function applyForTeamForm_submit($form, $form_state) { global $user; $name = $form_state['values']['personName']; $email = $form_state['values']['email']; $teamName = dbGetTeamName($form_state['TID']); $note = $form_state['values']['message']; // fill in the fields of the application $application['UID'] = $user->uid; $application['TID'] = $form_state['TID']; $application['userEmail'] = stripTags($email, ''); // do not allow tags $application['userMessage'] = stripTags($note); // allow some tags // add a notification for the team owner and admins if (dbApplyForTeam($application)) { // note that this does its own error checking $notification['dateCreated'] = dbDatePHP2SQL(time()); $notification['dateTargeted'] = dbDatePHP2SQL(time()); $notification['TID'] = $form_state['TID']; $notification['message'] = "{$name} has applied to join your team {$teamName}."; $notification['bttnTitle'] = 'View'; $notification['bttnLink'] = '?q=viewUsersToBeApproved&TID=' . $form_state['TID']; notifyUsersByRole($notification, 'teamOwner'); notifyUsersByRole($notification, 'teamAdmin'); drupal_set_message('Your application has been sent! You will receive an email when you have been approved for the team.'); drupal_goto('manageUserTeams'); } }
function notificationForm_submit($form, $form_state) { global $user; $params = drupal_get_query_parameters(); $OID = $params['OID']; // generate the notification $notification = getFields(array('dateTargeted', 'message'), $form_state['values']); $notification = stripTags($notification); // allow some tags $notification['dateTargeted'] = dbDatePHP2SQL(strtotime($notification['dateTargeted'])); $notification['bttnTitle'] = 'View Outreach'; $notification['bttnLink'] = '?q=viewOutreach&OID=' . $OID; $notification['OID'] = $OID; $notification['TID'] = dbGetTeamForOutreach($OID); $notification['dateCreated'] = dbDatePHP2SQL(time()); foreach ($form_state['values']['UID'] as $UID) { if ($UID != null) { $notification['UID'] = $UID; $result = dbAddNotification($notification); } } if ($result) { drupal_set_message('Notification added!'); drupal_goto('manageNotifications', array('query' => array('OID' => $OID))); } else { drupal_set_message('There was an error.', 'error'); } }
function deleteUserPage_submit($form, $form_state) { global $user; $UID = $user->uid; $teams = dbGetTeamsForUser($UID); // getting teams that are associated with a user foreach ($teams as $team) { // looping through these teams dbKickUserFromTeam($UID, $team['TID']); // removing the user from these teams dbRemoveAllUserRoles($UID, $team['TID']); // ensuring the user doesn't have any role on the team } dbRemoveAllEmailsForUser($UID); dbDisableUser($UID); $params['feedback'] = stripTags($form_state['values']['misc'], ''); // stripping any "illegal" HTML tags $params['userName'] = dbGetUserName($UID); // getting the user name drupal_mail('users', 'userdeleted', '*****@*****.**', variable_get('language_default'), $params, $from = null, $send = true); // sending the user a confirmation mail drupal_set_message("Your account has been deleted. We're sorry to see you go!"); // message displayed and redirected to front page drupal_goto('<front>'); }
function thumbnailForm_submit($form, $form_state) { $params = drupal_get_query_parameters(); // getting the inputted info from the fields $fields = array("FID"); $picData = getFields($fields, $form_state['values']); $picData = stripTags($picData, ''); $oldFID = isset($form_state['oldFID']) ? $form_state['oldFID'] : 0; if (isset($params["UID"])) { // if updating user's profile picture $UID = $params["UID"]; replacePicture($picData['FID'], $oldFID, 'Users'); dbUpdate("profiles", $picData, "UID", $UID); drupal_goto("viewUser", array('query' => array('UID' => $UID))); } else { if (isset($params["OID"])) { // if editing outreach thumbnail $OID = $params["OID"]; replacePicture($picData['FID'], $oldFID, 'Outreach'); dbUpdateOutreach($OID, $picData); drupal_goto("viewOutreach", array('query' => array('OID' => $OID))); } else { if (isset($params["TID"])) { // if editing team thumbnail $TID = $params["TID"]; replacePicture($picData['FID'], $oldFID, 'Teams'); dbUpdateTeam($TID, $picData); drupal_goto("viewTeam", array('query' => array('TID' => $TID))); } else { drupal_goto("myDashboard"); } } } }
function usersSearch_submit($form, $form_state) { $names = array('nameContains'); $row = getFields($names, $form_state['values']); $row = stripTags($row, ''); drupal_goto('showUsersForTeam', array('query' => array('query' => $row['nameContains']))); return; }
