function login($username, $password) { global $pdo; if (isset($_SESSION['userid']) && $username == $_SESSION['userid']) { return TRUE; } if ($pdo == null) { open_database(); } $stmt = $pdo->prepare("SELECT * FROM users WHERE login=?"); if (!$stmt->execute(array($username))) { die('Invalid query : [' . error_database() . ']' . $pdo->errorInfo()); } $row = $stmt->fetch(PDO::FETCH_ASSOC); $stmt->closeCursor(); if (!isset($row['salt'])) { return FALSE; } $digest = encrypt_password($password, $row['salt']); if ($digest == $row['crypted_password']) { $_SESSION['userid'] = $row['id']; $_SESSION['username'] = $row['name']; $_SESSION['useraccess'] = $row['access_level']; $_SESSION['userpageaccess'] = $row['page_access_level']; return TRUE; } else { return FALSE; } }
function execute_query($sql, $id_conn) { //verifica se a conexão é válida, caso não seja, a estabelece novamente... if (!$id_conn) { $id_conn = open_database(); } $query = mysql_query($sql, $id_conn); return $query; }
function execute_query($sql, $id_conn) { if (!$id_conn) { $id_conn = open_database(); } //verifica se a conexão é válida, caso não seja, a estabelece novamente... $sql = str_replace("\"", '`', $sql); $sql = str_replace("'", '"', $sql); $query = mysql_query($sql, $id_conn); return $query; }
function print_header($table = "") { global $sections; open_database(); print "<html>\n"; print "<head>\n"; if ($table == "") { print "<title>PEcAn DB</title>\n"; } else { print "<title>PEcAn DB [{$sections[$table]['section']}/{$table}]</title>\n"; } print "<link href=\"bety.css\" rel=\"stylesheet\" type=\"text/css\"/>\n"; print "</head>\n"; print "<body>\n"; }
function grava_usuario() { $filename = upload_foto(); require '../config/infodbcon.php'; require '../config/database.php'; $id_conn = open_database(); $post = array_map("mysql_real_escape_string", $_POST); execute_query("START TRANSACTION", $id_conn); if ($post['cmb_cadastro'] == '0') { $sql = 'INSERT INTO tb_usuario '; $sql .= '(usuario_nome, usuario_login, usuario_senha, usuario_email, usuario_foto, usuario_info, usuario_ativo)'; $sql .= 'VALUES '; $sql .= '(\'' . addslashes(utf8_decode($_POST['nome'])) . '\', \'' . utf8_decode($post['login']) . '\', '; $sql .= '\'' . md5('123mudar') . '\', \'' . $post['email'] . '\','; $sql .= '\'' . $filename . '\', \'' . addslashes(utf8_decode($_POST['infor'])) . '\', \'' . ($post['ativo'] ? 1 : 0) . '\')'; } else { $sql = 'UPDATE tb_usuario SET '; $sql .= 'usuario_nome = \'' . addslashes(utf8_decode($_POST['nome'])) . '\', usuario_login = \'' . $post['login'] . '\', '; $sql .= 'usuario_email = \'' . $post['email'] . '\', '; $sql .= 'usuario_info=\'' . addslashes(utf8_decode($_POST['infor'])) . '\', '; $sql .= 'usuario_ativo=\'' . (isset($post['ativo']) ? 1 : 0) . '\' '; if ($post['trocoufoto']) { $sql .= ',usuario_foto=\'' . $filename . '\' '; } $sql .= 'WHERE '; $sql .= 'usuario_id=' . $post['cmb_cadastro']; } if (!execute_query($sql, $id_conn)) { $messagem = utf8_decode('Query Inválida: ') . mysql_error() . "\n"; $messagem .= 'Pesquisa Inteira: ' . $sql; echo $messagem; execute_query("ROLLBACK", $id_conn); } else { execute_query('COMMIT', $id_conn); echo '1'; } execute_query("END TRANSACTION", $id_conn); close_database($id_conn); }
<?php /** * Copyright (c) 2012 University of Illinois, NCSA. * All rights reserved. This program and the accompanying materials * are made available under the terms of the * University of Illinois/NCSA Open Source License * which accompanies this distribution, and is available at * http://opensource.ncsa.illinois.edu/license.html */ // Check login require "common.php"; if ($authentication) { open_database(); if (!check_login()) { header("Location: index.php"); close_database(); exit; } if (get_page_acccess_level() > $min_run_level) { header("Location: history.php"); close_database(); exit; } close_database(); } ?> <!DOCTYPE html> <html> <head> <title>EBI Sites</title>
<?php /* @Autor: Clésio Teixeira da Silva @Versão: 2.2 @Última Alteração: 11/09/2015 */ session_start(); // arquivo de funções. require "../funcoes/php/funcao.php"; //Função encontrada dentro do arquivo funcao.php. Tem como incumbência verificar se o usuário está logado. session_checker(); require "../config/infodbcon.php"; require "../config/database.php"; $id_conn = open_database(); libera_acesso('configuracao', $id_conn); require "../html/configuracao.html"; echo '<script>foto_usuario(\'' . $_SESSION['usuario_id'] . '\')</script>'; exit;
function run_sql($sql, $arg = array(), $fatal = true) { global $sql_open; global $sql_dbh; global $sql_server; global $sql_error; if (substr($sql_server, 0, 4) == "http") { $request = array("sql" => $sql, "count" => count($arg)); for ($i = 0; $i < count($arg); $i++) { if (is_int($arg[$i])) { $request["type_{$i}"] = "int"; } else { if (is_numeric($arg[$i])) { $request["type_{$i}"] = "float"; } else { $request["{$type_}{$i}"] = "string"; } } $request["value_{$i}"] = $arg[$i]; } $request = map_to_url_string($request); $body = http_slap($sql_server, $request); $row = array(); $a = explode("\n", trim($body)); for ($i = 0; $i < count($a); $i++) { if ($a[$i] != "") { $row[] = map_from_tag_string($a[$i]); } } } else { if (!$sql_open) { open_database(); } $sth = $sql_dbh->prepare($sql); try { //if (string_has($sql_server, "sqlsrv:")) { // // XXX: bug workaround - can't bind a zero length string when using mssql native client // for ($i = 0; $i < count($arg); $i++) { // if (is_string($arg[$i])) { // if ($arg[$i] == "") { // $arg[$i] = " "; // } // } // } //} $sth->execute($arg); if ($sth->columnCount() == 0) { return; } $row = $sth->fetchAll(); } catch (PDOException $exception) { $msg = $exception->getMessage(); $sql_error = "sql [{$sql}] arg [" . implode(", ", $arg) . "] msg [{$msg}]"; if ($fatal) { default_error($sql_error); } return false; } } return $row; }
function DeleteFileFromDatabase($md5) { if (!open_database()) { return array(); } $results = exec_query("DELETE FROM storage WHERE md5 = '" . escape_string($md5, false) . "'", false); close_database(); return $results; }