Exemplo n.º 1
0
<?php

// login.php
// ----------- ist der Benutzer bereits angemeldet? -----------
if (IsLoggedIn() == true) {
    // ja, bereits angemeldet
} else {
    // Das Login Formular muss erst angezeit werden ...
    echo '<form method=post action="userhome.php">  
            <table>
              <tr>
                <td><label>Benutzername:</label></td>
                <td><input name="username" type="text"></td>
              </tr>
              <tr>
                <td><label>Passwort: </label></td>
                <td><input name="userpass" type="password" id="userpass"></td>
              </tr>
            </table>
            <input name="login" type="submit" id="login" value="Einloggen">
          </form>';
}
?>
Exemplo n.º 2
0
$RootMenu->AddMenuItem(3, "Ingredients", "Ingredientslist.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(9, "Orders", "Orderslist.php?cmd=resetall", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(13, "Order Details", "OrderDetailslist.php?cmd=resetall", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(10, "Promo Codes", "PromoCodeslist.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(11, "Zip Code", "ZipCodelist.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(19, "Notifications", "Notificationslist.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(21, "Contact", "Contactlist.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(20, "Web Pages", "WebPageslist.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(38, "Dates", "HolidayDatelist.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(32, "Reports", "", -1, "");
$RootMenu->AddMenuItem(31, "Meal Assembly Report", "../system/meal_assembly_report", 32, "");
$RootMenu->AddMenuItem(30, "Packing Slips", "../system/packing_slips", 32, "");
$RootMenu->AddMenuItem(27, "Kitchen Report", "Kitchen_Reportreport.php", 32, "", IsLoggedIn());
$RootMenu->AddMenuItem(29, "Delivery Report", "Delivery_Reportreport.php", 32, "", IsLoggedIn());
$RootMenu->AddMenuItem(24, "Ingredients Report", "Ingredients_Reportreport.php", 32, "", IsLoggedIn());
$RootMenu->AddMenuItem(54, "New Reports", "", -1, "");
$RootMenu->AddMenuItem(52, "Kitchen Report Tues", "Kitchen_Report_1report.php", 54, "", IsLoggedIn());
$RootMenu->AddMenuItem(53, "Delivery Report Tues", "Delivery_Report_1report.php", 54, "", IsLoggedIn());
$RootMenu->AddMenuItem(55, "Kitchen Report Fri", "Kitchen_Report_22D2report.php", 54, "", IsLoggedIn());
$RootMenu->AddMenuItem(49, "Delivery Report Fri", "Delivery_Report_2report.php", 54, "", IsLoggedIn());
$RootMenu->AddMenuItem(56, "Meal Assembly Tues", "../system/meal_assembly_report_tues", 54, "");
$RootMenu->AddMenuItem(57, "Meal Assembly Fri", "../system/meal_assembly_report_thurs", 54, "");
$RootMenu->AddMenuItem(58, "Packing Slips Tues", "../system/packing_slips_tues", 54, "");
$RootMenu->AddMenuItem(59, "Packing Slips Fri", "../system/packing_slips_thurs", 54, "");
$RootMenu->AddMenuItem(4294967295.0, "Logout", "logout.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(4294967295.0, "Login", "login.php", -1, "", !IsLoggedIn() && substr(@$_SERVER["URL"], -1 * strlen("login.php")) != "login.php");
$RootMenu->Render();
?>
</div>
<!-- End Main Menu -->
Exemplo n.º 3
0
<!-- Begin Main Menu -->
<?php 
$RootMenu = new cMenu(EW_MENUBAR_ID);
// Generate all menu items
$RootMenu->IsRoot = TRUE;
$RootMenu->AddMenuItem(5, "mi_view1", $Language->MenuPhrase("5", "MenuText"), "CustomView1rpt.php", -1, "", IsLoggedIn(), FALSE);
$RootMenu->AddMenuItem(2, "mi_messages", $Language->MenuPhrase("2", "MenuText"), "messageslist.php", -1, "", IsLoggedIn(), FALSE);
$RootMenu->AddMenuItem(4, "mi_status", $Language->MenuPhrase("4", "MenuText"), "statuslist.php", -1, "", IsLoggedIn(), FALSE);
$RootMenu->AddMenuItem(-1, "mi_logout", $Language->Phrase("Logout"), "logout.php", -1, "", IsLoggedIn());
$RootMenu->AddMenuItem(-1, "mi_login", $Language->Phrase("Login"), "login.php", -1, "", !IsLoggedIn() && substr(@$_SERVER["URL"], -1 * strlen("login.php")) != "login.php");
$RootMenu->Render();
?>
<!-- End Main Menu -->
Exemplo n.º 4
0
function SubmitEntry($gameName, $gameURL, $screenshotURL)
{
    $gameName = trim($gameName);
    $gameURL = trim($gameURL);
    $screenshotURL = trim($screenshotURL);
    //Authorize user
    if (IsLoggedIn() === false) {
        die("Not logged in.");
    }
    //Validate game name
    if (strlen($gameName) < 1) {
        die("Game name not provided");
    }
    //Validate Game URL
    if (SanitizeURL($gameURL) === false) {
        die("Invalid game URL");
    }
    //Validate Screenshot URL
    if ($screenshotURL == "") {
        $screenshotURL = "logo.png";
    } else {
        if (SanitizeURL($screenshotURL) === false) {
            die("Invalid screenshot URL. Leave blank for default.");
        }
    }
    $filesToParse = GetSortedJamFileList();
    if (count($filesToParse) < 1) {
        die("No jam to submit your entry to");
    }
    //First on the list is the current jam.
