function makepwd($password) { $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); if ($db->get_var("SELECT option_value FROM site_options where option_name = 'encrypted_passwords';") == "yes") { //if encryption is ON include "includes/PasswordHash.php"; $hasher = "*"; $hasher = new PasswordHash(8, false); $return_pass = $hasher->HashPassword($password); //if encryption is OFF } else { $return_pass = trim($db->escape($password)); } return $return_pass; }
include "includes/header.php"; include "includes/session.php"; include "includes/checksession.php"; include "fhd_config.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //DELETE FILE //check nacl if (isset($_GET['nacl'])) { if ($_GET['nacl'] != md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { echo "<div class=\"alert alert-danger\" style=\"max-width: 200px;\"><i class='glyphicon glyphicon-ban-circle'></i> Authentication Error</div>"; exit; } } else { echo "<div class=\"alert alert-danger\" style=\"width: 200px;\"><i class='glyphicon glyphicon-ban-circle'></i> Authentication Error</div>"; exit; } if (isset($_GET['delete'])) { if ($_GET['delete'] == 1) { $file_id = $db->escape($_GET['file_id']); $call_id = $db->escape($_GET['call_id']); $file_ext = $db->get_var("SELECT file_ext FROM site_upload WHERE (id = {$file_id}) AND (call_id = {$call_id}) LIMIT 1;"); $realpath = md5(UPLOAD_KEY . $file_id) . "." . $file_ext; unlink("upload/" . $realpath); $db->query("DELETE FROM site_upload where (id = {$file_id}) AND (call_id = {$call_id}) LIMIT 1;"); header("Location: fhd_call_edit.php?call_id={$call_id}"); exit; } } //END DELETE FILE
<?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/functions.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; $actionstatus = ""; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //<ADD> if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue."; $call_status = 0; $call_date = strtotime(date('n/j/y g:i a')); $call_first_name = $db->escape($_POST['call_first_name']); $call_email = $db->escape($_POST['call_email']); $call_phone = $db->escape($_POST['call_phone']); $call_department = $db->escape((int) $_POST['call_department']); $call_request = $db->escape((int) $_POST['call_request']); $call_device = $db->escape((int) $_POST['call_device']); $call_details = $db->escape($_POST['call_details']); $db->query("INSERT INTO site_calls(call_status,call_user,call_date,call_first_name,call_email,call_phone,call_department,call_request,call_device,call_details)VALUES({$call_status},{$user_id},{$call_date},'{$call_first_name}','{$call_email}','{$call_phone}',{$call_department},{$call_request},{$call_device},'{$call_details}');"); $insert_id = $db->insert_id; //********** manage file upload if (isset($insert_id)) { if (FHD_UPLOAD_ALLOW == "yes") { $file_name = $_FILES['hasupload']['name']; if ($file_name != '') { $files_var1 = $_FILES["hasupload"]["name"]; $files_var2 = explode(".", $files_var1);
//limit login tries. if (isset($_SESSION['hit'])) { $_SESSION['hit'] += 1; if ($_SESSION['hit'] > LOGIN_TRIES) { echo "<p><i class='fa fa-lock fa-2x pull-left'></i> Access Locked</p>"; include "includes/footer.php"; exit; } } else { $_SESSION['hit'] = 0; } include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); if (isset($_POST['user_login'])) { $user_login = trim($db->escape($_POST['user_login'])); } else { echo "<div class='alert alert-warning' style='width: 375px;'><i class='glyphicon glyphicon-info-sign'></i> Username / Email is Required.</div>"; include "includes/footer.php"; exit; } if (isset($_POST['user_password'])) { $user_password = trim($db->escape($_POST['user_password'])); $is_valid = checkpwd($user_password, $user_login); } //uesrs can login with either login name or email address. $pos = strrpos($user_login, "@"); if ($pos === false) { // note: three equal signs $checkusing = "user_login"; } else {
<head> <?php include "ncl/session.php"; include "ncl/checksession.php"; include "ncl/checksessionadmin.php"; include "ncl/head.php"; include "ncl/functions.php"; include "ncl/ez_sql_core.php"; include "ncl/ez_sql_mysqli.php"; $actionstatus = ""; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //<ADD> if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $user_login = $db->escape($_POST['user_login']); $user_email = $db->escape($_POST['user_email']); //check email exists $num = $db->get_var("select count(user_email) from site_users where (user_email = '{$user_email}');"); if ($num > 0) { echo "<div class='alert alert-danger'><strong>Error:</strong> that email address is already in use.</div>"; include "ncl/footer.php"; exit; } //password function here if (strlen($_POST['user_password']) > 4) { $user_password = makepwd(trim($db->escape($_POST['user_password']))); } else { echo "<div class='alert alert-danger'><strong>Error:</strong> password to short.</div>"; include "ncl/footer.php"; exit;
