public function index($id)
{
if ($this->session->userdata('username') === false || $this->session->userdata('username') != 'admin') {
redirect('home');
}
$this->load->model('user');
$item = $this->user->get($id);
foreach ($item as $var) {
$item = $var;
break;
}
$item['is_comented'] = 0;
$item = $this->user->edit($id, $item);
goback();
}
function op_delclient()
{
$t = true;
if (isset($_POST['delete']) && is_array($_POST['delete'])) {
include_once "ClientModel.class.php";
$clientModel = new ClientModel();
foreach ($_POST['delete'] as $u) {
$t *= $clientModel->deleteClient($u);
}
if ($t) {
show_message_goback(lang('success'));
}
}
show_message(lang('selectone'));
goback();
}
$passupdated = 1;
}
if ($disableemailchange != 'no' && $smtptype != 'none' && $email != $CURUSER["email"]) {
if (EmailBanned($email)) {
bark($lang_usercp['std_email_address_banned']);
}
if (!EmailAllowed($email)) {
bark($lang_usercp['std_wrong_email_address_domains'] . allowedemails());
}
if (!validemail($email)) {
stderr($lang_usercp['std_error'], $lang_usercp['std_wrong_email_address_format'] . goback("-2"), 0);
die;
}
$r = sql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr();
if (mysql_num_rows($r) > 0) {
stderr($lang_usercp['std_error'], $lang_usercp['std_email_in_use'] . goback("-2"), 0);
die;
}
$changedemail = 1;
}
if ($resetpasskey == 1) {
$passkey = md5($CURUSER['username'] . date("Y-m-d H:i:s") . $CURUSER['passhash']);
$updateset[] = "passkey = " . sqlesc($passkey);
}
if ($changedemail == 1) {
$sec = mksecret();
$hash = md5($sec . $email . $sec);
$obemail = rawurlencode($email);
$updateset[] = "editsecret = " . sqlesc($sec);
$subject = "{$SITENAME}" . $lang_usercp['mail_profile_change_confirmation'];
$body = <<<EOD
p('<p>Instead »');
p('year:');
makeinput(array('name' => 'year', 'value' => date('Y', $opfilemtime), 'size' => 4));
p('month:');
makeinput(array('name' => 'month', 'value' => date('m', $opfilemtime), 'size' => 2));
p('day:');
makeinput(array('name' => 'day', 'value' => date('d', $opfilemtime), 'size' => 2));
p('hour:');
makeinput(array('name' => 'hour', 'value' => date('H', $opfilemtime), 'size' => 2));
p('minute:');
makeinput(array('name' => 'minute', 'value' => date('i', $opfilemtime), 'size' => 2));
p('second:');
makeinput(array('name' => 'second', 'value' => date('s', $opfilemtime), 'size' => 2));
p('</p>');
formfooter();
goback();
} elseif ($action == 'shell') {
if (IS_WIN && IS_COM) {
if ($program && $parameter) {
$shell = new COM('Shell.Application');
$a = $shell->ShellExecute($program, $parameter);
m('Program run has ' . (!$a ? 'success' : 'fail'));
}
!$program && ($program = 'c:\\windows\\system32\\cmd.exe');
!$parameter && ($parameter = '/c net start > ' . SA_ROOT . 'log.txt');
formhead(array('title' => 'Execute Program'));
makehide('action', 'shell');
makeinput(array('title' => 'Program', 'name' => 'program', 'value' => $program, 'newline' => 1));
p('<p>');
makeinput(array('title' => 'Parameter', 'name' => 'parameter', 'value' => $parameter));
makeinput(array('name' => 'submit', 'class' => 'bt', 'type' => 'submit', 'value' => 'Execute'));
public function ajax_post_()
{
$data = $_POST;
unset($data['__hash__']);
$team_id = DBModel::getTeamByUser(session('userid'));
$res = DBModel::updateDB('cernet_team', array('id' => $team_id), $data);
if ($res != false) {
echo 'success';
goback();
} else {
echo 'error';
}
}
function show_message_goback($msg = '')
{
show_message($msg);
goback(0);
}
<?php
include "retwis.php";
# Form sanity checks
if (!gt("username") || !gt("password")) {
goback("You need to enter both username and password to login.");
}
# The form is ok, check if the username is available
$username = gt("username");
$password = gt("password");
$r = redisLink();
$userid = $r->hget("users", $username);
