Applied fixes from StyleCI

This commit is contained in:
Daniil Gentili 2016-07-07 18:39:33 -04:00 committed by StyleCI Bot
parent e1e1215f1b
commit 6927b7f51a
17 changed files with 373 additions and 341 deletions

View File

@ -1,53 +1,65 @@
<?php
ini_set("log_errors", 1);
error_log( "Hello, errors (3)!" );
ini_set('log_errors', 1);
error_log('Hello, errors (3)!');
include 'db_connect.php';
include 'functions.php';
$action = $_POST['action'];
$username = $_POST['username'];
$password = $_POST['p'];
$type = $_POST['type'];
$password = $_POST['p'];
$type = $_POST['type'];
sec_session_start();
error_log("action is $action and username is $username");
if(login_check($pdo) == true) {
if($action == "del" && $username != "") {
if ($insert_stmt = $pdo->prepare("DELETE from members WHERE id=?")) {
$insert_stmt->execute(array($username));
if (login_check($pdo) == true) {
if ($action == 'del' && $username != '') {
if ($insert_stmt = $pdo->prepare('DELETE from members WHERE id=?')) {
$insert_stmt->execute([$username]);
// Esegui la query ottenuta.
if($insert_stmt->rowCount() != "0") { exit("ok"); } else { exit("false"); };
};
};
if ($action == "pass" && $username != "" && $password != "") {
if ($insert_stmt->rowCount() != '0') {
exit('ok');
} else {
exit('false');
}
}
}
if ($action == 'pass' && $username != '' && $password != '') {
// Crea una chiave casuale
$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
// Crea una password usando la chiave appena creata.
$password = hash('sha512', $password.$random_salt);
// Inserisci a questo punto il codice SQL per eseguire la INSERT nel tuo database
// Assicurati di usare statement SQL 'prepared'.
if ($insert_stmt = $pdo->prepare("UPDATE members set password=?, salt=? WHERE id=?")) {
$insert_stmt->execute(array($password, $random_salt, $username));
if ($insert_stmt = $pdo->prepare('UPDATE members set password=?, salt=? WHERE id=?')) {
$insert_stmt->execute([$password, $random_salt, $username]);
// Esegui la query ottenuta.
if($insert_stmt->rowCount() != "0") { exit("ok"); } else { exit("false"); };
};
};
if ($action == "type" && $username != "" && $type != "") {
// Inserisci a questo punto il codice SQL per eseguire la INSERT nel tuo database
if ($insert_stmt->rowCount() != '0') {
exit('ok');
} else {
exit('false');
}
}
}
if ($action == 'type' && $username != '' && $type != '') {
// Inserisci a questo punto il codice SQL per eseguire la INSERT nel tuo database
// Assicurati di usare statement SQL 'prepared'.
if ($insert_stmt = $pdo->prepare("UPDATE members set usertype=? WHERE id=?")) {
$insert_stmt->execute(array($type, $username));
if ($insert_stmt = $pdo->prepare('UPDATE members set usertype=? WHERE id=?')) {
$insert_stmt->execute([$type, $username]);
// Esegui la query ottenuta.
if($insert_stmt->rowCount() != "0") { exit("ok"); } else { exit("false"); };
};
};
if ($insert_stmt->rowCount() != '0') {
exit('ok');
} else {
exit('false');
}
}
}
header('Location: https://controllo.autocontrollo.ch/');
} else exit("false");
} else {
exit('false');
}
?>

View File

@ -1,5 +1,6 @@
<?php
$usversubject = "Email verification for autocontrollo.ch";
$usversubject = 'Email verification for autocontrollo.ch';
$usverbody = "Hello $username!
You just signed up to autocontrollo.ch with this email: you should verify it so that we know that you're not a bot.
To do that, simply click on the following url or copy and paste it in your address bar:
@ -29,5 +30,3 @@ Bye!
";
$adverhttpbody = "Hello $adminusername!<br>$name ($username) just signed up to autocontrollo.ch using your structure&apos;s id.<br>Please navigate to controllo.autocontrollo.ch and activate the user.<br>If you don&apos;t know this $username, you should delete him/her from the user list.<br>Bye!
";
?>

