public static function login($loginName, $loginPswd) { session_unset(); $dbc = DB::getDBConnection(); $query = "SELECT * FROM User WHERE " . loginName . " = ? AND " . loginPswd . " = ? "; $stmt = $dbc->prepare($query); $stmt->bind_param("ss", $loginName, $loginPswd); $stmt->execute(); $result = $stmt->get_result(); $row = $result->fetch_assoc(); if ($result->num_rows <= 0) { return false; } $userNo = getUserNoByLoginName($loginName); if (!isset($userNo)) { return false; } if (session_status() != PHP_SESSION_ACTIVE) { session_start(); } $_SESSION["type"] = getUserType($userNo); UserControl::$type = getUserType($userNo); $_SESSION[userNo] = $userNo; $query = "UPDATE User SET " . loginSession . " = '" . session_id() . "' " . "WHERE " . userNo . " = '{$userNo}'"; if (DB::query($query)) { return true; } }
function _addTemaView() { isUserLoggedIn(); if (getUserType() == 'profesor') { $grupa = new Grupa(getdbh()); $result['grupa'] = $grupa->fetchAll(); $data['msg'][] = View::do_fetch(VIEW_PATH . 'addTema.tpl.php', $result); View::do_dump(VIEW_PATH . 'layout.php', $data); } }
function _showNews() { isUserLoggedIn(); if (getUserType() == 'admin' || getUserType() == 'profesor') { $noutate = new Noutati(getdbh()); $result['noutate'] = $noutate->fetchAll(); $data['msg'][] = View::do_fetch(VIEW_PATH . 'noutatiProf.tpl.php', $result); View::do_dump(VIEW_PATH . 'layout.php', $data); } else { $noutate = new Noutati(getdbh()); $result['noutate'] = $noutate->fetchAll(); $data['msg'][] = View::do_fetch(VIEW_PATH . 'noutatiStudent.tpl.php', $result); View::do_dump(VIEW_PATH . 'layout.php', $data); } }
function _showTeme() { isUserLoggedIn(); if (getUserType() == 'admin' || getUserType() == 'profesor') { $data['msg'][] = View::do_fetch(VIEW_PATH . 'afisareTemeProfesor.tpl.php'); View::do_dump(VIEW_PATH . 'layout.php', $data); } else { $grupaMea = new Grupa(getdbh()); $result = $grupaMea->getGrupaUserCurent(getUserID()); $idGrupaMea = (int) $result[0]['ID_GRUPA']; $tema = new Teme(getdbh()); $result['tema'] = $tema->getTemeStudentCurent($idGrupaMea); $data['msg'][] = View::do_fetch(VIEW_PATH . 'afisareTemeStudent.tpl.php', $result); View::do_dump(VIEW_PATH . 'layout.php', $data); } }
function _suportCurs() { isUserLoggedIn(); if (getUserType() == 'student') { $data['msg'][] = View::do_fetch(VIEW_PATH . 'suport_curs_stud.php'); View::do_dump(VIEW_PATH . 'layout.php', $data); } else { $grupa = new Grupa(getdbh()); $getGroups = $grupa->fetchAll(); $result['grupa'] = $getGroups; $materie = new Materii(getdbh()); $getMaterii = $materie->fetchGroupaAndMateria(); $result['materie'] = $getMaterii; $data['msg'][] = View::do_fetch(VIEW_PATH . 'suport_curs_prof.php', $result); View::do_dump(VIEW_PATH . 'layout.php', $data); } }
function yorumGonder($userID, $konuID, $yorum) { global $yol1; $datem = date("Y-n-j H:i:s"); if (!empty($yorum) && !empty($konuID) && !empty($userID)) { $yorum = iconv("UTF-8", "ISO-8859-9", $yorum); $uyeTur = getUserType($_SESSION["usern"]); //üye öðretmen veya yönetici ise onay ver if ($uyeTur >= 1) { $sql2 = "insert into eo_comments VALUES (NULL , '{$userID}', '{$konuID}' , '{$yorum}', '{$datem}' , 1)"; } else { $sql2 = "insert into eo_comments VALUES (NULL , '{$userID}', '{$konuID}' , '{$yorum}', '{$datem}' , 0)"; } $result2 = mysql_query($sql2, $yol1); return $result2; } return false; }
