Пример #1
0
function login2($user, $pass)
{
    $con = new db();
    $conc = $con->c();
    $kcook = intval($_POST["remember"]);
    $q = mysqli_query($conc, "SELECT `id`,`user`,`name`,`email`,`img1`,`img2`,`img3`,`bgcolor` FROM `users` WHERE (`user` = '{$user}' OR `email` ='{$user}') AND pass = '******'");
    if (mysqli_num_rows($q) == 1) {
        $r = mysqli_fetch_array($q);
        setcookie("u", $r[1], time() + 52 * 60 * 60 * 24 * 7, "/");
        $_SESSION["uid"] = $r[0];
        $_SESSION["user"] = $r[1];
        $_SESSION["name"] = $r[2];
        $_SESSION["email"] = $r[3];
        $_SESSION["p"] = $pass;
        $_SESSION["color"] = $r[7];
        $_SESSION["img1"] = $r[4];
        $_SESSION["img2"] = $r[5];
        $_SESSION["img3"] = $r[6];
        $_SESSION["ula"] = md5("{$r['1']} {$pass} {$r['0']}");
        $con->close_db_con($conc);
        if (!valid_name($_SESSION["user"])) {
            $_SESSION["set_user"] = "******";
            header("location: ./?settings");
        } else {
            if ($kcook == 1) {
                setcookie("um", $r[1], time() + 52 * 60 * 60 * 24 * 7, "/");
                setcookie("pm", $pass, time() + 52 * 60 * 60 * 24 * 7, "/");
            }
            return true;
        }
    } else {
        return false;
    }
}
Пример #2
0
    } else {
        $q = mysqli_query($conc, "UPDATE users SET name= '{$name}', web = '{$web}', bio = '{$bio}', loc = '{$loc}',edu='{$edu}',work='{$work}',status ='{$status}',status_ = '{$status2}',bday='{$bday}',sex='{$sex}' WHERE id = {$uid}");
        if ($q) {
            echo "<div {$style} >Your profile has been successfully updated</div>";
        } else {
            echo "<div {$style} >Ooppss, something went wrong. Please try again.</div>";
        }
    }
    $con->close_db_con($conc);
    exit;
}
if (isset($_POST["account"])) {
    $q = NULL;
    $email = $_POST["email"];
    $usern = $_POST["usern"];
    if (!valid_name($usern)) {
        echo "<div {$style}>'<b>{$usern}</b>' contains unsupported characters or spaces, and should be less than 20 chars. Please try again.</div>";
        exit;
    }
    $q = mysqli_query($conc, "SELECT id FROM users WHERE user = '******'");
    if (mysqli_num_rows($q) != 0 && $_SESSION["user"] != $usern) {
        echo "<div {$style}>Sorry that username is already taken</div>";
        $con->close_db_con($conc);
        exit;
    }
    $lang = $_POST["lang"];
    $protect = $_POST["protect"] == "on" ? 1 : 0;
    $tz = $_POST["tz"];
    if ($usern != $_SESSION["user"]) {
        $_SESSION["user"] = $usern;
        $red = "<script>setTimeout(function (){window.open('{$pth}/?settings','_parent');},200);</script><br/><div></div>";
Пример #3
0
?>

<?php 
if (isset($_POST['submit_edits'])) {
    $firstname = $_POST['textbox_FirstName'];
    $lastname = $_POST['textbox_LastName'];
    $address = $_POST['textbox_Address'];
    $gender = $_POST['gender'];
    $mobile = $_POST['textbox_Mobile'];
    $firstname = htmlspecialchars($firstname);
    $lastname = htmlspecialchars($lastname);
    $address = htmlspecialchars($address);
    if (!valid_name($firstname)) {
        echo "Invalid First name<br/>";
    } else {
        if (!valid_name($lastname)) {
            echo "Invalid Last name<br/>";
        } else {
            if (!valid_address($address)) {
                echo "Invalid Address name<br/>";
            } else {
                if (!ctype_digit($mobile)) {
                    echo "Invalid Mobile Number<br/>";
                } else {
                    update_user($user_id, 'FirstName', $firstname);
                    update_user($user_id, 'LastName', $lastname);
                    update_user($user_id, 'Address', $address);
                    update_user($user_id, 'Gender', $gender);
                    update_user($user_id, 'Mobile', $mobile);
                }
            }
    }
} else {
    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
        if ($_POST['dialog'] == 'contact') {
            $errors = array();
            $from = trim($_POST['email']);
            $message = trim($_POST['msg']);
            $contactquery = 'SELECT owner, finder, status FROM stuff
												WHERE stuff.id = ' . $_POST['id'];
