danog/user-management-bootstrap
1
0
Fork 0
mirror of https://github.com/danog/user-management-bootstrap.git synced 2024-11-30 04:29:09 +01:00
Code Issues Projects Releases Wiki Activity

Applied fixes from StyleCI

Browse Source
This commit is contained in:
Daniil Gentili 2016-07-07 18:39:33 -04:00 committed by StyleCI Bot
parent e1e1215f1b
commit 6927b7f51a
17 changed files with 373 additions and 341 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
admin.php
View File

@ -1,53 +1,65 @@
<?php <?php
ini_set("log_errors", 1); ini_set('log_errors', 1);
error_log( "Hello, errors (3)!" ); error_log('Hello, errors (3)!');
include 'db_connect.php'; include 'db_connect.php';
include 'functions.php'; include 'functions.php';
$action = $_POST['action']; $action = $_POST['action'];
$username = $_POST['username']; $username = $_POST['username'];
$password = $_POST['p']; $password = $_POST['p'];
$type = $_POST['type']; $type = $_POST['type'];
sec_session_start(); sec_session_start();
error_log("action is $action and username is $username"); error_log("action is $action and username is $username");
if(login_check($pdo) == true) { if (login_check($pdo) == true) {
if ($action == 'del' && $username != '') {
if ($insert_stmt = $pdo->prepare('DELETE from members WHERE id=?')) {
if($action == "del" && $username != "") { $insert_stmt->execute([$username]);
if ($insert_stmt = $pdo->prepare("DELETE from members WHERE id=?")) {
$insert_stmt->execute(array($username));
// Esegui la query ottenuta. // Esegui la query ottenuta.
if($insert_stmt->rowCount() != "0") { exit("ok"); } else { exit("false"); }; if ($insert_stmt->rowCount() != '0') {
}; exit('ok');
}; } else {
exit('false');
if ($action == "pass" && $username != "" && $password != "") { }
}
}
if ($action == 'pass' && $username != '' && $password != '') {
// Crea una chiave casuale // Crea una chiave casuale
$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
// Crea una password usando la chiave appena creata. // Crea una password usando la chiave appena creata.
$password = hash('sha512', $password.$random_salt); $password = hash('sha512', $password.$random_salt);
// Inserisci a questo punto il codice SQL per eseguire la INSERT nel tuo database // Inserisci a questo punto il codice SQL per eseguire la INSERT nel tuo database
// Assicurati di usare statement SQL 'prepared'. // Assicurati di usare statement SQL 'prepared'.
if ($insert_stmt = $pdo->prepare("UPDATE members set password=?, salt=? WHERE id=?")) { if ($insert_stmt = $pdo->prepare('UPDATE members set password=?, salt=? WHERE id=?')) {
$insert_stmt->execute(array($password, $random_salt, $username)); $insert_stmt->execute([$password, $random_salt, $username]);
// Esegui la query ottenuta. // Esegui la query ottenuta.
if($insert_stmt->rowCount() != "0") { exit("ok"); } else { exit("false"); }; if ($insert_stmt->rowCount() != '0') {
}; exit('ok');
}; } else {
exit('false');
if ($action == "type" && $username != "" && $type != "") { }
// Inserisci a questo punto il codice SQL per eseguire la INSERT nel tuo database }
}
if ($action == 'type' && $username != '' && $type != '') {
// Inserisci a questo punto il codice SQL per eseguire la INSERT nel tuo database
// Assicurati di usare statement SQL 'prepared'. // Assicurati di usare statement SQL 'prepared'.
if ($insert_stmt = $pdo->prepare("UPDATE members set usertype=? WHERE id=?")) { if ($insert_stmt = $pdo->prepare('UPDATE members set usertype=? WHERE id=?')) {
$insert_stmt->execute(array($type, $username)); $insert_stmt->execute([$type, $username]);
// Esegui la query ottenuta. // Esegui la query ottenuta.
if($insert_stmt->rowCount() != "0") { exit("ok"); } else { exit("false"); }; if ($insert_stmt->rowCount() != '0') {
}; exit('ok');
}; } else {
exit('false');
}
}
}
header('Location: https://controllo.autocontrollo.ch/'); header('Location: https://controllo.autocontrollo.ch/');
} else exit("false"); } else {
exit('false');
}
?> ?>

