function lista($user) { global $dateformat; $user = protect($user); requirelogin(); $title = "Mensagens de {$user}"; include "libs/accounts.php"; // listar todas as mensagens de $user onde hidden = 'n' (para outro user ver) $output = menu($user) . url("message/send/{$user}", "[enviar mensagem]") . "<br>\n"; $usr = resolveuser($user); $qry = mysql_query("SELECT `from`,`content`,`data` FROM messages WHERE `to`='{$usr}' AND `hidden`='n' ORDER BY id DESC LIMIT 30"); if (mysql_numrows($qry) == 0) { $output .= 'Nenhuma mensagem!'; } else { while ($row = mysql_fetch_array($qry)) { $user = mysql_query("SELECT login,foto FROM accounts WHERE id='{$row['from']}'"); $user = mysql_fetch_array($user); $output .= '<p class="row">' . t("De") . ': ' . url("user/profile/{$user['login']}", $user['login']) . '<br/>'; $output .= '<blockquote> ' . bbcode($row['content']) . ' </blockquote> <hr size="1"><i>' . date($dateformat, $row['data']) . '</i> </p>'; } } section($output, $title); }
public function register(Container $c) { $c['database.manager'] = protect(new Capsule()); $capsule = $c['database.manager']; // Extract database settings from dsn if (!isset($_ENV['DATABASE_URL'])) { throw new Exception('You must provide a database DSN in the DATABASE_URL environment variable'); } $db = array('charset' => 'utf8', 'collation' => 'utf8_general_ci', 'prefix' => ''); $db = array_merge($db, parse_url($_ENV['DATABASE_URL'])); $db['driver'] = $db['scheme'] == 'postgres' ? 'pgsql' : $db['scheme']; $db['database'] = trim($db['path'], '/'); $db['username'] = isset($db['user']) ? $db['user'] : ''; $db['password'] = isset($db['pass']) ? $db['pass'] : ''; $capsule->addConnection($db); $capsule->setAsGlobal(); // Set the event dispatcher used by Eloquent models $capsule->setEventDispatcher(new IDispatcher(new IContainer())); // Set the cache manager instance used by connections... (optional) // No need for that now, let's keep it minimal //$capsule->setCacheManager(...); $capsule->bootEloquent(); $c['db'] = function ($c) { return $c['database.manager']->getDatabaseManager(); }; \Illuminate\Support\Facades\Schema::setFacadeApplication($c); }
function nvweb_plugins_load() { // load all webget plugins and exclude the DISABLED global $plugins; global $DB; global $website; $plugin_list = glob(NAVIGATE_PATH . '/plugins/*', GLOB_ONLYDIR); $plugins = array(); if (is_array($plugin_list)) { // read the database to find the disabled plugins $DB->query('SELECT extension, enabled FROM nv_extensions WHERE website = ' . protect($website->id) . ' AND enabled = 0'); $plugins_disabled = $DB->result('extension'); foreach ($plugin_list as $plugin_path) { $plugin_name = basename($plugin_path); if (in_array($plugin_name, $plugins_disabled)) { continue; } if (file_exists($plugin_path . '/' . $plugin_name . '.php')) { @(include_once $plugin_path . '/' . $plugin_name . '.php'); } $plugins[] = $plugin_name; } } }
function nvweb_votes($vars = array()) { global $website; global $DB; global $current; global $webuser; switch ($vars['mode']) { case 'score': $out = nvweb_votes_calc($current['object'], $vars['round'], $vars['half'], $vars['min'], $vars['max']); break; case 'votes': $out = $current['object']->votes; break; case 'webuser': $score = NULL; if (!empty($webuser->id)) { $score = $DB->query_single('value', 'nv_webuser_votes', ' website = ' . protect($website->id) . ' AND webuser = '******' AND object = ' . protect($current['type']) . ' AND object_id = ' . protect($current['id'])); } $out = empty($score) ? '0' : $score; break; } return $out; }
function del($id) { onlyadmin(); $id = protect($id); mysql_query("DELETE FROM shoutbox WHERE `id`='{$id}'"); redir("shoutbox"); }
public function testProtect() { $uniqueVar = '987654'; $protectedValue = protect($uniqueVar); $this->assertTrue(is_callable($protectedValue)); $this->assertEquals($uniqueVar, $protectedValue()); }
