danog/user-management-bootstrap
1
0
Fork 0
mirror of https://github.com/danog/user-management-bootstrap.git synced 2024-11-30 04:29:09 +01:00
Code Issues Projects Releases Wiki Activity

Applied fixes from StyleCI

Browse Source
This commit is contained in:
Daniil Gentili 2016-07-07 18:39:33 -04:00 committed by StyleCI Bot
parent e1e1215f1b
commit 6927b7f51a
17 changed files with 373 additions and 341 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
admin.php
View File

@ -1,53 +1,65 @@
<?php
ini_set("log_errors", 1);
error_log( "Hello, errors (3)!" );
ini_set('log_errors', 1);
error_log('Hello, errors (3)!');
include 'db_connect.php';
include 'functions.php';
$action = $_POST['action'];
$username = $_POST['username'];
$password = $_POST['p'];
$type = $_POST['type'];
$password = $_POST['p'];
$type = $_POST['type'];
sec_session_start();
error_log("action is $action and username is $username");
if(login_check($pdo) == true) {
if($action == "del" && $username != "") {
if ($insert_stmt = $pdo->prepare("DELETE from members WHERE id=?")) {
$insert_stmt->execute(array($username));
if (login_check($pdo) == true) {
if ($action == 'del' && $username != '') {
if ($insert_stmt = $pdo->prepare('DELETE from members WHERE id=?')) {
$insert_stmt->execute([$username]);
// Esegui la query ottenuta.
if($insert_stmt->rowCount() != "0") { exit("ok"); } else { exit("false"); };
};
};
if ($action == "pass" && $username != "" && $password != "") {
if ($insert_stmt->rowCount() != '0') {
exit('ok');
} else {
exit('false');
}
}
}
if ($action == 'pass' && $username != '' && $password != '') {
// Crea una chiave casuale
$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
// Crea una password usando la chiave appena creata.
$password = hash('sha512', $password.$random_salt);
// Inserisci a questo punto il codice SQL per eseguire la INSERT nel tuo database
// Assicurati di usare statement SQL 'prepared'.
if ($insert_stmt = $pdo->prepare("UPDATE members set password=?, salt=? WHERE id=?")) {
$insert_stmt->execute(array($password, $random_salt, $username));
if ($insert_stmt = $pdo->prepare('UPDATE members set password=?, salt=? WHERE id=?')) {
$insert_stmt->execute([$password, $random_salt, $username]);
// Esegui la query ottenuta.
if($insert_stmt->rowCount() != "0") { exit("ok"); } else { exit("false"); };
};
};
if ($action == "type" && $username != "" && $type != "") {
// Inserisci a questo punto il codice SQL per eseguire la INSERT nel tuo database
if ($insert_stmt->rowCount() != '0') {
exit('ok');
} else {
exit('false');
}
}
}
if ($action == 'type' && $username != '' && $type != '') {
// Inserisci a questo punto il codice SQL per eseguire la INSERT nel tuo database
// Assicurati di usare statement SQL 'prepared'.
if ($insert_stmt = $pdo->prepare("UPDATE members set usertype=? WHERE id=?")) {
$insert_stmt->execute(array($type, $username));
if ($insert_stmt = $pdo->prepare('UPDATE members set usertype=? WHERE id=?')) {
$insert_stmt->execute([$type, $username]);
// Esegui la query ottenuta.
if($insert_stmt->rowCount() != "0") { exit("ok"); } else { exit("false"); };
};
};
if ($insert_stmt->rowCount() != '0') {
exit('ok');
} else {
exit('false');
}
}
}
header('Location: https://controllo.autocontrollo.ch/');
} else exit("false");
} else {
exit('false');
}
?>

