function pick_id($seq) { // FIXME: check $seq $result = sql_do('SELECT nextval(\'' . $seq . '\')'); if ($result->numRows() != 1) { append_error('Unable to fetch a fresh ID.'); return 0; } return $result->fetchOne(); }
function myExceptionHandler($exception) { append_error('Uncaught exception: ' . $exception->getMessage() . '<br/>'); //$exception->getTraceAsString()); }
function api_login($username, $password) { global $db, $dom, $root, $board_url, $phpEx, $option, $user, $auth; $login = $auth->login($username, $password, false, 0, 0); switch ($login['status']) { case LOGIN_ERROR_PASSWORD: append_error('login', 'Incorrect password'); return; case LOGIN_ERROR_USERNAME: append_error('login', 'No such user'); return; case LOGIN_ERROR_ATTEMPTS: append_error('login', 'Exceeded login attempt limit'); return; case LOGIN_SUCCESS: api_get_userinfo($user->data['user_id']); return; default: append_error('login', 'Login error code: ' . $login['status']); return; } }
append_error('Month cannot be empty'); } if (empty($_GET['day'])) { append_error('Day cannot be empty'); } if (!errors() && mktime(0, 0, 0, $_GET['month'], $_GET['day'], $_GET['year']) > time() - 10000) { append_error('Date should not be in the future'); } #blabla if (!errors()) { // do the job // recuperer l'idRel fraichement créé http_redir('/project/view.php?id_rel=FIXME'); } } else { append_error('Malformed form, please use the correct html page'); } } ?> <h1>Add a new release to the project 'GraphTool'</h1> <?php flush_errors(); ?> <form> <table> <tr><th>Version name</th><td><input type="text" name="version" value="<?php echo isset($_GET['version']) ? $_GET['version'] : ""; ?> "/></td></tr>
$mobile_value = ""; } // verify not empty and not used mobile number if ($mobile_value && mobile_not_used($mobile_value)) { $secret_code = safe_rand(100000, 999999); $_SESSION['mobile_value'] = $mobile_value; $_SESSION['mobile_code'] = $secret_code; // accept any +380 mobile w/o sms test if (!empty($settings['disable_sms_test'])) { set_test_passed('mobile'); redirect('step4.php'); } send_mobile_code($mobile_value, $secret_code); $mobile_code = ""; } else { append_error("Цей номер телефону неможливо використати."); $mobile_value = ""; } } } else { /** * get mobile number from session if present */ if (isset($_SESSION['mobile_value'])) { $mobile_value = $_SESSION['mobile_value']; } } if ($mobile_value) { $mobile_readonly = ' readonly="readonly"'; } require get_template('step3');
echo '<a href="' . REMOTE_PATH . '/user/index.php">Back to user configuration</a> || <a href="' . REMOTE_PATH . '/index.php">Back home</a>'; exit; } // permission du visiteur sur le projet /* if ($_SESSION['id'] != 34567) { append_error('Can\'t modify project: permission denied'); http_redir('/project/view_project.php?idPrj=456789'); } */ flush_errors(); if (isset($_GET['action']) && $_GET['action'] == "Apply") { if (!isset($_GET['description']) || !isset($_GET['homepage']) || !isset($_GET['screenshot']) || !isset($_GET['download'])) { append_error('Invalid arguments'); } else { if (empty($_GET['homepage'])) { append_error('Warning: Homepage is mandatory!'); http_redir('/project/modify_project.php?idPrj=456789'); } else { // do the job: modify the data http_redir('/project/view_project.php?idPrj=456789'); } } } else { if (isset($_GET['action']) && $_GET['action'] == "Add an admin for this project") { ?> <h1>Project Administration: GraphTool (<?php echo $_GET['idPrj']; ?> )</h1>
