function onAuthenticate($credentials, $options = null)
{
// Check Login
//------------------------------------------------------------------------------
$data = find_user($credentials['username'], $credentials['password']);
if ($data == NULL) {
return false;
}
// Set Login
$_SESSION['credentials_extplorer']['username'] = $data[0];
$_SESSION['credentials_extplorer']['password'] = $data[1];
$_SESSION['file_mode'] = 'extplorer';
$GLOBALS["home_dir"] = str_replace('\\', '/', $data[2]);
$GLOBALS["home_url"] = $data[3];
$GLOBALS["show_hidden"] = $data[4];
$GLOBALS["no_access"] = $data[5];
$GLOBALS["permissions"] = $data[6];
return true;
}
function check_password($user_id, $pass)
{
//$tmp = phpinfo();
//error_exit($tmp);
$arr = find_user($user_id, $pass);
if ($arr == false) {
return false;
} else {
//session_start();
if (!isset($_SESSION['user_id'])) {
//global $user_id;
//$_SESSION["perm"] = $arr["perm"];
$_SESSION['user_info'] = $arr;
//同じページ内で処理する場合(?)、session_register では登録した変数が空になる
//session_register(perm);
//$user = $_SESSION["user_id"];
//error_exit($user);
}
return true;
}
}
<?php
require_once "../inc/session.php";
require_once "../inc/db_conn.php";
require_once "../inc/functions.php";
?>
<h2><a href="vasmar.php">Vasco - Margao</a></h2>
<table>
<thead>
<tr>
<th>Username</th>
</tr>
</thead>
<tbody>
<?php
$user_set = find_user("Vasco", "Margao", 60);
while ($user = mysqli_fetch_assoc($user_set)) {
echo "<tr>";
echo "<td>" . $user['username'] . "</td>";
echo "</tr>";
}
?>
</tbody>
</table>
<h2><a href="index.php">Home</a></h2>
function user_exists($user)
{
return find_user($user)->numRows() > 0;
}
function edituser($dir)
{
// Edit User
$user = stripslashes($GLOBALS['__POST']["nuser"]);
$data = find_user($user, NULL);
if ($data == NULL) {
ext_Result::sendResult('edituser', false, $user . ": " . $GLOBALS["error_msg"]["miscnofinduser"]);
}
if ($self = $user == $GLOBALS['__SESSION']['credentials_extplorer']['username']) {
$dir = "";
}
if (isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"] == "true") {
$nuser = stripslashes($GLOBALS['__POST']["nuser"]);
if ($nuser == "" || $GLOBALS['__POST']["home_dir"] == "") {
ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscfieldmissed"]);
}
if (isset($GLOBALS['__POST']["chpass"]) && $GLOBALS['__POST']["chpass"] == "true") {
if ($GLOBALS['__POST']["pass1"] != $GLOBALS['__POST']["pass2"]) {
ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscnopassmatch"]);
}
$pass = extEncodePassword(stripslashes($GLOBALS['__POST']["pass1"]));
} else {
$pass = $data[1];
}
if ($self) {
$GLOBALS['__POST']["active"] = 1;
}
$data = array($nuser, $pass, stripslashes($GLOBALS['__POST']["home_dir"]), stripslashes($GLOBALS['__POST']["home_url"]), $GLOBALS['__POST']["show_hidden"], stripslashes($GLOBALS['__POST']["no_access"]), $GLOBALS['__POST']["permissions"], $GLOBALS['__POST']["active"]);
if (!update_user($user, $data)) {
ext_Result::sendResult('edituser', false, $user . ": " . $GLOBALS["error_msg"]["saveuser"]);
}
/*if($self) {
activate_user($nuser,NULL);
}*/
ext_Result::sendResult('edituser', true, $user . ": " . ext_Lang::msg('User Profile has been updated'));
}
show_userform($data);
}
// we know we're good to go.
