function authorize_request($party_id, $auth_token, $db_conn, &$results_out) { $login_status = check_login_status($party_id, $auth_token, $db_conn); switch ($login_status) { case NOT_LOGGED_IN: $results_out["status"] = false; $results_out["reason"] = "Authentication Error. Are you logged in somewhere else?"; return false; case TOKEN_EXPIRED: $results_out["status"] = false; $results_out["reason"] = "Login Expired. Refresh page and log back in"; return false; case LOGGED_IN: return true; default: $results_out["status"] = false; $results_out["reason"] = "Unknown login error"; return false; } }
} } } $dir = "VIEW/html/Encoder/Add_Place/Add_Place_Street_inc.php?error={$error_type}"; $url = BASE_URL . $dir; header("Location:{$url}"); //redirect the encoder to the regions exit; } if ($_SERVER['REQUEST_METHOD'] == "POST") { /** * check if the user is logged in * check login status is from php file "controller secure access" * it checks if the use is logged in */ if (TRUE == check_login_status()) { /** * check if the type of the user is admin * get_user_type function is from a php file"Controller secure access" * it returns the type of the user */ $user_type = get_user_type(); /** * if the user type is admin instantiate an Admin_controller and do what you got to do */ if ($user_type == User_Type::ENCODER) { /** * get the logged in user */ $encoder = $_SESSION['Logged_In_User']; /**
<?php session_start(); require_once 'includes/functions.inc.php'; require_once 'includes/connect.inc.php'; if (check_login_status() == false || get_login_role() != "admin") { $_SESSION['error'] = "You do not have the authorization to access this page"; redirect('login.php'); } else { $username = $_SESSION['username']; $role = $_SESSION['role']; $connect = connectToDB(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <link rel="stylesheet" type="text/css" href="css/IMOconsole.css" /> <link rel="stylesheet" type="text/css" href="css/anylinkcssmenu.css" /> <script src="js/equalcolumns.js" type="text/javascript"></script> <script type="text/javascript" src="js/anylinkcssmenu.js"></script> <script type="text/javascript"> //anylinkcssmenu.init("menu_anchors_class") ////Pass in the CSS class of anchor links (that contain a sub menu) anylinkcssmenu.init("anchorclass") </script> </head> <body>
<?php session_start(); require_once 'includes/functions.inc.php'; require_once 'includes/connect.inc.php'; $modify = false; if (check_login_status() == false || get_login_role() != "admin" && get_login_role() != "contributor") { $_SESSION['error'] = "You do not have the authorization to access this page"; redirect('login.php'); } else { $username = $_SESSION['username']; $role = $_SESSION['role']; $connect = connectToDB(); } if (isset($_POST['submit'])) { $bandid = $_POST['bandid']; $festid = $_POST['festid']; $type = $_POST['type']; if ($festid == 'null') { $year = $_POST['year']; } else { $query = "SELECT FestivalYear FROM Festivals WHERE FestivalID = {$festid}"; $result = mysql_query($query, $connect); $row = mysql_fetch_array($result); $year = $row['FestivalYear']; } if ($year != "" && $year != null) { $url = $_POST['url']; $query = "SELECT * FROM Videos WHERE ((VideoURL = '{$url}') OR (BandID = {$bandid} AND festid = {$festid} AND BandYear = {$year} AND PerformanceType = {$type}))"; $result = mysql_query($query, $connect); if (mysql_num_rows($result) == 0) {
// Check if web client is logged in and authorized to do anything. //error_log( print_r($request_from_server_array,TRUE) ); //error_log( print_r($request_action,TRUE) ); // process login parameters before login handler is called if ($request_action == "try_to_log_in") { $password = $request_data['password']; $_POST['user_password'] = $password; $_POST["login"] = true; } if ($request_action == "logoff") { $_GET["logout"] = true; } // call the login class require_once 'static_db.php'; require_once 'login_handler.php'; $login_status = check_login_status(); //error_log("//////////////////************************ login_statuss = " . $login_status); //$login_status = "Login not good"; $response_to_client = []; if (!($login_status == "login_good")) { // return error message that login is required to continue. $response_to_client['response_code'] = $login_status; $response_to_client['response_data'] = $login_status; // $return_data["rawdata"] = $jc->encrypt_data ($response_to_client); $return_data["rawdata"] = $response_to_client; print json_encode($return_data); exit; } if ($request_action == "try_to_log_in" and $login_status == "login_good") { $response_to_client['response_code'] = "OK"; $response_to_client['response_data'] = "";
function get_username() { if (check_login_status()) { return $_SESSION['username']; } }
<?php session_start(); require_once 'includes/functions.inc.php'; require_once 'includes/connect.inc.php'; $modify = false; if (check_login_status() == false) { $_SESSION['error'] = "You do not have the authorization to access this page"; redirect('login.php'); } else { $username = $_SESSION['username']; $role = $_SESSION['role']; $connect = connectToDB(); } if (isset($_POST['password']) && isset($_POST['password2'])) { $password = $_POST['password']; $password2 = $_POST['password2']; $id = $_POST['userid']; if ($password != '' && $password == $password2) { //Update User with new password $query = "UPDATE Users SET Password=SHA('{$password}') WHERE UserID = '{$id}'"; mysql_query($query); $message = "Password Changed Successfully"; } elseif ($password != '' && $password != $password2) { $message = "The Passwords much match"; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
$address = addslashes(mysql_result($result, $i, "Address")); if (isset($_GET['highlight'])) { foreach ($search as $value) { $replace = "<FONT style=\"BACKGROUND-COLOR: #BBBBBB\">" . $value . "</FONT>"; $school = str_ireplace($value, $replace, $school); $band_name = str_ireplace($value, $replace, $band_name); $city_town = str_ireplace($value, $replace, $city_town); $colors = str_ireplace($value, $replace, $colors); $directors = str_ireplace($value, $replace, $directors); $notes = str_ireplace($value, $replace, $notes); } } //begin section (School info) echo "<div><h2 style='display:inline;'>{$school}</h2>"; echo "<i> {$band_name}</i> {$city_town}, IL"; if (check_login_status() == true && (get_login_role() == "admin" || get_login_role() == "contributor")) { echo "<div style='float: right;'>"; echo "<h3 style='display:inline;'>Admin Tasks: </h3>"; echo "<a href='console/modify_band.php?BandID={$BandID}'>Edit Band</a>, "; echo "<a href='console/modify_show.php?modsubmit=true&BandID={$BandID}&Year={$year}'>Edit Show</a> "; echo "</div>"; } echo "</div>"; echo "<hr>"; //end section (School info) //begin section (Year info) echo "<form action=\"bands_indiv.php?BandID={$BandID}\" method=\"post\">"; echo "Select a year: <select name=\"year\" onChange=\"MM_jumpMenu('parent',this,0)\" class='form_input'>"; for ($i = date("Y"); $i > 1999; $i--) { if ($i == $year) { echo "<option selected='selected' value=\"bands_indiv.php?BandID={$BandID}&year=\">{$i}</option>";