protected function setUpContainer() { $this->container = new Container(); $this->container['app'] = protect($this); $this->container['request'] = protect(new Request()); $this->container['response'] = protect(new FakeResponseThatDoesNothing()); }
function deleteroom($id) { onlyadmin(); $id = protect($id); mysql_query("DELETE FROM chat_rooms WHERE `id`='{$id}'"); mysql_query("DELETE FROM chat WHERE `room`='{$id}'"); redir("chat/admin"); }
function remove($id) { requirelogin(); $id = protect($id); $owner = $_SESSION['id']; mysql_query("DELETE FROM videos WHERE `id`='{$id}' AND `owner`='{$owner}'"); infobox("Vídeo excluído com sucesso!"); }
function resolvegroup($group) { $group = protect($group); $qry = mysql_query("SELECT * FROM groups WHERE `url`='{$group}'"); if (mysql_numrows($qry) != 0) { return mysql_fetch_array($qry); } else { infobox(t("Grupo inexistente."), true, true); } }
function __construct() { /* Prevent guests if the admin hasn't enabled public profiles. */ if (!parent::getOption('profile-public-enable')) { protect('*'); } /* If the admin requires users to update their password. */ if (!empty($_SESSION['jigowatt']['forcePwUpdate'])) { $msg = "<div class='alert alert-warning'>" . _('<strong>Alert</strong>: The administrator has requested all users to update their passwords.') . "</div>"; } // Save the username $this->username = !empty($_SESSION['jigowatt']['username']) ? $_SESSION['jigowatt']['username'] : _('Guest'); $this->use_emails = parent::getOption('email-as-username-enable'); $this->username_type = $this->use_emails ? 'email' : 'username'; /* Check if the user is a guest to this profile. */ $this->determineGuest(); // Upload avatar if (!empty($_FILES['uploadAvatar'])) { $k = getimagesize($_FILES['uploadAvatar']['tmp_name']); if (empty($k)) { $this->error = sprintf('<div class="alert alert-warning">%s</div>', _('Sorry, that file is not accepted.')); } else { $uploaddir = dirname(dirname(__FILE__)) . '/assets/uploads/avatar/'; $uploadfile = $uploaddir . md5($_SESSION['jigowatt']['user_id'] . $_SESSION['jigowatt']['email']) . '.' . pathinfo($_FILES['uploadAvatar']['name'], PATHINFO_EXTENSION); if (move_uploaded_file($_FILES['uploadAvatar']['tmp_name'], $uploadfile)) { $this->error = sprintf('<div class="alert alert-success">%s</div>', _('Avatar change success!')); $_SESSION['jigowatt']['gravatar'] = parent::get_gravatar($_SESSION['jigowatt']['email'], true, 26); } else { $this->error = sprintf('<div class="alert alert-warning">%s</div>', _('Sorry, that file is not accepted.')); } } } if (!$this->guest && !empty($_POST)) { $this->retrieveFields(); foreach ($_POST as $field => $value) { $this->settings[$field] = parent::secure($value); } // Validate fields $this->validate(); // Process form if (empty($this->error)) { $this->process(); } } $this->retrieveFields(); if (!$this->guest && isset($_GET['key']) && strlen($_GET['key']) == 32) { $this->key = parent::secure($_GET['key']); $this->updateEmailorPw(); $this->retrieveFields(); } if (!empty($this->error) || !empty($msg)) { parent::displayMessage(!empty($this->error) ? $this->error : (!empty($msg) ? $msg : ''), false); } }
function remove($fid) { requirelogin(); $id = protect($fid); if (is_admin()) { mysql_query("DELETE FROM notes WHERE `id`='{$id}'"); } else { $account = $_SESSION['id']; mysql_query("DELETE FROM notes WHERE `account`='{$account}' AND `id`='{$id}'"); } redir("dashboard"); }
function youtube($videourl) { $ret = array(); $video = explode("=", $videourl); $video = $video[1]; $video = explode("&", $video); $video = $video[0]; $video = str_replace("?v=", null, $video); $ret['code'] = '<object width="320" height="180"><param name="movie" value="http://www.youtube.com/v/' . $video . '&hl=pt_BR&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/' . $video . '&hl=pt_BR&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="320" height="180"></embed></object>'; $meta = get_meta_tags($videourl); $ret['title'] = protect($meta['title']); $ret['desc'] = protect($meta['description']); return $ret; }
