public function create_new_group($name, $public, $category_id, $max_members, $user_id, $description) { $new_group_data = array(); $new_group_data['name'] = sanitize_text($name); $new_group_data['public'] = $public; $new_group_data['category'] = sanitize_int($category_id); $new_group_data['max'] = sanitize_int($max_members); $new_group_data['creator'] = sanitize_int($user_id); $new_group_data['desc'] = $this->make_description_safe($description); $result = $this->save_new_group($new_group_data); return $result; }
/** * Try to fetch the current users IP address * @return string */ function ip_address() { //Get IP address - if proxy lets get the REAL IP address if (!empty($_SERVER['REMOTE_ADDR']) and !empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['REMOTE_ADDR'])) { $ip = $_SERVER['REMOTE_ADDR']; } elseif (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = '0.0.0.0'; } //Clean the IP and return it return sanitize_text($ip, 2); }
function the_referers($num = 5, $before = '<li>', $after = '</li>', $none = 'none yet') { $completed = 0; if ($referers = $GLOBALS['post_meta_cache'][wp_id()][$GLOBALS['wp_post_id']]['wp-refer']) { $referers = array_reverse($referers); foreach ($referers as $referer) { $referer = explode(':!-!:', $referer); $title = mb_conv(sanitize_text($referer[0]), $GLOBALS['blog_charset'], 'auto'); $url = sanitize_text($referer[1], false, true); echo $before . '<a href="' . $url . '">' . $title . '</a>' . $after; $completed++; if ($completed == $num) { break; } } } else { echo $before . $none . $after; } }
function the_referers($num = 5, $before = "<li>", $after = "</li>", $none = "none yet") { global $post_meta_cache, $id, $wp_id, $blog_charset; $completed = 0; if ($referers = $post_meta_cache[$wp_id][$id]['wp-refer']) { $referers = array_reverse($referers); foreach ($referers as $referer) { $referer = explode(":!-!:", $referer); $title = mb_conv(sanitize_text($referer[0]), $blog_charset, "auto"); $url = sanitize_text($referer[1], false, true); echo $before . "<a href=\"{$url}\">{$title}</a>" . $after; $completed++; if ($completed == $num) { break; } } } else { echo $before . $none . $after; } }
public static function insertComment($comment) { $commentText = sanitize_text($comment['commentText']); $userId = $comment['userId']; $postId = $comment['postId']; $query = "INSERT INTO comments VALUES (NULL,'{$commentText}',NOW(),'{$postId}','{$userId}','1')"; $result = @mysql_query($query); if ($result != false) { $lastCmmtId = mysql_insert_id(); $lastCmmtQ = "SELECT \n\t\t\tcommentId,\n\t\t\tcommentText,\n\t\t\tUNIX_TIMESTAMP(commentDate) AS commentDate,\n\t\t\tfirstName,\n\t\t\tlastName,\n\t\t\tusername,\n\t\t\tprofilePicAddr\n\t\t\tFROM comments\n\t\t\tJOIN user ON comments.userId = user.userId\n\t\t\tJOIN profilepics ON profilepics.userId = comments.userId\n\t\t\tWHERE comments.commentId = '{$lastCmmtId}' AND profilepics.statusId = 1"; $lastCmmtR = mysql_query($lastCmmtQ); if ($lastCmmtR != false) { $lastCmmt = mysql_fetch_array($lastCmmtR); return $lastCmmt; } else { return false; } } else { return false; } }