function getInfo($userNo) { $user = getUser($userNo); if (!isset($user)) { return null; } $type = getUserType($userNo); switch ($type) { case "d": return driver2custInfo($user[drvID]); case "a": return null; case "c": return user2custInfo($user[custNo]); case "s": return supp2custInfo($user[suppNo]); default: return null; } }
function tt_do_post_request($data) { global $boardurl, $modSettings; $push_url = 'http://push.tapatalk.com/push.php'; if (!function_exists('updateSettings')) { require_once $sourcedir . '/Subs.php'; } //Initial this key in modSettings if (!isset($modSettings['push_slug'])) { updateSettings(array('push_slug' => 0)); } //Get push_slug from db $push_slug = isset($modSettings['push_slug']) ? $modSettings['push_slug'] : 0; $slug = base64_decode($push_slug); $slug = push_slug($slug, 'CHECK'); $check_res = unserialize($slug); //If it is valide(result = true) and it is not sticked, we try to send push if ($check_res['result'] && !$check_res['stick']) { //Slug is initialed or just be cleared if ($check_res['save']) { updateSettings(array('push_slug' => base64_encode($slug))); } //add general information $data['url'] = $boardurl; if (isset($modSettings['tp_push_key']) && !empty($modSettings['tp_push_key'])) { $data['key'] = $modSettings['tp_push_key']; } $data['author_ip'] = getClientIp(); $data['author_ua'] = getClienUserAgent(); $data['author_type'] = getUserType(); $data['from_app'] = getIsFromApp(); //Send push if (!defined('IN_MOBIQUO')) { define('IN_MOBIQUO', true); } require_once dirname(__FILE__) . '/lib/classTTConnection.php'; $connection = new classTTConnection(); $push_resp = $connection->getContentFromSever($push_url, $data, 'POST'); if (trim($push_resp) === 'Invalid push notification key') { $push_resp = 1; } if (!is_numeric($push_resp)) { //Sending push failed, try to update push_slug to db $slug = push_slug($slug, 'UPDATE'); $update_res = unserialize($slug); if ($update_res['result'] && $update_res['save']) { updateSettings(array('push_slug' => base64_encode($slug))); } } } }
$sOutput .= ' <a href=\\"fileDownload.php?id=' . $aRow[$aColumns[0]] . '&file=' . $aRow[$aColumns[$i]] . '&islem=goster\\" target=\\"_blank\\"><img src=\\"img/preview.png\\" border=\\"0\\" style=\\"vertical-align:middle\\" alt=\\"??\\"/></a> '; } $sOutput .= " <font size='-2'>" . getSizeAsString(@filesize($_uploadFolder . '/' . $aRow[$aColumns[$i]])); $humanRelativeDate = new HumanRelativeDate(); $sOutput .= " " . iconv("ISO-8859-9", "UTF-8", $humanRelativeDate->getTextForSQLDate(date("Y-m-d H:i:s", @filemtime($_uploadFolder . '/' . $aRow[$aColumns[$i]])))) . '</font>",'; } else { if ($aColumns[$i] == 'userID') { $sOutput .= ' "' . $aRow[4] . '",'; } else { if ($aColumns[$i] != ' ') { /* General output */ $sOutput .= '"' . str_replace('"', '\\"', $aRow[$aColumns[$i]]) . '",'; } else { if ($aColumns[$i] == ' ') { /* Delete */ if (($aRow[4] == $_SESSION["usern"] or getUserType($_SESSION["usern"]) == "2") and (preg_match("/777/", decoct(@fileperms($_uploadFolder))) or preg_match("/766/", decoct(@fileperms($_uploadFolder))))) { $sOutput .= '"<img src=\\"img/cross.png\\" alt=\\"delete\\" width=\\"16\\" height=\\"16\\" border=\\"0\\" style=\\"vertical-align: middle;cursor:pointer;\\" onclick=\\"javascript:delWithCon(' . $kayNo . ')\\" title=\\"' . $metin[102] . '\\"/>",'; } else { $sOutput .= '"",'; } } } } } } /* * Optional Configuration: * If you need to add any extra columns (add/edit/delete etc) to the table, that aren't in the * database - you can do it here */ $sOutput = substr_replace($sOutput, "", -1);
