function owner($article) { //checks if the logged author is the owner of a certain posting $dosql = "SELECT author_id FROM " . $GLOBALS['prefix'] . "lb_postings \n WHERE id='" . $article . "';"; $result = mysql_query($dosql) or die(mysql_error()); $row = mysql_fetch_assoc($result); if ($row['author_id'] == getuserid($_SESSION['nickname'])) { return true; } else { return false; } }
function savepostedauthordata($editid) { global $settings; $message = ""; //preparing posted data for saving $putnick = htmlentities($_POST['nickname'], ENT_QUOTES, "UTF-8"); $putreal = htmlentities($_POST['realname'], ENT_QUOTES, "UTF-8"); $putmail = htmlentities($_POST['mail'], ENT_QUOTES, "UTF-8"); if (isset($_POST['edit_own'])) { $putright1 = "1"; } else { $putright1 = "0"; } if (isset($_POST['publish_own'])) { $putright2 = "1"; } else { $putright2 = "0"; } if (isset($_POST['edit_all'])) { $putright3 = "1"; } else { $putright3 = "0"; } if (isset($_POST['publish_all'])) { $putright4 = "1"; } else { $putright4 = "0"; } if (isset($_POST['admin'])) { $putright5 = "1"; } else { $putright5 = "0"; } //you cannot degrade yourself, if you're an administrator!! if ($putright5 == "0" and $editid == getuserid($_SESSION['nickname'])) { $putright5 = "1"; $message = $message . "Administrators cannot degrade themselves! "; } //prepare password-change if ($_POST['password'] != "default" and $_POST['password'] == $_POST['password2']) { $putpass = "******" . md5($_POST['password']) . "',"; $message = $message . "Successfully saved changes! "; } else { $putpass = ""; if ($_POST['password'] != $_POST['password2']) { $message = $message . "Password and confirmation did not match! "; } } $dosql = "UPDATE " . $GLOBALS['prefix'] . "lb_authors SET\n " . $putpass . "\n nickname = '" . $putnick . "',\n realname = '" . $putreal . "',\n mail = '" . $putmail . "',\n edit_own = '" . $putright1 . "',\n publish_own = '" . $putright2 . "',\n edit_all = '" . $putright3 . "',\n publish_all = '" . $putright4 . "',\n admin = '" . $putright5 . "'\n \n WHERE id = '" . $editid . "';"; $result = mysql_query($dosql) or die(mysql_error()); echo "<p class=\"msg\">" . $message . "</p>"; }
function inputsvalidation() { $validateresult = array(); $validateresult['username'] = validateinput("username", "Username", array("required", 4)); $validateresult['secretword'] = validateinput("secretword", "Password", array("required", 8)); foreach ($validateresult as $key => $value) { //echo $value. $control; if ($value != 1) { $inputsvalid = false; $_SESSION['results']['message'] = "Username / Password is invalid"; header("Location: ../index.php"); } else { ${$key} = $_POST[$key]; } } if (validuser($username, $secretword)) { $_SESSION['userid'] = getuserid($username); header("Location: ../workspace.php"); } else { $_SESSION['results']['message'] = "Username / Password is invalid"; header("Location: ../index.php"); } }
// $lang = getlang(); if (isset($lang)) { if (file_exists("{$configdir}/{$lang}/config.php")) { require "{$configdir}/{$lang}/config.php"; } } // // $pageid = getpageid(); if (!isset($pageid)) { $pageid = $defaultpage; } $page_include = "include/" . $pageid; $config_include = $configdir . "/" . $pageid; if (file_exists($page_include)) { if (file_exists($config_include)) { require $config_include; } if (autherized(getuserid(), $pageauth)) { require $page_include; $page_var = page_init(); page_html_header($page_var); page_main($page_var); page_html_footer($page_var); page_cleanup($page_var); } else { login(); } } // That's all folks ...
