function SecureContent()
{
if (LogIn("SecureContent")) {
print '<h1>Secure Content</h1>';
print '<p>This is secure content</p>';
print '<p><a href="/auth/' . $_SESSION['session_id'] . '/?action=HomePage">Home Page</a></p>';
} else {
print '<h1>Not Authorized</h1>';
}
}
function init()
{
$accion = filter_input(INPUT_POST, 'accion');
if ($accion) {
if ($accion == 'registrarEntrevista') {
RegistrarEntrevista();
}
if ($accion == 'consultarUsuarios') {
ConsultarUsuarios();
}
if ($accion == 'enviarInvitaciones') {
EnviarInvitaciones();
} elseif ($accion == 'logIn') {
LogIn();
}
} else {
Respoder(false, 'Debe indicar una acción', null);
}
}
function init()
{
$accion = filter_input(INPUT_POST, 'accion');
if ($accion) {
if ($accion == 'registrarUsuario') {
UsuarioNuevo();
} elseif ($accion == 'logIn') {
LogIn();
} elseif ($accion == 'actualizarFoto') {
ActualizarFoto();
} elseif ($accion == 'actualizarDocumento') {
ActualizarDocumento();
} elseif ($accion == 'actualizarPassword') {
ActualizarPassword();
} elseif ($accion == 'actualizarDatos') {
ActualizarDatos();
} else {
Respoder(false, 'No existe la acción', null);
}
} else {
Respoder(false, 'Debe indicar una acción', null);
}
}
<?php
require_once "sql.php";
require_once "config.php";
require_once "util.php";
$MAXCHARS = 254;
$MAXLINES = 15;
// compose.php POST { page, text }
//-----------------------------------------------------------------------------
try {
if (!isset($_POST['text']) || !isset($_POST['page'])) {
exit('error');
}
$g_account = LogIn();
if ($g_account->page != $_POST['page']) {
exit('wrongpage');
}
// arduous text sanitization:
$text = $_POST['text'];
$text = str_replace('[[br]]', "\n", $text);
// convert marked newlines to real newlines
$text = trim($text);
// trim whitespace
if ($text == "") {
exit('empty');
}
// error if empty
$text = htmlspecialchars($text);
// escape html chars
$text = nl2br($text, false);
// convert newlines to html
image/busy8.png</idleImage>
<idleImage><?php
echo $DIR_SCRIPT_ROOT;
?>
image/busy9.png</idleImage>
</mediaDisplay>
</item_template>
<channel>
<title>Weeb.tv</title>
<menu>main menu</menu>
<?php
$disk = $_GET["disk"];
$cc = new cURL();
ReadSettings();
LogIn();
$html = $cc->get("http://weeb.tv/channels/live");
$videos = explode('<fieldset onclick', $html);
unset($videos[0]);
$videos = array_values($videos);
foreach ($videos as $video) {
$t1 = explode('<a href="', $video);
$t2 = explode('"', $t1[1]);
$lnk = $t2[0];
$t1 = explode('<img src="', $video);
$t2 = explode('"', $t1[1]);
$image = $t2[0];
$t1 = explode('">', $video);
$t2 = explode('</a></p>', $t1[5]);
$title = $t2[0];
echo '
<?php
session_start();
if (!isset($_SESSION['user_id'])) {
include_once 'framework\\db.php';
$message = LogIn();
if ($message) {
header('Location: index.php');
}
//TODO: pass message to index to show error type in future
}
include_once 'framework\\template.php';
?>
<!DOCTYPE html>
<html>
<?php
WriteHeader();
?>
<body>
<?php
WriteResumePdfStyle();
?>
<div class="row" id="resumeBody">
<?php
WriteResume();
?>
<form method="POST" action="cabinet.php">
<input type="hidden" value="<?php
echo $user_id;
?>
$avatar = $_FILES['avatar']['type'];
$allowed = array('image/gif', 'image/png', 'image/jpg', 'image/jpeg');
if (!in_array($avatar, $allowed)) {
$url = "register.php";
$_SESSION['errors'] = ['message' => "Avatar images must be JPG, PNG or GIF"];
header('Location: ' . $url);
}
}
if ($password != $password2 || !validPass($password)) {
$url = "register.php";
$_SESSION['errors'] = ['message' => "Passwords should be at least 8 characters long and consist of at least one lowercase letter, one uppercase letter, a number (0-9) and a special character."];
header('Location: ' . $url);
}
if (!validUser($username)) {
$url = "register.php";
$_SESSION['errors'] = ['message' => "Usernames can only consist of a-Z and _ (underscore) OR a user already exists with that name"];
header('Location: ' . $url);
}
if ($password == $password2 && validUser($username) && validPass($password)) {