5
emailtext.php
View File

@ -1,5 +1,6 @@
<?php
$usversubject = "Email verification for autocontrollo.ch";
$usversubject = 'Email verification for autocontrollo.ch';
$usverbody = "Hello $username!
You just signed up to autocontrollo.ch with this email: you should verify it so that we know that you're not a bot.
To do that, simply click on the following url or copy and paste it in your address bar:
@ -29,5 +30,3 @@ Bye!
";
$adverhttpbody = "Hello $adminusername!<br>$name ($username) just signed up to autocontrollo.ch using your structure&apos;s id.<br>Please navigate to controllo.autocontrollo.ch and activate the user.<br>If you don&apos;t know this $username, you should delete him/her from the user list.<br>Bye!
";
?>

161
functions.php
View File

@ -1,103 +1,112 @@
<?php
function sec_session_start() {
$session_name = 'sec_session_id'; // Imposta un nome di sessione
function sec_session_start()
{
$session_name = 'sec_session_id'; // Imposta un nome di sessione
$secure = true; // Imposta il parametro a true se vuoi usare il protocollo 'https'.
$httponly = true; // Questo impedirà ad un javascript di essere in grado di accedere all'id di sessione.
ini_set('session.use_only_cookies', 1); // Forza la sessione ad utilizzare solo i cookie.
$cookieParams = session_get_cookie_params(); // Legge i parametri correnti relativi ai cookie.
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_name($session_name); // Imposta il nome di sessione con quello prescelto all'inizio della funzione.
session_set_cookie_params($cookieParams['lifetime'], $cookieParams['path'], $cookieParams['domain'], $secure, $httponly);
session_name($session_name); // Imposta il nome di sessione con quello prescelto all'inizio della funzione.
session_start(); // Avvia la sessione php.
session_regenerate_id(); // Rigenera la sessione e cancella quella creata in precedenza.
}
function login($username, $password, $pdo) {
if ($stmt = $pdo->prepare("SELECT id, password, salt, usertype, sid FROM members WHERE username = ?")) {
$stmt->execute(array($username));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$user_id = $row['id'];
$usertype = $row['usertype'];
$sid = $row['sid'];
$db_password = $row['password'];
$salt = $row['salt'];
$count = $stmt->rowCount();
$password = hash('sha512', $password.$salt); // codifica la password usando una chiave univoca.
if($count == 1) {
if(checkbrute($user_id, $pdo) == true) {
return false;
} else {
if($db_password == $password) {
$user_browser = $_SERVER['HTTP_USER_AGENT']; // Recupero il parametro 'user-agent' relativo all'utente corrente.
$user_id = preg_replace("/[^0-9]+/", "", $user_id); // ci proteggiamo da un attacco XSS
$_SESSION['user_id'] = $user_id;
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // ci proteggiamo da un attacco XSS
function login($username, $password, $pdo)
{
if ($stmt = $pdo->prepare('SELECT id, password, salt, usertype, sid FROM members WHERE username = ?')) {
$stmt->execute([$username]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$user_id = $row['id'];
$usertype = $row['usertype'];
$sid = $row['sid'];
$db_password = $row['password'];
$salt = $row['salt'];
$count = $stmt->rowCount();
$password = hash('sha512', $password.$salt); // codifica la password usando una chiave univoca.
if ($count == 1) {
if (checkbrute($user_id, $pdo) == true) {
return false;
} else {
if ($db_password == $password) {
$user_browser = $_SERVER['HTTP_USER_AGENT']; // Recupero il parametro 'user-agent' relativo all'utente corrente.
$user_id = preg_replace('/[^0-9]+/', '', $user_id); // ci proteggiamo da un attacco XSS
$_SESSION['user_id'] = $user_id;
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", '', $username); // ci proteggiamo da un attacco XSS
$_SESSION['username'] = $username;
$_SESSION['usertype'] = $usertype;
$_SESSION['sid'] = $sid;
$_SESSION['login_string'] = hash('sha512', $password.$user_browser);
$_SESSION['usertype'] = $usertype;
$_SESSION['sid'] = $sid;
$_SESSION['login_string'] = hash('sha512', $password.$user_browser);
// Login eseguito con successo.
return true;
} else {
// Password incorretta.
return true;
} else {
// Password incorretta.
// Registriamo il tentativo fallito nel database.
$now = time();
$pdo->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')");
return false;
}
}
$pdo->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')");
return false;
}
}
} else {
// L'utente inserito non esiste.
// L'utente inserito non esiste.
return false;
}
}
}
}
function checkbrute($user_id, $pdo) {
// Recupero il timestamp
function checkbrute($user_id, $pdo)
{
// Recupero il timestamp
$now = time();
$valid_attempts = $now - (2 * 60 * 60);
if ($stmt = $pdo->prepare("SELECT time FROM login_attempts WHERE user_id = ? AND time > ?")) {
$stmt->execute(array($user_id, $valid_attempts));
if($stmt->rowCount() > 20) {
return true;
} else {
return false;
}
}
}
function login_check($pdo) {
// Verifica che tutte le variabili di sessione siano impostate correttamente
if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
$user_id = $_SESSION['user_id'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
$user_browser = $_SERVER['HTTP_USER_AGENT']; // reperisce la stringa 'user-agent' dell'utente.
if ($stmt = $pdo->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) {
$stmt->execute(array($user_id)); // esegue il bind del parametro '$user_id'.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$count = $stmt->rowCount();
if($count == 1) {
$password = $row['password'];
$login_check = hash('sha512', $password.$user_browser);
if($login_check == $login_string) {
// Login eseguito!!!!
return true;
} else {
error_log("Wrong login string for $username");
return false;
}
$valid_attempts = $now - (2 * 60 * 60);
if ($stmt = $pdo->prepare('SELECT time FROM login_attempts WHERE user_id = ? AND time > ?')) {
$stmt->execute([$user_id, $valid_attempts]);
if ($stmt->rowCount() > 20) {
return true;
} else {
error_log("Couldnt find $username");
return false;
}
}
}
function login_check($pdo)
{
// Verifica che tutte le variabili di sessione siano impostate correttamente
if (isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
$user_id = $_SESSION['user_id'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
$user_browser = $_SERVER['HTTP_USER_AGENT']; // reperisce la stringa 'user-agent' dell'utente.
if ($stmt = $pdo->prepare('SELECT password FROM members WHERE id = ? LIMIT 1')) {
$stmt->execute([$user_id]); // esegue il bind del parametro '$user_id'.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$count = $stmt->rowCount();
if ($count == 1) {
$password = $row['password'];
$login_check = hash('sha512', $password.$user_browser);
if ($login_check == $login_string) {
// Login eseguito!!!!
return true;
} else {
error_log("Wrong login string for $username");
return false;
}
} else {
error_log("Couldnt find $username");
return false;
}
} else {
error_log("Couldnt select pass $username");
return false;
error_log("Couldnt select pass $username");
return false;
}
} else {
error_log("Vars not set 4 $username");
return false;
error_log("Vars not set 4 $username");
return false;
}
}
?>

