function checkLogin($login, $pass) { $db = new Database(); //Traigo el usuario $q = "select salt from jugador where login='******' limit 1"; $r = $db->query($q); //Controlo que exista el usuario con el login $login if ($db->num_rows($r) > 0) { //Traigo el registro $data = $db->fetch_array($r); $salt_db = $data['salt']; //Genero el mismo hash que se creo al registrar jugador $hashedpass = hash('sha512', $pass . $salt_db); $q2 = "select * from jugador where login='******' and pass=PASSWORD('{$hashedpass}')"; $r2 = $db->query($q2); if ($db->num_rows($r2) > 0) { return 1; } else { return 0; } } else { alertMessage('El usuario no existe'); exit; } $db->close(); }
public function buscarFuncionario($nomeFunc = null, $loginFunc = null, $nivelAcessoFunc = null) { $result = null; if (!isset($_SESSION)) { session_start(); } if (!isset($_SESSION['restaurante'])) { session_destroy(); alertMessage("Erro ao tentar acessar a página.Por favor faça o login novamente!", base_url()); exit; } if (!empty($nomeFunc)) { $this->_db->like("nome_funcionario", $nomeFunc); } if (!empty($loginFunc)) { $this->_db->where("login", $loginFunc); } if (!empty($nivelAcessoFunc)) { $this->_db->where("nivel_acesso", $nivelAcessoFunc); } $this->_db->where("id_restaurante", $_SESSION['restaurante']); $query = $this->_db->get("funcionario"); /* echo $this->_db->last_query(); exit;*/ if ($query->num_rows() > 0) { $result = $query->result_array(); } return $result; }
public function upload_domains() { $config['upload_path'] = './uploads/'; $config['allowed_types'] = 'xlsx|csv|xls'; $this->load->library('upload', $config); if (!$this->upload->do_upload()) { $message = alertMessage($this->upload->display_errors(), 'danger'); } else { $data = array('upload_data' => $this->upload->data()); $file_name = $data['upload_data']['file_name']; $full_path = $data['upload_data']['full_path']; $objPHPExcel = PHPExcel_IOFactory::load($full_path); $cell_collection = $objPHPExcel->getActiveSheet()->getCellCollection(); foreach ($cell_collection as $cell) { $column = $objPHPExcel->getActiveSheet()->getCell($cell)->getColumn(); $row = $objPHPExcel->getActiveSheet()->getCell($cell)->getRow(); $data_value = $objPHPExcel->getActiveSheet()->getCell($cell)->getValue(); $userdata[$row][$column] = $data_value; } $ctrow = $row; //to count the number of rows $row = 1; // to set the row to the 1st row for ($ctr = 1; $ctr <= $ctrow; $ctr++) { $domains = $userdata[$row]['A']; //the cell in column A if (empty($domains)) { $message = alertMessage('a cell from "domain" column is empty', 'danger'); } else { if ($this->shops->checkDomain($domains) >= 1) { $message = alertMessage('There is an existing domain.<br/>' . $domains . " is already existing", 'danger'); } else { $save = array("domains" => $domains, "status" => "0", "shop" => "none"); $this->shops->save_domain($save); $row++; } } } } $this->session->set_flashdata('message', $message); // $this->session->set_flashdata('failed', $failed); redirect("Domans/index"); }
function validateLogin() { if (isset($_POST['submitLogin'])) { //check if these values are set and not blank. if (isset($_POST['username']) && isset($_POST['password']) && $_POST['username'] != "" && $_POST['password'] != "") { $username = isset($_POST['username']) ? addslashes($_POST['username']) : ''; $password = isset($_POST['password']) ? sha1(addslashes($_POST['password'])) : ''; $loginSuccessful = login($username, $password); //login function will set the session === 1 if ($loginSuccessful == false) { $message = 'Error: Invalid username or password.'; } } else { $message = 'Error: Invalid username or password.'; } if (isset($message)) { alertMessage($message); } //display alert message; } }
