Example #1
0
 public static function validateId($id)
 {
     return validateId($id);
 }
Example #2
0
require_once 'database/pdo_mysqlUtil.php';
require_once 'database/FileUtil.php';
require_once 'security/validation.php';
require_once 'security/rbac.php';
?>

<?php 
if (!authenticate(3)) {
    die("没有权限");
}
?>

<?php 
//PDO_Class_Wrapper version
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $pageId = validateId(htmlspecialchars($_POST["pageId"]));
    $photos = saveFiles("photoName", "photo/");
    //不判断附件是否上传成功
    $isCorrect = true;
    $db->start();
    for ($i = 0; $i < count($photos); $i++) {
        $photoData = array("path" => $photos[$i], "name" => basename($photos[$i]), "pageId" => $pageId);
        // 		print_r($photos);
        $photoId = $db->insert('photo', $photoData)->getLastInsertId();
        if (!$photoId > 0) {
            $isCorrect = false;
        }
    }
    if ($isCorrect) {
        $db->end();
        echo "添加成功" . "<br>";
require_once 'model/' . $_file . '.php';
/**
 * miembro_editar.php
 *
 * Genera el formulario con los datos del miembro para poder modificarlos.
 * Para ello usa como parámetro el Identificador de Miembro.
 * La fecha de incorporación sólo es modificable por el Administrador.
 * @access  Privado El mismo Miembro o Administrador
 * @param   integer id_miembro  Identificador del Miembro
 *
 */
//print_r($_REQUEST);
// Extrae las variables necesarias para el script
extract(arrayKeys($_REQUEST, array('id_miembro', 'idioma')));
// Obtiene el id_miembro y verifica si es correcto
$id_miembro = validateId($id_miembro);
// Controla el acceso a la pagina
accessOwnMember($id_miembro);
// TODO function to validate languages (here and in forms!)
// Si hay cambio de idioma, lo recibe por GET
if (isset($_GET['idioma'])) {
    // Muestra error si la cadena está vacía
    if (empty($idioma)) {
        error();
    } elseif (!isset($_languages[$idioma])) {
        // Si no existe el ídioma muestra error
        error();
    }
} else {
    // Obtiene el idioma si no ha cambiado
    $idioma = isset($idioma) && isset($_languages[$idioma]) ? $idioma : $_lang;
<?php

require 'conn.php';
$singleImage = False;
$image_link = "";
$imageId = "";
$vote_class = "enabled";
$vote_text = "UPVOTE";
try {
    if (isset($_GET['image'])) {
        $imageId = $_GET['image'];
        validateId($imageId);
        $stmt = $conn->prepare("SELECT * FROM images where id = :id");
        $stmt->execute([':id' => $imageId]);
        $result = $stmt->fetch();
        if (!$result) {
            redirect();
        } else {
            // check if the user has already voted on image
            if (isset($_COOKIE['voted_on'])) {
                $votedArray = explode(',', $_COOKIE['voted_on']);
                if (in_array($result['id'], $votedArray)) {
                    $vote_class = "disabled";
                    $vote_text = "VOTED";
                }
            }
            $singleImage = true;
            $image_link = "/assets/images/cars/" . $result['image_name'] . ".jpg";
            $imageId = $result['id'];
        }
    }
    $query = "SELECT capacity FROM groups WHERE name='{$group}'";
    $result = $conn->query($query);
    $result = mysqli_fetch_row($result);
    echo $result[0];
}
// Try to make the connection with the database.
$connection = new Connection();
$conn = $connection->createConnection();
if ($conn) {
    // Get the action from the registration factory.
    $action = $_REQUEST['action'];
    if ($action === 'insert') {
        insertPerson($conn);
    } else {
        if ($action === 'validateId') {
            validateId($conn);
        } else {
            if ($action === 'validateEmail') {
                validateEmail($conn);
            } else {
                if ($action === 'validateGroup') {
                    validateGroup($conn);
                } else {
                    if ($action === 'decrement') {
                        decrementCapacity($conn);
                    } else {
                        if ($action === 'capacity') {
                            isThereCapacity($conn);
                        }
                    }
                }
Example #6
0
function auth(&$error)
{
    global $command, $sessionAuth, $admcookielogin, $admcookiepassword, $sessionAuth;
    global $admlogin, $admpassword, $uid, $gid, $useCookie, $group, $HTTP_POST_VARS;
    unset($error);
    switch ($HTTP_POST_VARS["command"]) {
        case "logout":
            addToLog("Logout!");
            $uid = $sessionAuth["uid"];
            logUser($uid, "LOGOUT");
            //session_unregister("sessionAuth");
            unset($_SESSION["sessionAuth"]);
            session_destroy();
            // erases cookies
            eraseCookies();
            unset($admlogin);
            unset($admpassword);
            unset($admcookielogin);
            unset($admcookiepassword);
            unset($uid);
            htmlProlog($_SERVER['PHP_SELF'], "Logout", false);
            echo "<center>\n";
            echo "You are not logged any more<br>\n";
            echo "Click <a href='index.php'>here</a> to login<br>\n";
            echo "</center>\n";
            htmlEpilog();
            die;
            break;
        case "chPassword":
            addToLog("Change pass!");
            global $chOldPass, $chNewPass, $chConfirmNewPass;
            if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group))) {
                $error = "Invalid login '{$admlogin}'";
                eraseCookies();
                return 0;
            }
            if (crypt($chOldPass, "NL") == $admpassword && $chNewPass == $chConfirmNewPass) {
                sqlquery("UPDATE user SET password='******' WHERE uid='{$uid}'");
                $admpassword = $chNewPass;
                addToLog("Changed password to '{$chNewPass}':'" . crypt($chNewPass, "NL") . "'");
                //session_unregister("sessionAuth");
                unset($_SESSION["sessionAuth"]);
                session_destroy();
            }
        case "login":
            $admpassword = crypt($admpassword, "NL");
            addToLog("Login! -- admlogin='******', admpassword='******'");
            if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group))) {
                $error = "Invalid login '{$admlogin}'";
                print $error;
                eraseCookies();
                return 0;
            }
            $sessionAuth = array("admlogin" => $admlogin, "admpassword" => $admpassword, "uid" => $uid);
            //session_register("sessionAuth");
            $_SESSION["sessionAuth"] = $sessionAuth;
            if ($useCookie) {
                setupCookies($admlogin, $admpassword);
            }
            logUser($uid, "LOGIN");
            return 1;
            break;
        default:
            if (!isset($sessionAuth) || $sessionAuth["admlogin"] == "") {
                print "no sessionauth or admlogin is blank";
                if (!isset($admcookielogin)) {
                    addToLog("cookie not set");
                    return false;
                } else {
                    $admlogin = $admcookielogin;
                    $admpassword = $admcookiepassword;
                }
            } else {
                $admlogin = $sessionAuth["admlogin"];
                $admpassword = $sessionAuth["admpassword"];
                $uid = $sessionAuth["uid"];
            }
            if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group))) {
                if (!$uid) {
                    $error = "Invalid login '{$admlogin}'";
                    eraseCookies();
                    return false;
                }
            }
            $sessionAuth = array("admlogin" => $admlogin, "admpassword" => $admpassword, "uid" => $uid);
            //session_register("sessionAuth");
            $_SESSION["sessionAuth"] = $sessionAuth;
            if ($useCookie) {
                setupCookies($admlogin, $admpassword);
            } else {
                eraseCookies();
            }
            //logUser($uid, "BROWSE");
            return 1;
            break;
    }
}
Example #7
0
require_once 'error/ErrorUtil.php';
require_once 'database/pdo_mysqlUtil.php';
require_once 'database/FileUtil.php';
require_once 'security/validation.php';
require_once 'security/rbac.php';
?>

