function createAction()
{
$config = getConfig();
$params = $config['memcache'];
$table = ['name' => 'item', 'dbname' => 'db_vktest', 'as' => 'i'];
$item = handleRequest($_POST);
$mysqli = db_mysqli_connect($table['dbname']);
$queryInsert = "INSERT INTO item (name,description,price,url) VALUES (" . "'" . mysqli_real_escape_string($mysqli, $item['name']) . "'," . "'" . mysqli_real_escape_string($mysqli, $item['description']) . "'," . $item['price'] . "," . "'" . mysqli_real_escape_string($mysqli, $item['url']) . "'" . ")";
$resultInsert = mysqli_query($mysqli, $queryInsert);
$resultError = mysqli_error($mysqli);
db_mysqli_close($mysqli);
if (!$resultInsert) {
addAlert('danger', 'Произошла ошибка записи:' . $resultError);
$url = 'http://' . $_SERVER['HTTP_HOST'] . "/";
header('Location: ' . $url);
exit;
}
//another proc
$pid = pcntl_fork();
if ($pid == 0) {
changeCountItemsById(1, 1);
exit(0);
}
addAlert('success', 'Продукт добавлен');
$url = 'http://' . $_SERVER['HTTP_HOST'] . "/";
header('Location: ' . $url);
}
function db_mysqli_connect($db_name)
{
$config = getConfig();
$dbParam = $config['databases'][$db_name];
$mysqli = mysqli_connect($dbParam['host'], $dbParam['user'], $dbParam['password'], $db_name, $dbParam['port']);
if (mysqli_connect_errno()) {
addAlert('danger', 'Нет подключения к базе данных:' . mysqli_connect_error());
$url = 'http://' . $_SERVER['HTTP_HOST'] . "/";
header('Location: ' . $url);
exit;
}
return $mysqli;
}
function updateAction()
{
$config = getConfig();
$table = ['name' => 'item', 'dbname' => 'db_vktest', 'as' => 'i'];
$item = handleRequest($_POST);
$mysqli = db_mysqli_connect($table['dbname']);
$queryUpdate = "UPDATE item SET " . "name='" . mysqli_real_escape_string($mysqli, $item['name']) . "'," . "description='" . mysqli_real_escape_string($mysqli, $item['description']) . "'," . "price=" . $item['price'] . "," . "url='" . mysqli_real_escape_string($mysqli, $item['url']) . "'" . " WHERE iditem=" . $item['iditem'];
$resultUpdate = mysqli_query($mysqli, $queryUpdate);
$resultError = mysqli_error($mysqli);
db_mysqli_close($mysqli);
if (!$resultUpdate) {
addAlert('danger', 'Произошла ошибка записи:' . $resultError);
$url = 'http://' . $_SERVER['HTTP_HOST'] . "/";
header('Location: ' . $url);
exit;
}
addAlert('success', 'Продукт сохранен!');
$url = 'http://' . $_SERVER['HTTP_HOST'] . "/";
header('Location: ' . $url);
}
} else {
if ($group_id) {
// Attempt to load action permits for the specified group.
if (!($results = loadGroupActionPermits($group_id))) {
apiReturnError($ajax, getReferralPage());
}
} else {
if ($all == "users") {
// Attempt to load action permits for all users
if (!($results = loadUserActionPermits("all"))) {
apiReturnError($ajax, getReferralPage());
}
} else {
if ($all == "groups") {
// Attempt to load action permits for all groups
if (!($results = loadGroupActionPermits("all"))) {
apiReturnError($ajax, getReferralPage());
}
} else {
addAlert("danger", "user_id, group_id, or all must be specified.");
apiReturnError($ajax, getReferralPage());
}
}
}
}
restore_error_handler();
if ($pretty) {
echo prettyPrint(json_encode($results, JSON_PRETTY_PRINT));
} else {
echo json_encode($results);
}
// Update an action_permit mapping for a user or group.
