public function calcNearUser()
{
$this->load->model('item_model', 'items');
$newUserId = $this->items->newUserId();
$point = array(5, 3);
$j = 0;
for ($i = 1; $i < 11; $i++) {
if (isset($_POST[$i])) {
$this->items->newLikeCheck($newUserId, $_POST[$i], $point[$j]);
$j++;
}
}
$max = 0.0;
for ($i = 1; $i < $newUserId; $i++) {
if (isUser($i)) {
$num = distanceUsers(evalUsers($i, $newUserId));
if ($num > $max) {
$max = $num;
$nearUserId = $i;
}
}
}
$data['newUserId'] = $newUserId;
$data['recommendItem'] = $this->items->getRecommendItem($nearUserId, $newUserId);
$this->load->view('items/recommend', $data);
}
function userLogin()
{
global $user, $dataDir;
session_start();
if (isset($_REQUEST['schoolId'])) {
$schoolId = $_REQUEST['schoolId'];
$password = $_REQUEST['password'];
$_SESSION['schoolId'] = $schoolId;
$_SESSION['password'] = $password;
} else {
$schoolId = $_SESSION['schoolId'];
$password = $_SESSION['password'];
}
if (!isUser($schoolId)) {
$user = false;
return false;
}
$userFile = $dataDir . '/users/' . $schoolId . '.dat';
$account = unserialize(file_get_contents($userFile));
if ($account['password'] == md5($password)) {
$studentInfo = array_merge($account, getStudentInfo($schoolId));
$user = $studentInfo;
} else {
$user = false;
}
return $user;
}
public function matches($host)
{
if (isUser($host)) {
return fnmatch($this->mask, $host->getFullMask()) || fnmatch($this->mask, $host->getFullIpMask());
} else {
return fnmatch($this->mask, $host);
}
}
public function login()
{
require 'camfoxconfig.php';
$username = $_REQUEST['username'];
$password = $_REQUEST['userpassword'];
$id = isUser($username, $password);
if ($id > 0) {
$last_login = get_last_login($id);
$_SESSION['user_id'] = $id;
//$_SESSION['last_login'] = $last_login;
update_last_login_date($id);
$user = checkUserAvailableEvents($_SESSION['user_id']);
if ($user == 0) {
insertUserintoEvents($_SESSION['user_id']);
} else {
updateUserinEvents($_SESSION['user_id']);
}
$_SESSION['new_event_count'] = $user[3];
$_SESSION['last_login'] = $user[2];
/* $email_id=getUserEmailById($id);
//echo $email_id;
$_SESSION['email_id'] = $email_id;
$_SESSION['user_id'] = $id;
$username = $_SESSION['email_id'];
/* if(in_array($email_id,$hr_email))
header("Location:hr_panel.php");
else
header("Location:home.php"); */
/* $pending_requests=get_my_pending_requests($_SESSION['email_id']);
if((isset($_SESSION['first_time']) && $_SESSION['first_time'] =='yes') || $pending_requests == null || !is_approver($_SESSION['email_id']))
{
$status=0;
}
else
{
$status=1;
$_SESSION['first_time']='yes';
}
if(in_array($email_id,$hr_email))
$this->http_response(2,200);
else
$this->http_response(1,200);
*/
$this->http_response($id, 200);
} else {
$message = "Incorrect Credentials";
$username = $_POST['username'];
$password = $_POST['password'];
// header("Location:index.php?error=$message&username=$username&password=$password");
$this->http_response(0, 200);
}
}
function replaceTemplateValues($string, $siteid, $page_title)
{
$db = Database::obtain();
$sql = "SELECT * FROM " . TABLE_WEBSITES . "\n\t\t\t\t\tWHERE `id` =" . $siteid . "";
$websitedata = $db->query_first($sql);
$website_template = $websitedata['website_template'];
$website_protect_value = $websitedata['website_protect'];
$website_name = $websitedata['website_name'];
$meta_description = $websitedata['website_description'];
$meta_keywords = $websitedata['website_keywords'];
$creator_name = $websitedata['creator_name'];
$creator_website = $websitedata['creator_website'];
$website_template = $websitedata['website_template'];
$default_file_extension = '.html';
if (isUser($_SESSION['userid']) or isActive($_SESSION['userid']) == false) {
$website_footer = MSG00010 . ' <a href ="' . szUrl() . '" >' . szName() . '</a> - ' . MSG00082 . ' ' . szYear() . ' ' . $website_name . '. ' . MSG00057 . ' ';
} else {
