<?php
/*
Модуль Мастера Отчетов
v 0.76
*/
/*--------- Конфигурация скрипта ---------*/
$req_rights = 1;
// Права доступа
/*--------- Подготовка к работе ---------*/
// Подключим конфигурационный файл
require "config.php";
// Создадим подключение к базе
$mysqli = db_connect();
// Прочитаем параметры текущего пользователя
$user = check_user_login($mysqli);
// Обработаем запрос на выход если он есть
check_user_logout($mysqli, $user);
//Если пользователь не авторизирован - выкинем его
if ($user == false) {
header('Location: login.php');
exit;
}
// Проверим права
if ($user['rights'] < $req_rights) {
exit('У вас недостаточно прав для просмотра данной страницы');
}
/*--------- Тело программы ---------*/
$mysqli = new mysqli(DB_HOST, DB_LOGIN, DB_PASSWORD, DB_NAME);
$mysqli->set_charset("utf8");
$page_title = "Мастер отчетов";
$cfg = EasySCP_Registry::get('Config');
if (isset($_GET['logout'])) {
unset_user_login_data();
}
do_session_timeout();
init_login();
if (isset($_POST['uname']) && !empty($_POST['uname']) && isset($_POST['upass']) && !empty($_POST['upass'])) {
check_input(trim($_POST['uname']));
check_input(trim($_POST['upass']));
$uname = encode_idna($_POST['uname']);
if (register_user($uname, $_POST['upass'])) {
redirect_to_level_page();
}
user_goto('index.php');
}
if (check_user_login() && !redirect_to_level_page()) {
unset_user_login_data();
}
shall_user_wait();
$theme_color = isset($_SESSION['user_theme']) ? $_SESSION['user_theme'] : $cfg->USER_INITIAL_THEME;
$tpl = EasySCP_TemplateEngine::getInstance();
if (($cfg->MAINTENANCEMODE || EasySCP_Update_Database::getInstance()->checkUpdateExists()) && !isset($_POST['admin'])) {
$template = 'maintenancemode.tpl';
$tpl->assign(array('TR_PAGE_TITLE' => tr('EasySCP a Virtual Hosting Control System'), 'TR_MESSAGE' => nl2br(tohtml($cfg->MAINTENANCEMODE_MESSAGE)), 'TR_ADMINLOGIN' => tr('Administrator login'), 'TR_SSL_LINK' => isset($_SERVER['HTTPS']) ? 'http://' . htmlentities($_SERVER['HTTP_HOST']) : 'https://' . htmlentities($_SERVER['HTTP_HOST']), 'TR_WEBMAIL_SSL_LINK' => "webmail", 'TR_FTP_SSL_LINK' => "ftp", 'TR_PMA_SSL_LINK' => "pma", 'TR_SSL_IMAGE' => isset($_SERVER['HTTPS']) ? 'lock.png' : 'unlock.png', 'TR_SSL_DESCRIPTION' => !isset($_SERVER['HTTPS']) ? tr('Secure Connection') : tr('Normal Connection')));
} else {
$template = 'index.tpl';
$tpl->assign(array('TR_PAGE_TITLE' => tr('EasySCP a Virtual Hosting Control System'), 'TR_LOGIN' => tr('Login'), 'TR_USERNAME' => tr('Username'), 'TR_PASSWORD' => tr('Password'), 'TR_LOGIN_INFO' => tr('Please enter your login information'), 'TR_SSL_LINK' => isset($_SERVER['HTTPS']) ? 'http://' . htmlentities($_SERVER['HTTP_HOST']) : 'https://' . htmlentities($_SERVER['HTTP_HOST']), 'TR_WEBMAIL_SSL_LINK' => "webmail", 'TR_FTP_SSL_LINK' => "ftp", 'TR_PMA_SSL_LINK' => "pma", 'TR_SSL_IMAGE' => isset($_SERVER['HTTPS']) ? 'lock.png' : 'unlock.png', 'TR_SSL_DESCRIPTION' => !isset($_SERVER['HTTPS']) ? tr('Secure Connection') : tr('Normal Connection')));
}
if ($cfg->LOSTPASSWORD) {
$tpl->assign('TR_LOSTPW', tr('Lost password'));
} else {
<?php
//---
// Gestionnaire de Todo List pour Pokémon Gemme
// Ecrit par Nuri Yuri
// Index
//---
//Inclusion des fonctions relatives au login et à l'utilisateur
require "login_check.php";
//Vérification de l'état de l'utilisateur
if (!check_user_login()) {
//L'utilisateur n'est pas connecté, on demande donc le login
header('Location: user_login.html');
exit(0);
}
// On peut continuer le travail
