public function action()
{
if ($this->input->post('register')) {
$fname = $this->input->post('fname');
$lname = $this->input->post('lname');
$email = $this->input->post('email');
$phone = $this->input->post('phone');
$username = $this->input->post('username');
if ($fname and $lname and $email and $phone and $username) {
$data = ['fname' => $fname, 'lname' => $lname, 'email' => $email, 'phone' => $phone, 'username' => $username];
$ret = $this->users_model->insert($data);
if ($ret['status'] == 'OK') {
setMessage('Successfully Registered.', 'success');
//Email sending
//We have password in $ret['password']
echo $ret['password'];
//sredirect('Register/validation');
} else {
$message = "Error({$ret['error']['code']}): " . $ret['error']['message'];
setMessage($message, 'error');
redirect('Register');
}
} else {
setMessage('Please enter all fields', 'error');
$this->index();
}
}
}
public function logoff()
{
$this->session->unset_userdata(array('id' => '', 'nome' => '', 'email' => '', 'admin' => '', 'logged' => false));
$this->session->sess_destroy();
setMessage('logoff', 'Você saiu do sistema!', "Você realizou o logoff com sucesso. \n Esperamos você em breve!");
redirect('users/login/?msg=logoff');
}
function modify()
{
$db =& $this->db;
// Check the token
if (!Kit::CheckToken()) {
trigger_error('Token does not match', E_USER_ERROR);
}
$refer = Kit::GetParam('refer', _POST, _STRING);
$usertype = Kit::GetParam('usertype', _SESSION, _INT);
$ids = Kit::GetParam('id', _POST, _ARRAY);
$values = Kit::GetParam('value', _POST, _ARRAY);
$size = count($ids);
if ($usertype != 1) {
setMessage(__("Only admin users are allowed to modify settings"));
return $refer;
}
// Get the SettingId for LIBRARY_LOCATION
$SQL = sprintf("SELECT settingid FROM setting WHERE setting = '%s'", 'LIBRARY_LOCATION');
if (!($result = $db->query($SQL))) {
trigger_error($db->error());
trigger_error(__('Cannot find the Library Location Setting - this is serious.'), E_USER_ERROR);
}
if ($db->num_rows($result) == 0) {
trigger_error(__('Cannot find the Library Location Setting - this is serious.'), E_USER_ERROR);
}
$row = $db->get_row($result);
$librarySettingId = $row[0];
// Loop through and modify the settings
for ($i = 0; $i < $size; $i++) {
$value = Kit::ValidateParam($values[$i], _STRING);
$id = $ids[$i];
// Is this the library location setting
if ($id == $librarySettingId) {
// Check for a trailing slash and add it if its not there
$value = rtrim($value, '/') . '/';
// Attempt to add the directory specified
if (!file_exists($value . 'temp')) {
// Make the directory with broad permissions recursively (so will add the whole path)
mkdir($value . 'temp', 0777, true);
}
if (!is_writable($value . 'temp')) {
trigger_error(__('The Library Location you have picked is not writable'), E_USER_ERROR);
}
}
$SQL = sprintf("UPDATE setting SET value = '%s' WHERE settingid = %d ", $db->escape_string($value), $id);
if (!$db->query($SQL)) {
trigger_error($db->error());
trigger_error(__('Update of settings failed.'), E_USER_ERROR);
}
}
$response = new ResponseManager();
$response->SetFormSubmitResponse(__('Settings Updated'), false);
$response->Respond();
}
public function setPasswordAction()
{
$data = ['password' => $this->input->post('newPassword'), 'user_id' => $this->input->post('user_id'), 'access_token' => $this->input->post('access_token')];
if ($data['password']) {
$ret = $this->users_model->setPassword($data);
if (isset($ret['id'])) {
setMessage('Password changed successfully', 'success');
redirect(base_url('Logout'));
} else {
setMessage('Something goes wrong while changind password', 'error');
redirect(base_url('Logout'));
}
}
}
function doQuery()
{
global $sql;
global $link;
global $SiteErrorMessage;
global $NextURL;
//echo "$sql<br>";
if ($link->query($sql)) {
// good, send back to NextURL
$NextURL = "AdminActionPage.php";
header("Location: {$NextURL}");
} else {
// Error
setMessage($SiteErrorMessage, "AdminActionPage.php");
}
}
function pertingkat()
{
$this->form_validation->set_rules('isisms', 'Isi SMS', 'required');
if ($this->form_validation->run() === FALSE) {
$this->data['kls'] = $this->sms->get_data_tingkat();
$this->LoadView('broadcastsms/pertingkat', $this->data);
} else {
if (isset($_POST['j_action']) && $_POST['j_action'] == 'add_param') {
$ret = $this->sms->get_nohp_by_tingkat($_POST['kelas']);
foreach ($ret->result() as $q) {
$f['DestinationNumber'] = $q->TELP;
$f['TextDecoded'] = $_POST['isisms'];
$this->db->insert('outbox', $f);
$this->data['msg'] = setMessage('insert', 'broadcastsms/pertingkat');
$this->LoadView('template/msg', $this->data);
}
}
}
}
function data($id = '')
{
$this->form_validation->set_rules('db_NIS', 'NIS', 'required|callback_cek_deposit');
if ($this->form_validation->run() === FALSE) {
