/* Updates the name and notes field for a give object in a set. Accepts POST data. $_POST['obj_id'] -- The ID number of the object $_POST['set_id'] -- The ID number of the set containing the object $_POST['objectName'] -- The new object name $_POST['objectDesc'] -- The new object notes (legacy name = description) */ require_once "../../libs/env.php"; require_once "../../libs/utils.php"; $response = array(); $response['error'] = False; $response['msg'] = array(); // If the right POST params are not present, do nothing if (isset($_POST['objectName']) && isset($_POST['objectDesc']) && isset($_POST['set_id']) && isset($_POST['obj_id'])) { $_POST['objectNameobjectName'] = cleanFormData($_POST['objectName']); $_POST['objectDesc'] = cleanFormDataAllowHTML($_POST['objectDesc']); // Query DB $sql = "UPDATE set_objs SET notes = " . $db->quote($_POST['objectDesc'], 'text') . ", name = " . $db->quote($_POST['objectName'], 'text') . " WHERE set_id = " . $db->quote($_POST['set_id'], 'integer') . " AND obj_id = " . $db->quote($_POST['obj_id'], 'integer') . " LIMIT 1"; $res =& $db->exec($sql); if (PEAR::isError($res)) { $response['error'] = True; array_push($response['msg'], $res->getMessage()); } else { $response['objectName'] = $_POST['objectName']; $response['objectDesc'] = $_POST['objectDesc']; } } else { $response['error'] = True; array_push($response['msg'], "Invalid params in the post vars."); }
$t->assign('email', cleanFormData($_POST['email'])); $t->assign('message', cleanFormData($_POST['message'])); $t->assign('subject', cleanFormData($_POST['subject'])); $t->assign('messages', $msg); } else { $nameTo = "Delphi Feedback"; $emailTo = $CFG->contactEmail; $subj = cleanFormData($_POST['subject']); $plaintextmsg = cleanFormData($_POST['message']); $htmlmsg = cleanFormData($_POST['message']); if (isset($_POST['objid']) and strlen($_POST['objid']) > 0) { $objID = cleanFormData($_POST['objid']); $htmlmsg .= '<br /><br /><hr>Feedback on server: <a href="' . $CFG->wwwroot . '">' . $_SERVER['SERVER_NAME'] . '</a> for <a href="' . $CFG->wwwroot . '/object/' . $objID . '">Object: ' . $objID . '</a>'; } $emailFrom = $_POST['email']; $nameFrom = cleanFormData($_POST['name']); if (sendDelphiMail($nameTo, $emailTo, $subj, $plaintextmsg, $htmlmsg, $emailFrom, $nameFrom)) { if (isset($_POST['objid']) and strlen($_POST['objid']) > 0) { $t->assign('objid', $_POST['objid']); } else { $t->assign('objid', null); } $t->display('contactSent.tpl'); die; } else { $t->assign('heading', "Failed to send message"); $t->assign('message', "<p>We were unable to deliver your message.</p> <p>You can <a href='" . $CFG->wwwroot . "/modules/about/contact.php'>try again</a> or send us an email directly at <a href='mailto:{$emailTo}'>{$emailTo}</a>.</p>"); $t->display('error.tpl'); die; } }
array_push($msg, "Your password must be at least 6 characters."); } if ($_POST['pass'] != $_POST['pass2']) { array_push($msg, "Password does not match confirmation."); } } else { if (!updateField("passwdmd5", $md5pass)) { array_push($msg, "Error trying to update password."); } } } } if ($_POST['email'] != $userData['email']) { if (!emailValid($_POST['email'])) { array_push($msg, "Email address is not valid."); $t->assign('email', cleanFormData($_POST['email'])); } else { if (!updateField("email", $_POST['email'])) { array_push($msg, "Error trying to update email."); } } } if ($_POST['real_name'] != $userData['real_name']) { if (!real_nameValid($_POST['real_name'])) { array_push($msg, "Your real name is not valid."); } else { if (!updateField("real_name", $_POST['real_name'])) { array_push($msg, "Error trying to update your real name."); } } }