// POST: action_id, permit, [user_id, group_id]
$validator = new Validator();
$action_id = $validator->requiredPostVar('action_id');
$permit = $validator->requiredPostVar('permit');
$group_id = $validator->optionalPostVar('group_id');
$user_id = $validator->optionalPostVar('user_id');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
if (count($validator->errors) > 0) {
apiReturnError($ajax, getReferralPage());
}
//Forms posted
if ($group_id) {
if (!updateGroupActionPermit($action_id, $group_id, $permit)) {
apiReturnError($ajax, getReferralPage());
}
} else {
if ($user_id) {
if (!updateUserActionPermit($action_id, $user_id, $permit)) {
apiReturnError($ajax, getReferralPage());
}
} else {
addAlert("danger", "You must specify a user or group id!");
apiReturnError($ajax, getReferralPage());
}
}
restore_error_handler();
apiReturnSuccess($ajax, getReferralPage());
function fetchUserMin($user_id)
{
try {
global $db_table_prefix;
$results = array();
$db = pdoConnect();
$sqlVars = array();
$query = "select {$db_table_prefix}users.id as user_id, user_name, display_name from {$db_table_prefix}users where {$db_table_prefix}users.id = :user_id";
$sqlVars[':user_id'] = $user_id;
$stmt = $db->prepare($query);
$stmt->execute($sqlVars);
if (!($results = $stmt->fetch(PDO::FETCH_ASSOC))) {
addAlert("danger", "Invalid user id specified");
return false;
}
$stmt = null;
return $results;
} catch (PDOException $e) {
addAlert("danger", "Oops, looks like our database encountered an error.");
error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
return false;
} catch (ErrorException $e) {
addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
return false;
}
}
//Success, user details have been updated in the db now mail this information out.
$successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT");
}
}
}
}
}
}
}
} else {
$errors[] = lang("NO_DATA");
}
restore_error_handler();
foreach ($errors as $error) {
addAlert("danger", $error);
}
foreach ($successes as $success) {
addAlert("success", $success);
}
if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true") {
echo json_encode(array("errors" => count($errors), "successes" => count($successes)));
} else {
// Send successes to the home page, while errors should return them to the activation page.
if (count($errors) == 0) {
header('Location: index.php');
exit;
} else {
header('Location: resend_activation.php');
exit;
}
}
if ($self) {
//Confirm the hashes match before updating a users password
if ($passwordcheck == "") {
addAlert("danger", lang("ACCOUNT_SPECIFY_PASSWORD"));
apiReturnError($ajax, getReferralPage());
} else {
if (!passwordVerifyUF($passwordcheck, $loggedInUser->hash_pw)) {
//No match
addAlert("danger", lang("ACCOUNT_PASSWORD_INVALID"));
apiReturnError($ajax, getReferralPage());
}
}
}
// Prevent updating if someone attempts to update with the same password
if (passwordVerifyUF($password, $loggedInUser->hash_pw)) {
addAlert("danger", lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE"));
apiReturnError($ajax, getReferralPage());
}
if (!($password_hash = updateUserPassword($user_id, $password, $passwordc))) {
$error_count++;
} else {
// If we're updating for the currently logged in user, update their hash_pw field
if ($self) {
$loggedInUser->hash_pw = $password_hash;
}
$success_count++;
}
}
//Remove groups
if (!empty($rm_groups)) {
// Convert string of comma-separated group_id's into array
if (!isUserLoggedIn()) {
addAlert("danger", "You must be logged in to access this resource.");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
// GET Parameters: [user_id, group_id, limit]
// If a user_id is specified, attempt to load information for the specified user (self if set to 0).
// If a group_id is specified, attempt to load information for all users in the specified group.
// Otherwise, attempt to load all users.
$validator = new Validator();
$limit = $validator->optionalGetVar('limit');
$user_id = $validator->optionalGetVar('user_id');
$group_id = $validator->optionalGetVar('group_id');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
if ($user_id) {
// Special case to load groups for the logged in user
if ($user_id == "0") {
$user_id = $loggedInUser->user_id;
}
if (!($results = loadUser($user_id))) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
} else {
if ($group_id) {
if (!($results = loadUsersInGroup($group_id))) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
By Alex Weissman
Copyright (c) 2014
Based on the UserCake user management system, v2.0.2.