<body></body> </html><?php } else { init_param('GET', 'popuptitle', 'string', ''); init_param('GET', 'popupurl', 'string', ''); init_param('GET', 'text', 'html', ''); init_param('GET', 'post_pingback', 'integer', 0); $action = 'post'; $pinged = ''; $default_post_cat = get_settings('default_post_category'); /* big funky fixes for browsers' javascript bugs */ $_popuptitle = fix_js_param(get_param('popuptitle')); $_text = fix_js_param(get_param('text')); $_popuptitle = sanitize_text($_popuptitle); $_text = sanitize_text($_text, true); $_popupurl = sanitize_text(get_param('popupurl'), true, true); $post_title = $_popuptitle; $edited_post_title = $post_title; $content = '<a href="' . $_popupurl . '">' . $_popuptitle . '</a>' . "\n{$_text}"; // autodetect Trackback $tb_obj = new WP_TrackBack_XML_collection(); $trackback_url = $tb_obj->get($_popupurl); $target_charset = $tb_obj->charset; $_css_file = get_custom_url('wp-admin.css'); $_xoops_css = xoops_getcss($GLOBALS['xoopsConfig']['theme_set']); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>WordPress > Bookmarklet</title> <meta http-equiv="Content-Type" content="text/html; charset=<?php
<?php require "../includes/conf.inc.php"; require "../includes/functions.inc.php"; $sq = $_POST['search']; $sqn = sanitize_text($sq); $searchResult = post::searchPosts($sqn, ''); if ($searchResult == false) { echo $e; } else { if ($searchResult == 'empty') { echo '<span class="search-wait">No Results Found</span>'; } else { $srOutput = ''; foreach ($searchResult as $sr) { $srOutput .= '<a href="' . generate_link($sr['postTitle'], $sr['postId']) . '">' . $sr['postTitle'] . '</a>'; } echo $srOutput; } }
<?php require_once './includes/configuration.php'; require_once './student/student_controller.php'; $display_message = FALSE; $sc = new Student_controller(); if (isset($_POST['login'])) { $user = sanitize_text($_POST['user']); $pass = sanitize_text($_POST['pass']); $error_msg; if ($sc->validate_username($user) !== 1 || $sc->validate_password($pass) === FALSE) { $error_msg = "Invalid username or password"; $display_message; } else { $answer = $sc->log_member_in($user, $pass); if ($answer !== FALSE && $answer !== TRUE) { $display_message = TRUE; } elseif ($answer === FALSE) { $display_message = TRUE; } } if (isset($_SESSION['logged_in'])) { if (!empty($_SESSION['tried_url'])) { $tried_url = $_SESSION['tried_url']; $_SESSION['tried_url'] = null; ?> <script>window.location = "<?php echo $tried_url; ?> ";</script> <?php
<?php require "../includes/conf.inc.php"; require "../includes/functions.inc.php"; if (!isset($_SESSION['userLogin'])) { header("location: login.php"); } else { if (!isset($_GET['u'])) { $userId = $_SESSION['userId']; $userInfo = user::getUserInfoById(1); /*if($userInfo == false){ echo 'err'; }*/ var_dump($userInfo); } else { $userName = sanitize_text($_GET['u']); if ($userName == '') { $userId = $_SESSION['userId']; $userInfo = user::getUserInfoById($userId); echo 'Dfd'; if ($userInfo == false) { die($e); } } else { $userInfo = user::getUserInfoByUsername($userName); if ($userInfo == false) { die($e); } } } }
?> › <?php echo $title; ?> </title> <link rel="stylesheet" href="<?php echo $css_file; ?> " type="text/css" /> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $blog_charset; ?> " /> <?php if ($redirect == 1) { $redirect_url = sanitize_text($redirect_url); ?> <script language="javascript" type="text/javascript"> <!-- function redirect() { window.location = "<?php echo $redirect_url; ?> "; } setTimeout("redirect();", 600); //--> </script> <?php } }