    $currentJamFile = $filesToParse[count($filesToParse) - 1];
    $currentJam = json_decode(file_get_contents($currentJamFile), true);
    if (isset($currentJam["entries"])) {
        $entryUpdated = false;
        foreach ($currentJam["entries"] as $i => $entry) {
            if ($entry["author"] == IsLoggedIn()) {
                //Updating existing entry
                $currentJam["entries"][$i] = array("title" => "{$gameName}", "author" => "" . IsLoggedIn(), "url" => "{$gameURL}", "screenshot_url" => "{$screenshotURL}");
                file_put_contents($currentJamFile, json_encode($currentJam));
                $entryUpdated = true;
            }
        }
        if (!$entryUpdated) {
            //Submitting new entry
            $currentJam["entries"][] = array("title" => "{$gameName}", "author" => "" . IsLoggedIn(), "url" => "{$gameURL}", "screenshot_url" => "{$screenshotURL}");
            file_put_contents($currentJamFile, json_encode($currentJam));
        }
    }
}
Exemplo n.º 5
0
function EditUserPassword($username, $newPassword1, $newPassword2)
{
    global $users, $dbConn;
    //Authorize user (is admin)
    if (IsAdmin() === false) {
        die("Only admins can edit entries.");
    }
    $newPassword1 = trim($newPassword1);
    $newPassword2 = trim($newPassword2);
    if ($newPassword1 != $newPassword2) {
        die("passwords don't match");
    }
    $password = $newPassword1;
    //Check password length
    if (strlen($password) < 8) {
        die("password must be longer than 8 characters");
    }
    //Check that the user exists
    if (!isset($users[$username])) {
        die("User does not exist");
        return;
    }
    //Generate new salt, number of iterations and hashed password.
    $newUserSalt = GenerateSalt();
    $newUserPasswordIterations = intval(rand(10000, 20000));
    $newPasswordHash = HashPassword($password, $newUserSalt, $newUserPasswordIterations);
    $users[$loggedInUser["username"]]["salt"] = $newUserSalt;
    $users[$loggedInUser["username"]]["password_hash"] = $newPasswordHash;
    $users[$loggedInUser["username"]]["password_iterations"] = $newUserPasswordIterations;
    $newUserSaltClean = mysqli_real_escape_string($dbConn, $newUserSalt);
    $newPasswordHashClean = mysqli_real_escape_string($dbConn, $newPasswordHash);
    $newUserPasswordIterationsClean = mysqli_real_escape_string($dbConn, $newUserPasswordIterations);
    $usernameClean = mysqli_real_escape_string($dbConn, $username);
    $sql = "\t\n\t\tUPDATE user\n\t\tSET\n\t\tuser_password_salt = '{$newUserSaltClean}',\n\t\tuser_password_iterations = '{$newUserPasswordIterationsClean}',\n\t\tuser_password_hash = '{$newPasswordHashClean}'\n\t\tWHERE user_username = '******';\n\t";
    $data = mysqli_query($dbConn, $sql);
    $sql = "";
    LoadUsers();
    $loggedInUser = IsLoggedIn(TRUE);
}
Exemplo n.º 6
0
; // Session timeout time (seconds)
var EW_SESSION_TIMEOUT_COUNTDOWN = <?php 
echo EW_SESSION_TIMEOUT_COUNTDOWN;
?>
; // Count down time to session timeout (seconds)
var EW_SESSION_KEEP_ALIVE_INTERVAL = <?php 
echo EW_SESSION_KEEP_ALIVE_INTERVAL;
?>
; // Keep alive interval (seconds)
var EW_RELATIVE_PATH = "<?php 
echo $EW_RELATIVE_PATH;
?>
"; // Relative path
var EW_SESSION_URL = EW_RELATIVE_PATH + "ewsession12.php"; // Session URL
var EW_IS_LOGGEDIN = <?php 
echo IsLoggedIn() ? "true" : "false";
?>
; // Is logged in
var EW_IS_AUTOLOGIN = <?php 
echo IsAutoLogin() ? "true" : "false";
?>
; // Is logged in with option "Auto login until I logout explicitly"
var EW_LOGOUT_URL = EW_RELATIVE_PATH + "logout.php"; // Logout URL
var EW_LOOKUP_FILE_NAME = "ewlookup12.php"; // Lookup file name
var EW_AUTO_SUGGEST_MAX_ENTRIES = <?php 
echo EW_AUTO_SUGGEST_MAX_ENTRIES;
?>
; // Auto-Suggest max entries
var EW_DISABLE_BUTTON_ON_SUBMIT = true;
var EW_IMAGE_FOLDER = "phpimages/"; // Image folder
var EW_UPLOAD_URL = "<?php
Exemplo n.º 7
0
function DisplayHeaderMainPage($TitleTopContent = "", $MessageBeforeColumnLow = "", $ActionList = "")
{
    global $DisplayHeaderMainPageIsSet;
    echo "    <div id=\"main\">\n";
    echo "      <div id=\"teaser_bg\">\n";
    echo "      <div id=\"teaser\" class=\"clearfix teaser_main\">\n";
    if (IsLoggedIn()) {
        echo "        <h2>", ww("HelloUsername", LinkWithUsername($_SESSION["Username"])), "</h2>\n";
    } else {
        echo "        <h2>", ww("YourAreNotLogged"), "</h2>\n";
    }
    echo "        <div id=\"teaser_l\">\n";
    echo "\t\t\t\t<img src=\"" . MyPict() . "\" id=\"MainUserpic\" alt=\"ProfilePicture\"/>\n";
    echo "        </div>\n";
    echo "        <div id=\"teaser_r\">\n";
    echo "\t\t\t<div class=\"subcolumns\">\n";
    echo "\t\t\t\t<div class=\"c38l\">\n";
    echo "    \t\t\t\t<div class=\"subcl\">\n";
    echo "          \t<p><img src=\"images/icons1616/icon_contactmember.png\" alt=\"Messages\"/>", ww("MainPageNewMessages"), "</p>\n";