ldap_auth();
// The file to be downloaded is looked up using the job ID and the
// job ID is specified as a GET var
$_GET_lower = array_change_key_case($_GET, CASE_LOWER);
$jobid = $_GET_lower['jobid'];
if (!$jobid) {
// Job ID must be specified on the command line
header('HTTP/1.1 400 Bad Request');
echo "JobID parameter not specified in the requested URL<BR/>\n";
return;
}
try {
$pdo = open_db();
// Check to see if the user is asking about one of his own jobs
$user = find_user($pdo, $jobid);
if ($user === false) {
header('HTTP/1.1 404 Not Found');
echo "Job ID {$jobid} does not exist.<BR/>\n";
return;
}
if ($user != $_SERVER['PHP_AUTH_USER']) {
header('HTTP/1.1 403 Forbidden');
echo "Job ID {$jobid} not owned by {$_SERVER['PHP_AUTH_USER']}.<BR/>\n";
// Strictly speaking, this is something of a security hole in that
// it confirms the existance of a job that the user doesn't own.
// That info is probably available elsewhere - showq and such - so
// we're probably ok here.
return;
}
$outfile = find_output_file($pdo, $jobid);
<?php
require_once "../inc/session.php";
require_once "../inc/db_conn.php";
require_once "../inc/functions.php";
?>
<h2><a href="panmar.php">Panaji - Margao</a></h2>
<table>
<thead>
<tr>
<th>Username</th>
</tr>
</thead>
<tbody>
<?php
$user_set = find_user("Panaji", "Margao");
while ($user = mysqli_fetch_assoc($user_set)) {
echo "<tr>";
echo "<td>" . $user['username'] . "</td>";
echo "</tr>";
}
?>
</tbody>
</table>
<h2><a href="index.php">Home</a></h2>
function edituser($dir)
{
// Edit User
$user = stripslashes($GLOBALS['__POST']["user"]);
$data = find_user($user, NULL);
if ($data == NULL) {
show_error($user . ": " . $GLOBALS["error_msg"]["miscnofinduser"]);
}
if ($self = $user == $GLOBALS['__SESSION']["s_user"]) {
$dir = "";
}
if (isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"] == "true") {
$nuser = stripslashes($GLOBALS['__POST']["nuser"]);
if ($nuser == "" || $GLOBALS['__POST']["home_dir"] == "") {
show_error($GLOBALS["error_msg"]["miscfieldmissed"]);
}
if (isset($GLOBALS['__POST']["chpass"]) && $GLOBALS['__POST']["chpass"] == "true") {
if ($GLOBALS['__POST']["pass1"] != $GLOBALS['__POST']["pass2"]) {
show_error($GLOBALS["error_msg"]["miscnopassmatch"]);
}
$pass = md5(stripslashes($GLOBALS['__POST']["pass1"]));
} else {
$pass = $data[1];
}
if ($self) {
$GLOBALS['__POST']["active"] = 1;
}
$data = array($nuser, $pass, stripslashes($GLOBALS['__POST']["home_dir"]), stripslashes($GLOBALS['__POST']["home_url"]), $GLOBALS['__POST']["show_hidden"], stripslashes($GLOBALS['__POST']["no_access"]), $GLOBALS['__POST']["permissions"], $GLOBALS['__POST']["active"]);
if (!update_user($user, $data)) {
show_error($user . ": " . $GLOBALS["error_msg"]["saveuser"]);
}
if ($self) {
activate_user($nuser, NULL);
}
header("location: " . make_link("admin", $dir, NULL));
return;
}
show_header($GLOBALS["messages"]["actadmin"] . ": " . sprintf($GLOBALS["messages"]["miscedituser"], $data[0]));
// Javascript functions:
include "./.include/js_admin3.php";
echo "<FORM name=\"edituser\" action=\"" . make_link("admin", $dir, NULL) . "&action2=edituser\" method=\"post\">\n";
echo "<INPUT type=\"hidden\" name=\"confirm\" value=\"true\"><INPUT type=\"hidden\" name=\"user\" value=\"" . $data[0] . "\">\n";
echo "<BR><TABLE width=\"450\">\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscusername"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type\"text\" name=\"nuser\" size=\"30\" value=\"";