$website_footer = MSG00009 . ' <a href="http://' . $creator_website . '" target="_blank" alt="' . $creator_name . '" title="' . $creator_name . '">' . $creator_name . '</a> - ' . MSG00082 . ' ' . szYear() . ' ' . $website_name . '. ' . MSG00057 . ' ';
}
$meta_generator_name = szName();
$meta_language = szLanguage();
if ($website_protect_value == '1') {
$website_protect = protectSite();
} else {
$website_protect = '';
}
$website_header = '
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>' . $page_title . ' - ' . $website_name . '</title>
<meta name="description" content="' . $meta_description . '">
<meta name="keywords" content="' . $meta_keywords . '">
<meta http-equiv="Copyright" content="' . $website_name . '" />
<meta name="generator" content="' . $meta_generator_name . '" />
<meta http-equiv="content-language" content="' . $meta_language . '" />
<meta name="robots" content="index, follow" />
<link rel="shortcut icon" href="favicon.ico"/>
<link href="sitezilla.css" rel="stylesheet" type="text/css">
<link href="templates/' . $website_template . '/style.css" rel="stylesheet" type="text/css">
' . ie6Css($website_template) . ie7Css($website_template) . $website_protect . '';
$webauthor = getAuthor($website_template);
if ($webauthor == MSG00007) {
$author = '';
} else {
if (strlen(stristr($webauthor, szCompany())) > 0) {
$author = '';
} else {
$author = ' ' . MSG00008 . ' ' . $webauthor;
}
}
$placeholders = array('WEBSITE_HEADER', 'WEBSITE_NAME', 'WEBSITE_FOOTER', 'TEMPLATE_AUTHOR');
$new_vals = array($website_header, '<a href="index' . $default_file_extension . '" alt="' . $website_name . '" title="' . $website_name . '">' . $website_name . '</a>', $website_footer, $author);
$newString = str_replace($placeholders, $new_vals, $string);
return $newString;
}
function addBanned($conn, $banned, $channelname, $channelowner)
{
global $error, $error_message;
if (isUser($conn, $banned)) {
$sql = "INSERT INTO channel_banned (cb_username, cb_chname, cb_chowner) \n VALUES (\"" . $banned . "\", \"" . $channelname . "\", \"" . $channelowner . "\");";
if (!$conn->query($sql)) {
$error = true;
$error_message = "User is already banned";
}
} else {
$error = true;
$error_message = "User does not exist";
}
}
function addViewer($conn, $viewer, $channelname, $channelowner)
{
global $error, $error_message;
if (isUser($conn, $viewer)) {
$sql = "INSERT INTO private_view_channels (prv_username, prv_chname, prv_chowner) \n VALUES (\"" . $viewer . "\", \"" . $channelname . "\", \"" . $channelowner . "\");";
if (!$conn->query($sql)) {
$error = true;
$error_message = "User is already a viewer";
}
} else {
$error = true;
$error_message = "User does not exist";
}
}
function addModerator($conn, $moderator, $channelname, $channelowner)
{
global $error, $error_message;
if (isUser($conn, $moderator)) {
$sql = "INSERT INTO channelmods (cm_username, cm_chname, cm_chowner) \n\t\t\t\tVALUES (\"" . $moderator . "\", \"" . $channelname . "\", \"" . $channelowner . "\");";
if (!$conn->query($sql)) {
$error = true;
$error_message = "User is already a moderator";
}
} else {
$error = true;
$error_message = "User does not exist";
}
}
function getUserLevel($user_obj)
{
$acct_id = $user_obj;
if (is_object($user_obj) && isUser($user_obj)) {
if (!$user_obj->isLoggedIn()) {
return 0;
}
$acct_id = $user_obj->getAccountId();
}
$res = db_query("select `level` from `ss_admins` where user_id = " . $acct_id);
if ($res && mysql_num_rows($res) > 0) {
$level = mysql_result($res, 0);
mysql_free_result($res);
return $level;
}
return 0;
}
function deleteCandidate($user = NULL, $type = 'all')
{
/**
* SERVICE for deleting the information of the $user stored into the CER database
* If $type != "all", it deletes just the requested type
* @author Germán Sánchez (GREC-ESADE), Collage
* @version june 2014
*/
global $debugar, $token;
//$output = 'User to delete: '.$user.'.';
$userToDelete = null;
// Check if the authenticated user is the same as the one to be deleted or
// if the user has admin privileges.
