function novopost() { requirelogin(); $video = protect($_POST['video']); $owner = $_SESSION['id']; mysql_query("INSERT INTO videos (`owner`, `video`) VALUES ('{$owner}', '{$video}');"); note(t("adicionou um novo vídeo"), $_SESSION['id']); infobox(t("Vídeo adicionado com sucesso!")); }
function createpost() { requirelogin(); $_POST = array_map('protect', $_POST); $title = is_null($_POST['title']) ? t("Sem título") : $_POST['title']; $text = nl2br($_POST['text']); $owner = $_SESSION['id']; $date = time(); mysql_query("INSERT INTO blog (`owner`, `title`, `text`, `date`)\n VALUES ('{$owner}', '{$title}', '{$text}', '{$date}');"); note(t("postou em seu blog."), $_SESSION['id']); redir("blog"); }
<?php require 'vendor/autoload.php'; $baseURI = "http://docent.cmi.hro.nl/bootb/restdemo/notes/"; $client = new GuzzleHttp\Client(); if (isset($_REQUEST["request"])) { $method = $_SERVER["REQUEST_METHOD"]; switch ($_REQUEST["request"]) { case "updateNote": $method = "PUT"; break; case "deleteNote": $method = "DELETE"; break; } note($client, $method, $baseURI, isset($_REQUEST["options"]) ? $_REQUEST["options"] : []); } function note($client, $method, $url, $options) { $response = $client->request($method, $url, $options); echo $response->getBody() == "" ? "{}" : $response->getBody(); }
function get_json($url) { note("Memory Usage: get_json: " . memory_get_usage() . "."); $ch = curl_init(); curl_setopt_array($ch, array(CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "")); curl_setopt($ch, CURLOPT_HTTPHEADER, array("application/json")); $json = curl_exec($ch); $err = ''; $errmsg = ''; $header = ''; $err = curl_errno($ch); $errmsg = curl_error($ch); $header = curl_getinfo($ch); curl_close($ch); if ($json != false) { return json_decode($json, TRUE); } else { $msg = "JSON return codes: err : {$err} errmsg : {$errmsg} header : "; if (!$header && $header != '') { $msg .= ": JSON header as follows:"; note($msg); print_r($header, TRUE); echo "\n"; } return FALSE; } }
echo '<li style="padding:5px;"> <a href="#Note&fid=' . $row['fid'] . '"> <div class="row text-center"> <h3>' . date("m/d/y g:i a", filemtime('uploads/' . $file)) . '</h3> <img style="max-width:225px; max-height:400px;" src="uploads/' . $row['name'] . '"> </div> </a> </li>'; $counter++; } if ($counter == 0) { echo "</ul></div><hr><center><font color='red'>We found no results.</font><hr>"; } elseif ($counter == 100) { echo "</ul></div><hr><center><font color='red'>Limited to 100 results... Be more specific.</font><center><hr>"; } } $toSearch = parameter('query'); ?> <center><h1> Results Found Matching: <?php echo $toSearch; ?> </h1></center> <div class="row text-center"> <ul class="small-block-grid-1 medium-block-grid-2 large-block-grid-3"> <?php note($toSearch); ?> </ul> </div>
pass note only or empty string if no note sent */ returnbike($sms->Number(), $args[1], $args[2], trim(urldecode($sms->Text())), TRUE); break; case "WHERE": case "WHO": validateReceivedSMS($sms->Number(), count($args), 2, _('with bike number:') . " WHERE 47"); where($sms->Number(), $args[1]); break; case "INFO": validateReceivedSMS($sms->Number(), count($args), 2, _('with stand name:') . " INFO RACKO"); info($sms->Number(), $args[1]); break; case "NOTE": validateReceivedSMS($sms->Number(), count($args), 2, _('with bike number/stand name and problem description:') . " NOTE 47 " . _('Flat tire on front wheel')); note($sms->Number(), $args[1], trim(urldecode($sms->Text()))); break; case "TAG": validateReceivedSMS($sms->Number(), count($args), 2, _('with stand name and problem description:') . " TAG MAINSQUARE " . _('vandalism')); tag($sms->Number(), $args[1], trim(urldecode($sms->Text()))); break; case "DELNOTE": validateReceivedSMS($sms->Number(), count($args), 