function listAllCalendars(Google_Client &$client) { if (!isAuthenticated($client)) { return; } $calList = createCalendar($client)->calendarList->listCalendarList(); print "<h1>Calendar List</h1><pre>" . print_r($calList, true) . "</pre>"; }
public static function calculate() { $count = count($_SESSION['BREADCRUMBMANAGER']); if ($count > 0) { $index = -1; for ($i = 0; $i < $count; $i++) { if ($_SESSION['BREADCRUMBMANAGER'][$i]->label == $_SESSION['title']) { $index = $i + 1; break; } } if ($index >= 0) { /* Link to page already within the breadcrumb trail. */ for ($i = $count - 1; $i >= $index; $i--) { self::remove($i); } } else { /* Check to see if the parent page is the same. */ if (isset($_SESSION['parentpagename'])) { for ($i = 0; $i < $count; $i++) { if ($_SESSION['BREADCRUMBMANAGER'][$i]->page == $_SESSION['parentpagename']) { $index = $i + 1; break; } } } if ($index >= 0) { for ($i = $count - 1; $i >= $index; $i--) { self::remove($i); } } self::add($_SESSION['pagename'], $_SESSION['title']); } } else { self::add($_SESSION['pagename'], $_SESSION['title']); } if (isAuthenticated()) { if (isset($_SESSION['lastconnectiontime'])) { $lastsessiontime = time() - $_SESSION['lastconnectiontime']; /* 5 minutes. */ if ($lastsessiontime >= 300) { //Unset the variables stored in session unset($_SESSION['SESS_MEMBER_ID']); unset($_SESSION['SESS_FIRST_NAME']); unset($_SESSION['SESS_LAST_NAME']); unset($_SESSION['ROLES']); header("location: system-login-timeout.php"); } } } $_SESSION['lastconnectiontime'] = time(); }
/** * Authentication for admin users */ function authenticate() { if (!isAuthenticated()) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); echo 'Authentication Error'; echo '<pre>'; print_r($GLOBALS); echo '</pre>'; exit; } }
public static function calculate() { unset($_SESSION['BREADCRUMBMANAGER']); self::initialise(); self::add($_SESSION['pagename'], $_SESSION['title']); self::fetchParent($_SESSION['pageid']); if (isAuthenticated()) { if (isset($_SESSION['lastconnectiontime'])) { $lastsessiontime = time() - $_SESSION['lastconnectiontime']; /* 5 minutes. */ if ($lastsessiontime >= 300) { //Unset the variables stored in session unset($_SESSION['SESS_MEMBER_ID']); unset($_SESSION['SESS_FIRST_NAME']); unset($_SESSION['SESS_LAST_NAME']); unset($_SESSION['ROLES']); header("location: system-login-timeout.php"); } } } $_SESSION['lastconnectiontime'] = time(); }
function section_contact() { $obj = mysql_fetch_object(mysql_query("select text from bzl_siteconfig where name='contact'")); echo nl2br($obj->text); echo '<p><TABLE cellspacing=0 align=center><TR><TD colspan=3> <HR>Matches can be reported to any of the following:<BR><BR></td></tr>'; $roles = getRolesWithPermission('show'); $res = sqlQuery("SELECT p.id, p.callsign, r.name as level from l_player p, bzl_roles r \n WHERE r.id = p.role_id AND r.id IN (" . join(',', $roles) . ") ORDER BY level"); while ($row = mysql_fetch_object($res)) { if (++$line % 2) { $cl = "rowEven"; } else { $cl = "rowOdd"; } echo "<tr class=\"{$cl}\"><td width=40% align=right>" . htmlLink($row->callsign, 'playerinfo', "id={$row->id}") . '</td><td width=10></td><td align=left>'; if (isAuthenticated()) { echo htmlURLbutton('BZmail', 'sendmessage', "pid={$row->id}"); } echo '</td></tr>'; } echo '</table>'; }
function warnPrivatePage($from = "") { global $service_host; if (isAuthenticated()) { header("location:{$service_host}?function=join&obj1=warn"); } elseif (!empty($from)) { header("location:{$service_host}?function=signin&obj1=warn&obj2={$from}"); } else { header("location:{$service_host}?function=signin&obj1=warn"); } exit; }
<?php require_once 'system-db.php'; if (!isset($_SESSION)) { session_start(); } if (!isAuthenticated() && !endsWith($_SERVER['PHP_SELF'], "system-login.php")) { header("location: m.system-login.php?session=" . urlencode(base64_encode($_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING']))); exit; } if (!isset($_SESSION['SESS_EVENT_ID']) && (!endsWith($_SERVER['PHP_SELF'], "system-client.php") && !endsWith($_SERVER['PHP_SELF'], "system-login.php"))) { header("location: system-client.php"); exit; } //Include database connection details require_once 'system-config.php'; require_once "confirmdialog.php"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Schokolat</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=8" /> <meta name="viewport" content="initial-scale=1.0, user-scalable=no" /> <link rel="shortcut icon" href="favicon.ico"> <link href="css/m.style.css?a=3" rel="stylesheet" type="text/css" /> <!-- <link href="css/jquery-ui-1.10.3.custom.css" rel="stylesheet" type="text/css" />