$credentials = checkTokenESB($token);
if (isUser($credentials)) {
$username = $credentials['username'];
if ($debugar) {
echo 'deleteCandidate: username <strong>"' . $username . '"</strong> (role "' . $credentials['role'] . '") wants to delete profile of candidate "<strong>' . $user . '</strong>"!<br />' . "\n";
}
if ($user == $username) {
$userToDelete = $user;
} else {
if ($debugar) {
echo 'deleteCandidate: WARNING, usernames do not match.<br />' . "\n";
}
if (isAdmin($credentials)) {
$userToDelete = $user;
}
}
}
if ($userToDelete != null) {
// Check the existence of the user
if (!isCandidate($userToDelete)) {
if ($debugar) {
echo 'deleteCandidate: KO, although the user has permision, the candidate "' . $userToDelete . '" does not exist! Response:' . "\n";
}
$output[] = array('errorNumber' => 3, 'errorText' => 'Candidate to delete does not exist.');
echo json_encode($output);
}
$txtType = '';
if ($type != 'all') {
$txtType = '(part ' . $type . ') ';
}
if ($debugar) {
echo 'deleteCandidate: OK, profile of candidate "' . $userToDelete . '" would be deleted.<br />' . "\n";
}
$output[] = array('infoNumber' => 2, 'infoText' => 'Profile ' . $txtType . 'of candidate ' . $userToDelete . ' would be deleted (username ' . $username . ').');
$output = json_encode($output);
}
return $output;
}
<?php
$rq = true;
require './system/system_config.php';
if (isUser($config_db_accounts) === true) {
header("Location: {$config_domain}");
}
$msg = '';
if (isset($_POST['submit'])) {
if (!isset($_POST['username'])) {
$msg = 'No username entered!';
} elseif (!isset($_POST['email'])) {
$msg = 'No email entered!';
} elseif (!isset($_POST['password'])) {
$msg = 'No password entered!';
} elseif (!isset($_POST['repeat'])) {
$msg = 'Password not repeated!';
} else {
$username = security($_POST['username']);
$email = security($_POST['email']);
$password = encrypy(security($_POST['password']));
$repeat = encrypy(security($_POST['repeat']));
$Function_Query1 = mysql_query("SELECT email FROM {$config_db_accounts} WHERE email='{$email}'");
$Function_Query2 = mysql_query("SELECT username FROM {$config_db_accounts} WHERE username='******'");
if ($password !== $repeat) {
$msg = 'Passwords did not match!';
} elseif ($config_registrations !== true) {
$msg = 'Registration is disabled.';
} elseif (validate_email($email) !== true) {
$msg = 'Invalid email entered!';
} elseif (validate_username($username) !== true) {
<?php
require_once 'DBaccess.php';
require_once 'functions.php';
session_start();
$recommendee_id = $_SESSION['user_id'];
unset($_SESSION);
$max = 0.0;
for ($i = 1; $i < $recommendee_id; $i++) {
if (isUser($i)) {
$num = distanceUsers(evalUsers($i, $recommendee_id));
if ($num > $max) {
$max = $num;
$nearUserId = $i;
}
}
}
$sql = sprintf('SELECT item_id FROM likes WHERE user_id=%d', r($recommendee_id));
$recordRecommendeeLikes = mysql_query($sql) or die(mysql_error());
$recommendeeLikesArray = array();
$i = 0;
while ($recommendeeLikes = f($recordRecommendeeLikes)) {
$recommendeeLikesArray[$i] = $recommendeeLikes['item_id'];
$i++;
}
$sql = sprintf('SELECT i.* FROM likes l, items i WHERE l.user_id=%d AND l.item_id=i.id AND i.id != %d AND i.id != %d', r($nearUserId), r($recommendeeLikesArray[0]), r($recommendeeLikesArray[1]));
$recordRecommendItem = mysql_query($sql) or die(mysql_error());
$RecommendItem = f($recordRecommendItem);
?>
<!DOCTYPE html>
<html lang="ja">
<div class="container no-print">
<div class="well">
<H2>
Welcome <?php
echo getName();
?>
to ePinkies2.