} else { $forumlisting->set_var('newposts_link', ''); } $forumlisting->parse('categorymenu_link', 'categorymenu_link'); } else { $forumlisting->set_var('newposts_link', ''); $forumlisting->set_var('markread_link', ''); $forumlisting->set_var('categorymenu_link', ''); } $forumlisting->parse('category_records', 'category_record', true); $forumlisting->parse('forum_records', ''); } } if ($numCategories == 0) { // Do we have any categories defined yet $display .= alertMessage($LANG_GF01['MSG_NO_CAT'], $LANG_GF01['ERROR'], false); } $forumlisting->parse('output', 'forumlisting'); $display .= $forumlisting->finish($forumlisting->get_var('output')); //$exectime = $mytimer->stopTimer(); //COM_errorLog("End of Listing - time:$exectime"); } // Display Forums if ($forum > 0) { $topiclisting = COM_newTemplate(CTL_plugin_templatePath('forum')); $topiclisting->set_file(array('topiclisting' => 'topiclisting.thtml', 'forum_icons' => 'forum_icons.thtml', 'forum_links' => 'forum_links.thtml')); $topiclisting->set_block('topiclisting', 'topic_record'); $topiclisting->set_block('topiclisting', 'no_records_message'); $blocks = array('new_icon', 'quiet_icon', 'active_icon', 'normal_icon', 'normalnew_icon', 'sticky_icon', 'stickynew_icon', 'locked_icon', 'lockednew_icon', 'sort_desc', 'sort_desc_on', 'sort_asc', 'sort_asc_on'); foreach ($blocks as $block) { $topiclisting->set_block('forum_icons', $block);
} elseif ($action == "doCutFolder") { /** * 执行剪切文件夹 * 2014-12-03 16:01:57 */ $dstname = $_REQUEST["dstname"]; //echo $path."/".$dstname."/".basename($dirname); $message = cutFolder($dirname, $path . "/" . $dstname); alertMessage($message, $redirect); } elseif ($action == "delFolder") { /* * 删除文件夹 * 2014-12-03 18:37:08 */ $message = delFolder($dirname); alertMessage($message, $redirect); } } } ?> <!DOCTYPE html> <hmtl> <head> <meta http-equiv="content-type" content="text/html" charset="utf-8"/> <title>在线文件管理器</title> <link rel="stylesheet" href="css/cikonss.css"/> <script type="text/javascript" src="js/jquery.js"></script> <script type="text/javascript" src="js/jquery-ui.js"></script> <link rel="stylesheet" href="css/jquery-ui.css"/> <style type="text/css"> body,p,div,ul,ol,table,dl,dd,dt{
} } } // Moderator or logged-in User is editing their topic post if ($_USER['uid'] > 1 and $editAllowed) { // Check to see if user has this topic or complete forum is selected for notifications $fields1 = array('topic_id', 'uid'); $values1 = array($id, $edittopic['uid']); $fields2 = array('topic_id', 'forum_id', 'uid'); $values2 = array(0, $edittopic['forum'], $edittopic['uid']); // Check if there are any notification records for the topic or the forum - topic_id = 0 if (DB_count($_TABLES['gf_watch'], $fields1, $values1) > 0 or DB_count($_TABLES['gf_watch'], $fields2, $values2) > 0) { $notify_val = 'checked="checked"'; } } else { alertMessage($LANG_GF02['msg72'], $LANG_GF02['msg191']); exit; } } // PREVIEW TOPIC $numAttachments = 0; if ($_REQUEST['preview'] == $LANG_GF01['PREVIEW']) { $previewitem = array(); if ($method == 'edit') { $previewitem['uid'] = $edittopic['uid']; $previewitem['name'] = $edittopic['name']; /* Check for any uploaded files */ $editpost = COM_applyfilter($_POST['id'], true); $previewitem['id'] = $editpost; gf_check4files($editpost); $numAttachments = DB_count($_TABLES['gf_attachments'], 'topic_id', $editpost);