if (!$userid) {
goback("Wrong username or password");
}
$realpassword = $r->hget("user:{$userid}", "password");
if ($realpassword != $password) {
goback("Wrong useranme or password");
}
# Username / password OK, set the cookie and redirect to index.php
$authsecret = $r->hget("user:{$userid}", "auth");
setcookie("auth", $authsecret, time() + 3600 * 24 * 365);
header("Location: index.php");
<?php
require "process.php";
if (isset($_POST['username']) and isset($_POST['password'])) {
$user = $_POST['username'];
$pass = $_POST['password'];
$isBind = "no";
$isBind = login($user, $pass, "1", $pdo);
if ($isBind) {
success($user, 'student-page.php');
} else {
$isBind = login($user, $pass, "2", $pdo);
if ($isBind) {
success($user, 'pro-page.php');
} else {
$isBind = login($user, $pass, "0", $pdo);
if ($isBind) {
success($user, 'admin-page.php');
} else {
goback("username หรือ password ไม่ถูกต้อง", "login.php");
}
}
}
} else {
goback("username หรือ password ไม่ถูกต้อง", "login.php");
}
function view_setlang()
{
$select = $_GET['setlang'];
setcookie("_Selected_Language", $select, time() + 3600 * 24 * 365, "/");
goback(0);
}
<?php
include "redis.php";
# Form sanity checks
if (!gt("username") || !gt("password") || !gt("password2")) {
goback("Every field of the registration form is needed!");
}
if (gt("password") != gt("password2")) {
goback("The two password fileds don't match!");
}
# The form is ok, check if the username is available
$username = gt("username");
$password = gt("password");
if ($redis->get("username:{$username}:id")) {
goback("Sorry the selected username is already in use.");
}
# Everything is ok, Register the user!
$userid = $redis->incr("global:nextUserId");
$redis->set("username:{$username}:id", $userid);
$redis->set("uid:{$userid}:username", $username);
$redis->set("uid:{$userid}:password", $password);
$authsecret = getrand();
$redis->set("uid:{$userid}:auth", $authsecret);
$redis->set("auth:{$authsecret}", $userid);
//set the users first value: 100
$redis->set("uid:{$userid}:value", 100);
# Manage a Set with all the users, may be userful in the future
//$redis->sadd("global:users",$userid);
# User registered! Login this guy
setcookie("auth", $authsecret, time() + 3600 * 24 * 365);
//redirect here
function op_delonlineuser()
{
if (SSO_MODE != 'ticket') {
show_message(lang('module_ban'));
die;
}
$t = true;
if (isset($_POST['delete']) && is_array($_POST['delete'])) {
include_once "PassportModel.class.php";
$passport = new PassportModel();
foreach ($_POST['delete'] as $ticket) {
$t *= $passport->deleteTicketById($ticket);
}
if ($t) {
show_message_goback(lang('success'));
}
}
show_message(lang('selectone'));
goback();
}
}
if ($haveUser2 == 0 || $haveUser3 == 0) {
if ($haveUser2 == 0 && $haveUser3 != "" && $haveUser2 != "") {
goback("สมาชิกไม่ถูกต้อง2", "cpe01.php");
die;
}
if ($haveUser3 == 0 && $haveUser3 != "") {
goback("สมาชิกไม่ถูกต้อง3", "cpe01.php");
die;
}
if ($haveUser2 == 0 && $haveUser3 == 0 && $haveUser3 != "" && $haveUser2 != "") {
goback("สมาชิกไม่ถูกต้อง4", "cpe01.php");
die;
}
if ($haveUser2 == 0 && $haveUser3 == 0) {
goback("สมาชิกไม่ถูกต้อง5", "cpe01.php");
die;
}
// if($haveUser2 == 0)
// {
// goback("สมาชิกไม่ถูกต้อง6","cpe01.php");
// die();
// }
// if($haveUser3 == 0)
// {
// goback("สมาชิกไม่ถูกต้อง7","cpe01.php");
// die();
// }
}
$sql_check = "SELECT ID FROM comsystem.project_status WHERE ID = '" . $std1 . "' or ID = '" . $std2 . "' or ID = '" . $std3 . "'";
$query_check = mysql_query($sql_check) or die(mysql_error());
function view_autologin()
{
$encrypted_data = '';
if (!empty($_GET['ticket']) && !preg_match("/[^0123456789abcdef]/i", $_GET['ticket'])) {
$encrypted_data = pack("H*", $_GET['ticket']);
$from = 'client';
} else {
