<?php define('ROOT_PATH', ''); require_once ROOT_PATH . 'functions.php'; require_once ROOT_PATH . 'classes/recaptchalib.php'; /* login.php Login, logout, whatever. */ if (posted('logout')) { logout(); alert('Successfully logged out.', 1); } elseif (csrfVerify()) { if (limit_attempts('login', 10, 300)) { alert('Too many attempts. (no more than ten in five minutes)', -1); } elseif (posted('login')) { //Is the submit button submitted for all browsers? hm //Naturally all this stuff is useless without proper SSL security. Shhhhhhhhhhh. if (loginEmailPass($_POST['email'], $_POST['pass'])) { reset_attempts('login'); if (isset($_SESSION['login_redirect_back'])) { //--todo-- redirect back immediately, don't redirect $lr = $_SESSION['login_redirect_back']; alert('Logged in!', 1, basename($lr)); unset($_SESSION['login_redirect_back']); header('Location: ' . $lr); } else { alert('Successfully logged in!', 1); } } else { logout();
define('ROOT_PATH', ''); require_once ROOT_PATH . 'functions.php'; restrictAccess('u'); //xuca /* input.php Input of questions into the database. */ $unparsed = ''; $lastErr = error_get_clear(); if (isset($_SERVER['CONTENT_LENGTH']) && (int) $_SERVER['CONTENT_LENGTH'] > convert_to_bytes(ini_get('post_max_size'))) { echo 'File(s) too large.'; $error = true; } if (csrfVerify() && (posted("copypaste") || filed("fileupload") || posted("directentry"))) { echo '<div style="font-size:0.8em;border:solid 1px #000000;display:inline-block;padding:5px;"> <i>We are processing your questions right now...</i><br><br>'; if (posted("directentry")) { $err = ''; try { $q = new qIO(); $q->addByArray($_POST["Q"]); $q->commit(); } catch (Exception $e) { $err = "Error: " . $e->getMessage(); } if ($err == '') { echo "Questions entered successfully, with Question-IDs <b>" . arrayToRanges($q->getQIDs()) . "</b><br><br><br>"; } else { echo $err;
} foreach ($fullname as $name => $full) { $count = count($ruleSet[$name]); $checkboxoptions .= '<div><b>' . $full . '</b> '; if (csrfVerify() && posted($name)) { $_SESSION["randq"][$name] = $_POST[$name]; } elseif (!array_key_exists($name, $_SESSION["randq"])) { $_SESSION["randq"][$name] = NULL; } //Remembering in $_SESSION for ($i = 0; $i < $count; $i++) { $checkboxoptions .= '<label>' . $ruleSet[$name][$i] . ' <input type="checkbox" name="' . $name . '[]" value="' . $i . '" ' . (is_array($_SESSION["randq"][$name]) && in_array($i, $_SESSION["randq"][$name]) || $_SESSION["randq"][$name] === NULL ? 'checked' : '') . ' /></label> '; } $checkboxoptions .= '</div>'; } $_SESSION["randq"]["numqs"] = normRange(csrfVerify() ? POST("numqs") : NULL, 1, $MAX_NUMQS, $DEFAULT_NUMQS); $checkboxoptions .= "<b>Number of Questions</b> (max {$MAX_NUMQS}) <input type='number' name='numqs' value='{$_SESSION["randq"]["numqs"]}' min='1' max='{$MAX_NUMQS}'/>"; //Using the session variables set above to get random questions. //--todo-- what's the point of "add" if you're only doing it this once? Overhead w/ $Q? Really OP. if ($E = $q->clear()->addRand($_SESSION["randq"]["QParts"], $_SESSION["randq"]["Subjects"], $_SESSION["randq"]["QTypes"], $_SESSION["randq"]["numqs"])->error) { alert($E, -1); } $checkboxoptions .= '<input type="hidden" name="qidcsv" value="' . implode(',', $q->getQIDs()) . '" />' . '<br><input type="submit" value="Next" onclick="return confirm(\'Not all questions are revealed. Are you sure?\');"/>' . '<br><br><div><b>Export Below as Document:</b> <select name="docexport"><option value="QIDCSV">Question-ID comma-separated values</option><option value="HTML">HTML</option></select><input type="submit" name="getDoc" value="Export"/></div>'; ?> <!--div class='question'> <span style='display:inline-block;width:40%;'>[QID %QID%]</span><span style='display:inline-block;width:59%;text-align:right;font-size:0.8em;'><a href="#" class="editbtn">[Edit]</a></span> <div>Mark as Bad: <input type="checkbox" name="markBad[]" value="%N%"/></div> <input type="hidden" name="qids[]" value="%QID%"/> <div style='font-weight:bold;text-align:center;' class="part">%PART%</div> <div><span class="subject">%SUBJECT%</span> <i><span class="type">%TYPE%</span></i> <span class="qtext">%QUESTION%</span></div> <div style="font-size:0.9em;">%MCOPTIONS%</div>
<?php define('ROOT_PATH', ''); require_once ROOT_PATH . 'functions.php'; restrictAccess('a'); //xuca //separate face of this page: "Are you sure?" //echo $_SESSION["admin-ver"]=genRandStr(); //if($_POST["admin-ver"]===$_SESSION["admin-ver"]) //for particularly dangerous ones "Reenter password to do this action" echo '<b style="color:green">'; if (csrfVerify()) { if (isset($_POST["logout"])) { session_total_reset(); die("logged out"); } elseif (isset($_POST["truncQs"])) { DB::query("TRUNCATE TABLE questions"); alert("TRUNCATE TABLE executed.<br><br>", 1); } elseif (isset($_POST["timesViewed"])) { DB::query("UPDATE questions SET TimesViewed=0"); alert("All questions' times-viewed-s zeroed.<br><br>", 1); } elseif (isset($_POST["markBad"])) { DB::query("UPDATE questions SET MarkBad=0"); alert("All questions' marked-as-bad-s zeroed.<br><br>", 1); } elseif (isset($_POST["optimizeTables"])) { DB::query("OPTIMIZE TABLE users,questions"); alert("OPTIMIZE TABLE executed<br><br>", 1); } elseif (isset($_POST["qInt"])) { //Subject in {0,1,2,3,4} //isB and isSA in {0,1} //Question not blank or null