function tools()
{
// does a second check to ensure you still are an admin and got to this page some how.
if (checkadmin()) {
//add admin
if (isset($_POST['addAdmin'])) {
// if the add admin button is selected do the add admin function
addAdmin();
}
//add location
if (isset($_POST['addLocation'])) {
// same thing as the add admin but for locations
addLocation();
}
//add professor
if (isset($_POST['addProfessor'])) {
// now for professors
addProfessor();
}
//add class
if (isset($_POST['addClass'])) {
// finally for classes
addClass();
}
} else {
header("Location:../index.php");
// if you fail the check go back to index.php and does give the user an error.
}
}
<?php
require_once "utilities/userfunctions.php";
showrateRequests($login);
?>
</form>
<?php
echo "<h2><b>Messages (" . $n_messages . " new)</b></h2>";
showmessages($login);
?>
</div>
</div><br>
<?php
//Show comments if admin
if (checkadmin($login)) {
?>
<div class="row">
<div class="jumbotron">
<div class="container">
<?php
$n_comments = countnewcomments();
echo "<h1 style=\"text-align:center\">Comments (" . $n_comments . " new)</h1>";
?>
</div>
</div>
</div>
<div class="row">
<div class="col-md-8 col-md-offset-2 aboutus">
<form action="index.php?page=notifications" role="form" method="post">
<?php
include "inc/init.php";
checkadmin();
include "include/func_released_admin.php";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>投资</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link rel="shortcut icon" href="images/favicon.ico" type="image/ico" />
<link href="css/css.css" rel="stylesheet" type="text/css" />
<script language="javascript" src="scripts/jquery.js"></script>
<script language="javascript" src="scripts/public.js"></script>
</head>
<body>
<div class="position" style="color:#C30">当前位置 > 项目管理 > 项目发布审核</div>
<!--content-->
<div class="main main_">
<div class="content">
<div class="White">
<div class="Gray">
<div class="Glide_li">
<ul><?php
echo $menustr;
?>
header('Location:settings.php');
} else {
$hash = pwhash($password2);
mysqli_query($con, "UPDATE owner SET passwordHash='{$hash}' WHERE email='{$email}'");
$_SESSION["error"] = "pwupdated";
header("Location:settings.php");
}
}
} else {
$_SESSION["error"] = "pwsnotthere";
header("Location:settings.php");
}
}
if (isset($_POST['addurl'])) {
echo checkadmin($_SESSION["userid"], $con);
if (checkadmin($_SESSION["userid"], $con) == true) {
header('Location:home.php');
} else {
$URL = $_POST["URL"];
if ($URL != '') {
if (checkurl($URL) == true) {
$id = $_SESSION["userid"];
mysqli_query($con, "INSERT INTO project (website,owner_project) VALUES ('{$URL}','{$id}')");
checksession($id, $con);
} else {
$_SESSION["error"] = "invalidurlformat";
header('Location:createsession.php');
}
} else {
$_SESSION["error"] = "invalidurl";
header('Location:createsession.php');
function ajax_comment()
{
global $wpdb;
//nocache_headers();
$comment_post_ID = isset($_POST['comment_post_ID']) ? (int) $_POST['comment_post_ID'] : 0;
$post = get_post($comment_post_ID);
$post_author = $post->post_author;
if (empty($post->comment_status)) {
do_action('comment_id_not_found', $comment_post_ID);
ajax_comment_err('Invalid comment status.');
}
$status = get_post_status($post);
$status_obj = get_post_status_object($status);
if (!comments_open($comment_post_ID)) {
do_action('comment_closed', $comment_post_ID);
ajax_comment_err('Sorry, comments are closed for this item.');
} elseif ('trash' == $status) {
