function createAction() { $config = getConfig(); $params = $config['memcache']; $table = ['name' => 'item', 'dbname' => 'db_vktest', 'as' => 'i']; $item = handleRequest($_POST); $mysqli = db_mysqli_connect($table['dbname']); $queryInsert = "INSERT INTO item (name,description,price,url) VALUES (" . "'" . mysqli_real_escape_string($mysqli, $item['name']) . "'," . "'" . mysqli_real_escape_string($mysqli, $item['description']) . "'," . $item['price'] . "," . "'" . mysqli_real_escape_string($mysqli, $item['url']) . "'" . ")"; $resultInsert = mysqli_query($mysqli, $queryInsert); $resultError = mysqli_error($mysqli); db_mysqli_close($mysqli); if (!$resultInsert) { addAlert('danger', 'Произошла ошибка записи:' . $resultError); $url = 'http://' . $_SERVER['HTTP_HOST'] . "/"; header('Location: ' . $url); exit; } //another proc $pid = pcntl_fork(); if ($pid == 0) { changeCountItemsById(1, 1); exit(0); } addAlert('success', 'Продукт добавлен'); $url = 'http://' . $_SERVER['HTTP_HOST'] . "/"; header('Location: ' . $url); }
function db_mysqli_connect($db_name) { $config = getConfig(); $dbParam = $config['databases'][$db_name]; $mysqli = mysqli_connect($dbParam['host'], $dbParam['user'], $dbParam['password'], $db_name, $dbParam['port']); if (mysqli_connect_errno()) { addAlert('danger', 'Нет подключения к базе данных:' . mysqli_connect_error()); $url = 'http://' . $_SERVER['HTTP_HOST'] . "/"; header('Location: ' . $url); exit; } return $mysqli; }
function updateAction() { $config = getConfig(); $table = ['name' => 'item', 'dbname' => 'db_vktest', 'as' => 'i']; $item = handleRequest($_POST); $mysqli = db_mysqli_connect($table['dbname']); $queryUpdate = "UPDATE item SET " . "name='" . mysqli_real_escape_string($mysqli, $item['name']) . "'," . "description='" . mysqli_real_escape_string($mysqli, $item['description']) . "'," . "price=" . $item['price'] . "," . "url='" . mysqli_real_escape_string($mysqli, $item['url']) . "'" . " WHERE iditem=" . $item['iditem']; $resultUpdate = mysqli_query($mysqli, $queryUpdate); $resultError = mysqli_error($mysqli); db_mysqli_close($mysqli); if (!$resultUpdate) { addAlert('danger', 'Произошла ошибка записи:' . $resultError); $url = 'http://' . $_SERVER['HTTP_HOST'] . "/"; header('Location: ' . $url); exit; } addAlert('success', 'Продукт сохранен!'); $url = 'http://' . $_SERVER['HTTP_HOST'] . "/"; header('Location: ' . $url); }
} else { if ($group_id) { // Attempt to load action permits for the specified group. if (!($results = loadGroupActionPermits($group_id))) { apiReturnError($ajax, getReferralPage()); } } else { if ($all == "users") { // Attempt to load action permits for all users if (!($results = loadUserActionPermits("all"))) { apiReturnError($ajax, getReferralPage()); } } else { if ($all == "groups") { // Attempt to load action permits for all groups if (!($results = loadGroupActionPermits("all"))) { apiReturnError($ajax, getReferralPage()); } } else { addAlert("danger", "user_id, group_id, or all must be specified."); apiReturnError($ajax, getReferralPage()); } } } } restore_error_handler(); if ($pretty) { echo prettyPrint(json_encode($results, JSON_PRETTY_PRINT)); } else { echo json_encode($results); }
// Update an action_permit mapping for a user or group. // POST: action_id, permit, [user_id, group_id] $validator = new Validator(); $action_id = $validator->requiredPostVar('action_id'); $permit = $validator->requiredPostVar('permit'); $group_id = $validator->optionalPostVar('group_id'); $user_id = $validator->optionalPostVar('user_id'); // Add alerts for any failed input validation foreach ($validator->errors as $error) { addAlert("danger", $error); } if (count($validator->errors) > 0) { apiReturnError($ajax, getReferralPage()); } //Forms posted if ($group_id) { if (!updateGroupActionPermit($action_id, $group_id, $permit)) { apiReturnError($ajax, getReferralPage()); } } else { if ($user_id) { if (!updateUserActionPermit($action_id, $user_id, $permit)) { apiReturnError($ajax, getReferralPage()); } } else { addAlert("danger", "You must specify a user or group id!"); apiReturnError($ajax, getReferralPage()); } } restore_error_handler(); apiReturnSuccess($ajax, getReferralPage());
