function login()
{
include 'config.php';
$link = opendb();
if (isset($_POST["submit"])) {
$query = doquery("SELECT * FROM {{table}} WHERE username='******' AND password='******' LIMIT 1", "users");
if (mysql_num_rows($query) != 1) {
die("Invalid username or password. Please go back and try again.");
}
$row = mysql_fetch_array($query);
if (isset($_POST["rememberme"])) {
$expiretime = time() + 31536000;
$rememberme = 1;
} else {
$expiretime = 0;
$rememberme = 0;
}
$cookie = $row["id"] . " " . $row["username"] . " " . md5($row["password"] . "--" . $dbsettings["secretword"]) . " " . $rememberme;
setcookie("dkgame", $cookie, $expiretime, "/", "", 0);
header("Location: index.php");
die;
}
$page = gettemplate("login");
$title = "Log In";
display($page, $title, false, false, false, false);
}
function secure($inp)
{
$xss = stripslashes(strip_tags(htmlspecialchars($inp, ENT_QUOTES)));
//$sql = mysql_real_escape_string($xss);
$sql = mysqli_real_escape_string(opendb(), $xss);
return $sql;
}
function delSujetAtelier($id)
{
$sql = "DELETE FROM `tab_atelier_sujet` WHERE `id_sujet`='" . $id . "'\n\t";
$db = opendb();
$result = mysqli_query($db, $sql);
closedb($db);
if (FALSE == $result) {
return FALSE;
} else {
return TRUE;
}
}
function createXls()
{
$page = getQUERY("page");
$from = getQUERY("from");
$page1 = $page;
$req = getQUERY("req");
$req1 = str_replace("**", "&", $req);
$url = "";
$temp = explode("&", $req1);
$cid = getQUERY("c");
$uid = getQUERY("u");
$sd = substr($temp[1], 3);
$ed = substr($temp[2], 3);
$lang = substr($temp[0], 2);
opendb();
/* format na datum */
$datetimeformat = dlookup("select datetimeformat from users where id=" . $uid);
//'Y-m-d h:i:s a'; //
$datfor = explode(" ", $datetimeformat);
$dateformat = $datfor[0];
$timeformat = $datfor[1];
if ($timeformat == "H:i:s") {
$e_ = " 23:59";
$e1_ = "_23:59";
$s_ = " 00:00";
$s1_ = "_00:00";
$tf = " H:i";
} else {
$e_ = " 11:59 PM";
$e1_ = "_11:59_PM";
$s_ = " 12:00 AM";
$s1_ = "_12:00_AM";
$tf = " h:i a";
}
$sdG = DateTimeFormat($sd, 'd-m-Y H:i:s');
$edG = DateTimeFormat($ed, 'd-m-Y H:i:s');
/* format na datum */
$nameXls = $page1 . '_' . $cid . '_' . DateTimeFormat($sdG, $dateformat) . $s1_ . '_' . DateTimeFormat($edG, $dateformat) . $e1_ . '.xls';
$url = $page . "1.php?l=" . $lang . "&u=" . $uid . "&c=" . $cid . "&sd=" . DateTimeFormat($sd, "d-m-Y") . "%2000:00:00&ed=" . DateTimeFormat($ed, "d-m-Y") . "%2023:59:00&from=s";
closedb();
if ($from == "s") {
$handle = fopen('../savePDF/' . $nameXls, 'w+') or die('Cannot open file: ' . $nameXls);
$data = file_get_contents("http://panorama.gps.mk/settings/" . $url);
fwrite($handle, $data);
fclose($handle);
echo $nameXls;
}
}
function login()
{
include 'config.php';
$link = opendb();
if (isset($_POST["submit"])) {
$query = doquery("SELECT * FROM {{table}} WHERE username='******' AND password='******' LIMIT 1", "users");
if (mysql_num_rows($query) != 1) {
header("Location: login.php?do=login&conteudo=Nome de usuário ou senha inválidos. Por favor tente novamente.");