require_once 'igoan/Category.class.php'; // permission de l'user (admin global) $me = user_get_by_id($_SESSION['id']); if (!$me || !$me->is_global_admin()) { append_error_exit('Permission denied: global admin flag required'); } /* ajout d'une categorie */ if (isset($_GET['action']) && $_GET['action'] == "Ajouter" && isset($_GET['index']) && isset($_GET['nom'])) { append_error("inserting category " . $_GET['nom'] . " (" . $_GET['index'] . ')'); if (category_new($_GET['index'], $_GET['nom']) == -1) { append_error('Error: parent category is full'); } } /* suppression d'une categorie */ if (isset($_GET['action']) && $_GET['action'] == "Effacer" && isset($_GET['idCat'])) { append_error("deleting category " . $_GET['idCat']); $cat = category_get_by_id($_GET['idCat']); if ($cat) { $cat->delete(); } } /* recuperation de la liste */ $all_cats = category_list_all(); $select = "<select name='idCat'>\n"; $select2 = "<select name='index'>\n"; for ($i = 0; $i < count($all_cats); $i++) { $select .= "<option value='" . $all_cats[$i][0] . "'>" . $all_cats[$i][1] . " " . $all_cats[$i][2] . "</option>\n"; $select2 .= "<option value='" . $all_cats[$i][1] . "'>" . $all_cats[$i][1] . " " . $all_cats[$i][2] . "</option>\n"; } ?> <h2>Gestion des catégories</h2>
http_redir('/index.php'); } $my_branch_id = $my_prj->get_default_branch(); if ($my_branch_id) { $my_branch = branch_get_by_id($my_branch_id); } // c'est possible qu'il n'y ait pas de branche :( if ($my_branch) { $my_rel_id = $my_branch->get_last_release(); if ($my_rel_id) { $my_rel = release_get_by_id($my_rel_id); } } $request = $my_prj; } else { append_error('No project requested.'); http_redir('/index.php'); } // is the visitor an admin/maintainer ? $isadmin = $me && $my_prj->is_admin($me->get_id_user()); $ismaint = $isadmin || $me && $my_branch->is_maintainer($me->get_id_user()); // the branches and releases to show $releases = $my_branch ? $my_branch->list_releases() : 0; $branches = $my_prj->list_branches(); //($my_branch && !$isadmin) ? $my_branch->get_id_branch() : -1); // processing datas to be shown // PAGE TITLE $d_full_title = $my_prj->get_name_prj(); if ($my_rel) { $d_full_title .= ' - ' . $my_rel->get_name_rel(); }
require_once 'igoan/License.class.php'; // permission de l'user (admin global) $me = user_get_by_id($_SESSION['id']); if (!$me || !$me->is_global_admin()) { append_error_exit('Permission denied: global admin flag required'); } /* ajout */ if (isset($_GET['action']) && $_GET['action'] == "Ajouter" && isset($_GET['nom']) && isset($_GET['url'])) { append_error('inserting license: ' . $_GET['nom']); if (license_new($_GET['nom'], $_GET['url']) == -1) { append_error('error'); } } /* suppression */ if (isset($_GET['action']) && $_GET['action'] == "Effacer" && isset($_GET['idLic'])) { append_error('deleting license: ' . $_GET['idLic']); $lic = license_get_by_id($_GET['idLic']); $lic->delete(); } /* recuperation de la liste */ $list = license_list(); $select = "<select name='idLic'>\n"; while (list(, $tuple) = each($list)) { $select .= "<option value='" . $tuple[0] . "'>" . $tuple[0] . " " . $tuple[1] . " (" . $tuple[2] . ")</option>\n"; } ?> <h2>Gestion des licences</h2> <?php flush_errors(); ?>
if (!$id_prj) { append_error_exit('You have to specify a project.'); } $prj = project_get_by_id($id_prj); if (!$prj) { append_error_exit('Invalid project number #' . $id_prj . '.'); } if (!$prj->is_admin($me->get_id_user())) { append_error_exit('Sorry, you are not an admin for this project.'); } // ADDING A BRANCH if (!empty($_GET['name_branch'])) { $id_branch = branch_new($_GET['name_branch'], $prj->get_id_prj()); $branch = branch_get_by_id($id_branch); if (!$branch) { append_error('Unable to create a new branch'); } if (!errors()) { http_redir('/project/view.php?id_branch=' . $branch->get_id_branch()); } } ?> <?php // OUTPUT header_box("Igoan :: Adding a new branch to a project"); flush_errors(); ?> <div id="main">
Email: ' . $_GET['email'] . ' Your automatically generated password is \'' . $new->get_passwd() . '\'. You have to login with your newly created account on the Igoan website (http://www.igoan.org/user/login.php) and change your password to activate your account. Then you will be able to register new projects on our databases. Best regards, The Igoan Team. ', 'From: Igoan Registration Process <*****@*****.**>'); } else { append_error('Unable to fetch new user informations'); } } else { append_error('Unable to create new user'); } } } header_box('Igoan :: New User'); ?> <div id="main"> <?php if (!errors() and isset($login)) { ?> <h2>Registration submitted</h2> <div class="abstract"> <p> A mail has been sent to <em><?php echo $_GET['email']; ?>