View File

@ -1,103 +1,112 @@
<?php
function sec_session_start() {
$session_name = 'sec_session_id'; // Imposta un nome di sessione
function sec_session_start()
{
$session_name = 'sec_session_id'; // Imposta un nome di sessione
$secure = true; // Imposta il parametro a true se vuoi usare il protocollo 'https'.
$httponly = true; // Questo impedirà ad un javascript di essere in grado di accedere all'id di sessione.
ini_set('session.use_only_cookies', 1); // Forza la sessione ad utilizzare solo i cookie.
$cookieParams = session_get_cookie_params(); // Legge i parametri correnti relativi ai cookie.
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_name($session_name); // Imposta il nome di sessione con quello prescelto all'inizio della funzione.
session_set_cookie_params($cookieParams['lifetime'], $cookieParams['path'], $cookieParams['domain'], $secure, $httponly);
session_name($session_name); // Imposta il nome di sessione con quello prescelto all'inizio della funzione.
session_start(); // Avvia la sessione php.
session_regenerate_id(); // Rigenera la sessione e cancella quella creata in precedenza.
}
function login($username, $password, $pdo) {
if ($stmt = $pdo->prepare("SELECT id, password, salt, usertype, sid FROM members WHERE username = ?")) {
$stmt->execute(array($username));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$user_id = $row['id'];
$usertype = $row['usertype'];
$sid = $row['sid'];
$db_password = $row['password'];
$salt = $row['salt'];
$count = $stmt->rowCount();
$password = hash('sha512', $password.$salt); // codifica la password usando una chiave univoca.
if($count == 1) {
if(checkbrute($user_id, $pdo) == true) {
return false;
} else {
if($db_password == $password) {
$user_browser = $_SERVER['HTTP_USER_AGENT']; // Recupero il parametro 'user-agent' relativo all'utente corrente.
$user_id = preg_replace("/[^0-9]+/", "", $user_id); // ci proteggiamo da un attacco XSS
$_SESSION['user_id'] = $user_id;
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // ci proteggiamo da un attacco XSS
function login($username, $password, $pdo)
{
if ($stmt = $pdo->prepare('SELECT id, password, salt, usertype, sid FROM members WHERE username = ?')) {
$stmt->execute([$username]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$user_id = $row['id'];
$usertype = $row['usertype'];
$sid = $row['sid'];
$db_password = $row['password'];
$salt = $row['salt'];
$count = $stmt->rowCount();
$password = hash('sha512', $password.$salt); // codifica la password usando una chiave univoca.
if ($count == 1) {
if (checkbrute($user_id, $pdo) == true) {
return false;
} else {
if ($db_password == $password) {
$user_browser = $_SERVER['HTTP_USER_AGENT']; // Recupero il parametro 'user-agent' relativo all'utente corrente.
$user_id = preg_replace('/[^0-9]+/', '', $user_id); // ci proteggiamo da un attacco XSS
$_SESSION['user_id'] = $user_id;
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", '', $username); // ci proteggiamo da un attacco XSS
$_SESSION['username'] = $username;
$_SESSION['usertype'] = $usertype;
$_SESSION['sid'] = $sid;
$_SESSION['login_string'] = hash('sha512', $password.$user_browser);
$_SESSION['usertype'] = $usertype;
$_SESSION['sid'] = $sid;
$_SESSION['login_string'] = hash('sha512', $password.$user_browser);
// Login eseguito con successo.
return true;
} else {
// Password incorretta.
return true;
} else {
// Password incorretta.
// Registriamo il tentativo fallito nel database.
$now = time();
$pdo->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')");
return false;
}
}
$pdo->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')");
return false;
}
}
} else {
// L'utente inserito non esiste.
// L'utente inserito non esiste.
return false;
}
}
}
}
function checkbrute($user_id, $pdo) {
// Recupero il timestamp
function checkbrute($user_id, $pdo)
{
// Recupero il timestamp
$now = time();
$valid_attempts = $now - (2 * 60 * 60);
if ($stmt = $pdo->prepare("SELECT time FROM login_attempts WHERE user_id = ? AND time > ?")) {
$stmt->execute(array($user_id, $valid_attempts));
if($stmt->rowCount() > 20) {
return true;
} else {
return false;
}
}
}
function login_check($pdo) {
// Verifica che tutte le variabili di sessione siano impostate correttamente
if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
$user_id = $_SESSION['user_id'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
$user_browser = $_SERVER['HTTP_USER_AGENT']; // reperisce la stringa 'user-agent' dell'utente.
if ($stmt = $pdo->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) {
$stmt->execute(array($user_id)); // esegue il bind del parametro '$user_id'.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$count = $stmt->rowCount();
if($count == 1) {
$password = $row['password'];
$login_check = hash('sha512', $password.$user_browser);
if($login_check == $login_string) {
// Login eseguito!!!!
return true;
} else {
error_log("Wrong login string for $username");
return false;
}
$valid_attempts = $now - (2 * 60 * 60);
if ($stmt = $pdo->prepare('SELECT time FROM login_attempts WHERE user_id = ? AND time > ?')) {
$stmt->execute([$user_id, $valid_attempts]);
if ($stmt->rowCount() > 20) {
return true;
} else {
error_log("Couldnt find $username");
return false;
}
}
}
function login_check($pdo)
{
// Verifica che tutte le variabili di sessione siano impostate correttamente
if (isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
$user_id = $_SESSION['user_id'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
$user_browser = $_SERVER['HTTP_USER_AGENT']; // reperisce la stringa 'user-agent' dell'utente.
if ($stmt = $pdo->prepare('SELECT password FROM members WHERE id = ? LIMIT 1')) {
$stmt->execute([$user_id]); // esegue il bind del parametro '$user_id'.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$count = $stmt->rowCount();
if ($count == 1) {
$password = $row['password'];
$login_check = hash('sha512', $password.$user_browser);
if ($login_check == $login_string) {
// Login eseguito!!!!
return true;
} else {
error_log("Wrong login string for $username");
return false;
}
} else {
error_log("Couldnt find $username");
return false;
}
} else {
error_log("Couldnt select pass $username");
return false;
error_log("Couldnt select pass $username");
return false;
}
} else {
error_log("Vars not set 4 $username");
return false;
error_log("Vars not set 4 $username");
return false;
}
}
?>