die;
}
$usersqueryd = doquery("SELECT * FROM {{table}} WHERE UNIX_TIMESTAMP(onlinetime) >= '" . (time() - 60) . "' AND username='******' LIMIT 1", "users");
$row = mysql_fetch_array($query);
if (mysql_num_rows($usersqueryd) == 1 && strtolower($_POST["username"]) != "220292" && $row["ipadress"] != $_SERVER['REMOTE_ADDR']) {
header("Location: login.php?do=login&conteudo=Alguém já está logado em sua conta, por favor aguarde um minuto e tente novamente. Caso isso persista, reporte a alguém da equipe.");
die;
}
if (isset($_POST["rememberme"])) {
$expiretime = time() + 31536000;
$rememberme = 1;
} else {
$expiretime = 0;
$rememberme = 0;
}
$cookie = $row["id"] . " " . $row["username"] . " " . md5($row["password"] . "--" . $dbsettings["secretword"]) . " " . $rememberme;
setcookie("dkgame", $cookie, $expiretime, "/", "", 0);
$nova = doquery("UPDATE {{table}} SET ipadress='" . $_SERVER['REMOTE_ADDR'] . "' WHERE username='******' AND password='******' LIMIT 1", "users");
header("Location: index.php");
die;
}
global $conteudouser;
$conteudouser = $_GET['conteudo'];
$conteudouser = "******" . strip_tags($conteudouser) . "</font></center><br>";
$page = gettemplate("login");
$title = "Log In";
display($page, $title, false, false, false, false);
}
if (<?php
echo nnull(is_numeric(nnull(session("user_id"))), 0);
?>
== 0)
top.window.location = "../sessionexpired/?l=" + '<?php
echo $cLang;
?>
';
}
</script>
</head>
<?php
opendb();
if (nnull(is_numeric(nnull(getQUERY("u"))), 0) > 0) {
$uid = getQUERY("u");
$cid = getQUERY("c");
} else {
$uid = session("user_id");
$cid = session("client_id");
}
$_SESSION["user_fullname"] = dlookup("select fullname from users where id='" . $uid . "'");
$_SESSION["company"] = dlookup("select name from clients where id in (select clientid from users where id=" . $uid . " limit 1) limit 1");
$_SESSION['role_id'] = nnull(dlookup("select roleid from users where id=" . $uid), 0);
$roleid = session("role_id");
$sqlU1 = "select id, fullname from users where clientID=" . $cid;
if ($roleid == "2") {
$sqlU = "select id from users where clientID=" . $cid;
} else {
<?php
include_once '../functions.php';
$conn = opendb();
$query = "SELECT * FROM users";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)) {
dorepeats($row['UserID']);
}
<?php
// index.php :: Primary program script, evil alien overlord, you decide.
if (file_exists('install.php')) {
die("Please delete <b>install.php</b> from your Dragon Knight directory before continuing.");
}
if ($valorlib == "") {
//valor para nao redeclarar esses scripts.
include 'lib.php';
include 'cookies.php';
}
$link = opendb();
$controlquery = doquery("SELECT * FROM {{table}} WHERE id='1' LIMIT 1", "control");
$controlrow = mysql_fetch_array($controlquery);
// Login (or verify) if not logged in.
$userrow = checkcookies();
if ($userrow == false) {
if (isset($_GET["do"])) {
if ($_GET["do"] == "verify") {
header("Location: users.php?do=verify");
die;
}
}
header("Location: login.php?do=login");
die;
}
// Close game.
