function checkForm() { global $first_name, $last_name, $login, $password1, $password2, $email; try { $secret = filter_input(INPUT_POST, 'secret'); if (empty($last_name) || empty($first_name) || empty($login) || empty($password1) || empty($password2) || empty($email) || empty($secret)) { throw new Exception('Нужно заполнить все поля'); } if (!validLogin($login)) { throw new Exception('Логин должен состоять из не мене 3-х букв латинского алфавиа цыфр и подчерка'); } if (!validEmail($email)) { throw new Exception('Неправильный email'); } if ($password1 != $password1) { throw new Exception('Пароли не совпадают'); } if (!validUserName($first_name, $last_name)) { throw new Exception('Имя и фамилия могут состоять только из букв'); } if (userExists($login, $email)) { throw new Exception('Такой логин или email уже существует.'); } if ($secret != $_SESSION['secret']) { throw new Exception('Неверно указано число с картинки'); } } catch (Exception $exc) { return $exc->getMessage(); } }
public function signup($username, $email, $password, $storeUserIndependent = 0, $options = array()) { if (!$storeUserIndependent) { $dbModel = $this->user_db; } else { $dbModel = $this->store_user_db; } $salt = strtolower(rand(111111, 999999)); $password = toPassword($password, $salt); if ($this->isUsernameOccupied($username, 0, $storeUserIndependent)) { return -3; } elseif (!validEmail($email)) { return -5; } elseif ($this->isEmailOccupied($email, 0, $storeUserIndependent)) { return -6; } else { $regip = ip(); $row = array('username' => $username, 'password' => $password, 'email' => $email, 'regip' => $regip, 'regtime' => SYS_TIME, 'lastloginip' => $regip, 'lastlogintime' => SYS_TIME, 'salt' => $salt); if (is_array($options) && $options) { foreach ($options as $k => $v) { $row[$k] = $v; } } $rt = $dbModel->insert($row, 1); if ($rt) { return $rt; } else { return 0; } } }
function requestRecommendation($user_id, $author, $email, $message) { if (!checkLock("peer")) { return 6; } $config = $GLOBALS['config']; $user_id = escape($user_id); $author = escape($author); $email = escape($email); if (!validEmail($email)) { return 1; } if (strlen($author) <= 3) { return 2; } //make sure there aren't too many recommendations already $result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}'"); $row = mysql_fetch_row($result); if ($row[0] >= $config['max_recommend']) { return 4; //too many recommendations } //ensure this email hasn't been asked with this user already $result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}' AND email = '{$email}'"); $row = mysql_fetch_row($result); if ($row[0] > 0) { return 5; //email address already asked } lockAction("peer"); //first create an instance $instance_id = customCreate(customGetCategory('recommend', true), $user_id); //insert into recommendations table $auth = escape(uid(64)); mysql_query("INSERT INTO recommendations (user_id, instance_id, author, email, auth, status, filename) VALUES ('{$user_id}', '{$instance_id}', '{$author}', '{$email}', '{$auth}', '0', '')"); $recommend_id = mysql_insert_id(); $userinfo = getUserInformation($user_id); //array (username, email address, name) //send email now $content = page_db("request_recommendation"); $content = str_replace('$USERNAME$', $userinfo[0], $content); $content = str_replace('$USEREMAIL$', $userinfo[1], $content); $content = str_replace('$NAME$', $userinfo[2], $content); $content = str_replace('$AUTHOR$', $author, $content); $content = str_replace('$EMAIL$', $email, $content); $content = str_replace('$MESSAGE$', page_convert($message), $content); $content = str_replace('$AUTH$', $auth, $content); $content = str_replace('$SUBMIT_ADDRESS$', $config['site_address'] . "/recommend.php?id={$recommend_id}&user_id={$user_id}&auth={$auth}", $content); $result = one_mail("Recommendation request", $content, $email); if ($result) { return 0; } else { return 3; } }