            $results = mysqli_query($dbc, $contactquery);
            check_results($results);
            # Validate email and message
            if (!valid_name($from)) {
                $errors[] = 'Email';
            }
            if (!valid_name($message)) {
                $errors[] = 'Message';
            }
            if (!empty($errors)) {
                foreach ($errors as $field) {
                    echo '<span style="color: red; font-style: italic;"> - ' . $field . '</span>';
                }
            } else {
                # echo "<p>Successfully added $fname $lname into Dead Presidents.</p>" ;
                if ($results) {
                    $row = mysqli_fetch_array($results, MYSQLI_ASSOC);
                    switch ($row['status']) {
                        case 'found':
                            send_email($row['finder'], $from, "You found my item!", $message);
                            break;
                        case 'lost':
Пример #5
0
     }
     mysql_query("UPDATE user SET `pass`= '{$passNew}' WHERE `name`= '{$name}';");
     $usr->pass = $passNew;
     if (isset($_COOKIE['userName'])) {
         setCookie("userName", $usr->name, time() + 3600000);
         setCookie("userPass", $usr->pass, time() + 3600000);
     }
     echo "ok";
     break;
 case 'addtown':
     if (!isset($_POST['name'])) {
         echo __("Game error!");
         exit;
     }
     $newName = mysql_real_escape_string($_POST['name']);
     if (!valid_name($newName, false)) {
         echo __("Invalid name!");
         exit;
     }
     if (!($usr = initUser())) {
         echo __("You cannot access this page!");
     }
     if ($usr->numTown > MAXTOWN) {
         echo __("You have too many towns!");
         exit;
     }
     $newTownID = addTown($newName);
     mysql_query("UPDATE user SET `townID` = CONCAT(`townID`, ',{$newTownID}') WHERE `id`= '{$usr->id}';");
     echo "ok";
     break;
 case 'deleteTown':
Пример #6
0
 }
 // Extra Large Pictures for full screen view.
 if ($ftype == "longblob") {
     $wtype = "lblob";
     $fsize = "2000000";
     $sqlbits = 32;
 }
 // Extra Large Pictures for full screen view.
 if (!strcmp($fextra, "auto_increment")) {
     $wtype = "hidden";
 }
 if ($fname == 'id' and $j == 0) {
     $wtype = "hidden";
 }
 $sqlsize = $md["len"];
 $fvname = valid_name($fname);
 if (strcmp($PrevWtype, "hidden")) {
     $fvals .= ",";
 }
 if ($j > 0) {
     $fglob .= ",";
 }
 if (strcmp($PrevWtype, "hidden")) {
     $fnams .= ",";
 }
 if (strcmp($wtype, "hidden")) {
     $fnams .= $database->quote_identifier($fname);
 }
 $fglob .= "\$" . $fvname;
 // Output some diags to web page
 echo "<PRE>\nField:        " . $fname . "\nType:         " . $ftype . "\nSize:         " . $fsize . "\nKey:\t      " . $fkey . "\nNull:         " . $fnull . "\nDefault:      " . $fdefault . "\nExtra:        " . $fextra . "\nComments:     " . $fcomment . "\nWebType:      " . $wtype . "\n</PRE>";
require 'includes/helpers.php';
# If user requests item (clicks quick link) make the appropriate GET request from quick links
# Otherwise, user submitted the form, so let's validate
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $errors = array();
    $desc = trim($_POST['desc']);
    $location = $_POST['location'];
    $owner = '';
    $finder = trim($_POST['finder']);
    $image_url = trim($_POST['img_url']);
    # Validate description
    if (!valid_name($desc)) {
        $errors[] = 'description';
    }
    # Validate owner/finder email address
    if (!valid_name($finder)) {
        $errors[] = 'finder email address';
        #echo '<p style="color:red; font-size:16px;">Please provide a first name.</p>' ;
    }
    if (!empty($errors)) {
        echo '<span style="color: red">Error! Please enter</span>';
        foreach ($errors as $field) {
            echo '<span style="color: red; font-style: italic;"> - ' . $field . '</span>';
        }
    } else {
        $result = insert_record($dbc, $desc, $location, $owner, $finder, 'found', $image_url);
        echo "<p>Successfully added {$desc} into Stuff.</p>";
    }
}
# Store current page in variable, call show_links and show_records functions using cur_page variable
$cur_page = $_SERVER['PHP_SELF'];