View File

@ -1,6 +1,6 @@
<?php
ini_set("log_errors", 1);
ini_set('log_errors', 1);
error_reporting(E_ALL);
include 'db_connect.php';
include 'functions.php';
@ -9,42 +9,46 @@ include 'pages.php';
// Inserisci in questo punto il codice per la connessione al DB e l'utilizzo delle varie funzioni.
sec_session_start();
echo $head;
if(login_check($pdo) == true) {
$curuser = $_SESSION['username'];
$usertype = $_SESSION['usertype'];
$curpage = $_GET['p'];
if($curpage == "") { $curpage = "none"; };
if (login_check($pdo) == true) {
$curuser = $_SESSION['username'];
$usertype = $_SESSION['usertype'];
$curpage = $_GET['p'];
if ($curpage == '') {
$curpage = 'none';
}
switch ($usertype) {
switch ($usertype) {
// Admin
case 1:
$pages = [
["Autocontrollo", "none"],
["Manage users", "usermgmt"]
['Autocontrollo', 'none'],
['Manage users', 'usermgmt'],
];
break;
default:
$pages = [
["Autocontrollo", "none"],
['Autocontrollo', 'none'],
];
};
declarenav($pages);
foreach ($pages as list($name, $page)) {
if($page == $curpage){
$func = "declare".$page."();";
eval ("$func");
$done = "y";
};
};
if($done != "y") { $error = "y"; declarenone(); };
}
declarenav($pages);
foreach ($pages as list($name, $page)) {
if ($page == $curpage) {
$func = 'declare'.$page.'();';
eval("$func");
$done = 'y';
}
}
if ($done != 'y') {
$error = 'y';
declarenone();
}
} else {
declarenavbase();
if($_GET['p'] == "signup") {
declaresignup();
} else {
declarelogin();
};
};
declarenavbase();
if ($_GET['p'] == 'signup') {
declaresignup();
} else {
declarelogin();
}
}
echo $footer;
?>