echo $data[0] . "\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscconfpass"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass1\" size=\"30\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscconfnewpass"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass2\" size=\"30\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscchpass"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"checkbox\" name=\"chpass\" value=\"true\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["mischomedir"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_dir\" size=\"30\" value=\"";
echo $data[2] . "\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["mischomeurl"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_url\" size=\"30\" value=\"";
echo $data[3] . "\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscshowhidden"] . ":</TD>";
echo "<TD align=\"right\"><SELECT name=\"show_hidden\">\n";
echo "<OPTION value=\"0\">" . $GLOBALS["messages"]["miscyesno"][1] . "</OPTION>";
echo "<OPTION value=\"1\"" . ($data[4] ? " selected " : "") . ">";
echo $GLOBALS["messages"]["miscyesno"][0] . "</OPTION>\n";
echo "</SELECT></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["mischidepattern"] . ":</TD>\n";
echo "<TD align=\"right\"><INPUT type=\"text\" name=\"no_access\" size=\"30\" value=\"";
echo $data[5] . "\"></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscperms"] . ":</TD><TD align=\"right\"><SELECT name=\"permissions\">\n";
$permvalues = array(0, 1, 2, 3, 7);
for ($i = 0; $i < count($GLOBALS["messages"]["miscpermnames"]); ++$i) {
echo "<OPTION value=\"" . $permvalues[$i] . "\"" . ($permvalues[$i] == $data[6] ? " selected " : "") . ">";
echo $GLOBALS["messages"]["miscpermnames"][$i] . "</OPTION>\n";
}
echo "</SELECT></TD></TR>\n";
echo "<TR><TD>" . $GLOBALS["messages"]["miscactive"] . ":</TD>";
echo "<TD align=\"right\"><SELECT name=\"active\"" . ($self ? " DISABLED " : "") . ">\n";
echo "<OPTION value=\"1\">" . $GLOBALS["messages"]["miscyesno"][0] . "</OPTION>";
echo "<OPTION value=\"0\"" . ($data[7] ? "" : " selected ") . ">";
echo $GLOBALS["messages"]["miscyesno"][1] . "</OPTION>\n";
echo "</SELECT></TD></TR>\n";
echo "<TR><TD colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"" . $GLOBALS["messages"]["btnsave"];
echo "\" onClick=\"return check_pwd();\">\n<input type=\"button\" value=\"";
echo $GLOBALS["messages"]["btncancel"] . "\" onClick=\"javascript:location='";
echo make_link("admin", $dir, NULL) . "';\"></TD></TR></FORM></TABLE><BR>\n";
}
return $result = prepared_query($dbh, $query, $userResponse);
}
// PROCESS DATA
$user = $_SESSION["user"];
$ip = $_SERVER["REMOTE_ADDR"];
//$ipUsed = filter_var($ip, FILTER_VALIDATE_IP) ? ip_exists($ip) : true;
if (!empty($_POST)) {
$efficacyResponse = getUserResponse($_POST);
$efficacyResponse = array_merge(array($user), $efficacyResponse);
// Time stuff
$start_time = $_SESSION["es_start_time"];
$es_time = time() - $start_time;
array_push($efficacyResponse, $es_time);
$_SESSION['es_time'] = $es_time;
//for later
//if (!$ipUsed) {
add_efficacy_row($efficacyResponse);
$es_id = mysql_insert_id();
//documented php function
// Populate the user table
$get_user = fetch_row(find_user($user));
$update_user = "******";
prepared_query($dbh, $update_user, array($es_id, $user));
echo "got to end of if";
//}
// Redirect user to thank you page
$header = "Location: http://cs.wellesley.edu/~hcilab/pghci_privacy/PGHCI-Privacy-Study/pretask.php";
header($header);
//redirects user
exit;
}
require_once "../inc/functions.php";
?>
<h2><a href="travellerssc.php">Travellers S and C</a></h2>
<table>
<thead>
<tr>
<th>Username</th>
<th>Source</th>
<th>Destination</th>
<th>Price</th>
</tr>
</thead>
<tbody>
<?php
$user_set = find_user();
while ($user = mysqli_fetch_assoc($user_set)) {
echo "<tr>";
echo "<td>" . $user['username'] . "</td>";
echo "<td>" . $user['source'] . "</td>";
