$mainTextHTML = <<<HTMLCode <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <link href="{$stylesheet}" rel="stylesheet" type="text/css" /> <title> </title> </head> <body id="if"> HTMLCode; if ($idPicture) { // Prepare the database. $dbAccess = new CdbAccess(); $tablePicture = DB_PREFIX . 'Picture'; // Get picture information from the DB. $query = "SELECT * FROM {$tablePicture} WHERE idPicture = {$idPicture};"; $result = $dbAccess->SingleQuery($query); $row = $result->fetch_object(); $imageTitle = $row->namePicture; $imageDesc = nl2br($row->descriptionPicture); $normalImage = WS_PICTUREARCHIVE . PA_NORMALPREFIX . $idPicture . ".jpg"; $mainTextHTML .= <<<HTMLCode <img src='{$normalImage}' alt='a' /><br/> <div id='imgInfo'> <h2>{$imageTitle}</h2> <p>{$imageDesc}</p> </div> HTMLCode; } $mainTextHTML .= "</body>"; echo $mainTextHTML; ?>
$familyNameUser = isset($_POST['familyName']) ? $_POST['familyName'] : NULL; $eMail1User = isset($_POST['eMail1']) ? $_POST['eMail1'] : NULL; $eMail2User = isset($_POST['eMail2']) ? $_POST['eMail2'] : NULL; $redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL; $idUser = $dbAccess->WashParameter($idUser); $firstNameUser = $dbAccess->WashParameter(strip_tags($firstNameUser)); $familyNameUser = $dbAccess->WashParameter(strip_tags($familyNameUser)); $eMail1User = $dbAccess->WashParameter(strip_tags($eMail1User)); $eMail2User = $dbAccess->WashParameter(strip_tags($eMail2User)); $query = <<<QUERY UPDATE {$tableUser} SET firstNameUser = '******', familyNameUser = '******', eMail1User = '******', eMail2User = '******' WHERE idUser = '******'; QUERY; $dbAccess->SingleQuery($query); /////////////////////////////////////////////////////////////////////////////////////////////////// // Redirect to another page // // If in debug mode show info and exit. if ($debugEnable) { echo $debug; exit; } header("Location: " . WS_SITELINK . "?p={$redirect}"); exit; ?>
$debug .= "idAlbum: " . $idAlbum . "<br /> \r\n"; } /* * Prepare the database. */ $dbAccess = new CdbAccess(); $tablePerson = DB_PREFIX . 'Person'; $tableAlbum = DB_PREFIX . 'Album'; $tablePicture = DB_PREFIX . 'Picture'; /* * If $idAlbum exists the DB will be updated. Get the existing info. */ if ($idAlbum) { $idAlbum = $dbAccess->WashParameter($idAlbum); $query = "SELECT * FROM {$tableAlbum} WHERE idAlbum = {$idAlbum};"; $result = $dbAccess->SingleQuery($query); $arrayAlbum = $result->fetch_row(); $result->close(); } else { // Clear all parameters if a new user will be created. $arrayAlbum = array("", "", "", "", "", "", ""); } /* * Create the form with QuickForm2. */ require_once 'HTML/QuickForm2.php'; require_once 'HTML/QuickForm2/Renderer.php'; // Point back to the same page for validation. $formAction = WS_SITELINK . "?p=edit_alb&id=" . $idAlbum; // Create a new form object. $form = new HTML_QuickForm2('album', 'post', array('action' => $formAction), array('name' => 'album'));
