Ejemplo n.º 1
0
 public function checkUser()
 {
     //$username = $_POST['username'];
     //$password = $_POST['password'];
     require_once 'login.php';
     $connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
     if ($connection->connect_error) {
         die($connection->connect_error);
     }
     if (isset($_POST['username']) && isset($_POST['password'])) {
         $un_temp = mysql_entities_fix_string($connection, $_POST['username']);
         $pw_temp = mysql_entities_fix_string($connection, $_POST['password']);
         $query = "SELECT * FROM users WHERE username='******'";
         $result = $connection->query($query);
         if (!$result) {
             die($connection->error);
         } elseif ($result->num_rows) {
             $row = $result->fetch_array(MYSQLI_NUM);
             $result->close();
             $salt1 = "qm&h*";
             $salt2 = "pg!@";
             $token = hash('ripemd128', "{$salt1}{$pw_temp}{$salt2}");
             if ($token == $row[5]) {
                 session_start();
                 $_SESSION['username'] = $un_temp;
                 $_SESSION['password'] = $pw_temp;
                 $_SESSION['forename'] = $row[1];
                 $_SESSION['surname'] = $row[2];
                 $_SESSION['email'] = $row[3];
                 // echo "$row[0] $row[1] : Hi $row[0],
                 // you are now logged in as '$row[3]'";
                 die(header("location:projects.php"));
             } else {
                 die("Invalid username/password combination<br><a href=index.html>Go back home!</a>");
             }
         } else {
             die("Invalid username/password combination<br><a href=index.html>Go back home!</a>");
         }
     } else {
         echo "<a href='index.html'> Try again! </a>";
         die("Please enter your username and password");
     }
     $connection->close();
     function mysql_entities_fix_string($connection, $string)
     {
         return htmlentities(mysql_fix_string($connection, $string));
     }
     function mysql_fix_string($connection, $string)
     {
         if (get_magic_quotes_gpc()) {
             $string = stripslashes($string);
         }
         return $connection->real_escape_string($string);
     }
     header("Cache-Control: no-cache, must-revalidate");
     header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
     header("Content-Type: application/xml; charset=utf-8");
 }
<?php

// authenticate2.php
require_once 'login.php';
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
if ($connection->connect_error) {
    die($connection->connect_error);
}
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
    $un_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_USER']);
    $pw_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_PW']);
    $query = "SELECT * FROM users WHERE username='******'";
    $result = $connection->query($query);
    if (!$result) {
        die($connection->error);
    } elseif ($result->num_rows) {
        $row = $result->fetch_array(MYSQLI_NUM);
        $result->close();
        $salt1 = "qm&h*";
        $salt2 = "pg!@";
        $token = hash('ripemd128', "{$salt1}{$pw_temp}{$salt2}");
        if ($token == $row[3]) {
            session_start();
            $_SESSION['username'] = $un_temp;
            $_SESSION['password'] = $pw_temp;
            $_SESSION['forename'] = $row[0];
            $_SESSION['surname'] = $row[1];
            echo "{$row['0']} {$row['1']} : Hi {$row['0']},\n\t\t\t\tyou are now logged in as '{$row['2']}'";
            die("<p><a href=continue.php>Click here to continue</a></p>");
        } else {
            die("Invalid username/password combination");
 function __construct($username, $password, $inId)
 {
     $this->connection = new mysqli($GLOBALS['db_hostname'], $GLOBALS['db_username'], $GLOBALS['db_password'], $GLOBALS['db_database']);
     $this->user_info['email'] = mysql_entities_fix_string($this->connection, $username);
     $this->user_info['password'] = mysql_entities_fix_string($this->connection, $password);
     $this->user_info['inId'] = mysql_entities_fix_string($this->connection, $inId);
     $this->query = "SELECT * FROM users WHERE username='******'";
 }
Ejemplo n.º 4
0
<?php

//Yasia Sylla R01483577
require_once 'login.php';
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
