Example #1
0
/**
 * Created by PhpStorm.
 * User: Nima
 * Date: 7/26/2015
 * Time: 5:20 AM
 */
function AddAttributes($userid, $ignoreReadonly = false)
{
    if ($userid == GetUserId()) {
        return 'title="Can\'t change own settings"' . ($ignoreReadonly ? "disabled" : "disabled readonly");
    }
    return $_SESSION['type'] == 'admin' ? '' : 'title="Insufficient Privileges"' . ($ignoreReadonly ? "disabled" : "disabled readonly");
}
<?php

// login.php - log user in
//
// D Provine, 2 August 2013
session_name('reglogin');
session_start();
// Check the form was filled in correctly
if (!isset($_POST['username']) || !isset($_POST['password'])) {
    die("You did not fill in the form correctly.  Try again.");
}
include "/export/home/mclaug67/source_html/public_html/awp/PhotoSite/Connect-webuser.php";
include "DB_Functions.php";
$dbh = ConnectDB();
$user_id = GetUserId($dbh, $_POST['username'], $_POST['password']);
echo "<pre>\n";
print_r($userdata);
echo "</pre>";
if ($user_id == -1) {
    die("Username/password incorrect.  Try again.");
} else {
    $_SESSION['username'] = $_POST['username'];
    $_SESSION['user_id'] = $user_id;
    header("Location: user_page.php");
}
//header("Location: ./user_page.php");
         $error = "შეიყვანეთ თანხის რაოდენობა \n *მხოლოდ ციფრები!";
     }
     break;
 case 'take-money':
     $object_id = $_REQUEST['obj_id'];
     $money = $_REQUEST['money-amount'];
     $comment = $_REQUEST['comment'];
     $username = $_REQUEST['username'];
     $password = $_REQUEST['password'];
     $array = GetWarehouseMoney();
     if (is_numeric($money)) {
         global $pos;
         $check = $pos->CheckUser($username, $password);
         if ($check) {
             if ($array >= $money) {
                 $pos->pos_out(GetUserId($username), $object_id, $money, $comment);
             } else {
                 $error = "არასაკმარისი თანხა!";
             }
         } else {
             $error = "მომხმარებლის სახელი ან პაროლი არასწორია!";
         }
     } else {
         $error = "შეიყვანეთ თანხის რაოდენობა \n *მხოლოდ ციფრები!";
     }
     break;
 case 'pos-check':
     $object_id = $_REQUEST['obj_id'];
     $real_money = $_REQUEST['money-amount'];
     $user_id = $_COOKIE['USERID'];
     $comment = $_REQUEST['comment'];
$passCount = 0;
$typeCount = 0;
$deleteCount = 0;
$passText = "Password for the following users successfully changed:";
$typeText = "The account type for the following users successfully changed:";
$deleteText = "The following users were successfully deleted:";
foreach ($userInfo as $id => $info) {
    if (!empty($info['pass']) && !empty($info['confpass']) && strcmp($info['pass'], $info['confpass']) == 0) {
        $passHash = sha1(filter_var($info['pass'], FILTER_SANITIZE_STRING));
        $query = $dbConnection->prepare("UPDATE `user_info` " . "SET `password` = ? " . "WHERE `user_id` = ?");
        if ($query && !$query->errno) {
            $query->bind_param('si', $passHash, $id);
            if ($query->execute()) {
                $passText .= "\\n{$info['username']}";
                $passCount++;
                if ($id == GetUserId()) {
                    $redirectToHome = true;
                }
            }
        }
    }
    if (!empty($info['oldtype']) && !empty($info['type']) && strcmp($info['oldtype'], $info['type']) != 0) {
        $query = $dbConnection->prepare("UPDATE `user_info` " . "SET `type` = ? " . "WHERE `user_id` = ? " . "AND `type` = ?");
        if ($query && !$query->errno) {
            $query->bind_param('sis', $info['type'], $id, $info['oldtype']);
            if ($query->execute()) {
                $typeText .= "\\n{$info['username']}";
                $typeCount++;
            }
        }
    }
Example #5
0
<?php

include_once '../inc/auth.php';
if (issetPostVal("user_id") == GetUserId() && isset($_POST['inputPass'], $_POST['newPass'], $_POST['newPassConf']) && $_POST['newPass'] == $_POST['newPassConf']) {
    $oldPass = sha1(filter_var($_POST['inputPass'], FILTER_SANITIZE_STRING));
    $newPass = sha1(filter_var($_POST['newPass'], FILTER_SANITIZE_STRING));
    if ($oldPass && $newPass) {
        $dbConnection = initialize();
        $query = $dbConnection->prepare("UPDATE `user_info` " . "SET `password` = ? " . "WHERE `user_id` = ? " . "AND `password` = ?");
        if ($query && !$query->errno) {
            $query->bind_param('sss', $newPass, $_POST['user_id'], $oldPass);
            if ($query->execute()) {
                InvalidateAuth();
                print "<script type=\"text/javascript\">alert(\"Password sucessfully changed!\");</script>";
                print "<script type=\"text/javascript\">window.location.replace(\"../login.php\");</script>";
                die;
            }
        }
    }
}
print "<script type=\"text/javascript\">alert(\"Password change failed. Try again.\");</script>";
print "<script type=\"text/javascript\">window.location.replace(\"../changePass.php\");</script>";
die;
Example #6
0
            <ul class="nav nav-sidebar">
                <li><a href="settings.php">Admin List</a></li>
                <li class="active"><a href="<?php 
print getLinkWithGet(array(), $_SERVER['PHP_SELF'], $_GET);
?>
">Change Password</a></li>
            </ul>
        </div>
        <div class="col-sm-9 col-sm-offset-3 col-md-10 col-md-offset-2 main">
            <h1 class="page-header">Settings</h1>

            <h2 class="sub-header">Change Password</h2>
            <div class="table-responsive">
                <form action="forms/pass_submit.php" method="post" id="passwordForm">
                <input type="hidden" name="user_id" value="<?php 
print GetUserId();
?>
">
                    <table>
                        <tbody>
                            <tr>
                                <td><label for="inputPass">Previous Password:&nbsp;</label></td>
                                <td><input type="password" id="inputPass" name="inputPass" required autofocus></td>
                            </tr>
                            <tr>
                                <td><label for="newPass">New Password:&nbsp;&nbsp;</label></td>
                                <td><input type="password" id="newPass" name="newPass" required></td>
                            </tr>
                            <tr>
                                <td><label for="newPassConf">Confirm New Password:&nbsp;&nbsp;</label></td>
                                <td><input type="password" id="newPassConf" name="newPassConf" required></td>
Example #7
0
<?php

require_once 'model/user-functions.php';
$errors = array();
// array to hold validation errors
$data = array();
// array to pass back data
if (empty($_POST['email'])) {
    $errors['email'] = 'Email is required.';
}
if (empty($_POST['password'])) {
    $errors['password'] = 'Password is required';
}
// if there are any errors in our errors array, return a success boolean of false
if (!empty($errors)) {
    // if there are items in our errors array, return those errors
    $data['success'] = false;
    $data['errors'] = $errors;
} else {
    // show a message of success and provide a true success variable
    $data['success'] = true;
    $data['message'] = 'Success!';
    if (ExistUser($bdd, $_POST['email'])) {
        $_SESSION['user_id'] = GetUserId($bdd, $_POST['email']);
        $data['url'] = ROOT_HOST . 'home';
    }
}
header('Content-Type: application/json');
echo json_encode($data);