} else { return NULL; } } function respond($status, $SESSIONID, $USERNAME, $EXIT = false) { echo "<?xml version='1.0' encoding='UTF-8'?><SESSION><STATUS>{$status}</STATUS><SESSIONID>{$SESSIONID}</SESSIONID><USERNAME>{$USERNAME}</USERNAME></SESSION>"; if ($EXIT == true) { exit; } } // MAIN if (count($_POST) > 0 or count($_GET) > 0) { # // VALIDATE INPUTS $USERNAME = _INPUT("USERNAME"); if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) { respond("BADUSER", '', '', true); } // CONNECT TO THE DATABASE $mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge'); // CHECK CONNECTION if (mysqli_connect_errno()) { respond("Connect failed: %s\n", mysqli_connect_error(), '', '', true); } // CHECK STATUS IS RESET $stmt = $mysqli->prepare("SELECT tmp, status FROM users WHERE usr = ?"); $stmt->bind_param('s', $USERNAME); // EXECUTE AND GET RESULTS $stmt->execute(); $stmt->bind_result($tmp, $stat);
// IMPORT PHP LIBRARIES include_once '/srv/www/php-lib/cge_std_tools.php'; // Including CGE_std clases and functions //////////////////////// MAIN ///////////////////////// if (count($_POST) + count($_GET) > 0 and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) { // VALIDATE SESSION $SESSIONID = $_SESSION['SESSIONID']; $USERNAME = $_SESSION['USERNAME']; if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) { respond("BADUSER", '', true); } if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) { respond("BADSESSION", '', true); } // VALIDATE INPUTS $sid = _INPUT("SID"); if ($sid == '' or $sid == null) { respond("NOSID", '', true); } if (preg_match("/[^0-9]/", $sid)) { respond("BADSID", array('VALUE' => $sid), true); } // CONNECT TO THE DATABASE $mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge'); // CHECK CONNECTION if (mysqli_connect_errno()) { respond("MYSQLERROR", array('MESSAGE' => "Connect failed: %s\n", mysqli_connect_error()), true); } // VALIDATE USER AND EXTRACT UID => $status = ACCEPTED or NOUSER or INVALIDSESSION list($status, $uid) = ValidateUser($mysqli, $USERNAME, $SESSIONID); // VERIFY SERVICE ACCESS PERMISSIONS => $status = ACCEPTED or NOACCESS or NOSERVICE
} } // MAIN if ((count($_POST) > 0 or count($_GET) > 0) and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) { # count($_POST)>0 or count($_GET)>0 // VALIDATE SESSION $SESSIONID = $_SESSION['SESSIONID']; $USERNAME = $_SESSION['USERNAME']; if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) { respond("BADUSER", '', true); } if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) { respond("BADSESSION", '', true); } // VALIDATE INPUTS $SID = _INPUT("SID"); if (preg_match("/[^0-9]/", $SID)) { respond("BADID", '', true); } if ($SID == '') { respond("NOID", '', true); } // CONNECT TO THE DATABASE $mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge'); // CHECK CONNECTION if (mysqli_connect_errno()) { respond("Connect failed: %s\n", mysqli_connect_error(), '', true); } // CHECK USERNAME, SESSIONID AND ISOLATE $stmt = $mysqli->prepare("SELECT u.id, u.session_id, i.isolate_path, s.folder \n FROM users u \n INNER JOIN isolates i ON i.owner = u.id \n INNER JOIN services s ON s.isolate_id = i.id \n WHERE u.usr = ?\n AND s.id = ?\n ;"); $stmt->bind_param('ss', $USERNAME, $SID);
<?php $album_cat = _INPUT("sac", ""); ?> <div id="lightbox"> <div id="lightboxPhoto"> </div> <div id="lightboxCaption"> (Click image to close) </div> </div> <div class="sc_album_cat"> <?php $current_album = album_categories_list($album_cat); ?> </div> <div class="sc_album_content"> <?php album_content($current_album); ?> </div>
