function testInputTimeWrong()
 {
     $input = '21:30am';
     $return = validate_input(array('type' => 'time'), $input, $error);
     $this->assertEqual($input, '21:30am');
     $this->assertEqual($return, false);
 }
 function testValidInputAddressBlankEmpty()
 {
     $input = '';
     $valid = array('type' => 'address', 'blank' => 1);
     validate_input($valid, $input, $error);
     $this->assertTrue(empty($error));
     $this->assertTrue(empty($input));
 }
Beispiel #3
0
 public function __construct($request)
 {
     // Get the token from $request which has been set in the headers
     $this->token = $request['token'];
     // Get the args which is simply the url without domain and ...
     $args = $request['args'];
     // This will check if user is authenticated, if not Auth will throw a Error(7) and kills the page
     Auth::authenticate($this->token);
     // Get the all arguments from url
     $this->args = explode('/', rtrim($args, '/'));
     // Get the Controller name
     $this->endpoint = ucfirst($this->args[0]);
     // always the first one is our endpoint , E.g : api/v1/ -> products
     // Do a loop on all arguments to find ids and popo names
     foreach ($this->args as $arg) {
         // Look for an id , either mongo id , or product id !
         if (is_mongo_id($arg)) {
             $this->id = $arg;
             continue;
             // continue if the condition is met , go next loop
         }
         // Check if there is popo with this arg in popo folder
         if (popo_exists($this->endpoint, uc_first($arg))) {
             $this->popo = uc_first($arg);
         }
     }
     // Request type
     $this->request_type = $this->get_request_method();
     // PUT and DELETE can be hidden inside of an POST request , check them :
     if ($this->request_type == 'POST' && array_key_exists('HTTP_X_HTTP_METHOD', $_SERVER)) {
         if ($_SERVER['HTTP_X_HTTP_METHOD'] == "DELETE") {
             $this->request_type = 'DELETE';
         } else {
             if ($_SERVER['HTTP_X_HTTP_METHOD'] == 'PUT') {
                 $this->request_type = 'PUT';
             }
         }
     }
     // Get all inputs
     $this->input = @file_get_contents('php://input');
     $this->input = json_decode($this->input);
     // Check if request method is either POST or PUT and if yes , check if input is empty or not
     validate_input($this->input, $this->request_type);
     // Get params from GET , if is set
     if (isset($_GET)) {
         $this->params = $_GET;
         // first param is like : /produtcs/34534543  , So we dont need it
         array_shift($this->params);
     }
     // Get params from POST , if is set
     if (isset($_POST)) {
         foreach ($_POST as $k => $v) {
             $this->params[$k] = $v;
         }
     }
     // Define the protocol
     $this->protocol = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443 ? "https" : "http";
 }
function check_entry($array)
{
    header_if(!validate_input(array($array["model_name"])), 400);
    $criteria = $array;
    unset($criteria["model_name"]);
    $entry = call_user_func("select_" . $array["model_name"], $_GET[$array["model_name"]], array_merge(array("id"), array_keys($criteria)));
    header_if(is_empty($entry), 404);
    foreach ($criteria as $column => $value) {
        header_if($value != $entry[$column], 403);
    }
    define($array["model_name"], $entry["id"]);
    $GLOBALS[$array["model_name"]] = $entry;
}
Beispiel #5
0
function create_linked_user($username, $email, $password, $panelType)
{
    // Global variables
    global $redis_enabled, $redis_server;
    // Connect to the DB
    $ret = create_connection($connection);
    if ($ret !== true) {
        return $ret;
    }
    // Connect to Redis
    if ($redis_enabled === true) {
        $redis = new Redis();
        if (!$redis->connect($redis_server)) {
            $redis = false;
        }
    } else {
        $redis = false;
    }
    // Validate input
    $ret = validate_input($username, $email, $password, $panelType);
    if ($ret !== true) {
        end_connection(true, $connection);
        return $ret;
    }
    // Create user
    if (create_user($username, $email, $password, $userid, $apikey, $connection) !== true) {
        end_connection(true, $connection);
        return 'Username already exists';
    }
    // Set the type of user profile
    $prefix = 'data/' . $panelType;
    // Create feeds
    if (create_feeds($prefix . '_feeds.json', $feeds, $apikey) !== true) {
        end_connection(true, $connection);
        return 'Error while creating the feeds';
    }
    // Create inputs
    if (create_inputs($prefix . '_inputs.json', $userid, $inputs, $connection, $redis) !== true) {
        end_connection(true, $connection);
        return 'Error while creating the inputs';
    }
    // Create processes
    if (create_processes($prefix . '_processes.json', $feeds, $inputs, $apikey) !== true) {
        end_connection(true, $connection);
        return 'Error while creating the processes';
    }
    end_connection(false, $connection);
    return true;
}
function delete_user($username)
{
    // Connect to the DB
    $ret = create_connection($connection);
    if ($ret !== true) {
        return $ret;
    }
    // Validate input
    $ret = validate_input($username);
    if ($ret !== true) {
        $connection->close();
        return $ret;
    }
    // Get user data
    $user_data = get_user_data($username, $connection);
    if ($user_data === false) {
        $connection->close();
        return 'Username provided does not exist';
    }
    // Delete feeds
    if (delete_feeds($user_data, $connection) !== true) {
        $connection->close();
        return 'Error while deleting the feeds';
    }
    // Delete inputs
    if (delete_inputs($user_data, $connection) !== true) {
        $connection->close();
        return 'Error while deleting the inputs';
    }
    // Delete EWatcher panels
    if (delete_ewatcher($user_data, $connection) !== true) {
        $connection->close();
        return 'Error while deleting user configuration (EWatcher)';
    }
    // Delete user
    if (delete_user_data($user_data, $connection) !== true) {
        $connection->close();
        return 'Error while deleting user data';
    }
    $connection->close();
    return true;
}
Beispiel #7
0
    } else {
        // name or password missing?
