function hashFindFile($file)
{
if ($file) {
if (file_exists('sessions/' . $file)) {
return filemtime('sessions/' . $file);
// Return file creation time
}
return false;
}
return false;
}
$getHash = stripslashes($_GET['access']);
$getIP = explode("_", $getHash);
$userIP = $_SERVER['REMOTE_ADDR'];
// IF checkHash returns true then show elfinder
if (checkHash('sessions/', $getHash) and $userIP == $getIP[0]) {
if (hashFindFile($getHash)) {
$expires = time() - hashFindFile($getHash);
if ($expires > 3600) {
echo 'Session has expired!';
exit;
}
} else {
echo 'Session not exists!';
exit;
}
echo '<!-- elFinder initialization -->
<script type="text/javascript" charset="utf-8">
$().ready(function() {
var elf = $(\'#elfinder\').elfinder({
url : \'php/connector.php?access=' . $getHash . '\',
if ($db instanceof PDOException) {
die($db->getMessage());
}
$username = strtolower($_POST['username']);
$password = $_POST['password'];
$hash = secureHash($username, $password);
$stmt = $db->prepare("SELECT * FROM milky_minewriter.Users WHERE `username` = :user");
$stmt->bindParam(':user', $username);
$stmt->execute();
$row = $stmt->fetch();
if ($stmt->rowCount() == 0) {
//No such user
header("Location: login.php?e=1");
die;
}
if (!checkHash($password, $row['password'], $username)) {
//Incorrect password
header("Location: login.php?e=1");
die;
}
if ($row['active'] == false) {
//Email not verified, account not active
header("Location: login.php?e=15");
die;
}
session_start();
$_SESSION['username'] = $username;
$_SESSION['id'] = $row['id'];
$_SESSION['access'] = $row['access'];
header("Location: index.php");
die;
* This method will disable accessing files/folders starting from '.' (dot)
*
* @param string $attr attribute name (read|write|locked|hidden)
* @param string $path file path relative to volume root directory started with directory separator
* @return bool|null
**/
function access($attr, $path, $data, $volume)
{
return strpos(basename($path), '.tmb') === 0 || strpos(basename($path), '_file-manager') === 0 ? !($attr == 'read' || $attr == 'write') : null;
// else elFinder decide it itself
}
$opts = array('roots' => array(array('driver' => 'LocalFileSystem', 'path' => '../../', 'URL' => dirname($_SERVER['PHP_SELF']) . '/../../', 'accessControl' => 'access')));
/*
Function: Hash checker
*/
function checkHash($path, $fileName)
{
if (file_exists($path . $fileName)) {
return true;
}
return false;
}
$getHash = stripslashes($_GET['access']);
// IF checkHash returns true then show elfinder
if (checkHash('../sessions/', $getHash)) {
// run elFinder
$connector = new elFinderConnector(new elFinder($opts));
/*DO NOT EDIT*/
$connector->run();
/*DO NOT EDIT*/
}
} else {
$duplicateFile = true;
array_push($duplicateFileName, $hashOut);
}
}
if ($_FILES['manu_tbl']['name'] != '') {
$hashOut = checkHash($originalManu_tbl, 'Table file');
if ($hashOut == '') {
$temp_manu_tbl = $fileTag . '_tbl.' . $realExts;
} else {
$duplicateFile = true;
array_push($duplicateFileName, $hashOut);
}
}
if ($_FILES['manu_statement']['name'] != '') {
$hashOut = checkHash($originalManu_statement, 'Authors\' statement document');
if ($hashOut == '') {
$temp_manu_statement = $fileTag . '_statement.' . $realExts;
} else {
$duplicateFile = true;
array_push($duplicateFileName, $hashOut);
}
}
if ($duplicateFile == false) {
try {
move_uploaded_file($_FILES["manu_file"]["tmp_name"], "upload_file/MainArticles/" . $temp_manu_file);
move_uploaded_file($_FILES["manu_img"]["tmp_name"], "upload_file/ImagesFiles/" . $temp_manu_img);
move_uploaded_file($_FILES["manu_tbl"]["tmp_name"], "upload_file/TableFiles/" . $temp_manu_tbl);
move_uploaded_file($_FILES["manu_statement"]["tmp_name"], "upload_file/ManuStatements/" . $temp_manu_statement);
$_SESSION['location'] = 'manuInfo.php';
$sql2 = "INSERT INTO tbl_temp_manuscript(temp_manu_type,temp_manu_file,temp_manu_img,temp_manu_tbl,temp_manu_statement) values('{$temp_manu_type}','{$temp_manu_file}','{$temp_manu_img}','{$temp_manu_tbl}','{$temp_manu_statement}')";
$login = '';
session_start();
header("HTTP/1.0 401 Unauthorized");
require_once "secure.inc.php";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$login = trim(strip_tags($_POST["login"]));
$pw = trim(strip_tags($_POST["pw"]));
$ref = trim(strip_tags($_GET["ref"]));
if (!$ref) {
$ref = '/eshop/admin/';
}
if ($login and $pw) {
if ($result = userExists($login)) {
list($_, $hash) = explode(':', $result);
//echo $hash;
if (checkHash($pw, $hash)) {
$_SESSION['admin'] = true;
header("Location: {$ref}");
exit;
} else {
$title = 'Неправильное имя пользователя или пароль!';
}
} else {
$title = 'Неправильное имя пользователя или пароль!';
}
} else {
$title = 'Заполните все поля формы!';
}
}
?>
<!DOCTYPE HTML>
function hashFindFile($file)
{
if ($file) {
if (file_exists('sessions/' . $file)) {
return filemtime('sessions/' . $file);
// Return file creation time
}
return false;
}
return false;
}
$getHash = stripslashes($_GET['access']);
$getIP = explode("_", $getHash);
$userIP = $_SERVER['REMOTE_ADDR'];
// IF checkHash returns true then show elfinder
if (checkHash('sessions/', $getHash) && substr($userIP, 0, 6) == '46.98.') {
/*
if(hashFindFile($getHash)) {
$expires = time() - hashFindFile($getHash);
if($expires > 3600) {
echo 'Session has expired!';
exit;
}
} else {
echo 'Session not exists!';
exit;
}*/
echo '<!-- elFinder initialization -->
<script type="text/javascript" charset="utf-8">
$().ready(function() {
var elf = $(\'#elfinder\').elfinder({
function verifyLink()
{
global $getAnotherLinkInstructions;
global $con;
logout(5, false);
$email = check_input($_GET['email']);
$hash = check_input($_GET['h']);
$user = mysqli_query($con, "SELECT id FROM users WHERE email = '{$email}'");
if (mysqli_num_rows($user) == 0) {
printMessage('Hmmmm... That is funny. The email in your link is not registered with any textbooks. M' . $getAnotherLinkInstructions, 'error');
}
$user = mysqli_fetch_array($user);
checkHash($con, onValidate, $user['id'], $hash);
}