function section_teaminfo() { require_once 'lib/common.php'; $s_teamid = $_SESSION['teamid']; $s_logedin = isAuthenticated(); $s_level = $_SESSION['level']; $s_playerid = $_SESSION['playerid']; $id = addslashes($_GET['id']); $res = mysql_query("SELECT name, comment, leader, logo, status, score, \n unix_timestamp(status_changed) as status_changed, unix_timestamp(created) as ucreated\n FROM l_team WHERE id='{$id}'"); $team = mysql_fetch_object($res); if (!$team) { echo '<BR><CENTER>Specified team does not exist<BR>'; return; } echo '<TABLE align=center><TR><TD>' . htmlURLbutton('Opponent summary', 'oppsumm', "id={$id}") . '</td>'; // Join this team if opened, and if we are logged and not belonging to any team if ($s_logedin && !$s_teamid && $members < 20 && $team->status == "opened") { echo '<TD>' . htmlURLbutton('Join Team', 'jointhisteam', "id={$id}") . '</td>'; } // Send a message to all the team members if ($s_logedin && $team->status != 'deleted') { echo '<TD>' . htmlURLbutton('Send BZmessage', 'sendmessage', "tid={$id}") . '</td>'; } echo '</tr></table>'; if ($team->status == 'deleted') { echo '<div class=feedback>'; if ($team->status_changed) { echo "<br><center>This team was deleted on " . gmdate('Y-m-d', $team->status_changed) . "</center>"; } else { echo "<br><center>This team is deleted.</center>"; } echo '</div>'; } echo '<BR><table align=center border=0 cellspacing=0 cellpadding=1> <tr><td class=teamName align=center>' . $team->name . '<BR></td></tr>'; // Logo if any if ($team->logo != "") { echo '<tr><td align=center> <table><TR><TD bgcolor=white><img src="' . $team->logo . '"></td></tr></table> <hr></td></tr>'; } // Ratings $act45 = teamActivity($id, 45); $act90 = teamActivity($id, 90); echo '<tr><td> <TABLE align=center> <TR><TD width=50% align=right>Created:</td><td width=10></td><td width=50%>' . gmdate('Y-m-d', $team->ucreated) . '</td></tr> <TR><TD align=right>Rating:</td><td></td><td>' . displayRating($id) . '</td></tr> <TR><TD align=right>Activity:</td><TD></td><td>' . sprintf('%1.2f / %1.2f', $act45, $act90) . '</td></tr> <TR><TD colspan=3 align=center> Average number of games played per day<BR> <NOBR>(exponential moving average over last 45 / 90 days)</nobr></td></tr>'; echo '</td></td></table></td></tr>'; // Matches statistics $sta1 = mysql_fetch_object(mysql_query("select ifnull(sum(if(score1>score2,1,0)),0) win,\n ifnull(sum(if(score1=score2,1,0)),0) draw,\n ifnull(sum(if(score1<score2,1,0)),0) loss\n from " . TBL_MATCH . " where team1={$id}")); $sta2 = mysql_fetch_object(mysql_query("select ifnull(sum(if(score2>score1,1,0)),0) win,\n ifnull(sum(if(score2=score1,1,0)),0) draw,\n ifnull(sum(if(score2<score1,1,0)),0) loss\n from " . TBL_MATCH . " where team2={$id}")); $win = $sta1->win + $sta2->win; $draw = $sta1->draw + $sta2->draw; $loss = $sta1->loss + $sta2->loss; echo "<tr><td align=center><hr>\n <table border=0 cellspacing=0 cellpadding=0 align=center><tr>\n <td align=center>Wins</td><td align=center> Draws </td><td align=center>Losses</td></tr><tr>\n <td align=center>{$win}</td><td align=center>{$draw}</td><td align=center>{$loss}</td>\n </tr></table>\n <hr></td></tr>"; // Comment if any if ($team->comment != "") { echo '<tr><td><ul>' . nl2br($team->comment) . '</ul><hr></td></tr>'; } // Players list $i = 0; if (SHOW_PLAYER_ACTIVE > 0) { $activeDays = SHOW_PLAYER_ACTIVE; } else { $activeDays = 0; } $res = mysql_query("select id, callsign, comment, status, C.flagname, \n last_login > subdate(now(), INTERVAL {$activeDays} DAY) as active\n from l_player\n left join bzl_countries C on country = C.numcode\n where team=" . $id . "\n order by active desc,callsign"); $members = 0; echo '<TR><TD><table border=0 cellspacing=0 cellpadding=0 align=center>'; while ($obj = mysql_fetch_object($res)) { $members++; if (++$i & 1) { $cl = "rowEven"; } else { $cl = "rowOdd"; } echo "<tr class='{$cl}' valign=middle>"; echo "<TD align=right><a href='index.php?link=playerinfo&id={$obj->id}'>{$obj->callsign}</a></td><TD>"; if ($obj->id == $team->leader) { echo ' <img TITLE="Team Leader" src="' . THEME_DIR . 'leader.gif">'; } echo '</td><TD>'; if ($obj->active) { echo ' <img TITLE="Active player (has logged into this site recently)" src="' . THEME_DIR . 'active.gif">'; } echo '</td><TD width=10></td>'; echo '<TD>' . smallflag($obj->flagname) . '</td>'; if ($s_logedin && (isFuncAllowed('teamadmin::edit_any_team') || $s_playerid == $team->leader)) { if ($obj->id != $team->leader) { // Link to ban a player from a team echo '<td align=center>' . htmlURLbutSmall('BAN', 'banplayer', "playerid={$obj->id}&teamid={$id}&f_ok_x=2", ADMBUT) . '</form></td></tr>'; } else { echo '<td> </td></tr>'; } } else { echo '<td> </td></tr>'; } echo "\n"; } echo '</td></tr></table>'; // Show last fights $sql = "SELECT t1.id, t1.name, f.score1, t2.id, t2.name, f.score2, f.tsactual, unix_timestamp(f.tsactual) tstamp_ts \n" . "FROM " . TBL_MATCH . " f, l_team t1, l_team t2 " . "WHERE (f.team1 = '{$id}' OR f.team2 = '{$id}') " . " AND f.team1 = t1.id " . " AND f.team2 = t2.id " . "ORDER BY f.tsactual DESC " . "LIMIT 11 "; $res = sqlQuery($sql); $tmp = ''; $count = 0; while ($row = mysql_fetch_array($res)) { $count++; if ($count < 11) { if (isset($_SESSION['last_login']) && $_SESSION['last_login'] < $row[7]) { $new1 = "<font color=\"red\">"; $new2 = "</font>"; } else { $new1 = ''; $new2 = ''; } if ($count % 2) { $cl = "rowEven"; } else { $cl = "rowOdd"; } $tmp .= "<tr class=\"{$cl}\">"; $tmp .= '<td align="right">' . $new1 . $row[6] . $new2 . '</td>'; if ($row[0] != $id) { $oppid = $row[0]; $oppname = stripslashes($row[1]); $oppscore = $row[2]; $teamscore = $row[5]; } else { $oppid = $row[3]; $oppname = stripslashes($row[4]); $oppscore = $row[5]; $teamscore = $row[2]; } $tmp .