$result = db_query("SELECT * FROM comment WHERE status = 0 AND " . "url LIKE '{$listpath}%' ORDER BY id"); print "<p><a href='{$PHP_SELF}?L'>Show All Comments</a></p>\n"; } } if (db_count($result) == 0) { if ($LOGIN_LEVEL >= AUTH_DEVEL && $op == 'l') { print "<p>No hidden comments.</p>\n"; } else { print "<p>No visible comments.</p>\n"; } } else { print "<ul>\n"; while ($row = db_next($result)) { $create_date = date("M d, Y", $row['create_date']); $create_user = sanitize_email($row['create_user']); $contents = sanitize_text($row['contents']); $location = str_replace("_", "?", $row['url']); print "<li><a href='{$location}'>{$row['url']}</a> " . " by {$create_user} on {$create_date} " . "<a href='{$PHP_SELF}?e{$row['id']}+p{$row['url']}'>Edit</a> " . "· <a href='{$PHP_SELF}?d{$row['id']}+p{$row['url']}'>Delete</a>" . "<br><tt>{$contents}</tt></li>\n"; } print "</ul>\n"; } db_free($result); html_footer(); break; case 'm': // Moderate if (array_key_exists("MODPOINTS", $_COOKIE)) { $modpoints = $_COOKIE["MODPOINTS"]; } else { $modpoints = 5; }
if ($is_macIE && !isset($IEMac_bookmarklet_fix)) { $popuptitle = preg_replace($wp_macIE_correction["in"], $wp_macIE_correction["out"], $popuptitle); $text = preg_replace($wp_macIE_correction["in"], $wp_macIE_correction["out"], $text); } if ($is_winIE && !isset($IEWin_bookmarklet_fix)) { $popuptitle = preg_replace("/\\%u([0-9A-F]{4,4})/e", "'&#'.base_convert('\\1',16,10).';'", $popuptitle); $text = preg_replace("/\\%u([0-9A-F]{4,4})/e", "'&#'.base_convert('\\1',16,10).';'", $text); } if ($is_gecko && !isset($Gecko_bookmarklet_fix)) { $popuptitle = preg_replace($wp_gecko_correction["in"], $wp_gecko_correction["out"], $popuptitle); $text = preg_replace($wp_gecko_correction["in"], $wp_gecko_correction["out"], $text); } $post_title = $_REQUEST['post_title']; if (!empty($post_title)) { // $post_title = stripslashes($post_title); $post_title = sanitize_text($post_title); } else { $post_title = $popuptitle; } // I'm not sure why we're using $edited_post_title in the edit-form.php, but we are // and that is what is being included below. For this reason, I am just duplicating // the var instead of changing the assignment on the lines above. // -- Alex King 2004-01-07 $edited_post_title = $post_title; $content = $_REQUEST['content']; if (!empty($content)) { $content = stripslashes($content); } else { $content = '<a href="' . $popupurl . '">' . $popuptitle . '</a>' . "\n{$text}"; } /* /big funky fixes */
<?php require "../includes/conf.inc.php"; require "../includes/functions.inc.php"; if (isset($_POST['email'])) { $email = sanitize_text($_POST['email']); if (filter_var($email, FILTER_VALIDATE_EMAIL)) { $selQuery = "SELECT user.userId FROM user WHERE user.email = '{$email}'"; $selResult = @mysql_query($selQuery) or die($e); $numEmail = mysql_num_rows($selResult); if ($numEmail != 1) { echo 0; } else { echo 1; } } else { echo 2; } }
} else { $answer = "Something went wrong. Please reload page and try again!"; } ?> <script>alert("<?php echo $answer; ?> ");</script> <?php } elseif (isset($_POST['edit'])) { $student_level_in_group = $student->get_student_level_in_group($group->get_id()); if ($student_level_in_group === 2 || $student_level_in_group === 3) { $safe_name = sanitize_text($_POST['editGroupName']); $safe_max_size = sanitize_int($_POST['editGroupSize']); $safe_category = sanitize_int($_POST['editGroupCategory']); $safe_description = sanitize_text($_POST['editGroupDescription']); if ($student_level_in_group === 2) { $safe_name = $group->get_name(); $safe_max_size = $group->get_max_members(); $safe_category = $group->get_category_id(); $edit_message = $group->update_group($safe_name, $safe_max_size, $safe_category, $safe_description); $edited = TRUE; } elseif ($student_level_in_group === 3) { if ($gc->validate_if_category($safe_category) === FALSE) { $safe_category = $group->get_category_id(); } $edit_message = $group->update_group($safe_name, $safe_max_size, $safe_category, $safe_description); $edited = TRUE; } } }
