public function ShowMessage($message, $get_var = '') { // cache message for use in the template. if ($get_var != '' && isset($_GET[$get_var]) && !empty($_GET[$get_var])) { if (is_array($_GET[$get_var])) { foreach ($_GET[$get_var] as $one) { $this->_messages[] = lang(cleanValue($one)); } } else { $this->_messages[] = lang(cleanValue($_GET[$get_var])); } } else { if (is_array($message)) { foreach ($message as $one) { $this->_messages[] = $one; } } else { if (is_string($message)) { $this->_messages[] = $message; } } } }
/** * ShowMessage * Outputs a page status message * * @param message - Message to be shown * @param get_var - Name of the _GET variable that contains the * name of the message lang string */ public function ShowMessage($message, $get_var = '') { $image_done = $this->DisplayImage('icons/system/accept.gif', lang('success'), '', '', 'systemicon'); $output = '<div class="pagemcontainer"'; if (FALSE == empty($get_var)) { if (FALSE == empty($_GET[$get_var])) { $message = lang(cleanValue($_GET[$get_var])); } else { $message = ''; $output .= ' style="display:none;"'; } } $output .= '><p class="pagemessage">' . $image_done . ' ' . $message . '</p></div>'; return $output; }
} $adminaccess = 1; if (!isset($_POST["adminaccess"]) && isset($_POST["edituser"])) { $adminaccess = 0; } $active = 1; if (!isset($_POST["active"]) && isset($_POST["edituser"])) { $active = 0; } $userid = get_userid(); $user_id = $userid; if (isset($_POST["user_id"])) { $user_id = cleanValue($_POST["user_id"]); } else { if (isset($_GET["user_id"])) { $user_id = cleanValue($_GET["user_id"]); } } $gCms = cmsms(); $userops = $gCms->GetUserOperations(); $groupops = $gCms->GetGroupOperations(); $group_list = $groupops->LoadGroups(); $db = $gCms->GetDb(); $thisuser = $userops->LoadUserByID($user_id); if (strlen($thisuser->username) > 0) { $CMS_ADMIN_SUBTITLE = $thisuser->username; } // this is now always true... but we may want to change how things work, so I'll leave it $access_perm = check_permission($userid, 'Modify Users'); $access_user = $userid == $user_id; $access_group = $userops->UserInGroup($userid, 1) || !$userops->UserInGroup($user_id, 1);
$success = false; $page = 'index'; // Start Twitter Perch $tp = new twitterPerch(); // Initialise Form Validators if (empty($_POST)) { SmartyValidate::connect($smarty, true); SmartyValidate::register_validator('keyword', 'keyword', 'notEmpty'); SmartyValidate::register_validator('username', 'username', 'isWord', false, true); SmartyValidate::register_validator('password', 'password:6', 'isLength', false, true); SmartyValidate::register_validator('accValid', 'username:password', 'isValid'); } else { SmartyValidate::connect($smarty); SmartyValidate::register_object('tp', $tp); SmartyValidate::register_criteria('isValid', 'tp->isValidTwitterCredentials'); if ($valid = SmartyValidate::is_valid($_POST)) { SmartyValidate::disconnect(); // Clean Values $formVars = array('keyword' => cleanValue($_POST['keyword']), 'username' => cleanValue($_POST['username']), 'password' => cleanValue($_POST['password'])); // Add To List $success = $tp->add($formVars); } } // Assign Variables $smarty->assign('text', $lang[$page]); $smarty->assign('success', $success); $smarty->assign($_POST); // Trim the Whitespace $smarty->load_filter('output', 'trimwhitespace'); // Display in Template $smarty->display($page . '.tpl');
} $password = ''; if (isset($_POST["password"])) { $password = $_POST["password"]; } $passwordagain = ''; if (isset($_POST["passwordagain"])) { $passwordagain = $_POST["passwordagain"]; } $firstname = ''; if (isset($_POST["firstname"])) { $firstname = cleanValue($_POST["firstname"]); } $lastname = ''; if (isset($_POST["lastname"])) { $lastname = cleanValue($_POST["lastname"]); } $email = ''; if (isset($_POST["email"])) { $email = trim($_POST["email"]); } // Do validations $validinfo = true; if ($username == "") { $validinfo = false; $error = lang('nofieldgiven', array(lang('username'))); } else { if (!preg_match("/^[a-zA-Z0-9\\._ ]+\$/", $username)) { $validinfo = false; $error = lang('illegalcharacters', array(lang('username'))); } else {
#Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # #$Id: editbookmark.php 9830 2015-02-19 18:30:06Z calguy1000 $ $CMS_ADMIN_PAGE = 1; require_once "../include.php"; $urlext = '?' . CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY]; check_login(); $db = cmsms()->GetDb(); $error = ""; $title = ""; if (isset($_POST["title"])) { $title = trim(cleanValue((string) $_POST["title"])); } $myurl = ""; if (isset($_POST["url"])) { $myurl = trim(cleanValue((string) $_POST["url"])); } $bookmark_id = -1; if (isset($_POST["bookmark_id"])) { $bookmark_id = $_POST["bookmark_id"]; } else { if (isset($_GET["bookmark_id"])) { $bookmark_id = $_GET["bookmark_id"]; } } if (isset($_POST["cancel"])) { redirect("listbookmarks.php" . $urlext); return; } $userid = get_userid(); if (isset($_POST["editbookmark"])) {
