function register_user()
{
// get passwordHash library for backwards compatability.
require 'password.php';
// get database connection object
require 'dbConnector.php';
$db = loadDatabase();
// Get check_user function
require 'check_user_db.php';
// get user submitted form
$username = stripslashes($_POST['username']);
$password = stripslashes($_POST['password']);
$email = stripslashes($_POST['email']);
// Check if username exists using check_user()
if (check_user($db, $username)) {
$message = "Username '{$username}' already exists.";
} else {
// hash and salt password
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
// Prepared statement to insert a user
$stmt = $db->prepare("INSERT INTO user (username, email, password)\n VALUES (:username, :email, :passwordHash);");
$stmt->bindValue(':username', $username);
$stmt->bindValue(':passwordHash', $passwordHash);
$stmt->bindValue(':email', $email);
$stmt->execute();
$_SESSION['logged_user'] = $username;
$message = "{$username}, you are now registered.";
}
return $message;
}
function event_delete()
{
global $config;
if (!is_user() && $config['anon_permission'] < 2) {
soft_error(_('You do not have permission to delete events.'));
}
$del_array = explode('&', $_SERVER['QUERY_STRING']);
$html = tag('div', attributes('class="box"', 'style="width: 50%"'));
$ids = 0;
foreach ($del_array as $del_value) {
list($drop, $id) = explode("=", $del_value);
if (preg_match('/^id$/', $drop) == 0) {
continue;
}
$ids++;
$event = get_event_by_id($id);
if (!check_user($event['uid']) && $config['anon_permission'] < 2) {
$html->add(tag('p', _('You do not have permission to remove item') . ": {$id}"));
continue;
}
if (remove_event($id)) {
$html->add(tag('p', _('Removed item') . ": {$id}"));
} else {
$html->add(tag('p', _('Could not remove item') . ": {$id}"));
}
}
if ($ids == 0) {
$html->add(tag('p', _('No items selected.')));
}
return $html;
}
function array_menu($parent_id = 0, $group_id = 2, $close = array())
{
$ci =& get_instance();
if ($group_id == 'all') {
$query = "SELECT \n\t\t\t\t\t\t\tsys_menu.*,sys_resources.name AS permission \n\t\t\t\t\t\tFROM \n\t\t\t\t\t\t\tsys_menu \n\t\t\t\t\t\tLEFT JOIN sys_resources ON(sys_menu.resources_id=sys_resources.id) \n\t\t\t\t\t \tWHERE sys_menu.parent_id = {$parent_id} \n\t\t\t\t\t\tORDER BY sys_menu.id ASC";
} else {
$query = "SELECT \n\t\t\t\t\t\t\tsys_menu.*,sys_resources.name AS permission \n\t\t\t\t\t\tFROM \n\t\t\t\t\t\t\tsys_menu \n\t\t\t\t\t\tLEFT JOIN sys_resources ON(sys_menu.resources_id=sys_resources.id) \n\t\t\t\t\t \tWHERE sys_menu.parent_id = {$parent_id} AND sys_menu.group_id = {$group_id} \n\t\t\t\t\t\tORDER BY sys_menu.id ASC";
}
$result = $ci->db->query($query);
$data = array();
if ($result->num_rows() > 0) {
foreach ((array) $result->result_array() as $row) {
$allow_menu = check_user($row['permission'], false);
if ($allow_menu) {
$r['id'] = $row['id'];
$r['parent_id'] = $row['parent_id'];
$r['text'] = strtoupper($row['name']);
$r['url'] = $row['url'];
$r['state'] = $close && in_array($row['id'], $close) ? 'closed' : '';
$r['children'] = array_menu($row['id'], $group_id, $close);
$data[] = $r;
}
}
}
return $data;
}
function add_user($way, $login)
{
global $db;
if (check_user($way, $login)) {
return false;
}
$result = $db->insert("user", "`way`,`login`", "'{$way}','{$login}'");
return $result;
}
public function __construct()
{
parent::__construct();
$this->table = 'sys_menu';
$this->primary = 'id';
$this->load->config('glyphicon');
$this->glyphicon = $this->config->item('glyphicon');
$this->load->model('cpanel/menu_model');
$this->load->library('tree');
check_user('menu.manager');
}
function __construct()
{
parent::__construct();
$this->user_table = 'sys_users';
$this->user_primary = 'id';
$this->role_table = 'sys_roles';
$this->role_primary = 'id';
$this->role_field_name = 'name';
$this->load->model('dx_auth/permissions', 'permissions');
