<?php /** * Created by : PhpStorm. * User : sam * Company : Jeeble * Date : 7/21/15 * Time : 9:52 AM */ require_once "assets/includes/includes.php"; confirm_pirate_auth_login(); if (isset($_POST['update'])) { if (md5($_POST['admin_password']) == pirate_auth_current_user('hashed_password')) { $user = pirate_auth_get_user_by_id($_POST['user_id']); $name = mbsplit(" ", $_POST['name']); $first_name = $name[0]; $last_name = $name[1]; $username = $_POST['username']; $email = $_POST['email']; $password = $_POST['new_password']; $cpassword = $_POST['conf_password']; $hashed_password = $user['hashed_password']; $rank = $user['rank']; if (isset($_POST['rank']) && $_POST['rank'] != '') { $rank = $_POST['rank']; } if ($password != "" && $cpassword != "" && $password == $cpassword) { $hashed_password = md5($password); } $sql = "UPDATE users SET first_name = '{$first_name}', last_name = '{$last_name}', username = '******', email = '{$email}', hashed_password = '******', rank = '{$rank}' WHERE id = '{$user['id']}' LIMIT 1"; if ($result = mysqli_query($connection, $sql)) {
<?php /** * * BEER * * styledef.php * * Copyright: Vamdrup IT * Author: RedFox Software * Oprettet: 2012 * **/ $selfparts = mbsplit('/', $_SERVER['PHP_SELF']); $file = preg_replace('\\\\', '/', __FILE__); $fileparts = mbsplit('/', $file); if ($selfparts[count($selfparts) - 1] == $fileparts[count($fileparts) - 1]) { header('location:/'); exit; } $kategori_id = isset($_REQUEST['k']) ? $_REQUEST['k'] : ''; $conn = DBH::opretForbindelse(); if ($kategori_id !== "") { $query = <<<query SELECT *, stilart_definition.navn AS stil_navn FROM stilart_definition INNER JOIN stilart_kategori ON stilart_kategori.kid = stilart_definition.kategori WHERE stilart_definition.id = '{$kategori_id}' query;
/** * Validate a model * * This method accepts a request model, and validates. * The values of $parameters array might be changed due to type casting. * @param array $parameters Request parameters * @param array $model Model used for the validation * @return boolean * @throws \Exception * @throws IncorrectParameters If any field is incorrect * @throws MissingParameters If any required field is missing */ public static function model(&$parameters, $model) { //holds incorrect fields $incorrect = []; //holds missing fields $missing = []; foreach ($model as $key => $value) { if (!isset($parameters[$key])) { if (is_array($value) && (isset($value[Validate::REQUIRED]) && $value[Validate::REQUIRED] || in_array(Validate::REQUIRED, $value, true) === true)) { array_push($missing, $key); } elseif (is_array($value) && array_key_exists('default', $value)) { $parameters[$key] = $value['default']; } } else { if (!is_array($value)) { $parameters[$key] = strip_tags(self::filter_STRING($parameters[$key])); continue; } $temporary_exception_description = ['type' => $value['type']]; switch ($value['type']) { case self::TYPE_INT: if (filter_var($parameters[$key], FILTER_VALIDATE_INT) === false) { $incorrect[$key] = $temporary_exception_description; } else { if (isset($value['max']) && $value['max'] !== null && $parameters[$key] > $value['max']) { $temporary_exception_description['failure'] = 'max'; $temporary_exception_description['max'] = $value['max']; $incorrect[$key] = $temporary_exception_description; } elseif (isset($value['min']) && $value['min'] !== null && $parameters[$key] < $value['min']) { $temporary_exception_description['failure'] = 'min'; $temporary_exception_description['min'] = $value['min']; $incorrect[$key] = $temporary_exception_description; } $parameters[$key] = intval($parameters[$key]); } break; case self::TYPE_UINT: case self::TYPE_UNIX_TIMESTAMP: if (!isset($value['max'])) { $value['min'] = 0; } if (filter_var($parameters[$key], FILTER_VALIDATE_INT) === false) { $incorrect[$key] = $temporary_exception_description; } else { if (isset($value['max']) && $value['max'] !