function main_display()
{
$status = session_status();
switch ($status) {
case PHP_SESSION_DISABLED:
/*display_login_form();*/
break;
case PHP_SESSION_ACTIVE:
if (checkLogged()) {
} else {
/*session_destroy();*/
display_register_form();
}
break;
case PHP_SESSION_NONE:
/*display_login_form();*/
break;
default:
break;
}
}
<?php
require_once '../../resources/security/security.php';
$module_id = 10;
$module_name = "Quản lý thành viên";
//check đăng nhập và bảo mật
checkLogged();
//Check access module...
checkAccessModule($module_id);
$bg_errorMsg = '';
$bg_table = 'users';
$id_field = 'use_id';
$name_field = 'use_name';
$bg_filepath = '../../../pictures/avatar/';
$bg_extension = 'jpg,jpe,png,gif,jpeg';
$limit_size = 1200;
$arr_resize = array("small_" => array("quality" => 100, "width" => 240, "height" => 135), "medium_" => array("quality" => 100, "width" => 400, "height" => 225));
<?php
include 'header.php';
include "getInputSafe.php";
if (!checkLogged()) {
header("Location: main.php");
//?errorMsg=".urlencode("Illegal Access to Upload Event page!"));
return '';
}
$valid_user = validate_user();
$id = $_GET['id'];
if (!validateInput($number_match, $id)) {
header("Location: main.php?errorMsg=" . urlencode("Illegal DATA in GET to Access an Event!"));
return '';
}
//get userlist
$stmt = $dbh->prepare("SELECT * from users");
$stmt->execute(array());
$users = $stmt->fetchAll();
//get event
$stmt = $dbh->prepare("SELECT * from events \n INNER JOIN users\n ON users.id=events.owner\n INNER JOIN eventTypes\n ON eventTypes.id=events.eventtype\n WHERE events.id_event= ?");
$stmt->execute(array($id));
$event_info = $stmt->fetchAll();
if ($_SESSION['login_user'] != $event_info[0]['owner']) {
header("Location: main.php?");
return '';
}
?>
<!DOCTYPE HTML>
<html>
<head>
<?php
include 'header.php';
include 'getInputSafe.php';
include 'bmp_converter.php';
//this var should save previous inputs incase the upload fails,
//so that the user doesnt have to input everything again
//$get_for_failed;
if ($_POST['create_event_token'] !== $_SESSION['create_event_token'] || !checkLogged() || !validate_user()) {
session_destroy();
header("Location: main.php?errorMsg=" . urlencode("Illegal Upload Event try!"));
return '';
}
//error msgs - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - -
$image_type_error = "No valid image was selected. File must be of type gif, jpeg, png or bmp.";
$chars_error = "Please do not use symbols or special characters.";
$invalid_title_error = "Invalid Title.";
$invalid_title_error .= $chars_error;
$invalid_description_error = "Invalid description.";
$invalid_description_error .= $chars_error;
$invalid_date = "Invalid Date.";
$impossible_event_date = "The chosen date has already passed.";
//verify if input is valid - - - - - - - - - - - - - - - - - - - - - - - -
//validate date
$event_date = date("Y-m-d", strtotime($_POST['event_date']));
$current_datetime = date("Y-m-d H:i:s");
if (!validate_date($event_date)) {
header("Location: create_event.php?errorMsg=" . urlencode($invalid_date));
return '';
}
if (strtotime($event_date) - strtotime($current_datetime) < 0) {
<?php
session_start();
error_reporting(E_ALL);
require_once "../functions/functions.php";
require_once "../classes/database.php";
require_once '../includes/inc_constant.php';
require_once "resources/security/functions.php";
require_once "resources/security/functions_1.php";
checkLogged('login.php');
$isAdmin = getValue('isAdmin', 'int', 'SESSION', 0);
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="vi" lang="vi" xmlns:og="http://ogp.me/ns#"
xmlns:fb="https://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>Administrator Managerment</title>
