function login($user, $pass) { global $session; if (!valid_passwd($pass) || valid_user($user, $pass, $privilege)) { $session['user'] = $user; $session['privilege'] = $privilege; echo "&end"; } else { echo "¬found"; } }
{ echo "Failed to connect to MySQL: " . mysqli_connect_error(); } else { echo "Connection successful."; } try { if (!valid_user($user)) { throw new Exception('That is not a valid email address. Please go back and try again.'); } if ($_POST['password'] != $_POST['password2']) { throw new Exception('The passwords you entered do not match - please go back and try again.'); } if ($_POST['password'] < 6 || $_POST['password'] > 15) { throw new Exception('The password you entered does not meet the required length or is too long'); }
function _try_login($username, $password) { global $wefactapiurl, $wefactapikey; if (!valid_user($username)) { return false; } $do_local_auth = true; if (isset($wefactapiurl) && isset($wefactapikey)) { $wefact = do_wefact_auth($username, $password); if (false === $wefact) { return false; } if (-1 !== $wefact) { $do_local_auth = false; } } if ($do_local_auth && !do_db_auth($username, $password)) { return false; } $user = get_user_info($username); if (!$user) { return false; } else { _set_current_user($username, (bool) $user['isadmin']); if (session_id()) { session_unset(); session_destroy(); } session_start() or die('session failure: could not start session'); session_regenerate_id(true) or die('session failure: regenerated id failed'); session_unset(); $_SESSION['username'] = $username; # requires session: _check_csrf_token($user); return true; } }
function add_db_zone($zonename, $ownername) { if (valid_user($ownername) === false) { jtable_respond(null, 'error', "{$ownername} is not a valid username"); } if (!_valid_label($zonename)) { jtable_respond(null, 'error', "{$zonename} is not a valid zonename"); } if (is_apiuser() && !user_exists($ownername)) { add_user($ownername); } $db = get_db(); $q = $db->prepare("INSERT OR REPLACE INTO zones (zone, owner) VALUES (?, (SELECT id FROM users WHERE emailaddress = ?))"); $q->bindValue(1, $zonename, SQLITE3_TEXT); $q->bindValue(2, $ownername, SQLITE3_TEXT); $q->execute(); $db->close(); }
function get_project(&$response) { // Make sure we have a projectid. if (!isset($_REQUEST['project'])) { $response['error'] = 'No projectid specified'; http_response_code(400); return false; } if (!is_array($_REQUEST['project'])) { $_REQUEST['project'] = json_decode($_REQUEST['project'], true); } if (!isset($_REQUEST['project']['Id'])) { $response['error'] = 'No projectid specified'; http_response_code(400); return false; } $projectid = $_REQUEST['project']['Id']; if (!is_numeric($projectid) || $projectid < 1) { $response['error'] = 'No projectid specified'; http_response_code(400); return false; } // Make sure the project exists. $Project = new Project(); $Project->Id = $projectid; if (!$Project->Exists()) { $response['error'] = 'This project does not exist.'; http_response_code(400); return false; } // Make sure we have an authenticated user that has access to this project. if (!valid_user($reponse, $projectid)) { return false; } return $Project; }
<?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); $queryadd = ""; $colspan = 2; if ($user_level == 1) { $queryadd = " AND call_user = {$user_id}"; $colspan = 1; } if (isset($_GET['user_id'])) { $queryadd = " AND call_user = "******"SELECT call_id,call_date,call_first_name,call_last_name,call_request,call_department,call_device from site_calls WHERE (call_status = 0) $queryadd order by call_id desc;"; $myquery = "SELECT call_id,call_date,call_first_name,call_last_name,call_request,call_department,call_device from site_calls WHERE (call_status = 0) order by call_id desc;"; $site_calls = $db->get_results($myquery); $num = $db->num_rows; //$db->debug(); echo "<h4><i class='fa fa-tags'></i> Laporan Masalah <small>[ {$num} ]</small></h4>"; if ($num > 0) { ?> <table class="<?php echo $table_style_1; ?> " style='width: auto;'> <tr>