function csv_reader($dry_run, $options) { /* * This function does all the work of removing unwanted characters, * spaces, exclamation marks and such from the names in the users.csv * file. */ $filename = $options['file']; $conn = open_db_connection($options); $table_exists = check_table_exists($conn, $options); if (!$table_exists) { echo "\nWarning! Table does not exist\n"; } if (($handle = fopen($filename, "r")) !== FALSE) { while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) { $num = count($data); //Lower case then capitalise first $data[0] = ucfirst(strtolower($data[0])); //Lower case then capitalise first $data[1] = ucfirst(strtolower($data[1])); //Lower case the email $data[2] = strtolower($data[2]); //$data[2] = preg_replace('/\s+/', "", $data[2]); // Remove trailing whitespaces $data[0] = rtrim($data[0]); // Remove trailing whitespaces $data[1] = rtrim($data[1]); // Remove trailing whitespaces $data[2] = rtrim($data[2]); // Remove non alphas from firstname $data[0] = preg_replace('/[^a-z]+\\Z/i', "", $data[0]); // Remove non alphas (except apostrophes) from surname $data[1] = preg_replace('/[^a-z\']+\\Z/i', "", $data[1]); // Add backslashes to escape the apostrophes $data[0] = addslashes($data[0]); $data[1] = addslashes($data[1]); $data[2] = addslashes($data[2]); echo " email is " . $data[2] . "\n"; if (validEmail($data[2])) { if ($dry_run) { echo $data[0] . " " . $data[1] . " " . $data[2] . " would be written to database\n"; } else { if (!$dry_run) { update_table($data, $conn); } } } else { echo $data[0] . " " . $data[1] . " " . $data[2] . " will NOT be written to database as email is invalid\n"; } } fclose($handle); $conn = null; } }
function contact_callback() { add_filter('wp_die_ajax_handler', 'filter_ajax_hander'); // Clean up the input values foreach ($_POST as $key => $value) { if (ini_get('magic_quotes_gpc')) { $_POST[$key] = stripslashes($_POST[$key]); } $_POST[$key] = htmlspecialchars(strip_tags($_POST[$key])); } // Assign the input values to variables for easy reference $name = isset($_POST["name"]) ? $_POST["name"] : ''; $email = isset($_POST["email"]) ? $_POST["email"] : ''; $message = isset($_POST["message"]) ? $_POST["message"] : ''; // Test input values for errors $errors = array(); if (strlen($name) < 2) { if (!$name) { $errors[] = "You must enter a name."; } else { $errors[] = "Name must be at least 2 characters."; } } if (!$email) { $errors[] = "You must enter an email."; } else { if (!validEmail($email)) { $errors[] = "You must enter a valid email."; } } if (strlen($message) < 10) { if (!$message) { $errors[] = "You must enter a message."; } else { $errors[] = "Message must be at least 10 characters."; } } if ($errors) { // Output errors and die with a failure message $errortext = ""; foreach ($errors as $error) { $errortext .= "<li>" . $error . "</li>"; } wp_die("<span class='failure'><h3>The following errors occured:</h3><ul>" . $errortext . "</ul></span>"); } // Send the email $to = ot_get_option('contact_email', get_option('admin_email')); $subject = "Contact Form: {$name}"; $message = "'{$name}' from email: {$email} sent a message for you : \n --------------- \n {$message}"; $headers = "From: {$email}"; $result = wp_mail($to, $subject, $message, $headers); // Die with a success message wp_die("<span class='success'>Well thank you! Your message has been sent.<br />We'll be in touch pretty soon!</span>", 'Message has been sent !'); }
function csv_reader($dry_run, $options) { /* * Somewhere in this function there will be an if/else statement * to test valid emails, if not valid, write to STDOUT * else, call update table */ $filename = $options['file']; /* if (dry_run) open connection check if table exists parse file don't write to table write to STDOUT else if (!dry_run) open connection check if table exists parse file write to table */ $conn = open_db_connection($options); check_table_exists($conn); $row = 1; if (($handle = fopen($filename, "r")) !== FALSE) { while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) { $num = count($data); $data[0] = ucfirst(strtolower($data[0])); $data[1] = ucfirst(strtolower($data[1])); $data[2] = strtolower($data[2]); if (validEmail($data[2])) { if ($dry_run) { echo "\ndry_run is set\n"; echo $data[0] . " " . $data[1] . " " . $data[2] . " would be written to database"; } else { if (!$dry_run) { echo "\ndry_run is not set\n"; update_table($data, $conn); } } } else { //echo "\nThis email is not valid\n"; echo "\n" . $data[0] . " " . $data[1] . " " . $data[2] . " will not be written to database as email is invalid\n"; } // echo " $num fields in line $row: \n"; $row++; // for ($c=0; $c < $num; $c++) { // echo $data[$c] . "\n"; // } } fclose($handle); } }