respond('NODATA', ''); } } else { // RESPOND WITH REJECTION respond($status, '', ''); } //CLOSING DATABASE $mysqli->close(); } else { // VALIDATE INPUTS $filename = _INPUT('FILENAME'); $iid = _INPUT('IID'); $date = _INPUT('DATE'); $sid = _INPUT('SID'); $service = _INPUT('SERVICE'); $version = _INPUT('VERSION'); if ($filename == '') { respond("NOFILENAME", '', true); } if ($iid == '') { respond("NOIID", '', true); } if ($date == '') { respond("NODATE", '', true); } if ($sid == '') { respond("NOSID", '', true); } if ($service == '') { respond("NOSERVICE", '', true); }
//"run$rid" } elseif ($pm_id) { $isolate['runs'][$rid]['servicedata']['pm_id'] = $pm_id; } elseif ($rf_id) { $isolate['runs'][$rid]['servicedata']['rf_id'] = $rf_id; } return $isolate; } } // MAIN if (count($_POST) > 0) { # or count($_GET)>0 // There is inputs // GET INPUTS $USERNAME = _INPUT('USERNAME'); $SESSIONID = _INPUT('SESSIONID'); $ACTION = _INPUT('ACTION'); // Checking if username is invalid if (preg_match("/[^A-Za-z0-9\\,\\_\\-\\.\\@]/", $USERNAME) or strlen($USERNAME) < 2) { respond('BADUSER', ''); } // Checking if session id is invalid if (preg_match("/[^A-Za-z0-9]/", $SESSIONID) or strlen($SESSIONID) < 40) { respond('BADSESSIONID', ''); } // Checking if action is invalid if (preg_match("/[^a-z]/", $ACTION) or strlen($ACTION) != 3) { respond('BADACTION', ''); } // CONNECT TO THE DATABASE $mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge'); // CHECK CONNECTION
<?php $blog_page = _INPUT("bp", "front"); $blog_list_offset = _INPUT("o", 0); /* if($blog_page === "front") { blog_front_page(); } else { blog_post($blog_page); } */ switch ($blog_page) { case "front": blog_front_page(); break; case "archive": $archive_year = _INPUT("ayr", ""); $archive_month = _INPUT("amo", ""); if ($archive_month === "" || $archive_year === "") { blog_archives_list(); //switch to archive front } else { blog_archive($archive_year, $archive_month); } break; default: blog_post($blog_page); break; }
$name = _INPUT('NAME'); $note = _INPUT('NOTE'); $mdate = _INPUT('MDATE'); $technology = _INPUT('TECHNOLOGY'); $ipublic = _INPUT('IPUBLIC'); $country = _INPUT('COUNTRY'); $region = _INPUT('REGION'); $city = _INPUT('CITY'); $zip = _INPUT('ZIP'); $lon = _INPUT('LON'); $lat = _INPUT('LAT'); $lnote = _INPUT('LOCNOTE'); $origin = _INPUT('ORIGIN'); $onote = _INPUT('ONOTE'); $pathogenicity = _INPUT('PATHOGENICITY'); $pnote = _INPUT('PNOTE'); if ($iid == '' or $iid == null) { respond("NOIID", '', true); } if ($country == '' or $country == null) { respond("NOCOUNTRY", '', true); } if (preg_match("/[^0-9]/", $iid)) { respond("BADIID", array('VALUE' => $iid), true); } if (preg_match("/[^0-9\\.]/", $lon)) { respond("BADLON", array('VALUE' => $lon), true); } if (preg_match("/[^0-9\\.]/", $lat)) { respond("BADLAT", array('VALUE' => $lat), true); }
