File Manager

✏️ Edit File: /home/coemyoza/sms.coeminna.edu.ng/db/dbc.php

<?php error_reporting(0);
	
//define ("DB_HOST", "localhost"); // set database host
//define ("DB_USER", "root"); // set database user
//define ("DB_PASS", ""); // set database password
//define ("DB_NAME", "smsminna"); // set database name
//
//////web adddress for desktop version
//define ("web_root","http://localhost/schools/minna/sms/");
//define ("webpath_img","http://localhost/schools/minna/images/");
//define ("webpath_admin","http://localhost/schools/minna/admins/");
//define ("webpath_user","http://localhost/schools/minna/students/");

define ("DB_HOST", "localhost"); // set database host
define ("DB_USER", "coemyoza_sms"); // set database user
define ("DB_PASS", "Passw@rd123"); // set database password
define ("DB_NAME", "coemyoza_smsdb"); // set database name

define ("web_root","https://sms.coeminna.edu.ng/");
define ("webpath_img","https://sms.coeminna.edu.ng/images/");
define ("webpath_admin","https://sms.coeminna.edu.ng/admins/");
define ("webpath_user","https://sms.coeminna.edu.ng/students/");

$link = mysqli_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
$db = mysqli_select_db($link,DB_NAME) or die("Couldn't select database");

/* Registration Type (Automatic or Manual) 
 1 -> Automatic Registration (Users will receive activation code and they will be automatically approved after clicking activation link)
 0 -> Manual Approval (Users will not receive activation code and you will need to approve every user manually)
*/
$user_registration = 1;  // set 0 or 1

define("COOKIE_TIME_OUT", 10); //specify cookie timeout in days (default is 10 days)
define('SALT_LENGTH', 9); // salt for password

//define ("ADMIN_NAME", "admin"); // sp

/* Specify user levels */
define ("SuperAdmin", 9);
define ("Admins", 8);
define ("Bursar", 5);
define ("Records", 4);
define ("Liberians", 3);
define ("Lecturers", 2);
define ("Students", 1);

/*************** reCAPTCHA KEYS****************/
$publickey = "6LeCR8ISAAAAAJqTyg0f8PA6zSODvdCTdZSI_rUB"; // API key from <a href='https://www.google.com/recaptcha/admin/create
$privatekey = "6LeCR8ISAAAAAE73AMLoVWWVv0eD3RgYY9Icx2yM"; // API key from <a href='https://www.google.com/recaptcha/admin/create

/**** PAGE PROTEct CODE  ********************************
This code protects pages to only logged in default_users. If default_users have not logged in then it will redirect to index page.
If you want to add a new page and want to index protect, COPY this from this to END marker.
Remember this code must be placed on very top of any html or php page.
********************************************************/

function page_protect() {
session_start();

global $db;

/* Secure against Session Hijacking by checking user agent */
if (isset($_SESSION['HTTP_USER_AGENT']))
{
    if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']))
    {
        logout();
        exit;
    }
}

// before we allow sessions, we need to check authentication key - ckey and ctime stored in database

/* If session not set, check for cookies set by Remember me */
if (!isset($_SESSION['uid']) && !isset($_SESSION['username']) ) 
{
	if(isset($_COOKIE['uid']) && isset($_COOKIE['userkey'])){
	/* we double check cookie expiry time against stored in database */
	
	$cookie_uid  = filter($_COOKIE['uid']);
	$rs_ctime = mysqli_query($link,"select `ckey`,`ctime` from `default_users` where `id` ='$cookie_uid'") or die(mysqli_error());
	list($ckey,$ctime) = mysqli_fetch_row($rs_ctime);
	// coookie expiry
	if( (time() - $ctime) > 60*COOKIE_TIME_OUT) {

logout();
		}
/* Security check with untrusted cookies - dont trust value stored in cookie. 		
/* We also do authentication check of the `ckey` stored in cookie matches that stored in database during index*/
if(!empty($ckey) && is_numeric($_COOKIE['uid']) && isUserID($_COOKIE['username']) && $_COOKIE['userkey'] == sha1($ckey)) {
	 	  session_regenerate_id(); //against session fixation attacks.
	