function fetchUserMin($user_id) { try { global $db_table_prefix; $results = array(); $db = pdoConnect(); $sqlVars = array(); $query = "select {$db_table_prefix}users.id as user_id, user_name, display_name from {$db_table_prefix}users where {$db_table_prefix}users.id = :user_id"; $sqlVars[':user_id'] = $user_id; $stmt = $db->prepare($query); $stmt->execute($sqlVars); if (!($results = $stmt->fetch(PDO::FETCH_ASSOC))) { addAlert("danger", "Invalid user id specified"); return false; } $stmt = null; return $results; } catch (PDOException $e) { addAlert("danger", "Oops, looks like our database encountered an error."); error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage()); return false; } catch (ErrorException $e) { addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs."); return false; } }
//Success, user details have been updated in the db now mail this information out. $successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT"); } } } } } } } } else { $errors[] = lang("NO_DATA"); } restore_error_handler(); foreach ($errors as $error) { addAlert("danger", $error); } foreach ($successes as $success) { addAlert("success", $success); } if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true") { echo json_encode(array("errors" => count($errors), "successes" => count($successes))); } else { // Send successes to the home page, while errors should return them to the activation page. if (count($errors) == 0) { header('Location: index.php'); exit; } else { header('Location: resend_activation.php'); exit; } }
if ($self) { //Confirm the hashes match before updating a users password if ($passwordcheck == "") { addAlert("danger", lang("ACCOUNT_SPECIFY_PASSWORD")); apiReturnError($ajax, getReferralPage()); } else { if (!passwordVerifyUF($passwordcheck, $loggedInUser->hash_pw)) { //No match addAlert("danger", lang("ACCOUNT_PASSWORD_INVALID")); apiReturnError($ajax, getReferralPage()); } } } // Prevent updating if someone attempts to update with the same password if (passwordVerifyUF($password, $loggedInUser->hash_pw)) { addAlert("danger", lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE")); apiReturnError($ajax, getReferralPage()); } if (!($password_hash = updateUserPassword($user_id, $password, $passwordc))) { $error_count++; } else { // If we're updating for the currently logged in user, update their hash_pw field if ($self) { $loggedInUser->hash_pw = $password_hash; } $success_count++; } } //Remove groups if (!empty($rm_groups)) { // Convert string of comma-separated group_id's into array
if (!isUserLoggedIn()) { addAlert("danger", "You must be logged in to access this resource."); echo json_encode(array("errors" => 1, "successes" => 0)); exit; } // GET Parameters: [user_id, group_id, limit] // If a user_id is specified, attempt to load information for the specified user (self if set to 0). // If a group_id is specified, attempt to load information for all users in the specified group. // Otherwise, attempt to load all users. $validator = new Validator(); $limit = $validator->optionalGetVar('limit'); $user_id = $validator->optionalGetVar('user_id'); $group_id = $validator->optionalGetVar('group_id'); // Add alerts for any failed input validation foreach ($validator->errors as $error) { addAlert("danger", $error); } if ($user_id) { // Special case to load groups for the logged in user if ($user_id == "0") { $user_id = $loggedInUser->user_id; } if (!($results = loadUser($user_id))) { echo json_encode(array("errors" => 1, "successes" => 0)); exit; } } else { if ($group_id) { if (!($results = loadUsersInGroup($group_id))) { echo json_encode(array("errors" => 1, "successes" => 0)); exit;
By Alex Weissman Copyright (c) 2014 Based on the UserCake user management system, v2.0.2. Copyright (c) 2009-2012 UserFrosting, like UserCake, is 100% free and open-source. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ require_once "../models/config.php"; // Always a publically accessible script if ($_SERVER['REQUEST_METHOD'] == 'POST') { addAlert($_POST['type'], $_POST['message']); } if ($_SERVER['REQUEST_METHOD'] == 'GET') { echo json_encode($_SESSION["userAlerts"]); // Reset alerts after they have been delivered $_SESSION["userAlerts"] = array(); }
furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ require_once "models/config.php"; setReferralPage(getAbsoluteDocumentPath(__FILE__)); //Prevent the user visiting the logged in page if he/she is already logged in if (isUserLoggedIn()) { addAlert("danger", "I'm sorry, you cannot request an activation email while logged in. Please log out first."); apiReturnError(false, SITE_ROOT); } ?> <!DOCTYPE html> <html lang="en"> <?php echo renderTemplate("head.html", array("#SITE_ROOT#" => SITE_ROOT, "#SITE_TITLE#" => SITE_TITLE, "#PAGE_TITLE#" => "Resend Activation")); ?> <body> <div class="container"> <div class="header"> <ul class="nav nav-pills navbar pull-right"> </ul>
// Try to create the new user if (!($new_user_id = createUser($user_name, $display_name, $email, $title, $password, $passwordc, $require_activation, $admin))) { echo json_encode(array("errors" => 1, "successes" => 0)); exit; } // If creation succeeds, add default groups for new users /*if (dbAddUserToDefaultGroups($new_user_id)){ // Uncomment this if you want self-registered users to know about permission groups //$successes[] = lang("ACCOUNT_PERMISSION_ADDED", array ($addition_count)); } else { if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true" ){ echo json_encode(array("errors" => 1, "successes" => 0)); } else { header('Location: register_root.php'); } exit(); }*/ // Set the primary group as the "Admin" group updateUserField('1', 'primary_group_id', '2'); // Account creation was successful! // On success, create the success message and delete the activation token deleteConfigParameter('root_account_config_token'); addAlert("success", "You have successfully created the root account. Please delete this installation folder and log in via login.php."); addAlert("success", "<a href='../login.php'>Click Here</a> to login"); } else { echo json_encode(array("errors" => $error_count, "successes" => 0)); exit; } // Send successfully registered users to the completion page, while errors should return them to the registration page. echo json_encode(array("errors" => 0, "successes" => 1)); exit;
$addition_count += addUserToGroup($new_user_id, $group_id); } // Set primary group if (!empty($primary_group_id)) { if (updateUserPrimaryGroup($new_user_id, $primary_group_id)) { // Account creation was successful! addAlert("success", lang("ACCOUNT_PRIMARY_GROUP_SET")); addAlert("success", lang("ACCOUNT_CREATION_COMPLETE", array($user_name))); } else { $error_count++; } } // Otherwise, add default groups and set primary group for new users } else { if (dbAddUserToDefaultGroups($new_user_id)) { if ($require_activation) { // Activation required addAlert("success", lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE2")); } else { // No activation required addAlert("success", lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE1")); } } else { apiReturnError($ajax, $admin == "true" ? ACCOUNT_ROOT : SITE_ROOT); } } } else { apiReturnError($ajax, $admin == "true" ? ACCOUNT_ROOT : SITE_ROOT); } restore_error_handler(); apiReturnSuccess($ajax, $admin == "true" ? ACCOUNT_ROOT : SITE_ROOT);
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ require_once "models/config.php"; // Public page setReferralPage(getAbsoluteDocumentPath(__FILE__)); //Forward the user to their default page if he/she is already logged in if (isUserLoggedIn()) { addAlert("warning", "You're already logged in!"); header("Location: account"); exit; } ?> <!DOCTYPE html> <html lang="en"> <?php echo renderTemplate("head.html", array("#SITE_ROOT#" => SITE_ROOT, "#SITE_TITLE#" => SITE_TITLE, "#PAGE_TITLE#" => "Welcome to UserFrosting")); ?> <body> <div class="container"> <div class="header"> <ul class="nav nav-pills navbar pull-right">
function loadPresetPermitOptions($fields) { // This block automatically checks this action against the permissions database before running. if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) { addAlert("danger", "Sorry, you do not have permission to access this resource."); return false; } return fetchPresetPermitOptions($fields); }
<?php include '../models/db-settings.php'; include '../models/config.php'; // Fetch information for currently logged in user // Parameters: none set_error_handler('logAllErrors'); try { // Check that there is a logged-in user $user_id = null; if (isUserLoggedIn()) { $user_id = $loggedInUser->user_id; } else { addAlert("danger", "Whoops, looks like you're not logged in!"); echo json_encode(array("errors" => 1, "successes" => 0)); exit; } $results = fetchUser($user_id); $results['csrf_token'] = $loggedInUser->csrf_token; } catch (ErrorException $e) { addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs."); } catch (RuntimeException $e) { addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs."); error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage()); } restore_error_handler(); echo json_encode($results);
