function register()
{
global $globals, $mysql, $theme, $done, $error;
global $user;
global $l;
$theme['name'] = 'register';
$theme['call_theme_func'] = 'register';
loadlang();
fheader($title = 'Registration');
if (isset($_POST['sub_register'])) {
// special characters, etc not allowed
// only AlphaNumeric and _ (underscore) charachters allowed
$username = mandff($_POST['username'], $l['user_req']);
$password = mandff($_POST['password'], $l['pass_req']);
$email = mandff($_POST['email'], $l['email_req']);
$url = $_POST['url'];
if ($error) {
return false;
}
// cleanup of $_POST not happening.
// now cleanup of POST happening
foreach ($_POST as $k => $v) {
$v = check_input($v);
}
$username = $username;
$password = $password;
$email = $email;
$url = $url;
$salt = 'abc';
// by default the level of user & privileges are minimum, level=1
$group = 1;
// Password & Salt getting md5()'d
$password = md5($password . $salt);
$q1 = "SELECT `email` FROM `users` WHERE `email` = '{$email}'";
$qq1 = mysql_query($q1);
if (mysql_num_rows($qq1) > 0) {
$error['email_exists'] = $l['email_exists'];
return false;
}
// $q = "INSERT INTO `users`(`username`, `password`, `email`, `url`, `salt`) VALUES('$username', '$password', '$email', '$url', '$salt') ";
$q[1] = "INSERT INTO `users`(`username`, `password`, `email`, `url`, `salt`, `group`) VALUES('{$username}', '{$password}', '{$email}', '{$url}', '{$salt}', '{$group}')";
$qu[1] = mysql_query($q[1]);
//$ins_id = mysql_insert_id($qu[1]);
$ins_id = mysql_insert_id();
//echo "ins_id = " . $ins_id;
// an insert id goes in here, which becomes the user[uid]
$q[2] = "INSERT INTO `profile` (`users_uid`) VALUES('{$ins_id}')";
$qu[2] = mysql_query($q[2]);
$q[3] = "INSERT INTO `ai_actions_taken` (`users_uid`) VALUES('{$ins_id}')";
$qu[3] = mysql_query($q[3]);
if ($qu[1]) {
$done = true;
} else {
$errors = 'faltugiri';
}
}
}
function ban($userId = null)
{
global $themedir, $l;
global $globals, $mysql, $theme, $done, $errors;
global $user, $notice, $reqPrivs;
global $qu;
$theme['name'] = 'bannedList';
$theme['call_theme_func'] = 'ban';
loadlang();
//printrr( $reqPrivs );
fheader('Ban/Unban');
/*
//if ( $notLogged )
if ( !userUidSet() )
{
$notice['login'] = "******";
return false;
}
*/
// Check this line again, y putting 0 in last?
// $uid = ( isset($_GET['uid'] ) ? (int) check_input( $_GET['uid'] ) : 0 );
// For banning, a user[uid] has to be present in the URL,
// it its not, then it has to be passed in the function,
// still if its not, then take it as null, or just return with an error[user_id_empty]
$uid = isset($_GET['uid']) ? (int) check_input($_GET['uid']) : $userId;
if (isset($_GET['action']) && $_GET['action'] == 'unban') {
$q = "DELETE FROM `banned` WHERE `ban_uid`={$uid}";
$qu = mysql_query($q);
if ($qu) {
$notice['unbanned'] = 'User unbanned successfully.';
} else {
$error['unbanning_error'] = 'Error while unbanning the user, please try again.';
}
return;
}
// $q = "SELECT * FROM `banned` b left join `users` u on b.ban_uid = u.uid";
$q = "SELECT * FROM `banned` WHERE `ban_uid`={$uid}";
$qu = mysql_query($q);
// mysql num rows is zero, so user is not banned, so show ban link & ban him
// fire an INSERT query
if (mysql_num_rows($qu) == 0) {
$qI1 = "INSERT INTO `banned`(`ban_uid`, `banned`) VALUES({$uid}, 1)";
$qI1_e = db_query($qI1);
$qU1 = "UPDATE `users` set `is_banned`=1 WHERE `uid`='{$uid}'";
$qU1_e = db_query($qU1);
if ($qI1_e && $qU1_e) {
$notice['banned'] = 'User banned successfully!!!';
} else {
$error['cudnt_ban'] = 'Couldn\'t ban the user, please try again.';
}
} else {
// user already exists in ban list, so show unban link, and unban him
$notice['banned'] = 'User already exists in ban list!!!';
}
}
/**
* tarski_output_navbarinclude() - Adds $navbarInclude variable from constants.php to navbar.