function load() { if ($this->_view == 'node') { $this->_from = $this->get('s'); $this->_node = $this->get('n'); if (!$this->validateServerNode($this->_from, $this->_node)) { return; } $pd = new \Modl\ItemDAO(); $this->_item = $pd->getItem($this->_from, $this->_node); $this->_mode = 'group'; $this->url = Route::urlize('node', array($this->_from, $this->_node)); } else { $this->_from = $this->get('f'); $cd = new \modl\ContactDAO(); $this->_contact = $cd->get($this->_from, true); if (filter_var($this->_from, FILTER_VALIDATE_EMAIL)) { $this->_node = 'urn:xmpp:microblog:0'; } else { return; } $this->_mode = 'blog'; $this->url = Route::urlize('blog', $this->_from); } $pd = new \modl\PostnDAO(); if ($this->_id = $this->get('i')) { if (Validator::int()->between(0, 100)->validate($this->_id)) { $this->_messages = $pd->getNodeUnfiltered($this->_from, $this->_node, $this->_id * $this->_paging, $this->_paging + 1); $this->_page = $this->_id + 1; } elseif (Validator::string()->length(5, 100)->validate($this->_id)) { $this->_messages = $pd->getPublicItem($this->_from, $this->_node, $this->_id); if (is_object($this->_messages[0])) { $this->title = $this->_messages[0]->title; $description = stripTags($this->_messages[0]->contentcleaned); if (!empty($description)) { $this->description = $description; } $attachements = $this->_messages[0]->getAttachements(); if ($attachements && array_key_exists('pictures', $attachements)) { $this->image = urldecode($attachements['pictures'][0]['href']); } } if ($this->_view == 'node') { $this->url = Route::urlize('node', array($this->_from, $this->_node, $this->_id)); } else { $this->url = Route::urlize('blog', array($this->_from, $this->_id)); } } } else { $this->_page = 1; $this->_messages = $pd->getNodeUnfiltered($this->_from, $this->_node, 0, $this->_paging + 1); } if (count($this->_messages) == $this->_paging + 1) { array_pop($this->_messages); } }
function myOwnStripInput($searchString) { if ($searchString !== '') { // Remove escape characters $searchString = stripslashes($searchString); // Remove modx sensitive tags $searchString = stripTags($searchString); // Remove +something+ substring too $searchString = stripOtherTags($searchString); // Strip HTML tags $searchString = stripHtml($searchString); } return $searchString; }
function deleteTeamPage_submit($form, $form_state) { global $user; $UID = $user->uid; $TID = $form_state['TID']; if (dbUserHasPermissionForTeam($user->uid, 'deleteTeam', $TID)) { dbDeactivateTeam($TID); dbKickAllUsersFromTeam($TID); dbRemoveAllRolesFromTeam($TID); } else { drupal_set_message('You do not have permission to perform this action.', 'error'); return; } // send an email to the CROMA team detailing the team deletion $params['feedback'] = stripTags($form_state['values']['misc'], ''); $params['userName'] = dbGetUserName($UID); $params['teamName'] = dbGetTeamName($TID); $params['teamNumber'] = dbGetTeamNumber($TID); drupal_mail('teams', 'teamDeleted', '*****@*****.**', variable_get('language_default'), $params, $from = NULL, $send = TRUE); drupal_set_message(dbGetTeamName($TID) . " has been deleted."); drupal_goto('<front>'); }
function htmlToText($text) { // replace php and comments tags so they do not get stripped return stripTags($text); }
function searchFormSidebar_submit($form, &$form_state) { $fields = array('source', 'name', 'country', 'state', 'city', 'co_organization', 'date', 'dateDistance', 'within5Years', 'year', 'cancelled'); $searchData = getFields($fields, $form_state['values']); $searchData = stripTags($searchData, ''); // don't allow any tags // searchParams is an array containing search data to be passed into generateSearchSQL() if (!empty($form_state['values']['status'])) { foreach ($form_state['values']['status'] as $status => $value) { if ($value != '0') { $searchParams['status'][] = $value; } } } if (!empty($form_state['values']['teams'])) { foreach ($form_state['values']['teams'] as $team => $value) { if ($value != '0') { $searchParams['teams'][] = $value; } } } if (!empty($form_state['values']['tags'])) { foreach ($form_state['values']['tags'] as $tag => $value) { if ($value != '0') { $searchParams['tags'][] = $value; } } } if (!empty($searchData['name'])) { $searchParams['name'] = array('value' => $searchData['name'], 'matchType' => 'fuzzy'); } if (!empty($form_state['values']['owner'])) { $searchParams['owner'] = array('value' => $form_state['values']['owner'], 'matchType' => 'exact'); } if (!empty($form_state['values']['signedUp'])) { $searchParams['signedUp'] = array('value' => $form_state['values']['signedUp'], 'matchType' => 'exact'); } if (!empty($searchData['country']) && $searchData['country'] != '[none]') { $searchParams['country'] = array('value' => $searchData['country'], 'matchType' => 'exact'); } if (!empty($searchData['state']) && $searchData['state'] != '[none]') { $searchParams['state'] = array('value' => $searchData['state'], 'matchType' => 'exact'); } if (!empty($searchData['city'])) { $searchParams['city'] = array('value' => $searchData['city'], 'matchType' => 'fuzzy'); } if (!empty($searchData['co_organization'])) { $searchParams['co_organization'] = array('value' => $searchData['co_organization'], 'matchType' => 'fuzzy'); } if (!empty($searchData['cancelled'])) { $searchParams['cancelled'] = array('value' => $searchData['cancelled'], 'matchType' => 'exact'); } else { $searchParams['cancelled'] = array('value' => false, 'matchType' => 'exact'); } if (!empty($searchData['within5Years'])) { $searchParams['within5Years'] = true; } if (!empty($searchData['date'])) { $date = strtotime($searchData['date']); $start = strtotime('-' . $searchData['dateDistance'], $date); $end = strtotime('+' . $searchData['dateDistance'], $date); $searchParams['date'] = array('start' => dbDatePHP2SQL($start), 'center' => date(DEFAULT_TIME_FORMAT, $date), 'end' => dbDatePHP2SQL($end)); } if (!empty($searchData['year']) && $searchData['year'] != 'select') { $searchParams['year'] = array('year' => $searchData['year']); } $proxyFields = array(); $_SESSION['searchParams'] = $searchParams; $_SESSION['proxyFields'] = $proxyFields; drupal_goto('outreach', array('query' => array('query' => 'search'))); }
function createNewUser($form_state) { //This will generate a random password, you could set your own here $password = user_password(8); $userName = $form_state['values']['firstName'] . ' ' . $form_state['values']['lastName']; //set up the user fields $fields = array('name' => $form_state['values']['primaryEmail'], 'mail' => $form_state['values']['primaryEmail'], 'pass' => $password, 'status' => 1, 'init' => 'email address', 'roles' => array(DRUPAL_AUTHENTICATED_RID => 'authenticated user')); //the first parameter is left blank so a new user is created $account = user_save('', $fields); // Manually set the password so it appears in the e-mail. $account->password = $fields['pass']; // Send the e-mail through the user module. $params['url'] = user_pass_reset_url($account); $params['teamName'] = dbGetTeamName($form_state['TID']); drupal_mail('users', 'userCreated', $form_state['values']['primaryEmail'], NULL, $params, '*****@*****.**'); $fields = array('firstName', 'lastName'); $profileData = getFields($fields, $form_state['values']); $profileData = stripTags($profileData, ''); $profileData['UID'] = $account->uid; dbCreateProfile($profileData); // creating new profile return $profileData['UID']; }
function mediaForm_submit($form, $form_state) { $names = array('title', 'FID', 'description', 'OID'); $MID = $form_state['MID']; $row = getFields($names, $form_state['values']); $row = stripTags($row); $TID = dbUpdateMedia($MID, $row); if ($TID != false) { drupal_set_message('Your media has been assigned!'); } else { drupal_set_message('There is a problem. Please try again.'); } drupal_goto('viewMedia', array('query' => array('OID' => $row['OID']))); }
function filterField($key, $val, $int, $stripTags, $double) { if ($int && in_array($key, $int)) { return intval($val); } if ($stripTags && in_array($key, $stripTags)) { return stripTags($val); } if ($double && in_array($key, $double)) { return doubleval($val); } return $val; }
function oldHoursForm_submit($form, $form_state) { // getting info from the form state $new = $form_state['new']; $TID = $form_state['TID']; // looping through the rows of hours and years for ($i = 0; $i < $form_state['numRows']; $i++) { $HTID = isset($form_state['fields']["HTID-{$i}"]) ? $form_state['fields']["HTID-{$i}"] : 0; $fields = array("hours-{$i}", "year-{$i}"); $fields = getFields($fields, $form_state['values']); $fields = stripTags($fields, ''); // remove all HTML tags // setting the values which were read in into the row which will go into the database $row['numberOfHours'] = $fields["hours-{$i}"]; $row['year'] = $fields["year-{$i}"]; $row['TID'] = $TID; // checking to make sure neither of them are null if ($row['numberOfHours'] != null && $row['year'] != null) { if ($HTID != 0) { // update existing record dbUpdateOffset($HTID, $row); $updated = true; } else { // adding new hours dbAddHourOffset($row); $added = true; } } } // end of for loop // executes if times were deleted if (!$new) { for ($i = $form_state['numRows']; $i < $form_state['initialNumTimes']; $i++) { $result = dbRemoveOldHours($form_state['fields']["HTID-{$i}"]); $removed = true; } } // display appropriate message if (isset($updated) || isset($added) && isset($removed)) { drupal_set_message('Your hours have been updated!'); } else { if ($added) { drupal_set_message("Your hours have been logged!"); } else { if ($removed) { drupal_set_message("Your hours have been removed."); } } } drupal_goto('viewTeam', array('query' => array('TID' => $TID))); }
