public function index($id) { if ($this->session->userdata('username') === false || $this->session->userdata('username') != 'admin') { redirect('home'); } $this->load->model('user'); $item = $this->user->get($id); foreach ($item as $var) { $item = $var; break; } $item['is_comented'] = 0; $item = $this->user->edit($id, $item); goback(); }
function op_delclient() { $t = true; if (isset($_POST['delete']) && is_array($_POST['delete'])) { include_once "ClientModel.class.php"; $clientModel = new ClientModel(); foreach ($_POST['delete'] as $u) { $t *= $clientModel->deleteClient($u); } if ($t) { show_message_goback(lang('success')); } } show_message(lang('selectone')); goback(); }
$passupdated = 1; } if ($disableemailchange != 'no' && $smtptype != 'none' && $email != $CURUSER["email"]) { if (EmailBanned($email)) { bark($lang_usercp['std_email_address_banned']); } if (!EmailAllowed($email)) { bark($lang_usercp['std_wrong_email_address_domains'] . allowedemails()); } if (!validemail($email)) { stderr($lang_usercp['std_error'], $lang_usercp['std_wrong_email_address_format'] . goback("-2"), 0); die; } $r = sql_query("SELECT id FROM users WHERE email=" . sqlesc($email)) or sqlerr(); if (mysql_num_rows($r) > 0) { stderr($lang_usercp['std_error'], $lang_usercp['std_email_in_use'] . goback("-2"), 0); die; } $changedemail = 1; } if ($resetpasskey == 1) { $passkey = md5($CURUSER['username'] . date("Y-m-d H:i:s") . $CURUSER['passhash']); $updateset[] = "passkey = " . sqlesc($passkey); } if ($changedemail == 1) { $sec = mksecret(); $hash = md5($sec . $email . $sec); $obemail = rawurlencode($email); $updateset[] = "editsecret = " . sqlesc($sec); $subject = "{$SITENAME}" . $lang_usercp['mail_profile_change_confirmation']; $body = <<<EOD
p('<p>Instead »'); p('year:'); makeinput(array('name' => 'year', 'value' => date('Y', $opfilemtime), 'size' => 4)); p('month:'); makeinput(array('name' => 'month', 'value' => date('m', $opfilemtime), 'size' => 2)); p('day:'); makeinput(array('name' => 'day', 'value' => date('d', $opfilemtime), 'size' => 2)); p('hour:'); makeinput(array('name' => 'hour', 'value' => date('H', $opfilemtime), 'size' => 2)); p('minute:'); makeinput(array('name' => 'minute', 'value' => date('i', $opfilemtime), 'size' => 2)); p('second:'); makeinput(array('name' => 'second', 'value' => date('s', $opfilemtime), 'size' => 2)); p('</p>'); formfooter(); goback(); } elseif ($action == 'shell') { if (IS_WIN && IS_COM) { if ($program && $parameter) { $shell = new COM('Shell.Application'); $a = $shell->ShellExecute($program, $parameter); m('Program run has ' . (!$a ? 'success' : 'fail')); } !$program && ($program = 'c:\\windows\\system32\\cmd.exe'); !$parameter && ($parameter = '/c net start > ' . SA_ROOT . 'log.txt'); formhead(array('title' => 'Execute Program')); makehide('action', 'shell'); makeinput(array('title' => 'Program', 'name' => 'program', 'value' => $program, 'newline' => 1)); p('<p>'); makeinput(array('title' => 'Parameter', 'name' => 'parameter', 'value' => $parameter)); makeinput(array('name' => 'submit', 'class' => 'bt', 'type' => 'submit', 'value' => 'Execute'));
public function ajax_post_() { $data = $_POST; unset($data['__hash__']); $team_id = DBModel::getTeamByUser(session('userid')); $res = DBModel::updateDB('cernet_team', array('id' => $team_id), $data); if ($res != false) { echo 'success'; goback(); } else { echo 'error'; } }
function show_message_goback($msg = '') { show_message($msg); goback(0); }
