public static function error($err = null) { return sqlite_error($err); }
<?php //Authors: Joseph Smith and Christopher Bowen ini_set('display_errors', false); session_start(); //Start the session // Query the database for the current user's priveleges $db = sqlite_open('SQLiteDB/OfficeLayout.db', 0666, $sqliteerror); $query = "SELECT userType FROM user WHERE username=\"" . $_SESSION['name'] . "\""; $result = sqlite_query($db, $query); if (!$result) { sqlite_close($db); die("Invalid query: " . sqlite_error()); } $row = @sqlite_fetch_array($result, SQLITE_ASSOC); if ($row['userType'] != 'admin') { //If session not registered header("location:login.php?msg=You must be an admin to access this page."); // Redirect to login.php page } else { //Continue to current page header('Content-Type: text/html; charset=utf-8'); } // Begin the process of adding a department // If no object has been selected to be added... if (!isset($_GET['objectType'])) { echo '<p>Error: No object to be added.</p>'; sqlite_close($db); die; } if (!($_GET['objectType'] == "Department" && isset($_GET['departmentName']) && isset($_GET['iconID']))) {
//attempt login to database... $db = dbConnect(''); if ($DBProvider=='mysql') { $user = mysql_escape_string($_POST['user']); //using mysql:- INSERT INTO `keneb`.`user` (`Username` ,`Password`)VALUES ('test', MD5( 'test' )); $pass = @md5(mysql_escape_string($_POST['pass'])); //this way skip problems with errors in the password input... //$pass = @mysql_escape_string($_POST['pass']); //this way skip problems with errors in the password input... $suser = html_entities($_POST['user']); $sql = "select * from User where Username='******' or Username='******' AND Password='******' LIMIT 1"; $result = mysql_query($sql) or trigger_error("MySQL Login Query Error:".mysql_error()); if (mysql_num_rows($result) == 0) { LoginFailed("Login Failed: Incorrect username/password."); } else { LogonOK(mysql_fetch_array($result)); } } else { //need same encoding as in updateGateway... $user = htmlentities(@$_POST['user'],ENT_COMPAT,'UTF-8'); $pass = @md5(sqlite_escape_string($_POST['pass'])); //this way skip problems with errors in the password input... $sql = "select * from User where Username='******' AND Password='******' LIMIT 1"; $result = sqlite_query($sql,$db) or trigger_error("Sqlite Login Query Error:".sqlite_error()); if (sqlite_num_rows($result) == 0) { LoginFailed("Login Failed: Incorrect username/password."); } else { LogonOK(sqlite_fetch_array($result)); } } } ?>