/**
  * Load a the user, roles, and settings internally. If no user ID
  * is specified user the one from the session.
  *
  * @param integer $userId
  */
 public function load($userId)
 {
     if (!valid($userId)) {
         throw new \Base\Exception('No user ID specified or exists in the session');
     }
     $this->loadUser($userId);
 }
Beispiel #2
0
 function auth()
 {
     if (!valid('janitor_board')) {
         // Admin.php login
         $temp = "" . "<div align='center' vertical-align='middle'>" . ($temp = '<form action="' . PHP_ASELF . '" method="post"><table>' . '<tr><td>Username</td><td><input type="text" name="usernm"  style="width:100%" /></td></tr>' . '<tr><td>Password</td><td><input type="password" name="passwd" style="width:100%" /></td></tr>');
         if (SECURE_LOGIN) {
             if (RECAPTCHA) {
                 $temp .= "<tr><td colspan='2'><script src='//www.google.com/recaptcha/api.js'></script><div class='g-recaptcha' data-sitekey='" . RECAPTCHA_SITEKEY . "'></td></tr>";
             } else {
                 $temp .= "<tr><td><img src='" . CORE_DIR_PUBLIC . "/general/captcha.php' /></td><td><input type='text' name='num' size='20' placeholder='Captcha'></td></tr>";
             }
         }
         $temp .= "<tr><td colspan='2'><input type='submit' value='" . S_MANASUB . "'></td></tr></table>" . "<br></form></div>";
         echo $temp;
         if (isset($_POST['usernm']) && isset($_POST['passwd'])) {
             if (SECURE_LOGIN) {
                 require_once CORE_DIR . '/general/captcha.php';
                 $captcha = new Captcha();
                 if ($captcha->isValid() !== true) {
                     $this->error(S_CAPFAIL);
                 }
             }
             $this->doLogin($_POST['usernm'], $_POST['passwd']);
             echo "<META HTTP-EQUIV=\"refresh\" content=\"0;URL=" . PHP_ASELF_ABS . "\">";
         }
         die("</body></html>");
     }
     return $temp;
 }
Beispiel #3
0
function destroy_key($ip, $mode, $other = null)
{
    // Removes a key
    if (valid($mode) && $other != null && valid($ip)) {
        mysql_query("DELETE FROM `keys` WHERE other='{$other}' AND `ip`='{$ip}' LIMIT 1") or die(mysql_error());
    }
}
Beispiel #4
0
function theme_play_build_menu()
{
    global $arr_menu, $username;
    $content = '<ul class="nav">';
    $i = 0;
    foreach ($arr_menu as $cat => $value) {
        $i++;
        $content .= "<li class=\"dropdown\">";
        $content .= '<a href="#" class="dropdown-toggle">' . $cat . '</a>';
        $content .= '<ul class="dropdown-menu">';
        foreach ($value as $sub_key => $menu) {
            $content .= '<li><a href="' . $menu[0] . '">' . $menu[1] . '</a></li>';
        }
        $content .= "</ul>";
        $content .= "</li>";
    }
    $content .= '</ul>';
    if (valid()) {
        $content .= '<ul class="nav secondary-nav">';
        $content .= "<li class=\"dropdown pull-right\">";
        $content .= '<a href="#" class="dropdown-toggle">' . $username . '</a>';
        $content .= '<ul class="dropdown-menu">';
        $content .= '<li><a href="index.php?app=page&op=auth_logout">Logout</a></li>';
        $content .= "</ul>";
        $content .= "</li>";
        $content .= '</ul>';
    }
    return $content;
}
Beispiel #5
0
 function generateAdmin()
 {
     require_once CORE_DIR . "/admin/report.php";
     $getReport = new Report();
     $boardTitle = SHOWTITLETXT > 0 ? "<div class='boardTitle'>" . $this->info['page']['title'] . "</div><div class='boardSubtitle'>" . S_HEADSUB . "</div><hr>" : '';
     $bannerImg .= SHOWTITLEIMG ? '<img class="bannerImg" src="' . TITLEIMG . '" onclick="this.src=this.src;" alt="' . TITLE . '" /><br>' : '';
     /* begin page content */