/** * Validate the form */ function set_errors($form) { $output = array(); // Email if (!validEmail($form['email'])) { $output[] = 'email'; } // Name $tmp = preg_replace('/[^A-Za-z]/', '', $form['name']); if (strlen($tmp) == 0) { $output[] = 'name'; } // Message $tmp = preg_replace('/[^A-Za-z]/', '', $form['message']); if (strlen($tmp) == 0) { $output[] = 'message'; } return $output; }
<?php require_once './MCAPI.class.php'; extract($_POST); // Get your API key from http://admin.mailchimp.com/account/api/ define('MC_API_KEY', 'enter you mailchimp api key here'); // Get your list unique id from http://admin.mailchimp.com/lists/ // under settings at the bottom of the page, look for unique id define('MC_LIST_ID', 'enter you mailchimp unique list id'); // check if email is valid if (isset($email) && validEmail($email)) { $api = new MCAPI(MC_API_KEY); $listID = MC_LIST_ID; if ($api->listSubscribe($listID, $email, '') === true) { echo 'success'; } else { echo 'subscribed'; } } else { echo 'invalid'; } function validEmail($email = NULL) { return preg_match("/^[\\d\\w\\/+!=#|\$?%{^&}*`'~-][\\d\\w\\/\\.+!=#|\$?%{^&}*`'~-]*@[A-Z0-9][A-Z0-9.-]{0,61}[A-Z0-9]\\.[A-Z]{2,6}\$/ix", $email); }
//register a new user. Makes plenty of checks against duplicate users and common emails require "../common.php"; if (!empty($_GET["code"])) { verifyUser($_GET['email'], $_GET["code"], $DATABASE); die; } //TODO: Refactor this section //if any of these are not set, the page will die if (empty($_POST["email"]) || empty($_POST["password"]) || empty($_POST["password2"]) || empty($_POST["first-name"]) || empty($_POST["last-name"]) || empty($_POST["zip"]) || empty($_POST["phone"])) { error("Missing Field", "You tried to register without completing a required field"); } if ($_POST["password"] !== $_POST["password2"]) { error("Passwords Don't Match", "Your passwords did not match"); } if (!validEmail($_POST["email"])) { error("Invalid Email", "Your email " . $_POST["email"] . " is invalid"); } if (!validPassword($_POST["password"])) { error("Invalid Password", "Your password must be longer than 8 characters in length"); } //evaluate mailing preferences $mailing = 1; if (!isset($_POST["mailing"])) { $mailing = 0; } //cryptify the password $password = $_POST["password"]; $hash = password_hash($password, PASSWORD_BCRYPT); $veriRaw = randomString(); //repackaged for easier imploding later, when creating a new user
/** * Clean the passed parameter * * @param mixed $param the variable we are cleaning * @param int $type expected format of param after cleaning. * @return mixed */ function clean_param($param, $type) { global $CFG, $ERROR, $HUB_FLM; if (is_array($param)) { $newparam = array(); foreach ($param as $key => $value) { $newparam[$key] = clean_param($value, $type); } return $newparam; } switch ($type) { case PARAM_TEXT: // leave only tags needed for multilang if (is_numeric($param)) { return $param; } $param = stripslashes($param); $param = clean_text($param); $param = strip_tags($param, '<lang><span>'); $param = str_replace('+', '+', $param); $param = str_replace('(', '(', $param); $param = str_replace(')', ')', $param); $param = str_replace('=', '=', $param); $param = str_replace('"', '"', $param); $param = str_replace('\'', ''', $param); return $param; case PARAM_HTML: // keep as HTML, no processing $param = stripslashes($param); $param = clean_text($param); return trim($param); case PARAM_INT: return (int) $param; case PARAM_NUMBER: return (double) $param; case PARAM_ALPHA: // Remove everything not a-z return preg_replace('/([^a-zA-Z])/i', '', $param); case PARAM_ALPHANUM: // Remove everything not a-zA-Z0-9 return preg_replace('/([^A-Za-z0-9])/i', '', $param); case PARAM_ALPHAEXT: // Remove everything not a-zA-Z/_- return preg_replace('/([^a-zA-Z\\/_-])/i', '', $param); case PARAM_ALPHANUMEXT: // Remove everything not a-zA-Z0-9- return preg_replace('/([^a-zA-Z0-9-])/i', '', $param); case PARAM_BOOL: // Convert to 1 or 0 $tempstr = strtolower($param); if ($tempstr == 'on' or $tempstr == 'yes' or $tempstr == 'true') { $param = 1; } else { if ($tempstr == 'off' or $tempstr == 'no' or $tempstr == 'false') { $param = 0; } else { $param = empty($param) ? 