function authorize_request($party_id, $auth_token, $db_conn, &$results_out)
{
$login_status = check_login_status($party_id, $auth_token, $db_conn);
switch ($login_status) {
case NOT_LOGGED_IN:
$results_out["status"] = false;
$results_out["reason"] = "Authentication Error. Are you logged in somewhere else?";
return false;
case TOKEN_EXPIRED:
$results_out["status"] = false;
$results_out["reason"] = "Login Expired. Refresh page and log back in";
return false;
case LOGGED_IN:
return true;
default:
$results_out["status"] = false;
$results_out["reason"] = "Unknown login error";
return false;
}
}
}
}
}
$dir = "VIEW/html/Encoder/Add_Place/Add_Place_Street_inc.php?error={$error_type}";
$url = BASE_URL . $dir;
header("Location:{$url}");
//redirect the encoder to the regions
exit;
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
/**
* check if the user is logged in
* check login status is from php file "controller secure access"
* it checks if the use is logged in
*/
if (TRUE == check_login_status()) {
/**
* check if the type of the user is admin
* get_user_type function is from a php file"Controller secure access"
* it returns the type of the user
*/
$user_type = get_user_type();
/**
* if the user type is admin instantiate an Admin_controller and do what you got to do
*/
if ($user_type == User_Type::ENCODER) {
/**
* get the logged in user
*/
$encoder = $_SESSION['Logged_In_User'];
/**
<?php
session_start();
require_once 'includes/functions.inc.php';
require_once 'includes/connect.inc.php';
if (check_login_status() == false || get_login_role() != "admin") {
$_SESSION['error'] = "You do not have the authorization to access this page";
redirect('login.php');
} else {
$username = $_SESSION['username'];
$role = $_SESSION['role'];
$connect = connectToDB();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/IMOconsole.css" />
<link rel="stylesheet" type="text/css" href="css/anylinkcssmenu.css" />
<script src="js/equalcolumns.js" type="text/javascript"></script>
<script type="text/javascript" src="js/anylinkcssmenu.js"></script>
<script type="text/javascript">
//anylinkcssmenu.init("menu_anchors_class") ////Pass in the CSS class of anchor links (that contain a sub menu)
anylinkcssmenu.init("anchorclass")
</script>
</head>
<body>
<?php
session_start();
require_once 'includes/functions.inc.php';
require_once 'includes/connect.inc.php';
$modify = false;
if (check_login_status() == false || get_login_role() != "admin" && get_login_role() != "contributor") {
$_SESSION['error'] = "You do not have the authorization to access this page";
redirect('login.php');
} else {
$username = $_SESSION['username'];
$role = $_SESSION['role'];
$connect = connectToDB();
}
if (isset($_POST['submit'])) {
$bandid = $_POST['bandid'];
$festid = $_POST['festid'];
$type = $_POST['type'];
if ($festid == 'null') {
$year = $_POST['year'];
} else {
$query = "SELECT FestivalYear FROM Festivals WHERE FestivalID = {$festid}";
$result = mysql_query($query, $connect);
$row = mysql_fetch_array($result);
$year = $row['FestivalYear'];
}
if ($year != "" && $year != null) {
$url = $_POST['url'];
$query = "SELECT * FROM Videos WHERE ((VideoURL = '{$url}') OR (BandID = {$bandid} AND festid = {$festid} AND BandYear = {$year} AND PerformanceType = {$type}))";
$result = mysql_query($query, $connect);
if (mysql_num_rows($result) == 0) {
// Check if web client is logged in and authorized to do anything.
//error_log( print_r($request_from_server_array,TRUE) );
//error_log( print_r($request_action,TRUE) );
// process login parameters before login handler is called
if ($request_action == "try_to_log_in") {
$password = $request_data['password'];
$_POST['user_password'] = $password;
$_POST["login"] = true;
}
if ($request_action == "logoff") {
$_GET["logout"] = true;
}
// call the login class
require_once 'static_db.php';
require_once 'login_handler.php';
$login_status = check_login_status();
//error_log("//////////////////************************ login_statuss = " . $login_status);
//$login_status = "Login not good";
$response_to_client = [];
if (!($login_status == "login_good")) {
// return error message that login is required to continue.
$response_to_client['response_code'] = $login_status;
$response_to_client['response_data'] = $login_status;
// $return_data["rawdata"] = $jc->encrypt_data ($response_to_client);
$return_data["rawdata"] = $response_to_client;
print json_encode($return_data);
exit;
}
if ($request_action == "try_to_log_in" and $login_status == "login_good") {
$response_to_client['response_code'] = "OK";
$response_to_client['response_data'] = "";
function get_username()
{
if (check_login_status()) {
return $_SESSION['username'];
}
}
<?php
session_start();
require_once 'includes/functions.inc.php';
require_once 'includes/connect.inc.php';
$modify = false;
if (check_login_status() == false) {
$_SESSION['error'] = "You do not have the authorization to access this page";
redirect('login.php');
} else {
$username = $_SESSION['username'];
$role = $_SESSION['role'];
$connect = connectToDB();
}
if (isset($_POST['password']) && isset($_POST['password2'])) {
$password = $_POST['password'];
$password2 = $_POST['password2'];
$id = $_POST['userid'];
if ($password != '' && $password == $password2) {
//Update User with new password
$query = "UPDATE Users SET Password=SHA('{$password}') WHERE UserID = '{$id}'";
mysql_query($query);
$message = "Password Changed Successfully";
} elseif ($password != '' && $password != $password2) {
$message = "The Passwords much match";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
$address = addslashes(mysql_result($result, $i, "Address"));
if (isset($_GET['highlight'])) {
foreach ($search as $value) {
$replace = "<FONT style=\"BACKGROUND-COLOR: #BBBBBB\">" . $value . "</FONT>";
$school = str_ireplace($value, $replace, $school);
$band_name = str_ireplace($value, $replace, $band_name);
$city_town = str_ireplace($value, $replace, $city_town);
$colors = str_ireplace($value, $replace, $colors);
$directors = str_ireplace($value, $replace, $directors);
$notes = str_ireplace($value, $replace, $notes);
}
}
//begin section (School info)
echo "<div><h2 style='display:inline;'>{$school}</h2>";
echo "<i> {$band_name}</i> {$city_town}, IL";
if (check_login_status() == true && (get_login_role() == "admin" || get_login_role() == "contributor")) {
echo "<div style='float: right;'>";
echo "<h3 style='display:inline;'>Admin Tasks: </h3>";
echo "<a href='console/modify_band.php?BandID={$BandID}'>Edit Band</a>, ";
echo "<a href='console/modify_show.php?modsubmit=true&BandID={$BandID}&Year={$year}'>Edit Show</a> ";
echo "</div>";
}
echo "</div>";
echo "<hr>";
//end section (School info)
//begin section (Year info)
echo "<form action=\"bands_indiv.php?BandID={$BandID}\" method=\"post\">";
echo "Select a year: <select name=\"year\" onChange=\"MM_jumpMenu('parent',this,0)\" class='form_input'>";
for ($i = date("Y"); $i > 1999; $i--) {
if ($i == $year) {
echo "<option selected='selected' value=\"bands_indiv.php?BandID={$BandID}&year=\">{$i}</option>";