<?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); // <UPDATE> if (isset($_POST['update'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"))) { $note_id = checkid($_POST['note_id']); $call_id = checkid($_POST['call_id']); $user_id = $_SESSION['user_id']; if ($user_id == $db->get_var("select note_post_user from site_notes where note_post_user = {$user_id};")) { $note_body = trim(htmlentities($db->escape($_POST['note_body']))); $note_post_ip = $db->escape($_SERVER['REMOTE_ADDR']); $db->query("UPDATE site_notes SET note_body='{$note_body}',note_post_ip='{$note_post_ip}' WHERE note_id={$note_id};"); header("Location: fhd_call_edit.php?call_id={$call_id}"); //echo exit; } } else { //not verified, warning and exit! echo "<p>Warning: Verification Error!</p>"; exit; } } // </UPDATE> // <ADD> if (isset($_POST['add'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"))) {
include "includes/header.php"; include "includes/all-nav.php"; include "includes/functions.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; $searchquery = ""; $colspan = 2; $num = ""; if ($user_level == 1) { $searchquery = " AND call_user = {$user_id}"; $colspan = 1; } $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //<SEARCHQUERY> if (isset($_GET['search'])) { $call_status = $db->escape((int) $_GET['call_status']); $call_date1 = strtotime($_GET['call_date1']); $call_date2 = strtotime($_GET['call_date2']); if ($call_date2 == "") { $call_date2 = $call_date1; } $call_first_name = $db->escape($_GET['call_first_name']); $call_email = $db->escape($_GET['call_email']); $call_phone = $db->escape($_GET['call_phone']); $call_department = $db->escape((int) $_GET['call_department']); $call_request = $db->escape((int) $_GET['call_request']); $call_device = $db->escape((int) $_GET['call_device']); $call_staff = $db->escape((int) $_GET['call_staff']); $call_details = $db->escape($_GET['call_details']); $call_solution = $db->escape($_GET['call_solution']); if ($_GET['call_status'] != '') {
<?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); $queryadd = ""; $colspan = 2; if ($user_level == 1) { $queryadd = " AND call_user = {$user_id}"; $colspan = 1; } if (isset($_GET['user_id'])) { $queryadd = " AND call_user = "******"SELECT call_id,call_date,call_first_name,call_last_name,call_request,call_department,call_device from site_calls WHERE (call_status = 0) $queryadd order by call_id desc;"; $myquery = "SELECT call_id,call_date,call_first_name,call_last_name,call_request,call_department,call_device from site_calls WHERE (call_status = 0) order by call_id desc;"; $site_calls = $db->get_results($myquery); $num = $db->num_rows; //$db->debug(); echo "<h4><i class='fa fa-tags'></i> Laporan Masalah <small>[ {$num} ]</small></h4>"; if ($num > 0) { ?> <table class="<?php echo $table_style_1; ?> " style='width: auto;'> <tr>
<?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/functions.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); $actionstatus = ""; //<UPDATE> if (isset($_POST['update'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $url_user_id = valid_user($_POST['url_user_id']); $user_date = date(time()); $user_login = $db->escape($_POST['user_login']); //password function here $user_password_set = ""; if (strlen($_POST['user_password']) > 4) { $user_password = makepwd(trim($db->escape($_POST['user_password']))); $user_password_set = "user_password='******',"; } $user_name = $db->escape($_POST['user_name']); $user_email = $db->escape($_POST['user_email']); $user_phone = $db->escape($_POST['user_phone']); $user_address = $db->escape($_POST['user_address']); $user_city = $db->escape($_POST['user_city']); $user_state = $db->escape($_POST['user_state']); $user_zip = $db->escape($_POST['user_zip']); $user_country = $db->escape($_POST['user_country']); $user_level = $db->escape($_POST['user_level']);
<?php include "fhd_config.php"; include "includes/header.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; //initilize db $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); if (ALLOW_REGISTER != "yes") { echo "<p>Registration is Closed</p>"; include "includes/footer.php"; exit; } if (CAPTCHA_REGISTER == "yes") { $captchasession = $_SESSION['captcha']['code']; $captcha = $db->escape(trim($_POST['captcha'])); if ($captchasession != $captcha) { echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">Invalid Captcha Code.</div>"; include "includes/footer.php"; exit; } } //IP and DATE field $ip = $_SERVER['REMOTE_ADDR']; //EMAIL address $email = $db->escape(trim($_POST['email'])); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo "<div class=\"alert alert-danger\" style=\"max-width: 350px;\">That email address appears to be invalid.</div>"; include "includes/footer.php"; exit; }
<html lang="en"> <head> <meta charset="utf-8"> <title>Forgot Password</title> <?php include "fhd_config.php"; include "includes/header.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $thedomain = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; //initilize db $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //if STEP 2 of the process if (isset($_GET['action'])) { $action = $db->escape($_GET['action']); $key = $db->escape($_GET['key']); //check if action is to reset password and that the key is not blank. if ($action == "rp") { if (!empty($key)) { $myquery = "SELECT user_id,user_email FROM site_users WHERE user_im_other = '{$key}' limit 1;"; $resets = $db->get_row($myquery); // if a record is returned then continue if ($db->num_rows == 1) { $user_email = $resets->user_email; $user_id = $resets->user_id; //generage a new password, set resetcode to blank so link cannot be used again. $user_password_plain = generatePassword(8, 9); $user_password = makepwd(trim($db->escape($user_password_plain))); //update the password in the database. $db->query("UPDATE site_users set user_password = '******',user_im_other = '' WHERE user_id = {$user_id} limit 1;");
