function check($SQLConn)
{
// Maybe use another time
/*
$sessionKey = "";
$SQL="
SELECT
US.LastActive,
U.FirstName,
U.LastName,
U.ProfilePicture
FROM UserSessions AS US
INNER JOIN Users AS U ON US.UserPkey = U.UserPkey
WHERE US.SessionKey = '".$sessionKey."'
";
*/
session_start();
if (isset($_SESSION['LAST_ACTIVITY']) && time() - $_SESSION['LAST_ACTIVITY'] > 1800) {
// last request was more than 30 minutes ago
session_unset();
// unset $_SESSION variable for the run-time
session_destroy();
// destroy session data in storage
}
if ($_SESSION['userSession']) {
$error = false;
} else {
$error = true;
$_SESSION['userSession'] = true;
}
if ($error == false) {
$act = checkAccount($SQLConn);
if ($act == true) {
$return = $error == true ? "Error" : "Success";
$_SESSION['LAST_ACTIVITY'] = time();
// update last activity time stamp
} else {
$return = "Error";
}
}
echo $return;
}
<?php
/**
* Created by PhpStorm.
* User: radim_000
* Date: 1. 7. 2015
* Time: 17:08
*/
include_once "../functions/check.php";
include_once "../functions/functions.php";
include_once "../functions/dbconnect.php";
include_once "../functions/ages.php";
include_once "../functions/player.php";
checkAccount($_COOKIE["MTU"], $mysqli);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
<meta name="description" content="">
<meta name="author" content="">
<link rel="icon" href="../../favicon.ico">
<title>Minecore Times - Úvodní stránka</title>
<!-- Bootstrap core CSS -->
<link href="../css/bootstrap.min.css" rel="stylesheet">
<?php
session_start();
require_once '../../config.php';
require_once '../../model/mysql_query.php';
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
if (checkAccount($username, $password)) {
$_SESSION['username'] = $username;
echo true;
} else {
echo "Password or Username are wrong";
}
}
mysql_close($db);
function migrateUserStats()
{
$denora = new mysqli(DENORA_HOSTNAME, DENORA_USERNAME, DENORA_PASSWORD, DENORA_DATABASE);
$anope = new mysqli(ANOPE_HOSTNAME, ANOPE_USERNAME, ANOPE_PASSWORD, ANOPE_DATABASE);
$result = $denora->query("SELECT * FROM ustats ORDER BY chan, `type`", MYSQLI_USE_RESULT);
while ($row = $result->fetch_assoc()) {
$account = getAccount($row['uname']);
if (!$account) {
continue;
}
if (!checkAccount($account)) {
continue;
}
$query = sprintf("INSERT INTO anope_chanstats (chan, nick, `type`, letters, words, line, actions, smileys_other, kicks, modes, topics,\r\n\t\ttime0, time1, time2, time3, time4, time5, time6, time7, time8, time9, time10, time11,\r\n\t\ttime12, time13, time14, time15, time16, time17, time18, time19, time20, time21, time22, time23)\r\n\t\tVALUES('%s', '%s', '%s', %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d)\r\n\t\tON DUPLICATE KEY UPDATE letters = letters + %d, words = words + %d, line = line + %d, actions = actions + %d, smileys_other = smileys_other + %d,\r\n\t\tkicks = kicks + %d, modes = modes + %d, topics = topics + %d,\r\n\t\ttime0 = time0 + %d, time1 = time1 + %d, time2 = time2 + %d, time3 = time3 + %d, time4 = time4 + %d, time5 = time5 + %d,\r\n\t\ttime6 = time6 + %d, time7 = time7 + %d, time8 = time8 + %d, time9 = time9 + %d, time10 = time10 + %d, time11 = time11 + %d,\r\n\t\ttime12 = time12 + %d, time13 = time13 + %d, time14 = time14 + %d, time15 = time15 + %d, time16 = time16 + %d, time17 = time17 + %d,\r\n\t\ttime18 = time18 + %d, time19 = time19 + %d, time20 = time20 + %d, time21 = time21 + %d, time22 = time22 + %d, time23 = time23 + %d\r\n\t\t", $row['chan'] == 