function checklogin($username, $password) { $username = trim($username); $usernameN = strip_tags($username); if ($usernameN != $username) { throw new Exception("Inserted Username is not valid"); } $username = strtolower($username); $password = clearInput($password); if ($username == "" || $password == "") { throw new Exception("Username and Password cannot be empty"); } if (strlen($username) > 20) { throw new Exception("Username cannot be longer then 20 chars"); } $utente = new User($username); if (!$utente->IsValid()) { throw new Exception("User is not valid or it's not active"); } if ($utente->HasPassword($password)) { return TRUE; } else { throw new Exception("Invalid Password"); } }
<?php require_once 'lib.php'; if (isset($_GET['file'])) { //Получение названия файла $edit_file = clearInput($_GET['file'], 's'); // Проверка на наличие файла в папке if (!check_file($edit_file, $files)) { $errors[] = "Sorry, but file does not exist"; } } ?> <!doctype html> <html lang="ru"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=1000"> <title>Просмотр</title> <link rel="stylesheet" href="css/normalize.css"> <link rel="stylesheet" href="css/main.css"> </head> <body> <div class="wrap"> <div class="container"> <h3>Просмотр текста</h3> <div> <?php echo file_read($edit_file); ?> </div>
require_once 'lib.php'; $form = false; if (isset($_GET['file'])) { //Получение названия файла $edit_file = clearInput($_GET['file'], 's'); // Проверка на наличие файла в папке if (check_file($edit_file, $files)) { $form = true; } else { $errors[] = "Такого файла не существует!"; } } if ($_POST) { $file_name_new = clearInput($_POST['file_name'], 's'); $file_text = clearInput($_POST['file_text'], 's'); $old_name = clearInput($_POST['old_name'], 's'); if ($file_name_new && $file_text && $old_name) { if (!file_write($old_name, $file_text)) { $errors[] = 'Нет прав для записи'; } else { $success[] = 'Текст успешно изменен'; } if ($old_name != $file_name_new) { if (rename(DIR . $old_name, DIR . $file_name_new)) { $success[] = 'Файл успешно перееименован'; } } } else { $errors[] = 'Заполните все поля!'; } }
<?php require_once 'lib.php'; $form = true; if ($_POST) { $file_name = clearInput($_POST['file_name'], 's'); $file_text = clearInput($_POST['file_text'], 's'); if ($file_name && $file_text) { if (!add_file($file_name, $file_text)) { $errors[] = 'Нет прав для записи'; } else { $success[] = 'Файл успешно добавлен'; $form = false; } } else { $errors[] = 'Заполните все поля!'; } } ?> <!doctype html> <html lang="ru"> <head> <meta charset="UTF-8"> <title>Добавление файла</title> <meta name="viewport" content="width=1000"> <link rel="stylesheet" href="css/normalize.css"> <link rel="stylesheet" href="css/main.css"> </head> <body> <div class="wrap">
} else { //TODO check session duration try { $user = new User($_SESSION['USERNAME']); if (!$user->IsAdmin()) { //TODO Reporting through logger throw new Exception("You have not admin permissions, this abuse will be reported"); } else { if (isset($_POST['USERNAME']) && isset($_POST['PWD']) && isset($_POST['PWDR'])) { if ($_POST['USERNAME'] == "" || $_POST['PWD'] == "" || $_POST['PWDR'] == "") { throw new Exception("Fields cannot be empty"); } if ($_POST['PWD'] != $_POST['PWDR']) { throw new Exception("Two passwords are different"); } $username = clearInput($_POST['USERNAME']); $usernameN = strip_tags($username); if ($usernameN != $username) { throw new Exception("Inserted Username is not valid"); } $username = strtolower($username); $new = new User(); $new->SetID($username); $new->SetPassword($_POST['PWD']); $new->SetAdmin(isset($_POST['ADMIN'])); $new->SetValid(TRUE); $new->Save(); $msg = "User added successfully"; } } } catch (Exception $e) {
//TODO check session duration try { $user = new User($_SESSION['USERNAME']); if (!$user->IsAdmin()) { //TODO Reporting through logger throw new Exception("You have not admin permissions, this abuse will be reported"); } else { if (isset($_POST['USERNAME'])) { if ($_POST['USERNAME'] == "") { throw new Exception("You Have to Select an Username"); } if ($_POST['SCRIPT'] == "") { throw new Exception("You Have to Select an Username"); } $username = clearInput($_POST['USERNAME']); $scriptId = clearInput($_POST['SCRIPT']); $usernameN = strip_tags($username); if ($usernameN != $username) { throw new Exception("Inserted Username is not valid"); } if (!is_numeric($scriptId)) { throw new Exception("Inserted Script id is not valid"); } $username = strtolower($username); $u = new User($username); $script = new Script($scriptId); $u->authorize($script); $msg = "User successfully authorized"; } } } catch (Exception $e) {
<?php require_once 'db.php'; require_once 'lib.php'; if (isset($_POST['tables_name']) && isset($_POST['format'])) { $table_name = clearInput($_POST['tables_name'], 's'); $format = clearInput($_POST['format'], 's'); export($table_name, $format, $dbh); }