if ($connection->connect_error) {
    die($connection->connect_error);
}
if (isset($_POST['username']) && isset($_POST['password'])) {
    $un_temp = mysql_entities_fix_string($connection, $_POST['username']);
    $pw_temp = mysql_entities_fix_string($connection, $_POST['password']);
    $query = "SELECT * FROM users WHERE username='******'";
    $result = $connection->query($query);
    if (!$result) {
        die($connection->error);
    } elseif ($result->num_rows) {
        $row = $result->fetch_array(MYSQLI_NUM);
        $result->close();
        $salt1 = "qm&h*";
        $salt2 = "pg!@";
        $token = hash('ripemd128', "{$salt1}{$pw_temp}{$salt2}");
        if ($token == $row[4]) {
            session_start();
            $_SESSION['username'] = $un_temp;
            $_SESSION['password'] = $pw_temp;
            echo "Login successsful!";
            die("<p><a href=menu.php>Click here to continue</a></p>");
        } else {
            die("Invalid username/password combination<br>");
        }
    } else {
Ejemplo n.º 5
0
session_start();
$connect = realpath('../../../../connection/connect.php');
$functions = realpath('../../../../common/functions.php');
$mysql_security = realpath('../../../../common/mysql_security.php');
require_once $connect;
require_once $functions;
require_once $mysql_security;
unset($_SESSION['visits']);
if (!empty($_SESSION['receipt_no'])) {
    $receipt_no = $_SESSION['receipt_no'];
}
if (empty($_POST['adminNo'])) {
    $adminNo = $_SESSION['adminNo'];
} else {
    $adminNo = mysql_entities_fix_string($_POST['adminNo']);
}
$credit = new credential();
//select types of payment
//get the active term period first
$sql = "SELECT term_id,term_name,year_name FROM term_period WHERE active='1'";
$result = mysql_query($sql) or die('Cannot get Info3.');
$row6 = mysql_fetch_assoc($result);
if ($row6 != null) {
    //var_dump($row6);
    extract($row6);
    //GET STUDENT INFORMATION
    $sql = "SELECT stud_id ,fname,mname,lname,class_name,class_for,admission_year FROM student_details,class\n WHERE student_details.adminNo='{$adminNo}' AND student_details.class_id=class.class_id AND student_details.active=1";
    $result = mysql_query($sql) or die('Cannot get Info7.');
    $row12 = mysql_fetch_assoc($result);
    if ($row12 == null) {
Ejemplo n.º 6
0
<?php

$user = mysql_entities_fix_string($_POST['user']);
$pass = mysql_entities_fix_string($_POST['pass']);
$query = "SELECT * FROM users WHERE user='******' AND pass='******'";
function mysql_entities_fix_string($string)
{
    return htmlentities(mysql_fix_string($string));
}
function mysql_fix_string($string)
{
    if (get_magic_quotes_gpc()) {
        $string = stripslashes($string);
    }
    return mysql_real_escape_string($string);
}
Ejemplo n.º 7
0
        $fail_msg = 'Already exists.';
    }
    if ($_FILES['fileToUpload']['size'] > 10000000) {
        $uploadOK = 0;
        $fail_msg = 'Too big.';
    }
    if ($imageFileType != 'jpg' && $imageFileType != 'png' && $imageFileType != 'jpeg') {
        $uploadOK = 0;
        $fail_msg = 'Not jpg, png or jpeg.';
    }
    if ($uploadOK == 0) {
    } else {
        if (move_uploaded_file($_FILES['fileToUpload']['tmp_name'], $target_path)) {
            $fail_msg = 'File uploaded.';
            $connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
            $ti_temp = mysql_entities_fix_string($connection, $title);
            $query = "INSERT INTO user_images(user_id, title, path)\n                          VALUES ('{$user_id}', '{$ti_temp}', '{$target_path}')";
            $result = $connection->query($query);
            if (!$result) {
                die($connection->error);
            }
            $connection->close();
            makeThumbnail($target_dir, $target_file);
        } else {
            $fail_msg = 'There was an error.';
        }
    }
}
function validate_title($field)
{
    if (strlen($field) > 64) {
Ejemplo n.º 8
0
<?php 
if (isset($_SESSION['user']) && !isset($_POST['LOGOUT'])) {
    displayWelcomePanel($user);
}
/* If the a session user variable is not set and AUTH_USERNAME and AUTH_PASSWORD have been posted sign in the user */
if (!isset($_SESSION['user']) && isset($_POST['AUTH_EMAIL']) && isset($_POST['AUTH_PASSWORD'])) {
    $dbMan = new DatabaseManager();
    if (!$dbMan->establishConnection()) {
        //database connection error
