private function view() { global $SRC; global $PAGES; $curr_user = $this->curr_user; $view_user = $this->view_user; $all_users = $this->all_users; $user_session_token = $this->session['user_session_token']; $status = $this->status; $message = null; $color = null; $page = $this->page; $logged_in = 1; clear_session(); switch ($status) { case null: break; case 'incorrect_password': $message = 'Incorrect password. Please retype current password to proceed.'; $color = 'red'; break; case 'success': $message = 'Successfully changed user information'; $color = 'green'; break; default: $message = 'Unknown error occured'; $color = 'red'; } require_once "{$SRC}/views/changeinfo_view.php"; }
public function view() { global $SRC; global $PAGES; global $CONFIG; clear_session(); $page = $this->page; $user_session_token = $this->session['user_session_token']; $status = $this->status; $logged_in = 1; $message = null; $curr_user = $this->curr_user; $view_user = $this->view_user; $all_users = $this->all_users; // list the register codes $query = sprintf('SELECT * FROM %s;', $CONFIG['db']['tables']['register_codes']); $codes = $this->db->query($query)->fetch_all(MYSQLI_ASSOC); switch ($status) { case null: break; case 'changed_user': $message = 'Successfully changed user information.'; break; case 'deleted_code': $message = 'Successfully deleted register code.'; break; case 'generated_code': $message = 'Successfully added register code.'; break; default: $message = 'Unknown status code ' . htmlspecialchars($status); } require_once "{$SRC}/views/admin_view.php"; }
public function register() { global $CONFIG; global $PAGES; if ($this->curr_user !== null) { // redirect to balance if logged in redirect($PAGES['balance']); exit; } $session = $this->session; $first_name = $session['register-first-name']; $last_name = $session['register-last-name']; $email = $session['register-email']; $password = $session['register-password']; $register_code = $session['register-code']; $register_code_table = $CONFIG['db']['tables']['register_codes']; clear_session(); if ($this->check_valid_register_code($register_code, $register_code_table)) { if ($this->check_email_available($email)) { // add new user into userinfo table $user_table = $CONFIG['db']['tables']['userinfo']; $query = sprintf('INSERT INTO %s (first_name, last_name, email, pass_salt_hash) VALUES (?, ?, ?, ?);', $user_table); $stmt = $this->db->prepare($query); $hashed_pass = password_hash($password, PASSWORD_DEFAULT); if (!$stmt->bind_param('ssss', $first_name, $last_name, $email, $hashed_pass)) { echo 'Binding parameter failed: (' . $stmt->errno . ') ' . $stmt->error; } if (!$stmt->execute()) { echo 'Execution failed: (' . $stmt->errno . ') ' . $stmt->error; } // add new column to transactions table $new_id = $this->db->insert_id; $single_trans_table = $CONFIG['db']['tables']['transactions_single']; $query = sprintf('ALTER TABLE %s ADD COLUMN user_%d_amount FLOAT(12, 4) DEFAULT 0;', $single_trans_table, $new_id); $this->db->query($query); // add new column to repeatedtransactions table $repeated_trans_table = $CONFIG['db']['tables']['transactions_repeated']; $query = sprintf('ALTER TABLE %s ADD COLUMN user_%d_amount FLOAT(12, 4) DEFAULT 0;', $repeated_trans_table, $new_id); $this->db->query($query); // delete the register code that was used $query = sprintf('DELETE FROM %s WHERE code="%s";', $register_code_table, $register_code); $this->db->query($query); set_session('status', 'just_registered'); redirect($PAGES['login']); exit; } else { $this->status = 'email_taken'; } } else { $this->status = 'no_register_code'; } $this->view(); }
function phpraid_logout() { // unset the session and remove all cookies clear_session(); setcookie('username', '', time() - 2629743); setcookie('password', '', time() - 2629743); }