// Our custom secure way of starting a php session $error_msg = ""; if (isset($_POST['p'], $_POST['op'])) { $password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING); if (strlen($password) != 128) { // The hashed pwd should be 128 characters long. // If it's not, something really odd has happened $error_msg .= '<p class="error">Invalid password configuration.</p>'; } $oldpassword = filter_input(INPUT_POST, 'op', FILTER_SANITIZE_STRING); if (strlen($oldpassword) != 128) { // The hashed pwd should be 128 characters long. // If it's not, something really odd has happened $error_msg .= '<p class="error">Invalid password configuration.</p>'; } $userid = getuserid(); if ($userid == 'FAIL') { $error_msg .= '<p class="error">You are not logged in, please try again.</p>'; } $prep_stmt = "SELECT Username, Password, Salt FROM Users WHERE UserID = ? LIMIT 1"; $stmt = $mysql->prepare($prep_stmt); if ($stmt) { $stmt->bind_param('i', $userid); $stmt->execute(); $stmt->bind_result($email, $dboldpassword, $salt); $stmt->fetch(); $stmt->close(); } // Hash the password with the unique salt. $oldpassword = hash('sha512', $oldpassword . $salt); if ($oldpassword != $dboldpassword) {
if (isset($request[1]) && is_numeric($request[1])) { $sv = new Wp_termsService(); $input = json_decode(file_get_contents("php://input")); // var_dump($input); $rs = $sv->updatewp_terms($input, getuserid($input)); // var_dump($rs); return $rs; exit; } } else { if ($method == 'DELETE' && $request[0] == 'test') { if (isset($request[1]) && is_numeric($request[1])) { $sv = new Wp_termsService(); $input = json_decode(file_get_contents("php://input")); // var_dump($input); $rs = $sv->deletewp_terms($request[1], getuserid($input)); // var_dump($rs); return $rs; exit; } } else { } } } } } } else { } function getuserid($input) { // var_dump($input->user->userid);
var usermenu = [ [ '<img src=./img/16/user.png>',' <?php echo getuserid(); ?> ',null,null,null, _cmSplit, ['<img src=./img/16/exit.png>','Logout','index.php?pageid=logout.php',null,null], ], _cmSplit, [ '<img src=./img/16/ring.png>','',null,null,null, ['<img src=./img/16/wglb.png>','Developement','index.php?pageid=help.php',null,null], ['<img src=./img/16/user.png>','User','index.php?pageid=help.php',null,null], _cmSplit, ['<img src=./img/16/wglb.png>','Debug','index.php?pageid=debug.php',null,null], ['<img src=./img/16/idea.png>','About ...','index.php?pageid=about.php',null,null], ], ];
$fileExtension = strrchr($_FILES['postfile']['name'], "."); // get extension of the uploaded file if (!in_array($fileExtension, $validExtensions)) { die(json_encode(array("jquery-upload-file-error" => 'Invalid file type'))); } // check if file Extension is on the list of allowed ones $ret['imagetype'] = $fileExtension; $ImageSize = $_FILES['postfile']['size']; // Obtain original image size $ret['size'] = $ImageSize; if ($ImageSize > 10000000) { die(json_encode(array("jquery-upload-file-error" => 'You require an image with a size of NOT more that 10MB. Your Image is Larger'))); } $imagename = basename($_FILES["postfile"]["name"]); $uploadhere = "imageholder/" . $imagename; $uploadfolder = '../images/posts/' . getuserid() . '/'; //$clean = $uploadfolder."/". md5($imagename)."/"; if (!file_exists($uploadfolder)) { @mkdir($uploadfolder); } chmod($uploadfolder, 0777); //if (!file_exists( $clean )) { @mkdir( $clean ); }chmod( $clean,0777); if (file_exists($uploadfolder . $imagename)) { $imagename = date('ydmhis') . $imagename; } $uploadfolder = $uploadfolder . $imagename; if (!move_uploaded_file($_FILES["postfile"]["tmp_name"], $uploadfolder)) { die(json_encode(array("jquery-upload-file-error" => 'Error Uploading the image. Please try again later'))); } else { $imageproperties = $uploadfolder; $original = new Imagick($imageproperties);
/** * @deprecated, call getuserid() directly */ function getUser($number) { return getuserid($number); }
