function page_footer() { page_cleanup(); print "\n </div> <!-- END MAIN CONTENT -->\n </div> <!-- END MAIN PANEL-->\n <!-- including footer partial -->\n"; include $_SERVER['DOCUMENT_ROOT'] . "/templates/partials/footer-bar.php"; include $_SERVER['DOCUMENT_ROOT'] . "/templates/partials/footer.php"; }
function page() { global $logger, $session, $db, $user; //handle the check $postData = $_POST; if (time() < $session->csrf_expire) { if ($session->csrf_token === $postData['csrf_token']) { $email = $postData['email']; $password = $postData['password']; if ($postData['remember']) { $remember = true; } else { $remember = false; } //ok, we're going to search for the user based on the email $result = $db->select("id, email, password, token, active")->from('users')->where('email', $email)->fetch_first(); //if we have a record... if ($db->affected_rows > 0) { //found a matching user, now lets check the password if (password_verify($password, $result['password']) && $result['active']) { //valid user! //do we have a token? if not, create one and then initialize the user object if ($result['token'] == '' || $result['token'] == Null) { $token = generate_random_string(32); $db->where('id', $result['id'])->update('users', array('token' => $token))->execute(); } else { $token = $result['token']; } $session->setCookie('user', $token, $remember); $session->user_token = $token; $session->logged_in = true; $redirect = '/pages/dashboard.php'; page_cleanup($redirect); } else { // passwords don't match, let's set a formError and return to the index page $session->setFormError('email', 'That email/password combination was not found!'); page_cleanup("/index.php"); } } else { // user not found, let's set a formError and return to the index page $session->setFormError('email', 'That email/password combination was not found.'); page_cleanup("/index.php"); } } else { $session->setFormError('email', 'There was a token mismatch. Hack attempt foiled.'); page_cleanup("/index.php"); } } else { $session->setFormError('email', 'Timed out. Please don\'t let the form sit so long.'); page_cleanup("/index.php"); } //print "Session: ".$session->csrf_token."<br>Form: ".$_POST['csrf_token'].""; }
if (!function_exists('nav')) { function nav() { } } if (!function_exists('page_footer')) { function page_footer() { } } if (!function_exists('document_close')) { function document_close() { } } //now we load the execute the page template_init(); } } elseif ($ajax) { /* ajax request, we're just going to be responding with a json string */ page(); } elseif ($post) { /* this is a POST */ page(); } elseif ($template == '') { print "No template or page function defined for this url."; } else { die("Not sure how you got here."); } page_cleanup();
// $lang = getlang(); if (isset($lang)) { if (file_exists("{$configdir}/{$lang}/config.php")) { require "{$configdir}/{$lang}/config.php"; } } // // $pageid = getpageid(); if (!isset($pageid)) { $pageid = $defaultpage; } $page_include = "include/" . $pageid; $config_include = $configdir . "/" . $pageid; if (file_exists($page_include)) { if (file_exists($config_include)) { require $config_include; } if (autherized(getuserid(), $pageauth)) { require $page_include; $page_var = page_init(); page_html_header($page_var); page_main($page_var); page_html_footer($page_var); page_cleanup($page_var); } else { login(); } } // That's all folks ...
public function processForm($table, $fillable = array(), $message = 'Record updated successfully') { global $db, $session; if ($this->checkFields($fillable)) { //ok, let's do a database update if ($this->method == 'PATCH') { //updating a record $db->where('id', $this->recordID)->update($table, $this->posted); } else { //create a new record $this->recordID = $db->insert($table, $this->posted); } $session->setFlashSuccess($message); page_cleanup($this->successURL); } }