Copyright (c) 2009-2012
UserFrosting, like UserCake, is 100% free and open-source.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the 'Software'), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
require_once "../models/config.php";
// Always a publically accessible script
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
addAlert($_POST['type'], $_POST['message']);
}
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
echo json_encode($_SESSION["userAlerts"]);
// Reset alerts after they have been delivered
$_SESSION["userAlerts"] = array();
}
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
require_once "models/config.php";
setReferralPage(getAbsoluteDocumentPath(__FILE__));
//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
addAlert("danger", "I'm sorry, you cannot request an activation email while logged in. Please log out first.");
apiReturnError(false, SITE_ROOT);
}
?>
<!DOCTYPE html>
<html lang="en">
<?php
echo renderTemplate("head.html", array("#SITE_ROOT#" => SITE_ROOT, "#SITE_TITLE#" => SITE_TITLE, "#PAGE_TITLE#" => "Resend Activation"));
?>
<body>
<div class="container">
<div class="header">
<ul class="nav nav-pills navbar pull-right">
</ul>
// Try to create the new user
if (!($new_user_id = createUser($user_name, $display_name, $email, $title, $password, $passwordc, $require_activation, $admin))) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
// If creation succeeds, add default groups for new users
/*if (dbAddUserToDefaultGroups($new_user_id)){
// Uncomment this if you want self-registered users to know about permission groups
//$successes[] = lang("ACCOUNT_PERMISSION_ADDED", array ($addition_count));
} else {
if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true" ){
echo json_encode(array("errors" => 1, "successes" => 0));
} else {
header('Location: register_root.php');
}
exit();
}*/
// Set the primary group as the "Admin" group
updateUserField('1', 'primary_group_id', '2');
// Account creation was successful!
// On success, create the success message and delete the activation token
deleteConfigParameter('root_account_config_token');
addAlert("success", "You have successfully created the root account. Please delete this installation folder and log in via login.php.");
addAlert("success", "<a href='../login.php'>Click Here</a> to login");
} else {
echo json_encode(array("errors" => $error_count, "successes" => 0));
exit;
}
// Send successfully registered users to the completion page, while errors should return them to the registration page.
echo json_encode(array("errors" => 0, "successes" => 1));
exit;
$addition_count += addUserToGroup($new_user_id, $group_id);
}
// Set primary group
if (!empty($primary_group_id)) {
if (updateUserPrimaryGroup($new_user_id, $primary_group_id)) {
// Account creation was successful!
addAlert("success", lang("ACCOUNT_PRIMARY_GROUP_SET"));
addAlert("success", lang("ACCOUNT_CREATION_COMPLETE", array($user_name)));
} else {
$error_count++;
}
}
// Otherwise, add default groups and set primary group for new users
} else {
if (dbAddUserToDefaultGroups($new_user_id)) {
if ($require_activation) {
// Activation required
addAlert("success", lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE2"));
} else {
// No activation required
addAlert("success", lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE1"));
}
} else {
apiReturnError($ajax, $admin == "true" ? ACCOUNT_ROOT : SITE_ROOT);
}
}
} else {
apiReturnError($ajax, $admin == "true" ? ACCOUNT_ROOT : SITE_ROOT);
}
restore_error_handler();
apiReturnSuccess($ajax, $admin == "true" ? ACCOUNT_ROOT : SITE_ROOT);
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
require_once "models/config.php";
// Public page
setReferralPage(getAbsoluteDocumentPath(__FILE__));
//Forward the user to their default page if he/she is already logged in
if (isUserLoggedIn()) {
addAlert("warning", "You're already logged in!");
header("Location: account");
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<?php
echo renderTemplate("head.html", array("#SITE_ROOT#" => SITE_ROOT, "#SITE_TITLE#" => SITE_TITLE, "#PAGE_TITLE#" => "Welcome to UserFrosting"));
?>
<body>
<div class="container">
<div class="header">
<ul class="nav nav-pills navbar pull-right">
function loadPresetPermitOptions($fields)
{
// This block automatically checks this action against the permissions database before running.
