Esempi in PHP per isAuthorised

Esempio n. 1

File: publicProject.php Progetto: TrienDo/SHARC20

<?php

require "utils.php";
try {
    //Get data from client
    connectDB();
    $proAuthID = htmlspecialchars($_POST['proAuthID']);
    $proPath = htmlspecialchars($_POST['proPath']);
    if (!isAuthenticate($proAuthID)) {
        $response["success"] = -1;
        $response["message"] = '401 - Unauthorized';
        echo json_encode($response);
        return;
    }
    if (!isAuthorised($proAuthID, $proPath)) {
        $response["success"] = -1;
        $response["message"] = '403 - Forbidden';
        echo json_encode($response);
        return;
    }
    $proAccess = htmlspecialchars($_POST['proAccess']);
    $proSummary = htmlspecialchars($_POST['proSummary']);
    $proDesc = htmlspecialchars($_POST['proDesc']);
    $proThumbnail = htmlspecialchars($_POST['proThumbnail']);
    $proSize = htmlspecialchars($_POST['proSize']);
    //Insert meta data into with MySQL
    mysql_query("update projects set proAccess = '{$proAccess}', proDesc = '{$proDesc}',  proSize = '{$proSize}', proSummary = '{$proSummary}', proThumbnail = '{$proThumbnail}' where proPath = '{$proPath}'");
    //Display results
    $response["success"] = 1;
    $response["message"] = $proAccess;
    echo json_encode($response);

Esempio n. 2

File: updateDesignerExperience.php Progetto: TrienDo/SHARC20

$auEmail = htmlspecialchars($_POST['auEmail']);
$mTime = date('d-m-Y H:i:s');
//get experience info
$proName = htmlspecialchars($_POST['proName']);
$proPath = htmlspecialchars($_POST['proPath']);
$proDesc = htmlspecialchars($_POST['proDesc']);
$proAuthID = htmlspecialchars($_POST['proAuthID']);
$proAccess = htmlspecialchars($_POST['proAccess']);
try {
    if (!isAuthenticate($auID)) {
        $response["success"] = -1;
        $response["message"] = '401 - Unauthorized';
        echo json_encode($response);
        return;
    }
    if (!isAuthorised($auID, $proPath)) {
        $response["success"] = -1;
        $response["message"] = '403 - Forbidden';
        echo json_encode($response);
        return;
    }
    $result = mysql_query("select * from users where userID = '{$auID}'");
    // Check result
    // This shows the actual query sent to MySQL, and the error. Useful for debugging.
    if (!$result) {
        $message = 'Invalid query: ' . mysql_error() . "\n";
        die($message);
    } else {
        // check for empty result --> add new user
        if (mysql_num_rows($result) == 0) {
            mysql_query("insert into users (userID,userName,userEmail,userLastLogin) values('{$auID}','{$auName}','{$auEmail}','{$mTime}')");