require_once 'igoan/Project.class.php'; require_once 'igoan/Branch.class.php'; require_once 'igoan/Release.class.php'; if (isset($_GET['id'])) { $requested = user_get_by_id($_GET['id']); if (!$requested) { append_error("Error: unknow user id ({$_GET['id']})"); } } else { if ($_SESSION['id']) { $requested = user_get_by_id($_SESSION['id']); if (!$requested) { append_error("Error: unknow user id ({$_SESSION['id']})"); } } else { append_error('Error: no user id given'); } } if (errors()) { flush_errors_exit(); } // MISC $d_misc = ''; $igoan_admin = ''; $valid_account = ''; if ($requested->is_global_admin()) { $igoan_admin = '<li>This user is an igoan admin. </li>'; } if (!$requested->get_valid_user()) { $valid_account = '<li>This user hasn\'t activated his account yet. </li>'; }
} /** * Handle form data */ if ($_POST) { $ukr_citizen = post_arg('ukr_citizen'); $personal_data = post_arg('personal_data'); $captcha_res = captcha_verify(); $current_date = date('Y-m-d H:i:s'); if (!$ukr_citizen) { append_error("Не підтверджена згода з правилами голосування."); } if (!$personal_data) { append_error("Немає згоди на обробку персональних даних."); } if (!$captcha_res) { append_error("Не пройдено тест на роботів!"); } if ($current_date < $settings['open_elections_time']) { append_error("Вибори ще не розпочались."); } if ($current_date > $settings['close_elections_time']) { append_error("Вибори вже закінчились."); } if (empty($_ERRORS) && $ukr_citizen && $personal_data && $captcha_res) { init_user_session(); set_test_passed('captcha'); redirect('step2.php'); } } require get_template('step1');
$prj = project_get_by_id($id_prj); if (!$prj) { sql_do('ROLLBACK'); append_error('Unable to retrieve the created project, please contact the administrator.'); } } // on place un admin/owner if (!errors()) { $prj->add_admin($me->get_id_user(), 1); } // on crée une branche ... if (!errors()) { $id_branch = branch_new('main', $prj->get_id_prj()); if (!$id_branch) { sql_do('ROLLBACK'); append_error('Unable to create the default branch, please contact the administrator.'); } } // ... par défaut if (!errors()) { $prj->set_default_branch($id_branch); $prj->write(); } if (!errors()) { sql_do('COMMIT'); http_redir('/project/view.php?id_prj=' . $id_prj); } else { sql_do('ROLLBACK'); } } header_box("Igoan :: Adding a new project");
# Igoan is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Igoan; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # // existence de la release if (!isset($_GET['idRel']) || $_GET['idRel'] != 123460) { append_error_exit('Bad Release ID'); } if (isset($_GET['confirm']) && $_GET['confirm'] == 'Yes') { // do the job append_error('Release successfully deleted'); http_redir('/project/view_project.php?idPrj=456789'); } ?> <h1>Release Deletion</h1> Do you really want to delete this release 'GraphTool' version 'graphtool-0.2-pre1' ? <form> <input type="submit" name="confirm" value="Yes" /> <input type="hidden" name="idRel" value="123460" /></form> <form action="/project/view_release.php"> <input type="submit" value="No" /> <input type="hidden" name="idRel" value="123460" /></form> <br /><br/><hr />
function user_new_pseudo($name, $email) { $result = sql_do('SELECT id_user FROM ' . DB_PREF . '_users WHERE mail=\'' . $email . '\''); if ($result->numRows()) { append_error("This email address is already registered. Please choose another."); return 0; } try { $result = sql_do('INSERT INTO ' . DB_PREF . '_users (name_user,mail,date_user,valid_user) VALUES (\'' . str($name) . '\',\'' . str($email) . '\',\'' . date('Y-m-d H:i:s') . '\',0)'); } catch (DatabaseException $e) { //append_error("Unknown error executing [$sql]."); return 0; } return sql_last_id(); }