= "<td>{$new1}"; $oppname = '<a href="index.php?link=teaminfo&id=' . $oppid . '&' . SID . '">' . $new1 . $oppname . $new2 . '</a>'; if ($oppscore < $teamscore) { $tmp .= "<b>Won</b> against {$oppname}"; } elseif ($oppscore > $teamscore) { $tmp .= "<b>Lost</b> against {$oppname}"; } else { $tmp .= "<b>Tie</b> against {$oppname}"; } $tmp .= " ({$row[2]} - {$row[5]})"; $tmp .= "{$new2}</td>"; $tmp .= "</tr>\n"; } } echo '<tr>'; echo '<td align=center> <br><b>'; if ($count == 1) { echo 'Last match'; } else { if ($count == 11) { echo 'Last 10 matches, view them all <a href="index.php?link=fights&id=' . $id . '&' . SID . '">here</a>'; } elseif ($count == 0) { echo "No matches played"; } else { echo "Last {$count} matches"; } } echo '</b><BR><BR></td></tr><TR><TD>'; echo "<table align=center border=0>{$tmp}</table>"; // Or... edit your team if you are a leader or ad admin, or with a password if you are a member // Team members can't change the password, though... // Unless ofcause the team is deleted if ($team->status == 'deleted') { if ($team->status_changed) { echo "<br><center>This team is deleted as of " . gmdate('Y-m-d', $team->status_changed) . "</center>"; } else { echo "<br><center>This team is deleted.</center>"; } } else { if ($s_logedin && (isFuncAllowed('teamadmin::edit_any_team') || $s_teamid == $id)) { if (!isFuncAllowed('teamadmin::edit_any_team') && $s_playerid != $team->leader) { // Team member, need password echo '<form method=post> <input type=hidden name=link value=teamadmin> <input type=hidden name=id value=' . $id . '> <br><center>Enter team password <input type=password size=8 maxlength=8 name=f_password> and ' . htmlFormButton('Edit Team', 'f_edit_x') . ' </center></form>'; } else { $invites = sqlQuery("SELECT *, l_player.callsign FROM bzl_invites, l_player\n WHERE teamid={$id} AND expires > NOW() AND bzl_invites.playerid = l_player.id"); if (mysql_num_rows($invites) > 0) { echo '<BR><HR>Invitations currently active:<BR><TABLE>'; while ($row = mysql_fetch_object($invites)) { echo '<TR><TD width=25></td><TD>' . playerLink($row->playerid, $row->callsign) . "</td><TD width=10></td><TD>(expires: {$row->expires})</td></tr>"; } echo '</table><HR>'; } // Team leader or admin, let's go echo '<center><BR> ' . htmlURLbutton('Edit Team', 'teamadmin', "id={$id}", ADMBUT) . ' <BR> ' . htmlURLbutton('Dismiss Team', 'dismissteam', "id={$id}", ADMBUT); } } } }
function section_teams() { require_once "lib/common.php"; $s_logedin = isAuthenticated(); $s_teamid = $_SESSION['teamid']; $tacts = teamActivity(null, 45); echo '<BR>'; $res = sqlQuery("\n SELECT l_team.id, l_team.name, l_team.logo, l_team.score, \n player2.callsign leader, player2.id leaderid, \n l_team.status, count(distinct l_player.callsign) numplayers,\n l_team.active = 'yes' activeteam, l_team.matches, l_team.matches > 0 sorter\n FROM l_team, l_player player2, l_player\n WHERE player2.id = l_team.leader \n AND l_team.status != 'deleted' \n AND l_player.team = l_team.id\n GROUP BY l_team.name, l_team.leader, l_team.status, l_team.score\n ORDER BY sorter desc, activeteam desc, l_team.score desc, l_team.name"); echo "<table align=center border=0 cellspacing=0 cellpadding=2>\n <tr class=tabhead align=center>\n <td>Name</td><td>Leader</td><td colspan=2>Members</td>\n <td colspan=2>Rating</td><td>Join</td><TD>Activity</td></tr>"; $separated = 0; $rownum = 0; while ($obj = mysql_fetch_object($res)) { ++$rownum; if ($obj->activeteam == 0 && $separated == 0) { $separated = 1; echo '<tr><td align=center colspan=10><hr><b>Inactive Teams</b></td></tr>'; $rownum = 1; } if ($obj->sorter == 0 && $separated == 1) { $separated = 2; echo '<tr><td align=center colspan=10><hr><b>Did not play any match</b></td></tr>'; $rownum = 1; } if ($obj->logo != '') { $logo = '<img src="' . THEME_DIR . 'islogo.gif">'; } else { $logo = ' '; } if ($s_teamid == $obj->id) { $c = 'myteam'; } elseif ($obj->status == 'deleted') { $c = 'deletedteam'; } else { if ($rownum % 2) { $c = 'rowOdd'; } else { $c = 'rowEven'; } } echo "<TR class='{$c}' valign=middle>"; $teamname = substr($obj->name, 0, 35); $act = $tacts[$obj->id]; echo '<td><a href="index.php?link=teaminfo&id=' . $obj->id . '">' . $teamname . '</a></td> <td><a href="index.php?link=playerinfo&id=' . $obj->leaderid . '&' . SID . '">' . $obj->leader . '</a></td> <td align=center>' . $obj->numplayers . '</td><td>' . $logo . '</td> <td align=left>' . displayRating($obj->id) . '</td>'; if ($separated) { echo '<td> </td>'; } else { echo '<td align=center>(' . $obj->matches . ')</td>'; } // Print join or joinnot, not forgetting we may already belong to a team echo '<TD align=left>'; if ($s_logedin) { if (!$s_teamid) { switch ($obj->status) { case 'opened': if ($obj->numplayers < 20) { echo htmlURLbutSmall('JOIN', 'jointeam', "id={$obj->id}") . '</td>'; } else { echo ' [Closed]</td>'; } break; case 'closed': echo ' [Closed]</td>'; break; default: echo 'Deleted.</td>'; break; } } else { if ($s_teamid == $obj->id) { // if( $_SESSION['playerid'] != 2074 ) // Dont allow Admir to leave (SC request) echo htmlURLbutSmall('Abandon', 'leaveteam', "id={$obj->id}&leader={$obj->leaderid}") . '</td>'; } elseif ($obj->status == 'closed') { echo ' [Closed]</td>'; } elseif ($obj->status == 'deleted') { echo 'deleted.</td>'; } else { echo '</td>'; } } } elseif ($obj->status == 'closed') { echo ' [Closed]</td>'; } else { echo '</td>'; } $act = sprintf('%1.2f', $tacts[$obj->id]); echo "<TD align=center>{$act}</td>"; echo "</tr>"; } echo "</table>"; // Create a new team, if logged in and not a team member if ($s_logedin && !$s_teamid) { echo '<br><center> ' . htmlURLbutton('Create New Team', 'createteam', null) . '</center>'; } }
