private function isLoggedIn()
{
//check if session variable is set
if ($this->loggedIn == false) {
return checkCookie();
} else {
return true;
}
}
function isLoggedIn($dbHandle, $dbHost, $dbUser, $dbPass, $dbName)
{
$dbHandle = dbConnect($dbHandle, $dbHost, $dbUser, $dbPass, $dbName);
if ($_SESSION['valid']) {
return true;
} else {
if (checkCookie($dbHandle, $dbHost, $dbUser, $dbPass, $dbName)) {
validateUser(true);
//Set user info in session
$_SESSION['user_id'] = $_COOKIE['user_id'];
$userInfo = getUserInfo($dbHandle, $_COOKIE['user_id']);
$_SESSION['username'] = $userInfo['username'];
$_SESSION['imageUrl'] = $userInfo['image_url'];
$_SESSION['accLevel'] = $userInfo['acc_level'];
return true;
}
}
return false;
}
<?php
include_once "header.php";
include_once "db.php";
include_once "mindoflib.php";
$id = $_GET['number'];
if (!stripslashes($_POST['checksubmit']) && checkCookie()) {
showDelform($id);
} else {
if (stripslashes($_POST['checksubmit']) && checkCookie()) {
deleteEntry(stripslashes($_POST['id']));
} else {
echo "please <a href='login.php'>login</a> in order to delete entries!";
}
}
?>
<?php
include_once "footer.php";
?>
echo "{$sitename}";
?>
(Atom 1.0)" href="<?php
echo "{$siteurl}";
?>
/atom.php" />
<meta name="generator" content="Dertyn <?php
echo "{$version}";
?>
" />
<!-- YUI for Editor -->
<!-- Skin CSS file -->
<!-- Only need when user is logged in -->
<?php
if (checkCookie()) {
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"{$siteurl}/yui/build/assets/skins/sam/skin.css\">";
}
?>
<!-- End YUI -->
</head>
<body class="yui-skin-sam">
<div id="wrap">
<div id="header">
<h2><a href="<?php
echo "{$siteurl}";
?>
"><?php
echo "{$sitename}";
<?php
include "../include/cookie.php";
include "../include/sqlz.php";
checkCookie();
$user = sqlz::user;
$pass = sqlz::pass;
$server = sqlz::server;
$db = sqlz::db;
$cookie1 = $_COOKIE['asdf'];
$cookie1 = mysql_escape_string($cookie1);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!"CSS Credit - Creative Commons Attribution 3.0 Unported http://creativecommons.org/licenses/by/3.0/">
<!"Vulnerable Application - For Educational Purposes Only - Author: Jake Bernier">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="http://fonts.googleapis.com/css?family=Source+Sans+Pro:200,300,400,600,700,900" rel="stylesheet" />
<link href="../style/default.css" rel="stylesheet" type="text/css" media="all" />
<link href="../style/fonts.css" rel="stylesheet" type="text/css" media="all" />
</head>
<body>
<div id="header-wrapper">
<div id="header" class="container">
<div id="logo">
<h1><a href="#">Bat-Computer</a></h1>
function killCookie()
{
if (checkCookie()) {
$expiry = time() - 4800;
setcookie('user', '', "{$expiry}");
setcookie('dertyn', '', "{$expiry}");
}
}
<?php
session_start();
include_once "checkSession.php";
if (checkCookie() == true) {
$userID = $_SESSION['userID'];
} else {
header("Location: index.php");
}
if (!isset($_SESSION["userID"])) {
header("Location: index.php");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<?php
include_once "db_open.php";
?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link type="text/css" rel="stylesheet" href="stylesheet.css"/>
<title>Requests</title>
<style>
</style>
</head>
<?php
// [ RETRIEVING CONFIG ] //
include "/common/sql.php";
include "/common/checkcookie.php";
$allowed = false;
$allowed = checkCookie();
if ($allowed == false) {
header("Location: login.php");
}
// [ FUNCTIONS ] //
function removeUser($username)
{
$db = new mysqli(SERVERNAME, USERNAME, PASSWORD, DBNAME);
$sql = "DELETE FROM `users` WHERE username = '******'";
$result = $db->query($sql);
$db->close();
}
if (isset($_GET['username'])) {
$username = $_GET['username'];
removeUser($username);
if (isset($_COOKIE['username']) == $username) {
setcookie("expiry", "", time() - 3600);
setcookie("token", "", time() - 3600);
setcookie("username", "", time() - 3600);
}
header("Location: users.php");
}
<?php
include_once "header.php";
?>
<?php
$numEntries = getIndexNum();
$cookie = $_COOKIE['mindof'];
$storedcookie = getCookie();
$twitter_update = gettwitterCheck();
$twitter_email = gettwitterEmail();
if (checkCookie()) {
showUpdateForm();
}
if (checkCookie() && stripslashes($_POST['checksubmit'])) {
$update = strip_tags($_POST['update']);
addEntry($update);
if ($twitter_update == 1 && strlen($twitter_email) > 0) {
$twit_update = stripslashes($_POST['update']);
updateTwitter($update);
}
echo " <img src=\"icon_accept.gif\" border=\"0\" /> mindof updated. ";
}
showEntriesIndex($numEntries);
echo "<a href=\"" . $siteUrl . "archive.php?pagenum=2\" class=\"box\">older »</a>";
?>
<?php
include_once "footer.php";
?>
function is_ok()
{
// check tokens, session vars, ip, referrer, cookie etc
// in case of problem, destroy session and redirect
global $auto_restrict;
$expired = false;
// fatal problem
if (!checkReferer()) {
return death("You are definitely NOT from here !");
}
if (!checkIP()) {
return death("Hey... you were banished, f**k off !");
}