// Pass thru filter any get or post variables to only allow numeric values and remove any hostile data $highlight = isset($_REQUEST['highlight']) ? COM_applyFilter($_REQUEST['highlight']) : ''; $lastpost = isset($_REQUEST['lastpost']) ? COM_applyFilter($_REQUEST['lastpost']) : ''; $mode = isset($_REQUEST['mode']) ? COM_applyFilter($_REQUEST['mode']) : ''; $msg = isset($_GET['msg']) ? COM_applyFilter($_GET['msg']) : ''; $onlytopic = isset($_REQUEST['onlytopic']) ? COM_applyFilter($_REQUEST['onlytopic']) : ''; $page = isset($_REQUEST['page']) ? COM_applyFilter($_REQUEST['page'], true) : ''; $show = isset($_REQUEST['show']) ? COM_applyFilter($_REQUEST['show'], true) : ''; $showtopic = isset($_REQUEST['showtopic']) ? COM_applyFilter($_REQUEST['showtopic'], true) : ''; $result = DB_query("SELECT forum, pid, subject FROM {$_TABLES['forum_topic']} WHERE id = '{$showtopic}'"); // <- new list($forum, $topic_pid, $subject) = DB_fetchArray($result); // <- new if ($topic_pid == '') { $display .= COM_startBlock(); $display .= alertMessage($LANG_GF02['msg172'], $LANG_GF02['msg171']); $display .= COM_endBlock(); $display = COM_createHTMLDocument($display); COM_output($display); exit; } if ($topic_pid != 0) { $showtopic = $topic_pid; } if ($onlytopic == 1) { // Send out the HTML headers and load the stylesheet for the iframe preview switch ($_CONF['doctype']) { case 'html401transitional': $display .= '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">' . LB; break; case 'html401strict':
function forum_chkUsercanAccess($secure = false) { global $_CONF, $LANG_GF01, $LANG_GF02, $CONF_FORUM, $_USER; if ($CONF_FORUM['registration_required'] && COM_isAnonUser()) { $display = COM_siteHeader(); $message = sprintf($LANG_GF01['loginreqview'], '<a href="' . $_CONF['site_url'] . '/users.php?mode=new">', '<a href="' . $_CONF['site_url'] . '/users.php">'); $display .= alertMessage($message); $display .= COM_siteFooter(); COM_output($display); exit; //} elseif ($secure AND empty($_USER['uid'])) { } elseif ($secure and empty($_USER['uid'])) { $display = COM_siteHeader(); $message = sprintf($LANG_GF01['loginreqfeature'], '<a href="' . $_CONF['site_url'] . '/users.php?mode=new">', '<a href="' . $_CONF['site_url'] . '/users.php">'); $display .= alertMessage($message, $LANG_GF01['ACCESSERROR']); $display .= COM_siteFooter(); COM_output($display); exit; } }
exit; } } if ($method == 'newtopic' && $newtopic['is_readonly'] == 1) { /* Check if this user has moderation rights now to allow a post to a locked topic */ if (!forum_modPermission($forum, $_USER['uid'], 'mod_edit')) { $display .= alertMessage($LANG_GF02['msg87'], $LANG_GF01['ERROR']); $display = gf_createHTMLDocument($display); COM_output($display); exit; } } if ($method == 'postreply' and $edittopic['locked'] == 1 || $edittopic['is_readonly'] == 1) { /* Check if this user has moderation rights now to allow a post to a locked topic */ if (!forum_modPermission($edittopic['forum'], $_USER['uid'], 'mod_edit')) { $display .= alertMessage($LANG_GF02['msg87'], $LANG_GF01['ERROR']); $display = gf_createHTMLDocument($display); COM_output($display); exit; } } if ($method == 'postreply' or $method == 'edit' and $subject == '') { $subject = $edittopic['subject']; } else { $subject = COM_stripslashes($subject); } $topicnavbar = COM_newTemplate(CTL_plugin_templatePath('forum')); $topicnavbar->set_file(array('topicnavbar' => 'submissionform_header.thtml')); $topicnavbar->set_var('imgset', $CONF_FORUM['imgset']); $topicnavbar->set_var('navbreadcrumbsimg', '<img alt="" src="' . gf_getImage('nav_breadcrumbs') . '"' . XHTML . '>'); $topicnavbar->set_var('navtopicimg', '<img alt="" src="' . gf_getImage('nav_topic') . '"' . XHTML . '>');