*
* @since 1.5
* @param array $input
* @global string $navbarInclude
* @return array $navbarInclude
*/
function tarski_output_navbarinclude($navbar)
{
global $navbarInclude;
if (!check_input($navbar, 'array')) {
$navbar = array();
}
if ($navbarInclude) {
$navbar['navbarinclude'] = $navbarInclude;
}
return $navbar;
}
function ssm_send_email()
{
add_filter('wp_mail_content_type', 'ssm_set_html_content_type');
function ssm_set_html_content_type()
{
return 'text/html';
}
//$attachments = array( WP_CONTENT_DIR . '/uploads/2015/07/04_The-Make-Up.mp3' );
$headers = 'From: ' . get_option('ssm_email_newsletter_from_name') . ' <' . get_option('ssm_email_newsletter_from_email') . '>' . "\r\n";
$to = check_input($_REQUEST['sm_email']);
$subject = get_option('ssm_email_newsletter_subject');
$message = get_option('ssm_email_newsletter');
wp_mail($to, $subject, $message, $headers);
remove_filter('wp_mail_content_type', 'ssm_set_html_content_type');
}
function lookItUp($username, $password)
{
$con = mysql_connect("newer.cwglba5cwihw.us-east-1.rds.amazonaws.com/UserInfo", "bob", "james123");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
$user = $username;
$pwd = $password;
// Make a safe SQL
$user = check_input($_POST['user']);
$pwd = check_input($_POST['pwd']);
$sql = "SELECT * FROM users WHERE\nuser={$user} AND password={$pwd}";
return mysql_query($sql);
mysql_close($con);
}
private function set_page()
{
if (check_input('number', $_GET['page'])) {
if ($_GET['page'] > 0) {
if ($_GET['page'] > $this->mPageCount) {
return $this->mPageCount;
} else {
return $_GET['page'];
}
} else {
return 1;
}
} else {
return 1;
}
}
function permissions()
{
global $globals, $mysql, $theme, $done, $error;
global $user;
global $l;
$theme['name'] = 'permissions';
$theme['call_theme_func'] = 'permissions';
loadlang();
fheader($title = 'Permissions');
if (isset($_POST['sub_register'])) {
$email = mandff($_POST['email'], $l['user_email_req']);
$password = mandff($_POST['password'], $l['pass_req']);
if ($error) {
return false;
}
// cleanup of $_POST not happening.
// now cleanup of POST happening
foreach ($_POST as $k => $v) {
$v = check_input($v);
}
$email = $email;
$password = $password;
$salt = 'abc';
// Password & Salt getting md5()'d
$password = md5($password . $salt);
/*
* Select only 1 column from email or username
$q1 = "SELECT * FROM `users` WHERE
(
( `email` = '$email' OR username = '******' )
AND
`password` = '$password'
) ";
*/
$q1 = "SELECT * FROM `users` WHERE \n\t\t`email` = '{$email}' AND `password` = '{$password}' \n\t\tOR \n\t\tusername = '******' AND `password` = '{$password}' \n\t\t";
$qq1 = db_query($q1);
if (mysql_num_rows($qq1) > 0) {
$done = true;
// if successful login, redirect to index.php
header("Location: index.php");
} else {
$error[] = 'Username/Email not valid';
}
}
}
function submit_preview($subject, $abstract, $article, $section)
{
global $allowed_html, $theme, $user;
include "includes/story.inc";
$output .= "<FORM ACTION=\"submit.php\" METHOD=\"post\">\n";
$output .= "<B>" . t("Your name") . ":</B><BR>\n";
$output .= format_username($user->userid) . "<P>";
$output .= "<B>" . t("Subject") . ":</B><BR>\n";
$output .= "<INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"" . check_textfield($subject) . "\"><P>\n";
$output .= "<B>" . t("Section") . ":</B><BR>\n";
foreach ($sections = section_get() as $value) {
$options .= " <OPTION VALUE=\"{$value}\"" . ($section == $value ? " SELECTED" : "") . ">{$value}</OPTION>\n";
}
$output .= "<SELECT NAME=\"section\">{$options}</SELECT><P>\n";
$output .= "<B>" . t("Abstract") . ":</B><BR>\n";
$output .= "<TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\">" . check_textarea($abstract) . "</TEXTAREA><BR>\n";
$output .= "<SMALL><I>" . t("Allowed HTML tags") . ": " . htmlspecialchars($allowed_html) . ".</I></SMALL><P>\n";
$output .= "<B>" . t("Extended story") . ":</B><BR>\n";
$output .= "<TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\">" . check_textarea($article) . "</TEXTAREA><BR>\n";
$output .= "<SMALL><I>" . t("Allowed HTML tags") . ": " . htmlspecialchars($allowed_html) . ".</I></SMALL><P>\n";
$duplicate = db_result(db_query("SELECT COUNT(id) FROM stories WHERE subject = '" . check_input($subject) . "'"));
if (empty($subject)) {
$output .= "<FONT COLOR=\"red\">" . t("Warning: you did not supply a subject.") . "</FONT><P>\n";
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"" . t("Preview submission") . "\">\n";
} else {
if (empty($abstract)) {
$output .= "<FONT COLOR=\"red\">" . t("Warning: you did not supply an abstract.") . "</FONT><P>\n";
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"" . t("Preview submission") . "\">\n";
} else {
if ($duplicate) {
$output .= "<FONT COLOR=\"red\">" . t("Warning: there is already a story with that subject.") . "</FONT><P>\n";
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"" . t("Preview submission") . "\">\n";
} else {
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"" . t("Preview submission") . "\">\n";
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"" . t("Submit submission") . "\">\n";
}
}
}
$output .= "</FORM>\n";
$theme->header();
$theme->story(new Story($user->userid, $subject, $abstract, $article, $section, time()), "[ " . t("reply to this story") . " ]");
$theme->box(t("Submit a story"), $output);
$theme->footer();
}
/**
* implode_proper() - Implodes an array and adds a final conjuction.
