public function boot($value = '')
{
$request_method = $_SERVER['REQUEST_METHOD'];
$request_uri = isset($_GET['uri']) ? $_GET['uri'] : '/';
$query_string = array_reverse(clean_array(explode('&', $_SERVER['QUERY_STRING'])));
array_pop($query_string);
$query_string = implode('&', $query_string);
foreach ($this->route as $key => $route) {
/*for GET and POST route boot*/
if ($request_uri == $route['uri'] && $route['type'] == $request_method) {
$method = explode('@', $route['method']);
call_user_method($method[1], new $method[0](), $query_string);
}
/*----------------*/
/*for CONTROLLER route boot*/
$request_controller = explode('/', $request_uri)[0];
$request_controller_method = explode('/', $request_uri)[1];
if ($route['type'] == 'CONTROLLER' && $route['alias'] == $request_controller) {
call_user_method(strtolower($request_method) . '_' . str_replace('-', '_', $request_controller_method), new $route['controller'](), $query_string);
}
/*----------------*/
}
}
/**
* We make the mysql functions available
*/
require "includes/mysql.php";
/**
* Smarty template engine
*/
require 'smarty/libs/Smarty.class.php';
/**
* Connect to the database
*/
$link = connect();
/**
* We clean the incoming data first
*/
$req_data = clean_array($_REQUEST);
/**
* Stores the login data
*/
$login = $req_data['login'];
$password = $req_data['password'];
/**
* set the cache limiter to 'private'
*/
session_cache_limiter('private');
$cache_limiter = session_cache_limiter();
/**
* set the cache expire to 30 minutes
*/
session_cache_expire(30);
$cache_expire = session_cache_expire();
function clean_array($array)
{
foreach ($array as $key => $val) {
$key = clean_string($key);
if (is_array($val)) {
$val = clean_array($val);
} else {
$val = clean_string($val);
}
$array[$key] = $val;
}
return $array;
}
<?php
if ($this->user->external_source != false) {
sm('Profile editing forbidden for social media users. ');
redirect('frontend/page/home');
}
$this->form_validation->set_rules('first_name', 'First Name', 'xss_clean');
$this->form_validation->set_rules('last_name', 'Last Name', 'required|xss_clean');
$this->form_validation->set_rules('Country', 'Country', 'xss_clean');
$this->form_validation->set_rules('affiliation', 'Affiliation', 'xss_clean');
$this->form_validation->set_rules('password_confirm', 'Password Confirmation', 'min_length[' . $this->config->item('min_password_length', 'ion_auth') . ']|max_length[' . $this->config->item('max_password_length', 'ion_auth') . ']|matches[password]');
if ($this->form_validation->run() == true) {
$user = clean_array($_POST, array('first_name', 'last_name', 'affiliation', 'country', 'bio', 'image'));
if (check_uploaded_file($_FILES['image'])) {
resize_image_squared($_FILES['image']['tmp_name'], $this->config->item('max_avatar_size'));
$file_id = $this->File->register_uploaded_file($_FILES['image'], 'userdata/', $this->ion_auth->user()->row()->id, 'userimage');
if ($file_id) {
$user['image'] = $this->data_controller . 'view/' . $file_id . '/' . $_FILES['image']['name'];
}
}
if ($this->input->post('password') != false) {
$identity = $this->session->userdata($this->config->item('identity', 'ion_auth'));
$change = $this->ion_auth->change_password($identity, $this->input->post('password_old'), $this->input->post('password'));
if ($change == false) {
$this->session->set_flashdata('message', $this->ion_auth->errors());
redirect('frontend/page/profile');
}
}
$update = $this->ion_auth->update($this->ion_auth->user()->row()->id, $user);
if ($update) {
//$this->session->set_flashdata('message', $this->ion_auth->messages());
//
// mails dump back
/*
* published under the GPL Licence
*
* (c) Mar 2010
* by Karsten Hinz
*/
require_once "./config.php";
require_once "./formmail.lib.php";
require_once './Template.php';
//testing
extract_csv(0);
$daten_org = recive_formular();
$daten_no_html = $daten_org;
//ka ob das nur die addresse rüber kopiert ist hier aber auch egal
//löscht die zeilenumbrüche
clean_array($daten_no_html, 0);
//ersetzt alle sonderzeichen durch html
clean_array($daten_org, 1);
$stat = statistics($daten_org, $preise);
if (!empty($daten_org["bemerkung"])) {
sends_info($daten_org, $stat);
}
//die nicht escapte version, damit man die datei einfacher wo anders importieren kann
save_data($daten_no_html);
//erzeugt eine Rechnung aus einen Template
$rechnung = generate_bill($daten_org, $preise);
$fehler = generate_mail($daten_org, $rechnung);
//und auch noch was anzeigen
print_page($daten_org, $rechnung, $fehler);
/** löscht alle ungewöhnlichen Zeichen aus der
* eingabe (damit das speichern klappt)
* wenn $html = true ist, werden alle sonderzeichen in html verwandelt
* (damit es nicht zu einer injection kommt)
*/
function clean_array(&$string, $html)
{
if (is_string($string)) {
if ($html != 1) {
/*Eingabe behandlung zum speichern*/
//dieses ersetzten ist zwar sicher aber es gibt da
//z.T, probleme mit üäöß oder ähnlichen zeichen
// $string = preg_replace('/[^a-zA-Z0-9\-\._:üÜäÄöÖß@?\/!\\() ]/', '_', $string);
// for end of line (or begining)
$string = trim($string);
// from everywhere
$string = str_replace("\n", " ", $string);
$string = str_replace("\r", "", $string);
//und das Trennerzeichen der dataen.php aus der eingabe entfernen
$string = str_replace($GLOBALS["splitter"], " ", $string);
// $string = str_replace("<", "", $string);
// $string = str_replace(">", "", $string);
} else {
//umwandeln in html sonderzeichen,
//sodass evlt vorhandener code nichts bringt
$string = htmlentities($string);
// $string = htmlspecialchars($string,ENT_QUOTES);
}
} else {
if (is_array($string)) {
foreach ($string as $key => $value) {
clean_array($string[$key], $html);
}
}
}
}
