* along with this program. If not, see <http://www.gnu.org/licenses/>. */ require_once "inc/toolkit.inc.php"; include_once "inc/header.inc.php"; verify_permission('user_edit_own') ? $perm_edit_own = "1" : ($perm_edit_own = "0"); verify_permission('user_edit_others') ? $perm_edit_others = "1" : ($perm_edit_others = "0"); verify_permission('user_is_ueberuser') ? $perm_is_godlike = "1" : ($perm_is_godlike = "0"); if (!(isset($_GET['id']) && v_num($_GET['id']))) { error(ERR_INV_INPUT); include_once "inc/footer.inc.php"; exit; } else { $uid = $_GET['id']; } if (isset($_POST['commit'])) { if (is_valid_user($uid)) { $zones = $_POST['zone']; if (delete_user($uid, $zones)) { success(SUC_USER_DEL); } } else { header("Location: users.php"); exit; } } else { if ($uid != $_SESSION['userid'] && $perm_edit_others == "0" || $uid == $_SESSION['userid'] && $perm_is_godlike == "0") { error(ERR_PERM_DEL_USER); include_once "inc/footer.inc.php"; exit; } else { $fullname = get_fullname_from_userid($uid);
function delete_owner_from_zone($zone_id, $user_id) { global $db; if (verify_permission('zone_meta_edit_others') || verify_permission('zone_meta_edit_own') && verify_user_is_owner_zoneid($_GET["id"])) { // User is allowed to make change to meta data of this zone. if (is_numeric($zone_id) && is_numeric($user_id) && is_valid_user($user_id)) { // TODO: Next if() required, why not just execute DELETE query? if ($db->queryOne("SELECT COUNT(id) FROM zones WHERE owner=" . $db->quote($user_id, 'integer') . " AND domain_id=" . $db->quote($zone_id, 'integer')) != 0) { $db->query("DELETE FROM zones WHERE owner=" . $db->quote($user_id, 'integer') . " AND domain_id=" . $db->quote($zone_id, 'integer')); } return true; } else { error(sprintf(ERR_INV_ARGC, "delete_owner_from_zone", "{$zone_id} / {$user_id}")); } } else { return false; } }
$cp_ans = !empty($_POST['cp_ans']) ? $_POST['cp_ans'] : ""; $cp_message = !empty($_POST['cp_message']) ? $_POST['cp_message'] : ""; $cp_message = clean($cp_message); $error_msg = ""; $send = 0; if (!empty($_POST['submit'])) { $send = 1; if (empty($cp_name) || empty($cp_email) || empty($cp_message) || empty($cp_ans)) { $error_msg .= "<p style='color:#a00'><strong>" . __("Please fill in all required fields.", 'ml') . "</strong></p>\n"; $send = 0; } if (!is_valid_email($cp_email)) { $error_msg .= "<p style='color:#a00'><strong>" . __("Your email adress failed to validate.", 'ml') . "</strong></p>\n"; $send = 0; } if (!is_valid_user($cp_ans)) { $error_msg .= "<p style='color:#a00'><strong>" . __("Incorrect Answer to the AntiSpam Question.", 'ml') . "</strong></p>\n"; $send = 0; } } if (!$send) { ?> <h2 class="post-title"><?php the_title(); ?> </h2> <div class="post-content"> <?php the_content(__("Continue Reading »", 'ml')); ?> <p class="post-info">* - <?php
} disconnect_sql(); } elseif (isset($_GET['view'])) { if (user_type() == "user") { cust_die("You may not access this page."); } connect_sql(); // if the user wants to see data on a specific user... if (isset($_GET['id'])) { if (!is_numeric($_GET['id'])) { cust_die("Invalid ID number."); } $requested_ID = escape_string(htmlspecialchars($_GET['id'])); connect_sql(); // see if the requested ID is a user or not... if (is_valid_user($requested_ID) == FALSE) { cust_die("Invalid ID number."); } $user_info = @query("SELECT `surname`, `firstname` FROM `users` WHERE `ID`='{$requested_ID}' LIMIT 1") or die("Error getting information the database."); while ($row = result($user_info)) { $name = stripslashes($row->firstname) . " " . stripslashes($row->surname); } if (user_type($requested_ID) == "user") { $user_info = @query("SELECT `studentID` FROM `students` WHERE `ID`='{$requested_ID}' LIMIT 1") or die("Error getting information from the database."); while ($row2 = result($user_info)) { $studentID = $row2->studentID; } } else { $studentID = "teacher"; } $times_absent = @query("SELECT * FROM `absences` WHERE `user_ID`='{$requested_ID}'") or die("Error getting information from the database.");
$review_high = $user_info['review_high']; $review_medium = $user_info['review_medium']; $review_low = $user_info['review_low']; $submit_risks = $user_info['submit_risks']; $modify_risks = $user_info['modify_risks']; $plan_mitigations = $user_info['plan_mitigations']; // Check if a new password was submitted if (isset($_POST['change_password'])) { $user = $_SESSION["user"]; $current_pass = $_POST['current_pass']; $new_pass = $_POST['new_pass']; $confirm_pass = $_POST['confirm_pass']; // Send an alert $alert = true; // If the user and current password are valid if (is_valid_user($user, $current_pass)) { // Verify that the two passwords are the same if ("{$new_pass}" == "{$confirm_pass}") { // Generate the salt $salt = generateSalt($user); // Generate the password hash $hash = generateHash($salt, $new_pass); // Update the password update_password($user, $hash); // Audit log $risk_id = 1000; $message = "Password was modified for the \"" . $_SESSION['user'] . "\" user."; write_log($risk_id, $_SESSION['uid'], $message); $alert_message = "Your password has been updated successfully!"; } else { $alert_message = "The new password entered does not match the confirm password entered. Please try again.";