'global' ? '' : $row['chan'], $account, getAnopeChanstatsType($row['type']), $row['letters'], $row['words'], $row['line'], $row['actions'], $row['smileys'], $row['kicks'], $row['modes'], $row['topics'], $row['time0'], $row['time1'], $row['time2'], $row['time3'], $row['time4'], $row['time5'], $row['time6'], $row['time7'], $row['time8'], $row['time9'], $row['time10'], $row['time11'], $row['time12'], $row['time13'], $row['time14'], $row['time15'], $row['time16'], $row['time17'], $row['time18'], $row['time19'], $row['time20'], $row['time21'], $row['time22'], $row['time23'], $row['letters'], $row['words'], $row['line'], $row['actions'], $row['smileys'], $row['kicks'], $row['modes'], $row['topics'], $row['time0'], $row['time1'], $row['time2'], $row['time3'], $row['time4'], $row['time5'], $row['time6'], $row['time7'], $row['time8'], $row['time9'], $row['time10'], $row['time11'], $row['time12'], $row['time13'], $row['time14'], $row['time15'], $row['time16'], $row['time17'], $row['time18'], $row['time19'], $row['time20'], $row['time21'], $row['time22'], $row['time23']);
if (!$anope->query($query)) {
die('FAILURE: ' . $query);
}
}
$result->close();
$denora->close();
$anope->close();
}
<img border="0" src="logo.jpg"/> </a>
<img id="upl" border="0" src="upload.jpg"/>
<form id="uploadform" action="add.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" />
<br />
<label for="title">Movie title:</label>
<input value="" title="movie title" size="22" name="title" maxlength="255" />
<input type="submit" name="submit" value="Submit" />
</form>
<?php
require "db_utils.php";
if (isset($_POST['title'])) {
checkAccount();
}
?>
<div id="back">
<script type="text/javascript">
function goBack()
{
window.history.back()
}
</script>
<a href="javascript:goBack()">Back</a>
</div>
<?php
include_once '../functions.php';
checklogin();
$conn = opendb();
if ($loggedin == 1) {
$account = sanitise('account');
$sd = sanitise('sd');
$sm = sanitise('sm');
$sy = sanitise('sy');
$ed = sanitise('ed');
$em = sanitise('em');
$ey = sanitise('ey');
$value = sanitise('value');
$order = sanitise('order');
$field = sanitise('field');
$perpage = intval(sanitise('perpage'));
if ($perpage == 0) {
$perpage = 20;
}
$offset = intval(sanitise('offset'));
checkAccount($user, $account, 0);
$startdate = strtotime($sm . "/" . $sd . "/" . $sy) - 1;
$enddate = strtotime($em . "/" . $ed . "/" . $ey) + 1;
if ($enddate < $startdate) {
$enddate = $startdate + 2;
}
statement($perpage, $user, $order, $account, $offset, $value, $field, $startdate, $enddate);
} else {
loginform();
}
<head>
<title>WAPAgenda Administration</title>
</head>
<body>
<?php
if (!session_is_registered("account")) {
function checkAccount($account, $password)
{
include "./../connect.php";
$sql = "select * from accounts where account='" . $account . "' and password='******' and state=1";
$result = mysql_query($sql);
$num = mysql_num_rows($result);
return $num > 0;
}
if (isset($account) && isset($password)) {
if (checkAccount($account, $password)) {
include "./stat.php";
session_register("account");
}
}
?>
<h1 align="center">Welcom to</h1>
<p align="center"><img src="./../logo.jpg"></p>
<p>Today is <?php
print date("j of F Y, \\a\\t g.i a", time());
?>
.</p>
<p>Please, enter your account and your password than validate.</p>
<form action="index.php" method="post">
<table align="center">
<tr><td>Account: </td><td><input type="text" name="account"></td></tr>
<?php
session_start();
$input_id = $_POST[id];
$input_pw = $_POST[password];
$user_info = checkAccount($input_id, $input_pw);
if (empty($user_info)) {
$_SESSION["login_error"] = "帳號密碼錯誤";
header("Location: http://127.0.0.1/PSMS/login.php");
} else {
$_SESSION["user_id"] = $input_id;
$_SESSION["user_name"] = $user_info[0];
$_SESSION["user_isAdmin"] = $user_info[1];