		  $_SESSION['uid'] = $_COOKIE['uid'];
		  $_SESSION['username'] = $_COOKIE['username'];
		/* query user level from database instead of storing in cookies */	
		  list($access_level) = mysqli_fetch_row(mysqli_query($link,"select access_level from default_users where id='$_SESSION[uid]'"));

$_SESSION['access_level'] = $access_level;
		  $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
		  
	   } else {
	   logout();
	   }

} else {
	header("Location: ../?info=1");
	exit();
	}
}
}

function filter($data) {
	$data = trim(htmlentities(strip_tags($data)));
	
	if (get_magic_quotes_gpc())
		$data = stripslashes($data);
	
	$data = mysqli_real_escape_string($data);
	
	return $data;
}

function EncodeURL($url)
{
$new = strtolower(preg_replace(' ','_',$url));
return($new);
}

function DecodeURL($url)
{
$new = ucwords(preg_replace('_',' ',$url));
return($new);
}

function ChopStr($str, $len) 
{
    if (strlen($str) < $len)
        return $str;

$str = substr($str,0,$len);
    if ($spc_pos = strrpos($str," "))
            $str = substr($str,0,$spc_pos);

return $str . "...";
}

function isEmail($email){
  return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE;
}

//Validate a Phone Number
function isPhoneNumber($string) {
   return is_numeric($string)? TRUE : FALSE;
	}

function checkPwd($x,$y) 
{
if(empty($x) || empty($y) ) { return false; }
if (strlen($x) < 6 || strlen($y) < 6) { return false; }

if (strcmp($x,$y) != 0) {
 return false;
 } 
return true;
}

function GenPwd($length = 8)
{
  $password = "";
  $possible = "0123456789bcdfghjkmnpqrstvwxyz"; //no vowels
  
  $i = 0; 
    
  while ($i < $length) {

$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
       
    
    if (!strstr($password, $char)) { 
      $password .= $char;
      $i++;
    }

}

return $password;

}

function GenKey($length = 7)
{
  $password = "";
  $possible = "0123456789abcdefghijkmnopqrstuvwxyz"; 
  
  $i = 0; 
    
  while ($i < $length) {

$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
       
    
    if (!strstr($password, $char)) { 
      $password .= $char;
      $i++;
    }

}

return $password;

}

function getToken($n = 15) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $randomString = '';
 
    for ($i = 0; $i < $n; $i++) {

$index = rand(0, strlen($characters) - 1);

$randomString .= $characters[$index];
    }
    return $randomString;
}

function logout()
{
global $db;

if(isset($_SESSION['uid']) || isset($_COOKIE['uid'])) {
mysqli_query($link,"update `default_users` 
			set `ckey`= '', `ctime`= '' 
			where `id`='$_SESSION[uid]' or `id` = '$_COOKIE[uid]'");
}

session_start();

/************ Delete the sessions****************/
unset($_SESSION['uid']);
unset($_SESSION['username']);
unset($_SESSION['userkey']);
unset($_SESSION['HTTP_USER_AGENT']);
session_unset();
session_destroy();

/* Delete the cookies*******************/
setcookie("uid", '', time()-60*COOKIE_TIME_OUT, "/");
setcookie("username", '', time()-60*COOKIE_TIME_OUT, "/");
setcookie("userkey", '', time()-60*COOKIE_TIME_OUT, "/");

header("Location: ./?msg=1");
exit;
}

// Logout users after 15 minutes of inactivity @ 60 seconds per min of inactive
function checkTimeout($timeout = 900) { // No timeout will ever occur if set to 0 (zero)
  if ($timeout !== 0 && isset($_SESSION['last_time']) && time() - $_SESSION['last_time'] > $timeout)  {
header("Location: ../logout.php"); // Log user out.
  } 
  $_SESSION['last_time'] = time();
}

// Password and salt generation
function PwdHash($pwd, $salt = null)
{
    if ($salt === null)     {
        $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
    }
    else     {
        $salt = substr($salt, 0, SALT_LENGTH);
    }
    return $salt . sha1($pwd . $salt);
}

function checkAdmin() {
if(($_SESSION['access_level'] == SuperAdmin) || ($_SESSION['access_level'] == Admins) || ($_SESSION['access_level'] == Bursar) || ($_SESSION['access_level'] == Records) || ($_SESSION['access_level'] == Liberians) || ($_SESSION['access_level'] == Lecturers)) 
{ return 1; } else { return 0 ; }	
}

function checkUser() {
if($_SESSION['access_level'] == Students) { return 1; } else { return 0 ; }
}

Batal

⬅ Naik ke sms.coeminna.edu.ng 2 item

Nama	Tipe	Ukuran	Diubah	Aksi
🐘dbc.php	php	8.4 KB	2024-07-31 12:16	✏️ Edit 👁️ View
🗃️smsminna.sql	sql	70.2 KB	2024-07-31 12:16	✏️ Edit 👁️ View