/** * Registration Form Template Plugin * * Assists in the creation of registration forms * * @param string $return The relative or absolute URL to return to after registering */ function smarty_block_registration_form($params, $tagdata, &$smarty, &$repeat) { if (!isset($params['var'])) { show_error('You must specify a "var" parameter for template {registration_form} calls. This parameter specifies the variable name for the returned array.'); } else { $variables = array(); // get return URL if (isset($params['return']) and !empty($params['return'])) { $variables['return'] = query_value_encode($params['return']); } else { $variables['return'] = ''; } // form action $variables['form_action'] = site_url('users/post_registration'); if (setting('ssl_certificate') == '1') { $variables['form_action'] = secure($variables['form_action']); } // populated values $variables['first_name'] = $smarty->CI->input->post('firstname'); $variables['last_name'] = $smarty->CI->input->post('last_name'); $variables['email'] = $smarty->CI->input->post('email'); $variables['username'] = $smarty->CI->input->post('username'); $custom_fields = $smarty->CI->user_model->get_custom_fields(array('registration_form' => TRUE, 'not_in_admin' => TRUE)); $variables['custom_fields'] = $custom_fields; if (is_array($custom_fields)) { foreach ($custom_fields as $field) { $variables[$field['name']] = $smarty->CI->input->post($field['name']); } } $smarty->assign($params['var'], $variables); echo $tagdata; } }
/** * * Untuk keamanan data, trim inputan agar tidak ada spasi, Htmlentities * */ function multisecure($array) { foreach ($array as $key => $value) { $array[$key] = secure($value); } return $array; }
private function validateRegistration() { loadLibrary("validation.lib"); $user = secure($_POST["username"]); $display = secure($_POST["display"]); $pass1 = secure($_POST["pass1"]); $pass2 = secure($_POST["pass2"]); $email1 = secure($_POST["email1"]); $email2 = secure($_POST["email2"]); $res = valid_username($user); if ($res !== true) { $this->errors[] = $res; } $res = valid_displayname($display); if ($res !== true) { $this->errors[] = $res; } if ($pass1 !== $pass2) { $this->errors[] = "passwords_dont_match"; } else { $res = valid_password($pass1); if ($res !== true) { $this->errors[] = $res; } } if ($email1 !== $email2) { $this->errors[] = "emails_dont_match"; } else { $res = valid_email($email1); if ($res !== true) { $this->errors[] = $res; } } // Validate these next two for the most protective method. if ($_POST["hideemail"] == "no") { $hideemail = false; } else { $hideemail = true; } if ($_POST["receiveemail"] == "yes") { $receiveemail = true; } else { $receiveemail = false; } // Check ToS box if (!$_POST["tos"]) { $this->errors[] = "tos_not_checked"; } if (count($this->errors) == 0) { // Add the user global $yakbb; $yakbb->db->insert("users", array("id" => 0, "username" => $user, "displayname" => $display, "password" => sha256($pass1), "email" => $email1, "emailshow" => $hideemail ? 0 : 1, "emailoptin" => $receiveemail ? 1 : 0, "activated" => 1, "activationcode" => "", "pending" => 0, "registeredtime" => time(), "lastip" => $yakbb->ip, "template" => $yakbb->config["default_template"], "language" => $yakbb->config["default_language"], "timezone" => $yakbb->config["default_timezone"])); redirect("?action=login®=true"); } }
/** * Login Form Template Plugin * * Assists in the creation of login forms * * @param string $return The relative or absolute URL to return to after logging in * @param string $username Username value */ function smarty_block_login_form($params, $tagdata, &$smarty, &$repeat) { if (!isset($params['var'])) { show_error('You must specify a "var" parameter for template {login_form} calls. This parameter specifies the variable name for the returned array.'); } else { $variables = array(); // get return URL if (isset($params['return']) and !empty($params['return'])) { $variables['return'] = query_value_encode($params['return']); } else { $variables['return'] = ''; } // form action $variables['form_action'] = site_url('users/post_login'); if (setting('ssl_certificate') == '1') { $variables['form_action'] = secure($variables['form_action']); } // username $variables['username'] = isset($params['username']) ? $params['username'] : ''; $smarty->assign($params['var'], $variables); echo $tagdata; } }
function lock() { if (!isset($_session['id'])) { return false; } if (!isset($_session['email'])) { return false; } if (isset($_POST['app'])) { $userName = secure($_POST['email'], $mysqli); $ID = secure($_POST['ID'], $mysqli); } else { $userName = secure($_session['email'], $mysqli); $ID = secure($_session['ID'], $mysqli); } $q = "SELECT * FROM users WHERE username = '******' AND ID = '{$ID}'"; if ($res = $mysqli->query($q)) { if ($res->num_rows > 0) { return true; } else { return false; } } }