} } // MAIN if (count($_POST) > 0 and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) { # count($_POST)>0 or count($_GET)>0 // VALIDATE SESSION $SESSIONID = $_SESSION['SESSIONID']; $USERNAME = $_SESSION['USERNAME']; if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) { respond("BADUSER", '', true); } if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) { respond("BADSESSION", '', true); } // VALIDATE INPUTS $IID = _INPUT("IID"); if (preg_match("/[^0-9]/", $IID)) { respond("BADID", '', true); } if ($IID == '') { respond("NOID", '', true); } // CONNECT TO THE DATABASE $mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge'); // CHECK CONNECTION if (mysqli_connect_errno()) { respond("Connect failed: %s\n", mysqli_connect_error(), '', true); } // CHECK USERNAME, SESSIONID AND ISOLATE $stmt = $mysqli->prepare("SELECT u.id, u.session_id, i.public, i.isolate_path\n FROM isolates i\n INNER JOIN users u ON u.id = i.owner\n WHERE u.usr = ?\n AND i.id = ?\n ;"); $stmt->bind_param('ss', $USERNAME, $IID);
respond("NORESULTS", $msg, true); } } //////////////////////// MAIN //////////////////////// // CHECK FOR CORRECT INPUTS if (isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) { // VALIDATE SESSION $SESSIONID = $_SESSION['SESSIONID']; $USERNAME = $_SESSION['USERNAME']; if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) { respond("BADUSER", '', true, true, true); } if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) { respond("BADSESSION", '', true, true, true); } if (_INPUT('view') == 'resistance') { $view = 'resistance'; } else { $view = ''; } // CONNECT TO THE DATABASE $mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge'); // CHECK CONNECTION if (mysqli_connect_errno()) { respond("MYSQLERROR", array('MESSAGE' => "Connect failed: %s\n", mysqli_connect_error()), true, true, true); } // VALIDATE USER AND EXTRACT UID => $status = ACCEPTED or NOUSER or INVALIDSESSION list($status, $uid) = ValidateUser($mysqli, $USERNAME, $SESSIONID); // CLOSING CONNECTION $mysqli->close(); // Extract Result data
} } // MAIN if (count($_POST) > 0 and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) { #+count($_GET) // VALIDATE SESSION $USERNAME = $_SESSION['USERNAME']; $SESSIONID = $_SESSION['SESSIONID']; if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) { respond("BADUSER", '', '', true); } if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) { respond("BADSESSION", '', '', true); } // VALIDATE INPUTS $IID = _INPUT('ISOLATEID'); if (preg_match("/[^0-9]/", $IID)) { respond("BADISOLATE", '', '', true); } // CONNECT TO THE DATABASE $mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge'); // CHECK CONNECTION if (mysqli_connect_errno()) { respond("Connect failed: %s\n", mysqli_connect_error(), '', '', true); } // CHECK USERNAME AND SESSIONID $stmt = $mysqli->prepare("SELECT id, session_id FROM users WHERE usr = ?"); $stmt->bind_param('s', $USERNAME); // EXECUTE AND GET RESULTS $stmt->execute(); $stmt->bind_result($uid, $sid);
ini_set('display_errors', 1); error_reporting(E_ALL); require_once "./system/phpfastcache.php"; include './system/parsedown.php'; include './system/ParsedownExtra.php'; include './system/settings.php'; $fastCache = phpFastCache(); if ($clear_all_caches) { $fastCache->clean(); } $cache_time = 3600 * 24 * $cache_time_days; // Cache time is in seconds. $enabled_plugins = array(); $enabled_stylesheets = array(); $enabled_scripts = array(); $current_page = _INPUT('p', 'index'); $registered_pages = array('Home' => sculpt_page_url('index')); $registered_processors = array('system' => ''); include './extras/plugins/enabled.php'; function sculpt_system($arg) { if (isset($arg)) { switch ($arg) { case "path": return "./system/"; break; case "content_path": return "./content/"; break; case "default_look": return "appearance/armature/main.php";