function tokenIsCorrect($token) { $username = explode(':', $token)[0]; return isAuthenticated($token, $username); }
// anders form laten zien ?> <!DOCTYPE html> <html lang="en"> <head> <title>Week 07 ajax demo</title> <link rel="stylesheet" type="text/css" href="css/style.css"/> </head> <body> <?php include 'header.php'; ?> <main> <?php if ($loginTry && !isAuthenticated()) { echo '<span class="error">Login niet succesvol. Probeer opnieuw</span>'; } ?> <form method="post" action="login.php" style="width: 450px; margin-left: auto; margin-right: auto"> <table > <tr> <td valign="top"> <label for="userid">Gebruikersnaam</label> </td> <td valign="top"> <input type="text" name="userid" maxlength="50" size="30"> </td> </tr> <tr> <td valign="top">
<?php include '../includes/config.inc.php'; include '../fcts/hiking.fct.php'; include '../fcts/event.fct.php'; include '../fcts/mail.fct.php'; $result['data'] = 'unknown'; $postdata = file_get_contents("php://input"); $request = json_decode($postdata); if (isset($request->organiserName) && isset($request->organiserPhone) && isset($request->name) && isset($request->duration) && isset($request->elevation) && isset($request->level) && isset($request->date) && isset($request->venueId) && isset($request->venueName) && isset($request->venueAddress) && isset($request->venueCity) && isset($request->latitude) && isset($request->longitude) && isset($request->numberOfPeople) && isAuthenticated()) { try { $description = templateMailContent($request->name, $request->level, $request->duration, $request->elevation, $request->venueName, $request->date, "{$request->latitude},{$request->longitude}", $request->additionalInfo, $request->link, '', $request->organiserName, $request->organiserPhone); $date = DateTime::createFromFormat('d/m/Y H:i', $request->date); $lastId = addEvent($bdd, $_SESSION['id'], $request->venueName, $request->name, $description, $request->numberOfPeople, date_format($date, 'Y-m-d H:i:s'), $request->venueId, $request->venueName, $request->venueAddress, $request->venueCity, 'FR', $request->latitude, $request->longitude); $hikingMail = "<p>Click <a href=\"http://hiking.cyril-grandjean.fr/validate-event.php?id={$lastId}\">here</a> to validate this hiking request ? :</p>{$description}"; sendHtmlEmailToAdmin($request->name, '*****@*****.**', "Hiking request " . $request->name . " by " . $_SESSION['name'], $hikingMail); $result['data'] = 'success'; } catch (Exception $e) { //header("HTTP/1.1 500 Internal Server Error"); $result['data'] = 'error'; $result['error'] = 'Exception occurred: ' + $e->getMessage(); } } else { //header("HTTP/1.1 500 Internal Server Error"); $result['data'] = 'error'; $result['error'] = 'Exception occurred: Not every required fields entered'; } echo json_encode($result);
if ($activeMenu == "index") { ?> class="active"<?php } ?> ><a href="index.php">Home</a></li> <li <?php if ($activeMenu == "create-event") { ?> class="active"<?php } ?> ><a href="create-event.php">Create event</a></li> </ul> <?php if (!isAuthenticated()) { ?> <a href="https://secure.meetup.com/oauth2/authorize?client_id=<?php echo $_CONFIG['meetupKey']; ?> &response_type=code&redirect_uri=<?php echo $_CONFIG['meetupWebsite']; ?> " class="navbar-form navbar-right"> <button type="button" class="btn btn-success">Login</button> </a> <?php } else { ?> <span class="navbar-right"> <img class="navbar-brand" alt="Icon" src="<?php
function section_playerinfo_displayPlayer(&$se) { $s_level = $_SESSION['level']; $s_logedin = isAuthenticated(); $s_playerid = $_SESSION['playerid']; $s_leader = $_SESSION['leader']; $s_teamid = $_SESSION['teamid']; $editAny = isFuncAllowed('edit_any_players'); echo '<table width=90% align=center border=0 cellspacing=0 cellpadding=1> <tr><td class=playername align=center>' . $se->callsign . '<BR><BR></td></tr>'; // Logo if any if ($se->logo != "") { echo '<tr><td align=center>' . section_playerinfo_dispLogo($se->logo, $se->logobg) . '<hr></td></tr>'; } // Bio if any if ($se->comment != "") { echo "<tr><td class=playerbio>" . nl2br($se->comment) . "<hr></td></tr>"; } // misc info .... echo '</td></tr><TR><TD><table align=center><TR><TD width=100 valign=top align=left>'; if ($se->flagname) { echo '<img src="' . FLAG_DIR . "c-{$se->flagname}.gif\">"; } echo '</td><TD><TABLE>'; // Team if any if ($se->teamname != "") { echo "<tr><td>"; if ($se->leader == $se->id) { $d = '<nobr>Leader (<img src="' . THEME_DIR . 