View File

@ -1,6 +1,6 @@
<?php
error_log( "Hello, errors (2)!" );
error_log('Hello, errors (2)!');
include 'db_connect.php';
include 'functions.php';
@ -13,58 +13,58 @@ $username = $_POST['username'];
$response = $_POST['response'];
$password = $_POST['password'];
$fields = array(
'secret' => '6LfVZRITAAAAALN5A_Uq7E-cIraDyOtOazYJd9av',
'response' => "$response"
);
$fields = [
'secret' => '6LfVZRITAAAAALN5A_Uq7E-cIraDyOtOazYJd9av',
'response' => "$response",
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$fields);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$gresponse = curl_exec ($ch);
$gresponse = curl_exec($ch);
curl_close ($ch);
curl_close($ch);
$obj = json_decode($gresponse);
$result = $obj->{'success'};
// Check for empty fields
if($result != "true" || empty($_POST['name']) || empty($_POST['response']) || empty($_POST['sid']) || empty($_POST['email']) || empty($_POST['username'])|| !filter_var($_POST['email'],FILTER_VALIDATE_EMAIL) || empty($_POST['password'])){
exit("false");
};
if ($result != 'true' || empty($_POST['name']) || empty($_POST['response']) || empty($_POST['sid']) || empty($_POST['email']) || empty($_POST['username']) || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) || empty($_POST['password'])) {
exit('false');
}
$check_stmt = $pdotwo->prepare("SELECT Email, username FROM Strutture WHERE IdStruttura = ?;");
$check_stmt->execute(array($sid));
$check_stmt = $pdotwo->prepare('SELECT Email, username FROM Strutture WHERE IdStruttura = ?;');
$check_stmt->execute([$sid]);
$count = $check_stmt->rowCount();
$adminemail = $check_stmt->fetchColumn();
$adminusername = $check_stmt->fetchColumn(1);
$checktwo_stmt = $pdo->prepare("SELECT * FROM members WHERE username = ?;");
$checktwo_stmt->execute(array($username));
$checktwo_stmt = $pdo->prepare('SELECT * FROM members WHERE username = ?;');
$checktwo_stmt->execute([$username]);
$counttwo = $checktwo_stmt->rowCount();
if($count == "1" && $counttwo == "0") {
// Crea una chiave casuale
if ($count == '1' && $counttwo == '0') {
// Crea una chiave casuale
$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
// Crea una password usando la chiave appena creata.
$password = hash('sha512', $password.$random_salt);
$email_sha512 = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
$insert_stmt = $pdo->prepare("INSERT INTO members (name, sid, email, username, password, salt, email_sha512, usertype, verifyemail) VALUES (?, ?, ?, ?, ?, ?, ?, '0', '0');");
$insert_stmt->execute(array($name, $sid, $email, $username, $password, $random_salt, $email_sha512));
$count = $insert_stmt->rowCount();
if($count == "1") {
include 'emailtext.php';
sendmail($email, $usversubject, $usverbody, $usverhtmlbody, "");
sendmail($adminemail, $adversubject, $adverbody, $adverhtmlbody, "");
$email_sha512 = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
$insert_stmt = $pdo->prepare("INSERT INTO members (name, sid, email, username, password, salt, email_sha512, usertype, verifyemail) VALUES (?, ?, ?, ?, ?, ?, ?, '0', '0');");
$insert_stmt->execute([$name, $sid, $email, $username, $password, $random_salt, $email_sha512]);
$count = $insert_stmt->rowCount();
if ($count == '1') {
include 'emailtext.php';
sendmail($email, $usversubject, $usverbody, $usverhtmlbody, '');
sendmail($adminemail, $adversubject, $adverbody, $adverhtmlbody, '');
exit("ok");
} else exit("false");
exit('ok');
} else {
exit('false');
}
} else {
exit("false");
exit('false');
}
?>

