// For replacing
$DB->exec("UPDATE rings SET validFlag = '0', ciphertext = '{$newCipher}', hash = '{$newHash}' WHERE id = '{$i}'");
$numValid--;
if ($numValid < 1) {
while (!shredData(NONCE_ROOT . "{$req}.ring")) {
// If it returns false, wait a few clock cycles
usleep(1000);
}
}
// Overwrite
//ob_end_clean();
if (!$_COOKIE['neverForward']) {
header("Location: {$data}");
die($url);
} else {
$data = removeXSS($data);
// Experimental; without warranty
include "includes/header.php";
echo "The destination URL is: <a href=\"" . $data . "\">" . $data . "</a>";
include "includes/footer.php";
}
exit;
}
//echo substr( hash_hmac('sha512', $_POST['password'], $salt, false), 0, 64)." != ".$row['hash']."\n"; // DEBUG
}
//echo "</pre>";
//$data = ob_get_clean();
if (!$found) {
include "includes/header.php";
echo "<div style=\"color: red;\">Incorrect password, or it has already been used.</div>\n";
//echo $data;
} else {
unset($start);
}
if (!isset($_SESSION['messagefilter'])) {
$_SESSION['messagefilter'] = '';
}
if (!empty($_POST['clear'])) {
$_SESSION['messagefilter'] = '';
$_SESSION['messagesortby'] = '';
$_SESSION['messagenumpp'] = MAX_MSG_PP;
unset($_POST['filter']);
unset($_POST['numPP']);
unset($_POST['sortBy']);
}
if (isset($_POST['filter'])) {
$_SESSION['messagefilter'] = removeXSS($_POST['filter']);
if ($_SESSION['messagefilter'] == ' --- filter --- ') {
$_SESSION['messagefilter'] = '';
}
}
if (!isset($_SESSION['messagenumpp'])) {
$_SESSION['messagenumpp'] = MAX_MSG_PP;
}
if (isset($_POST['numPP'])) {
$_SESSION['messagenumpp'] = sprintf('%d', $_POST['numPP']);
if ($_SESSION['messagenumpp'] <= 0) {
$_SESSION['messagenumpp'] = MAX_MSG_PP;
}
}
# remember last one listed
if (!isset($_GET['tab']) && !empty($_SESSION['lastmessagetype'])) {
$token = trim($_GET["deny"]);
if ($token == "" || !validateActivationToken($token, TRUE)) {
$errors[] = lang("FORGOTPASS_INVALID_TOKEN");
} else {
$userdetails = fetchUserDetails(NULL, $token);
if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
$errors[] = lang("SQL_ERROR");
} else {
$successes[] = lang("FORGOTPASS_REQUEST_CANNED");
}
}
}
//Forms posted
if (!empty($_POST)) {
$email = removeXSS($_POST["email"]);
$username = removeXSS(sanitize($_POST["username"]));
//Perform some validation
//Feel free to edit / change as required
if (trim($email) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
} else {
if (!isValidEmail($email) || !emailExists($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
}
}
if (trim($username) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
} else {
if (!usernameExists($username)) {
$errors[] = lang("ACCOUNT_INVALID_USERNAME");
}
<?php
/*
UserCake Version: 2.0.2
http://usercake.com
*/
require_once "models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
die;
}
//Forms posted
if (!empty($_POST) && $emailActivation) {
$email = removeXSS($_POST["email"]);
$username = removeXSS($_POST["username"]);
//Perform some validation
//Feel free to edit / change as required
if (trim($email) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
} else {
if (!isValidEmail($email) || !emailExists($email)) {
$errors[] = lang("ACCOUNT_INVALID_EMAIL");
}
}
if (trim($username) == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
} else {
if (!usernameExists($username)) {
$errors[] = lang("ACCOUNT_INVALID_USERNAME");
}
}
if (count($errors) == 0) {
<?php
include_once "includes/header.php";
?>
<h1>XSS Filter testing ground!</h1>
<?php
$vectors = array("https://tlwsd.in", "https://eff.org", "irc://20.111.15.65/owned", "'>://dsfjk:'\"\";", "http://\"><img src=\"/index.php\" />", "http://\"><script>alert('Unfiltered');</script>", $_SERVER['PHP_SELF'], "https://<IMG SRC=javascript:alert("XSS")>", "http://';alert(String.fromCharCode(88,83,83))//\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>");
foreach ($vectors as $v) {
//echo "<p style=\"display: inline-block; width: 400px; margin: 0;\">{$v}</p>";
$r = removeXSS($v);
if (is_array($r)) {
var_dump($r);
echo "<br />\n";
} elseif (!empty($r)) {
echo $r . "<br />\n";
} else {
echo "<em>NULL -- Didn't pass the test!</em><br />\n";
}
}
?>
<?php
include_once "includes/footer.php";
}
//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
session_write_close();
header("Location:account.php");
die;
}
$uname = "";
if (!empty($_GET)) {
$uname = $_GET['uname'];
}
//Forms posted
if (!empty($_POST)) {
$errors = array();
$username = removeXSS(sanitize(trim($_POST["username"])));
$password = removeXSS(trim($_POST["password"]));
if (!empty($username)) {
$uname = $username;
}
//Perform some validation
//Feel free to edit / change as required
if ($username == "") {
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
}
if ($password == "") {
$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
}
if (count($errors) == 0) {
if (candidateExists($username)) {
$userdetails = fetchCandDetails($username, $password);
if (!isset($userdetails["candidateid"])) {
$_POST["forwardsubject"] = removeXSS($_POST["forwardsubject"]);
}
if (!isset($_POST["forwardmessage"])) {
$_POST["forwardmessage"] = "";
} else {
$_POST["forwardmessage"] = removeXSS($_POST["forwardmessage"]);
}
if (!isset($_POST["forwardfooter"])) {
$_POST["forwardfooter"] = "";
} else {
$_POST["forwardfooter"] = removeXSS($_POST["forwardfooter"]);
}
if (!isset($_POST["msgsubject"])) {
$_POST["msgsubject"] = removeXSS($_POST["subject"]);
} else {
$_POST['subject'] = removeXSS($_POST['msgsubject']);
}
if ((!isset($_POST["year"]) || !is_array($_POST["year"])) && $_POST["embargo"] && $_POST["embargo"] != "0000-00-00 00:00:00") {
$embargo->setDateTime($_POST["embargo"]);
}
if ((!isset($_POST["year"]) || !is_array($_POST["year"])) && $_POST["repeatuntil"] && $_POST["repeatuntil"] != "0000-00-00 00:00:00") {
$repeatuntil->setDateTime($_POST["repeatuntil"]);
}
# not sure why this is here, but it breaks things when tables are used in the
# message, so for now disable it.
if (0) {
#$usefck) {
$_POST["message"] = nl2br($_POST["message"]);
}
// Load the criteria settings...
}