     $dat = "<!DOCTYPE html><head>\n                    <meta name='description' content='" . S_DESCR . "'/></meta>\n                    <meta http-equiv='content-type'  content='text/html;charset=utf-8' /></meta>\n                    <meta name='viewport' content='width=device-width, initial-scale=1'></meta>\n                    <meta http-equiv='cache-control' content='max-age=0' />\n                    <meta http-equiv='cache-control' content='no-cache' />\n                    <meta http-equiv='expires' content='0' />\n                    <meta http-equiv='expires' content='Tue, 01 Jan 1980 1:00:00 GMT' />\n                    <meta http-equiv='pragma' content='no-cache' />\n                    <link rel='shortcut icon' href='" . CSS_PATH . "imgs/favicon.ico'>\n                    <title>" . $this->info['page']['title'] . "</title>";
     //$dat .= "<link class='togglesheet' rel='stylesheet' type='text/css' href='" . CSS_PATH . "/panel.css' title='Admin Panel' />";
     if (NSFW) {
         $dat .= "<link class='togglesheet' rel='stylesheet' type='text/css' href='" . CSS_PATH . CSS1 . "' title='Yotsuba' />\n                <link rel='stylesheet' type='text/css' href='" . CSS_PATH . "/stylesheets/mobile.css' title='mobile' />\n                <link class='togglesheet' rel='alternate stylesheet' type='text/css' media='screen'  href='" . CSS_PATH . CSS2 . "' title='Yotsuba B' />";
     } else {
         $dat .= "<link class='togglesheet' rel='stylesheet' type='text/css' media='screen'  href='" . CSS_PATH . CSS2 . "' title='Yotsuba B' />\n            <link rel='stylesheet' type='text/css' href='" . CSS_PATH . "/stylesheets/mobile.css' title='mobile' />\n            <link class='togglesheet' rel='alternate stylesheet' type='text/css' href='" . CSS_PATH . CSS1 . "' title='Yotsuba' />";
     }
     //<link class='togglesheet' rel='alternate stylesheet' type='text/css' media='screen'  href='" . CSS_PATH . CSS4 . "' title='Burichan'/> RIP Burichan 1862-2015
     $dat .= "<link class='togglesheet' rel='alternate stylesheet' type='text/css' media='screen'  href='" . CSS_PATH . CSS3 . "' title='Tomorrow' />";
     $dat .= "<script src='" . JS_PATH . "/extension.min.js' type='text/javascript'></script>\n                <script src='" . JS_PATH . "/main.js' type='text/javascript'></script>";
     $dat .= '</head><div class="beforePostform" />' . $titlebar . '
             <span class="boardList desktop">' . (file_exists(BOARDLIST) ? file_get_contents(BOARDLIST) : '') . '</div>
             <div class="linkBar">[<a href="' . HOME . '" target="_top">' . S_HOME . '</a>][<a href="' . PHP_ASELF_ABS . '">' . S_ADMIN . '</a>]
             </span><div class="boardBanner">' . $bannerImg . $boardTitle . '</div>';
     $dat .= "<div class='panelOps' style='text-align:left;' />[<a href=\"" . PHP_SELF2 . "\">" . S_RETURNS . "</a>]";
     $dat .= "[<a href=\"" . PHP_SELF . "\">" . S_LOGUPD . "</a>]";
     if (valid('moderator')) {
         $dat .= "[<a href='" . PHP_ASELF_ABS . "?mode=rebuild' >Пересобрать</a>]";
         $dat .= "[<a href='" . PHP_ASELF_ABS . "?mode=rebuildall' >Пересобрать все треды</a>]";
         $dat .= "[<a href='" . PHP_ASELF_ABS . "?mode=reports' >" . $getReport->reportGetAllBoard() . "</a>]";
     }
     if (valid('admin')) {
         $dat .= "[<a href='" . PHP_ASELF_ABS . "?mode=staff' >Управление пользователями</a>]";
     }
     $dat .= "[<a href='" . PHP_ASELF . "?mode=logout'>" . S_LOGOUT . "</a>]";
     return $dat;
 }
Beispiel #6
0
function versionCheck($version)
{
    $versions = array("1.0.0", "1.1.0", "1.1.1", "1.2.0", "1.3.0", "1.4.0", "1.5.0", "1.5.1", "1.6.0", "1.7.0-SNAPSHOT", "IRC", "DesktopAPI");
    $ip = $_SERVER['REMOTE_ADDR'];
    if (in_array($version, $versions) || $ip == "68.151.211.33") {
        return valid($version);
    }
    return false;
}
 /**
  * Load a user by login token, stored as a setting
  */
 static function getByToken($token)
 {
     $config = self::getStaticService('config');
     $setting = \Db\Sql\Settings::getByKeyValue($config->settings->cookieToken, $token->getValue(), ['first' => TRUE]);
     if (!$setting || !valid($setting->object_id)) {
         return FALSE;
     }
     return \Db\Sql\Users::findFirst($setting->object_id);
 }
Beispiel #8
0
function getNextPass($current)
{
    //Lazy solution - loop over each and check it's valid
    $current++;
    while (!valid($current)) {
        $current++;
    }
    return $current;
}
 public function quitAction($message = '', $status = SUCCESS, $redirect = NULL, $code = NULL)
 {