do_action('comment_on_trash', $comment_post_ID);
ajax_comment_err('Invalid comment status.');
} elseif (!$status_obj->public && !$status_obj->private) {
do_action('comment_on_draft', $comment_post_ID);
ajax_comment_err('Invalid comment status.');
} elseif (post_password_required($comment_post_ID)) {
do_action('comment_on_password_protected', $comment_post_ID);
ajax_comment_err('Password Protected');
} else {
do_action('pre_comment_on_post', $comment_post_ID);
}
$comment_author = isset($_POST['author']) ? trim(strip_tags($_POST['author'])) : null;
$comment_author_email = isset($_POST['email']) ? trim($_POST['email']) : null;
$comment_author_url = isset($_POST['url']) ? trim($_POST['url']) : null;
$comment_content = isset($_POST['comment']) ? trim($_POST['comment']) : null;
$edit_id = isset($_POST['edit_id']) ? $_POST['edit_id'] : null;
// 提取 edit_id
$user = wp_get_current_user();
if ($user->exists()) {
if (empty($user->display_name)) {
$user->display_name = $user->user_login;
}
$comment_author = $wpdb->escape($user->display_name);
$comment_author_email = $wpdb->escape($user->user_email);
$comment_author_url = $wpdb->escape($user->user_url);
$user_ID = $wpdb->escape($user->ID);
if (current_user_can('unfiltered_html')) {
if (wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment']) {
kses_remove_filters();
kses_init_filters();
}
}
} else {
if (get_option('comment_registration') || 'private' == $status) {
ajax_comment_err('哈哈哈~你必须登陆后才可以留言的说.');
}
}
$comment_type = '';
if (get_option('require_name_email') && !$user->exists()) {
if (6 > strlen($comment_author_email) || '' == $comment_author) {
ajax_comment_err('哈哈~~你必须输入昵称和邮箱才可以留言');
} elseif (!is_email($comment_author_email)) {
ajax_comment_err('鄙视你!你居然连邮箱地址都输不正确~');
}
}
if ('' == $comment_content) {
ajax_comment_err('出错啦~~难道你就没有话想说嘛~');
}
$dupe = "SELECT comment_ID FROM {$wpdb->comments} WHERE comment_post_ID = '{$comment_post_ID}' AND ( comment_author = '{$comment_author}' ";
if ($comment_author_email) {
$dupe .= "OR comment_author_email = '{$comment_author_email}' ";
}
$dupe .= ") AND comment_content = '{$comment_content}' LIMIT 1";
if ($wpdb->get_var($dupe)) {
ajax_comment_err('貌似,大概,好像你说过这句话了~');
}
if ($lasttime = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM {$wpdb->comments} WHERE comment_author = %s ORDER BY comment_date DESC LIMIT 1", $comment_author))) {
$time_lastcomment = mysql2date('U', $lasttime, false);
$time_newcomment = mysql2date('U', current_time('mysql', 1), false);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
if ($flood_die) {
ajax_comment_err('你说的太快了,不着急,慢慢说~');
}
}
$comment_parent = isset($_POST['comment_parent']) ? absint($_POST['comment_parent']) : 0;
$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
if ($edit_id) {
$comment_id = $commentdata['comment_ID'] = $edit_id;
if (ihacklog_user_can_edit_comment($commentdata, $comment_id)) {
wp_update_comment($commentdata);
} else {
ajax_comment_err('Cheatin’ uh? ');
}
} else {
$comment_id = wp_new_comment($commentdata);
}
$comment = get_comment($comment_id);
do_action('set_comment_cookies', $comment, $user);
$comment_depth = 1;
$tmp_c = $comment;
while ($tmp_c->comment_parent != 0) {
$comment_depth++;
$tmp_c = get_comment($tmp_c->comment_parent);
}
$GLOBALS['comment'] = $comment;
?>
<li <?php
comment_class();
?>
>
<div class="comment-lists <?php
if ($depth >= '2') {
echo 'left30';
}
?>
" id="comment-<?php
comment_ID();
?>
">
<section class="y_avatar">
<?php
