/
password.php
executable file
·168 lines (127 loc) · 5.07 KB
/
password.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
<?php
session_start();
require("functions.php");
function changecr($title) {
if(!check('CR')) header('location:login.php');
else {
include('config/globals.php');
$p = $_SERVER['QUERY_STRING'];
$reg = "/^".$globalbranch."[1-".$classno."]{1}$/";
if(preg_match($reg,$p)) {
include 'config/db.php';
include 'config/settings.php';
$dbname = $branchyear.'_Users';
$table = $branchyear.'_Students';
//if(!mysql_select_db($dbname)) die(mysql_error());
$userid = $_SESSION['UserId'];
$q = "select Branch,Class from $table where Id = '$userid'";
$res = mysql_query($q) or die(mysql_error());
$row = mysql_fetch_array($res);
$branch = $row['Branch'];
$class1 = $row['Class'];
$class = substr($p,-1);
if($class != $class1) echo "Your not from $branch $class";
else {
echo "<!DOCTYPE html>\n<html>\n";
display_headers($title);
echo "\n<body>";
menu();
$array=array_merge(range(0,9));
shuffle($array);
$crkey="";
for($i=0;$i<6;$i++) $crkey.=$array[$i];
echo <<< a
<div class='container'>
<div id="error" style="display:none;"></div>
<div class='row'>
<div class='span9'>
<div class="well well-large" style="background:#FFF;height:450px;">
a;
if(isset($_POST["Generate"])){
$id = addslashes($_POST['IdNo']);
$key = addslashes($_POST['Key']);
$Skey = addslashes($_POST['Skey']);
$dbname = $branchyear.'_Users';
$table = $branchyear.'_Students';
//if(!mysql_select_db($dbname)) die(mysql_error());
$userid1 = $_SESSION['UserId'];
$userid = $id;
$q = "select Name,Branch,Class,Gender from $table where Id = '$userid'";
$res = mysql_query($q) or die(mysql_error());
$row = mysql_fetch_array($res);
$name = ucwords(strtolower($row['Name']));
$branch = $row['Branch'];
$class2 = $row['Class'];
$dbname = $branchyear.'_Users';
$table = $branchyear.'_CRs';
//if(!mysql_select_db($dbname)) die(mysql_error());
$q = "select Id,`Key` from $table where Id = '$userid1'";
$res = mysql_query($q) or die(mysql_error());
$row = mysql_fetch_array($res);
$key1 = $row['Key'];
if($key1 != $Skey) {
echo "<script>show_error('<b>Error </b> : CR Security Key does not matched. Please try again.. ');</script>";
}
else {
if(($class2 == $class) ) {
$dbname = $branchyear.'_Logs';
$table = $branchyear.'_Passwords';
//if(!mysql_select_db($dbname)) die(mysql_error());
$q = "select `EndTime`, `Code` from `$table` where `To` = '$userid';";
$res = mysql_query($q) or die(mysql_error());
$n = mysql_num_rows($res);
$StartTime = date('d-m-Y H:i:s');
$end = "";$dif = 0;$code="";
while ($row = mysql_fetch_array($res)){
$end = $row['EndTime'];
$dif = strtotime($end)-strtotime($StartTime);
$code = $row['Code'];};
if(($dif <= 7200 && $dif > 0 ) && $n) echo "<script>show_error('<b>Error </b> : <b>$userid</b> is already assigned <b class=\'text-success\'>$code</b> till <b class=\'text-success\'>$end</b> ');</script>";
else {
$EndTime = date('d-m-Y H:i:s', mktime(date('H')+2 ));
$ip = $_SERVER['REMOTE_ADDR'];
$q1 = mysql_query("insert into $table ( `To`, `Code`, `CreatedBy`, `StartTime`,`EndTime`, `Status`,`IP` ) values ( '$id', '$key' , '$userid1', '$StartTime', '$EndTime', 'valid','$ip');") or die(mysql_error());
insert_log($_SESSION['UserId']."created security key for $id ");
echo "<script>show_success('To change password of $id use the security pin <u class=\'text-error\'>$key</u> valid up to <u class=\'text-error\'>$EndTime</u> ');</script>";
}
}
else echo "<script>show_error('<b>Error </b> : <b>$userid</b> is not from the <b>$branch $class </b> Please try again.. ');</script>";
}
}
echo <<< a
<div id="step1">
<h4>Security Codes @ $branch $class </h4>
<h6>      Provide requesting Student Id </h6>
<form action="?$p" method="POST" onsubmit="return check_id();" id="password">
<br>
<h5>Student ID No : </h5>
<input type="text" class="input-large" placeholder="N090001" id="Idno" name="IdNo" maxlength="7" /><br>
<h5>Your Security Key : </h5>
<input type="text" class="input-large" placeholder="Security Key" id="Skey" name="Skey" maxlength="9" /><br>
<!--<h5>Security Key : </h5>-->
<input type="hidden" class="input-large" readonly=readonly name="Key" value="$crkey" >
<br><input type="submit" class="btn btn-primary" name="Generate" value = "Continue →" />
</form>
</div>
</div>
</div>
<div class='span3'>
a;
go_home();
sidepanel();
echo <<< a
</div>
</div>
</div>
</div>
a;
echo "</div></div>";
display_footer();
echo "\n</body>\n</html>";
}
}
else echo "<script type='text/javascript'>document.location.href='404.php';</script>";
}
}
changecr("Attendance Portal - Generate Password ");
?>