     if (valid($message, STRING)) {
         $this->addMessage($message, $status);
     }
     if ($code) {
         $this->code = $code;
     }
     if ($redirect) {
         $this->redirect = $redirect;
     }
 }
Beispiel #10
0
 function form($no)
 {
     global $mysql;
     $host = $mysql->result("SELECT host FROM " . SQLBANLOG . " WHERE no='" . $mysql->escape_string($no) . "'");
     $alart = $host ? $mysql->num_rows("SELECT COUNT(*) FROM " . SQLBANLOG . " WHERE ip='" . $host . "'") : 0;
     $alert = $alart > 0 ? "<b><font color=\"FF101A\"> {$alart} ban(s) on record for {$host}!</font></b>" : "No bans on record for IP {$host}";
     $temp = head(1);
     $temp .= "<br><table border='0' cellpadding='0' cellspacing='0' /><form action='admin.php?mode=ban' method='POST' />\n        <input type='hidden' name='no' value='{$no}' />\n        <input type='hidden' name='ip' value='{$host}' />\n        <tr><td class='postblock'>IP History: </td><td>{$alert}</td></tr>\n        <tr><td class='postblock'>Unban in:</td><td><input type='number' min='0' size='4' name='banlength'  /> days</td></tr>\n        <center><tr><td class='postblock'>Ban type:</td><td></center>\n            <select name='banType' />\n            <option value='warn' />Warning only</option>\n            <option value='thisboard' />This board - /" . BOARD_DIR . "/ </option>\n            <option value='global' />All boards</option>\n            <option value='perma' />Permanent - All boards</option>\n            </select>\n        </td></tr>\n        <tr><td class='postblock'>Public reason:</td><td><textarea rows='2' cols='25' name='pubreason' /></textarea></td></tr>\n        <tr><td class='postblock'>Staff notes:</td><td><input type='text' name='staffnote' /></td></tr>\n        <tr><td class='postblock'>Append user's comment:</td><td><input type='text' name='custmess' placeholder='Leave blank for USER WAS BAN etc.' /> [ Show message<input type='checkbox' name='showbanmess' /> ] </td></tr>\n        <tr><td class='postblock'>After-ban options:</td><td>\n            <select name='afterban' />\n            <option value='none' />None</option>\n            <option value='delpost' />Delete this post</option>\n            <option value='delallbyip' />Delete all by this IP</option>\n            <option value='delimgonly' />Delete image only</option>\n            </select>\n        </td></tr>";
     if (valid('admin')) {
         $temp .= "\n            <tr><td class='postblock'>Add to Blacklist:</td><td>[ Comment<input type='checkbox' name='blacklistcom' /> ] [ Image MD5<input type='checkbox' name='blacklistimage' /> ] </td></tr>";
     }
     $temp .= "<center><tr><td><input type='submit' value='Ban'/></td></tr></center></table></form>";
     echo $temp;
 }
Beispiel #11
0
 function remStaff($targUser = '', $actUser, $actPass)
 {
     global $mysql;
     //remove staff member
     $targUser = $mysql->escape_string($targUser);
     if (!valid('admin')) {
         error("Permission denied");
     }
     if ($this->isStaff($targUser)) {
         error("User doesn't exist! (GET error?)");
     }
     if ($_COOKIE['saguaro_auser'] == $targUser) {
         error("You can't delete yourself!");
     }
     //oi ya cheeky shit ill bash yer fookin head in i sware on me mum
     $mysql->query("DELETE FROM " . SQLMODSLOG . " WHERE user='******'");
 }
function greedy($n, $a, $pq)
{
    $t = explode(" ", $pq);
    $p = $t[0];
    $q = $t[1];
    $a = explode(" ", $a);
    $result = array();
    if ($n != 1) {
        sort($a);
        for ($i = 0; $i < $n - 1; $i++) {
            $diff = $a[$i + 1] - $a[$i];
            $val = $a[$i] + $diff / 2;
            if (valid($p, $q, $val)) {
                $result[] = $val;
            }
            $val = $a[$i + 1] - $diff / 2;
            if (valid($p, $q, $val)) {
                $result[] = $val;
            }
        }
        $result[] = $p;
        $result[] = $q;
        sort($result);
        $sz = count($result);
        $best = -1;
        $bestval = 0;
        for ($i = 0; $i < $sz; $i++) {
            $val = 2147483647;
            for ($j = 0; $j < $n; $j++) {
                if (abs($a[$j] - $result[$i]) < $val) {