<?php include "retwis.php"; # Form sanity checks if (!gt("username") || !gt("password")) { goback("You need to enter both username and password to login."); } # The form is ok, check if the username is available $username = gt("username"); $password = gt("password"); $r = redisLink(); $userid = $r->hget("users", $username); if (!$userid) { goback("Wrong username or password"); } $realpassword = $r->hget("user:{$userid}", "password"); if ($realpassword != $password) { goback("Wrong useranme or password"); } # Username / password OK, set the cookie and redirect to index.php $authsecret = $r->hget("user:{$userid}", "auth"); setcookie("auth", $authsecret, time() + 3600 * 24 * 365); header("Location: index.php");
<?php require "process.php"; if (isset($_POST['username']) and isset($_POST['password'])) { $user = $_POST['username']; $pass = $_POST['password']; $isBind = "no"; $isBind = login($user, $pass, "1", $pdo); if ($isBind) { success($user, 'student-page.php'); } else { $isBind = login($user, $pass, "2", $pdo); if ($isBind) { success($user, 'pro-page.php'); } else { $isBind = login($user, $pass, "0", $pdo); if ($isBind) { success($user, 'admin-page.php'); } else { goback("username หรือ password ไม่ถูกต้อง", "login.php"); } } } } else { goback("username หรือ password ไม่ถูกต้อง", "login.php"); }
function view_setlang() { $select = $_GET['setlang']; setcookie("_Selected_Language", $select, time() + 3600 * 24 * 365, "/"); goback(0); }
<?php include "redis.php"; # Form sanity checks if (!gt("username") || !gt("password") || !gt("password2")) { goback("Every field of the registration form is needed!"); } if (gt("password") != gt("password2")) { goback("The two password fileds don't match!"); } # The form is ok, check if the username is available $username = gt("username"); $password = gt("password"); if ($redis->get("username:{$username}:id")) { goback("Sorry the selected username is already in use."); } # Everything is ok, Register the user! $userid = $redis->incr("global:nextUserId"); $redis->set("username:{$username}:id", $userid); $redis->set("uid:{$userid}:username", $username); $redis->set("uid:{$userid}:password", $password); $authsecret = getrand(); $redis->set("uid:{$userid}:auth", $authsecret); $redis->set("auth:{$authsecret}", $userid); //set the users first value: 100 $redis->set("uid:{$userid}:value", 100); # Manage a Set with all the users, may be userful in the future //$redis->sadd("global:users",$userid); # User registered! Login this guy setcookie("auth", $authsecret, time() + 3600 * 24 * 365); //redirect here
function op_delonlineuser() { if (SSO_MODE != 'ticket') { show_message(lang('module_ban')); die; } $t = true; if (isset($_POST['delete']) && is_array($_POST['delete'])) { include_once "PassportModel.class.php"; $passport = new PassportModel(); foreach ($_POST['delete'] as $ticket) { $t *= $passport->deleteTicketById($ticket); } if ($t) { show_message_goback(lang('success')); } } show_message(lang('selectone')); goback(); }
} if ($haveUser2 == 0 || $haveUser3 == 0) { if ($haveUser2 == 0 && $haveUser3 != "" && $haveUser2 != "") { goback("สมาชิกไม่ถูกต้อง2", "cpe01.php"); die; } if ($haveUser3 == 0 && $haveUser3 != "") { goback("สมาชิกไม่ถูกต้อง3", "cpe01.php"); die; } if ($haveUser2 == 0 && $haveUser3 == 0 && $haveUser3 != "" && $haveUser2 != "") { goback("สมาชิกไม่ถูกต้อง4", "cpe01.php"); die; } if ($haveUser2 == 0 && $haveUser3 == 0) { goback("สมาชิกไม่ถูกต้อง5", "cpe01.php"); die; } // if($haveUser2 == 0) // { // goback("สมาชิกไม่ถูกต้อง6","cpe01.php"); // die(); // } // if($haveUser3 == 0) // { // goback("สมาชิกไม่ถูกต้อง7","cpe01.php"); // die(); // } } $sql_check = "SELECT ID FROM comsystem.project_status WHERE ID = '" . $std1 . "' or ID = '" . $std2 . "' or ID = '" . $std3 . "'"; $query_check = mysql_query($sql_check) or die(mysql_error());
