public function checkUser()
{
//$username = $_POST['username'];
//$password = $_POST['password'];
require_once 'login.php';
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
if ($connection->connect_error) {
die($connection->connect_error);
}
if (isset($_POST['username']) && isset($_POST['password'])) {
$un_temp = mysql_entities_fix_string($connection, $_POST['username']);
$pw_temp = mysql_entities_fix_string($connection, $_POST['password']);
$query = "SELECT * FROM users WHERE username='******'";
$result = $connection->query($query);
if (!$result) {
die($connection->error);
} elseif ($result->num_rows) {
$row = $result->fetch_array(MYSQLI_NUM);
$result->close();
$salt1 = "qm&h*";
$salt2 = "pg!@";
$token = hash('ripemd128', "{$salt1}{$pw_temp}{$salt2}");
if ($token == $row[5]) {
session_start();
$_SESSION['username'] = $un_temp;
$_SESSION['password'] = $pw_temp;
$_SESSION['forename'] = $row[1];
$_SESSION['surname'] = $row[2];
$_SESSION['email'] = $row[3];
// echo "$row[0] $row[1] : Hi $row[0],
// you are now logged in as '$row[3]'";
die(header("location:projects.php"));
} else {
die("Invalid username/password combination<br><a href=index.html>Go back home!</a>");
}
} else {
die("Invalid username/password combination<br><a href=index.html>Go back home!</a>");
}
} else {
echo "<a href='index.html'> Try again! </a>";
die("Please enter your username and password");
}
$connection->close();
function mysql_entities_fix_string($connection, $string)
{
return htmlentities(mysql_fix_string($connection, $string));
}
function mysql_fix_string($connection, $string)
{
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
return $connection->real_escape_string($string);
}
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Content-Type: application/xml; charset=utf-8");
}
<?php
// authenticate2.php
require_once 'login.php';
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
if ($connection->connect_error) {
die($connection->connect_error);
}
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$un_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_USER']);
$pw_temp = mysql_entities_fix_string($connection, $_SERVER['PHP_AUTH_PW']);
$query = "SELECT * FROM users WHERE username='******'";
$result = $connection->query($query);
if (!$result) {
die($connection->error);
} elseif ($result->num_rows) {
$row = $result->fetch_array(MYSQLI_NUM);
$result->close();
$salt1 = "qm&h*";
$salt2 = "pg!@";
$token = hash('ripemd128', "{$salt1}{$pw_temp}{$salt2}");
if ($token == $row[3]) {
session_start();
$_SESSION['username'] = $un_temp;
$_SESSION['password'] = $pw_temp;
$_SESSION['forename'] = $row[0];
$_SESSION['surname'] = $row[1];
echo "{$row['0']} {$row['1']} : Hi {$row['0']},\n\t\t\t\tyou are now logged in as '{$row['2']}'";
die("<p><a href=continue.php>Click here to continue</a></p>");
} else {
die("Invalid username/password combination");
function __construct($username, $password, $inId)
{
$this->connection = new mysqli($GLOBALS['db_hostname'], $GLOBALS['db_username'], $GLOBALS['db_password'], $GLOBALS['db_database']);
$this->user_info['email'] = mysql_entities_fix_string($this->connection, $username);
$this->user_info['password'] = mysql_entities_fix_string($this->connection, $password);
$this->user_info['inId'] = mysql_entities_fix_string($this->connection, $inId);
$this->query = "SELECT * FROM users WHERE username='******'";
}
<?php
//Yasia Sylla R01483577
require_once 'login.php';
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
if ($connection->connect_error) {
die($connection->connect_error);
}
if (isset($_POST['username']) && isset($_POST['password'])) {
$un_temp = mysql_entities_fix_string($connection, $_POST['username']);