if (isset($request[1]) && is_numeric($request[1])) { $sv = new AutocompleteService(); $input = json_decode(file_get_contents("php://input")); // var_dump($input); $rs = $sv->updateautocomplete($input, getuserid($input)); // var_dump($rs); return $rs; exit; } } else { if ($method == 'DELETE' && $request[0] == 'test') { if (isset($request[1]) && is_numeric($request[1])) { $sv = new AutocompleteService(); $input = json_decode(file_get_contents("php://input")); // var_dump($input); $rs = $sv->deleteautocomplete($request[1], getuserid($input)); // var_dump($rs); return $rs; exit; } } else { } } } } } } else { // echo 'start'; // $sv = new AutocompleteService(); // $sv->search('dr'); }
/** * checks if the logged author is the owner of a certain posting * * @param unknown_type $article * @return unknown */ function owner($article) { $dosql = 'SELECT author_id FROM ' . $GLOBALS['prefix'] . 'lb_postings WHERE id="' . $article . '";'; $row = $GLOBALS['lbdata']->GetArray($dosql); if ($row[0]['author_id'] == getuserid($_SESSION['nickname'])) { return true; } else { return false; } }
} else { header("Location: index.php?site=messenger&action=incoming"); } } elseif (isset($_POST['send'])) { include "_mysql.php"; include "_settings.php"; include "_functions.php"; $_language->read_module('messenger'); $touser = $_POST['touser']; if ($touser[0] == "" and $_POST['touser_field'] != "*") { $tmp = explode(",", $_POST['touser_field']); for ($i = 0; $i < 5; $i++) { if (isset($tmp[$i])) { $tmp[$i] = trim($tmp[$i]); if (!empty($tmp[$i])) { $touser[$i] = getuserid($tmp[$i]); } else { break; } } else { break; } } } if (isset($_POST['eachmember'])) { unset($touser); $ergebnis = safe_query("SELECT userID FROM " . PREFIX . "user"); while ($ds = mysql_fetch_array($ergebnis)) { if (isclanmember($ds['userID'])) { $touser[] = $ds['userID']; }
if (isset($request[1]) && is_numeric($request[1])) { $sv = new UserService(); $input = json_decode(file_get_contents("php://input")); // var_dump($input); $rs = $sv->updateUser($input, getuserid($input)); // var_dump($rs); return $rs; exit; } } else { if ($method == 'DELETE' && $request[0] == 'test') { if (isset($request[1]) && is_numeric($request[1])) { $sv = new UserService(); $input = json_decode(file_get_contents("php://input")); // var_dump($input); $rs = $sv->deleteUser($request[1], getuserid($input)); // var_dump($rs); return $rs; exit; } } else { } } } } } } else { // $sv = new UserService(); // $rs = $sv->getAllUser(); // var_dump($rs); }
function getPost($id) { $pdo = getConnection(); $marray = array(); try { $ss = "SELECT p.id,p.name,p.caption,p.thedate AS timeposted,p.numberofcomments,p.numberoflikes,u.username AS owner,CASE WHEN EXISTS (SELECT user_id FROM post WHERE user_id = ? AND id=p.id) THEN 'true' ELSE 'false' END AS owns,CASE WHEN EXISTS (SELECT user_id FROM instagram.like WHERE user_id = ? AND post_id=p.id) THEN 'true' ELSE 'false' END AS hasliked FROM post p LEFT JOIN user u ON p.user_id=u.id WHERE p.id=? ORDER BY p.id DESC"; $stmnt = $pdo->prepare($ss); $stmnt->execute(array(getuserid(), getuserid(), $id)); $resp = array(); while ($row = $stmnt->fetch(PDO::FETCH_OBJ)) { $resp[] = $row; } $marray['response'] = $resp; } catch (PDOExpetion $e) { $marray['error'] = $e->getMessage(); } echo json_encode($marray); return false; }
function survey() { global $prefix, $selected, $MySQL, $sqldbdb, $set; require_once "addons/survey/settings.php"; if (file_exists("addons/survey/lang/lang_" . $set['language'] . ".php")) { require_once "addons/survey/lang/lang_" . $set['language'] . ".php"; } else { require_once "addons/survey/lang/lang_en_US.php"; } $out = ""; if (isset($_POST['surveyvote'])) { if (sanitize($_POST['surveyvote']) == "voted") { // check if user already voted $voterid = getuserid($_SESSION['user']); if (!$voterid) { $voterid = 9999; } $output = dbquery("SELECT * FROM " . $prefix . "surveyvotes WHERE surveyid=" . $_POST['surveyid'] . " AND voterid={$voterid}"); if (num_rows($output) && $voterid != 9999) { $out .= "<h3 style=\"color: red;\">{$surveymessage['12']}</h3>\n"; } else { dbquery("INSERT INTO " . $prefix . "surveyvotes (id, surveyid, vote, voterid) VALUES ( null, " . $_POST['surveyid'] . ", " . $_POST[$_POST['surveyid']] . ", {$voterid} )"); $_POST['surveyvote'] = "results"; } } } $out .