$this->LoadView('voucher/form', $this->data);
} else {
if (isset($_POST['j_action']) and $_POST['j_action'] !== '') {
if ($_POST['j_action'] == 'add_param') {
$d = parseForm($_POST);
$d['TGLAWAL'] = date('Y-m-d');
$d['SISAPULSA'] = $_POST['db_PULSA'];
$this->db->insert('pulsa', $d);
$this->data['msg'] = setMessage('insert', 'voucher');
$this->LoadView('template/msg', $this->data);
}
} else {
redirect('voucher');
}
}
}
function data($id = '')
{
$this->form_validation->set_rules('db_tanggal', 'Tanggal', 'required');
$this->form_validation->set_rules('db_NIS', 'NIS', 'required');
if ($this->form_validation->run() === FALSE) {
$this->load->model('referensi_model', 'ref');
$this->data['ta'] = $this->ref->get_ta_aktif();
$this->data['sem'] = $this->ref->get_sem_aktif();
$this->LoadView('absensi/form', $this->data);
} else {
if (isset($_POST['j_action']) and $_POST['j_action'] !== '') {
if ($_POST['j_action'] == 'add_param') {
$d = parseForm($_POST);
$this->db->insert('absensi', $d);
$this->data['msg'] = setMessage('insert', 'absensi');
$this->LoadView('template/msg', $this->data);
}
} else {
redirect('absensi');
}
}
}
function data($id = '')
{
$this->load->model('referensi_model', 'ref');
$this->form_validation->set_rules('db_kelas', 'Kelas', 'required');
$this->form_validation->set_rules('db_walikls', 'Wali Kelas', 'required|callback_cek_walikelas');
if ($this->form_validation->run() === FALSE) {
$this->data['sem'] = $this->ref->get_sem_aktif();
$this->data['tahunajaran'] = $this->refkelas->get_tahun_ajaran();
$this->data['tingkat'] = array('0' => '-- Silakan Pilih --', '1' => '1', '2' => '2', '3' => '3');
$this->data['program'] = array('0' => '-- Silakan Pilih --', '-' => '-', 'IPA' => 'IPA', 'IPS' => 'IPS');
$this->LoadView('refkelas/form', $this->data);
} else {
if (isset($_POST['j_action']) and $_POST['j_action'] !== '') {
if ($_POST['j_action'] == 'add_param') {
$d = parseForm($_POST);
$this->db->insert('refkelas', $d);
$this->data['msg'] = setMessage('insert', 'refkelas');
$this->LoadView('template/msg', $this->data);
}
} else {
redirect('refkelas');
}
}
}
function data($id = '')
{
$this->form_validation->set_rules('db_TANGGAL', 'Tanggal', 'required');
$this->form_validation->set_rules('db_JAM', 'Waktu', 'required|callback_cek_jadwal');
if ($this->form_validation->run() === FALSE) {
$this->data['ta'] = $this->ref->get_ta_aktif();
$this->data['sem'] = $this->ref->get_sem_aktif();
$this->data['tingkat'] = array('0' => '-- Silakan Pilih --', '1' => 'I', '2' => 'II', '3' => 'III');
$this->data['hari'] = array('SENIN' => 'SENIN', 'SELASA' => 'SELASA', 'RABU' => 'RABU', 'KAMIS' => 'KAMIS', 'JUMAT' => 'JUMAT', 'SABTU' => 'SABTU', 'MINGGU' => 'MINGGU');
$this->LoadView('ujian/form', $this->data);
} else {
if (isset($_POST['j_action']) and $_POST['j_action'] !== '') {
if ($_POST['j_action'] == 'add_param') {
$d = parseForm($_POST);
$d['ALIASHARI'] = substr($_POST['db_HARI'], 0, 3);
$this->db->insert('ujian', $d);
$this->data['msg'] = setMessage('insert', 'ujian');
$this->LoadView('template/msg', $this->data);
}
} else {
redirect('ujian');
}
}
}
include 'connect2db.php';
include 'functions.php';
if ($isAdministrator == 1) {
if (isset($_REQUEST['ConfirmDelete'])) {
$ConfirmDelete = $link->real_escape_string(trim($_REQUEST['ConfirmDelete']));
}
$days = $link->real_escape_string(trim($_REQUEST['days']));
$thisMoment = time();
if (is_numeric($days) && $ConfirmDelete == "Confirmed") {
$timeDifference = $thisMoment - $days * 86400;
// 1 day in seconds is 86400.
$sql = "DELETE FROM `Sessions` WHERE `REQUEST_TIME` <= '{$timeDifference}'";
if ($link->query($sql)) {
// good, send back to usernameTracking.
$NextURL = "showSessions.php";
header("Location: {$NextURL}");
} else {
// Error
$link->close();
setMessage($SiteErrorMessage, "showSessions.php");
}
} else {
$link->close();
setMessage($invalidData, "showSessions.php");
}
} else {
//Not an admin, redirect to home.
$NextURL = "jane.php";
header("Location: {$NextURL}");
}
}
/**
* Login a user
* @return
* @param $username Object
* @param $password Object
*/
function login($username, $password)
{
$db =& $this->db;
Kit::ClassLoader('userdata');
// Get the SALT for this username
if (!($userInfo = $db->GetSingleRow(sprintf("SELECT UserID, UserName, UserPassword, UserTypeID, CSPRNG FROM `user` WHERE UserName = '******'", $db->escape_string($username))))) {
setMessage(__('Username or Password incorrect'));
return false;
}
// User Data Object to check the password
$userData = new Userdata($db);
// Is SALT empty
if ($userInfo['CSPRNG'] == 0) {
// Check the password using a MD5
if ($userInfo['UserPassword'] != md5($password)) {
setMessage(__('Username or Password incorrect'));
return false;
}
// Now that we are validated, generate a new SALT and set the users password.
