function fix_input_array($input_array)
{
$new_array = array();
foreach ($input_array as $input) {
if (strlen(trim($input)) == 0) {
continue;
} else {
$new_array[] = fix_string($input);
}
}
return $new_array;
}
function fix_input_assoc_array($input_array)
{
$new_array = array();
foreach ($input_array as $key => $value) {
if (strlen(trim($key)) == 0) {
continue;
}
if (strlen(trim($value)) == 0) {
continue;
} else {
$new_array[fix_string($key)] = fix_string($value);
}
}
return $new_array;
}
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<?php
require_once 'login.php';
require_once 'signup/validatephp.php';
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) {
mysql_error_message();
}
if (!mysql_select_db($db_database)) {
echo mysql_error();
}
$fail = "";
if (isset($_POST['username'])) {
$user = fix_string($_POST['username']);
$pass = fix_string($_POST['password']);
$fail .= validate_username($user);
$fail .= validate_password($pass);
if ($fail == "") {
$query = "SELECT * FROM user\r\nWHERE Username='******' AND Password='******' ";
$result = mysql_query($query);
$rows = mysql_num_rows($result);
if (!$rows) {
$fail = 'Wrong details!';
} else {
session_start();
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
die("You are now logged in. Please <a href= 'server1.php'>click here to continue</a>...");
}
}
}
<?php
session_start();
require_once '../file-includes.php';
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$info = array();
$info[] = fix_string($request->task);
$info[] = fix_string($request->importance);
$info[] = (string) date('d-m-Y');
$info[] = '-';
$userID = get_userID_session();
add_task($info, $userID);
<?php
function fix_string($a)
{
echo "Called @ " . xdebug_call_file() . ":" . xdebug_call_line() . " from " . xdebug_call_function();
}
$ret = fix_string(array('Derick'));
<?php
session_start();
require_once '../file-includes.php';
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$info = array();
$info[] = fix_string($request->title);
$info[] = fix_string($request->content);
$info[] = (string) date('d-m-Y');
$info[] = '-';
$userID = get_userID_session();
add_note($info, $userID);
<?php
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/sql_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/session_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/input.php";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$examID = fix_string($_POST['examID']);
$examCat = fix_string($_POST['examCat']);
delete_exam_contents($examID);
delete_exam($examID);
deincrement_exam($examCat);
} else {
go_home();
}
<?php
session_start();
require_once '../file-includes.php';
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$info = array();
$info[] = fix_string($request->name);
$info[] = fix_string($request->address);
$info[] = fix_string($request->number);
$info[] = fix_string($request->email);
$userID = get_userID_session();
add_contact($info, $userID);
$adduser = new myProject();
$status = $adduser->addUser($_POST);
if($status === true) {
//everything worked
} else {
echo "Errors occurred: $status";
}*/
// Start with the PHP code
$projectName = $description = "";
if (isset($_POST['pname2'])) {
$projectName = fix_string($_POST['pname2']);
}
if (isset($_POST['desc2'])) {
$description = fix_string($_POST['desc2']);
}
// This is where you would enter the posted fields into a database,
// preferably using hash encryption for the password.