    echo "          \t<p><img src=\"images/icons1616/icon_addcomments.png\" alt=\"Comments\"/>", ww("MainPageNewComments"), "</p>\n";
    echo "          \t<p><img src=\"images/icons1616/icon_myvisitors.png\" alt=\"Visitors\"/>", ww("MainPageNewVisitors"), "</p>\n";
    echo "        \t\t\t</div>\n";
    echo "      \t\t</div>\n";
    echo "\t\t\t\t<div class=\"c62r\">\n";
    echo "\t\t\t\t\t<div class=\"subcr\">\n";
    echo "\t\t\t\t\t\t<div id=\"mapsearch\">\n";
    echo "\t\t\t\t\t\t<form>\n";
    echo "\t\t\t\t\t          <fieldset> \n";
    // echo "                    <label for=\"searchtext\">Search the map</label><br />\n";
    echo "\t\t\t\t\t          <input type=\"text\" id=\"searchtext\" name=\"searchtext\" size=\"20\" maxlength=\"30\" id=\"text-field\" value=\"Search the map!\" onfocus=\"this.value='';\"/>\n";
    echo "\t\t\t\t\t          <input type=\"hidden\" name=\"action\" value=\"mapsearch\" />\n";
    echo "\t\t\t\t\t          <input type=\"image\" src=\"" . bwlink("images/icon_go.png") . "\" id=\"submit-button\" /><br />\n";
    echo "\t\t\t\t\t        </fieldset>\n";
    echo "\t\t\t\t\t\t</form>\n";
    echo "\t\t\t\t\t\t</div>\n";
    echo "\t\t\t\t\t</div>\n";
    echo "\t\t\t\t</div>\n";
    echo "\t\t\t</div>\n";
    echo "        </div>\n";
    echo "      </div>\n";
    // no tabs >>
    echo "\t        <div id=\"middle_nav\" class=\"clearfix\">\n";
    echo "\t\t        <div id=\"nav_sub\" class=\"notabs\">\n";
    echo "\t\t\t        <ul>\n";
    echo "\t\t\t        </ul>\n";
    echo "\t\t        </div>\n";
    echo "\t        </div>\n";
    echo "      </div>\n";
    //end teaser_bg
    ShowLeftColumn($ActionList, VolMenu());
    // Show the Actions
    // middle column
    echo "\n";
    echo "      <div id=\"col3\"> \n";
    echo "        <div id=\"col3_content\" class=\"clearfix\"> \n";
    $DisplayHeaderMainPageIsSet = true;
    // set this for footer function which will be in charge of calling the closing /div
}
Exemplo n.º 8
0
function IsAdmin()
{
    global $adminList;
    $username = IsLoggedIn();
    if ($username === false) {
        return false;
    }
    if (array_search($username, $adminList) !== false) {
        return true;
    } else {
        return false;
    }
}
Exemplo n.º 9
0
function SwitchToNewLang($para_newlang = "")
{
    //echo $_SERVER["HTTP_ACCEPT_LANGUAGE"],"\$para_newlang=",$para_newlang;
    $newlang = $para_newlang;
    if (empty($newlang)) {
        if (!empty($_COOKIE['LastLang'])) {
            // If there is already a cookie ide set, we are going try it as language
            $newlang = $_COOKIE['LastLang'];
        } else {
            $newlang = CV_def_lang;
            // use the default one
            if (isset($_SERVER["HTTP_ACCEPT_LANGUAGE"])) {
                // To avoid a notice error
                // Try to look in the default browser settings
                $TLang = explode(",", $_SERVER["HTTP_ACCEPT_LANGUAGE"]);
                for ($ii = 0; $ii < count($TLang); $ii++) {
                    $rr = LoadRow("SELECT languages.id AS id FROM languages,words WHERE languages.ShortCode='" . $TLang[$ii] . "' and languages.id=words.Idlanguage and words.code='WelcomeToSignup'");
                    if (isset($rr->id)) {
                        // if valid language found
                        $newlang = $TLang[$ii];
                        break;
                    }
                }
            }
            // end Try to look in the default browser settings
        }
    }
    if (!isset($_SESSION['lang']) || $_SESSION['lang'] != $newlang || !isset($_SESSION['IdLanguage'])) {
        // Update lang if url lang has changed
        $RowLanguage = LoadRow("SELECT SQL_CACHE id,ShortCode FROM languages WHERE ShortCode='" . $newlang . "'");
        if (isset($RowLanguage->id)) {
            if (isset($_SESSION['IdMember'])) {
                LogStr("change to language from [" . $_SESSION['lang'] . "] to [" . $newlang . "]", "SwitchLanguage");
            }
            $_SESSION['lang'] = $RowLanguage->ShortCode;
            $_SESSION['IdLanguage'] = $RowLanguage->id;
        } else {
            LogStr("problem : " . $newlang . " not found after SwitchLanguage", "Bug");
            $_SESSION['lang'] = CV_def_lang;
            $_SESSION['IdLanguage'] = 0;
        }
        setcookie('LastLang', $_SESSION['lang'], time() + 3600 * 24 * 300);
        // store it as a cookie for 300 days
    }
    if (IsLoggedIn()) {
        // if member is logged in set language preference
        $rPrefLanguage = LoadRow("SELECT * FROM memberspreferences WHERE IdMember=" . $_SESSION['IdMember'] . " and IdPreference=1");
        if (isset($rPrefLanguage->id)) {
            $str = "UPDATE memberspreferences SET Value='" . $_SESSION['IdLanguage'] . "' WHERE id=" . $rPrefLanguage->id;
        } else {
            $str = "INSERT INTO memberspreferences(IdPreference,IdMember,Value,created) VALUES(1," . $_SESSION['IdMember'] . ",'" . $_SESSION['IdLanguage'] . "',now() )";
