<?php session_start(); include 'include/func.php'; //外部ファイル読み込み(関数群) //idを取得[select.phpよりGETで取得] if (isset($_GET["id"]) && $_GET["id"] != "") { $id = $_GET["id"]; } else { exit("Error"); } //var_dump($id); //select_enq.phpのページのセッションIDを比較し、ログイン認証済みかを判定 //ログイン認証してなければ処理がここでストップする。 sessionCheck(); // include/func.php に記載 //2.DB接続など //2-1.DB接続 //1. 接続します $pdo = connect_db(); // new PDO(...を関数として読み込み (include/func.php) //2-2. DB文字コードを指定(固定) $stmt = dbCharSet($pdo); //3.SELECT * FROM gs_an_tableを取得(一覧表示準備) $stmt = $pdo->prepare("SELECT * FROM an_table"); $status = $stmt->execute(); //4.SQL実行エラーチェック dbExecError($status, $stmt); //select_enq.phpと同じようにデータを取得 $view_table = ""; while ($get_id_result = $stmt->fetch(PDO::FETCH_ASSOC)) {
} //require_once "database.ws"; /* 解析 Action */ $p = isset($_GET["p"]) && $_GET["p"] != "" ? $_GET["p"] : "default"; $par = explode("/", $p); /* 路径初始化 */ switch ($par[0]) { case "default": displayTemp(WATERS_themeFront . "/index.php"); break; case "admin": if (sessionCheck("login", "OK")) { $file = isset($par[1]) && $par[1] != "" ? $par[1] : "index"; if (file_exists(WATERS_themeMan . "/" . $file . ".php")) { displayTemp(WATERS_themeMan . "/" . $file . ".php", $par[2]); } else { $file($par[2]); } } else { displayTemp(WATERS_themeMan . "/login.php"); } break; case "page": $file = isset($par[1]) && $par[1] != "" ? $par[1] . ".php" : "index.php"; displayTemp(WATERS_themeFront . "/" . $file, $par[2]); break; case "form":
$MySQLConnection = new Mysql($mysql['host'], $mysql['port'], $mysql['user'], $mysql['password'], $mysql['database']); $MySQLConnection->connect(); if ($result = $MySQLConnection->getQuery('SELECT x.matchID AS matchID, x.matchDate AS matchDate, y.teamName AS matchHomeTeam, y.teamLogo AS matchHomeTeamLogo, z.teamName AS matchForeignTeam, z.teamLogo AS matchForeignTeamLogo FROM matches AS x JOIN teams AS y ON y.teamID = matchHomeTeam JOIN teams AS z ON z.teamID = matchForeignTeam;')) { while ($row = mysqli_fetch_assoc($result)) { $userTips = getUserTips($MySQLConnection, $row["matchID"]); echo ' <div class="panel panel-default"> <form id="match_' . $row["matchID"] . '" method="POST"> <div class="panel-body"> <div class="panel-heading">' . $row["matchHomeTeam"] . ' vs. ' . $row["matchForeignTeam"] . '</div> <div class="input-group"> <label>' . $row["matchHomeTeam"] . '</label> <input type="number"min="0"value="' . $userTips["tipScoreHome"] . '" name="ScoreHome" id="ScoreHome" required/> </div> <div class="input-group"> <label>' . $row["matchForeignTeam"] . '</label> <input type="number"min="0" value="' . $userTips["tipScoreForeign"] . '" name="ScoreForeign" id="ScoreForeign" required/> <input type="button" value="Place Tip" onclick="placeTip(' . $row["matchID"] . ');"/> </div> </div> </form> </div> '; } } } if (sessionCheck()) { buildPage(); } else { echo '<script type="text/javascript">', 'printError(\'You are not Logged in!\')', '</script>'; }
<?php include_once 'bin/include/head.php'; include_once 'bin/mysql.class.php'; function printCountrySelect() { global $mysql; $MySQLConnection = new Mysql($mysql['host'], $mysql['port'], $mysql['user'], $mysql['password'], $mysql['database']); $MySQLConnection->connect(); $result = $MySQLConnection->getQuery('SELECT * FROM countries;'); echo '<select id="userCountry" name="userCountry"><option value="">---NO COUNTRY SELECTED---</option>'; while ($row = mysqli_fetch_assoc($result)) { echo '<option value="' . $row["iso3166"] . '">' . $row["countryName"] . '</option>'; } echo '</select>'; } if (!sessionCheck()) { //'.$_SERVER['PHP_SELF'].' echo ' <div class="col-sm-5"> <form id="regForm" class="form" method="POST"> <fieldset> <legend>Account Information</legend> <label for="userLogin">Username: </label> <input type="text" id="userLogin" name="userLogin" placeholder="Boaty" required/> <label for="userPassword">Password: </label> <input type="password" id="userPassword" name="userPassword" placeholder="Pa$$w0rd" required/> <label for="userPasswordRepeat">Repeat: </label> <input type="password" id="userPasswordRepeat" name="userPasswordRepeat" placeholder="Pa$$w0rd" required/> <label for="userPassword">Email: </label> <input type="text" id="userEmail" name="userEmail" placeholder="*****@*****.**" required/> </fieldset>