                    $val = abs($a[$j] - $result[$i]);
                }
            }
            if ($val > $best) {
                $best = $val;
                $bestval = $result[$i];
            }
        }
        return $bestval;
    }
    $val1 = abs($a[0] - $p);
    $val2 = abs($a[0] - $q);
    return $val1 >= $val2 ? $p : $q;
}
 /**
  * Authorize a user's login token
  *
  * @return object | bool
  */
 public function authorizeToken()
 {
     $cookies = $this->getService('cookies');
     // read the cookie, check if the token belongs to a user
     if (!$cookies->has('token')) {
         return FALSE;
     }
     $token = $cookies->get('token');
     if (!valid($token->getValue(), STRING)) {
         return FALSE;
     }
     // try to get the user by token
     $user = \Db\Sql\Users::getByToken($token);
     if (!$user || !valid($user->id)) {
         return FALSE;
     }
     // save the session data
     $session = $this->getService('session');
     $session->set('user_id', $user->id);
     return $user;
 }
Beispiel #14
0
function theme_play_build_menu()
{
    global $menu_config, $username, $name;
    $content = '<ul class="nav">';
    $i = 0;
    foreach ($menu_config as $cat => $value) {
        $i++;
        $content .= "<li class=\"dropdown\">";
        $content .= '<a href="#" class="dropdown-toggle">' . $cat . '</a>';
        $content .= '<ul class="dropdown-menu">';
        foreach ($value as $sub_key => $sub_menu) {
            $sub_menu_url = $sub_menu[0];
            $sub_menu_title = $sub_menu[1];
            $sub_menu_index = $sub_menu[2] ? $sub_menu[2] : 3;
            $m[$sub_menu_index . '.' . $sub_menu_title] = "<li><a href='" . $sub_menu_url . "'>" . $sub_menu_title . "</a></li>";
        }
        ksort($m);
        foreach ($m as $mm) {
            $content .= $mm;
        }
        unset($m);
        $content .= "</ul>";
        $content .= "</li>";
    }
    $content .= '</ul>';
    if (valid()) {
        $content .= '<ul class="nav secondary-nav">';
        $content .= "<li class=\"dropdown pull-right\">";
        $content .= '<a href="#" class="dropdown-toggle">' . $name . ' (' . $username . ')</a>';
        $content .= '<ul class="dropdown-menu">';
        $content .= '<li><a href="index.php?app=menu&inc=user_config&op=user_config">' . _('User configuration') . '</a></li>';
        $content .= '<li><a href="index.php?app=menu&inc=user_pref&op=user_pref">' . _('Preferences') . '</a></li>';
        $content .= '<li><a href="index.php?app=page&op=auth_logout">Logout</a></li>';
        $content .= "</ul>";
        $content .= "</li>";
        $content .= '</ul>';
    }
    return $content;
}
Beispiel #15
0
function rebuild($all = 0)
{
    global $mysql, $my_log;
    if (!valid('moderator')) {
        die('Update failed...');
    }
    header("Pragma: no-cache");
    echo "Rebuilding " . ($all ? "all" : "missing") . ' replies and pages... <a href="' . PHP_SELF2_ABS . '">Go back</a><br><br>';
    ob_end_flush();
    $starttime = microtime(true);
    if (!($treeline = $mysql->query("select no,resto from " . SQLLOG . " where root>0 order by root desc"))) {
        echo S_SQLFAIL;
    }
    echo "Writing...\n";
    if ($all || !defined('CACHE_TTL')) {
        while (list($no, $resto) = $mysql->fetch_row($treeline)) {
            if (!$resto) {
                $my_log->update($no, 1);
                echo "No.{$no} created.<br>\n";
            }
        }
        $my_log->update();
        echo "Index pages created.<br>\n";
    } else {
        $posts = rebuildqueue_take_all();
        foreach ($posts as $no) {
            $deferred = $my_log->update($no, 1) ? ' (deferred)' : '';
            if ($no) {
                echo "No.{$no} created.{$deferred}<br>\n";
            } else {
                echo "Index pages created.{$deferred}<br>\n";
            }
        }
    }
    $totaltime = microtime(true) - $starttime;
    echo "<br>Time elapsed (lock excluded): {$totaltime} seconds", "<br>Pages created.<br><br>\nRedirecting back to board.\n<META HTTP-EQUIV=\"refresh\" content=\"10;URL=" . PHP_SELF2 . "\">";
}
Beispiel #16