echo "<td>" . $user['destination'] . "</td>";
echo "<td>";
if ($user['age'] > 60) {
echo $user['price'] * (1 - 0.4) . "(S)";
} else {
if ($user['age'] < 16) {
echo $user['price'] * (1 - 0.5) . "(C)";
} else {
echo $user['price'];
}
}
function insert_user($username, $nickname = null, $password_hash = null, $phone = null, $email = null)
{
global $db;
$user_id = find_user($username);
if ($user_id) {
return $user_id;
}
$stmt = $db->prepare("INSERT INTO Users (username, nickname, password_hash, phone, email)\n VALUES (:username, :nickname, :password_hash, :phone, :email)");
try {
$stmt->execute([$username, $nickname, $password_hash, $phone, $email]);
return $db->lastInsertId();
} catch (PDOException $e) {
error_log("ERROR while insert user: " . $e->getMessage());
return false;
}
}
<?php
session_start();
if (isset($_POST["submit"])) {
$username = $_POST["username"];
$password = $_POST["password"];
if ($username != "" and $password != "") {
if ($username == "admin" and $password == "123") {
$_session['username'] = $username;
$_session['password'] = $password;
header("location:admin.php");
} else {
include "db.php";
$connectionStatu = connect_db();
$status = find_user($connectionStatu, $username, $password);
if (is_array($status)) {
$_SESSION["user"] = $status["fname"] . " " . $status["lname"];
$_SESSION["id"] = $status["id"];
$_SESSION["fname"] = $status["fname"];
$_SESSION["lname"] = $status["lname"];
$_SESSION["rollno"] = $status["rollno"];
$_SESSION["username"] = $status["username"];
$_SESSION["degree"] = $status["degree"];
$_SESSION["batch"] = $status["batch"];
$_SESSION["gender"] = $status["gender"];
$_SESSION["dob"] = $status["dob"];
$_SESSION["email"] = $status["email"];
$_SESSION["password"] = $status["password"];
$_SESSION["username"] = $username;
/*echo $_SESSION["user"]; echo $username; echo $status["fname"];
exit;*/
Flight::json($nearby);
}
});
// Allow users to mark visits to a city
Flight::route('POST /v1/users/@user/visits', function ($user) {
$city = Flight::request()->data->name;
$state = Flight::request()->data->state;
$current_city = find_city_by_name('cities.csv', $city, $state);
if (isset($current_city)) {
$city_id = $current_city->id;
write_to_visits($user, $city_id);
}
});
// Allows users to see visited cities and enter new visited cities as a query
Flight::route('GET /v1/users/@user/visits', function ($user) {
$current_user = find_user('users.csv', $user);
if (isset($current_user)) {
$user_id = $current_user->id;
// While I was developing, I used a form for the ease of UI in order to send to the POST.
// echo '<form action="/flight_challenge/v1/users/'.$user_id.'/visits" method="POST">
// City: <input type="text" name="name"><br>
// State: <input type="text" name="state"><br>
// <input type="submit" value="Submit">
// </form>';
//The below accepts query strings and adds them to the database
$city = Flight::request()->query->name;
$state = Flight::request()->query->state;
if (isset($current_user) && isset($city) && isset($state)) {
$curl = curl_post_json($user_id, $city, $state);
ChromePhp::log($curl);
} else {
</div>
<div class="row-fluid">
<div class="span6 offset3">
<form class="form-search" action="" method="post">
<input type="text" name="searchID" class="span9 search-query" placeholder="Search by ID" />
<button type="submit" class="btn">Search</button>
</form>
</div>
</div>
<div class="row" id="section_to_print" style="overflow: hidden;">
<div class="span10 offset1">
<?php
if (isset($_POST['searchID'])) {
$result = find_user($_POST['searchID']);
if (empty($result['id'])) {
?>
<div class="alert alert-error span8 offset2">
<h5 style="text-align: center;">The student was not found in the database!</h5>
