function lista($user)
{
global $dateformat;
$user = protect($user);
requirelogin();
$title = "Mensagens de {$user}";
include "libs/accounts.php";
// listar todas as mensagens de $user onde hidden = 'n' (para outro user ver)
$output = menu($user) . url("message/send/{$user}", "[enviar mensagem]") . "<br>\n";
$usr = resolveuser($user);
$qry = mysql_query("SELECT `from`,`content`,`data` FROM messages WHERE `to`='{$usr}' AND `hidden`='n' ORDER BY id DESC LIMIT 30");
if (mysql_numrows($qry) == 0) {
$output .= 'Nenhuma mensagem!';
} else {
while ($row = mysql_fetch_array($qry)) {
$user = mysql_query("SELECT login,foto FROM accounts WHERE id='{$row['from']}'");
$user = mysql_fetch_array($user);
$output .= '<p class="row">' . t("De") . ': ' . url("user/profile/{$user['login']}", $user['login']) . '<br/>';
$output .= '<blockquote>
' . bbcode($row['content']) . '
</blockquote>
<hr size="1"><i>' . date($dateformat, $row['data']) . '</i>
</p>';
}
}
section($output, $title);
}
public function register(Container $c)
{
$c['database.manager'] = protect(new Capsule());
$capsule = $c['database.manager'];
// Extract database settings from dsn
if (!isset($_ENV['DATABASE_URL'])) {
throw new Exception('You must provide a database DSN in the DATABASE_URL environment variable');
}
$db = array('charset' => 'utf8', 'collation' => 'utf8_general_ci', 'prefix' => '');
$db = array_merge($db, parse_url($_ENV['DATABASE_URL']));
$db['driver'] = $db['scheme'] == 'postgres' ? 'pgsql' : $db['scheme'];
$db['database'] = trim($db['path'], '/');
$db['username'] = isset($db['user']) ? $db['user'] : '';
$db['password'] = isset($db['pass']) ? $db['pass'] : '';
$capsule->addConnection($db);
$capsule->setAsGlobal();
// Set the event dispatcher used by Eloquent models
$capsule->setEventDispatcher(new IDispatcher(new IContainer()));
// Set the cache manager instance used by connections... (optional)
// No need for that now, let's keep it minimal
//$capsule->setCacheManager(...);
$capsule->bootEloquent();
$c['db'] = function ($c) {
return $c['database.manager']->getDatabaseManager();
};
\Illuminate\Support\Facades\Schema::setFacadeApplication($c);
}
function nvweb_plugins_load()
{
// load all webget plugins and exclude the DISABLED
global $plugins;
global $DB;
global $website;
$plugin_list = glob(NAVIGATE_PATH . '/plugins/*', GLOB_ONLYDIR);
$plugins = array();
if (is_array($plugin_list)) {
// read the database to find the disabled plugins
$DB->query('SELECT extension, enabled
FROM nv_extensions
WHERE website = ' . protect($website->id) . '
AND enabled = 0');
$plugins_disabled = $DB->result('extension');
foreach ($plugin_list as $plugin_path) {
$plugin_name = basename($plugin_path);
if (in_array($plugin_name, $plugins_disabled)) {
continue;
}
if (file_exists($plugin_path . '/' . $plugin_name . '.php')) {
@(include_once $plugin_path . '/' . $plugin_name . '.php');
}
$plugins[] = $plugin_name;
}
}
}
function nvweb_votes($vars = array())
{
global $website;
global $DB;
global $current;
global $webuser;
switch ($vars['mode']) {
case 'score':
$out = nvweb_votes_calc($current['object'], $vars['round'], $vars['half'], $vars['min'], $vars['max']);
break;
case 'votes':
$out = $current['object']->votes;
break;
case 'webuser':
$score = NULL;
if (!empty($webuser->id)) {
$score = $DB->query_single('value', 'nv_webuser_votes', ' website = ' . protect($website->id) . '
AND webuser = '******'
AND object = ' . protect($current['type']) . '
AND object_id = ' . protect($current['id']));
}
$out = empty($score) ? '0' : $score;
break;
}
return $out;
}
function del($id)
{
onlyadmin();
$id = protect($id);