if ($utente == -1) { header('Location: index.php'); } else { $user_level = get_user_level($utente); if ($user_level == 0) { header('Location: userhome.php'); } if ($user_level == 1) { header('Location: docente.php'); } } if ($_POST["submit"]) { $nome = secure($_POST["nome"]); $cognome = secure($_POST["cognome"]); $username = secure($_POST["username"]); $password = hash("sha512", secure($_POST["password"])); $db = database_connect(); if (!($result = $db->query("select * from utenti where username='******'"))) { die('ERRORE: ' . $db->error); } $rows = $result->num_rows; if ($rows == 0) { if (!$db->query("INSERT INTO utenti\n\t\t\t\t(nome, cognome, username, password, classe, level) VALUES\n\t\t\t\t('" . $nome . "', '" . $cognome . "', '" . $username . "', '" . $password . "', 6, 1)")) { echo "Errore" . $db->error; } else { echo "SUCCESS"; } } else { echo "EXISTS"; } }
$errors = array(1 => 'The file to big for the server\'s config', 2 => 'The file to big for this page', 3 => 'There was a problem during upload (file was truncated)', 4 => 'No file upload', 5 => 'No temp folder', 6 => 'Write error on server'); return $errors[$e]; } else { if ($e > 7) { return true; } else { return false; } } } function secure($file) { return preg_replace('#(.+)\\.php#i', '$1.SECURED_PHP', $file); } if (isset($_FILES['myfile']) && strtolower($_FILES['myfile']['name']) != "index.html") { $sFileName = secure($_FILES['myfile']['name']); $sFileType = $_FILES['myfile']['type']; $sFileSize = intval(bytesToSize1024($_FILES['myfile']['size'], 1)); $sFileError = error2msg($_FILES['myfile']['error']); $sFileExt = pathinfo($_SESSION['upload_path'] . $sFileName, PATHINFO_EXTENSION); $ok = '<li class="DD_file DD_success ' . $sFileExt . '"> <span class="DD_filename">' . $sFileName . '</span> [<em class="DD_filetype">' . $sFileType . '</em>, <em class="DD_filesize">' . $sFileSize . '</em>] [OK] </li>'; $notok = '<li class="DD_file DD_error"> <span class="DD_filename">' . $sFileName . '</span> [<em class="DD_filetype">' . $sFileType . '</em>, <em class="DD_filesize">' . $sFileSize . '</em>] [UPLOAD ERROR !] </li>'; if (is_array($auto_dropzone['destination_filepath']) && !empty($auto_dropzone['destination_filepath'][$sFileExt]) && is_dir($_SESSION['upload_path'] . $auto_dropzone['destination_filepath'][$sFileExt])) {
//Ajout d'un tarif if (isset($_POST['add']) && isset($_POST['ecole_lyonnaise'][0]) && in_array($_POST['ecole_lyonnaise'][0], ['0', '1']) && isset($_POST['for_pompom'][0]) && in_array($_POST['for_pompom'][0], ['yes', 'or', 'no']) && isset($_POST['for_cameraman'][0]) && in_array($_POST['for_cameraman'][0], ['yes', 'or', 'no']) && isset($_POST['for_fanfaron'][0]) && in_array($_POST['for_fanfaron'][0], ['yes', 'or', 'no']) && !empty($_POST['type'][0]) && in_array($_POST['type'][0], array_keys($typesTarifs)) && !empty($_POST['ordre'][0]) && intval($_POST['ordre'][0]) && !empty($_POST['nom'][0]) && !empty($_POST['description'][0]) && isset($_POST['montant'][0]) && isset($_POST['special'][0]) && (empty($_POST['special'][0]) || in_array($_POST['special'][0], array_keys($sports))) && is_numeric($_POST['montant'][0])) { if (!isset($_POST['logement'])) { $_POST['logement'] = array(); } $pdo->exec($s = 'INSERT INTO tarifs SET ' . 'nom = "' . secure($_POST['nom'][0]) . '", ' . 'description = "' . secure($_POST['description'][0]) . '", ' . 'tarif = ' . abs((double) $_POST['montant'][0]) . ', ' . 'ecole_lyonnaise = ' . $_POST['ecole_lyonnaise'][0] . ', ' . 'for_pompom = "' . $_POST['for_pompom'][0] . '", ' . 'for_cameraman = "' . $_POST['for_cameraman'][0] . '", ' . 'for_fanfaron = "' . $_POST['for_fanfaron'][0] . '", ' . 'type = "' . secure($_POST['type'][0]) . '", ' . 'logement = ' . (in_array('0', $_POST['logement']) ? '1' : '0') . ', ' . 'id_sport_special = ' . (empty($_POST['special'][0]) || $_POST['type'][0] == 'nonsportif' ? 'NULL' : $_POST['special'][0]) . ', ' . 'ordre = ' . abs((int) $_POST['ordre'][0])); $add = true; } //On récupère l'indice du champ concerné if ((!empty($_POST['delete']) || !empty($_POST['edit'])) && isset($_POST['id']) && is_array($_POST['id'])) { $i = array_search(empty($_POST['delete']) ? $_POST['edit'] : $_POST['delete'], $_POST['id']); } //On edite un tarif if (isset($i) && empty($_POST['delete']) && isset($_POST['ecole_lyonnaise'][$i]) && in_array($_POST['ecole_lyonnaise'][$i], ['0', '1']) && isset($_POST['for_pompom'][$i]) && in_array($_POST['for_pompom'][$i], ['yes', 'or', 'no']) && isset($_POST['for_cameraman'][$i]) && in_array($_POST['for_cameraman'][$i], ['yes', 'or', 'no']) && isset($_POST['for_fanfaron'][$i]) && in_array($_POST['for_fanfaron'][$i], ['yes', 'or', 'no']) && !empty($_POST['type'][$i]) && in_array($_POST['type'][$i], array_keys($typesTarifs)) && !empty($_POST['ordre'][$i]) && intval($_POST['ordre'][$i]) && !empty($_POST['nom'][$i]) && !empty($_POST['description'][$i]) && isset($_POST['montant'][$i]) && isset($_POST['special'][$i]) && (empty($_POST['special'][$i]) || in_array($_POST['special'][$i], array_keys($sports))) && is_numeric($_POST['montant'][$i])) { if (!isset($_POST['logement'])) { $_POST['logement'] = array(); } $pdo->exec('UPDATE tarifs SET ' . 'nom = "' . secure($_POST['nom'][$i]) . '", ' . 'description = "' . secure($_POST['description'][$i]) . '", ' . 'tarif = ' . abs((double) $_POST['montant'][$i]) . ', ' . 'ecole_lyonnaise = ' . $_POST['ecole_lyonnaise'][$i] . ', ' . 