0
 function changePassword($actpass, $newpass, $renewpass)
 {
     $resultArr = array();
     $resultArr['success'] = false;
     $resultArr['message'] = "";
     if ($actpass != null && $newpass != null && $renewpass != null && valid($actpass, 50) && valid($newpass, 20) && valid($renewpass, 20)) {
         //Encrypt password
         $passencrypt = $this->encryptPassword($actpass);
         include 'conn.php';
         // Make a safe query
         $Query = sprintf("select name, pass from " . TABLE_PREFIX . "session where name=%s and pass=%s", quote_smart($this->usernameSession), quote_smart($passencrypt));
         $dbResult = $dblink->query($Query);
         $count = 0;
         if ($row =& $dbResult->fetchRow(DB_FETCHMODE_ASSOC)) {
             $count++;
         }
         if ($count == 0) {
             $resultArr['message'] = T_("The actual password is incorrect");
         } else {
             if ($newpass != $renewpass) {
                 $resultArr['message'] = T_("The new password does not match in both fields");
             } else {
                 //Encrypt password
                 $newpassencrypt = $this->encryptPassword($newpass);
                 $Query = "update " . TABLE_PREFIX . "session set pass='******' where name='" . $this->usernameSession . "'";
                 $AffectedRows = $dblink->exec($Query);
                 if ($AffectedRows == 1) {
                     $resultArr['message'] = T_("You have successfully changed your password");
                     $resultArr['success'] = true;
                 } else {
                     $resultArr['message'] = T_("There has been a problem while updating your password. Don't type the same password.");
                 }
             }
         }
     } else {
         $resultArr['message'] = T_("Missing values or invalid length");
     }
     return $resultArr;
 }
Beispiel #17
0
<?php

if (!defined('_SECURE_')) {
    die('Intruder alert');
}
/*
 * Created on Apr 30, 2008
 *
 * To change the template for this generated file go to
 * Window - Preferences - PHPeclipse - PHP - Code Templates
 */
if (!valid()) {
    forcenoaccess();
}
?>
<script
	type="text/javascript"
	src="<?php 
echo $http_path['themes'];
?>
/<?php 
echo $themes_module;
?>
/jscss/datetimepicker.js"></script>
<?php 
switch ($op) {
    case "sms_autosend_list":
        if ($err) {
            $content = "<div class=error_string>{$err}</div>";
        }
        $content .= "\n\t\t\t\t\t\t\t\t<h2>" . _('Manage autosend') . "</h2>\n\t\t\t\t\t\t\t\t<p>\n\t\t\t\t\t\t\t\t<input type=button value=\"" . _('Add SMS autosend') . "\" onClick=\"javascript:linkto('index.php?app=menu&inc=feature_sms_autosend&op=sms_autosend_add')\" class=\"button\" />\n\t\t\t\t\t\t\t\t<p>\n\t\t\t\t\t\t\t";
Beispiel #18
0
    fclose($file);
}
function dir_permissions()
{
    $dirs = array(DIR_OPENCART . 'image/', DIR_OPENCART . 'system/storage/download/', DIR_OPENCART . 'system/storage/upload/', DIR_OPENCART . 'system/storage/cache/', DIR_OPENCART . 'system/storage/logs/', DIR_OPENCART . 'system/storage/modification/');
    exec('chmod o+w -R ' . implode(' ', $dirs));
}
$argv = $_SERVER['argv'];
$script = array_shift($argv);
$subcommand = array_shift($argv);
switch ($subcommand) {
    case "install":
        try {
            $options = get_options($argv);
            define('HTTP_OPENCART', $options['http_server']);
            $valid = valid($options);
            if (!$valid[0]) {
                echo "FAILED! Following inputs were missing or invalid: ";
                echo implode(', ', $valid[1]) . "\n\n";
                exit(1);
            }
            install($options);
            echo "SUCCESS! Opencart successfully installed on your server\n";
            echo "Store link: " . $options['http_server'] . "\n";
            echo "Admin link: " . $options['http_server'] . "admin/\n\n";
        } catch (ErrorException $e) {
            echo 'FAILED!: ' . $e->getMessage() . "\n";
            exit(1);
        }
        break;
    case "usage":
Beispiel #19
0
" class="genericButton">
	</form>
<?php 
    } else {
        $success = false;
        if ($_POST['joingGroup']) {
