public function frontend($variables)
 {
     require_once 'classes/userSession.php';
     global $classUserSession;
     if (!isset($classUserSession)) {
         $classUserSession = new userSession();
     }
     //If logging in...
     if (isset($_POST['loginDialogueUsername'])) {
         echo "<div class='loginDialogue postInformation'>";
         if ($classUserSession->startSession($_POST['loginDialogueUsername'], $_POST['loginDialoguePassword'])) {
             echo 'Login successful.';
         } else {
             echo 'Could not confirm user details provided.';
         }
         echo '</div>';
     }
     //If logging out...
     if (isset($_POST['loginDialogueLogout'])) {
         if ($_POST['loginDialogueLogout'] == 1) {
             $classUserSession->endSession();
         }
     }
     //To display
     if ($classUserSession->checkSession() == true) {
         echo "<div class='loginDialogue'><form id='loginDialogue' action='?' method='post'>" . "<input type='hidden' name='loginDialogueLogout' value='1'>" . "<div class='loginDialogue logout submit'><input type='submit' value='Logout'></div>" . '</form></div>';
     } else {
         echo "<div class='loginDialogue'><form id='loginDialogue' action='?' method='post'>" . "<div class='loginDialogue username'>Username: <input type='text' name='loginDialogueUsername' required'></div>" . "<div class='loginDialogue password'>Password: <input type='password' name='loginDialoguePassword'></div>" . "<div class='loginDialogue submit'><input type='submit' value='Submit'></div>" . '</form></div>';
     }
 }
Esempio n. 2
0
 public function frontend($variables)
 {
     global $classDatabase;
     global $classPageInfo;
     require_once 'classes/userDetails.php';
     global $classUserDetails;
     if (!isset($classUserDetails)) {
         $classUserDetails = new userDetails();
     }
     require_once 'classes/userSession.php';
     global $classUserSession;
     if (!isset($classUserSession)) {
         $classUserSession = new userSession();
     }
     if ($classPageInfo->permissionWrite) {
         //POST reply
         //Only post if a $_POST['threadID'] is given
         if (isset($_POST['threadID'])) {
             echo "<div class='postReply postInformation'>";
             if (str_replace(' ', '', $_POST['textArea']) == '') {
                 echo 'Your reply requires some text!';
             } else {
                 $userCheck = false;
                 if ($classUserSession->checkSession()) {
                     $userCheck = true;
                 } else {
                     if (isset($_POST['username']) && isset($_POST['password'])) {
                         $userCheck = $classUserDetails->checkDetails($_POST['username'], $_POST['password']);
                     }
                 }
                 if ($userCheck) {
                     $userIdent = 0;
                     if ($classUserSession->checkSession()) {
                         $userIdent = $classUserSession->returnUserID();
                     } else {
                         $userIdent = $classDatabase->psUserSelectIDWhereUsernameEquals($_POST['username']);
                     }
                     $classDatabase->psPostsInsertThreadIDTextCreateTimeCreateIPuserID($_POST['threadID'], strip_tags($_POST['textArea']), date('Y-m-d H:i:s'), $_SERVER['REMOTE_ADDR'], $userIdent);
                     $classDatabase->psThreadsIncrementTotalRepliesWhereIDEquals($_POST['threadID']);
                     $classDatabase->psThreadsBumporderPointWhereIDEquals($_POST['threadID']);
                 } else {
                     echo 'Could not confirm user details provided.';
                 }
             }
             echo '</div>';
         }
         //Display form
         echo "<div class='createReply form'><form id='createReplyForm' action='?' method='post'>" . "<div class='createReply head'>Reply to thread:</div>" . "<div class='createReply text'>Text: <textarea form='createReplyForm' name='textArea' rows='6'></textarea></div>" . "<div class='createReply static'>" . "<input type='submit' value='Submit'>";
         if (!$classUserSession->checkSession()) {
             echo "<div class='createReply userDetails'>" . "<div class='createReply username'>Username: <input type='text' name='username' value='anonymous'></div>" . "<div class='createReply password'>Password: <input type='password' name='password'></div>" . '</div>';
         }
         echo "<div class='createReply boardID'>Thread ID: <input type='text' name='threadID' readonly required value='{$classPageInfo->threadID}'></div>" . "<div class='createReply markupLink'>Formatting Markup</div>" . '</div>' . '</form></div>';
     }
 }
Esempio n. 3
0
 public function frontend($variables)
 {
     global $classDatabase;
     global $classPageInfo;
     require_once 'classes/userDetails.php';
     global $classUserDetails;
     if (!isset($classUserDetails)) {
         $classUserDetails = new userDetails();
     }
     require_once 'classes/userSession.php';
     global $classUserSession;
     if (!isset($classUserSession)) {
         $classUserSession = new userSession();
     }
     if ($classPageInfo->permissionWrite) {
         echo "<div class='createThread form'><form id='createThreadForm' action='?' method='post'>" . "<div class='createThread head'>Create a new thread:</div>" . "<div class='createThread title'>Title: <input type='text' name='threadTitle' required'></div>";
         if (!$classUserSession->checkSession()) {
             echo "<div class='createThread userDetails'>" . "<div class='createThread username'>Username: <input type='text' name='username' value='anonymous'></div>" . "<div class='createThread password'>Password: <input type='text' name='password'></div>" . '</div>';
         }
         echo "<div class='createThread link'>Link: <input type='text' name='subject'></div>" . "<div class='createThread text'>Text: <textarea form='createThreadForm' name='textArea' rows='6'></textarea></div>" . "<div class='createThread static'>" . "<input type='submit' value='Submit'>" . "<div class='createThread markupLink'>Formatting Markup</div>" . "<div class='createThread boardID'>Board ID: <input type='text' name='boardID' readonly required value='{$classPageInfo->boardID}'></div>" . '</div>' . '</form></div>';