require_once 'session.php';
require_once 'login.php';
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
if ($connection->connect_error) {
die($connection->connect_error);
}
$projectID = $_SESSION['selected_category'];
$query = "UPDATE projects SET projectname='{$projectName}',description ='{$description}' WHERE id = {$projectID}";
$result = $connection->query($query);
$query2 = "UPDATE users_assigned SET projectname='{$projectName}',projectdescription ='{$description}' WHERE projectsID = {$projectID}";
$result2 = $connection->query($query2);
echo "<a href='../projectpage.php?category={$projectID}'>Update Complete. Click To return!</a>";
<?php
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/sql_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/session_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/input.php";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = fix_string($_POST['username']);
$password = encrypt_password(fix_string($_POST['password']));
$msg = "";
$conn = get_conn();
if (user_exists($conn, $username, $password)) {
log_in($username);
$msg = '<script>location.href = \'//localhost/exam-simulator/public/index.php\'</script>';
} else {
$msg .= "<li>The provided information is incorrect.</li>";
}
$conn->close();
echo $msg;
} else {
go_home();
}
$to_temp = mysql_entities_fix_string($connection, $total_pages);
if (isset($_POST['entry_id'])) {
$ei_temp = mysql_entities_fix_string($connection, $_POST['entry_id']);
$query = "UPDATE movies SET title='{$ti_temp}', author='{$di_temp}', total_pages='{$ye_temp}',\n imdb_rating='{$im_temp}', rating='{$ra_temp}', date='{$da_temp}'\n WHERE user_id='{$user_id}' AND entry_id='{$ei_temp}'";
} else {
$query = "INSERT INTO user_books(title, author, total_pages, user_id)\n VALUES('{$ti_temp}', '{$au_temp}', '{$to_temp}', '{$user_id}')";
}
$result = $connection->query($query);
if (!$result) {
die($connection->error);
}
header('Location: books.php');
}
}
if (isset($_GET['entry_id'])) {
$entry_id = fix_string($_GET['entry_id']);
$entry_id = mysql_entities_fix_string($connection, $entry_id);
$query = "SELECT * FROM movies WHERE entry_id='{$entry_id}' AND user_id='{$user_id}'";
$result = $connection->query($query);
if (!$result) {
die($connection->error);
} elseif ($result->num_rows) {
$row = $result->fetch_array(MYSQLI_ASSOC);
$title = html_entity_decode($row['title']);
$author = html_entity_decode($row['author']);
$total_pages = html_entity_decode($row['total_pages']);
$imdb_rating = html_entity_decode($row['imdb_rating']);
$rating = html_entity_decode($row['rating']);
$date = html_entity_decode($row['date']);
$submit_string = 'Edit entry';
$entry_input = "<input type='hidden' name='entry_id' value='" . $row['entry_id'] . "'>";
<?php
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/sql_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/session_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/input.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/templates.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/classes/exam.php";
if (logged_in() && isset($_GET['catID']) && isset($_GET['examName']) && isset($_GET['examID'])) {
$catID = fix_string($_GET['catID']);
$examName = fix_string($_GET['examName']);
$examID = fix_string($_GET['examID']);
if (!category_exists($catID)) {
go_home();
}
if (!exam_exists($examID, $examName)) {
go_home();
}
$get_script = "\$.getScript('javascript/take_exam.js');";
$exam = new Exam($catID, $examName, $examID);
$content = $exam->get_form();
get_main_template($content, $get_script);
} else {
go_home();
}
<?php
session_start();
require_once '../file-includes.php';
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$taskID = fix_string($request->id);
$userID = get_userID_session();
tick_task($taskID, $userID);
<?php
session_start();
require_once "../file-includes.php";
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$note_id = fix_string($request->noteID);
$userID = (int) get_userID_session();
delete_note($note_id, $userID);
if (isset($_POST['question_keyword_answer_id']) && isset($_POST['keyword_answers'])) {
$question_keyword_answer_id = fix_input_array($_POST['question_keyword_answer_id']);
$keyword_answers = fix_input_array($_POST['keyword_answers']);