            if (isset($_POST['pass'])) {
                $password = $_POST['pass'];
            }
            if ($password != null) {
                $passencrypt = sha1($password);
            } else {
                $passencrypt = "";
            }
            //Check if the pass string is valid (for protection)
            if (!valid($password, 20)) {
                echo "<p class=\"error\">" . T_("The password you entered is invalid") . ".</p>";
            } else {
                // Check if the user is already part of the group
                if ($partOf) {
                    echo "<p class=\"error\">" . T_("You are already a member of this group") . ".</p>";
                } else {
                    $Query = sprintf("select group_name from " . TABLE_PREFIX . "groups where group_id=" . $group_id . " and password='******'");
                    //echo($Query . "<br>\n");
                    $dbResult = $dblink->query($Query);
                    $check = 0;
                    while ($row =& $dbResult->fetchRow(DB_FETCHMODE_ASSOC)) {
                        $check++;
                    }
                    if ($check == 1) {
                        //Insert member into the gsubscriptions table
Beispiel #20
0
/*-----------程式各項功能主要判斷-------------*/
if (GZIP_COMPRESS_LEVEL && ($Encoding = CheckSupportGZip())) {
    ob_start();
    ob_implicit_flush(0);
}
// 支援且開啟Gzip壓縮就設緩衝區
$mode = isset($_GET['mode']) ? $_GET['mode'] : (isset($_POST['mode']) ? $_POST['mode'] : '');
// 目前執行模式 (GET, POST)
switch ($mode) {
    case 'regist':
        regist();
        break;
    case 'admin':
        $admin = isset($_REQUEST['admin']) ? $_REQUEST['admin'] : '';
        // 管理者執行模式
        valid();
        switch ($admin) {
            case 'del':
                admindel();
                break;
            case 'logout':
                adminAuthenticate('logout');
                header('HTTP/1.1 302 Moved Temporarily');
                header('Location: ' . fullURL() . PHP_SELF2 . '?' . time());
                break;
            case 'optimize':
            case 'check':
            case 'repair':
            case 'export':
                if (!$PIO->dbMaintanence($admin)) {
                    echo _T('action_main_notsupport');
Beispiel #21
0
     require_once CORE_DIR . "/log/rebuild.php";
     rebuild(1);
     break;
 case 'reports':
     head(0);
     require_once CORE_DIR . "/admin/report.php";
     $getReport = new Report();
     if (isset($_GET['no'])) {
         $getReport->reportClear($_GET['no']);
     }
     $active = $getReport->reportGetAllBoard();
     echo $getReport->reportList();
     break;
 case 'news':
     head(0);
     if (!valid('admin')) {
         error(S_NOPERM);
     }
     require_once CORE_DIR . "/admin/news.php";
     $news = new News();
     //lol
     if (isset($_POST['update']) && isset($_POST['file']) || isset($_POST['boardlist'])) {
         $news->newsUpdate($_POST['update'], $_POST['file']);
     }
     echo $news->newsPanel();
     break;
 default:
     head(0);
     aform($post = '', 0, 1);
     $table->display($type = 'all', 0);
     break;
                ?>
<a href="mailto:<?php 
                echo $data['email'];
                ?>
"><?php 
            }
            echo stripslashes($data['name']);
            if ($data['showEmail'] == 1) {
                ?>
</a><?php 
            }
            ?>
 wrote <?php 
            $date = new DateTime($data['time']);
            echo 'on ' . $date->format("l") . " the " . $date->format("jS") . " around " . $date->format("h:s a") . "</div>";
            $message = ubb(nl2br(stripslashes(htmlentities(valid($data['message'])))));
            echo '<div class="content">';
            if ($data['enableEmoticons'] == 1) {
                echo emoticons($message);
            }
            if ($data['enableEmoticons'] == 0) {
                echo $message;
            }
            echo '</div>';
            ?>
   	</div>
    <?php 
        }
        echo '</div>';
        echo "<div id='pagination'>";
        if ($pid > 1) {
Beispiel #23
0
<?php

require_once "inc/user.inc.php";