public function add() { if (!$this->ion_auth->logged_in()) { redirect('auth/login', 'refresh'); } $data['title'] = 'Add Shop'; if ($this->input->post('submit') == 'shops') { $this->form_validation->set_rules('shopname', 'Shopname', 'required'); $this->form_validation->set_rules('hostname', 'Hostname', 'required'); $this->form_validation->set_rules('dbname', 'Database', 'required'); $shopname = $this->input->post('shopname'); $hostname = $this->input->post('hostname'); $dbname = $this->input->post('dbname'); $url = $this->input->post('url'); $ecomm = $this->input->post('ecomm') == 'on' ? 1 : 0; $vc = $this->input->post('vc') == 'on' ? 1 : 0; $enabled = $this->input->post('enabled') == 'on' ? 1 : 0; $dbname = preg_replace('/\\s+/', '', $dbname); if ($this->input->post('domainname') != '') { $domainname = $this->input->post('domainname'); } else { $domainid = $this->input->post('domainid'); $domainname = $this->shops->get_domain_id($domainid); } $save = array("shopname" => $shopname, "domainname" => $domainname, "hostname" => $hostname, "dbname" => $dbname, "url" => $url, "ecomm" => $ecomm, "vc" => $vc, "enabled" => $enabled); if ($this->form_validation->run() == FALSE) { //checks if the input is empty $message = alertMessage(validation_errors(), 'danger'); } else { if ($this->shops->checkShop($shopname) >= 1) { //checks if the shopname is existing $message = alertMessage('Shopname ' . $shopname . ' is already existing', 'danger'); } else { if ($this->shops->dbChecker($dbname) >= 1) { //checks if the database is existing in `shops` table $message = alertMessage('Database ' . $dbname . ' is already existing', 'danger'); } else { if ($this->dbutil->database_exists($dbname)) { //checks if the shopname is existing $message = alertMessage('Database ' . $dbname . ' is already existing', 'danger'); } else { $result = $this->shops->addShop($save); if ($result) { #added by obey //to create a DB $update = array("status" => 1, "shop" => $shopname); $this->shops->update_domain($domainid, $update); #end added by obey // $connected = $this->shops->getNewConnection($save['domainname']); // if($this->load->database($connected->dbname,TRUE)==true){ // die('heiro'); // } // die('mis'); $message = alertMessage('Shop Created!', 'Success'); $this->session->set_flashdata('message', $message); //$data['domains'] = $this->shops->get_inactive_domains(); redirect("shops"); } else { //$data['msg'] = 'Database error occured!'; $message = alertMessage('Database error occured!', 'danger'); } } } } } $this->session->set_flashdata('message', $message); } $data['domains'] = $this->shops->get_inactive_domains(); $this->load->view('addshops', $data); }
//Traigo las clases Antes del POST para ver los grupos en la barra izquierda include_once "../classes/jugador.php"; include_once "../classes/grupo.php"; include_once "../security.php"; //Mysql Inyection $db = new Database(); $nombre = $db->checkInjection($_POST['nombre']); $id = $db->checkInjection($_POST['grupo']); //Si eligio imagen y pudo subirse al server if (uploadPhoto("{$id}.jpg", 'grupos')) { $path = "../images/grupos/{$id}.jpg"; } else { $path = "../images/grupos/default.jpg"; } $g = new grupo(); //Le asigno los datos al grupo creado arriba $g->setNombre($nombre); $g->setFoto($path); $g->setId($id); //Guardo el objeto en la Db if ($g->objectToDb()) { if ($g->addAdmin($_SESSION['id'])) { alertMessage("Grupo Creado con Éxito"); } else { alertMessage("Hubo un error Agregandote al Grupo"); } } else { alertMessage("Hubo un error Creando el grupo"); } } //Fin si esta seteado el nombre del grupo
$forum = isset($_REQUEST['forum']) ? COM_applyFilter($_REQUEST['forum'], true) : ''; $id = isset($_REQUEST['id']) ? COM_applyFilter($_REQUEST['id'], true) : ''; $msg = isset($_GET['msg']) ? COM_applyFilter($_GET['msg'], true) : ''; $notifytype = isset($_REQUEST['filter']) ? COM_applyFilter($_REQUEST['filter']) : ''; $op = isset($_REQUEST['op']) ? COM_applyFilter($_REQUEST['op']) : ''; $page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : ''; $show = isset($_GET['show']) ? COM_applyFilter($_GET['show'], true) : ''; $topic = isset($_REQUEST['topic']) ? COM_applyFilter($_REQUEST['topic'], true) : ''; //Check is anonymous users can access - and need to be signed in forum_chkUsercanAccess(true); $display = ''; // Debug Code to show variables $display .