public function search_for_student($search_string) { $results = array(); if ($this->validate_email($search_string)) { $results = $this->search_for_email(sanitize_email($search_string)); } else { $username_results = $this->search_for_username(sanitize_text($search_string)); $name_results = $this->search_for_name(sanitize_text($search_string)); $email_results = $this->search_for_first_part_of_email($search_string); foreach ($username_results as $username_result) { $results[] = $username_result; } foreach ($name_results as $name_result) { if (!in_array($name_result, $results)) { $results[] = $name_result; } } foreach ($email_results as $email_result) { if (!in_array($email_result, $results)) { $results[] = $email_result; } } } return $results; }
} $student = new Student($_SESSION['user_id']); if (!isset($_GET['id'])) { if (!isset($_GET['usr'])) { $student_visited = $student; } else { if (sanitize_text(strtolower($_GET['usr'])) == "buddies") { ?> <script>window.location = "<?php echo SERVER . BASE; ?> student/buddies.php";</script> <?php } $sc = new Student_controller(); $user_array = $sc->get_member_with_username(sanitize_text($_GET['usr'])); $student_visited = new Student($user_array['id']); } } else { $student_visited = new Student($_GET['id']); } /* * Setting buddy statuses */ $buddies_pending = FALSE; $buddies = FALSE; if (isset($_POST['becomeBuddy'])) { if ($student_visited->apply_for_buddies($student->get_id())) { $buddies_pending = TRUE; } else { $buddies_pending = FALSE;
$username = ""; $firstname = ""; $lastname = ""; $email = ""; $error_message = ""; if (isset($_POST['join'])) { $username = sanitize_text($_POST['username']); $firstname = sanitize_text($_POST['firstname']); $lastname = sanitize_text($_POST['lastname']); $email = sanitize_email($_POST['email']); //First, let's check if token is correct! $form_token = $_POST['token']; $sess_token = retrieve_session_token(); if ($form_token === $sess_token) { $pass1 = sanitize_text($_POST['password1']); $pass2 = sanitize_text($_POST['password2']); $answer = $sc->create_student($username, $firstname, $lastname, $email, $pass1, $pass2); if ($answer !== TRUE) { ?> <script> window.location = "#sign-up"; </script> <?php $error_message = "You have not filled out the form according to the requirements"; } else { $sc->log_member_in($username, $pass1); ?> <script> alert('Welcome! :)'); window.location = "<?php echo W1BASE;
private function save_new_group_name($group_name) { global $dbCon; $safe_name = sanitize_text($group_name); $sql = "UPDATE `group` SET name = ? WHERE id = ?;"; $stmt = $dbCon->prepare($sql); if ($stmt === false) { trigger_error('SQL Error: ' . $dbCon->error, E_USER_ERROR); } $stmt->bind_param('si', $safe_name, $this->id); //Bind parameters. $stmt->execute(); $rows = $stmt->affected_rows; if ($rows == 1) { $stmt->close(); return TRUE; } $error = $stmt->error; $stmt->close(); return $error; }
/** * Set the file name * * This function takes a filename as input and filters it to make it safe * for use. It also gets the file extension. Finally, it looks for the * existence of a file with the same name. If found, it will append a * number to the end of the filename to avoid overwriting a pre-existing file. * * @access public * @param string * @param string * @return string */ function process_filename($filename = '') { //First get the extension of the file $ext = strrchr($filename, '.'); //Then get the file name $filename = $ext === FALSE ? $filename : substr($filename, 0, -strlen($ext)); //Should we encrypt the filename? if ($this->encrypt_name == TRUE) { mt_srand(); //Set the file name to a random value $filename = md5(uniqid(mt_rand())); } else { //Make the files name "filename" safe (no weird chars allowed like "/") $filename = sanitize_text($filename, 1); /* * Separate extensions with "_" to prevent possible script execution * from Apache's handling of files with multiple extensions. * http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext */ if (strpos($filename, '.') !