         //POST THREAD
         //Only post if a $_POST['boardID'] is given
         if (isset($_POST['boardID'])) {
             echo "<div class='postThread postInformation'>";
             if (str_replace(' ', '', $_POST['threadTitle']) == '') {
                 echo 'Your post requires a title.';
             } else {
                 $userCheck = false;
                 if ($classUserSession->checkSession()) {
                     $userCheck = true;
                 } else {
                     if (isset($_POST['username']) && isset($_POST['password'])) {
                         $userCheck = $classUserDetails->checkDetails($_POST['username'], $_POST['password']);
                     }
                 }
                 if ($userCheck) {
                     $userIdent = 0;
                     if ($classUserSession->checkSession()) {
                         $userIdent = $classUserSession->returnUserID();
                     } else {
                         $userIdent = $classDatabase->psUserSelectIDWhereUsernameEquals($_POST['username']);
                     }
                     $classDatabase->psThreadsInsertBoardIDTitleLinkTextCreateTimeCreateIPUserID_Bump($_POST['boardID'], strip_tags($_POST['threadTitle']), strip_tags($_POST['subject']), strip_tags($_POST['textArea']), date('Y-m-d H:i:s'), $_SERVER['REMOTE_ADDR'], $userIdent);
                 } else {
                     echo 'Could not confirm user details provided.';
                 }
             }
             echo '</div>';
         }
     }
 }
 public function determine()
 {
     global $classDatabase;
     if (!isset($classDatabase)) {
         $classDatabase = new database();
     }
     global $classPageInfo;
     //If no bid, tid or sid is given user must be trying to access the home page!
     if (current(array_keys($_GET)) == null) {
         $classPageInfo->pageID = 1;
         return 'home';
     }
     //Set page number (For results in boards and threads)
     if (isset($_GET['page'])) {
         $classPageInfo->pageNum = $_GET['page'];
     } else {
         $classPageInfo->pageNum = 1;
     }
     //If the first key is 'bid' (Board  ID)
     if (current(array_keys($_GET)) == 'bid') {
         $classPageInfo->boardTitle = $_GET['bid'];
         $board = $classDatabase->psBoardSelectIDWhereBoardTitleEquals($_GET['bid']);
         //Get permissions for current user in this board's category
         require_once 'classes/userSession.php';
         global $classUserSession;
         if (!isset($classUserSession)) {
             $classUserSession = new userSession();
         }
         $classPageInfo->pageCatagory = $classDatabase->psBoardSelectCategoryIDWhereBoardIDEquals($board);
         $classPageInfo->permissionRead = $classUserSession->checkPermissions($classPageInfo->pageCatagory, 1);
         $classPageInfo->permissionWrite = $classUserSession->checkPermissions($classPageInfo->pageCatagory, 2);
         $classPageInfo->permissionModerate = $classUserSession->checkPermissions($classPageInfo->pageCatagory, 3);
         //If the second key is 'tid' (Thread ID)
         if (next(array_keys($_GET)) == 'tid') {
             //It must be trying to link to a thread, but does the thread exist within this board?
             $thread = $classDatabase->psThreadsSelectIDWhereBoardTitleEquals($_GET['bid'], $_GET['tid']);
             if ($thread != null && $classPageInfo->permissionRead) {
                 //The thread exists, direct user to page that displays thread ONLY if we have read permission for the page
                 $classPageInfo->pageID = 3;
                 return 'thread';
             }
             //If the thread doesn't exist, go on to see if the board does.
         }
         //If not, it must be trying to link to a board, but does the board exist? Only return yes if it does and we have permission
         if ($board != null && $classPageInfo->permissionRead) {
             $classPageInfo->pageID = 2;
             return 'board';
         }
         /*else { Commented out. 404 in the case permissions are bad or that we don't have that board now.
                         //If the board doesn't exist just send the user to the home page
                         $classPageInfo->pageID = 1;
         
                         return 'home';
                     }*/
     }
     //If not it might be a static page
     if (isset($_GET['sid'])) {
         //But down that static page exist?
         $staticPages = $classDatabase->psPagesSelectIDCatagoryWhereTitleEquals($_GET['sid']);
         if ($staticPages[0] != null) {
             //The page exists, but do we have view/read permission for the page in question
             require_once 'classes/userSession.php';
             global $classUserSession;
             if (!isset($classUserSession)) {
                 $classUserSession = new userSession();
             }
             if ($staticPages[1] == 0 || $classUserSession->checkPermissions($staticPages[1], 1)) {
                 //A page with cat of 0 will be assumed public as defined in database...
                 //We have permission, return the name back!
                 $classPageInfo->pageID = $staticPages[0];
                 return $_GET['sid'];
             }
         }
     }
     //If not it must be a 404?
     $classPageInfo->pageID = 4;
     return '404';
 }
Esempio n. 5
0
<?php

include 'includes.php';
session_start();
$username = @$_REQUEST['username'];
$password = @$_REQUEST['password'];
$session = @$_GET['session'];
class userSession
{
    function startSession($username, $password)
    {
        if (validateConnexion($username, $password)) {
            @($_SESSION['user'] = $username);
            //setcookie('user',$username,time()+365*24*3600);
        }
    }
    function endSession()
    {
        session_destroy();
    }
}
$userSession = new userSession();
if ($session === 'start') {
    $userSession->startSession($username, $password);
} else {
    if ($session === 'end') {
        $userSession->endSession();
    }
}
header('Location: index.php');