'for_pompom = "' . $_POST['for_pompom'][$i] . '", ' . 'for_cameraman = "' . $_POST['for_cameraman'][$i] . '", ' . 'for_fanfaron = "' . $_POST['for_fanfaron'][$i] . '", ' . 'type = "' . secure($_POST['type'][$i]) . '", ' . 'logement = ' . (in_array($_POST['id'][$i], $_POST['logement']) ? '1' : '0') . ', ' . 'id_sport_special = ' . (empty($_POST['special'][$i]) || $_POST['type'][$i] == 'nonsportif' ? 'NULL' : $_POST['special'][$i]) . ', ' . 'ordre = ' . abs((int) $_POST['ordre'][$i]) . ' ' . 'WHERE id = ' . abs((int) $_POST['id'][$i])); $modify = true; } else { if (isset($i) && !empty($_POST['delete'])) { $pdo->exec('DELETE FROM tarifs ' . 'WHERE id = ' . abs((int) $_POST['id'][$i])); $delete = true; } } $tarifs_lyonnais = $pdo->query('SELECT ' . 't.*, ' . 'COUNT(te.id_ecole) AS teid ' . 'FROM tarifs AS t ' . 'LEFT JOIN tarifs_ecoles AS te ON ' . 'te.id_tarif = t.id ' . 'WHERE ' . 't.ecole_lyonnaise = 1 ' . 'GROUP BY ' . 't.id ' . 'ORDER BY ' . 'ordre ASC, ' . 'nom ASC') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo())); $tarifs_lyonnais = $tarifs_lyonnais->fetchAll(PDO::FETCH_ASSOC); $tarifs_nonlyonnais = $pdo->query('SELECT ' . 't.*, ' . 'COUNT(te.id_ecole) AS teid ' . 'FROM tarifs AS t ' . 'LEFT JOIN tarifs_ecoles AS te ON ' . 'te.id_tarif = t.id ' . 'WHERE ' . 't.ecole_lyonnaise = 0 ' . 'GROUP BY ' . 't.id ' . 'ORDER BY ' . 'ordre ASC, ' . 'nom ASC') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo())); $tarifs_nonlyonnais = $tarifs_nonlyonnais->fetchAll(PDO::FETCH_ASSOC); //Inclusion du bon fichier de template require DIR . 'templates/admin/ecoles/tarification.php';
} else { $register_form = 'includes/forms/register_form.php'; } if (isset($_GET['done'])) { // Include reCaptcha if ($setting['use_captcha'] == 1) { require_once 'includes/misc/recaptchalib.php'; $resp = recaptcha_check_answer($setting['captcha_privkey'], $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if ($resp->is_valid) { $captcha_success = 1; } else { $captcha_success = 0; } } if ($setting['use_qa_captcha'] == 1) { $user_answer = secure(strtolower($_POST["qa_captcha_answer"])); $formatted_answers = str_replace(", ", ",", strtolower($setting['qa_captcha_answers'])); $answers = explode(',', $formatted_answers); foreach ($answers as $answer) { if ($answer == $user_answer) { $qa_captcha_success = 1; } } if (!isset($qa_captcha_success)) { $qa_captcha_success = 0; } } if ($setting['use_captcha'] != 1 && $setting['use_qa_captcha'] != 1) { $captcha_success = 1; $qa_captcha_success = 1; }
if (!preg_match ('/^Registered/', $chk_lic)) { $chk_lic = @file_get_contents("license.txt"); if (!preg_match ('/^Registered/', $chk_lic)) { $addTitle = "License"; require 'includes/license.php'; exit; } } session_start(); $_SERVER = cleanArray($_SERVER); $_POST = cleanArray($_POST); $_GET = cleanArray($_GET); $_COOKIE = cleanArray($_COOKIE); secure(); $time_start = get_microtime(); //------------------------------------------------------------------------ // Determine what page is being requested //------------------------------------------------------------------------ $pageId = get_input('pageId'); if (!$pageId) { $pageId = "login"; } if(!validate_input($pageId, 'pageId')) { echo "Error on pageId validation! <br>Check your regExpArray in config.php!\n"; $pageId = "login"; } //------------------------------------------------------------------------ // Connect to database. If connection fails then set the pageId for the
<?php require_once 'functions.php'; secure(2); require_once 'conn.php'; require_once 'header.php'; ?> <style type="text/css"> <!-- .style1 { color: #0000CC; font-weight: bold; font-size: 26px; } --> </style> <div id="content"> <div id="right"> <br/> <table align="center" width="100%" id="table1" cellpadding="5" cellspacing="5" border="2"> <tr><th colspan="6"><center> <span class="style1">ORDERED LIST</span> </center></th></tr> <tr> <th>Roll No.</th> <th>Customer Name</th> <th>Item List</th> <th>Adress</th>
private function loadUser() { $this->user = array("id" => 0, "username" => "Guest", "group" => -1, "template" => $this->config["default_template"], "language" => $this->config["default_language"]); $this->smarty->assign("guest", true); $this->smarty->assign("admin_access", false); if (getYakCookie("username") != "" && getYakCookie("password") != "") { // Check login $user = secure(getYakCookie("username")); $pass = getYakCookie("password"); loadLibrary("validation.lib"); if (valid_username($user) === true && valid_password($pass) === true) { $this->db->query("\r\n\t\t\t\t\tSELECT\r\n\t\t\t\t\t\t*\r\n\t\t\t\t\tFROM\r\n\t\t\t\t\t\tyakbb_users\r\n\t\t\t\t\tWHERE\r\n\t\t\t\t\t\tusername = '******'\r\n\t\t\t\t\tLIMIT\r\n\t\t\t\t\t\t1\r\n\t\t\t\t"); if ($this->db->numRows() == 1) { $x = $this->db->fetch(); if ($x["password"] === $pass) { $this->user = $x; $this->smarty->assign("guest", false); } } } } }