check_user('user.manager');
}
/**
* Buguser protection
*/
protected function checkQueue()
{
global $user;
check_user();
// check
$sql = "SELECT * FROM ugml_galactic_jump_queue\r\n\t\t\t\tWHERE userID = " . WCF::getUser()->userID;
$result = WCF::getDB()->getResultList($sql);
$this->fleet = unserialize($result[0]['ships']);
//if(count($result) != 1 || $result[0]['time'] != $user['onlinetime'] || $result[0]['state'] != 2) message('Bug-User-Schutz, bitte erneut losschicken!');
// save
$sql = "UPDATE ugml_galactic_jump_queue\r\n\t\t\t\tSET endPlanetID = " . $this->moonObj->planetID . ",\r\n\t\t\t\t\tstate = 3,\r\n\t\t\t\t\ttime = " . TIME_NOW . "\r\n\t\t\t\tWHERE queueID = " . $result[0]['queueID'];
WCF::getDB()->registerShutdownUpdate($sql);
}
public function settings()
{
check_user('testimonial.settings');
$this->crud->set_table('testimonial_settings');
$this->crud->set_primary_key('id');
$this->crud->set_subject('Settings Testimonial');
$this->crud->edit_fields('success_messages', 'error_messages', 'show_phone', 'show_website', 'show_location', 'show_images', 'show_captcha', 'required_phone', 'required_website', 'required_location', 'required_images');
$this->crud->display_as('success_messages', 'Pesan sukses');
$this->crud->display_as('error_messages', 'Pesan error');
$this->crud->field_type('show_phone', 'true_false', array('1' => 'Ya', '0' => 'Tidak'));
$this->crud->field_type('show_website', 'true_false', array('1' => 'Ya', '0' => 'Tidak'));
$this->crud->field_type('show_location', 'true_false', array('1' => 'Ya', '0' => 'Tidak'));
$this->crud->field_type('show_images', 'true_false', array('1' => 'Ya', '0' => 'Tidak'));
$this->crud->field_type('show_captcha', 'true_false', array('1' => 'Ya', '0' => 'Tidak'));
$this->crud->display_as('show_phone', 'Tampilkan form phone');
$this->crud->display_as('show_website', 'Tampilkan form website');
$this->crud->display_as('show_location', 'Tampilkan form lokasi');
$this->crud->display_as('show_images', 'Tampikan form photo');
$this->crud->display_as('show_captcha', 'Tampilkan form captcha');
$this->crud->field_type('required_name', 'true_false', array('1' => 'Ya', '0' => 'Tidak'));
$this->crud->field_type('required_email', 'true_false', array('1' => 'Ya', '0' => 'Tidak'));
$this->crud->field_type('required_phone', 'true_false', array('1' => 'Ya', '0' => 'Tidak'));
$this->crud->field_type('required_website', 'true_false', array('1' => 'Ya', '0' => 'Tidak'));
$this->crud->field_type('required_location', 'true_false', array('1' => 'Ya', '0' => 'Tidak'));
$this->crud->field_type('required_images', 'true_false', array('1' => 'Ya', '0' => 'Tidak'));
$this->crud->display_as('required_name', 'Form Nama wajib di isi?');
$this->crud->display_as('required_email', 'Form Email wajib di isi?');
$this->crud->display_as('required_phone', 'Form Phone wajib di isi?');
$this->crud->display_as('required_website', 'Form Website wajib di isi?');
$this->crud->display_as('required_location', 'Form Lokasi wajib di isi?');
$this->crud->display_as('required_images', 'Form Photo wajib di isi?');
$this->crud->unset_list();
$this->crud->unset_add();
$this->crud->unset_delete();
$this->crud->unset_back_to_list();
try {
$output = $this->crud->render();
} catch (Exception $e) {
if ($e->getCode() == 14) {
redirect('testimonial/admin/testimonial/settings/edit/1');
exit;
} else {
show_error($e->getMessage());
}
}
$data['output'] = $output;
$data['page'] = "layout_crud";
$data['module'] = $this->module;
$data['title'] = "Testimonial manager";
$this->load->view($this->layout, $data);
}
function login()
{
try {
$user = $_POST['user'];
$hashPass = md5($_POST['pass']);
if (check_user($user, $hashPass)) {
return "true";
} else {
return "Invalid UserName or Password";
}
} catch (PDOException $e) {
echo $e->getMessage();
}
}
/**
* valid_user Check if connection to the API is correct.