== null && $parameters[$key] > $value['max']) { $temporary_exception_description['failure'] = 'max'; $temporary_exception_description['max'] = $value['max']; $incorrect[$key] = $temporary_exception_description; } elseif (isset($value['min']) && $value['min'] !== null && $parameters[$key] < $value['min']) { $temporary_exception_description['failure'] = 'min'; $temporary_exception_description['min'] = $value['min']; $incorrect[$key] = $temporary_exception_description; } $parameters[$key] = intval($parameters[$key]); } break; case self::TYPE_BOOLEAN: //try to filter as boolean $parameters[$key] = (bool) $parameters[$key]; break; case self::TYPE_DOUBLE: //Replace comma with dot $parameters[$key] = str_replace(',', '.', $parameters[$key]); if (filter_var($parameters[$key], FILTER_VALIDATE_FLOAT) === false) { $incorrect[$key] = $temporary_exception_description; } else { if (isset($value['max']) && $value['max'] !== null && $parameters[$key] > $value['max']) { $temporary_exception_description['failure'] = 'max'; $temporary_exception_description['max'] = $value['max']; $incorrect[$key] = $temporary_exception_description; } elseif (isset($value['min']) && $value['min'] !== null && $parameters[$key] < $value['min']) { $temporary_exception_description['failure'] = 'min'; $temporary_exception_description['min'] = $value['min']; $incorrect[$key] = $temporary_exception_description; } $parameters[$key] = doubleval($parameters[$key]); } break; case self::TYPE_FLOAT: //Replace comma with dot $parameters[$key] = str_replace(',', '.', $parameters[$key]); if (filter_var($parameters[$key], FILTER_VALIDATE_FLOAT, ['options' => ['decimal' => '.']]) === false) { $incorrect[$key] = $temporary_exception_description; } else { if (isset($value['max']) && $value['max'] !== null && $parameters[$key] > $value['max']) { $temporary_exception_description['failure'] = 'max'; $temporary_exception_description['max'] = $value['max']; $incorrect[$key] = $temporary_exception_description; } elseif (isset($value['min']) && $value['min'] !== null && $parameters[$key] < $value['min']) { $temporary_exception_description['failure'] = 'min'; $temporary_exception_description['min'] = $value['min']; $incorrect[$key] = $temporary_exception_description; } $parameters[$key] = floatval($parameters[$key]); } break; case self::TYPE_USERNAME: if (!preg_match(self::REGEXP_USERNAME, $parameters[$key])) { $incorrect[$key] = $temporary_exception_description; } break; case self::TYPE_PERMALINK: if (!preg_match(self::REGEXP_PERMALINK, $parameters[$key])) { $incorrect[$key] = $temporary_exception_description; } break; case self::TYPE_TOKEN: if (!preg_match(self::REGEXP_TOKEN, $parameters[$key])) { $incorrect[$key] = $temporary_exception_description; } break; case self::TYPE_COLOR: //@todo check (color_type) subtype if (!preg_match('/^#[0-9A-Fa-f]{6}|[0-9A-Fa-f]{8}$/', $parameters[$key])) { $incorrect[$key] = $temporary_exception_description; } break; case self::TYPE_EMAIL: if (empty($parameters[$key]) || filter_var($parameters[$key], FILTER_VALIDATE_EMAIL) === false) { $incorrect[$key] = $temporary_exception_description; } else { if (isset($value['max']) && $value['max'] !== null && mb_strlen($parameters[$key]) > $value['max']) { $temporary_exception_description['failure'] = 'max'; $temporary_exception_description['max'] = $value['max']; $incorrect[$key] = $temporary_exception_description; } if (isset($value['min']) && $value['min'] !== null && mb_strlen($parameters[$key]) < $value['min']) { $temporary_exception_description['failure'] = 'min'; $temporary_exception_description['min'] = $value['min']; $incorrect[$key] = $temporary_exception_description; } } break; case self::TYPE_URL: if (filter_var($parameters[$key], FILTER_VALIDATE_URL) === false) { $incorrect[$key] = $temporary_exception_description; } break; case self::TYPE_DATE: case self::TYPE_DATETIME: if (!self::sqlDate($parameters[$key])) { $incorrect[$key] = $temporary_exception_description; } break; case self::TYPE_REGEXP: if (!isset($value['regexp'])) { throw new \Exception(__('regexp_not_set_exception')); } if (!preg_match($value['regexp'], $parameters[$key])) { $incorrect[$key] = $temporary_exception_description; } break; case self::TYPE_PASSWORD: if (isset($value['max']) && $value['max'] !