function hoursForm_submit($form, $form_state) { global $user; // getting value of new from form state $new = isset($form_state['new']) ? $form_state['new'] : true; $OID = $form_state['OID']; // looping through the rows of hours for ($i = 0; $i < $form_state['numRows']; $i++) { $fields = array("numberOfHours-{$i}", "description-{$i}", "type-{$i}"); $row = getFields($fields, $form_state['values']); // dont allow any html tags $row = stripTags($row, ''); // setting the values which were read in into the row which will go into the database $row['numberOfHours'] = $row["numberOfHours-{$i}"]; $row['description'] = $row["description-{$i}"]; $row['isApproved'] = 0; $row['type'] = $row["type-{$i}"]; unset($row["type-{$i}"], $row["numberOfHours-{$i}"], $row["description-{$i}"]); if (isset($form_state['values']['fields']['UID'])) { $UID = $form_state['values']['fields']['UID']; } else { $UID = $user->uid; } if ($UID != 0) { $row['UID'] = $UID; } $row['OID'] = $OID; // if adding new hours if ($new) { if (dbLogHours($row) == false) { drupal_set_message("Error", 'error'); break; } } else { // editing old hours $row['isApproved'] = 0; if (dbUpdateHours($row, $form_state['HID']) == false) { drupal_set_message("Error", 'error'); break; } } } // end of for loop drupal_set_message("Your hours have been logged!"); // assigning user to outreach if not new if (!$new) { dbAssignUserToOutreach($UID, $OID, $row['type']); drupal_goto("viewOutreach", array('query' => array("OID" => $OID))); } else { // notifying appropriate users of changes/addition of hours $outreachName = dbGetOutreachName($OID); $personName = dbGetUserName($user->uid); $notification['message'] = "{$personName} has logged hours for {$outreachName}!"; $notification['TID'] = dbGetTeamForOutreach($OID); $notification['dateTargeted'] = dbDatePHP2SQL(time()); $notification['dateCreated'] = dbDatePHP2SQL(time()); notifyUsersByRole($notification, 'moderator'); notifyOwnerOfOutreach($OID, $notification); if ($OID != 0) { drupal_goto("viewHours", array('query' => array("OID" => $OID))); } else { drupal_goto("viewHours", array('query' => array("UID" => $UID))); } } }
function profileForm_submit($form, $form_state) { global $user; $params = drupal_get_query_parameters(); if (!isset($params['UID'])) { $UID = $user->uid; } else { $UID = $params['UID']; } // getting the inputted info from the fields $fields = array("firstName", "lastName", "position", "phone", "grade", "gender", "FID", "type"); $profileData = getFields($fields, $form_state['values']); $profileData = stripTags($profileData, ''); $profileData['UID'] = $UID; $profileData['bio'] = stripTags(array($form_state['values']['bio'])); // allow some tags in the bio only if (dbUserHasProfile($profileData['UID']) == false) { // if the user doesn't have a profile $result = dbCreateProfile($profileData); // creating new profile if ($result != false) { drupal_set_message("Your profile has been created!"); // if it went through successfully } else { drupal_set_message("There was an error."); // if something "bad" occured during submission } } else { // if the user is simply editing existing profile dbUpdate("profiles", $profileData, "UID", $profileData['UID']); drupal_set_message("Profile has been updated!"); } if (!empty($form_state['values']['secondaryEmail'])) { // user entered value if (dbGetSecondaryEmailForUser($profileData['UID']) == false) { // the user is adding a new secondary email dbAddEmailsToUser($profileData['UID'], array(trim($form_state['values']['secondaryEmail']))); } else { // user is updating an old email dbUpdate('emailsVsUsers', array('email' => $form_state['values']['secondaryEmail']), "UID", $profileData['UID']); } } else { // user didn't enter value dbRemoveEntry('emailsVsUsers', 'UID', $profileData['UID']); } drupal_goto("viewUser", array('query' => array('UID' => $UID))); }