</H2>
<H4>Here you will be able view a pinkie object. Then if it is submitted to you, you can approve it and send it to the next person. If you reject it, it will go back to the previous person from you.</H4>
<!-- Back to Home button. -->
<a href="./home.php" class="btn btn-success" role="button"><span class="glyphicon glyphicon-home"></span> Back to Home</a>
</div>
</div>
<?php
if (isUser()) {
?>
<form class="form-horizontal" role="form" action="onUserSubmit.php" method="POST" name="viewPinkieForm" id="viewPinkieForm" >
<?php
}
?>
<?php
if (isSuper()) {
?>
<form class="form-horizontal" role="form" action="onSuperSubmit.php" method="POST" name="viewPinkieForm" id="viewPinkieForm" >
<?php
}
?>
<?php
if (isAdmin()) {
?>
// Start out expecting good info, then be proven wrong about that.
$status = TRUE;
// Set up a message string to send back to the calling page.
$msg = NULL;
// If we got a uname (required), continue validating and building
// up the variables that will hold the user info.
if (isset($_POST['uname']) && $_POST['uname'] != NULL) {
$inName = htmlspecialchars($_POST['uname']);
// Did we get a password? If so, use it.
if (isset($_POST['pword']) && $_POST['pword'] != NULL) {
// I can't imagine why this would need htmlspecialchars()...
$inPword = $_POST['pword'];
// Connect to the database (dbConnect() is in functions.php).
$db = dbConnect();
// A valid user? (isUser() is in functions.php)
if (isUser($inName, $inPword, $db) == 0) {
$msg = "Invalid username or password. Try again.";
$status = FALSE;
}
} else {
$msg = "Missing password. ";
$status = FALSE;
}
} else {
$msg = "Missing username. ";
$status = FALSE;
}
// If we got through all that without errors, start a session.
if ($status == TRUE) {
// Start a session. session_start() and not sessionInit() because this
// is a file users should not access directly.
public function matches($host)
{
if (isUser($host) || isBot($host)) {
return fnmatch($this->mask, $host->getGlineHost()) || fnmatch($this->mask, $host->getGlineIp());
} else {
return fnmatch($this->mask, $host);
}
}
<?php
ob_start();
require_once 'ustawienia/ustawienia.php';
require_once 'funkcje/podstawowe.php';
isUser($config);
$player = getUser($config);
if (empty($_GET['type'])) {
$_GET['type'] = 0;
}
if (empty($_GET['subtype'])) {
$_GET['subtype'] = 0;
}
if (empty($_GET['mid'])) {
$_GET['mid'] = 0;
}
$_GET['mid'] = intV($_GET['mid']);
$_GET['type'] = intV($_GET['type']);
$_GET['subtype'] = intV($_GET['subtype']);
$object = get_one("select m_id from arena_map inner join arena_monsters on mo_id = m_subtype where m_type = 5 and m_subtype = " . $_GET['subtype'] . " and m_id = " . $_GET['mid'] . " limit 1");
if (!empty($object)) {
switch ($_GET['subtype']) {
case 1:
$items = get_all("select * from arena_items_param ");
echo "\n\t\t\t\t\t\t\t<div class='highslide-header'><b>Meglash</b> [esc - wyjście]\n\t\t\t\t\t\t\t\t<ul>\n\t\t\t\t\t\t\t\t\t<li class='highslide-move'>\n\t\t\t\t\t\t\t\t\t\t<a style='color:#000000' href='#' title='przesuń' onclick='return false'>\n\t\t\t\t\t\t\t\t\t\t\t<span><></span>\n\t\t\t\t\t\t\t\t\t\t</a>\n\t\t\t\t\t\t\t\t\t</li>\n\t\t\t\t\t\t\t\t\t<li class='highslide-close'>\n\t\t\t\t\t\t\t\t\t\t<a style='color:#000000' href='#' title='zamknij' onclick='hs.height = 120; hs.width = 220; return hs.close(this)'>\n\t\t\t\t\t\t\t\t\t\t\t<span>zamknij</span>\n\t\t\t\t\t\t\t\t\t\t</a>\n\t\t\t\t\t\t\t\t\t</li>\n\t\t\t\t\t\t\t\t</ul>\n\t\t\t\t\t\t\t</div>\n\t\t\t\t\t\t\t";