function checkSubmitValues() { // Errors to show if we find any $msg = array(); global $t; // reassign vars to user input in case we need to send them back to fix something. $t->assign('email', cleanFormData($_POST['email'])); $t->assign('user', cleanFormData($_POST['user'])); if (strlen($_POST['pass']) < 6) { array_push($msg, "Your password must be at least 6 characters."); } if (strlen($_POST['pass']) > 25) { array_push($msg, "Your password cannot be more than 25 characters."); } if ($_POST['pass'] != $_POST['pass2']) { array_push($msg, "Your retyped password did not match the first typed password."); } /* Spruce up username, check length */ if (strlen(stripslashes($_POST['user'])) > 40 || strlen(stripslashes($_POST['user'])) < 3) { array_push($msg, "Username must be between 3 and 40 characters."); } elseif (!preg_match('|^[a-zA-Z0-9-_]+$|i', $_POST['user'])) { array_push($msg, "Username can only contain letters, numbers, hyphens, and underscores"); } elseif (usernameTaken($_POST['user'])) { array_push($msg, "The username \"" . cleanFormData($_POST['user']) . "\"is already taken. Please pick another one."); } /* Check if email is valid */ if (!emailValid($_POST['email'])) { array_push($msg, "Email address is not valid."); } if (count($msg) <= 0) { /* Verify the captcha, but only if everything else is good */ $securimage = new Securimage(); if ($securimage->check($_POST['captcha_code']) == false) { array_push($msg, "The \"captcha\" text entered was incorrect.<br />Please try again."); } } if (count($msg) > 0) { $t->assign('messages', $msg); $t->assign('captchaHtml', Securimage::getCaptchaHtml()); $t->display('register.tpl'); die; } else { return true; } }
<?php /* Updates the title and description fields for a given set. Accepts POST data. $_POST['set_id'] -- The ID number of the set to be updated $_POST['setTitle'] -- The new set name $_POST['setDesc'] -- The new set description $_POST['policy'] -- The new set policy */ require_once "../../libs/env.php"; require_once "../../libs/utils.php"; $response = array("success" => false, "msg" => "Did not receive the right vars", "setTitle" => "", "setDesc" => "", "policy" => ""); // If the right POST params are not present, do nothing if (isset($_POST['setTitle']) && isset($_POST['setDesc']) && isset($_POST['set_id']) && isset($_POST['policy'])) { $_POST['setTitle'] = cleanFormData($_POST['setTitle']); $_POST['setDesc'] = cleanFormDataAllowHTML($_POST['setDesc']); if (!($_POST['policy'] == "public" || $_POST['policy'] == "private")) { $_POST['policy'] = "private"; } // Query DB $sql = "UPDATE sets SET description = " . $db->quote($_POST['setDesc'], 'text') . ", name = " . $db->quote($_POST['setTitle'], 'text') . ", policy = " . $db->quote($_POST['policy'], 'text') . " WHERE id = " . $db->quote($_POST['set_id'], 'integer') . " LIMIT 1"; $res =& $db->exec($sql); if (PEAR::isError($res)) { $response['success'] = false; $response['msg'] = "Error updating database."; } else { $response['success'] = true; $response['msg'] = "Set successfully updated."; $response['setTitle'] = $_POST['setTitle']; $response['setDesc'] = $_POST['setDesc'];
die; } $id = -1; $msg = array(); if (isset($_POST['submit'])) { /* Skip this, allowing form user to clear the item, and stop the function. if(empty($_POST['header']) || !strlen($_POST['header']) > 0){ array_push($msg, "You must enter a headline."); } if(empty($_POST['content']) || !strlen($_POST['content']) > 0){ array_push($msg, "You must enter a message."); } */ $header = cleanFormData($_POST['header']); $content = cleanFormData($_POST['content']); $t->assign('header', $header); $t->assign('content', $content); if (empty($_POST['id']) || $_POST['id'] < 0) { $q = "INSERT INTO newsContent(header, content) VALUES(\"{$header}\",\"{$content}\")"; } else { $id = $_POST['id']; $q = "UPDATE newsContent SET header=\"{$header}\", content=\"{$content}\" WHERE id={$id}"; } $res =& $db->query($q); if (PEAR::isError($res)) { array_push($msg, "Error saving news Item to database."); array_push($msg, "Query: " . $q); array_push($msg, "Error: " . $res->getMessage()); } else { array_push($msg, "News Item saved to database.");