pw;
if ($crypt_pw == $db_pw)
{
// password match - proceed
$_SESSION['logged_in'] = 1;
$_SESSION['key'] = md5("%dJ9&".strtolower($cleartext_pw)."(/&k.=".strtoupper($cleartext_pw)."1x&%");
// delete cleartext pw in memory
unset($cleartext_pw);
$_SESSION['version']=$entries->version;
}
else
{
session_unset();
session_destroy();
echo "Wrong Password....
try again\n";
}
}
else
{
// cant connect to database
session_unset();
session_destroy();
echo "
Ooops - Can't connect to the database....
Please try again\n";
}
mysql_close($conn);
}
else
{
// cant connect to the server
session_unset();
session_destroy();
echo "
Ooops - Can't connect to the database-server...
Please try again\n";
}
}
if ((isset($_SESSION['logged_in'])) && ($_SESSION['logged_in'] == 1))
{
// session is active
// any actions to perform?
if (isset($_POST['action']))
{
// save new entry
if ($_POST['action'] == "save")
{
if ($conn = mysql_connect($hostname, $dbuser, $dbpasswd))
{
if (mysql_select_db($database,$conn))
{
$list = mysql_query ("INSERT INTO wallet VALUES('','".
mysql_escape_string (en_crypt($_POST['itemname'],$_SESSION['key']))."','".
mysql_escape_string (en_crypt($_POST['host'],$_SESSION['key']))."','".
mysql_escape_string (en_crypt($_POST['login'],$_SESSION['key']))."','".
mysql_escape_string (en_crypt($_POST['password'],$_SESSION['key']))."','".
mysql_escape_string (en_crypt($_POST['comment'],$_SESSION['key']))."')");
unset($_POST['itemname'], $_POST['host'], $_POST['login'], $_POST['password'], $_POST['comment']);
}
else
{
echo "
Ooops - can't find the database....\n";
}
mysql_close($conn);
}
else
{
echo "
Ooops - can't connect to the database-server...\n";
}
}
// save edited entry
if ($_POST['action'] == "editsave")
{
if ($conn = mysql_connect($hostname, $dbuser, $dbpasswd))
{
if (mysql_select_db($database,$conn))
{
$list = mysql_query ("UPDATE wallet SET itemname='".mysql_escape_string(en_crypt($_POST['itemname'],$_SESSION['key'])).
"', host='".mysql_escape_string(en_crypt($_POST['host'],$_SESSION['key'])).
"', login='".mysql_escape_string(en_crypt($_POST['login'],$_SESSION['key'])).
"', pw='".mysql_escape_string(en_crypt($_POST['password'],$_SESSION['key'])).
"', comment='".mysql_escape_string(en_crypt($_POST['comment'],$_SESSION['key'])).
"' WHERE ID=".$_POST['ID']);
unset($_POST['itemname'], $_POST['host'], $_POST['login'], $_POST['password'], $_POST['comment']);
}
else
{
echo "
Ooops - Can't find the database....\n";
}
mysql_close($conn);
}
else
{
echo "
Ooops - Can't connect to the database-server...\n";
}
}
// delete entry
if ($_POST['action'] == "reallydelete")
{
if ($conn = mysql_connect($hostname, $dbuser, $dbpasswd))
{
if (mysql_select_db($database,$conn))
{
$list = mysql_query ("DELETE FROM wallet WHERE ID=".$_POST['ID']);
}
else
{
echo "
Ooops - Can't find the database....\n";
}
mysql_close($conn);
}
else
{
echo "
Ooops - Can't connect to the database-server...\n";
}
}
// import uploaded file
if ($_POST['action'] == "import")
{
$row = $_POST['row'];
// check that each header field is used only once in import2.php
// sort header_fields by occurence
asort($row);
if ($conn = mysql_connect($hostname, $dbuser, $dbpasswd))
{
if (mysql_select_db($database,$conn))
{
// finally import the data
$fd = fopen ($tmppath."w3pw.csv", "r");
while ($data = fgetcsv ($fd, 4096, ";"))
{
if (count($data)>1)
{
$mysql_string="INSERT INTO wallet VALUES(''";
reset($_POST['row']);
while (list ($index, $val) = each ($_POST['row']))
{
$mysql_string.=",'".mysql_escape_string(en_crypt($data[$val],$_SESSION['key']))."'";
}
$mysql_string.=")";
mysql_query ($mysql_string);
unset($mysql_string);
}
}
fclose ($fd);
unset($row);
unset($data);
}
else
{
echo "
Ooops - Can't find the database....\n";
}
mysql_close($conn);
}
else
{
echo "
Ooops - Can't connect to the database-server...\n";
}
}
}
// check if there is an uploaded file still in the tmp directory -> delete
if (is_file($tmppath."w3pw.csv"))
{
unlink ($tmppath."w3pw.csv");
}
// menu header
echo "\n";
if ($conn = mysql_connect($hostname, $dbuser, $dbpasswd))
{
if (mysql_select_db($database,$conn))
{
$list = mysql_query ("SELECT ID, itemname FROM wallet");
$header_array = array();
while ($entries = mysql_fetch_object($list))
{
$header_array[$entries->ID]=de_crypt($entries->itemname,$_SESSION['key']);
}
natcasesort($header_array);
reset($header_array);
$counter=0;
while (list ($ID, $itemname) = each ($header_array))
{
$counter++;
$list = mysql_query ("SELECT host FROM wallet WHERE ID=".$ID);
$entries = mysql_fetch_object($list);
// table header
if ($counter == 1)
{
echo "
| Entryname | Host/URL | | | |
|---|
\n";
}
// show entries
if ($counter % 2 == 0)
{
echo "";
}
else
{
echo "
";
}
echo "| ".$itemname." | ".de_crypt($entries->host,$_SESSION['key'])." | view | edit | delete |
\n";
}
// table footer
if ($counter >= 1)
{
echo "
";
}
unset($header_array,$itemname);
echo "w3pw v".$_SESSION['version']."
";
}
else
{
echo "
Ooops - Can't find the database....\n";
}
mysql_close($conn);
}
else
{
echo "
Ooops - Can't connect to the database-server...\n";
}
}
?>