== FALSE) { //First, break apart the name into pieces $parts = explode('.', $filename); foreach ($parts as &$part) { //If this extension is not allowed if (!in_array($part, $this->allowed_types)) { //add a underscore to the name to make it un-usable $part .= '_'; } } //Put the filename back togeither $filename = implode('.', $parts); } } //Check to see if the file with this name exists already if (file_exists($this->upload_path . $filename . $ext)) { //If we should NOT overwrite the existing files if (!$this->overwrite) { //Then keep adding a number to the file name //until you find one that doesn't exist! for ($i = 1; $i < 1000; $i++) { if (!file_exists($this->upload_path . $filename . $i . $ext)) { $filename .= $i; break; } } } } //Set the name and file extension $this->file_name = $filename; $this->file_ext = substr($ext, 1); }
<link rel="stylesheet" href="<?php echo $css_file; ?> " type="text/css" /> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $blog_charset; ?> " /> <?php if ($redirect == 1) { ?> <script language="javascript" type="text/javascript"> <!-- function redirect() { window.location = "<?php echo sanitize_text($redirect_url); ?> "; } setTimeout("redirect();", 600); //--> </script> <?php } } ?> <script language="javascript" type="text/javascript"> //<![CDATA[ function profile(userID) { window.open ("profile.php?action=viewprofile&profile=1&user="******"Profile", "width=500, height=450, location=0, menubar=0, resizable=0, scrollbars=1, status=1, titlebar=0, toolbar=0, screenX=60, left=60, screenY=60, top=60"); }
<?php require "../includes/conf.inc.php"; require "../includes/functions.inc.php"; if (isset($_GET['q'])) { if (!empty($_GET['q'])) { $sq = sanitize_text($_GET['q']); $searchResult = post::searchPosts($sq, ''); if ($searchResult == false) { die($e); } } else { header("location: ../search/"); } } else { $sq = "Search"; $searchResult = "undefined"; } ?> <!doctype html> <html lang="en"> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width,intial-scale=1" /> <head> <title><?php if (isset($_GET['q'])) { echo trim(htmlentities($_GET['q'])); } else { echo 'Search';
<?php require "../includes/conf.inc.php"; require "../includes/functions.inc.php"; if (isset($_POST['institutionName'])) { $institutionName = sanitize_text($_POST['institutionName']); $insQuery = "INSERT INTO institutions VALUES (NULL,'{$institutionName}')"; $insResult = @mysql_query($insQuery) or die($e); $selQuery = "SELECT * FROM institutions"; $selResult = @mysql_query($selQuery) or die($e); echo '<option value="NULL">Choose Your Institution</option>'; while ($institution = mysql_fetch_array($selResult)) { echo '<option value="' . $institution['institutionId'] . '">' . $institution['institutionName'] . '</option>'; } }