if (!checkToken()) {
return death("You need a valid token to do that, boy !");
}
//
if (checkCookie()) {
return true;
}
if (!isset($_SESSION['id_user'])) {
return false;
}
if ($_SESSION['expire'] < time()) {
$expired = true;
}
$sid = Dechiffre($_SESSION['id_user'], $auto_restrict['encryption_key']);
$id = id_user();
if ($sid != $id || $expired == true) {
// problème d'identité
return false;
} else {
// all fine
//session can survive a bit more ^^
$_SESSION['expire'] = time() + 60 * $auto_restrict['session_expiration_delay'];
return true;
}
}
function is_ok()
{
# check tokens, session vars, ip, referrer, cookie etc
# in case of problem, destroy session and redirect
global $auto_restrict;
$expired = false;
if (!isset($_SESSION['id_user'])) {
return false;
}
# fatal problem
if (!checkReferer()) {
return death('<div class="error">You are definitely NOT from here !</div>');
}
if (!checkIP()) {
return death('<div class="error">Hey... you were banished, f**k off !</div>');
}
if (!checkToken()) {
return death('<div class="error">Invalid token</div>');
}
#
if (checkCookie()) {
return true;
}
if ($_SESSION['expire'] < time()) {
$expired = true;
}
$sid = Dechiffre($_SESSION['id_user'], $auto_restrict['users'][$_SESSION['login']]['encryption_key']);
$id = id_user();
if ($sid != $id || $expired == true) {
# problème d'identité
return false;
} else {
# all fine
#session can survive a bit more ^^
$_SESSION['expire'] = time() + 60 * $auto_restrict['session_expiration_delay'];
return true;
}
}
function doAction($params = NULL)
{
global $ikariam, $island_names, $debug;
//Make sure the simple dom parser is loaded
if (!function_exists('str_get_html')) {
die("str_get_html() does not exist.");
}
//Set some variables
$url = $ikariam['session']['base_url'];
$cookie = $ikariam['session']['cookie'];
//Add the action request in get requests
if (isset($params['get']['actionRequest']) && $params['get']['actionRequest'] === TRUE) {
$params['get']['actionRequest'] = $ikariam['hidden_inputs']['actionRequest'];
}
//Add the action request in post requests
if (isset($params['post'])) {
if (!isset($ikariam['hidden_inputs']['actionRequest'])) {
return false;
}
$params['post']['actionRequest'] = $ikariam['hidden_inputs']['actionRequest'];
}
if ($debug) {
echo "<pre>";
}
if ($debug) {
print_r($params);
}
//Perform the page fetch
$response = fetchPage($url, $cookie, $params);
//Make sure cookie's valid
if (!checkCookie($response['header'])) {
die("Cookie expired!");
}
if ($debug > 1) {
echo "<pre>";
print_r($response['body']);
}
//Get the html object for the response
$html_obj = str_get_html($response['body']);
//Check for errors
if (checkResponseForErrors($html_obj)) {
if ($debug) {
echo "<pre>";
print_r(debug_backtrace());
foreach ($ikariam['errors']['messages'] as $error) {
echo $error . "<br />\n";
}
die;
} else {
return $html_obj;
}
}
//Update the hidden input variables
$ikariam['hidden_inputs'] = getHiddenInputs($html_obj);
//Get the city names
$ikariam['cities']['names'] = getCityNames($html_obj);
//Get the current city name and id
$ikariam['current_city_id'] = getCurrentCityID($html_obj);
$ikariam['current_city'] = $ikariam['cities']['names'][$ikariam['current_city_id']];
$ikariam['current_island_id'] = getCurrentIslandID($html_obj);
$ikariam['current_island'] = $island_names[$ikariam['current_island_id']];
//Get the global resources
$ikariam['cities']['global']['resources']['ships'] = getShips($html_obj);
//Get ships
$ikariam['cities']['global']['resources']['ambrosia'] = getAmbrosia($html_obj);
//Get the ambrosia
$ikariam['cities']['global']['resources']['gold'] = getGold($html_obj);
//Get the gold
//Fetch the current resources if they exist
$current_city_resources = getCityInfo($html_obj);
if ($current_city_resources != NULL && $current_city_resources != FALSE) {
$ikariam['cities'][$ikariam['current_city_id']] = $current_city_resources;
}
setIkariamFile();
//Return
return $html_obj;
}
$numEntries = getIndexNum();
$cookie = $_COOKIE['dertyn'];
$storedcookie = getCookie();
$id = $_GET['number'];
$type = $_GET['type'];
if (ereg($type, "^rich\$")) {
include_once "editor.php";
}
?>
<?php
if (checkCookie()) {
showEditForm($id);
} else {
echo "please <a href=\"login.php\">login</a>.";
}
if (checkCookie() && $_POST['checksubmit']) {
$subject = strip_tags($_POST['subject']);
$body = $_POST['body'];
$draft = strip_tags($_POST['draft']);
$updateID = strip_tags($_POST['id']);
updateEntry($subject, $body, $updateID, $draft);
echo " <img src=\"icon_accept.gif\" border=\"0\" /> entry updated. ";
}
?>
<?php
include_once "footer.php";
?>
<?php
include_once "header.php";
include_once "db.php";
include_once "dertyn.php";
$id = $_GET['number'];
$type = $_GET['type'];
if (!$_POST['checksubmit'] && checkCookie()) {
showDelform($id, $type);
} else {
if ($_POST['checksubmit'] && checkCookie()) {
deleteEntry($_POST['id'], $_POST['type']);
} else {
echo "please <a href='login.php'>login</a> in order to delete entries!";
}
}
?>
<?php
include_once "footer.php";
?>