/** * Back end routines to add/delete courses, invoked by faculty.php * @author Avin E.M; Kunal Dahiya */ require_once 'functions.php'; if (!sessionCheck('logged_in')) { postResponse("error", "Your session has expired, please login again"); } require_once 'connect_db.php'; rangeCheck('cId', 2, 20); $cId = strtoupper($_POST['cId']); if (!isset($_SESSION['faculty'])) { $_SESSION['faculty'] = $_SESSION['uName']; } if (!sessionCheck('level', 'faculty') && !empty($_GET['faculty'])) { $_SESSION['faculty'] = $_GET['faculty']; } if (valueCheck('action', 'add')) { rangeCheck('cName', 6, 100); if (empty($_POST["allowConflict"])) { $_POST["allowConflict"] = 0; } try { $query = $db->prepare('INSERT INTO courses(course_Id,course_name,fac_id,allow_conflict) values (?,?,?,?)'); $query->execute([$cId, $_POST['cName'], $_SESSION['faculty'], $_POST["allowConflict"]]); $query = $db->prepare('INSERT INTO allowed(course_Id,batch_name,batch_dept) values (?,?,?)'); foreach ($_POST['batch'] as $batch) { $batch = explode(" : ", $batch); $query->execute([$cId, $batch[0], $batch[1]]); }
| available through the world-wide-web at the following url: | | http://www.php.net/license/3_0.txt. | | If you did not receive a copy of the PHP license and are unable to | | obtain it through the world-wide-web, please send a note to | | license@php.net so we can mail you a copy immediately. | +----------------------------------------------------------------------+ | Authors : Salah Faya <*****@*****.**> | +----------------------------------------------------------------------+ $Id: editxml.php 307070 2011-01-04 11:45:55Z rquadling $ */ //-- The PHPDOC Online XML Editing Tool //--- Purpose: this is the actual xml editor script //------- Initialization require 'base.php'; $user = sessionCheck('?from=editxml'); $lang = $user['phpdocLang']; $translationPath = $phpdocLangs[$lang]['DocCVSPath']; //------- Frames split if (isset($_REQUEST['split'])) { if ($_REQUEST['split'] == 'false' || !$_REQUEST['split']) { $_REQUEST['split'] = false; } $_SESSION['split'] = $_REQUEST['split']; } if (!empty($_SESSION['split']) && !isset($_REQUEST['noframes'])) { $source = $_REQUEST['source']; $file = $_REQUEST['file']; // ToDo automatically show the translated file in one frame and the source in another print "<frameset cols=*,*><frame name=frame1 src='editxml.php?file={$file}&source={$source}&noframes=1'><frame name=frame2 src='editxml.php?file={$file}&source={$source}&noframes=1'></frameset>"; exit;
<?php /** * Back end routines for user management, invoked by manage.php and setup.php * @author Avin E.M; Kunal Dahiya */ require_once 'functions.php'; require_once 'connect_db.php'; if ($_POST) { // if the user is not a dean, allow registration only if the system has no dean $newAdmin = 0; if (!sessionCheck('level', 'dean')) { $query = $db->query("SELECT count(*) FROM faculty where level='dean'"); // Check if the system has no admin configured yet if ($query->fetch()[0]) { postResponse("error", "You are not authorized to register accounts."); } $newAdmin = 1; } rangeCheck('uName', 3, 25, false); if (valueCheck('action', 'addUser')) { rangeCheck('fullName', 6, 50); rangeCheck('pswd', 8, 32, false); } $uName = strtolower($_POST['uName']); if (valueCheck('action', 'deleteFaculty')) { $db->prepare('DELETE FROM faculty where uName =?')->execute([$uName]); postResponse("removeOpt", "Faculty deleted"); die; } if (!empty($_POST['dept'])) {