62
index.php
View File

@ -1,6 +1,6 @@
<?php
ini_set("log_errors", 1);
ini_set('log_errors', 1);
error_reporting(E_ALL);
include 'db_connect.php';
include 'functions.php';
@ -9,42 +9,46 @@ include 'pages.php';
// Inserisci in questo punto il codice per la connessione al DB e l'utilizzo delle varie funzioni.
sec_session_start();
echo $head;
if(login_check($pdo) == true) {
$curuser = $_SESSION['username'];
$usertype = $_SESSION['usertype'];
$curpage = $_GET['p'];
if($curpage == "") { $curpage = "none"; };
if (login_check($pdo) == true) {
$curuser = $_SESSION['username'];
$usertype = $_SESSION['usertype'];
$curpage = $_GET['p'];
if ($curpage == '') {
$curpage = 'none';
}
switch ($usertype) {
switch ($usertype) {
// Admin
case 1:
$pages = [
["Autocontrollo", "none"],
["Manage users", "usermgmt"]
['Autocontrollo', 'none'],
['Manage users', 'usermgmt'],
];
break;
default:
$pages = [
["Autocontrollo", "none"],
['Autocontrollo', 'none'],
];
};
declarenav($pages);
foreach ($pages as list($name, $page)) {
if($page == $curpage){
$func = "declare".$page."();";
eval ("$func");
$done = "y";
};
};
if($done != "y") { $error = "y"; declarenone(); };
}
declarenav($pages);
foreach ($pages as list($name, $page)) {
if ($page == $curpage) {
$func = 'declare'.$page.'();';
eval("$func");
$done = 'y';
}
}
if ($done != 'y') {
$error = 'y';
declarenone();
}
} else {
declarenavbase();
if($_GET['p'] == "signup") {
declaresignup();
} else {
declarelogin();
};
};
declarenavbase();
if ($_GET['p'] == 'signup') {
declaresignup();
} else {
declarelogin();
}
}
echo $footer;
?>

