/** * Processes loading of this sample code through a web browser. * * @return void */ function runWWWVersion() { session_start(); // Note that all calls to endHTML() below end script execution! // Check to make sure that the user has set a password. $p = LOGIN_PASSWORD; if (empty($p)) { startHTML(false); displayPasswordNotSetNotice(); endHTML(); } // Grab any login credentials that might be waiting in the request if (!empty($_POST['password'])) { if ($_POST['password'] == LOGIN_PASSWORD) { $_SESSION['authenticated'] = 'true'; } else { // Invalid password. Stop and display a login screen. startHTML(false); requestUserLogin("Incorrect password."); endHTML(); } } // If the user isn't authenticated, display a login screen if (!isset($_SESSION['authenticated'])) { startHTML(false); requestUserLogin(); endHTML(); } // Try to login. If login fails, log the user out and display an // error message. try { $client = getClientLoginHttpClient(GAPPS_USERNAME . '@' . GAPPS_DOMAIN, GAPPS_PASSWORD); $gapps = new Zend_Gdata_Gapps($client, GAPPS_DOMAIN); } catch (Zend_Gdata_App_AuthException $e) { session_destroy(); startHTML(false); displayAuthenticationFailedNotice(); endHTML(); } // Success! We're logged in. // First we check for commands that can be submitted either though // POST or GET (they don't make any changes). if (!empty($_REQUEST['command'])) { switch ($_REQUEST['command']) { case 'retrieveUser': startHTML(); retrieveUser($gapps, true, $_REQUEST['user']); endHTML(true); case 'retrieveAllUsers': startHTML(); retrieveAllUsers($gapps, true); endHTML(true); case 'retrieveNickname': startHTML(); retrieveNickname($gapps, true, $_REQUEST['nickname']); endHTML(true); case 'retrieveNicknames': startHTML(); retrieveNicknames($gapps, true, $_REQUEST['user']); endHTML(true); case 'retrieveAllNicknames': startHTML(); retrieveAllNicknames($gapps, true); endHTML(true); case 'retrieveEmailLists': startHTML(); retrieveEmailLists($gapps, true, $_REQUEST['recipient']); endHTML(true); case 'retrieveAllEmailLists': startHTML(); retrieveAllEmailLists($gapps, true); endHTML(true); case 'retrieveAllRecipients': startHTML(); retrieveAllRecipients($gapps, true, $_REQUEST['emailList']); endHTML(true); } } // Now we handle the potentially destructive commands, which have to // be submitted by POST only. if (!empty($_POST['command'])) { switch ($_POST['command']) { case 'createUser': startHTML(); createUser($gapps, true, $_POST['user'], $_POST['givenName'], $_POST['familyName'], $_POST['pass']); endHTML(true); case 'updateUserName': startHTML(); updateUserName($gapps, true, $_POST['user'], $_POST['givenName'], $_POST['familyName']); endHTML(true); case 'updateUserPassword': startHTML(); updateUserPassword($gapps, true, $_POST['user'], $_POST['pass']); endHTML(true); case 'setUserSuspended': if ($_POST['mode'] == 'suspend') { startHTML(); suspendUser($gapps, true, $_POST['user']); endHTML(true); } elseif ($_POST['mode'] == 'restore') { startHTML(); restoreUser($gapps, true, $_POST['user']); endHTML(true); } else { header('HTTP/1.1 400 Bad Request'); startHTML(); echo "<h2>Invalid mode.</h2>\n"; echo "<p>Please check your request and try again.</p>"; endHTML(true); } case 'setUserAdmin': if ($_POST['mode'] == 'issue') { startHTML(); giveUserAdminRights($gapps, true, $_POST['user']); endHTML(true); } elseif ($_POST['mode'] == 'revoke') { startHTML(); revokeUserAdminRights($gapps, true, $_POST['user']); endHTML(true); } else { header('HTTP/1.1 400 Bad Request'); startHTML(); echo "<h2>Invalid mode.</h2>\n"; echo "<p>Please check your request and try again.</p>"; endHTML(true); } case 'setForceChangePassword': if ($_POST['mode'] == 'set') { startHTML(); setUserMustChangePassword($gapps, true, $_POST['user']); endHTML(true); } elseif ($_POST['mode'] == 'clear') { startHTML(); clearUserMustChangePassword($gapps, true, $_POST['user']); endHTML(true); } else { header('HTTP/1.1 400 Bad Request'); startHTML(); echo "<h2>Invalid mode.</h2>\n"; echo "<p>Please check your request and try again.</p>"; endHTML(true); } case 'deleteUser': startHTML(); deleteUser($gapps, true, $_POST['user']); endHTML(true); case 'createNickname': startHTML(); createNickname($gapps, true, $_POST['user'], $_POST['nickname']); endHTML(true); case 'deleteNickname': startHTML(); deleteNickname($gapps, true, $_POST['nickname']); endHTML(true); case 'createEmailList': startHTML(); createEmailList($gapps, true, $_POST['emailList']); endHTML(true); case 'deleteEmailList': startHTML(); deleteEmailList($gapps, true, $_POST['emailList']); endHTML(true); case 'modifySubscription': if ($_POST['mode'] == 'subscribe') { startHTML(); addRecipientToEmailList($gapps, true, $_POST['recipient'], $_POST['emailList']); endHTML(true); } elseif ($_POST['mode'] == 'unsubscribe') { startHTML(); removeRecipientFromEmailList($gapps, true, $_POST['recipient'], $_POST['emailList']); endHTML(true); } else { header('HTTP/1.1 400 Bad Request'); startHTML(); echo "<h2>Invalid mode.