* If connection is correct, check if a user exists on the wiki.
* Called by 'validuser' action parameter
*
* @param string $webserviceid id to the webservice
* @param string $webservicepass password to the webservice
* @param string $username user id
* @param string $userpass user password
*
* @return string result message:
* - 'Success' if user exists
* - Error message otherwise
*/
function valid_user($webserviceid, $webservicepass, $username, $userpass)
{
// Result structure to send back
$result = array('validuser' => array('username' => $username, 'result' => 'undefined'));
// Check webservice connection
$webservice_result = check_webservice($webserviceid, $webservicepass);
if ($webservice_result != null) {
// Incorrect webservice connection
$result['validuser']['result'] = $webservice_result;
} else {
// Webservice connection ok: check user
$result['validuser']['result'] = check_user($username, $userpass);
}
return json_encode($result);
}
public function index()
{
$html = "<script type=\"text/javascript\">\n";
$html .= "\$(document).ready(function(){\t\$('#field-title').friendurl({id : 'field-seo', divider: '-'}); });";
$html .= "</script>";
$allow_add = check_user('post.add', FALSE);
$allow_edit = check_user('post.edit', FALSE);
$allow_delete = check_user('post.delete', FALSE);
$this->crud->set_table('content');
$this->crud->where('type_id', 2);
$this->crud->set_subject('Data post');
$this->crud->required_fields('title', 'content');
$this->crud->field_type('active', 'true_false', array('1' => 'Yes', '0' => 'No'));
$this->crud->field_type('created', 'hidden', date('Y-m-d H:i:s'));
$this->crud->unset_add_fields('meta_title', 'hits');
$this->crud->unset_edit_fields('meta_title', 'hits', 'created_by', 'created', 'type_id');
$this->crud->columns('title', 'category_id', 'seo', 'created_by', 'created');
$this->crud->field_type('type_id', 'hidden', 2);
$this->crud->set_field_upload('image', 'files/post');
$state = $this->crud->getState();
if ($state == 'ajax_list') {
$this->crud->set_relation('created_by', 'sys_users', 'name');
} else {
$this->crud->field_type('created_by', 'hidden', $this->user->user_id);
}
$this->crud->set_relation('category_id', 'content_category', 'name');
$this->crud->display_as('category_id', 'Kategori');
if (!$allow_add) {
$this->crud->unset_add();
}
if (!$allow_edit) {
$this->crud->unset_edit();
}
if (!$allow_delete) {
$this->crud->unset_delete();
}
$this->crud->field_type('meta_description', 'text');
$this->crud->unset_texteditor('meta_description');
$output = $this->crud->render();
$data['title'] = "Post";
$data['js'] = array(_ASSET_URL . "js/jquery.friendurl.min.js");
$data['html'] = $html;
$data['output'] = $output;
$data['page'] = "layout_crud";
$data['module'] = "post";
$this->load->view($this->layout, $data);
}
public function index()
{
check_user('client.data');
$this->crud->set_table("client");
$this->crud->set_subject('Data client');
$this->crud->set_field_upload('client_image', 'files/client');
$this->crud->field_type('client_active', 'true_false', array('1' => 'Yes', '0' => 'No'));
$this->crud->display_as('client_name', 'Nama');
$this->crud->display_as('client_website', 'Webiste');
$this->crud->display_as('client_image', 'Gambar');
$this->crud->display_as('client_description', 'Deskripsi');
$this->crud->display_as('client_active', 'Aktif');
$output = $this->crud->render();
$data['output'] = $output;
$data['title'] = "Data Klien";
$data['module'] = "client";
$data['page'] = "layout_crud";
$this->load->view($this->layout, $data);
}
/**
* Buguser protection
*/
protected function checkQueue()
{
global $user;
check_user();
if (LWCore::getPlanet()->galactic_jump_time > TIME_NOW) {
message('Sprungtor noch nicht abgekühlt! (Restdauer: ' . gmdate('G:i:s)', LWCore::getPlanet()->galactic_jump_time - TIME_NOW));
}
if (LWCore::getPlanet()->planet_type != 3 || LWCore::getPlanet()->quantic_jump <= 0) {
message('Kein Sprungtor vorhanden!');
}
// check
$sql = "SELECT * FROM ugml_galactic_jump_queue\r\n\t\t\t\tWHERE userID = " . WCF::getUser()->userID;