'leader.gif">) of team</nobr>'; } else { $d = "<nobr>Member of team</nobr>"; } section_playerinfo_tab2($d, htmlLink($se->teamname, 'teaminfo', "id={$se->teamid}")); } else { echo "<tr><td align=center colspan=2>Does not belong to any team</td></tr>"; } if ($se->altnik1 || $se->altnik2) { if ($se->altnik1 && $se->altnik2) { $plural = 's'; $niks = $se->altnik1 . ', ' . $se->altnik2; } else { if ($se->altnik1) { $niks = $se->altnik1; } else { $niks = $se->altnik2; } } section_playerinfo_tab2("<nobr>Alternate callsign{$plural}</nobr>", $niks); } if ($se->countryname) { $loc = $se->countryname; if ($se->stateabbr) { $loc .= ' ('; if ($se->city) { $loc .= $se->city . ', '; } $loc .= "{$se->stateabbr})"; } section_playerinfo_tab2('Location', $loc); } if ($se->utczone || $se->zonename) { section_playerinfo_tab2('Time zone', 'GMT ' . section_playerinfo_numPlus($se->utczone) . " ({$se->zonename})"); } section_playerinfo_tab2('Site Member Since', date('Y-m-d', $se->created)); if (isset($se->last_login)) { section_playerinfo_tab2('Last login', date('Y-m-d H:i', $se->last_login)); } echo '<TR><TD colspan=2><HR></td></tr>'; if ($se->emailpub == 'Y') { section_playerinfo_tab2('email', section_playerinfo_obsMail($se->email)); } section_playerinfo_tab2('AIM', $se->aim); section_playerinfo_tab2('IRC', $se->ircnik1); section_playerinfo_tab2('ICQ', $se->icq); section_playerinfo_tab2('YIM', $se->yim); section_playerinfo_tab2('MSM', $se->msm); section_playerinfo_tab2('Jabber', $se->jabber); echo '</table></td><TD width=50></td></tr></table></tr>'; // Frequentation statistics if ($se->status != 'deleted') { echo '<tr><td><BR><BR>'; section_playerinfo_Frequentation($se->id); echo '<BR></td></tr>'; } if ($se->status != 'deleted') { // Send a message to this player (but not to myself!) if ($s_logedin && $s_playerid != $se->id) { echo '<tr><td><hr></td></tr><tr align=center><td><TABLE><TR><TD>' . htmlURLbutton('SEND BZmessage', 'sendmessage', "pid={$se->id}"); // If I am a team leader, and my team is not full, I can invite him if (isAuthenticated() && $_SESSION['leader']) { // Check if my team full $team = mysql_fetch_object(mysql_query("select count(*) as num from l_player where team={$s_teamid}")); if ($team->num < 20) { $mytn = queryGetTeamName($s_teamid); echo '<TD width=5></td><TD>' . htmlURLbutton("INVITE to {$mytn}", 'invite', "id={$se->id}") . '</td>'; } } echo '</tr></table></td></tr>'; } // Administrators and owner can edit a player if ($s_logedin && ($editAny || $s_playerid == $se->id)) { if ($editAny && $s_playerid != $se->id) { $class = ADMBUT; } echo '<tr><td align=center><hr><TABLE><TR><TD>' . htmlURLbutton('Edit Profile', 'playeradmin', "id={$se->id}&edt_st=1", $class); if (isFuncAllowed('visitlog::visit_log')) { echo '</td><TD width=5></td><TD>' . htmlURLbutton('Visits', 'visitlog', "id={$se->id}", ADMBUT); } if (isFuncAllowed('deleteplayer::delete_player') && $se->role_id != ADMIN_PERMISSION) { echo '</td><TD width=5></td><TD>' . htmlURLbutton('DELETE Player', 'deleteplayer', "id={$se->id}", ADMBUT); } echo '</td></tr></table></td></tr>'; } } echo "</table>"; }
public static function calculate() { if (isAuthenticated()) { if (isset($_SESSION['lastconnectiontime'])) { $lastsessiontime = time() - $_SESSION['lastconnectiontime']; } } $_SESSION['lastconnectiontime'] = time(); }
require_once "{$TOPDIR}/lib/functions.php"; require_once "{$TOPDIR}/lib/jsonwrapper.php"; session_start(); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); if (isset($_REQUEST["password"])) { // Clear data from session $_SESSION = array(); // Zap existing session entirely session_regenerate_id(true); setpassword($_REQUEST["password"]); // Invalid password $_SESSION["xcatpassvalid"] = -1; } if (isset($_REQUEST["username"])) { $_SESSION["username"] = $_REQUEST["username"]; // Invalid user name $_SESSION["xcatpassvalid"] = -1; } $jdata = array(); if (isAuthenticated() && isRootAcess()) { $jdata["authenticated"] = "yes"; } else { $jdata["authenticated"] = "no"; } echo json_encode($jdata); ?>
function isOpenIDAccount($email = null) { if ($email == null) { if (!isAuthenticated() || !isset($_SESSION['valid_user'])) { die("Error No 30342"); } $db = AccessDB(); $login = mysql_real_escape_string($_SESSION['valid_user']); $sql = "SELECT openid FROM members WHERE member_login='******';"; } else { $db = AccessDB(); $email = mysql_real_escape_string($email); $sql = "SELECT openid FROM members WHERE email='{$email}';"; } $res = $db->getOne($sql); return $res == 'yes' ? true : false; }
// authenticate if (isAuthenticated() == 1) { // check if we are locked if ($cfg["webapp_locked"] == 1) { // only superadmin can login when we are locked if (!IsSuperAdmin()) { @header('location: locked.php'); exit; } } } else { // try to auth with supplied credentials $credentials = getCredentials(); if ($credentials !== false) { if (performAuthentication($credentials['username'], $credentials['password'], $credentials['md5pass']) == 1) { if (isAuthenticated() != 1) { @header('location: login.php'); exit; } $currentUser = $cfg["user"]; // check if we are locked if ($cfg["webapp_locked"] == 1) { // only superadmin can login when we are locked if (!IsSuperAdmin()) { @header('location: locked.php'); exit; } } } else { @header('location: login.php'); exit;
