AND domain_id=" . $db->quote($zone_id, 'integer')) != 0) {
$db->query("DELETE FROM zones WHERE owner=" . $db->quote($user_id, 'integer') . " AND domain_id=" . $db->quote($zone_id, 'integer'));
}
return true;
} else {
error(sprintf(ERR_INV_ARGC, "delete_owner_from_zone", "{$zone_id} / {$user_id}"));
}
} else {
return false;
}
}
$cp_ans = !empty($_POST['cp_ans']) ? $_POST['cp_ans'] : "";
$cp_message = !empty($_POST['cp_message']) ? $_POST['cp_message'] : "";
$cp_message = clean($cp_message);
$error_msg = "";
$send = 0;
if (!empty($_POST['submit'])) {
$send = 1;
if (empty($cp_name) || empty($cp_email) || empty($cp_message) || empty($cp_ans)) {
$error_msg .= "<p style='color:#a00'><strong>" . __("Please fill in all required fields.", 'ml') . "</strong></p>\n";
$send = 0;
}
if (!is_valid_email($cp_email)) {
$error_msg .= "<p style='color:#a00'><strong>" . __("Your email adress failed to validate.", 'ml') . "</strong></p>\n";
$send = 0;
}
if (!is_valid_user($cp_ans)) {
$error_msg .= "<p style='color:#a00'><strong>" . __("Incorrect Answer to the AntiSpam Question.", 'ml') . "</strong></p>\n";
$send = 0;
}
}
if (!$send) {
?>
<h2 class="post-title"><?php
the_title();
?>
</h2>
<div class="post-content">
<?php
the_content(__("Continue Reading »", 'ml'));
?>
<p class="post-info">* - <?php
}
disconnect_sql();
} elseif (isset($_GET['view'])) {
if (user_type() == "user") {
cust_die("You may not access this page.");
}
connect_sql();
// if the user wants to see data on a specific user...
if (isset($_GET['id'])) {
if (!is_numeric($_GET['id'])) {
cust_die("Invalid ID number.");
}
$requested_ID = escape_string(htmlspecialchars($_GET['id']));
connect_sql();
// see if the requested ID is a user or not...
if (is_valid_user($requested_ID) == FALSE) {
cust_die("Invalid ID number.");
}
$user_info = @query("SELECT `surname`, `firstname` FROM `users` WHERE `ID`='{$requested_ID}' LIMIT 1") or die("Error getting information the database.");
while ($row = result($user_info)) {
$name = stripslashes($row->firstname) . " " . stripslashes($row->surname);
}
if (user_type($requested_ID) == "user") {
$user_info = @query("SELECT `studentID` FROM `students` WHERE `ID`='{$requested_ID}' LIMIT 1") or die("Error getting information from the database.");
while ($row2 = result($user_info)) {
$studentID = $row2->studentID;
}
} else {
$studentID = "teacher";
}
$times_absent = @query("SELECT * FROM `absences` WHERE `user_ID`='{$requested_ID}'") or die("Error getting information from the database.");
$review_high = $user_info['review_high'];
$review_medium = $user_info['review_medium'];
$review_low = $user_info['review_low'];
$submit_risks = $user_info['submit_risks'];
$modify_risks = $user_info['modify_risks'];
$plan_mitigations = $user_info['plan_mitigations'];
// Check if a new password was submitted
if (isset($_POST['change_password'])) {
$user = $_SESSION["user"];
$current_pass = $_POST['current_pass'];
$new_pass = $_POST['new_pass'];
$confirm_pass = $_POST['confirm_pass'];
// Send an alert
$alert = true;
// If the user and current password are valid
if (is_valid_user($user, $current_pass)) {
// Verify that the two passwords are the same
if ("{$new_pass}" == "{$confirm_pass}") {
// Generate the salt
$salt = generateSalt($user);
// Generate the password hash
$hash = generateHash($salt, $new_pass);
// Update the password
update_password($user, $hash);
// Audit log
$risk_id = 1000;
$message = "Password was modified for the \"" . $_SESSION['user'] . "\" user.";
write_log($risk_id, $_SESSION['uid'], $message);
$alert_message = "Your password has been updated successfully!";
} else {
$alert_message = "The new password entered does not match the confirm password entered. Please try again.";
// if everything's good, update the database...