function approve($form, $form_state) { global $user; $UID = $user->uid; $params = drupal_get_query_parameters(); $TID = getCurrentTeam()['TID']; $OID = $params["OID"]; $writeUpFields = array("totalAttendance", "testimonial", "writeUp"); $writeUpData = getFields($writeUpFields, $form_state['values']); $writeUpData = stripTags($writeUpData, ''); // remove all tags $writeUpData['isWriteUpApproved'] = true; $writeUpData['isWriteUpSubmitted'] = 0; $writeUpData['status'] = 'locked'; if (empty($writeUpData["totalAttendance"])) { $writeUpData["totalAttendance"] = null; } $result = dbUpdateOutreach($OID, $writeUpData); $notification = array('TID' => $TID, 'dateCreated' => dbDatePHP2SQL(time()), 'dateTargeted' => dbDatePHP2SQL(time()), 'message' => dbGetUserName($UID) . ' has just approved ' . dbGetOutreachName($OID) . '!', 'bttnLink' => '?q=viewOutreach&OID=' . $OID, 'bttnTitle' => 'View Outreach'); // notify the appropriate people $outreachOwnerUID = dbGetOutreachOwner($OID); if ($UID != $outreachOwnerUID) { dbAddNotification($notification); } notifyUsersByRole($notification, 'moderator'); notifyUsersByRole($notification, 'teamAdmin'); notifyUsersByRole($notification, 'teamOwner'); drupal_set_message("Write up approved!"); drupal_goto('viewOutreach', array('query' => array('OID' => $OID))); }
function item($q, $menuId) { /* Call new FQuery */ $db = new FQuery(); $db->connect(); /* Set Access_Level */ $accessLevel = Level_Access; $q = str_replace("'", "", $q); $q = str_replace("/", "", $q); $q = str_replace("\\", "", $q); $q = str_replace('"', "", $q); $q = str_replace(' ', " ", $q); if (empty($q)) { $q = $_SESSION['search']; } /* Call new paging */ loadPaging(); $paging = new paging(); $rowsPerPage = 10; $keyword = trim($q); //remove space before and after $article = explode_query($q, 'article'); $title = explode_query($q, 'title'); $author = explode_query($q, 'author'); $tag = explode_query($q, 'tags'); $condition = "{$article} {$title} {$author} {$tag}"; $user = FQuery('user', "`name` LIKE '%{$q}%'", 'id'); /* Check total article by query */ FQuery('article', "status=1 AND (`author_id` ='{$user}' {$condition}) {$accessLevel}"); $total = mysql_affected_rows(); /* paging query */ $result = $paging->pagerQuery(FDBPrefix . 'article', "*,DATE_FORMAT(date,'%d %M %Y') as date,DATE_FORMAT(date,'%Y-%m-%d %H:%i:%s') as order_date", "status=1 AND (`author_id` ='{$user}' {$condition}) \n\t\t{$accessLevel}", 'order_date DESC', $rowsPerPage); $no = 0; $jml = mysql_affected_rows(); while ($qr = mysql_fetch_array($result)) { //category $category = oneQuery('article_category', 'id', $qr['category'], 'name'); $catlink = make_permalink("?app=article&view=category&id={$qr['category']}"); //autho if (!empty($qr['author_id'])) { if (!empty($qr['author'])) { $author = $qr['author']; } else { $author = oneQuery('user', 'id', $qr['author_id'], 'name'); } } else { $author = "Administrator"; } $strpos = 0; $article = stripTags($qr['article']); $article2 = strtolower($article); $strpos = strpos("{$article2}", "{$q}"); $query = str_replace(", ", ",", $q); $query = str_replace(" ,", ",", $q); $query = trim($query); if (strpos($query, ",")) { $query = explode(",", $query); } else { $query = explode(" ", $q); } $i = 0; $z = ''; $y = ''; foreach ($query as $v) { $y[$i] = $v; $i++; } for ($n = $i * $i - 1; $n >= 0; $n--) { } if ($strpos >= 40) { $strpos = $strpos - 40; $article2 = substr("{$article2}", $strpos); $strpos2 = strpos("{$article2}", " "); $article = substr("{$article}", $strpos + $strpos2); $article = "..." . $article; } $article = cutWords($article, 35); $article .= "..."; $link = "?app=article&view=item&id={$qr['id']}"; $link = make_permalink($link, Page_ID); $qr['title'] = search_match($qr['title'], $q); $article = search_match($article, $q); $author = search_match($author, $q); $category = search_match($category, $q); $title = "<a href=\"{$link}\">{$qr['title']}</a>"; $readmore = null; $this->category[$no] = $category; $this->catlink[$no] = $catlink; $this->readmore[$no] = $readmore; $this->author[$no] = $author; $this->title[$no] = $title; $this->date[$no] = $qr['date']; $this->article[$no] = $article; $this->perrows = $jml; $this->total = $total; if (defined('SEF_URL')) { $link = link_paging('?'); } else { $link = "?app=article&view=category&id={$categoryId}"; $link = make_permalink($link, Page_ID); $link = $link . "&"; } $no++; } FQuery('article', "status=1 AND (`author_id` ='{$user}' {$condition}) {$accessLevel}"); $jml = mysql_affected_rows(); if ($jml > $rowsPerPage) { $pagelink = $paging->createPaging($link); } else { $pagelink = null; } if (strpos(getUrl(), '?q')) { $pagelink = str_replace("?page=", "&page=", $pagelink); } $this->pglink = $pagelink; }