        $smarty->assign('alert', true);
    }
} elseif ($id && $name) {
    runSQL("UPDATE " . TBL_USERS . "\n               SET name = '" . addslashes($name) . "', permissions = {$perm}, email = '" . addslashes($email) . "'\n\t\t\t WHERE id = {$id}");
    // new password?
    if (!empty($password)) {
        $pw = md5($password);
        runSQL("UPDATE " . TBL_USERS . " SET passwd = '{$pw}' WHERE id = '{$id}'");
        $message = $lang['msg_permpassupd'];
    } else {
        $message = $lang['msg_permupd'];
    }
} elseif ($del && $_POST['del']) {
    validate_input($del);
    // clear user and config
    runSQL('DELETE FROM ' . TBL_USERS . ' WHERE id = ' . $del);
    runSQL('DELETE FROM ' . TBL_USERCONFIG . ' WHERE user_id = ' . $del);
    // clear permissions
    runSQL('DELETE FROM ' . TBL_PERMISSIONS . ' WHERE from_uid = ' . $del);
    $message = $lang['msg_userdel'];
    $smarty->assign('alert', true);
}
// current user permissions
$result = runSQL('SELECT id, name, permissions, email
                    FROM ' . TBL_USERS . '
                ORDER BY name');
foreach ($result as $user) {
    // is guest ?
    $user['guest'] = $user['id'] == $config['guestid'] ? 1 : 0;
Beispiel #8
0
/**
* login function
* 
* This function attempts to login the user
* 
* @params = mysqli object
* returns = boolean (true if connected, false if not)
*/
function login($connection)
{
    if ($_SERVER["REQUEST_METHOD"] == "POST") {
        $user = validate_input($_POST['user']);
        $password = hash('sha512', validate_input($_POST['password']));
        $checkStudent = "\tSELECT *\n\t\t\t\t\t\t\tFROM student\n\t\t\t\t\t\t\tWHERE email = ? LIMIT 1;";
        $checkAdvisor = "\tSELECT *\n\t\t\t\t\t\t\tFROM advisor\n\t\t\t\t\t\t\tWHERE email = ? LIMIT 1;";
        // Prepare the statement, bind parameters, then execute!
        // mysqli::prepare returns a mysqli_stmt object or false if an error occurred
        $stmt = $connection->prepare($checkAdvisor);
        $stmt->bind_param('s', $user);
        $stmt->execute();
        // $result stores the mysqli_result object
        $result = $stmt->get_result();
        $storedAdvisor = $result->fetch_assoc();
        if (!empty($storedAdvisor)) {
            if (hash_equals($password, $storedAdvisor['password'])) {
                // That means the user is an advisor! Let's set the session variables...
                $_SESSION['fname'] = $storedAdvisor['fname'];
                $_SESSION['lname'] = $storedAdvisor['lname'];
                $_SESSION['advid'] = $storedAdvisor['advid'];
                $_SESSION['password'] = $storedAdvisor['password'];
                $_SESSION['loggedin'] = TRUE;
                $_SESSION['timeout'] = time();
                $connection->close();
                // Take them to the advisor homepage
                header("Location: advisor_home.php");
            } else {
                // Set the passwordErr variable to display on the login page
                $_SESSION['passwordErr'] = "<p class='error'>* Incorrect password</p>";
                $_SESSION['username'] = $_POST['user'];
                $connection->close();
            }
        } else {
            // No match found in the advisor table, so check the student table
            $stmt = $connection->prepare($checkStudent);
            $stmt->bind_param('s', $user);
            $stmt->execute();
            $result = $stmt->get_result();
            $storedStudent = $result->fetch_assoc();
            // write_to_file($storedStudent, "Stored Student");
            if (!empty($storedStudent)) {
                if (hash_equals($password, $storedStudent['password'])) {
                    // That means the user is a student! Let's set the session variables...
