| Server IP : 79.136.114.73 / Your IP : 216.73.216.55 Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64 User : www-data ( 33) PHP Version : 5.5.9-1ubuntu4.29 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /var/www/www.notes-online.se/scripts/ |
Upload File : |
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if($username == ""){
$username = $_GET['username'];
$password = $_GET['password'];
}
$password_md5 = md5($password);
$link = mysql_connect ("localhost", "root", "root123");
mysql_select_db ("notes");
function date_diff($current,$past)
{
$seconds = strtotime($current) - strtotime($past);
$min = $seconds/60;
$hours = $min/60;
$days = floor($hours/24);
$hours = floor($hours-($days*24));
$min = floor($min-($days*60*24)-($hours*60));
return $days;
}
$sql = "select * from tblUsers where username = '".$username."' and password = '".$password_md5."' and active = 1 and attempt <= 3";
$result = mysql_query($sql);
if(mysql_num_rows($result) > 0) {
// User found, we are logged in
$userdata = mysql_fetch_assoc($result);
$sql = "INSERT INTO tblActionLog VALUES(null,".$userdata['userId'].",'Logging in...','".date("Y-m-d H:i:s")."')";
$result = mysql_query($sql);
$sql = "UPDATE tblUsers SET attempt = 0 WHERE userId = ".$userdata['userId'];
$result = mysql_query($sql);
if($userdata['companyId'] == "1001578"){
$ShowExportMeny = "false";
$ShowRemoveAll = "false";
$ShowSaveButton = "false";
$ShowStartStop = "true";
$StartStopTitle = "Landlord";
$HelpFileURL = "http://www.notes-online.se/symbols/notes/sllas/help/";
$StartStopURL = "http://www.notes-online.se/symbols/notes/sllas/startstop.php";
}else if($userdata['companyId'] == "1001945"){
$ShowExportMeny = "false";
$ShowRemoveAll = "false";
$ShowSaveButton = "false";
$ShowStartStop = "true";
$StartStopTitle = "Landlord";
$HelpFileURL = "http://www.notes-online.se/symbols/notes/sllas/help/";
$StartStopURL = "http://www.notes-online.se/symbols/notes/stipa/startstop.php";
}else if($userdata['companyId'] == "1001564"){
$ShowExportMeny = "false";
$ShowRemoveAll = "false";
$ShowSaveButton = "false";
$ShowStartStop = "true";
$StartStopTitle = "Databas";
$HelpFileURL = "http://www.notes-online.se/symbols/notes/sllas/help/";
$StartStopURL = "http://www.notes-online.se/symbols/notes/stipa/startstop.php";
}else{
$ShowExportMeny = "true";
$ShowRemoveAll = "true";
$ShowSaveButton = "true";
$ShowStartStop = "true";
$StartStopTitle = "Databas";
$HelpFileURL = "http://www.notes-online.se/notes_help";
$StartStopURL = "http://www.notes-online.se/symbols/notes/sllas/startstop.php";
}
$xml ='<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>LoginInfo</key>
<dict>
<key>UserID</key>
<string>'.$userdata['userId'].'</string>
<key>CompanyID</key>
<string>'.$userdata['companyId'].'</string>
<key>LoggedIn</key>
<string>true</string>
<key>Application</key>
<string>'.$userdata['application'].'</string>
<key>ReloadSplashScreen</key>
<string>false</string>
<key>SplashScreen</key>
<string></string>
<key>OnlyExportToIcad</key>
<string>false</string>
<key>ShowRemoveAll</key>
<string>'.$ShowRemoveAll.'</string>
<key>ShowExportMeny</key>
<string>'.$ShowExportMeny.'</string>
<key>ShowSaveButton</key>
<string>'.$ShowSaveButton.'</string>
<key>ShowStartStop</key>
<string>'.$ShowStartStop.'</string>
<key>StartStopTitle</key>
<string>'.$StartStopTitle.'</string>
<key>HelpFileURL</key>
<string>'.$HelpFileURL.'</string>
<key>StartStopURL</key>
<string>'.$StartStopURL.'</string>';
$sql = "select * from tblAccounts where companyId = '".$userdata['companyId']."'";
$result1 = mysql_query($sql);
$IsCommandDrawShapeAllowed = 1;
$IsCommandMarkShapeAllowed = 1;
$IsCommandDrawAreaAllowed = 1;
$IsCommandDrawTextAllowed = 1;
$IsCommandDrawRulerAllowed = 1;
$IsCommandCameraPlacementAllowed = 1;
$IsCommandDrawLineAllowed = 1;
$DemoRemainingDays = 60;
if(mysql_num_rows($result1) == 0) {
$demo = 1;
$registrationDate = date("Y-m-d");
$sql = "insert into tblAccounts values(NULL,'".$userdata['companyId']."','".$userdata['userId']."','$registrationDate',1)";
mysql_query($sql);
$sql = "insert into tblAccountsData values(NULL,1,1,1,1,1,1,1,".$userdata['companyId'].")";
mysql_query($sql);
}else{
//http://www.notes-online.se/scripts/HTTPPOST_getLoginInfo.php?username=Demo&password=Demo
$accountdata1 = mysql_fetch_assoc($result1);
$registrationDate = $accountdata1['registrationDate'];
$demo = $accountdata1['demo'];
$sql = "select * from tblAccountsData where companyId = '".$userdata['companyId']."'";
$result = mysql_query($sql);