        }
        sql_query($str);
    }
    // end if Is Logged in
    if (!isset($_SESSION['IdLanguage'])) {
        bw_error("SwitchToNewLang internal failure. IdLanguage still not set.");
    }
}
Exemplo n.º 10
0
<html>

<head>
<link rel="stylesheet" Type="text/css" href="styles.css">
</head>

<?php 
require "header.inc.php";
$user = IsLoggedIn();
$comand = "DELETE FROM active_users WHERE user = {$user}";
$query = mysql_query($comand);
Header("Location: ./index.php");
?>



</html>
Exemplo n.º 11
0
function DisplayFaq($TFaq)
{
    global $title;
    $IdFaq = GetParam("IdFaq", 0);
    $argv = $_SERVER["argv"];
    if (isset($argv[1])) {
        $IdFaq = $argv[1];
    }
    if ($IdFaq == 0) {
        $title = ww('FaqPage');
    } elseif ($TFaq[0]->PageTitle != "") {
        $title = ww($TFaq[0]->PageTitle);
    } else {
        $title = ww("FaqQ_" . $TFaq[0]->QandA);
    }
    include "header.php";
    Menu1("faq.php", ww('FaqPage'));
    // Displays the top menu
    Menu2("faq.php", ww('GetAnswers'));
    echo "\n";
    echo "    <div id=\"main\">\n";
    echo "      <div id=\"teaser_bg\">\n";
    echo "      <div id=\"teaser\">\n";
    echo "        <h1>", $title, " </h1>\n";
    echo "      </div>\n";
    //menugetanswers("faq.php", $title); // Display the generic header
    echo "      </div>\n";
    // Content with just two columns
    echo "\n";
    echo "      <div id=\"col3\" class=\"twocolumns\">\n";
    echo "        <div id=\"col3_content\" class=\"clearfix\">\n";
    $iiMax = count($TFaq);
    $LastCat = "";
    // Display the list of the questions
    echo "<div class=\"info\">\n";
    for ($ii = 0; $ii < $iiMax; $ii++) {
        if ($LastCat != $TFaq[$ii]->CategoryName) {
            $LastCat = $TFaq[$ii]->CategoryName;
            if (HasRight("Faq") > 0) {
                echo "[<a href=\"faq.php?action=insert&IdCategory=", $TFaq[$ii]->IdCategory, "\">insert new faq in this category</a>]\n";
            }
            if ($IdFaq == 0) {
                if ($ii > 0) {
                    echo "</ul><br/>\n";
                }
                echo " <h3>", ww($TFaq[$ii]->CategoryName), "</h3>\n<ul>\n";
            }
        }
        $Q = ww("FaqQ_" . $TFaq[$ii]->QandA);
        if ($IdFaq == 0) {
            echo "<li>";
        }
        if ($TFaq[$ii]->QandA == "") {
            $Q = " new ";
        }
        if (HasRight("Faq") > 0) {
            if ($TFaq[$ii]->QandA == "") {
                echo " [<a href=\"faq.php?action=edit&IdFaq=", $TFaq[$ii]->id, "\">edit this new faq</a>]\n";
            } else {
                echo " [<a href=\"faq.php?action=edit&IdFaq=", $TFaq[$ii]->id, "\">edit</a>]\n";
            }
        }
        //		echo " <a href=\"" . $_SERVER["PHP_SELF"] . "?IdFaq=", $TFaq[$ii]->id, "\">", $Q, "</a>";
        if ($IdFaq == 0) {
            if (IsLoggedIn()) {
                echo " <a href=\"faq.php?IdFaq=" . $TFaq[$ii]->id . "\">", $Q, "</a></li>\n";
            } else {
                // If not login provide links to specific files
                $ss = "select code from words where code=\"FaqA_" . $TFaq[$ii]->QandA . "\" and IdLanguage=" . $_SESSION["IdLanguage"];
                //					echo $ss ;
                $rFak = LoadRow($ss);
                if (empty($rFak->code)) {
                    echo " <a href=\"faq_" . $TFaq[$ii]->QandA . "_en.php\">", $Q, "</a></li>\n";
                    // Force english if the text is not yet translated to avoid several page with the same english default text
                } else {
                    echo " <a href=\"faq_" . $TFaq[$ii]->QandA . "_" . $_SESSION["lang"] . ".php\">", $Q, "</a></li>\n";
                }
            }
        }
    }
    // end of for $ii
    if ($IdFaq == 0) {
        echo "</ul><br/>\n";
    }
    // Display the list of the answers
    for ($ii = 0; $ii < $iiMax and (IsLoggedIn() or $IdFaq != 0); $ii++) {
        //    echo "					<div class=\"clear\" />\n";
        if ($IdFaq == 0) {
            echo " <h3>", ww($TFaq[$ii]->CategoryName), "</h3>";
        }
        $Q = ww("FaqQ_" . $TFaq[$ii]->QandA);
        $A = ww("FaqA_" . $TFaq[$ii]->QandA);
        if ($IdFaq == 0) {
            echo "<h4><a name=\"", $TFaq[$ii]->id, "\"></a> ", $Q, "</h4>\n";
        }
        echo "<p>", str_replace("\n", "", $A), "</p>\n";
    }
    if (IsAdmin()) {
        echo "<br/><p><a href=\"faq.php?action=rebuildextraphpfiles\">rebuild extra php files</a></p>";
    }
    include "footer.php";
    exit(0);
}
Exemplo n.º 12
0
function EvaluateMyEvents()
{
    global $_SYSHCVOL;
    if (isset($_SESSION['IdMember'])) {
        $memberId = $_SESSION['IdMember'];
    } else {
        $memberId = false;
    }
    // REMOTE_ADDR is not set when run via CLI
    if (isset($_SERVER['REMOTE_ADDR'])) {
        $ipAsInt = intval(ip2long($_SERVER['REMOTE_ADDR']));
    } else {
