PHP String::secure_user_input Beispiele

Beispiel #1

Datei: forum.a_main.php Projekt: askovorodka/sqc

function strip_forum_tags($text)
{
    $text = str_replace("\r\n", "[br]", $text);
    $text = String::secure_user_input($text);
    $text = preg_replace("/\\[B\\]/i", "<b>", $text);
    $text = preg_replace("/\\[\\/B\\]/i", "</b>", $text);
    $text = preg_replace("/\\[I\\]/i", "<i>", $text);
    $text = preg_replace("/\\[\\/I\\]/i", "</i>", $text);
    $text = preg_replace("/\\[U\\]/i", "<u>", $text);
    $text = preg_replace("/\\[\\/U\\]/i", "</u>", $text);
    $text = preg_replace("/\\[QUOTE\\]/i", "<div class=forum_quote>", $text);
    $text = preg_replace("/\\[\\/QUOTE\\]/i", "</div>", $text);
    $text = str_replace('[br]', "<br>", $text);
    $text = preg_replace("/\\[URL=([^\\]]*)\\]([^\\[]*)\\[\\/URL\\]/i", "<a href=\\1>\\2</a>", $text);
    $text = preg_replace("/\\[IMG\\]([^\\[]*)\\[\\/IMG\\]/i", "<img src=\\1>", $text);
    return $text;
}

Beispiel #2

Datei: sites.f_main.php Projekt: askovorodka/sqc

 $cur_site = String::unformat_array($cur_site);
 $cur_site2 = $db->get_single("SELECT kurs,znak FROM fw_currency WHERE id=" . CURRENCY_SITE2);
 $cur_site2 = String::unformat_array($cur_site2);
 $cur_admin = $db->get_single("SELECT kurs,znak FROM fw_currency WHERE id=" . CURRENCY_ADMIN);
 $cur_admin = String::unformat_array($cur_admin);
 $smarty->assign("currency_site", $cur_site);
 $smarty->assign("currency_site2", $cur_site2);
 /*
 $file=fopen(BASE_PATH.'/test1.txt','w');
 fwrite($file,$_SERVER['REQUEST_URI']);
 fclose($file);
 */
 /*-----------------РАЗЛИЧНЫЕ ДЕЙСТВИЯ-----------------*/
 if (isset($_POST['submit_rating'])) {
     $id = $_POST['id'];
     $comment = String::secure_user_input($_POST['nm_text']);
     $comment = Common::strip_forum_tags($comment);
     $author = $_SESSION['fw_user']['id'];
     if ($comment != '') {
         $db->query("INSERT INTO fw_products_comments(product_id,author,text,insert_date) VALUES('{$id}','{$author}','{$comment}','" . time() . "')");
     }
     if (isset($_POST['rating'])) {
         $rating = $_POST['rating'];
         $check_rating = explode(",", $_COOKIE['fw_rating']);
         if (!in_array($id, $check_rating)) {
             $db->query("UPDATE fw_products SET rating=rating+{$rating} WHERE id='{$id}'");
             if (!@isset($_COOKIE['fw_rating']) or $_COOKIE['fw_rating'] == '') {
                 $cookie_content = $id;
             } else {
                 $cookie_content = $_COOKIE['fw_rating'] . ',' . $id;
             }

Beispiel #3

Datei: guestbook.f_main.php Projekt: askovorodka/sqc

<?php

$css[] = BASE_URL . '/modules/guestbook/front/templates/guestbook.css';
require_once 'lib/class.mail.php';
$navigation[] = array("url" => $module_url, "title" => $node_content['name']);
$this_module = $db->get_single("SELECT priv FROM fw_modules WHERE name='guestbook' LIMIT 1");
if (isset($_SESSION['fw_user']) && $_SESSION['fw_user']['priv'] <= $this_module['priv']) {
    $smarty->assign("show_admin_menu", "true");
    $is_admin = true;
} else {
    $is_admin = false;
}
if (isset($_POST['submit_new_message'])) {
    $check = true;
    $author = String::secure_user_input($_POST['nm_name']);
    if (!preg_match("/^[a-z0-9_\\.-]*@[a-z0-9_\\.-]*\\.[a-z]{0,3}\$/i", $_POST['nm_mail']) && $_POST['nm_mail'] != '') {
        $check = false;
        $smarty->assign("error_message", "Введённый e-mail имеет неправильный формат");
    } else {
        $mail = $_POST['nm_mail'];
    }
    $text = Common::strip_forum_tags($_POST['nm_text']);
    if ($check) {
        if (GB_PREMODERATION == 'on') {
            $status = '0';
        } else {
            $status = '1';
        }
        $db->query("INSERT INTO fw_guestbook(author,message,insert_date,author_mail,status) VALUES('{$author}','{$text}','" . time() . "','{$mail}','{$status}')");
        $body = $smarty->fetch(BASE_PATH . '/modules/guestbook/admin_mail_template.txt');
        $headers = "Content-type: text/html; charset=windows-1251 \r\n";