= "<div style=\"width: " . $surveywidth . "px; \">\n"; unset($row); if (sanitize($_POST['surveyvote']) == "results") { $out .= "<h3 id=\"surveytitle\">{$surveymessage['13']}</h3>\n"; $surveys = fetch_all(dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=0")); $s = 0; while ($surveys[$s]['id']) { $out .= "<p class=\"surveynames\">" . decode($surveys[$s]['surveyname']) . "</p>\n"; $query = "SELECT * FROM " . $prefix . "surveynames WHERE surveyid=" . $surveys[$s]['id']; $row = fetch_all(dbquery($query)); $i = 0; $out .= "<table class=\"surveyresults\">\n"; while ($row[$i]['id']) { $out .= "<tr><td>" . decode($row[$i]['surveyname']) . " - </td><td>"; $output = dbquery("SELECT * FROM " . $prefix . "surveyvotes WHERE surveyid=" . $surveys[$s]['id'] . " AND vote=" . $row[$i]['place']); $out .= num_rows($output); $out .= "</td></tr>\n"; $i++; } $out .= "</table>\n"; $s++; } $out .= "<form name=\"surveyform\" method=\"POST\" id=\"surveyreturn\" action=\"\">\n"; $out .= "<p style=\" text-align: center; \"><br /><input type=\"submit\" name=\"aaa\" value=\"{$surveymessage['14']}\" /></p>\n</form>\n"; } else { $row = fetch_all(dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=0")); $i = 0; $adminlevel = 0; while ($row[$i]['id']) { $out .= "<form name=\"surveyform\" method=\"POST\" action=\"\">\n"; $out .= "<h3 id=\"surveytitle\">" . decode($row[$i]['surveyname']) . "</h3>\n"; $out .= "<ul class=\"surveylist\" style=\" list-style: none; margin-left: 20px;\">\n"; $adminlevel = $row[$i]['adminlevel']; unset($row1); if ($row1 = fetch_all(dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=" . $row[$i]['id'] . " ORDER BY place"))) { $j = 0; while ($row1[$j]['id']) { $out .= "<li>"; if (intval($_SESSION['adminlevel']) >= $adminlevel) { $out .= "<input type = \"Radio\" Name =\"" . $row[$i]['id'] . "\" value= \"" . $row1[$j]['place'] . "\" /> - "; } $out .= decode($row1[$j]['surveyname']) . "</li>\n"; $j++; } } $out .= "</ul>\n"; if (intval($_SESSION['adminlevel']) >= $adminlevel) { $out .= "<p style=\"text-align: center;\">"; $out .= "<input type=\"hidden\" name=\"surveyid\" value=\"" . $row[$i]['id'] . "\" />\n"; $out .= "<input type=\"hidden\" name=\"surveyvote\" value=\"voted\" /><input type=\"submit\" name=\"aaa\" value=\"{$surveymessage['10']}\" /><br />\n"; } $out .= "</p></form>\n"; $i++; } $out .= "<form name=\"viewresults\" id=\"viewresults\" method=\"POST\" action=\"\">\n"; $out .= "<p style=\"text-align: center;\"><input type=\"hidden\" name=\"surveyvote\" value=\"results\" />"; $out .= "<input type=\"submit\" name=\"aaa\" value=\"{$surveymessage['11']}\" /></form></p>\n"; } $out .= "</div>\n"; return $out; }
} } } ////////////////// WHICH CONTENT DO WE SHOW? //show the html-head which is always needed include "inc/head.php"; //show the login-screen if access is denied if (!$access) { include "inc/backend_login.php"; } else { //write login-data into session-data (if needed) if (!isset($_SESSION['nickname'])) { session_register('nickname'); session_register('password'); session_register('ipnumber'); session_register('authorid'); $_SESSION['nickname'] = $_POST['nickname']; $_SESSION['authorid'] = getuserid($_POST['nickname']); $_SESSION['password'] = md5($_POST['password']); $_SESSION['ipnumber'] = $_SERVER['REMOTE_ADDR']; } //no url request? show postings as default if (!isset($_GET['page'])) { $loadme = "inc/backend_postings.php"; } else { $loadme = "inc/backend_" . $_GET['page'] . ".php"; } //yee-hah! finally we do show real content on our page! include $loadme; } include "inc/footer.php";