// some checks before send code if (strlen($email_value) < 6) { $email_value = ""; } if (strpbrk($email_value, " ,;'\"\t\n") !== false) { $email_value = ""; } // verify not empty and not used email then send code if ($email_value && email_not_used($email_value)) { $secret_code = safe_rand(100000, 999999); $_SESSION['email_value'] = $email_value; $_SESSION['email_code'] = $secret_code; send_email_code($email_value, $secret_code); $email_code = ""; } else { append_error("Цю адресу неможливо використати."); $email_value = ""; } } } else { /** * get code from query string if present */ if (isset($_SESSION['email_value'])) { $email_value = $_SESSION['email_value']; } if (isset($_GET['code'])) { $email_code = $_GET['code']; } } if ($email_value) {
# but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Igoan; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # // est-ce que la release existe ? if (!isset($_GET['idRel']) || $_GET['idRel'] != '123460') { append_error('No release specified or release unknown'); flush_errors_exit(); } // l'user concerné est-il admin du projet ? if ($_SESSION['id'] != 34567) { append_error('Can\'t modify project: permission denied'); http_redir('/project/view_release.php?idRel=123460'); } if (isset($_GET['action']) && $_GET['action'] == 'Apply') { // do the job http_redir('/project/view_release.php?idRel=123460'); } ?> <h1>Change release information</h1> <form> <table> <tr><th>idRel</th><td>34567</td></tr> <tr><th>Version</th><td><input type="text" name="version" value="graphtool-0.2pre1" /></td></tr> <tr><th>Date</th><td>
require_once 'igoan/Platform.class.php'; // permission de l'user (admin global) $me = user_get_by_id($_SESSION['id']); if (!$me || !$me->is_global_admin()) { append_error_exit('Permission denied: global admin flag required'); } /* ajout */ if (isset($_GET['action']) && $_GET['action'] == "Ajouter" && isset($_GET['nom'])) { append_error('inserting platform: ' . $_GET['nom']); if (platform_new($_GET['nom']) == -1) { append_error('error'); } } /* suppression */ if (isset($_GET['action']) && $_GET['action'] == "Effacer" && isset($_GET['idPf'])) { append_error('deleting platform: ' . $_GET['idPf']); $pf = platform_get_by_id($_GET['idPf']); $pf->delete(); } /* recuperation de la liste */ $list = platform_list(); $select = "<select name='idPf'>\n"; while (list(, $tuple) = each($list)) { $select .= "<option value='" . $tuple[0] . "'>" . $tuple[0] . " " . $tuple[1] . "</option>\n"; } ?> <h2>Gestion des plateformes</h2> <?php flush_errors(); ?>
function project_new($name_prj, $shortname, $description, $homepage) { $result = sql_do('SELECT id_prj FROM projects WHERE shortname=\'' . str($shortname) . '\''); if ($result->numRows()) { append_error("Shortname '{$shortname}' already taken."); return 0; } $id_prj = pick_id('projects_id_prj_seq'); try { $result = sql_do('INSERT INTO projects (id_prj,name_prj,shortname,desc_prj,url_prj,date_prj,valid_prj) VALUES (\'' . int($id_prj) . '\',\'' . str($name_prj) . '\',\'' . str($shortname) . '\',\'' . str($description) . '\',\'' . str($homepage) . '\',\'' . date('Y-m-d H:i:s') . '\',0)'); } catch (DatabaseException $e) { return 0; } return $id_prj; }
# the Free Software Foundation in the version 2 of the License. # # Igoan is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Igoan; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # require_once 'igoan/User.class.php'; if (isset($_GET['login']) && isset($_GET['passwd'])) { $me = user_get_by_password($_GET['login'], $_GET['passwd']); if (!$me) { append_error('Login incorrect.'); } else { $_SESSION['id'] = $me->get_id_user(); } if (!errors()) { http_redir(empty($_GET['referer']) ? '/index.php' : $_GET['referer']); } } header_box('Igoan :: Login'); ?> <div id="main"> <form class="admin" action="login.php"> <?php flush_errors(); ?>
require_once 'igoan/Language.class.php'; // permission de l'user (admin global) $me = user_get_by_id($_SESSION['id']); if (!$me || !