bike/biketree
1
0
Fork 0
mirror of https://github.com/fspc/biketree.git synced 2025-04-04 10:03:23 -04:00
Code Issues Projects Releases Wiki Activity
biketree/members/signinsubmit.php

95 lines
2.7 KiB
PHP
Raw Normal View History

Figured out why security was commented out: In the absence of session_start() no session_user_id was defined which produced false for $sec->isLoggedIn();
2017-09-06 06:51:42 +00:00
<?php session_start();
First commit of biketree to github!
2017-09-05 03:39:54 +00:00
include ("../settings.php");
include ("../language/$cfg_language");
include ("../classes/db_functions.php");
include ("../classes/security_functions.php");
include ("../classes/display.php");
$lang=new language();
$dbf=new db_functions($cfg_server,$cfg_username,$cfg_password,$cfg_database,$cfg_tableprefix,$cfg_theme,$lang);
$sec=new security_functions($dbf,'Sales Clerk',$lang);
$display=new display($dbf->conn,$cfg_theme,$cfg_currency_symbol,$lang);
global $cfg_membershipID;
if(!$sec->isLoggedIn())
{
Turns security back on in the members directory This is so non-logged in people can't alter the database. Mark Leigh pointed this out to me when sending me the code, and said "Can't remember why it ended up like this, the auth code is there but commented out."
2017-09-06 05:52:17 +00:00
header ("location: ../login.php");
exit();
First commit of biketree to github!
2017-09-05 03:39:54 +00:00
}
//include('odb.php');
function getmonth($m=0) {
return (($m==0 ) ? date("F") : date("F", mktime(0,0,0,$m)));
}
$month = getmonth($_POST[month]);
// MAKE SURE THEY'RE NOT ALREADY HERE!
//$in = mktime($_POST[hour], $_POST[minute], 0, $_POST[month], $_POST[day], $_POST[year]);
//$tdin = date('Y-m-d H:i:s');
//$activity = $_POST[activity];
$sec->signinMember($_POST[userID], mktime($_POST[hour], $_POST[minute], 0, $_POST[month], $_POST[day], $_POST[year]), $_POST[activity]);
/*$isinresult = mysql_query("SELECT userID FROM visits WHERE endout IS NULL");
if (!$isinresult) { die("Query to show fields from table failed"); }
while ($isinrow = mysql_fetch_array($isinresult)) {
if ($_POST[userID] == "$isinrow[userID]"){ die("<b>Bike Error!! User is already signed in...</b>"); }
}
// MAKE SURE THEY'VE PAID THEIR MEMBERSHIP (IF REQUIRED BY CONFIG FILE)
if(!$sec->checkMembership($_POST[userID]) && $cfg_reqmembership == 1){ echo "Membership not paid (or expired $expires)!<br /><a href=\"../home.php\">Go Home --&gt;</a>"; die(''); }
// Have you been a naughty schoolchild and not signed your waiver? PUNISH!
if(!$sec->checkWaiver($_POST[userID])){ echo "Waiver not signed. Sign waiver, or no shop access you naughty boy!<br /><a href=\"../home.php\">Go Home --&gt;</a>"; die(''); }
// ADD IT TO THE VISITS DATABASE
$in = mktime($_POST[hour], $_POST[minute], 0, $_POST[month], $_POST[day], $_POST[year]);
$tdin = date('Y-m-d H:i:s');
$activity = $_POST[activity];
if (isset($_POST[userID])){
$query = "INSERT INTO `visits` (`userID` ,`intime` ,`activity`) VALUES ('$_POST[userID]', '$tdin', '$activity')";
// echo "IT FJDSFDSA $query";
mysql_query($query);
}*/
// sending query
if ($_POST[userID] != ""){
// echo "userID is set: $_POST[userID]";
$result = mysql_query("SELECT * FROM customers WHERE id='$_POST[userID]'");
if (!$result) {
die("Query to show fields from table failed");
}
$fields_num = mysql_num_fields($result);
$field = mysql_fetch_array($result);
foreach($field as $key=>$value) { $$key = stripslashes($value); }
}
Removes /pos from a few header.
2017-09-05 07:07:11 +00:00
header( 'Location: /home.php' ) ;
First commit of biketree to github!
2017-09-05 03:39:54 +00:00
?>
Reference in New Issue Copy Permalink