function checkCSRF($ajax, $csrf_token) { global $loggedInUser; if ($csrf_token) { if (!$loggedInUser->csrf_validate(trim($csrf_token))) { addAlert("danger", lang("ACCESS_DENIED")); if (LOG_AUTH_FAILURES) { error_log("CSRF token failure - invalid token."); } apiReturnError($ajax, $failure_landing_page); } } else { addAlert("danger", lang("ACCESS_DENIED")); if (LOG_AUTH_FAILURES) { error_log("CSRF token failure - token not specified."); } apiReturnError($ajax, $failure_landing_page); } }
addAlert("success", lang("ACCOUNT_MANUALLY_ACTIVATED", array($display_name))); } else { echo json_encode(array("errors" => 1, "successes" => 0)); exit; } } else { if ($token) { if (!validateActivationToken($token)) { //Check for a valid token. Must exist and active must be = 0 addAlert("danger", lang("ACCOUNT_TOKEN_NOT_FOUND")); echo json_encode(array("errors" => 1, "successes" => 0)); exit; } else { //Activate the users account if (setUserActive($token)) { addAlert("success", lang("ACCOUNT_ACTIVATION_COMPLETE")); } else { echo json_encode(array("errors" => 1, "successes" => 0)); exit; } } } } restore_error_handler(); // Allows for functioning in either ajax mode or graceful degradation to PHP/HTML only if (isset($_GET['ajaxMode']) and $_GET['ajaxMode'] == "true") { echo json_encode(array("errors" => 0, "successes" => 1)); } else { header("Location: " . getReferralPage()); exit; }
} //Forms posted if ($action_id && $type) { if ($type == "user") { if (!deleteUserActionPermit($action_id)) { echo json_encode(array("errors" => 1, "successes" => 0)); exit; } } else { if ($type == "group") { if (!deleteGroupActionPermit($action_id)) { echo json_encode(array("errors" => 1, "successes" => 0)); exit; } } else { addAlert("danger", "Invalid action type (user, group) specified."); echo json_encode(array("errors" => 1, "successes" => 0)); exit; } } } else { echo json_encode(array("errors" => 1, "successes" => 0)); exit; } restore_error_handler(); if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true") { echo json_encode(array("errors" => 0, "successes" => 1)); } else { header('Location: ' . getReferralPage()); exit; }
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ require_once '../models/config.php'; // Fetch information for currently logged in user // Parameters: none set_error_handler('logAllErrors'); // Request method: GET $ajax = checkRequestMode("get"); // Check that there is a logged-in user $user_id = null; if (isUserLoggedIn()) { $user_id = $loggedInUser->user_id; } else { addAlert("danger", "Whoops, looks like you're not logged in!"); apiReturnError($ajax, getReferralPage()); } $results = fetchUser($user_id); if (!$results) { apiReturnError($ajax, getReferralPage()); } $results['csrf_token'] = $loggedInUser->csrf_token; restore_error_handler(); echo json_encode($results);
function isValidPermitString($permit) { $permit_funcs = fetchPermissionValidators(); $permit_arr = parsePermitString($permit); foreach ($permit_arr as $p) { $name = $p['name']; if (!isset($permit_funcs[$name])) { addAlert("danger", "I'm sorry, the permission validator {$name} does not exist."); return false; } } return true; }
* @version 0.1 * @link http://www.userfrosting.com/ * @link http://www.github.com/lilfade/UF-PMSystem/ */ require_once "../models/config.php"; require_once "models/pm_functions.php"; if (!securePage(__FILE__)) { // Forward to index page addAlert("danger", "Whoops, looks like you don't have permission to view that page."); header("Location: 404.php"); exit; } $pvalue = $plugin_settings['$pmsystem']['value']; if ($pvalue != 1) { // Forward to index page addAlert("danger", "Whoops, looks like the private message system is not enabled"); header("Location: " . SITE_ROOT . "account/index.php"); exit; } setReferralPage(getAbsoluteDocumentPath(__FILE__)); $validate = new Validator(); // This is used to get the right page view $action_var = $validate->optionalGetVar('action'); $msg_id = $validate->optionalGetVar('id'); // This is for use when deleting messages $table_name = $validate->optionalGetVar('a_id'); // Field not table xD $table_delete = $validate->optionalGetVar('a_d'); //receiver_id or sender_id depending on inbox or outbox ?>
