function render_admin_login()
{
global $locale, $aidlink, $userdata, $defender;
// TODO: Remove this, add the required styling to acp_styles.css
add_to_head("<link rel='stylesheet' href='" . THEMES . "templates/setup_styles.css' type='text/css' />");
echo "<aside class='block-container'>\n";
echo "<div class='block'>\n";
echo "<div class='block-content clearfix' style='font-size:13px;'>\n";
echo "<h6><strong>" . $locale['280'] . "</strong></h6>\n";
echo "<img src='" . IMAGES . "php-fusion-icon.png' class='pf-logo position-absolute' alt='PHP-Fusion'/>";
echo "<p class='fusion-version text-right mid-opacity text-smaller'>" . $locale['version'] . fusion_get_settings('version') . "</p>";
echo "<div class='row m-0'>\n<div class='col-xs-12 col-sm-12 col-md-12 col-lg-12'>";
$form_action = FUSION_SELF . $aidlink == ADMIN . "index.php" . $aidlink ? FUSION_SELF . $aidlink . "&pagenum=0" : FUSION_SELF . "?" . FUSION_QUERY;
echo openform('admin-login-form', 'post', $form_action, array('max_tokens' => 1));
openside('');
if (!$defender->safe()) {
setNotice('danger', $locale['global_182']);
}
// Get all notices
$notices = getNotices();
echo renderNotices($notices);
echo "<div class='m-t-10 clearfix row'>\n";
echo "<div class='col-xs-3 col-sm-3 col-md-3 col-lg-3'>\n";
echo "<div class='pull-right'>\n";
echo display_avatar($userdata, '90px');
echo "</div>\n";
echo "</div>\n<div class='col-xs-9 col-sm-9 col-md-8 col-lg-7'>\n";
echo "<div class='clearfix'>\n";
$label = "<span class='h5 display-inline' style='color: #222'><strong>" . $locale['welcome'] . ", " . $userdata['user_name'] . "</strong><br/>" . getuserlevel($userdata['user_level']) . "</span>";
add_to_head('<style>#admin_password-field .required {display:none}</style>');
echo form_text('admin_password', $label, '', array('callback_check' => 'check_admin_pass', 'placeholder' => $locale['281'], 'autocomplete_off' => 1, 'type' => 'password', 'required' => 1));
echo "</div>\n";
echo "</div>\n";
echo "</div>\n";
closeside();
echo form_button('admin_login', $locale['login'], 'Sign in', array('class' => 'btn-primary btn-block'));
echo closeform();
echo "</div>\n</div>\n";
// .col-*, .row
echo "</div>\n";
// .block-content
echo "</div>\n";
// .block
echo "<div class='copyright-note clearfix m-t-10'>" . showcopyright() . "</div>\n";
echo "</aside>\n";
}
public function lang_newsAction()
{
$model = new AdminModel();
$form = Call::form('Lang_news');
$news = $model->getNewsByID(Request::getUri()[0]);
if (!$news->id) {
error404();
}
if (isPost()) {
$dataPost = array('name' => post('name'), 'lang' => 'en', 'text' => post('text'));
// allPost()
$lnid = post('lnid', 'int');
if ($form->isValid($dataPost)) {
$data = $form->data;
$data['nid'] = $news->id;
$data['uid'] = Request::getParam('user')->id;
$data['time'] = time();
if ($lnid) {
$model->update('news_lang', $data, "`id` = '{$lnid}'");
setNotice(Lang::translate('LANG_NEWS_EDITED'));
} else {
$id = $model->insert('news_lang', $data);
$lnid = $id;
if ($id) {
setNotice(Lang::translate('LANG_NEWS_ADDED'));
}
}
$dataImg['path'] = 'public/news/';
$dataImg['new_name'] = $lnid;
$dataImg['resize'] = 2;
$dataImg['mkdir'] = true;
$dataImg['min_width'] = 600;
$dataImg['min_height'] = 400;
if ($_FILES['image']['name']) {
$f = File::LoadImg($_FILES['image'], $dataImg);
}
} else {
setNotice(Lang::translate('SOME_ERROR'));
}
//redirect(url('admin', 'lang_news', $news->id));
}
$this->view->list = $model->getLangNewsList($news->id);
$this->view->news = $news;
$this->view->title = $news->name;
}
$sql->bindParam(':type', $imgType);
$result = $sql->execute();
//Check if its succesful
if ($result) {
setNotice("Your account has been succesfully updated!", "alert alert-success");
} else {
setNotice("Oops! There seems to be a problem. Try again and if the problem persists contact our team.");
}
} else {
$sql = $dbconn->prepare("UPDATE `profile-images` SET `Image`=:img, `Type`=:type WHERE `UserId`=:userid");
$sql->bindParam(':img', $fp, PDO::PARAM_LOB);