$faculty = $query->fetch(); if (!$faculty) { postResponse("error", "Username is not registered!"); } if ($faculty['pswd'] == pwdHash($uName, $_POST['pswd']) || @ldap_bind(ldap_connect($config['ldap_host']), "uid={$uName}," . $config['ldap_dn'], $_POST['pswd'])) { $_SESSION['logged_in'] = true; $_SESSION['fName'] = $faculty['fac_name']; $_SESSION['uName'] = $uName; $_SESSION['level'] = $faculty['level']; $_SESSION['dept'] = $faculty['dept_code']; } else { postResponse("error", "Invalid credentials"); } } } if (sessionCheck('logged_in')) { $home = "faculty.php"; if ($_SESSION['level'] == "dean") { $home = "dean.php"; } if ($_POST) { postResponse("redirect", $home); } header("Location: " . $home); die; } ?> <!DOCTYPE HTML> <html> <head>
<?php /* +----------------------------------------------------------------------+ | PHP Version 4 | +----------------------------------------------------------------------+ | Copyright (c) 1997-2011 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.0 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | | available through the world-wide-web at the following url: | | http://www.php.net/license/3_0.txt. | | If you did not receive a copy of the PHP license and are unable to | | obtain it through the world-wide-web, please send a note to | | license@php.net so we can mail you a copy immediately. | +----------------------------------------------------------------------+ | Authors : Salah Faya <*****@*****.**> | +----------------------------------------------------------------------+ $Id: workbench.php 307070 2011-01-04 11:45:55Z rquadling $ */ //-- The PHPDOC Online XML Editing Tool //--- Purpose: this file is the frameset require 'base.php'; $user = sessionCheck(); ?> <frameset cols="200,*"> <frame name=listingframe src=cvslist.php> <frame name=fileframe src=intro.php> </frameset>
if ($course['allow_conflict'] && $current['allowConflicts']) { continue; } echo "<div class=\"{$course['course_id']}\">"; foreach ($blocked[$course['course_id']] as $slot => $batches) { echo "<input type= \"hidden\" name=\"{$slot}\" value=\"{$batches}\" >"; } echo "</div>"; } ?> </div> <div id="footer" style="position: relative">Powered by <a href="https://github.com/0verrider/QuickSlots">QuickSlots v1.0</a></div> </div> <div id="rightpane" style="width: 235px;margin-left:10px"> <?php if (!sessionCheck('level', 'faculty')) { ?> <div class="title">Faculty</div> <select id="faculty" class="stretch"> <?php $query = $db->prepare('SELECT * FROM faculty where dept_code=?'); $query->execute([$_SESSION['dept']]); foreach ($query->fetchall() as $fac) { echo "<option value=\"{$fac['uName']}\">{$fac['fac_name']} ({$fac['uName']})</option>"; } ?> </select> <?php } ?> <div class="title" style="padding: 15px 0">Courses</div>
<?php /** * Back end routines that call PhantomJS to generate printable timetable snapshot images * @author Avin E.M */ require_once 'functions.php'; if (!empty($_POST['filter']) && sessionCheck('logged_in')) { $imgPath = 'tmp/print_' . time() . '.png'; $phantom = 'phantomjs' . DIRECTORY_SEPARATOR . 'phantomjs'; $basUrl = 'http://' . $_SERVER['SERVER_ADDR'] . dirname($_SERVER['SCRIPT_NAME']); $printUrl = escapeshellarg($basUrl . '/?print=true&' . $_POST['filter']); // Serious vulnerability if not escaped exec($phantom . ' js/capture.js ' . $printUrl . ' ' . $imgPath); header('Content-Disposition: attachment; filename=' . $_POST['filename'] . '.png'); header('Content-Type: ' . mime_content_type($imgPath)); header('Content-Transfer-Encoding: binary'); header('Content-Length: ' . filesize($imgPath)); readfile($imgPath); unlink($imgPath); }