62
iscrizioni.php
View File

@ -1,6 +1,6 @@
<?php
error_log( "Hello, errors (2)!" );
error_log('Hello, errors (2)!');
include 'db_connect.php';
include 'functions.php';
@ -13,58 +13,58 @@ $username = $_POST['username'];
$response = $_POST['response'];
$password = $_POST['password'];
$fields = array(
'secret' => '6LfVZRITAAAAALN5A_Uq7E-cIraDyOtOazYJd9av',
'response' => "$response"
);
$fields = [
'secret' => '6LfVZRITAAAAALN5A_Uq7E-cIraDyOtOazYJd9av',
'response' => "$response",
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$fields);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$gresponse = curl_exec ($ch);
$gresponse = curl_exec($ch);
curl_close ($ch);
curl_close($ch);
$obj = json_decode($gresponse);
$result = $obj->{'success'};
// Check for empty fields
if($result != "true" || empty($_POST['name']) || empty($_POST['response']) || empty($_POST['sid']) || empty($_POST['email']) || empty($_POST['username'])|| !filter_var($_POST['email'],FILTER_VALIDATE_EMAIL) || empty($_POST['password'])){
exit("false");
};
if ($result != 'true' || empty($_POST['name']) || empty($_POST['response']) || empty($_POST['sid']) || empty($_POST['email']) || empty($_POST['username']) || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) || empty($_POST['password'])) {
exit('false');
}
$check_stmt = $pdotwo->prepare("SELECT Email, username FROM Strutture WHERE IdStruttura = ?;");
$check_stmt->execute(array($sid));
$check_stmt = $pdotwo->prepare('SELECT Email, username FROM Strutture WHERE IdStruttura = ?;');
$check_stmt->execute([$sid]);
$count = $check_stmt->rowCount();
$adminemail = $check_stmt->fetchColumn();
$adminusername = $check_stmt->fetchColumn(1);
$checktwo_stmt = $pdo->prepare("SELECT * FROM members WHERE username = ?;");
$checktwo_stmt->execute(array($username));
$checktwo_stmt = $pdo->prepare('SELECT * FROM members WHERE username = ?;');
$checktwo_stmt->execute([$username]);
$counttwo = $checktwo_stmt->rowCount();
if($count == "1" && $counttwo == "0") {
// Crea una chiave casuale
if ($count == '1' && $counttwo == '0') {
// Crea una chiave casuale
$random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
// Crea una password usando la chiave appena creata.
$password = hash('sha512', $password.$random_salt);
$email_sha512 = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
$insert_stmt = $pdo->prepare("INSERT INTO members (name, sid, email, username, password, salt, email_sha512, usertype, verifyemail) VALUES (?, ?, ?, ?, ?, ?, ?, '0', '0');");
$insert_stmt->execute(array($name, $sid, $email, $username, $password, $random_salt, $email_sha512));
$count = $insert_stmt->rowCount();
if($count == "1") {
include 'emailtext.php';
sendmail($email, $usversubject, $usverbody, $usverhtmlbody, "");
sendmail($adminemail, $adversubject, $adverbody, $adverhtmlbody, "");
$email_sha512 = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
$insert_stmt = $pdo->prepare("INSERT INTO members (name, sid, email, username, password, salt, email_sha512, usertype, verifyemail) VALUES (?, ?, ?, ?, ?, ?, ?, '0', '0');");
$insert_stmt->execute([$name, $sid, $email, $username, $password, $random_salt, $email_sha512]);
$count = $insert_stmt->rowCount();
if ($count == '1') {
include 'emailtext.php';
sendmail($email, $usversubject, $usverbody, $usverhtmlbody, '');
sendmail($adminemail, $adversubject, $adverbody, $adverhtmlbody, '');
exit("ok");
} else exit("false");
exit('ok');
} else {
exit('false');
}
} else {
exit("false");
exit('false');
}
?>