mysql_query("DELETE FROM shoutbox WHERE `id`='{$id}'");
redir("shoutbox");
}
public function testProtect()
{
$uniqueVar = '987654';
$protectedValue = protect($uniqueVar);
$this->assertTrue(is_callable($protectedValue));
$this->assertEquals($uniqueVar, $protectedValue());
}
protected function setUpContainer()
{
$this->container = new Container();
$this->container['app'] = protect($this);
$this->container['request'] = protect(new Request());
$this->container['response'] = protect(new FakeResponseThatDoesNothing());
}
function deleteroom($id)
{
onlyadmin();
$id = protect($id);
mysql_query("DELETE FROM chat_rooms WHERE `id`='{$id}'");
mysql_query("DELETE FROM chat WHERE `room`='{$id}'");
redir("chat/admin");
}
function remove($id)
{
requirelogin();
$id = protect($id);
$owner = $_SESSION['id'];
mysql_query("DELETE FROM videos WHERE `id`='{$id}' AND `owner`='{$owner}'");
infobox("Vídeo excluído com sucesso!");
}
function resolvegroup($group)
{
$group = protect($group);
$qry = mysql_query("SELECT * FROM groups WHERE `url`='{$group}'");
if (mysql_numrows($qry) != 0) {
return mysql_fetch_array($qry);
} else {
infobox(t("Grupo inexistente."), true, true);
}
}
function __construct()
{
/* Prevent guests if the admin hasn't enabled public profiles. */
if (!parent::getOption('profile-public-enable')) {
protect('*');
}
/* If the admin requires users to update their password. */
if (!empty($_SESSION['jigowatt']['forcePwUpdate'])) {
$msg = "<div class='alert alert-warning'>" . _('<strong>Alert</strong>: The administrator has requested all users to update their passwords.') . "</div>";
}
// Save the username
$this->username = !empty($_SESSION['jigowatt']['username']) ? $_SESSION['jigowatt']['username'] : _('Guest');
$this->use_emails = parent::getOption('email-as-username-enable');
$this->username_type = $this->use_emails ? 'email' : 'username';
/* Check if the user is a guest to this profile. */
$this->determineGuest();
// Upload avatar
if (!empty($_FILES['uploadAvatar'])) {
$k = getimagesize($_FILES['uploadAvatar']['tmp_name']);
if (empty($k)) {
$this->error = sprintf('<div class="alert alert-warning">%s</div>', _('Sorry, that file is not accepted.'));
} else {
$uploaddir = dirname(dirname(__FILE__)) . '/assets/uploads/avatar/';
$uploadfile = $uploaddir . md5($_SESSION['jigowatt']['user_id'] . $_SESSION['jigowatt']['email']) . '.' . pathinfo($_FILES['uploadAvatar']['name'], PATHINFO_EXTENSION);
if (move_uploaded_file($_FILES['uploadAvatar']['tmp_name'], $uploadfile)) {
$this->error = sprintf('<div class="alert alert-success">%s</div>', _('Avatar change success!'));
$_SESSION['jigowatt']['gravatar'] = parent::get_gravatar($_SESSION['jigowatt']['email'], true, 26);
} else {
$this->error = sprintf('<div class="alert alert-warning">%s</div>', _('Sorry, that file is not accepted.'));
}
}
}
if (!$this->guest && !empty($_POST)) {
$this->retrieveFields();
foreach ($_POST as $field => $value) {
$this->settings[$field] = parent::secure($value);
}
// Validate fields
$this->validate();
// Process form
if (empty($this->error)) {
$this->process();
}
}
$this->retrieveFields();
if (!$this->guest && isset($_GET['key']) && strlen($_GET['key']) == 32) {
$this->key = parent::secure($_GET['key']);
$this->updateEmailorPw();
$this->retrieveFields();
}
if (!empty($this->error) || !empty($msg)) {
parent::displayMessage(!empty($this->error) ? $this->error : (!empty($msg) ? $msg : ''), false);
}
}
function remove($fid)
{
requirelogin();
$id = protect($fid);
if (is_admin()) {
mysql_query("DELETE FROM notes WHERE `id`='{$id}'");
} else {
$account = $_SESSION['id'];