function view($id) { global $site_id, $site, $url, $home; $id = protect($id); // não requer login (ou softwares não funcionarão) // id = md5 ( user_id . site_id ) $qry = mysql_query("SELECT * FROM accounts"); while ($row = mysql_fetch_array($qry)) { if (md5($row['id'] . $site_id) === $id) { $user = $row['id']; $usr_login = $row['login']; //break; } } if ($user) { echo '<?xml version="1.0"?> <rss version="2.0"> <channel> <title>' . $site['site_name'] . '</title> <link>' . $url . '</link> <description>' . t("Notificações de") . ' ' . $usr_login . '</description> '; $friends = mysql_query("SELECT `id1` FROM friends WHERE `id2`='{$user}'"); if (mysql_numrows($friends) != 0) { while ($f = mysql_fetch_array($friends)) { $receive[] = $f['id1']; } } if (sizeof($receive) != 0) { $receive = implode(",", $receive); $qry = mysql_query("SELECT a.login AS login, n.content AS content, n.account AS id, n.id AS fid FROM notes n LEFT JOIN accounts a ON n.account=a.id WHERE n.account IN ({$receive}) ORDER BY n.id DESC LIMIT 30"); if (mysql_numrows($qry) != 0) { while ($row = mysql_fetch_array($qry)) { echo '<item> <title>' . $row['login'] . '</title> <link>' . $home . 'user/profile/' . $row['login'] . '</link> <description>' . $row['content'] . '</description> </item>'; } } } echo '</channel> </rss>'; } die; // para não exibir front-end }
/** * Load the translations dictionary of the Navigate CMS interface * * @param string $code Language code (2 letters) */ public function load($code = 'en') { global $DB; $DB->query('SELECT * FROM nv_languages WHERE code = ' . protect($code)); $data = $DB->first(); $this->id = $data->id; $this->code = $data->code; $this->name = $data->name; $this->file = $data->nv_dictionary; $this->lang = array(); $xliff = simplexml_load_file(NAVIGATE_PATH . '/' . $this->file); if (empty($xliff)) { // just use the default language (English) return; } foreach ($xliff->file[0]->body[0]->{"trans-unit"} as $unit) { $lid = intval($unit->attributes()->id); $this->lang[$lid] = (string) $unit->target; $this->lang[$lid] = str_replace("\n", "", $this->lang[$lid]); } }
function post() { global $url; requirelogin(); $me = $_SESSION['id']; $query = substr(protect($_POST['query']), 0, 16); if (strlen($query) < 3) { # isso não é um coração... infobox(t("Termos de busca muito pequenos.", true, true)); } if ($_POST['usuarios']) { $qry = mysql_query("SELECT `foto`,`login` FROM accounts WHERE `login` LIKE '%{$query}%' OR `nome` LIKE '%{$query}%'"); if (mysql_numrows($qry) == 0) { $usuarios = t("Nenhum resultado!"); } else { $usuarios = null; while ($row = mysql_fetch_array($qry)) { $usuarios .= "\n" . '<p><div class="row"> <img src="' . $url . '/upload/' . thumb($row['foto']) . '"><br> ' . url("user/profile/{$row['login']}", $row['login']) . ' </div></p>'; } } section($usuarios, t("Buscando usuários.")); } if ($_POST['grupos']) { $qry = mysql_query("SELECT `title`,`url` FROM groups WHERE `title` LIKE '%{$query}%' OR `desc` LIKE '%{$query}%'"); if (mysql_numrows($qry) == 0) { $grupos = t("Nenhum resultado!"); } else { $grupos = null; while ($row = mysql_fetch_array($qry)) { $grupos .= "\n" . '<p><div class="row"> ' . url("groups/view/{$row['url']}", $row['title']) . ' </div></p>'; } } section($grupos, t("Buscando grupos.")); } }