11
logout.php
View File

@ -1,19 +1,18 @@
<?php
ini_set("log_errors", 1);
error_log( "Hello, errors logout!" );
ini_set('log_errors', 1);
error_log('Hello, errors logout!');
include 'db_connect.php';
include 'functions.php';
sec_session_start();
// Elimina tutti i valori della sessione.
$username = $_SESSION['username'];
$pdo->query("UPDATE `members` SET `loggedin` = '0' where `members`.`username` = '$username'");
$_SESSION = array();
$_SESSION = [];
// Recupera i parametri di sessione.
$params = session_get_cookie_params();
// Cancella i cookie attuali.
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
// Cancella la sessione.
session_destroy();
header('Location: https://autocontrollo.ch');
?>

1
pages.php
View File

@ -7,4 +7,3 @@ include 'pages/baseindex.php';
include 'pages/basesignup.php';
include 'pages/baseusers.php';
include 'pages/baseadmin.php';
?>

2
pages/base.php
View File

@ -1,4 +1,5 @@
<?php
$head = '<!DOCTYPE html>
<html lang="en">
@ -104,4 +105,3 @@ $footer = '
</body>
</html>';
?>

77
pages/baseadmin.php
View File

@ -1,40 +1,47 @@
<?php
function declareusermgmt(){
global $pdo;
$user_stmt = $pdo->query("SELECT * FROM members");
$rows = $user_stmt->fetchAll(PDO::FETCH_BOTH);
$types = [
["Non enabled user", "0"],
["Superadmin", "1"],
["Admin", "2"],
["Common user", "3"],
function declareusermgmt()
{
global $pdo;
$user_stmt = $pdo->query('SELECT * FROM members');
$rows = $user_stmt->fetchAll(PDO::FETCH_BOTH);
$types = [
['Non enabled user', '0'],
['Superadmin', '1'],
['Admin', '2'],
['Common user', '3'],
];
while ($row = array_shift($rows)) {
if($_SESSION["usertype"] == 1 || (($row["usertype"] > $_SESSION["usertype"] || $row["usertype"] == "0") && $row["sid"] == $_SESSION["sid"])){
while ($row = array_shift($rows)) {
if ($_SESSION['usertype'] == 1 || (($row['usertype'] > $_SESSION['usertype'] || $row['usertype'] == '0') && $row['sid'] == $_SESSION['sid'])) {
if ($row['verifyemail'] == 1) {
$vemail = 'yes';
} else {
$vemail = 'no';
}
if($row['verifyemail'] == 1) { $vemail = "yes"; } else { $vemail = "no"; };
foreach($types as list($text, $ut)){
if($_SESSION["usertype"] == 1 || ($ut > $_SESSION["usertype"] || $ut == "0")){
if($ut == $row["usertype"]) { $sel = "selected"; } else { $sel = ""; };
$options = "$options
foreach ($types as list($text, $ut)) {
if ($_SESSION['usertype'] == 1 || ($ut > $_SESSION['usertype'] || $ut == '0')) {
if ($ut == $row['usertype']) {
$sel = 'selected';
} else {
$sel = '';
}
$options = "$options
<option value=\"$ut\" $sel>$text</option>
";
};
};
$tr = "
}
}
$tr = "
$tr
<tr>
<th>".$row['id']."</th>
<th>".$row['username']."</th>
<th>".$row['name']."</th>
<th>".$row['sid']."</th>
<th>".$row['email']."</th>
<th>".$vemail."</th>
<th>".$row['id'].'</th>
<th>'.$row['username'].'</th>
<th>'.$row['name'].'</th>
<th>'.$row['sid'].'</th>
<th>'.$row['email'].'</th>
<th>'.$vemail.'</th>
<th>
<select id=\"".$row['id']."type\" onChange=\"changeusertype('".$row['id']."')\">
<select id="'.$row['id']."type\" onChange=\"changeusertype('".$row['id']."')\">
".$options."
</select>
</th>
@ -42,10 +49,10 @@ $tr
<th><input class=\"form-control\" type=\"password\" name=\"newname\" id=\"".$row['id']."pass\" Placeholder=\"New password\" onChange=\"changeuserpass('".$row['id']."')\"><input class=\"btn\" type=\"button\" value=\"go\"></th>
</tr>
";
$options = "";
};
};
echo "
$options = '';
}
}
echo "
<div class=\"row\">
<div class=\"box\">
<div class=\"col-lg-12\">
@ -79,6 +86,4 @@ $tr
</div>
</div>
";
};
?>
}

