/** * valid user session */ function check_user_session() { @session_start(); //only for administrator if (!isAppLoggedIn() || @$_SESSION['username'] != 'hoangwebadmin') { header('Location:login.php?code=not_permission'); } }
function appLogout() { if (isAppLoggedIn()) { $GLOBALS['uloginFactorOne']->Logout($_SESSION['uid']); } unset($_SESSION['factorsCompleted']); unset($_SESSION['uid']); unset($_SESSION['username']); unset($_SESSION['loggedIn']); }
<?php require_once ('template.php'); if (!isAppLoggedIn()){ header('Location: index.php'); exit(); } $_SESSION['admin']['selected_tab']=3; unset($_SESSION['admin']['uedit']); if (isset($_POST['_add_deposit'])){ $db=new DBConnection(); $mysql_fields=''; $comma=''; $count=0; foreach ($_POST as $k=>$x){ if ($k!='trid'&&$k!='_submit'&&$k!='_add_deposit'&&$k!='k'){ if ($count!=0) $comma=', '; if ($k=='tr_value'||$k=='tr_fees'||$k=='tr_total') $x=str_replace(',', '', $x); $mysql_fields.=''.$comma.''.$k.'="'.$db->string_escape($x).'"'; $count++ ; } } if ($_POST['trid']!=''){ $getCurrentData=$db->getRow('transfers', 'tr_ref="'.$_POST['trid'].'"'); $query='UPDATE transfers SET '.$mysql_fields.', tr_system_update="'.date('Y-m-d H:i:s', CUSTOMTIME).'" WHERE tr_ref="'.$_POST['trid'].'"';
} else { $msg = 'account created'; } } } } } // Now we handle the presentation, based on whether we are logged in or not. // Nothing fancy, except where we create the 'login'-nonce towards the end // while generating the login form. header('Content-Type: text/html; charset=UTF-8'); // This inserts a few lines of javascript so that we can debug session problems. // This will be very usefull if you experience sudden session drops, but you'll // want to avoid using this on a live website. ulLog::ShowDebugConsole(); if (isAppLoggedIn()) { ?> <?php echo $msg; ?> <h3>This is a protected page. You are logged in, <?php echo $_SESSION['username']; ?> .</h3> <form action="example.php" method="POST"><input type="hidden" name="action" value="refresh"><input type="submit" value="Refresh page"></form> <form action="example.php" method="POST"><input type="hidden" name="action" value="logout"><input type="submit" value="Logout"></form> <form action="example.php" method="POST"><input type="hidden" name="action" value="delete"><input type="submit" value="Delete account"></form> <?php } else { ?> <?php