function deleteArticle($id_article)
{
// Si un utilisateur est connecté
if (isLoged()) {
// Requete pour effacer un article par son id
$req = 'DELETE FROM Article
WHERE id_Article = "' . $id_article . '"';
queryDB($req);
}
}
<?php
//Session management
ini_set("session.cookie_secure", 0);
session_start();
if (empty($_SESSION['token'])) {
$_SESSION['token'] = base64_encode(mcrypt_create_iv(8, MCRYPT_DEV_URANDOM));
}
if (!empty($_POST['action']) and isEqual($_POST['action'], "login") and !empty($_POST['username']) and !empty($_POST['password']) and !empty($_POST['CRSFtoken'])) {
$user = userLogin($file_db, $_POST['username'], $_POST['password'], $_POST['CRSFtoken']);
error_log($user);
} elseif (isLoged()) {
$user = userInfo($file_db, $_SESSION['userId']);
}
<?php
if (isLoged()) {
//logOut
?>
<footer class="wrapper">
<a class="admin" id="plugins"><?php
echo $translation["admin_plugins"];
?>
</a>
<a class="admin" id="CSS"><?php
echo $translation["admin_css"];
?>
</a>
<a class="admin" id="JS"><?php
echo $translation["admin_js"];
?>
</a>
<a class="admin" id="header"><?php
echo $translation["admin_header"];
?>
</a>
<a class="admin" id="footer"><?php
echo $translation["admin_footer"];
?>
</a>
<a class="admin" id="editSummary" data-lang="<?php
echo $lang;
?>
"><?php
echo $translation["admin_summary"];
function userLogin($db, $username, $password, $token)
{
error_log("In function");
if (isLoged()) {
//already loged in!
$return = false;
} else {
$login = $db->prepare("SELECT id_user, username, hash, salt FROM user WHERE username LIKE :username");
$login->bindParam(":username", $username);
$login->execute() or die('Unable to get userLogin');
$i = 0;
foreach ($login as $user) {
$i++;
if ($_SESSION['token'] != $token) {
//Not coming from the website
$return = false;
} else {
$password = crypt($password, '$6$rounds=1000$' . $user['salt']);
$password = explode("\$", $password);
$hash = $password[4];
if ($hash != $user['hash']) {
//bad password
$return = false;
} else {
//login successful
$_SESSION['userId'] = $user['id_user'];
$return = $user;
}
//in any case, refresh the token
$_SESSION['token'] = base64_encode(mcrypt_create_iv(8, MCRYPT_DEV_URANDOM));
}
}
if ($i === 0) {
$return = false;
}
}
return $return;
}
<?php require_once 'product_model.php'; require_once 'sample-data/category.php'; require_once 'config.php'; require_once 'login_model.php'; require_once 'cart_model.php'; require_once 'order_preview_model.php'; orderPreview(); ?> <?php $categories = mainCategory($DB); isLoged(); loginTime(); $cartItems = getCartItems($_SESSION['customerId']); $subtotal = 0; $total = 0; ?> <body> <h2>Your information</h2> <span>Email: <?php echo $_SESSION['email']; ?> </span></br> <span>Name: <?php echo $_SESSION['name']; ?>
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $customCSS['time']) . ' GMT', true, 200);
header('Content-Type: text/css');
echo $customCSS['CSS'];
die;
}
if (!empty($_GET['action']) and $_GET['action'] == "customJS") {
$customJS = $file_db->query("Select * FROM customJS LIMIT 0,1");
$customJS = $customJS->fetch(PDO::FETCH_ASSOC);
header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $customJS['time']) . ' GMT', true, 200);
header('Content-Type: application/javascript');
echo $customJS['JS'];
die;
}
header('Content-type: application/json');
//treat request if admin and action is set
if (isLoged() and !empty($_POST['action'])) {
//Check for CSFR token
if ($_POST['action'] == "languages") {
$result = $file_db->prepare('SELECT DISTINCT(lang) FROM settings');
$result->execute() or die('AHAH');
$langs = array();
foreach ($result as $language) {
$langs[] = $language['lang'];
}
echo JSON_encode($langs);
//only request, do not show anything
die;
} elseif ($_POST['action'] == "tags") {
$result = $file_db->prepare('SELECT DISTINCT(lang) FROM settings');
$result->execute() or die('AHAH');
foreach ($result as $language) {