// Inclusion de la lib' de gestion de la todo list
require "todo_list_manager.php";
// Traitement des demandes
if (isset($_GET['action']) && $_GET['action'] != 'see') {
$todo_class = $_GET['action'];
switch ($_GET['action']) {
case 'push':
todo_push();
break;
case 'pop':
todo_pop();
break;
case 'update':
todo_update();
break;
<?php
session_start();
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
check_user_login();
}
if (isset($_REQUEST['admin_username']) && isset($_REQUEST['admin_password'])) {
check_admin_login();
}
if (isset($_REQUEST["logout"])) {
logout();
}
function check_admin_login()
{
$username = $_REQUEST['admin_username'];
$password = $_REQUEST['admin_password'];
$conn = new mysqli('stardock.cs.virginia.edu', 'cs4750igs3pw', 'fall2015', 'cs4750igs3pw');
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
} else {
$sql = "SELECT * from AdminUser WHERE admin_username='******' AND admin_password='******'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$_SESSION['admin'] = true;
$_SESSION['current_user'] = $username;
######################################NEED TO CHANGE FOR WHAT YOU USE############
#header("Location http://plato.cs.virginia.edu/~rma7qb/cs4750-hospital-records/main.html");
// header("Location: admin_main.php");
header("Location: admin_main.php");
exit;
}
}else
{
$xtpl->assign("ERROR", $error);
$xtpl->assign("LOGIN", $login);
$xtpl->parse("main.users.error");
$act = "add";
}
}elseif($id > 0)
{
$query = "SELECT login FROM " . T_USERS . " WHERE id=" . $id;
$row = SQL_select($query, 0);
if($row)
{
if($login != $row["login"])
if(check_user_login($login)) { $valid_info = 0; $error .= " - This login already exists. Please, try enter another login.<br>"; $xtpl->assign("CLASS_LOGIN", "class=\"error_text\""); }
}else $act = "edit";
if($valid_info)
{
if($password != "") $query_password = "******" . $password . "'), ";
else $query_password = "";
$query = "UPDATE " . T_USERS . "
SET login='******', " . $query_password . "
permissions='" . $_REQUEST["permission"] . "',
position='" . AddSlashes($_REQUEST["position"]) . "',
name='" . AddSlashes($_REQUEST["fullname"]) . "'
WHERE id=" . $id;
SQL_request($query);
$query = "SELECT user_id FROM " . T_SIGNATURES . " WHERE user_id=" . $id;
$row1 = SQL_select($query, 0);
if($row1)
function check_login()
{
if (isset($_SESSION['user_logged'])) {
if (!check_user_login($_SESSION['user_logged'], $_SESSION['user_type'], $_SESSION['user_id'])) {
header("Location: ../index.php");
}
} else {
header("Location: ../index.php");
}
function change_user_interface($form_id, $to_id)
{
global $sql;
global $cfg;
$timestamp = time();
if ($cfg['DB_TYPE'] === 'mysql') {
$query_from = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?";
$query_to = "select admin_id, admin_name, admin_pass, admin_type, created_by from admin where binary admin_id = ?";
}
$rs_from = exec_query($sql, $query_from, array($form_id));
$rs_to = exec_query($sql, $query_to, array($to_id));
if ($rs_from->RecordCount() != 1 || $rs_to->RecordCount() != 1) {
write_log("Change interface error => unknown from or to username");
return false;
}
$from_udata = $rs_from->FetchRow();
$to_udata = $rs_to->FetchRow();
// let's check if TO_DOMAIN Status OK
// if domain satus not OK -> don't add mail accounts or subdomains .. or something else
if ($to_udata['admin_type'] == "user") {
$domain_admin_id = $to_udata['admin_id'];
$query = <<<SQL_QUERY
select
domain_status
from
domain
where
domain_admin_id = ?