        return;
    }
    //create new user instance
    $user = new User($_POST['AUTH_EMAIL']);
    $user->password = $_POST['AUTH_PASSWORD'];
    //check login credentials
    $email_temp = mysql_entities_fix_string($dbMan->connection, $_POST['AUTH_EMAIL']);
    $request = new Request('SELECT *', 'se_Users');
    $request->addParameter('email', $email_temp);
    $request->transformCommand();
    $loginResults = $dbMan->executeQuery($request);
    //server error
    if ($loginResults == null) {
        //request was unsuccessful
    } else {
        if ($loginResults->num_rows) {
            //user exsists
            $row = $loginResults->fetch_array(MYSQLI_NUM);
            $loginResults->close();
            $user->hashedPassword = hash('ripemd128', "g!cT{$user->email}{$user->password}");
            //password correct
            if ($user->hashedPassword == $row[4]) {
Ejemplo n.º 9
0
<?php

//authenticate.php
require_once 'login.php';
$db_server = mysqli_connect($db_hostname, $db_username, $db_password);
if (!$db_server) {
    die("Unable to connect to MySQL: " . mysql_error());
}
mysqli_select_db($db_server, $db_database) or die("Unable to select database: " . mysql_error());
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
    $un_temp = mysql_entities_fix_string($db_server, $_SERVER['PHP_AUTH_USER']);
    $pw_temp = mysql_entities_fix_string($db_server, $_SERVER['PHP_AUTH_PW']);
    $query = "SELECT * FROM users WHERE username='******'";
    $result = mysqli_query($db_server, $query);
    if (!$result) {
        die("Database access failed: " . mysql_error());
    } elseif (mysqli_num_rows($result)) {
        $row = mysqli_fetch_row($result);
        $salt1 = "z0on!";
        $salt2 = "&!h*";
        $token = md5("{$salt1}{$pw_temp}{$salt2}");
        if ($token == $row[3]) {
            echo "{$row['0']} {$row['1']} : \n\t\t\tHi {$row['0']}, you are now logged in as '{$row['2']}'";
        } else {
            die("Invalid username/password combination");
        }
    } else {
        die("Invalid username/password combination");
    }
} else {
    header('WWW-Authenticate: Basic realm="Restricted Section"');
Ejemplo n.º 10
0
}
if (isset($_POST['key'])) {
    $key = fix_string($_POST['key']);
    $key_val = $key;
}
if (isset($_POST['submit'])) {
    $fail = validate_username($username);
    $fail .= validate_password($password);
    $fail .= validate_email($email);
    $fail .= validate_key($key);
    if ($fail == "" && isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']) && isset($_POST['key'])) {
        $connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
        $un_temp = mysql_entities_fix_string($connection, $_POST['username']);
        $pw_temp = mysql_entities_fix_string($connection, $_POST['password']);
        $em_temp = mysql_entities_fix_string($connection, $_POST['email']);
        $key_temp = mysql_entities_fix_string($connection, $_POST['key']);
        $query = "SELECT * FROM users WHERE username='******'";
        $query2 = "SELECT * FROM users WHERE email='{$em_temp}'";
        $query3 = "SELECT used FROM user_keys WHERE user_key='{$key_temp}'";
        $result = $connection->query($query);
        $result2 = $connection->query($query2);
        $result3 = $connection->query($query3);
        if (!$result) {
            die($connection->error);
        } elseif ($result->num_rows) {
            $UN_fail = "<div class='error_holder'>Username already taken.</div>";
            $red_border["un"] = "style='border-color: red;'";
            $result->close();
        } elseif (!$result2) {
            die($connection->error);
        } elseif ($result2->num_rows) {
Ejemplo n.º 11
0
        if (isset($_POST['entry_id'])) {
            $ei_temp = mysql_entities_fix_string($connection, $_POST['entry_id']);
            $query = "UPDATE movies SET title='{$ti_temp}', author='{$di_temp}', total_pages='{$ye_temp}',\n                          imdb_rating='{$im_temp}', rating='{$ra_temp}', date='{$da_temp}'\n                          WHERE user_id='{$user_id}' AND entry_id='{$ei_temp}'";
        } else {
            $query = "INSERT INTO user_books(title, author, total_pages, user_id)\n                           VALUES('{$ti_temp}', '{$au_temp}', '{$to_temp}', '{$user_id}')";
        }
        $result = $connection->query($query);
        if (!$result) {