mysql_query("DELETE FROM notes WHERE `account`='{$account}' AND `id`='{$id}'");
}
redir("dashboard");
}
function youtube($videourl)
{
$ret = array();
$video = explode("=", $videourl);
$video = $video[1];
$video = explode("&", $video);
$video = $video[0];
$video = str_replace("?v=", null, $video);
$ret['code'] = '<object width="320" height="180"><param name="movie" value="http://www.youtube.com/v/' . $video . '&hl=pt_BR&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/' . $video . '&hl=pt_BR&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="320" height="180"></embed></object>';
$meta = get_meta_tags($videourl);
$ret['title'] = protect($meta['title']);
$ret['desc'] = protect($meta['description']);
return $ret;
}
function view($id)
{
global $site_id, $site, $url, $home;
$id = protect($id);
// não requer login (ou softwares não funcionarão)
// id = md5 ( user_id . site_id )
$qry = mysql_query("SELECT * FROM accounts");
while ($row = mysql_fetch_array($qry)) {
if (md5($row['id'] . $site_id) === $id) {
$user = $row['id'];
$usr_login = $row['login'];
//break;
}
}
if ($user) {
echo '<?xml version="1.0"?>
<rss version="2.0">
<channel>
<title>' . $site['site_name'] . '</title>
<link>' . $url . '</link>
<description>' . t("Notificações de") . ' ' . $usr_login . '</description>
';
$friends = mysql_query("SELECT `id1` FROM friends WHERE `id2`='{$user}'");
if (mysql_numrows($friends) != 0) {
while ($f = mysql_fetch_array($friends)) {
$receive[] = $f['id1'];
}
}
if (sizeof($receive) != 0) {
$receive = implode(",", $receive);
$qry = mysql_query("SELECT a.login AS login, n.content AS content, n.account AS id, n.id AS fid FROM notes n LEFT JOIN accounts a ON n.account=a.id WHERE n.account IN ({$receive}) ORDER BY n.id DESC LIMIT 30");
if (mysql_numrows($qry) != 0) {
while ($row = mysql_fetch_array($qry)) {
echo '<item>
<title>' . $row['login'] . '</title>
<link>' . $home . 'user/profile/' . $row['login'] . '</link>
<description>' . $row['content'] . '</description>
</item>';
}
}
}
echo '</channel>
</rss>';
}
die;
// para não exibir front-end
}
/**
* Load the translations dictionary of the Navigate CMS interface
*
* @param string $code Language code (2 letters)
*/
public function load($code = 'en')
{
global $DB;
$DB->query('SELECT * FROM nv_languages WHERE code = ' . protect($code));
$data = $DB->first();
$this->id = $data->id;
$this->code = $data->code;
$this->name = $data->name;
$this->file = $data->nv_dictionary;
$this->lang = array();
$xliff = simplexml_load_file(NAVIGATE_PATH . '/' . $this->file);
if (empty($xliff)) {
// just use the default language (English)
return;
}
foreach ($xliff->file[0]->body[0]->{"trans-unit"} as $unit) {
$lid = intval($unit->attributes()->id);
$this->lang[$lid] = (string) $unit->target;
$this->lang[$lid] = str_replace("\n", "", $this->lang[$lid]);
}
}
function post()
{
global $url;
requirelogin();
$me = $_SESSION['id'];
$query = substr(protect($_POST['query']), 0, 16);
if (strlen($query) < 3) {
# isso não é um coração...
infobox(t("Termos de busca muito pequenos.", true, true));
}
if ($_POST['usuarios']) {
$qry = mysql_query("SELECT `foto`,`login` FROM accounts WHERE `login` LIKE '%{$query}%' OR `nome` LIKE '%{$query}%'");
if (mysql_numrows($qry) == 0) {
$usuarios = t("Nenhum resultado!");
} else {
$usuarios = null;
while ($row = mysql_fetch_array($qry)) {
$usuarios .= "\n" . '<p><div class="row">
<img src="' . $url . '/upload/' . thumb($row['foto']) . '"><br>
' . url("user/profile/{$row['login']}", $row['login']) . '
</div></p>';
}
}
section($usuarios, t("Buscando usuários."));
}
if ($_POST['grupos']) {