echo "Inserting posts...\n"; $st = $db->prepare("INSERT INTO fb_posts (fb_post_id, fb_link, image_url, created, updated, type, message, story, extra) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stats = array('items' => 0, 'inserted' => 0, 'failed' => 0); foreach ($data as $id => $item) { $created = getTimeStamp($item->created_time); $updated = getTimeStamp($item->updated_time); $message = $story = $extra = ''; if (isset($item->message)) { if (isset($item->message_tags)) { $message = stripTags($id, $item->message, $item->message_tags); } else { $message = stripTags($id, $item->message); } } if (isset($item->story)) { $story = stripTags($id, $item->story); } $stats['items']++; if (FALSE !== $st->bind_param("sssssssss", $id, $item->link, $item->full_picture, $created, $updated, $item->type, $message, $story, $extra)) { if (FALSE !== $st->execute()) { $stats['inserted']++; } else { $stats['failed']++; } } else { $stats['failed']++; } } print_r($stats); function getTimeStamp($data) {
function teamForm_submit($form, $form_state) { global $user; $params = drupal_get_query_parameters(); $new = !isset($params['TID']); // determine if adding or editing $names = array('name', 'number', 'type', 'city', 'state', 'country', 'FID', 'rookieYear'); $row = getFields($names, $form_state['values']); $row = stripTags($row, ''); if ($row['rookieYear'] === '') { $row['rookieYear'] = null; } if ($new) { // team doesn't exist yet $row['UID'] = $user->uid; $TID = dbCreateTeam($row); } else { $result = dbUpdateTeam($params['TID'], $row); if ($result) { $TID = $params['TID']; if (!teamIsIneligible($TID)) { setCurrentTeam($params['TID'], $row['name']); } } else { drupal_set_message('Error in updating team', 'error'); return; } } if ($TID != false) { if ($new) { // if team is submitted correctly drupal_set_message('Your team form has been submitted. The CROMA team will contact you when your team has been successfully created.'); dbGiveUserRole($user->uid, $TID, 'teamOwner'); dbAssignUserToTeam($user->uid, $TID); // send email $params = array('TID' => $TID, 'name' => $row['name'], 'number' => $row['number'], 'user' => $user->uid, 'userName' => dbGetUserName($user->uid)); drupal_mail('teams', 'teamCreated', '*****@*****.**', variable_get('language_default'), $params, $from = NULL, $send = TRUE); drupal_goto('teamDashboard'); } else { drupal_set_message('Your team has been updated!'); if (!dbIsTeamApproved($TID)) { drupal_goto('manageUserTeams'); } else { drupal_goto('viewTeam', array('query' => array('TID' => $params['TID']))); } } } else { // if something went wrong... drupal_set_message('Error creating team. Please try again.'); } }
// - 'xml' => return data with mime type 'application/xml // - 'rss' => return data with mime type 'application/rss+xml' // - 'file' => return data as downloadable file // - 'email' => send data as email (to the user's login email address) if (isset($_REQUEST['exportType']) and preg_match("/^(text|html|xml|rss|file|email)\$/i", $_REQUEST['exportType'])) { $exportType = $_REQUEST['exportType']; } else { $exportType = "html"; } if (isset($_REQUEST['exportStylesheet'])) { $exportStylesheet = $_REQUEST['exportStylesheet']; } else { $exportStylesheet = ""; } if (isset($_REQUEST['headerMsg'])) { $headerMsg = stripTags($_REQUEST['headerMsg']); } else { $headerMsg = ""; } // -------------------------------------------------------------------- // Extract any parameters that are specific to 'show.php': // (these parameters control which records will be returned by 'search.php') // Note: you can combine different parameters to achieve an "AND" query, e.g.: // // show.php?contribution_id=AWI&author=steffens&year=2005 // // which will find all records where: 'contribution_id' contains 'AWI' -AND- 'author' contains 'steffens' -AND- 'year' contains '2005' if (isset($_REQUEST['serial'])) { $serial = $_REQUEST['serial']; } elseif (isset($_REQUEST['record'])) { $serial = $_REQUEST['record'];
function purifyHTML($str, $exceptions = array()) { if (is_string($str)) { $find = array("\n", "\r"); $tags = array('alert', 'applet', 'audio', 'basefont', 'base', 'behavior', 'bgsound', 'blink', 'body', 'embed', 'expression', 'form', 'iframe', 'ilayer', 'input', 'isindex', 'layer', 'font', 'html', 'link', 'style', 'body', 'head', 'xml', 'script', 'link', 'meta', 'object', 'plaintext', 'textarea', 'title', 'video', 'xss'); $tags = array_diff($tags, $exceptions); $str = str_replace($find, '<br>', decodeValue($str)); $str = stripTags($str, $tags); $str = stripPHP($str); } return $str; }