Beispiel #4

Datei: shop.f_main.php Projekt: askovorodka/sqc

 /*-----------------РАЗЛИЧНЫЕ ДЕЙСТВИЯ-----------------*/
 if (isset($_REQUEST['filterhash'])) {
     $return = array('status' => 'success', 'data' => null);
     if (!empty($_POST)) {
         $dataJson = json_encode($_POST);
         $hash = sha1($dataJson . microtime(true));
         $db->query("replace into filter_hashes (`hash`, `data`) values('{$hash}', '{$dataJson}')");
         $return = array('status' => 'success', 'data' => $hash);
     }
     header('Content-Type:text/json;charset:utf8;');
     echo json_encode($return, true);
     die;
 }
 if (isset($_POST['submit_comment'])) {
     $id = $_POST['brand_id'];
     $comment = String::secure_user_input($_POST['ntrcn']);
     $comment = Common::strip_forum_tags($comment);
     //$author=$_SESSION['fw_user']['id'];
     $username = strip_tags($_POST['bvz']);
     $email = strip_tags($_POST['tvfbk']);
     if (trim($_POST['username']) == '') {
         if (trim($_POST['email']) == '') {
             if (trim($_POST['text']) == '') {
                 if ($comment != '') {
                     $db->query("INSERT INTO fw_products_comments(product_id,username, email,text,insert_date) VALUES('{$id}','{$username}', '{$email}','{$comment}','" . time() . "')");
                 }
             }
         }
     }
     $location = @$_SERVER['HTTP_REFERER'];
     header("Location: {$location}");

Beispiel #5

Datei: cabinet.f_main.php Projekt: askovorodka/sqc

        }
        $smarty->assign("message", "Сообщение отправлено");
    }
}
if (count($url) == 4 && $url[$n - 2] == 'messages' && $url[$n - 1] == 'delete') {
    $page_found = true;
    $id = $url[$n];
    $db->query("DELETE FROM fw_messages WHERE id='{$id}' AND (`to`='" . $_SESSION['fw_user']['id'] . "' OR `from`='" . $_SESSION['fw_user']['id'] . "')");
    $location = $_SERVER['HTTP_REFERER'];
    header("Location: {$location}");
}
if (isset($_POST['submit_edit_albums'])) {
    $sort_order = $_POST['sort_order'];
    foreach ($sort_order as $k => $v) {
        if (preg_match("/^[0-9]*\$/", String::secure_user_input($v))) {
            $db->query("UPDATE fw_user_albums SET sort_order='" . String::secure_user_input($v) . "' WHERE id='" . String::secure_user_input($k) . "'");
        }
    }
    $location = $_SERVER['HTTP_REFERER'];
    header("Location: {$location}");
}
/*--------------------ОТОБРАЖЕНИЕ---------------------*/
switch (TRUE) {
    case $url[$n] == 'login' && count($url) == 2:
        $navigation[] = array("url" => 'register', "title" => 'Войти');
        $page_found = true;
        $template = 'cabinet_login.html';
        break;
    case $url[$n] == 'register' && count($url) == 2:
        $navigation[] = array("url" => 'register', "title" => 'Стать своим');
        $smarty->assign("mode", "register");

Beispiel #6

Datei: go.php Projekt: askovorodka/sqc

<?php

session_start();
require_once 'conf/globals.php';
require_once 'lib/class.db.php';
require_once 'lib/class.common.php';
require_once 'lib/class.string.php';
/* ------------ ÏÎÄÊËÞ×ÀÅÌÑß Ê ÁÀÇÅ ÄÀÍÍÛÕ -------------- */
$db = new db(DB_NAME, DB_HOST, DB_USER, DB_PASS);
if (isset($_GET['target'])) {
    $id = String::secure_user_input($_GET['target']);
    $banner = $db->get_single("SELECT * FROM fw_banners WHERE id='{$id}'");
    if (isset($banner['id'])) {
        $db->query("UPDATE fw_banners SET clicks=clicks+1 WHERE id='{$id}'");
        $location = $banner['target_url'];
        header("Location: {$location}");
    } else {
        $location = $_SERVER['HTTP_REFERER'];
        header("Location: {$location}");
    }
}