$qry = mysql_query("SELECT `title`,`url` FROM groups WHERE `title` LIKE '%{$query}%' OR `desc` LIKE '%{$query}%'");
if (mysql_numrows($qry) == 0) {
$grupos = t("Nenhum resultado!");
} else {
$grupos = null;
while ($row = mysql_fetch_array($qry)) {
$grupos .= "\n" . '<p><div class="row">
' . url("groups/view/{$row['url']}", $row['title']) . '
</div></p>';
}
}
section($grupos, t("Buscando grupos."));
}
}
function __construct()
{
/* Prevent guests if the admin hasn't enabled public profiles. */
if (!parent::getOption('profile-public-enable')) {
protect('*');
}
/* If the admin requires users to update their password. */
if (!empty($_SESSION['jigowatt']['forcePwUpdate'])) {
$msg = "<div class='alert alert-warning'>" . _('<strong>Alert</strong>: The administrator has requested all users to update their passwords.') . "</div>";
}
// Save the username
$this->username = !empty($_SESSION['jigowatt']['username']) ? $_SESSION['jigowatt']['username'] : _('Guest');
$this->use_emails = parent::getOption('email-as-username-enable');
$this->username_type = $this->use_emails ? 'email' : 'username';
/* Check if the user is a guest to this profile. */
$this->determineGuest();
if (!$this->guest && !empty($_POST)) {
$this->retrieveFields();
foreach ($_POST as $field => $value) {
$this->settings[$field] = parent::secure($value);
}
// Validate fields
$this->validate();
// Process form
if (empty($this->error)) {
$this->process();
}
}
$this->retrieveFields();
if (!$this->guest && isset($_GET['key']) && strlen($_GET['key']) == 32) {
$this->key = parent::secure($_GET['key']);
$this->updateEmailorPw();
$this->retrieveFields();
}
if (!empty($this->error) || !empty($msg)) {
parent::displayMessage(!empty($this->error) ? $this->error : (!empty($msg) ? $msg : ''), false);
}
}
$unit['farmer'] += $farmer;
$unit['warrior'] += $warrior;
$unit['defender'] += $defender;
$unit['wizard'] += $wizard;
$update_unit = mysql_query("UPDATE `unit` SET \n `merchant`='" . $unit['merchant'] . "',\n `farmer`='" . $unit['farmer'] . "',\n `warrior`='" . $unit['warrior'] . "',\n `defender`='" . $unit['defender'] . "',\n `wizard`='" . $unit['wizard'] . "'\n WHERE `id`='" . $_SESSION['uid'] . "'") or die(mysql_error());
$stats['food'] -= $food_needed;
$update_food = mysql_query("UPDATE `stats` SET `food`='" . $stats['food'] . "' \n WHERE `id`='" . $_SESSION['uid'] . "'") or die(mysql_error());
include "update_stats.php";
output("You have trained your units!");
}
} elseif (isset($_POST['untrain'])) {
$merchant = protect($_POST['merchant']);
$farmer = protect($_POST['farmer']);
$warrior = protect($_POST['warrior']);
$defender = protect($_POST['defender']);
$wizard = protect($_POST['wizard']);
$food_gained = 8 * $merchant + 8 * $farmer + 8 * $warrior + 8 * $defender + 8 * $wizard;
if ($merchant < 0 || $farmer < 0 || $warrior < 0 || $defender < 0 || $wizard < 0) {
output("You must untrain a positive number of units!");
} elseif ($merchant > $unit['merchant'] || $farmer > $unit['farmer'] || $warrior > $unit['warrior'] || $defender > $unit['defender'] || $wizard > $unit['wizard']) {
output("You do not have that many units to untrain!");
} else {
$unit['merchant'] -= $merchant;
$unit['farmer'] -= $farmer;
$unit['warrior'] -= $warrior;
$unit['defender'] -= $defender;
$unit['wizard'] -= $wizard;
$update_unit = mysql_query("UPDATE `unit` SET \n `merchant`='" . $unit['merchant'] . "',\n `farmer`='" . $unit['farmer'] . "',\n `warrior`='" . $unit['warrior'] . "',\n `defender`='" . $unit['defender'] . "',\n `wizard`='" . $unit['wizard'] . "' \n WHERE `id`='" . $_SESSION['uid'] . "'") or die(mysql_error());
$stats['food'] += $food_gained;