1, _('with bike number and optional pattern. All messages or notes matching pattern will be deleted:') . " NOTE 47 wheel"); delnote($sms->Number(), $args[1], trim(urldecode($sms->Text()))); break; case "UNTAG": validateReceivedSMS($sms->Number(), count($args), 1, _('with stand name and optional pattern. All notes matching pattern will be deleted for all bikes on that stand:') . " UNTAG SAFKO1 pohoda"); untag($sms->Number(), $args[1], trim(urldecode($sms->Text()))); break; case "LIST": //checkUserPrivileges($sms->Number()); //allowed for all users as agreed
if (extension_loaded("zlib")) { note("zlib is installed"); } else { fatal("zlib is not installed"); } // check register_globals if (ini_get("register_globals")) { warn("<code>register_globals</code> is turned on. Please turn it off (in <code>php.ini</code> or by adding <code>php_flag register_globals Off</code> into the <VirtualHost> block in your Apache configuration file)."); } // check that various directories are writable foreach (array("log", "networks", "web/files", "web/cache", "web/sb-files") as $d) { $full_path = "{$path_prefix}/{$d}"; $test_fn = "{$full_path}/test_file.txt"; $f = @fopen($test_fn, "wt"); if ($f) { note("The <code>{$d}</code> directory is writable."); fclose($f); unlink($test_fn); } else { fatal("The <code>{$d}</code> directory does not appear to be writable. If you are on Linux, you can fix this with: <br><code>chmod a+w {$full_path}</code>"); } } // install root ?> </ul> <?php if ($is_fatal) { ?> <h2>Unable to set up PeopleAggregator</h2> <p class="error">Your server is not currently capable of running PeopleAggregator. Please fix any errors marked 'FATAL' above and try again.</p>
function sendpost() { requirelogin(); $owner = $_SESSION['id']; $_POST = array_map('protect', $_POST); $i = 0; $j = $_POST['len']; $album = $_POST['album']; while ($i <= $j) { $foto = imageupload($_FILES["foto{$i}"]); if ($foto) { mysql_query("INSERT INTO photos (`foto`, `owner`, `album`)\n VALUES ('{$foto['full']}', '{$owner}', '{$album}');"); } $i++; } note(t("adicionou fotos."), $_SESSION['id']); infobox(t("Fotos enviadas com sucesso!")); }
function createpost() { requirelogin(); $_POST = array_map('protect', $_POST); $owner = $_SESSION['id']; $title = $_POST['title']; $url = cleanstring($title); $desc = $_POST['desc']; $qry = mysql_query("SELECT `id` FROM groups WHERE `url`='{$url}'"); if (mysql_numrows($qry) == 1) { infobox(t("Um grupo com este nome já existe."), true, true); } mysql_query("INSERT INTO groups (`owner`, `title`, `url`, `desc`) VALUES ('{$owner}', '{$title}', '{$url}', '{$desc}');"); $group_id = resolvegroup($url); mysql_query("INSERT INTO groups_join (`account`, `group`) VALUES ('{$owner}', '{$group_id}');"); note(t("criou um grupo."), $_SESSION['id']); redir("groups/view/{$url}"); }
function install_peopleaggregator() { global $path_prefix; ?> <h2>Detecting URLs</h2> <ul> <?php // find base url (minus http:// suffix) if (!preg_match("|^(.*?)/config/index.php\$|", $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'], $m)) { dienow("Unable to find base URL"); } $base_url_bare = $m[1]; // make sure the base url is valid if (!can_get_peepagg_txt("http://{$base_url_bare}/peopleaggregator.txt")) { dienow("Unable to guess base URL - I think it should be http://{$base_url_bare}/ but that URL does not seem to work."); } note("Good: we can access the system at http://{$base_url_bare}/"); // try stripping off the first url part (i.e. www.asdf -> asdf) $base_url_suffix = preg_replace("|^[^\\.]+\\.(.