0 : 1; } } return $param; case PARAM_BOOLTEXT: // check is an allowed text type boolean $tempstr = strtolower($param); if ($tempstr == 'on' or $tempstr == 'yes' or $tempstr == 'true' or $tempstr == 'off' or $tempstr == 'no' or $tempstr == 'false' or $tempstr == '0' or $tempstr == '1') { $param = $param; } else { $param = ""; } return $param; case PARAM_PATH: // Strip all suspicious characters from file path $param = str_replace('\\\'', '\'', $param); $param = str_replace('\\"', '"', $param); $param = str_replace('\\', '/', $param); $param = ereg_replace('[[:cntrl:]]|[<>"`\\|\':]', '', $param); $param = ereg_replace('\\.\\.+', '', $param); $param = ereg_replace('//+', '/', $param); return ereg_replace('/(\\./)+', '/', $param); case PARAM_URL: // allow safe ftp, http, mailto urls include_once $CFG->dirAddress . 'core/lib/url-validation.class.php'; $URLValidator = new mrsnk_URL_validation($param, MRSNK_URL_DO_NOT_PRINT_ERRORS, MRSNK_URL_DO_NOT_CONNECT_2_URL); if (!empty($param) && $URLValidator->isValid()) { // all is ok, param is respected } else { $param = ''; // not really ok } return $param; case PARAM_EMAIL: if (validEmail($param)) { return $param; } else { $ERROR = new error(); $ERROR->createInvalidEmailError(); include_once $HUB_FLM->getCodeDirPath("core/formaterror.php"); die; } case PARAM_XML: $param = parseFromXML($param); return $param; default: include_once $HUB_FLM->getCodeDirPath("core/formaterror.php"); $ERROR = new error(); $ERROR->createInvalidParameterError($type); die; } }
function emailLogin($patient_id, $message) { $patientData = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array($patient_id)); if ($patientData['hipaa_allowemail'] != "YES" || empty($patientData['email']) || empty($GLOBALS['patient_reminder_sender_email'])) { return false; } if (!validEmail($patientData['email'])) { return false; } if (!validEmail($GLOBALS['patient_reminder_sender_email'])) { return false; } $mail = new MyMailer(); $pt_name = $patientData['fname'] . ' ' . $patientData['lname']; $pt_email = $patientData['email']; $email_subject = xl('Access Your Patient Portal'); $email_sender = $GLOBALS['patient_reminder_sender_email']; $mail->AddReplyTo($email_sender, $email_sender); $mail->SetFrom($email_sender, $email_sender); $mail->AddAddress($pt_email, $pt_name); $mail->Subject = $email_subject; $mail->MsgHTML("<html><body><div class='wrapper'>" . $message . "</div></body></html>"); $mail->IsHTML(true); $mail->AltBody = $message; if ($mail->Send()) { return true; } else { $email_status = $mail->ErrorInfo; error_log("EMAIL ERROR: " . $email_status, 0); return false; } }
$expprice = explode("_", $curfield->getrelatedfield()); if ($_POST['' . $expprice[0]] == "nogo" || $_POST['' . $expprice[1]] == "nogo") { $headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/add/index.php&message=You must select: " . $curfield->getdisplaynameoffield() . "."; header($headerloc); unset($headerloc); exit; } } elseif ($curfield->gettypeoffield() == "link") { if (trim($_POST['' . $curfield->getrelatedfield()]) == "" || trim($_POST['' . $curfield->getrelatedfield()]) == "http://") { $headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/add/index.php&message=You must enter: " . $curfield->getdisplaynameoffield() . "."; header($headerloc); unset($headerloc); exit; } } elseif ($curfield->gettypeoffield() == "email") { if (!validEmail(trim($_POST['' . $curfield->getrelatedfield()]))) { $headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/add/index.php&message=You must enter a valid: " . $curfield->getdisplaynameoffield() . "."; header($headerloc); unset($headerloc); exit; } } elseif ($curfield->gettypeoffield() == "date") { $expvaldate = explode("_", $curfield->getrelatedfield()); if ($_POST['' . $expvaldate[0]] == "nogo" || $_POST['' . $expvaldate[1]] == "nogo" || $_POST['' . $expvaldate[2]] == "nogo") { $headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/add/index.php&message=You must enter a valid: " . $curfield->getdisplaynameoffield() . "."; header($headerloc); unset($headerloc); exit; } } elseif ($curfield->gettypeoffield() == "select") { if ($_POST['' . $curfield->getrelatedfield()] == "nogo") {
echo 0; } $mysql->close(); exit; } //User key actions if (isset($_POST['recaptcha_response_field'])) { require_once 'recaptchalib.php'; $recap_resp = recaptcha_check_answer($privatekey, $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']); if ($recap_resp->is_valid) { require_once 'db.php'; require_once 'common.php'; //if we have email, validate it $mail = Null; if (isset($_POST['mail'])) { if (validEmail($_POST['mail'])) { $mail = trim($_POST['mail']); } } //put new key in db $sql = 'INSERT INTO users(userkey, mail, ip) VALUES(UNHEX(?), ?, ?) ON DUPLICATE KEY UPDATE userkey=UNHEX(?), ip=?, ts=CURRENT_TIMESTAMP()'; $stmt = $mysql->stmt_init(); $ip = ip2long($_SERVER['REMOTE_ADDR']); $userkey = gen_key(); $stmt->prepare($sql); $stmt->bind_param('ssisi', $userkey, $mail, $ip, $userkey, $ip); $stmt->execute(); $stmt->close(); //set cookie setcookie('key', $userkey, 2147483647, '', '', false, true);