public function extractDataFromUserId($userId = null) { $this->userId = cleanValue($userId); // CHECK USER ID OR DIE if (!isset($this->userId) || empty($this->userId)) { //if($this->debug) { die('this email require an userId to fill fields data. invalid $this->userId in extractDataFromUserId'); //} //return false; } // GET USER DATA $sql = "select * from respondents where resp_id = " . $this->userId; $this->userData = a($sql); // CHECK USER DATA OR DIE if (!$this->userData) { //if($this->debug) { die('user not found. Query: ' . $sql); //} //return false; } }
$homepage = 'index.php'; } $dest = $dest . '/' . $homepage; $dest .= '?' . CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY]; redirect($dest); } } } if (isset($_POST["logincancel"])) { debug_buffer("Login cancelled. Returning to content."); redirect($config["root_url"] . '/index.php', true); } if (isset($_POST["username"]) && isset($_POST["password"])) { $username = ""; if (isset($_POST["username"])) { $username = cleanValue($_POST["username"]); } $password = ""; if (isset($_POST["password"])) { $password = $_POST["password"]; } global $gCms; $userops =& $gCms->GetUserOperations(); $oneuser =& $userops->LoadUserByUsername($username, $password, true, true); debug_buffer("Got user by username"); debug_buffer($oneuser); if ($username != "" && $password != "" && isset($oneuser) && $oneuser == true && isset($_POST["loginsubmit"])) { debug_buffer("Starting login procedure. Setting userid so that other pages will pick it up and set a cookie."); generate_user_object($oneuser->id); $_SESSION['login_user_id'] = $oneuser->id; $_SESSION['login_user_username'] = $oneuser->username;
#along with this program; if not, write to the Free Software #Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # #$Id: addbookmark.php 9829 2015-02-19 18:24:10Z calguy1000 $ $CMS_ADMIN_PAGE = 1; require_once "../include.php"; $urlext = '?' . CMS_SECURE_PARAM_NAME . '=' . $_SESSION[CMS_USER_KEY]; check_login(); $error = ""; $title = ""; if (isset($_POST["title"])) { $title = trim(cleanValue($_POST["title"])); } $url = ""; if (isset($_POST["url"])) { $url = trim(cleanValue($_POST["url"])); } if (isset($_POST["cancel"])) { redirect("listbookmarks.php" . $urlext); return; } $userid = get_userid(); if (isset($_POST["addbookmark"])) { $validinfo = true; if ($title == "") { $error .= lang('nofieldgiven', array('addbookmark')); $validinfo = false; } if (stripos($title, 'script:') !== FALSE) { $error .= lang('missingparams'); $validinfo = false;
function cleanValue($value) { if (is_array($value)) { foreach ($value as $key => $val) { $value[$key] = cleanValue($val); } } elseif (is_bool($value)) { return $value; } else { // Nullbytes abfangen! if (strpos("tmp" . $value, "") > 0) { die; } $value = rawurldecode($value); $value = stripslashes($value); $value = str_replace(array("\r\n", "\r", "\n"), "-tmpbr_", $value); $value = trim($value, ".."); if (basename($value) != $value) { $value = str_replace(basename($value), trim(basename($value), ".."), $value); } $value = strip_tags($value); $value = str_replace("-tmpbr_", "\n", $value); $value = mo_rawurlencode($value); } return $value; }
$errors = explode(' ', trim(strtolower($conn->error))); if ($errors[0] == "duplicate") { $arr = array('status' => 'duplicate', 'email' => $newEmail, 'message' => 'This email address is already in use', 'timestamp' => $date); createJSON($arr, true); } else { print "FAILURE: " . $conn->error; $arr = array('status' => 'failure', 'email' => $newEmail, 'message' => 'Internal server error', 'timestamp' => $date); createJSON($arr, true); } } } // if signin form is submitted if (isset($_POST['signin'])) { // clean form data $signinEmail = cleanValue($_POST['signinEmail']); $signinPassword = cleanValue($_POST['signinPassword']); // lookup database record $signinAccountSQL = "SELECT `hash`,`email`,`id`,`permissions` FROM {$tbName} WHERE `email` = '{$signinEmail}'"; $result = $conn->query($signinAccountSQL); // results from databse if ($result->num_rows > 0) { while ($user = $result->fetch_assoc()) { if (password_verify($signinPassword, $user["hash"]) && $user["email"] == $signinEmail) { $arr = array('status' => 'success', 'user_data' => array('id' => $user["id"], 'email' => $signinEmail, 'permissions' => $user["permissions"]), 'message' => 'You have successfully signed in', 'timestamp' => $date); createJSON($arr); } else { $arr = array('status' => 'failure', 'user_data' => array('email' => $signinEmail), 'message' => 'There was an error', 'timestamp' => $date); createJSON($arr, true); } } } else {