$update_food = mysql_query("UPDATE `stats` SET `food`='" . $stats['food'] . "' \n WHERE `id`='" . $_SESSION['uid'] . "'") or die(mysql_error());
include "update_stats.php";
<?php
include_once dirname(dirname(__FILE__)) . '/classes/check.class.php';
protect("1");
if (empty($_POST)) {
include_once 'header.php';
}
include_once 'classes/settings.class.php';
?>
<div id="message"></div>
<div class="tabbable tabs-left">
<ul class="nav nav-tabs">
<li><a href="#general-options" data-toggle="tab"><i class="glyphicon glyphicon-cog"></i> <?php
_e('General');
?>
</a></li>
<li><a href="#denied" data-toggle="tab"><i class="glyphicon glyphicon-exclamation-sign"></i> <?php
_e('Denied');
?>
</a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"><i class="glyphicon glyphicon-envelope"></i> <?php
_e('Emails');
?>
<b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="#emails-welcome" data-toggle="tab"><?php
_e('Welcome');
<?php
include 'header.php';
include 'safe.php';
if (isset($_SESSION['uid'])) {
if (isset($_POST['addNews'])) {
$title = protect($_POST['title']);
$text = protect($_POST['text']);
$author = protect($_POST['author']);
$data = date("Y-m-d");
$czas = date("H:i");
//$author = $datas['username'];
if ($title == "" || $text == "") {
echo "Wypełnij wszystkie pola!";
} elseif (strlen($title) > 64) {
echo "Tytuł nie może mieć więcej niż 64 znaków!";
} else {
$insert = mysql_query("INSERT INTO `cms_news` (`title`,`text`,`date`, `time`, `author`) VALUES ('{$title}','{$text}', '{$data}', '{$czas}', '{$author}')") or die(mysql_error());
echo '</br><span class="label label-success">Pomyślnie dodano news: ' . $title . '</span>';
}
}
?>
<form action="addNews.php" method="POST">
<h1>Dodawanie newsa</h1></br>
<div class="form-group">
<label for="author">Autor</label>
<?php
public function quicksearch($text)
{
$like = ' LIKE ' . protect('%' . $text . '%');
$cols[] = 'id' . $like;
$cols[] = 'name' . $like;
$cols[] = 'domain' . $like;
$cols[] = 'subdomain' . $like;
$where = ' AND ( ';
$where .= implode(' OR ', $cols);
$where .= ')';
return $where;
}
$node->field_heart_problems['und'][0]['value'] = protect($heart);
// Stomach bowel problems
$node->field_stomach_bowel_problems['und'][0]['value'] = protect($stomach);
// Suffer from mirgraines
$node->field_suffer_from_migraines['und'][0]['value'] = protect($migraines);
// Urinary kidney problems
$node->field_urinary_kidney_problems['und'][0]['value'] = protect($urinary);
// Nervous system problems
$node->field_nervous_system_problems['und'][0]['value'] = protect($nervous);
// Muscle bone joint problems
$node->field_muscles_bone_joint_problem['und'][0]['value'] = protect($muscle);
// Eye problems
$node->field_eye_problems['und'][0]['value'] = protect($eye);
// Ear throat nose problems
$node->field_ear_throat_nose_problems['und'][0]['value'] = protect($ear);
// Tropical diseases
$node->field_tropical_diseases['und'][0]['value'] = protect($tropical);
// Any other problems
$node->field_any_other_problems['und'][0]['value'] = protect($otherproblems);
// Problem details
$node->field_problem_details['und'][0]['value'] = protect($medicalMore);
// End of fields
# $node->field_test['und'][0]['value'] = $ethnicorigin;
// I prefer using pathauto, which would override the below path
$path = 'node_created_on' . date('YmdHis');
$node->path = array('alias' => $path);
if ($node = node_submit($node)) {
// Prepare node for saving
node_save($node);
echo "Node with nid " . $node->nid . " saved!\n";
}
$first = false;
} else {
echo ",";
}
$suggestions = $spellcheckObject->Suggestions($word);
$strsuggestions = "[";