@query("UPDATE `classes` SET `name`='{$class_name}', `teacher`='{$teacher}', `room`='{$classroom}', `period`='{$class_period}', `semester`='{$class_semester}' WHERE `ID`='{$class_id}' LIMIT 1") or die("Error updating the database.");
print "Done. <a href=\"options.php?class\" title=\"edit another class\">Edit another class</a>?";
disconnect_sql();
}
} elseif (isset($_POST['changepassword'])) {
if (user_type() != "admin") {
cust_die("You may not view that page.");
}
connect_sql();
if (!isset($_POST['user']) or is_numeric($_POST['user']) == FALSE) {
cust_die("Invalid user.");
}
$user = escape_string(htmlspecialchars($_POST['user']));
// make sure the user's valid; they don't necessarily have to be a teacher
if (is_valid_user($user) == FALSE) {
cust_die("Invalid user.");
}
if (!isset($_POST['pass1']) or $_POST['pass1'] == "" or strlen($_POST['pass1']) < 6) {
cust_die("The password must be at least 6 characters long.");
}
if (!isset($_POST['pass2']) or $_POST['pass2'] == "" or strlen($_POST['pass2']) < 6) {
cust_die("You must enter the password twice, and it must be at least 6 characters long.");
}
if ($_POST['pass1'] != $_POST['pass2']) {
cust_die("The passwords must match.");
}
$cryptpass = md5(md5(escape_string($_POST['pass1'])));
// update his or her password
@query("UPDATE `users` SET `password`='{$cryptpass}' WHERE `ID`='{$user}' LIMIT 1") or die("Error updating the user's password.");
print "Done. <a href=\"options.php?teacher\" title=\"edit a teacher\">Edit another teacher</a>?";
$params = session_get_cookie_params();
setcookie(session_name(), '', 1, $params['path'], $params['domain'], $params['secure'], isset($params['httponly']));
}
// Destroy the session
session_destroy();
// Redirect to the upgrade login form
header('Location: /admin/upgrade.php');
}
// Default is no alert
$alert = false;
// If the login form was posted
if (isset($_POST['submit'])) {
$user = $_POST['user'];
$pass = $_POST['pass'];
// If the user is valid
if (is_valid_user($user, $pass)) {
// Check if the user is an admin
if ($_SESSION["admin"] == "1") {
// Grant access
$_SESSION["access"] = "granted";
} else {
$alert = true;
$alert_message = "You need to log in as an administrative user in order to upgrade the database.";
// Deny access
$_SESSION["access"] = "denied";
}
} else {
// Send an alert
$alert = true;
// Invalid username or password
$alert_message = "Invalid username or password.";
function send_message()
{
$recipient = $this->input->post("user_id");
$sender_id = $this->session->userdata("user_id");
// pr($_POST);exit;
if (!$this->input->post("new_message") && $this->input->post("new_message") == "1") {
if (!is_valid_conversation($recipient, $sender_id)) {
$this->session->set_flashdata("error", "Invalid Conversation");
redirect("user/conversations");
exit;
}
}
if ($recipient == "0" || !is_valid_user($recipient)) {
$this->session->set_flashdata("error", "Invalid recipient");
redirect("user/conversations");
exit;
}
$this->form_validation->set_rules("message", "Message", "xss_clean|required");
if ($this->form_validation->run()) {
$message = $this->input->post("message");
$subject = "";
$priority = 1;
$success = $this->Mahana_model->send_new_message($sender_id, $recipient, $subject, $message, $priority);
if ($success) {
$this->session->set_flashdata("success", "Your message has been sent.");
redirect("user/conversations?conversation_id=" . $recipient);
}
} else {
$this->session->set_flashdata("error", "Message can not be blank.");
redirect("user/conversations?conversation_id=" . $recipient);
}
}
<?php
require 'mysql_connect.php';
//Absolutely Necessary
$url = $_POST['img_url'];
//Might as well gather some extra data
$user = $_POST['user'];
//username
$weeks = $_POST['weeks'];
//Number of weeks counted
$artistcount = $_POST['artistcount'];
if (is_valid_url($url) && is_valid_user($user) && is_numeric($weeks) && is_numeric($artistcount)) {
$query = "INSERT INTO wave_db (username,url,weeks,artistcount) VALUES ('{$user}','{$url}',{$weeks},{$artistcount})";
$result = @mysqli_query($con, $query);
echo json_encode("Added image to gallery.");
} else {
echo json_encode("Errors");
}
mysqli_close($con);
