Esempio n. 1
0
function main_display()
{
    $status = session_status();
    switch ($status) {
        case PHP_SESSION_DISABLED:
            /*display_login_form();*/
            break;
        case PHP_SESSION_ACTIVE:
            if (checkLogged()) {
            } else {
                /*session_destroy();*/
                display_register_form();
            }
            break;
        case PHP_SESSION_NONE:
            /*display_login_form();*/
            break;
        default:
            break;
    }
}
Esempio n. 2
0
<?php

require_once '../../resources/security/security.php';
$module_id = 10;
$module_name = "Quản lý thành viên";
//check đăng nhập và bảo mật
checkLogged();
//Check access module...
checkAccessModule($module_id);
$bg_errorMsg = '';
$bg_table = 'users';
$id_field = 'use_id';
$name_field = 'use_name';
$bg_filepath = '../../../pictures/avatar/';
$bg_extension = 'jpg,jpe,png,gif,jpeg';
$limit_size = 1200;
$arr_resize = array("small_" => array("quality" => 100, "width" => 240, "height" => 135), "medium_" => array("quality" => 100, "width" => 400, "height" => 225));
Esempio n. 3
0
<?php

include 'header.php';
include "getInputSafe.php";
if (!checkLogged()) {
    header("Location: main.php");
    //?errorMsg=".urlencode("Illegal Access to Upload Event page!"));
    return '';
}
$valid_user = validate_user();
$id = $_GET['id'];
if (!validateInput($number_match, $id)) {
    header("Location: main.php?errorMsg=" . urlencode("Illegal DATA in GET to Access an Event!"));
    return '';
}
//get userlist
$stmt = $dbh->prepare("SELECT * from users");
$stmt->execute(array());
$users = $stmt->fetchAll();
//get event
$stmt = $dbh->prepare("SELECT * from events \n   INNER JOIN users\n   ON users.id=events.owner\n   INNER JOIN eventTypes\n   ON eventTypes.id=events.eventtype\n   WHERE events.id_event= ?");
$stmt->execute(array($id));
$event_info = $stmt->fetchAll();
if ($_SESSION['login_user'] != $event_info[0]['owner']) {
    header("Location: main.php?");
    return '';
}
?>
<!DOCTYPE HTML>
<html>
  <head>
Esempio n. 4
0
<?php

include 'header.php';
include 'getInputSafe.php';
include 'bmp_converter.php';
//this var should save previous inputs incase the upload fails,
//so that the user doesnt have to input everything again
//$get_for_failed;
if ($_POST['create_event_token'] !== $_SESSION['create_event_token'] || !checkLogged() || !validate_user()) {
    session_destroy();
    header("Location: main.php?errorMsg=" . urlencode("Illegal Upload Event try!"));
    return '';
}
//error msgs - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - -
$image_type_error = "No valid image was selected. File must be of type gif, jpeg, png or bmp.";
$chars_error = "Please do not use symbols or special characters.";
$invalid_title_error = "Invalid Title.";
$invalid_title_error .= $chars_error;
$invalid_description_error = "Invalid description.";
$invalid_description_error .= $chars_error;
$invalid_date = "Invalid Date.";
$impossible_event_date = "The chosen date has already passed.";
//verify if input is valid - - - - - - - - -  - - - - - - - - - - - - - - -
//validate date
$event_date = date("Y-m-d", strtotime($_POST['event_date']));
$current_datetime = date("Y-m-d H:i:s");
if (!validate_date($event_date)) {
    header("Location: create_event.php?errorMsg=" . urlencode($invalid_date));
    return '';
}
if (strtotime($event_date) - strtotime($current_datetime) < 0) {
Esempio n. 5
0
<?php