for ($i = 0; $i < count($suggestions); $i++) {
if ($i > 0) {
$strsuggestions .= ",";
}
//$i > 0
$strsuggestions .= '"' . protect($suggestions[$i]) . '"';
}
//$i = 0; $i < count($suggestions) && $i < MAX_SUGGESTIONS; $i++
$strsuggestions .= "]";
$word = protect($word);
echo "\"{$word}\":{$strsuggestions}";
}
//!$spellcheckObject->SpellCheckWord($word)
}
//$post->params->words as $word
echo '}}';
}
//$post->method == 'spellcheck'
if ($post->method == 'listdicts') {
echo '{"id":"' . $post->id . '","result": {';
$dictionaries = $spellcheckObject->ListDictionaries();
echo '"dicts": ["' . implode('","', $dictionaries) . '"]';
echo '}';
echo '}';
}
<?php
session_start();
include '../functions/tools.php';
include '../config/db.php';
$table = protect($_GET['table']);
// Test qu'aucun des champs n'est vide, sinon redirige vers le formulaire
foreach ($_POST as $key => $element) {
if (empty($_POST[$key])) {
print_r($_POST[$key]);
//header('location: ../?page=formAdd&table='.$table);
} else {
${$key} = $element;
}
}
//---------------------------------ajouter un voyage-------------------------------------//
if ($table == 'voyage') {
try {
//----------upload des 2 images---------------
$uploads_directory = '../images/';
$tmp_file = $_FILES['banniere']['tmp_name'];
if (is_uploaded_file($tmp_file)) {
$type_file = $_FILES['banniere']['type'];
if (strstr($type_file, 'jpg') or strstr($type_file, 'jpeg') or strstr($type_file, 'png') or strstr($type_file, 'gif')) {
$basefilename = $_FILES['banniere']['name'];
$searchinfilename = array('@[éèêëÊË]@i', '@[àâäÂÄ]@i', '@[îïÎÏ]@i', '@[ûùüÛÜ]@i', '@[ôöÔÖ]@i', '@[ç]@i', '@[ ]@i', '@[^a-zA-Z0-9_.]@');
$replaceinfilename = array('e', 'a', 'i', 'u', 'o', 'c', '_', '');
$finalfilename1 = uniqid() . '-' . preg_replace($searchinfilename, $replaceinfilename, $basefilename);
if (!move_uploaded_file($tmp_file, $uploads_directory . $finalfilename1)) {
die('Impossible de copier le fichier dans ' . $uploads_directory);
}
function nvweb_menu_load_structure($parent = 0)
{
global $DB;
global $structure;
global $website;
if (!isset($structure['cat-' . $parent])) {
$structure['cat-' . $parent] = array();
$DB->query('SELECT *
FROM nv_structure
WHERE parent = ' . protect($parent) . '
AND website = ' . $website->id . '
ORDER BY position ASC');
$structure['cat-' . $parent] = $DB->result();
// parse some result values
foreach ($structure['cat-' . $parent] as $key => $value) {
$value->groups = str_replace('g', '', $value->groups);
$value->groups = array_filter(explode(',', $value->groups));
$structure[$key] = clone $value;
}
}
}
<?php
/*faz proteção para quem não ta logado*/
include_once "protect.php";
protect();
if (adminlogado()) {
$conta = "Admin";
} else {
$conta = "Leitor";
}
/*carrega informações do usuario no banco*/
$login = $_SESSION['user'];
include "config/conexao.php";
$consulta = "SELECT * FROM user where id = '{$login}'";
$con = $mysqli->query($consulta) or die($mysqli->error);
$con = $con->fetch_assoc();
unset($con['senha']);
?>
<!doctype html>
<html lnag"pt-br">
<head>
<title>comicbooks | User</title>
<meta charset = "utf-8"/>
<link rel="stylesheet" type="text/css" href="css/style.css"/>
</head>
<body>
<div id="main">
<?php
include_once "conteudo/header.php";
?>
<?php
global $CFG;
// ELGG recent activity page
// Run includes
require_once dirname(dirname(__FILE__)) . "/../includes.php";
// Initialise functions for user details, icon management and profile management
run("profile:init");
// Whose friends are we looking at?
global $page_owner;
// Weblog context
define("context", "weblog");
// You must be logged on to view this!