<header> <div id="menu"> <?php include_once 'userstorage.php'; // Trucje om de huidige pagina te bepalen // Met de huidige pagina bedoel ik de naam van het (php) bestand dat op dit moment wordt 'uitgevoerd' // de functie basename haalt de naam van het bestand uit een pad met eventuele subfolders $page = basename($_SERVER["PHP_SELF"]); // Definieer het menu in een array (elk menu item is ook weer een array) $menu_items = array(array("Name" => "Home", "URL" => "index.php"), array("Name" => "Opgave 1", "URL" => "pagina1.php"), array("Name" => "Opgave 2", "URL" => "pagina2.php"), array("Name" => "Opgave 3", "URL" => "pagina3.php"), array("Name" => "Opgave 4", "URL" => "pagina4.php"), array("Name" => "Opgave 5", "URL" => "pagina5.php")); if (isAuthenticated()) { $menu_items[] = array("Name" => "Registreren", "URL" => "register.php"); } // Render het menu met een for-each loop echo '<ul class="menu">'; foreach ($menu_items as $menu_item) { // Bepaal de (CSS) class van dit item $class = "menu_item"; if ($menu_item["URL"] === $page) { $class = "menu_item active"; } echo ' '; // wat spaties voor de netheid echo '<li class="' . $class . '">'; // li element echo '<a href="' . $menu_item['URL'] . '">' . $menu_item['Name'] . '</a>'; // a-element echo "</li>\n"; } echo " </ul>"; ?>
function logout() { start_db(); if (isAuthenticated()) { $qry = "UPDATE {$_SESSION['DB_PREFIX']}loginaudit SET " . "timeoff = NOW(), metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE id = " . $_SESSION['SESS_LOGIN_AUDIT'] . ""; $result = mysql_query($qry); } session_unset(); $_SESSION['ROLES'][] = 'PUBLIC'; }
function section_messages() { $vars = array('del', 'delbulk', 'checknum', 'read', 'link', 'read'); foreach ($vars as $var) { ${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var]; } echo '<BR>'; if (isAuthenticated()) { $_SESSION['last_msg_read_ts'] = time(); $_SESSION['new_mail'] = 0; if (isset($del)) { mysql_query("delete from l_message\n where msgid={$del}\n and toid={$_SESSION['playerid']}"); } if (isset($delbulk)) { $numdel = 0; for ($i = 0; $i < $checknum; $i++) { $delid = $_POST["del" . $i]; if (isset($delid)) { $numdel++; mysql_query("delete from l_message where msgid={$delid} and toid={$_SESSION['playerid']}"); } } if ($numdel != 1) { $esse = 's'; } else { $esse = ''; } echo "<center>Deleted {$numdel} message{$esse}.</center><BR>"; } if (isset($read)) { // Display one message $res = sqlQuery("select l_player.callsign sender, l_message.status as msgstat, fromid, datesent, subject, msg, htmlok, l_message.team\n from l_message\n left join l_player\n on id = fromid\n where toid={$_SESSION['playerid']}\n and msgid={$read}"); if (mysql_num_rows($res) == 0) { return errorPage('no messages found'); } else { // Display the message $msg = mysql_fetch_object($res); echo '<table width=80% align=center border=0 cellspacing=0 cellpadding=1> <tr class=tabhead><td align=right width=10><nobr>Date sent:</nobr></td><TD width=6></td><TD>' . $msg->datesent . '</td></tr>'; if ($msg->sender == '') { // Administrative message echo '<tr class=tabhead><td align=right>From: </td><TD></td><TD><b>CTF League System</b></td></tr>'; } else { echo '<tr class=tabhead><td align=right>From: </td><TD></td><TD><a href="index.php?link=playerinfo&id=' . $msg->fromid . '&' . SID . '">' . $msg->sender . '</a></td></tr>'; } if ($msg->subject == '') { $subject = 'No subject'; } else { $subject = stripslashes($msg->subject); } echo '<tr class=tabhead><td align=right>Subject:</td><TD></td><TD>' . wordwrap(htmlentities($subject), 40, '<br>') . '</td></tr>'; echo '<tr><td align=right valign=top><BR>Message:</td><TD></td><TD><BR><TABLE width=100% cellpadding=10 style="border: solid 1px"><TR><TD>'; if ($msg->sender == '' || $msg->htmlok > 0) { // if admin message, allow html echo nl2br($msg->msg); } else { echo nl2br(htmlentities($msg->msg)); } echo '</td></tr></table></td></tr></table>'; if ($msg->msgstat == 'new') { --$_SESSION['mail_unread']; // Set message as read mysql_query("update l_message set status='read' where msgid={$read}"); } // Display buttons: delete goback reply echo '<br><TABLE align=center><TR valign=top>'; // Can't reply to administrative messages if ($msg->sender != '') { echo '<TD><form method=post action="index.php">' . SID_FORM; echo '<input type=hidden name=link value=sendmessage>'; echo '<input type=hidden name=pid value=' . $msg->fromid . '>'; echo '<input type=hidden name=toteam value="' . $msg->team . '">'; echo '<input type=hidden name=reply value=1>'; echo '<input type=hidden name=mid value=' . $read . '>'; echo htmlFormButton('Reply', 'reply_direct') . '</td>'; if ($msg->team == 'yes') { echo '<td width=10></td><td>' . htmlFormButton('Reply To Team', 'reply_team') . '</td>'; } echo '</form><TD width=10></td>'; } echo '<TD>' . htmlURLbutton('Delete', 'messages', "del={$read}") . '</td><TD width=10></td><TD>' . htmlURLbutton('Back', 'messages', null, CLRBUT) . '</td></tr></table>'; } } else { // Display all messages $res = mysql_query("select msgid, l_player.callsign sender, fromid, datesent, \n subject, l_message.status, l_message.team\n from l_message left join l_player on id = fromid\n where toid={$_SESSION['playerid']} order by datesent desc"); echo '<div class=checkbox>'; if (mysql_num_rows($res) == 0) { echo "<center>You don't have any message to read.