                    $_SESSION['fname'] = $storedStudent['fname'];
                    $_SESSION['lname'] = $storedStudent['lname'];
                    $_SESSION['studentid'] = $storedStudent['studentid'];
                    $_SESSION['major'] = $storedStudent['major'];
                    $_SESSION['startyear'] = $storedStudent['startyear'];
                    $_SESSION['password'] = $storedStudent['password'];
                    $_SESSION['loggedin'] = TRUE;
                    $_SESSION['timeout'] = time();
                    $connection->close();
                    // Take them to the student homepage!
                    header("Location: form.php");
                } else {
                    $_SESSION['passwordErr'] = "<p class='error'>* Incorrect password</p>";
                    $_SESSION['username'] = $_POST['user'];
                    $connection->close();
                }
            } else {
                $_SESSION['usernameErr'] = "<p class='error'>* Username not found</p>";
                $connection->close();
            }
        }
    }
}
Beispiel #9
0
if ($_REQUEST['action'] == 'delete') {
    if (!is_reserved_currency($_REQUEST['code'])) {
        $sql = "DELETE FROM currencies WHERE code='" . $_REQUEST['code'] . "' ";
        mysql_query($sql) or die(mysql_error() . $sql);
    } else {
        echo "<p><b>Cannot delete currency: reserved by the system</b></p>";
    }
}
if ($_REQUEST['action'] == 'set_default') {
    $sql = "UPDATE currencies SET is_default = 'N' WHERE code <> '" . $_REQUEST['code'] . "' ";
    mysql_query($sql) or die(mysql_error() . $sql);
    $sql = "UPDATE currencies SET is_default = 'Y' WHERE code = '" . $_REQUEST['code'] . "' ";
    mysql_query($sql) or die(mysql_error() . $sql);
}
if ($_REQUEST['submit'] != '') {
    $error = validate_input();
    if ($error != '') {
        echo "Error: cannot save due to the following errors:<br>";
        echo $error;
    } else {
        $sql = "REPLACE INTO currencies(code, name, rate, sign, decimal_places, decimal_point, thousands_sep, is_default) VALUES ('" . $_REQUEST['code'] . "', '" . $_REQUEST['name'] . "', '" . $_REQUEST['rate'] . "',  '" . $_REQUEST['sign'] . "', '" . $_REQUEST['decimal_places'] . "', '" . $_REQUEST['decimal_point'] . "', '" . $_REQUEST['thousands_sep'] . "', '" . $_REQUEST['is_default'] . "') ";
        //echo $sql;
        mysql_query($sql) or die(mysql_error());
        $_REQUEST['new'] = '';
        $_REQUEST['action'] = '';
        //print_r ($_REQUEST);
    }
}
?>
<b>All currency rates are relative to the USD. (USD rate is always 1)</b><br>
All prices will be displayed in the default currency.<br>
?>

		<?php 
function validate_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    $data = strip_tags($data);
    return $data;
}
// gather and validate data from $_POST array
$quote = validate_input($_POST['quote']);
$candidate = validate_input($_POST['candidate']);
$source = validate_input($_POST['source']);
$date = validate_input($_POST['date']);
// only send form data to db if all fields are filled out
if (!empty($candidate) and !empty($quote) and !empty($source) and !empty($date)) {
    try {
        $sql = "INSERT INTO app_data (quote, candidate, source, date) VALUES (:quote, :candidate, :source, :date)";
        // set up pdo prepared statment
        $stmt = $db->prepare($sql);
        // bind to params in INSERT statement
        $stmt->bindParam(':quote', $quote);
        $stmt->bindParam(':candidate', $candidate);
        $stmt->bindParam(':source', $source);
        $stmt->bindParam(':date', $date);
        // run sql
        $stmt->execute();
        // display success message if the request succeeded
        echo "<section class='result-msg'><h3>Your entry is saved &mdash; Head back to see it!</h3>";
Beispiel #11
0
/** Laita kysymys tietokantaan
 * @param $question_id integer
 */
function put_question_to_db($question_id)
{
    /* $title string
     * $body string
     * $tags string
     */
    if (check_user_status()) {
        echo "User status pelaa";
        $body = pg_escape_string($_POST['question']['body']);
        $title = pg_escape_string($_POST['question']['title']);
        $tags = $_POST['question']['tags'];
        if (validate_input($title, $body, $tags)) {
            echo "User input pelaa";
            $title = $_POST['question']['title'];
            set_question($question_id);
            set_tags($question_id);
            header("Location: /pgCodesS/index.php?" . "question_updated" . "&" . "question_id=" . $question_id . "&" . $title);
        } else {
            header("Location: /pgCodesS/index.php?" . "&unsuccessful_new_question");
        }
    } else {
        header("Location: /pgCodesS/index.php" . "&unsuccessful_new_question");
    }
}
Beispiel #12
0
	<form action="create_group.php" method="post">
		<div class="grid-container">
			<div class="grid-row">
				<div class="col-10"><label for="name"><strong>Group Name: </strong></label></div>
			</div>
			<div class="grid-row">
				<div class="col-9"><input type="text" name="name" id="name" class="ajax-validate-input" maxlength="100" value="<?php 
if (isset($_POST['name'])) {
    echo escape(trim($_POST['name']));
}
?>
" data-validate="group_name" required/></div>