addAlert("danger", "You must be logged in to access this resource."); echo json_encode(array("errors" => 1, "successes" => 0)); exit; } // Create a new group with the specified name and home page id // POST: group_name, home_page_id $validator = new Validator(); $group_name = $validator->requiredPostVar('group_name'); $home_page_id = $validator->requiredPostVar('home_page_id'); // Add alerts for any failed input validation foreach ($validator->errors as $error) { addAlert("danger", $error); } //Forms posted if ($group_name) { if (!createGroup($group_name, $home_page_id)) { echo json_encode(array("errors" => 1, "successes" => 0)); exit; } } else { addAlert("danger", lang("PERMISSION_CHAR_LIMIT", array(1, 50))); echo json_encode(array("errors" => 1, "successes" => 0)); exit; } restore_error_handler(); if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true") { echo json_encode(array("errors" => 0, "successes" => 1)); } else { header('Location: ' . getReferralPage()); exit; }
require_once "models/config.php"; setReferralPage(getAbsoluteDocumentPath(__FILE__)); if (!userIdExists('1')) { addAlert("danger", lang("MASTER_ACCOUNT_NOT_EXISTS")); header("Location: install/wizard_root_user.php"); exit; } // If registration is disabled, send them back to the home page with an error message if (!$can_register) { addAlert("danger", lang("ACCOUNT_REGISTRATION_DISABLED")); header("Location: login.php"); exit; } //Prevent the user visiting the logged in page if he/she is already logged in if (isUserLoggedIn()) { addAlert("danger", "I'm sorry, you cannot register for an account while logged in. Please log out first."); apiReturnError(false, SITE_ROOT); } ?> <!DOCTYPE html> <html lang="en"> <?php echo renderTemplate("head.html", array("#SITE_ROOT#" => SITE_ROOT, "#SITE_TITLE#" => SITE_TITLE, "#PAGE_TITLE#" => "Register")); $fields = ['user_name' => ['type' => 'text', 'label' => 'Username', 'icon' => 'fa fa-fw fa-edit', 'validator' => ['minLength' => 1, 'maxLength' => 25, 'label' => 'Username'], 'placeholder' => 'User name'], 'display_name' => ['type' => 'text', 'label' => 'Display Name', 'icon' => 'fa fa-fw fa-edit', 'validator' => ['minLength' => 1, 'maxLength' => 50, 'label' => 'Display name'], 'placeholder' => 'Display name'], 'email' => ['type' => 'text', 'label' => 'Email', 'icon' => 'fa fa-fw fa-envelope', 'validator' => ['minLength' => 1, 'maxLength' => 150, 'email' => true, 'label' => 'Email'], 'placeholder' => 'Email address'], 'password' => ['type' => 'password', 'label' => 'Password', 'icon' => 'fa fa-fw fa-key', 'validator' => ['minLength' => 8, 'maxLength' => 50, 'label' => 'Password', 'passwordMatch' => 'passwordc'], 'placeholder' => '8-50 characters'], 'passwordc' => ['type' => 'password', 'label' => 'Confirm password', 'icon' => 'fa fa-fw fa-key', 'validator' => ['minLength' => 8, 'maxLength' => 50, 'label' => 'Password'], 'placeholder' => 'Re-enter your password'], 'captcha' => ['type' => 'text', 'label' => 'Confirm Security Code', 'icon' => 'fa fa-fw fa-eye', 'validator' => ['minLength' => 1, 'maxLength' => 50, 'label' => 'Security code'], 'placeholder' => "Enter the code below, human!"]]; $captcha = generateCaptcha(); $template = "\n <form name='newUser' class='form-horizontal' id='newUser' role='form' action='api/create_user.php' method='post'>\n\t\t <div class='row'>\n\t\t\t<div id='display-alerts' class='col-lg-12'>\n\t\t \n\t\t\t</div>\n\t\t </div>\t\t\n\t\t <div class='row'>\n\t\t\t<div class='col-sm-12'>\n {{user_name}}\n </div>\n\t\t </div>\n\t\t <div class='row'>\n <div class='col-sm-12'>\n {{display_name}}\n </div>\n\t\t </div>\n\t\t <div class='row'>\n\t\t\t<div class='col-sm-12'>\n {{email}}\n </div>\n\t\t </div>\t\t \n\t\t <div class='row'>\n <div class='col-sm-12'>\n {{password}}\n </div>\n\t\t </div>\n\t\t <div class='row'>\n <div class='col-sm-12'>\n {{passwordc}}\n </div>\n\t\t </div>\n\t\t <div class='row'>\n <div class='col-sm-12'>\n {{captcha}}\n </div>\n </div>\n <div class='form-group'>\n <div class='col-sm-12'>\n <img src='{$captcha}' id='captcha'>\n </div>\n\t\t </div>\n\t\t <br>\n\t\t <div class='form-group'>\n\t\t\t<div class='col-sm-12'>\n\t\t\t <button type='submit' class='btn btn-success submit' value='Register'>Register</button>\n\t\t\t</div>\n\t\t </div>\n <div class='collapse'>\n <label>Spiderbro: Don't change me bro, I'm tryin'a catch some flies!</label>\n <input name='spiderbro' id='spiderbro' value='http://'/>\n </div> \n\t\t</form>"; $fb = new FormBuilder($template, $fields, [], [], true); ?> <body>