*
* Given the array <code>array('John', 'Paul', 'George', 'Ringo')</code> it will
* return the string <code>'John, Paul, George and Ringo'</code>.
* @since 2.0
* @param $array array
* @param $glue string
* @param $last_connective string
* @return string
*/
function implode_proper($array, $glue = NULL, $last_connective = NULL)
{
if (!check_input($array, 'array') || count($array) == 0) {
return;
}
if ($glue == NULL) {
$glue = __(', ', 'tarski');
}
if ($last_connective == NULL) {
$last_connective = __('and', 'tarski');
}
$last_value = array_pop($array);
if (count($array)) {
$output = implode($glue, $array) . " {$last_connective} {$last_value}";
} else {
$output = $last_value;
}
return $output;
}
function viewProfile()
{
global $themedir;
global $globals, $mysql, $theme, $done, $errors, $notice;
global $l;
global $time;
global $user, $reqPrivs;
global $q, $qu;
$theme['name'] = 'viewProfile';
$theme['call_theme_func'] = 'viewProfile';
loadlang();
// fheader($title = 'View Profile');
fheader("View Profile");
// if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
// if from Admin Board Settings table, loginReq column is 1, then, login is required to view
// so redirect him to login page
if ($reqPrivs['board']['loginReq']) {
if (!userUidSet()) {
redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
}
}
// Base64encode for everything coming from URL
// Checking input, checking everything coming from $_GET url,
// sanitizing it, and casting it into an (int) datatype
$uid = isset($_GET["uid"]) ? (int) check_input($_GET["uid"]) : $user["uid"];
// Add if $user['uid'] != $_GET['uid'] , then, see if he is Admin or Editor
// Else, Not allowed to access this area, permission denied & return false
// ---Permission stuff here---
// or probably uid=$_GET[id] to see other's profile
// $q = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON u.uid=p.users_uid WHERE `users_uid`=$uid";
// Working
// $q = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON u.uid=p.users_uid WHERE `u`.`uid`=$uid";
$qu = array();
// $q = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON `u`.`uid`=`p`.`users_uid` JOIN `banned` `b` on `u`.`uid`=`b`.`ban_uid` WHERE `u`.`uid`=$uid";
$q1 = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON `u`.`uid`=`p`.`users_uid` WHERE `u`.`uid`={$uid}";
// JOIN `banned` `b` on `u`.`uid`=`b`.`ban_uid`
$qu[1] = db_query($q1);
$q2 = "SELECT * FROM `banned` `b` WHERE `ban_uid`={$uid}";
$qu[2] = db_query($q2);
}
function func_add_student($login, $option, $db)
{
$col_students = $db->students;
if ($login == "") {
echo "Usage: ./etna_movies.php add_student <login_l>\n";
} else {
if ($col_students->find(array('login' => $login))->count() == 0) {
$nom = my_readline("Name ?\n> ");
$age = my_readline("Age ?\n> ");
$email = my_readline("Email ?\n> ");
$phone = my_readline("Phone number ?\n> ");
if (check_input($login, $nom, $age, $email, $phone)) {
$student = array("login" => $login, "name" => $nom, "age" => $age, "email" => $email, "phone" => $phone, "rented_movies" => []);
$col_students->insert($student);
echo "User registered !\n";
} else {
echo "Incorrect input\n";
}
} else {
echo "Login already used\n";
}
}
}
function ad_request($data)
{
global $request_settings;
prepare_r_hash();
if (!isset($data['rt'])) {
$data['rt'] = '';
}
if (isset($data['p'])) {
$request_settings['referer'] = $data['p'];
} else {
$request_settings['referer'] = '';
}
if (isset($data['longitude'])) {
$request_settings['longitude'] = $data['longitude'];
} else {
$request_settings['longitude'] = '';
}
if (isset($data['latitude'])) {
$request_settings['latitude'] = $data['latitude'];
} else {
$request_settings['latitude'] = '';
}
if (isset($data['iphone_osversion'])) {
$request_settings['iphone_osversion'] = $data['iphone_osversion'];
}
if (!isset($data['sdk']) or $data['sdk'] != 'banner' && $data['sdk'] != 'vad') {
$request_settings['sdk'] = 'banner';
} else {
$request_settings['sdk'] = $data['sdk'];
}
/*Identify Response Type*/
switch ($data['rt']) {
case 'javascript':
$request_settings['response_type'] = 'json';
$request_settings['ip_origin'] = 'fetch';
break;
case 'json':
$request_settings['response_type'] = 'json';
$request_settings['ip_origin'] = 'fetch';
break;
case 'iphone_app':
$request_settings['response_type'] = 'xml';
$request_settings['ip_origin'] = 'fetch';
break;
case 'android_app':
$request_settings['response_type'] = 'xml';
$request_settings['ip_origin'] = 'fetch';
break;
case 'ios_app':
$request_settings['response_type'] = 'xml';
$request_settings['ip_origin'] = 'fetch';
break;
case 'ipad_app':