				<div class="col-1 validation-status"><?php 
if (!isset($trimmed['name'])) {
    echo '<div class="status" data-status="failed"></div>';
} elseif (!validate_input($trimmed['name'], 'group_name')) {
    echo '<div class="status" data-status="failed"></div>';
}
?>
</div>
			</div>
			<div class="grid-row">
				<div class="col-10"><label for="genre"><strong>Group Type: </strong></label></div>
			</div>
			<!-- GROUP TYPE -->
			<div class="grid-row">
				<div class="col-10">
					<select name="group_type" id="group-type" required autofocus style="width:100%;height:30px;">
						<option value=1 data-type="music">Music</option>
						<option value=2 data-type="dance">Dance</option>
						<option value=3 data-type="comedy">Comedy</option>
Beispiel #13
0
//========================================================================
// END: HANDLE RELOAD CACHE REQUEST
//========================================================================
//========================================================================
// BEGIN: HANDLE SET USER ACCESS REQUEST
//========================================================================
if (strcasecmp($configTask, "updateUserACL") == 0) {
    $selectuser = get_input('selectuser');
    $setUserAccess = TRUE;
    // Make sure access controls are enabled
    if (!defined('USE_ACL') || !USE_ACL) {
        echo "Access control is not enabled.";
        $setUserAccess = FALSE;
    }
    // Make sure the username of selectuser is OK
    if (!validate_input($selectuser, 'username')) {
        echo "Invalid username. Usernames must be at least 4 character and only use alpha-numeric and _ (underscore).";
        $setUserAccess = FALSE;
    }
    // Make sure the user exists
    if ($setUserAccess) {
        $sql = "SELECT * FROM " . AUTHTABLENAME . " WHERE username='******'";
        $result = perform_query($sql, $dbLink);
        if (num_rows($result) == 0) {
            echo "Username " . $selectuser . " does not exist!";
            $setUserAccess = FALSE;
        }
    }
    // If conditions are OK then update the user's access
    if ($setUserAccess && grant_access($username, 'edit_acl', $dbLink)) {
        $actionInputs = array();
Beispiel #14
0
 public function onPageRequest(PageRequestEvent $event)
 {
     global $config, $page, $user;
     $this->show_user_info();
     if ($event->page_matches("user_admin")) {
         if ($event->get_arg(0) == "login") {
             if (isset($_POST['user']) && isset($_POST['pass'])) {
                 $this->page_login($_POST['user'], $_POST['pass']);
             } else {
                 $this->theme->display_login_page($page);
             }
         } else {
             if ($event->get_arg(0) == "recover") {
                 $this->page_recover($_POST['username']);
             } else {
                 if ($event->get_arg(0) == "create") {
                     $this->page_create();
                 } else {
                     if ($event->get_arg(0) == "list") {
                         // select users.id,name,joindate,admin,
                         // (select count(*) from images where images.owner_id=users.id) as images,
                         // (select count(*) from comments where comments.owner_id=users.id) as comments from users;
                         // select users.id,name,joindate,admin,image_count,comment_count
                         // from users
                         // join (select owner_id,count(*) as image_count from images group by owner_id) as _images on _images.owner_id=users.id
                         // join (select owner_id,count(*) as comment_count from comments group by owner_id) as _comments on _comments.owner_id=users.id;
                         $this->theme->display_user_list($page, User::by_list(0), $user);
                     } else {
                         if ($event->get_arg(0) == "logout") {
                             $this->page_logout();
                         }
                     }
                 }
             }
         }
         if (!$user->check_auth_token()) {
             return;
         } else {
             if ($event->get_arg(0) == "change_name") {
                 $input = validate_input(array('id' => 'user_id,exists', 'name' => 'user_name'));
                 $duser = User::by_id($input['id']);
                 $this->change_name_wrapper($duser, $input['name']);
             } else {
                 if ($event->get_arg(0) == "change_pass") {
                     $input = validate_input(array('id' => 'user_id,exists', 'pass1' => 'password', 'pass2' => 'password'));
                     $duser = User::by_id($input['id']);
                     $this->change_password_wrapper($duser, $input['pass1'], $input['pass2']);
                 } else {
                     if ($event->get_arg(0) == "change_email") {
                         $input = validate_input(array('id' => 'user_id,exists', 'address' => 'email'));
                         $duser = User::by_id($input['id']);
                         $this->change_email_wrapper($duser, $input['address']);
                     } else {
                         if ($event->get_arg(0) == "change_class") {
                             $input = validate_input(array('id' => 'user_id,exists', 'class' => 'user_class'));