$result = WCF::getDB()->getResultList($sql);
//if(count($result) != 1 || $result[0]['time'] != $user['onlinetime'] || $result[0]['state'] != 1) message('Bug-User-Schutz, bitte erneut losschicken!');
// save
$shipStr = serialize($this->fleet);
$sql = "UPDATE ugml_galactic_jump_queue\r\n\t\t\t\tSET ships = '" . $shipStr . "',\r\n\t\t\t\t\tstate = 2,\r\n\t\t\t\t\ttime = " . TIME_NOW . "\r\n\t\t\t\tWHERE queueID = " . $result[0]['queueID'];
WCF::getDB()->registerShutdownUpdate($sql);
}
/**
* Buguser protection
*/
protected function checkQueue()
{
global $resource, $user;
check_user();
// check
$sql = "SELECT * FROM ugml_galactic_jump_queue\n\t\t\t\tWHERE userID = " . WCF::getUser()->userID;
$result = WCF::getDB()->getResultList($sql);
if (count($result) != 1 || $result[0]['time'] != $user['onlinetime'] || $result[0]['state'] != 3) {
message('Bug-User-Schutz, bitte erneut losschicken!');
}
$this->fleet = unserialize($result[0]['ships']);
foreach ($this->fleet as $shipTypeID => $count) {
if (LWCore::getPlanet()->{$resource[$shipTypeID]} < $count) {
message('Zu viele Schiffe ausgewählt!');
}
}
$this->moonObj = Planet::getInstance($result[0]['endPlanetID']);
// save
$sql = "DELETE FROM ugml_galactic_jump_queue\n\t\t\t\tWHERE queueID = " . $result[0]['queueID'];
WCF::getDB()->registerShutdownUpdate($sql);
}
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
WOT Game is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with WOT Game. If not, see <http://www.gnu.org/licenses/>.
*/
define('INSIDE', true);
$ugamela_root_path = '../';
include $ugamela_root_path . 'extension.inc';
include $ugamela_root_path . 'common.' . $phpEx;
if (!check_user()) {
header("Location: login.php");
die;
}
require_once WCF_DIR . 'lib/util/ArrayUtil.class.php';
require_once LW_DIR . 'lib/data/account/PBU.class.php';
// TODO: dirty :(
if (!defined('SERVER_ID')) {
define('SERVER_ID', 0);
}
if (isset($_REQUEST['userID'])) {
$userID = intval($_REQUEST['userID']);
pbuUser($userID);
} else {
if (isset($_REQUEST['userIDs'])) {
$userIDs = explode(',', $_REQUEST['userIDs']);
if ($count > 1) {
foreach ($res as $value) {
$rows[] = $value;
}
}
$parameter = 'action=photo&doing=view_photo&photo_id=7&';
$pagebar = pagebar(get_self(), $parameter, $page_current, $page_size, $count);
$smarty = new smarty();
smarty_header();
$smarty->assign('pagebar', $pagebar);
$smarty->assign('photo', $rows);
$smarty->display('admin_photo_list.html');
}
if ($doing == 'manage_photo') {
check_browser();
check_user();
$format = "SELECT * FROM `{$db_prefix}photo`";
$query = $db->query($format);
$page_size = 10;
$page_current = isset($_GET['page']) && is_numeric($_GET['page']) ? intval($_GET['page']) : 1;
$count = $db->getCount($format);
$res = $db->getAll($format . " LIMIT " . ($page_current - 1) * $page_size . "," . $page_size);
$rows = array();
if ($count > 1) {
foreach ($res as $value) {
$rows[] = $value;
}
}
$parameter = 'action=photo&doing=manage_photo&';
$pagebar = pagebar(get_self(), $parameter, $page_current, $page_size, $count);
$smarty = new smarty();
<?php
/*************************************/
/* ezRPG script */
/* Written by Zeggy */
/* http://www.ezrpgproject.com */
/*************************************/
include "lib.php";
define("PAGENAME", $lang['page_members']);
$player = check_user($secret_key, $db);
$limit = !isset($_GET['limit']) ? intval($setting->members_default_limit) : intval($_GET['limit']);
//Use default limit or user-selected limit
$page = intval($_GET['page']) == 0 ? 1 : intval($_GET['page']);
//Start on page 1 or $_GET['page']
$begin = $limit * $page - $limit;
//Starting point for query
$total_players = $db->getone("select count(ID) as `count` from `players`");
include "templates/private_header.php";
//*********************************//
//Start of pagination chunk, displaying page numbers and links
//Display 'Previous' link
echo $page != 1 ? "<a href=\"members.php?limit=" . $limit . "&page=" . ($page - 1) . "\">" . $lang['keyword_previous'] . "</a> | " : $lang['keyword_previous'] . " | ";
$numpages = $total_players / $limit;