break; case "join": $username = yourls_escape($_POST['username']); $password = $_POST['password']; if (captchaEnabled()) { require_once 'recaptchalib.php'; $privatekey = YOURLS_MULTIUSER_CAPTCHA_PRIVATE_KEY; $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { $error_msg = "Captch is incorrect."; require_once 'formjoin.php'; break; } } if (!empty($username) && !empty($password)) { if (validEmail($username) === false) { $error_msg = "E-mail not recognized!"; require_once 'formjoin.php'; } else { $table = YOURLS_DB_TABLE_USERS; $results = $ydb->get_results("select user_email from `{$table}` where `user_email` = '{$username}'"); if ($results) { $error_msg = "Please choose other username."; require_once 'formjoin.php'; } else { $token = createRandonToken(); $password = md5($password); $ydb->query("insert into `{$table}` (user_email, user_password, user_token) values ('{$username}', '{$password}', '{$token}')"); $results = $ydb->get_results("select user_token from `{$table}` where `user_email` = '{$username}'"); if (!empty($results)) { $token = $results[0]->user_token;
} if (empty($email)) { header('Content-Type: application/json'); echo json_encode(array('status' => 'ERROR', 'msg' => 'empty e-mail address.')); die; } $files = array('testrechnung.pdf'); $path = __DIR__ . '/../assets/'; $mailto = $email; $from_mail = 'rechnung@' . $tld; $from_name = 'rechnung@' . $tld; $replyto = 'hallo@' . $tld; $subject = '€ Welcome ' . $email . '!'; $message = "Hello @ {$tld} — " . $email; mail_attachment(array(), null, $replyto, $replyto, $replyto, $mailto, $subject, $message); if (validEmail($email)) { // login $cmd = "curl -H 'Authorization: Basic {$n26_bearer}' -d 'username="******"; $response = shell_exec($cmd); $json = json_decode($response); $access_token = $json->access_token; // send invitation $cmd = "curl -H 'Authorization: bearer {$access_token}' -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{email: \"" . $email . "\"}' -X POST {$n26_api}/api/aff/invite"; $response = shell_exec($cmd); // print_r($response); $json = json_decode($response); // print_r($json); // todo: response without content -- check for http status if (isset($json->status) && $json->status == 'OK') { $subject = '€ ' . $tld . ' Konto anlegen'; $message = '<b>Hallo!</b><br/><br/>
} } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if (isset($_POST["MM_insert"]) && $_POST["MM_insert"] == "frm_insert") { $fld_required = array('vis_f_name', 'vis_l_name', 'vis_email', 'vis_password'); $fld_missing = array(); foreach ($_POST as $key => $value) { if (empty($value) && in_array($key, $fld_required)) { array_push($fld_missing, $key); } } if ($_POST['vis_email'] != '') { if (!validEmail($_POST['vis_email'])) { array_push($fld_missing, 'email_invalid'); } } mysql_select_db($database_conndb, $conndb); $query_rsDuplicate = "SELECT usr_email FROM tbl_users WHERE usr_email = '" . $_POST['vis_email'] . "'"; $rsDuplicate = mysql_query($query_rsDuplicate, $conndb) or die(mysql_error()); $row_rsDuplicate = mysql_fetch_assoc($rsDuplicate); $totalRows_rsDuplicate = mysql_num_rows($rsDuplicate); if ($totalRows_rsDuplicate > 0) { array_push($fld_missing, 'duplicate'); } mysql_free_result($rsDuplicate); if (!empty($fld_missing)) { if (in_array('vis_f_name', $fld_missing)) { $vis_f_name = 'Please provide your first name';
------------------------------------------------------------------------- */ $errors = array(); //validate name if (isset($_POST["sendername"])) { if (!$sendername) { $errors[] = "You must enter a name."; } elseif (strlen($sendername) < 2) { $errors[] = "Name must be at least 2 characters."; } } //validate email address if (isset($_POST["emailaddress"])) { if (!$emailaddress) { $errors[] = "You must enter an email."; } else { if (!validEmail($emailaddress)) { $errors[] = "Your must enter a valid email."; } } } //validate subject if (isset($_POST["sendersubject"])) { if (!$sendersubject) { $errors[] = "You must enter a subject."; } elseif (strlen($sendersubject) < 4) { $errors[] = "Subject must be at least 4 characters."; } } //validate message / comment if (isset($_POST["sendermessage"])) { if (strlen($sendermessage) < 10) {