        $ipAsInt = intval(ip2long('127.0.0.1'));
    }
    MOD_online::get()->iAmOnline($ipAsInt, $memberId);
    if (!IsLoggedIn()) {
        return;
        // if member not identified, no more evaluation needed
    }
    if ($_SYSHCVOL['EvaluateEventMessageReceived'] == "Yes") {
        $IdMember = $_SESSION['IdMember'];
        $str = "select count(*) as cnt from messages where IdReceiver=" . $IdMember . " and WhenFirstRead='0000-00-00 00:00:00' and (not FIND_IN_SET('receiverdeleted',DeleteRequest))  and Status='Sent'";
        //		echo "str=$str<br> /";
        $rr = LoadRow($str);
        $_SESSION['NbNotRead'] = $rr->cnt;
    } else {
        $_SESSION['NbNotRead'] = 0;
    }
}
Exemplo n.º 13
0
function RightScope($RightName, $Scope = "")
{
    global $_SYSHCVOL;
    if (!IsLoggedIn()) {
        return 0;
    }
    // No need to search for right if no member logged
    $IdMember = $_SESSION['IdMember'];
    if (!isset($_SESSION['Right_' . $RightName]) or $_SESSION['Param']->ReloadRightsAndFlags == 'Yes') {
        $str = "SELECT SQL_CACHE Scope,Level FROM rightsvolunteers,rights WHERE IdMember={$IdMember} AND rights.id=rightsvolunteers.IdRight AND rights.Name='{$RightName}'";
        $qry = mysql_query($str) or die("function RightScope");
        $right = mysql_fetch_object(mysql_query($str));
        // LoadRow not possible because of recusivity
        if (!isset($right->Level)) {
            return "";
            // Return false if the Right does'nt exist for this member in the DB
        }
        $_SESSION['RightLevel_' . $RightName] = $right->Level;
        $_SESSION['RightScope_' . $RightName] = $right->Scope;
    }
    return $_SESSION['RightScope_' . $RightName];
}
Exemplo n.º 14
0
function SavePref($PrefName, $PrefValue)
{
    if (!IsLoggedIn()) {
        DieWithMsg("userlib.php->SavePref", "Call to SavePref while not logged in.");
    }
    if (!isset($_SESSION["Prefs"])) {
        DieWithMsg("userlib.php->SavePref", '$_SESSION["Prefs"] Not set!');
    }
    $_SESSION["Prefs"][$PrefName] = $PrefValue;
    SavePrefsForUser(GetUserID(), $_SESSION["Prefs"]);
}
Exemplo n.º 15
0
function AddTheme($newTheme, $isBot)
{
    global $themes, $dbConn, $ip, $userAgent;
    if ($isBot) {
        $user = "******";
    } else {
        //Authorize user (logged in)
        $user = IsLoggedIn();
        if ($user === false) {
            die("Not logged in.");
        }
    }
    $newTheme = trim($newTheme);
    if ($newTheme == "") {
        die("Theme is blank");
    }
    foreach ($themes as $i => $theme) {
        if (strtolower($theme["theme"]) == strtolower($newTheme)) {
            //Theme is already suggested
            die("This theme has already been suggested.");
            return;
        }
    }
    $clean_ip = mysqli_real_escape_string($dbConn, $ip);
    $clean_userAgent = mysqli_real_escape_string($dbConn, $userAgent);
    $clean_newTheme = mysqli_real_escape_string($dbConn, $newTheme);
    $clean_userName = mysqli_real_escape_string($dbConn, $user["username"]);
    //Insert new theme
    $sql = "\n\t\tINSERT INTO theme\n\t\t(theme_datetime, theme_ip, theme_user_agent, theme_text, theme_author)\n\t\tVALUES (Now(), '{$clean_ip}', '{$clean_userAgent}', '{$clean_newTheme}', '{$clean_userName}');";
    $data = mysqli_query($dbConn, $sql);
    $sql = "";
    LoadThemes();
}
Exemplo n.º 16
0
		<title>One hour game jam</title>
		<meta name="viewport" content="width=device-width, initial-scale=1">

		<link href="bs/css/bootstrap.min.css" rel="stylesheet">
		<link href="css/site.css" rel="stylesheet">
		<script src='js/1hgj.js' type='text/javascript'></script>
	</head>
	<body>
		<div class="container">
			<?php 
print $mustache->render(file_get_contents("template/header.html"), $dictionary);
?>
			<div class="row">
				<div class="col-md-2">
					<?php 
if (IsLoggedIn() === false) {
    print $mustache->render(file_get_contents("template/menu_guest.html"), $dictionary);
} else {
    if (IsAdmin()) {
        print $mustache->render(file_get_contents("template/menu_admin.html"), $dictionary);
    } else {
        print $mustache->render(file_get_contents("template/menu_user.html"), $dictionary);
    }
}
print $mustache->render(file_get_contents("template/menu_shared.html"), $dictionary);
?>
				</div>
						
				<?php 
switch ($page) {
    case "main":
Exemplo n.º 17
0
/**
 * Creates an Auth Ticket for a given IP Address, Time To Live, Resource Id, and Username
 *
 * @param string $ipaddress ip address for the ticket
 * @param string $minutes_to_live lifespan of the ticket
 * @param string $reource_id id of the resource to authorize
 * @param string $user_name username to create the ticket for
 * @param array $render_params value to use for rendering html
 */
function CreateAuthTicket($ip_address, $minutes_to_live, $resource_id, $username, &$render_params)
{
    if (!IsLoggedIn($render_params)) {