/** * Checks the validity of the supplied Twitter credentials. * * Will return false if the username/password combo fails to login. * * @param string $username - The supplied Twitter username * @param boolean $empty - Optional flag, decides whether the email is optional or not * @param array $params - The extra parameters provided by SmartyValidate * @param array $formvars - The other form variables provided by the form * @return boolean - True if email exists, false if not. */ public function isValidTwitterCredentials($username, $empty, &$params, &$formvars) { // Test Parameters if (!isset($username) || !isset($formvars[$params['field2']])) { return $empty; } $username = cleanValue($username); $password = $formvars[$params['field2']]; $req = new HTTP_Request('http://twitter.com/account/verify_credentials.xml'); $req->setMethod(HTTP_REQUEST_METHOD_POST); $req->setBasicAuth($username, $password); $response = $req->sendRequest(); $responseCode = $req->getResponseCode(); $responseBody = $req->getResponseBody(); if ($responseCode == '200') { return true; } return false; }
/** * Processes submitted forms, redirects to previous page if needed * @return mixed Returns a ADOdb Connection object (for re-use) if created */ function processSubmit($process = 'install') { if ($process == 'install') { switch ($this->currentPage) { case 2: if (isset($_POST['recheck'])) { $this->currentPage = 1; } break; case 3: if (isset($_POST['recheck'])) { $this->currentPage = 2; } break; case 4: if (isset($_POST['umask']) && trim($_POST['umask']) == '') { $this->errors[] = ilang('test_umask_not_given'); $this->currentPage = 3; } if (isset($_POST['recheck'])) { $this->currentPage = 3; } break; case 5: $_POST['adminusername'] = cleanValue(trim($_POST['adminusername'])); if ($_POST['adminusername'] == '') { $this->errors[] = ilang('test_username_not_given'); } elseif (!preg_match("/^[a-zA-Z0-9\\._ ]+\$/", $_POST['adminusername'])) { $this->errors[] = ilang('test_username_illegal'); } if (trim($_POST['adminpassword']) == '' || trim($_POST['adminpasswordagain']) == '') { $this->errors[] = ilang('test_not_both_passwd'); } elseif ($_POST['adminpassword'] != $_POST['adminpasswordagain']) { $this->errors[] = ilang('test_passwd_not_match'); } $_POST['adminemail'] = trim($_POST['adminemail']); if (!empty($_POST['adminemail']) && !is_email($_POST['adminemail'])) { $this->errors[] = ilang('invalidemail'); } if (isset($_POST['email_accountinfo']) && empty($_POST['adminemail'])) { $this->errors[] = ilang('test_email_accountinfo'); } if (count($this->errors) > 0) { $this->currentPage = 4; } break; case 6: if (isset($_POST['prefix']) && $_POST['prefix'] != '' && !preg_match('/^[a-zA-Z0-9_]+$/', trim($_POST['prefix']))) { $this->errors[] = ilang('test_database_prefix'); $this->currentPage = 5; return; } if (trim($_POST['dbms']) == '') { $this->errors[] = ilang('test_no_dbms'); $this->currentPage = 5; return; } $db =& ADONewConnection($_POST['dbms'], 'pear:date:extend:transaction'); if (!empty($_POST['db_port'])) { $db->port = $_POST['db_port']; } if (!empty($_POST['db_socket']) && $_POST['dbms'] == 'mysqli') { $db->socket = $_POST['db_socket']; } $result = $db->Connect($_POST['host'], $_POST['username'], $_POST['password'], $_POST['database']); if (!$result) { $this->errors[] = ilang('test_could_not_connect_db'); $this->currentPage = 5; return; } //Try to create and drop a dummy table (with appropriate prefix) $db_prefix = $_POST['prefix']; @$db->Execute('DROP TABLE ' . $db_prefix . 'dummyinstall'); $result = $db->Execute('CREATE TABLE ' . $db_prefix . 'dummyinstall (i int)'); if ($result) { $result = $db->Execute('DROP TABLE ' . $db_prefix . 'dummyinstall'); if (!$result) { //could not drop table $this->errors[] = ilang('test_could_not_drop_table'); $this->currentPage = 5; return; } } else { //could not create table $this->errors[] = ilang('test_could_not_create_table'); $this->currentPage = 5; return; } return $db; break; } } elseif ($process == 'upgrade') { switch ($this->currentPage) { case 2: if (isset($_POST['recheck'])) { $this->currentPage = 1; } break; case 3: if (isset($_POST['recheck'])) { $this->currentPage = 2; } break; case 4: if (isset($_POST['recheck'])) { $this->currentPage = 3; } break; case 5: if (isset($_POST['recheck'])) { $this->currentPage = 4; return; } $gCms = cmsms(); $db =& $gCms->GetDB(); return $db; break; case 6: if (isset($_POST['recheck'])) { $this->currentPage = 5; return; } $gCms = cmsms(); $db =& $gCms->GetDB(); return $db; break; case 7: if (isset($_POST['recheck'])) { $this->currentPage = 6; } break; } } return NULL; }