/** * Created by PhpStorm. * User: Nima * Date: 7/26/2015 * Time: 5:20 AM */ function AddAttributes($userid, $ignoreReadonly = false) { if ($userid == GetUserId()) { return 'title="Can\'t change own settings"' . ($ignoreReadonly ? "disabled" : "disabled readonly"); } return $_SESSION['type'] == 'admin' ? '' : 'title="Insufficient Privileges"' . ($ignoreReadonly ? "disabled" : "disabled readonly"); }
<?php // login.php - log user in // // D Provine, 2 August 2013 session_name('reglogin'); session_start(); // Check the form was filled in correctly if (!isset($_POST['username']) || !isset($_POST['password'])) { die("You did not fill in the form correctly. Try again."); } include "/export/home/mclaug67/source_html/public_html/awp/PhotoSite/Connect-webuser.php"; include "DB_Functions.php"; $dbh = ConnectDB(); $user_id = GetUserId($dbh, $_POST['username'], $_POST['password']); echo "<pre>\n"; print_r($userdata); echo "</pre>"; if ($user_id == -1) { die("Username/password incorrect. Try again."); } else { $_SESSION['username'] = $_POST['username']; $_SESSION['user_id'] = $user_id; header("Location: user_page.php"); } //header("Location: ./user_page.php");
$error = "შეიყვანეთ თანხის რაოდენობა \n *მხოლოდ ციფრები!"; } break; case 'take-money': $object_id = $_REQUEST['obj_id']; $money = $_REQUEST['money-amount']; $comment = $_REQUEST['comment']; $username = $_REQUEST['username']; $password = $_REQUEST['password']; $array = GetWarehouseMoney(); if (is_numeric($money)) { global $pos; $check = $pos->CheckUser($username, $password); if ($check) { if ($array >= $money) { $pos->pos_out(GetUserId($username), $object_id, $money, $comment); } else { $error = "არასაკმარისი თანხა!"; } } else { $error = "მომხმარებლის სახელი ან პაროლი არასწორია!"; } } else { $error = "შეიყვანეთ თანხის რაოდენობა \n *მხოლოდ ციფრები!"; } break; case 'pos-check': $object_id = $_REQUEST['obj_id']; $real_money = $_REQUEST['money-amount']; $user_id = $_COOKIE['USERID']; $comment = $_REQUEST['comment'];
$passCount = 0; $typeCount = 0; $deleteCount = 0; $passText = "Password for the following users successfully changed:"; $typeText = "The account type for the following users successfully changed:"; $deleteText = "The following users were successfully deleted:"; foreach ($userInfo as $id => $info) { if (!empty($info['pass']) && !empty($info['confpass']) && strcmp($info['pass'], $info['confpass']) == 0) { $passHash = sha1(filter_var($info['pass'], FILTER_SANITIZE_STRING)); $query = $dbConnection->prepare("UPDATE `user_info` " . "SET `password` = ? " . "WHERE `user_id` = ?"); if ($query && !$query->errno) { $query->bind_param('si', $passHash, $id); if ($query->execute()) { $passText .= "\\n{$info['username']}"; $passCount++; if ($id == GetUserId()) { $redirectToHome = true; } } } } if (!empty($info['oldtype']) && !empty($info['type']) && strcmp($info['oldtype'], $info['type']) != 0) { $query = $dbConnection->prepare("UPDATE `user_info` " . "SET `type` = ? " . "WHERE `user_id` = ? " . "AND `type` = ?"); if ($query && !$query->errno) { $query->bind_param('sis', $info['type'], $id, $info['oldtype']); if ($query->execute()) { $typeText .= "\\n{$info['username']}"; $typeCount++; } } }
<?php include_once '../inc/auth.php'; if (issetPostVal("user_id") == GetUserId() && isset($_POST['inputPass'], $_POST['newPass'], $_POST['newPassConf']) && $_POST['newPass'] == $_POST['newPassConf']) { $oldPass = sha1(filter_var($_POST['inputPass'], FILTER_SANITIZE_STRING)); $newPass = sha1(filter_var($_POST['newPass'], FILTER_SANITIZE_STRING)); if ($oldPass && $newPass) { $dbConnection = initialize(); $query = $dbConnection->prepare("UPDATE `user_info` " . "SET `password` = ? " . "WHERE `user_id` = ? " . "AND `password` = ?"); if ($query && !$query->errno) { $query->bind_param('sss', $newPass, $_POST['user_id'], $oldPass); if ($query->execute()) { InvalidateAuth(); print "<script type=\"text/javascript\">alert(\"Password sucessfully changed!\");</script>"; print "<script type=\"text/javascript\">window.location.replace(\"../login.php\");</script>"; die; } } } } print "<script type=\"text/javascript\">alert(\"Password change failed. Try again.\");</script>"; print "<script type=\"text/javascript\">window.location.replace(\"../changePass.php\");</script>"; die;
<ul class="nav nav-sidebar"> <li><a href="settings.php">Admin List</a></li> <li class="active"><a href="<?php print getLinkWithGet(array(), $_SERVER['PHP_SELF'], $_GET); ?> ">Change Password</a></li> </ul> </div> <div class="col-sm-9 col-sm-offset-3 col-md-10 col-md-offset-2 main"> <h1 class="page-header">Settings</h1> <h2 class="sub-header">Change Password</h2> <div class="table-responsive"> <form action="forms/pass_submit.php" method="post" id="passwordForm"> <input type="hidden" name="user_id" value="<?php print GetUserId(); ?> "> <table> <tbody> <tr> <td><label for="inputPass">Previous Password: </label></td> <td><input type="password" id="inputPass" name="inputPass" required autofocus></td> </tr> <tr> <td><label for="newPass">New Password: </label></td> <td><input type="password" id="newPass" name="newPass" required></td> </tr> <tr> <td><label for="newPassConf">Confirm New Password: </label></td> <td><input type="password" id="newPassConf" name="newPassConf" required></td>
<?php require_once 'model/user-functions.php'; $errors = array(); // array to hold validation errors $data = array(); // array to pass back data if (empty($_POST['email'])) { $errors['email'] = 'Email is required.'; } if (empty($_POST['password'])) { $errors['password'] = '******'; } // if there are any errors in our errors array, return a success boolean of false if (!empty($errors)) { // if there are items in our errors array, return those errors $data['success'] = false; $data['errors'] = $errors; } else { // show a message of success and provide a true success variable $data['success'] = true; $data['message'] = 'Success!'; if (ExistUser($bdd, $_POST['email'])) { $_SESSION['user_id'] = GetUserId($bdd, $_POST['email']); $data['url'] = ROOT_HOST . 'home'; } } header('Content-Type: application/json'); echo json_encode($data);