5
emailtext.php
View File

@ -1,5 +1,6 @@
<?php <?php
$usversubject = "Email verification for autocontrollo.ch";
$usversubject = 'Email verification for autocontrollo.ch';
$usverbody = "Hello $username! $usverbody = "Hello $username!
You just signed up to autocontrollo.ch with this email: you should verify it so that we know that you're not a bot. You just signed up to autocontrollo.ch with this email: you should verify it so that we know that you're not a bot.
To do that, simply click on the following url or copy and paste it in your address bar: To do that, simply click on the following url or copy and paste it in your address bar:
@ -29,5 +30,3 @@ Bye!
"; ";
$adverhttpbody = "Hello $adminusername!<br>$name ($username) just signed up to autocontrollo.ch using your structure&apos;s id.<br>Please navigate to controllo.autocontrollo.ch and activate the user.<br>If you don&apos;t know this $username, you should delete him/her from the user list.<br>Bye! $adverhttpbody = "Hello $adminusername!<br>$name ($username) just signed up to autocontrollo.ch using your structure&apos;s id.<br>Please navigate to controllo.autocontrollo.ch and activate the user.<br>If you don&apos;t know this $username, you should delete him/her from the user list.<br>Bye!
"; ";
?>

161
functions.php
View File

@ -1,103 +1,112 @@
<?php <?php
function sec_session_start() {
$session_name = 'sec_session_id'; // Imposta un nome di sessione function sec_session_start()
{
$session_name = 'sec_session_id'; // Imposta un nome di sessione
$secure = true; // Imposta il parametro a true se vuoi usare il protocollo 'https'. $secure = true; // Imposta il parametro a true se vuoi usare il protocollo 'https'.
$httponly = true; // Questo impedirà ad un javascript di essere in grado di accedere all'id di sessione. $httponly = true; // Questo impedirà ad un javascript di essere in grado di accedere all'id di sessione.
ini_set('session.use_only_cookies', 1); // Forza la sessione ad utilizzare solo i cookie. ini_set('session.use_only_cookies', 1); // Forza la sessione ad utilizzare solo i cookie.
$cookieParams = session_get_cookie_params(); // Legge i parametri correnti relativi ai cookie. $cookieParams = session_get_cookie_params(); // Legge i parametri correnti relativi ai cookie.
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); session_set_cookie_params($cookieParams['lifetime'], $cookieParams['path'], $cookieParams['domain'], $secure, $httponly);
session_name($session_name); // Imposta il nome di sessione con quello prescelto all'inizio della funzione. session_name($session_name); // Imposta il nome di sessione con quello prescelto all'inizio della funzione.
session_start(); // Avvia la sessione php. session_start(); // Avvia la sessione php.
session_regenerate_id(); // Rigenera la sessione e cancella quella creata in precedenza. session_regenerate_id(); // Rigenera la sessione e cancella quella creata in precedenza.
} }
function login($username, $password, $pdo) { function login($username, $password, $pdo)
if ($stmt = $pdo->prepare("SELECT id, password, salt, usertype, sid FROM members WHERE username = ?")) { {
$stmt->execute(array($username)); if ($stmt = $pdo->prepare('SELECT id, password, salt, usertype, sid FROM members WHERE username = ?')) {
$row = $stmt->fetch(PDO::FETCH_ASSOC); $stmt->execute([$username]);
$user_id = $row['id']; $row = $stmt->fetch(PDO::FETCH_ASSOC);
$usertype = $row['usertype']; $user_id = $row['id'];
$sid = $row['sid']; $usertype = $row['usertype'];
$db_password = $row['password']; $sid = $row['sid'];
$salt = $row['salt']; $db_password = $row['password'];
$count = $stmt->rowCount(); $salt = $row['salt'];
$password = hash('sha512', $password.$salt); // codifica la password usando una chiave univoca. $count = $stmt->rowCount();
if($count == 1) { $password = hash('sha512', $password.$salt); // codifica la password usando una chiave univoca.
if(checkbrute($user_id, $pdo) == true) { if ($count == 1) {
return false; if (checkbrute($user_id, $pdo) == true) {
} else { return false;
if($db_password == $password) { } else {
$user_browser = $_SERVER['HTTP_USER_AGENT']; // Recupero il parametro 'user-agent' relativo all'utente corrente. if ($db_password == $password) {
$user_id = preg_replace("/[^0-9]+/", "", $user_id); // ci proteggiamo da un attacco XSS $user_browser = $_SERVER['HTTP_USER_AGENT']; // Recupero il parametro 'user-agent' relativo all'utente corrente.
$_SESSION['user_id'] = $user_id; $user_id = preg_replace('/[^0-9]+/', '', $user_id); // ci proteggiamo da un attacco XSS
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // ci proteggiamo da un attacco XSS $_SESSION['user_id'] = $user_id;
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", '', $username); // ci proteggiamo da un attacco XSS
$_SESSION['username'] = $username; $_SESSION['username'] = $username;
$_SESSION['usertype'] = $usertype; $_SESSION['usertype'] = $usertype;
$_SESSION['sid'] = $sid; $_SESSION['sid'] = $sid;
$_SESSION['login_string'] = hash('sha512', $password.$user_browser); $_SESSION['login_string'] = hash('sha512', $password.$user_browser);
// Login eseguito con successo. // Login eseguito con successo.
return true; return true;
} else { } else {
// Password incorretta. // Password incorretta.
// Registriamo il tentativo fallito nel database. // Registriamo il tentativo fallito nel database.
$now = time(); $now = time();
$pdo->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')"); $pdo->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')");
return false;
} return false;
} }
}
} else { } else {
// L'utente inserito non esiste. // L'utente inserito non esiste.
return false; return false;
} }
} }
} }
function checkbrute($user_id, $pdo) { function checkbrute($user_id, $pdo)
// Recupero il timestamp {
// Recupero il timestamp
$now = time(); $now = time();
$valid_attempts = $now - (2 * 60 * 60); $valid_attempts = $now - (2 * 60 * 60);
if ($stmt = $pdo->prepare("SELECT time FROM login_attempts WHERE user_id = ? AND time > ?")) { if ($stmt = $pdo->prepare('SELECT time FROM login_attempts WHERE user_id = ? AND time > ?')) {
$stmt->execute(array($user_id, $valid_attempts)); $stmt->execute([$user_id, $valid_attempts]);
if($stmt->rowCount() > 20) { if ($stmt->rowCount() > 20) {
return true; return true;
} else {
return false;
}
}
}
function login_check($pdo) {
// Verifica che tutte le variabili di sessione siano impostate correttamente
if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
$user_id = $_SESSION['user_id'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
$user_browser = $_SERVER['HTTP_USER_AGENT']; // reperisce la stringa 'user-agent' dell'utente.
if ($stmt = $pdo->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) {
$stmt->execute(array($user_id)); // esegue il bind del parametro '$user_id'.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$count = $stmt->rowCount();
if($count == 1) {
$password = $row['password'];
$login_check = hash('sha512', $password.$user_browser);
if($login_check == $login_string) {
// Login eseguito!!!!
return true;
} else {
error_log("Wrong login string for $username");
return false;
}
} else { } else {
error_log("Couldnt find $username");
return false; return false;
} }
}
}
function login_check($pdo)
{
// Verifica che tutte le variabili di sessione siano impostate correttamente
if (isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
$user_id = $_SESSION['user_id'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
$user_browser = $_SERVER['HTTP_USER_AGENT']; // reperisce la stringa 'user-agent' dell'utente.
if ($stmt = $pdo->prepare('SELECT password FROM members WHERE id = ? LIMIT 1')) {
$stmt->execute([$user_id]); // esegue il bind del parametro '$user_id'.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$count = $stmt->rowCount();
if ($count == 1) {
$password = $row['password'];
$login_check = hash('sha512', $password.$user_browser);
if ($login_check == $login_string) {
// Login eseguito!!!!
return true;
} else {
error_log("Wrong login string for $username");
return false;
}
} else {
error_log("Couldnt find $username");
return false;
}
} else { } else {
error_log("Couldnt select pass $username"); error_log("Couldnt select pass $username");
return false;
return false;
} }
} else { } else {
error_log("Vars not set 4 $username"); error_log("Vars not set 4 $username");
return false;
return false;
} }
} }
?>