// if there's no ORDER BY parameter... $orderBy = "author, year DESC, publication"; } // ...use the default ORDER BY clause if (isset($_REQUEST['headerMsg'])) { $headerMsg = $_REQUEST['headerMsg']; } else { $headerMsg = ""; } if (preg_match("/%20/", $headerMsg)) { // if '$headerMsg' still contains URL encoded data... ('%20' is the URL encoded form of a space, see notes above!) $headerMsg = rawurldecode($headerMsg); } // ...URL decode 'headerMsg' statement (it was URL encoded before incorporation into a hidden tag of the 'displayOptions' form to avoid any HTML syntax errors) if (!empty($headerMsg)) { $headerMsg = stripTags($headerMsg); } // strip any HTML tags from the custom header message to prevent cross-site scripting (XSS) attacks (function 'stripTags()' is defined in 'include.inc.php') if (isset($_SESSION['oldQuery'])) { $oldQuery = $_SESSION['oldQuery']; } else { $oldQuery = array(); } if (isset($_SESSION['queryHistory'])) { $queryHistory = $_SESSION['queryHistory']; } else { $queryHistory = array(); } // Extract checkbox variable values from the request: if (isset($_REQUEST['marked'])) { $recordSerialsArray = $_REQUEST['marked'];
function load() { if ($this->_view == 'node') { $this->_from = $this->get('s'); $this->_node = $this->get('n'); if (!$this->validateServerNode($this->_from, $this->_node)) { return; } $pd = new \Modl\ItemDAO(); $this->_item = $pd->getItem($this->_from, $this->_node); $this->_mode = 'group'; $this->url = Route::urlize('node', array($this->_from, $this->_node)); } elseif ($this->_view == 'tag' && $this->validateTag($this->get('t'))) { $this->_mode = 'tag'; $this->_tag = $this->get('t'); $this->title = '#' . $this->_tag; } else { $this->_from = $this->get('f'); $cd = new \modl\ContactDAO(); $this->_contact = $cd->get($this->_from, true); if (filter_var($this->_from, FILTER_VALIDATE_EMAIL)) { $this->_node = 'urn:xmpp:microblog:0'; } else { return; } $this->_mode = 'blog'; $this->url = Route::urlize('blog', $this->_from); } $pd = new \modl\PostnDAO(); if ($this->_id = $this->get('i')) { if (Validator::stringType()->between('1', '100')->validate($this->_id)) { if (isset($this->_tag)) { $this->_messages = $pd->getPublicTag($this->get('t'), $this->_id * $this->_paging, $this->_paging + 1); } else { $this->_messages = $pd->getNodeUnfiltered($this->_from, $this->_node, $this->_id * $this->_paging, $this->_paging + 1); } $this->_page = $this->_id + 1; } elseif (Validator::stringType()->length(5, 100)->validate($this->_id)) { $this->_messages[0] = $pd->getPublicItem($this->_from, $this->_node, $this->_id); if (is_object($this->_messages[0])) { $this->title = $this->_messages[0]->title; $description = stripTags($this->_messages[0]->contentcleaned); if (!empty($description)) { $this->description = truncate($description, 100); } $attachments = $this->_messages[0]->getAttachments(); if ($attachments && array_key_exists('pictures', $attachments)) { $this->image = urldecode($attachments['pictures'][0]['href']); } } if ($this->_view == 'node') { $this->url = Route::urlize('node', array($this->_from, $this->_node, $this->_id)); } else { $this->url = Route::urlize('blog', array($this->_from, $this->_id)); } } } else { $this->_page = 1; if (isset($this->_tag)) { $this->_messages = $pd->getPublicTag($this->get('t'), 0, $this->_paging + 1); } else { $this->_messages = $pd->getNodeUnfiltered($this->_from, $this->_node, 0, $this->_paging + 1); } } if (count($this->_messages) == $this->_paging + 1) { array_pop($this->_messages); } if ($this->_node == 'urn:xmpp:microblog:0') { $this->user = new User($this->_from); $cssurl = $this->user->getDumpedConfig('cssurl'); if (isset($cssurl) && $cssurl != '' && Validator::url()->validate($cssurl)) { $this->addrawcss($cssurl); } } }
function outreachForm_submit($form, $form_state) { global $user; $UID = $user->uid; $TID = $form_state['TID']; $outreachFields = array("name", "peopleImpacted", "address", "city", "state", "country", "status", "co_organization", "co_firstName", "co_lastName", "co_email", "co_phoneNumber", "isPublic"); $outreachData = getFields($outreachFields, $form_state['values']); $outreachData = stripTags($outreachData, ''); // remove all tags $outreachData['description'] = stripTags(array($form_state['values']['description'])); // allow some tags $outreachData["TID"] = $TID; if ($form_state['new']) { $outreachData["UID"] = $UID; } if (isset($form_state['OID'])) { $OID = $form_state['OID']; $oldOutreachData = dbGetOutreach($OID); if ($outreachData["status"] == "doingWriteUp" && $oldOutreachData["isWriteUpApproved"] == true) { $outreachData["writeUpUID"] = null; $outreachData["isWriteUpSubmitted"] = 0; $outreachData["isWriteUpApproved"] = 0; } } if (!