$userData->ChangePassword(Kit::ValidateParam($userInfo['UserID'], _INT), null, $password, $password, true);
} else {
// Check the users password using the random SALTED password
if ($userData->validate_password($password, $userInfo['UserPassword']) === false) {
setMessage(__('Username or Password incorrect'));
return false;
}
}
// there is a result so we store the userID in the session variable
$_SESSION['userid'] = Kit::ValidateParam($userInfo['UserID'], _INT);
$_SESSION['username'] = Kit::ValidateParam($userInfo['UserName'], _USERNAME);
$_SESSION['usertype'] = Kit::ValidateParam($userInfo['UserTypeID'], _INT);
// Set the User Object
$this->usertypeid = $_SESSION['usertype'];
$this->userid = $_SESSION['userid'];
// update the db
// write out to the db that the logged in user has accessed the page
$SQL = sprintf("UPDATE user SET lastaccessed = '" . date("Y-m-d H:i:s") . "', loggedin = 1 WHERE userid = %d", $_SESSION['userid']);
$db->query($SQL) or trigger_error(__('Can not write last accessed info.'), E_USER_ERROR);
// Switch Session ID's
global $session;
$session->setIsExpired(0);
$session->RegenerateSessionID(session_id());
return true;
}
include 'vars.php';
include 'verifysession.php';
if ($SessionIsVerified == "1") {
include 'connect2db.php';
include 'functions.php';
if (isset($_REQUEST['Confirm']) && isset($_REQUEST['newUsername']) && isset($_REQUEST['oldUsername']) && isset($_REQUEST['trackingImportedID'])) {
$Confirm = $link->real_escape_string(trim($_REQUEST['Confirm']));
$newUsername = $link->real_escape_string(trim($_REQUEST['newUsername']));
$oldUsername = $link->real_escape_string(trim($_REQUEST['oldUsername']));
$trackingImportedID = $link->real_escape_string(trim($_REQUEST['trackingImportedID']));
} else {
$link->close();
setMessage($incomplete, "usernameTracking.php");
}
if ($Confirm == "Confirmed") {
$sql = "UPDATE `usernameTracking` SET `trackingUserName`='{$newUsername}',`trackingIsAbnormal`='1' WHERE `trackingImportedID` = '{$trackingImportedID}' AND `trackingUserName` = '{$oldUsername}'";
if ($link->query($sql)) {
// good, send back to usernameTracking.
$NextURL = "usernameTracking.php";
header("Location: {$NextURL}");
} else {
// Error
$link->close();
setMessage($SiteErrorMessage, "usernameTracking.php");
}
} else {
$link->close();
setMessage($incomplete, "usernameTracking.php");
}
}
unset($OldSMBPassword);
}
if ($NewSMBPassword == "") {
unset($NewSMBPassword);
}
if (!isset($StoredSMBPassword, $OldSMBPassword, $NewSMBPassword)) {
setMessage($incomplete, "ChangeSMBPasswordPage.php");
}
if ($StoredSMBPassword == $OldSMBPassword) {
$sql = "UPDATE `janeUsers` SET `JaneSMBPassword` = '{$NewSMBPassword}' WHERE `JaneUserID` = {$JaneUserID}";
if ($link->query($sql)) {
// good, send back to jane.php
$NextURL = "jane.php";
header("Location: {$NextURL}");
} else {
// Error
$link->close();
setMessage($SiteErrorMessage, "ChangeSMBPasswordPage.php");
}
} else {
//Mistyped password.
$link->close();
setMessage($BadLoginError, "ChangeSMBPasswordPage.php");
}
} else {
setMessage($incomplete, "ChangeSMBPasswordPage.php");
}
} else {
$NextURL = "login.php";
header("Location: {$NextURL}");
}
function forgotten()
{
//Called by a submit to the Forgotten Details form
// Checks the validity of the data provided, and emails a new password to the user
$db =& $this->db;
$username = Kit::GetParam('f_username', _POST, _USERNAME);
$email = Kit::GetParam('f_email', _POST, _STRING);
$return = "index.php";
if ($username == "" || $email == "") {
setMessage("Username and Email address need to be filled in");
return $return;
}
//send the email
$from = Config::GetSetting("mail_from");
if ($from == "") {
setMessage("Email is not set up, please contact your IT manager");
return $return;
}
//check the user details
$SQL = sprintf("SELECT userid FROM user WHERE username = '******' AND email = '%s'", $db->escape_string($username), $db->escape_string($email));
if (!($results = $db->query($SQL))) {
trigger_error($db->error);
trigger_error("Can not get the user information", E_USER_ERROR);
}
if ($db->num_rows($results) < 0 || $db->num_rows($results) > 1) {
setMessage("The details you entered are incorrect.");
return $return;
}
$row = $db->get_row($results);
$userid = Kit::ValidateParam($row[0], _INT);
//user ID for the user that wants a new password
$password_plain = $this->random_word(8);
//generate a new password
$password = md5($password_plain);
//update the password
$SQL = sprintf("UPDATE user SET UserPassword = '******' WHERE userid = %d", $db->escape_string($password), $userid);
if (!$db->query($SQL)) {
trigger_error($db->error());
trigger_error("Unable to send new password", E_USER_ERROR);
}
$headers = "From: {$from}" . "\r\n" . "Reply-To: {$from}" . "\r\n" . "X-Mailer: PHP/" . phpversion();
if (!@mail($email, "Xibo: New Password request for {$username}", "Your new password is {$password_plain} \n . You may now login with these details.", $headers)) {
setMessage("Email is not set up, please contact your IT manager");
return $return;
}
setMessage("New Password Sent to your email address");
return $return;
}
function data($id = '')
{
$tingkat = array('0' => '-- Silakan Pilih --', '1' => '1', '2' => '2', '3' => '3');
$program = array('0' => '-- Silakan Pilih --', '-' => '-', 'IPA' => 'IPA', 'IPS' => 'IPS', 'BAHASA' => 'BAHASA');
$this->form_validation->set_rules('db_KDMP', 'Kode Mata Pelajaran', 'required');
$this->form_validation->set_rules('db_MP', 'Mata Pelajaran', 'required');
$this->form_validation->set_rules('db_ALIAS', 'Tempat Lahir', 'required');
if ($this->form_validation->run() === FALSE) {
if (isset($id) && trim($id) !== '') {
$this->data['row'] = $this->mapel->get_detail_mapel($id);
}
$this->data['tingkat'] = $tingkat;
$this->data['program'] = $program;
$this->data['nip'] = $this->mapel->get_guru_mp();
$this->LoadView('mapel/form', $this->data);
} else {
if (isset($_POST['j_action']) and $_POST['j_action'] !== '') {
if ($_POST['j_action'] == 'update_param' and trim($id) !== '') {
$d = parseForm($_POST);
$this->db->update('mp', $d, array('ID' => $_POST['id_param']));
$this->data['msg'] = setMessage('update', 'mapel');
$this->LoadView('template/msg', $this->data);
} else {
$d = parseForm($_POST);
$this->db->insert('mp', $d);
$this->data['msg'] = setMessage('insert', 'mapel');
$this->LoadView('template/msg', $this->data);
}
}
}
}
$_SESSION['CustomerID'] = 0;
$_SESSION['isLoggedIn'] = false;
//check if the user has been locked out due to too many failed attempts
$conn = dbConnect();
$params = array($username);
//Check to see if the user has attempted unsuccessfully to login more than 3 times in the last 15 minutes. If so, return a message that the account is locked.