62
index.php
View File

@ -1,6 +1,6 @@
<?php <?php
ini_set("log_errors", 1); ini_set('log_errors', 1);
error_reporting(E_ALL); error_reporting(E_ALL);
include 'db_connect.php'; include 'db_connect.php';
include 'functions.php'; include 'functions.php';
@ -9,42 +9,46 @@ include 'pages.php';
// Inserisci in questo punto il codice per la connessione al DB e l'utilizzo delle varie funzioni. // Inserisci in questo punto il codice per la connessione al DB e l'utilizzo delle varie funzioni.
sec_session_start(); sec_session_start();
echo $head; echo $head;
if(login_check($pdo) == true) { if (login_check($pdo) == true) {
$curuser = $_SESSION['username']; $curuser = $_SESSION['username'];
$usertype = $_SESSION['usertype']; $usertype = $_SESSION['usertype'];
$curpage = $_GET['p']; $curpage = $_GET['p'];
if($curpage == "") { $curpage = "none"; }; if ($curpage == '') {
$curpage = 'none';
}
switch ($usertype) { switch ($usertype) {
// Admin // Admin
case 1: case 1:
$pages = [ $pages = [
["Autocontrollo", "none"], ['Autocontrollo', 'none'],
["Manage users", "usermgmt"] ['Manage users', 'usermgmt'],
]; ];
break; break;
default: default:
$pages = [ $pages = [
["Autocontrollo", "none"], ['Autocontrollo', 'none'],
]; ];
}; }
declarenav($pages); declarenav($pages);
foreach ($pages as list($name, $page)) { foreach ($pages as list($name, $page)) {
if($page == $curpage){ if ($page == $curpage) {
$func = "declare".$page."();"; $func = 'declare'.$page.'();';
eval ("$func"); eval("$func");
$done = "y"; $done = 'y';
}; }
}; }
if($done != "y") { $error = "y"; declarenone(); }; if ($done != 'y') {
$error = 'y';
declarenone();
}
} else { } else {
declarenavbase(); declarenavbase();
if($_GET['p'] == "signup") { if ($_GET['p'] == 'signup') {
declaresignup(); declaresignup();
} else { } else {
declarelogin(); declarelogin();
}; }
}; }
echo $footer; echo $footer;
?>