*)\$|", "\$1", $base_url_bare); $allow_spawning = FALSE; // check if it doesn't have any dots (e.g. http://colinux/web/config/) // - i.e. not suitable for sharing cookies over domains. if ($base_url_suffix == $base_url_bare) { note("Apparently running on an internal web server - not possible to run multiple networks."); } else { if (preg_match("|^\\d+\\.\\d+\\.\\d+\\.\\d+|", $base_url_bare)) { note("Running with an IP address rather than a domain name - not possible to run multiple networks."); } else { if (can_get_peepagg_txt("http://{$base_url_suffix}/peopleaggregator.txt")) { note("It looks like it is also accessible at <code>http://{$base_url_suffix}/</code>; trying <code>{$base_url_suffix}</code> as the root URL."); } else { note("It is not accessible at <code>http://{$base_url_suffix}/</code>; trying <code>{$base_url_bare}</code> as the root URL."); $base_url_suffix = $base_url_bare; } if (can_get_peepagg_txt("http://some-random-domain.{$base_url_suffix}/peopleaggregator.txt")) { note("It looks like the server is set up to host <code>*.{$base_url_suffix}</code>, so network spawning is possible."); $allow_spawning = TRUE; } else { warn("Wildcard domains do not appear to be enabled (cannot access the root of this install at http://some_random_domain.{$base_url_suffix}/) so network spawning will be disabled."); } } } global $base_url, $domain_suffix; if ($allow_spawning) { $base_url = "http://%network_name%.{$base_url_suffix}"; } else { $base_url = "http://{$base_url_bare}"; } $domain_suffix = preg_replace("|/.*\$|", "", $base_url_suffix); // stash $base_url away as config.inc will modify it $base_url_config = $base_url; note("Base URL: <code>{$base_url}</code>" . ($domain_suffix ? "; domain suffix: <code>{$domain_suffix}</code>" : "")); ?> </ul> <h2>Configuration</h2> <?php $admin_password = get_default("admin_password", ""); $admin_password2 = get_default("admin_password2", ""); $mysql_server = get_default("mysql_server", "localhost"); $mysql_dbname = get_default("mysql_dbname", "peopleaggregator"); $mysql_username = get_default("mysql_username", "peopleaggregator"); $mysql_password = get_default("mysql_password", ""); $mysql_root_username = get_default("mysql_root_username", "root"); $mysql_root_password = get_default("mysql_root_password", ""); $home_network_config = str_replace("%network_name%", "www", $base_url) . "/config/"; ?> <form method="POST" action="<?php echo $home_network_config; ?> #check"> <div class="config"> <p>Some operations (upgrading, and content administration) require an administrator password for access. Please enter an administrator password here.</p> <div class="config_item"><label for="admin_password">Admin password</label> <input type="password" id="admin_password" name="admin_password" value="<?php echo $admin_password; ?> "><?php if (!$admin_password) { echo " ← must not be blank!"; } ?> </div> <div class="config_item"><label for="admin_password">Repeat admin password</label> <input type="password" id="admin_password2" name="admin_password2" value="<?php echo $admin_password2; ?> "><?php if (!$admin_password2) { echo " ← must not be blank!"; } else { if ($admin_password != $admin_password2) { echo " ← must be the same as above!"; } } ?> </div> <p>Enter your database details below.</p> <div class="config_item"><label for="mysql_server">MySQL server</label> <input type="text" name="mysql_server" value="<?php echo $mysql_server; ?> "></div> <div class="config_item"><label for="mysql_dbname">MySQL database name</label> <input type="text" name="mysql_dbname" value="<?php echo $mysql_dbname; ?> "></div> <div class="config_item"><label for="mysql_username">MySQL username</label> <input type="text" name="mysql_username" value="<?php echo $mysql_username; ?> "></div> <div class="config_item"><label for="mysql_password">MySQL password</label> <input type="password" name="mysql_password" value="<?php echo $mysql_password; ?