require_once "inc/misc.inc.php";
require_once "inc/alerts.inc.php";
require_once "inc/mail.inc.php";
if (isLoggedIn()) {
    header("Location: mail.php?folder=inbox&success=You+are+already+logged+in");
}
// Login function
if (isset($_POST['login']) && valid(clean($_POST['login']))) {
    $username = clean($_POST['username']);
    $password = clean($_POST['password']);
    if (valid($username) && valid($password)) {
        if (login($username, $password)) {
            header("Location: mail.php?folder=inbox&success=You+have+been+logged+in");
        } else {
            $alerts->setError("Incorrect username or password :(");
        }
    } else {
        $alerts->setError("Please provide a username and password!");
    }
}
?>
<html>
<head>
	<title>xMail</title>
	<link rel='stylesheet' href='style.css'>
</head>
	</body>
		<div class='wrapper'>
<span class="title1">Modify Page</span> <br>
<?php 
if (!isset($_GET['id'])) {
    echo "wrong parameters";
    exit;
}
if (isset($_POST['submit'])) {
    database_connect();
    //--- TESTen
    $id = $_GET['id'];
    $title = valid($_POST['title']);
    $urltitle = sanitize_title_with_dashes($_POST['urltitle']);
    $menutitle = valid($_POST['menutitle']);
    $keywords = valid($_POST['keywords']);
    $description = valid($_POST['description']);
    $text = valid($_POST['text']);
    //begin image uploaden
    if ($title == "") {
        $errormessage .= "Please fill in a title.<br>";
    }
    if ($errormessage) {
        echo "<br>" . $errormessage . "<br><input name=\"back\" type=\"button\" value=\"&lt; Back\" onClick=\"history.go(-1)\">";
    } else {
        $sql = "UPDATE content\n\t\t\t\t\t\t\tSET title='{$title}',urltitle='{$urltitle}',menutitle='{$menutitle}', keywords='{$keywords}', description='{$description}', text='{$text}'\n\t\t\t\t\t\t\tWHERE id='{$id}'";
    }
    $query = mysql_query($sql) or die("There's a problem with the query: " . mysql_error());
    if ($query) {
        echo "<br>The page is succesfully edit.<br><br>\n<a href=\"item_list.php\" target=\"links\"><img src=\"../img/ico_overview.gif\" width=\"19\" height=\"19\" border=\"0\" alt=\"Pages\"></a>&nbsp;<a href=\"item_detail.php?id={$id}\"><img src=\"../img/ico_detail.gif\" width=\"19\" height=\"19\" border=\"0\" alt=\"More info\"></a>&nbsp;<a href=\"item_modify.php?id={$id}\"><img src=\"../img/ico_edit.gif\" width=\"19\" height=\"19\" border=\"0\" alt=\"Edit\"></a>";
    }
} else {
    database_connect();
Beispiel #25
0
                    // error messages
                    $error_content = '';
                    if ($errid) {
                        $err = logger_get_error_string($errid);
                    }
                    if ($err) {
                        $error_content = "<div class=error_string>{$err}</div>";
                    }
                    // load page
                    $fn = $core_config['apps_path']['themes'] . '/' . $core_config['module']['themes'] . '/page_' . $inc . '.php';
                    if (file_exists($fn)) {
                        include $fn;
                    }
            }
    }
    exit;
}
// error messages
$error_content = '';
if ($errid) {
    $err = logger_get_error_string($errid);
}
if ($err) {
    $error_content = "<div class=error_string>{$err}</div>";
}
// frontpage
if (valid()) {
    include $core_config['apps_path']['themes'] . '/' . $core_config['module']['themes'] . '/page_welcome.php';
} else {
    include $core_config['apps_path']['themes'] . '/' . $core_config['module']['themes'] . '/page_login.php';
}
Beispiel #26
0
global $my_log, $mysql, $path, $badstring, $badfile, $badip, $pwdc, $textonly;
require_once CORE_DIR . "/regist/sanitize.php";
$sanitize = new Sanitize();
if ($pwd == PANEL_PASS) {
    $admin = $pwd;
}
if ($admin != PANEL_PASS || !valid()) {
    $admin = '';
}
$mes = "";
if (valid('moderator')) {
    $moderator = 1;
    if (valid('admin')) {
        $moderator = 2;
    }
    if (valid('manager')) {
        $moderator = 3;
    }
}
if ($moderator) {
    if (isset($_POST['isSticky'])) {
        $stickied = 1;
        if (isset($_POST['eventSticky'])) {
            //Experimental feature.