62
iscrizioni.php
View File

@ -1,6 +1,6 @@
<?php <?php
error_log( "Hello, errors (2)!" ); error_log('Hello, errors (2)!');
include 'db_connect.php'; include 'db_connect.php';
include 'functions.php'; include 'functions.php';
@ -13,58 +13,58 @@ $username = $_POST['username'];
$response = $_POST['response']; $response = $_POST['response'];
$password = $_POST['password']; $password = $_POST['password'];
$fields = array( $fields = [
'secret' => '6LfVZRITAAAAALN5A_Uq7E-cIraDyOtOazYJd9av', 'secret' => '6LfVZRITAAAAALN5A_Uq7E-cIraDyOtOazYJd9av',
'response' => "$response" 'response' => "$response",
); ];
$ch = curl_init(); $ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://www.google.com/recaptcha/api/siteverify"); curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$fields); curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$gresponse = curl_exec ($ch); $gresponse = curl_exec($ch);
curl_close ($ch); curl_close($ch);
$obj = json_decode($gresponse); $obj = json_decode($gresponse);
$result = $obj->{'success'}; $result = $obj->{'success'};
// Check for empty fields // Check for empty fields
if($result != "true" || empty($_POST['name']) || empty($_POST['response']) || empty($_POST['sid']) || empty($_POST['email']) || empty($_POST['username'])|| !filter_var($_POST['email'],FILTER_VALIDATE_EMAIL) || empty($_POST['password'])){ if ($result != 'true' || empty($_POST['name']) || empty($_POST['response']) || empty($_POST['sid']) || empty($_POST['email']) || empty($_POST['username']) || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) || empty($_POST['password'])) {
exit("false"); exit('false');
}; }
$check_stmt = $pdotwo->prepare("SELECT Email, username FROM Strutture WHERE IdStruttura = ?;"); $check_stmt = $pdotwo->prepare('SELECT Email, username FROM Strutture WHERE IdStruttura = ?;');
$check_stmt->execute(array($sid)); $check_stmt->execute([$sid]);
$count = $check_stmt->rowCount(); $count = $check_stmt->rowCount();
$adminemail = $check_stmt->fetchColumn(); $adminemail = $check_stmt->fetchColumn();
$adminusername = $check_stmt->fetchColumn(1); $adminusername = $check_stmt->fetchColumn(1);
$checktwo_stmt = $pdo->prepare("SELECT * FROM members WHERE username = ?;"); $checktwo_stmt = $pdo->prepare('SELECT * FROM members WHERE username = ?;');
$checktwo_stmt->execute(array($username)); $checktwo_stmt->execute([$username]);
$counttwo = $checktwo_stmt->rowCount(); $counttwo = $checktwo_stmt->rowCount();
if($count == "1" && $counttwo == "0") { if ($count == '1' && $counttwo == '0') {
// Crea una chiave casuale // Crea una chiave casuale
$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
// Crea una password usando la chiave appena creata. // Crea una password usando la chiave appena creata.
$password = hash('sha512', $password.$random_salt); $password = hash('sha512', $password.$random_salt);
$email_sha512 = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true)); $email_sha512 = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
$insert_stmt = $pdo->prepare("INSERT INTO members (name, sid, email, username, password, salt, email_sha512, usertype, verifyemail) VALUES (?, ?, ?, ?, ?, ?, ?, '0', '0');"); $insert_stmt = $pdo->prepare("INSERT INTO members (name, sid, email, username, password, salt, email_sha512, usertype, verifyemail) VALUES (?, ?, ?, ?, ?, ?, ?, '0', '0');");
$insert_stmt->execute(array($name, $sid, $email, $username, $password, $random_salt, $email_sha512)); $insert_stmt->execute([$name, $sid, $email, $username, $password, $random_salt, $email_sha512]);
$count = $insert_stmt->rowCount(); $count = $insert_stmt->rowCount();
if($count == "1") { if ($count == '1') {
include 'emailtext.php'; include 'emailtext.php';
sendmail($email, $usversubject, $usverbody, $usverhtmlbody, ""); sendmail($email, $usversubject, $usverbody, $usverhtmlbody, '');
sendmail($adminemail, $adversubject, $adverbody, $adverhtmlbody, ""); sendmail($adminemail, $adversubject, $adverbody, $adverhtmlbody, '');
exit("ok"); exit('ok');
} else exit("false"); } else {
exit('false');
}
} else { } else {
exit("false"); exit('false');
} }
?>