            die($connection->error);
        }
        header('Location: books.php');
    }
}
if (isset($_GET['entry_id'])) {
    $entry_id = fix_string($_GET['entry_id']);
    $entry_id = mysql_entities_fix_string($connection, $entry_id);
    $query = "SELECT * FROM movies WHERE entry_id='{$entry_id}' AND user_id='{$user_id}'";
    $result = $connection->query($query);
    if (!$result) {
        die($connection->error);
    } elseif ($result->num_rows) {
        $row = $result->fetch_array(MYSQLI_ASSOC);
        $title = html_entity_decode($row['title']);
        $author = html_entity_decode($row['author']);
        $total_pages = html_entity_decode($row['total_pages']);
        $imdb_rating = html_entity_decode($row['imdb_rating']);
        $rating = html_entity_decode($row['rating']);
        $date = html_entity_decode($row['date']);
        $submit_string = 'Edit entry';
        $entry_input = "<input type='hidden' name='entry_id' value='" . $row['entry_id'] . "'>";
    } else {
Ejemplo n.º 12
0
        }
        if (file_exists($thumb_path)) {
            unlink($thumb_path);
            $status_msg = 'thumb deleted.';
        }
        $query = "DELETE FROM user_images WHERE img_id='{$delete_id}' AND user_id='{$user_id}'";
        $result = $connection->query($query);
        if (!$result) {
            die($connection->error);
        }
        $connection->close();
        header('Location: images.php');
    }
}
if (isset($_GET['img_id'])) {
    $img_id = mysql_entities_fix_string($connection, $_GET['img_id']);
    $query = "SELECT * FROM user_images WHERE img_id='{$img_id}' AND user_id='{$user_id}'";
    $result = $connection->query($query);
    if (!$result) {
        die($connection->error);
    }
    if ($result->num_rows) {
        $row = $result->fetch_array(MYSQLI_ASSOC);
        $img_path = $row['path'];
        $img_title = $row['title'];
        $no_image = false;
    }
}
if ($no_image) {
    $query = "SELECT * FROM user_images WHERE user_id='{$user_id}' ORDER BY img_id LIMIT 1";
    $result = $connection->query($query);
<?php 
require_once './login.php';
require_once './connect.php';
?>

<html>
<link rel = "stylesheet" type = "text/css" href = "style.css">
<body id = "loggedInBG">

<?php 
//Destroys anoy old session data
session_destroy();
//If the user enters a password and username
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
    $un_temp = mysql_entities_fix_string($link, $_SERVER['PHP_AUTH_USER']);
    $pw_temp = mysql_entities_fix_string($link, $_SERVER['PHP_AUTH_PW']);
    //query the database where the playername = whatever was entered
    $query = "SELECT * FROM playerSettings WHERE playerUsername='******'";
    $result = $link->query($query);
    if (!$result) {
        die($link->error);
    } elseif ($result->num_rows) {
        $row = $result->fetch_array(MYSQLI_NUM);
        $result->close();
        $token = crypt($pw_temp, $row[1]);
        //If the encrypted passwords match up, then the passwords were the same. The user is logged in and allowed to continue.
        //We store the ID number kept in row[17] of whichever ID number has the same username as the one entered.
        if ($token == $row[1]) {
            session_start();
            $_SESSION['username'] = $un_temp;
            $_SESSION['password'] = $pw_temp;
Ejemplo n.º 14
0
$username = $_SESSION['username'];
$user_id = $_SESSION['user_id'];
// If it's not the logged in users id, this will be set to true.
$other_profile = false;
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
$sort = '';
if (isset($_POST['entry_id'])) {
    $ei_temp = mysql_entities_fix_string($connection, $_POST['entry_id']);
    $query = "DELETE FROM movies WHERE entry_id='{$ei_temp}' AND user_id='{$user_id}'";
    $result = $connection->query($query);
    if (!$result) {
        die($connection->error);
    }
}
if (isset($_GET['user_id'])) {
    $user_id = mysql_entities_fix_string($connection, $_GET['user_id']);
    $other_profile = true;
}
if (isset($_GET['sort'])) {
    $sort_temp = htmlentities($_GET['sort']);
    switch ($sort_temp) {
        case 'date':
            $sort = 'ORDER BY date';
            break;
        case 'date_desc':
            $sort = 'ORDER BY date DESC';
            break;
        case 'dir':
            $sort = 'ORDER BY director';
            break;
        case 'dir_desc':