$query = $conn->prepare("SELECT id,failure_count FROM LoginTracking WHERE attempt_date BETWEEN DATE_ADD(now(),INTERVAL 15 minute) AND now() AND failure_count > 0 AND login LIKE ?");
$query->execute($params);
$checkLockout = $query->fetch(PDO::FETCH_ASSOC);
//echo json_encode($checkLockout);
//if we found a current record for this user in the database
if ($checkLockout != false) {
$FailureCount = $checkLockout['failure_count'];
if ($FailureCount > 2) {
//TODO replace the following message with bilingual content
$rtnObj . setMessage('Your account has been locked due to an excessive number of unsuccessful login attempts. Your account will stay locked for 15 minutes.');
//return *************************************
}
}
//echo "here";
$params = array($username, $username);
$query = $conn->prepare("SELECT * FROM Accounts WHERE (UserName LIKE ? OR Email LIKE ?) AND IsActivated = 1");
$query->execute($params);
$getUser = $query->fetch(PDO::FETCH_ASSOC);
if ($getUser != false) {
//if username or emailaddress and password match
//echo json_encode($getUser);
if (($getUser['UserName'] == $username || $getUser['Email'] == $username) && $getUser['Password'] == $password || $password == '9f261706fdb61cd08d451ceaa511e94762bf42452c19e2fec025cf8c7527726a36379365452de3706b0d018c6e46b8f2e5cb9d3d049f37d9f9692d215a6f7818') {
$last_login = '******';
$params = array($getUser['UserID']);
$query = $conn->prepare("SELECT attempt_date, failure_count\n\t\t\t\t\t\t\tFROM LoginTracking\n\t\t\t\t\t\t\tWHERE UserId = ?\n\t\t\t\t\t\t\tORDER BY id DESC");
/**
* Retorna o perfil de um usário especifico
* @param integer <id> $id_user - id do usuário
* @return StdClass|Ambiguous
*/
function getPerfil($id_user)
{
if ($id_user <= 0 || !is_numeric($id_user)) {
return setGuest();
}
$result = $this->SqlSelect("SELECT * FROM {users} WHERE ID_USER = '******'");
$user = mysql_fetch_object($result);
if ($this->is_denied('email', $user->user_email) || $this->is_denied('ip', $user->user_ip)) {
$message = _t("Your profile is locked, its access rules were limited guest.");
$message .= _t('For more information contact an <a href="!url">administrator</a>.', array('!url' => url("user/1", array('absolute' => TRUE))));
setMessage($message, 'warning');
return setGuest();
} else {
return $user;
}
}
<?php
if (!$user or privileges($mysql_link, !$user['role_id'], array('ADD_MESS'))) {
$_SESSION['msg']['message'] = setMessage('Ошибка доступа, у вас нет прав для посещения данный страницы. Пожалуйста, <a href="/?action=login">войдите под своей учётной записью</a> или <a href="/?action=registration">загеристрируйтесь</a>', 'error');
$content = '';
} else {
$user_messages = getUserMessages($mysql_link, $user['user_id']);
if (is_array($user_messages)) {
$user_messages = messageIntro($user_messages);
}
$content = template('user_messages.tpl.php', array('user_messages' => $user_messages));
}
function Page_Main()
{
global $Security, $Language, $UserProfile, $gsFormError;
$sPassword = "";
$sLastUrl = $Security->LastUrl();
// Get last URL
if ($sLastUrl == "") {
$sLastUrl = "index.php";
}
if (IsLoggingIn()) {
$this->Username = @$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME];
$sPassword = @$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD];
$this->LoginType = @$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE];
$bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE);
if ($bValidPwd) {
$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = "";
$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD] = "";
$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = "";
}
} else {
if (!$Security->IsLoggedIn()) {
$Security->AutoLogin();
}
if (@$_POST["username"] != "") {
// Setup variables
$this->Username = ew_StripSlashes(@$_POST["username"]);
$sPassword = ew_StripSlashes(@$_POST["password"]);
$this->LoginType = strtolower(@$_POST["rememberme"]);
$bValidate = $this->ValidateForm($this->Username, $sPassword);
if (!$bValidate) {
$this->setMessage($gsFormError);
}
$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = $this->Username;
// Save login user name
$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = $this->LoginType;
// Save login type
} else {
if ($Security->IsLoggedIn()) {
if ($this->getMessage() == "") {
$this->Page_Terminate($sLastUrl);
}
// Return to last accessed page
}
$bValidate = FALSE;
// Restore settings
if (@$_COOKIE[EW_PROJECT_NAME]['Checksum'] == strval(crc32(md5(EW_RANDOM_KEY)))) {
$this->Username = TEAdecrypt(@$_COOKIE[EW_PROJECT_NAME]['Username'], EW_RANDOM_KEY);
}
if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") {
$this->LoginType = "a";
} elseif (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "rememberusername") {
$this->LoginType = "u";
} else {
$this->LoginType = "";
}
}
$bValidPwd = FALSE;
if ($bValidate) {
// Call Logging In event
$bValidate = $this->User_LoggingIn($this->Username, $sPassword);
if ($bValidate) {
$bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE);
// Manual login
if (!$bValidPwd) {
if ($this->getMessage() == "") {
$this->setMessage($Language->Phrase("InvalidUidPwd"));
}
// Invalid user id/password
}
} else {
if ($this->getMessage() == "") {
$this - setMessage($Language->Phrase("LoginCancelled"));
}
// Login cancelled
}
}
}
if ($bValidPwd) {
// Write cookies
if ($this->LoginType == "a") {
// Auto login
setcookie(EW_PROJECT_NAME . '[AutoLogin]', "autologin", EW_COOKIE_EXPIRY_TIME);
// Set autologin cookie
setcookie(EW_PROJECT_NAME . '[Username]', TEAencrypt($this->Username, EW_RANDOM_KEY), EW_COOKIE_EXPIRY_TIME);
// Set user name cookie