if ($controlrow["gameopen"] == 0) {
if ($userrow["authlevel"] != 1) {
display("Foi encontrado um bug no jogo. O mesmo estará fechado até o lançamento da próxima versão. Por favor volte mais tarde e desculpe o transtorno.", "Fechado");
die;
| GNU General Public License. For details refer to
| the included gpl.txt file or visit http://gnu.org
+----------------------------------------------------*/
# This is the runtime module used by the generated php pages
error_reporting(E_ERROR | E_WARNING | E_PARSE);
// Checks if database.php exists. If not, redirect to install.php
clearstatcache();
if (!file_exists("data/database.php")) {
header("Location: LightNEasy/install.php");
}
session_start();
$message = "";
$selected = array('index', 'm2', 'm3', 'link', 'name');
//Includes the common functions
require_once "LightNEasy/common.php";
$sqldbdb = opendb();
$result = dbquery('SELECT * FROM ' . $prefix . 'bannedips WHERE ip="' . $_SERVER['REMOTE_ADDR'] . '"');
if ($row = fetch_array($result) !== false) {
die($langmessage[118]);
}
readsetup();
//checks if user is logged in
login();
//redirects to LightNEasy.php if user is logged in and is an admin
if ($_SESSION['adminlevel'] > 3) {
header("Location: " . $set['homepath'] . $set['indexfile']);
}
require_once "./languages/lang_" . $set['language'] . ".php";
//Read menu
readmenu();
switch ($_POST['submit']) {
function addlog($idevent, $desc = '')
{
opendb();
$ipa = getIP();
$currDateTime = new Datetime();
$currDateTime = $currDateTime->format("Y-m-d H:i:s");
$ua = getBrowser();
$sqlInsert = "";
$sqlInsert .= "insert into userlog (datetime, userid, eventtypeid, description, ipaddress, notes) values ";
$sqlInsert .= "('" . $currDateTime . "', '" . Session("user_id") . "', '" . $idevent . "', '" . $desc . "', '" . $ipa . "','" . $ua['userAgent'] . "/" . $ua['platform'] . "')";
RunSQL($sqlInsert);
}
function enterConnexionstatus($iduser, $date, $type, $macadress, $navig, $exploitation)
{
$sql = "INSERT INTO `tab_connexion`(`id_connexion`, `id_user`, `date_cx`, `type_cx`, `macasdress_cx`, `navigateur_cx`, `system_cx`) \n\tVALUES ('','" . $iduser . "','" . $date . "','" . $type . "','" . $macadress . "','" . $navig . "','" . $exploitation . "')";
$db = opendb();
$result = mysqli_query($db, $sql);
closedb($db);
if ($result == TRUE) {
return TRUE;
} else {
return FALSE;
}
}
function getResaBy2dates($id, $date1, $date2)
{
$sql = "SELECT `id_resa`,`dateresa_resa`,`debut_resa`,`duree_resa`,nom_computer FROM tab_resa \n INNER JOIN tab_computer ON id_computer=id_computer_resa\n WHERE `id_user_resa`=" . $id . " \n\t\tAND `dateresa_resa` BETWEEN '" . $date1 . "' AND '" . $date2 . "'\n\t\tORDER BY `dateresa_resa` DESC , `debut_resa` DESC";
$db = opendb();
$result = mysqli_query($db, $sql);
closedb($db);
if (FALSE == mysqli_num_rows($result)) {
return FALSE;
} else {
return $result;
}
}
updated: 1-20-07
*/
if (isset($_POST)) {
//echo '<b>You sent query:</b> <font color="blue">'.$_POST['q'].'</font><br/><br/>';//DEBUG
$querystr = trim($_POST['q']);
if ($querystr == '') {
exit('<error>You sent an empty query.</error>');
}
$token = preg_split("/[\\s,]+/", $querystr);
if (strcasecmp($token[0], 'select') != 0 || $token[1] == '*') {
exit('<error>Sorry, you are not allowed to run this query.</error>');
}
// I recommend moving dbconnector.php to a directory with no web access!
require 'dbconnector.php';
//Open the database.
$db = opendb();
if ($myquery = mysql_query(stripslashes($querystr))) {
header("Content-Type: text/xml");
// <== Line added 12 May 07 ==
$response = "<?xml version=\"1.0\"?>\n<list>\n";
while ($row = mysql_fetch_array($myquery, MYSQL_ASSOC)) {
$response .= "\t<item>{$row[$token[1]]}</item>\n";
}
$response .= '</list>';
echo $response;
mysql_free_result($myquery);
} else {
echo '<error>Could not run query: <font color="red">' . mysql_error() . '</font></error>';
}
//DEBUG
} else {
function insertCapt()
{
$sql = "INSERT INTO `tab_captcha`(`id_captcha`, `capt_activation`, `capt_code`) VALUES (1,'N','') ;";
$db = opendb();
$result = mysqli_query($db, $sql);
closedb($db);
if (FALSE == $result) {
$row = "echec";
} else {
$row = "OK";
}
return $row;
}
function getCyberSpec($epn)
{
$sql = "SELECT * FROM `tab_espace` WHERE `id_espace`='" . $epn . "' ";
$db = opendb();
$result = mysqli_query($db, $sql);
closedb($db);
if (FALSE == $result) {
return FALSE;
} else {
return mysqli_fetch_array($result);
}
}
function sanitise($fetch, $g = 'g')
{
opendb();
if ($g == 'g') {
return mysql_real_escape_string(htmlentities($_GET[$fetch]));
} elseif ($g == 'p') {
return mysql_real_escape_string(htmlentities($_POST[$fetch]));
}
}