Insert($username, $password);
LogIn($username, $password);
$url = "frontPage.php";
$_SESSION['errors'] = ['message' => 'Success! Thank you for registering.'];
header('Location: ' . $url);
}
echo 'Noooo';
} else {
$url = "register.php";
$_SESSION['errors'] = ['message' => "Something went wrong, please try again."];
header('Location: ' . $url);
}
<meta content="width=device-width, initial-scale=1.0" name="viewport" />
<?php
echo $META_description;
echo $META_author;
?>
<link rel="shortcut icon" href="ili-upload/favicon.png">
<link href="ili-style/assets/bootstrap/css/bootstrap.min.css" rel="stylesheet" />
<link href="ili-style/assets/font-awesome/css/font-awesome.css" rel="stylesheet" />
<link href="ili-style/css/style.css" rel="stylesheet" />
<link href="ili-style/css/style_responsive.css" rel="stylesheet" />
<link href="ili-style/css/style_default.css" rel="stylesheet" id="style_color" />
</head>
<!-- END HEAD -->
<?php
if (isset($_POST['email']) && isset($_POST['Password'])) {
LogIn($_POST['email'], md5($_POST['Password']));
}
?>
<!-- BEGIN BODY -->
<body id="login-body">
<div class="login-header">
<!-- BEGIN LOGO -->
<div id="logo" class="center">
<h4> <?php
echo $sytem_title;
?>
</h4>
</div>
<!-- END LOGO -->
</div>
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="post">
<input type="submit" name="searchWord" value="<?php
echo $displayInput['KEYWORD'];
?>
" />
</form>
<?php
}
} else {
if (isset($_POST['submitLogIn']) && $_POST['txtUsername'] != '' && $_POST['txtPassword'] != '') {
$sUsername = $_POST['txtUsername'];
$sPassword = $_POST['txtPassword'];
if (LogIn($sUsername, $sPassword) == true) {
$sSavedUser = $_COOKIE["SavedUserInfo"];
$result = mysql_query("SELECT KEYWORD FROM accounts WHERE ACCOUNT_NUMBER='{$sSavedUser}'") or die(mysql_error());
while ($displayInput = mysql_fetch_array($result)) {
?>
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="post">
<input type="submit" name="searchWord" value="<?php
echo $displayInput['KEYWORD'];
?>
" />
</form>
<?php
}
function changePassword($newPassword, $id = "")
{
if ($newPassword == "" || !isActiveUser()) {
return 4;
}
$link = getDBConnection();
if (mysqli_select_db($link, getDBName())) {
$newPassword = md5(md5(trim(mysqli_real_escape_string($link, $newPassword))));
if (isAdmin() && $id != "") {
$currentId = intval($id);
} else {
$currentId = intval(getActiveUserID());
}
if (mysqli_query($link, "UPDATE users SET password = '******' WHERE id = {$currentId}")) {
//logOff();
LogIn(md5(generateUniqueCode(10)), getActiveUserID());
return 0;
}
return 1;
} else {
return 2;
}
}
<?php
$is_session_post = false;
if (isset($_POST['login'])) {
require_once 'authenticate.php';
$must_be_admin = isset($must_be_admin) ? $must_be_admin : false;
if (($user_info = LogIn($_POST['username'], $_POST['password'], $must_be_admin)) === false) {
$view_data['message'] = 'Username or password not recognised. Please try again.';
}
$is_session_post = true;
} elseif (isset($_POST['logout'])) {
require_once 'authenticate.php';
LogOut();
$is_session_post = true;
} elseif (isset($_POST['timeout'])) {
require_once 'authenticate.php';
LogOut();
$view_data['message'] = 'Your session has expired. Please log in again to continue.';
$is_session_post = true;
}
if (isActiveUser()) {
header("Location: /");
}
$loginFailed = false;
$userBanned = false;
if (isset($_POST['submitAuth'])) {
$reason = "";
$data = getAuthorizationData();
//var_dump($data);
if (!empty($data)) {
if ($data['group'] == 'banned' && $data['password'] === md5(md5($_POST['password']))) {
$userBanned = true;
} else {
if ($data['password'] === md5(md5($_POST['password']))) {
$hash = md5(generateUniqueCode(10));
LogIn($hash, $data['id']);
echo '<meta http-equiv="refresh" content="0; url=userCheckData.php?redirect=' . htmlspecialchars($_POST['redirect']) . '">';
exit;
} else {
//$reason = "Неправильный пароль!";
$loginFailed = true;
}
}
} else {
//$reason = "Проблемы с БД!";
$loginFailed = true;
}
}
?>
<?php