addAlert("danger", lang("ACCESS_DENIED")); if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true") { echo json_encode(array("errors" => 1, "successes" => 0)); } else { header('Location: ../pm.php'); } exit; } if (isset($msg_id) && $msg_id >= 1) { $parent_id = $msg_id; } else { $parent_id = NULL; } // Call the function to create a message with the required data if ($isreply = '0' or '1') { if (!createMessage($sender_id, $receiver_id, $title, $message, $parent_id)) { echo json_encode(array("errors" => 1, "successes" => 0)); exit; } } else { addAlert("danger", "some bad data here"); echo json_encode(array("errors" => 1, "successes" => 0)); exit; } restore_error_handler(); if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true") { echo json_encode(array("errors" => 0, "successes" => 1)); } else { header('Location: ' . getReferralPage()); exit; }
* @version 0.1 * @link http://www.userfrosting.com/ * @link http://www.github.com/lilfade/UF-PMSystem/ */ include '../../models/config.php'; require_once "../models/pm_functions.php"; set_error_handler('logAllErrors'); // User must be logged in if (!isUserLoggedIn()) { addAlert("danger", "You must be logged in to access this resource."); echo json_encode(array("errors" => 1, "successes" => 0)); exit; } // Load all pm's for this user based on the user_id $validator = new Validator(); $limit = $validator->optionalGetVar('limit'); $user_id = $loggedInUser->user_id; $send_rec_id = $validator->requiredGetVar('send_rec_id'); $deleted = $validator->requiredGetVar('deleted'); // Add alerts for any failed input validation foreach ($validator->errors as $error) { addAlert("danger", $error); } if ($user_id != $loggedInUser->user_id) { // Special case where something funky is going on ... addAlert("danger", "Something when wrong. Wrong user id specified."); } else { $results = loadPMS($limit, $user_id, $send_rec_id, $deleted); } restore_error_handler(); echo json_encode($results);
<?php require_once "../models/config.php"; if (!securePage(__FILE__)) { // Forward to index page addAlert("danger", "Whoops, looks like you don't have permission to view that page."); header("Location: 404.php"); exit; } setReferralPage(getAbsoluteDocumentPath(__FILE__)); //Log the user out if (isUserLoggedIn()) { $loggedInUser->userLogOut(); } // Forward to index root page header("Location: " . SITE_ROOT); die; ?>
<?php require_once "../models/config.php"; set_error_handler('logAllErrors'); // User must be logged in if (!isUserLoggedIn()) { addAlert("danger", "You must be logged in to access this resource."); echo json_encode(array("errors" => 1, "successes" => 0)); exit; } $results = loadSecureFunctions(); echo json_encode($results);
require_once "../models/config.php"; // Recommended admin-only access if (!securePage(__FILE__)) { if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true") { echo json_encode(array("errors" => 1, "successes" => 0)); } else { header("Location: " . getReferralPage()); } exit; } $validator = new Validator(); // Look up specified user $selected_user_id = $validator->requiredGetVar('id'); if (!is_numeric($selected_user_id) || !userIdExists($selected_user_id)) { addAlert("danger", "I'm sorry, the user id you specified is invalid!"); header("Location: " . getReferralPage()); exit; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <title>PHP Reports Admin - User Details</title>
Based on the UserCake user management system, v2.0.2. Copyright (c) 2009-2012 UserFrosting, like UserCake, is 100% free and open-source. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ require_once "../models/config.php"; // User must be logged in if (!isUserLoggedIn()) { addAlert("danger", "You must be logged in to access the account page."); header("Location: ../login.php"); exit; } setReferralPage(getAbsoluteDocumentPath(__FILE__)); // Automatically forward to the user's default home page $home_page = SITE_ROOT . fetchUserHomePage($loggedInUser->user_id); header("Location: {$home_page}"); exit;