function check_username_password($username, $password, &$ret_token) { $ret = null; $mysqli = mysqli_new(); $sql = "select * from manager where name='root' and password='******'"; $sql = "select * from users where username='******'and password='******'"; $result = mysqli_obj_query($mysqli, $sql); if (is_null($result) || 1 != $result->num_rows) { $ret = "username or password was not right"; } else { require_once "./session.php"; update_session($username); while ($row = mysqli_fetch_assoc($result)) { //echo json_encode($row); $token = md5(uniqid(rand())); $ret_token = $token; $sql = "INSERT INTO `loginStatus`(`username`, `token`) VALUES ('{$username}', '{$token}')"; $result = mysqli_obj_query($mysqli, $sql); $ret = "ok"; break; } } /* free result set */ //$result->free(); $mysqli->close(); return $ret; }
$serversession = 1; $cookiesession = 1; } $isavisitor = true; // department if (empty($UNTRUSTED['department'])) { $department = 0; } else { $department = intval($UNTRUSTED['department']); } // username: if (empty($UNTRUSTED['username']) && !empty($_COOKIE['username'])) { $UNTRUSTED['username'] = $_COOKIE['username']; } $identity = identity($UNTRUSTED['cslhVISITOR'], "cslhVISITOR", $allow_ip_host_sessions, $serversession, $cookiesession, $ghost_session); update_session($identity, $ghost_session); $querystringadd = "&cslheg=1"; if (!$allow_ip_host_sessions) { $querystringadd .= "&allow_ip_host_sessions=0"; } if ($serversession == 1) { $querystringadd .= "&serversession=1"; } else { $querystringadd .= "&serversession=0"; } if (!empty($relative)) { $querystringadd .= "&relative=Y"; } if (!empty($username)) { $querystringadd .= "&username=" . $username; }
function handle_login() { $request = Flight::request(); //login/?gw_address=%s&gw_port=%d&gw_id=%s&url=%s // If we get called without the gateway parameters, then we better // have these in the session already. // Initialize or update session parameters update_session($request); // If we have no session parameters now, we never had them if (!is_session_valid()) { Flight::error(new Exception('Gateway parameters not set in login handler!')); } render_boilerplate(); fblogin(); }
check_form($_POST, &$error_array, array("SessionID")); if (count($error_array) == 0) { $session = new Session(); $session->SessionID = $_POST["SessionID"]; $session->SessionName = $_POST["SessionName"]; $session->TrackID = $_POST["TrackID"]; if (array_key_exists("SessionTrackID", $_POST)) { $session->SessionTrackID = $_POST["SessionTrackID"]; } $session->PresentationTypeID = $_POST["PresentationTypeID"]; $session->StartTime = sprintf("%s %02d:%02d:00", $_POST["StartDate"], $_POST["StartHour"] % 12 + ($_POST["StartMeridiem"] == "pm" ? 12 : 0), $_POST["StartMinute"]); $session->EndTime = sprintf("%s %02d:%02d:00", $_POST["EndDate"], $_POST["EndHour"] % 12 + ($_POST["EndMeridiem"] == "pm" ? 12 : 0), $_POST["EndMinute"]); $session->RoomID = $_POST["RoomID"]; $session->ChairID = $_POST["ChairID"]; if ($_POST["SessionID"] && !$_GET["duplicate"]) { $result = update_session($session); } else { $session->SessionID = 0; $result = add_session($session); } $url = "Location: sessions.php"; header($url); } } $vars = array(); if ($sessionID) { $session = get_session_info($sessionID); $vars["SessionID"] = $session->SessionID; $vars["SessionName"] = $session->SessionName; $vars["TrackID"] = $session->TrackID; $vars["SessionTrackID"] = $session->SessionTrackID;
$file_tmp = $_FILES['image']['tmp_name']; $file_type = $_FILES['image']['type']; $file_ext = strtolower(end(explode('.', $_FILES['image']['name']))); $expensions = array("jpeg", "jpg", "png"); if (in_array($file_ext, $expensions) === false) { $errors[] = "extension not allowed, please choose a JPEG or PNG file."; } if ($file_size > 2097152) { $errors[] = 'File size must be excately 2 MB'; } if (empty($errors) == true) { $my_string = rand_string(6); $my_string = $my_string . "-" . $file_name; move_uploaded_file($file_tmp, "img/" . $my_string); $result = update_avatar($my_string); update_session(); if ($result) { echo "<div class='alert alert-block alert-success fade in'>Upload thành công.</div>"; header('location:admin.php?option=profile'); } else { echo "<div class='alert alert-block alert-danger fade in'>Không cập nhật được ảnh đại diện.</div>"; } } else { print_r("<div class='alert alert-block alert-danger fade in'>" . $errors . "</div>"); } } ?> <div class="row"> <div class="col-lg-12"> <h3 class="page-header"><i class="fa fa-users"></i> THÔNG TIN CÁ NHÂN</h3>
