function check_username_password($username, $password, &$ret_token)
{
$ret = null;
$mysqli = mysqli_new();
$sql = "select * from manager where name='root' and password='******'";
$sql = "select * from users where username='******'and password='******'";
$result = mysqli_obj_query($mysqli, $sql);
if (is_null($result) || 1 != $result->num_rows) {
$ret = "username or password was not right";
} else {
require_once "./session.php";
update_session($username);
while ($row = mysqli_fetch_assoc($result)) {
//echo json_encode($row);
$token = md5(uniqid(rand()));
$ret_token = $token;
$sql = "INSERT INTO `loginStatus`(`username`, `token`) VALUES ('{$username}', '{$token}')";
$result = mysqli_obj_query($mysqli, $sql);
$ret = "ok";
break;
}
}
/* free result set */
//$result->free();
$mysqli->close();
return $ret;
}
$serversession = 1;
$cookiesession = 1;
}
$isavisitor = true;
// department
if (empty($UNTRUSTED['department'])) {
$department = 0;
} else {
$department = intval($UNTRUSTED['department']);
}
// username:
if (empty($UNTRUSTED['username']) && !empty($_COOKIE['username'])) {
$UNTRUSTED['username'] = $_COOKIE['username'];
}
$identity = identity($UNTRUSTED['cslhVISITOR'], "cslhVISITOR", $allow_ip_host_sessions, $serversession, $cookiesession, $ghost_session);
update_session($identity, $ghost_session);
$querystringadd = "&cslheg=1";
if (!$allow_ip_host_sessions) {
$querystringadd .= "&allow_ip_host_sessions=0";
}
if ($serversession == 1) {
$querystringadd .= "&serversession=1";
} else {
$querystringadd .= "&serversession=0";
}
if (!empty($relative)) {
$querystringadd .= "&relative=Y";
}
if (!empty($username)) {
$querystringadd .= "&username=" . $username;
}
function handle_login()
{
$request = Flight::request();
//login/?gw_address=%s&gw_port=%d&gw_id=%s&url=%s
// If we get called without the gateway parameters, then we better
// have these in the session already.
// Initialize or update session parameters
update_session($request);
// If we have no session parameters now, we never had them
if (!is_session_valid()) {
Flight::error(new Exception('Gateway parameters not set in login handler!'));
}
render_boilerplate();
fblogin();
}
check_form($_POST, &$error_array, array("SessionID"));
if (count($error_array) == 0) {
$session = new Session();
$session->SessionID = $_POST["SessionID"];
$session->SessionName = $_POST["SessionName"];
$session->TrackID = $_POST["TrackID"];
if (array_key_exists("SessionTrackID", $_POST)) {
$session->SessionTrackID = $_POST["SessionTrackID"];
}
$session->PresentationTypeID = $_POST["PresentationTypeID"];
$session->StartTime = sprintf("%s %02d:%02d:00", $_POST["StartDate"], $_POST["StartHour"] % 12 + ($_POST["StartMeridiem"] == "pm" ? 12 : 0), $_POST["StartMinute"]);
$session->EndTime = sprintf("%s %02d:%02d:00", $_POST["EndDate"], $_POST["EndHour"] % 12 + ($_POST["EndMeridiem"] == "pm" ? 12 : 0), $_POST["EndMinute"]);
$session->RoomID = $_POST["RoomID"];
$session->ChairID = $_POST["ChairID"];
if ($_POST["SessionID"] && !$_GET["duplicate"]) {
$result = update_session($session);
} else {
$session->SessionID = 0;
$result = add_session($session);
}
$url = "Location: sessions.php";
header($url);
}
}
$vars = array();
if ($sessionID) {
$session = get_session_info($sessionID);
$vars["SessionID"] = $session->SessionID;
$vars["SessionName"] = $session->SessionName;
$vars["TrackID"] = $session->TrackID;
$vars["SessionTrackID"] = $session->SessionTrackID;
$file_tmp = $_FILES['image']['tmp_name'];
$file_type = $_FILES['image']['type'];
$file_ext = strtolower(end(explode('.', $_FILES['image']['name'])));
$expensions = array("jpeg", "jpg", "png");
if (in_array($file_ext, $expensions) === false) {
$errors[] = "extension not allowed, please choose a JPEG or PNG file.";
}
if ($file_size > 2097152) {
$errors[] = 'File size must be excately 2 MB';
}
if (empty($errors) == true) {
$my_string = rand_string(6);
$my_string = $my_string . "-" . $file_name;
move_uploaded_file($file_tmp, "img/" . $my_string);
$result = update_avatar($my_string);
update_session();
if ($result) {
echo "<div class='alert alert-block alert-success fade in'>Upload thành công.</div>";
header('location:admin.php?option=profile');
} else {
echo "<div class='alert alert-block alert-danger fade in'>Không cập nhật được ảnh đại diện.</div>";
}
} else {
print_r("<div class='alert alert-block alert-danger fade in'>" . $errors . "</div>");
}
}
?>
<div class="row">
<div class="col-lg-12">