include_once '/srv/www/php-lib/cge_std_tools.php'; // Including CGE_std clases and functions //////////////////////// MAIN ///////////////////////// if (count($_POST) + count($_GET) > 0 and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) { // VALIDATE SESSION $SESSIONID = $_SESSION['SESSIONID']; $USERNAME = $_SESSION['USERNAME']; if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) { respond("BADUSER", '', true, true, true); } if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) { respond("BADSESSION", '', true, true, true); } // VALIDATE INPUTS $iid = _INPUT('IID'); $sid = _INPUT('SID'); if (preg_match("/[^0-9]/", $iid)) { respond("BADIID", array('VALUE' => $iid), true, true, true); } if (preg_match("/[^0-9]/", $sid)) { respond("BADSID", array('VALUE' => $sid), true, true, true); } // Set global variables $htdocs = "/srv/www/htdocs/services/"; $wwwroot = "https://cge.cbs.dtu.dk/services/"; // CONNECT TO THE DATABASE $mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge'); // CHECK CONNECTION if (mysqli_connect_errno()) { respond("MYSQLERROR", array('MESSAGE' => "Connect failed: %s\n", mysqli_connect_error()), true, true, true); }
} else { return NULL; } } function respond($status, $SESSIONID, $USERNAME, $EXIT = false) { echo "<?xml version='1.0' encoding='UTF-8'?><SESSION><STATUS>{$status}</STATUS><SESSIONID>{$SESSIONID}</SESSIONID><USERNAME>{$USERNAME}</USERNAME></SESSION>"; if ($EXIT == true) { exit; } } // MAIN if (count($_POST) > 0) { # or count($_GET)>0 // VALIDATE INPUT $EMAIL = _INPUT("EMAIL"); if (!is_email($EMAIL)) { respond("BADEMAIL", '', '', true); } // CONNECT TO THE DATABASE $mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge'); // CHECK CONNECTION if (mysqli_connect_errno()) { respond("Connect failed: %s\n", mysqli_connect_error(), '', '', true); } // CHECK USERNAME AND EMAIL AVAILABILITY $stmt = $mysqli->prepare("SELECT status, usr, pwd FROM users WHERE email = ?"); $stmt->bind_param('s', $EMAIL); // EXECUTE AND GET RESULTS $stmt->execute(); $stmt->bind_result($stat, $usr, $pwd);
{ echo "<?xml version='1.0' encoding='UTF-8'?><SESSION><STATUS>{$status}</STATUS><SESSIONID>{$SESSIONID}</SESSIONID><USERNAME>{$USERNAME}</USERNAME></SESSION>"; if ($EXIT == true) { exit; } } // MAIN if (count($_POST) > 0) { # or count($_GET)>0 $securimage = new Securimage(); $key = ")gIs56bi%"; // VALIDATE INPUTS $USERNAME = _INPUT("USERNAME"); $PASSWORD = sha1($key . $USERNAME . _INPUT("PASSWORD") . $key); $EMAIL = _INPUT("EMAIL"); $CAPTCHA = preg_replace("/[^A-Za-z0-9]/", '', _INPUT("CAPTCHA")); if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) { respond("BADUSER", '', '', true); } if (!is_email($EMAIL)) { respond("BADEMAIL", $EMAIL, '', true); } //if ($securimage->check($CAPTCHA) == false) { respond("BADIMAGE", '', '', true); } // CONNECT TO THE DATABASE $mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge'); // CHECK CONNECTION if (mysqli_connect_errno()) { respond("Connect failed: %s\n", mysqli_connect_error(), '', '', true); } // CHECK USERNAME AND EMAIL AVAILABILITY $stmt = $mysqli->prepare("SELECT usr FROM users WHERE usr = ? OR email = ?");
