function checklogin($username, $password)
{
$username = trim($username);
$usernameN = strip_tags($username);
if ($usernameN != $username) {
throw new Exception("Inserted Username is not valid");
}
$username = strtolower($username);
$password = clearInput($password);
if ($username == "" || $password == "") {
throw new Exception("Username and Password cannot be empty");
}
if (strlen($username) > 20) {
throw new Exception("Username cannot be longer then 20 chars");
}
$utente = new User($username);
if (!$utente->IsValid()) {
throw new Exception("User is not valid or it's not active");
}
if ($utente->HasPassword($password)) {
return TRUE;
} else {
throw new Exception("Invalid Password");
}
}
<?php
require_once 'lib.php';
if (isset($_GET['file'])) {
//Получение названия файла
$edit_file = clearInput($_GET['file'], 's');
// Проверка на наличие файла в папке
if (!check_file($edit_file, $files)) {
$errors[] = "Sorry, but file does not exist";
}
}
?>
<!doctype html>
<html lang="ru">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=1000">
<title>Просмотр</title>
<link rel="stylesheet" href="css/normalize.css">
<link rel="stylesheet" href="css/main.css">
</head>
<body>
<div class="wrap">
<div class="container">
<h3>Просмотр текста</h3>
<div>
<?php
echo file_read($edit_file);
?>
</div>
require_once 'lib.php';
$form = false;
if (isset($_GET['file'])) {
//Получение названия файла
$edit_file = clearInput($_GET['file'], 's');
// Проверка на наличие файла в папке
if (check_file($edit_file, $files)) {
$form = true;
} else {
$errors[] = "Такого файла не существует!";
}
}
if ($_POST) {
$file_name_new = clearInput($_POST['file_name'], 's');
$file_text = clearInput($_POST['file_text'], 's');
$old_name = clearInput($_POST['old_name'], 's');
if ($file_name_new && $file_text && $old_name) {
if (!file_write($old_name, $file_text)) {
$errors[] = 'Нет прав для записи';
} else {
$success[] = 'Текст успешно изменен';
}
if ($old_name != $file_name_new) {
if (rename(DIR . $old_name, DIR . $file_name_new)) {
$success[] = 'Файл успешно перееименован';
}
}
} else {
$errors[] = 'Заполните все поля!';
}
}
<?php
require_once 'lib.php';
$form = true;
if ($_POST) {
$file_name = clearInput($_POST['file_name'], 's');
$file_text = clearInput($_POST['file_text'], 's');
if ($file_name && $file_text) {
if (!add_file($file_name, $file_text)) {
$errors[] = 'Нет прав для записи';
} else {
$success[] = 'Файл успешно добавлен';
$form = false;
}
} else {
$errors[] = 'Заполните все поля!';
}
}
?>
<!doctype html>
<html lang="ru">
<head>
<meta charset="UTF-8">
<title>Добавление файла</title>
<meta name="viewport" content="width=1000">
<link rel="stylesheet" href="css/normalize.css">
<link rel="stylesheet" href="css/main.css">
</head>
<body>
<div class="wrap">
} else {
//TODO check session duration
try {
$user = new User($_SESSION['USERNAME']);
if (!$user->IsAdmin()) {
//TODO Reporting through logger
throw new Exception("You have not admin permissions, this abuse will be reported");
} else {
if (isset($_POST['USERNAME']) && isset($_POST['PWD']) && isset($_POST['PWDR'])) {
if ($_POST['USERNAME'] == "" || $_POST['PWD'] == "" || $_POST['PWDR'] == "") {
throw new Exception("Fields cannot be empty");
}
if ($_POST['PWD'] != $_POST['PWDR']) {
throw new Exception("Two passwords are different");
}
$username = clearInput($_POST['USERNAME']);
$usernameN = strip_tags($username);
if ($usernameN != $username) {
throw new Exception("Inserted Username is not valid");
}
$username = strtolower($username);
$new = new User();
$new->SetID($username);
$new->SetPassword($_POST['PWD']);
$new->SetAdmin(isset($_POST['ADMIN']));
$new->SetValid(TRUE);
$new->Save();
$msg = "User added successfully";
}
}
} catch (Exception $e) {
//TODO check session duration
try {
$user = new User($_SESSION['USERNAME']);
if (!$user->IsAdmin()) {
//TODO Reporting through logger
throw new Exception("You have not admin permissions, this abuse will be reported");
} else {
if (isset($_POST['USERNAME'])) {
if ($_POST['USERNAME'] == "") {
throw new Exception("You Have to Select an Username");
}
if ($_POST['SCRIPT'] == "") {
throw new Exception("You Have to Select an Username");
}
$username = clearInput($_POST['USERNAME']);
$scriptId = clearInput($_POST['SCRIPT']);
$usernameN = strip_tags($username);
if ($usernameN != $username) {
throw new Exception("Inserted Username is not valid");
}
if (!is_numeric($scriptId)) {
throw new Exception("Inserted Script id is not valid");
}
$username = strtolower($username);
$u = new User($username);
$script = new Script($scriptId);
$u->authorize($script);
$msg = "User successfully authorized";
}
}
} catch (Exception $e) {
<?php
require_once 'db.php';
require_once 'lib.php';
if (isset($_POST['tables_name']) && isset($_POST['format'])) {
$table_name = clearInput($_POST['tables_name'], 's');
$format = clearInput($_POST['format'], 's');
export($table_name, $format, $dbh);
}