11
logout.php
View File

@ -1,19 +1,18 @@
<?php <?php
ini_set("log_errors", 1);
error_log( "Hello, errors logout!" ); ini_set('log_errors', 1);
error_log('Hello, errors logout!');
include 'db_connect.php'; include 'db_connect.php';
include 'functions.php'; include 'functions.php';
sec_session_start(); sec_session_start();
// Elimina tutti i valori della sessione. // Elimina tutti i valori della sessione.
$username = $_SESSION['username']; $username = $_SESSION['username'];
$pdo->query("UPDATE `members` SET `loggedin` = '0' where `members`.`username` = '$username'"); $pdo->query("UPDATE `members` SET `loggedin` = '0' where `members`.`username` = '$username'");
$_SESSION = array(); $_SESSION = [];
// Recupera i parametri di sessione. // Recupera i parametri di sessione.
$params = session_get_cookie_params(); $params = session_get_cookie_params();
// Cancella i cookie attuali. // Cancella i cookie attuali.
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]); setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
// Cancella la sessione. // Cancella la sessione.
session_destroy(); session_destroy();
header('Location: https://autocontrollo.ch'); header('Location: https://autocontrollo.ch');
?>

1
pages.php
View File

@ -7,4 +7,3 @@ include 'pages/baseindex.php';
include 'pages/basesignup.php'; include 'pages/basesignup.php';
include 'pages/baseusers.php'; include 'pages/baseusers.php';
include 'pages/baseadmin.php'; include 'pages/baseadmin.php';
?>

2
pages/base.php
View File

@ -1,4 +1,5 @@
<?php <?php
$head = '<!DOCTYPE html> $head = '<!DOCTYPE html>
<html lang="en"> <html lang="en">
@ -104,4 +105,3 @@ $footer = '
</body> </body>
</html>'; </html>';
?>

77
pages/baseadmin.php
View File

@ -1,40 +1,47 @@
<?php <?php
function declareusermgmt(){
global $pdo; function declareusermgmt()
$user_stmt = $pdo->query("SELECT * FROM members"); {
$rows = $user_stmt->fetchAll(PDO::FETCH_BOTH); global $pdo;
$types = [ $user_stmt = $pdo->query('SELECT * FROM members');
["Non enabled user", "0"], $rows = $user_stmt->fetchAll(PDO::FETCH_BOTH);
["Superadmin", "1"], $types = [
["Admin", "2"], ['Non enabled user', '0'],
["Common user", "3"], ['Superadmin', '1'],
['Admin', '2'],
['Common user', '3'],
]; ];
while ($row = array_shift($rows)) { while ($row = array_shift($rows)) {
if($_SESSION["usertype"] == 1 || (($row["usertype"] > $_SESSION["usertype"] || $row["usertype"] == "0") && $row["sid"] == $_SESSION["sid"])){ if ($_SESSION['usertype'] == 1 || (($row['usertype'] > $_SESSION['usertype'] || $row['usertype'] == '0') && $row['sid'] == $_SESSION['sid'])) {
if ($row['verifyemail'] == 1) {
$vemail = 'yes';
} else {
$vemail = 'no';
}
if($row['verifyemail'] == 1) { $vemail = "yes"; } else { $vemail = "no"; }; foreach ($types as list($text, $ut)) {
if ($_SESSION['usertype'] == 1 || ($ut > $_SESSION['usertype'] || $ut == '0')) {
foreach($types as list($text, $ut)){ if ($ut == $row['usertype']) {
if($_SESSION["usertype"] == 1 || ($ut > $_SESSION["usertype"] || $ut == "0")){ $sel = 'selected';
} else {
if($ut == $row["usertype"]) { $sel = "selected"; } else { $sel = ""; }; $sel = '';
$options = "$options }
$options = "$options
<option value=\"$ut\" $sel>$text</option> <option value=\"$ut\" $sel>$text</option>
"; ";
}; }
}
}; $tr = "
$tr = "
$tr $tr
<tr> <tr>
<th>".$row['id']."</th> <th>".$row['id'].'</th>
<th>".$row['username']."</th> <th>'.$row['username'].'</th>
<th>".$row['name']."</th> <th>'.$row['name'].'</th>
<th>".$row['sid']."</th> <th>'.$row['sid'].'</th>
<th>".$row['email']."</th> <th>'.$row['email'].'</th>
<th>".$vemail."</th> <th>'.$vemail.'</th>
<th> <th>
<select id=\"".$row['id']."type\" onChange=\"changeusertype('".$row['id']."')\"> <select id="'.$row['id']."type\" onChange=\"changeusertype('".$row['id']."')\">
".$options." ".$options."
</select> </select>
</th> </th>
@ -42,10 +49,10 @@ $tr
<th><input class=\"form-control\" type=\"password\" name=\"newname\" id=\"".$row['id']."pass\" Placeholder=\"New password\" onChange=\"changeuserpass('".$row['id']."')\"><input class=\"btn\" type=\"button\" value=\"go\"></th> <th><input class=\"form-control\" type=\"password\" name=\"newname\" id=\"".$row['id']."pass\" Placeholder=\"New password\" onChange=\"changeuserpass('".$row['id']."')\"><input class=\"btn\" type=\"button\" value=\"go\"></th>
</tr> </tr>
"; ";
$options = ""; $options = '';
}; }
}; }
echo " echo "
<div class=\"row\"> <div class=\"row\">
<div class=\"box\"> <div class=\"box\">
<div class=\"col-lg-12\"> <div class=\"col-lg-12\">
@ -79,6 +86,4 @@ $tr
</div> </div>
</div> </div>
"; ";
}
};
?>