function __construct() { /* Prevent guests if the admin hasn't enabled public profiles. */ if (!parent::getOption('profile-public-enable')) { protect('*'); } /* If the admin requires users to update their password. */ if (!empty($_SESSION['jigowatt']['forcePwUpdate'])) { $msg = "<div class='alert alert-warning'>" . _('<strong>Alert</strong>: The administrator has requested all users to update their passwords.') . "</div>"; } // Save the username $this->username = !empty($_SESSION['jigowatt']['username']) ? $_SESSION['jigowatt']['username'] : _('Guest'); $this->use_emails = parent::getOption('email-as-username-enable'); $this->username_type = $this->use_emails ? 'email' : 'username'; /* Check if the user is a guest to this profile. */ $this->determineGuest(); if (!$this->guest && !empty($_POST)) { $this->retrieveFields(); foreach ($_POST as $field => $value) { $this->settings[$field] = parent::secure($value); } // Validate fields $this->validate(); // Process form if (empty($this->error)) { $this->process(); } } $this->retrieveFields(); if (!$this->guest && isset($_GET['key']) && strlen($_GET['key']) == 32) { $this->key = parent::secure($_GET['key']); $this->updateEmailorPw(); $this->retrieveFields(); } if (!empty($this->error) || !empty($msg)) { parent::displayMessage(!empty($this->error) ? $this->error : (!empty($msg) ? $msg : ''), false); } }
$unit['farmer'] += $farmer; $unit['warrior'] += $warrior; $unit['defender'] += $defender; $unit['wizard'] += $wizard; $update_unit = mysql_query("UPDATE `unit` SET \n `merchant`='" . $unit['merchant'] . "',\n `farmer`='" . $unit['farmer'] . "',\n `warrior`='" . $unit['warrior'] . "',\n `defender`='" . $unit['defender'] . "',\n `wizard`='" . $unit['wizard'] . "'\n WHERE `id`='" . $_SESSION['uid'] . "'") or die(mysql_error()); $stats['food'] -= $food_needed; $update_food = mysql_query("UPDATE `stats` SET `food`='" . $stats['food'] . "' \n WHERE `id`='" . $_SESSION['uid'] . "'") or die(mysql_error()); include "update_stats.php"; output("You have trained your units!"); } } elseif (isset($_POST['untrain'])) { $merchant = protect($_POST['merchant']); $farmer = protect($_POST['farmer']); $warrior = protect($_POST['warrior']); $defender = protect($_POST['defender']); $wizard = protect($_POST['wizard']); $food_gained = 8 * $merchant + 8 * $farmer + 8 * $warrior + 8 * $defender + 8 * $wizard; if ($merchant < 0 || $farmer < 0 || $warrior < 0 || $defender < 0 || $wizard < 0) { output("You must untrain a positive number of units!"); } elseif ($merchant > $unit['merchant'] || $farmer > $unit['farmer'] || $warrior > $unit['warrior'] || $defender > $unit['defender'] || $wizard > $unit['wizard']) { output("You do not have that many units to untrain!"); } else { $unit['merchant'] -= $merchant; $unit['farmer'] -= $farmer; $unit['warrior'] -= $warrior; $unit['defender'] -= $defender; $unit['wizard'] -= $wizard; $update_unit = mysql_query("UPDATE `unit` SET \n `merchant`='" . $unit['merchant'] . "',\n `farmer`='" . $unit['farmer'] . "',\n `warrior`='" . $unit['warrior'] . "',\n `defender`='" . $unit['defender'] . "',\n `wizard`='" . $unit['wizard'] . "' \n WHERE `id`='" . $_SESSION['uid'] . "'") or die(mysql_error()); $stats['food'] += $food_gained; $update_food = mysql_query("UPDATE `stats` SET `food`='" . $stats['food'] . "' \n WHERE `id`='" . $_SESSION['uid'] . "'") or die(mysql_error()); include "update_stats.php";
<?php include_once dirname(dirname(__FILE__)) . '/classes/check.class.php'; protect("1"); if (empty($_POST)) { include_once 'header.php'; } include_once 'classes/settings.class.php'; ?> <div id="message"></div> <div class="tabbable tabs-left"> <ul class="nav nav-tabs"> <li><a href="#general-options" data-toggle="tab"><i class="glyphicon glyphicon-cog"></i> <?php _e('General'); ?> </a></li> <li><a href="#denied" data-toggle="tab"><i class="glyphicon glyphicon-exclamation-sign"></i> <?php _e('Denied'); ?> </a></li> <li class="dropdown"> <a href="#" class="dropdown-toggle" data-toggle="dropdown"><i class="glyphicon glyphicon-envelope"></i> <?php _e('Emails'); ?> <b class="caret"></b></a> <ul class="dropdown-menu"> <li><a href="#emails-welcome" data-toggle="tab"><?php _e('Welcome');