// if everything's good, update the database... @query("UPDATE `classes` SET `name`='{$class_name}', `teacher`='{$teacher}', `room`='{$classroom}', `period`='{$class_period}', `semester`='{$class_semester}' WHERE `ID`='{$class_id}' LIMIT 1") or die("Error updating the database."); print "Done. <a href=\"options.php?class\" title=\"edit another class\">Edit another class</a>?"; disconnect_sql(); } } elseif (isset($_POST['changepassword'])) { if (user_type() != "admin") { cust_die("You may not view that page."); } connect_sql(); if (!isset($_POST['user']) or is_numeric($_POST['user']) == FALSE) { cust_die("Invalid user."); } $user = escape_string(htmlspecialchars($_POST['user'])); // make sure the user's valid; they don't necessarily have to be a teacher if (is_valid_user($user) == FALSE) { cust_die("Invalid user."); } if (!isset($_POST['pass1']) or $_POST['pass1'] == "" or strlen($_POST['pass1']) < 6) { cust_die("The password must be at least 6 characters long."); } if (!isset($_POST['pass2']) or $_POST['pass2'] == "" or strlen($_POST['pass2']) < 6) { cust_die("You must enter the password twice, and it must be at least 6 characters long."); } if ($_POST['pass1'] != $_POST['pass2']) { cust_die("The passwords must match."); } $cryptpass = md5(md5(escape_string($_POST['pass1']))); // update his or her password @query("UPDATE `users` SET `password`='{$cryptpass}' WHERE `ID`='{$user}' LIMIT 1") or die("Error updating the user's password."); print "Done. <a href=\"options.php?teacher\" title=\"edit a teacher\">Edit another teacher</a>?";
$params = session_get_cookie_params(); setcookie(session_name(), '', 1, $params['path'], $params['domain'], $params['secure'], isset($params['httponly'])); } // Destroy the session session_destroy(); // Redirect to the upgrade login form header('Location: /admin/upgrade.php'); } // Default is no alert $alert = false; // If the login form was posted if (isset($_POST['submit'])) { $user = $_POST['user']; $pass = $_POST['pass']; // If the user is valid if (is_valid_user($user, $pass)) { // Check if the user is an admin if ($_SESSION["admin"] == "1") { // Grant access $_SESSION["access"] = "granted"; } else { $alert = true; $alert_message = "You need to log in as an administrative user in order to upgrade the database."; // Deny access $_SESSION["access"] = "denied"; } } else { // Send an alert $alert = true; // Invalid username or password $alert_message = "Invalid username or password.";
function send_message() { $recipient = $this->input->post("user_id"); $sender_id = $this->session->userdata("user_id"); // pr($_POST);exit; if (!$this->input->post("new_message") && $this->input->post("new_message") == "1") { if (!is_valid_conversation($recipient, $sender_id)) { $this->session->set_flashdata("error", "Invalid Conversation"); redirect("user/conversations"); exit; } } if ($recipient == "0" || !is_valid_user($recipient)) { $this->session->set_flashdata("error", "Invalid recipient"); redirect("user/conversations"); exit; } $this->form_validation->set_rules("message", "Message", "xss_clean|required"); if ($this->form_validation->run()) { $message = $this->input->post("message"); $subject = ""; $priority = 1; $success = $this->Mahana_model->send_new_message($sender_id, $recipient, $subject, $message, $priority); if ($success) { $this->session->set_flashdata("success", "Your message has been sent."); redirect("user/conversations?conversation_id=" . $recipient); } } else { $this->session->set_flashdata("error", "Message can not be blank."); redirect("user/conversations?conversation_id=" . $recipient); } }
<?php require 'mysql_connect.php'; //Absolutely Necessary $url = $_POST['img_url']; //Might as well gather some extra data $user = $_POST['user']; //username $weeks = $_POST['weeks']; //Number of weeks counted $artistcount = $_POST['artistcount']; if (is_valid_url($url) && is_valid_user($user) && is_numeric($weeks) && is_numeric($artistcount)) { $query = "INSERT INTO wave_db (username,url,weeks,artistcount) VALUES ('{$user}','{$url}',{$weeks},{$artistcount})"; $result = @mysqli_query($con, $query); echo json_encode("Added image to gallery."); } else { echo json_encode("Errors"); } mysqli_close($con);