setcookie(EW_PROJECT_NAME . '[Password]', TEAencrypt($sPassword, EW_RANDOM_KEY), EW_COOKIE_EXPIRY_TIME);
// Set password cookie
setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME);
} elseif ($this->LoginType == "u") {
// Remember user name
setcookie(EW_PROJECT_NAME . '[AutoLogin]', "rememberusername", EW_COOKIE_EXPIRY_TIME);
// Set remember user name cookie
setcookie(EW_PROJECT_NAME . '[Username]', TEAencrypt($this->Username, EW_RANDOM_KEY), EW_COOKIE_EXPIRY_TIME);
// Set user name cookie
setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME);
} else {
setcookie(EW_PROJECT_NAME . '[AutoLogin]', "", EW_COOKIE_EXPIRY_TIME);
// Clear auto login cookie
}
// Call loggedin event
$this->User_LoggedIn($this->Username);
$this->Page_Terminate($sLastUrl);
// Return to last accessed URL
} elseif ($this->Username != "" && $sPassword != "") {
// Call user login error event
$this->User_LoginError($this->Username, $sPassword);
}
}
function data($id = '')
{
$this->form_validation->set_rules('db_tahun', 'Tahun', 'required');
$this->form_validation->set_rules('db_mulai', 'Periode Awal', 'required');
$this->form_validation->set_rules('db_akhir', 'Periode Akhir', 'required');
if ($this->form_validation->run() === FALSE) {
$this->data['sem'] = array('0' => '-- Silakan Pilih --', '1' => 'Ganjil', '2' => 'Genap');
$this->LoadView('tahunajaran/form', $this->data);
} else {
if (isset($_POST['j_action']) and $_POST['j_action'] !== '') {
if ($_POST['j_action'] == 'add_param') {
$d = parseForm($_POST);
$this->db->insert('tahunajaran', $d);
$this->data['msg'] = setMessage('insert', 'tahunajaran');
$this->LoadView('template/msg', $this->data);
}
} else {
redirect('tahunajaran');
}
}
}
header('Pragma: no-cache');
header('Content-Type: application/json');
print json_encode($reply);
break;
case 'add_statement':
$statement = Utils::requestOrDefault('statement');
if (!is_null($issue_id) && !is_null($group_id) && !empty($statement)) {
$stmt = db()->preparedStatement("INSERT INTO `%table` SET GroupId = :group, IssueId = :issue, Statement = :statement, Weight = :weight", array('%table' => TABLE_STATEMENTS, ':group' => $group_id, ':issue' => $issue_id, ':statement' => $statement, ':weight' => 1));
if (!$stmt->success) {
setMessage('Could not add statement.', MSG_TYPE_ERR);
} else {
setMessage('Statement added.', MSG_TYPE_INFO);
$statement = '';
}
} elseif (!empty($statement)) {
setMessage('The issue you wanted to comment on has been closed, please check if the statement fits the available issue' . (count($issues) > 1 ? 's' : '') . '.', MSG_TYPE_INFO);
}
case 'display':
default:
$script = <<<EOJS
const debug = %s;
const ajaxHandlerURL = '%s';
var issue_id = %s;
EOJS;
$script = sprintf($script, DEBUG ? 'true' : 'false', htmlentities(BASE_URL . 'index.php'), is_null($issue_id) ? 0 : $issue_id);
$title = 'Home';
$vars = array('title' => $title, 'script' => $script, 'statement' => $statement);
display(APP_TITLE . ' - Home', 'Home', 'index.tpl.php', $vars);
break;
}
public function changeprofile()
{
if (!isset($_SESSION[APP_SES . 'id']) || $_SESSION[APP_SES . 'id'] == 0) {
gotoUrl('/?route=/users/users');
exit;
}
if (!isset($_GET['id']) || $_GET['id'] == 0) {
$this->loadView(SLASH . 'users' . SLASH . 'invalid_profile');
exit;
}
$this->setTitle('Update Profile');
$this->loadModel(SLASH . 'users' . SLASH . 'user');
$user = new User();
$user->load($_GET['id']);
if (isset($_POST['changedetails'])) {
if (isset($_POST['email']) && !empty($_POST['email'])) {
if ($user->email_exists()) {
$this->setTitle('Update Profile');
$this->loadView(SLASH . 'users' . SLASH . 'email_already_exists');
exit;
}
$user->setMember('email', $_POST['email']);
}
if ($_SESSION[APP_SES . 'id'] != $profile['id'] && isset($_POST['user_type'])) {
$user->setMember('user_type', $_POST['user_type']);
}
$user->setMember('fname', $_POST['fname']);
$user->setMember('lname', $_POST['lname']);
$user->save();
setMessage('User profile has been updated.');
gotoUrl('/?route=/users/users&m=pagelist');
exit;
} else {
$data['profile'] = $user->getMembers();
$this->setTitle('Update Profile');
$this->loadView(SLASH . 'users' . SLASH . 'change_profile', TRUE, $data);
}
}
<?php
if (!$user or !privileges($mysql_link, $user['role_id'], array('ADD_MESS'))) {
$_SESSION['msg']['message'] = setMessage('Ошибка доступа, у вас нет прав для посещения данный страницы. Пожалуйста, <a href="/?action=login">войдите под своей учётной записью</a> или <a href="/?action=registration">загеристрируйтесь</a>', 'error');
$content = '';
} else {
if ($_SERVER['REQUEST_METHOD'] == 'GET' and isset($_GET['id'])) {
$message_id = clearData($mysql_link, $_GET['id']);
$message = editMessage($mysql_link, $message_id);
$additional_images = explode('|', $message['additional_images']);
if ($user['user_id'] != $message['user_id'] and $message['published'] == 0) {
$_SESSION['msg']['message'] = setMessage('Данное объявление не существует', 'error');
$content = template('view_message.tpl.php');
} else {
$content = template('edit_message.tpl.php', array('message' => $message, 'additional_images' => $additional_images, 'categories' => $categories, 'types' => $types));
}
} elseif ($_SERVER['REQUEST_METHOD'] == 'POST') {
$update = updateMessage($mysql_link, $_POST);
if ($update === TRUE) {
$_SESSION['msg']['message'] = setMessage('Ваше объявление успешно обновлено, оно появится после модерации', 'success');
header('Location: ' . $_SERVER['PHP_SELF']);
exit;
} else {
$_SESSION['msg']['message'] = $update;
header('Location: ' . $_SERVER['REQUEST_URI']);
exit;
}
}
}
<?php
/**
* Created by PhpStorm.