                             $duser = User::by_id($input['id']);
                             $this->change_class_wrapper($duser, $input['class']);
                         } else {
                             if ($event->get_arg(0) == "delete_user") {
                                 $this->delete_user($page, isset($_POST["with_images"]), isset($_POST["with_comments"]));
                             }
                         }
                     }
                 }
             }
         }
     }
     if ($event->page_matches("user")) {
         $display_user = $event->count_args() == 0 ? $user : User::by_name($event->get_arg(0));
         if ($event->count_args() == 0 && $user->is_anonymous()) {
             $this->theme->display_error(401, "Not Logged In", "You aren't logged in. First do that, then you can see your stats.");
         } else {
             if (!is_null($display_user) && $display_user->id != $config->get_int("anon_id")) {
                 $e = new UserPageBuildingEvent($display_user);
                 send_event($e);
                 $this->display_stats($e);
             } else {
                 $this->theme->display_error(404, "No Such User", "If you typed the ID by hand, try again; if you came from a link on this " . "site, it might be bug report time...");
             }
         }
     }
 }
Beispiel #15
0
 private function add_members()
 {
     global $user;
     $inputs = validate_input(array("artistID" => "int", "members" => "string,lower"));
     $artistID = $inputs["artistID"];
     $members = explode(" ", $inputs["members"]);
     foreach ($members as $member) {
         if (!$this->member_exists($artistID, $member)) {
             $this->save_new_member($artistID, $member, $user->id);
         }
     }
 }
			<p>Return to <a href="http://dev.boxtar.uk/">Boxtar UK</a></p>
			</center>');
} else {
    if (strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
        die('<center>
			<h1>Access Denied</h1>
			<p>Return to <a href="http://dev.boxtar.uk/">Boxtar UK</a></p>
			</center>');
    }
}
require 'includes/src/core/config.inc.php';
require UTILITIES . 'validate_input.php';
if (isset($_POST['input'])) {
    $input = $_POST['input'];
    $validation_type = isset($_POST['validation_type']) ? $_POST['validation_type'] : '';
    if (!validate_input($input, $validation_type)) {
        die('<div class="status" data-status="failed"></div>
			<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="14" height="14" viewBox="0 0 16 16">
				<g>
				</g>
				<path d="M8 0c-4.418 0-8 3.582-8 8s3.582 8 8 8 8-3.582 8-8-3.582-8-8-8zM12 5.414l-2.586 2.586 2.586 2.586v1.414h-1.414l-2.586-2.586-2.586 2.586h-1.414v-1.414l2.586-2.586-2.586-2.586v-1.414h1.414l2.586 2.586 2.586-2.586h1.414v1.414z" fill="#A00"></path>
			</svg>');
    }
    // Validation passed if we reach this point
    // Check input is unique:
    $user = new User();
    if ($user->find($input, 'users', ['email'])) {
        die('<span class="red">In use</span>');
    }
    // Validation passed and input unique if this point is reached
    // Display success SVG:
Beispiel #17
0
/** Add a record
 *
 * This function validates it if correct it inserts it into the database.
 *
 * @param int $zone_id Zone ID
 * @param string $name Name part of record
 * @param string $type Type of record
 * @param string $content Content of record
 * @param int $ttl Time-To-Live of record
 * @param int $prio Priority of record
 *
 * @return boolean true if successful
 */
function add_record($zone_id, $name, $type, $content, $ttl, $prio)
{
    global $db;
    global $pdnssec_use;
    if (do_hook('verify_permission', 'zone_content_edit_others')) {
        $perm_content_edit = "all";
    } elseif (do_hook('verify_permission', 'zone_content_edit_own')) {
        $perm_content_edit = "own";
    } elseif (do_hook('verify_permission', 'zone_content_edit_own_as_client')) {
        $perm_content_edit = "own_as_client";
    } else {
        $perm_content_edit = "none";
    }
    $user_is_zone_owner = do_hook('verify_user_is_owner_zoneid', $zone_id);
    $zone_type = get_domain_type($zone_id);
    if ($zone_type == "SLAVE" || $perm_content_edit == "none" || ($perm_content_edit == "own" || $perm_content_edit == "own_as_client") && $user_is_zone_owner == "0") {
        error(ERR_PERM_ADD_RECORD);
        return false;
    } else {
        $response = $db->beginTransaction();
        if (validate_input(-1, $zone_id, $type, $content, $name, $prio, $ttl)) {
            $change = time();
            $name = strtolower($name);
            // powerdns only searches for lower case records
            if ($type == "SPF" || $type == "TXT") {
                $content = $db->quote(stripslashes('\\"' . $content . '\\"'), 'text');
            } else {
                $content = $db->quote($content, 'text');
            }
            $query = "INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES (" . $db->quote($zone_id, 'integer') . "," . $db->quote($name, 'text') . "," . $db->quote($type, 'text') . "," . $content . "," . $db->quote($ttl, 'integer') . "," . $db->quote($prio, 'integer') . "," . $db->quote($change, 'integer') . ")";
            $response = $db->exec($query);
