OwlCyberSecurity - MANAGER

Edit File: useroperatoractions.php

<?php include "store-procedure.php"; if (!CHECK_SESSION()) { header('Location: relogin.php?status=fail'); } if(!empty(SECURITY_CHECK_INPUT(filter_input(INPUT_GET,'status',FILTER_SANITIZE_NUMBER_INT))) AND SECURITY_CHECK_INPUT(filter_input(INPUT_GET,'status',FILTER_SANITIZE_NUMBER_INT)) != NULL) { $status = SECURITY_CHECK_INPUT(filter_input(INPUT_GET,'status',FILTER_SANITIZE_NUMBER_INT)); if ($status != 'fail' and $status != 'pswd') { $user_id = $status; } elseif ($status == 'pswd') { $user_id = -1; } } elseif (empty(SECURITY_CHECK_INPUT(filter_input(INPUT_GET,'status',FILTER_SANITIZE_NUMBER_INT)))) { // Delete, Edit And Add Button $row_number = 1; $obj_delete = ""; $obj_edit = ""; $obj_userid = ""; while ($row_number <= RETURN_TABLE_MASTER_USER_TOTAL_ROWS()) { $obj_delete = "btndelete" . $row_number; $obj_edit = "btnedit" . $row_number; $obj_userid = "userid" . $row_number; $user_id = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,$obj_userid,FILTER_SANITIZE_NUMBER_INT)); if (isset($_POST[$obj_delete]) == "Delete") { // Delete Button Stop Loading and Return to user operator page if (DELETE_TABLE_MASTER_USER($user_id)) { header('Location: useroperator.php?status=deleted'); } } elseif (isset($_POST[$obj_edit]) == "Edit") { // Edit Button Continue To Load Page For Editing break; } $row_number++; } } if ($row_number > RETURN_TABLE_MASTER_USER_TOTAL_ROWS()) { $user_id = 0; } ?> <!DOCTYPE html> <html lang="en"> <head> <?php include_once 'htmlhead.php'; ?> <script type="text/javascript"> function CHECK_EMPTY() { if (!frmuseroperatoractions.username.value) { alert ("Username masih kosong."); document.getElementById("username").focus(); return (false); } if (!frmuseroperatoractions.userpasswordnew1.value) { alert ("Password baru masih kosong"); document.getElementById("userpasswordnew1").focus(); return (false); } if (!frmuseroperatoractions.userpasswordnew2.value) { alert ("Password konfirmasi masih kosong"); document.getElementById("userpasswordnew2").focus(); return (false); } var password1 = frmuseroperatoractions.userpasswordnew1.value; var password2 = frmuseroperatoractions.userpasswordnew2.value; if (password1 === "New Password" && password2 === "Retype New Password") { return (true); } else { if (password1 === password2) { return (true); } else { alert ("Password baru dan password konfirmasi tidak sama."); return (false); } } return (true); } </script> </head> <body> <!-- start: Header --> <div class="navbar"> <div class="navbar-inner"> <div class="container-fluid"> <a class="btn btn-navbar" data-toggle="collapse" data-target=".top-nav.nav-collapse,.sidebar-nav.nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </a> <a class="brand" href="dashboard.php"> <span><?php echo WEB_NAME; ?> BACKOFFICE DASHBOARD. Server Date Time : </span> <span id="spanTime"></span> </a> <!-- start: Header Menu --> <div class="nav-no-collapse header-nav"> <ul class="nav pull-right"> <!-- start: User Dropdown --> <li class="dropdown"> <a class="btn dropdown-toggle" data-toggle="dropdown" href="#"> <i class="halflings-icon white user"></i> <?php echo RETURN_SESSION_USER_NAME_LOGIN(); ?> <span class="caret"></span> </a> <ul class="dropdown-menu"> <li class="dropdown-menu-title"> <span>Account Settings</span> </li> <li><a href="profile.php"><i class="halflings-icon user"></i> Profile</a></li> <li><a href="logout.php"><i class="halflings-icon off"></i> Logout</a></li> </ul> </li> <!-- end: User Dropdown --> </ul> </div> <!-- end: Header Menu --> </div> </div> </div> <!-- start: Header --> <div class="container-fluid-full"> <div class="row-fluid"> <?php include 'menu.php'; ?> <!-- start: Content --> <div id="content" class="span10"> <ul class="breadcrumb"> <li> <i class="icon-home"></i> <a href="dashboard.php">Home</a> <i class="icon-angle-right"></i> </li> <li><a href="dashboard.php">Dashboard</a></li> </ul> <div class="row-fluid sortable"> <div class="box span12"> <h2><span class="break"></span>User Admin - Action</h2> <div class="box-content"> <form name="frmuseroperatoractions" class="form-horizontal" action="store-procedure.php" method="post"> <fieldset> <div class="control-group"> <label class="control-label">User ID : </label> <div class="controls"> <input class="input-xlarge disabled" name="userid" id="disabledInput1" type="text" placeholder="<?php if ($user_id == 0) // Button Add { echo $user_id; } elseif ($user_id == -1) // Miss Match Admin Password { $user_id = 0; echo $user_id; } else { $row_number = 1; $obj_btnedit = "btnedit"; $obj_btndelete = "btndelete"; $obj_userid = "userid"; while ($row_number <= RETURN_TABLE_MASTER_USER_TOTAL_ROWS()) { $obj_btnedit = "btnedit" . $row_number; $obj_btndelete = "btndelete" . $row_number; $obj_userid = "userid" . $row_number; if (isset($_POST[$obj_btnedit])) // Button Edit { $user_id = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,$obj_userid,FILTER_SANITIZE_NUMBER_INT)); echo $user_id; break; } if (isset($_POST[$obj_btndelete])) // Button Delete { $user_id = SECURITY_CHECK_INPUT(filter_input(INPUT_POST,$obj_userid,FILTER_SANITIZE_NUMBER_INT)); echo $user_id; break; } $row_number++; } } ?