            $stickied = 2;
        }
    }
    if (isset($_POST['isLocked'])) {
        $locked = 1;
    }
}
Beispiel #27
0
        }
        if ($id != "-1") {
            mysql_query("INSERT INTO `snmail2` (`id`, `to`, `from`, `lines`) VALUES ('{$id}', '{$title}', '{$author}', '{$lines}')") or die(mysql_error());
        } else {
            $id = md5(sha1(time() . "-" . time() * time()));
            $send = time() + 2 * 60 * 60;
            mysql_query("INSERT INTO `snmail` (`id`, `to`, `from`, `lines`, `send`) VALUES ('{$id}', '{$title}', '{$author}', '{$lines}', '{$send}')") or die(mysql_error());
        }
        echo ok("added");
    } else {
        error("Invalid " . json_encode(array("title" => valid($_POST['title']), "author" => valid($_POST['author']), "lines" => valid($_POST['lines']), "id" => valid($_POST['id']))));
    }
} else {
    if ($mode == "GET_BOOKS") {
        $who = clean($_POST['who']);
        if (!valid($who)) {
            error("Invalid");
        } else {
            $query = mysql_query("SELECT * FROM `snmail2` WHERE `to`='{$who}'") or die(mysql_error());
            if (mysql_num_rows($query) > 0) {
                echo json_encode(array("message" => "inbox", "status" => "OK", "username" => $who, "unread" => mysql_num_rows($query)));
                while ($array = mysql_fetch_array($query)) {
                    $to = $array['to'];
                    $from = $array['from'];
                    $rawLines = $array['lines'];
                    $lines = dirty($rawLines);
                    $id = $array['id'];
                    // Generate
                    $mailMess = array();
                    $mailMess["id"] = $id;
                    $mailMess["to"] = $to;
Beispiel #28
0
 function reportCheckIP($board, $no, $ip)
 {
     global $mysql;
     $query = $mysql->query("SELECT host FROM " . SQLLOG . " WHERE no='{$no}' AND host='{$ip}' LIMIT 1");
     if ($mysql->num_rows($query) > 0) {
         //Trying to report own post
         return $this->error("You can't report your own post!", $no);
     }
     //Check if the submitting user has already reported this ip or is going on a reporting spree.
     $query = $mysql->query("SELECT * FROM reports WHERE ip='" . $ip . "' AND board='" . $board . "'");
     if ($mysql->num_rows($query) > 3 && !valid('janitor_board')) {
         //Relax there, tattle tale
         return $this->error('Please wait a while before reporting more posts.', $no);
     }
 }
    $aksi = $_POST['aksi'];
} else {
    $aksi = $_GET['aksi'];
}
switch ($aksi) {
    case 'insert':
        insert($page);
        break;
    case 'update':
        update($page);
        break;
    case 'delete':
        delete($page);
        break;
    case 'valid':
        valid($page);
        break;
}
function insert($page)
{
    $nama_barang = $_POST['nama_barang'];
    $jenis_barang = $_POST['jenis_barang'];
    $spk_tanggal = $_POST['spk_tanggal'];
    $spk_nomor = $_POST['spk_nomor'];
    $kuitansi_tanggal = $_POST['kuitansi_tanggal'];
    $kuitansi_nomor = $_POST['kuitansi_nomor'];
    $jumlah_barang = $_POST['jumlah_barang'];
    $harga_satuan = $_POST['harga_satuan'];
    $unit = $_POST['unit'];
    $keterangan = $_POST['keterangan'];
    $id_penguasaan = $_POST['id_penguasaan'];
Beispiel #30
0
if (!$con) {
    die('Could Not Connect!');
}
@mysql_select_db("info2180project4") or die("Sorry but database not found. Please try again.");
$fn = $_POST['fn'];
$ln = $_POST['ln'];
$un = $_POST['un'];
$pw = $_POST['pw'];
$first = "'" . $fn . "',";
$last = "'" . $ln . "',";
$user = "******" . $un . "')";
$pass = "******" . $pw . "',";
function valid()
{
    global $pw;
    if (!preg_match("/^([a-zA-Z0-9]+){8,}\$/", $pw)) {
        return false;
    }
    return true;
}
if (valid() == true) {
    global $first, $last, $user, $pass;
    try {
        $db = new PDO('mysql:dbname=info2180project4;host=localhost', 'root', '');
    } catch (PDOException $e) {
        echo 'ERROR: ' . $e->getMessage();
    }
    $sql = "INSERT INTO user(first_name,last_name,password,username) VALUES(" . $first . $last . $pass . $user;
    $db->exec($sql);
    echo "User has been entered";
}