$pw_temp = mysql_entities_fix_string($connection, $_POST['password']);
$query = "SELECT * FROM users WHERE username='******'";
$result = $connection->query($query);
if (!$result) {
die($connection->error);
} elseif ($result->num_rows) {
$row = $result->fetch_array(MYSQLI_NUM);
$result->close();
$salt1 = "qm&h*";
$salt2 = "pg!@";
$token = hash('ripemd128', "{$salt1}{$pw_temp}{$salt2}");
if ($token == $row[4]) {
session_start();
$_SESSION['username'] = $un_temp;
$_SESSION['password'] = $pw_temp;
echo "Login successsful!";
die("<p><a href=menu.php>Click here to continue</a></p>");
} else {
die("Invalid username/password combination<br>");
}
} else {
session_start();
$connect = realpath('../../../../connection/connect.php');
$functions = realpath('../../../../common/functions.php');
$mysql_security = realpath('../../../../common/mysql_security.php');
require_once $connect;
require_once $functions;
require_once $mysql_security;
unset($_SESSION['visits']);
if (!empty($_SESSION['receipt_no'])) {
$receipt_no = $_SESSION['receipt_no'];
}
if (empty($_POST['adminNo'])) {
$adminNo = $_SESSION['adminNo'];
} else {
$adminNo = mysql_entities_fix_string($_POST['adminNo']);
}
$credit = new credential();
//select types of payment
//get the active term period first
$sql = "SELECT term_id,term_name,year_name FROM term_period WHERE active='1'";
$result = mysql_query($sql) or die('Cannot get Info3.');
$row6 = mysql_fetch_assoc($result);
if ($row6 != null) {
//var_dump($row6);
extract($row6);
//GET STUDENT INFORMATION
$sql = "SELECT stud_id ,fname,mname,lname,class_name,class_for,admission_year FROM student_details,class\n WHERE student_details.adminNo='{$adminNo}' AND student_details.class_id=class.class_id AND student_details.active=1";
$result = mysql_query($sql) or die('Cannot get Info7.');
$row12 = mysql_fetch_assoc($result);
if ($row12 == null) {
<?php
$user = mysql_entities_fix_string($_POST['user']);
$pass = mysql_entities_fix_string($_POST['pass']);
$query = "SELECT * FROM users WHERE user='******' AND pass='******'";
function mysql_entities_fix_string($string)
{
return htmlentities(mysql_fix_string($string));
}
function mysql_fix_string($string)
{
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
return mysql_real_escape_string($string);
}
$fail_msg = 'Already exists.';
}
if ($_FILES['fileToUpload']['size'] > 10000000) {
$uploadOK = 0;
$fail_msg = 'Too big.';
}
if ($imageFileType != 'jpg' && $imageFileType != 'png' && $imageFileType != 'jpeg') {
$uploadOK = 0;
$fail_msg = 'Not jpg, png or jpeg.';
}
if ($uploadOK == 0) {
} else {
if (move_uploaded_file($_FILES['fileToUpload']['tmp_name'], $target_path)) {
$fail_msg = 'File uploaded.';
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
$ti_temp = mysql_entities_fix_string($connection, $title);
$query = "INSERT INTO user_images(user_id, title, path)\n VALUES ('{$user_id}', '{$ti_temp}', '{$target_path}')";
$result = $connection->query($query);
if (!$result) {
die($connection->error);
}
$connection->close();
makeThumbnail($target_dir, $target_file);
} else {
$fail_msg = 'There was an error.';
}
}
}
function validate_title($field)
{
if (strlen($field) > 64) {
<?php
if (isset($_SESSION['user']) && !isset($_POST['LOGOUT'])) {
displayWelcomePanel($user);
}
/* If the a session user variable is not set and AUTH_USERNAME and AUTH_PASSWORD have been posted sign in the user */
if (!isset($_SESSION['user']) && isset($_POST['AUTH_EMAIL']) && isset($_POST['AUTH_PASSWORD'])) {
$dbMan = new DatabaseManager();
if (!$dbMan->establishConnection()) {
//database connection error
return;
}
//create new user instance
$user = new User($_POST['AUTH_EMAIL']);