if (isset($_COOKIE['Xppass_IC_CARD']) && !empty($_COOKIE['Xppass_IC_CARD']) && !preg_match("/[^0123456789abcdef]/i", $_COOKIE['Xppass_IC_CARD'])) {
$encrypted_data = pack("H*", $_COOKIE['Xppass_IC_CARD']);
$from = 'user';
}
}
if (!empty($encrypted_data)) {
$key = 'Powered by Xppass!';
$td = mcrypt_module_open('des', '', 'ecb', '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
$key = substr($key, 0, mcrypt_enc_get_key_size($td));
/* Initialize encryption module for decryption */
mcrypt_generic_init($td, $key, $iv);
$decrypted_data = mdecrypt_generic($td, $encrypted_data);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
//echo "text: ".trim($decrypted_data);
if (!empty($decrypted_data) && preg_match("/.*?\\|.{32}\\|.*?\\|\\d*?/ism", $decrypted_data)) {
list($user, $pwd_md5, $nickname, $time) = explode("|", $decrypted_data);
if ($time >= time() - 5 && $from == 'client' || $from == 'user') {
include_once "PassportModel.class.php";
$passmod = new PassportModel();
$userindex = $passmod->getUser($user);
if ($userindex !== false) {
$user_info = $passmod->getUserById($userindex['user_id'], $user);
if ($user_info['user_password'] == $pwd_md5) {
if ($user_info['user_state'] == 1) {
$updates['user_lastlogin_time'] = time();
$updates['user_lastlogin_ip'] = getip();
$passmod->updateUser($updates, $userindex['user_id'], $user);
//login
$user_info['autologin'] = 0;
$this->save_online_user($user_info);
//log
//curl_get_content($GLOBALS ['gSiteInfo'] ['stats_site_url']."/loginlog.php?user="******"&userid=".$user ['user_id']);
if (!empty($forward)) {
header("location: " . $forward);
} else {
header("location: " . $GLOBALS['gSiteInfo']['www_site_url'] . "/index.php");
die;
}
} else {
$msg = lang('userforbidden');
}
} else {
$msg = lang('pwdwrong');
}
} else {
$msg = lang('usernotexist');
}
} else {
$msg = lang('invalidurl');
}
} else {
$msg = lang('illegalsignon');
}
} else {
$msg = lang('illegalsignon');
}
show_message($msg);
goback();
}
<?php
require "config.php";
require "process.php";
session_start();
if (!isset($_SESSION['login_user'])) {
header('Location: login.php');
exit;
}
$sql = "SELECT nameThai,nameEng,std1,std2 FROM comsystem.createproject WHERE std1 = '" . $_SESSION['login_user'] . "' or std2 = '" . $_SESSION['login_user'] . "' or std3 = '" . $_SESSION['login_user'] . "'";
$query = mysql_query($sql) or die(mysql_error());
$rows = mysql_num_rows($query);
if ($rows == 1) {
goback("คุณมีข้อมูลโครงงานในระบบแล้ว", "appform.php");
die;
// echo "<center><font size = '7' color='#2c3e50'>คุณมีข้อมูลโครงงานในระบบแล้ว</font><br><br><a href='appform.php'><button>BACK.</button></a><hr>";
// echo "<script>setTimeout(\"location.href = 'appform.php';\",2000);</script></center>";
}
$id = $_SESSION['login_user'];
$sth = $pdo->prepare("SELECT * FROM students WHERE Student_ID = :id");
$sth->bindParam(':id', $id, PDO::PARAM_STR);
$sth->execute();
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
$name = $row['Name'];
$email = $row['email'];
$phone = $row['phone'];
}
?>
<html>
<head>
<meta charset = "utf-8">
<?php
session_start();
include 'common/db.php';
if (isset($_POST['gcheck'])) {
if (strtolower($_POST['gcheck']) == strtolower($_SESSION['code'])) {
if (isset($_POST['content'])) {
unset($_POST['gcheck']);
$_POST['gtime'] = time();
$_POST['gip'] = $_SERVER['REMOTE_ADDR'];
save('hnsc_guestbook', $_POST);
gomsg('index.php', '留言成功');
} else {
goback('留言必须填写');
}
} else {
goback('验证码不正确');
}
}
public function meta_quiz_()
{
eval(ADMIN);
try {
$data["stat_total_once"] = xassert(safepost("stat_total_once"), Error("post"));
$data["stat_pass"] = xassert(safepost("stat_pass"), Error("post"));
DBModel::updateDB("cernet_quiz_meta", array("id" => 1), $data);
goback();
} catch (Exception $e) {
#$this->error(Error("upload"), $e->getMessage());
throw_exception($e->getMessage());
}
}
