Z
member-index
<?php
require_once('auth');
?>
<html>
<head>
<meta name="keywords" content="" />
<meta name="description" content="" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<script type="text/javascript">var NREUMQ=NREUMQ||[];NREUMQ.push(["mark","firstbyte",new Date().getTime()]);</script><script type="text/javascript">var NREUMQ=NREUMQ||[];NREUMQ.push(["mark","firstbyte",new Date().getTime()]);</script><title>Area riservata</title>
<script type="text/javascript">
<!--
function PopupCentrata()
{
var w = 400;
var h = 250;
var l = Math.floor((screen.width-w)/2);
var t = Math.floor((screen.height-h)/2);
window.open("pdflist_user_MOD.php","","width=" + w + ",height=" + h + ",top=" + t + ",left=" + l);
}
//-->
</script>
</head>
<body>
<h3></h3>
<table width="80%" border="0" align="center">
<tr>
<th height="36" align="center" scope="col"><h4 align="right">Benvenuto/a <?php echo $_SESSION['SESS_FIRST_NAME']; ?> <?php echo $_SESSION['SESS_LAST_NAME']; ?></h4>
<div align="right"><a href="logout.php">Log out</a> </p>
</div></th>
</tr>
<tr>
<th width="62%" height="499" scope="col"><p>Questa é l'area riservata del condominio sito in:<?php echo $descr; ?></p>
<p> </p>
<p>Documenti condominio</p>
<table width="80%" height="86" border="0">
<tr>
<td height="82" scope="col"> <?
session_start();
include "common/config.php";
include "common/common_db.inc";
$dbmanager = new db_mysql();
$conn = $dbmanager->db_openconnection($host,$ln,$pw,$db);
if(!$conn){
die ($dbmanager->sql_error());
}else
{
$member['member_id']=$id_user_;
$qry= "SELECT title_pdf, link_pdf, size_pdf, descr, login FROM files_pdf WHERE id_user= '$id_user_'";
$rst = $dbmanager->do_query($qry);
if(!$rst) {
die ($dbmanager->sql_error());
}else{
$i = 0;
while ($row = mysql_fetch_row($rst)) {
$i = $i + 1;
$this_link = $row['2'];
$this_place = $row['2'];
$pdf_name = $row['1'];
echo "<tr onmouseover=\"this.className='rowover'\" onmouseout=\"this.className='rowout'\">\n";
echo "<td width=36%><font face=\"Verdana, Arial, Helvetica, sans-serif;\" size=2> " . $row[1] . "</font></td>\n";
echo "<td width=9% align=center><font face=\"Verdana, Arial, Helvetica, sans-serif;\" size=2>" . $row[5] . "</font></td>\n";
echo "<td width=9% align=center><font face=\"Verdana, Arial, Helvetica, sans-serif;\" size=2>" . $row[3] . "</font></td>\n"; echo "<td width=9% align=center><font face=\"Verdana, Arial, Helvetica, sans-serif;\" size=2>" . $row[4] . "</font></td>\n";
echo "<td width=13% align=right><a href=\"$this_place\"><img name=\"Image$i\" onMouseOut=\"MM_swapImgRestore()\" onMouseOver=\"MM_swapImage('Image$i','','images/Adobe-PDF-Logo.jpg',1)\" src=\"Adobe-PDF-Logo.jpg\" width=\"35%\" alt=\"Download\"></img></a>\"></td>\n";
echo "</tr>\n";
}
mysql_free_result($rst);
}
$dbmanager->db_closeconnection($conn);
}
?> </td>
</tr>
</table>
<p><table width="85%"><tr><td><div></div></td></tr></table></p>
<table width="85%">
</table>
<p> </p>
<table width="85%" border="0">
<tr>
<th height="75" scope="col"><p><a href="javascript:PopupCentrata()">Documenti privati</a></p>
<p>News</p></th>
</tr>
</table>
<p></p>
<p> </p></th>
</tr>
</table>
<p> </p>
<p>
</p>
login-exec
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Devi inserire il tuo ID';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Devi inserire la tua password';
$errflag = true;
}
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: login-form.php");
exit();
}
//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_FIRST_NAME'] = $member['nome'];
$_SESSION['SESS_LAST_NAME'] = $member['cognome'];
$_SESSION['login'] = $login['login'];
session_write_close();
header("location: member-index.php");
exit();
}else {
//Login failed
header("location: login-failed.php");
exit();
}
}else {
die("Query failed");
}
?>
login-form
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login Form</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
</head>
<body>
<p> </p>
<form id="loginForm" name="loginForm" method="post" action="login-exec.php">
<table width="269" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<td width="122"><b>Login</b></td>
<td width="139"><input name="login" type="text" class="textfield" id="login" /></td>
</tr>
<tr>
<td><b>Password</b></td>
<td><input name="password" type="password" class="textfield" id="password" /></td>
</tr>
<tr>
<td><br><input type="checkbox" name="ricorda"><font color=666666>ricordami</font></td>
<td><input type="submit" name="Submit" value="Login" /> <?php echo "<a href=\"javascript:history.go(-1)\">Go Back</a>"; ?></td>
</tr>
</table>
</form>
<script type="text/javascript">if(!NREUMQ.f){NREUMQ.f=function(){NREUMQ.push(["load",new Date().getTime()]);var e=document.createElement("script");e.type="text/javascript";e.src=(("http:"===document.location.protocol)?"http:":"https:")+"//"+"js-agent.newrelic.com/nr-100.js";document.body.appendChild(e);if(NREUMQ.a)NREUMQ.a();};NREUMQ.a=window.onload;window.onload=NREUMQ.f;};NREUMQ.push(["nrfj","beacon-1.newrelic.com","1b473294f5","550561","M1QBYUMCDUAEWkRfWgoeNkdYTAVcF0xdGUMGQgZaHxMLQw==",0,89,new Date().getTime(),"","","","",""]);</script><script type="text/javascript">if(!NREUMQ.f){NREUMQ.f=function(){NREUMQ.push(["load",new Date().getTime()]);var e=document.createElement("script");e.type="text/javascript";e.src=(("http:"===document.location.protocol)?"http:":"https:")+"//"+"js-agent.newrelic.com/nr-100.js";document.body.appendChild(e);if(NREUMQ.a)NREUMQ.a();};NREUMQ.a=window.onload;window.onload=NREUMQ.f;};NREUMQ.push(["nrfj","beacon-1.newrelic.com","1b473294f5","550561","M1QBYUMCDUAEWkRfWgoeNkdYTAVcF0xdGUMGQgZaHxMLQw==",0,51,new Date().getTime(),"","","","",""]);</script></body>
</html>