//if the username is vaild show the secret question if ($user) { $un = $user->getUserName(); $hide = true; $showSecretQuestion = true; $question = $user->getSecretQuestion(); } else { $message = "Invalid user."; } } else { if (isset($_POST['answer'])) { require_once 'lib/user.php'; $hide = true; $userName = strtolower($_POST['validatedUsername']); $secretAnswer = md5(strtolower(trim($_POST['answer']))); $user = user_getUserByUsername($userName); //if the username is set this gets the secret question of the user if ($user) { $un = $user->getUserName(); $question = $user->getSecretQuestion(); $answer = $user->getSecretAnswer(); //If their secret answer they provided on this form mathes what is in the database //automatically logs the user into the site. if ($secretAnswer == $answer) { $_SESSION['user'] = $userName; header('Location: ./index.php'); } else { $message = "Invalid answer."; $showSecretQuestion = true; } } else {
$f = __FILE__; if (is_link($f)) { $f = readlink($f); } // Unix compatibility $appPath = dirname($f) . "/"; // check for authentication if (!isset($_SESSION['user'])) { if (!$masterBreak) { header('Location: ./login.php'); } } else { // get some user maddness. require_once $appPath . '../lib/user.php'; // Make sure the user is a true user $globalUser = user_getUserByUsername($_SESSION['user']); } $set = true; if (empty($_POST['answer'])) { $message = "Please enter your secret answer."; $set = false; } if (empty($_POST['question'])) { $message = "Please enter your secret question."; $set = false; } if (empty($_POST['newPassword'])) { $message = "Please enter your new password."; $set = false; } else { if (empty($_POST['confirm'])) {
//--> </script> </head> <body> <div id="divArchiveCenter"> <div id="divArchiveBox"> <div class="divArchivePadder"> <div><img src="master/images/archiveTorrents.gif" alt="Torrents" /></div> <div> <?php if (empty($_SESSION['user'])) { echo '<div class="divStatus">You must be logged in to view an archive.<br /><br /><input type="button" value="Close" onclick="javascript:window.close()"/></div>'; } else { require_once 'lib/user.php'; $userAuthLevel = user_getUserByUsername($_SESSION['user'])->getAuthLevel(); if ($userAuthLevel == 'Admin' || $userAuthLevel == 'Power User' || $userName == $_SESSION['user']) { //get download directory from config require_once 'lib/configuration.php'; $downloadDir = config_getConfiguration()->getDownloadLocation(); //change to config-specified directory $userDir = $downloadDir . '/' . $userName; //process Torrent actions //process Torrent load if (isset($_GET['loadTorrent'])) { //add Torrent to Torrent Module require_once 'lib/torrent_module_loader.php'; $torrentModule = new TorrentFunctions('localhost'); $torrentModule->addTorrentByFile($userDir . '/' . $_GET['loadTorrent'], $userDir); //add Torrent to XML database require_once 'lib/torrent.php';
// check if the user exists $userNameToDelete = $_POST['delete']; if (user_getUserByUsername($userNameToDelete)) { // delete the user user_removeUser($userNameToDelete); $message = "{$userNameToDelete} has been deleted."; } else { $message = "That user doesn't exist."; } } if (isset($_POST['update'])) { if (isset($_POST['authLevel'])) { if ($_POST['authLevel'] == "Admin" || $_POST['authLevel'] == "Power User" || $_POST['authLevel'] == "User") { // check if the user exists $userNameToUpdate = $_POST['update']; if ($userToUpdate = user_getUserByUsername($userNameToUpdate)) { // update the user $userToUpdate->setAuthLevel($_POST['authLevel']); user_updateUser($userToUpdate); $message = "{$userNameToUpdate}'s authentication level has been updated."; } else { $message = "That user doesn't exist."; } } else { $message = "Invalid auth level."; } } else { $message = "Auth level not set."; } } ?>
<div id="divCenter"> <div id="divBox"> <div id="divPadder"> <div id="divLogo"><img src="./master/images/torrentSettings.gif" alt="Torrent Settings Logo" /></div> <?php if (empty($_SESSION['user'])) { echo '<div id="divStatus">You must be logged in to configure a Torrent.</div><br/><input type="button" value="Close" onClick="javascript:window.close()"/>'; } else { if (empty($_GET['name'])) { echo '<div id="divStatus">No Torrent name specified.</div><br/><input type="button" value="Close" onClick="javascript:window.close()"/>'; } else { //get this user's access level require_once 'lib/user.php'; $userName = $_SESSION['user']; $userAuthLevel = user_getUserByUsername($userName)->getAuthLevel(); $torrentName = $_GET['name']; //get owner of the Torrent require_once 'lib/torrent.php'; $torrentUser = torrent_getTorrentByName($torrentName)->getUserName(); //check if the user the owner of the Torrent, an admin, or a power user if ($userAuthLevel != 'Admin' && $userAuthLevel != 'Power User' && $userName != $torrentUser) { echo '<div id="divStatus">You do not have permission to configure this Torrent.</div><br/><input type="button" value="Close" onClick="javascript:window.close()"/>'; } else { //setup Torrent Module require_once 'lib/torrent_module_loader.php'; $torrentModule = new TorrentFunctions('localhost'); //user is saving settings if (count($_POST)) { //map form values to constant values $priorities = array('normal' => TorrentPriority::Normal, 'high' => TorrentPriority::High, 'doNotDownload' => TorrentPriority::DoNotDownload);
<a href="index.php">Admin</a> | <a href="users.php">Manage Users</a> | <a href="../logout.php">Logout</a> </div> </div> <!--This is the actual form to display to the user--> <div id="divCenter"> <!-- Base Box --> <div id="divBox"> <div id="divPadder"> <div id="divLogo"> <img src="../master/images/adminAddUser.gif" alt="Add User Logo" /><br /> </div> <?php //checks to see if the person is logged in as an admin. if (isset($_SESSION['user']) && user_getUserByUsername($_SESSION['user'])->getAuthLevel() == 'Admin') { $createUser = false; $username = ''; $secretQuestion = ''; $secretAnswer = ''; $usernameLabelStyle = $passwordLabelStyle = $secretQuestionLabelStyle = $secretAnswerLabelStyle = 'fieldLabel'; //user is posting back if (count($_POST)) { //check username field if (!empty($_POST['username'])) { $username = strtolower(trim($_POST['username'])); $createUser = true; } else { $message .= 'Please enter a username.<br />'; $usernameLabelStyle .= 'Highlight'; }