require_once "databaseconnection.php"; function getuserid($name) { global $test; $query = "SELECT user_id FROM user_name WHERE user_name = '" . $name . "'"; $statement = $test->prepare($query); $statement->execute(); $userids = $statement->fetchAll(); $statement->closeCursor(); return $userids; } global $test; $item = $_GET['item']; $comment = filter_input(INPUT_POST, "comment", FILTER_SANITIZE_STRING); $user = $_SESSION['user']; $users = getuserid($user); foreach ($users as $u) { $user_id = $u['user_id']; } //echo $user_id." "; //echo $item." "; //ho $comment." "; //echo $user." "; // Begin a new Transaction --> $test->beginTransaction(); // First insert the scripture INSERT INTO review (review, item_id, user_id) VALUES ("TEST", 1, 3)--> $query = "INSERT INTO review (review, item_id, user_id) VALUES (:comment, :item, :user_name)"; $statement = $test->prepare($query); $statement->bindValue(":comment", $comment); $statement->bindValue(":item", $item); $statement->bindValue(":user_name", $user_id);
function savepostedauthordata($editid) { global $settings; $message = ""; $return = true; $message = bla("msg_savesuccess"); $changepass = false; //preparing posted data for saving $putnick = htmlentities($_POST['nickname'], ENT_QUOTES, "UTF-8"); $putreal = htmlentities($_POST['realname'], ENT_QUOTES, "UTF-8"); $putmail = htmlentities($_POST['mail'], ENT_QUOTES, "UTF-8"); if (isset($_POST['edit_own'])) { $putright1 = "1"; } else { $putright1 = "0"; } if (isset($_POST['publish_own'])) { $putright2 = "1"; } else { $putright2 = "0"; } if (isset($_POST['edit_all'])) { $putright3 = "1"; } else { $putright3 = "0"; } if (isset($_POST['publish_all'])) { $putright4 = "1"; } else { $putright4 = "0"; } if (isset($_POST['admin'])) { $putright5 = "1"; } else { $putright5 = "0"; } //you cannot degrade yourself, if you're an administrator!! if ($putright5 == "0" and $editid == getuserid($_SESSION['nickname'])) { $putright5 = "1"; $message = bla("msg_admindegrade"); $return = false; } //prepare password-change if ($_POST['password'] != "default" and $_POST['password'] == $_POST['password2']) { $putpass = "******" . md5($_POST['password']) . "',"; $return = true; $changepass = true; } else { $putpass = ""; if ($_POST['password'] != $_POST['password2']) { $message = bla("msg_errorpassconfirm"); $return = false; } } $dosql = "UPDATE " . $GLOBALS['prefix'] . "lb_authors SET\n " . $putpass . "\n nickname = '" . $putnick . "',\n realname = '" . $putreal . "',\n mail = '" . $putmail . "',\n edit_own = '" . $putright1 . "',\n publish_own = '" . $putright2 . "',\n edit_all = '" . $putright3 . "',\n publish_all = '" . $putright4 . "',\n admin = '" . $putright5 . "'\n \n WHERE id = '" . $editid . "';"; $GLOBALS['lbdata']->Execute($dosql); echo "<p class=\"msg\">" . $message . "</p>"; //set fresh cookies, if user is editing his own data if ($editid == getuserid($_SESSION['nickname'])) { $_SESSION['nickname'] = $putnick; if ($changepass) { $_SESSION['password'] = md5($_POST['password']); } } return $return; }
########################################################################## */ $_language->read_module('profile'); $profile_username = $_GET['username']; if (isset($_GET['id'])) { $id = (int) $_GET['id']; } else { $id = $userID; } if (isset($_GET['action'])) { $action = $_GET['action']; } else { $action = ''; } if (isset($_GET['username'])) { $id = getuserid($_GET['username']); } if (isset($id) and getnickname($id) != '') { if (isbanned($id)) { $banned = '<div id="profile_banned">This user is Banned.</div>'; } else { $banned = ''; } if (isbanned($id)) { $bannedpic = ''; } else { $bannedpic = ''; } if ($action == "galleries") { //galleries eval("\$title_profile = \"" . gettemplate("title_profile") . "\";");
function users_getid($m) { global $xmlrpcerruser; $err = ""; // get the param values (should add integrity checking here) $un = $m->getParam(0); // $username = $un->scalarval(); list($username, $archives) = explode("___", $username); if (file_exists("{$_SERVER['PWUSERS_DIR']}/{$username}/userinfo.dat")) { $userid = getuserid($username); } else { $userid = 0; } // if we generated an error, create an error return response if ($err) { return new xmlrpcresp(0, $xmlrpcerruser, $err); } else { // otherwise, we create the right response // with the state name return new xmlrpcresp(new xmlrpcval($userid, 'int')); } }