$form_state['new']) { // updating existing event $OID = $form_state['OID']; $result = dbUpdateOutreach($OID, $outreachData); if ($result) { // if db call was successful for ($i = 0; $i < $form_state['numRows']; $i++) { // loop through date rows $TOID = isset($form_state['fields']['dates']["TOID-{$i}"]) ? $form_state['fields']['dates']["TOID-{$i}"] : 0; $timeData['startTime'] = dbDatePHP2SQL(strtotime($form_state['values']["startTime-{$i}"])); dpm($timeData['startTime']); $timeData['endTime'] = dbDatePHP2SQL(strtotime($form_state['values']["endTime-{$i}"])); if ($timeData['startTime'] != null && $timeData['endTime'] != null) { // if row isn't empty if ($TOID != 0) { // update existing record dbUpdateTimesForOutreach($TOID, $timeData); } else { // add a new time record if there wasn't one previously $timeData['OID'] = $OID; dbAddTimesToOutreach($timeData); } } else { // remove time record if empty dbRemoveTimeFromOutreach($TOID); } } for ($i = $form_state['numRows']; $i < $form_state['initialNumTimes']; $i++) { // executes if times were deleted dbRemoveTimeFromOutreach($form_state['fields']['dates']["TOID-{$i}"]); } $notification = array(); $userName = dbGetUserName($user->uid); $outName = dbGetOutreachName($OID); $notification['dateCreated'] = dbDatePHP2SQL(time()); $notification['dateTargeted'] = dbDatePHP2SQL(time()); $notification['message'] = "{$userName} has updated outreach {$outName}."; $notification['bttnTitle'] = 'View'; $notification['bttnLink'] = '?q=viewOutreach&OID=' . $OID; $notification['TID'] = $TID; notifyUsersByRole($notification, 'moderator'); // handle tags if (!empty($form_state['values']['tags'])) { $newTags = $form_state['values']['tags']; $previous = dbGetTagsForOutreach($OID, true); // the "true" means this will return only OTID's if ($previous == false) { // if there aren't any tags $previous = array(); } $deleted = array_diff($previous, $newTags); $added = array_diff($newTags, $previous); foreach ($deleted as $delete) { // $delete is the OTID to be removed from the outreach if (!empty($delete)) { dbRemoveTagFromOutreach($delete, $OID); } } foreach ($added as $add) { // $add is the OTID to be added to the outreach if (!empty($add)) { dbAddTagToOutreach($add, $OID); } } } drupal_set_message("Outreach updated!"); } else { drupal_set_message("Outreach not updated."); } } else { // adding new event $outreachData['logDate'] = dbDatePHP2SQL(time()); $OID = dbCreateOutreach($outreachData); if ($OID != false) { dbAddUserAsOwnerOfOutreach($UID, $OID); dbAssignUserToOutreach($UID, $OID, 'owner'); // handle times if ($outreachData['status'] != 'isIdea') { for ($i = 0; $i < $form_state['numRows']; $i++) { $time = array("startTime-{$i}", "endTime-{$i}"); $timeData = getFields($time, $form_state['values']); if ($timeData["startTime-{$i}"] != null && $timeData["endTime-{$i}"] != null) { // rename array keys to match columns $timeData['startTime'] = dbDatePHP2SQL(strtotime($timeData["startTime-{$i}"])); $timeData['endTime'] = dbDatePHP2SQL(strtotime($timeData["endTime-{$i}"])); unset($timeData["endTime-{$i}"], $timeData["startTime-{$i}"]); $timeData['OID'] = $OID; dbAddTimesToOutreach($timeData); } } } // handle tags if (!empty($form_state['values']['tags'])) { foreach ($form_state['values']['tags'] as $OTID) { dbAddTagToOutreach($OTID, $OID); } } // create notification $notification = array(); $userName = dbGetUserName($user->uid); $outName = dbGetOutreachName($OID); $notification['dateCreated'] = dbDatePHP2SQL(time()); $notification['dateTargeted'] = dbDatePHP2SQL(time()); $notification['message'] = "{$userName} has created outreach {$outName}."; $notification['bttnTitle'] = 'View'; $notification['bttnLink'] = '?q=viewOutreach&OID=' . $OID; $notification['TID'] = $TID; notifyUsersByRole($notification, 'moderator'); drupal_set_message("Outreach created!"); } else { // if the $OID IS false form_set_error("Outreach not created successfully"); } } if (dbIsOutreachOver($OID)) { drupal_set_message("It appears you are logging an old event. Don't forget to <a href=\"?q=logHours&OID={$OID}\"><b>log old hours</b></a>!"); } drupal_goto('viewOutreach', array('query' => array('OID' => $OID))); }
/** * defaultStripOutput : default ouput strip function */ function defaultStripOutput($text) { if ($text !== '') { // replace line breaking tags with whitespace $text = stripLineBreaking($text); // strip modx sensitive tags $text = stripTags($text); // strip Jscripts $text = stripJscripts($text); // strip html tags. Tags should be correctly ended $text = stripHTML($text); } return $text; }