$accountdata = mysql_fetch_assoc($result);
$IsCommandDrawShapeAllowed = $accountdata['IsCommandDrawShapeAllowed'];
$IsCommandMarkShapeAllowed = $accountdata['IsCommandMarkShapeAllowed'];
$IsCommandDrawAreaAllowed = $accountdata['IsCommandDrawAreaAllowed'];
$IsCommandDrawTextAllowed = $accountdata['IsCommandDrawTextAllowed'];
$IsCommandDrawRulerAllowed = $accountdata['IsCommandDrawRulerAllowed'];
$IsCommandCameraPlacementAllowed = $accountdata['IsCommandCameraPlacementAllowed'];
$IsCommandDrawLineAllowed = $accountdata['IsCommandDrawLineAllowed'];
}
if($demo == 1){
$CommercialUse = "false";
}else{
$CommercialUse = "true";
}
$now = date("Y-m-d");
$your_date = date("Y-m-d",strtotime($registrationDate));
$DemoRemainingDays = 60 - date_diff($now, $your_date);
$xml .='
<key>CommercialUse</key>
<string>'.$CommercialUse.'</string>
<key>DemoRemainingDays</key>
<string>'.$DemoRemainingDays.'</string>
<key>AvailibleCommands</key>
<dict>
<key>IsCommandDrawShapeAllowed</key>
<string>'.$IsCommandDrawShapeAllowed .'</string>
<key>IsCommandMarkShapeAllowed</key>
<string>'.$IsCommandMarkShapeAllowed.'</string>
<key>IsCommandDrawAreaAllowed</key>
<string>'.$IsCommandDrawAreaAllowed.'</string>
<key>IsCommandDrawTextAllowed</key>
<string>'.$IsCommandDrawTextAllowed.'</string>
<key>IsCommandDrawRulerAllowed</key>
<string>'.$IsCommandDrawRulerAllowed.'</string>
<key>IsCommandCameraPlacementAllowed</key>
<string>'.$IsCommandCameraPlacementAllowed.'</string>
<key>IsCommandDrawLineAllowed</key>
<string>'.$IsCommandDrawLineAllowed.'</string>
</dict>
<key>NotesSymbols</key>
<dict>';
$sql = "select * from tblSymbolGroupsJoinCompany, tblSymbolGroups where tblSymbolGroupsJoinCompany.categoryId = tblSymbolGroups.categoryId and companyId = ".$userdata['companyId'];
$result2 = mysql_query($sql);
$counter = 0;
while ($row = mysql_fetch_assoc($result2)){
$xml .= '<key>'.$row['name'].'</key>
<dict>';
$sql = "select * from tblSymbolForms where categoryId = ".$row['categoryId'];
$result3 = mysql_query($sql);
while ($row1 = mysql_fetch_assoc($result3)){
$xml .= '<key>Symbol'.$counter.'</key>
';
$xml .= '<dict>
';
$xml .= ' <key>SymbolID</key>
';
$xml .= ' <string>'.$row1['formid'].'</string>
';
$xml .= ' <key>SymbolName</key>
';
$xml .= ' <string>'.$row1['SymbolName'].'</string>
';
$xml .= ' <key>FormIcon</key>
';
$xml .= ' <string>'.$row1['Icon'].'</string>
';
$xml .= ' <key>FormURL</key>
';
$xml .= ' <string>'.$row1['URL'].'</string>
';
$xml .= '</dict>
';
$counter++;
}
$xml .= '</dict>
';
}
$xml .= '</dict>
';
$xml .='<key>Symbols</key>
<array>
<integer>0</integer>';
$sql = "select * from tblSymbols where userId = ".$userdata['userId'];
$result = mysql_query($sql);
while ($row = mysql_fetch_assoc($result)){
$xml .='<integer>'.$row['symbolId'].'</integer>';
}
$xml .='</array>
</dict>
</dict>
</plist>';
$sql = "update tblUsers set loggedIn = '1', lastLogin = '".date("Y-m-d H:i:s")."' where username = '".$username."' and password = '".$password_md5."'";
mysql_query($sql);
}else{
$sql = "UPDATE tblUsers SET attempt = attempt + 1 WHERE username = '".$username."'";
$result = mysql_query($sql);
$sql = "select * from tblUsers where username = '".$username."'";
$result = mysql_query($sql);
if(mysql_num_rows($result) > 0) {
// User found, we are logged in
$userdata = mysql_fetch_assoc($result);
if($userdata['attempt'] > 3){
$sql = "UPDATE tblUsers SET attempt = 0, active = 0 WHERE username = '".$username."'";
$result = mysql_query($sql);
}
}
// User not found, not logged in
$xml ='<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>LoginInfo</key>
<dict>
<key>UserID</key>
<string></string>
<key>CompanyID</key>
<string></string>
<key>LoggedIn</key>
<string>false</string>
<key>Application</key>
<string></string>
<key>ReloadSplashScreen</key>
<string>false</string>
<key>SplashScreen</key>
<string></string>
<key>OnlyExportToIcad</key>
<string>false</string>
<key>CommercialUse</key>
<string>false</string>
<key>ShowStartStop</key>
<string>true</string>
<key>StartStopTitle</key>
<string>Start/Stop</string>
<key>StartStopURL</key>
<string>http://www.notes-online.se/symbols/save.html</string>
<key>Symbols</key>
<array>
<integer>0</integer>
</array>
</dict>
</dict>
</plist>';
}
if($_GET['test'] == "true"){
echo(iconv($source_encoding,"UTF-8",$xml));
}else{
$source_encoding = "ISO-8859-1";
header("Content-type: application/octet-stream");
header('Content-Disposition: attachment; filename="Login.plist"');
echo(iconv($source_encoding,"UTF-8",$xml));
}
?>