<?php include '../parse.php'; use Parse\ParseUser; use Parse\ParseQuery; include 'funcs.php'; $user = ParseUser::getCurrentUser(); $trans = $user->get('currentTransaction'); $trans->fetch(); echo getUserType($user);
} $isOwner = false; include_once "Brain/UserControl.php"; if (UserControl::checkState()) { $userNo = UserControl::getUserNo(); if ($userNo == $_GET[userNo]) { $isOwner = !$isOwner; } } $owner = getUser($_GET[userNo]); if (!isset($owner)) { echo "Sorry, No such user!"; return; } $ownerInfo = getInfo($_GET[userNo]); $type = getUserType($_GET[userNo]); $typeID = $ownerInfo["ID"]; ?> <div id="profileHeader"> <div id="p_container"> <div id="p_title">Profile</div> <div id="p_info"> <div id="p_name"><?php echo $ownerInfo["Name"]; ?> </div> <div id="p_contact"><?php if (isset($ownerInfo["Contact"])) { echo $ownerInfo["Contact"]; }
<?php require_once "../../config/init.php"; require_once "auth.php"; $smarty->assign('d_userSex', getUserSex()); $smarty->assign('d_userType', getUserType()); $user = new Users((int) $_POST['_id']); $smarty->assign($user->getValues()); $smarty->assign($_POST); $output = $smarty->fetch("user_edit.html"); $smarty->assign('_validate_error', $smarty->_validate_processed && $smarty->_validate_error); if (!empty($_POST) && !empty($_POST[formSubmit]) && ($smarty->_validate_processed == 1 && $smarty->_validate_error != 1)) { include "_default.action.php"; exit; } $smarty->display("user_edit.html");
function yorumlariGetir($konu) { global $metin; $sql1 = "SELECT eo_comments.id as comID ,eo_comments.comment, eo_comments.commentDate, eo_users.userName, eo_users.id as id\r\n\t\t\t\tFROM eo_comments, eo_users, eo_4konu \r\n\t\t\t\twhere \r\n\t\t\t\teo_comments.konuID = eo_4konu.id and eo_comments.userID = eo_users.id \r\n\t\t\t\tand eo_comments.active = 1 and eo_4konu.id = " . $konu . "\r\n\t\t\t\torder by eo_comments.commentDate DESC"; $yol1 = baglan(); $result1 = mysql_query($sql1, $yol1); if ($result1) { $ekle = ""; while ($row_gelen = mysql_fetch_assoc($result1)) { if ($row_gelen['id'] == getUserID($_SESSION["usern"], $_SESSION["userp"]) || getUserType($_SESSION["usern"]) == 2) { $yorumSil = " | <a href='yorumSil.php?id=" . $row_gelen['comID'] . "' rel='facebox'><img src=\"img/cross.png\" alt=\"delete\" width=\"16\" height=\"16\" border=\"0\" style=\"vertical-align: sub;\" title=\"{$metin['102']}\"/> " . $metin[102] . "</a>"; } else { $yorumSil = ""; } $humanRelativeDate = new HumanRelativeDate(); $insansi = $humanRelativeDate->getTextForSQLDate($row_gelen['commentDate']); $ekle .= "<tr><td><div class='yorumItem'><p style='font-size:16px;padding-bottom:6px;'>" . smileAdd($row_gelen['comment']) . " </p><a href='profil.php?kim=" . $row_gelen['id'] . "' rel='facebox'>" . $row_gelen['userName'] . "</a> {$insansi} {$yorumSil}</div></td></tr>"; } @mysql_free_result($result1); return $ekle; } else { return ""; } return ""; }