/* Dernière modification : le 07/11/14 *********************/ /* *********************************************************/ //S'il n'y a pas de saison on affiche une erreur if (empty($saison)) { die(require DIR . 'templates/_error.php'); } //Ajout d'un vendeur if (isset($_POST['add']) && !empty($_POST['nom'][0])) { $pdo->exec($s = 'INSERT INTO vendeurs SET ' . 'nom = "' . secure($_POST['nom'][0]) . '", ' . 'id_saison = ' . $saison['id']); $add = true; } //On récupère l'indice du champ concerné if ((!empty($_POST['delete']) || !empty($_POST['edit'])) && isset($_POST['id']) && is_array($_POST['id'])) { $i = array_search(empty($_POST['delete']) ? $_POST['edit'] : $_POST['delete'], $_POST['id']); } //On edite un vendeur if (!empty($i) && empty($_POST['delete']) && !empty($_POST['nom'][$i])) { $pdo->exec('UPDATE vendeurs SET ' . 'nom = "' . secure($_POST['nom'][$i]) . '" ' . 'WHERE id = ' . $_POST['id'][$i]); $modify = true; } else { if (!empty($i) && !empty($_POST['delete'])) { $pdo->exec('DELETE FROM vendeurs ' . 'WHERE id = ' . $_POST['id'][$i]); $delete = true; } } //Mise à jour des vendeurs $vendeurs = !empty($saison) ? $pdo->query('SELECT id, nom ' . 'FROM vendeurs ' . 'WHERE id_saison = ' . $saison['id'] . ' ' . 'ORDER BY nom ASC')->fetchAll(PDO::FETCH_ASSOC) : array(); //Vendeurs triés par ordre d'ajout $vendeurs_non_tries = !empty($saison) ? $pdo->query('SELECT id, nom ' . 'FROM vendeurs ' . 'WHERE id_saison = ' . $saison['id'] . ' ' . 'ORDER BY id ASC')->fetchAll(PDO::FETCH_ASSOC) : array(); //Inclusion du bon fichier de template require DIR . 'templates/public/vendeurs.php';
<!DOCTYPE html> <!-- To change this license header, choose License Headers in Project Properties. To change this template file, choose Tools | Templates and open the template in the editor. --> <html> <?php require 'database.php'; require 'utilities/utils.php'; $_GET = secure($_GET); $_POST = secure($_POST); if (isset($_GET['todo'])) { // echo $_GET['todo']; if ($_GET['todo'] == 'accueil') { generateHTMLHeader('accueil'); echo "<section id='content'>" . PHP_EOL; require "content/accueil.php"; echo "</section>" . PHP_EOL; } elseif ($_GET['todo'] == 'actualites') { generateHTMLHeader('actualites'); echo "<section id='content'>" . PHP_EOL; require "content/actualites.php"; echo "</section>" . PHP_EOL; } elseif ($_GET['todo'] == 'allArticles') { generateHTMLHeader('allArticles'); echo "<section id='content'>" . PHP_EOL; require "content/allArticles.php"; echo "</section>" . PHP_EOL; } elseif ($_GET['todo'] == 'contact') { generateHTMLHeader('contact');
<?php require_once 'functions.php'; secure(1); require_once 'conn.php'; if (isset($_POST['Submit'])) { $item = ""; if (isset($_POST['t1'])) { $item .= $_POST['t1'] . ','; } if (isset($_POST['t2'])) { $item .= $_POST['t2'] . ','; } if (isset($_POST['t3'])) { $item .= $_POST['t3'] . ','; } if (isset($_POST['t4'])) { $item .= $_POST['t4'] . ','; } if (isset($_POST['t5'])) { $item .= $_POST['t5'] . ','; } if (isset($_POST['t6'])) { $item .= $_POST['t6'] . ','; } if (isset($_POST['t7'])) { $item .= $_POST['t7'] . ','; } if (isset($_POST['t8'])) { $item .= $_POST['t8'] . ','; }
<?php $_GET = secure($_GET); $titre = "Bains&co"; $num = 1; // <!-- ----------- titre ------------------ --> echo "<h4> {$titre} </h4>"; // <!-- ----------- image descriptive ------------------ --> echo "<img alt='img' title='logo' src='media/img/Bains.png' class='img-article' /><break>"; if (isset($_GET['partenaire'])) { echo <<<CHAINE_DE_FIN <break> <!-- ----------- longue description de l'article ------------------ --> <p>La société de conseil Bain&Company soutient le X-WineContest. Découvrez une entreprise leader et fidèle à ses valeurs humaines.</p> <p> Créé en 1985, le bureau français de Bain&Company aide les dirigeants et leurs équipes de direction à générer des résultats financiers durables, quel que soit leur secteur d’activité. Il est ainsi devenus l’un des cabinets de conseil en stratégie leader en France. </p> <break> <a href= "http://www.bain.com/" class="post-link">site web</a> CHAINE_DE_FIN; } else { echo <<<CHAINE_DE_FIN <break> <!-- ----------- brève description de l'article ------------------ --> <p> La société de conseil Bain&Company soutient le X-WineContest. Découvrez une entreprise leader et fidèle à ses valeurs humaines. </p> <p><a href='index.php?todo=lire&partenaire={$num}&titre={$titre}' class='link-partenaires'>Lire la suite</a> CHAINE_DE_FIN; }
$errMsg .= "</div>"; } //$errMsg = $inpNama; //convert data menjadi json format $data = array('msg1' => $errMsg, 'msg2' => ''); echo json_encode($data); } if (isset($_POST['ubahAlat'])) { # BACA DATA DALAM FORM, masukkan datake variabel $errMsg = ""; $idAlat = secure(trim($_POST['idAlat'])); $namaAlat = strtoupper(secure(trim($_POST['namaAlat']))); $lokasi = secure(trim($_POST['lokasi'])); $kategori = secure(trim($_POST['kategori'])); $kondisi = secure(trim($_POST['kondisi'])); $ketersediaan = secure(trim($_POST['ketersediaan'])); # SIMPAN DATA KE DATABASE. // Jika tidak menemukan error, simpan data ke database //$kodeBaru = buatKode("ma_user", "UID"); //$txtPassword2 = MD5($inpPassword); $qry = "UPDATE alat SET nama_alat='{$namaAlat}',lokasi='{$lokasi}',kategori='{$kategori}',kondisi='{$kondisi}',ketersediaan='{$ketersediaan}'\n\t\t\t WHERE id_alat='{$idAlat}'"; $hsl = querydb($qry); if ($hsl) { $errMsg .