            if (PEAR::isError($response)) {
                error($response->getMessage());
                $response = $db->rollback();
                return false;
            } else {
                $response = $db->commit();
                if ($type != 'SOA') {
                    update_soa_serial($zone_id);
                }
                if ($pdnssec_use) {
                    dnssec_rectify_zone($zone_id);
                }
                return true;
            }
        } else {
            return false;
        }
    }
}
 function add_new_request($name, $email, $about, $contact)
 {
     $sql = run_query("insert into `sia-members` (name,email,about,contact)values('" . validate_input($name) . "','" . validate_input($email) . "','" . validate_input($about) . "','" . validate_input($contact) . "')");
     $this->send_email();
 }
Beispiel #19
0
function validate_input_array($valid, &$val, &$errors)
{
    foreach ($val as $key => &$item) {
        if (is_array($item)) {
            validate_input_array($valid, $item, $errors);
        } else {
            validate_input($valid, $item, $error);
            if (!empty($error)) {
                $errors[$valid['_input']][$key] = $error;
            }
        }
    }
}
Beispiel #20
0
	</nav>
</div>

<div class="content">
	<div id="contact">
    
		<?php 
$name;
$email;
$subject;
$message;
if ($_SERVER['REQUEST_METHOD'] == "POST") {
    $name = validate_input($_POST["name"]);
    $email = validate_input($_POST["email"]);
    $subject = validate_input($_POST["subject"]);
    $message = validate_input($_POST["message"]);
}
function validate_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
$sent = fopen("received/records.txt", "a") or exit("File not found.");
$inquiry = $name . ", " . $email . "\r\n" . $subject . "\r\n" . $message . "\r\n \r\n";
file_put_contents($sent, $inquiry, FILE_APPEND);
fwrite($sent, $inquiry);
fclose($sent);
?>
        
Beispiel #21
0
// Ensure user is logged in or redirect
require_once UTILITIES . 'authenticate_user.inc.php';
$page_title = "Create A Group";
include HEADER;
include UTILITIES . 'brand_img.inc.php';
$user = new User();
if (isset($_POST['submitted'])) {
    if (Token::check($_POST['token'])) {
        // Trim all of the posted inputs:
        $trimmed = array_map('trim', $_POST);
        // Assume inputs are invalid:
        $name = $type = $genre = false;
        // Validate inputs:
        require_once UTILITIES . 'validate_input.php';
        /* Nested Ternary */
        isset($trimmed['name']) && !empty($trimmed['name']) ? validate_input($trimmed['name'], 'group_name') ? $name = $trimmed['name'] : (print '<center><p class="red">- Group name is not valid</p></center>') : (print '<center><p class="red">- A Name is Required</p></center>');
        isset($trimmed['group_type']) && !empty($trimmed['group_type']) ? is_numeric($trimmed['group_type']) && $trimmed['group_type'] >= 1 && $trimmed['group_type'] <= 3 ? $type = $trimmed['group_type'] : (print '<center><p class="red">- Invalid Group Type provided<br/>' . $trimmed['group_type'] . '</p><center>') : (print '<center><p class="red">- A Group Type is required<br/></p><center>');
        if ($type) {
            switch ($type) {
                case Group_Manager::MUSIC:
                    isset($trimmed['genre']) && !empty($trimmed['genre']) ? is_numeric($trimmed['genre']) && $trimmed['genre'] >= 1 && $trimmed['genre'] <= 10 ? $genre = $trimmed['genre'] : (print '<center><p class="red">- Genre should be a numeric value</p></center>') : (print '<center><p class="red">- A Genre is required<br/></p><center>');
                    break;
                case Group_Manager::DANCE:
                    isset($trimmed['style']) && !empty($trimmed['style']) ? is_numeric($trimmed['style']) && $trimmed['style'] >= 1 && $trimmed['style'] <= 4 ? $genre = $trimmed['style'] : (print '<center><p class="red">- Style should be a numeric value</p></center>') : (print '<center><p class="red">- A Style is required<br/></p><center>');
                    break;
                case Group_Manager::COMEDY:
                    isset($trimmed['category']) && !empty($trimmed['category']) ? is_numeric($trimmed['category']) && $trimmed['category'] >= 1 && $trimmed['category'] <= 4 ? $genre = $trimmed['category'] : (print '<center><p class="red">- Category should be a numeric value</p></center>') : (print '<center><p class="red">- A Category is required<br/></p><center>');
                    break;
            }
        }
        if ($name && $type && $genre) {
<?php

if (empty($_POST['username'])) {
    $this->HandleError("UserName is empty!");
    return false;
}
if (empty($_POST['password'])) {
    $this->HandleError("Password is empty!");
    return false;
}
$login_username = validate_input($_POST['username']);
$login_password = sha1(validate_input($_POST['password']));
session_start();
// var_dump($login_state);
// die();
// $login_state = 'TamilNadu';
$check = checkLogin($login_username, $login_password);
// var_dump($check);
// die();
if ($check == 1) {
    // var_dump($check);
    // die();
    header("Location: volunteer_area.php");
    die;
} else {
    // $errormsg = "Error logging in. Invalid username or password.";