<?php include 'header.php'; include 'safe.php'; if (isset($_SESSION['uid'])) { if (isset($_POST['addNews'])) { $title = protect($_POST['title']); $text = protect($_POST['text']); $author = protect($_POST['author']); $data = date("Y-m-d"); $czas = date("H:i"); //$author = $datas['username']; if ($title == "" || $text == "") { echo "Wypełnij wszystkie pola!"; } elseif (strlen($title) > 64) { echo "Tytuł nie może mieć więcej niż 64 znaków!"; } else { $insert = mysql_query("INSERT INTO `cms_news` (`title`,`text`,`date`, `time`, `author`) VALUES ('{$title}','{$text}', '{$data}', '{$czas}', '{$author}')") or die(mysql_error()); echo '</br><span class="label label-success">Pomyślnie dodano news: ' . $title . '</span>'; } } ?> <form action="addNews.php" method="POST"> <h1>Dodawanie newsa</h1></br> <div class="form-group"> <label for="author">Autor</label> <?php
public function quicksearch($text) { $like = ' LIKE ' . protect('%' . $text . '%'); $cols[] = 'id' . $like; $cols[] = 'name' . $like; $cols[] = 'domain' . $like; $cols[] = 'subdomain' . $like; $where = ' AND ( '; $where .= implode(' OR ', $cols); $where .= ')'; return $where; }
$node->field_heart_problems['und'][0]['value'] = protect($heart); // Stomach bowel problems $node->field_stomach_bowel_problems['und'][0]['value'] = protect($stomach); // Suffer from mirgraines $node->field_suffer_from_migraines['und'][0]['value'] = protect($migraines); // Urinary kidney problems $node->field_urinary_kidney_problems['und'][0]['value'] = protect($urinary); // Nervous system problems $node->field_nervous_system_problems['und'][0]['value'] = protect($nervous); // Muscle bone joint problems $node->field_muscles_bone_joint_problem['und'][0]['value'] = protect($muscle); // Eye problems $node->field_eye_problems['und'][0]['value'] = protect($eye); // Ear throat nose problems $node->field_ear_throat_nose_problems['und'][0]['value'] = protect($ear); // Tropical diseases $node->field_tropical_diseases['und'][0]['value'] = protect($tropical); // Any other problems $node->field_any_other_problems['und'][0]['value'] = protect($otherproblems); // Problem details $node->field_problem_details['und'][0]['value'] = protect($medicalMore); // End of fields # $node->field_test['und'][0]['value'] = $ethnicorigin; // I prefer using pathauto, which would override the below path $path = 'node_created_on' . date('YmdHis'); $node->path = array('alias' => $path); if ($node = node_submit($node)) { // Prepare node for saving node_save($node); echo "Node with nid " . $node->nid . " saved!\n"; }
$first = false; } else { echo ","; } $suggestions = $spellcheckObject->Suggestions($word); $strsuggestions = "["; for ($i = 0; $i < count($suggestions); $i++) { if ($i > 0) { $strsuggestions .= ","; } //$i > 0 $strsuggestions .= '"' . protect($suggestions[$i]) . '"'; } //$i = 0; $i < count($suggestions) && $i < MAX_SUGGESTIONS; $i++ $strsuggestions .= "]"; $word = protect($word); echo "\"{$word}\":{$strsuggestions}"; } //!$spellcheckObject->SpellCheckWord($word) } //$post->params->words as $word echo '}}'; } //$post->method == 'spellcheck' if ($post->method == 'listdicts') { echo '{"id":"' . $post->id . '","result": {'; $dictionaries = $spellcheckObject->ListDictionaries(); echo '"dicts": ["' . implode('","', $dictionaries) . '"]'; echo '}'; echo '}'; }