= "<div class=\"alert alert-success alert-dismissible\" role=\"alert\">\n\t\t\t\t\t\t<button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-label=\"Close\"><span aria-hidden=\"true\">×</span></button>\n\t\t\t\t\t\tSUKSES !!! Data Sudah Dirubah !\n\t\t\t\t\t</div>\n\t\t\t\t"; //echo "<script>window.location.replace('page.php?open=data_master/barang_data.php');</script>"; //header("location:./page.php"); } else { $errMsg .= "\n\t\t\t\t\t<div class=\"alert alert-danger alert-dismissible\" role=\"alert\">\n\t\t\t\t\t\t<button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-label=\"Close\"><span aria-hidden=\"true\">×</span></button>\n\t\t\t\t\t\tGAGAL !!! Data Tidak Bisa Dirubah, harap ulang input data!\n\t\t\t\t\t</div>\n\t\t\t\t"; } //convert data menjadi json format $data = array('msg1' => $errMsg, 'msg2' => '');
} if ($found['sportif']) { $places_sportif++; } if ($found['pompom']) { $places_pompom++; } if ($found['cameraman']) { $places_cameraman++; } if ($found['fanfaron']) { $places_fanfaron++; } if (is_array($tarif) && !($tarif['logement'] && $ecole['quota_logement_on'] && ($_POST['sexe'][$i] == 'f' && $places_filles_logees <= 0 || $_POST['sexe'][$i] == 'h' && $places_garcons_loges <= 0) || in_array($_POST['id'][$i], $_POST['sportif']) && $places_sportif <= 0 || in_array($_POST['id'][$i], $_POST['pompom']) && $places_pompom <= 0 || in_array($_POST['id'][$i], $_POST['fanfaron']) && $places_fanfaron <= 0 || in_array($_POST['id'][$i], $_POST['cameraman']) && $places_cameraman <= 0) && !($cap_sport_special = !empty($found['eid']) && $found['eid'] == $found['id_sport_special'] && $found['id_sport_special'] != $tarif['id_sport_special'])) { $logeur = !$ecole['ecole_lyonnaise'] && !$tarif['logement'] && !empty($_POST['logeur']) ? $_POST['logeur'] : ''; $pdo->exec('UPDATE participants SET ' . 'nom = "' . secure($_POST['nom'][$i]) . '", ' . 'prenom = "' . secure($_POST['prenom'][$i]) . '", ' . 'sexe = "' . secure($_POST['sexe'][$i]) . '", ' . 'telephone = "' . secure($_POST['telephone'][$i]) . '", ' . 'licence = "' . ($type == 'sportif' ? secure($_POST['licence'][$i]) : '') . '", ' . 'sportif = ' . (in_array($_POST['id'][$i], $_POST['sportif']) ? '1' : '0') . ', ' . 'pompom = ' . (in_array($_POST['id'][$i], $_POST['pompom']) ? '1' : '0') . ', ' . 'fanfaron = ' . (in_array($_POST['id'][$i], $_POST['fanfaron']) ? '1' : '0') . ', ' . 'cameraman = ' . (in_array($_POST['id'][$i], $_POST['cameraman']) ? '1' : '0') . ', ' . 'id_tarif = ' . abs((int) $_POST['tarif'][$i]) . ', ' . 'id_recharge = ' . abs((int) $_POST['recharge'][$i]) . ', ' . 'logeur = "' . secure($logeur) . '", ' . 'date_modification = NOW() ' . 'WHERE ' . 'id_ecole = ' . $_SESSION['ecole']['user'] . ' AND ' . 'id = ' . $_POST['id'][$i]); if ($tarif['id_sport_special'] != $found['id_sport_special'] && !empty($found['id_sport_special'])) { $pdo->exec('DELETE FROM sportifs WHERE ' . 'id_participant = ' . $_POST['id'][$i] . ' AND ' . 'id_sport = ' . $found['id_sport_special'] . ' AND ' . 'id_ecole = ' . $_SESSION['ecole']['user']); } if ($type == 'nonsportif') { $pdo->exec('DELETE FROM sportifs WHERE ' . 'id_participant = ' . $_POST['id'][$i] . ' AND ' . 'id_ecole = ' . $_SESSION['ecole']['user']); } $modify = true; } } } } else { if (isset($i) && !empty($_POST['delete'])) { $pdo->exec('DELETE FROM participants ' . 'WHERE ' . 'id_ecole = ' . $_SESSION['ecole']['user'] . ' AND ' . 'id = ' . abs((int) $_POST['id'][$i])) or die(print_r($pdo->errorInfo())); $delete = true; }
<?php $liste_categories = getListCategory(); if (isset($_POST['q'])) { $search = secure($_POST['q']); } else { header('Location: ./'); } $results = search($search);
<?php define('AVARCADE_', 1); if (isset($get_load_time)) { $time = microtime(); $time = explode(' ', $time); $time = $time[1] + $time[0]; $start = $time; } require_once 'config.php'; include 'includes/core.php'; // Include language file include 'language/' . $setting['language'] . '.php'; $time_now = date("Y-m-d H:i:s"); if (isset($_COOKIE['ava_lastpage'])) { $prev_page = secure($_COOKIE['ava_lastpage']); } // Set current page if (!isset($_GET['task']) || isset($_GET['task']) && $_GET['task'] != 'register' && $_GET['task'] != 'validate' && $_GET['task'] != 'login') { setcookie('ava_lastpage', curPageUrl(), time() + 60 * 60 * 24 * 100, '/'); } // Get logged in user $user = getUser(); // Update the user IP if this is a new session, update users last activity if ($user['login_status'] == 1) { $update_new_frs = ''; $update_topic = ''; if ($user['new_pms'] == 0) { $update_new_frs = ", new_frs = 0"; } if (isset($_GET['task']) && $_GET['task'] == 'topic') {
/** * debug, fonction de debug de variable * elle vous permet d'avoir un coloration * synthaxique des types de donnée. */ function debug() { call_user_func_array([Util::class, 'debug'], secure(func_get_args())); }