$echo = '';
if (is_array($items)) {
foreach ($items as $item) {
$options = '';
if ($item->ip_gold <= $player->gold) {
$options .= "<a style='color:#000000' href='?action=map&item_buy=" . $item->ip_id . "' >[ kup ]</a>";
$arr = explode("\n", $d);
if ($m == 'checkin') {
foreach ($arr as $line) {
$line = trim($line);
if ($line != '') {
if (isObject($line)) {
$_CheckOuts->checkin($line);
} else {
echo 'Invalid barcode: "' . $line . '"<br />';
}
}
}
} else {
if ($m == 'checkout') {
$user = trim(array_shift($arr));
if (isUser($user)) {
foreach ($arr as $line) {
$line = trim($line);
if ($line != '') {
if (isObject($line)) {
$_CheckOuts->checkout($user, $line);
} else {
echo 'Invalid barcode: "' . $line . '"<br />';
}
}
}
} else {
echo 'Invalid user: '******'<br />';
}
}
}
$valoriEng = array($_GET['item'], L_eng);
$valoriRus = array($_GET['item'], L_rus);
$qry_art = $funzioni->getValoreCampo(t_articolo, array('id', 'codice', 'categoria', 'sezione', 'decoro', 'width_img', "DATE_FORMAT(data,'%d-%m-%Y') as data"), array('id'), array($_GET['item']));
$qry_des_ita = $funzioni->getValoreCampo(t_descrizione, array('descrizione'), $campiRicerca, $valoriIta);
$qry_des_eng = $funzioni->getValoreCampo(t_descrizione, array('descrizione'), $campiRicerca, $valoriEng);
$qry_des_rus = $funzioni->getValoreCampo(t_descrizione, array('descrizione'), $campiRicerca, $valoriRus);
$sql = "SELECT D.id, D.nome FROM " . t_decoro . " D JOIN " . t_sort . " S ON D.id = S.decoro WHERE S.categoria = " . $qry_art->fields['categoria'] . " ORDER BY S.sort";
$qryDecori = $funzioni->getDB()->Execute($sql);
$codiceConArt = stripslashes($qry_art->fields['codice']);
$strCodice = substr($codiceConArt, 4, strlen($codiceConArt));
$flagCategoria = $qry_art->fields['categoria'];
$flagDecoro = $qry_art->fields['decoro'];
$flagSezione = $qry_art->fields['sezione'];
$strData = $qry_art->fields['data'];
// controllo permessi di editazione campi
if (!isAdmin() && !isUser() && $flagSezione != SEZ_GENERAL) {
$atr_disabled = "disabled";
}
//============ PARTE RIGUARDANTE LA GRANDEZZA DELL'IMMAGINE PRINCIPALE =========
$sql2 = "SELECT id, nome FROM " . t_img . " WHERE articolo=" . $_GET['item'];
$qryImg2 = $funzioni->getDB()->Execute($sql2);
if (!$qryImg2->EOF) {
$sql3 = "SELECT MIN(id), nome FROM " . t_img . " WHERE articolo=" . $_GET['item'];
$qryImg = $funzioni->getDB()->Execute($sql3);
$im = PATH_IMG . $qryImg->fields['nome'] . "_thumb.jpg";
list($w, $h) = getimagesize($im);
$strVarJS .= "setWidth(" . $w . ");\n";
$strVarJS .= "setHeight(" . $h . ");\n";
$strWidthImg = $qry_art->fields['width_img'];
if ($strWidthImg == 0) {
$strWidthImg = 180;
function reportEvent($event_name, $source, $arg1 = "", $arg2 = "", $arg3 = "", $arg4 = "", $arg5 = "", $is_command = false)
{
if (!$is_command && !REPORT_EVENTS || $is_command && !REPORT_COMMANDS) {
return;
}
if ($is_command) {
$channel = COMMAND_CHANNEL;
} else {
$channel = EVENT_CHANNEL;
}
$bot = $this->default_bot;
if (isServer($source)) {
$source = BOLD_START . $source->getNameAbbrev(NICK_LEN) . BOLD_END;
} elseif (isUser($source)) {
$source = $source->getNick();
}
for ($i = 1; $i <= 5; $i++) {
eval('$arg = $arg' . $i . ';');
if (!is_object($arg)) {
continue;
}
if (isServer($arg) || isChannel($arg)) {
$arg = $arg->getName();
} elseif (isUser($arg)) {
$arg = $arg->getNick();
}
eval('$arg' . $i . ' = $arg;');
}
if (strlen($source) > NICK_LEN) {
$source = substr($source, 0, NICK_LEN);
}