function updateUserType($id, $type) { checkConnectivity(); $type = getUserType($type); $query = sprintf("update user set type = %s where ID = %s", $type, $id); mysqli_query($GLOBALS['connection_link'], $query); return mysqli_affected_rows($GLOBALS['connection_link']) > 0; }
function getUserTypeText() { return getUserType($this->getType()); }
doBan($sParamValue == TRUE_VAL ? 'ban' : 'unban', $sId); $sContents = parseXml($aXmlTemplates['result'], TRUE_VAL); } else { $sContents = parseXml($aXmlTemplates['result'], FALSE_VAL); } break; /** * Changes user's type. */ /** * Changes user's type. */ case 'changeType': if (loginAdmin($sNick, $sPassword)) { getResult("UPDATE `" . MODULE_DB_PREFIX . "Profiles` SET `Type`='" . $sType . "' WHERE `ID`='" . $sId . "'"); //--- For XML version only ---// getResult("UPDATE `" . MODULE_DB_PREFIX . "CurrentUsers` SET `Status`='" . USER_STATUS_TYPE . "', `When`=UNIX_TIMESTAMP() WHERE `ID`='" . $sId . "'"); $sContents .= parseXml($aXmlTemplates['result'], TRUE_VAL); } else { $sContents .= parseXml($aXmlTemplates['result'], FALSE_VAL); } break; case 'kickUser': if ($bAdmin && loginAdmin($sNick, $sPassword) || !$bAdmin && loginUser($sModeratorId, $sPassword) && getUserType($sModeratorId) == CHAT_TYPE_MODER) { getResult("UPDATE `" . MODULE_DB_PREFIX . "CurrentUsers` SET `Status`='" . USER_STATUS_KICK . "', `When`=UNIX_TIMESTAMP() WHERE `ID`='" . $sId . "'"); $sContents .= parseXml($aXmlTemplates['result'], TRUE_VAL); } else { $sContents .= parseXml($aXmlTemplates['result'], FALSE_VAL); } break; }
die("<font id='hata'>{$metin['295']}</font>"); } $destination_path = getcwd() . DIRECTORY_SEPARATOR . "../../" . $_uploadFolder . "/"; $target_path = $destination_path . basename($_FILES['myfile']['name']); $result = 0; //http://www.mediawiki.org/wiki/Manual:$wgFileBlacklist $wgFileBlacklist = array('html', 'htm', 'js', 'jsb', 'mhtml', 'mht', 'php', 'phtml', 'php3', 'php4', 'php5', 'phps', 'shtml', 'jhtml', 'pl', 'py', 'cgi', 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl'); $wgMimeTypeBlacklist = array('text/html', 'text/javascript', 'text/x-javascript', 'application/x-shellscript', 'application/x-php', 'text/x-php', 'application/x-httpd-php', 'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh', 'text/scriptlet', 'application/x-msdownload', 'application/x-msmetafile', 'application/zip', 'application/x-opc+zip'); $dBoyu = $_FILES['myfile']['size']; $maxBoy = 1024 * 1024 * $_fileMaxUploadSize; if (!empty($_FILES["myfile"]) && $_FILES['myfile']['error'] == 0) { if (in_array(strtolower($_FILES['myfile']['name']), array(".htaccess", "index.php"))) { $result = -1; trackUser($currentFile, "fail,FileUp", $_SESSION["usern"]); } else { if (getUserType($_SESSION["usern"]) == 0 and file_ext($_FILES['myfile']['name']) != 'rar') { $result = -8; //öðrencilere sadece RAR uzantýsý trackUser($currentFile, "fail,FileUp", $_SESSION["usern"]); } else { if ($dBoyu > $maxBoy or $dBoyu < 0) { //maksimum dosya gönderim sýnýrý $result = -3; trackUser($currentFile, "fail,FileUp", $_SESSION["usern"]); } else { if (!preg_match("/^[A-Za-z0-9_-]+.[A-Za-z0-9]{2,6}\$/i", $_FILES['myfile']['name'])) { $result = -4; trackUser($currentFile, "fail,FileUp", $_SESSION["usern"]); } else { if (in_array(end(explode(".", strtolower($_FILES['myfile']['name']))), $wgFileBlacklist)) { $result = -5;