    header("Location: volunteer_login.php");
    die;
}
// echo $check;
// echo $username." ".$password." ".$state." ";
Beispiel #23
0
                 $GO_GROUPS->set_group_leader($_POST['group_id'], 0);
             }
         }
     }
     break;
 case 'save_add_users':
     for ($i = 0; $i < count($group_users); $i++) {
         if (!$GO_GROUPS->is_in_group($group_users[$i], $_POST['group_id'])) {
             $GO_GROUPS->add_user_to_group($group_users[$i], $_POST['group_id']);
         }
     }
     break;
 case 'save_group_name':
     $group_name = smart_addslashes(trim($_POST['group_name']));
     if ($group_name != "") {
         if (validate_input($group_name)) {
             if ($_POST['group_id'] == '0') {
                 if (!$GO_GROUPS->get_group_by_name($group_name)) {
                     if (!($_REQUEST['group_id'] = $GO_GROUPS->add_group($GO_SECURITY->user_id, $group_name))) {
                         $_REQUEST['group_id'] = 0;
                         $feedback = "<p class=\"Error\">" . $add_group_fail . "</p>";
                     } else {
                         if ($_POST['close'] == 'true') {
                             header('Location: ' . $GO_CONFIG->host . 'administrator/groups/index.php');
                             exit;
                         }
                     }
                 } else {
                     $feedback = "<p class=\"Error\">" . $add_group_exists . "</p>";
                 }
             } else {
Beispiel #24
0
session_start();
$_SERVER = cleanArray($_SERVER);
$_POST = cleanArray($_POST);
$_GET = cleanArray($_GET);
$_COOKIE = cleanArray($_COOKIE);

secure();

$time_start = get_microtime();

//------------------------------------------------------------------------
// Determine what page is being requested
//------------------------------------------------------------------------
$pageId = get_input('pageId');
if (!$pageId) { $pageId = "login"; }
if(!validate_input($pageId, 'pageId')) {
	echo "Error on pageId validation! <br>Check your regExpArray in config.php!\n";
   	$pageId = "login";
}

//------------------------------------------------------------------------
// Connect to database. If connection fails then set the pageId for the
// help page.
//------------------------------------------------------------------------
$dbProblem = FALSE;
if(!$dbLink = db_connect_syslog(DBADMIN, DBADMINPW)) {
   	$pageId = "help";
   	$dbProblem = TRUE;
}

Beispiel #25
0
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
//
//
// see file COPYING or at http://www.gnu.org/licenses/gpl.html
// for more information.
//
require 'config.php';
require 'localize.php';
require 'vnstat.php';
validate_input();
require "./themes/{$style}/theme.php";
function write_side_bar()
{
    global $iface, $page, $graph, $script, $style;
    global $iface_list, $iface_title;
    global $page_list, $page_title;
    $p = "&amp;graph={$graph}&amp;style={$style}";
    print "<ul class=\"iface\">\n";
    foreach ($iface_list as $if) {
        if ($iface == $if) {
            print "<li class=\"iface active\">";
        } else {
            print "<li class=\"iface\">";
        }
        print "<a href=\"{$script}?if={$if}{$p}\">";
Beispiel #26
0
if ($topx && !validate_input($topx, 'topx')) {
    array_push($inputValError, "topx");
}
if ($orderby && !validate_input($orderby, 'orderby')) {
    array_push($inputValError, "orderby");
}
if ($order && !validate_input($order, 'order')) {
    array_push($inputValError, "order");
}
if (!validate_input($offset, 'offset')) {
    array_push($inputValError, "offset");
}
if ($collapse && !validate_input($collapse, 'collapse')) {
    array_push($inputValError, "collapse");
}
if ($table && !validate_input($table, 'table')) {
    array_push($inputValError, "table");
}
if ($inputValError) {
    require_once $basePath . "/html_header.php";
    echo "Input validation error! The following fields had the wrong format:<p>";
    foreach ($inputValError as $value) {
        echo $value . "<br>";
    }
    require_once $basePath . "/html_footer.php";
    exit;
}
//========================================================================
// END: INPUT VALIDATION
//========================================================================
//========================================================================
Beispiel #27
0
     // Assume all inputs are invalid as default:
     $fn = $ln = $em = $pw = FALSE;
     // Used to print any error messages:
     function print_err($msg)
     {
         echo $msg . '<br/>';
     }
     /********** INPUT VALIDATION **********/
     // validate first name
     validate_input($trimmed['fname'], 'first_name') ? $fn = $trimmed['fname'] : print_err('<center>- First Name is not valid: <em>(Must be between 2 & 20 characters and can only contain letters, apostrophes and hyphens)</em></center>');
     // validate last name
     validate_input($trimmed['lname'], 'last_name') ? $ln = $trimmed['lname'] : print_err('<center>- Last Name is not valid: <i>(Must be between 2 & 40 characters and can only contain letters, apostrophes and hyphens)</i></center>');
     // validate email
     validate_input($trimmed['email'], 'email') ? $em = $trimmed['email'] : print_err('<center>- You did not provide a valid email address</center>');
