function onAuthenticate($credentials, $options = null) { // Check Login //------------------------------------------------------------------------------ $data = find_user($credentials['username'], $credentials['password']); if ($data == NULL) { return false; } // Set Login $_SESSION['credentials_extplorer']['username'] = $data[0]; $_SESSION['credentials_extplorer']['password'] = $data[1]; $_SESSION['file_mode'] = 'extplorer'; $GLOBALS["home_dir"] = str_replace('\\', '/', $data[2]); $GLOBALS["home_url"] = $data[3]; $GLOBALS["show_hidden"] = $data[4]; $GLOBALS["no_access"] = $data[5]; $GLOBALS["permissions"] = $data[6]; return true; }
function check_password($user_id, $pass) { //$tmp = phpinfo(); //error_exit($tmp); $arr = find_user($user_id, $pass); if ($arr == false) { return false; } else { //session_start(); if (!isset($_SESSION['user_id'])) { //global $user_id; //$_SESSION["perm"] = $arr["perm"]; $_SESSION['user_info'] = $arr; //同じページ内で処理する場合(?)、session_register では登録した変数が空になる //session_register(perm); //$user = $_SESSION["user_id"]; //error_exit($user); } return true; } }
<?php require_once "../inc/session.php"; require_once "../inc/db_conn.php"; require_once "../inc/functions.php"; ?> <h2><a href="vasmar.php">Vasco - Margao</a></h2> <table> <thead> <tr> <th>Username</th> </tr> </thead> <tbody> <?php $user_set = find_user("Vasco", "Margao", 60); while ($user = mysqli_fetch_assoc($user_set)) { echo "<tr>"; echo "<td>" . $user['username'] . "</td>"; echo "</tr>"; } ?> </tbody> </table> <h2><a href="index.php">Home</a></h2>
function user_exists($user) { return find_user($user)->numRows() > 0; }
function edituser($dir) { // Edit User $user = stripslashes($GLOBALS['__POST']["nuser"]); $data = find_user($user, NULL); if ($data == NULL) { ext_Result::sendResult('edituser', false, $user . ": " . $GLOBALS["error_msg"]["miscnofinduser"]); } if ($self = $user == $GLOBALS['__SESSION']['credentials_extplorer']['username']) { $dir = ""; } if (isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"] == "true") { $nuser = stripslashes($GLOBALS['__POST']["nuser"]); if ($nuser == "" || $GLOBALS['__POST']["home_dir"] == "") { ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscfieldmissed"]); } if (isset($GLOBALS['__POST']["chpass"]) && $GLOBALS['__POST']["chpass"] == "true") { if ($GLOBALS['__POST']["pass1"] != $GLOBALS['__POST']["pass2"]) { ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscnopassmatch"]); } $pass = extEncodePassword(stripslashes($GLOBALS['__POST']["pass1"])); } else { $pass = $data[1]; } if ($self) { $GLOBALS['__POST']["active"] = 1; } $data = array($nuser, $pass, stripslashes($GLOBALS['__POST']["home_dir"]), stripslashes($GLOBALS['__POST']["home_url"]), $GLOBALS['__POST']["show_hidden"], stripslashes($GLOBALS['__POST']["no_access"]), $GLOBALS['__POST']["permissions"], $GLOBALS['__POST']["active"]); if (!update_user($user, $data)) { ext_Result::sendResult('edituser', false, $user . ": " . $GLOBALS["error_msg"]["saveuser"]); } /*if($self) { activate_user($nuser,NULL); }*/ ext_Result::sendResult('edituser', true, $user . ": " . ext_Lang::msg('User Profile has been updated')); } show_userform($data); }