Пример #8
0
     }
     echo $usr->towns[$_SESSION['town']]->getAvailBld();
     break;
 case 'bld':
     if (!isset($_GET['x'], $_GET['y'], $_GET['id'], $_SESSION['town'])) {
         echo __("Game error!");
         exit;
     }
     echo $usr->towns[$_SESSION['town']]->build($_GET['x'], $_GET['y'], intval($_GET['id']));
     break;
 case 'renametown':
     if (!isset($_GET['new'])) {
         echo __("Game error!");
         exit;
     }
     if (!valid_name($_GET['new'])) {
         echo __("Invalid name!");
         exit;
     }
     echo $usr->towns[$_SESSION['town']]->rename(mysql_real_escape_string($_GET['new']));
     break;
 case 'getachiev':
     echo $usr->getAchiev();
     break;
 case 'getquest':
     if (!isset($_GET['id'])) {
         echo __("Error!");
         exit;
     }
     echo $quests[$_GET['id']]->toHTML($usr->towns[$_SESSION['town']]);
     break;
Пример #9
0
<?php

session_start();
require_once "./scripts/db.php";
$str = $_SERVER['REQUEST_URI'];
$st = preg_split('-/-', $str);
$owner = $_GET[i];
//$st[count($st) - 1];
if (!valid_name($owner) || strstr($owner, "?")) {
    $owner = false;
}
if (!$_SESSION["user"]) {
    $_SESSION["uid"] = 0;
    $_SESSION["user"] = "******";
    $_SESSION["name"] = "Guest";
    $_SESSION["img1"] = "/img/d70.jpg";
    $_SESSION["img2"] = "/img/d150.jpg";
    $_SESSION["img3"] = "/img/d500.jpg";
    if (!$owner) {
        header("location: ./?logout");
    }
}
$_SESSION["mobile"] = 2;
$user = $_SESSION["user"];
$uid = $_SESSION["uid"];
$img = $_SESSION["img1"];
if ($uid == 0 && !$owner && !isset($_GET["mediaID"])) {
    header("location: ./?logout");
}
$img2 = $_SESSION["img2"];
$img3 = $_SESSION["img3"];
# Includes these helper functions
require 'includes/helpers.php';
# Otherwise, user submitted the form, so let's validate
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $errors = array();
    $desc = trim($_POST['desc']);
    $location = $_POST['location'];
    $owner = trim($_POST['owner']);
    $finder = '';
    $image_url = trim($_POST['img_url']);
    # Validate description
    if (!valid_name($desc)) {
        $errors[] = 'description';
    }
    # Validate owner/finder email address
    if (!valid_name($owner)) {
        $errors[] = 'owner email address';
        #echo '<p style="color:red; font-size:16px;">Please provide a first name.</p>' ;
    }
    if (!empty($errors)) {
        echo '<span style="color: red">Error! Please enter</span>';
        foreach ($errors as $field) {
            echo '<span style="color: red; font-style: italic;"> - ' . $field . '</span>';
        }
    } else {
        $result = insert_record($dbc, $desc, $location, $owner, $finder, 'lost', $image_url);
        echo "<p>Successfully added {$desc} into Stuff.</p>";
    }
}
# Store current page in variable, call show_links and show_records functions using cur_page variable
$cur_page = $_SERVER['PHP_SELF'];
Пример #11
0
<?php

include "../controller/headers.php";
$conn = db_connect(_DB_SERVER_, _DB_USER_, _DB_PASSWD_, _DB_NAME_);
if (isset($_SESSION['id_customer']) && isset($_POST["mail"]) && valid_mail($_POST["mail"]) && isset($_POST["phone"]) && valid_phone($_POST["phone"]) && isset($_POST["address"]) && valid_address($_POST["address"]) && isset($_POST["delivery_address"]) && valid_address($_POST["delivery_address"]) && isset($_POST["shipping_address"]) && valid_address($_POST["shipping_address"]) && isset($_POST["postal"]) && valid_postal($_POST["postal"]) && isset($_POST["city"]) && valid_name($_POST["city"]) && isset($_POST["shipping_postal"]) && valid_postal($_POST["shipping_postal"]) && isset($_POST["shipping_city"]) && valid_name($_POST["shipping_city"]) && isset($_POST["delivery_postal"]) && valid_postal($_POST["delivery_postal"]) && isset($_POST["delivery_city"]) && valid_name($_POST["delivery_city"])) {
    $stmt = $conn->prepare("UPDATE gc_customers SET mail=:r_mail, phone=:r_phone, address=:r_address, \n\t\tdelivery_address=:r_delivery_address, shipping_address=:r_shipping_address, postal_code=:r_postal_code, city=:r_city, \n\t\tdelivery_postal_code=:r_delivery_postal_code, delivery_city=:r_delivery_city, \n\t\tshipping_postal_code=:r_shipping_postal_code, shipping_city=:r_shipping_city WHERE id_customer=:r_customer");