$call_id = checkid($_GET['call_id']); $db->query("UPDATE site_calls SET call_status = 3 WHERE call_id = {$call_id} limit 1;"); $db->query("UPDATE site_notes SET note_type = 0 WHERE note_relation = {$call_id};"); header("Location: fhd_calls.php"); } } } } //</DELETE> //<UPDATE> if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $call_id = checkid($_POST['call_id']); //call details $call_first_name = $db->escape($_POST['call_first_name']); $call_email = $db->escape($_POST['call_email']); $call_phone = $db->escape($_POST['call_phone']); $call_department = $db->escape($_POST['call_department']); $call_request = $db->escape($_POST['call_request']); $call_device = $db->escape($_POST['call_device']); $call_details = $db->escape($_POST['call_details']); $call_solution = $db->escape($_POST['call_solution']); $call_staff = $db->escape($_POST['call_staff']); //call status $call_status = $db->escape($_POST['call_status']); $call_status_now = $db->escape($_POST['call_status_now']); if (isset($_POST['call_date2'])) { $call_date2 = strtotime($_POST['call_date2']); } // if no status change
<head> <title>Settings</title> <?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); //<DELETE> if (isset($_GET['nacl'])) { if ($_GET['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $type_id = checkid($_GET['type_id']); $action = $db->escape($_GET['action']); $type = checkid($_GET['type']); if ($action == 'delete') { $db->query("DELETE FROM site_types where type_id = {$type_id};"); header("Location: fhd_settings_action.php?type={$type}"); } } } //</DELETE> //check type variable $type = checkid($_GET['type']); ?> <p><a href="fhd_settings.php">Settings</a></p> <h4><?php show_type_name($type);
<head> <title>Add</title> <?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); // <ADD> if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $type = checkid($_POST['type']); $type_name = $db->escape($_POST['type_name']); $type_email = $db->escape($_POST['type_email']); $type_location = $db->escape($_POST['type_location']); $type_phone = $db->escape($_POST['type_phone']); $db->query("INSERT INTO site_types(type,type_name,type_email,type_location,type_phone) VALUES( {$type},'{$type_name}','{$type_email}','{$type_location}','{$type_phone}');"); header("Location: fhd_settings_action.php?type={$type}"); } else { //not verified, warning and exit! echo "<p class='save'>Warning: Verification Error!</p>"; exit; } } // </ADD> //check type variable $type = checkid($_GET['type']); $nacl = md5(AUTH_KEY . $db->get_var("select user_password from site_users where user_id = {$user_id};"));
<?php include "fhd_config.php"; if (ALLOW_REGISTER == "yes") { include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); $q = $db->escape($_GET["q"]); $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); $q = $db->escape($q); $num = $db->get_var("select count(user_login) from site_users where user_login = '******';"); if ($num == 0) { echo "<i class='glyphicon glyphicon-ok'></i> <small><em>available</em></small>"; } else { echo "<i class='glyphicon glyphicon-ban-circle'></i> <small><em>name not available</em></small>"; } }
<?php include "fhd_config.php"; include "includes/header.php"; include "includes/all-nav.php"; include "includes/ez_sql_core.php"; include "includes/ez_sql_mysqli.php"; include "includes/functions.php"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); $actionstatus = ""; // <UPDATE> //to do: need to check for duplicates... if (isset($_POST['nacl'])) { if ($_POST['nacl'] == md5(AUTH_KEY . $db->get_var("select last_login from site_users where user_id = {$user_id};"))) { //authentication verified, continue. $type_id = checkid($_POST['type_id']); $type_name = $db->escape($_POST['type_name']); // $type_email = $db->escape($_POST['type_email']); // $type_location = $db->escape($_POST['type_location']); // $type_phone = $db->escape($_POST['type_phone']); // $db->query("UPDATE site_types SET type_name='$type_name',type_email='$type_email',type_location='$type_location',type_phone='$type_phone' WHERE type_id = $type_id;"); $db->query("UPDATE site_types SET type_name='{$type_name}' WHERE type_id = {$type_id};"); $actionstatus = "<div class=\"alert alert-success\" style=\"max-width: 250px;\">\n <button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button>\n Updated.\n </div>"; } } // </UPDATE> //check type variable $type_id = checkid($_GET['id']); $num = $db->get_var("select count(type_id) from site_types where type_id = {$type_id};"); if ($num == 0) { echo "<p>Type does not exist (error 2)</p>"; include "includes/footer.php";