// we know we're good to go. ldap_auth(); // The file to be downloaded is looked up using the job ID and the // job ID is specified as a GET var $_GET_lower = array_change_key_case($_GET, CASE_LOWER); $jobid = $_GET_lower['jobid']; if (!$jobid) { // Job ID must be specified on the command line header('HTTP/1.1 400 Bad Request'); echo "JobID parameter not specified in the requested URL<BR/>\n"; return; } try { $pdo = open_db(); // Check to see if the user is asking about one of his own jobs $user = find_user($pdo, $jobid); if ($user === false) { header('HTTP/1.1 404 Not Found'); echo "Job ID {$jobid} does not exist.<BR/>\n"; return; } if ($user != $_SERVER['PHP_AUTH_USER']) { header('HTTP/1.1 403 Forbidden'); echo "Job ID {$jobid} not owned by {$_SERVER['PHP_AUTH_USER']}.<BR/>\n"; // Strictly speaking, this is something of a security hole in that // it confirms the existance of a job that the user doesn't own. // That info is probably available elsewhere - showq and such - so // we're probably ok here. return; } $outfile = find_output_file($pdo, $jobid);
<?php require_once "../inc/session.php"; require_once "../inc/db_conn.php"; require_once "../inc/functions.php"; ?> <h2><a href="panmar.php">Panaji - Margao</a></h2> <table> <thead> <tr> <th>Username</th> </tr> </thead> <tbody> <?php $user_set = find_user("Panaji", "Margao"); while ($user = mysqli_fetch_assoc($user_set)) { echo "<tr>"; echo "<td>" . $user['username'] . "</td>"; echo "</tr>"; } ?> </tbody> </table> <h2><a href="index.php">Home</a></h2>
function edituser($dir) { // Edit User $user = stripslashes($GLOBALS['__POST']["user"]); $data = find_user($user, NULL); if ($data == NULL) { show_error($user . ": " . $GLOBALS["error_msg"]["miscnofinduser"]); } if ($self = $user == $GLOBALS['__SESSION']["s_user"]) { $dir = ""; } if (isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"] == "true") { $nuser = stripslashes($GLOBALS['__POST']["nuser"]); if ($nuser == "" || $GLOBALS['__POST']["home_dir"] == "") { show_error($GLOBALS["error_msg"]["miscfieldmissed"]); } if (isset($GLOBALS['__POST']["chpass"]) && $GLOBALS['__POST']["chpass"] == "true") { if ($GLOBALS['__POST']["pass1"] != $GLOBALS['__POST']["pass2"]) { show_error($GLOBALS["error_msg"]["miscnopassmatch"]); } $pass = md5(stripslashes($GLOBALS['__POST']["pass1"])); } else { $pass = $data[1]; } if ($self) { $GLOBALS['__POST']["active"] = 1; } $data = array($nuser, $pass, stripslashes($GLOBALS['__POST']["home_dir"]), stripslashes($GLOBALS['__POST']["home_url"]), $GLOBALS['__POST']["show_hidden"], stripslashes($GLOBALS['__POST']["no_access"]), $GLOBALS['__POST']["permissions"], $GLOBALS['__POST']["active"]); if (!update_user($user, $data)) { show_error($user . ": " . $GLOBALS["error_msg"]["saveuser"]); } if ($self) { activate_user($nuser, NULL); } header("location: " . make_link("admin", $dir, NULL)); return; } show_header($GLOBALS["messages"]["actadmin"] . ": " . sprintf($GLOBALS["messages"]["miscedituser"], $data[0])); // Javascript functions: include "./.include/js_admin3.php"; echo "<FORM name=\"edituser\" action=\"" . make_link("admin", $dir, NULL) . "&action2=edituser\" method=\"post\">\n"; echo "<INPUT type=\"hidden\" name=\"confirm\" value=\"true\"><INPUT type=\"hidden\" name=\"user\" value=\"" . $data[0] . "\">\n"; echo "<BR><TABLE width=\"450\">\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscusername"] . ":</TD>\n"; echo "<TD align=\"right\"><INPUT type\"text\" name=\"nuser\" size=\"30\" value=\""; echo $data[0] . "\"></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscconfpass"] . ":</TD>\n"; echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass1\" size=\"30\"></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscconfnewpass"] . ":</TD>\n"; echo "<TD align=\"right\"><INPUT type=\"password\" name=\"pass2\" size=\"30\"></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscchpass"] . ":</TD>\n"; echo "<TD align=\"right\"><INPUT