    $stmt->execute(array('r_mail' => $_POST['mail'], 'r_phone' => $_POST['phone'], 'r_address' => $_POST['address'], 'r_delivery_address' => $_POST['delivery_address'], 'r_shipping_address' => $_POST['shipping_address'], 'r_postal_code' => $_POST['postal'], 'r_city' => $_POST['city'], 'r_delivery_postal_code' => $_POST['delivery_postal'], 'r_delivery_city' => $_POST['delivery_city'], 'r_shipping_postal_code' => $_POST['shipping_postal'], 'r_shipping_city' => $_POST['shipping_city'], 'r_customer' => $_SESSION['id_customer']));
    $stmt->closeCursor();
}
if (isset($_SESSION['id_customer']) && isset($_POST["firstname"]) && isset($_POST["lastname"]) && isset($_POST["card_type"]) && isset($_POST["card_number"]) && isset($_POST["cryptogram"]) && isset($_POST["expiring_date"])) {
    $stmt = $conn->prepare("UPDATE gc_cards SET firstname_customer=:r_firstname_card, lastname_customer=:r_lastname_card, \n\t\tcard_type=:r_card_type, card_number=:r_card_number, cryptogram=:r_cryptogram, expiring_date=:r_expiring_date\n\t\tWHERE id_customer=:r_customer");
    $stmt->execute(array('r_firstname_card' => ucfirst(strtolower($_POST['firstname'])), 'r_lastname_card' => ucfirst(strtolower($_POST['lastname'])), 'r_card_type' => $_POST['card_type'], 'r_card_number' => $_POST['card_number'], 'r_cryptogram' => $_POST['cryptogram'], 'r_expiring_date' => $_POST['expiring_date'], 'r_customer' => $_SESSION['id_customer']));
    $stmt->closeCursor();
}
header('Location: ../view/account.php');
Пример #12
0
<?php

include "../controller/headers.php";
$conn = db_connect(_DB_SERVER_, _DB_USER_, _DB_PASSWD_, _DB_NAME_);
if (is_Not_Null($_POST["lastname"]) && valid_name($_POST["lastname"]) && is_Not_Null($_POST["firstname"]) && valid_name($_POST["firstname"]) && is_Not_Null($_POST["birthday"]) && valid_birthday($_POST["birthday"]) && is_Not_Null($_POST["phone"]) && valid_phone($_POST["phone"]) && is_Not_Null($_POST["address"]) && valid_address($_POST["address"]) && is_Not_Null($_POST["postal"]) && valid_postal($_POST["postal"]) && is_Not_Null($_POST["city"]) && valid_name($_POST["city"]) && is_Not_Null($_POST["email"]) && valid_mail($_POST["email"]) && is_Not_Null($_POST["pwd"]) && is_Not_Null($_POST["pwd2"]) && valid_pwd($_POST["pwd"], $_POST["pwd2"])) {
    $stmt3 = $conn->prepare("SELECT mail FROM gc_customers WHERE mail = :r_mail");
    $stmt3->execute(array('r_mail' => $_POST['email']));
    if ($stmt3->fetch() == false) {
        $stmt = $conn->prepare("INSERT INTO gc_customers (firstname_customer, lastname_customer, birthday, mail, \n\t\t\tphone, pwd, address ,delivery_address, shipping_address, postal_code, city, delivery_postal_code, delivery_city, shipping_postal_code, \n\t\t\tshipping_city) VALUES(:r_firstname, :r_lastname, :r_birthday, :r_mail, :r_phone, :r_pwd, :r_address, :r_address, :r_address, :r_postal, \n\t\t\t:r_city, :r_postal, :r_city, :r_postal, :r_city)");
        $stmt->execute(array('r_lastname' => ucfirst(strtolower($_POST["lastname"])), 'r_firstname' => ucfirst(strtolower($_POST["firstname"])), 'r_birthday' => $_POST["birthday"], 'r_phone' => $_POST["phone"], 'r_address' => $_POST["address"], 'r_postal' => $_POST["postal"], 'r_city' => $_POST["city"], 'r_mail' => $_POST['email'], 'r_pwd' => md5($_POST['pwd'])));
        $stmt->closeCursor();
        $stmt = $conn->prepare("SELECT id_customer, firstname_customer FROM gc_customers WHERE mail = :r_mail");
        $stmt->execute(array('r_mail' => $_POST['email']));
        $res = $stmt->fetch();
        $stmt2 = $conn->prepare("INSERT INTO gc_cards (firstname_customer, lastname_customer, card_type, id_customer) \n\t\t\t\t\tVALUES('','','',:r_customer)");
        $stmt2->execute(array('r_customer' => $res['id_customer']));
        $_SESSION['id_customer'] = $res['id_customer'];
        $_SESSION['firstname_customer'] = $res['firstname_customer'];
        header('Location: ../view/index.php');
        $stmt2->closeCursor();
        $stmt->closeCursor();
    } else {
        echo '<script>alert("' . utf8_decode("Ce compte existe déja!") . '")</script>';
        header('Refresh: 0; URL=../view/login.php');
    }
} else {
    header('Location: ../view/login.php');
}