protect(1);
templates_page_setup();
cleanup_messages(time() - 86400 * 30);
$title = run("profile:display:name") . " :: " . __gettext("Recent activity");
// If we haven't specified a start time, start time = 1 day ago
$starttime = optional_param('starttime', time() - 86400, PARAM_INT);
$body = "<p>" . __gettext("Currently viewing recent activity since ") . gmstrftime("%B %d, %Y", $starttime) . ".</p>";
$body .= "<p>" . __gettext("You may view recent activity during the following time-frames:") . "</p>";
$body .= "<ul><li><a href=\"index.php?starttime=" . (time() - 86400) . "\">" . __gettext("The last 24 hours") . "</a></li>";
$body .= "<li><a href=\"index.php?starttime=" . (time() - 86400 * 2) . "\">" . __gettext("The last 48 hours") . "</a></li>";
$body .= "<li><a href=\"index.php?starttime=" . (time() - 86400 * 7) . "\">" . __gettext("The last week") . "</a></li>";
$body .= "<li><a href=\"index.php?starttime=" . (time() - 86400 * 30) . "\">" . __gettext("The last month") . "</a></li></ul>";
$body .= "<h2>" . __gettext("Your recent messages") . "</h2>";
$user_messages = get_messages($page_owner, null, time() - $starttime);
if (is_array($user_messages) && !empty($user_messages)) {
foreach ($user_messages as $user_message) {
$body .= "<div class=\"user_message\">" . display_message($user_message) . "</div>";
}
function nvweb_contact_generate($fields)
{
global $website;
global $DB;
$out = array();
// default colors
$background_color = '#E5F1FF';
$text_color = '#595959';
$title_color = '#595959';
$background_color_db = $DB->query_single('value', 'nv_permissions', 'name = ' . protect("nvweb.contact.background_color") . ' AND website = ' . protect($website->id), 'id DESC');
$text_color_db = $DB->query_single('value', 'nv_permissions', 'name = ' . protect("nvweb.contact.text_color") . ' AND website = ' . protect($website->id), 'id DESC');
$title_color_db = $DB->query_single('value', 'nv_permissions', 'name = ' . protect("nvweb.contact.titles_color") . ' AND website = ' . protect($website->id), 'id DESC');
if (!empty($background_color_db)) {
$background_color = str_replace('"', '', $background_color_db);
}
if (!empty($text_color_db)) {
$text_color = str_replace('"', '', $text_color_db);
}
if (!empty($title_color_db)) {
$title_color = str_replace('"', '', $title_color_db);
}
$out[] = '<div style=" background: ' . $background_color . '; width: 600px; border-radius: 6px; margin: 10px auto; padding: 1px 20px 20px 20px;">';
if (is_array($fields)) {
foreach ($fields as $field => $label) {
$field = trim($field);
// remove unwanted spaces
if (substr($field, -2, 2) == '[]') {
$field = substr($field, 0, -2);
}
if (is_array($_REQUEST[$field])) {
$value = print_r($_REQUEST[$field], true);
$value = str_replace("Array\n", '', $value);
$value = nl2br($value);
} else {
$value = nl2br($_REQUEST[$field]);
}
if (empty($value) && isset($_FILES[$field])) {
$value = $_FILES[$field]['name'];
}
$out[] = '<div style="margin: 25px 0px 10px 0px;">';
$out[] = ' <div style="color: ' . $title_color . '; font-size: 17px; font-weight: bold; font-family: Verdana;">' . $label . '</div>';
$out[] = '</div>';
$out[] = '<div style=" background: #fff; border-radius: 6px; padding: 10px; margin-top: 5px; line-height: 25px; text-align: justify; ">';
$out[] = ' <div class="text" style="color: ' . $text_color . '; font-size: 16px; font-style: italic; font-family: Verdana;">' . $value . '</div>';
$out[] = '</div>';
}
} else {
$out[] = $fields;
}
$out[] = '</div>';
return implode("\n", $out);
}
<form action="/test/protect.php" method="get">
<h1>Protection Function Test</h1>
<input type="text" name="protect" value=""><br />
<input type="text" name="unprotected" value=""/><br />
<input type="submit" name="test" value="Test"/>
</form>
<?php
//protection function
function protect($string)
{
$string = mysql_real_escape_string(trim(strip_tags(addslashes($string))));
return $string;
}
//on submission
if (!empty($_GET['protect'])) {
$protected = protect($_GET['protect']);
echo 'Input 1: <input type="text" value="' . protect($_GET['protect']) . '"/><br />';
echo 'Input 2: ' . $_GET['unprotected'] . '<br />';
}
?>
//include out functions file giving us access to the protect() function made earlier
include "./functions.php";
?>
<html>
<head>
<title>Forogt Password</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<?php
$error = 'Forgot Something?';
//Check to see if the forms submitted
if ($_POST['submit']) {
//if it is continue checks
//store the posted email to variable after protection
$email = protect($_POST['email']);
//check if the email box was not filled in
if (!$email) {
//if it wasn't display error message
$error = "<span class='error'>Information</span> missing.";
} else {
//else continue checking
//set the format to check the email against
$checkemail = "/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\\.-][a-z0-9]+)*)+\\.[a-z]{2,}\$/i";
//check if the email doesnt match the required format
if (!preg_match($checkemail, $email)) {
//if not then display error message
$error = "Invalid <span class='error'>email</span>.";
} else {
//otherwise continue checking
//select all rows from the database where the emails match