> "><?php if (!$mysql_password) { echo " ← must not be blank!"; } ?> </div> <p>If the database has not been created yet, you can enter your database administrator ("root") login details here to have it created automatically:</p> <div class="config_item"><label for="mysql_root_username">Administrator username</label> <input type="text" name="mysql_root_username" value="<?php echo $mysql_root_username; ?> "></div> <div class="config_item"><label for="mysql_root_password">Administrator password</label> <input type="password" name="mysql_root_password" value="<?php echo $mysql_root_password; ?> "></div> <p><input type="submit" value="Set up PeopleAggregator"></p> </div> </form> <?php // only exec the rest after someone clicks 'setup' if (!$_POST) { exit; } // wrap install process in exception handler so we can roll back $rollback_cmds = array(); try { ?> <h2 id="check">Checking config details</h2> <ul> <?php if (!$admin_password) { focus_field("admin_password"); dienow("You must supply an admin password"); } if ($admin_password != $admin_password2) { focus_field("admin_password"); dienow("Both admin paswords must be the same"); } if (!$mysql_password) { focus_field("mysql_password"); dienow("You may not use a blank password for the MySQL connection"); } $user_link = @mysql_connect($mysql_server, $mysql_username, $mysql_password); if ($user_link) { note("Able to connect to the MySQL server at {$mysql_server} with supplied login details."); // make sure the DB isn't already populated if (!mysql_select_db($mysql_dbname, $user_link)) { note("Database does not exist or is inaccessible"); mysql_close($user_link); $user_link = FALSE; } else { $sth = run_query("SHOW TABLES", $user_link); if (mysql_num_rows($sth)) { throw new Installation_Failure("The database {$mysql_dbname} already contains data. Please wipe it out or recreate the database before installing PeopleAggregator. If PeopleAggregator is already installed here, you will have to create your local_config.php file manually."); } } } else { note("Unable to connect to the MySQL server using the supplied login details"); } if (!$user_link) { note("Trying administrator login..."); $admin_link = @mysql_connect($mysql_server, $mysql_root_username, $mysql_root_password); if (!$admin_link) { dienow("Unable to connect to the MySQL server with the supplied login details or as an administrator"); } note("Able to connect to the MySQL server with the supplied administrator login details - a new database will be created."); // make sure the db doesn't already exist if (mysql_select_db($mysql_dbname, $admin_link)) { throw new Installation_Failure("Database {$mysql_dbname} already exists"); } // create it $sql = "CREATE DATABASE " . db_esc($mysql_dbname); $rollback_cmds[] = array("sql", "DROP DATABASE " . db_esc($mysql_dbname), $admin_link); run_query($sql, $admin_link); // now grant permissions with successively looser hostnames until // we find one that lets the web server access the database. foreach (array("localhost", "localhost.localdomain", $_SERVER['SERVER_NAME'], gethostbyname($_SERVER['SERVER_NAME']), "%") as $server_host) { $sql = "GRANT ALL ON " . db_esc($mysql_dbname) . ".* TO " . db_esc($mysql_username) . "@" . db_esc($server_host) . " IDENTIFIED BY '" . mysql_real_escape_string($mysql_password) . "'"; run_query($sql, $admin_link); if (($user_link = mysql_connect($mysql_server, $mysql_username, $mysql_password)) && mysql_select_db($mysql_dbname, $user_link)) { note("Successfully logged in to new database using credentials from host {$server_host}"); break; } } if (!