        $render_params['error_message'] = SetError("Must be logged in to a valid EDAS service to cretate an authorization ticket");
        return;
    }
    try {
        $client = new ExternalAccessClient($_SESSION['svc_url'], $_SESSION['userticket'], $_SESSION['impersonation_username']);
        //ensure we have a valid, unexpired ticket before calling Create
        $identTicket = $client->QueryIdentityTicketProperties($_SESSION['userticket'], 120, false);
        if ($identTicket->Properties->ExpirationTime >= date('c')) {
            $ticket = $client->CreateAuthTicket($ip_address, $minutes_to_live, $resource_id, $username, $_SESSION['userticket']);
            $render_params['auth_ticket_results'] = PrePrint($ticket);
            $render_params['auth_ticket_properties'] = PrePrint($client->QueryAuthTicketProperties($ticket->AuthTicketId, $minutes_to_live, false, $_SESSION['userticket']));
            $render_params["ipaddress"] = $ip_address;
            $render_params["minutes_to_live"] = $minutes_to_live;
            $render_params["resource_id"] = $resource_id;
            $render_params["user_name"] = $username;
        } else {
            $render_params['error_message'] = SetError('User ticket expired');
            return;
        }
    } catch (Exception $ex) {
        throw $ex;
    }
    return;
}
Exemplo n.º 18
0
function AllowListMenu($TableName)
{
    if (IsLoggedIn()) {
        // Get user level ID list as array
        $userlevels = CurrentUserLevels();
        // Get user level ID list as array
    } else {
        // Get anonymous user id
        $userlevels = array(-2);
    }
    if (in_array("-1", $userlevels)) {
        return TRUE;
    } else {
        $priv = 0;
        if (is_array(@$_SESSION[EW_SESSION_AR_USER_LEVEL_PRIV])) {
            foreach ($_SESSION[EW_SESSION_AR_USER_LEVEL_PRIV] as $row) {
                if (strval($row[0]) == strval($TableName) && in_array($row[1], $userlevels)) {
                    $thispriv = $row[2];
                    if (is_null($thispriv)) {
                        $thispriv = 0;
                    }
                    $thispriv = intval($thispriv);
                    $priv = $priv | $thispriv;
                }
            }
        }
        return $priv & EW_ALLOW_LIST;
    }
}
Exemplo n.º 19
0
<?php

require_once 'configuration.php';
require_once 'view_helper.php';
require_once 'authenticate.php';
if (!isset($_GET['name'])) {
    exit;
} else {
    $view_name = $_GET['name'];
}
//var_dump($_POST);
//var_dump($_COOKIE);
$view_data = array();
if (count($_POST) > 0) {
    require_once VIEW_BASE_PATH . "{$view_name}_view_save.php";
}
if (($user_info = IsLoggedIn()) === false) {
    $view_data['is_logged_in'] = false;
} else {
    $view_data['is_logged_in'] = true;
    $view_data['user_id'] = $user_info['user_id'];
    $view_data['user_info'] = $user_info;
}
if (($html = LoadFile(VIEW_BASE_PATH . "{$view_name}_view.html", $view_data)) !== false) {
    echo $html;
}
Exemplo n.º 20
0
function ew_Info()
{
    global $Security;
    ew_WritePaths();
    echo "CurrentUserName() = " . CurrentUserName() . "<br>";
    echo "CurrentUserID() = " . CurrentUserID() . "<br>";
    echo "CurrentParentUserID() = " . CurrentParentUserID() . "<br>";
    echo "IsLoggedIn() = " . (IsLoggedIn() ? "TRUE" : "FALSE") . "<br>";
    echo "IsAdmin() = " . (IsAdmin() ? "TRUE" : "FALSE") . "<br>";
    echo "IsSysAdmin() = " . (IsSysAdmin() ? "TRUE" : "FALSE") . "<br>";
    if (isset($Security)) {
        $Security->ShowUserLevelInfo();
    }
}
Exemplo n.º 21
0
<?php

require_once "include.inc.php";
if (!IsLoggedIn()) {
    Header("Location: .");
    exit(0);
}
$result = $database->query("SELECT * FROM questions WHERE id=" . addslashes($_GET["dict"]));
$row = $result->fetch_array();
$result = $database->query("SELECT * FROM rank WHERE account='" . $_SESSION["account"] . "' AND dict=" . addslashes($_GET["dict"]));
if ($result->num_rows) {
    $database->query("UPDATE rank SET score = score + 1 WHERE account='" . $_SESSION["account"] . "' AND dict=" . addslashes($_GET["dict"]));
} else {
    $database->query("INSERT INTO rank (`account`, `dict`, `score`) VALUES ('" . $_SESSION["account"] . "', " . addslashes($_GET["dict"]) . ", 1)");
}
Exemplo n.º 22
0
<?php

chdir("../../");
include_once "php/site.php";
$usr = IsLoggedIn();
if ($usr == false) {
    print json_encode(array("ERROR" => "Not logged in"));
    die;
}
$clean_ip = mysqli_real_escape_string($dbConn, $ip);
$clean_userAgent = mysqli_real_escape_string($dbConn, $userAgent);
$clean_username = mysqli_real_escape_string($dbConn, $usr["username"]);
if (!isset($_GET["themeID"])) {
    print json_encode(array("ERROR" => "Theme ID not set"));
    die;
}
if (!isset($_GET["vote"])) {
    print json_encode(array("ERROR" => "Vote type not set"));
    die;
}
$voteThemeID = intval(trim($_GET["themeID"]));
$vote = intval($_GET["vote"]);
//Check if the theme exists