20
pages/baseindex.php
View File

@ -1,13 +1,14 @@
<?php
function declareindex($array) {
$username = $_SESSION['username'];
foreach ($array as $menu) {
$list = "$list<a href=\"https://controllo.autocontrollo.ch/?p=$menu\">$menu</a><br>";
};
function declareindex($array)
{
$username = $_SESSION['username'];
$content = '
foreach ($array as $menu) {
$list = "$list<a href=\"https://controllo.autocontrollo.ch/?p=$menu\">$menu</a><br>";
}
$content = '
<div class="container">
<div class="row">
@ -26,6 +27,5 @@ function declareindex($array) {
</div>
';
echo $content;
};
?>
echo $content;
}

16
pages/baselogin.php
View File

@ -1,12 +1,13 @@
<?php
function declarelogin() {
if(isset($_GET['error'])) {
$error = '
function declarelogin()
{
if (isset($_GET['error'])) {
$error = '
<h2 class="text-center">AN ERROR OCCURRED: PLEASE CHECK YOUR LOGIN CREDENTIALS AND TRY AGAIN.</h2>
';
};
$content = '
}
$content = '
<div class="container">
<div class="row">
@ -44,6 +45,5 @@ function declarelogin() {
</div>
</div>';
echo $content;
};
?>
echo $content;
}

29
pages/basenav.php
View File

@ -1,7 +1,8 @@
<?php
function declarenavbase() {
$nav = '
function declarenavbase()
{
$nav = '
<body>
<div class="brand">Dido System</div>
@ -40,23 +41,24 @@ function declarenavbase() {
<!-- /.container -->
</nav>
';
echo $nav;
echo $nav;
}
function declarenav($array) {
$username = $_SESSION['username'];
function declarenav($array)
{
$username = $_SESSION['username'];
foreach ($array as list($name, $page)) {
if($page != "none") {
$navbar = "
foreach ($array as list($name, $page)) {
if ($page != 'none') {
$navbar = "
$navbar
<li>
<a href=\"https://controllo.autocontrollo.ch/?p=$page\">$name</a>
</li>
";
};
};
}
}
$nav = '
$nav = '
<body>
<div class="brand">Dido System</div>
<div class="address-bar">999 Campo Marzio | BELLINZONA, TI 6500, SWITZERLAND | Tél: +41 (0)78 848-92-94 | Fax: (887) 123-4567</div>
@ -98,6 +100,5 @@ $navbar
</nav>
';
echo $nav;
echo $nav;
}
?>

17
pages/basesignup.php
View File

@ -1,13 +1,13 @@
<?php
function declaresignup() {
if(isset($_GET['error'])) {
$error = '
function declaresignup()
{
if (isset($_GET['error'])) {
$error = '
<h2 class="text-center">AN ERROR OCCURRED: PLEASE CHECK YOUR LOGIN CREDENTIALS AND TRY AGAIN.</h2>
';
};
$content = '
}
$content = '
<div class="container">
<div class="row">
<div class="box">
@ -106,6 +106,5 @@ function declaresignup() {
</div>';
echo $content;
};
?>
echo $content;
}