</h2>\n"; echo "<p>Please check your request and try again.</p>"; endHTML(true); } } } // Check for an invalid command. If so, display an error and exit. if (!empty($_REQUEST['command'])) { header('HTTP/1.1 400 Bad Request'); startHTML(); echo "<h2>Invalid command.</h2>\n"; echo "<p>Please check your request and try again.</p>"; endHTML(true); } // If a menu parameter is available, display a submenu. if (!empty($_REQUEST['menu'])) { switch ($_REQUEST['menu']) { case 'user': startHTML(); displayUserMenu(); endHTML(); case 'nickname': startHTML(); displayNicknameMenu(); endHTML(); case 'emailList': startHTML(); displayEmailListMenu(); endHTML(); case 'logout': startHTML(false); logout(); endHTML(); default: header('HTTP/1.1 400 Bad Request'); startHTML(); echo "<h2>Invalid menu selection.</h2>\n"; echo "<p>Please check your request and try again.</p>"; endHTML(true); } } // If we get this far, that means there's nothing to do. Display // the main menu. // If no command was issued and no menu was selected, display the // main menu. startHTML(); displayMenu(); endHTML(); }
<?php include_once 'database/connect.php'; include_once 'functions/general.php'; session_start(); if (isset($_GET['ref'])) { $ref = $_GET['ref']; $id = bookRefToId($ref, $dbconn); $results = retrieveTextbook($id, $dbconn); $user = retrieveUser($results['UserId'], $dbconn); $categories = retrieveCategories($dbconn); $conditions = retrieveConditions($dbconn); if (isActiveUser($user['UserId'], $dbconn)) { $currentUser = true; } else { $currentUser = false; } }
<?php include "core/database/connect.php"; include "core/functions/general.php"; include "core/validation.php"; $profile = retrieveProfile(activeUser(), $dbconn); $user = retrieveUser(activeUser(), $dbconn); ?> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>BookHunters</title> <!-- Latest compiled and minified CSS --> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css"> <!-- BookHunters --> <link rel="stylesheet" href="css/bootstrap.css"> </head> <body> <?php include 'components/header.php'; ?> <div class="container" style="padding-top: 5px;"> <h2 class="page-header">Edit Profile</h2>
mysql_query($sqlQuery); } //Retrieves record based upon session id given function retrieveUser($session, $database) { $sqlQuery = 'SELECT * FROM SESSION WHERE session_id=' . $session; return mysql_query($sqlQuery); } //Deletes record of user id and session id from table function removeSessionUserEntry($session, $user, $database) { $sqlQuery = 'DELETE FROM SESSION WHERE session_id=' . $session; mysql_query($sqlQuery); } //Checks method type and calls appropriate function if ($method == "create") { createSessionUserEntry($session, $user, $database); } else { if ($method == "retrieve") { $result = retrieveUser($session, $database); //Fetch and return user id while ($row = mysql_fetch_array($result)) { echo $row['user_id']; } } else { if ($method == "remove") { removeSessionUserEntry($session, $user, $database); } } } mysql_close($database);
<?php include "core/database/connect.php"; include "core/functions/general.php"; session_start(); if (!empty($_GET['verification_code']) && isset($_GET['verification_code'])) { $verificationCode = $_GET['verification_code']; //check the database for the verification code from the link $sql = 'SELECT `UserId`, `Code` FROM `confirmation` WHERE `Code` = :verification'; $stmt = $dbconn->prepare($sql); $stmt->bindParam(':verification', $verificationCode, PDO::PARAM_STR); $stmt->execute(); $row = $stmt->fetch(); $Id = $row['UserId']; $user = retrieveUser($Id, $dbconn); if (empty($row)) { setNotice("The account was not found", "alert alert-danger"); } elseif ($user['Active'] == 1) { setNotice("You have already been validated!", "alert alert-danger"); } else { //if they match. make the user active in db $sql = 'UPDATE `users` SET Active = 1 WHERE UserId=:Id'; $stmt = $dbconn->prepare($sql); $stmt->bindParam(':Id', $Id, PDO::PARAM_STR); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); setNotice("Succesfully Registered!", "alert alert-success"); } } header("location: index.php");