Beispiel #7

Datei: subscribe.f_main.php Projekt: askovorodka/sqc

<?php

require_once BASE_PATH . '/lib/class.mail.php';
if ($switch_default == 'on' && $main_module != 'on') {
}
if ($main_module == 'on') {
    $navigation[] = array("url" => $module_url, "title" => $node_content['name']);
    switch (TRUE) {
        case count($url) == 1:
            $page_found = true;
            if (isset($_POST['submit_new_subscribe'])) {
                $mail = String::secure_user_input($_POST['new_subscriber_mail']);
                $action = $_POST['new_subscriber_action'];
                $check = true;
                $time = time();
                if ($action == 'subscribe') {
                    if (CONFIRM_SUBSCRIPTION == 'yes') {
                        $status = '0';
                    } else {
                        $status = '1';
                    }
                    $check_subscriber = $db->get_single("SELECT mail FROM fw_subscribe_list WHERE mail='{$mail}'");
                    if ($check_subscriber['mail'] != '') {
                        $check = false;
                        $smarty->assign("error_message", "Извините, этот адрес уже есть в нашей базе.");
                    }
                    if ($check) {
                        $db->query("INSERT INTO fw_subscribe_list(mail,reg_date,status) VALUES('{$mail}','{$time}','{$status}')");
                    }
                    if (CONFIRM_SUBSCRIPTION == 'yes') {
                        $smarty->assign("site_url", BASE_URL);

Beispiel #8

Datei: forms.a_main.php Projekt: askovorodka/sqc

    }
    if (isset($_POST['edit_form_element_name'])) {
        foreach ($_POST['edit_form_element_name'] as $k => $v) {
            $upd = array();
            $upd[] = "name='" . String::secure_user_input($_POST['edit_form_element_name'][$k]) . "'";
            $upd[] = "type='" . intval($_POST['edit_form_element_type'][$k]) . "'";
            if ($_POST['edit_form_element_type'][$k] == "3") {
                $upd[] = "value='" . String::secure_user_input($_POST['edit_form_element_value'][$k]) . "'";
            }
            $upd[] = "sort_order='" . intval($_POST['edit_form_element_sort_order'][$k]) . "'";
            $upd[] = "status='" . (isset($_POST['edit_form_element_status'][$k]) ? "1" : "0") . "'";
            $db->query("UPDATE fw_forms_elements SET " . implode(", ", $upd) . " WHERE id='{$k}'");
        }
    }
    $name = String::secure_user_input($_POST['edit_forms_name']);
    $email = String::secure_user_input($_POST['edit_forms_email']);
    $status = intval($_POST['edit_forms_status']);
    if ($check) {
        $db->query("UPDATE fw_forms SET name='{$name}',email='{$email}',status='{$status}' WHERE id='{$id}'");
        $location = $_SERVER['HTTP_REFERER'];
        header("Location: {$location}");
    }
}
/*--------------------------------- ќ“ќЅ–ј∆≈Ќ»≈ ------------------------------*/
switch (TRUE) {
    case $action == 'add':
        $navigation[] = array("url" => BASE_URL . "/admin/?mod=forms&action=add", "title" => 'ƒобавить форму');
        $smarty->assign("mode", "add");
        $template = 'forms.a_edit.html';
        break;
    case $action == 'edit' && isset($_GET['id']):

Beispiel #9

Datei: banners.a_main.php Projekt: askovorodka/sqc

        $location = 'index.php?mod=banners&action=edit_banner&id=' . $id;
        header("Location: {$location}");
    }
}
if (isset($_POST['submit_add_group'])) {
    Common::check_priv("{$priv}");
    $name = String::secure_user_input($_POST['name']);
    $db->query("INSERT INTO fw_banners_groups(name) VALUES('{$name}')");
    $location = 'index.php?mod=banners&action=groups_list';
    header("Location: {$location}");
    die;
}
if (isset($_POST['submit_edit_group'])) {
    Common::check_priv("{$priv}");
    $name = String::secure_user_input($_POST['name']);
    $id = String::secure_user_input($_POST['id']);
    $db->query("UPDATE fw_banners_groups SET name='{$name}' WHERE id='{$id}'");
    $location = $_SERVER['HTTP_REFERER'];
    header("Location: {$location}");
    die;
}
/*--------------------------------- ќ“ќЅ–ј∆≈Ќ»≈ ------------------------------*/
switch (TRUE) {
    case $action == 'groups_list':
        $navigation[] = array("url" => BASE_URL . "/admin/?mod=banners&action=groups_list", "title" => '√руппы баннеров');
        if (isset($_GET['page'])) {
            $page = $_GET['page'];
        } else {
            $page = 1;
        }
        $result = $db->query("SELECT COUNT(*) FROM fw_banners_groups");