<?php require "../includes/conf.inc.php"; require "../includes/functions.inc.php"; if (isset($_POST['token'], $_POST['email'], $_POST['password'], $_POST['repassword'])) { $token = $_POST['token']; $email = sanitize_text($_POST['email']); $password = sanitize_text($_POST['password']); $repassword = sanitize_text($_POST['repassword']); $newToken = md5($salt . $email); if ($token == $newToken) { $query = "SELECT admin.adminId FROM admin WHERE admin.email = '{$email}' AND admin.statusId = 2"; $result = mysql_query($query); $count = mysql_num_rows($result); if ($count != 0) { $admin = mysql_fetch_array($result); $adminId = $admin['adminId']; if ($password == $repassword) { $entryPassword = md5($password); $insQ = "UPDATE admin SET admin.statusId = '1' , admin.password = '******' WHERE admin.adminId = '{$adminId}'"; $insR = mysql_query($insQ); if (!$insR) { $response = array('success' => 0, 'error' => 4, 'errorMsg' => 'Opps! Something Went wrong. Please Try Again Later', 'debugError' => mysql_error()); } else { $response = array('success' => 1, 'error' => 0); } } else { $response = array('success' => 0, 'error' => 3, 'errorMsg' => 'Password didnot Match.'); } } else { $response = array('success' => 0, 'error' => 2, 'errorMsg' => 'The email you entered couldnot be found.');
exit; } if (get_settings('use_comment_preview') && $action != 'confirm') { $show_cblock = 0; include 'header.php'; $comment = balanceTags($comment, 1); $comment = convert_chars($comment); $comment = apply_filters('post_comment_text', $comment); $comment_preview = apply_filters('comment_text', $comment); $author_preview = apply_filters('comment_author', $author); $author_preview = empty($url) ? $author_new : "<a href='{$url}' rel='external'>{$author_new}</a>"; $author_edit = sanitize_text($author); $url_edit = sanitize_text($url, false, true); $email_edit = sanitize_text($email); $comment_edit = sanitize_text($comment); $redirect_to_edit = sanitize_text($redirect_to, false, true); include get_custom_path('confirm-template.php'); include XOOPS_ROOT_PATH . "/footer.php"; exit; } else { if (get_settings('use_comment_preview') && $action == 'confirm') { if (!$xoopsWPTicket->check()) { redirect_header($location, 3, $xoopsWPTicket->getErrors()); } } $now = current_time('mysql'); $comment = balanceTags($comment, 1); $comment = convert_chars($comment); $comment = format_to_post($comment); $comment = apply_filters('post_comment_text', $comment); $comment_author = $author;
<?php header("Content-type: text/javascript"); include "../includes/conf.inc.php"; include "../includes/functions.inc.php"; if (isset($_POST['email'])) { $email = $_POST['email']; $email = sanitize_text($email); $query = "SELECT \n\tadmin.adminId,\n\tadmin.firstName,\n\tadmin.lastName,\n\tadmin.email \n\tFROM admin \n\tWHERE admin.email = '{$email}'\n\tAND admin.statusId = 1"; $result = mysql_query($query); if (!$result) { $response = array('success' => 0, 'error' => 1, 'errorMsg' => 'Opps! Something went wrong.'); } else { $adminNum = mysql_num_rows($result); if ($adminNum == 0) { $response = array('success' => 0, 'error' => 2, 'errorMsg' => 'Incorrect Information Provided. Please try again.'); } else { $admin = mysql_fetch_array($result); $adminId = $admin['adminId']; $adminFirstName = $admin['firstName']; $adminLastName = $admin['lastName']; $adminEmail = $admin['email']; $token = md5($salt . $adminEmail); $resetLink = $website . "admin/reset.php?token=" . $token; $updQuery = "UPDATE admin SET admin.statusId = 2 WHERE admin.adminId = '{$adminId}'"; $updRes = mysql_query($updQuery); if (!