View File

@ -1,19 +1,18 @@
<?php
ini_set("log_errors", 1);
error_log( "Hello, errors logout!" );
ini_set('log_errors', 1);
error_log('Hello, errors logout!');
include 'db_connect.php';
include 'functions.php';
sec_session_start();
// Elimina tutti i valori della sessione.
$username = $_SESSION['username'];
$pdo->query("UPDATE `members` SET `loggedin` = '0' where `members`.`username` = '$username'");
$_SESSION = array();
$_SESSION = [];
// Recupera i parametri di sessione.
$params = session_get_cookie_params();
// Cancella i cookie attuali.
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
// Cancella la sessione.
session_destroy();
header('Location: https://autocontrollo.ch');
?>

View File

@ -7,4 +7,3 @@ include 'pages/baseindex.php';
include 'pages/basesignup.php';
include 'pages/baseusers.php';
include 'pages/baseadmin.php';
?>

View File

@ -1,4 +1,5 @@
<?php
$head = '<!DOCTYPE html>
<html lang="en">
@ -104,4 +105,3 @@ $footer = '
</body>
</html>';
?>

View File

@ -1,40 +1,47 @@
<?php
function declareusermgmt(){
global $pdo;
$user_stmt = $pdo->query("SELECT * FROM members");
$rows = $user_stmt->fetchAll(PDO::FETCH_BOTH);
$types = [
["Non enabled user", "0"],
["Superadmin", "1"],
["Admin", "2"],
["Common user", "3"],
function declareusermgmt()
{
global $pdo;
$user_stmt = $pdo->query('SELECT * FROM members');
$rows = $user_stmt->fetchAll(PDO::FETCH_BOTH);
$types = [
['Non enabled user', '0'],
['Superadmin', '1'],
['Admin', '2'],
['Common user', '3'],
];
while ($row = array_shift($rows)) {
if($_SESSION["usertype"] == 1 || (($row["usertype"] > $_SESSION["usertype"] || $row["usertype"] == "0") && $row["sid"] == $_SESSION["sid"])){
while ($row = array_shift($rows)) {
if ($_SESSION['usertype'] == 1 || (($row['usertype'] > $_SESSION['usertype'] || $row['usertype'] == '0') && $row['sid'] == $_SESSION['sid'])) {
if ($row['verifyemail'] == 1) {
$vemail = 'yes';
} else {
$vemail = 'no';
}
if($row['verifyemail'] == 1) { $vemail = "yes"; } else { $vemail = "no"; };
foreach($types as list($text, $ut)){
if($_SESSION["usertype"] == 1 || ($ut > $_SESSION["usertype"] || $ut == "0")){
if($ut == $row["usertype"]) { $sel = "selected"; } else { $sel = ""; };
$options = "$options
foreach ($types as list($text, $ut)) {
if ($_SESSION['usertype'] == 1 || ($ut > $_SESSION['usertype'] || $ut == '0')) {
if ($ut == $row['usertype']) {
$sel = 'selected';
} else {
$sel = '';
}
$options = "$options
<option value=\"$ut\" $sel>$text</option>
";
};
};
$tr = "
}
}
$tr = "
$tr
<tr>
<th>".$row['id']."</th>
<th>".$row['username']."</th>
<th>".$row['name']."</th>
<th>".$row['sid']."</th>
<th>".$row['email']."</th>
<th>".$vemail."</th>
<th>".$row['id'].'</th>
<th>'.$row['username'].'</th>
<th>'.$row['name'].'</th>
<th>'.$row['sid'].'</th>
<th>'.$row['email'].'</th>
<th>'.$vemail.'</th>
<th>
<select id=\"".$row['id']."type\" onChange=\"changeusertype('".$row['id']."')\">
<select id="'.$row['id']."type\" onChange=\"changeusertype('".$row['id']."')\">
".$options."
</select>
</th>
@ -42,10 +49,10 @@ $tr
<th><input class=\"form-control\" type=\"password\" name=\"newname\" id=\"".$row['id']."pass\" Placeholder=\"New password\" onChange=\"changeuserpass('".$row['id']."')\"><input class=\"btn\" type=\"button\" value=\"go\"></th>
</tr>
";
$options = "";
};
};
echo "
$options = '';
}
}
echo "
<div class=\"row\">
<div class=\"box\">
<div class=\"col-lg-12\">
@ -79,6 +86,4 @@ $tr
</div>
</div>
";
};
?>
}

