<?php // old function for switching users for Lisa require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php'; auth(); $return = array('error' => false, 'errorText' => ''); if ($_SESSION['user_id'] == '1' || $_SESSION['user_id'] == '3') { $id = intval($_POST['id']); if ($id > 0) { // switch user $q = new myQuery("SELECT * FROM user WHERE id={$id}"); $user = $q->get_one_array(); $return['name'] = $user['firstname'] . ' ' . $user['lastname']; $return['email'] = $user['email']; $_SESSION['user_id'] = $id; $return['user_id'] = $id; setcookie('user_id', $id, false, '/', $_SERVER['SERVER_NAME']); setcookie('id_hash', md5($id), false, '/', $_SERVER['SERVER_NAME']); } } else { $return['error'] = true; $return['errorText'] = "You don't have permission to switch users. ({$_SESSION['user_id']})"; } scriptReturn($return); exit;
<?php require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php'; date_default_timezone_set('Europe/London'); include DOC_ROOT . '/include/classes/PHPMailer/PHPMailerAutoload.php'; $return = array('error' => false, 'errorText' => ''); $email = my_clean($_POST['email']); $q = new myQuery("SELECT id, firstname, lastname FROM user WHERE LCASE(email)=LCASE('{$email}')"); if ($q->get_num_rows() == 1) { $res = $q->get_one_array(); $id = $res['id']; // create a new password $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789123456789"; $password = substr(str_shuffle($chars), 0, 10); $salt = '$2y$10$' . substr(md5(microtime()), 0, 21) . '$'; $hash = crypt($password, $salt); $q = new myQuery("UPDATE user SET password='******' WHERE LCASE(email)=LCASE('{$email}') AND id='{$id}'"); if (DEBUG) { $return['newpass'] = $password; } // only for debugging!!!! // email new password to the user $to = $email; $subject = 'WebMorph.org password change'; $headers = "From: lisa.debruine@glasgow.ac.uk\r\n"; $headers .= "Reply-To: lisa.debruine@glasgow.ac.uk\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; $message = "<html><body style='color: rgb(50,50,50); font-family:\"Lucida Grande\"';>" . "<p>Hi {$email},</p>\n" . "<p>You (or someone) just reset your password at <a href='http://webmorph.org'>WebMorph</a>.</p>\n" . "<div style='border: 3px solid hsl(200,100%,20%); " . " box-shadow: 2px 2px 4px rgba(0,0,0,0.5);border-radius: 1em; padding: 1em; " . " text-align: center; width: 18em; margin: auto;'>\n" . " Your new password:\n" . " <div style='font-size: 200%; margin-top: 0.5em;'>{$password}</div>\n" . "</div>\n" . "<p>You can reset your password after logging in by going to the Preferences menu option.</p>\n" . "<p>Kind regards,</p>\n" . "<p>Lisa DeBruine</p>\n" . "</body></html>\n."; $text_message = "Hi {$email},\n" . "You (or someone) just reset your password at <a href='http://webmorph.org'>WebMorph</a>.\n\n" . "Your new password: {$password} \n\n" . "You can reset your password after logging in by going to the Preferences menu option.</p>\n\n" . "Kind regards,\n" . "Lisa DeBruine\n."; //mail($to, $subject, $message, $headers);
<?php // get a user's preferences and personal data require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php'; auth(); $return = array('error' => false, 'errorText' => '', 'prefs' => array('mask_color' => 'rgb(255,255,255)', 'cross_color' => 'rgb(0,255,0)', 'selcross_color' => 'rgb(255,0,0)', 'line_color' => 'rgb(0,0,255)', 'defaultLineWidth' => 1, 'texture' => 'true', 'sample_contours' => 'true', 'show_thumbs' => 'false', 'align_pt1' => 0, 'align_pt2' => 1, 'align_x1' => 496.98, 'align_y1' => 825.688, 'align_x2' => 853.02, 'align_y2' => 825.688, 'align_w' => 1350, 'align_h' => 1800, 'defaultTem' => 1, 'normalisation' => 'none', 'warp' => 'multiscale', 'default_imageformat' => 'jpg', 'batch_names' => 'folder', 'default_project' => NULL, 'theme' => 0), 'defaultTemplates' => array('id' => 1, 'name' => 'FRL-189'), 'fm' => array()); $user = $_SESSION['user_id']; $return['user'] = $user; if (empty($user)) { $return['error'] = true; } else { $q = new myQuery("SELECT pref, prefval FROM pref WHERE user_id='{$user}'"); $myprefs = $q->get_assoc(false, 'pref', 'prefval'); foreach ($myprefs as $pref => $val) { $return['prefs'][$pref] = $val; } $q = new myQuery("SELECT * FROM user WHERE id='{$user}'"); $userinfo = $q->get_one_array(); unset($userinfo['password']); $return['prefs'] = array_merge($return['prefs'], $userinfo); $q = new myQuery("SELECT id, tem.name, notes, \n COUNT(DISTINCT l.n) as `lines`, \n COUNT(DISTINCT p.n) AS points\n FROM tem\n LEFT JOIN point AS p ON (tem.id=p.tem_id)\n LEFT JOIN line AS l ON (tem.id=l.tem_id)\n WHERE user_id='{$user}' OR public=TRUE\n GROUP BY tem.id"); $return['defaultTemplates'] = $q->get_assoc(); $_SESSION['theme'] = $return['prefs']['theme']; $q = new myQuery("SELECT name, description, equation FROM fm WHERE user_id='{$user}'"); $return['fm'] = $q->get_assoc(); } scriptReturn($return); exit;
function check_eligible() { $user_sex = $_SESSION['sex']; $user_sexpref = $_SESSION['sexpref']; $user_age = $_SESSION['age']; $query = new myQuery('SELECT lower_age, upper_age, sex, sexpref FROM quest WHERE id=' . $this->id); $expinfo = $query->get_one_array(); $eligible = true; $eligible = $eligible && (is_null($expinfo['lower_age']) || $user_age >= $expinfo['lower_age']); $eligible = $eligible && (is_null($expinfo['upper_age']) || $user_age <= $expinfo['upper_age']); $eligible = $eligible && (is_null($expinfo['sex']) || $expinfo['sex'] == 'both' || $user_sex == $expinfo['sex']); $eligible = $eligible && (is_null($expinfo['sexpref']) || $user_sexpref == $expinfo['sexpref']); return $eligible; }