= gf_showVariables(); // Display warning if no email found (usually happens with user oauth accounts) if ($_USER['email'] == '' or !COM_isEmail($_USER['email'])) { $display .= alertMessage($LANG_GF02['msg145'], $LANG_GF01['WARNING'], false); } if ($msg == 1) { $display .= COM_showMessageText($LANG_GF02['msg146']); } // NOTIFY CODE -> SAVE if (isset($_REQUEST['submit'])) { if ($_REQUEST['submit'] == 'save' && $id != 0) { $sql = "SELECT * FROM {$_TABLES['forum_watch']} WHERE ((topic_id='{$id}') AND (uid='{$_USER['uid']}') OR "; $sql .= "((forum_id='{$forum}') AND (topic_id='0') AND (uid='{$_USER['uid']}')))"; $notifyquery = DB_query("{$sql}"); $pid = DB_getItem($_TABLES['forum_topic'], 'pid', "id='{$id}'"); if ($pid == 0) { $pid = $id; } if (DB_numRows($notifyquery) > 0) {
include_once "../checkSession.php"; include_once "../functions.php"; //Si esta seteado el ID del grupo donde se creara el evento if (isset($_GET['id'])) { include_once "../classes/conexiones.php"; include_once "../security.php"; include_once "../classes/jugador.php"; include_once "../classes/grupo.php"; include_once "../classes/evento.php"; $idG = $_GET['id']; $g = new grupo(); $g->xId($idG); //Traigo al jugador logueado $j = new jugador(); $j->xId($_SESSION['id']); //Chequeo si el usuario con sesion abierta es Admin del grupo if (!$j->isAdmin($idG)) { echo "Usted no es administrador del grupo"; exit; } $e = new evento(); $id = $e->nextId(); $tipos = $e->allEventTypes(); //Los nombre de los jugadores para abajo del nombre del grupo $nombresJ = $g->nombreJugadores(); //Traigo la vista include_once "../view/createEvent.php"; } //Fin si esta seteado el ID de grupo alertMessage("No se encuentra seleccionado ningún Grupo");
function moderator_error($type) { global $forum_id, $_CONF, $LANG_GF02, $LANG_GF01; $display = ''; if ($type == ACCESS_DENIED) { echo COM_refresh($_CONF['site_url'] . '/forum/index.php'); exit; } $display = FF_siteHeader(); $display .= FF_ForumHeader($forum_id, ''); $display .= alertMessage($LANG_GF02['msg166'], $LANG_GF01['WARNING'], '', true); $display .= FF_siteFooter(); echo $display; exit; }
$apellido = $db->checkInjection($_POST['apellido']); $dni = $db->checkInjection($_POST['dni']); $sexo = $db->checkInjection($_POST['sexo']); $celular = $db->checkInjection($_POST['celular']); $email = $db->checkInjection($_POST['email']); $pais = $db->checkInjection($_POST['pais']); $localidad = $db->checkInjection($_POST['localidad']); $login = $db->checkInjection($_POST['login']); $pass = $db->checkInjection($_POST['pass']); //Si eligio imagen y pudo subirse al server if (uploadPhoto("{$login}.jpg", 'login')) { $path = "../images/login/{$login}.jpg"; } else { $path = "../images/login/default.jpg"; } //Creo un jugador y le asigno los datos $j = new jugador($nombre, $apellido, $dni, $sexo, $celular, $email, $pais, $localidad, $login, '', '', $path); //Creo el Salt y Hasheo la password $salt = $j->createSalt(); $hashedpass = $j->createHash($pass, $salt); //Asigno el halt y el pass al objeto $j->setSalt($salt); $j->setPass($hashedpass); if (!$j->exists()) { $j->objectToDb(); } else { alertMessage('El Jugador ya existe'); } } //Traigo la vista include_once "../view/register.php";