111
pages/baseusers.php
View File

@ -1,41 +1,45 @@
<?php
function declarenone() {
global $pdo;
global $error;
global $pages;
if($_SESSION['usertype'] == "0"){
$text = "When your structure admin enables you, you will be able to do lots of intresting things on this website!";
} else {
$text = "ACTIONS:<br>";
foreach ($pages as list($name, $page)) {
if($page != "none") {
$text = "$text<a href=\"https://controllo.autocontrollo.ch/?p=$page\">$name</a><br>";
};
};
};
if($error == "y") { $errortxt = "<b>You have requested an invalid page. Please contact your structure admin.<br><br></b>"; };
function declarenone()
{
global $pdo;
global $error;
global $pages;
$u = 0;
if ($_SESSION['usertype'] == '0') {
$text = 'When your structure admin enables you, you will be able to do lots of intresting things on this website!';
} else {
$text = 'ACTIONS:<br>';
foreach ($pages as list($name, $page)) {
if ($page != 'none') {
$text = "$text<a href=\"https://controllo.autocontrollo.ch/?p=$page\">$name</a><br>";
}
}
}
if ($error == 'y') {
$errortxt = '<b>You have requested an invalid page. Please contact your structure admin.<br><br></b>';
}
$u = 0;
// Prepare pdo
$online = $pdo->prepare("SELECT loggedin FROM members WHERE sid = ?;");
// Exec
$online->execute(array($_SESSION['sid']));
$rows = $online->fetchAll(PDO::FETCH_BOTH);
$online = $pdo->prepare('SELECT loggedin FROM members WHERE sid = ?;');
while ($row = array_shift($rows)) {
$u = $u + $row["loggedin"];
};
if($u == "1"){
$u = "Currently there&apos;s 1 user online.";
} elseif($u == ""){
$u = "Currently there are 0 users online.";
} else {
$u = "Currently there are $u users online.";
};
echo '
// Exec
$online->execute([$_SESSION['sid']]);
$rows = $online->fetchAll(PDO::FETCH_BOTH);
while ($row = array_shift($rows)) {
$u = $u + $row['loggedin'];
}
if ($u == '1') {
$u = 'Currently there&apos;s 1 user online.';
} elseif ($u == '') {
$u = 'Currently there are 0 users online.';
} else {
$u = "Currently there are $u users online.";
}
echo '
<div class="container">
<div class="row">
@ -53,27 +57,27 @@ function declarenone() {
</div>
</div>
';
};
function declareuser() {
if ($st = $pdo->prepare("SELECT regolamento FROM members WHERE username=?")) {
$st->bind_param('s', $curuser);
}
function declareuser()
{
if ($st = $pdo->prepare('SELECT regolamento FROM members WHERE username=?')) {
$st->bind_param('s', $curuser);
// Esegui la query ottenuta.
$st->execute();
$st->bind_result($regol);
$st->fetch();
};
error_log("regol for $curuser is $regol", 0);
if($regol == "0") {
$top = "$itop";
$desc = "$idesc";
$section = "$isection";
} else {
$top = "$normtop";
$desc = "$normdesc";
$section = "$normsection";
};
echo '
$st->bind_result($regol);
$st->fetch();
}
error_log("regol for $curuser is $regol", 0);
if ($regol == '0') {
$top = "$itop";
$desc = "$idesc";
$section = "$isection";
} else {
$top = "$normtop";
$desc = "$normdesc";
$section = "$normsection";
}
echo '
<STYLE TYPE="text/css">
<!--
@page { margin-left: 0.79in; margin-right: 0.79in; margin-top: 0.98in; margin-bottom: 0.79in }
@ -163,7 +167,4 @@ function printDiv(divName) {
document.body.innerHTML = originalContents;
}
</script>';
};
?>
}