20
pages/baseindex.php
View File

@ -1,13 +1,14 @@
<?php <?php
function declareindex($array) { function declareindex($array)
$username = $_SESSION['username']; {
$username = $_SESSION['username'];
foreach ($array as $menu) {
$list = "$list<a href=\"https://controllo.autocontrollo.ch/?p=$menu\">$menu</a><br>";
};
$content = ' foreach ($array as $menu) {
$list = "$list<a href=\"https://controllo.autocontrollo.ch/?p=$menu\">$menu</a><br>";
}
$content = '
<div class="container"> <div class="container">
<div class="row"> <div class="row">
@ -26,6 +27,5 @@ function declareindex($array) {
</div> </div>
'; ';
echo $content; echo $content;
}; }
?>

16
pages/baselogin.php
View File

@ -1,12 +1,13 @@
<?php <?php
function declarelogin() {
if(isset($_GET['error'])) { function declarelogin()
$error = ' {
if (isset($_GET['error'])) {
$error = '
<h2 class="text-center">AN ERROR OCCURRED: PLEASE CHECK YOUR LOGIN CREDENTIALS AND TRY AGAIN.</h2> <h2 class="text-center">AN ERROR OCCURRED: PLEASE CHECK YOUR LOGIN CREDENTIALS AND TRY AGAIN.</h2>
'; ';
}; }
$content = ' $content = '
<div class="container"> <div class="container">
<div class="row"> <div class="row">
@ -44,6 +45,5 @@ function declarelogin() {
</div> </div>
</div>'; </div>';
echo $content; echo $content;
}; }
?>

29
pages/basenav.php
View File

@ -1,7 +1,8 @@
<?php <?php
function declarenavbase() {
function declarenavbase()
$nav = ' {
$nav = '
<body> <body>
<div class="brand">Dido System</div> <div class="brand">Dido System</div>
@ -40,23 +41,24 @@ function declarenavbase() {
<!-- /.container --> <!-- /.container -->
</nav> </nav>
'; ';
echo $nav; echo $nav;
} }
function declarenav($array) { function declarenav($array)
$username = $_SESSION['username']; {
$username = $_SESSION['username'];
foreach ($array as list($name, $page)) { foreach ($array as list($name, $page)) {
if($page != "none") { if ($page != 'none') {
$navbar = " $navbar = "
$navbar $navbar
<li> <li>
<a href=\"https://controllo.autocontrollo.ch/?p=$page\">$name</a> <a href=\"https://controllo.autocontrollo.ch/?p=$page\">$name</a>
</li> </li>
"; ";
}; }
}; }
$nav = ' $nav = '
<body> <body>
<div class="brand">Dido System</div> <div class="brand">Dido System</div>
<div class="address-bar">999 Campo Marzio | BELLINZONA, TI 6500, SWITZERLAND | Tél: +41 (0)78 848-92-94 | Fax: (887) 123-4567</div> <div class="address-bar">999 Campo Marzio | BELLINZONA, TI 6500, SWITZERLAND | Tél: +41 (0)78 848-92-94 | Fax: (887) 123-4567</div>
@ -98,6 +100,5 @@ $navbar
</nav> </nav>
'; ';
echo $nav; echo $nav;
} }
?>