$request_settings['response_type'] = 'xml';
$request_settings['ip_origin'] = 'fetch';
break;
case 'xml':
$request_settings['response_type'] = 'xml';
$request_settings['ip_origin'] = 'request';
break;
case 'api':
$request_settings['response_type'] = 'xml';
$request_settings['ip_origin'] = 'request';
break;
case 'api-fetchip':
$request_settings['response_type'] = 'xml';
$request_settings['ip_origin'] = 'fetch';
break;
default:
$request_settings['response_type'] = 'html';
$request_settings['ip_origin'] = 'request';
break;
}
if (MAD_MAINTENANCE) {
noad();
}
if (!check_input($data)) {
global $errormessage;
print_error(1, $errormessage, $request_settings['sdk'], 1);
return false;
}
global $zone_detail;
$zone_detail = get_placement($data);
if (!$zone_detail) {
global $errormessage;
print_error(1, $errormessage, $request_settings['sdk'], 1);
return false;
}
$request_settings['adspace_width'] = $zone_detail['zone_width'];
$request_settings['adspace_height'] = $zone_detail['zone_height'];
$request_settings['channel'] = getchannel();
update_last_request();
set_geo($request_settings['ip_address']);
set_device($request_settings['user_agent']);
build_query();
if ($campaign_query_result = launch_campaign_query($request_settings['campaign_query'])) {
if (!process_campaignquery_result($campaign_query_result)) {
launch_backfill();
}
} else {
launch_backfill();
}
global $display_ad;
if (isset($display_ad['available']) && $display_ad['available'] == 1) {
track_request(1);
display_ad();
} else {
track_request(0);
noad();
}
}
return false;
}
return true;
}
function check_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if (isset($_POST['submit'])) {
if (verifyFormToken('form1')) {
$name = check_input($_POST["name"]);
$email = check_input($_POST["emailaddress"]);
$message = check_input($_POST["message"]);
$ForwardTo = '*****@*****.**';
$details = 'Name: ' . $name . "\n" . 'Email: ' . $email . "\n" . 'Message: ' . $message . "\n";
$data['success'] = true;
$data['message'] = 'Success!';
mail($ForwardTo, "Construction of Hope Contact", $details, "From:{$email}");
} else {
$data['success'] = false;
$data['errors'] = $errors;
}
exit('
<body>
<div class="modal fade" tabindex="-1" role="dialog">
<div class="modal-dialog">
<div class="modal-content" style="top:4em">
return $error;
}
if ($password_new != $password_conf) {
$error = "<font color=\"red\">The passwords don't match!</font>";
return $error;
}
if (!check_password($password_new) && $_COOKIE["security_level"] == "2") {
$error = "<font color=\"red\">The new password is not valid!<br />Password policy: minimum 6 characters containing at least one uppercase letter, lowercase letter and number.";
return $error;
}
return $error;
}
if (isset($_POST["action"])) {
$password_new = $_REQUEST["password_new"];
$password_conf = $_REQUEST["password_conf"];
$message = check_input($password_new, $password_conf);
// Debugging
// echo "I was here!";
if (!$message) {
$login = $_SESSION["login"];
$password_new = mysqli_real_escape_string($link, $password_new);
$password_new = hash("sha1", $password_new, false);
$password_curr = $_REQUEST["password_curr"];
$password_curr = mysqli_real_escape_string($link, $password_curr);
$password_curr = hash("sha1", $password_curr, false);
$sql = "SELECT password FROM users WHERE login = '******' AND password = '******'";
// Debugging
// echo $sql;
$recordset = $link->query($sql);
if (!$recordset) {
die("Error: " . $link->error);
$page_type = "website";
// website or blog *トップページのみ記述
$page_ogimage = "";
// og:imageを個別に設定する場合パスを記述
function check_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$name = check_input($_POST["name"]);
$tel = check_input($_POST["tel"]);
$email = check_input($_POST["email"]);
$company = check_input($_POST["company"]);
$text = check_input($_POST["text"]);
//入力チェック
$errormsg = array();
//名前
if ($name == null) {
$errormsg[] = "NAMEを入力してください。";
}
if ($email == null) {
$errormsg[] = "E-MAILを入力してください。";
}
$ret = preg_match("/^[a-zA-Z0-9_\\.\\-]+?@[A-Za-z0-9_\\.\\-]+\$/", $email);
if (!$ret) {
$errormsg[] = "E-MAILを正しい形式で入力して下さい。";
}
//内容
if ($text == null) {
<?php
/* Set e-mail recipient */
$myemail = "*****@*****.**";
/* Check all form inputs using check_input function */
$name = check_input($_POST['inputName'], "Your Name");
$email = check_input($_POST['inputEmail'], "Your E-mail Address");
$subject = check_input($_POST['inputSubject'], "Message Subject");
$message = check_input($_POST['inputMessage'], "Your Message");
/* If e-mail is not valid show error message */
if (!preg_match("/([\\w\\-]+\\@[\\w\\-]+\\.[\\w\\-]+)/", $email)) {