$sql = "SELECT theme_id FROM theme WHERE theme_deleted != 1 AND theme_id = {$voteThemeID}";
$data = mysqli_query($dbConn, $sql);
$sql = "";
if (mysqli_num_rows($data) == 0) {
    print json_encode(array("ERROR" => "Theme does not exist."));
    die;
}
//Check if there is already a vote by this user for this theme
Exemplo n.º 23
0
function LoadNavBar()
{
    if (IsLoggedIn()) {
        print "Welcome back " . $_SESSION['user'] . ". Add an update to the <a href=\"updatetimeline.php\">timeline</a>, edit your <a href=\"profile.php\">profile</a>,  or <a href=\"logout.php\">logout</a>";
    } else {
        print 'If you\'re a contributor, feel free to <a href="login.php">login</a>. If you want to play, <a href="mailto:planetrefi@daemonsong.com">drop us a line.</a>';
    }
    print $sidebar;
}
Exemplo n.º 24
0
</script>
<meta name="generator" content="PHPMaker v10.0.2">
</head>
<body>
<?php 
if (ew_IsMobile()) {
    ?>
<div data-role="page">
	<div data-role="header">
		<a href="mobilemenu.php"><?php 
    echo $Language->Phrase("MobileMenu");
    ?>
</a>
		<h1 id="ewPageTitle"></h1>
	<?php 
    if (IsLoggedIn()) {
        ?>
		<a href="logout.php"><?php 
        echo $Language->Phrase("Logout");
        ?>
</a>
	<?php 
    } elseif (substr(ew_ScriptName(), 0 - strlen("login.php")) != "login.php") {
        ?>
		<a href="login.php"><?php 
        echo $Language->Phrase("Login");
        ?>
</a>
	<?php 
    }
    ?>
Exemplo n.º 25
0
function SubmitEntry($gameName, $gameURL, $gameURLWeb, $gameURLWin, $gameURLMac, $gameURLLinux, $gameURLiOS, $gameURLAndroid, $screenshotURL, $description)
{
    global $loggedInUser, $_FILES, $dbConn, $ip, $userAgent, $jams;
    $gameName = trim($gameName);
    $gameURL = trim($gameURL);
    $gameURLWeb = trim($gameURLWeb);
    $gameURLWin = trim($gameURLWin);
    $gameURLMac = trim($gameURLMac);
    $gameURLLinux = trim($gameURLLinux);
    $gameURLiOS = trim($gameURLiOS);
    $gameURLAndroid = trim($gameURLAndroid);
    $screenshotURL = trim($screenshotURL);
    $description = trim($description);
    //Authorize user
    if (IsLoggedIn() === false) {
        die("Not logged in.");
    }
    //Validate game name
    if (strlen($gameName) < 1) {
        die("Game name not provided");
    }
    $urlValid = FALSE;
    //Validate that at least one of the provided game URLs is valid
    if (SanitizeURL($gameURL) !== false) {
        $urlValid = TRUE;
    }
    if (SanitizeURL($gameURLWeb) !== false) {
        $urlValid = TRUE;
    }
    if (SanitizeURL($gameURLWin) !== false) {
        $urlValid = TRUE;
    }
    if (SanitizeURL($gameURLMac) !== false) {
        $urlValid = TRUE;
    }
    if (SanitizeURL($gameURLLinux) !== false) {
        $urlValid = TRUE;
    }
    if (SanitizeURL($gameURLiOS) !== false) {
        $urlValid = TRUE;
    }
    if (SanitizeURL($gameURLAndroid) !== false) {
        $urlValid = TRUE;
    }
    //Did at least one url pass validation?
    if ($urlValid == FALSE) {
        die("Invalid game url");
    }
    //Validate description
    if (strlen($description) <= 0) {
        die("Invalid description");
    }
    //Check that a jam exists
    $currentJam = GetCurrentJamNumberAndID();
    if ($currentJam == null || $currentJam["NUMBER"] == 0) {
        die("No jam to submit to");
    }
    if (count($jams) == 0) {
        die("No jam to submit to");
    }
    $currentJamNumber = intval($currentJam["NUMBER"]);
    $jam_folder = "data/jams/jam_{$currentJamNumber}";
    //print $loggedInUser["username"];
    if (isset($_FILES["screenshotfile"]) && $_FILES["screenshotfile"] != null && $_FILES["screenshotfile"]["size"] != 0) {
        $uploadPass = 0;
        $imageFileType = strtolower(pathinfo($_FILES["screenshotfile"]["name"], PATHINFO_EXTENSION));
        $target_file = $jam_folder . "/" . $loggedInUser["username"] . "." . $imageFileType;
        $check = getimagesize($_FILES["screenshotfile"]["tmp_name"]);
        if ($check !== false) {
            $uploadPass = 1;
        } else {
            die("Uploaded screenshot is not an image");
            $uploadPass = 0;
        }
        if ($_FILES["screenshotfile"]["size"] > 5000000) {
            die("Uploaded screenshot is too big (max 5MB)");
            $uploadPass = 0;
        }
        if ($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif") {
            die("Uploaded screenshot is not jpeg, png or gif");
            $uploadPass = 0;
        }
        if ($uploadPass == 1) {
            if (!file_exists($jam_folder)) {
                mkdir($jam_folder);
                file_put_contents($jam_folder . "/.htaccess", "Order allow,deny\nAllow from all");
            }
            move_uploaded_file($_FILES["screenshotfile"]["tmp_name"], $target_file);
            $screenshotURL = $target_file;
        }
    }
    //Validate Screenshot URL
    if ($screenshotURL == "") {
        $screenshotURL = "logo.png";
    }
    $currentJam = $jams[0];