if (count($keyword_answers) > 0) {
for ($i = 0; $i < count($question_keyword_answer_id); $i++) {
$keyword_answers[$i] = preg_replace("/[^A-Za-z0-9 ]/", '', $keyword_answers[$i]);
// remove non alphanumeric characters
$keyword_answers[$i] = strtoupper($keyword_answers[$i]);
$kwID_answer[$question_keyword_answer_id[$i]] = array_unique(explode(' ', $keyword_answers[$i]));
$kwID_answer[$question_keyword_answer_id[$i]] = array_values($kwID_answer[$question_keyword_answer_id[$i]]);
}
}
}
if (isset($_POST['num_of_questions']) && isset($_POST['num_of_correct_answers']) && isset($_POST['questionID_order'])) {
$num_of_questions = fix_string($_POST['num_of_questions']);
$num_of_correct_answers = fix_string($_POST['num_of_correct_answers']);
$questionID_order = fix_string($_POST['questionID_order']);
$questionID_order = explode(',', $questionID_order);
}
$marked = new MarkedExam($saID_answer, $multID_answerID, $kwID_answer);
$marked->set_question_amount($num_of_questions);
$marked->set_correct_answer_amount($num_of_correct_answers);
$marked->set_questionID_order($questionID_order);
$marked->set_connection(get_conn());
$marked->generate_html();
$get_script = "\$.getScript('javascript/taken_exam.js');";
$content = $marked->get();
get_main_template($content, $get_script);
} else {
go_home();
}
$UN_fail = $PW_fail = $EM_fail = $KEY_fail = "";
$red_border = array("pw" => "", "un" => "", "key" => "", "em" => "");
$un_val = $key_val = $em_val = "";
if (isset($_POST['username'])) {
$username = fix_string($_POST['username']);
$un_val = $username;
}
if (isset($_POST['password'])) {
$password = fix_string($_POST['password']);
}
if (isset($_POST['email'])) {
$email = fix_string($_POST['email']);
$em_val = $email;
}
if (isset($_POST['key'])) {
$key = fix_string($_POST['key']);
$key_val = $key;
}
if (isset($_POST['submit'])) {
$fail = validate_username($username);
$fail .= validate_password($password);
$fail .= validate_email($email);
$fail .= validate_key($key);
if ($fail == "" && isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']) && isset($_POST['key'])) {
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
$un_temp = mysql_entities_fix_string($connection, $_POST['username']);
$pw_temp = mysql_entities_fix_string($connection, $_POST['password']);
$em_temp = mysql_entities_fix_string($connection, $_POST['email']);
$key_temp = mysql_entities_fix_string($connection, $_POST['key']);
$query = "SELECT * FROM users WHERE username='******'";
$query2 = "SELECT * FROM users WHERE email='{$em_temp}'";
<?php
session_start();
// edit the selected todo task
require_once '../file-includes.php';
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$userID = get_userID_session();
$taskID = fix_string($request->taskID);
$last_edit = (string) date('d-m-Y');
$task = fix_string($request->task);
edit_task($task, $last_edit, $taskID, $userID);
<?php
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/sql_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/session_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/input.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/templates.php";
if (logged_in() && isset($_GET['questionName']) && isset($_GET['examID']) && isset($_GET['examCat']) && isset($_GET['questionID']) && isset($_GET['examName']) && isset($_GET['questionType'])) {
$examCat = fix_string($_GET['examCat']);
$examName = fix_string($_GET['examName']);
$examID = fix_string($_GET['examID']);
$questionName = fix_string($_GET['questionName']);
$questionID = fix_string($_GET['questionID']);
$questionType = fix_string($_GET['questionType']);
if (!exam_exists($examID, $examName) || !question_exists($questionID, $examID) || !category_exists($examCat)) {
go_home();
}
$get_script = "\$.getScript('javascript/question_edit.js');";
$content = get_question_content($examID, $examName, $examCat, $questionID, $questionName, $questionType);
get_main_template($content, $get_script);
} else {
go_home();
}
<?php
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/sql_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/session_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/input.php";
if (logged_in()) {
log_out();
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = fix_string($_POST['new_username']);
