public function frontend($variables) { require_once 'classes/userSession.php'; global $classUserSession; if (!isset($classUserSession)) { $classUserSession = new userSession(); } //If logging in... if (isset($_POST['loginDialogueUsername'])) { echo "<div class='loginDialogue postInformation'>"; if ($classUserSession->startSession($_POST['loginDialogueUsername'], $_POST['loginDialoguePassword'])) { echo 'Login successful.'; } else { echo 'Could not confirm user details provided.'; } echo '</div>'; } //If logging out... if (isset($_POST['loginDialogueLogout'])) { if ($_POST['loginDialogueLogout'] == 1) { $classUserSession->endSession(); } } //To display if ($classUserSession->checkSession() == true) { echo "<div class='loginDialogue'><form id='loginDialogue' action='?' method='post'>" . "<input type='hidden' name='loginDialogueLogout' value='1'>" . "<div class='loginDialogue logout submit'><input type='submit' value='Logout'></div>" . '</form></div>'; } else { echo "<div class='loginDialogue'><form id='loginDialogue' action='?' method='post'>" . "<div class='loginDialogue username'>Username: <input type='text' name='loginDialogueUsername' required'></div>" . "<div class='loginDialogue password'>Password: <input type='password' name='loginDialoguePassword'></div>" . "<div class='loginDialogue submit'><input type='submit' value='Submit'></div>" . '</form></div>'; } }
public function frontend($variables) { global $classDatabase; global $classPageInfo; require_once 'classes/userDetails.php'; global $classUserDetails; if (!isset($classUserDetails)) { $classUserDetails = new userDetails(); } require_once 'classes/userSession.php'; global $classUserSession; if (!isset($classUserSession)) { $classUserSession = new userSession(); } if ($classPageInfo->permissionWrite) { //POST reply //Only post if a $_POST['threadID'] is given if (isset($_POST['threadID'])) { echo "<div class='postReply postInformation'>"; if (str_replace(' ', '', $_POST['textArea']) == '') { echo 'Your reply requires some text!'; } else { $userCheck = false; if ($classUserSession->checkSession()) { $userCheck = true; } else { if (isset($_POST['username']) && isset($_POST['password'])) { $userCheck = $classUserDetails->checkDetails($_POST['username'], $_POST['password']); } } if ($userCheck) { $userIdent = 0; if ($classUserSession->checkSession()) { $userIdent = $classUserSession->returnUserID(); } else { $userIdent = $classDatabase->psUserSelectIDWhereUsernameEquals($_POST['username']); } $classDatabase->psPostsInsertThreadIDTextCreateTimeCreateIPuserID($_POST['threadID'], strip_tags($_POST['textArea']), date('Y-m-d H:i:s'), $_SERVER['REMOTE_ADDR'], $userIdent); $classDatabase->psThreadsIncrementTotalRepliesWhereIDEquals($_POST['threadID']); $classDatabase->psThreadsBumporderPointWhereIDEquals($_POST['threadID']); } else { echo 'Could not confirm user details provided.'; } } echo '</div>'; } //Display form echo "<div class='createReply form'><form id='createReplyForm' action='?' method='post'>" . "<div class='createReply head'>Reply to thread:</div>" . "<div class='createReply text'>Text: <textarea form='createReplyForm' name='textArea' rows='6'></textarea></div>" . "<div class='createReply static'>" . "<input type='submit' value='Submit'>"; if (!$classUserSession->checkSession()) { echo "<div class='createReply userDetails'>" . "<div class='createReply username'>Username: <input type='text' name='username' value='anonymous'></div>" . "<div class='createReply password'>Password: <input type='password' name='password'></div>" . '</div>'; } echo "<div class='createReply boardID'>Thread ID: <input type='text' name='threadID' readonly required value='{$classPageInfo->threadID}'></div>" . "<div class='createReply markupLink'>Formatting Markup</div>" . '</div>' . '</form></div>'; } }
public function frontend($variables) { global $classDatabase; global $classPageInfo; require_once 'classes/userDetails.php'; global $classUserDetails; if (!isset($classUserDetails)) { $classUserDetails = new userDetails(); } require_once 'classes/userSession.php'; global $classUserSession; if (!isset($classUserSession)) { $classUserSession = new userSession(); } if ($classPageInfo->permissionWrite) { echo "<div class='createThread form'><form id='createThreadForm' action='?' method='post'>" . "<div class='createThread head'>Create a new thread:</div>" . "<div class='createThread title'>Title: <input type='text' name='threadTitle' required'></div>"; if (!