>" disabled=""> <input name="userid1" id="userid1" type="hidden" value=" <?php echo $user_id ?> "> </div> </div> <div class="control-group"> <label class="control-label" for="focusedInput1">User Name : </label> <div class="controls"> <input class="input-xlarge focused" name ="username" id="username" type="text" value="<?php echo RETURN_TABLE_MASTER_USER_NAME_1($user_id); ?>"> </div> </div> <div class="control-group"> <label class="control-label" for="userpasswordnew1">New Password : </label> <div class="controls"> <input class="input-xlarge focused" name="userpasswordnew1" id="userpasswordnew1" type="password" value="New Password"> </div> </div> <div class="control-group"> <label class="control-label" for="userpasswordnew2">Retype New Password : </label> <div class="controls"> <input class="input-xlarge focused" name="userpasswordnew2" id="userpasswordnew2" type="password" value="Retype New Password"> </div> </div> <div class="form-actions"> <?php $button_name = ""; $button_caption = ""; if ($user_id == 0) { // Property For Add Button $button_name = 'useroperatoractions-button-add'; $button_caption = 'Add user operator'; } else { // Property For Edit Button $button_name = 'useroperatoractions-button-save'; $button_caption = 'Save Changes'; } echo '<button name="' . $button_name . '" type="submit" class="btn btn-primary" onclick="return CHECK_EMPTY();">' . $button_caption . '</button>'; echo '<button name="useroperatoractions-button-cancel" type="submit" class="btn">Cancel</button>'; ?> </div> </fieldset> </form> </div> </div><!--/span--> </div><!--/row--> </div> </div><!--/row-fluid--> </div><!--/container-fluid-full--> <!-- end: Header --> <div class="clearfix"></div> <footer> <p> <span style="text-align:left;float:left">&copy; 2016 <a href="http://sexykios.com/" alt="SexyKios">Lotto - Member - Dashboard</a></span> </p> </footer> <!-- start: JavaScript--> <script src="js/jquery-1.9.1.min.js"></script> <script src="js/jquery-migrate-1.0.0.min.js"></script> <script src="js/jquery-ui-1.10.0.custom.min.js"></script> <script src="js/jquery.ui.touch-punch.js"></script> <script src="js/modernizr.js"></script> <script src="js/bootstrap.min.js"></script> <script src="js/jquery.cookie.js"></script> <script src='js/fullcalendar.min.js'></script> <script src='js/jquery.dataTables.min.js'></script> <script src="js/excanvas.js"></script> <script src="js/jquery.flot.js"></script> <script src="js/jquery.flot.pie.js"></script> <script src="js/jquery.flot.stack.js"></script> <script src="js/jquery.flot.resize.min.js"></script> <script src="js/jquery.chosen.min.js"></script> <script src="js/jquery.uniform.min.js"></script> <script src="js/jquery.cleditor.min.js"></script> <script src="js/jquery.noty.js"></script> <script src="js/jquery.elfinder.min.js"></script> <script src="js/jquery.raty.min.js"></script> <script src="js/jquery.iphone.toggle.js"></script> <script src="js/jquery.uploadify-3.1.min.js"></script> <script src="js/jquery.gritter.min.js"></script> <script src="js/jquery.imagesloaded.js"></script> <script src="js/jquery.masonry.min.js"></script> <script src="js/jquery.knob.modified.js"></script> <script src="js/jquery.sparkline.min.js"></script> <script src="js/counter.js"></script> <script src="js/retina.js"></script> <script src="js/custom.js"></script> <!-- end: JavaScript--> <script> function autoRefresh_div() { var TGLWAKTU = new Date().toLocaleString(); document.getElementById("spanTime").innerHTML = TGLWAKTU; } setInterval('autoRefresh_div()', 1000); // refresh div after 5 secs </script> </body> </html> <?php if(!empty(SECURITY_CHECK_INPUT(filter_input(INPUT_GET,'status',FILTER_SANITIZE_STRING))) AND SECURITY_CHECK_INPUT(filter_input(INPUT_GET,'status',FILTER_SANITIZE_STRING)) != NULL) { $status = SECURITY_CHECK_INPUT(filter_input(INPUT_GET,'status',FILTER_SANITIZE_STRING)); if ($status == 'fail') { echo '<script type="text/javascript">'; echo 'alert("User admin update gagal.")'; echo '</script>'; } elseif ($status == 'pswd') { echo '<script type="text/javascript">'; echo 'document.getElementById("disabledInput1").value = "' . $user_id . '";'; echo 'alert("User admin update gagal, password baru tidak sama.")'; echo '</script>'; } }