View File

@ -1,13 +1,14 @@
<?php
function declareindex($array) {
$username = $_SESSION['username'];
foreach ($array as $menu) {
$list = "$list<a href=\"https://controllo.autocontrollo.ch/?p=$menu\">$menu</a><br>";
};
function declareindex($array)
{
$username = $_SESSION['username'];
$content = '
foreach ($array as $menu) {
$list = "$list<a href=\"https://controllo.autocontrollo.ch/?p=$menu\">$menu</a><br>";
}
$content = '
<div class="container">
<div class="row">
@ -26,6 +27,5 @@ function declareindex($array) {
</div>
';
echo $content;
};
?>
echo $content;
}

View File

@ -1,12 +1,13 @@
<?php
function declarelogin() {
if(isset($_GET['error'])) {
$error = '
function declarelogin()
{
if (isset($_GET['error'])) {
$error = '
<h2 class="text-center">AN ERROR OCCURRED: PLEASE CHECK YOUR LOGIN CREDENTIALS AND TRY AGAIN.</h2>
';
};
$content = '
}
$content = '
<div class="container">
<div class="row">
@ -44,6 +45,5 @@ function declarelogin() {
</div>
</div>';
echo $content;
};
?>
echo $content;
}

View File

@ -1,7 +1,8 @@
<?php
function declarenavbase() {
$nav = '
function declarenavbase()
{
$nav = '
<body>
<div class="brand">Dido System</div>
@ -40,23 +41,24 @@ function declarenavbase() {
<!-- /.container -->
</nav>
';
echo $nav;
echo $nav;
}
function declarenav($array) {
$username = $_SESSION['username'];
function declarenav($array)
{
$username = $_SESSION['username'];
foreach ($array as list($name, $page)) {
if($page != "none") {
$navbar = "
foreach ($array as list($name, $page)) {
if ($page != 'none') {
$navbar = "
$navbar
<li>
<a href=\"https://controllo.autocontrollo.ch/?p=$page\">$name</a>
</li>
";
};
};
}
}
$nav = '
$nav = '
<body>
<div class="brand">Dido System</div>
<div class="address-bar">999 Campo Marzio | BELLINZONA, TI 6500, SWITZERLAND | Tél: +41 (0)78 848-92-94 | Fax: (887) 123-4567</div>
@ -98,6 +100,5 @@ $navbar
</nav>
';
echo $nav;
echo $nav;
}
?>

View File

@ -1,13 +1,13 @@
<?php
function declaresignup() {
if(isset($_GET['error'])) {
$error = '
function declaresignup()
{
if (isset($_GET['error'])) {
$error = '
<h2 class="text-center">AN ERROR OCCURRED: PLEASE CHECK YOUR LOGIN CREDENTIALS AND TRY AGAIN.</h2>
';
};
$content = '
}
$content = '
<div class="container">
<div class="row">
<div class="box">
@ -106,6 +106,5 @@ function declaresignup() {
</div>';
echo $content;
};
?>
echo $content;
}

