$con = mysqli_connect("{$host}", "{$user}", "{$pass}", "{$name}"); $name = $_POST['sname']; $address = $_POST['address']; $place = $_POST['place']; $city = $_POST['city']; $phone = $_POST['phone']; $web = $_POST['website']; $email = $_POST['email']; $pin = $_POST['pin']; $db->query("UPDATE store_details SET pin='" . $pin . "',city='" . $city . "',name='" . $name . "',email='" . $email . "',web='" . $web . "',address='" . $address . "',place='" . $place . "',phone='" . $phone . "' "); // $sql="INSERT INTO `store_details` (`name`, `address`, `place`, `city`, `phone`, `email`, `web`, `pin`) VALUES //('".$_POST['sname']."', '".$_POST['address']."', '".$_POST['place']."', '".$_POST['city']."', '".$_POST['phone']."', '".$_POST['email']."', '".$_POST['website']."', '".$_POST['pin']."')"; // Execute query // header("Location: index.php"); include_once "safe_redirect.php"; safeRedirect("index.php"); } ?> <!-- MAIN CONTENT --> <div id="content"> <form action="" method="POST" id="login-form" class="cmxform" autocomplete="off"> <table><tr><td> <p> <label>Store Name</label> <input type="text" name="sname" id="name" class="round full-width-input" placeholder="Enter Store Name" autofocus /> </p></td> <td> <p>
/** * Redirect to the url specified by the discussion. * @param array|object $Discussion */ protected function redirectDiscussion($Discussion) { $Body = Gdn_Format::to(val('Body', $Discussion), val('Format', $Discussion)); if (preg_match('`href="([^"]+)"`i', $Body, $Matches)) { $Url = $Matches[1]; safeRedirect($Url, 301); } }
/** * Method for plugins that want a friendly /sso method to hook into. * * @param RootController $Sender * @param string $Target The url to redirect to after sso. */ public function rootController_sso_create($Sender, $Target = '') { if (!$Target) { $Target = $Sender->Request->get('redirect'); if (!$Target) { $Target = '/'; } } // Get the default authentication provider. $DefaultProvider = Gdn_AuthenticationProviderModel::getDefault(); $Sender->EventArguments['Target'] = $Target; $Sender->EventArguments['DefaultProvider'] = $DefaultProvider; $Handled = false; $Sender->EventArguments['Handled'] =& $Handled; $Sender->fireEvent('SSO'); // If an event handler didn't handle the signin then just redirect to the target. if (!$Handled) { safeRedirect($Target, 302); } }
/** * Attach an addon to a discussion. * * @param null $DiscussionID Discussion for addon attachment. * @throws Gdn_UserException Discussion not found. */ public function attachToDiscussion($DiscussionID = null) { $this->permission('Addons.Addon.Manage'); $DiscussionModel = new DiscussionModel(); $Discussion = $DiscussionModel->getID($DiscussionID); if ($Discussion) { $Addon = $this->AddonModel->getID($Discussion->AddonID); $this->Form->setData($Addon); $RedirectUrl = 'discussion/' . $Discussion->DiscussionID; } else { throw notFoundException('Discussion'); } if ($this->Form->authenticatedPostBack()) { // Look up for an existing addon $FormValues = $this->Form->formValues(); $Addon = false; if (val('Name', $FormValues, false)) { $Addon = $this->AddonModel->getWhere(array('a.Name' => $FormValues['Name']))->firstRow(DATASET_TYPE_ARRAY); } if ($Addon == false && val('AddonID', $FormValues, false)) { $Addon = $this->AddonModel->getID($FormValues['AddonID']); } if ($Addon == false) { $this->Form->addError(t('Unable to find addon via Name or ID')); } if ($this->Form->errorCount() == 0) { $DiscussionModel->setField($DiscussionID, 'AddonID', $Addon['AddonID']); if ($this->deliveryType() === DELIVERY_TYPE_ALL) { safeRedirect($RedirectUrl ?: 'addon/' . $Addon['AddonID']); } else { $this->informMessage(t('Successfully updated Attached Addon!')); $this->jsonTarget('.Warning.AddonAttachment', null, 'Remove'); $this->jsonTarget('.ItemDiscussion .Message', renderDiscussionAddonWarning($Addon['AddonID'], $Addon['Name'], $Discussion->DiscussionID), 'Prepend'); $this->jsonTarget('a.AttachAddonDiscussion.Popup', t('Edit Addon Attachment...'), 'Text'); } } } $this->render('attach'); }