for ($i = 1; $i <= $numpages; $i++) {
//Display page numbers
echo $i == $page ? $i . " | " : "<a href=\"members.php?limit=" . $limit . "&page=" . $i . "\">" . $i . "</a> | ";
}
if ($total_players % $limit != 0) {
//Display last page number if there are left-over users in the query
echo $i == $page ? $i . " | " : "<a href=\"members.php?limit=" . $limit . "&page=" . $i . "\">" . $i . "</a> | ";
}
<?php
require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
exit;
}
$sql = 'INSERT INTO task SET Story_AID="' . $_GET['AID'] . '", task.User_ID="' . $_GET['user'] . '", task.Rank="30000' . '", task.Desc="' . mysqli_real_escape_string($DBConn, $_GET['desc']) . '", Done="0' . '", Expected_Hours="' . $_GET['exph'] . '", Actual_Hours="' . $_GET['acth'] . '";';
mysqli_query($DBConn, $sql);
auditit($_GET['PID'], $_GET['AID'], $_SESSION['Email'], 'Added task', $_GET['desc'] . ' Assign to:' . Get_User($_GET['user']) . ' Expect. h:' . $_GET['exph'] . ' Act. h:' . $_GET['acth']);
<?php
include 'connection.php';
include 'uni-auth.php';
if (!USER_LOGGED || !check_user($UserID, $conn)) {
header("Location: index.php");
} else {
?>
<!DOCTYPE>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="stylesheet" type="text/css" href="./styles/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="./styles/bootstrap-styles.css">
<link rel="stylesheet" type="text/css" href="./styles/style.css">
<script src="./js/jQuery/jquery-2.2.0.min.js"></script>
<title>Далекобій</title>
</head>
<body class='main_pt them'>
<?php
include 'header.php';
?>
<div id="wrapper">
<div class="db-table">
<table class="table">
<thead class="thead-inverse">
<tr>
<th>#</th>
<th>First Name</th>
<th>Last Name</th>
<th>Username</th>
public function send_change_mobile_verify_code()
{
if (app_conf("SMS_ON") == 0) {
$data['status'] = 0;
$data['info'] = "短信未开启";
ajax_return($data);
}
$mobile = addslashes(htmlspecialchars(trim($_REQUEST['mobile'])));
$step = intval($_REQUEST['step']);
$old_mobile = $GLOBALS["user_info"]['mobile'];
if ($step == 1) {
if ($old_mobile == $mobile) {
$data['status'] = 0;
$data['info'] = "你输入的手机号与原先一样";
ajax_return($data);
}
$m_count = $GLOBALS['db']->getOne("select count(*) from " . DB_PREFIX . "user where mobile='" . $mobile . "' ");
if ($m_count > 0) {
$data['status'] = 0;
$data['info'] = "你输入的手机号已存在";
ajax_return($data);
}
} elseif ($step == 2) {
//单纯发送验证短信
if ($mobile == '') {
$mobile = $GLOBALS["user_info"]['mobile'];
}
} elseif ($step == 0) {
$m_count = $GLOBALS['db']->getOne("select count(*) from " . DB_PREFIX . "user where mobile='" . $mobile . "' ");
if (!$m_count) {
$data['status'] = 0;
$data['info'] = "你输入的手机号非会员手机号";
ajax_return($data);
}
}
if ($mobile == '') {
$data['status'] = 0;
$data['info'] = "请输入你的手机号";
ajax_return($data);
}
if (!check_mobile($mobile)) {
$data['status'] = 0;
$data['info'] = "请填写正确的手机号码";
ajax_return($data);
}
$field_name = addslashes(trim($_REQUEST['mobile']));
$field_data = $mobile;
require_once APP_ROOT_PATH . "system/libs/user.php";
$res = check_user($field_name, $field_data);
$result = array("status" => 1, "info" => '');
//添加参数控制短信验证码发送速度
$msm_op_limit = 10;
if (!check_ipop_limit(get_client_ip(), "mobile_verify_" . $step, $msm_op_limit, 0)) {
$data['status'] = 0;
$data['info'] = "发送速度太快了";
ajax_return($data);
}
if ($GLOBALS['db']->getOne("select count(*) from " . DB_PREFIX . "mobile_verify_code where mobile = '" . $mobile . "' and client_ip='" . get_client_ip() . "' and create_time>=" . (get_gmtime() - $msm_op_limit) . " ORDER BY id DESC") > 0) {
$data['status'] = 0;
$data['info'] = "发送速度太快了";
ajax_return($data);
}
$n_time = get_gmtime() - 300;
//删除超过5分钟的验证码
$GLOBALS['db']->query("DELETE FROM " . DB_PREFIX . "mobile_verify_code WHERE create_time <=" . $n_time);
//开始生成手机验证
$code = rand(100000, 999999);
$GLOBALS['db']->autoExecute(DB_PREFIX . "mobile_verify_code", array("verify_code" => $code, "mobile" => $mobile, "create_time" => get_gmtime(), "client_ip" => get_client_ip()), "INSERT");
send_verify_sms($mobile, $code);
$data['status'] = 1;
$data['info'] = "验证码发送成功";