$user->password = $_POST['AUTH_PASSWORD'];
//check login credentials
$email_temp = mysql_entities_fix_string($dbMan->connection, $_POST['AUTH_EMAIL']);
$request = new Request('SELECT *', 'se_Users');
$request->addParameter('email', $email_temp);
$request->transformCommand();
$loginResults = $dbMan->executeQuery($request);
//server error
if ($loginResults == null) {
//request was unsuccessful
} else {
if ($loginResults->num_rows) {
//user exsists
$row = $loginResults->fetch_array(MYSQLI_NUM);
$loginResults->close();
$user->hashedPassword = hash('ripemd128', "g!cT{$user->email}{$user->password}");
//password correct
if ($user->hashedPassword == $row[4]) {
<?php
//authenticate.php
require_once 'login.php';
$db_server = mysqli_connect($db_hostname, $db_username, $db_password);
if (!$db_server) {
die("Unable to connect to MySQL: " . mysql_error());
}
mysqli_select_db($db_server, $db_database) or die("Unable to select database: " . mysql_error());
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$un_temp = mysql_entities_fix_string($db_server, $_SERVER['PHP_AUTH_USER']);
$pw_temp = mysql_entities_fix_string($db_server, $_SERVER['PHP_AUTH_PW']);
$query = "SELECT * FROM users WHERE username='******'";
$result = mysqli_query($db_server, $query);
if (!$result) {
die("Database access failed: " . mysql_error());
} elseif (mysqli_num_rows($result)) {
$row = mysqli_fetch_row($result);
$salt1 = "z0on!";
$salt2 = "&!h*";
$token = md5("{$salt1}{$pw_temp}{$salt2}");
if ($token == $row[3]) {
echo "{$row['0']} {$row['1']} : \n\t\t\tHi {$row['0']}, you are now logged in as '{$row['2']}'";
} else {
die("Invalid username/password combination");
}
} else {
die("Invalid username/password combination");
}
} else {
header('WWW-Authenticate: Basic realm="Restricted Section"');
}
if (isset($_POST['key'])) {
$key = fix_string($_POST['key']);
$key_val = $key;
}
if (isset($_POST['submit'])) {
$fail = validate_username($username);
$fail .= validate_password($password);
$fail .= validate_email($email);
$fail .= validate_key($key);
if ($fail == "" && isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']) && isset($_POST['key'])) {
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
$un_temp = mysql_entities_fix_string($connection, $_POST['username']);
$pw_temp = mysql_entities_fix_string($connection, $_POST['password']);
$em_temp = mysql_entities_fix_string($connection, $_POST['email']);
$key_temp = mysql_entities_fix_string($connection, $_POST['key']);
$query = "SELECT * FROM users WHERE username='******'";
$query2 = "SELECT * FROM users WHERE email='{$em_temp}'";
$query3 = "SELECT used FROM user_keys WHERE user_key='{$key_temp}'";
$result = $connection->query($query);
$result2 = $connection->query($query2);
$result3 = $connection->query($query3);
if (!$result) {
die($connection->error);
} elseif ($result->num_rows) {
$UN_fail = "<div class='error_holder'>Username already taken.</div>";
$red_border["un"] = "style='border-color: red;'";
$result->close();
} elseif (!$result2) {
die($connection->error);
} elseif ($result2->num_rows) {
if (isset($_POST['entry_id'])) {
$ei_temp = mysql_entities_fix_string($connection, $_POST['entry_id']);
$query = "UPDATE movies SET title='{$ti_temp}', author='{$di_temp}', total_pages='{$ye_temp}',\n imdb_rating='{$im_temp}', rating='{$ra_temp}', date='{$da_temp}'\n WHERE user_id='{$user_id}' AND entry_id='{$ei_temp}'";
} else {
$query = "INSERT INTO user_books(title, author, total_pages, user_id)\n VALUES('{$ti_temp}', '{$au_temp}', '{$to_temp}', '{$user_id}')";
}
$result = $connection->query($query);
if (!$result) {
die($connection->error);
}
header('Location: books.php');
}
}