SQL_QUERY;
$rs = exec_query($sql, $query, array($domain_admin_id));
$user_dom_data = $rs->FetchRow();
if ($user_dom_data['domain_status'] != $cfg['ITEM_OK_STATUS']) {
write_log("Domain ID: " . $to_udata['admin_id'] . " - domain status PROBLEM -");
return false;
}
}
//end of Domain User Status check
if ($from_udata['admin_type'] === 'admin' && $to_udata['admin_type'] === 'reseller') {
$header = "../reseller/index.php";
} else {
if ($from_udata['admin_type'] === 'admin' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) {
$header = "../client/index.php";
} else {
if ($from_udata['admin_type'] === 'reseller' && ($to_udata['admin_type'] != 'admin' || $to_udata['admin_type'] != 'reseller')) {
$header = "../client/index.php";
} else {
if (isset($_SESSION['logged_from'])) {
// ther is SESSION 'logged from' -> we can go from Buttom to TOP
if ($from_udata['admin_type'] === 'reseller' && $to_udata['admin_type'] == 'admin') {
$header = "../admin/manage_users.php";
} else {
if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'admin') {
$header = "../admin/manage_users.php";
} else {
if (($from_udata['admin_type'] != 'admin' || $from_udata['admin_type'] != 'reseller') && $to_udata['admin_type'] === 'reseller') {
$header = "../reseller/users.php";
} else {
write_log("change interface error from: " . $from_udata['admin_name'] . " to: " . $to_udata['admin_name']);
return false;
}
}
}
} else {
write_log("change interface error from: " . $from_udata['admin_name'] . " to: " . $to_udata['admin_name']);
return false;
}
}
}
}
// lets save layout and language from admin/reseler - they don't wannt to read user interface on china or arabic language
$user_language = $_SESSION['user_def_lang'];
$user_layout = $_SESSION['user_theme_color'];
// delete all sessions and globals data and set new one with SESSION logged_from
unset_user_login_data();
if ($to_udata['admin_type'] != 'admin') {
$_SESSION['logged_from'] = $from_udata['admin_name'];
$_SESSION['logged_from_id'] = $from_udata['admin_id'];
}
// we gonna kill all sessions and globals if user get back to admin level
if (isset($_SESSION['admin_name'])) {
unset($_SESSION['admin_name']);
}
if (isset($_SESSION['admin_id'])) {
unset($_SESSION['admin_id']);
}
if (isset($GLOBALS['admin_name'])) {
unset($GLOBALS['admin_name']);
}
if (isset($GLOBALS['admin_id'])) {
unset($GLOBALS['admin_id']);
}
// no more sessions and globals to kill - they were always killed - rest in peace
$_SESSION['user_logged'] = $to_udata['admin_name'];
$_SESSION['user_type'] = $to_udata['admin_type'];
$_SESSION['user_id'] = $to_udata['admin_id'];
$_SESSION['user_created_by'] = $to_udata['created_by'];
$_SESSION['user_login_time'] = time();
$_SESSION['user_def_lang'] = $user_language;
$_SESSION['user_theme_color'] = $user_layout;
$user_login_time = time();
$new_user_name = $to_udata['admin_name'];
$query = <<<SQL_QUERY
insert into login
(session_id, lastaccess)
values
(?, ?)
SQL_QUERY;
$rs = exec_query($sql, $query, array($new_user_name, $user_login_time));
write_log($from_udata['admin_name'] . " change into interface from " . $to_udata['admin_name']);
return $header;
}
}
/**
* check for valid user login
*
* @param string $fName Full file path (ie. the magic __FILE__ constant value)
*/
function check_login($fName = null)
{
// session-type check:
if (!check_user_login()) {
if (is_xhr()) {
header('HTTP/1.0 403 Forbidden');
exit;
}
user_goto('/index.php');
}
if (!is_null($fName)) {
// TODO: Prüfen ob das so ok ist. Das '\\' wird bei Windows Pfaden benötigt.
// $levels = explode('/', realpath(dirname($fName)));
// $levels = explode('\\', realpath(dirname($fName)));
// $level = $levels[count($levels) - 1];
$level = basename(dirname($fName));
$userType = $_SESSION['user_type'] == 'user' ? 'client' : $_SESSION['user_type'];
if ($userType != $level) {
if ($userType != 'admin' && (!isset($_SESSION['logged_from']) || $_SESSION['logged_from'] != 'admin')) {
$userLoggued = isset($_SESSION['logged_from']) ? $_SESSION['logged_from'] : $_SESSION['user_logged'];
write_log('Warning! user |' . $userLoggued . '| requested |' . tohtml($_SERVER['REQUEST_URI']) . '| with REQUEST_METHOD |' . $_SERVER['REQUEST_METHOD'] . '|');
}
user_goto('/index.php');
}
}
}
<?php
if (isset($_POST['emailid']) && isset($_POST['password'])) {
$email = $_POST['emailid'];
$password = $_POST['password'];
if (!empty($email) && !empty($password)) {
check_user_login($email, $password);
} else {
$error_msg = "Please enter both email and password.";
echo $error_msg;
}
}
if (isset($_GET['msg'])) {
print_r($_GET['msg']);
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<link rel="icon" href="images/favicon.ico" type="images/gif" sizes="16x16">
<title>Utkal Placement Portal</title>
<!-- Tell the browser to be responsive to screen width -->
<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
<!-- Bootstrap 3.3.5 -->
<link rel="stylesheet" href="bootstrap/css/bootstrap.min.css">
<!-- Font Awesome -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css">