$sql->bindParam(':userid', $userid);
$sql->bindParam(':type', $imgType);
$result = $sql->execute();
//Check if its succesful
if ($result) {
setNotice("Your account has been succesfully updated!", "alert alert-success");
} else {
setNotice("Oops! There seems to be a problem. Try again and if the problem persists contact our team.");
}
}
} else {
setNotice("Oops! There seems to be a problem. Try again and if the problem persists contact our team.");
}
setNotice("Your account has been succesfully updated!", "alert alert-success");
} else {
setNotice("Oops! There seems to be a problem. Try again and if the problem persists contact our team.");
$dbconn->rollback();
}
header("location: ../my_profile.php");
}
<?php
session_start();
session_destroy();
session_start();
include "functions/general.php";
setNotice('You have been succesfully logged out!', 'alert alert-success');
header('location: ../index.php');
try {
$result = $dbconn->prepare("SELECT * FROM `users` WHERE `Username` = :user");
$result->bindParam(':user', $user);
$result->execute();
$rows = $result->fetch(PDO::FETCH_ASSOC);
echo "success";
} catch (PDOException $e) {
echo $e->getMessage();
}
if (count($rows) > 0 && $rows['Active'] == 1) {
if (password_verify($password, $rows['Password'])) {
$_SESSION['Username'] = $rows['UserId'];
session_write_close();
header("location: ../textbooklistpage.php");
echo "home";
exit;
} else {
setNotice('Username or Password is wrong!', "alert alert-danger");
$errflag = true;
}
} else {
setNotice('Username or Password is wrong!', "alert alert-danger");
$errflag = true;
}
}
if ($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: ../log_in.php");
exit;
}
print_r($_POST);
if (isset($_POST['newPass']) && isset($_POST['oldPass']) && isset($_SESSION['request'])) {
if ($_POST['newPass'] == $_POST['oldPass']) {
$request = $_SESSION['request'];
unset($_SESSION['request']);
$newPass = password_hash($_POST['newPass'], PASSWORD_DEFAULT);
$dbconn->beginTransaction();
$sql = $dbconn->prepare("UPDATE `users` SET `Password`= :pass WHERE `UserId` = :id");
$sql->bindParam(":pass", $newPass);
$sql->bindParam(":id", $request['UserId']);
$result = $sql->execute();
if ($result) {
$sql = $dbconn->prepare("DELETE FROM `pass-request` WHERE UserId = :id");
$sql->bindParam(":id", $request['UserId']);
$result = $sql->execute();
if ($result) {
$dbconn->commit();
setNotice("Password succesfully changed!", "alert alert-success");
header("location: ../log_in.php");
} else {
$dbconn->rollback();
setNotice("Error changing password! Please try again and if the problem persists contact our team.", "alert alert-danger");
header("location: ../log_in.php");
}
}
} else {
setNotice("Passwords Don't Match!", "alert alert-danger");
$link = "location: ../passwordreset.php?code=" . $_SESSION['request']['code'];
header($link);
}
}
while (list($var, $param) = @each($post_var_list)) {
if (!empty($_POST[$param]) && strlen(trim($_POST[$param]))) {
$_POST[$param] = strtolower(trim(addslashes($_POST[$param])));
} else {
setError("Connection failed: invalid server/authentication details", "../index.php");
}
}
//find port from server post var
$serverInfo = explode(":", $_POST['server']);
if (count($serverInfo) < 2 || strlen($serverInfo[1]) < 1) {
$port = 27015;
} else {
$port = $serverInfo[1];
}
$_SESSION['server'] = $_POST['server'];
$_SESSION['port'] = $port;
$_SESSION['password'] = $_POST['password'];
$rcon = new RCon($_SESSION['server'], $_SESSION['port'], $_SESSION['password']);
//abort if no connection is possible at all
if ($rcon->_Sock == null) {
setError("Connection failed: cannot connect to that server", "../index.php");
}
//attempt to authenticate with rcon password
$success = $rcon->authenticate();
if ($success) {
$_SESSION['connected'] = true;
setNotice("Connection made", "../index.php");
} else {
$_SESSION['connected'] = false;
setError("Connection failed: incorrect rcon password", "../index.php");
}
$result = $query->execute();
if ($result) {
$userid = $dbconn->LastInsertId();