if (isset($_SESSION["login_error"])) {
unset($_SESSION["login_error"]);
}
if ($_SESSION["user_isAdmin"]) {
header("Location: http://127.0.0.1/PSMS/manager.php");
} else {
header("Location: http://127.0.0.1/PSMS/employee.php");
}
}
function checkAccount($id, $pw)
{
$db_host = "127.0.0.1";
$db_user = "******";
$db_pass = "******";
$db_select = "PSMS";
$db_connect = "mysql:host=" . $db_host . ";dbname=" . $db_select;
$db_go = new PDO($db_connect, $db_user, $db_pass);
$db_go->exec("SET NAMES UTF8");
function updatereconcile($user, $account, $value)
{
$account = checkAccount($user, $account, 0);
$query = "UPDATE accounts SET ReconciledTotal='{$value}' WHERE AccountID='{$account}'";
mysql_query($query) or die(mysql_error());
if ($account != 0) {
$account = "AccountID='{$account}' AND ";
} else {
$account = NULL;
}
$query = "SELECT * FROM payments WHERE " . $account . " UserID='{$user}' AND Reconciled='1'";
$result = mysql_query($query) or die(mysql_error());
$recbal = 0;
while ($row = mysql_fetch_assoc($result)) {
$recbal = $recbal + $row['PaymentAmount'];
}
$diff = $value - $recbal;
$recbal = displayamount($recbal, $user);
$diff = displayamount($diff, $user);
echo "Reconciled Balance: " . $recbal . " Difference: " . $diff;
}
include_once '../functions.php';
checklogin();
$conn = opendb();
if ($loggedin == 1) {
$id = sanitise('id');
$otherparty = sanitise('o');
$toaccount = sanitise('toaccount');
$toaccount = checkAccount($user, $toaccount, 0);
$desc = sanitise('d');
$amount = sanitise('a');
$type = sanitise('t');
$d = sanitise('day');
$m = sanitise('month');
$y = sanitise('year');
$account = sanitise('account');
$account = checkAccount($user, $account);
$label = sanitise('label');
$label = checklabel($user, $label);
$time = strtotime($m . "/" . $d . "/" . $y);
if ($toaccount != 0) {
$otherparty = getaccountname($toaccount);
}
$query = "UPDATE payments SET ";
if ($otherparty != NULL) {
$query = $query . "PaymentName='{$otherparty}', ";
}
if ($desc != NULL) {
$query = $query . "PaymentDesc='{$desc}', ";
}
if ($amount != NULL) {
$query = $query . "PaymentAmount='{$amount}', ";
$accsel = checkAccount($user, $accsel, 0);
$order = sanitise('order');
$rt = sanitise('rt');
$rf = sanitise('rf');
$offset = sanitise('offset');
$recvalue = sanitise('recvalue');
$perpage = sanitise('perpage');
$field = sanitise('field');
$label = sanitise('label');
$label = checklabel($user, $label);
$time = strtotime($m . "/" . $d . "/" . $y);
if ($amount != NULL && $otherparty != NULL && $desc != NULL) {
$account = checkAccount($user, $account);
if (substr($otherparty, 0, 11) == 'ThisAccount') {
$toaccount = substr($otherparty, 11);
$toaccount = checkAccount($user, $toaccount, 0);
if ($toaccount != 0) {
$theotherparty = getaccountname($account);
$toamount = -$amount;
$query = "INSERT INTO payments (UserID, AccountID, Timestamp, PaymentName, PaymentDesc, PaymentAmount, PaymentType, ToAccount, LabelID) VALUES ('{$user}', '{$toaccount}', '{$time}', '{$theotherparty}', '{$desc}', '{$toamount}', '{$type}', '{$account}', '{$label}')";
mysql_query($query) or die(mysql_error() . " addpayment#001");
$insertid = mysql_insert_id();
$otherparty = getaccountname($toaccount);
}
}
if ($insertid == NULL) {
$insertid = 0;
}
$query = "INSERT INTO payments (UserID, AccountID, Timestamp, PaymentName, PaymentDesc, PaymentAmount, PaymentType, ToAccount, PairedID, LabelID) VALUES ('{$user}', '{$account}', '{$time}', '{$otherparty}', '{$desc}', '{$amount}', '{$type}', '{$toaccount}', '{$insertid}', '{$label}')";
mysql_query($query) or die(mysql_error() . " addpayment#002");
$paymentid = mysql_insert_id();
