function get_rights($for = "") { try { $dbh = new MyDbCon(); $dbh->select("Privilege_Master"); $dbh->select->where(array("privilege_id" => $_SESSION['privilege_id'])); $dbh->prepare(); if ($dbh->execute()) { $obj = $dbh->fetchAll()[0]; $rights = $obj->get_assoc_array(); if (empty($for)) { return $rights; } $for = strtolower($for); if (isset($rights[$for])) { return $rights[$for]; } $for .= "_access"; if (isset($rights[$for])) { return $rights[$for]; } } } catch (\Exception $e) { throw $e; } if (!empty($for)) { return "000"; } return Privilege_Master::zero_rights(); }
exit; } if ('POST' == $_SERVER['REQUEST_METHOD']) { if (!isset($_SESSION['login']) || $_SESSION['login'] !== true) { account_error(HTTP_Status::UNAUTHORIZED); } if (empty($_POST['user_password_old']) || empty($_POST['user_password']) || empty($_POST['user_password1'])) { account_error(HTTP_Status::BAD_REQUEST, "Please fill all the fields!"); } try { $dbh = new MyDbCon(); $dbh->select("User_Master"); $dbh->select->where->equalTo("user_name", $_SESSION['user_name']); $dbh->prepare(); $dbh->execute(); $user = $dbh->fetchAll()[0]; if ($user->match_password($_POST['user_password_old'])) { $newUser = $user->get_assoc_array(); $newUser['user_password'] = $_POST['user_password']; $newUser['user_password1'] = $_POST['user_password1']; $nu = new User_Master(); $suc = $nu->set_assoc_array($newUser); if (Master::isLegit($suc)) { $dbh->update($nu, array("user_name" => $_SESSION['user_name'])); $dbh->prepare(); $dbh->execute(); $final = json_encode(array("done" => true, "final" => "Password Changed Successfully!")); header('Content-Length: ' . strlen($final)); header('Content-Type: application/json'); echo $final; } else {
try { $dbh = new MyDbCon(); $dbh->select($_GET['master']); include "./joins.php"; $filepath = "./custom/{$_GET['master']}.get.php"; if (file_exists($filepath)) { require_once $filepath; } else { require_once "./common.php"; } $dbh->prepare(); if ($dbh->execute()) { if (isset($clm)) { $res = $dbh->fetchAssoc(); $final = json_encode($res); } else { $objs = $dbh->fetchAll(); $final = json_encode($objs); } header('Content-Length: ' . strlen($final)); header('Content-Type: application/json'); echo $final; } else { list_error(HTTP_Status::NOT_FOUND); } } catch (\Exception $e) { $message = $e->getPrevious() ? $e->getPrevious()->getMessage() : $e->getMessage(); $code = $e->getPrevious() ? $e->getPrevious()->getCode() : $e->getCode(); $err = "Error Code: " . $code . " <br/>Detailed Info: " . $message; list_error(HTTP_Status::INTERNAL_SERVER_ERROR, $err); }
<?php if ('POST' == $_SERVER['REQUEST_METHOD']) { // Validation $user = trim($_POST['user_name']); $pass = trim($_POST['user_password']); if (!isset($user) || !isset($pass) || empty($user) || empty($pass)) { $err = "Wrong Username/Password!!"; } else { try { $con = new MyDbCon(); $con->select("User_Master"); $con->select->where(array("user_name" => $user)); $con->prepare(); if ($con->execute()) { $obj = $con->fetchAll()[0]; if ($obj->match_password($pass)) { $status = $obj->get_by_key('user_status'); if ($status != 0) { $_SESSION['login'] = true; $_SESSION['privilege_id'] = $obj->get_by_key('privilege_id'); $_SESSION['user_name'] = $user; $_SESSION['faculty_id'] = $obj->get_by_key('faculty_id'); header('Location: ./dashboard/'); exit; } else { $err = "Your Account is Locked!!"; } } else { $err = "Wrong Username/Password!!"; }