show_error("Invalid e-mail address");
}
/* Let's prepare the message for the e-mail */
$subject = "Someone has sent you a message";
$message = "\n\nRomex Construction: You have received a new message \n\nName: {$name}\nEmail: {$email}\nSubject: {$subject}\n\nMessage:\n{$message}\n\n";
/* Send the message using mail() function */
mail($myemail, $subject, $message);
/* Redirect visitor to the thank you page */
header('Location: http://romexconstruction.com');
exit;
/* Functions we used */
function check_input($data, $problem = '')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0) {
show_error($problem);
}
return $data;
$errmsg .= 'Please enter Valid ProductID<br>';
}
if ($errmsg == '') {
function check_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
$data = mysql_real_escape_string($data);
return $data;
}
$Productid = check_input($_POST['Productid']);
$Product_name = check_input($_POST['Product_name']);
$Product_type = check_input($_POST['Product_type']);
$Product_price = check_input($_POST['Product_price']);
$Product_description = check_input($_POST['Product_description']);
$Productobj = new Product();
if ($Productobj->update_product($Productid, $Product_name, $Product_type, $Product_price, $Product_description)) {
$msg .= 'Product Details successfully updated.<br>';
} else {
$errmsg .= '!Opps Some thing went wrong.<br>';
}
}
}
}
include_once "../../includes/dbclose.inc.php";
?>
<?php
require_once "../layouts/user_header.php";
?>
$errmsg .= 'Please enter Valid CampaignID<br>';
}
if ($errmsg == '') {
function check_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
$data = mysql_real_escape_string($data);
return $data;
}
$Campaignid = check_input($_POST['Campaignid']);
$Campaign_name = check_input($_POST['Campaign_name']);
$Campaign_type = check_input($_POST['Campaign_type']);
$Campaign_budget = check_input($_POST['Campaign_budget']);
$Campaign_description = check_input($_POST['Campaign_description']);
$Campaignobj = new Campaign();
if ($Campaignobj->delete_Campaign($Campaignid, $Campaign_name, $Campaign_type, $Campaign_budget, $Campaign_description)) {
$msg .= 'Campaign Details successfully Deleted.<br>';
$Campaignid = "";
$Campaign_name = "";
$Campaign_type = "";
$Campaign_budget = "";
$Campaign_description = "";
} else {
$errmsg .= '!Opps Some thing went wrong.<br>';
}
}
}
}
include_once "../../includes/dbclose.inc.php";
} else {
$postuname = addslashes(trim($_POST['uname']));
$postupwd = addslashes(trim($_POST['upwd']));
$postuemail = addslashes(trim($_POST['uemail']));
}
function check_input($value)
{
// 如果不是数字则加引号
if (!is_numeric($value)) {
$value = mysql_real_escape_string($value);
}
return $value;
}
$postuname = check_input($postuname);
$postupwd = check_input($postupwd);
$postuemail = check_input($postuemail);
$sql = "insert into user(uname,upwd,uemail,activekey,regdate)values('" . $postuname . "','" . md5($postupwd) . "','" . $postuemail . "','" . $key . "','" . time() . "')";
$num = $conne->uidRst($sql);
if ($num == 1) {
//插入成功时发送邮件
//用户激活链接
$url = 'http://' . $_SERVER['HTTP_HOST'] . '/activation.php';
//urlencode函数转换url中的中文编码
//带反斜杠
$url .= '?name=' . urlencode($postuname) . '&k=' . $key;
//定义登录使用的邮箱
$envelope = '*****@*****.**';
$password = '******';
$port = 25;
$auth = 'login';
$smtp = 'smtp.126.com';
function handle_bind_account($PARAMS)
{
$device = @$PARAMS['device'];
$platform = @$PARAMS['plat'];
$caption = @$PARAMS['cap'];
$username = check_input(@$PARAMS['user']);
$nickname = check_input(@$PARAMS['nick']);
$cap_view = make_capview($username, $nickname, $caption);
/********************************
判断新收到的账户,是否应该被收录
********************************/
if (empty($username) && empty($nickname)) {
omp_trace($PARAMS);
return return_bind(array('status' => 'error'));
}
if (count($username) > 100 || count($nickname) > 100) {
omp_trace('username or nickname too long');
return return_bind(array('status' => 'error'));
}
$platform_list = mmc_array_keys(NS_BINDING_LIST);
if (!in_array($platform, $platform_list)) {
mmc_array_set(NS_BINDING_LIST, $platform, $caption);
}
$ns_bind_list = NS_BINDING_LIST . $platform;
$bind_info = mmc_array_get($ns_bind_list, $device);
omp_trace($bind_info);
$changed = false;
if ($bind_info) {
if ($username) {
if ($bind_info['username'] != $username) {
$bind_info['username'] = $username;
$changed = true;
}
}
if ($nickname) {
if ($bind_info['nickname'] != $nickname) {
$bind_info['nickname'] = $nickname;
$changed = true;
}
}
} else {
$bind_info = array();
$bind_info['username'] = $username;
$bind_info['nickname'] = $nickname;
$changed = true;
}
$mem = api_open_mmc();
if (!$changed) {