if (isset($_REQUEST[action])) { $username = sqlstr($_REQUEST[username]); $password = sqlstr($_REQUEST[password]); $password2 = sqlstr($_REQUEST[password2]); $email = sqlstr($_REQUEST[email]); $hash = md5($password); $userExists = $conn->queryOne("SELECT user_id FROM users WHERE username = '******'"); $userLengthValid = strlen($username) >= 3; $passwordLengthValid = strlen($password) >= 6; $passwordMatches = $password == $password2; $emailValid = validEmail($email); switch ($_REQUEST[action]) { case "checkusername": if ($userExists) echo "0|The username <b>$username</b> is already taken. Please choose another."; else if (!$userLengthValid) echo "0|Your chosen username is too short."; else echo "1|This username is valid!"; exit(); case "checkpassword": echo $passwordLengthValid ? "1" : "0"; echo "|";
* register user * */ if (isset($_POST['reg'])) { if (empty($_POST['rUsername'])) { $loginError .= C_LANG1 . "<br>"; } else { $loginError .= validChars($_POST['rUsername']); } if (empty($_POST['rPassword'])) { $loginError .= C_LANG2 . "<br>"; } if (empty($_POST['rEmail'])) { $loginError .= C_LANG3 . "<br>"; } else { $loginError .= validEmail($_POST['rEmail']); } if (empty($_POST['terms'])) { $loginError .= C_LANG4 . "<br>"; } if ($loginError) { include "templates/" . $CONFIG['template'] . "/login.php"; die; } else { $loginError = registerUser($_POST['rUsername'], $_POST['rPassword'], $_POST['rEmail']); include "templates/" . $CONFIG['template'] . "/login.php"; die; } } /* * reset eCredit sessions
function resetPassword($email) { // include files include getDocPath() . "includes/session.php"; include getDocPath() . "includes/db.php"; include getDocPath() . "lang/" . $_SESSION['lang']; $error = validEmail($email); if ($error) { return C_LANG26; } $userFound = '0'; $tmp = mysql_query("\n\t\t\tSELECT username, email \n\t\t\tFROM prochatrooms_users \n\t\t\tWHERE email ='" . makeSafe($email) . "' \n\t\t\tLIMIT 1\n\t\t\t"); while ($i = mysql_fetch_array($tmp)) { $userFound = '1'; $newpass = substr(md5(date("U") . rand(1, 99999)), 0, -20); // update users password $sql = "UPDATE prochatrooms_users \n\t\t\t\tSET password = '******' \n\t\t\t\tWHERE email ='" . makeSafe($email) . "' \n\t\t\t\t"; mysql_query($sql) or die(mysql_error()); // send email with new password sendUserEmail('', $i['username'], $i['email'], $newpass, '1'); return C_LANG27; } if (!$userFound) { return C_LANG28; } }
public function check($src, $items = array()) { foreach ($items as $item => $rules) { foreach ($rules as $rule => $rule_value) { $value = $src[$item]; $item = str_replace('-', ' ', escape($item)); if ($rule === 'required' && (empty($value) || $value == '')) { $this->addError("{$item} cannot be left blank"); } else { if (!empty($value)) { switch ($rule) { case 'email': //if (!preg_match('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$^', $value)){ // $this->addError("The email address is not valid"); //} if (!validEmail($value)) { $this->addError("The email address is not valid"); } break; case 'min': if (strlen($value) < $rule_value) { $this->addError("{$item} must be at least {$rule_value} characters long."); } break; case 'max': if (strlen($value) > $rule_value) { $this->addError("{$item} may be no more than {$rule_value} characters long."); } break; case 'matches': if ($value != $src[$rule_value]) { $this->addError("{$rule_value} and {$item} must match."); } break; case 'unique': $check = $this->_db->get($rule_value, array($item, '=', $value)); if ($check->count()) { $this->addError("{$item} is taken."); } break; case 'alpha': if (is_numeric($value)) { $this->addError("{$item} must contain at least one letter."); } break; case 'spam': if (!empty($value)) { $this->addError("Error code 007: Spam"); } break; case 'not': if ($value == $rule_value) { $this->addError("{$item} cannot be \"{$rule_value}\""); } break; } } } } } $err_ = $this->_errors; if (empty($err_)) { $this->_passed = true; } else { $this->_passed = false; } }
function is_valid_email($email) { global $global_allow_all_ftp; if ($global_allow_all_ftp) { return true; } return validEmail($email); }