    if (isset($currentJam["entries"])) {
        $entryUpdated = false;
        foreach ($currentJam["entries"] as $i => $entry) {
            if ($entry["author"] == $loggedInUser["username"]) {
                //Updating existing entry
                $existingScreenshot = $currentJam["entries"][$i]["screenshot_url"];
                if ($screenshotURL == "logo.png") {
                    if ($existingScreenshot != "" && $existingScreenshot != "logo.png") {
                        $screenshotURL = $existingScreenshot;
                    }
                }
                $escapedGameName = mysqli_real_escape_string($dbConn, $gameName);
                $escapedGameURL = mysqli_real_escape_string($dbConn, $gameURL);
                $escapedGameURLWeb = mysqli_real_escape_string($dbConn, $gameURLWeb);
                $escapedGameURLWin = mysqli_real_escape_string($dbConn, $gameURLWin);
                $escapedGameURLMac = mysqli_real_escape_string($dbConn, $gameURLMac);
                $escapedGameURLLinux = mysqli_real_escape_string($dbConn, $gameURLLinux);
                $escapedGameURLiOS = mysqli_real_escape_string($dbConn, $gameURLiOS);
                $escapedGameURLAndroid = mysqli_real_escape_string($dbConn, $gameURLAndroid);
                $escapedScreenshotURL = mysqli_real_escape_string($dbConn, $screenshotURL);
                $escapedDescription = mysqli_real_escape_string($dbConn, $description);
                $escapedAuthorName = mysqli_real_escape_string($dbConn, $entry["author"]);
                $escaped_jamNumber = mysqli_real_escape_string($dbConn, $currentJamNumber);
                $sql = "\n\t\t\t\tUPDATE entry\n\t\t\t\tSET\n\t\t\t\t\tentry_title = '{$escapedGameName}',\n\t\t\t\t\tentry_url = '{$escapedGameURL}',\n\t\t\t\t\tentry_url_web = '{$escapedGameURLWeb}',\n\t\t\t\t\tentry_url_windows = '{$escapedGameURLWin}',\n\t\t\t\t\tentry_url_mac = '{$escapedGameURLMac}',\n\t\t\t\t\tentry_url_linux = '{$escapedGameURLLinux}',\n\t\t\t\t\tentry_url_ios = '{$escapedGameURLiOS}',\n\t\t\t\t\tentry_url_android = '{$escapedGameURLAndroid}',\n\t\t\t\t\tentry_screenshot_url = '{$escapedScreenshotURL}',\n\t\t\t\t\tentry_description = '{$escapedDescription}'\n\t\t\t\tWHERE \n\t\t\t\t\tentry_author = '{$escapedAuthorName}'\n\t\t\t\tAND entry_jam_number = {$escaped_jamNumber};\n\n\t\t\t\t";
                $data = mysqli_query($dbConn, $sql);
                $sql = "";
                $entryUpdated = true;
            }
        }
        if (!$entryUpdated) {
            $jamData = GetCurrentJamNumberAndID();
            $escaped_ip = mysqli_real_escape_string($dbConn, $ip);
            $escaped_userAgent = mysqli_real_escape_string($dbConn, $userAgent);
            $escaped_jamId = mysqli_real_escape_string($dbConn, $jamData["ID"]);
            $escaped_jamNumber = mysqli_real_escape_string($dbConn, $jamData["NUMBER"]);
            $escaped_gameName = mysqli_real_escape_string($dbConn, $gameName);
            $escaped_description = mysqli_real_escape_string($dbConn, $description);
            $escaped_aurhor = mysqli_real_escape_string($dbConn, $loggedInUser["username"]);
            $escaped_gameURL = mysqli_real_escape_string($dbConn, $gameURL);
            $escaped_gameURLWeb = mysqli_real_escape_string($dbConn, $gameURLWeb);
            $escaped_gameURLWin = mysqli_real_escape_string($dbConn, $gameURLWin);
            $escaped_gameURLMac = mysqli_real_escape_string($dbConn, $gameURLMac);
            $escaped_gameURLLinux = mysqli_real_escape_string($dbConn, $gameURLLinux);
            $escaped_gameURLiOS = mysqli_real_escape_string($dbConn, $gameURLiOS);
            $escaped_gameURLAndroid = mysqli_real_escape_string($dbConn, $gameURLAndroid);
            $escaped_ssURL = mysqli_real_escape_string($dbConn, $screenshotURL);
            $sql = "\n\t\t\t\tINSERT INTO entry\n\t\t\t\t(entry_id,\n\t\t\t\tentry_datetime,\n\t\t\t\tentry_ip,\n\t\t\t\tentry_user_agent,\n\t\t\t\tentry_jam_id,\n\t\t\t\tentry_jam_number,\n\t\t\t\tentry_title,\n\t\t\t\tentry_description,\n\t\t\t\tentry_author,\n\t\t\t\tentry_url,\n\t\t\t\tentry_url_web,\n\t\t\t\tentry_url_windows,\n\t\t\t\tentry_url_mac,\n\t\t\t\tentry_url_linux,\n\t\t\t\tentry_url_ios,\n\t\t\t\tentry_url_android,\n\t\t\t\tentry_screenshot_url)\n\t\t\t\tVALUES\n\t\t\t\t(null,\n\t\t\t\tNow(),\n\t\t\t\t'{$escaped_ip}',\n\t\t\t\t'{$escaped_userAgent}',\n\t\t\t\t{$escaped_jamId},\n\t\t\t\t{$escaped_jamNumber},\n\t\t\t\t'{$escaped_gameName}',\n\t\t\t\t'{$escaped_description}',\n\t\t\t\t'{$escaped_aurhor}',\n\t\t\t\t'{$escaped_gameURL}',\n\t\t\t\t'{$escaped_gameURLWeb}',\n\t\t\t\t'{$escaped_gameURLWin}',\n\t\t\t\t'{$escaped_gameURLMac}',\n\t\t\t\t'{$escaped_gameURLLinux}',\n\t\t\t\t'{$escaped_gameURLiOS}',\n\t\t\t\t'{$escaped_gameURLAndroid}',\n\t\t\t\t'{$escaped_ssURL}');\n\t\t\t";
            $data = mysqli_query($dbConn, $sql);
            $sql = "";
        }
    }
    LoadEntries();
}