omp_trace('not changed');
//绑定信息没有改变的时候,确定绑定显示列表是正常输出的
if ($binded_list = $mem->ns_get(NS_BINDED_CAPTION, $device)) {
if (in_array($cap_view, $binded_list)) {
omp_trace($cap_view . ' in binded_list');
omp_trace($binded_list);
return return_bind(array('status' => 'ok'));
} else {
omp_trace('but binbed capview missed');
}
} else {
omp_trace('but binbed capview error');
}
}
/********************************
记录绑定的账户
********************************/
//1、收录绑定信息
if (mmc_array_set($ns_bind_list, $device, $bind_info) > 0) {
$caption && mmc_array_caption($ns_bind_list, $caption);
omp_trace('update caption: ' . $caption);
}
//2、制作绑定账户的标识列表
$new_key = md5($caption . '@' . $platform . '@' . $device);
$new_val = md5($username . '(' . $nickname . ')@' . $device);
$changed = false;
if ($binded_list = $mem->ns_get(NS_BINDED_LIST, $device)) {
if ($binded_list[$new_key] !== $new_val) {
$binded_list[$new_key] = $new_val;
$changed = true;
}
} else {
$binded_list[$new_key] = $new_val;
$changed = true;
}
//更新绑定账户标记列表
if ($changed) {
$mem->ns_set(NS_BINDED_LIST, $device, $binded_list);
omp_trace('update bind md5 info: ' . json_encode($binded_list));
}
//3、制作绑定账户显示列表
if ($bind_account = $mem->ns_get(NS_BINDED_CAPTION, $device)) {
if (!in_array($cap_view, $bind_account)) {
$bind_account[] = $cap_view;
$mem->ns_set(NS_BINDED_CAPTION, $device, $bind_account);
omp_trace('set account info ok: ' . json_encode($bind_account));
}
} else {
$mem->ns_set(NS_BINDED_CAPTION, $device, array($cap_view));
omp_trace('set 1st account info ok: ' . $cap_view);
}
/********************************
异步通知第三方代码
********************************/
$bind_info['device'] = $device;
$bind_info['platform'] = $platform;
$bind_info['caption'] = $caption;
counter(COUNT_ON_BINDING);
call_async_php('/on_account_binding.php', $bind_info);
return return_bind(array('status' => 'ok'));
}
$resp = null;
# the error code from reCAPTCHA, if any
$error = null;
# was there a reCAPTCHA response?
if ($_POST["recaptcha_response_field"]) {
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if ($resp->is_valid) {
if (isset($_POST['uname'])) {
$msg = "";
if ($_POST['uname'] == "") {
$msg .= "<br />User Name cannot be left empty!<br />";
}
if ($_POST['pass'] == "") {
$msg .= "<br />Password cannot be left empty!<br />";
} else {
$po_uname = check_input($_POST['uname']);
$po_pass = md5($_POST['pass']);
$query = sprintf("select * from users where username='******' and password='******'");
$result = mysql_query($query);
// print_r($query);
if (mysql_num_rows($result) == 0) {
$msg .= "Wrong login details entered!";
@mysql_close();
} else {
while ($row = mysql_fetch_assoc($result)) {
$auth_id = $row['userid'];
$auth_gid = $row['usergid'];
$auth_name = $row['username'];
$auth_pass = $row['password'];
$auth_status = $row['status'];
}
/**
* wrap_navlist() - Wraps the Tarski navbar in an unordered list element.
*
* Unlike other navbar filters, wrap_navlist() doesn't make $navbar an array
* if it isn't one, since that would result in it outputting an empty
* unordered list. Instead, it simply returns false.
* @since 2.0
* @see tarski_navbar()
* @param string $navbar
* @return string $navbar
*/
function wrap_navlist($navbar)
{
if (check_input($navbar, 'array')) {
array_unshift($navbar, '<ul class="primary xoxo">');
array_push($navbar, '</ul>');
return $navbar;
} else {
return false;
}
}
/**
* 修改数据,参数为必须
* @param string|array $data
* @param string $where WHERE 条件以及后续语句
* @return bool $q 只有语句执行成功就返回 true
*/
public function update($data = array(), $where = null, $tb_name = null)
{
if (!$tb_name) {
show_error('empty table name');
return false;
}
$sql = '';
$q = false;
$sqlwhere = ' WHERE ' . trim($where);
$update_data = '';
if (is_array($data)) {
foreach ($data as $k => $v) {
$update_data .= ", `{$k}` = " . check_input($v);
}
} else {
$update_data = $data;
}
$update_data = trim($update_data, ', ');
$sql = 'UPDATE `' . $tb_name . '` SET ' . $update_data . $sqlwhere;
if (!is_null($where)) {
$q = $this->query($sql);
} else {
show_error("sql error: {$sql}");
}
return $q;
}
<?php
$myemail = '*****@*****.**';
//$myemail = '*****@*****.**';
/* Check all form inputs using check_input function */
if (!check_input($_POST['name']) || !check_input($_POST['email']) || !check_input($_POST['tel']) || !check_input($_POST['text']) || !check_input($_POST['contact'])) {
echo json_encode(array('success' => 'false', 'msg' => 'Bitte überprüfen Sie Ihre Eingaben!'));
exit;
}
$name = check_input($_POST['name']);
$email = check_input($_POST['email']);
$Telefon = check_input($_POST['tel']);
$Kommentar = check_input($_POST['text']);