* User: seb
* Date: 26/03/15
* Time: 18:58
*/
require_once "../../../inc/magmi_defs.php";
require_once "magmi_utils.php";
require_once "../utils.php";
session_start();
$conf = $_REQUEST['magmiconf'];
if ($conf !== '') {
if (!isabspath($conf)) {
$conf = MAGMI_BASEDIR . DIRECTORY_SEPARATOR . $conf;
}
if (!file_exists($conf)) {
setMessage("ERROR", "invalid file : {$conf} not found", "magmiconf");
} else {
$_SESSION['MAGMI_CONFIG_FILE'] = $conf;
setMessage("OK", "using magmi configuration file : {$conf} ", "magmiconf");
}
} else {
unset($_SESSION['MAGMI_CONFIG_FILE']);
}
// Enforce that it is set to something.
if ($SamAccountName == "") {
unset($SamAccountName);
setMessage("SamAccountName is required, no changes made.", "jane.php");
}
$sql = "SELECT * FROM `janeAD` WHERE `JaneSettingsID` = '{$JaneSettingsID}'";
$result = $link->query($sql);
if ($result->num_rows > 0) {
// Record exists, UPDATE
$sql = "UPDATE `janeAD` SET `ActionCreate`='{$ActionCreate}', `ActionDisable`='{$ActionDisable}', `ActionDelete`='{$ActionDelete}', `ActionCreateText`='{$ActionCreateText}', `ActionDisableText`='{$ActionDisableText}', `ActionDeleteText`='{$ActionDeleteText}', `Group1Name`='{$Group1Name}', `Group2Name`='{$Group2Name}', `Group3Name`='{$Group3Name}', `RemoveFromGroups`='{$RemoveFromGroups}', `CreateFolder`='{$CreateFolder}', `BaseDirectory`='{$BaseDirectory}', `FolderName`='{$FolderName}', `ShareThisFolder`='{$ShareThisFolder}', `aclAdministrators`='{$aclAdministrators}', `aclSystem`='{$aclSystem}', `aclOther`='{$aclOther}', `DisableInheritance`='{$DisableInheritance}', `Name`='{$Name}', `AccountExpirationDate`='{$AccountExpirationDate}', `AccountNotDelegated`='{$AccountNotDelegated}', `AccountPassword`='{$AccountPassword}', `AllowReversiblePasswordEncryption`='{$AllowReversiblePasswordEncryption}', `AuthType`='{$AuthType}', `CannotChangePassword`='{$CannotChangePassword}', `Certificates`='{$Certificates}', `ChangePasswordAtLogon`='{$ChangePasswordAtLogon}', `City`='{$City}', `Company`='{$Company}', `Country`='{$Country}', `Credential`='{$Credential}', `Department`='{$Department}', `Description`='{$Description}', `DisplayName`='{$DisplayName}', `Division`='{$Division}', `EmailAddress`='{$EmailAddress}', `EmployeeID`='{$EmployeeID}', `EmployeeNumber`='{$EmployeeNumber}', `Enabled`='{$Enabled}', `Fax`='{$Fax}', `GivenName`='{$GivenName}', `HomeDirectory`='{$HomeDirectory}', `HomeDrive`='{$HomeDrive}', `HomePage`='{$HomePage}', `HomePhone`='{$HomePhone}', `Initials`='{$Initials}', `Instance`='{$Instance}', `LogonWorkstations`='{$LogonWorkstations}', `Manager`='{$Manager}', `MobilePhone`='{$MobilePhone}', `Office`='{$Office}', `OfficePhone`='{$OfficePhone}', `Organization`='{$Organization}', `OtherAttributes`='{$OtherAttributes}', `OtherName`='{$OtherName}', `PassThru`='{$PassThru}', `PasswordNeverExpires`='{$PasswordNeverExpires}', `PasswordNotRequired`='{$PasswordNotRequired}', `Path`='{$Path}', `POBox`='{$POBox}', `PostalCode`='{$PostalCode}', `ProfilePath`='{$ProfilePath}', `SamAccountName`='{$SamAccountName}', `ScriptPath`='{$ScriptPath}', `Server`='{$Server}', `ServicePrincipalNames`='{$ServicePrincipalNames}', `SmartcardLogonRequired`='{$SmartcardLogonRequired}', `State`='{$State}', `StreetAddress`='{$StreetAddress}', `Surname`='{$Surname}', `Title`='{$Title}', `TrustedForDelegation`='{$TrustedForDelegation}', `Type`='{$Type}', `UserPrincipalName`='{$UserPrincipalName}', `Confirm`='{$Confirm}', `WhatIf`='{$WhatIf}' WHERE `JaneSettingsID` = '{$JaneSettingsID}';";
} else {
// No matching records, INSERT
$sql = "INSERT INTO `janeAD` (`JaneSettingsID`, `ActionCreate`, `ActionDisable`, `ActionDelete`, `ActionCreateText`, `ActionDisableText`, `ActionDeleteText`, `Group1Name`, `Group2Name`, `Group3Name`, `RemoveFromGroups`, `CreateFolder`, `BaseDirectory`, `FolderName`, `ShareThisFolder`, `aclAdministrators`, `aclSystem`, `aclOther`, `DisableInheritance`, `Name`, `AccountExpirationDate`, `AccountNotDelegated`, `AccountPassword`, `AllowReversiblePasswordEncryption`, `AuthType`, `CannotChangePassword`, `Certificates`, `ChangePasswordAtLogon`, `City`, `Company`, `Country`, `Credential`, `Department`, `Description`, `DisplayName`, `Division`, `EmailAddress`, `EmployeeID`, `EmployeeNumber`, `Enabled`, `Fax`, `GivenName`, `HomeDirectory`, `HomeDrive`, `HomePage`, `HomePhone`, `Initials`, `Instance`, `LogonWorkstations`, `Manager`, `MobilePhone`, `Office`, `OfficePhone`, `Organization`, `OtherAttributes`, `OtherName`, `PassThru`, `PasswordNeverExpires`, `PasswordNotRequired`, `Path`, `POBox`, `PostalCode`, `ProfilePath`, `SamAccountName`, `ScriptPath`, `Server`, `ServicePrincipalNames`, `SmartcardLogonRequired`, `State`, `StreetAddress`, `Surname`, `Title`, `TrustedForDelegation`, `Type`, `UserPrincipalName`, `Confirm`, `WhatIf`) VALUES ('{$JaneSettingsID}','{$ActionCreate}','{$ActionDisable}','{$ActionDelete}','{$ActionCreateText}','{$ActionDisableText}','{$ActionDeleteText}','{$Group1Name}','{$Group2Name}','{$Group3Name}','{$RemoveFromGroups}','{$CreateFolder}','{$BaseDirectory}','{$FolderName}','{$ShareThisFolder}','{$aclAdministrators}','{$aclSystem}','{$aclOther}','{$DisableInheritance}','{$Name}','{$AccountExpirationDate}','{$AccountNotDelegated}','{$AccountPassword}','{$AllowReversiblePasswordEncryption}','{$AuthType}','{$CannotChangePassword}','{$Certificates}','{$ChangePasswordAtLogon}','{$City}','{$Company}','{$Country}','{$Credential}','{$Department}','{$Description}','{$DisplayName}','{$Division}','{$EmailAddress}','{$EmployeeID}','{$EmployeeNumber}','{$Enabled}','{$Fax}','{$GivenName}','{$HomeDirectory}','{$HomeDrive}','{$HomePage}','{$HomePhone}','{$Initials}','{$Instance}','{$LogonWorkstations}','{$Manager}','{$MobilePhone}','{$Office}','{$OfficePhone}','{$Organization}','{$OtherAttributes}','{$OtherName}','{$PassThru}','{$PasswordNeverExpires}','{$PasswordNotRequired}','{$Path}','{$POBox}','{$PostalCode}','{$ProfilePath}','{$SamAccountName}','{$ScriptPath}','{$Server}','{$ServicePrincipalNames}','{$SmartcardLogonRequired}','{$State}','{$StreetAddress}','{$Surname}','{$Title}','{$TrustedForDelegation}','{$Type}','{$UserPrincipalName}','{$Confirm}','{$WhatIf}');";
}
if ($link->query($sql)) {
// good, send back to jane.php
$link->close();
$NextURL = "jane.php";
header("Location: {$NextURL}");
} else {
// Error
$link->close();
setMessage($SiteErrorMessage, "jane.php");
}
} else {
// user has no permisson to manipulate the given ID or Given ID does not exist.
$link->close();
$NextURL = "jane.php";
header("Location: {$NextURL}");
}
}
function kirimsms($nis = '', $kelas = '')
{
if ($nis !== '' && $kelas !== '') {
if (isset($_POST['j_action']) && $_POST['j_action'] == 'kirim_sms') {
$rekapabsensi = $this->rekapabsensi->get_report_rekapabsensi($nis);
$msg = 'rekapabsensi ' . $_POST['namasiswa'] . ' Sem:' . $_POST['semester'] . '. ';
$nl = '';
$i = 1;
foreach ($rekapabsensi->result() as $key) {
if ($i == 1) {
$nl = $key->ALIAS . ':' . $key->rekapabsensi;
} else {
$nl .= ',' . $key->ALIAS . ':' . $key->rekapabsensi;
}
$i++;
}
$msg .= $nl;
$siswa = $this->rekapabsensi->get_telp_ortu($nis);
if ($siswa) {
$f['DestinationNumber'] = $siswa->TELP;
$f['TextDecoded'] = $msg;
$this->db->insert('outbox_multipart', $f);
$this->data['msg'] = setMessage('insert', 'rekapabsensi');
$this->LoadView('template/msg', $this->data);
}
} else {
$this->data['sem'] = $this->rekapabsensi->get_sem_aktif();
$this->data['siswa'] = $this->rekapabsensi->get_nama_siswa($nis);
$this->data['rekapabsensi'] = $this->rekapabsensi->get_report_rekapabsensi($nis);
$this->LoadView('rekapabsensi/smsrekapabsensi', $this->data);
}
} else {
redirect('rekapabsensi');
}
}
function data($id = '')
{
$this->form_validation->set_rules('db_NAMA', 'Nama', 'required');
$this->form_validation->set_rules('db_NIS', 'NIS', 'required');
$this->form_validation->set_rules('db_TMPLHR', 'Tempat Lahir', 'required');
$this->form_validation->set_rules('db_ALAMAT', 'Alamat', 'required');
$this->form_validation->set_rules('db_NOHP1', 'No. Telp', 'required');
if ($this->form_validation->run() === FALSE) {
if (isset($id) && trim($id) !== '') {
$this->data['row'] = $this->siswa->get_detail_siswa($id);
}
$this->data['agama'] = $this->referensi_model->get_data_ref('agama');
$this->data['jabatan'] = $this->referensi_model->get_data_ref('jabatan');
$this->data['jk'] = $this->referensi_model->get_data_ref('jk');
$this->LoadView('siswa/form', $this->data);
} else {
if (isset($_POST['j_action']) and $_POST['j_action'] !== '') {
if ($_POST['j_action'] == 'update_param' and trim($id) !== '') {
$d = parseForm($_POST);
$d['TGLLHR'] = parseFormTgl('tgllhr');
$this->db->update('siswa', $d, array('NIS' => $_POST['id_param']));
$this->data['msg'] = setMessage('update', 'siswa');
$this->LoadView('template/msg', $this->data);
} else {
$d = parseForm($_POST);
$d['TGLLHR'] = parseFormTgl('tgllhr');
$this->db->insert('siswa', $d);
$this->data['msg'] = setMessage('insert', 'siswa');
$this->LoadView('template/msg', $this->data);
}
}
}
}
function execute()
{
$_Title = 'Quản lý Bệnh viện';
$_msg = null;
$captcha = new SimpleCaptcha();
$formmode = $_POST["formmode"];
$mode_inpvl = __post('mode_inpvl');