/* *********************************************************/ /* actions/admin/logement/action_recensement_batiment.php **/ /* Liste des chambres dans le batiment concerné ************/ /* *********************************************************/ /* Dernière modification : le 19/01/15 *********************/ /* *********************************************************/ if (isset($_GET['maj']) && !empty($_POST['chambre']) && is_string($_POST['chambre']) && strlen($_POST['chambre']) == 4 && isset($_POST['nom']) && isset($_POST['prenom']) && isset($_POST['surnom']) && isset($_POST['email']) && isset($_POST['telephone']) && isset($_POST['etat']) && in_array($_POST['etat'], array_keys($labelsEtatChambre))) { $batiment = $_POST['chambre'][0]; $etage = $_POST['chambre'][1]; $numero = $_POST['chambre'][2] . $_POST['chambre'][3]; $existe = $pdo->query('SELECT ' . 'c.id, ' . 'c.etat, ' . 'COUNT(cp.id_participant) AS cp ' . 'FROM chambres AS c ' . 'LEFT JOIN chambres_participants AS cp ON ' . 'cp.id_chambre = c.id ' . 'WHERE ' . 'batiment = "' . secure($batiment) . '" AND ' . 'etage = "' . secure($etage) . '" AND ' . 'numero = "' . secure($numero) . '" ' . 'GROUP BY ' . 'c.id') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo())); $existe = $existe->fetch(PDO::FETCH_ASSOC); if (!empty($existe) && $existe['cp'] && $existe['etat'] != $_POST['etat']) { die(json_encode(array('error' => 1, 'etat' => empty($existe['etat']) ? 'pas_contacte' : $existe['etat']))); } if (!empty($existe)) { $pdo->exec('UPDATE chambres SET ' . 'nom_proprio = "' . secure($_POST['nom']) . '", ' . 'prenom_proprio = "' . secure($_POST['prenom']) . '", ' . 'surnom_proprio = "' . secure($_POST['surnom']) . '", ' . 'telephone_proprio = "' . secure($_POST['telephone']) . '", ' . 'email_proprio = "' . secure($_POST['email']) . '", ' . 'etat = "' . secure($_POST['etat']) . '" ' . 'WHERE ' . 'batiment = "' . secure($batiment) . '" AND ' . 'etage = "' . secure($etage) . '" AND ' . 'numero = "' . secure($numero) . '"'); } else { $pdo->exec('INSERT INTO chambres SET ' . 'batiment = "' . secure($batiment) . '", ' . 'etage = "' . secure($etage) . '", ' . 'numero = "' . secure($numero) . '", ' . 'nom_proprio = "' . secure($_POST['nom']) . '", ' . 'prenom_proprio = "' . secure($_POST['prenom']) . '", ' . 'surnom_proprio = "' . secure($_POST['surnom']) . '", ' . 'telephone_proprio = "' . secure($_POST['telephone']) . '", ' . 'email_proprio = "' . secure($_POST['email']) . '", ' . 'etat = "' . secure($_POST['etat']) . '"'); } die(json_encode(array('error' => 0))); } $batiment = $args[2][0]; $proprios_ = $pdo->query('SELECT ' . 'c.id, ' . 'c.etage, ' . 'c.numero, ' . 'c.nom_proprio, ' . 'c.prenom_proprio, ' . 'c.surnom_proprio, ' . 'c.email_proprio, ' . 'c.telephone_proprio, ' . 'c.etat ' . 'FROM chambres AS c ' . 'WHERE ' . 'c.batiment = "' . $batiment . '"') or DEBUG_ACTIVE && die(print_r($pdo->errorInfo())); $proprios_ = $proprios_->fetchAll(PDO::FETCH_ASSOC); $proprios = array(); foreach ($proprios_ as $proprio) { $proprios[sprintf('%s%d%02d', $batiment, $proprio['etage'], (int) $proprio['numero'])] = $proprio; } //Inclusion du bon fichier de template require DIR . 'templates/admin/logement/recensement_batiment.php';
$smarty->assign("title", $title); $smarty->assign("dir", $config->document_root); $smarty->assign("this", $_SERVER['PHP_SELF']); //$smarty->display('main_header.tpl'); $smarty->display('login.tpl'); //$smarty->display('main_footer.tpl'); exit; } if (!isset($uip)) { $uip = ""; } $_SESSION['uid'] = $uid; $_SESSION['pwd'] = $pwd; $_SESSION['uip'] = $uip; $_SESSION['uid'] = secure($_SESSION['uid']); $_SESSION['pwd'] = secure($_SESSION['pwd']); if (isset($_COOKIE["amxbans"])) { $sql = "SELECT * FROM {$config->webadmins} WHERE username = '******' AND password = '******'"; } else { $sql = "SELECT * FROM {$config->webadmins} WHERE username = '******' AND password = md5('{$pwd}')"; } $result = mysql_query($sql); if (!$result) { echo "A database error occurred while checking your login details."; exit; } if (mysql_num_rows($result) == 0) { unset($_SESSION['uid']); unset($_SESSION['pwd']); unset($_SESSION['uip']); unset($_SESSION['lvl']);
$error = "The passwords don't match."; } else { /* $result = queryMysql("SELECT * FROM members WHERE user='******'"); if ($result->num_rows) { $error = "That username already exists<br><br>"; } else { $passS = secure($pass); queryMysql("INSERT INTO members VALUES('$user', '$passS')"); die("<h4>Account created</h4>Please Log in.<br><br>"); } */ $result = queryMysql("SELECT * FROM members WHERE user='******'"); if ($result->num_rows) { $error = "That username already exists"; } else { $passS = secure($pass); queryMysql("INSERT INTO members VALUES('{$user}', '{$passS}')"); $_SESSION['user'] = $user; die("<script>window.location = 'members.php?view={$user}';</script>"); } } } } // sign up form echo <<<_END <form method="post" action="signup.php"><span class="error">{$error}</span><br> <label class="fieldname">Username</label> <input class="withinfo" type="text" maxlength="16" name="user" value='{$user}' onBlur="checkUser(this)"> <span id="info"> </span><br> <label class="fieldname">Password</label>