View File

@ -1,41 +1,45 @@
<?php
function declarenone() {
global $pdo;
global $error;
global $pages;
if($_SESSION['usertype'] == "0"){
$text = "When your structure admin enables you, you will be able to do lots of intresting things on this website!";
} else {
$text = "ACTIONS:<br>";
foreach ($pages as list($name, $page)) {
if($page != "none") {
$text = "$text<a href=\"https://controllo.autocontrollo.ch/?p=$page\">$name</a><br>";
};
};
};
if($error == "y") { $errortxt = "<b>You have requested an invalid page. Please contact your structure admin.<br><br></b>"; };
function declarenone()
{
global $pdo;
global $error;
global $pages;
$u = 0;
if ($_SESSION['usertype'] == '0') {
$text = 'When your structure admin enables you, you will be able to do lots of intresting things on this website!';
} else {
$text = 'ACTIONS:<br>';
foreach ($pages as list($name, $page)) {
if ($page != 'none') {
$text = "$text<a href=\"https://controllo.autocontrollo.ch/?p=$page\">$name</a><br>";
}
}
}
if ($error == 'y') {
$errortxt = '<b>You have requested an invalid page. Please contact your structure admin.<br><br></b>';
}
$u = 0;
// Prepare pdo
$online = $pdo->prepare("SELECT loggedin FROM members WHERE sid = ?;");
// Exec
$online->execute(array($_SESSION['sid']));
$rows = $online->fetchAll(PDO::FETCH_BOTH);
$online = $pdo->prepare('SELECT loggedin FROM members WHERE sid = ?;');
while ($row = array_shift($rows)) {
$u = $u + $row["loggedin"];
};
if($u == "1"){
$u = "Currently there&apos;s 1 user online.";
} elseif($u == ""){
$u = "Currently there are 0 users online.";
} else {
$u = "Currently there are $u users online.";
};
echo '
// Exec
$online->execute([$_SESSION['sid']]);
$rows = $online->fetchAll(PDO::FETCH_BOTH);
while ($row = array_shift($rows)) {
$u = $u + $row['loggedin'];
}
if ($u == '1') {
$u = 'Currently there&apos;s 1 user online.';
} elseif ($u == '') {
$u = 'Currently there are 0 users online.';
} else {
$u = "Currently there are $u users online.";
}
echo '
<div class="container">
<div class="row">
@ -53,27 +57,27 @@ function declarenone() {
</div>
</div>
';
};
function declareuser() {
if ($st = $pdo->prepare("SELECT regolamento FROM members WHERE username=?")) {
$st->bind_param('s', $curuser);
}
function declareuser()
{
if ($st = $pdo->prepare('SELECT regolamento FROM members WHERE username=?')) {
$st->bind_param('s', $curuser);
// Esegui la query ottenuta.
$st->execute();
$st->bind_result($regol);
$st->fetch();
};
error_log("regol for $curuser is $regol", 0);
if($regol == "0") {
$top = "$itop";
$desc = "$idesc";
$section = "$isection";
} else {
$top = "$normtop";
$desc = "$normdesc";
$section = "$normsection";
};
echo '
$st->bind_result($regol);
$st->fetch();
}
error_log("regol for $curuser is $regol", 0);
if ($regol == '0') {
$top = "$itop";
$desc = "$idesc";
$section = "$isection";
} else {
$top = "$normtop";
$desc = "$normdesc";
$section = "$normsection";
}
echo '
<STYLE TYPE="text/css">
<!--
@page { margin-left: 0.79in; margin-right: 0.79in; margin-top: 0.98in; margin-bottom: 0.79in }
@ -163,7 +167,4 @@ function printDiv(divName) {
document.body.innerHTML = originalContents;
}
</script>';
};
?>
}