<?php session_start(); include '../functions/tools.php'; include '../config/db.php'; $table = protect($_GET['table']); // Test qu'aucun des champs n'est vide, sinon redirige vers le formulaire foreach ($_POST as $key => $element) { if (empty($_POST[$key])) { print_r($_POST[$key]); //header('location: ../?page=formAdd&table='.$table); } else { ${$key} = $element; } } //---------------------------------ajouter un voyage-------------------------------------// if ($table == 'voyage') { try { //----------upload des 2 images--------------- $uploads_directory = '../images/'; $tmp_file = $_FILES['banniere']['tmp_name']; if (is_uploaded_file($tmp_file)) { $type_file = $_FILES['banniere']['type']; if (strstr($type_file, 'jpg') or strstr($type_file, 'jpeg') or strstr($type_file, 'png') or strstr($type_file, 'gif')) { $basefilename = $_FILES['banniere']['name']; $searchinfilename = array('@[éèêëÊË]@i', '@[àâäÂÄ]@i', '@[îïÎÏ]@i', '@[ûùüÛÜ]@i', '@[ôöÔÖ]@i', '@[ç]@i', '@[ ]@i', '@[^a-zA-Z0-9_.]@'); $replaceinfilename = array('e', 'a', 'i', 'u', 'o', 'c', '_', ''); $finalfilename1 = uniqid() . '-' . preg_replace($searchinfilename, $replaceinfilename, $basefilename); if (!move_uploaded_file($tmp_file, $uploads_directory . $finalfilename1)) { die('Impossible de copier le fichier dans ' . $uploads_directory); }
function nvweb_menu_load_structure($parent = 0) { global $DB; global $structure; global $website; if (!isset($structure['cat-' . $parent])) { $structure['cat-' . $parent] = array(); $DB->query('SELECT * FROM nv_structure WHERE parent = ' . protect($parent) . ' AND website = ' . $website->id . ' ORDER BY position ASC'); $structure['cat-' . $parent] = $DB->result(); // parse some result values foreach ($structure['cat-' . $parent] as $key => $value) { $value->groups = str_replace('g', '', $value->groups); $value->groups = array_filter(explode(',', $value->groups)); $structure[$key] = clone $value; } } }
<?php /*faz proteção para quem não ta logado*/ include_once "protect.php"; protect(); if (adminlogado()) { $conta = "Admin"; } else { $conta = "Leitor"; } /*carrega informações do usuario no banco*/ $login = $_SESSION['user']; include "config/conexao.php"; $consulta = "SELECT * FROM user where id = '{$login}'"; $con = $mysqli->query($consulta) or die($mysqli->error); $con = $con->fetch_assoc(); unset($con['senha']); ?> <!doctype html> <html lnag"pt-br"> <head> <title>comicbooks | User</title> <meta charset = "utf-8"/> <link rel="stylesheet" type="text/css" href="css/style.css"/> </head> <body> <div id="main"> <?php include_once "conteudo/header.php"; ?>
<?php global $CFG; // ELGG recent activity page // Run includes require_once dirname(dirname(__FILE__)) . "/../includes.php"; // Initialise functions for user details, icon management and profile management run("profile:init"); // Whose friends are we looking at? global $page_owner; // Weblog context define("context", "weblog"); // You must be logged on to view this! protect(1); templates_page_setup(); cleanup_messages(time() - 86400 * 30); $title = run("profile:display:name") . " :: " . __gettext("Recent activity"); // If we haven't specified a start time, start time = 1 day ago $starttime = optional_param('starttime', time() - 86400, PARAM_INT); $body = "<p>" . __gettext("Currently viewing recent activity since ") . gmstrftime("%B %d, %Y", $starttime) . ".</p>"; $body .= "<p>" . __gettext("You may view recent activity during the following time-frames:") . "</p>"; $body .= "<ul><li><a href=\"index.php?starttime=" . (time() - 86400) . "\">" . __gettext("The last 24 hours") . "</a></li>"; $body .= "<li><a href=\"index.php?starttime=" . (time() - 86400 * 2) . "\">" . __gettext("The last 48 hours") . "</a></li>"; $body .= "<li><a href=\"index.php?starttime=" . (time() - 86400 * 7) . "\">" . __gettext("The last week") . "</a></li>"; $body .= "<li><a href=\"index.php?starttime=" . (time() - 86400 * 30) . "\">" . __gettext("The last month") . "</a></li></ul>"; $body .= "<h2>" . __gettext("Your recent messages") . "</h2>"; $user_messages = get_messages($page_owner, null, time() - $starttime); if (is_array($user_messages) && !empty($user_messages)) { foreach ($user_messages as $user_message) { $body .= "<div class=\"user_message\">" . display_message($user_message) . "</div>"; }