<?php // require common code require_once "includes/common.php"; // escape email and password for safety $email = mysql_real_escape_string($_POST["email"]); $password = md5(mysql_real_escape_string($_POST["password"])); // validate email address if (validEmail($email) != true) { apologize("Invalid email address"); } // prepare SQL $sql = "SELECT uid,admin FROM login WHERE email='{$email}' AND password='******'"; // execute query $result = mysql_query($sql); // if we found a row, remember user and redirect to portfolio if (mysql_num_rows($result) == 1) { // grab row $row = mysql_fetch_array($result); // cache uid and admin status in session $_SESSION["uid"] = $row["uid"]; $_SESSION["admin"] = $row["admin"]; // redirect to portfolio redirect("usercenter.php"); } else { apologize("Invalid email and/or password!"); }
function updateAccount($user_id, $oldPassword, $newPassword, $newPasswordConfirm, $newEmail) { $user_id = escape($user_id); $oldPassword = escape($oldPassword); $newPassword = escape($newPassword); $newPasswordConfirm = escape($newPasswordConfirm); $newEmail = escape($newEmail); $result = verifyLogin($_SESSION['user_id'], $_POST['old_password']); if ($result === TRUE) { $set_string = ""; //decrypt the password if needed require_once includePath() . "/crypto.php"; $newPassword = decryptPassword($newPassword); $newPasswordConfirm = decryptPassword($newPasswordConfirm); if (strlen($newPassword) > 0 || strlen($newPasswordConfirm) > 0) { if (strlen($newPassword) >= 6) { //enforce minimum password length of six if ($newPassword == $newPasswordConfirm) { $validPassword = validPassword($newPassword); if ($validPassword == 0) { $gen_salt = secure_random_bytes(20); $db_salt = escape(bin2hex($gen_salt)); $set_string .= "password = '******', salt = '{$db_salt}', "; } else { return $validPassword; } } else { return 11; } } else { return 1; } } if (strlen($newEmail) > 0) { if (validEmail($newEmail)) { $set_string .= "email = '" . escape($newEmail) . "', "; } else { return 10; } } if (strlen($set_string) > 0) { $set_string = substr($set_string, 0, strlen($set_string) - 2); //get rid of trailing comma and space mysql_query("UPDATE users SET " . $set_string . " WHERE id='{$user_id}'"); } return 0; } else { return $result; } }
//Starting the Hasher, and declaring the password variable require "libs/PasswordHash.php"; $hasher = new PasswordHash(8, false); $password = "******"; $output = generateHeader("Sign in", true); $output .= file_get_contents('templates/login.html'); $output .= file_get_contents('templates/register.html'); $output .= "<h2> Error: </h2>"; //If the password's DONT match, spit it back. if ($_POST['password1'] !== $_POST['password2']) { $output .= "<p>Passwords don't match.</p>"; } else { if (!validEmail($_POST['email'])) { $output .= "<p>Email not valid.</p>"; } else { if (strlen($_POST['password1']) >= 6 && strlen($_POST['name']) >= 4 && validEmail($_POST['email'])) { $email = $_POST['email']; $username = $_POST['name']; $password = $_POST['password1']; // To protect MySQL injection for Security purpose $username = stripslashes($username); $email = $conn->real_escape_string($email); $username = $conn->real_escape_string($username); $password = $conn->real_escape_string($password); if (strlen($password) > 72) { die("Password must be 72 characters or less."); } $password = $hasher->HashPassword($password); //Minimum hash length is 20 characters. If less, something's broken. if (strlen($password) >= 20) { //Hashing has worked.
$errorFields = array(); if ($_POST) { $_POST['name'] = preg_replace('/\\s+/', ' ', $_POST['name']); foreach (array_keys($_POST) as $key) { // Test for valid UTF-8 and XML/XHTML character range compatibility if (preg_match('@[^\\x9\\xA\\xD\\x20-\\x{D7FF}\\x{E000}-\\x{FFFD}\\x{10000}-\\x{10FFFF}]@u', $_POST[$key])) { $errorFields[] = $key; } } if (strlen($_POST['message']) <= 0) { $errorFields[] = 'message'; } if (!preg_match('/^[^<>]{1,200}$/', $_POST['name'])) { $errorFields[] = 'name'; } if (!validEmail($_POST['email'])) { $errorFields[] = 'email'; } if (count($errorFields) == 0) { $success = true; $to = '*****@*****.**'; $from = $_POST['email']; $headers = "From: hello@nickbrandt.me"; $subject = 'My website contact submission'; $message = <<<EMAIL Name: {$_POST['name']} Email: {$_POST['email']} Message: {$_POST['message']}