</center>"; } else { echo '<script type="text/javascript"> function checkAll (form, checkallcheckbox) { for (i = 0; i < form.elements.length; i++) if (form.elements[i].type == "checkbox"){ form.elements[i].checked = checkallcheckbox.checked; } } </script>'; echo '<form name="myform" method=post>' . SID_FORM . '<table border=0 align=center cellspacing=0 cellpadding=1> <tr class=tabhead><td><input type="checkbox" name="CheckAll" value="Check All" onClick="checkAll(document.myform, document.myform.CheckAll)"</td><td>Date sent </td> <td>Subject </td><td width=5></td><td>From</td></tr>'; $checknum = 0; $rownum = 0; while ($msg = mysql_fetch_object($res)) { $cl = ++$rownum % 2 ? 'rowOdd' : 'rowEven'; echo "\n<tr class={$cl} valign=top><td>"; // Display checkbox for deleting message echo '<input class=checkbox type=checkbox name=del' . $checknum . ' value=' . $msg->msgid . '> '; $checknum++; // New messages are bold, so we prepare some stuff $bb = ''; $be = ''; switch ($msg->status) { case 'new': echo '<img src="' . THEME_DIR . 'msgnew.gif">'; $bb = '<b>'; $be = '</b>'; break; case 'read': echo '<img src="' . THEME_DIR . 'msgread.gif">'; break; case 'replied': echo '<img src="' . THEME_DIR . 'msgreplied.gif">'; break; } if ($msg->team == 'yes') { echo '<img src="' . THEME_DIR . '/team.gif">'; } echo '</td><td><font size=-2>' . $bb . $msg->datesent . $be . '</font> </td>'; if ($msg->subject == '') { $subject = 'No subject'; } else { $subject = stripslashes($msg->subject); } echo "<TD>{$bb}" . htmlLink(wordwrap($subject, 40, '<br>'), 'messages', "read={$msg->msgid}", $bb ? LINK_NEW : null) . "</a>{$be}</td><TD></td>"; if ($msg->sender == '') { // Administrative message echo '<td> <b>CTF League System</b></td></tr>'; } else { echo '<td> <a href="index.php?link=playerinfo&id=' . $msg->fromid . '&' . SID . '">' . $msg->sender . '</a></td></tr>'; } } echo '</table><br> </div> <center>' . htmlFormButton('Delete Checked', 'delbulk') . '<input type=hidden name=link value="messages"> <input type=hidden name=checknum value=' . $checknum . ' </center></form>'; } } } else { errorPage('You are not allowed to view the messages'); } }
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Mobile Assistant Connector. If not, see <http://www.gnu.org/licenses/>. * * @author eMagicOne <*****@*****.**> * @copyright 2014-2015 eMagicOne * @license http://www.gnu.org/licenses GNU General Public License */ require_once '../../../config/config.inc.php'; include_once 'functions.php'; $key = Tools::getValue('key'); $function = Tools::getValue('call_function'); $push_ids = Tools::getValue('push_ids'); $value = Tools::getValue('value'); if (!isAuthenticated($key)) { die(Tools::jsonEncode('Authentication error')); } if ($function && function_exists($function)) { if ($function == 'changeStatus') { echo changeStatus($push_ids, $value); } elseif ($function == 'deleteDevice') { echo deleteDevice($push_ids); } else { echo call_user_func($function); } } else { die(Tools::jsonEncode('error')); } function isAuthenticated($key) {
return false; } else { if ($post["apikey"] == null || $post["apisecret"] == null || !preg_match("/^[a-zA-Z0-9]+\$/", $post["apikey"])) { return false; } global $wpdb; $sql = "SELECT COUNT(id) as total FROM " . MM_TABLE_API_KEYS . " WHERE "; $sql .= "api_key=%s AND api_secret=%s AND status='1';"; $row = $wpdb->get_row($wpdb->prepare($sql, $post["apikey"], $post["apisecret"])); if (is_object($row)) { return $row->total > 0; } } return true; } if (!isAuthenticated($_POST)) { error_log("Access Denied to report data generator"); exit; } if (!isset($_POST['cacheId']) || empty($_POST['cacheId'])) { echo "Invalid cache id"; exit; } // Send connection close to allow the caller to continue processing // ---------------------------------------------------------------- MM_ConnectionUtils::closeConnectionAndContinueProcessing(); // Set operating parameters // ---------------------------------------------------------------- $maxExecutionTime = 300; //in seconds $cacheId = $_POST['cacheId'];
<body> <?php /* Importando classes e bibliotecas. */ require_once '../includes/functions.php'; require_once '../includes/conexao.class.php'; /* Retomando a sessão. */ session_start(); /* Testando se o usuário está autenticado. */ if (isAuthenticated() == false) { echo "<p class='error_message'>Por favor, efetue o login.</p>"; exit; } elseif (hasPermission($_SESSION['id'], 'Admin') == false) { echo "<p class='error_message'>Você não possui privilégios para acessar esta área.</p>"; exit; } /* Verifica se a configuração de log está ligada ou desligada. Se estiver ligada, ele irá fazer uso da função logAction. */ /*$c = new conexao; $c->set_charset('utf8'); $q = "SELECT * FROM configuracoes WHERE opcao = 'log';"; $r = $c->query($q); $log = $r->fetch_object();