$password = fix_string($_POST['new_password']);
$msg = "";
if (!username_valid($username)) {
$msg .= "<li>The username provided is not valid</li>";
}
if (!password_valid($password)) {
$msg .= "<li>The password provided is not valid</li>";
}
$conn = get_conn();
$password = encrypt_password($password);
if (username_available($conn, $username) && $msg == "") {
new_user($conn, $username, $password);
log_in($username);
$msg = '<script>location.href = \'//localhost/exam-simulator/public/index.php\'</script>';
} else {
$msg .= "<li>The username already exists.</li>";
}
$conn->close();
echo $msg;
} else {
<?php
session_start();
// delete the task from todo page
require_once "../file-includes.php";
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$task_id = fix_string($request->taskID);
$userID = (int) get_userID_session();
delete_task($task_id, $userID);
<?php
// tests if a user exists
require_once "../file-includes.php";
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$password = fix_string($request->password);
$username = fix_string($request->username);
if (password_correct($username, $password)) {
echo "true";
} else {
echo "false";
}
<?php
// create a new poll question
// JavaScript needed to generate the number of answers
// however php will still check that the fields are valid
// check that - user is logged in - that inputs are valid
session_start();
require_once "../functions/sql_functions.php";
require_once "../functions/session_functions.php";
require_once "../functions/input.php";
require_once "../classes/poll.php";
require_once "../classes/question_file.php";
require_once "../classes/question_insert.php";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && logged_in()) {
$question = fix_string($_POST['question']);
$answers = fix_input_array($_POST['answer']);
$categories = fix_input_array($_POST['categories']);
arraytoupper($categories);
// ensure that all strings in array are uppercase to avoid unnessasary duplicates
$user = $_SESSION['user'];
if (!question_valid($question) && !input_array_valid($answers) && !input_array_valid($categories)) {
go_home();
}
// failed to create new question
$conn = get_conn();
$poll_question = new Poll($conn);
$poll_question->set_question($question);
$poll_question->set_categories($categories);
$poll_question->set_answers($answers);
$poll_question->set_user($user);
$result = $poll_question->save();
<?php
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/sql_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/session_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/input.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/templates.php";
if (logged_in() && isset($_GET['examName']) && isset($_GET['examID']) && isset($_GET['examCat'])) {
$examCat = fix_string($_GET['examCat']);
$examID = fix_string($_GET['examID']);
$examName = fix_string($_GET['examName']);
if (!exam_exists($examID, $examName) || !category_exists($examCat)) {
// checks if user has selected a real exam and category
go_home();
}
$get_script = "\$.getScript('javascript/single_exam_edit.js');";
$content = get_exam_content($examID, $examName, $examCat);
get_main_template($content, $get_script);
} else {
go_home();
}
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/input.php";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$examID = fix_string($_POST['examID']);
$question = fix_string($_POST['question']);
$question_type = fix_string($_POST['questionType']);
$questionID = fix_string($_POST['questionID']);
edit_question($examID, $question, $questionID);
switch ($question_type) {
case 'mult_answers':
$json_assoc_array = json_decode($_POST['answers']);
$mult_answers = fix_input_assoc_array($json_assoc_array);
// assoc array e.g {answer : 'true'}
delete_answers($questionID, $question_type);
create_multiple_choice_answers($questionID, $mult_answers);
break;
case 'single_answers':
$answer = fix_string($_POST['answer']);
delete_answers($questionID, $question_type);
create_single_answer($answer, $questionID);
break;
case 'keyword_answers':
$keywords = json_decode($_POST['answers']);
$keywords = fix_input_array($keywords);
remove_non_alphanumeric($keywords);
delete_answers($questionID, $question_type);
create_keyword_answers($questionID, $keywords);