$pompom_nonsportif_on = !empty($_POST['quota_pompom_nonsportif_on']); $fanfaron_nonsportif_on = !empty($_POST['quota_fanfaron_nonsportif_on']); $cameraman_nonsportif_on = !empty($_POST['quota_cameraman_nonsportif_on']); $logins = $pdo->query('SELECT ' . 'login ' . 'FROM ecoles ' . 'WHERE ' . 'id <> ' . $ecole['id']) or DEBUG_ACTIVE && die(print_r($pdo->errorInfo())); $logins = $logins->fetchAll(PDO::FETCH_ASSOC); if (in_array($_POST['login'], $logins)) { $erreur_maj = 'login'; } else { if (!empty($_POST['pass']) && (empty($_POST['pass_repetition']) || $_POST['pass'] != $_POST['pass_repetition'])) { $erreur_maj = 'pass'; } else { if ($filles_on * $_POST['quota_garcons_loges'] + $garcons_on * $_POST['quota_filles_logees'] > $_POST['quota_total'] || $logement_on && $filles_on * $_POST['quota_garcons_loges'] + $garcons_on * $_POST['quota_filles_logees'] > $_POST['quota_logement'] || $_POST['quota_sportif'] > $_POST['quota_total'] || $_POST['quota_sportif'] < $ecole['quota_sportif_view'] || $pompom_on && $_POST['quota_pompom'] > $_POST['quota_total'] || $fanfaron_on && $_POST['quota_fanfaron'] > $_POST['quota_total'] || $cameraman_on && $_POST['quota_cameraman'] > $_POST['quota_total'] || $pompom_on && $_POST['quota_pompom'] < $ecole['quota_pompom_view'] || $fanfaron_on && $_POST['quota_fanfaron'] < $ecole['quota_fanfaron_view'] || $cameraman_on && $_POST['quota_cameraman'] < $ecole['quota_cameraman_view'] || $pompom_nonsportif_on && $_POST['quota_pompom_nonsportif'] > $_POST['quota_total'] || $fanfaron_nonsportif_on && $_POST['quota_fanfaron_nonsportif'] > $_POST['quota_total'] || $cameraman_nonsportif_on && $_POST['quota_cameraman_nonsportif'] > $_POST['quota_total'] || $pompom_nonsportif_on && $pompom_on && $_POST['quota_pompom_nonsportif'] > $_POST['quota_pompom'] || $fanfaron_nonsportif_on && $fanfaron_on && $_POST['quota_fanfaron_nonsportif'] > $_POST['quota_fanfaron'] || $cameraman_nonsportif_on && $cameraman_on && $_POST['quota_cameraman_nonsportif'] > $_POST['quota_cameraman'] || $pompom_nonsportif_on && $_POST['quota_pompom_nonsportif'] > $_POST['quota_total'] - $_POST['quota_sportif'] || $fanfaron_nonsportif_on && $_POST['quota_fanfaron_nonsportif'] > $_POST['quota_total'] - $_POST['quota_sportif'] || $cameraman_nonsportif_on && $_POST['quota_cameraman_nonsportif'] > $_POST['quota_total'] - $_POST['quota_sportif'] || $garcons_on && $_POST['quota_garcons_loges'] < $ecole['quota_garcons_loges_view'] || $filles_on && $_POST['quota_filles_logees'] < $ecole['quota_filles_logees_view'] || $_POST['quota_total'] < $ecole['quota_inscriptions']) { $erreur_maj = 'quotas'; } else { $erreur_maj = false; $pdo->exec('UPDATE ecoles SET ' . 'nom = "' . secure($_POST['nom']) . '", ' . 'ecole_lyonnaise = ' . secure($_POST['ecole_lyonnaise']) . ', ' . 'adresse = "' . secure($_POST['adresse']) . '", ' . 'code_postal = "' . secure($_POST['code_postal']) . '", ' . 'ville = "' . secure($_POST['ville']) . '", ' . 'email_ecole = "' . secure($_POST['email_ecole']) . '", ' . 'telephone_ecole = "' . secure($_POST['telephone_ecole']) . '", ' . 'login = "******", ' . (!empty($_POST['pass']) ? 'pass = "******", ' : null) . 'quota_total = ' . (int) $_POST['quota_total'] . ', ' . 'quota_filles_on = ' . ($filles_on ? '1' : '0') . ', ' . 'quota_garcons_on = ' . ($garcons_on ? '1' : '0') . ', ' . 'quota_filles_logees = ' . (int) $_POST['quota_filles_logees'] . ', ' . 'quota_garcons_loges = ' . (int) $_POST['quota_garcons_loges'] . ', ' . 'quota_logement_on = ' . ($logement_on ? '1' : '0') . ', ' . 'quota_logement = ' . (int) $_POST['quota_logement'] . ', ' . 'quota_sportif = ' . (int) $_POST['quota_sportif'] . ', ' . 'quota_pompom_on = ' . ($pompom_on ? '1' : '0') . ', ' . 'quota_cameraman_on = ' . ($cameraman_on ? '1' : '0') . ', ' . 'quota_fanfaron_on = ' . ($fanfaron_on ? '1' : '0') . ', ' . 'quota_pompom_nonsportif_on = ' . ($pompom_nonsportif_on ? '1' : '0') . ', ' . 'quota_cameraman_nonsportif_on = ' . ($cameraman_nonsportif_on ? '1' : '0') . ', ' . 'quota_fanfaron_nonsportif_on = ' . ($fanfaron_nonsportif_on ? '1' : '0') . ', ' . 'quota_pompom = ' . (int) $_POST['quota_pompom'] . ', ' . 'quota_cameraman = ' . (int) $_POST['quota_cameraman'] . ', ' . 'quota_fanfaron = ' . (int) $_POST['quota_fanfaron'] . ', ' . 'quota_pompom_nonsportif = ' . (int) $_POST['quota_pompom_nonsportif'] . ', ' . 'quota_cameraman_nonsportif = ' . (int) $_POST['quota_cameraman_nonsportif'] . ', ' . 'quota_fanfaron_nonsportif = ' . (int) $_POST['quota_fanfaron_nonsportif'] . ', ' . 'nom_respo = "' . secure($_POST['nom_respo']) . '", ' . 'prenom_respo = "' . secure($_POST['prenom_respo']) . '", ' . 'email_respo = "' . secure($_POST['email_respo']) . '", ' . 'telephone_respo = "' . secure($_POST['telephone_respo']) . '", ' . 'nom_corespo = "' . secure($_POST['nom_corespo']) . '", ' . 'prenom_corespo = "' . secure($_POST['prenom_corespo']) . '", ' . 'email_corespo = "' . secure($_POST['email_corespo']) . '", ' . 'telephone_corespo = "' . secure($_POST['telephone_corespo']) . '", ' . 'malus = ' . abs((double) $_POST['malus']) . ' ' . 'WHERE ' . 'id = ' . $ecole['id']); } } } $_POST['id'] = $ecole['id']; $_POST['quota_logement_on'] = $logement_on; $_POST['quota_filles_on'] = $filles_on; $_POST['quota_garcons_on'] = $garcons_on; $_POST['quota_pompom_on'] = $pompom_on; $_POST['quota_fanfaron_on'] = $fanfaron_on; $_POST['quota_cameraman_on'] = $cameraman_on; $_POST['quota_pompom_nonsportif_on'] = $pompom_nonsportif_on; $_POST['quota_fanfaron_nonsportif_on'] = $fanfaron_nonsportif_on; $_POST['quota_cameraman_nonsportif_on'] = $cameraman_nonsportif_on; foreach ($_POST as $label => $value) { if (!array_key_exists('login', $ecole)) {