/////////////////////////////////////////////////////////////////////////////////////////////////// // Kolla om account med det lösenordet finns i databasen och använd resultatet för att skapa en // session med userId, userPassword och behörighet. $query = <<<Query SELECT * FROM {$tablePerson} WHERE \taccountPerson = '{$accountPerson}' AND \tpasswordPerson \t= md5('{$passwordPerson}') ; Query; session_start(); // Återstartar efter stängningen ovan. session_regenerate_id(); $_SESSION["hitCounter"] = $hitCounter; //Återställ hitCounter så besökaren inte räknas dubbelt. if ($result = $dbAccess->SingleQuery($query)) { $row = $result->fetch_object(); if ($debugEnable) { $debug .= print_r($row, TRUE); } $_SESSION['idUser'] = $row->idPerson; $idPerson = $row->idPerson; $_SESSION['accountUser'] = $row->accountPerson; $_SESSION['nameUser'] = $row->fornamnPerson; $_SESSION['authorityUser'] = $row->behorighetPerson; if ($_SESSION['authorityUser'] != 'adm') { // Kolla om personen är funktionär. I så fall sätt authority till fnk. $query = "SELECT * FROM {$tableFunktionar} WHERE funktionar_idPerson = '{$idPerson}' ;"; if ($dbAccess->SingleQuery($query)) { $_SESSION['authorityUser'] = '******'; }
$debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br /> \n"; } /* * Kontrollera om personen har behörighet till sidan, d v s är personen på * sidan, målsman till personen på sidan eller adm. Om inte avbryt. */ $showPage = FALSE; if ($idPerson == $_SESSION['idUser']) { $showPage = TRUE; } if ($_SESSION['authorityUser'] == "adm") { $showPage = TRUE; } // Kontrollera om SESSION idUser är målsman till idPerson. $query = "SELECT * FROM {$tableRelation} WHERE relation_idElev = {$idPerson};"; if ($result = $dbAccess->SingleQuery($query)) { while ($row = $result->fetch_object()) { if ($row->relation_idMalsman == $_SESSION['idUser']) { $showPage = TRUE; } } } if (!$showPage) { // Om sidan inte får visas avbryt och visa felmeddelande. $message = "Du kan bara ändra lösenord på dig själv eller ett barn till dig."; require TP_PAGESPATH . 'login/PNoAccess.php'; } /* * Hämta den nuvarande informationen om personen ur databasen. */ $totalStatements = 5;
} else { if ($num > 48 && $num < 57) { $pwd .= chr($num); } else { if ($num == 95) { $pwd .= chr($num); } else { $i--; } } } } } // Kolla om epostadressen finns i databasen. $query = "\n SELECT idPerson, accountPerson FROM {$tablePerson} \n WHERE ePostPerson = '{$eMailAdr}';"; if ($eMailAdr and $result = $dbAccess->SingleQuery($query)) { // Adressen finns i registret. Uppdatera och skicka nytt password. $row = $result->fetch_object(); $result->close(); $query = <<<QUERY UPDATE {$tablePerson} SET passwordPerson = md5('{$pwd}') WHERE idPerson = '{$row->idPerson}'; QUERY; $dbAccess->SingleQuery($query); // Send mail $headers = WS_MAILHEADERS; $subject = "Svenska skolföreningen"; $text = "Din användarinformation till Svenska skolföreningens hemsida." . "\r\n" . "\r\n" . "Användarnamn: " . $row->accountPerson . "\r\n" . "Lösenord: " . $pwd . "\r\n" . "\r\n" . "Du kan själv logga in och ändra ditt lösenord."; mail($eMailAdr, $subject, $text, $headers); if ($debugEnable) {
} else { if ($num > 48 && $num < 57) { $pwd .= chr($num); } else { if ($num == 95) { $pwd .= chr($num); } else { $i--; } } } } } // Kolla om epostadressen finns i databasen. $query = "SELECT idPerson, accountPerson FROM {$tablePerson} WHERE ePostPerson = '{$ePost}';"; if ($ePost and $result = $dbAccess->SingleQuery($query)) { // Adressen finns i registret. Uppdatera och skicka nytt password. $row = $result->fetch_object(); $result->close(); $query = <<<QUERY UPDATE {$tablePerson} SET passwordPerson = md5('{$pwd}') WHERE idPerson = '{$row->idPerson}'; QUERY; $dbAccess->SingleQuery($query); $subject = "Nytt lösenord"; $text = <<<Text Din användarinformation till Svenska skolföreningens hemsida. Användarnamn: {$row->accountPerson} Lösenord: {$pwd}