CIBlockElement::SetPropertyValues($kpi["ID"], 17, $kpiCount["VALUE"], "KPI_5"); } else { $kpi = array(1 => 103, 2 => 104, 3 => 105, 4 => 106, 5 => 107); $el = new CIBlockElement(); $PROP = array(); $PROP[101] = $USER->GetID(); $PROP[$kpi[5]] = 1; $arLoadProductArray = array("IBLOCK_ID" => 17, "PROPERTY_VALUES" => $PROP, "NAME" => $USER->GetLogin(), "DATE_ACTIVE_FROM" => date("Y.m.d H:i")); $el->Add($arLoadProductArray); } $data = array("UF_USER" => $_REQUEST['UF_USER'], "UF_AMPLIFIER" => $USER->GetID(), "UF_EVENT" => $_REQUEST['UF_EVENT'] ? $_REQUEST['UF_EVENT'] : 0, "UF_DATE_TIME" => date("d.m.Y H:i:s"), "UF_ACTION_CODE" => 103, "UF_ACTION_TEXT" => "change_status", "UF_TYPE" => $contact_type_ret[$userType["UF_STATUS"]], "UF_TYPE_2" => 5); addToHLBlock(4, $data); $data = array('UF_AMPLIFIER' => $USER->GetID(), 'UF_USER' => $_REQUEST['UF_USER'], 'UF_EVENT' => $_REQUEST['UF_EVENT'] ? $_REQUEST['UF_EVENT'] : 0, 'UF_IMAGE' => $fid); addToHLBlock(3, $data); // Запись в лог об изменение статуса пользователя $logKPI::add(array('UF_USER' => IntVal($_REQUEST['UF_USER']), 'UF_AMPLIFIER' => $USER->GetID(), 'UF_EVENT' => $_REQUEST['UF_EVENT'] ? $_REQUEST['UF_EVENT'] : 0, 'UF_DATE_TIME' => date("Y-m-d H:i:s"), 'UF_ACTION_CODE' => 103, 'UF_ACTION_TEXT' => "change_status", 'UF_TYPE' => $arUserType[1][getUserType(IntVal($_REQUEST['UF_USER']))], 'UF_TYPE_2' => $arUserType[2][5])); if ($res) { getResultJSON(array("status" => "OK", "status_msg" => "put_photo_ok")); } else { getResultJSON(array("status" => "ERROR", "status_msg" => "put_photo_error")); } } /** Добавление события */ if ($_REQUEST["mode"] == "new_event") { if (!$USER->IsAuthorized()) { exit; } $json = json_decode(file_get_contents('php://input'), true); CEventLog::Add(array("SEVERITY" => "WARNING", "AUDIT_TYPE_ID" => "SEND_EVENT", "MODULE_ID" => "iblock", "ITEM_ID" => "", "DESCRIPTION" => json_encode($json)));
include 'funcs.php'; if (isset($_GET['action']) && $_GET['action']) { $action = $_GET['action']; if ($action == "activate") { $currentUser = ParseUser::getCurrentUser(); activateTransaction(); } else { if ($action == 'complete') { $currentUser = ParseUser::getCurrentUser(); deactivateTransaction(); header('Location: http://' . URL . 'hackbag/'); } } } $user = ParseUser::getCurrentUser(); $type = getUserType($user); if ($user->get('ownsBag')) { // LENDER $trans = $user->get('currentTransaction'); $trans->fetch(); $start = $trans->get('startTime'); $end = $trans->get('endTime'); $otherUser = $trans->get('borrower'); $otherUser->fetch(); $name = $otherUser->get('fullName'); $msg = "Success! You've made a hacker's night, thank you! Return to receive your bag at {$end}."; $action = "Lending to"; $acceptMsg = 'Mark Bag As Received'; } else { // BORROWER $trans = $user->get('currentTransaction');