$contact = check_input($_POST['contact']);
$subject = "Kontaktanfrage Wellness Oase";
$message = "\nEine neue Kontaktanfrage wurde auf www.wellnessaufruegen.de abgeschickt:\n\n\nName: {$name}\nE-mail: {$email}\nTelefon: {$Telefon}\n\nKontakt über: {$contact}\n\nKommentar:\n{$Kommentar}\n\n\n-----------------------------------------------------------------------------\nBitte nicht auf diese Mail antworten - sie wurde automatisch generiert!\n-----------------------------------------------------------------------------\n";
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/plain; charset=UTF-8' . "\r\n";
$headers .= 'From: wellnessaufruegen.de Webmailer' . "\r\n";
/* Send the message using mail() function */
mail($myemail, $subject, $message, $headers);
echo json_encode(array('success' => 'true', 'msg' => 'Erfolgreich abgesendet!'));
exit;
/* Functions we used */
function check_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if (!$data || strlen($data) == 0) {
return false;
<?php
/* Set e-mail recipient */
$myemail = "*****@*****.**";
/* Check all form inputs using check_input function */
$full_name = check_input($_POST['full_name'], "Enter your full name (first and last)");
$email = check_input($_POST['email']);
$telephone = check_input($_POST['telephone'], "Enter your telephone number");
$comments = check_input($_POST['comments'], "Write your message");
$subject = "crg.io email inquiry";
/* If e-mail is not valid show error message */
if (!preg_match("/([\\w\\-]+\\@[\\w\\-]+\\.[\\w\\-]+)/", $email)) {
show_error("E-mail address not valid");
}
/* Let's prepare the message for the e-mail */
$comments = "\nName: {$full_name}\nE-mail: {$email}\nTelephone: {$telephone}\nComments: {$comments}\n";
/* Send the message using mail() function */
mail('*****@*****.**', $subject, $telephone, $comments);
/* Redirect visitor to the thank you page */
header('Location: thanks.php');
exit;
/* Functions we used */
function check_input($data, $problem = '')
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
if ($problem && strlen($data) == 0) {
show_error($problem);
}
return $data;
check_input($number, $qparams, 1, 1, "before");
$number++;
#5
$qparams = array("gpage" => "-123");
check_input($number, $qparams, 1, 1, "before");
$number++;
#6
$qparams = array("gpage" => "2", "gpa" => "0");
check_input($number, $qparams, 2, 0, "after");
$number++;
#7
$qparams = array("gpage" => "2", "gpa" => "\$#@");
check_input($number, $qparams, 2, 0, "after");
$number++;
#8
$qparams = array("gpage" => "2", "gpa" => 2, "gpb" => 2);
check_input($number, $qparams, 2, 2, "before");
$number++;
#9
$qparams = array("gpage" => "2", "gpa" => 2, "gpb" => "0");
check_input($number, $qparams, 2, 0, "before");
$number++;
#10
$qparams = array("gpage" => "2", "gpa" => 2, "gpb" => "@#@@@\$");
check_input($number, $qparams, 2, 0, "before");
$number++;
#11
$qparams = array("gpage" => "2", "gpa" => 2, "gpb" => " ");
check_input($number, $qparams, 2, 2, "after");
$number++;
printf(" *** Testing over *** \n\n");
<?php
//Connect to database
require "sqlconnect.php";
//Check for updated information form submit; if true, update happens, else form is displayed
if (!empty($_POST)) {
$username = check_input($_POST['username']);
//Check user exists
$query = "\n SELECT *\n FROM users\n WHERE\n username = :username\n ";
//Search parameter
$query_params = array(':username' => $username);
try {
//Execute query
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
} catch (PDOException $ex) {
print_r($db->errorInfo());
echo "<P>";
print_r($stmt->errorInfo());
die("Failed to run user existence check.");
}
//Retrieve username from 'users' table.
$row = $stmt->fetch();
if ($row) {
$tempPass = uniqid();
$sender = "*****@*****.**";
$recipient = $row['email'];
$subject = "Temporary Password";
$message = "Here is your temporary password: "******"From: " . $sender;
mail($recipient, $subject, $message);
$value = "'" . mysql_real_escape_string($value) . "'";
} else {
$value = intval($value);
}
return $value;
}
$uagent = $_SERVER['HTTP_REFERER'];
$IP = $_SERVER['REMOTE_ADDR'];
echo "<br>";
echo 'Your IP ADDRESS is: ' . $IP;
echo "<br>";
//echo 'Your User Agent is: ' .$uagent;
// take the variables
if (isset($_POST['uname']) && isset($_POST['passwd'])) {
$uname = check_input($_POST['uname']);
$passwd = check_input($_POST['passwd']);
/*
echo 'Your Your User name:'. $uname;
echo "<br>";
echo 'Your Password:'******'Your User Agent String:'. $uagent;
echo "<br>";
echo 'Your User Agent String:'. $IP;
*/
//logging the connection parameters to a file for analysis.