ajax_return($data);
}
$conn = connect_to_db();
//if we got some post data try to register the user
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['repassword']) && isset($_POST['firstname']) && isset($_POST['lastname'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$repassword = $_POST['repassword'];
$first = $_POST['firstname'];
$last = $_POST['lastname'];
if ($username == "") {
//blank user name
$error = "Username must not be blank.";
} else {
if (strlen($username) > 64) {
$error = "Username cannot be longer than 64 characters.";
} else {
if (check_user($conn, strtolower($username))) {
//check if user exists
$error = "That username already exists.";
} else {
if ($password == "") {
$error = "Password must not be blank.";
} else {
if ($first == "") {
$error = "First Name must not be blank.";
} else {
if ($last == "") {
$error = "Last Name must not be blank.";
} else {
if ($password != $repassword) {
$error = "Passwords do not match.";
}
<?php
session_start();
include("./uni-auth.php");
header("Content-Type: text/html; charset=utf-8");
if (USER_LOGGED) {
if (!check_user($UserID, $link)) logout();
$name = $_POST["route_id"];
$date = $_POST["date"];
$bus = $_POST["bus_id"];
$name = mysqli_real_escape_string($link, $name);
$bus = mysqli_real_escape_string($link, $bus);
$date1 = strtotime($date);
$date2 = date("Y-m-d", $date1);
$date_month = date("Y-m", $date1);
if ($name && $date && $bus) {
$query = "SELECT place_count FROM bus WHERE id_bus = $bus";
if (!($result = mysqli_query($link, $query))) {
die ('Error: ' . mysqli_error($link));
}
$row = mysqli_fetch_assoc($result);
$count_place = $row['place_count'];
if (isset($_POST["add"])) {
$query = "INSERT INTO trip(id_route, id_bus, date, freeplace) VALUES($name, $bus, '$date2', $count_place);";
if (!($result = mysqli_query($link, $query))) {
die ('Error: ' . mysqli_error($link));
}
} elseif (isset($_POST["add_month"])) {
} else {
if (!password_verify($passwortAlt, $user['passwort'])) {
$error_msg = "Bitte korrektes Passwort eingeben.";
} else {
$passwort_hash = password_hash($passwortNeu, PASSWORD_DEFAULT);
$statement = $pdo->prepare("UPDATE users SET passwort = :passwort WHERE id = :userid");
$result = $statement->execute(array('passwort' => $passwort_hash, 'userid' => $user['id']));
$success_msg = "Passwort erfolgreich gespeichert.";
}
}
}
}
}
}
}
$user = check_user();
?>
<div class="container main-container">
<h1>Einstellungen</h1>
<?php
if (isset($success_msg) && !empty($success_msg)) {
?>
<div class="alert alert-success">
<a href="#" class="close" data-dismiss="alert" aria-label="close">×</a>
<?php
echo $success_msg;
?>
</div>
private function mobile_register_check_all()
{
$user_name = strim($_REQUEST['user_name']);
$mobile = strim($_REQUEST['mobile']);
$user_pwd = strim($_REQUEST['user_pwd']);
$confirm_user_pwd = strim($_REQUEST['confirm_user_pwd']);
$data = array();
require_once APP_ROOT_PATH . "system/libs/user.php";
$user_name_result = check_user("user_name", $user_name);
if ($user_name_result['status'] == 0) {
if ($user_name_result['data']['error'] == EMPTY_ERROR) {
$error = "不能为空";
$type = "form_tip";
}
if ($user_name_result['data']['error'] == FORMAT_ERROR) {
$error = "格式有误";
$type = "form_error";
}
if ($user_name_result['data']['error'] == EXIST_ERROR) {
$error = "已存在";
$type = "form_error";
}
$data[] = array("type" => $type, "field" => "user_name", "info" => "会员帐号" . $error);
} else {
$data[] = array("type" => "form_success", "field" => "user_name", "info" => "");
}
$mobile_result = check_user("mobile", $mobile);
if ($mobile_result['status'] == 0) {
if ($mobile_result['data']['error'] == EMPTY_ERROR) {
$error = "不能为空";
$type = "form_tip";
}
if ($mobile_result['data']['error'] == FORMAT_ERROR) {
$error = "格式有误";
$type = "form_error";
}
if ($mobile_result['data']['error'] == EXIST_ERROR) {
$error = "已存在";
$type = "form_error";
}
$data[] = array("type" => $type, "field" => "mobile", "info" => "手机号码" . $error);
} else {
$data[] = array("type" => "form_success", "field" => "mobile", "info" => "");
}
if ($user_pwd == "") {