// IMPORT PHP LIBRARIES include_once '/srv/www/php-lib/cge_std_tools.php'; // Including CGE_std clases and functions //////////////////////// MAIN ///////////////////////// if (count($_POST) + count($_GET) > 0 and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) { // VALIDATE SESSION $SESSIONID = $_SESSION['SESSIONID']; $USERNAME = $_SESSION['USERNAME']; if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) { respond("BADUSER", '', true); } if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) { respond("BADSESSION", '', true); } // VALIDATE INPUTS $iid = _INPUT('IID'); if ($iid == '' or $iid == null) { respond("NOIID", '', true); } if (preg_match("/[^0-9]/", $iid)) { respond("BADIID", array('VALUE' => $iid), true); } // CONNECT TO THE DATABASE $mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge'); // CHECK CONNECTION if (mysqli_connect_errno()) { respond("MYSQLERROR", array('MESSAGE' => "Connect failed: %s\n", mysqli_connect_error()), true); } // VALIDATE USER AND EXTRACT UID => $status = ACCEPTED or NOUSER or INVALIDSESSION list($status, $uid) = ValidateUser($mysqli, $USERNAME, $SESSIONID); // VERIFY ISOLATE ACCESS PERMISSIONS => $status = ACCEPTED or NOACCESS or NOISOLATE
if (preg_match("/[^A-Za-z0-9]/", _INPUT("SESSIONID")) or strlen(_INPUT("SESSIONID")) < 40) { respond("BADSESSIONID", ''); exit; } // CONNECT TO THE DATABASE $mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge'); // CHECK CONNECTION if (mysqli_connect_errno()) { respond("Connect failed: %s\n", mysqli_connect_error(), '', ''); exit; } //CHECK FOR CORRECT USERNAME AND SESSIONID ### TODO ### //GET DATA FROM DATABASE $stmt = $mysqli->prepare("SELECT i.id, i.sample_name,\n m.country, m.region, m.city, m.zip_code, m.collection_date, m.isolation_source, m.pathogenic,\n r.id rid, r.run_id, r.service, r.date,\n a.id, a.n50,\n mlst.id m_id,\n pmlst.id pm_id,\n rf.id rf_id\n FROM isolates i \n LEFT OUTER JOIN meta m ON i.id = m.isolate_id\n LEFT OUTER JOIN runs r ON i.id = r.isolate_id\n LEFT OUTER JOIN assembly a ON i.id = a.isolate_id\n LEFT OUTER JOIN mlst ON r.id = mlst.runid\n LEFT OUTER JOIN pmlst ON r.id = pmlst.runid\n LEFT OUTER JOIN resfinder rf ON r.id = rf.runid\n WHERE r.user_id = ?\n ;"); $stmt->bind_param('s', $USERNAME); $USERNAME = preg_replace('/[^A-Za-z0-9\\_\\-\\.\\@\\,]/', '', _INPUT("USERNAME")); //EXECUTE PREPARED STATEMENT $stmt->execute(); // BIND RESULT VARIABLES $stmt->bind_result($r_id, $r_name, $r_country, $r_region, $r_city, $r_zip, $r_mdate, $r_origin, $r_pathogenicity, $r_rid, $r_uid, $r_service, $r_rdate, $r_aid, $r_n50, $r_m_id, $r_pm_id, $r_rf_id); // FETCH RESULTS $count = 0; $DATA = array(); while ($stmt->fetch()) { $isolat = array('id' => $r_id, 'name' => $r_name, 'metadata' => array('country' => $r_country, 'region' => $r_region, 'city' => $r_city, 'zip' => $r_zip, 'date' => $r_mdate, 'origin' => $r_origin, 'pathogenicity' => $r_pathogenicity), 'assembly' => array('id' => $r_aid, 'n50' => $r_n50), 'runs' => array("run{$r_rid}" => array('uid' => $r_uid, 'service' => $r_service, 'date' => $r_rdate, 'servicedata' => array()))); // ADD SERVICE DATA if ($r_m_id) { $isolat['runs']["run{$r_rid}"]['servicedata']['m_id'] = $r_m_id; } elseif ($r_pm_id) { $isolat['runs']["run{$r_rid}"]['servicedata']['pm_id'] = $r_pm_id; } elseif ($r_rf_id) {