17
pages/basesignup.php
View File

@ -1,13 +1,13 @@
<?php <?php
function declaresignup() { function declaresignup()
{
if(isset($_GET['error'])) { if (isset($_GET['error'])) {
$error = ' $error = '
<h2 class="text-center">AN ERROR OCCURRED: PLEASE CHECK YOUR LOGIN CREDENTIALS AND TRY AGAIN.</h2> <h2 class="text-center">AN ERROR OCCURRED: PLEASE CHECK YOUR LOGIN CREDENTIALS AND TRY AGAIN.</h2>
'; ';
}; }
$content = ' $content = '
<div class="container"> <div class="container">
<div class="row"> <div class="row">
<div class="box"> <div class="box">
@ -106,6 +106,5 @@ function declaresignup() {
</div>'; </div>';
echo $content; echo $content;
}; }
?>

111
pages/baseusers.php
View File

@ -1,41 +1,45 @@
<?php <?php
function declarenone() {
global $pdo;
global $error;
global $pages;
if($_SESSION['usertype'] == "0"){ function declarenone()
$text = "When your structure admin enables you, you will be able to do lots of intresting things on this website!"; {
} else { global $pdo;
$text = "ACTIONS:<br>"; global $error;
foreach ($pages as list($name, $page)) { global $pages;
if($page != "none") {
$text = "$text<a href=\"https://controllo.autocontrollo.ch/?p=$page\">$name</a><br>";
};
};
};
if($error == "y") { $errortxt = "<b>You have requested an invalid page. Please contact your structure admin.<br><br></b>"; };
$u = 0; if ($_SESSION['usertype'] == '0') {
$text = 'When your structure admin enables you, you will be able to do lots of intresting things on this website!';
} else {
$text = 'ACTIONS:<br>';
foreach ($pages as list($name, $page)) {
if ($page != 'none') {
$text = "$text<a href=\"https://controllo.autocontrollo.ch/?p=$page\">$name</a><br>";
}
}
}
if ($error == 'y') {
$errortxt = '<b>You have requested an invalid page. Please contact your structure admin.<br><br></b>';
}
$u = 0;
// Prepare pdo // Prepare pdo
$online = $pdo->prepare("SELECT loggedin FROM members WHERE sid = ?;"); $online = $pdo->prepare('SELECT loggedin FROM members WHERE sid = ?;');
// Exec
$online->execute(array($_SESSION['sid']));
$rows = $online->fetchAll(PDO::FETCH_BOTH);
while ($row = array_shift($rows)) { // Exec
$u = $u + $row["loggedin"]; $online->execute([$_SESSION['sid']]);
}; $rows = $online->fetchAll(PDO::FETCH_BOTH);
if($u == "1"){
$u = "Currently there&apos;s 1 user online."; while ($row = array_shift($rows)) {
} elseif($u == ""){ $u = $u + $row['loggedin'];
$u = "Currently there are 0 users online."; }
} else { if ($u == '1') {
$u = "Currently there are $u users online."; $u = 'Currently there&apos;s 1 user online.';
}; } elseif ($u == '') {
echo ' $u = 'Currently there are 0 users online.';
} else {
$u = "Currently there are $u users online.";
}
echo '
<div class="container"> <div class="container">
<div class="row"> <div class="row">
@ -53,27 +57,27 @@ function declarenone() {
</div> </div>
</div> </div>
'; ';
}; }
function declareuser() { function declareuser()
{
if ($st = $pdo->prepare("SELECT regolamento FROM members WHERE username=?")) { if ($st = $pdo->prepare('SELECT regolamento FROM members WHERE username=?')) {
$st->bind_param('s', $curuser); $st->bind_param('s', $curuser);
// Esegui la query ottenuta. // Esegui la query ottenuta.
$st->execute(); $st->execute();
$st->bind_result($regol); $st->bind_result($regol);
$st->fetch(); $st->fetch();
}; }
error_log("regol for $curuser is $regol", 0); error_log("regol for $curuser is $regol", 0);
if($regol == "0") { if ($regol == '0') {
$top = "$itop"; $top = "$itop";
$desc = "$idesc"; $desc = "$idesc";
$section = "$isection"; $section = "$isection";
} else { } else {
$top = "$normtop"; $top = "$normtop";
$desc = "$normdesc"; $desc = "$normdesc";
$section = "$normsection"; $section = "$normsection";
}; }
echo ' echo '
<STYLE TYPE="text/css"> <STYLE TYPE="text/css">
<!-- <!--
@page { margin-left: 0.79in; margin-right: 0.79in; margin-top: 0.98in; margin-bottom: 0.79in } @page { margin-left: 0.79in; margin-right: 0.79in; margin-top: 0.98in; margin-bottom: 0.79in }
@ -163,7 +167,4 @@ function printDiv(divName) {
document.body.innerHTML = originalContents; document.body.innerHTML = originalContents;
} }
</script>'; </script>';
}
};
?>

