license. */
function exit_document ($body) {
- exit ("<html><head></head><body>$body</body></html>");
+ $charset_meta = '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">';
+ exit ("<html>$charset_meta<head></head><body>$body</body></html>");
}
function success ($reason) {
// cookie will be valid for 2 weeks. I've chosen that value
// arbitrarily, and it may change in the future.
$time = time () + 14 * 60 * 24 * 60;
- setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
- setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+ if (version_compare (PHP_VERSION, '5.2.0', '>=')) {
+ setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
+ setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+ } else {
+ setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false);
+ setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false);
+ }
+
}
function check_auth ($con, $user, $pwd, $auth_only) {
if (!isset ($feature)) {
error_unreferenced ($id);
}
- if ($feature->user != $user) {
+ if (($feature->user != $user) && ($user != "admin")) {
error_unauthorized ();
}
if ($_POST ["keep_img"] == "yes") {
$imgpath = $feature->imgpath;
} else {
+ error_request ();
$imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
}
success_feature ($new_feature, "update");
break;
case "add":
+ error_request ();
$imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
$lon = $_POST ["lon"];
success_feature ($feature, "add");
break;
case "del":
+ error_request ();
$id = $_POST ["fid"];
$feature = $con->getfeature ($id);
if (!isset ($feature)) {
success_delete_feature ($feature);
case "changepass":
+ error_request ();
$currpass = unquote ($_POST ["pass_current"]);
if (!$con->checkpwdmd5 ($user, md5 ($currpass))) {
error_wrongpass ();
try {
$con->setpwd ($user, $newpass);
} catch (Exception $e) {
+ if ($e->getMessage () == anydbConnection::err_query) {
+ error_request ();
+ }
error_server ();
}
setcookies ($user, $newpass);
success_changepass ($user);
break;
case "newuser":
+ error_request ();
if ($user != "admin") {
error_unauthorized ();
}
try {
$con->setpwd ($newuser_name, $newuser_password);
} catch (Exception $e) {
+ if ($e->getMessage () == anydbConnection::err_query) {
+ error_request ();
+ }
error_server ();
}
success_newuser ($newuser_name);
if (!@include_once ("./inc/settings.php")) {
error_server ();
}
-require_once ("./inc/db/mysql.php");
+require_once ("./inc/db/" . (defined ("DBTYPE")? DBTYPE: "mysql") . ".php");
require_once ("./inc/utils.php");
try {