public function boot($value = '') { $request_method = $_SERVER['REQUEST_METHOD']; $request_uri = isset($_GET['uri']) ? $_GET['uri'] : '/'; $query_string = array_reverse(clean_array(explode('&', $_SERVER['QUERY_STRING']))); array_pop($query_string); $query_string = implode('&', $query_string); foreach ($this->route as $key => $route) { /*for GET and POST route boot*/ if ($request_uri == $route['uri'] && $route['type'] == $request_method) { $method = explode('@', $route['method']); call_user_method($method[1], new $method[0](), $query_string); } /*----------------*/ /*for CONTROLLER route boot*/ $request_controller = explode('/', $request_uri)[0]; $request_controller_method = explode('/', $request_uri)[1]; if ($route['type'] == 'CONTROLLER' && $route['alias'] == $request_controller) { call_user_method(strtolower($request_method) . '_' . str_replace('-', '_', $request_controller_method), new $route['controller'](), $query_string); } /*----------------*/ } }
/** * We make the mysql functions available */ require "includes/mysql.php"; /** * Smarty template engine */ require 'smarty/libs/Smarty.class.php'; /** * Connect to the database */ $link = connect(); /** * We clean the incoming data first */ $req_data = clean_array($_REQUEST); /** * Stores the login data */ $login = $req_data['login']; $password = $req_data['password']; /** * set the cache limiter to 'private' */ session_cache_limiter('private'); $cache_limiter = session_cache_limiter(); /** * set the cache expire to 30 minutes */ session_cache_expire(30); $cache_expire = session_cache_expire();
function clean_array($array) { foreach ($array as $key => $val) { $key = clean_string($key); if (is_array($val)) { $val = clean_array($val); } else { $val = clean_string($val); } $array[$key] = $val; } return $array; }
<?php if ($this->user->external_source != false) { sm('Profile editing forbidden for social media users. '); redirect('frontend/page/home'); } $this->form_validation->set_rules('first_name', 'First Name', 'xss_clean'); $this->form_validation->set_rules('last_name', 'Last Name', 'required|xss_clean'); $this->form_validation->set_rules('Country', 'Country', 'xss_clean'); $this->form_validation->set_rules('affiliation', 'Affiliation', 'xss_clean'); $this->form_validation->set_rules('password_confirm', 'Password Confirmation', 'min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[password]'); if ($this->form_validation->run() == true) { $user = clean_array($_POST, array('first_name', 'last_name', 'affiliation', 'country', 'bio', 'image')); if (check_uploaded_file($_FILES['image'])) { resize_image_squared($_FILES['image']['tmp_name'], $this->config->item('max_avatar_size')); $file_id = $this->File->register_uploaded_file($_FILES['image'], 'userdata/', $this->ion_auth->user()->row()->id, 'userimage'); if ($file_id) { $user['image'] = $this->data_controller . 'view/' . $file_id . '/' . $_FILES['image']['name']; } } if ($this->input->post('password') != false) { $identity = $this->session->userdata($this->config->item('identity', 'ion_auth')); $change = $this->ion_auth->change_password($identity, $this->input->post('password_old'), $this->input->post('password')); if ($change == false) { $this->session->set_flashdata('message', $this->ion_auth->errors()); redirect('frontend/page/profile'); } } $update = $this->ion_auth->update($this->ion_auth->user()->row()->id, $user); if ($update) { //$this->session->set_flashdata('message', $this->ion_auth->messages());
// // mails dump back /* * published under the GPL Licence * * (c) Mar 2010 * by Karsten Hinz */ require_once "./config.php"; require_once "./formmail.lib.php"; require_once './Template.php'; //testing extract_csv(0); $daten_org = recive_formular(); $daten_no_html = $daten_org; //ka ob das nur die addresse rüber kopiert ist hier aber auch egal //löscht die zeilenumbrüche clean_array($daten_no_html, 0); //ersetzt alle sonderzeichen durch html clean_array($daten_org, 1); $stat = statistics($daten_org, $preise); if (!empty($daten_org["bemerkung"])) { sends_info($daten_org, $stat); } //die nicht escapte version, damit man die datei einfacher wo anders importieren kann save_data($daten_no_html); //erzeugt eine Rechnung aus einen Template $rechnung = generate_bill($daten_org, $preise); $fehler = generate_mail($daten_org, $rechnung); //und auch noch was anzeigen print_page($daten_org, $rechnung, $fehler);
/** löscht alle ungewöhnlichen Zeichen aus der * eingabe (damit das speichern klappt) * wenn $html = true ist, werden alle sonderzeichen in html verwandelt * (damit es nicht zu einer injection kommt) */ function clean_array(&$string, $html) { if (is_string($string)) { if ($html != 1) { /*Eingabe behandlung zum speichern*/ //dieses ersetzten ist zwar sicher aber es gibt da //z.T, probleme mit üäöß oder ähnlichen zeichen // $string = preg_replace('/[^a-zA-Z0-9\-\._:üÜäÄöÖß@?\/!\\() ]/', '_', $string); // for end of line (or begining) $string = trim($string); // from everywhere $string = str_replace("\n", " ", $string); $string = str_replace("\r", "", $string); //und das Trennerzeichen der dataen.php aus der eingabe entfernen $string = str_replace($GLOBALS["splitter"], " ", $string); // $string = str_replace("<", "", $string); // $string = str_replace(">", "", $string); } else { //umwandeln in html sonderzeichen, //sodass evlt vorhandener code nichts bringt $string = htmlentities($string); // $string = htmlspecialchars($string,ENT_QUOTES); } } else { if (is_array($string)) { foreach ($string as $key => $value) { clean_array($string[$key], $html); } } } }