$me->is_global_admin()) { append_error_exit('Permission denied: global admin flag required'); } /* ajout */ if (isset($_GET['action']) && $_GET['action'] == "Ajouter" && isset($_GET['nom'])) { append_error('inserting language: ' . $_GET['nom']); if (language_new($_GET['nom']) == -1) { append_error('error'); } } /* suppression */ if (isset($_GET['action']) && $_GET['action'] == "Effacer" && isset($_GET['idLang'])) { append_error('deleting language: ' . $_GET['idLang']); $lang = language_get_by_id($_GET['idLang']); $lang->delete(); } /* recuperation de la liste */ $list = language_list(); $select = "<select name='idLang'>\n"; while (list(, $tuple) = each($list)) { $select .= "<option value='" . $tuple[0] . "'>" . $tuple[0] . " " . $tuple[1] . "</option>\n"; } ?> <h2>Gestion des langages de prog</h2> <?php flush_errors(); ?>
<?php require "system/__init__.php"; require_test_pass('captcha', 'step1.php'); require_test_pass('email', 'step2.php'); require_test_pass('mobile', 'step3.php'); next_if_test_pass('vote', 'step5.php'); /** * Handle form data */ if ($_POST) { $keys = array(); if (is_array($_POST['id'])) { $keys = array_keys($_POST['id']); } if ($keys) { $keys = filter_candidates($keys); } if (count($keys) < 1) { append_error("Ви не обрали жодного кандидата."); } elseif (count($keys) > get_selected_limit()) { append_error("Ви обрали більше ніж дозволено кандидатів."); } else { if (safe_save_vote($keys)) { set_test_passed('vote'); redirect('step5.php'); } } } require get_template('step4');
# require_once 'igoan/User.class.php'; if (isset($_GET['action']) && $_GET['action'] == 'Change Password' && isset($_GET['oldpass']) && isset($_GET['passwd1']) && isset($_GET['passwd2'])) { $me = user_get_by_id($_SESSION['id']); if (!$me) { append_error_exit('User ID incorrect.'); } // check the old password if ($_GET['oldpass'] != $me->get_passwd()) { append_error('Wrong old password.'); } else { if ($_GET['passwd1'] != $_GET['passwd2']) { append_error('Passwords mismatch'); } else { if (empty($_GET['passwd1'])) { append_error('Aha. Yes of course ...'); } } } if (errors()) { flush_errors(); } else { // do the job $me->set_passwd($_GET['passwd1']); $me->write(); http_redir('/user/view.php'); } } ?> <h1>Changing your user password</h1> <form>
} } else { if (isset($_GET['name']) && isset($_GET['email'])) { if (empty($_GET['name'])) { append_error('The name is mandatory.'); } if (empty($_GET['email'])) { append_error('The e-mail address is mandatory.'); } if (!errors()) { $user_id = user_new_pseudo($_GET['name'], $_GET['email']); } if (!errors()) { $user = user_get_by_id($user_id); if (!$user) { append_error('Unable to create the pseudo-user ' . $_GET['name']); } } if (!errors()) { $rel->add_author($user->get_id()); http_redir('/project/view.php?id_rel=' . $rel->get_id_rel()); } } } } else { append_error_exit('No action specified.'); } } } ?>
function user_new_pseudo($name, $email) { $result = sql_do("SELECT id_user FROM users WHERE mail='{$email}'"); if ($result->numRows()) { append_error("This email address is already registered. Please choose another."); return 0; } $id_user = pick_id('users_id_user_seq'); try { $result = sql_do('INSERT INTO users (id_user,name_user,mail,date_user,valid_user) VALUES (\'' . int($id_user) . '\',\'' . str($name) . '\',\'' . str($email) . '\',\'' . date('Y-m-d H:i:s') . '\',0)'); } catch (DatabaseException $e) { //append_error("Unknown error executing [$sql]."); return 0; } return $id_user; }
/** * save vote using database abstraction layer api */ function save_vote_database($table = "ballot_box") { $db = db_connect(); $row = array(); $row['ip_addr'] = $_SESSION['ip_addr']; $row['email'] = $_SESSION['email_value']; $row['mobile'] = $_SESSION['mobile_value']; $row['choice'] = implode(',', $_SESSION['vote_keys']); if (db_row_exists($db, 'email', $row['email'])) { append_error("Такий e-mail вже проголосував."); } if (db_row_exists($db, 'mobile', $row['mobile'])) { append_error("Такий мобільний вже проголосував."); } if (db_insert_row($db, $row, $ballot_id) == false) { append_error("Запис голосу не вдався."); } $_SESSION['ballot_id'] = $ballot_id; }