$margin = substr_count($source, BOLD_START);
$misc = $arg1 . ' ' . $arg2 . ' ' . $arg3 . ' ' . $arg4 . ' ' . $arg5;
$misc = trim($misc);
if (!$this->finished_burst) {
$this->pending_events[] = array('chan_name' => $channel, 'margin' => $margin, 'source' => $source, 'event_name' => $event_name, 'misc' => $misc);
}
$bot->messagef($channel, '[%' . (NICK_LEN + $margin) . 's] %s %s', $source, $event_name, $misc);
/*
if ($this->finished_burst)
$bot->messagef($channel, "[%". (NICK_LEN + $margin) ."s] %s %s", $source, $event_name, $misc);
*/
return true;
}
Output::success($data);
} else {
header('HTTP/1.1 405 Method Not Allowed');
header('Allow: GET, POST');
Output::error('Method not exist');
}
}
}
break;
case 'login':
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$post = json_decode(file_get_contents("php://input"), true);
// die(var_dump($post));
// TODO:: Validate post
if (isset($post['email']) && !empty($post['email']) && isset($post['password']) && !empty($post['password'])) {
$data = isUser($post['email'], $post['password']);
if ($data != 0) {
header('HTTP/1.1 200 OK');
Output::success($data);
} else {
$data = 'Kullanıcı bilgilerinizi kontrol ediniz!';
header('HTTP/1.1 203 Non-Authoritative Information');
Output::error($data);
}
} else {
$data = 'Kullanıcı bilgilerinizi gönderiniz!';
header('HTTP/1.1 405 Method Not Allowed');
header('Allow: POST');
Output::error($data);
}
} else {
<?php
require "config.php";
require "functions.php";
session_start();
if (!isset($_POST['fname']) || !isset($_POST['lname']) || !isset($_POST['username']) || !isset($_POST['password'])) {
header("Location: ../login.php?error=1");
}
//NEED INPUT FILTERING HERE!
$fn = $_POST['fname'];
$ln = $_POST['lname'];
$un = $_POST['username'];
$pw = $_POST['password'];
//checks if the user exists. if not, then create the account
if (!isUser($un)) {
$cpt_pwd = crypt($pw);
$stmt = $mysqli->prepare("insert into users (first_name, last_name, user_name, password) values (?, ?, ?, ?)");
if (!$stmt) {
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$stmt->bind_param('ssss', $fn, $ln, $un, $cpt_pwd);
$stmt->execute();
$stmt->close();
$ud = checkLogin($un, $pw);
if (isset($ud)) {
$_SESSION['uid'] = $ud['uid'];
$_SESSION['username'] = $ud['un'];
$_SESSION['fname'] = $ud['fn'];
$_SESSION['lname'] = $ud['ln'];
header("Location: ../index.php");
}
if (empty($phone) || empty($pass) || empty($pass2) || empty($mail) || empty($fname) || empty($unmae)) {
$err .= __('A field was left blank') . "<br>";
$fatal = TRUE;
}
if (!checkEmail($mail)) {
$err .= __('Problem With email Address') . "<br>";
$fatal = TRUE;
}
if (!$fatal) {
$result = $user->addNewUser($unmae, $pass, $mail, $fname, $phone);
$err .= $result['text'];
$user->populateUser($result['qid']);
}
echo '<div id="errors">' . $err . "</div>\t";
} elseif (isUser()) {
echo '<div id="errors">';
_e('You are already loged in');
?>
<a href="<?php
echo HOME . $_SERVER['REQUEST_URI'];
?>
/logout" title="logout"><?php
_e('Log Out');
?>
</a></div>
<?php
} else {
?>
<?php
$tipo = "articolo";
include "config.inc.php";
verifyAccess();
ob_start();
//Sessione contenente l'url attuale
$_SESSION['back_to'] = $_SERVER['QUERY_STRING'];
if (isset($_GET['op'])) {
if ($_GET['op'] == 'cancella') {
$id_sezione = 99;
if (!isAdmin() && !isUser()) {
$qry_fun = $funzioni->getValoreCampo(t_articolo, array('sezione'), array('id'), array($_GET['item']));
$id_sezione = $qry_fun->fields['sezione'];
}