$updRes) { $response = array('success' => 0, 'error' => 1, 'errorMsg' => 'Opps! Something went wrong.'); } else { $subject = "Password Reset."; $body = "\n\t\t\t\t\t<html>\n\t\t\t\t\t<head>\n\t\t\t\t\t\t<title>Password Reset</title>\n\t\t\t\t\t\t<link href=\"http://fonts.googleapis.com/css?family=Open+Sans\" rel=\"stylesheet\" type=\"text/css\"/>\n\t\t\t\t\t\t<style>\n\t\t\t\t\t\tbody{\n\t\t\t\t\t\t\tfont:100% 'Open Sans',Segoe UI, Calibri, Candara, Arial, sans-serif;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ta{\n\t\t\t\t\t\t\tcolor:#008ED7;\n\t\t\t\t\t\t\ttext-decoration:none;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ta:hover{\n\t\t\t\t\t\t\ttext-decoration:underline;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t</style>\n\t\t\t\t\t</head>\n\t\t\t\t\t<body>\n\t\t\t\t\tDear {$adminFirstName} {$adminLastName},<br/><br/>\n\n\t\t\t\t\tA request to reset password was received from your <a href={$website}>Plus Two Notes</a> account - {$adminEmail}. (Admin Id: <b>{$adminId}</b>)<br/><br/>\n\n\t\t\t\t\t<br/>\n\n\t\t\t\t\t<a href={$resetLink}>{$resetLink}</a><br/><br/>\n\n\t\t\t\t\tClick the above link to reset your password or copy and paste in the address bar of your browser.<br /><br />\n\n\t\t\t\t\t<b>Support</b><br/>\n\n\t\t\t\t\tFor any support with respect to your relationship with us you can always contact us directly using the following Information.<br/><br/>\n\n\t\t\t\t\tEmail address: contact@plustwonotes.com\n\n\t\t\t\t\t<br /><br />\n\n\t\t\t\t\t<i>This is auto generated email. Please donot reply</i>\n\t\t\t\t\t</body>\n\t\t\t\t\t</html>\n\n\t\t\t\t";
<?php require "../includes/conf.inc.php"; require "../includes/functions.inc.php"; if (isset($_POST['commentText']) && !empty($_POST['commentText'])) { $comment['commentText'] = sanitize_text($_POST['commentText']); $comment['userId'] = intval($_POST['userId']); $comment['postId'] = intval($_POST['postId']); $comment = comment::insertComment($comment); if ($comment == false) { echo false; } else { $cmmtDate = ago($comment['commentDate']); echo '<li class="comment"> <div class="commenterProfilePic"> <img src="' . $website . $comment['profilePicAddr'] . '"/> </div> <div class="commentDetail"> <a href="' . $website . 'account/profile/' . $comment['username'] . '" class="commenter">' . $comment['firstName'] . ' ' . $comment['lastName'] . '</a><br /> <p>' . $comment['commentText'] . '</p> <span>' . $cmmtDate . '</span> </div> <div class="cleaner"></div> </li>'; } }
<?php require "../includes/conf.inc.php"; require "../includes/functions.inc.php"; if (!isset($_SESSION['login']) && isset($_POST['login'])) { //taking the inputs in $username = $_POST['username']; $password = $_POST['password']; //cleaning the inputs $username = sanitize_text($username); $password = sanitize_text($password); $password = md5($password); $query = "SELECT * FROM admin WHERE ( admin.username = '******' OR admin.email = '{$username}' ) AND admin.password = '******'"; $result = mysql_query($query, $conn) or die("Error"); $count = mysql_num_rows($result); if ($count == 1) { $admin = mysql_fetch_array($result); if ($admin['statusId'] == 1) { $_SESSION['login'] = 1; $_SESSION['adminId'] = $admin['adminId']; header("location: ../admin/"); } else { $_SESSION['error'] = 3; header("location: ../admin/login.php"); } } else { $_SESSION['error'] = 2; header("location: ../admin/login.php"); } } else { header("location: ../admin/");