if (isset($_GET['entry_id'])) {
$entry_id = fix_string($_GET['entry_id']);
$entry_id = mysql_entities_fix_string($connection, $entry_id);
$query = "SELECT * FROM movies WHERE entry_id='{$entry_id}' AND user_id='{$user_id}'";
$result = $connection->query($query);
if (!$result) {
die($connection->error);
} elseif ($result->num_rows) {
$row = $result->fetch_array(MYSQLI_ASSOC);
$title = html_entity_decode($row['title']);
$author = html_entity_decode($row['author']);
$total_pages = html_entity_decode($row['total_pages']);
$imdb_rating = html_entity_decode($row['imdb_rating']);
$rating = html_entity_decode($row['rating']);
$date = html_entity_decode($row['date']);
$submit_string = 'Edit entry';
$entry_input = "<input type='hidden' name='entry_id' value='" . $row['entry_id'] . "'>";
} else {
}
if (file_exists($thumb_path)) {
unlink($thumb_path);
$status_msg = 'thumb deleted.';
}
$query = "DELETE FROM user_images WHERE img_id='{$delete_id}' AND user_id='{$user_id}'";
$result = $connection->query($query);
if (!$result) {
die($connection->error);
}
$connection->close();
header('Location: images.php');
}
}
if (isset($_GET['img_id'])) {
$img_id = mysql_entities_fix_string($connection, $_GET['img_id']);
$query = "SELECT * FROM user_images WHERE img_id='{$img_id}' AND user_id='{$user_id}'";
$result = $connection->query($query);
if (!$result) {
die($connection->error);
}
if ($result->num_rows) {
$row = $result->fetch_array(MYSQLI_ASSOC);
$img_path = $row['path'];
$img_title = $row['title'];
$no_image = false;
}
}
if ($no_image) {
$query = "SELECT * FROM user_images WHERE user_id='{$user_id}' ORDER BY img_id LIMIT 1";
$result = $connection->query($query);
<?php
require_once './login.php';
require_once './connect.php';
?>
<html>
<link rel = "stylesheet" type = "text/css" href = "style.css">
<body id = "loggedInBG">
<?php
//Destroys anoy old session data
session_destroy();
//If the user enters a password and username
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
$un_temp = mysql_entities_fix_string($link, $_SERVER['PHP_AUTH_USER']);
$pw_temp = mysql_entities_fix_string($link, $_SERVER['PHP_AUTH_PW']);
//query the database where the playername = whatever was entered
$query = "SELECT * FROM playerSettings WHERE playerUsername='******'";
$result = $link->query($query);
if (!$result) {
die($link->error);
} elseif ($result->num_rows) {
$row = $result->fetch_array(MYSQLI_NUM);
$result->close();
$token = crypt($pw_temp, $row[1]);
//If the encrypted passwords match up, then the passwords were the same. The user is logged in and allowed to continue.
//We store the ID number kept in row[17] of whichever ID number has the same username as the one entered.
if ($token == $row[1]) {
session_start();
$_SESSION['username'] = $un_temp;
$_SESSION['password'] = $pw_temp;
$username = $_SESSION['username'];
$user_id = $_SESSION['user_id'];
// If it's not the logged in users id, this will be set to true.
$other_profile = false;
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
$sort = '';
if (isset($_POST['entry_id'])) {
$ei_temp = mysql_entities_fix_string($connection, $_POST['entry_id']);
$query = "DELETE FROM movies WHERE entry_id='{$ei_temp}' AND user_id='{$user_id}'";
$result = $connection->query($query);
if (!$result) {
die($connection->error);
}
}
if (isset($_GET['user_id'])) {
$user_id = mysql_entities_fix_string($connection, $_GET['user_id']);
$other_profile = true;
}
if (isset($_GET['sort'])) {
$sort_temp = htmlentities($_GET['sort']);
switch ($sort_temp) {
case 'date':
$sort = 'ORDER BY date';
break;
case 'date_desc':
$sort = 'ORDER BY date DESC';
break;
case 'dir':
$sort = 'ORDER BY director';
break;
case 'dir_desc':