if ($submit != $LANG_GF01['CANCEL']) { if ($msg == 1) { $display .= COM_showMessageText($LANG_GF93['modadded']); } if ($msg == 2) { $display .= COM_showMessageText($LANG_GF93['moddeleted']); } if ($msg == 3) { $display .= COM_showMessageText($LANG_GF93['modedited']); } } $display .= COM_startBlock($LANG_GF93['mod_title']); $navbar->set_selected($LANG_GF06['4']); $display .= $navbar->generate(); if (DB_count($_TABLES['forum_forums']) == 0) { $display .= alertMessage($LANG_GF93['moderatorwarning'], $LANG_GF93['moderatorwarningtitle']); } else { if ($submit != $LANG_GF01['CANCEL']) { $id = isset($_POST['recid']) ? COM_applyFilter($_POST['recid'], true) : ''; $op = isset($_POST['op']) ? COM_applyFilter($_POST['op']) : ''; switch ($op) { case 'update': if ($id > 0 && SEC_checkToken()) { if (!isset($_POST["chk_delete{$id}"])) { $mod_delete = "0"; } else { $mod_delete = "1"; } if (!isset($_POST["chk_ban{$id}"])) { $mod_ban = "0"; } else {
$updateQuery = "UPDATE agents SET firstName ='" . $firstName . "', lastName ='" . $lastName . "', \n\t\t\t\t\t\t\t\t\t\tphone =" . $phone . ", email ='" . $email . "' WHERE agentUsername like '" . $_SESSION['valid_user'] . "'"; } else { if ($_SESSION['userType'] == 'c') { $updateQuery = "UPDATE customers SET firstName ='" . $firstName . "', lastName ='" . $lastName . "', \n\t\t\t\t\t\t\t\t\t\tphone =" . $phone . ", email ='" . $email . "' WHERE customerUsername like '" . $_SESSION['valid_user'] . "'"; } } if (mysqli_query($conn, $updateQuery)) { $message = 'Edit Account Info Successful!'; } else { $message = 'Error: Unable to save changes into database.'; } } else { $message = 'Error: All fields must be filled.'; } if (isset($message)) { alertMessage($message); } //display alert message; } //display the navbar and account info. display_userNavbar(); if ($_SESSION['userType'] == 'a') { ?> <div class='container'> <table> <tr> <td valign="top"><?php display_agentMenu(); ?> </td> <td> </td>
<?php //Verifico la sesion include_once "../checkSession.php"; include_once "../functions.php"; $checkArray = array('nombre', 'grupo'); if (checkAllPost($checkArray)) { //Traigo las clases Antes del POST para ver los grupos en la barra izquierda include_once "../classes/jugador.php"; include_once "../classes/grupo.php"; include_once "../security.php"; //Mysql Inyection $db = new Database(); $nombre = $db->checkInjection($_POST['nombre']); $id = $db->checkInjection($_POST['grupo']); //Subo la foto al server si la eligio, sino sigo de largo uploadPhoto("{$id}.jpg", 'grupos'); $path = "../images/grupos/{$id}.jpg"; $g = new grupo(); //Le asigno los datos al grupo creado arriba $g->setNombre($nombre); $g->setFoto($path); $g->setId($id); //Guardo el objeto en la Db if ($g->update()) { alertMessage("Grupo Actualizado con Éxito"); } else { alertMessage("Hubo un error Actualizando al Grupo"); } } //Fin si esta seteado el nombre del grupo
USES_forum_topic(); function ff_FormatForPrint($str, $postmode = 'html', $status = 0) { global $_FF_CONF; $str = FF_formatTextBlock($str, $postmode, 'preview', $status); $str = str_replace('{', '{', $str); $str = str_replace('}', '}', $str); // we don't have a stylesheet for printing, so replace our div with the style... // $str = str_replace('<div class="quotemain">','<div style="border: 1px dotted #000;border-left: 4px solid #8394B2;color:#465584; padding: 4px; margin: 5px auto 8px auto;">',$str); return $str; } $id = COM_applyFilter($_REQUEST['id'], true); if ($_FF_CONF['registration_required'] && COM_isAnonUser()) { echo COM_siteHeader(); echo COM_startBlock(); alertMessage($LANG_GF02['msg01'], $LANG_GF02['msg171']); echo COM_endBlock(); echo COM_siteFooter(); exit; } //Check is anonymous users can access if ($id == 0 or DB_count($_TABLES['ff_topic'], "id", (int) $id) == 0) { echo COM_siteHeader(); echo FF_statusMessage($LANG_GF02['msg166'], $_CONF['site_url'] . "/forum/index.php?forum={$forum}", $LANG_GF02['msg166']); echo COM_siteFooter(); exit; } $forum = DB_getItem($_TABLES['ff_topic'], "forum", "id=" . (int) $id); $query = DB_query("SELECT grp_name from {$_TABLES['groups']} groups, {$_TABLES['ff_forums']} forum WHERE forum.forum_id=" . (int) $forum . " AND forum.grp_id=groups.grp_id"); list($groupname) = DB_fetchArray($query); if (!SEC_inGroup($groupname) and $grp_id != 2) {
