function login($username, $password)
{
global $pdo;
if (isset($_SESSION['userid']) && $username == $_SESSION['userid']) {
return TRUE;
}
if ($pdo == null) {
open_database();
}
$stmt = $pdo->prepare("SELECT * FROM users WHERE login=?");
if (!$stmt->execute(array($username))) {
die('Invalid query : [' . error_database() . ']' . $pdo->errorInfo());
}
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if (!isset($row['salt'])) {
return FALSE;
}
$digest = encrypt_password($password, $row['salt']);
if ($digest == $row['crypted_password']) {
$_SESSION['userid'] = $row['id'];
$_SESSION['username'] = $row['name'];
$_SESSION['useraccess'] = $row['access_level'];
$_SESSION['userpageaccess'] = $row['page_access_level'];
return TRUE;
} else {
return FALSE;
}
}
function execute_query($sql, $id_conn)
{
//verifica se a conexão é válida, caso não seja, a estabelece novamente...
if (!$id_conn) {
$id_conn = open_database();
}
$query = mysql_query($sql, $id_conn);
return $query;
}
function execute_query($sql, $id_conn)
{
if (!$id_conn) {
$id_conn = open_database();
}
//verifica se a conexão é válida, caso não seja, a estabelece novamente...
$sql = str_replace("\"", '`', $sql);
$sql = str_replace("'", '"', $sql);
$query = mysql_query($sql, $id_conn);
return $query;
}
function print_header($table = "")
{
global $sections;
open_database();
print "<html>\n";
print "<head>\n";
if ($table == "") {
print "<title>PEcAn DB</title>\n";
} else {
print "<title>PEcAn DB [{$sections[$table]['section']}/{$table}]</title>\n";
}
print "<link href=\"bety.css\" rel=\"stylesheet\" type=\"text/css\"/>\n";
print "</head>\n";
print "<body>\n";
}
function grava_usuario()
{
$filename = upload_foto();
require '../config/infodbcon.php';
require '../config/database.php';
$id_conn = open_database();
$post = array_map("mysql_real_escape_string", $_POST);
execute_query("START TRANSACTION", $id_conn);
if ($post['cmb_cadastro'] == '0') {
$sql = 'INSERT INTO tb_usuario ';
$sql .= '(usuario_nome, usuario_login, usuario_senha, usuario_email, usuario_foto, usuario_info, usuario_ativo)';
$sql .= 'VALUES ';
$sql .= '(\'' . addslashes(utf8_decode($_POST['nome'])) . '\', \'' . utf8_decode($post['login']) . '\', ';
$sql .= '\'' . md5('123mudar') . '\', \'' . $post['email'] . '\',';
$sql .= '\'' . $filename . '\', \'' . addslashes(utf8_decode($_POST['infor'])) . '\', \'' . ($post['ativo'] ? 1 : 0) . '\')';
} else {
$sql = 'UPDATE tb_usuario SET ';
$sql .= 'usuario_nome = \'' . addslashes(utf8_decode($_POST['nome'])) . '\', usuario_login = \'' . $post['login'] . '\', ';
$sql .= 'usuario_email = \'' . $post['email'] . '\', ';
$sql .= 'usuario_info=\'' . addslashes(utf8_decode($_POST['infor'])) . '\', ';
$sql .= 'usuario_ativo=\'' . (isset($post['ativo']) ? 1 : 0) . '\' ';
if ($post['trocoufoto']) {
$sql .= ',usuario_foto=\'' . $filename . '\' ';
}
$sql .= 'WHERE ';
$sql .= 'usuario_id=' . $post['cmb_cadastro'];
}
if (!execute_query($sql, $id_conn)) {
$messagem = utf8_decode('Query Inválida: ') . mysql_error() . "\n";
$messagem .= 'Pesquisa Inteira: ' . $sql;
echo $messagem;
execute_query("ROLLBACK", $id_conn);
} else {
execute_query('COMMIT', $id_conn);
echo '1';
}
execute_query("END TRANSACTION", $id_conn);
close_database($id_conn);
}
<?php
/**
* Copyright (c) 2012 University of Illinois, NCSA.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the
* University of Illinois/NCSA Open Source License
* which accompanies this distribution, and is available at
* http://opensource.ncsa.illinois.edu/license.html
*/
// Check login
require "common.php";
if ($authentication) {
open_database();
if (!check_login()) {
header("Location: index.php");
close_database();
exit;
}
if (get_page_acccess_level() > $min_run_level) {
header("Location: history.php");
close_database();
exit;
}
close_database();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>EBI Sites</title>
<?php
/*
@Autor: Clésio Teixeira da Silva
@Versão: 2.2
@Última Alteração: 11/09/2015
*/
session_start();
// arquivo de funções.
require "../funcoes/php/funcao.php";
//Função encontrada dentro do arquivo funcao.php. Tem como incumbência verificar se o usuário está logado.
session_checker();
require "../config/infodbcon.php";
require "../config/database.php";
$id_conn = open_database();
libera_acesso('configuracao', $id_conn);
require "../html/configuracao.html";
echo '<script>foto_usuario(\'' . $_SESSION['usuario_id'] . '\')</script>';
exit;
function run_sql($sql, $arg = array(), $fatal = true)
{
global $sql_open;
global $sql_dbh;
global $sql_server;
global $sql_error;
if (substr($sql_server, 0, 4) == "http") {
$request = array("sql" => $sql, "count" => count($arg));
for ($i = 0; $i < count($arg); $i++) {
if (is_int($arg[$i])) {
$request["type_{$i}"] = "int";
} else {
if (is_numeric($arg[$i])) {
$request["type_{$i}"] = "float";
} else {
$request["{$type_}{$i}"] = "string";
}
}
$request["value_{$i}"] = $arg[$i];
}
$request = map_to_url_string($request);
$body = http_slap($sql_server, $request);
$row = array();
$a = explode("\n", trim($body));
for ($i = 0; $i < count($a); $i++) {
if ($a[$i] != "") {
$row[] = map_from_tag_string($a[$i]);
}
}
} else {
if (!$sql_open) {
open_database();
}
$sth = $sql_dbh->prepare($sql);
try {
//if (string_has($sql_server, "sqlsrv:")) {
// // XXX: bug workaround - can't bind a zero length string when using mssql native client
// for ($i = 0; $i < count($arg); $i++) {
// if (is_string($arg[$i])) {
// if ($arg[$i] == "") {
// $arg[$i] = " ";
// }
// }
// }
//}
$sth->execute($arg);
if ($sth->columnCount() == 0) {
return;
}
$row = $sth->fetchAll();
} catch (PDOException $exception) {
$msg = $exception->getMessage();
$sql_error = "sql [{$sql}] arg [" . implode(", ", $arg) . "] msg [{$msg}]";
if ($fatal) {
default_error($sql_error);
}
return false;
}
}
return $row;
}
function DeleteFileFromDatabase($md5)
{
if (!open_database()) {
return array();
}
$results = exec_query("DELETE FROM storage WHERE md5 = '" . escape_string($md5, false) . "'", false);
close_database();
return $results;
}