$fp = fopen('result.txt', 'a');
fwrite($fp, 'Referer:' . $uname . "\n");
fclose($fp);
$sql = "SELECT users.username, users.password FROM users WHERE users.username={$uname} and users.password={$passwd} ORDER BY users.id DESC LIMIT 0,1";
$result1 = mysql_query($sql);
$State = check_input($_POST['State']);
$ZIP = check_input($_POST['ZIP']);
$Country = check_input($_POST['Country']);
$Email = check_input($_POST['Email']);
$Telephone = check_input($_POST['Telephone']);
$Ext = check_input($_POST['Ext']);
$Fax = check_input($_POST['Fax']);
$Birthdate = check_input($_POST['Birthdate']);
$Gender = check_input($_POST['Gender']);
$IsSubmission = check_input($_POST['IsSubmission']);
$PaperTitle = check_input($_POST['PaperTitle']);
$PaperSession = check_input($_POST['PaperSession']);
$IsExhibition = check_input($_POST['IsExhibition']);
$Passport = check_input($_POST['Passport']);
$CountryPassport = check_input($_POST['CountryPassport']);
$StayTime = check_input($_POST['StayTime']);
if (!mysql_query("delete from InvitationLetter_table where \n\t\t FirstName='{$_POST['FirstName']}' and \n\t\t FamilyName='{$_POST['FamilyName']}' and\n\t\t Company='{$_POST['Company']}'", $con)) {
echo "<script>\n\t\t\t alert('Failed to connect to server. Pleas submit again later.');\n\t\t\t </script>";
die('Could not connect: ' . mysql_error());
} else {
if (!mysql_query("insert into InvitationLetter_table \n\t\t (\n\t\t\t FirstName,\n\t\t\t FamilyName,\n\t\t\t Name,\n\t\t\t Title,\n\t\t\t Company,\n\t\t\t Address,\n\t\t\t AddressC,\n\t\t\t City,\n\t\t\t State,\n\t\t\t ZIP,\n\t\t\t Country,\n\t\t\t Email,\n\t\t\t Telephone,\n\t\t\t Ext,\n\t\t\t Fax,\n\t\t\t Birthdate,\n\t\t\t Gender,\n\t\t\t IsSubmission,\n\t\t\t PaperTitle,\n\t\t\t PaperSession,\n\t\t\t IsExhibition,\n\t\t\t Passport,\n\t\t\t CountryPassport,\n\t\t\t StayTime\n\t\t )\n\t\t values\n\t\t (\n\t\t\t {$FirstName},\n\t\t\t {$FamilyName},\n\t\t\t {$Name},\n\t\t\t {$Title},\n\t\t\t {$Company},\n\t\t\t {$Address},\n\t\t\t {$AddressC},\n\t\t\t {$City},\n\t\t\t {$State},\n\t\t\t {$ZIP},\n\t\t\t {$Country},\n\t\t\t {$Email},\n\t\t\t {$Telephone},\n\t\t\t {$Ext},\n\t\t\t {$Fax},\n\t\t\t STR_TO_DATE({$Birthdate},'%m/%d/%Y'),\n\t\t\t {$Gender},\n\t\t\t {$IsSubmission},\n\t\t\t {$PaperTitle},\n\t\t\t {$PaperSession},\n\t\t\t {$IsExhibition},\n\t\t\t {$Passport},\n\t\t\t {$CountryPassport},\n\t\t\t {$StayTime}\n\t\t )\n\t\t ", $con)) {
echo "<script>\n\t\t\t alert('Failed to connect to server. Pleas submit again later.');\n\t\t\t </script>";
die('Could not connect: ' . mysql_error());
} else {
require "back-end/getword.php";
echo "<script>\n\t\t\t alert('Thank you for submitting your information! The Invitation letter will be sent before soon.');\n\t\t\t </script>";
$FirstName = $_POST['FirstName'];
$FamilyName = $_POST['FamilyName'];
$Name = $FirstName . " " . $FamilyName;
$Title = $_POST['Title'];
$Company = $_POST['Company'];
$details['email'] = $THEUSER->email();
} else {
$details["email"] = trim(get_http_var("email"));
}
// MJ OA_437 add reccomend arg to indicate this alert is by way of a recommendation
$details['recommended'] = trim(get_http_var("r"));
$details['keyword'] = trim(get_http_var("keyword"));
$details['pid'] = trim(get_http_var("pid"));
if ($details['pid'] == 'Any') {
$details['pid'] = '';
}
// Check the input.
// If there are any errors with the submission, $errors (an array)
// will have elements. The keys will be the name of form elements,
// and the values will be text to display when we show the form again.
$errors = check_input($details);
if (!sizeof($errors) && (get_http_var('submitted') && ($details['keyword'] || $details['pid']) || get_http_var('only') && ($details['keyword'] || $details['pid']) || $details['keyword'] && $details['pid'])) {
add_alert($details);
} else {
$PAGE->page_start();
$PAGE->stripe_start();
$PAGE->block_start(array('id' => 'alerts', 'title' => 'Request an OpenAustralia.org Email Alert'));
display_form($details, $errors);
$PAGE->block_end();
$end = array();
if (!get_http_var('only') || !$details['pid'] || $details['keyword']) {
$end[] = array('type' => 'include', 'content' => 'search');
}
$PAGE->stripe_end($end);
$PAGE->page_end();
}