echo get_avatar(get_comment_author_email(), '48');
?>
</section>
<section class="comment_con">
<div class="comment_info">
<cite class="vcard"><strong><a class="linkforavater <?php
if (checkadmin()) {
echo "admin";
}
?>
" href="<?php
if (get_comment_author_url()) {
echo esc_url(home_url('/')) . '?home=' . base64_encode(get_comment_author_url());
} else {
echo "javascript:;";
}
?>
" title=" <?php
echo get_comment_author();
?>
" target="_blank" rel="external nofollow" ><?php
echo get_comment_author();
?>
</a></strong></cite>
<span class="commentinfo"><?php
comment_time_ago();
?>
</span>
<?php
if (!($parent_id = $comment->comment_parent)) {
printf('%1$s', ++$commentcount);
}
?>
</div>
<p>
<?php
if ($comment->comment_parent) {
// 如果存在父级评论
$comment_parent_href = htmlspecialchars(get_comment_link($comment->comment_parent));
$comment_parent = get_comment($comment->comment_parent);
$_content = '<span class="at">@' . $comment_parent->comment_author . '</span>';
$_content = $_content . get_comment_text();
yefengs_comment_text($_content);
} else {
comment_text();
}
?>
</p>
</section>
<div class="clearfix"></div>
</div>
<?php
die;
}
$action = $_POST['action'];
if ($do == 'logout') {
//注销
unset($_SESSION['admincode']);
set_cookie("admincode", '', time() - 31536000);
set_cookie("adminid", '', time() - 31536000);
set_cookie("administrator", '', time() - 31536000);
set_cookie("adminpassword", '', time() - 31536000);
redirect('注销成功, 请稍后......', "admincp.php");
}
if ($action == "login") {
//checkverifycode(trim($_POST['verifycode']),'验证码错误!',"admin");
$username = trim($_POST['username']);
$password = md5(trim($_POST['password']));
strlen($username) > 20 && alert('字段长度才20,你想输入多长?');
if ($uid = checkadmin($username, $password)) {
set_cookie('adminid', $uid, $cookietime);
set_cookie('administrator', $username, $cookietime);
set_cookie('adminpassword', $password, $cookietime);
$DreamCMS->db->query("UPDATE `#DC@__members` SET `lastip`='" . getip() . "',`lastlogintime`='" . time() . "',`logintimes`=logintimes+1 WHERE `uid`='{$uid}'");
redirect('登陆成功, 请稍候......', "admincp.php");
} else {
redirect('登陆失败!', "admincp.php");
}
}
$administrator = get_cookie("administrator");
$adminpassword = get_cookie("adminpassword");
if ($administrator && $adminpassword) {
islogin($administrator, $adminpassword);
} else {
unset($_SESSION['admincode']);
function generateMenu()
{
$pages = simplexml_load_file("xml/pages.xml");
$page_list = $pages->page;
echo <<<FINMENU
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">POLYGLOT</a>
</div>
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav">
FINMENU;
foreach ($page_list as $page) {
if ($page->showmenu == "true" & $page->member != "true") {
global $askedPage;
if ($askedPage == $page->name) {
echo "<li class=\"active\"><a href=\"/INF472WFinalProject/index.php?page={$page->name}\">{$page->menutitle}</a></li>";
} else {
echo "<li><a href=\"/INF472WFinalProject/index.php?page={$page->name}\">{$page->menutitle}</a></li>";
}
}
}
// define variables and set to empty values
$loginErr = $pwdErr = "";
$login = $pwd = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (!empty($_POST["logout"])) {
session_unset();
} else {
if (empty($_POST["pwd"])) {
$pwdErr = "Password is required";
} else {
$pwd = $_POST["pwd"];
}
if (empty($_POST["login"])) {
$loginErr = "Login is required";
} else {
$login = $_POST["login"];
$aux = Utilisateur::PasswordMatches($login, $pwd);
if ($aux == 2) {
// AUX IS CORRECT, but doesn't pop up?