echo $userid;
$sql = "INSERT INTO `user-details` (`UserId`, `Email`, `UniId`, `CampusId`) VALUES (:id, :email, :uni, :camp)";
$query = $dbconn->prepare($sql);
$query->bindParam(':email', $email);
$query->bindParam(':id', $userid);
$query->bindParam(':uni', $uni);
$query->bindParam(':camp', $camp);
$result = $query->execute();
$sentEmail = sendConfirmation($userid, $email, $dbconn);
echo "here";
if ($result && $sentEmail) {
$dbconn->commit();
setNotice("A confirmation email has been sent! Please verify to complete registration.");
echo "true";
header('location: ../index.php');
} else {
$dbconn->rollback();
}
}
} catch (PDOException $e) {
$dbconn->rollback();
handleError($e);
}
} else {
}
//End if
} else {
echo "no submit";
public static function setAdminLogin()
{
global $locale;
if (isset($_GET['logout'])) {
self::expireAdminCookie();
$user = fusion_get_userdata("user_id");
if (!empty($user)) {
redirect(BASEDIR . "index.php");
}
}
if (isset($_POST['admin_password'])) {
$admin_password = form_sanitizer($_POST['admin_password'], '', 'admin_password');
if (\PHPFusion\Authenticate::validateAuthAdmin($admin_password)) {
if (Authenticate::setAdminCookie($admin_password)) {
unset($_SESSION['notices']);
redirect(FUSION_REQUEST);
} else {
addNotice("danger", $locale['cookie_error'], $locale['cookie_error_description']);
}
} else {
addNotice("danger", $locale['password_invalid'], $locale['password_invalid_description']);
}
}
if (defined('ADMIN_PANEL') && !isset($_COOKIE[COOKIE_PREFIX . "admin"])) {
setNotice("danger", $locale['cookie_title'], $locale['cookie_description']);
}
}
<?php
include "core/database/connect.php";
include "core/functions/general.php";
session_start();
if (!empty($_GET['verification_code']) && isset($_GET['verification_code'])) {
$verificationCode = $_GET['verification_code'];
//check the database for the verification code from the link
$sql = 'SELECT `UserId`, `Code` FROM `confirmation` WHERE `Code` = :verification';
$stmt = $dbconn->prepare($sql);
$stmt->bindParam(':verification', $verificationCode, PDO::PARAM_STR);
$stmt->execute();
$row = $stmt->fetch();
$Id = $row['UserId'];
$user = retrieveUser($Id, $dbconn);
if (empty($row)) {
setNotice("The account was not found", "alert alert-danger");
} elseif ($user['Active'] == 1) {
setNotice("You have already been validated!", "alert alert-danger");
} else {
//if they match. make the user active in db
$sql = 'UPDATE `users` SET Active = 1 WHERE UserId=:Id';
$stmt = $dbconn->prepare($sql);
$stmt->bindParam(':Id', $Id, PDO::PARAM_STR);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
setNotice("Succesfully Registered!", "alert alert-success");
}
}
header("location: index.php");
$mail->Port = 587;
// set the SMTP port for the server
$mail->From = "*****@*****.**";
//the email the mail comes from
$mail->FromName = "BookHunters";
//what name should be shown at the email
$mail->AddAddress($profile['Email']);
//where the mail should be sent to
$mail->Subject = "Password Reset";
//subject of the mail
//how the link should look in the mail the "url" should point to the verification.php file
$link = "http://45.55.56.22/passwordreset.php" . '?code=' . urlencode($user_activation_hash);
//the message in the mail with the above link
$mail->Body = "Please click on this link to reset:" . ' ' . $link;
if (!$mail->Send()) {
echo "there was an error sending the mail" . ' ' . $mail->ErrorInfo;
//if there is an error sending the mail then I delete it here
return false;
} else {
//here I update the user with the new random created string
$sql = "INSERT INTO `pass-request` (`UserId`, `Code`, `Email`) VALUES (:userid, :code, :email)";
$stmt = $dbconn->prepare($sql);
$stmt->bindParam(':userid', $user['UserId'], PDO::PARAM_STR);
$stmt->bindParam(':code', $user_activation_hash, PDO::PARAM_STR);
$stmt->bindParam(':email', $profile['Email'], PDO::PARAM_STR);
$stmt->execute();
setNotice("You have been sent a link to change your password!");
header("location: ../log_in.php");
}
}
}