/** * Allow user to set their preferred locale via link-click. */ public function profileController_setLocale_create($Sender, $locale, $TK) { if (!Gdn::Session()->UserID) { throw PermissionException('Garden.SignIn.Allow'); } // Check intent. if (!Gdn::Session()->ValidateTransientKey($TK)) { safeRedirect($_SERVER['HTTP_REFERER']); } // If we got a valid locale, save their preference if (isset($locale)) { $locale = $this->validateLocale($locale); if ($locale) { $this->SetUserMeta(Gdn::Session()->UserID, 'Locale', $locale); } } $successRedirect = $_SERVER['HTTP_REFERER']; $target = gdn::request()->get('Target'); if ($target) { $successRedirect = $target; } // Back from whence we came. safeRedirect($successRedirect); }
/** * Run a structure update on the database. * * It should always be possible to call this method, even if no database tables exist yet. * A working forum database should be built from scratch where none exists. Therefore, * it can have no reliance on existing data calls, or they must be able to fail gracefully. * * @since 2.0.? * @access public */ public function update() { // Check for permission or flood control. // These settings are loaded/saved to the database because we don't want the config file storing non/config information. $Now = time(); $LastTime = 0; $Count = 0; try { $LastTime = Gdn::get('Garden.Update.LastTimestamp', 0); } catch (Exception $Ex) { // We don't have a GDN_UserMeta table yet. Sit quietly and one will appear. } if ($LastTime + 60 * 60 * 24 > $Now) { // Check for flood control. try { $Count = Gdn::get('Garden.Update.Count', 0) + 1; } catch (Exception $Ex) { // Once more we sit, watching the breath. } if ($Count > 5) { if (!Gdn::session()->checkPermission('Garden.Settings.Manage')) { // We are only allowing an update of 5 times every 24 hours. throw permissionException(); } } } else { $Count = 1; } try { Gdn::set('Garden.Update.LastTimestamp', $Now); Gdn::set('Garden.Update.Count', $Count); } catch (Exception $Ex) { // What is a GDN_UserMeta table, really? Suffering. } try { // Run the structure. $UpdateModel = new UpdateModel(); $UpdateModel->runStructure(); $this->setData('Success', true); } catch (Exception $Ex) { $this->setData('Success', false); $this->setData('Error', $Ex->getMessage()); if (Debug()) { throw $Ex; } } if (Gdn::session()->checkPermission('Garden.Settings.Manage')) { saveToConfig('Garden.Version', APPLICATION_VERSION); } if ($Target = $this->Request->get('Target')) { safeRedirect($Target); } $this->fireEvent('AfterUpdate'); $this->MasterView = 'empty'; $this->CssClass = 'Home'; $this->render(); }
`entry_id`) VALUES ('{$evaluator}', {$rating}, '{$contestantComments}', '{$committeeComments}', {$entryid}) SQL; if (!($result = $db->query($sqlInsert))) { dbFatalError($db->error, $login_name . " -data insert issue- " . $sqlInsert); exit($user_err_message); } else { $db->close(); unset($_POST['evaluate']); $evaluator = $rating = $evalComment = $entryid = null; safeRedirect('evallist.php#' . $panelid); exit; } } $entryid = $db->real_escape_string(htmlspecialchars($_GET["evid"])); $panelid = $db->real_escape_string(htmlspecialchars($_GET["panel"])); $sqlSelect = <<<SQL SELECT EntryId, title, document, penName, manuscriptType, contestName, contestsID, datesubmitted FROM vw_entrydetail_with_classlevel_currated
/** * After sign in, send them along. * * @since 2.0.0 * @access protected * * @param bool $CheckPopup */ protected function _setRedirect($CheckPopup = false) { $Url = url($this->redirectTo(), true); $this->RedirectUrl = $Url; $this->MasterView = 'popup'; $this->View = 'redirect'; if ($this->_RealDeliveryType != DELIVERY_TYPE_ALL && $this->deliveryType() != DELIVERY_TYPE_ALL) { $this->deliveryMethod(DELIVERY_METHOD_JSON); $this->setHeader('Content-Type', 'application/json; charset=utf-8'); } elseif ($CheckPopup || $this->data('CheckPopup')) { $this->addDefinition('CheckPopup', true); } else { safeRedirect(url($this->RedirectUrl)); } }
/** * Find the requested plugin and redirect to it. * * @param string $PluginName */ public function find($PluginName = '') { $Data = $this->Database->sql()->select('AddonID, Name')->from('Addon')->where('Name', $PluginName)->get()->firstRow(); if ($Data) { safeRedirect('/addon/' . $Data->AddonID . '/' . Gdn_Format::url($Data->Name)); } else { safeRedirect('/addon/notfound/'); } }