function do_acct_status($status) { $do_admin_acct = false; // Change to 'true', if desired if (get_device() || $do_admin_acct) { switch ($status) { case 'update': update_session(); break; case 'start': start_session(); break; case 'stop': stop_session(); break; case 'auth': auth_session(); break; } } }
if ($private_chat && !empty($user->data['user_private_chat_alert'])) { $sql = "UPDATE " . USERS_TABLE . " SET user_private_chat_alert = '' WHERE user_id = " . $user->data['user_id']; $db->sql_return_on_error(true); $db->sql_query($sql); $db->sql_return_on_error(false); } // JHL this is in the wrong place - we might need to send this information back to the Ajax caller - END // Code for getting data if ($action == 'read') { // Stop guest from reading the shoutbox if they aren't allowed if ($config['shout_allow_guest'] == 0 && !$user->data['session_logged_in']) { pseudo_die(AJAX_SHOUTBOX_NO_ERROR, $lang['Shoutbox_no_auth']); } // Always update the session on a read, when in chat - even if data is not asked for $update_mode = request_var('update_mode', 'archive'); update_session($error_msg, $update_mode == 'chat'); if ($error_msg != '') { pseudo_die(AJAX_SHOUTBOX_ERROR, $error_msg); } // Guest are reconized by their IP $guest_sql = ''; $is_guest = false; if (!$user->data['session_logged_in']) { $is_guest = true; $guest_sql = " AND session_ip = '" . $db->sql_escape($user->ip) . "'"; } // Update session data and online list - only get session data if the user was online $config['ajax_chat_session_refresh'] seconds ago $time_ago = time() - (int) $config['ajax_chat_session_refresh']; // Read session data for update $sql = "SELECT u.user_id, u.username, u.user_active, u.user_color, u.user_level\n\t\tFROM " . AJAX_SHOUTBOX_SESSIONS_TABLE . " s, " . USERS_TABLE . " u\n\t\tWHERE s.session_time >= " . $time_ago . "\n\t\t\tAND s.session_user_id = u.user_id" . $guest_sql . "\n\t\tORDER BY case u.user_level when 0 then 10 else u.user_level end"; $result = $db->sql_query($sql);
<?php /* session.ses.php Copyright (C) 2003 Alberto Alcocer Medina-Mora root@b3co.com This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ include BADGER_ROOT . "/core/SessionManager/config.ses.php"; if (isset($_COOKIE['badger_sess']) && $_COOKIE['badger_sess'] != "") { $sess = update_session(); } else { $sess = new_session(); } $_session = get_session_vars($sess);
<?php /*********************************************** DAVE PHP API https://github.com/evantahler/PHP-DAVE-API Evan Tahler | 2011 I am an example function to view a user. If "this" user is viewing (indicated by propper password hash along with another key, all data is shown), otherwise, just basic info is returned. I contain example useage of the session functions ***********************************************/ if ($ERROR == 100) { $AuthResp = AuthenticateUser(); if ($AuthResp[0] !== true) { $ERROR = $AuthResp[1]; $OUTPUT['LOGIN'] = "******"; } else { $ReturnedUser = $AuthResp[1]; $OUTPUT['LOGIN'] = "******"; $OUTPUT['SessionKey'] = create_session(); $SessionData = array(); $SessionData["login_time"] = time(); $userData = $ReturnedUser; foreach ($userData as $k => $v) { $SessionData[$k] = $v; } update_session($OUTPUT['SessionKey'], $SessionData); $OUTPUT['SESSION'] = get_session_data($OUTPUT['SessionKey']); } }
showimage($filepath, "image/gif"); exit; } //---------------------------------------------------------------- if ($UNTRUSTED['what'] == "browse") { if (!$serversession) { $mydatabase->close_connect(); } $filepath = "images/browse.gif"; showimage($filepath, "image/gif"); exit; } // userstat: return the control image for this user. //---------------------------------------------------------------- if ($UNTRUSTED['what'] == "userstat") { update_session($identity); $query = "SELECT * FROM livehelp_users WHERE sessionid='" . $identity['SESSIONID'] . "'"; $data = $mydatabase->query($query); $visitor = $data->fetchRow(DB_FETCHMODE_ASSOC); // now.. $rightnow = date("YmdHis"); // update the visitors tracks. // see if we already have the page they are on. if (empty($pageid)) { $pageid = 1; } // update their last action to now.. $query = "UPDATE livehelp_users set lastaction='{$rightnow}' WHERE sessionid='" . $identity['SESSIONID'] . "'"; $mydatabase->query($query); // see if the operator wants anything with them: // status = R means request Chat..