$classUserSession->checkSession()) { echo "<div class='createThread userDetails'>" . "<div class='createThread username'>Username: <input type='text' name='username' value='anonymous'></div>" . "<div class='createThread password'>Password: <input type='text' name='password'></div>" . '</div>'; } echo "<div class='createThread link'>Link: <input type='text' name='subject'></div>" . "<div class='createThread text'>Text: <textarea form='createThreadForm' name='textArea' rows='6'></textarea></div>" . "<div class='createThread static'>" . "<input type='submit' value='Submit'>" . "<div class='createThread markupLink'>Formatting Markup</div>" . "<div class='createThread boardID'>Board ID: <input type='text' name='boardID' readonly required value='{$classPageInfo->boardID}'></div>" . '</div>' . '</form></div>'; //POST THREAD //Only post if a $_POST['boardID'] is given if (isset($_POST['boardID'])) { echo "<div class='postThread postInformation'>"; if (str_replace(' ', '', $_POST['threadTitle']) == '') { echo 'Your post requires a title.'; } else { $userCheck = false; if ($classUserSession->checkSession()) { $userCheck = true; } else { if (isset($_POST['username']) && isset($_POST['password'])) { $userCheck = $classUserDetails->checkDetails($_POST['username'], $_POST['password']); } } if ($userCheck) { $userIdent = 0; if ($classUserSession->checkSession()) { $userIdent = $classUserSession->returnUserID(); } else { $userIdent = $classDatabase->psUserSelectIDWhereUsernameEquals($_POST['username']); } $classDatabase->psThreadsInsertBoardIDTitleLinkTextCreateTimeCreateIPUserID_Bump($_POST['boardID'], strip_tags($_POST['threadTitle']), strip_tags($_POST['subject']), strip_tags($_POST['textArea']), date('Y-m-d H:i:s'), $_SERVER['REMOTE_ADDR'], $userIdent); } else { echo 'Could not confirm user details provided.'; } } echo '</div>'; } } }
public function determine() { global $classDatabase; if (!isset($classDatabase)) { $classDatabase = new database(); } global $classPageInfo; //If no bid, tid or sid is given user must be trying to access the home page! if (current(array_keys($_GET)) == null) { $classPageInfo->pageID = 1; return 'home'; } //Set page number (For results in boards and threads) if (isset($_GET['page'])) { $classPageInfo->pageNum = $_GET['page']; } else { $classPageInfo->pageNum = 1; } //If the first key is 'bid' (Board ID) if (current(array_keys($_GET)) == 'bid') { $classPageInfo->boardTitle = $_GET['bid']; $board = $classDatabase->psBoardSelectIDWhereBoardTitleEquals($_GET['bid']); //Get permissions for current user in this board's category require_once 'classes/userSession.php'; global $classUserSession; if (!isset($classUserSession)) { $classUserSession = new userSession(); } $classPageInfo->pageCatagory = $classDatabase->psBoardSelectCategoryIDWhereBoardIDEquals($board); $classPageInfo->permissionRead = $classUserSession->checkPermissions($classPageInfo->pageCatagory, 1); $classPageInfo->permissionWrite = $classUserSession->checkPermissions($classPageInfo->pageCatagory, 2); $classPageInfo->permissionModerate = $classUserSession->checkPermissions($classPageInfo->pageCatagory, 3); //If the second key is 'tid' (Thread ID) if (next(array_keys($_GET)) == 'tid') { //It must be trying to link to a thread, but does the thread exist within this board? $thread = $classDatabase->psThreadsSelectIDWhereBoardTitleEquals($_GET['bid'], $_GET['tid']); if ($thread != null && $classPageInfo->permissionRead) { //The thread exists, direct user to page that displays thread ONLY if we have read permission for the page $classPageInfo->pageID = 3; return 'thread'; } //If the thread doesn't exist, go on to see if the board does. } //If not, it must be trying to link to a board, but does the board exist? Only return yes if it does and we have permission if ($board != null && $classPageInfo->permissionRead) { $classPageInfo->pageID = 2; return 'board'; } /*else { Commented out. 404 in the case permissions are bad or that we don't have that board now. //If the board doesn't exist just send the user to the home page $classPageInfo->pageID = 1; return 'home'; }*/ } //If not it might be a static page if (isset($_GET['sid'])) { //But down that static page exist? $staticPages = $classDatabase->psPagesSelectIDCatagoryWhereTitleEquals($_GET['sid']); if ($staticPages[0] != null) { //The page exists, but do we have view/read permission for the page in question require_once 'classes/userSession.php'; global $classUserSession; if (!isset($classUserSession)) { $classUserSession = new userSession(); } if ($staticPages[1] == 0 || $classUserSession->checkPermissions($staticPages[1], 1)) { //A page with cat of 0 will be assumed public as defined in database... //We have permission, return the name back! $classPageInfo->pageID = $staticPages[0]; return $_GET['sid']; } } } //If not it must be a 404? $classPageInfo->pageID = 4; return '404'; }
<?php include 'includes.php'; session_start(); $username = @$_REQUEST['username']; $password = @$_REQUEST['password']; $session = @$_GET['session']; class userSession { function startSession($username, $password) { if (validateConnexion($username, $password)) { @($_SESSION['user'] = $username); //setcookie('user',$username,time()+365*24*3600); } } function endSession() { session_destroy(); } } $userSession = new userSession(); if ($session === 'start') { $userSession->startSession($username, $password); } else { if ($session === 'end') { $userSession->endSession(); } } header('Location: index.php');