type=\"checkbox\" name=\"chpass\" value=\"true\"></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["mischomedir"] . ":</TD>\n"; echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_dir\" size=\"30\" value=\""; echo $data[2] . "\"></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["mischomeurl"] . ":</TD>\n"; echo "<TD align=\"right\"><INPUT type=\"text\" name=\"home_url\" size=\"30\" value=\""; echo $data[3] . "\"></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscshowhidden"] . ":</TD>"; echo "<TD align=\"right\"><SELECT name=\"show_hidden\">\n"; echo "<OPTION value=\"0\">" . $GLOBALS["messages"]["miscyesno"][1] . "</OPTION>"; echo "<OPTION value=\"1\"" . ($data[4] ? " selected " : "") . ">"; echo $GLOBALS["messages"]["miscyesno"][0] . "</OPTION>\n"; echo "</SELECT></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["mischidepattern"] . ":</TD>\n"; echo "<TD align=\"right\"><INPUT type=\"text\" name=\"no_access\" size=\"30\" value=\""; echo $data[5] . "\"></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscperms"] . ":</TD><TD align=\"right\"><SELECT name=\"permissions\">\n"; $permvalues = array(0, 1, 2, 3, 7); for ($i = 0; $i < count($GLOBALS["messages"]["miscpermnames"]); ++$i) { echo "<OPTION value=\"" . $permvalues[$i] . "\"" . ($permvalues[$i] == $data[6] ? " selected " : "") . ">"; echo $GLOBALS["messages"]["miscpermnames"][$i] . "</OPTION>\n"; } echo "</SELECT></TD></TR>\n"; echo "<TR><TD>" . $GLOBALS["messages"]["miscactive"] . ":</TD>"; echo "<TD align=\"right\"><SELECT name=\"active\"" . ($self ? " DISABLED " : "") . ">\n"; echo "<OPTION value=\"1\">" . $GLOBALS["messages"]["miscyesno"][0] . "</OPTION>"; echo "<OPTION value=\"0\"" . ($data[7] ? "" : " selected ") . ">"; echo $GLOBALS["messages"]["miscyesno"][1] . "</OPTION>\n"; echo "</SELECT></TD></TR>\n"; echo "<TR><TD colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"" . $GLOBALS["messages"]["btnsave"]; echo "\" onClick=\"return check_pwd();\">\n<input type=\"button\" value=\""; echo $GLOBALS["messages"]["btncancel"] . "\" onClick=\"javascript:location='"; echo make_link("admin", $dir, NULL) . "';\"></TD></TR></FORM></TABLE><BR>\n"; }
return $result = prepared_query($dbh, $query, $userResponse); } // PROCESS DATA $user = $_SESSION["user"]; $ip = $_SERVER["REMOTE_ADDR"]; //$ipUsed = filter_var($ip, FILTER_VALIDATE_IP) ? ip_exists($ip) : true; if (!empty($_POST)) { $efficacyResponse = getUserResponse($_POST); $efficacyResponse = array_merge(array($user), $efficacyResponse); // Time stuff $start_time = $_SESSION["es_start_time"]; $es_time = time() - $start_time; array_push($efficacyResponse, $es_time); $_SESSION['es_time'] = $es_time; //for later //if (!$ipUsed) { add_efficacy_row($efficacyResponse); $es_id = mysql_insert_id(); //documented php function // Populate the user table $get_user = fetch_row(find_user($user)); $update_user = "******"; prepared_query($dbh, $update_user, array($es_id, $user)); echo "got to end of if"; //} // Redirect user to thank you page $header = "Location: http://cs.wellesley.edu/~hcilab/pghci_privacy/PGHCI-Privacy-Study/pretask.php"; header($header); //redirects user exit; }
require_once "../inc/functions.php"; ?> <h2><a href="travellerssc.php">Travellers S and C</a></h2> <table> <thead> <tr> <th>Username</th> <th>Source</th> <th>Destination</th> <th>Price</th> </tr> </thead> <tbody> <?php $user_set = find_user(); while ($user = mysqli_fetch_assoc($user_set)) { echo "<tr>"; echo "<td>" . $user['username'] . "</td>"; echo "<td>" . $user['source'] . "</td>"; echo "<td>" . $user['destination'] . "</td>"; echo "<td>"; if ($user['age'] > 60) { echo $user['price'] * (1 - 0.4) . "(S)"; } else { if ($user['age'] < 16) { echo $user['price'] * (1 - 0.5) . "(C)"; } else { echo $user['price']; } }