} $user_pending = 0; if (isset($_POST['user_pending'])) { $user_pending_value = $db->escape($_POST['user_pending']); if ($user_pending_value == 1) { $user_pending = 1; } } $db->query("UPDATE site_users SET {$user_password_set} user_email='{$user_email}',user_name='{$user_name}',user_phone='{$user_phone}',user_address='{$user_address}',user_city='{$user_city}',user_state='{$user_state}',user_zip='{$user_zip}',user_country='{$user_country}',user_level={$user_level},user_msg_send={$user_msg_send},user_protect_edit={$user_protect_edit},user_pending={$user_pending} where user_id = {$url_user_id};"); $actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 250px;\">\n <button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>\n User Update Successful.\n </div>"; //$db->debug(); } } //</UPDATE> if (isset($_REQUEST['url_user_id'])) { $url_user_id = valid_user($_REQUEST['url_user_id']); $site_users = $db->get_row("SELECT user_login,user_password,user_name,user_address,user_city,user_state,user_zip,user_country,user_phone,user_email,user_msg_send,user_protect_edit,user_pending,user_level FROM site_users WHERE (user_id = {$url_user_id}) limit 1;"); $user_msg_send = $site_users->user_msg_send; $user_protect_edit = $site_users->user_protect_edit; $user_pending = $site_users->user_pending; } $nacl = md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};")); echo $actionstatus; ?> <p><a href="fhd_users.php">Users</a></p> <form action="fhd_edit_user.php" method="post" class="form-horizontal"> <table class="<?php echo $table_style_2; ?>
} if (user_exists($emailaddress)) { jtable_respond(null, 'error', 'User already exists'); } if (add_user($emailaddress, $isadmin, $password)) { $result = array('emailaddress' => $emailaddress, 'isadmin' => $isadmin); jtable_respond($result, 'single'); } else { jtable_respond(null, 'error', 'Could not create user'); } break; case "update": $emailaddress = isset($_POST['emailaddress']) ? $_POST['emailaddress'] : ''; $isadmin = isset($_POST['isadmin']) ? $_POST['isadmin'] : '0'; $password = isset($_POST['password']) ? $_POST['password'] : ''; if (!valid_user($emailaddress)) { jtable_respond(null, 'error', "Please only use ^[a-z0-9@_.-]+\$ for usernames"); } if (!user_exists($emailaddress)) { jtable_respond(null, 'error', 'Cannot update not existing user'); } if (update_user($emailaddress, $isadmin, $password)) { $result = array('emailaddress' => $emailaddress, 'isadmin' => $isadmin); jtable_respond($result, 'single'); } else { jtable_respond(null, 'error', 'Could not update user'); } break; case "delete": if (delete_user($_POST['id']) !== FALSE) { jtable_respond(null, 'delete');
function get_real_rcontent($ResultadoExtendido, $rcontent_original, $bookid) { global $DB; log_to_file("Forzar Guardar"); $rcontentoriginalid = $ResultadoExtendido->idContenidoLMS; log_to_file('Original rcontenid:' . $rcontentoriginalid); // Search UNIT $unit = false; if (isset($ResultadoExtendido->idUnidad) && !empty($ResultadoExtendido->idUnidad)) { $unit = rcommon_unit::get_from_code($ResultadoExtendido->idUnidad, $bookid); } if (!$unit) { // No unit provided, the real rcontent is the original return false; } log_to_file('unit:' . $unit->code . '-' . $unit->id); // Search ACTIVITY $activity = false; if (isset($ResultadoExtendido->idActividad) && !empty($ResultadoExtendido->idActividad)) { $activity = rcommon_activity::get_from_code($ResultadoExtendido->idActividad, $unit->id, $bookid); } if ($activity) { log_to_file('activity:' . $activity->code . '-' . $activity->id); if ($rcontent_original->unitid == $unit->id && $rcontent_original->activityid == $activity->id) { // Unit and activity match, the real rcontent is the original return $rcontent_original; } } else { if ($rcontent_original->unitid == $unit->id) { // Unit match but No activity provided, the real rcontent is the original return $rcontent_original; } } $rcontents = false; // ALL OK Searching for real Rcontent with activity if ($activity) { $rcontents = $DB->get_records('rcontent', array('bookid' => $bookid, 'unitid' => $unit->id, 'activityid' => $activity->id), 'id'); } // Not found with activity Searching for real Rcontent without activity if (!$rcontents) { $rcontents = $DB->get_records('rcontent', array('bookid' => $bookid, 'unitid' => $unit->id), 'id'); } // Something found, validating data if ($rcontents) { //Filter only the Rcontets with user access $filtered_rcontents = array(); foreach ($rcontents as $rcontent) { if (valid_user($ResultadoExtendido->idUsuario, $rcontent->course)) { $cm = get_coursemodule_from_instance('rcontent', $rcontent->id, $rcontent->course); $contextmodule = context_module::instance($cm->id); if (has_capability('mod/rcontent:savetrack', $contextmodule, $ResultadoExtendido->idUsuario)) { $filtered_rcontents[] = $rcontent; } } } if ($filtered_rcontents) { if (count($filtered_rcontents) == 1) { // Only one record, OK! return array_shift($filtered_rcontents); } else { log_to_file('Warning, more than one valid rcontent found'); // More than one, try courses first foreach ($rcontents as $rcontent) { if ($rcontent->course == $rcontent_original->course) { // First with the same course log_to_file('Returned the first with the same course'); return $rcontent; } } log_to_file('All rcontents found outside the original course, returning the first'); return array_shift($rcontents); } } } // Not found, no need to save nothing return false; }