<?php include '../includes/config.inc.php'; include '../includes/settings.inc.php'; include '../fcts/hiking.fct.php'; include '../fcts/restclient.class.php'; include '../fcts/event.fct.php'; //If the user is logged and the event id is set if (isAuthenticated() && $_SESSION['id'] == $GLOBALS['organiserId'] && isset($_GET['id'])) { $event = readEventId($bdd, $_GET['id']); $venueId = $event['venueId']; $accessData = array("access_token" => $_SESSION['access_token']); $rest = new RestClient(); if ($event['venueId'] == 0) { $venueData = array("name" => $event['venueName'], "address_1" => $event['venueAddress'], "city" => $event['venueCity'], "country" => $event['venueCountry']); $data = $rest->setUrl('https://api.meetup.com/' . $GLOBALS['group_urlname'] . '/venues')->post($venueData, $accessData); $venueId = $data['id']; } $eventData = array("name" => $event['name'], "group_id" => $GLOBALS['group_id'], "group_urlname" => $GLOBALS['group_urlname'], "description" => $event['description'], "event_hosts" => $event['event_organiser'], "rsvp_limit" => $event['rsvp_limit'], "how_to_find_us" => $event['how_to_find_us'], "time" => strtotime($event['time']) * 1000, "venue_id" => $venueId); $data = $rest->setUrl('https://api.meetup.com/2/event')->post($eventData, $accessData); } else { header("HTTP/1.1 403 Access denied"); echo 'Access denied'; }
/** * Retourneert de gebruikersnaam van de geauthentiseerde gebruiker, anders een * waarschuwingsbericht. * @return e gebruikersnaam van de geauthentiseerde gebruiker, anders een * waarschuwingsbericht. */ function getAuthenticatedUsername() { if (!isAuthenticated()) { return "<USER NOT AUTHENTICATED>"; } return $_SESSION['username']; }
function section_login() { $vars = array('f_ok', 'f_call', 'f_pass', 'link'); foreach ($vars as $var) { ${$var} = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var]; } echo '<BR>'; if ($f_ok) { // Check the password $res = mysql_query("select p.id, p.callsign, p.password, p.md5password, \n unix_timestamp(p.last_login) as last_login, p.utczone, p.country\n from l_player p,bzl_roles r where p.role_id = r.id AND p.callsign='" . addSlashes($f_call) . "'"); if (mysql_num_rows($res) != 0) { $obj = mysql_fetch_object($res); // Check MD5 password, or password, and do the conversion $cyphermd5 = md5($f_pass); // Do check the password if ($obj->md5password == '') { $cypher = crypt($f_pass, substr($obj->password, 0, 2)); if ($cypher == $obj->password) { $idsuccess = 1; // Update MD5 password in database mysql_query("update l_player set md5password='******' where id=" . $obj->id); } else { $idsuccess = 0; } } else { if ($cyphermd5 == $obj->md5password) { $idsuccess = 1; } else { $idsuccess = 0; } } if ($idsuccess == 1) { // Logged in! // Insert an entry into the statistics table if (!$obj->country || $obj->country <= 0) { $_SESSION['required'] = true; } $gmnow = gmdate("Y-m-d H:i:s"); sqlQuery('insert into ' . TBL_VISITS . " (ts, pid, ip) \n values ('{$gmnow}', {$obj->id}, '{$_SERVER['REMOTE_ADDR']}')"); if (!isset($obj->utczone)) { $uz = 0 - $_POST['tzoffset'] / 60; sqlQuery("update l_player set utczone={$uz} where id={$obj->id}"); } $now = gmdate("Y-m-d H:i:s"); mysql_query("UPDATE l_player SET last_login='******' WHERE id=" . $obj->id); $_SESSION['playerid'] = $obj->id; $_SESSION['callsign'] = $obj->callsign; $_SESSION['last_login'] = $obj->last_login; $_SESSION['seqnum'] = 1; session_refresh(); // refresh cookie for 60 days ... setcookie('themename', THEME_NAME, time() + 60 * 60 * 24 * 60, '/'); } } } if ($f_ok and $idsuccess == 0) { // Unknown callsign echo "<div class=error><CENTER>Wrong callsign or password</div>"; $gmnow = gmdate("Y-m-d H:i:s"); sqlQuery("INSERT INTO l_badpass (gmtime, ip, name) VALUES ('{$gmnow}', '{$_SERVER['REMOTE_ADDR']}', '{$f_call}')"); sleep(2); // deter script-kiddies } if (isAuthenticated()) { echo '<center>Welcome back, <a href="index.php?link=playerinfo&id=' . $_SESSION['playerid'] . '&' . SID . '">' . $_SESSION['callsign'] . '</a><br><br>'; if ($_SESSION['teamid'] == 0) { echo "You don't belong to any team. What are you waiting for? ;-)"; } else { // Get team name $obj = mysql_fetch_object(mysql_query("select name from l_team where id=" . $_SESSION['teamid'])); echo 'You are a member of the magnificent <a href="index.php?link=teaminfo&id=' . $_SESSION['teamid'] . '&' . SID . '">' . $obj->name . '</a> team.'; } echo '<br><br><form method=post>' . SID_FORM . htmlFormButton("Log Out", 'logout_x') . ' </form></center>'; } else { echo '<form name="login" method=post>' . SID_FORM . ' <table align=center border=0 cellspacing=0 cellpadding=1> <input type=hidden name=link value=' . $link . '>'; echo '<tr><td>Callsign:</td><td><input type=text name=f_call value="' . $f_call . '" size=40 maxlength=40></td></tr> <tr><td>Password:</td><td><input type=password name=f_pass size=8 maxlength=8></td></tr> <tr><td colspan=2 align=center><BR> ' . htmlFormButton("Login", 'f_ok') . ' </td></tr> </table></form>'; echo '<script type="text/javascript"> if(document.login.f_call.value.length == 0) document.login.f_call.focus(); else document.login.f_pass.focus(); now = new Date(); document.write ("<input type=hidden name=tzoffset value=" + now.getTimezoneOffset() +">"); </script>'; } }