<h3 class="page-header"><i class="fa fa-users"></i> THÔNG TIN CÁ NHÂN</h3>
function do_acct_status($status)
{
$do_admin_acct = false;
// Change to 'true', if desired
if (get_device() || $do_admin_acct) {
switch ($status) {
case 'update':
update_session();
break;
case 'start':
start_session();
break;
case 'stop':
stop_session();
break;
case 'auth':
auth_session();
break;
}
}
}
if ($private_chat && !empty($user->data['user_private_chat_alert'])) {
$sql = "UPDATE " . USERS_TABLE . " SET user_private_chat_alert = '' WHERE user_id = " . $user->data['user_id'];
$db->sql_return_on_error(true);
$db->sql_query($sql);
$db->sql_return_on_error(false);
}
// JHL this is in the wrong place - we might need to send this information back to the Ajax caller - END
// Code for getting data
if ($action == 'read') {
// Stop guest from reading the shoutbox if they aren't allowed
if ($config['shout_allow_guest'] == 0 && !$user->data['session_logged_in']) {
pseudo_die(AJAX_SHOUTBOX_NO_ERROR, $lang['Shoutbox_no_auth']);
}
// Always update the session on a read, when in chat - even if data is not asked for
$update_mode = request_var('update_mode', 'archive');
update_session($error_msg, $update_mode == 'chat');
if ($error_msg != '') {
pseudo_die(AJAX_SHOUTBOX_ERROR, $error_msg);
}
// Guest are reconized by their IP
$guest_sql = '';
$is_guest = false;
if (!$user->data['session_logged_in']) {
$is_guest = true;
$guest_sql = " AND session_ip = '" . $db->sql_escape($user->ip) . "'";
}
// Update session data and online list - only get session data if the user was online $config['ajax_chat_session_refresh'] seconds ago
$time_ago = time() - (int) $config['ajax_chat_session_refresh'];
// Read session data for update
$sql = "SELECT u.user_id, u.username, u.user_active, u.user_color, u.user_level\n\t\tFROM " . AJAX_SHOUTBOX_SESSIONS_TABLE . " s, " . USERS_TABLE . " u\n\t\tWHERE s.session_time >= " . $time_ago . "\n\t\t\tAND s.session_user_id = u.user_id" . $guest_sql . "\n\t\tORDER BY case u.user_level when 0 then 10 else u.user_level end";
$result = $db->sql_query($sql);
<?php
/*
session.ses.php
Copyright (C) 2003
Alberto Alcocer Medina-Mora
root@b3co.com
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
include BADGER_ROOT . "/core/SessionManager/config.ses.php";
if (isset($_COOKIE['badger_sess']) && $_COOKIE['badger_sess'] != "") {
$sess = update_session();
} else {
$sess = new_session();
}
$_session = get_session_vars($sess);
<?php
/***********************************************
DAVE PHP API
https://github.com/evantahler/PHP-DAVE-API
Evan Tahler | 2011
I am an example function to view a user.
If "this" user is viewing (indicated by propper password hash along with another key, all data is shown), otherwise, just basic info is returned.
I contain example useage of the session functions
***********************************************/
if ($ERROR == 100) {
$AuthResp = AuthenticateUser();
if ($AuthResp[0] !== true) {
$ERROR = $AuthResp[1];
$OUTPUT['LOGIN'] = "******";
} else {
$ReturnedUser = $AuthResp[1];
$OUTPUT['LOGIN'] = "******";
$OUTPUT['SessionKey'] = create_session();
$SessionData = array();
$SessionData["login_time"] = time();
$userData = $ReturnedUser;
foreach ($userData as $k => $v) {
$SessionData[$k] = $v;
}
update_session($OUTPUT['SessionKey'], $SessionData);
$OUTPUT['SESSION'] = get_session_data($OUTPUT['SessionKey']);
}
}
showimage($filepath, "image/gif");
exit;
}
//----------------------------------------------------------------
if ($UNTRUSTED['what'] == "browse") {
if (!$serversession) {
$mydatabase->close_connect();
}
$filepath = "images/browse.gif";
showimage($filepath, "image/gif");
exit;
}
// userstat: return the control image for this user.
//----------------------------------------------------------------
if ($UNTRUSTED['what'] == "userstat") {
update_session($identity);
$query = "SELECT * FROM livehelp_users WHERE sessionid='" . $identity['SESSIONID'] . "'";
$data = $mydatabase->query($query);
$visitor = $data->fetchRow(DB_FETCHMODE_ASSOC);
// now..
$rightnow = date("YmdHis");
// update the visitors tracks.
// see if we already have the page they are on.
if (empty($pageid)) {
$pageid = 1;
}
// update their last action to now..
$query = "UPDATE livehelp_users set lastaction='{$rightnow}' WHERE sessionid='" . $identity['SESSIONID'] . "'";
$mydatabase->query($query);
// see if the operator wants anything with them:
// status = R means request Chat..