// Including CGE_std clases and functions $wwwroot = "http://cge.cbs.dtu.dk/services/"; $htdocs = "/srv/www/htdocs/services/"; function _INPUT($name) { if ($_SERVER['REQUEST_METHOD'] == 'GET') { return strip_tags($_GET[$name]); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { return strip_tags($_POST[$name]); } } if (count($_POST) > 0) { $uid = preg_replace('/[^0-9\\_]/', '', _INPUT("UID")); $service = preg_replace('/[^A-Za-z]/', '', _INPUT("SERVICE")); $version = preg_replace('/[^0-9\\.]/', '', _INPUT("VERSION")); if ($version != '') { # Adding dash to version $version = '-' . $version; } $wwwroot .= $service . $version . "/"; //include $htdocs.$service.$version."/header.html"; # Header file # INCLUDE STANDARD HTML HEADER $CGE = new CGE(); // Load the Class # INCLUDE CGE MENU # Format is: ServerName, "(Link/Path.html, 'NameOfLink'),(Link/Path.html, 'NameOfLink')" $CGE->std_header("", "(" . $wwwroot . "instructions.php,'Instructions'),(" . $wwwroot . "output.php,'Output'),(" . $wwwroot . "abstract.php,'Article abstract')"); // Print the Menu if ($uid != "" and $service != "") { $fullPath = "/panfs1/cge-servers/" . $service . "/" . $service . $version . "/IO/" . $uid . "/final_output/" . $service . ".out.gz";
// IMPORT PHP LIBRARIES include_once '/srv/www/php-lib/cge_std_tools.php'; // Including CGE_std clases and functions //////////////////////// MAIN ///////////////////////// if (count($_POST) + count($_GET) > 0 and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) { // VALIDATE SESSION $SESSIONID = $_SESSION['SESSIONID']; $USERNAME = $_SESSION['USERNAME']; if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) { respond("BADUSER", '', true); } if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) { respond("BADSESSION", '', true); } // VALIDATE INPUTS $iid = _INPUT("IID"); if ($iid == '' or $iid == null) { respond("NOIID", '', true); } if (preg_match("/[^0-9]/", $iid)) { respond("BADIID", array('VALUE' => $iid), true); } // CONNECT TO THE DATABASE $mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge'); // CHECK CONNECTION if (mysqli_connect_errno()) { respond("MYSQLERROR", array('MESSAGE' => "Connect failed: %s\n", mysqli_connect_error()), true); } // VALIDATE USER AND EXTRACT UID => $status = ACCEPTED or NOUSER or INVALIDSESSION list($status, $uid) = ValidateUser($mysqli, $USERNAME, $SESSIONID); // VERIFY ISOLATE ACCESS PERMISSIONS => $status = ACCEPTED or NOACCESS or NOISOLATE
} else { return NULL; } } function respond($status, $SESSIONID, $USERNAME, $EXIT = false) { echo "<?xml version='1.0' encoding='UTF-8'?><SESSION><STATUS>{$status}</STATUS><SESSIONID>{$SESSIONID}</SESSIONID><USERNAME>{$USERNAME}</USERNAME></SESSION>"; if ($EXIT == true) { exit; } } // MAIN if (count($_POST) > 0 or count($_GET) > 0) { // VALIDATE INPUTS $USERNAME = _INPUT("USERNAME"); $ACTIVATE = _INPUT("ACTIVATE"); if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) { respond("BADUSER", '', '', true); } if (preg_match("/[^A-fa-f0-9]/", $ACTIVATE)) { respond("BADHASH", '', '', true); } // CONNECT TO THE DATABASE $mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge'); // CHECK CONNECTION if (mysqli_connect_errno()) { respond("Connect failed: %s\n", mysqli_connect_error(), '', '', true); } // CHECK ACTIVATION CODE AND STATUS $stmt = $mysqli->prepare("SELECT tmp, status FROM users WHERE usr = ?"); $stmt->bind_param('s', $USERNAME);