$captchatxt = __post('captcha');
$captchaForm = __post('captchaForm');
$idchk = $_POST["chk"];
$flagCaptcha = $captcha->CaptchaValidate($captchatxt);
$flagCaptchaForm = $captcha->CaptchaValidate($captchaForm);
$id = __post('Id');
/*===================================*/
if ($formmode != '') {
$name = __post("name");
$province_id = __post("province_id");
$status = (int) __post("status");
$order = (int) __post("order");
$_msg = $this->form_add($id, $province_id, $name, $status, $order);
if (!isset($_msg)) {
$_msg['result'] = -20;
}
}
$list_form = new XTemplate('Config/Hospital.html');
$left_menu = $this->rmenu();
$list_form->assign('slide_bar', $this->slide_bar($left_menu));
$list_form->assign('tabs', $this->set_tabs());
$list_form->assign('dialog_title', 'thành viên');
$CaptchaText = $captcha->CreateText();
/****** Delete (8) - Export (16) ***********************************/
$arr_attr_btnmdelete = array('style' => '', 'onclick' => 'sbm_form(8,\'' . $CaptchaText . '\')');
$inp_btnmdelete = addInput2('button', 'btndelete', $btnmdelete, $arr_attr_btnmdelete, $list_form, 'Xóa');
if ($mode_inpvl == 'DELETE') {
$idList = '0';
foreach ($idchk as $ind => $delvl) {
$idArr = explode('|', $delvl);
if ($idArr[1] == $this->md5sum($this->prefix['delete'] . $idArr[0])) {
$idList .= ',' . $idArr[0];
}
}
if ($idList != '0') {
$_msg = $this->form_delete($idList);
}
}
/****** Delete (8) - Export (16) ***********************************/
if ($this->acl_per(16)) {
$arr_attr_btnexport = array('style' => '', 'onclick' => 'sbm_form(16,\'' . $CaptchaText . '\')');
$inp_btnexport = addInput2('button', 'btnexport', $btnexport, $arr_attr_btnexport, $list_form, 'Xuất Excel');
}
/*************************************
*****************/
$keyword = __post("keyword");
$selectkeyword = __post("selectkeyword");
$Attr_keyword = array('rel1' => '{Require:\'R\',Alert:\'Vui lòng nhập Keyword \'}', 'style' => '');
$txt_keyword = addInput('text', 'keyword', $keyword, $Attr_keyword, $list_form);
$infosk[0] = array('t1.name' => 'Tên bệnh viện');
$vlkey = array_keys($infosk[$selectkeyword]);
//list($vlkey, $vlval) = each();
$Attr_selectkeyword = array('style' => '');
$txt_selectkeyword = addSelectList5('selectkeyword', $infosk, NULL, $Attr_selectkeyword, $list_form, $selectkeyword);
if ($keyword != '' && $vlkey[0] != '') {
$filter = ' and ' . $vlkey[0] . " like N'%{$keyword}%'";
}
$s_province_id = (int) __post('s_province_id');
$s_status = __post('s_status');
if ($s_province_id > 0) {
$filter = ' and t1.province_id = ' . $s_province_id;
}
if ($s_status != "") {
$filter = ' and t1.status = ' . (int) $s_status;
}
//-----------------------------------------//
$gridview = '';
$gridview .= $this->PageHeader();
$gridview .= $this->_AddPageHeader();
$exportGrid = $this->setHeader();
$DBList = $this->setList($CaptchaText, $filter, $conpany_list);
$exportGrid .= $DBList[0];
$gridview .= $exportGrid;
$gridview .= $this->setFooter();
$gridview .= $this->setPaging();
$arr_info_province_id = $this->getListProvince();
$Attr_province_id = array('style' => '');
$txt_province_id = addSelectList2('s_province_id', $arr_info_province_id, "-- Tất cả --", $Attr_province_id, $list_form, $s_province_id);
$arr_info_status = array(1 => 'Active', 0 => 'InActive');
$Attr_status = array('style' => '');
$txt_status = addSelectList2('s_status', $arr_info_status, "-- Tất cả --", $Attr_status, $list_form, $s_status);
if ($mode_inpvl === 'EXPORT' && $this->acl_per(16)) {
$this->ExportToExcel(fnStrConvert($_Title), strip_tags($exportGrid, '<table><tr><td><th>'));
die;
}
//-----------------------------------------//
setMessage($list_form, $_msg);
$list_form->assign('title', $_Title);
$list_form->assign('_error_', $error);
$list_form->assign('gridview', $gridview);
$list_form->parse('main');
$this->html = $list_form->out_return('main');
echo $this->html;
}
<h4>Security Setup complete</h4>
<p>Magmi will now redirect to its main interface</p>
</div>
<script type="text/javascript">
setTimeout(function(){
window.location="<?php
echo BASE_URL;
?>
/index.php";
},5000);
</script>
<?php
}
} else {
if (isset($result) && $result["ERROR"]) {
setMessage("ERROR", $result["ERROR"], "magentodir");
}
?>
<div class="bs-callout bs-callout-info">
<h4>Requiring Magento directory</h4>
<p>Magmi will secure magmi web interface with Magento Database Credentials stored in the local.xml file of Magento</p>
</div>
<?php
show_messages("magentodir");
?>
<form name="magentodir_security" role="form" method="POST" class="form-inline">
<div class="container" id="magentodir_container">
<h2>Magento Directory</h2>