Esempio n. 1
0
<?php

include_once "include_db.php";
include_once "include_functions.php";
checkUserSessionandCookie();
$username = $_SESSION["uname"];
$workid = @$_POST["fileupload_workid"];
$uploadname = basename($_FILES['uploadedfile']['name']);
$ruri = @$_POST["fileupload_requestURI"];
$tmp_uploadedOn = get_currentPHPTimestamp();
$tmp = getDirectorySize($target_path);
$currentsize = $tmp['size'];
$maxallowed = $_SESSION["pkgSpaceMb"] * 1024 * 1024;
// convert Mb into bytes
if ($currentsize > $maxallowed) {
    echo "<h1>You do not have enough free space for uploading any new files ! </h1>";
    exit;
}
Task_LogSystemComment($workid, "<B>{$username}</B> has uploaded file '{$uploadname}' {$thisfilesize}");
logUserEvent('Uploaded attachment to ' . $workid);
$fp = fopen($_FILES['uploadedfile']['tmp_name'], 'r');
$fp_size = filesize($_FILES['uploadedfile']['tmp_name']);
$somefile = bin2hex(fread($fp, $fp_size));
$success = execute_sqlInsert('attachments', array('workid' => $workid, 'uploadname' => $uploadname, 'uploadedby' => $username, 'filecontent' => $somefile, 'filesize' => $fp_size, 'uploadedOn' => $tmp_uploadedOn));
header("Location: " . $ruri);
Esempio n. 2
0
function loginUser($uname, $uepwd)
{
    global $DE_GLOBALS_USERLOGINERR;
    if ($uname == "sadmin") {
        $password = getVariableFromSadminTbl('sadminpass');
    } else {
        $password = executesql_returnArray("select password from users where username='{$uname}' and user_status='A' ;");
    }
    if (!$password || $password != $uepwd) {
        send_Action_Response('Fail', $DE_GLOBALS_USERLOGINERR);
    }
    $_SESSION["uname"] = "{$uname}";
    if (get_POST_var('setcuky') == 'true') {
        $cookieid = getaRandomString(32);
        setcookie(USERCOOKIENAME, $cookieid, time() + 7 * 24 * 3600);
        $success = execute_sqlInsert('cookies', array(username => $uname, cookieid => $cookieid, cookietime => 'CURRENT_TIMESTAMP'));
    }
    logUserEvent($uname . ' (User) Logged In');
    alertAppAdmin($uname . ' (User) Logged In');
    send_Action_Response('Success', 'To Welcome Page');
    exit;
}
Esempio n. 3
0
        exit;
    }
}
$ACTION = @$_POST["action"];
$USERNAME = $_SESSION["uname"];
if ($ACTION == 'doLogin' || $ACTION == 'sendLoginDetails') {
    // Do not check "if logged in" for these actions
} else {
    checkLogin_B4_Action();
}
switch ($ACTION) {
    case 'Logout':
        setcookie(USERCOOKIENAME, "", time() - 3600);
        session_unset();
        session_destroy();
        logUserEvent('User Logged Out');
        send_Action_Response('Success', 'Logged Out!');
        exit;
        break;
    case 'doLogin':
        $uname = get_POST_var("uname");
        $uepwd = get_POST_var("uepwd");
        loginUser($uname, $uepwd);
        exit;
        break;
    case 'updateUserPassword':
        $upwd_cpass = get_POST_var("upwd_cpass");
        $upwd_nupass = get_POST_var("upwd_nupass");
        $current_password = executesql_returnArray("select password from users where username='{$USERNAME}'");
        if ($current_password != $upwd_cpass) {
            send_Action_Response('Fail', 'Invalid Current Password!');