<?php 
if (!authenticate(2)) {
    die("没有权限");
}
?>

<?php 
//PDO_Class_Wrapper version
$articleId = validateId(htmlspecialchars($_GET["articleId"]));
$aWhere = array('articleId =' => $articleId);
$data = $db->select('article', '', $aWhere)->results();
$currentArticle = $data[0];
if ($currentArticle == NULL || !isset($currentArticle['articleId']) || !$currentArticle['articleId'] > 0) {
    die("该文章不存在");
}
//删除原来的置顶图片
if ($currentArticle['type'] == 1) {
    deleteFile($currentArticle['picturePath']);
}
$db->start();
//删除附件文件
$aWhere = array('articleId =' => $articleId);
$currentArticleAttachments = $db->select('attachment', '', $aWhere)->results();
foreach ($currentArticleAttachments as $currentArticleAttachment) {
Example #8
0
require_once 'error/ErrorUtil.php';
require_once 'database/pdo_mysqlUtil.php';
require_once 'security/validation.php';
require_once 'security/rbac.php';
?>

<?php 
if (!authenticate(1)) {
    die("没有权限");
}
?>

<?php 
//PDO_Class_Wrapper version
$adminId = validateId(htmlspecialchars($_GET["adminId"]));
$aWhere = array('adminId =' => $adminId);
$admins = $db->select('admin', '', $aWhere)->results();
if (!count($admins) > 0) {
    die("该ID不存在");
}
$aWhere = array('adminId' => $adminId);
if ($db->delete('admin', $aWhere)->affectedRows() > 0) {
    echo '删除成功';
    echo '<br><a href="controller.php">返回管理页面</a>';
} else {
    die("删除失败");
}
?>

<?php 
Example #9
0
require_once 'error/ErrorUtil.php';
require_once 'database/pdo_mysqlUtil.php';
require_once 'database/FileUtil.php';
require_once 'security/validation.php';
require_once 'security/rbac.php';
?>

<?php 
if (!authenticate(2)) {
    die("没有权限");
}
?>

<?php 
//PDO_Class_Wrapper version
$photoId = validateId(htmlspecialchars($_GET["photoId"]));
$aWhere = array('photoId =' => $photoId);
$data = $db->select('photo', '', $aWhere)->results();
$currentPhoto = $data[0];
if ($currentPhoto == NULL || !isset($currentPhoto['photoId']) || !$currentPhoto['photoId'] > 0) {
    die("该照片不存在");
}
//删除照片文件
deleteFile($currentPhoto['path']);
//删除照片数据库
$aWhere = array('photoId' => $photoId);
if ($db->delete('photo', $aWhere)->affectedRows() > 0) {
    echo "删除成功" . "<br>";
    echo '<br><a href="controller.php">返回管理页面</a>';
} else {
    $db->rollback();
Example #10
0
 public static function validateId($id)
 {
     if (validateId($id)) {
         $sql_getProduct = "SELECT * FROM `st_product` WHERE id > {$id}";
         $results = Yii::app()->db->createCommand($sql_getProduct)->queryAll();
         return isset($results[0]) ? true : false;
     } else {
         return false;
     }
 }