break;
}
} else {
go_home();
}
<?php
session_start();
require_once '../file-includes.php';
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$info = array();
$info[] = fix_string($request->name);
$info[] = fix_string($request->address);
$info[] = fix_string($request->number);
$info[] = fix_string($request->email);
$info[] = fix_string($request->contactID);
$out_put = array();
$userID = get_userID_session();
edit_contact($info, $userID);
<?php
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/sql_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/session_functions.php";
require_once $_SERVER['DOCUMENT_ROOT'] . "/exam-simulator/private/functions/input.php";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$catID = fix_string($_POST['catID']);
delete_category_content($catID);
delete_category($catID);
} else {
go_home();
}
<?php
session_start();
require_once "../file-includes.php";
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$contact_id = fix_string($request->contactID);
$userID = (int) get_userID_session();
delete_contact($contact_id, $userID);
<?php
require_once 'private/check_login.php';
require_once 'private/sqldetails.php';
require_once 'private/mysql_fix_string.php';
$fail_msg = '';
if (isset($_POST['submit']) && isset($_POST['title'])) {
$target_dir = 'uploads/';
$uploadOK = 1;
$target_file = $target_dir . basename($_FILES['fileToUpload']['name']);
$imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));
$check = getimagesize($_FILES['fileToUpload']['tmp_name']);
$check !== false ? $uploadOK = 1 : ($uploadOK = 0);
$title = fix_string($_POST['title']);
validate_title($title) == '' ? $uploadOK = 1 : ($uploadOK = 0);
$target_file = hash('ripemd128', $_FILES['fileToUpload']['tmp_name']) . "." . $imageFileType;
$target_path = $target_dir . $target_file;
if (file_exists($target_path)) {
$uploadOK = 0;
$fail_msg = 'Already exists.';
}
if ($_FILES['fileToUpload']['size'] > 10000000) {
$uploadOK = 0;
$fail_msg = 'Too big.';
}
if ($imageFileType != 'jpg' && $imageFileType != 'png' && $imageFileType != 'jpeg') {
$uploadOK = 0;
$fail_msg = 'Not jpg, png or jpeg.';
}
if ($uploadOK == 0) {
} else {
$forename = fix_string($_POST['forename']);
}
if (isset($_POST['surname'])) {
$surname = fix_string($_POST['surname']);
}
if (isset($_POST['username'])) {
$username = fix_string($_POST['username']);
}
if (isset($_POST['password'])) {
$password = fix_string($_POST['password']);
}
if (isset($_POST['age'])) {
$age = fix_string($_POST['age']);
}
if (isset($_POST['email'])) {
$email = fix_string($_POST['email']);
}
$fail = validate_forename($forename);
$fail .= validate_surname($surname);
$fail .= validate_username($username);
$fail .= validate_password($password);
$fail .= validate_age($age);
$fail .= validate_email($email);
echo "<!DOCTYPE html>\n<html><head><title>An Example Form</title>";
if ($fail == "") {
echo "</head><body>Form data successfully validated:\n {$forename}, {$surname}, {$username}, {$password}, {$age}, {$email}.</body></html>";
// This is where you would enter the posted fields into a database,
// preferably using hash encryption for the password.
exit;
}
echo <<<_END
<?php
// this page can only be accessed by admins
session_start();
require_once "../functions/sql_functions.php";
require_once "../functions/session_functions.php";
require_once "../functions/input.php";
if ($_SERVER['REQUEST_METHOD'] == 'POST' && logged_in() && is_admin()) {
$question_id = fix_string($_POST['poll_id']);
// delete the question from database
$conn = get_conn();
$query = "select category from question_category where question_id={$question_id}";
$result = $conn->query($query);
if (!$conn->query($query)) {
die(__LINE__ . " " . $conn->error);
}
$rows = $result->num_rows;
for ($i = 0; $i < $rows; $i++) {
$result->data_seek($i);
$row = $result->fetch_array(MYSQLI_ASSOC);
$query = "update categories set occurrences=occurrences-1 where category=\"{$row['category']}\"";
if (!$conn->query($query)) {
die(__LINE__ . " " . $conn->error);
}
}
$query = "delete from questions where id={$question_id}";
if (!$conn->query($query)) {
die(__LINE__ . " " . $conn->error);
}
$query = "delete from question_asked_by where question_id={$question_id}";
if (!$conn->query($query)) {