$user_pwd_result['status'] = 0;
$data[] = array("type" => "form_tip", "field" => "user_pwd", "info" => "请输入会员密码");
} elseif (strlen($user_pwd) < 8) {
$user_pwd_result['status'] = 0;
$data[] = array("type" => "form_error", "field" => "user_pwd", "info" => "密码不得小于八位");
} else {
$user_pwd_result['status'] = 1;
$data[] = array("type" => "form_success", "field" => "user_pwd", "info" => "");
}
if ($user_pwd == $confirm_user_pwd) {
$confirm_user_pwd_result['status'] = 1;
$data[] = array("type" => "form_success", "field" => "confirm_user_pwd", "info" => "");
} else {
$confirm_user_pwd_result['status'] = 0;
$data[] = array("type" => "form_error", "field" => "confirm_user_pwd", "info" => "确认密码失败");
}
if ($mobile_result['status'] == 1 && $user_name_result['status'] == 1 && $user_pwd_result['status'] == 1 && $confirm_user_pwd_result['status'] == 1) {
$return = array("status" => 1);
} else {
$return = array("status" => 0, "data" => $data, "info" => "");
}
return $return;
}
<?php
include "init.php";
//ROOT_URL./api.php?app=begin & account=douban
switch ($_GET['app']) {
case "begin":
$douban = new DoubanOAuth($douban_consumer_key, $douban_consumer_secret);
$tok = $douban->getRequestToken();
$url = $douban->getAuthorizeURL($tok['oauth_token']) . "&oauth_callback=";
//$url .= $_SEVERAL[PHP_SELF]."?request_token=".$tok['oauth_token']."&request_token_secret=".$tok['oauth_token_secret'];
$arr = array_merge($tok, array("url" => $url));
$out = json_encode($arr);
echo $out;
break;
case "access":
$tok = $_GET["request_token"];
$tok_s = $_GET["request_token_secret"];
$douban = new DoubanOAuth($douban_consumer_key, $douban_consumer_secret, $tok, $tok_s);
$access = $douban->getAccessToken();
$out = json_encode($access);
if (!check_user("douban", $access['douban_user_id'])) {
add_user("douban", $access['douban_user_id']);
}
echo $out;
break;
}
exit;
/********************************************** AJAX PROFILE ***************************************************/
/********************************************** AJAX PROFILE ***************************************************/
/********************************************** AJAX PROFILE ***************************************************/
/********************************************** AJAX PROFILE ***************************************************/
/********************************************** AJAX PROFILE ***************************************************/
/********************************************** AJAX PROFILE ***************************************************/
/********************************************** AJAX PROFILE ***************************************************/
/********************************************** AJAX PROFILE ***************************************************/
/********************************************** AJAX PROFILE ***************************************************/
case "login":
////Login
if (isset($_POST["mail_"]) && isset($_POST["pass_"])) {
if (isset($_POST["name_"]) && isset($_POST["last_"])) {
$user_id = create_user_new($_POST["name_"], $_POST["last_"], $_POST["mail_"], $_POST["pass_"]);
} else {
$user_id = check_user($_POST["mail_"], $_POST["pass_"]);
}
if ($user_id == 0) {
?>
<input type="text" id="txt_ver1" class="form-control" value="0" aria-describedby="basic-addon4" >
<?php
$_SESSION = array();
} else {
$_SESSION = array();
?>
<input type="text" id="txt_ver1" class="form-control" value="<?php
echo $user_id;
?>
" aria-describedby="basic-addon4" >
<?php
session_start();
<?php
include("functions/session.php");
startSession();
include('auth/auth.php');
if(USER_LOGGED) {
if(!check_user($UserID)) logout();
include("main.php");
}
else
{
?>
<!DOCTYPE html>
<html lang="en" id="">
<head>
<meta charset="UTF-8">
<title>Document</title>
</head>
<body>
<p class="auth_n">Авторизуйтесь</p>
<form method="POST" action="index.php">
<input type="text" name="user" placeholder="Логин"></div>
<input type="password" name="pass" placeholder="Пароль"></div>
<input type="submit" name="login" value="Войти">
</form>
</body>
</html>
<?