</div>
<?php
} else {
?>
<table class="table table-hover">
<thead>
<tr>
<th>Student ID</th>
function edituser($dir)
{
// Edit User
$user = stripslashes($GLOBALS['__POST']["nuser"]);
$data = find_user($user, NULL);
if ($data == NULL) {
ext_Result::sendResult('edituser', false, $user . ": " . $GLOBALS["error_msg"]["miscnofinduser"]);
}
if ($self = $user == $GLOBALS['__SESSION']["s_user"]) {
$dir = "";
}
if (isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"] == "true") {
$nuser = stripslashes($GLOBALS['__POST']["nuser"]);
if ($nuser == "" || $GLOBALS['__POST']["home_dir"] == "") {
ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscfieldmissed"]);
}
if (isset($GLOBALS['__POST']["chpass"]) && $GLOBALS['__POST']["chpass"] == "true") {
if ($GLOBALS['__POST']["pass1"] != $GLOBALS['__POST']["pass2"]) {
ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscnopassmatch"]);
}
$pass = extEncodePassword(stripslashes($GLOBALS['__POST']["pass1"]));
} else {
$pass = $data[1];
}
if ($self) {
$GLOBALS['__POST']["active"] = 1;
}
$data = array($nuser, $pass, stripslashes($GLOBALS['__POST']["home_dir"]), stripslashes($GLOBALS['__POST']["home_url"]), $GLOBALS['__POST']["show_hidden"], stripslashes($GLOBALS['__POST']["no_access"]), $GLOBALS['__POST']["permissions"], $GLOBALS['__POST']["active"]);
if (!update_user($user, $data)) {
ext_Result::sendResult('edituser', false, $user . ": " . $GLOBALS["error_msg"]["saveuser"]);
}
if ($self) {
activate_user($nuser, NULL);
}
ext_Result::sendResult('edituser', true, $user . ": " . $GLOBALS["error_msg"]["saveuser"]);
}
// Javascript functions:
include _EXT_PATH . "/include/js_admin3.php";
show_userform($data);
}
function renew($username, $client)
{
try {
$user = find_user($username, $client)->return;
$user->status = STATUS_NEW;
$user->password = "******";
editUser($user, $client);
return generateCert($username, $client);
} catch (Exception $e) {
var_dump($e);
exit(1);
}
}
function attempt_login($username, $password)
{
$user = find_user($username);
if ($user) {
/* user found, now verify password */
if (password_check($password, $user["user_pass"])) {
/* password matches */
return $user;
} else {
/* password does not match */
return false;
}
} else {
/* user not verified */
return false;
}
}
echo "<div align=\"center\"><h1>" . $_L['ADM_error'] . "</h1></div>";
} else {
if ($action == $_L['BTN_update']) {
echo "<div align=\"center\"><h1>" . $_L['ADM_updatesuccess'] . "</h1></div>";
} else {
echo "<div align=\"center\"><h1>" . $_L['ADM_addsuccess'] . "</h1></div>";
}
}
}
break;
case $_L['BTN_list']:
break;
}
}
if (isset($_POST['userid'])) {
find_user($_POST["userid"], $tt, $myuser);
}
?>
<table height="500" class="listing-table">
<tbody>
<tr>
<?php
if (isset($_SESSION['userid']) && ($_GET['menu'] == "mysettings" || $_GET['menu'] == 'myProfile')) {
print_rightMenu_mySettings();
} elseif ($_GET['menu'] == "userSetup" && accessNew('admin')) {
print_rightMenu_admin();
}
?>
function remove_user($user)
{
$data =& find_user($user, NULL);
if ($data == NULL) {
return false;
}
// Remove
$data = NULL;
// Copy Valid Users
$cnt = count($GLOBALS["users"]);
for ($i = 0; $i < $cnt; ++$i) {
if ($GLOBALS["users"][$i] != NULL) {
$save_users[] = $GLOBALS["users"][$i];
}
}
$GLOBALS["users"] = $save_users;
return save_users();
}
function attempt_admin_login($username, $password)
{
$user = find_user($username);
if ($user) {
// found user, now check password
if (password_check($password, $user["password"]) && $user["user_type_id"] == 2) {
// password matches, and user type is admin
return $user;
} else {
// password does not match
return false;
}
} else {
// user not found
return false;
}
}