<link rel="stylesheet" type="text/css" href="resources/css/bootstrap.css"/>
<link rel="stylesheet" type="text/css" href="resources/css/font-awesome.min.css"/>
<link rel="stylesheet" type="text/css" href="resources/js/enscroll.css"/>
<link rel="stylesheet" type="text/css" href="resources/css/common.css"/>
<link rel="stylesheet" type="text/css" href="resources/css/home.css"/>
<script src="resources/js/jquery.js" type="text/javascript"></script>
<script src="resources/js/enscroll-0.5.5.min.js" type="text/javascript"></script>
<script src="resources/js/home.js" type="text/javascript"></script>
<script src="resources/js/bootstrap.min.js" type="text/javascript"></script>
</head>
<body>
<div id="logocms">
<?php
<?php
include "header.php";
$event_id = $_POST['id'];
$dbh = new PDO('sqlite:database.db');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $dbh->prepare("SELECT owner from events\n\t\t\t\t\t\t\tWHERE id_event=?");
$stmt->execute(array($event_id));
$owner = $stmt->fetch();
if (!checkLogged() || $_SESSION['login_user'] != $owner['owner']) {
session_destroy();
header("Location: main.php?errorMsg=" . urlencode("Illegal event invitation!"));
return '';
}
if (isset($_POST['invite'])) {
if (is_array($_POST['invite'])) {
foreach ($_POST['invite'] as $user_id) {
$dbh = new PDO('sqlite:database.db');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $dbh->prepare("INSERT OR IGNORE INTO invitations (user_id,event_id) VALUES (?,?)");
$stmt->execute(array($user_id, $event_id));
}
} else {
$user_id = $_POST['invite'];
$dbh = new PDO('sqlite:database.db');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $dbh->prepare("INSERT INTO invitations VALUES (?,?)");
$stmt->execute(array($user_id, $event_id));
<?php
include 'header.php';
include 'getInputSafe.php';
include 'bmp_converter.php';
if (!checkLogged() || !validate_user()) {
session_destroy();
header("Location: main.php?errorMsg=" . urlencode("Illegal Upload Image try!"));
return '';
}
//error msgs - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - -
$image_type_error = "No valid image was selected. File must be of type gif, jpeg, png or bmp.";
// Database connection
$dbh = new PDO('sqlite:database.db');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//validate image
$image_type = exif_imagetype($_FILES['image']['tmp_name']);
if ($image_type == null) {
//header("Location: ". str_replace( "?errorMsg=".urlencode($image_type_error),"",$_SERVER['HTTP_REFERER'])."?errorMsg=".urlencode($image_type_error));
return '';
}
$file_extension;
switch ($image_type) {
case IMAGETYPE_GIF:
$file_extension = "gif";
break;
case IMAGETYPE_JPEG:
$file_extension = "jpg";
break;
case IMAGETYPE_PNG:
<?php
include "configRoot.php";
include "includes/requestHeader.php";
$lg = checkLogged();
if ($lg) {
Header('Location:./main/');
}
function validate_user()
{
global $login_validation_result_msg;
$login_validation_result_msg = "MMMMM";
if (!(session_status() === PHP_SESSION_ACTIVE)) {
return false;
}
if (!checkLogged()) {
$login_validation_result_msg = "Username or Password is not correct.";
return false;
}
$db = new PDO('sqlite:database.db');
$stmt = $db->prepare('SELECT username,active FROM users WHERE id = ?');
$stmt->execute(array($_SESSION['login_user']));
$result = $stmt->fetchAll();
if (count($result) < 1 || strtolower($result[0]['username']) != strtolower($_SESSION['login_username'])) {
$login_validation_result_msg = "Invalid User.";
return false;
}
if (count($result) != 1) {
$login_validation_result_msg = "A problem occurred. Your account is blocked, please contact us.";
return false;
}
if ($result[0]['active'] != 1) {
$login_validation_result_msg = "This account has not been validated";
return false;
}
return true;
}