View File

@ -3,7 +3,7 @@
/*
$space = " ";
$fs = " ";
$tds = array("del", "passchange", "liberatoria", "corso", "email", "nome", "datadinascita", "luogodinascita", "residenza", "via", "cap", "n", "numero", "cf", "data", "printlib", "printiscr");
$tds = array("del", "passchange", "liberatoria", "corso", "email", "nome", "datadinascita", "luogodinascita", "residenza", "via", "cap", "n", "numero", "cf", "data", "printlib", "printiscr");
$th = "$space$fs$fs<th><b>Nome utente</b></th>\n";
@ -52,7 +52,7 @@
$printiscr = "";
$u = $row['loggedin'] + $u;
if($row['regolamento'] == "1") {
$regolamento = "&#x2713;";
$nome = $row['name'];
$email = $row['email'];
@ -183,5 +183,4 @@ $space<tbody>
</section>
';
*/
?>
*/;

View File

@ -1,22 +1,22 @@
<?php
error_log( "Hello, errors login!" );
error_log('Hello, errors login!');
include 'db_connect.php';
include 'functions.php';
sec_session_start(); // usiamo la nostra funzione per avviare una sessione php sicura
if(isset($_POST['username'], $_POST['p'])) {
$username = $_POST['username'];
$password = $_POST['p']; // Recupero la password criptata.
if (isset($_POST['username'], $_POST['p'])) {
$username = $_POST['username'];
$password = $_POST['p']; // Recupero la password criptata.
error_log("$username $password");
if(login($username, $password, $pdo) == true) {
// Login eseguito
if (login($username, $password, $pdo) == true) {
// Login eseguito
header('Location: https://controllo.autocontrollo.ch/');
$log = $pdo->prepare("UPDATE members SET loggedin = '1' where members.username = ?");
$log->execute(array("$username"));
} else {
header('Location: https://controllo.autocontrollo.ch/?error=1');
}
$log = $pdo->prepare("UPDATE members SET loggedin = '1' where members.username = ?");
$log->execute(["$username"]);
} else {
header('Location: https://controllo.autocontrollo.ch/?error=1');
}
} else {
// Le variabili corrette non sono state inviate a questa pagina dal metodo POST.
// Le variabili corrette non sono state inviate a questa pagina dal metodo POST.
echo 'Invalid Request';
}
?>

View File

@ -3,18 +3,23 @@
include 'db_connect.php';
include 'functions.php';
if($_GET['username'] != "" && $_GET['hash'] != "") {
$check_stmt = $pdo->prepare("SELECT email_sha512 FROM members WHERE username = ? AND verifyemail = '0';");
$check_stmt->execute(array($_GET['username']));
$hash = $check_stmt->fetchColumn();
$count = $check_stmt->rowCount();
if($count == "1" && $hash == $_GET['hash']){
$update_stmt = $pdo->prepare("UPDATE members SET verifyemail = '1' WHERE username = ?");
$update_stmt->execute(array($_GET['username']));
$count = $update_stmt->rowCount();
if($count == "1"){
echo "Email verified successfully!";
} else echo "An error occurred (3)!";
} else echo "An error occurred (2)!";
} else echo "An error occurred (1)!";
?>
if ($_GET['username'] != '' && $_GET['hash'] != '') {
$check_stmt = $pdo->prepare("SELECT email_sha512 FROM members WHERE username = ? AND verifyemail = '0';");
$check_stmt->execute([$_GET['username']]);
$hash = $check_stmt->fetchColumn();
$count = $check_stmt->rowCount();
if ($count == '1' && $hash == $_GET['hash']) {
$update_stmt = $pdo->prepare("UPDATE members SET verifyemail = '1' WHERE username = ?");
$update_stmt->execute([$_GET['username']]);
$count = $update_stmt->rowCount();
if ($count == '1') {
echo 'Email verified successfully!';
} else {
echo 'An error occurred (3)!';
}
} else {
echo 'An error occurred (2)!';
}
} else {
echo 'An error occurred (1)!';
}