// MAIN if (count($_POST) > 0 and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) { # or count($_GET)>0 $key = ")gIs56bi%"; // VALIDATE INPUTS $SESSIONID = $_SESSION['SESSIONID']; $USERNAME = $_SESSION['USERNAME']; if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) { respond("BADUSER", '', '', true); } if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) { respond("BADSESSION", '', '', true); } $NEW_USERNAME = _INPUT("USERNAME"); $NEW_EMAIL = _INPUT("EMAIL"); $NEW_PASSWORD = sha1($key . $NEW_USERNAME . _INPUT("PASSWORD") . $key); if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $NEW_USERNAME)) { respond("BADUSER2", '', '', true); } if (!is_email($NEW_EMAIL)) { respond("BADEMAIL", '', '', true); } // CONNECT TO THE DATABASE $mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge'); // CHECK CONNECTION if (mysqli_connect_errno()) { respond("Connect failed: %s\n", mysqli_connect_error(), '', '', true); } // CHECK USERNAME AND SESSIONID $stmt = $mysqli->prepare("SELECT session_id, email FROM users WHERE usr = ?"); $stmt->bind_param('s', $USERNAME);
return NULL; } } function respond($status, $SESSIONID, $USERNAME, $EXIT = false) { echo "<?xml version='1.0' encoding='UTF-8'?><SESSION><STATUS>{$status}</STATUS><SESSIONID>{$SESSIONID}</SESSIONID><USERNAME>{$USERNAME}</USERNAME></SESSION>"; if ($EXIT == true) { exit; } } if (count($_POST) > 0) { # or count($_GET)>0 $key = ")gIs56bi%"; // VALIDATE INPUTS $USERNAME = _INPUT("USERNAME"); $PASSWORD = sha1($key . $USERNAME . _INPUT("PASSWORD") . $key); if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) { respond("BADUSER", '', '', true); } // CONNECT TO THE DATABASE $mysqli = new mysqli($host, $user, $passwd, $db, $port); // CHECK CONNECTION if (mysqli_connect_errno()) { respond("Connect failed: %s\n", mysqli_connect_error(), '', '', true); } // CHECK FOR CORRECT USERNAME AND PASSWORD $stmt = $mysqli->prepare("SELECT status FROM users WHERE usr = ? AND pwd = ?"); $stmt->bind_param('ss', $USERNAME, $PASSWORD); // EXECUTE AND GET RESULTS $stmt->execute(); $stmt->bind_result($stat);
get_user_details(); </script> <!-- END OF CONTENT --><?php } elseif ($ACTION == "cancel_create") { $uid = _INPUT("uid"); $tmp = _INPUT("tmp"); echo "<p id='msg'>Cancelling your account creation...</p><script type='text/javascript'>cancel_create('{$uid}', '{$tmp}');</script>"; } elseif ($ACTION == "confirm_create") { $uid = _INPUT("uid"); $tmp = _INPUT("tmp"); echo "<p id='msg'>Activating your account...</p><script type='text/javascript'>confirm_create('{$uid}', '{$tmp}');</script>"; } elseif ($ACTION == "cancel_reset") { $uid = _INPUT("uid"); echo "<p id='msg'>Cancelling reset of your password...</p><script type='text/javascript'>cancel_reset('{$uid}');</script>"; } elseif ($ACTION == "cancel_delete") { $uid = _INPUT("uid"); $tmp = _INPUT("tmp"); echo "<p id='msg'>Cancelling the deletion of your account...</p><script type='text/javascript'>cancel_delete('{$uid}', '{$tmp}');</script>"; } elseif ($ACTION == "confirm_delete") { $uid = _INPUT("uid"); $tmp = _INPUT("tmp"); echo "<p id='msg'>Finalising deletion of your account...</p><script type='text/javascript'>confirm_delete('{$uid}', '{$tmp}');</script>"; } else { echo "<p id='msg'>Redirecting to service overview page...</p><script type='text/javascript'>window.location='/services/index.php';</script>"; } $CGE->Piwik(15); // Printing Piwik codes!! # Displays a standard footer; two parameters: # First a simple headline like: "Support" # then a list of emails like this: "('Scientific problems','foo','*****@*****.**'),('Technical problems','bar','*****@*****.**')" $CGE->standard_foot("Support", "('Technical problems','CGE Support','*****@*****.**')");