$user_link) { throw new Installation_Failure("Failed to grant access credentials that would allow the web server to access the database. Please try creating the database manually."); } } if (!$user_link) { throw new Installation_Failure("Something went wrong - we should have successfully connected to the DB by now"); } // set all local_config.php vars global $peepagg_dsn; $peepagg_dsn = "mysql://{$mysql_username}:{$mysql_password}@{$mysql_server}/{$mysql_dbname}"; $logger_logFile = "{$path_prefix}/log/pa.log"; $default_relation_id = 1; // now write out local_config.php $local_config_text = "<" . "?php\n\n// local_config.php: This file contains server-specific settings like\n// the database password, the base URL of this installation, and\n// debugging flags. Anything in default_config.php can be overridden\n// here.\n\n// If you want to change project-specific things like the site name,\n// you can use project_config.php.\n\n// Global defaults, which are shared by all other PeopleAggregator\n// installations, are in default_config.php.\n\n// Database details.\n\$peepagg_dsn = \"{$peepagg_dsn}\";\n\n// URL to the root of the server.\n\$base_url = \"{$base_url_config}\";\n\n// Parent domain part of the URL.\n\$domain_suffix = \"{$domain_suffix}\";\n"; if ($allow_spawning) { $local_config_text .= "\n// Network operation is enabled. To disable, set \$_PA->enable_networks\n// to FALSE. To disable network spawning without deactivating existing\n// networks, set \$_PA->enable_network_spawning to FALSE.\n"; } else { $local_config_text .= "\n// Network operation disabled as wildcard domains are not configured.\n// Comment out the following line to enable network creation (after\n// configuring wildcard DNS, etc).\n\$_PA->enable_networks = FALSE;\n"; } $local_config_text .= "\n// Path to log file (you may wish to change this to /var/log/somewhere/pa.log).\n\$logger_logFile = \"\$path_prefix/log/pa.log\";\n\n// Administration password\n\$admin_password = \"{$admin_password}\";\n\n// When a new user registers on the site, they will automatically be marked as a friend of the user with this ID.\n// (The default is 1, so everyone will be a friend of the first user.)\n\$default_relation_id = {$default_relation_id};\n\n?" . ">\n"; global $config_fn; note("Writing local_config.php"); $rollback_cmds[] = array("delete", $config_fn); if (!file_put_contents($config_fn, $local_config_text)) { throw new Installation_Failure("Unable to write {$config_fn}"); } // define LOCAL_CONFIG_OVERRIDE to tell config.inc to load our new // temporary local_config.php rather than look for it in the global // location define("LOCAL_CONFIG_LOCATION_OVERRIDE", $config_fn); // now set up databases note("Initializing database ... "); run_query_file(dirname(__FILE__) . "/../../db/PeepAgg.mysql", $user_link); note("Running database upgrade script and installing default module settings ... "); try { require_once dirname(__FILE__) . "/../update/run_scripts.php"; run_update_scripts(); } catch (Exception $e) { throw new Installation_Failure("Error updating database or installing default module settings: " . $e->getMessage()); } global $do_auto_update; if (!$do_auto_update) { note("Skipping auto-upgrade preparation as it is disabled for this installation."); } else { note("Preparing system for auto-upgradeability ... "); require_once "Subversion/PAStateStore.php"; try { $store = new Subversion_PAStateStore($path_prefix); $store->initialize(); note("Subversion update root: <code>" . $store->get_repository_root() . "</code>; path: <code>" . $store->get_repository_path() . "</code>; revision: " . $store->get_revision()); } catch (Exception $e) { throw new Installation_Failure("Error preparing auto-upgrade system: " . $e->getMessage()); } } ?> </ul> <h2>All done!