コード例 #1
0
ファイル: login.php プロジェクト: shifter/ospap 
header('Pragma: no-cache');
require 'shared.php';
if (isset($_GET['action'])) {
    $action = $_GET['action'];
}
if (isset($action) && $action == "logout") {
    logout();
    show_message_redirect_back("Logged out");
} else {
    $username = mysql_escape_string(htmlentities(trim($_POST['username'])));
    $password = $_POST['password'];
    $info = check_login($username, $password);
    if (!$info) {
        show_error_redirect_back("Login failed");
    } else {
        show_message_redirect_back("Logged in");
    }
}
# Functions
# NOTE: USERNAME HAS TO BE SANITIZED BEFORE ENTERING!
function check_login($username, $password, $remember = true)
{
    $db = get_db_read();
    # Get the salt and check if the user exists at the same time
    $result = try_mysql_query("SELECT salt FROM users WHERE username = '******'", $db);
    if (mysql_num_rows($result) != 1) {
        return null;
    }
    $row = mysql_fetch_assoc($result);
    $salt = $row['salt'];
    mysql_free_result($result);
コード例 #2
0
ファイル: create_category.php プロジェクト: shifter/ospap 
#
header('Pragma: no-cache');
require_once 'shared.php';
# Make a connection to the database
$db_read = get_db_read();
$db_write = get_db_write();
if (!$me) {
    redirect("index.php");
}
if (isset($_POST['category']) == false) {
    redirect("index.php");
}
$category = mysql_escape_string(htmlentities(trim($_POST['category'])));
$private = isset($_POST['private']) ? '1' : '0';
if (validate_category($category) == false) {
    show_error_redirect_back("Please enter a valid category name (between 3 and {$max_length_category} characters)");
}
$result = try_mysql_query("SELECT * FROM categories WHERE name = '{$category}' AND user_id = '" . $me['user_id'] . "'", $db_read);
if (mysql_num_rows($result) > 0) {
    show_error_redirect_back('Error: you already have a category with that name!');
}
try_mysql_query("INSERT INTO categories (user_id, name, private, date_created, last_updated, last_updated_public) VALUES (" . $me['user_id'] . ", '{$category}', '{$private}', NOW(), 0, 0)", $db_write);
$category_id = mysql_insert_id($db_write);
try_mysql_query("UPDATE users SET last_category='{$category_id}' WHERE user_id='" . $me['user_id'] . "'", $db_write);
show_message_redirect_back("Category successfully created!");
?>
コード例 #3
0
ファイル: admin.php プロジェクト: shifter/ospap 
if ($action == 'authorize') {
    if (isset($user_id) == false) {
        show_error_redirect_back('No user_id specified');
    }
    try_mysql_query("UPDATE users SET authorized='1' WHERE user_id='{$user_id}'", $db_write);
    show_message_redirect_back("User successfully authorized.");
} else {
    if ($action == 'promote') {
        if (isset($user_id) == false) {
            show_error_redirect_back('No user_id specified');
        }
        try_mysql_query("UPDATE users SET admin='1' WHERE user_id='{$user_id}'", $db_write);
        show_message_redirect_back("User successfully granted admin privilidges");
    } else {
        if ($action == 'demote') {
            if (isset($user_id) == false) {
                show_error_redirect_back('No user_id specified');
            }
            try_mysql_query("UPDATE users SET admin='0' WHERE user_id='{$user_id}'", $db_write);
            show_message_redirect_back("User successfully revoked admin privilidges");
        } else {
            show_error_redirect_back("Unknown action");
        }
    }
}
?>
コード例 #4
0
ファイル: create_account.php プロジェクト: shifter/ospap 
    show_error_redirect_back("Please enter a username made up of 3 - 14 alpha-numeric characters");
}
if (validate_password($password) == false) {
    show_error_redirect_back("Please enter a password that is at least 6 characters (it's for your own protection!)");
}
if (validate_email($email) == false) {
    show_error_redirect_back("Please enter a valid email address");
}
# Check if the username is being used
$result = try_mysql_query("SELECT * FROM users WHERE username='******'", $db_read);
if (mysql_num_rows($result) > 0) {
    show_error_redirect_back("Sorry, that username is already in use.");
}
mysql_free_result($result);
# Check if the email address is already used
$result = try_mysql_query("SELECT * FROM users WHERE email='" . $email . "'", $db_read);
if (mysql_num_rows($result) > 0) {
    show_error_redirect_back("Sorry, that email address is already in use.");
}
mysql_free_result($result);
# Generate the salt and hash the password
$salt = generate_salt();
$hashed_password = hash_password($password, $salt);
try_mysql_query("INSERT INTO users (username, password, salt, email, date_registered, authorized, admin, last_updated, last_updated_public, notify_comments, notify_pictures) VALUES ('{$username}', '{$hashed_password}', '{$salt}', '{$email}', NOW(), '{$require_authorization}', '{$admin}', '0', '0', '{$notify_comments}', '{$notify_pictures}')", $db_write);
show_message_redirect_back("Account created! Please log in.");
?>