$serviceRoot = "/srv/www/htdocs/services/"; # STANDARD CBS PAGE TEMPLATES, always include this file include_once '/srv/www/php-lib/cge_std_tools.php'; // Including CGE_std clases and functions // Load the CGE class (title, meta_tags, banner_path, css_paths, js_paths) '' is default $CGE = new CGE('Sample Overview', '<base href="' . $domain . '" target="_blank">', '', '/tools_new/client/platform/styles/isolate_manager.css', '/tools_new/client/platform/scripts/isolate_manager.js'); # CGE MENU # Format is: ServerName, "(Link/Path.html, 'NameOfLink'),(Link/Path.html, 'NameOfLink')" $CGE->std_header("Sample Overview", "(/tools_new/client/platform/sample/,'Home'),(/services/,'Services'),(/services/cge/index.php,'Batch Upload'),(/services/CGEpipeline-1.0/map.php,'MapViewer')", FALSE); // Print the Menu // REQUIRE THE USER TO LOGIN if ($CGE->user_is_logged_in()) { $ACTION = _INPUT("action"); if ($ACTION == "edit") { // SHOW EDITING FORM $iid = _INPUT("iid"); ?> <!-- START OF CONTENT --> <div id='edit'> <button onclick="delete_isolate(<?php echo $iid; ?> );location.href=window.location.pathname;">Delete sample</button> <h3>Sample files: <span id='files' style='color:grey;'>No files were found!</span></h3> <form name='profile'> <p> <input type='hidden' name='iid'> Sample name: <input type='text' id='name' name='name'><br> Description: <textarea name='note'></textarea><br> Sampling Date: <input type='text' name='mdate' onchange='check_date(this.value, "date_check");'> <span id='date_check' style='font-weight: bold;'></span><br> Sequencing Technology:
echo md5(uniqid()); ?> " alt="CAPTCHA Image" align="left" /> <object type="application/x-shockwave-flash" data="./securimage/securimage_play.swf?bgcol=#ffffff&icon_file=./securimage/images/audio_icon.png&audio_file=./securimage/securimage_play.php" height="32" width="32"> <param name="movie" value="./securimage/securimage_play.swf?bgcol=#ffffff&icon_file=./securimage/images/audio_icon.png&audio_file=./securimage/securimage_play.php" /> </object> <a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage/securimage_show.php?sid=' + Math.random(); this.blur(); return false"><img src="./securimage/images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0" /></a><br /> <strong>Enter Code*:</strong><br /> <input type="text" name="captcha" size="12" maxlength="8" /> </p> <input type='button' value='Create User' onclick="check_name();check_email();check_password();create_login(this.form.username.value, this.form.password.value, this.form.email.value, this.form.captcha.value)"> </form> <!-- END OF CONTENT --> <?php } elseif (_INPUT("action") == "edit") { // SHOW EDIT FORM AND DELETE BUTTON ?> <h1>Edit Profile</h1> <h3>Login information: <?php $CGE->showhide("info_login"); ?> </h3> <form name='change_user_info'> <p id='info_login' class="hide" style="display:None;"> Change username to: <input type='text' name='username' onchange='check_name();'> <span id='username' style='font-weight: bold;'></span><br> Change password to: <input type='password' name='password' onkeyup='password_strength();check_password();'> Security: <span id='password_strength' style='font-weight: bold;'>None</span><br> Confirm password: <input type='password' name='passwordcheck' onkeyup='check_password();'> <span id='check_password' style='font-weight: bold;'></span><br> <input type='button' value='Save changes to login information' onclick="cremate_login(this.form.username.value, this.form.password.value, this.form.captcha.value)"><br> </p>