</h2> <p class="good">Your database has been initialized and a <code>local_config.php</code> file has been written at <code><?php echo $config_fn; ?> </code>. To finish the installation, please move this file up into the parent of the 'web' directory, then <a href="../">click here</a>.</p> <p>The following command will do this on Linux/UNIX:</p> <p style="margin-left: 5em"><code>mv <?php echo realpath($config_fn); ?> <?php echo $path_prefix; ?> /</code></p> <?php //throw new Installation_Failure("foo"); } catch (Installation_Failure $e) { warn("Installation failed (" . $e->getMessage() . ") - undoing operations"); foreach (array_reverse($rollback_cmds) as $cmd) { switch ($cmd[0]) { case 'sql': list(, $sql, $link) = $cmd; note("DB query: {$sql}"); mysql_query($sql, $link); break; case 'delete': list(, $fn) = $cmd; note("Delete: {$fn}"); unlink($fn); break; default: warn("Unknown rollback command type: " . $cmd[0]); break; } } } }
function signuppost() { global $site_id, $site; captcha_init(); settitle("Cadastro"); $err = array(); $_POST = array_map('mysql_real_escape_string', $_POST); $_POST = array_map('htmlspecialchars', $_POST); if (is_null($_POST['login']) or is_null($_POST['senha'])) { $err[] = t("Falta preencher alguns campos."); } $login = $_POST['login']; $senha = md5($_POST['senha'] . $site_id); $senha2 = md5($_POST['senha2'] . $site_id); if ($senha != $senha2) { $err[] = t("A confirmação da senha está incorreta."); } if ($_POST['login'] === $_POST['senha']) { $err[] = t("Sua senha não pode ser o seu login."); } if ($_POST['login'] != cleanstring($_POST['login'])) { $err[] = t("Seu login é inválido. Ele pode conter apenas letras e números."); } $email = $_POST['email']; if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $err[] = t("E-mail inválido!"); } $nome = $_POST['nome']; $sexo = $_POST['sexo']; if ($sexo != 'm' or $sexo != 'f') { $sexo = 'o'; } $idade = @mktime(0, 0, 0, $_POST['mes'], $_POST['dia'], $_POST['ano']); if (!$idade) { $err[] = t("Data de nascimento inválida!"); } $campo = isset($_POST['campo']) ? $_POST['campo'] : '-'; $now = time(); if (!comparecaptcha($_POST['captcha'])) { $err[] = t("Código de segurança inválido!"); } $veremail = mysql_query("SELECT id FROM accounts WHERE email='{$email}'"); if (mysql_num_rows($veremail) != 0) { $err[] = t("O e-mail especificado já está registrado para outra conta no ") . $site['site_name'] . "."; } $verlogin = mysql_query("SELECT id FROM accounts WHERE login='******'"); if (mysql_num_rows($verlogin) != 0) { $err[] = t("Já existe um usuário registrado com este login."); } if (sizeof($err) != 0) { $erros = null; $i = 0; $j = count($err); while ($i <= $j) { $erros .= "\n<br>" . $err[$i]; $i++; } freesection(titlebar("Cadastro")); infobox(t("Houveram erros e o cadastro foi impossibilitado.") . "<br/>{$erros}<br><br><a href=\"#\" onClick=\"javascript:history.go(-1);\">" . t("Voltar") . "</a>"); } else { $num = mysql_fetch_array(mysql_query("SELECT count(*) AS num FROM accounts;")); $num = $num['num']; if ($num > 0) { $admin = 'n'; admail(t("Usuário registrado!"), t("Olá! Mais um usuário se registrou em seu website:") . $login); } else { $admin = 's'; } $qry = mysql_query("INSERT INTO accounts (`login`, `senha`, `email`, `nome`, `foto`, `registro`, `ultimo_login`, `admin`, `sexo`, `nascimento`, `sobre`, `campo`)\n VALUES('{$login}', '{$senha}', '{$email}', '{$nome}', 'default.jpg', '{$now}', '{$now}', '{$admin}', '{$sexo}', '{$idade}', 'Nenhum conteúdo, ainda.', '{$campo}');"); $getid = mysql_fetch_array(mysql_query("SELECT id FROM accounts WHERE login='******' AND senha='{$senha}'")); $getid = $getid['id']; setcookie("atempts", 0); $_SESSION['id'] = $getid; note(t("se registrou"), $getid); redir("account/modify"); } }