if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) {
addAlert("danger", "Sorry, you do not have permission to access this resource.");
return false;
}
return fetchPresetPermitOptions($fields);
}
<?php
include '../models/db-settings.php';
include '../models/config.php';
// Fetch information for currently logged in user
// Parameters: none
set_error_handler('logAllErrors');
try {
// Check that there is a logged-in user
$user_id = null;
if (isUserLoggedIn()) {
$user_id = $loggedInUser->user_id;
} else {
addAlert("danger", "Whoops, looks like you're not logged in!");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
$results = fetchUser($user_id);
$results['csrf_token'] = $loggedInUser->csrf_token;
} catch (ErrorException $e) {
addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
} catch (RuntimeException $e) {
addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs.");
error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage());
}
restore_error_handler();
echo json_encode($results);
function checkCSRF($ajax, $csrf_token)
{
global $loggedInUser;
if ($csrf_token) {
if (!$loggedInUser->csrf_validate(trim($csrf_token))) {
addAlert("danger", lang("ACCESS_DENIED"));
if (LOG_AUTH_FAILURES) {
error_log("CSRF token failure - invalid token.");
}
apiReturnError($ajax, $failure_landing_page);
}
} else {
addAlert("danger", lang("ACCESS_DENIED"));
if (LOG_AUTH_FAILURES) {
error_log("CSRF token failure - token not specified.");
}
apiReturnError($ajax, $failure_landing_page);
}
}
addAlert("success", lang("ACCOUNT_MANUALLY_ACTIVATED", array($display_name)));
} else {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
} else {
if ($token) {
if (!validateActivationToken($token)) {
//Check for a valid token. Must exist and active must be = 0
addAlert("danger", lang("ACCOUNT_TOKEN_NOT_FOUND"));
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
} else {
//Activate the users account
if (setUserActive($token)) {
addAlert("success", lang("ACCOUNT_ACTIVATION_COMPLETE"));
} else {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
}
}
}
restore_error_handler();
// Allows for functioning in either ajax mode or graceful degradation to PHP/HTML only
if (isset($_GET['ajaxMode']) and $_GET['ajaxMode'] == "true") {
echo json_encode(array("errors" => 0, "successes" => 1));
} else {
header("Location: " . getReferralPage());
exit;
}
}
//Forms posted
if ($action_id && $type) {
if ($type == "user") {
if (!deleteUserActionPermit($action_id)) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
} else {
if ($type == "group") {
if (!deleteGroupActionPermit($action_id)) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
} else {
addAlert("danger", "Invalid action type (user, group) specified.");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
}
} else {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
restore_error_handler();
if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true") {
echo json_encode(array("errors" => 0, "successes" => 1));
} else {
header('Location: ' . getReferralPage());
exit;
}
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
require_once '../models/config.php';
// Fetch information for currently logged in user
// Parameters: none
set_error_handler('logAllErrors');
// Request method: GET
$ajax = checkRequestMode("get");
// Check that there is a logged-in user
$user_id = null;
if (isUserLoggedIn()) {
$user_id = $loggedInUser->user_id;
} else {
addAlert("danger", "Whoops, looks like you're not logged in!");
apiReturnError($ajax, getReferralPage());
}
$results = fetchUser($user_id);
if (!$results) {
apiReturnError($ajax, getReferralPage());
}
$results['csrf_token'] = $loggedInUser->csrf_token;
restore_error_handler();
echo json_encode($results);
function isValidPermitString($permit)
{
$permit_funcs = fetchPermissionValidators();
$permit_arr = parsePermitString($permit);
foreach ($permit_arr as $p) {
$name = $p['name'];
if (!isset($permit_funcs[$name])) {
addAlert("danger", "I'm sorry, the permission validator {$name} does not exist.");
return false;
}
}
return true;
}
* @version 0.1
* @link http://www.userfrosting.com/
* @link http://www.github.com/lilfade/UF-PMSystem/
*/
require_once "../models/config.php";
require_once "models/pm_functions.php";
if (!securePage(__FILE__)) {
// Forward to index page
addAlert("danger", "Whoops, looks like you don't have permission to view that page.");
header("Location: 404.php");
exit;
}
$pvalue = $plugin_settings['$pmsystem']['value'];