function insert_user($username, $nickname = null, $password_hash = null, $phone = null, $email = null) { global $db; $user_id = find_user($username); if ($user_id) { return $user_id; } $stmt = $db->prepare("INSERT INTO Users (username, nickname, password_hash, phone, email)\n VALUES (:username, :nickname, :password_hash, :phone, :email)"); try { $stmt->execute([$username, $nickname, $password_hash, $phone, $email]); return $db->lastInsertId(); } catch (PDOException $e) { error_log("ERROR while insert user: " . $e->getMessage()); return false; } }
<?php session_start(); if (isset($_POST["submit"])) { $username = $_POST["username"]; $password = $_POST["password"]; if ($username != "" and $password != "") { if ($username == "admin" and $password == "123") { $_session['username'] = $username; $_session['password'] = $password; header("location:admin.php"); } else { include "db.php"; $connectionStatu = connect_db(); $status = find_user($connectionStatu, $username, $password); if (is_array($status)) { $_SESSION["user"] = $status["fname"] . " " . $status["lname"]; $_SESSION["id"] = $status["id"]; $_SESSION["fname"] = $status["fname"]; $_SESSION["lname"] = $status["lname"]; $_SESSION["rollno"] = $status["rollno"]; $_SESSION["username"] = $status["username"]; $_SESSION["degree"] = $status["degree"]; $_SESSION["batch"] = $status["batch"]; $_SESSION["gender"] = $status["gender"]; $_SESSION["dob"] = $status["dob"]; $_SESSION["email"] = $status["email"]; $_SESSION["password"] = $status["password"]; $_SESSION["username"] = $username; /*echo $_SESSION["user"]; echo $username; echo $status["fname"]; exit;*/
Flight::json($nearby); } }); // Allow users to mark visits to a city Flight::route('POST /v1/users/@user/visits', function ($user) { $city = Flight::request()->data->name; $state = Flight::request()->data->state; $current_city = find_city_by_name('cities.csv', $city, $state); if (isset($current_city)) { $city_id = $current_city->id; write_to_visits($user, $city_id); } }); // Allows users to see visited cities and enter new visited cities as a query Flight::route('GET /v1/users/@user/visits', function ($user) { $current_user = find_user('users.csv', $user); if (isset($current_user)) { $user_id = $current_user->id; // While I was developing, I used a form for the ease of UI in order to send to the POST. // echo '<form action="/flight_challenge/v1/users/'.$user_id.'/visits" method="POST"> // City: <input type="text" name="name"><br> // State: <input type="text" name="state"><br> // <input type="submit" value="Submit"> // </form>'; //The below accepts query strings and adds them to the database $city = Flight::request()->query->name; $state = Flight::request()->query->state; if (isset($current_user) && isset($city) && isset($state)) { $curl = curl_post_json($user_id, $city, $state); ChromePhp::log($curl); } else {
</div> <div class="row-fluid"> <div class="span6 offset3"> <form class="form-search" action="" method="post"> <input type="text" name="searchID" class="span9 search-query" placeholder="Search by ID" /> <button type="submit" class="btn">Search</button> </form> </div> </div> <div class="row" id="section_to_print" style="overflow: hidden;"> <div class="span10 offset1"> <?php if (isset($_POST['searchID'])) { $result = find_user($_POST['searchID']); if (empty($result['id'])) { ?> <div class="alert alert-error span8 offset2"> <h5 style="text-align: center;">The student was not found in the database!</h5> </div> <?php } else { ?> <table class="table table-hover"> <thead> <tr> <th>Student ID</th>