7
pages/old.php
View File

@ -3,7 +3,7 @@
/*
$space = " ";
$fs = " ";
$tds = array("del", "passchange", "liberatoria", "corso", "email", "nome", "datadinascita", "luogodinascita", "residenza", "via", "cap", "n", "numero", "cf", "data", "printlib", "printiscr");
$tds = array("del", "passchange", "liberatoria", "corso", "email", "nome", "datadinascita", "luogodinascita", "residenza", "via", "cap", "n", "numero", "cf", "data", "printlib", "printiscr");
$th = "$space$fs$fs<th><b>Nome utente</b></th>\n";
@ -52,7 +52,7 @@
$printiscr = "";
$u = $row['loggedin'] + $u;
if($row['regolamento'] == "1") {
$regolamento = "&#x2713;";
$nome = $row['name'];
$email = $row['email'];
@ -183,5 +183,4 @@ $space<tbody>
</section>
';
*/
?>
*/;

26
process_login.php
View File

@ -1,22 +1,22 @@
<?php
error_log( "Hello, errors login!" );
error_log('Hello, errors login!');
include 'db_connect.php';
include 'functions.php';
sec_session_start(); // usiamo la nostra funzione per avviare una sessione php sicura
if(isset($_POST['username'], $_POST['p'])) {
$username = $_POST['username'];
$password = $_POST['p']; // Recupero la password criptata.
if (isset($_POST['username'], $_POST['p'])) {
$username = $_POST['username'];
$password = $_POST['p']; // Recupero la password criptata.
error_log("$username $password");
if(login($username, $password, $pdo) == true) {
// Login eseguito
if (login($username, $password, $pdo) == true) {
// Login eseguito
header('Location: https://controllo.autocontrollo.ch/');
$log = $pdo->prepare("UPDATE members SET loggedin = '1' where members.username = ?");
$log->execute(array("$username"));
} else {
header('Location: https://controllo.autocontrollo.ch/?error=1');
}
$log = $pdo->prepare("UPDATE members SET loggedin = '1' where members.username = ?");
$log->execute(["$username"]);
} else {
header('Location: https://controllo.autocontrollo.ch/?error=1');
}
} else {
// Le variabili corrette non sono state inviate a questa pagina dal metodo POST.
// Le variabili corrette non sono state inviate a questa pagina dal metodo POST.
echo 'Invalid Request';
}
?>

35
verify.php
View File

@ -3,18 +3,23 @@
include 'db_connect.php';
include 'functions.php';
if($_GET['username'] != "" && $_GET['hash'] != "") {
$check_stmt = $pdo->prepare("SELECT email_sha512 FROM members WHERE username = ? AND verifyemail = '0';");
$check_stmt->execute(array($_GET['username']));
$hash = $check_stmt->fetchColumn();
$count = $check_stmt->rowCount();
if($count == "1" && $hash == $_GET['hash']){
$update_stmt = $pdo->prepare("UPDATE members SET verifyemail = '1' WHERE username = ?");
$update_stmt->execute(array($_GET['username']));
$count = $update_stmt->rowCount();
if($count == "1"){
echo "Email verified successfully!";
} else echo "An error occurred (3)!";
} else echo "An error occurred (2)!";
} else echo "An error occurred (1)!";
?>
if ($_GET['username'] != '' && $_GET['hash'] != '') {
$check_stmt = $pdo->prepare("SELECT email_sha512 FROM members WHERE username = ? AND verifyemail = '0';");
$check_stmt->execute([$_GET['username']]);
$hash = $check_stmt->fetchColumn();
$count = $check_stmt->rowCount();
if ($count == '1' && $hash == $_GET['hash']) {
$update_stmt = $pdo->prepare("UPDATE members SET verifyemail = '1' WHERE username = ?");
$update_stmt->execute([$_GET['username']]);
$count = $update_stmt->rowCount();
if ($count == '1') {
echo 'Email verified successfully!';
} else {
echo 'An error occurred (3)!';
}
} else {
echo 'An error occurred (2)!';
}
} else {
echo 'An error occurred (1)!';
}