== null) { if (mb_strlen($parameters[$key]) > $value['max']) { $temporary_exception_description['failure'] = 'max'; $temporary_exception_description['max'] = $value['max']; $incorrect[$key] = $temporary_exception_description; } } if (isset($value['min']) && $value['min'] !== null) { if (mb_strlen($parameters[$key]) < $value['min']) { $temporary_exception_description['failure'] = 'min'; $temporary_exception_description['min'] = $value['min']; $incorrect[$key] = $temporary_exception_description; } } break; case self::TYPE_ENUM: if (!isset($value['values'])) { //Internal error ! //TODO @security throw new \Exception('Values not set'); } if (!in_array($parameters[$key], $value['values'])) { $temporary_exception_description['failure'] = 'not_allowed'; $temporary_exception_description['allowed'] = $value['values']; $incorrect[$key] = $temporary_exception_description; } break; case self::TYPE_JSON_ARRAY: $temp = []; //Force to array when is not [] if (!$parameters[$key]) { $parameters[$key] = []; } foreach ($parameters[$key] as $t) { $ob = json_decode($t, false); if ($ob === null) { $incorrect[$key] = $temporary_exception_description; } else { //Overwrite json $temp[] = $ob; } } $parameters[$key] = $temp; break; case self::TYPE_JSON: $ob = json_decode($parameters[$key], false); if ($ob === null) { $incorrect[$key] = $temporary_exception_description; } else { //Overwrite json $parameters[$key] = $ob; } break; case self::TYPE_ARRAY: //Get single value if (!is_array($parameters[$key])) { $parameters[$key] = [$parameters[$key]]; } if (isset($value['max']) && $value['max'] !== null && count($parameters[$key]) > $value['max']) { $temporary_exception_description['failure'] = 'max'; $temporary_exception_description['max'] = $value['max']; $incorrect[$key] = $temporary_exception_description; } if (isset($value['min']) && $value['min'] !== null && count($parameters[$key]) < $value['min']) { $temporary_exception_description['failure'] = 'min'; $temporary_exception_description['min'] = $value['min']; $incorrect[$key] = $temporary_exception_description; } break; case self::TYPE_ARRAY_CSV: if (!is_string($parameters[$key])) { $incorrect[$key] = $temporary_exception_description; } else { $values = mbsplit(',', $parameters[$key]); $subtype = isset($value['subtype']) ? $value['subtype'] : Validate::TYPE_TEXT; //Validate every record of this subtype foreach ($values as &$v) { //Create temporary model $m = [$key => $v]; //Validate this model Validate::model($m, [$key => ['type' => $subtype]]); //Overwrite $v $v = $m[$key]; } $parameters[$key] = $values; } break; case self::TYPE_TEXT: case self::TYPE_TEXTAREA: default: //Check if is custom_type if (isset(self::$custom_types[$value['type']])) { $callback = self::$custom_types[$value['type']]['callback']; $output; if ($callback($parameters[$key], $value, $output) === false) { //Incorrect $incorrect[$key] = $temporary_exception_description; } else { //update output $parameters[$key] = $output; } } else { if (isset($value['max']) && $value['max'] !== null) { if (mb_strlen($parameters[$key]) > $value['max']) { $temporary_exception_description['failure'] = 'max'; $temporary_exception_description['max'] = $value['max']; $incorrect[$key] = $temporary_exception_description; } } if (isset($value['min']) && $value['min'] !== null) { if (mb_strlen($parameters[$key]) < $value['min']) { $temporary_exception_description['failure'] = 'min'; $temporary_exception_description['min'] = $value['min']; $incorrect[$key] = $temporary_exception_description; } } //Ignore sting filtering only if raw flag is set if (!in_array('raw', $value)) { $parameters[$key] = strip_tags(filter_var($parameters[$key], FILTER_SANITIZE_STRING)); } } } } } if ($incorrect) { throw new IncorrectParametersException($incorrect); } elseif ($missing) { throw new MissingParametersException($missing); } return true; }