if (isAdmin() || isUser() || isGrafico() && $id_sezione == SEZ_GENERAL) {
//cancellazione immagini
$arr_img = array();
if ($r = $db_conn->Execute("SELECT id,nome,articolo FROM " . t_img . " WHERE articolo=?", array($_GET['item']))) {
while (!$r->EOF) {
$arr_img[] = sha1($r->fields['articolo'] . $r->fields['id']);
$r->MoveNext();
}
}
$funzioni->cancellaRecord(t_articolo, "id", $_GET['item']);
$funzioni->cancellaRecord(t_descrizione, 'articolo', $_GET['item']);
$funzioni->cancellaRecord(t_listino, 'articolo', $_GET['item']);
$image->delImgProd($_GET['item'], $arr_img);
header("Location: " . DIR . F_articolo . "?" . urldecode($_GET['back']));
exit;
}
<?php
require_once __DIR__ . '/functions.php';
if (!isUser()) {
header('Location: /sessions/form.html');
exit;
}
?>
<h2>Hello, <?php
echo getUser();
?>
!</h2>
<a href="/sessions/logout.php">Exit</a>
public function __toString()
{
$string = '<div class="item_wrapper" id="item-' . $this->itemid . '">';
$string .= '<img class="itemimage" src=' . HOME . 'images/items/' . $this->image . ' alt = ' . $this->itemname . ' />';
$string .= '<div class = "item_info">';
// We want to prevent unregistered user from entering the order item page
if (isUser()) {
$string .= '<h3><a href="' . HOME . 'item/' . $this->itemid . '" title="' . __('Order') . '">' . $this->itemname . '</a></h3>';
} else {
$string .= '<h3>' . $this->itemname . '</h3>';
}
$string .= '<div class="item_price"><table>';
switch ($this->itemtype) {
case 1:
if ($this->prices != "0.00") {
$string .= sprintf(__('<tr><td class="desc">330cc can</td><td> %s </td></tr>'), $this->prices);
}
if ($this->pricem != "0.00") {
$string .= sprintf(__('<tr><td class="desc">500cc bottle</td><td> %s </td></tr>'), $this->pricem);
}
break;
case 2:
$string .= sprintf(__('<tr><td class="desc">מחיר: </td><td> %s </td></tr>'), $this->prices);
break;
case 3:
if ($this->prices != "0.00") {
$string .= sprintf(__('<tr><td class="desc">Regular</td><td> %s </td></tr>'), $this->prices);
}
if ($this->pricem != "0.00") {
$string .= sprintf(__('<tr><td class="desc">Double</td><td> %s </td></tr>'), $this->pricem);
}
if ($this->pricel != "0.00") {
$string .= sprintf(__('<tr><td class="desc">Triple</td><td> %s </td></tr>'), $this->pricel);
}
break;
case 4:
case 5:
// $string .= sprintf(__('<tr><td class="desc">Small</td><td> %s </td></tr><tr><td class="price">Medium</td><td> %s</td></tr><tr><td class="price">Large</td><td> %s</td></tr>'),$this->prices, $this->pricem, $this->pricel);
if ($this->prices != "0.00") {
$string .= sprintf(__('<tr><td class="desc">Small</td><td> %s </td></tr>'), $this->prices);
}
if ($this->pricem != "0.00") {
$string .= sprintf(__('<tr><td class="desc">Medium</td><td> %s </td></tr>'), $this->pricem);
}
if ($this->pricel != "0.00") {
$string .= sprintf(__('<tr><td class="desc">Large</td><td> %s </td></tr>'), $this->pricel);
}
break;
case 6:
$string .= sprintf(__('<tr><td class="desc">For 3</td><td> %s </td></tr><tr><td class="price">For 4</td><td> %s</td></tr>'), $this->pricem, $this->pricel);
break;
}
$string .= '</table></div>';
$string .= '</div>';
// We want to prevent unregistered user from entering the order item page
if (isUser()) {
$string .= '<a href="' . HOME . 'item/' . $this->itemid . '" title="' . __('Add this item to your cart') . '"><img class="addtoorder" src="' . HOME . 'images/addtocart.png" alt="Add to order"></a>';
}
$string .= '</div>';
return $string;
}
function kill($user_num, $reason = 'So long...')