if ($pvalue != 1) {
// Forward to index page
addAlert("danger", "Whoops, looks like the private message system is not enabled");
header("Location: " . SITE_ROOT . "account/index.php");
exit;
}
setReferralPage(getAbsoluteDocumentPath(__FILE__));
$validate = new Validator();
// This is used to get the right page view
$action_var = $validate->optionalGetVar('action');
$msg_id = $validate->optionalGetVar('id');
// This is for use when deleting messages
$table_name = $validate->optionalGetVar('a_id');
// Field not table xD
$table_delete = $validate->optionalGetVar('a_d');
//receiver_id or sender_id depending on inbox or outbox
?>
addAlert("danger", "You must be logged in to access this resource.");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
// Create a new group with the specified name and home page id
// POST: group_name, home_page_id
$validator = new Validator();
$group_name = $validator->requiredPostVar('group_name');
$home_page_id = $validator->requiredPostVar('home_page_id');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
//Forms posted
if ($group_name) {
if (!createGroup($group_name, $home_page_id)) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
} else {
addAlert("danger", lang("PERMISSION_CHAR_LIMIT", array(1, 50)));
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
restore_error_handler();
if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true") {
echo json_encode(array("errors" => 0, "successes" => 1));
} else {
header('Location: ' . getReferralPage());
exit;
}
require_once "models/config.php";
setReferralPage(getAbsoluteDocumentPath(__FILE__));
if (!userIdExists('1')) {
addAlert("danger", lang("MASTER_ACCOUNT_NOT_EXISTS"));
header("Location: install/wizard_root_user.php");
exit;
}
// If registration is disabled, send them back to the home page with an error message
if (!$can_register) {
addAlert("danger", lang("ACCOUNT_REGISTRATION_DISABLED"));
header("Location: login.php");
exit;
}
//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
addAlert("danger", "I'm sorry, you cannot register for an account while logged in. Please log out first.");
apiReturnError(false, SITE_ROOT);
}
?>
<!DOCTYPE html>
<html lang="en">
<?php
echo renderTemplate("head.html", array("#SITE_ROOT#" => SITE_ROOT, "#SITE_TITLE#" => SITE_TITLE, "#PAGE_TITLE#" => "Register"));
$fields = ['user_name' => ['type' => 'text', 'label' => 'Username', 'icon' => 'fa fa-fw fa-edit', 'validator' => ['minLength' => 1, 'maxLength' => 25, 'label' => 'Username'], 'placeholder' => 'User name'], 'display_name' => ['type' => 'text', 'label' => 'Display Name', 'icon' => 'fa fa-fw fa-edit', 'validator' => ['minLength' => 1, 'maxLength' => 50, 'label' => 'Display name'], 'placeholder' => 'Display name'], 'email' => ['type' => 'text', 'label' => 'Email', 'icon' => 'fa fa-fw fa-envelope', 'validator' => ['minLength' => 1, 'maxLength' => 150, 'email' => true, 'label' => 'Email'], 'placeholder' => 'Email address'], 'password' => ['type' => 'password', 'label' => 'Password', 'icon' => 'fa fa-fw fa-key', 'validator' => ['minLength' => 8, 'maxLength' => 50, 'label' => 'Password', 'passwordMatch' => 'passwordc'], 'placeholder' => '8-50 characters'], 'passwordc' => ['type' => 'password', 'label' => 'Confirm password', 'icon' => 'fa fa-fw fa-key', 'validator' => ['minLength' => 8, 'maxLength' => 50, 'label' => 'Password'], 'placeholder' => 'Re-enter your password'], 'captcha' => ['type' => 'text', 'label' => 'Confirm Security Code', 'icon' => 'fa fa-fw fa-eye', 'validator' => ['minLength' => 1, 'maxLength' => 50, 'label' => 'Security code'], 'placeholder' => "Enter the code below, human!"]];
$captcha = generateCaptcha();
$template = "\n <form name='newUser' class='form-horizontal' id='newUser' role='form' action='api/create_user.php' method='post'>\n\t\t <div class='row'>\n\t\t\t<div id='display-alerts' class='col-lg-12'>\n\t\t \n\t\t\t</div>\n\t\t </div>\t\t\n\t\t <div class='row'>\n\t\t\t<div class='col-sm-12'>\n {{user_name}}\n </div>\n\t\t </div>\n\t\t <div class='row'>\n <div class='col-sm-12'>\n {{display_name}}\n </div>\n\t\t </div>\n\t\t <div class='row'>\n\t\t\t<div class='col-sm-12'>\n {{email}}\n </div>\n\t\t </div>\t\t \n\t\t <div class='row'>\n <div class='col-sm-12'>\n {{password}}\n </div>\n\t\t </div>\n\t\t <div class='row'>\n <div class='col-sm-12'>\n {{passwordc}}\n </div>\n\t\t </div>\n\t\t <div class='row'>\n <div class='col-sm-12'>\n {{captcha}}\n </div>\n </div>\n <div class='form-group'>\n <div class='col-sm-12'>\n <img src='{$captcha}' id='captcha'>\n </div>\n\t\t </div>\n\t\t <br>\n\t\t <div class='form-group'>\n\t\t\t<div class='col-sm-12'>\n\t\t\t <button type='submit' class='btn btn-success submit' value='Register'>Register</button>\n\t\t\t</div>\n\t\t </div>\n <div class='collapse'>\n <label>Spiderbro: Don't change me bro, I'm tryin'a catch some flies!</label>\n <input name='spiderbro' id='spiderbro' value='http://'/>\n </div> \n\t\t</form>";