if (isset($_POST['submit']) and isset($_POST['uname']) and isset($_POST['password']) and isset($_POST['answer'])) { $host = $_SESSION['host']; $user = $_SESSION['user']; $pass = $_SESSION['pass']; $name = $_SESSION['db_name']; $con = mysqli_connect("{$host}", "{$user}", "{$pass}", "{$name}"); $uname = $_POST['uname']; $password = $_POST['password']; $answer = $_POST['answer']; $db->query("UPDATE stock_user SET username ='******',password='******',answer='" . $answer . "'"); $httphost = $_SERVER['HTTP_HOST']; $httpuri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); // header("Location: $redirecturl"); include_once "safe_redirect.php"; $redirecturl = "http://{$httphost}{$httpuri}/next_store_details.php"; safeRedirect($redirecturl); } else { ?> <!-- MAIN CONTENT --> <div id="content"> <form action="" method="POST" id="login-form" class="cmxform" autocomplete="off"> <fieldset> <p> <label>UserName</label> <input type="text" name="uname" id="uname" class="round full-width-input" placeholder="Enter User Name" autofocus /> </p> <p> <label>Password</label>
db_fatal_error("{Prepare failed", "( " . $db->errno . " )" . $db->error, "EMPTY", $login_name); exit($user_err_message); } if (!$stmt->bind_param('issss', $contestsID, $contestOpen, $contestClose, $contestNotes, $login_name)) { db_fatal_error("Bind parameters failed", "( " . $stmt->errno . " )" . $stmt->error, "EMPTY", $login_name); exit($user_err_message); } if (isset($_POST['insertContest'])) { $contestsID = $db->real_escape_string(htmlspecialchars($_POST['contestID'])); $contestNotes = $db->real_escape_string(htmlspecialchars($_POST['notes'])); $contestOpen = date("Y-m-d H:i:s", strtotime($_POST['openDate'])); $contestClose = date("Y-m-d H:i:s", strtotime($_POST['closeDate'])); if ($stmt->execute()) { $_SESSION['flashMessage'] = "Successfully added new contest"; $_POST['insertContest'] = false; safeRedirect('contestAdmin.php'); } else { db_fatal_error("Execute failed", "( " . $stmt->errno . " )" . $stmt->error, "EMPTY", $login_name); exit($user_err_message); } } else { $contestsID = $contestNotes = $contestOpen = $contestClose = null; $_SESSION['flashMessage'] = ""; $_POST['insertContest'] = false; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>LSA-<?php
/** * Default profile page. * * If current user's profile, get notifications. Otherwise show their activity (if available) or discussions. * * @since 2.0.0 * @access public * @param mixed $User Unique identifier, possible ID or username. * @param string $Username . * @param int $UserID Unique ID. */ public function index($User = '', $Username = '', $UserID = '', $Page = false) { $this->editMode(false); $this->getUserInfo($User, $Username, $UserID); if ($this->User->Admin == 2 && $this->Head) { // Don't index internal accounts. This is in part to prevent vendors from getting endless Google alerts. $this->Head->addTag('meta', array('name' => 'robots', 'content' => 'noindex')); $this->Head->addTag('meta', array('name' => 'googlebot', 'content' => 'noindex')); } if (c('Garden.Profile.ShowActivities', true)) { return $this->activity($User, $Username, $UserID, $Page); } else { safeRedirect(userUrl($this->User, '', 'discussions')); } }
if (isset($_POST['host']) and isset($_POST['username']) and $_POST['host'] != "" and $_POST['username'] != "" or isset($_SESSION['host']) and isset($_SESSION['user'])) { if (isset($_SESSION['host'])) { $host = $_SESSION['host']; $user = $_SESSION['user']; $pass = $_SESSION['pass']; } elseif (isset($_POST['host'])) { $host = trim($_POST['host']); $user = trim($_POST['username']); $pass = trim($_POST['password']); } $link = mysql_connect("{$host}", "{$user}", "{$pass}"); if (!$link) { $data = "Database Configuration is Not vaild"; // header("Location: install.php?msg=$data"); include_once "safe_redirect.php"; safeRedirect("install.php?msg={$data}"); exit; } ?> <form action="setup_page.php" method="POST" id="login-form" class="cmxform" autocomplete="off"> <fieldset > <p> <?php if (isset($_REQUEST['msg'])) { $msg = $_REQUEST['msg']; echo "<p style=color:red>{$msg}</p>"; } ?> </p>