{
if (isUser($user_num)) {
$user_num = $user_num->getNumeric();
}
if (!($user = $this->net->getUser($user_num))) {
return false;
}
$my_serv = $this->net->getServer($this->getServerNumeric());
$this->net->sendf(FMT_KILL, $this->getNumeric(), $user_num, $this->getNick(), $reason);
$this->net->removeUser($user_num);
}
<?php
session_start();
require_once '../admin/config.php';
require_once '../admin/connect.php';
require_once '../admin/functions.php';
require_once '../admin/isUser.php';
// db connection
$dbConn = connect_db();
// Is user connected? Get the userArray (updates the login date at DB too).
if (!empty($_SESSION['NC_user']) && !empty($_SESSION['NC_password'])) {
$arrUser = isUser($_SESSION['NC_user'], $_SESSION['NC_password'], $dbConn);
}
// Get the selected user data
if (!empty($_GET['id'])) {
$id = mysql_real_escape_string($_GET['id']);
$query = "SELECT idUser, username, type, first_name, last_name, country, DATE_FORMAT (date_created, '%b %D, %Y') AS date_created, date_modified, homepage, about, location FROM users WHERE idUser='******'";
$result = mysql_query($query, $dbConn);
if (empty($result)) {
$error['noUser'] = "******";
} else {
$user = mysql_fetch_array($result);
unset($query, $result);
// array $user to single vars
$user = strip_slashes_arr($user);
extract($user);
unset($user, $arr, $u);
// and userpic
$userpic = get_user_pic($idUser, 128);
}
} else {
// No errors? All arrranged? Bring back the userdata at $arrUser if that guy exists
if (empty($error)) {
/* START OLD PASSWORD PATCH */
require_once $_SERVER['DOCUMENT_ROOT'] . '/admin/isOldUser.php';
// The faulty strtohex function in use... So that it produces the results of 1.0
$oldPassword = strtohex(hash_hmac('sha256', $_POST['password'], 'c#haRl891', true));
if ($arrUser = isOldUser($username_form, $oldPassword, $dbConn)) {
// Update the table with the new password
$idUser = $arrUser['idUser'];
// turn 0 the oldPass & update the new pass
$query = "UPDATE users SET pass = '******', oldPass='******' WHERE idUser = '******'";
$result = mysql_query($query, $dbConn);
}
/* END OLD PASWORD PATCH */
// Mount the user array (or false)
if ($arrUser = isUser($username_form, $password, $dbConn)) {
if (empty($error)) {
// $error means user is in limbo (Panda check this. Could it be from other reasons?)
// and update last seen users (date_modify)
$d = date("Y-m-d H:i:s");
$query = "UPDATE users SET date_modified = '{$d}' WHERE idUser = {$arrUser['idUser']}";
$result = mysql_query($query, $dbConn);
// SESSION init
$_SESSION['NC_user'] = $arrUser['username'];
$_SESSION['NC_password'] = $arrUser['pass'];
//$_SESSION['CSRF']=substr(md5(uniqid(rand( ), true)), 10, 15);
// Location is the actual page except, obvioulsy, for the register page
if (preg_match("/register.php/i", $_SERVER['REQUEST_URI'])) {
$location = rurl();
} else {
$location = rurl() . $_SERVER['REQUEST_URI'];
function canViewFunds()
{
return isUser() || isSuper() || isTrans() || isAdmin();
}
// Date in the past
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($auth[$_SERVER['PHP_AUTH_USER']]) || $auth[$_SERVER['PHP_AUTH_USER']] != $_SERVER['PHP_AUTH_PW']) {
header('WWW-Authenticate: Basic realm="SLVSCAV Administration"');
header('HTTP/1.0 401 Unauthorized');
echo 'Sorry, you must log in.';
exit;
}
// Load all users
require_once dirname(__FILE__) . '/../lib/login.php';
$lines = preg_split('/[\\r\\n]+/mis', file_get_contents($dataDir . '/schoolid.csv'), 0, PREG_SPLIT_NO_EMPTY);
array_shift($lines);
// Ignore the first line.
$users = array();
foreach ($lines as $line) {
$parts = explode(',', trim($line));
if (isUser($parts[1])) {
$nameBits = explode(' ', $parts[4]);
$user = array('gender' => $parts[0], 'id' => $parts[1], 'grade' => $parts[2], 'last' => $parts[3], 'first' => $nameBits[0], 'middle' => $nameBits[1], 'file' => userFile($parts[1]));
if (is_file($dataDir . '/users/' . $user['id'] . '_answers.dat')) {
$user['answers'] = unserialize(file_get_contents($dataDir . '/users/' . $user['id'] . '_answers.dat'));
}
$users[] = $user;
}
}
// Load the scores
if (is_file($dataDir . '/scores.dat')) {
$scores = unserialize(file_get_contents($dataDir . '/scores.dat'));
} else {
$scores = array();
}
function saveScores()