$loginErr = "Login doesn't exist.";
} else {
if ($aux == 0) {
$pwdErr = "Password incorrect";
}
}
//REMEMBER ME
if (isset($_POST['remember'])) {
if ($_POST['remember']) {
$year = time() + 31536000;
setcookie('remember_me', $login, $year);
} else {
if (isset($_COOKIE['remember_me'])) {
$past = time() - 100;
setcookie('remember_me', "", $past);
}
}
} else {
if (isset($_COOKIE['remember_me'])) {
$past = time() - 100;
setcookie('remember_me', "", $past);
}
}
}
if ($loginErr == "" && $pwdErr == "") {
$_SESSION["loggedIn"] = $login;
}
}
}
if (!isset($_SESSION["loggedIn"])) {
echo <<<notIn
</ul>
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true">Log In<span class="caret"></span></a>
<ul class="dropdown-menu">
<form class="form-signin" action="?page=profile" method="post">
notIn;
if (isset($_COOKIE['remember_me'])) {
echo "<p><input type=\"text\" class=\"form-control\" placeholder=\"Login\" name=\"login\" id=\"login\" value = \"" . $_COOKIE['remember_me'] . "\" required autofocus></p>";
} else {
echo "<p><input type=\"text\" class=\"form-control\" placeholder=\"Login\" name=\"login\" id=\"login\" required autofocus></p>";
}
echo <<<notIn
<span class="error"><?php echo .{$loginErr}.;?></span>
<p><input type="password" class="form-control" placeholder="Password" name="pwd" id="pwd" required></p>
<span class="error"><?php echo .{$pwdErr}.;?></span>
notIn;
if (isset($_COOKIE['remember_me'])) {
echo "<p><input type=\"checkbox\" name=\"remember\" value=\"1\" checked=\"checked\"/>Remember me</p>";
} else {
echo "<p><input type=\"checkbox\" name=\"remember\" value=\"1\"/>Remember me</p>";
}
echo <<<notIn
<p><button type="submit" class="btn btn-default" />Submit</p>
</form>
</ul>
</li>
<li><a href="/INF472WFinalProject/index.php?page=regis">Register Now! </a></li>
</ul>
</div><!-- /.navbar-collapse -->
</div><!-- /.container-fluid -->
notIn;
} else {
$aux = $_SESSION['loggedIn'];
$n_messages = countnewmessages($aux);
$n_requests = countrequests($aux);
if (checkadmin($aux)) {
$n_comments = countnewcomments();
$n = $n_messages + $n_requests + $n_comments;
} else {
$n = $n_messages + $n_requests;
}
foreach ($page_list as $page) {
if ($page->showmenu == "true" & $page->member == "true") {
if ($page->name == "notifications") {
global $askedPage;
if ($askedPage == $page->name) {
echo "<li class=\"active\"><a href=\"/INF472WFinalProject/index.php?page={$page->name}\">{$page->menutitle} ({$n})</a></li>";
} else {
echo "<li><a href=\"/INF472WFinalProject/index.php?page={$page->name}\">{$page->menutitle} ({$n})</a></li>";
}
} else {
global $askedPage;
if ($askedPage == $page->name) {
echo "<li class=\"active\"><a href=\"/INF472WFinalProject/index.php?page={$page->name}\">{$page->menutitle}</a></li>";
} else {
echo "<li><a href=\"/INF472WFinalProject/index.php?page={$page->name}\">{$page->menutitle}</a></li>";
}
}
}
}
echo <<<IN
</ul>
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true">Logged In<span class="caret"></span></a>
<ul class="dropdown-menu">
<form class="form-signin" action="?page=welcome" method="post">
<p>Hi {$aux} </p>
<input type="hidden" name="logout" id="logout" value="logout">
<p><button type="submit" class="btn btn-default" />Log out</p>
</form>
</ul>
</li>
</ul>
</div><!-- /.navbar-collapse -->
</div><!-- /.container-fluid -->
IN;
}
}