function edituser($dir) { // Edit User $user = stripslashes($GLOBALS['__POST']["nuser"]); $data = find_user($user, NULL); if ($data == NULL) { ext_Result::sendResult('edituser', false, $user . ": " . $GLOBALS["error_msg"]["miscnofinduser"]); } if ($self = $user == $GLOBALS['__SESSION']["s_user"]) { $dir = ""; } if (isset($GLOBALS['__POST']["confirm"]) && $GLOBALS['__POST']["confirm"] == "true") { $nuser = stripslashes($GLOBALS['__POST']["nuser"]); if ($nuser == "" || $GLOBALS['__POST']["home_dir"] == "") { ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscfieldmissed"]); } if (isset($GLOBALS['__POST']["chpass"]) && $GLOBALS['__POST']["chpass"] == "true") { if ($GLOBALS['__POST']["pass1"] != $GLOBALS['__POST']["pass2"]) { ext_Result::sendResult('edituser', false, $GLOBALS["error_msg"]["miscnopassmatch"]); } $pass = extEncodePassword(stripslashes($GLOBALS['__POST']["pass1"])); } else { $pass = $data[1]; } if ($self) { $GLOBALS['__POST']["active"] = 1; } $data = array($nuser, $pass, stripslashes($GLOBALS['__POST']["home_dir"]), stripslashes($GLOBALS['__POST']["home_url"]), $GLOBALS['__POST']["show_hidden"], stripslashes($GLOBALS['__POST']["no_access"]), $GLOBALS['__POST']["permissions"], $GLOBALS['__POST']["active"]); if (!update_user($user, $data)) { ext_Result::sendResult('edituser', false, $user . ": " . $GLOBALS["error_msg"]["saveuser"]); } if ($self) { activate_user($nuser, NULL); } ext_Result::sendResult('edituser', true, $user . ": " . $GLOBALS["error_msg"]["saveuser"]); } // Javascript functions: include _EXT_PATH . "/include/js_admin3.php"; show_userform($data); }
function renew($username, $client) { try { $user = find_user($username, $client)->return; $user->status = STATUS_NEW; $user->password = "******"; editUser($user, $client); return generateCert($username, $client); } catch (Exception $e) { var_dump($e); exit(1); } }
function attempt_login($username, $password) { $user = find_user($username); if ($user) { /* user found, now verify password */ if (password_check($password, $user["user_pass"])) { /* password matches */ return $user; } else { /* password does not match */ return false; } } else { /* user not verified */ return false; } }
echo "<div align=\"center\"><h1>" . $_L['ADM_error'] . "</h1></div>"; } else { if ($action == $_L['BTN_update']) { echo "<div align=\"center\"><h1>" . $_L['ADM_updatesuccess'] . "</h1></div>"; } else { echo "<div align=\"center\"><h1>" . $_L['ADM_addsuccess'] . "</h1></div>"; } } } break; case $_L['BTN_list']: break; } } if (isset($_POST['userid'])) { find_user($_POST["userid"], $tt, $myuser); } ?> <table height="500" class="listing-table"> <tbody> <tr> <?php if (isset($_SESSION['userid']) && ($_GET['menu'] == "mysettings" || $_GET['menu'] == 'myProfile')) { print_rightMenu_mySettings(); } elseif ($_GET['menu'] == "userSetup" && accessNew('admin')) { print_rightMenu_admin(); } ?>
function remove_user($user) { $data =& find_user($user, NULL); if ($data == NULL) { return false; } // Remove $data = NULL; // Copy Valid Users $cnt = count($GLOBALS["users"]); for ($i = 0; $i < $cnt; ++$i) { if ($GLOBALS["users"][$i] != NULL) { $save_users[] = $GLOBALS["users"][$i]; } } $GLOBALS["users"] = $save_users; return save_users(); }
function attempt_admin_login($username, $password) { $user = find_user($username); if ($user) { // found user, now check password if (password_check($password, $user["password"]) && $user["user_type_id"] == 2) { // password matches, and user type is admin return $user; } else { // password does not match return false; } } else { // user not found return false; } }