diff --git a/classes/constellation.php b/classes/constellation.php index 91f3790..162a473 100644 --- a/classes/constellation.php +++ b/classes/constellation.php @@ -18,7 +18,6 @@ class Constellation * @param Boolean $admin - specifies whether to render admin controls */ public function render_incidents($future=false, $offset=0, $limit = 5, $admin = 0){ - global $mysqli; if ($offset<0) { $offset = 0; diff --git a/classes/locale-negotiator.php b/classes/locale-negotiator.php index fff83d1..7fd39cb 100644 --- a/classes/locale-negotiator.php +++ b/classes/locale-negotiator.php @@ -230,7 +230,7 @@ class LocaleNegotiator $this->default_language = $default_language; //Works only if the server supports the locale //This basically means $accepted_langs[] = ""; - foreach ($tmp as $key => $value) { + foreach ($tmp as $value) { $lang = basename($value); $this->accepted_langs[$lang] = $this->all_locales[$lang]; } diff --git a/classes/service.php b/classes/service.php index 25a0972..526c1a8 100644 --- a/classes/service.php +++ b/classes/service.php @@ -74,7 +74,7 @@ class Service implements JsonSerializable $stmt = $mysqli->prepare("INSERT INTO services VALUES(NULL,?)"); $stmt->bind_param("s", $name); $stmt->execute(); - $query = $stmt->get_result(); + $stmt->get_result(); header("Location: ".WEB_URL."/admin/?do=settings"); }else { @@ -88,7 +88,7 @@ class Service implements JsonSerializable */ public static function delete() { - global $user; + global $user, $message; if ($user->get_rank()<=1) { global $mysqli; diff --git a/classes/token.php b/classes/token.php index 8f2de64..2b3b36e 100644 --- a/classes/token.php +++ b/classes/token.php @@ -19,7 +19,7 @@ class Token $stmt = $mysqli->prepare("INSERT INTO tokens VALUES(?, ?, ?, ?)"); $stmt->bind_param("siis", $token, $id, $expire, $data); $stmt->execute(); - $query = $stmt->get_result(); + $stmt->get_result(); return $token; } @@ -41,6 +41,22 @@ class Token return $query->fetch_assoc()['count']; } + /** + * Returns token data + * @param String $token + * @param int $id user ID + * @return String data + */ + public static function get_data($token, $id) + { + global $mysqli; + $stmt = $mysqli->prepare("SELECT data as count FROM tokens WHERE token = ? AND user = ?"); + $stmt->bind_param("si", $token, $id); + $stmt->execute(); + $query = $stmt->get_result(); + return $query->fetch_assoc()['data']; + } + /** * Deletes token. * @param String $token diff --git a/classes/user.php b/classes/user.php index f6920c8..6cd1097 100644 --- a/classes/user.php +++ b/classes/user.php @@ -84,12 +84,7 @@ class User public function toggle() { global $mysqli, $message, $user; - $id = $_SESSION['user']; - $stmt = $mysqli->prepare("SELECT permission FROM users WHERE id=?"); - $stmt->bind_param("i", $id); - $stmt->execute(); - $query = $stmt->get_result(); - $permission = $result['permission']; + $id = $_GET['id']; if ($this->id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank)) { @@ -274,10 +269,10 @@ class User */ public static function restore_session() { - global $mysqli, $message; + global $message; $id = $_COOKIE['user']; $token = $_COOKIE['token']; - $time = time(); + if (Token::validate_token($token, $id, "remember")) { $year = strtotime('+356 days', time()); @@ -405,7 +400,7 @@ class User */ public function change_password($token = false) { - global $mysqli, $user, $message; + global $mysqli, $message; $time = time(); $id = $this->id; if ($_POST['password']!=$_POST['password_repeat']) @@ -440,9 +435,9 @@ class User $stmt->execute(); $stmt->close(); $stmt = $mysqli->prepare("DELETE FROM tokens WHERE user = ? AND data = 'remember'"); - $stmt->bind_param("d", $id); - $stmt->execute(); - $query = $stmt->get_result(); + $stmt->bind_param("d", $id); + $stmt->execute(); + $query = $stmt->get_result(); User::logout(); } else{ @@ -466,9 +461,9 @@ class User $stmt->execute(); $stmt->close(); $stmt = $mysqli->prepare("DELETE FROM tokens WHERE user = ? AND data = 'remember'"); - $stmt->bind_param("d", $id); - $stmt->execute(); - $query = $stmt->get_result(); + $stmt->bind_param("d", $id); + $stmt->execute(); + $query = $stmt->get_result(); } else { @@ -517,14 +512,13 @@ class User * @return void */ public function email_link(){ - global $mysqli; + global $user; $email = $_POST['email']; $time = strtotime('+1 day', time()); $id = $this->id; $token = Token::add($id, 'email;$email', $time); - $link = WEB_URL."/admin/?do=change-email&id=$id&token=$token"; $to = $email; $subject = _('Email change').' - '.NAME;