$fb = new FormBuilder($template, $fields, [], [], true);
?>
<body>
addAlert("danger", lang("ACCESS_DENIED"));
if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true") {
echo json_encode(array("errors" => 1, "successes" => 0));
} else {
header('Location: ../pm.php');
}
exit;
}
if (isset($msg_id) && $msg_id >= 1) {
$parent_id = $msg_id;
} else {
$parent_id = NULL;
}
// Call the function to create a message with the required data
if ($isreply = '0' or '1') {
if (!createMessage($sender_id, $receiver_id, $title, $message, $parent_id)) {
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
} else {
addAlert("danger", "some bad data here");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
restore_error_handler();
if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true") {
echo json_encode(array("errors" => 0, "successes" => 1));
} else {
header('Location: ' . getReferralPage());
exit;
}
* @version 0.1
* @link http://www.userfrosting.com/
* @link http://www.github.com/lilfade/UF-PMSystem/
*/
include '../../models/config.php';
require_once "../models/pm_functions.php";
set_error_handler('logAllErrors');
// User must be logged in
if (!isUserLoggedIn()) {
addAlert("danger", "You must be logged in to access this resource.");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
// Load all pm's for this user based on the user_id
$validator = new Validator();
$limit = $validator->optionalGetVar('limit');
$user_id = $loggedInUser->user_id;
$send_rec_id = $validator->requiredGetVar('send_rec_id');
$deleted = $validator->requiredGetVar('deleted');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
if ($user_id != $loggedInUser->user_id) {
// Special case where something funky is going on ...
addAlert("danger", "Something when wrong. Wrong user id specified.");
} else {
$results = loadPMS($limit, $user_id, $send_rec_id, $deleted);
}
restore_error_handler();
echo json_encode($results);
<?php
require_once "../models/config.php";
if (!securePage(__FILE__)) {
// Forward to index page
addAlert("danger", "Whoops, looks like you don't have permission to view that page.");
header("Location: 404.php");
exit;
}
setReferralPage(getAbsoluteDocumentPath(__FILE__));
//Log the user out
if (isUserLoggedIn()) {
$loggedInUser->userLogOut();
}
// Forward to index root page
header("Location: " . SITE_ROOT);
die;
?>
<?php
require_once "../models/config.php";
set_error_handler('logAllErrors');
// User must be logged in
if (!isUserLoggedIn()) {
addAlert("danger", "You must be logged in to access this resource.");
echo json_encode(array("errors" => 1, "successes" => 0));
exit;
}
$results = loadSecureFunctions();
echo json_encode($results);
require_once "../models/config.php";
// Recommended admin-only access
if (!securePage(__FILE__)) {
if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true") {
echo json_encode(array("errors" => 1, "successes" => 0));
} else {
header("Location: " . getReferralPage());
}
exit;
}
$validator = new Validator();
// Look up specified user
$selected_user_id = $validator->requiredGetVar('id');
if (!is_numeric($selected_user_id) || !userIdExists($selected_user_id)) {
addAlert("danger", "I'm sorry, the user id you specified is invalid!");
header("Location: " . getReferralPage());
exit;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<title>PHP Reports Admin - User Details</title>
Based on the UserCake user management system, v2.0.2.
Copyright (c) 2009-2012
UserFrosting, like UserCake, is 100% free and open-source.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the 'Software'), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
require_once "../models/config.php";
// User must be logged in
if (!isUserLoggedIn()) {
addAlert("danger", "You must be logged in to access the account page.");
header("Location: ../login.php");
exit;
}
setReferralPage(getAbsoluteDocumentPath(__FILE__));
// Automatically forward to the user's default home page
$home_page = SITE_ROOT . fetchUserHomePage($loggedInUser->user_id);
header("Location: {$home_page}");
exit;