7
pages/old.php
View File

@ -3,7 +3,7 @@
/* /*
$space = " "; $space = " ";
$fs = " "; $fs = " ";
$tds = array("del", "passchange", "liberatoria", "corso", "email", "nome", "datadinascita", "luogodinascita", "residenza", "via", "cap", "n", "numero", "cf", "data", "printlib", "printiscr"); $tds = array("del", "passchange", "liberatoria", "corso", "email", "nome", "datadinascita", "luogodinascita", "residenza", "via", "cap", "n", "numero", "cf", "data", "printlib", "printiscr");
$th = "$space$fs$fs<th><b>Nome utente</b></th>\n"; $th = "$space$fs$fs<th><b>Nome utente</b></th>\n";
@ -52,7 +52,7 @@
$printiscr = ""; $printiscr = "";
$u = $row['loggedin'] + $u; $u = $row['loggedin'] + $u;
if($row['regolamento'] == "1") { if($row['regolamento'] == "1") {
$regolamento = "&#x2713;"; $regolamento = "&#x2713;";
$nome = $row['name']; $nome = $row['name'];
$email = $row['email']; $email = $row['email'];
@ -183,5 +183,4 @@ $space<tbody>
</section> </section>
'; ';
*/ */;
?>

26
process_login.php
View File

@ -1,22 +1,22 @@
<?php <?php
error_log( "Hello, errors login!" );
error_log('Hello, errors login!');
include 'db_connect.php'; include 'db_connect.php';
include 'functions.php'; include 'functions.php';
sec_session_start(); // usiamo la nostra funzione per avviare una sessione php sicura sec_session_start(); // usiamo la nostra funzione per avviare una sessione php sicura
if(isset($_POST['username'], $_POST['p'])) { if (isset($_POST['username'], $_POST['p'])) {
$username = $_POST['username']; $username = $_POST['username'];
$password = $_POST['p']; // Recupero la password criptata. $password = $_POST['p']; // Recupero la password criptata.
error_log("$username $password"); error_log("$username $password");
if(login($username, $password, $pdo) == true) { if (login($username, $password, $pdo) == true) {
// Login eseguito // Login eseguito
header('Location: https://controllo.autocontrollo.ch/'); header('Location: https://controllo.autocontrollo.ch/');
$log = $pdo->prepare("UPDATE members SET loggedin = '1' where members.username = ?"); $log = $pdo->prepare("UPDATE members SET loggedin = '1' where members.username = ?");
$log->execute(array("$username")); $log->execute(["$username"]);
} else { } else {
header('Location: https://controllo.autocontrollo.ch/?error=1'); header('Location: https://controllo.autocontrollo.ch/?error=1');
} }
} else { } else {
// Le variabili corrette non sono state inviate a questa pagina dal metodo POST. // Le variabili corrette non sono state inviate a questa pagina dal metodo POST.
echo 'Invalid Request'; echo 'Invalid Request';
} }
?>

35
verify.php
View File

@ -3,18 +3,23 @@
include 'db_connect.php'; include 'db_connect.php';
include 'functions.php'; include 'functions.php';
if($_GET['username'] != "" && $_GET['hash'] != "") { if ($_GET['username'] != '' && $_GET['hash'] != '') {
$check_stmt = $pdo->prepare("SELECT email_sha512 FROM members WHERE username = ? AND verifyemail = '0';"); $check_stmt = $pdo->prepare("SELECT email_sha512 FROM members WHERE username = ? AND verifyemail = '0';");
$check_stmt->execute(array($_GET['username'])); $check_stmt->execute([$_GET['username']]);
$hash = $check_stmt->fetchColumn(); $hash = $check_stmt->fetchColumn();
$count = $check_stmt->rowCount(); $count = $check_stmt->rowCount();
if($count == "1" && $hash == $_GET['hash']){ if ($count == '1' && $hash == $_GET['hash']) {
$update_stmt = $pdo->prepare("UPDATE members SET verifyemail = '1' WHERE username = ?"); $update_stmt = $pdo->prepare("UPDATE members SET verifyemail = '1' WHERE username = ?");
$update_stmt->execute(array($_GET['username'])); $update_stmt->execute([$_GET['username']]);
$count = $update_stmt->rowCount(); $count = $update_stmt->rowCount();
if($count == "1"){ if ($count == '1') {
echo "Email verified successfully!"; echo 'Email verified successfully!';
} else echo "An error occurred (3)!"; } else {
} else echo "An error occurred (2)!"; echo 'An error occurred (3)!';
} else echo "An error occurred (1)!"; }
?> } else {
echo 'An error occurred (2)!';
}
} else {
echo 'An error occurred (1)!';
}