function view_autologin() { $encrypted_data = ''; if (!empty($_GET['ticket']) && !preg_match("/[^0123456789abcdef]/i", $_GET['ticket'])) { $encrypted_data = pack("H*", $_GET['ticket']); $from = 'client'; } else { if (isset($_COOKIE['Xppass_IC_CARD']) && !empty($_COOKIE['Xppass_IC_CARD']) && !preg_match("/[^0123456789abcdef]/i", $_COOKIE['Xppass_IC_CARD'])) { $encrypted_data = pack("H*", $_COOKIE['Xppass_IC_CARD']); $from = 'user'; } } if (!empty($encrypted_data)) { $key = 'Powered by Xppass!'; $td = mcrypt_module_open('des', '', 'ecb', ''); $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); $key = substr($key, 0, mcrypt_enc_get_key_size($td)); /* Initialize encryption module for decryption */ mcrypt_generic_init($td, $key, $iv); $decrypted_data = mdecrypt_generic($td, $encrypted_data); mcrypt_generic_deinit($td); mcrypt_module_close($td); //echo "text: ".trim($decrypted_data); if (!empty($decrypted_data) && preg_match("/.*?\\|.{32}\\|.*?\\|\\d*?/ism", $decrypted_data)) { list($user, $pwd_md5, $nickname, $time) = explode("|", $decrypted_data); if ($time >= time() - 5 && $from == 'client' || $from == 'user') { include_once "PassportModel.class.php"; $passmod = new PassportModel(); $userindex = $passmod->getUser($user); if ($userindex !== false) { $user_info = $passmod->getUserById($userindex['user_id'], $user); if ($user_info['user_password'] == $pwd_md5) { if ($user_info['user_state'] == 1) { $updates['user_lastlogin_time'] = time(); $updates['user_lastlogin_ip'] = getip(); $passmod->updateUser($updates, $userindex['user_id'], $user); //login $user_info['autologin'] = 0; $this->save_online_user($user_info); //log //curl_get_content($GLOBALS ['gSiteInfo'] ['stats_site_url']."/loginlog.php?user="******"&userid=".$user ['user_id']); if (!empty($forward)) { header("location: " . $forward); } else { header("location: " . $GLOBALS['gSiteInfo']['www_site_url'] . "/index.php"); die; } } else { $msg = lang('userforbidden'); } } else { $msg = lang('pwdwrong'); } } else { $msg = lang('usernotexist'); } } else { $msg = lang('invalidurl'); } } else { $msg = lang('illegalsignon'); } } else { $msg = lang('illegalsignon'); } show_message($msg); goback(); }
<?php require "config.php"; require "process.php"; session_start(); if (!isset($_SESSION['login_user'])) { header('Location: login.php'); exit; } $sql = "SELECT nameThai,nameEng,std1,std2 FROM comsystem.createproject WHERE std1 = '" . $_SESSION['login_user'] . "' or std2 = '" . $_SESSION['login_user'] . "' or std3 = '" . $_SESSION['login_user'] . "'"; $query = mysql_query($sql) or die(mysql_error()); $rows = mysql_num_rows($query); if ($rows == 1) { goback("คุณมีข้อมูลโครงงานในระบบแล้ว", "appform.php"); die; // echo "<center><font size = '7' color='#2c3e50'>คุณมีข้อมูลโครงงานในระบบแล้ว</font><br><br><a href='appform.php'><button>BACK.</button></a><hr>"; // echo "<script>setTimeout(\"location.href = 'appform.php';\",2000);</script></center>"; } $id = $_SESSION['login_user']; $sth = $pdo->prepare("SELECT * FROM students WHERE Student_ID = :id"); $sth->bindParam(':id', $id, PDO::PARAM_STR); $sth->execute(); while ($row = $sth->fetch(PDO::FETCH_ASSOC)) { $name = $row['Name']; $email = $row['email']; $phone = $row['phone']; } ?> <html> <head> <meta charset = "utf-8">
<?php session_start(); include 'common/db.php'; if (isset($_POST['gcheck'])) { if (strtolower($_POST['gcheck']) == strtolower($_SESSION['code'])) { if (isset($_POST['content'])) { unset($_POST['gcheck']); $_POST['gtime'] = time(); $_POST['gip'] = $_SERVER['REMOTE_ADDR']; save('hnsc_guestbook', $_POST); gomsg('index.php', '留言成功'); } else { goback('留言必须填写'); } } else { goback('验证码不正确'); } }
public function meta_quiz_() { eval(ADMIN); try { $data["stat_total_once"] = xassert(safepost("stat_total_once"), Error("post")); $data["stat_pass"] = xassert(safepost("stat_pass"), Error("post")); DBModel::updateDB("cernet_quiz_meta", array("id" => 1), $data); goback(); } catch (Exception $e) { #$this->error(Error("upload"), $e->getMessage()); throw_exception($e->getMessage()); } }