     // validate password
     if (validate_input($trimmed['pass'], 'password')) {
         $trimmed['pass'] == $trimmed['pass2'] ? $pw = $trimmed['pass'] : print_err('<center>- Your passwords did not match</center>');
     } else {
         print_err('<center>- Please enter a valid password: <small>(Must be between 4 & 20 characters. Can only contain letters, numbers and underscores)</small></center>');
     }
     /**************************************/
     // INPUT VALIDATION SUCCEEDED:
     if ($fn && $ln && $em && $pw) {
         // Create activation code:
         $a = md5(uniqid(rand(), true));
         $user = new User();
         $user->register(['first_name' => $fn, 'last_name' => $ln, 'email' => $em, 'password' => $pw, 'prof_link' => strtolower($fn . '.' . $ln . uniqid(rand()))]);
     } else {
         print_err('<br/><center><h5 class="red">Please amend your information as detailed and try again</h5></center><br/><br/>');
     }
 }
function add_record($zoneid, $name, $type, $content, $ttl, $prio)
{
    global $db;
    if (verify_permission('zone_content_edit_others')) {
        $perm_content_edit = "all";
    } elseif (verify_permission('zone_content_edit_own')) {
        $perm_content_edit = "own";
    } else {
        $perm_content_edit = "none";
    }
    $user_is_zone_owner = verify_user_is_owner_zoneid($zoneid);
    $zone_type = get_domain_type($zoneid);
    if ($zone_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0") {
        error(ERR_PERM_ADD_RECORD);
        return false;
    } else {
        if (validate_input(-1, $zoneid, $type, $content, $name, $prio, $ttl)) {
            $change = time();
            if ($type == "SPF" || $type == "TXT") {
                $content = $db->quote(stripslashes('\\"' . $content . '\\"'), 'text');
            } else {
                $content = $db->quote($content, 'text');
            }
            $query = "INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES (" . $db->quote($zoneid, 'integer') . "," . $db->quote($name, 'text') . "," . $db->quote($type, 'text') . "," . $content . "," . $db->quote($ttl, 'integer') . "," . $db->quote($prio, 'integer') . "," . $db->quote($change, 'integer') . ")";
            $response = $db->query($query);
            if (PEAR::isError($response)) {
                error($response->getMessage());
                return false;
            } else {
                if ($type != 'SOA') {
                    update_soa_serial($zoneid);
                }
                return true;
            }
        } else {
            return false;
        }
    }
}
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
*/
require "../Group-Office.php";
$GO_SECURITY->authenticate();
require $GO_LANGUAGE->get_language_file('bookmarks');
require $GO_THEME->theme_path . "simple_header.inc";
if ($_SERVER['REQUEST_METHOD'] == "POST") {
    require $GO_CONFIG->class_path . "bookmarks.class.inc";
    $bookmarks = new bookmarks();
    $URL = trim($_REQUEST['URL']);
    $name = trim($_REQUEST['name']);
    $invalid[] = "\"";
    $invalid[] = "&";
    $invalid[] = "?";
    if (!validate_input($name, $invalid)) {
        $feedback = "<p class=\"Error\">" . $invalid_chars . ": \" & ?</p>";
    } else {
        if ($URL != "" && $name != "") {
            if (!eregi('(^http[s]*:[/]+)(.*)', $URL)) {
                $URL = "http://" . $URL;
            }
            if ($_REQUEST['bookmark_id']) {
                if ($bookmarks->update_bookmark($_REQUEST['bookmark_id'], $URL, $name, $_REQUEST['new_window'])) {
                    echo "<script type=\"text/javascript\">\nopener.location=opener.location\nwindow.close()\n</script>";
                } else {
                    $feedback = "<p class=\"Error\">" . $strSaveError . "</p>";
                }
            } else {
                if ($bookmarks->add_bookmark($GO_SECURITY->user_id, $URL, $name, $_REQUEST['new_window'])) {
                    echo "<script type=\"text/javascript\">\nopener.location=opener.location\nwindow.close()\n</script>";
				<div class="col-5 reg-form-label"><label for="email"><strong>Email Address</strong></label></div>
				<div class="col-5">
					<div class="grid-container">
						<div class="grid-row">
							<div class="col-9">
								<input type="text" name="email" id="email" class="ajax-validate-input" maxlength="80" value="<?php 
if (isset($trimmed['email'])) {
    echo $trimmed['email'];
}
?>
" data-validate="email" data-target="ajax_unique_validation" autocomplete="off"/>
							</div>
							<div class="col-1 validation-status"><?php 
if (!isset($trimmed['email'])) {
    echo '<div class="status" data-status="failed"></div>';
} elseif (!validate_input($trimmed['email'], 'email')) {
    echo '<div class="status" data-status="failed"></div>';
}
?>
</div>
						</div>
					</div>
				</div>
			</div>
			<div class="grid-row">
				<div class="col-5 reg-form-label"><label for="pass"><strong>Password</strong></label></div>
				<div class="col-5">
					<div class="grid-container">
						<div class="grid-row">
							<div class="col-9">
								<input type="password" name="pass" id="pass" class="ajax-validate-input" maxlength="20" placeholder="Not currently encrypted - careful!" data-validate="password"/>