function run() { unregister_globals(); if (is_php_version_or_greater(4, 3, 0)) { ini_set('session.use_only_cookies', 1); } $session_ok = @session_start(); if (!defined('PHP_EOL')) { if (is_ms_windows()) { define('PHP_EOL', "\r\n"); } else { define('PHP_EOL', "\n"); } } if (!isset($_SESSION['CREATED'])) { $_SESSION['CREATED'] = time(); } elseif (time() - $_SESSION['CREATED'] > SESSION_LIFETIME_MINUTES * 60) { clear_session(); } if (!isset($_SERVER)) { $_SERVER =& $HTTP_SERVER_VARS; } php_sapi_name() == 'cli' && die("This script should only be run by a web server.\n"); $page = get_request_parameter('page'); $host = get_request_parameter('host'); $clear = get_request_parameter('clear'); $ini = get_request_parameter('ini'); $timeout = get_request_parameter('timeout'); if ($timeout) { $_SESSION['timing_out'] = 1; $_SESSION['initial_run'] = 0; } if (!empty($host)) { if ($host == 'ngd') { $_SESSION['not_go_daddy'] = 1; } } if (!empty($ini)) { $_SESSION['use_ini_method'] = 1; } if (!empty($clear)) { clear_session(); unset($_SESSION['not_go_daddy']); unset($_SESSION['use_ini_method']); unset($_SESSION['server_type']); } else { $stype = get_request_parameter('stype'); $hostprovider = get_request_parameter('hostprovider'); $hosturl = get_request_parameter('hosturl'); if (!empty($hostprovider)) { $_SESSION['hostprovider'] = $hostprovider; $_SESSION['hosturl'] = $hosturl; } $server_type = find_server_type($stype, false, true); } if ($session_ok && !$timeout && !isset($_SESSION['initial_run']) && empty($page)) { $_SESSION['initial_run'] = 1; initial_page(); @session_write_close(); exit; } else { $_SESSION['initial_run'] = 0; } if (empty($_SESSION['server_type'])) { $_SESSION['server_type'] = SERVER_UNKNOWN; } if (empty($page) || !function_exists($page . "_page")) { $page = get_default_page(); } $fn = "{$page}_page"; $fn(); @session_write_close(); exit(0); }
* @author Andreas Goetz <*****@*****.**> */ function clear_session() { $_SESSION['vdb'] = array(); // get script folder for cookie path $subdir = substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/')) . '/'; setcookie('VDBuserid', '', time() - 7200, $subdir); setcookie('VDBusername', '', time() - 7200, $subdir); setcookie('VDBpassword', '', time() - 7200, $subdir); } // make sure caches are clean clear_permission_cache(); // Cookie exists but user and pass wasn't given? -> logout if (!isset($username) && !isset($password) && isset($_COOKIE['VDBusername']) && isset($_COOKIE['VDBpassword'])) { clear_session(); redirect('login.php?error=' . urlencode($lang['msg_loggedoff'])); } // login not yet successful $login = false; // Check that user entered stuff in username and password boxes if (!empty($username) && !empty($password)) { // Lets check the format of username to make sure its ok if (!preg_match('/[a-z]/i', $username)) { $error = $lang['msg_invalidchar']; } else { $res = runSQL("SELECT passwd, id FROM " . TBL_USERS . " WHERE name='{$username}'"); // if the md5 of the entered password = whats in the database then // set all the cookies up again if (md5($password) == $res[0]['passwd']) { $userid = $res[0]['id'];
function set_main_data() { //sets the users universal main_data variable if (!isset($_SESSION['id']) || !isset($_SESSION['email'])) { return false; } //set variables $tid = sql_filter($_SESSION['id']); //users id $tuser = sql_filter($_SESSION['email']); //users email $tsessionid = sql_filter(session_id()); //users current session id $sql = sql_query("SELECT * FROM `users` WHERE id='{$tid}' AND session_id='{$tsessionid}' AND email='{$tuser}' LIMIT 1"); if (sql_count($sql) > 0) { return sql_fetch($sql); } //main users data //check if logged in somewhere else if (isset($_COOKIE['PHPSESSID'])) { //account logged in somewhere else clear_session(); session_start(); notices_set('Your account was logged in at another location. <a href="password">If you were unaware of this, please change your password »</a>', 'alert'); } else { //session expired clear_session(); session_start(); notices_set('You have been logged out for inactivity.', 'alert'); } //no good return false; }
function choose_next_mode() { global $session_data; if (@$_REQUEST['zoteroEntryPoint']) { $session_data['mode'] = 'zotero request parsing'; return; } $session_data['prev-mode'] = @$session_data['mode'] ? $session_data['mode'] : ''; // allow the user to keep re-visiting the entry insertion page as long as there are records to disambiguate if ($session_data['prev-mode'] == 'entry insertion' && (count(@$session_data['disambig-biblios']) > 0 || count(@$session_data['disambig-ancestor-biblios']) > 0)) { $session_data['mode'] = 'entry insertion'; return; } /* if (@$_REQUEST['clear-session'] == 'Yes') { $session_data['mode'] = 'clear session'; return; } else if (@$_REQUEST['clear-session'] == 'No') { $session_data['mode'] = 'file selection'; return; } */ if ($session_data['prev-mode'] == '' && @$_FILES['import_file']['name']) { $session_data['prev-mode'] = 'file selection'; } switch ($session_data['prev-mode']) { case 'file selection': // might progress to file parsing, might stay at file selection postmode_file_selection(); break; case 'file parsing': case 'zotero request parsing': // might skip over rectype selection if there are no unknown rectypes postmode_file_parsing(); break; case 'print rectype selection': // user might have selected "set all to X", or "choose between X, Y, Z" postmode_print_rectype_selection(); break; case 'apply rectype heuristic': // only one way forward $session_data['mode'] = 'crosswalking'; break; case 'crosswalking': // only one way forward $session_data['mode'] = 'entry insertion'; break; case '': $heurist_import_count = 0; if (is_array(@$_SESSION[HEURIST_SESSION_DB_PREFIX . 'heurist'])) { foreach ($_SESSION[HEURIST_SESSION_DB_PREFIX . 'heurist'] as $name => $val) { if (strpos($name, 'heurist-import-') === 0) { ++$heurist_import_count; } } } if ($heurist_import_count > 0) { // get rid of old import data automatically clear_session(); } case 'finished': case 'entry insertion': default: $session_data['mode'] = 'file selection'; } }
/** * send the current cell map as reference for ajax */ private function check_table() { $cell_map = $this->get_cells(); $rows = 0; $columns = 0; $this->get_dimensions($cell_map, $rows, $columns); // get the actual dimensions $return['reference'] = $cell_map; clear_session(); echo json_encode($return, JSON_FORCE_OBJECT); // should be in the view but wtvr }
function is_seller_failure2() { clear_session(); $_SESSION['role'] = ROLE_BUYER; assert(!is_seller()); }
private function transaction_delete() { $table = $this->get_transaction_table(); $session = $this->session; $transaction_id = $session['trans-id']; $is_repeated = $session['trans-is-repeated']; if ($is_repeated) { $table->delete_repeated_transaction($transaction_id); } else { $table->delete_single_transaction($transaction_id); } clear_session(); $this->status = 'delete_transaction_success'; $this->view(); }
function check_logoutcode($code) { //echo " I am checking logout"; switch ($code) { case 1: #clear_session(); return 'You have successfully logged out.'; break; case 2: #clear_session(); return 'Sorry, your session has expired, please login again.'; break; case 3: #clear_session(); $err = $_SESSION['error'] == '' ? 'Bad login or password.' : $_SESSION['error']; $_SESSION = array(); return $err; break; case 4: clear_session(); return 'You do not have permission to set up S3DB database.'; break; case 5: clear_session(); return 'Your account no longer active.'; break; case 6: clear_session(); return 'You do not have administrator privilege on this action.'; break; case 7: clear_session(); return 'You need to setup your config.inc.php first'; break; case 8: #clear_session(); $_SESSION = array(); return 'To recover your password, type your username and click "forgot password" again. You will get an email with instructions.'; break; case 9: clear_session(); return 'User ' . $_REQUEST['login'] . ' was not found'; break; case 10: clear_session(); return 'An email was sent to verify your account'; break; default: return ' '; } }
public function recover() { global $CONFIG; global $PAGES; global $SRC; global $LIB; $email = $this->session['login-email']; $entered_code = $this->session['recovery-code']; $curr_user = null; foreach ($this->all_users as $user) { if ($user->email === $email) { $curr_user = $user; break; } } clear_session(); $rec_code_table = $CONFIG['db']['tables']['recovery_codes']; if ($curr_user != null) { $code = null; $query = sprintf('SELECT code FROM %s WHERE user_id=%s;', $rec_code_table, $curr_user->id); $result = $this->db->query($query); if ($entry = $result->fetch_assoc()) { $code = $entry['code']; } if ($entered_code === $code) { $user_table = $CONFIG['db']['tables']['userinfo']; $hashed_pass = password_hash($code, PASSWORD_DEFAULT); $query = sprintf('UPDATE %s SET pass_salt_hash="%s" WHERE id=%s;', $user_table, $hashed_pass, $curr_user->id); $this->db->query($query); $query = sprintf('DELETE FROM %s WHERE user_id=%s;', $rec_code_table, $curr_user->id); $this->db->query($query); $this->status = 'recovery_done'; } else { $this->status = 'wrong_recovery'; } } else { $this->status = 'wrong_recovery'; } $this->view(); }