}
?>
session_destroy();
header("Location: index.php");
exit;
}
if ($_GET['action'] == "login") {
$check_info = 1;
if (!empty($_POST['username'])) {
$_POST['username'] = safe_convert(strip_tags($_POST['username']));
}
if (!empty($_POST['password'])) {
$_POST['password'] = safe_convert($_POST['password']);
}
if (!empty($_POST['validate'])) {
$_POST['validate'] = safe_convert($_POST['validate']);
}
if (check_user($_POST['username']) == 0) {
$ActionMessage = $strUserLengMax;
$check_info = 0;
}
if ($check_info == 1 && check_password($_POST['password']) == 0) {
$ActionMessage = $strPasswordAlert;
$check_info = 0;
}
if ($check_info == 1 && (empty($_POST['validate']) || $_POST['validate'] != $_SESSION['backValidate']) && $settingInfo['uservalid'] == 1) {
$ActionMessage = $strLoginValidateError;
$check_info = 0;
} else {
$_SESSION['backValidate'] = "";
//把验证码清除
}
if ($check_info == 1) {
/**
* Löscht entweder eine Projekt zu Ressource oder Phase zu Ressource Zuordnung
* @param type $username
* @param type $passwort
* @param type $projektRessource
* @return \SoapFault
*/
function deleteProjektRessource($username, $passwort, $projektRessource)
{
if (!($user = check_user($username, $passwort))) {
return new SoapFault("Server", "Invalid Credentials");
}
$recht = new benutzerberechtigung();
$recht->getBerechtigungen($user);
// if(!$rechte->isBerechtigt('planner', null, 'sui'))
// return new SoapFault("Server", "Sie haben keine Berechtigung zum Speichern von Projekten.");
$ressource = new ressource();
if ($projektRessource->projektphase_id != '') {
// von Projektphase löschen
if ($ressource->deleteFromPhase($projektRessource->ressource_id, $projektRessource->projektphase_id)) {
return "Erfolg";
} else {
return "Fehler beim Löschen";
}
} else {
// von Projekt löschen
if ($ressource->deleteFromProjekt($projektRessource->ressource_id, $projektRessource->projekt_kurzbz)) {
return "Erfolg";
} else {
return "Fehler beim Löschen";
}
}
}
6.echo back.
*/
$error = $username = $password = "";
if (isset($_SESSION['user'])) {
destroySession();
}
if (isset($_POST['user'])) {
$username = sanitizeString($_POST['user']);
}
if (isset($_POST['pass'])) {
$password = sanitizeString($_POST['pass']);
}
//set validation variable
$fail = validate_username($username);
$fail .= validate_password($password);
$fail .= check_user($username);
//validate received post data
if ($fail == "") {
//enter the posted fields(username,password) into a database,using hash encryption for the password.
$salt1 = "qm&h*";
$salt2 = "pg!@";
$token = hash('ripemd128', "{$salt1}{$password}{$salt2}");
$score = '';
add_user($connection, $username, $token, $score);
$fail = "Signed up successfully";
}
//validate username
function validate_username($field)
{
if ($field == "") {
return "No Username was entered<br>";