<?php session_start(); /* ## Start security codes ## */ function secure($i) { return addslashes($i); } if (isset($_POST)) { foreach ($_POST as $key => $value) { $_POST[$key] = secure($value); } } if (isset($_GET)) { foreach ($_GET as $key => $value) { $_GET[$key] = secure($value); } } /* ## End security codes ## */ // Global functions function read_file($path) { $filename = $path; $handle = fopen($filename, "r"); $contents = fread($handle, filesize($filename)); fclose($handle); return $contents; } // Includes. require_once 'classes/databases.php'; require_once 'classes/languages.php';
include_once 'funzioni.php'; $error = ''; if (isset($_POST['submit'])) { if (empty($_POST['username']) || empty($_POST['password'])) { $error = "Username o password non validi."; echo $error; } else { $db = database_connect(); $username = $_POST['username']; $password = $_POST['password']; if (0 && !($username == "2011132" || $password == "QAZ123" || $username == "prova2" || $username == "admin" || $username == "2012137")) { echo "Le iscrizioni riapriranno il 4 gennaio 2016 alle ore 10:00."; } else { $username = secure(stripslashes($username)); $password = secure(stripslashes($password)); $username = $db->escape_string($username); $password = hash("sha512", $db->escape_string($password)); if ($password == "QAZ123") { $result = $db->query("select * from utenti where username='******'") or die('ERRORE: ' . $db->error); } else { $result = $db->query("select * from utenti where password='******' AND username='******'") or die('ERRORE: ' . $db->error); } $rows = $result->num_rows; if ($rows == 1) { $row = $result->fetch_assoc(); $hash = bin2hex(openssl_random_pseudo_bytes(32)); $time = time(); $db->query("INSERT INTO sessioni (user, userid, time) VALUES ('" . $row['id'] . "', '{$hash}', {$time})"); session_start(); $_SESSION['login_user'] = $hash;
<?php $liste_categories = getListCategory(); // email if (isset($_POST['submitmessage'])) { if (isset($_POST['titre']) && isset($_POST['nom']) && isset($_POST['email']) && isset($_POST['message'])) { $titre = secure($_POST['titre']); $nom = secure($_POST['nom']); $email = secure($_POST['email']); $message = secure($_POST['message']); if (isset($_POST['prenom'])) { $prenom = secure($_POST['prenom']); } if (!empty($titre) && !empty($nom) && !empty($email) && !empty($message)) { $destinataire = getUser(1)['lemail']; $send_message = "Titre : " . $titre . "\r\n"; if (isset($prenom)) { $send_message .= "Prénom de l'expéditeur : " . $prenom . "\r\n"; } $send_message .= "Nom de l'expéditeur : " . $nom . "\r\n"; $send_message .= "Adresse email de l'expéditeur : " . $email . "\r\n"; $send_message .= "Message : " . $message . "\r\n"; $demande = 'demande'; $entete = "From: " . $email . " \r\n" . "Reply-To: " . $email . " \r\n" . "X-Mailer: PHP/" . phpversion(); if (mail($destinataire, $demande, $send_message, $entete)) { $msg = "E-mail envoyé !"; } else { $error = "Erreur à l'envoi !"; } } else { $error = 'Veuillez remplir tous les champs !';
# but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. require_once dirname(__FILE__) . "/../php/mb_validatePermission.php"; $wfs_conf_filename = "wfs_default.conf"; include '../include/dyn_php.php'; $fname = dirname(__FILE__) . "/../../conf/" . $wfs_conf_filename; if (file_exists($fname)) { /* * @security_patch finc done */ include secure($fname); } else { $e = new mb_exception("mod_wfs_SpatialRequest.php: Configuration file " . $wfs_conf_filename . " not found."); } include '../include/dyn_js.php'; echo "var mod_wfs_spatialRequest_target = '" . $e_target[0] . "';\n"; ?> //element var openLinkFromSearch for opening attribute link directly onclick of searchResult entry var openLinkFromSearch = typeof openLinkFromSearch === "undefined" ? 0 : openLinkFromSearch; var wfsAreaType_point = "point"; var wfsAreaType_polygon = "polygon"; var wfsAreaType_rectangle = "rectangle"; var wfsAreaType_extent = "extent"; var wfsAreaType_current = "";
private function validate() { loadLibrary("validation.lib"); $user = secure($_POST["username"]); $pass = $_POST["password"]; $reg = valid_username($user); if ($reg !== true) { $this->errors[] = $reg; } $reg = valid_password($pass); if ($reg !== true) { $this->errors[] = $reg; } if (count($this->errors) == 0) { // Check actual login data now global $yakbb; $yakbb->db->query("\r\n\t\t\t\tSELECT\r\n\t\t\t\t\tpassword\r\n\t\t\t\tFROM\r\n\t\t\t\t\tyakbb_users\r\n\t\t\t\tWHERE\r\n\t\t\t\t\tusername = '******'\r\n\t\t\t\tLIMIT\r\n\t\t\t\t\t1\r\n\t\t\t"); $x = $yakbb->db->fetch(); if ($yakbb->db->numRows() == 0) { $this->errors[] = "user_doesnt_exist"; } else { if (sha256($pass) !== $x["password"]) { $this->errors[] = "password_incorrect"; } else { // Login setYakCookie("username", $user, time() + 60 * 60 * 24 * 180); setYakCookie("password", sha256($pass), time() + 60 * 60 * 24 * 180); redirect("?"); } } } }