function nvweb_contact_generate($fields) { global $website; global $DB; $out = array(); // default colors $background_color = '#E5F1FF'; $text_color = '#595959'; $title_color = '#595959'; $background_color_db = $DB->query_single('value', 'nv_permissions', 'name = ' . protect("nvweb.contact.background_color") . ' AND website = ' . protect($website->id), 'id DESC'); $text_color_db = $DB->query_single('value', 'nv_permissions', 'name = ' . protect("nvweb.contact.text_color") . ' AND website = ' . protect($website->id), 'id DESC'); $title_color_db = $DB->query_single('value', 'nv_permissions', 'name = ' . protect("nvweb.contact.titles_color") . ' AND website = ' . protect($website->id), 'id DESC'); if (!empty($background_color_db)) { $background_color = str_replace('"', '', $background_color_db); } if (!empty($text_color_db)) { $text_color = str_replace('"', '', $text_color_db); } if (!empty($title_color_db)) { $title_color = str_replace('"', '', $title_color_db); } $out[] = '<div style=" background: ' . $background_color . '; width: 600px; border-radius: 6px; margin: 10px auto; padding: 1px 20px 20px 20px;">'; if (is_array($fields)) { foreach ($fields as $field => $label) { $field = trim($field); // remove unwanted spaces if (substr($field, -2, 2) == '[]') { $field = substr($field, 0, -2); } if (is_array($_REQUEST[$field])) { $value = print_r($_REQUEST[$field], true); $value = str_replace("Array\n", '', $value); $value = nl2br($value); } else { $value = nl2br($_REQUEST[$field]); } if (empty($value) && isset($_FILES[$field])) { $value = $_FILES[$field]['name']; } $out[] = '<div style="margin: 25px 0px 10px 0px;">'; $out[] = ' <div style="color: ' . $title_color . '; font-size: 17px; font-weight: bold; font-family: Verdana;">' . $label . '</div>'; $out[] = '</div>'; $out[] = '<div style=" background: #fff; border-radius: 6px; padding: 10px; margin-top: 5px; line-height: 25px; text-align: justify; ">'; $out[] = ' <div class="text" style="color: ' . $text_color . '; font-size: 16px; font-style: italic; font-family: Verdana;">' . $value . '</div>'; $out[] = '</div>'; } } else { $out[] = $fields; } $out[] = '</div>'; return implode("\n", $out); }
<form action="/test/protect.php" method="get"> <h1>Protection Function Test</h1> <input type="text" name="protect" value=""><br /> <input type="text" name="unprotected" value=""/><br /> <input type="submit" name="test" value="Test"/> </form> <?php //protection function function protect($string) { $string = mysql_real_escape_string(trim(strip_tags(addslashes($string)))); return $string; } //on submission if (!empty($_GET['protect'])) { $protected = protect($_GET['protect']); echo 'Input 1: <input type="text" value="' . protect($_GET['protect']) . '"/><br />'; echo 'Input 2: ' . $_GET['unprotected'] . '<br />'; } ?>
//include out functions file giving us access to the protect() function made earlier include "./functions.php"; ?> <html> <head> <title>Forogt Password</title> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <?php $error = 'Forgot Something?'; //Check to see if the forms submitted if ($_POST['submit']) { //if it is continue checks //store the posted email to variable after protection $email = protect($_POST['email']); //check if the email box was not filled in if (!$email) { //if it wasn't display error message $error = "<span class='error'>Information</span> missing."; } else { //else continue checking //set the format to check the email against $checkemail = "/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\\.-][a-z0-9]+)*)+\\.[a-z]{2,}\$/i"; //check if the email doesnt match the required format if (!preg_match($checkemail, $email)) { //if not then display error message $error = "Invalid <span class='error'>email</span>."; } else { //otherwise continue checking //select all rows from the database where the emails match