$user = ParseUser::getCurrentUser(); // put the user in $user } else { // otherwise try { $user = ParseUser::logIn("*****@*****.**", "123"); // log the user // Do stuff after successful login. } catch (ParseException $error) { // The login failed. Check error to see why. die('Bill could not log in!'); // in case of error fail misserably } } $requested = false; $userType = getUserType(ParseUser::getCurrentUser()); if ($userType == 'availableBorrower') { // Procceed normally! // Check if action was performed. if (isset($_POST['action']) && $_POST['action']) { $action = $_POST['action']; if ($action == 'request') { $start = $_POST['start']; $end = $_POST['end']; $requested = true; // Send a request for the specified time. createTransaction($start, $end); } else { // DELETE TRANSACTION. } }
?> </div> <!-- User Name --> <div id="user-name" style="text-align:center;width:66%;"> <?php global $user; if ($user->uid != 0) { $user_name = getBrokerAgentName($user->uid); if ($user_name == '-NA-') { print '<b> Hello ' . $user->name . '</b><br>'; } else { print '<b> Hello ' . $user_name . '</b><br>'; } print $user->mail; } $user_info = getUserType($user->uid); $uid = $user->uid; $broker_agent_id = getBrokerID($uid); if ($broker_agent_id > 0) { if ($user_info['type'] == 'B') { print '<div id="user-profile" style="margin-left:30%;"> <a href="' . base_path() . 'c2s/broker/edit/brk/".$broker_agent_id;> My Profile </a> </div>'; } else { print '<div id="user-profile" style="margin-left:30%;"> <a href="' . base_path() . 'c2s/agent/edit/".$broker_agent_id;> My Profile </a> </div>'; } } ?> </div> <!-- Secondary Menu --> <div id="secondary-menu" class="navigation">
$oApp->post('/getFeaturedProducts', function () use($oApp, $oProductMgr) { if (getUserType() != 'admin') { $oApp->halt(500, 'You are not login'); return; } echo json_encode($oProductMgr->getFeaturedProductIds()); }); $oApp->get('/createReviews', function () use($oApp, $oProductMgr) { if (getUserType() != 'admin') { $oApp->halt(500, 'You are not login'); return; } $oProductMgr->createReviews_test(); }); $oApp->get('/clearReviews', function () use($oApp, $oProductMgr) { if (getUserType() != 'admin') { $oApp->halt(500, 'You are not login'); return; } $oProductMgr->deleteReviews_test(); }); /* !CRUD APIs */ /*** * Login/Logout ***/ $oApp->get('/backdoor', function () use($oApp, $oProductMgr) { $_SESSION['loggedin'] = True; $_SESSION['isAdmin'] = True; $oApp->redirect('/'); }); $oApp->get('/logout', function () use($oApp, $oProductMgr) {
{ }, { "sClass": "right" }, { } ] } ); /* Init the table */ oTable = $('#example').dataTable( ); } ); </script> </head> <body> <?php if (isset($_GET['id']) && $_GET['id'] != "" && $_GET['delCon'] == "1" && (getUserID2($_SESSION['usern']) == dosyaKimID($_GET['id']) or getUserType($_SESSION['usern']) == '2')) { if (preg_match("/777/", decoct(@fileperms($_uploadFolder))) or preg_match("/766/", decoct(@fileperms($_uploadFolder)))) { dosyaSil(RemoveXSS($_GET['id'])); $deleteSQL = sprintf("DELETE FROM eo_files WHERE id=%s", GetSQLValueString($_GET['id'], "int")); mysql_select_db($_db, $yol); $Result1 = mysql_query($deleteSQL, $yol) or die(mysql_error()); if ($Result1) { echo "<font id='uyari'> {$metin['501']}</font>"; } } } ?> <table cellpadding="0" cellspacing="0" border="0" class="display" id="example" align="center"> <thead> <tr> <th width="10%"><?php