session_start();
error_reporting(E_ALL);
require_once "../functions/functions.php";
require_once "../classes/database.php";
require_once '../includes/inc_constant.php';
require_once "resources/security/functions.php";
require_once "resources/security/functions_1.php";
checkLogged('login.php');
$isAdmin = getValue('isAdmin', 'int', 'SESSION', 0);
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="vi" lang="vi" xmlns:og="http://ogp.me/ns#"
      xmlns:fb="https://www.facebook.com/2008/fbml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <title>Administrator Managerment</title>
    <link rel="stylesheet" type="text/css" href="resources/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="resources/css/font-awesome.min.css"/>
    <link rel="stylesheet" type="text/css" href="resources/js/enscroll.css"/>
    <link rel="stylesheet" type="text/css" href="resources/css/common.css"/>
    <link rel="stylesheet" type="text/css" href="resources/css/home.css"/>
    <script src="resources/js/jquery.js" type="text/javascript"></script>
    <script src="resources/js/enscroll-0.5.5.min.js" type="text/javascript"></script>
    <script src="resources/js/home.js" type="text/javascript"></script>
    <script src="resources/js/bootstrap.min.js" type="text/javascript"></script>
</head>
<body>
<div id="logocms">
    <?php 
Esempio n. 6
0
<?php

include "header.php";
$event_id = $_POST['id'];
$dbh = new PDO('sqlite:database.db');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $dbh->prepare("SELECT owner from events\n\t\t\t\t\t\t\tWHERE id_event=?");
$stmt->execute(array($event_id));
$owner = $stmt->fetch();
if (!checkLogged() || $_SESSION['login_user'] != $owner['owner']) {
    session_destroy();
    header("Location: main.php?errorMsg=" . urlencode("Illegal event invitation!"));
    return '';
}
if (isset($_POST['invite'])) {
    if (is_array($_POST['invite'])) {
        foreach ($_POST['invite'] as $user_id) {
            $dbh = new PDO('sqlite:database.db');
            $dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
            $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
            $stmt = $dbh->prepare("INSERT OR IGNORE INTO invitations (user_id,event_id) VALUES (?,?)");
            $stmt->execute(array($user_id, $event_id));
        }
    } else {
        $user_id = $_POST['invite'];
        $dbh = new PDO('sqlite:database.db');
        $dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $stmt = $dbh->prepare("INSERT INTO invitations VALUES (?,?)");
        $stmt->execute(array($user_id, $event_id));
Esempio n. 7
0
<?php

include 'header.php';
include 'getInputSafe.php';
include 'bmp_converter.php';
if (!checkLogged() || !validate_user()) {
    session_destroy();
    header("Location: main.php?errorMsg=" . urlencode("Illegal Upload Image try!"));
    return '';
}
//error msgs - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - -
$image_type_error = "No valid image was selected. File must be of type gif, jpeg, png or bmp.";
// Database connection
$dbh = new PDO('sqlite:database.db');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//validate image
$image_type = exif_imagetype($_FILES['image']['tmp_name']);
if ($image_type == null) {
    //header("Location: ". str_replace( "?errorMsg=".urlencode($image_type_error),"",$_SERVER['HTTP_REFERER'])."?errorMsg=".urlencode($image_type_error));
    return '';
}
$file_extension;
switch ($image_type) {
    case IMAGETYPE_GIF:
        $file_extension = "gif";
        break;
    case IMAGETYPE_JPEG:
        $file_extension = "jpg";
        break;
    case IMAGETYPE_PNG:
Esempio n. 8
0
<?php

include "configRoot.php";
include "includes/requestHeader.php";
$lg = checkLogged();
if ($lg) {
    Header('Location:./main/');
}
Esempio n. 9
0
function validate_user()
{
    global $login_validation_result_msg;
    $login_validation_result_msg = "MMMMM";
    if (!(session_status() === PHP_SESSION_ACTIVE)) {
        return false;
    }
    if (!checkLogged()) {
        $login_validation_result_msg = "Username or Password is not correct.";
        return false;
    }
    $db = new PDO('sqlite:database.db');
    $stmt = $db->prepare('SELECT username,active FROM users WHERE id = ?');
    $stmt->execute(array($_SESSION['login_user']));
    $result = $stmt->fetchAll();
    if (count($result) < 1 || strtolower($result[0]['username']) != strtolower($_SESSION['login_username'])) {
        $login_validation_result_msg = "Invalid User.";
        return false;
    }
    if (count($result) != 1) {
        $login_validation_result_msg = "A problem occurred. Your account is blocked, please contact us.";
        return false;
    }
    if ($result[0]['active'] != 1) {
        $login_validation_result_msg = "This account has not been validated";
        return false;
    }
    return true;
}