if (isset($_POST['login']) && isset($_POST['pass'])) { include_once "../classes/conexiones.php"; include_once "../classes/jugador.php"; include_once "../functions.php"; $db = new Database(); $login = $db->checkInjection($_POST['login']); $pass = $db->checkInjection($_POST['pass']); //Creo un jugador $j = new jugador(); $j->setLogin($login); //Si encuentra el login if ($j->exists()) { //Traigo el jugador $j->xLogin($login); //Chequeo que la password sea correcta if ($j->checkPassword($pass)) { $j->createSession(); header("Location: ../controller/index.php"); exit; } else { alertMessage('Pass incorrecto', '../controller/login.php'); exit; } } else { //Log incorrecto alertMessage('User incorrecto', '../controller/login.php'); exit; } } //Traigo la vista include_once "../view/login.php";
$promptform .= '</FORM></div>'; $alertmessage = sprintf($LANG_GF03['splittopicmsg'], $topictitle, $poster, $postdate[0]); alertMessage($alertmessage, $LANG_GF02['msg182'], $promptform); } } } elseif ($modfunction == 'banip' and forum_modPermission($forum, $_USER['uid'], 'mod_ban') and $fortopicid != 0) { $iptobansql = DB_query("SELECT ip FROM {$_TABLES['gf_topic']} WHERE id='{$fortopicid}'"); $forumpostipnum = DB_fetchArray($iptobansql); if ($forumpostipnum['ip'] == '') { alertMessage($LANG_GF02['msg174']); exit; } $alertmessage = '<p>' . $LANG_GF02['msg68'] . '</p><p>'; $alertmessage .= sprintf($LANG_GF02['msg69'], $forumpostipnum['ip']) . '</p>'; $promptform = '<p><FORM ACTION="' . $_CONF['site_url'] . '/forum/moderation.php" METHOD="POST">'; $promptform .= '<INPUT TYPE="hidden" NAME="hostip" VALUE="' . $forumpostipnum['ip'] . '">'; $promptform .= '<INPUT TYPE="hidden" NAME="confirmbanip" VALUE="1">'; $promptform .= '<INPUT TYPE="hidden" NAME="forum" VALUE="' . $forum . '">'; $promptform .= '<INPUT TYPE="hidden" NAME="fortopicid" VALUE="' . $fortopicid . '">'; $promptform .= '<CENTER><INPUT TYPE="submit" NAME="submit" VALUE="' . $LANG_GF01['CONFIRM'] . '">'; $promptform .= ' <INPUT TYPE="submit" NAME="submit" VALUE="' . $LANG_GF01['CANCEL'] . '">'; $promptform .= '</CENTER></FORM></p>'; alertMessage($alertmessage, $LANG_GF02['msg182'], $promptform); } else { alertMessage($LANG_GF02['msg71'], $LANG_GF01['WARNING']); } } else { alertMessage($LANG_GF02['msg72'], $LANG_GF01['ACCESSERROR']); } gf_siteFooter(); exit;
private function exibeMenu() { if (!isset($_SESSION)) { session_start(); } if (!isset($_SESSION['restaurante'])) { session_destroy(); alertMessage("Erro ao tentar acessar a página.Por favor faça o login novamente!", base_url()); exit; } $arrayDadosTela = null; //Buscar dados do Restaurante $this->load->model("admin/Restaurante_model", "mRest"); $listaRestaurante = $this->mRest->listaRestaurante($_SESSION['restaurante']); if (empty($listaRestaurante)) { session_destroy(); alertMessage("Erro ao processar dados do restaurante.\nPor favor faça o login novamente.", base_url()); exit; } foreach ($listaRestaurante as $dadosRestaurante) { $arrayDadosTela['nomeRestaurante'] = $dadosRestaurante['nomeRestaurante']; $listaImagemPrincipal = $this->mRest->listaImagensRestaurante($_SESSION['restaurante'], null, 'S'); if (!empty($listaImagemPrincipal) && isset($listaImagemPrincipal[0]['imagem']) && !empty($listaImagemPrincipal[0]['imagem'])) { $arrayDadosTela['imagemRestaurante'] = base_url("web-files/imagens/restaurantes/{$_SESSION['restaurante']}/imagens/{$listaImagemPrincipal[0]['imagem']}"); } } //------------------------------------------------------------------------------------ $this->load->view("menu", $arrayDadosTela); }