function comment_edit_action() { $BD = $_POST['comment_post_board']; $ID = $_POST['comment_post_id']; $CM = $_POST['comment_id']; $OK = TRUE; $who = isset($_SESSION['member']['id']) ? $_SESSION['member']['id'] : 0; if ($_POST['comment_modify_author'] != $who) { $OK = FALSE; set_clue('登入身份已經變動要繼續動作請再切換!'); } if (empty($_POST['comment_author_nicename'])) { $OK = FALSE; set_clue('請記得填寫回覆作者名稱!'); } if (empty($_POST['comment_content'])) { $OK = FALSE; set_clue('最重要的回覆怎麼可以不寫呢!'); } if (!empty($_POST['comment_author_email']) && !email_check($_POST['comment_author_email'])) { $OK = FALSE; set_clue('請填寫正確的電子郵件位址!'); } if ($OK) { $comment_author_ip = ip2long($_SERVER['REMOTE_ADDR']); $comment_author_nicename = sanitize_text($_POST['comment_author_nicename']); $comment_content = trim($_POST['comment_content']); $comment_modify = date("Y-m-d H:i:s"); $comment_modify_member = $_POST['comment_modify_author']; if (isset($_POST['comment_modify_author']) && $_POST['comment_modify_author'] > 0) { $comment_modify_who = sanitize_text($_POST['comment_modify_who']); } else { $comment_modify_who = $comment_author_nicename; } $change['key'] = array('comment_author_ip', 'comment_author_nicename', 'comment_content', 'comment_modify', 'comment_modify_member', 'comment_modify_who'); $change['value'] = array($comment_author_ip, $comment_author_nicename, $comment_content, $comment_modify, $comment_modify_member, $comment_modify_who); if (!empty($_POST['comment_author_email'])) { $change['key'][] = 'comment_author_email'; $change['value'][] = strtolower($_POST['comment_author_email']); } $where['key'] = 'id'; $where['value'] = $CM; inset('comments', $change, $where); unset($_SESSION['comment']); header('location: ' . OUT_PATH . $ID . '#comment-' . $CM); } else { if (!isset($_SESSION['comment'])) { $_SESSION['comment'] = array(); } $_SESSION['comment']['author_nicename'] = $_POST['comment_author_nicename']; $_SESSION['comment']['author_email'] = $_POST['comment_author_email']; $_SESSION['comment']['content'] = $_POST['comment_content']; $_SESSION['comment']['modify_who'] = isset($_POST['comment_modify_who']) ? $_POST['comment_modify_who'] : ''; $_SESSION['comment']['certify'] = TRUE; $_SESSION['comment']['id'] = $CM; header('location: ' . OUT_PATH . 'comment/' . $CM); } }
";</script> <?php die; } $student = new Student($_SESSION['user_id']); $crooked = false; if (!isset($_GET['s'])) { ?> <script>window.location = "<?php echo BASE; ?> ";</script> <?php die; } else { $search_string = sanitize_text($_GET['s']); if ($_GET['s'] !== $search_string) { //Something is not as it should be! $crooked = true; $message = "You bastard! We've logged your search with ip: " . get_ip_address(); } $sc = new Student_controller(); $search_student_ids = $sc->search_for_student($search_string); } ?> <html> <head> <meta charset="UTF-8"> <title><?php echo $student->get_firstname(); ?>
<?php require "../../includes/conf.inc.php"; require "../../includes/functions.inc.php"; if (isset($_POST['postTitle'])) { $adminId = $_SESSION['adminId']; $postTitle = $_POST['postTitle']; $postTypId = $_POST['postTypId']; $subjectId = $_POST['subjectId']; $imp = $_POST['imp']; $postText = $_POST['postText']; $postTitle = ucfirst(sanitize_text($postTitle)); $postText = trim(mysql_real_escape_string(stripslashes($postText))); if ($postTitle == '' || $postText == '') { //when any entry is empty $response = array('success' => 0, 'error' => 1, 'errorMsg' => 'Either Post Title Or Post Body is empty!'); } else { $newPost = array('postTitle' => $postTitle, 'postText' => $postText, 'subjectId' => $subjectId, 'postTypId' => $postTypId, 'adminId' => $adminId, 'statusId' => 2, 'imp' => $imp); if (!post::create($newPost)) { $response = array('success' => 0, 'error' => 2, 'errorMsg' => 'Opps! Something Went Wrong!'); } else { $response = array('success' => 1, 'error' => 0); } } /*$_SESSION['response'] = $response; header("location: add.php");*/ echo json_encode($response); }