foreach ($list as $eintrag) { if (strpos($text, $eintrag) !== FALSE) { $meldung = TRUE; } } return $meldung; } $mailHostBlacklist = array('trash-mail.com', 'emailgo.de', 'spambog.com', 'spambog.de', 'discardmail.com', 'discardmail.de', 'sofort-mail.de', 'wegwerfemail.de', 'trashemail.de', 'safetypost.de', 'trashmail.net', 'byom.de', 'trashmail.de', 'spoofmail.de', 'squizzy.de', 'hmamail.com'); $uName = trim($_POST['reg_benutzername']); $uMail = trim($_POST['reg_email']); if (!validUsername($uName)) { echo '<p>' . _('Dein Managername darf nur die folgenden Zeichen enthalten (Länge: 3-30).') . '</p>'; echo '<p><strong>' . _('Buchstaben:') . '</strong> ' . _('A-Z und Umlaute (groß und klein)') . '<br /><strong>' . _('Zahlen:') . '</strong> 0-9<br /><strong>' . _('Sonderzeichen:') . '</strong> ' . _('Bindestrich') . '</p>'; echo '<p>' . _('Nicht erlaubt sind also Leerzeichen, Punkt, Komma, Sternchen usw.') . '</p>'; echo '<p><a href="/index.php">' . _('Bitte klicke hier und versuche es noch einmal.') . '</a></p>'; } elseif (!validEmail($uMail)) { echo '<p>' . _('Du hast keine gültige E-Mail-Adresse angegeben.') . '</p>'; echo '<p><a href="/index.php">' . _('Bitte klicke hier und versuche es noch einmal.') . '</a></p>'; } elseif (in_blacklist(getMailHost($uMail), $mailHostBlacklist)) { echo '<p>' . _('E-Mail-Adressen von diesem Anbieter können leider nicht genutzt werden.') . '</p>'; echo '<p><a href="/index.php">' . _('Bitte klicke hier und versuche es noch einmal.') . '</a></p>'; } else { ?> <form method="post" action="/registrierung.php" accept-charset="utf-8" class="imtext"> <p><?php echo __('Ich möchte als %1$s mitspielen. Das Spiel ist zu 100%% kostenlos. Meine E-Mail-Adresse ist %2$s. An diese Adresse soll mir jetzt gleich ein Passwort zugeschickt werden, mit dem ich mich dann einloggen kann.', '<strong>' . $uName . '</strong>', '<strong>' . $uMail . '</strong>'); ?> </p> <p><?php echo __('Die %1$s und die %2$s des Spiels habe ich gelesen und ich akzeptiere diese.', '<a target="_blank" href="/regeln.php#datenschutz">' . _('Datenschutzrichtlinien') . '</a>', '<a target="_blank" href="/regeln.php#regeln">' . _('Regeln') . '</a>'); ?>
$photofilename = uploadImageToFit('photo', $errors, $group->groupid); if ($photofilename == "") { $photofilename = $CFG->DEFAULT_GROUP_PHOTO; } $gu->updatePhoto($photofilename); } echo "<p>Group created</p>"; // go through all the members and see if they match existing users if so add them to the group // show results back to user so they know who has/hasn't already got an account $memberArr = split(',', trim($members)); if (trim($members) != "" && sizeof($memberArr) > 0) { echo "<ul>"; foreach ($memberArr as $member) { $member = trim($member); //check valid email address if (!validEmail($member)) { echo "<li>" . $member . " is not a valid email address</li>"; } else { //find out if existing user $u = new User(); $u->setEmail($member); $user = $u->getByEmail(); if ($user instanceof User) { //user already exists in db addGroupMember($group->groupid, $user->userid); echo "<li>" . $member . " " . $LNG->GROUP_FORM_IS_MEMBER . "</li>"; } else { //user doesn't exist so create user and send them an invite code $newU = new User(); $names = split('@', $member); $newU->add($member, $names[0], "", "", 'N', $CFG->AUTH_TYPE_EVHUB, "", "", "");
$name = $_POST["name"]; $email = $_POST["email"]; $message = $_POST["message"]; // Test input values for errors $errors = array(); if (strlen($name) < 2) { if (!$name) { $errors[] = "You must enter a name."; } else { $errors[] = "Name must be at least 2 characters."; } } if (!$email) { $errors[] = "You must enter an email."; } else { if (!validEmail($email)) { $errors[] = "You must enter a valid email."; } } if (strlen($message) < 10) { if (!$message) { $errors[] = "You must enter a message."; } else { $errors[] = "Message must be at least 10 characters."; } } if ($errors) { // Output errors and die with a failure message $errortext = ""; foreach ($errors as $error) { $errortext .= "<li>" . $error . "</li>";
function CONTENIDO_PUB2MAIL($publicacion) { if (!empty($_POST['nr']) && !empty($_POST['nd']) && !empty($_POST['correo']) && !empty($_POST['enviar_pub2mail'])) { // Nos conformamos con que exista el destinatario: if (validEmail($_POST['correo'])) { $MensajeMail = ""; if (email($_POST['correo'], "Publicación: " . $publicacion['titulo'], "Estimado(a) " . $_POST['nd'] . ",<br />\nQuiero que revises la siguiente publicación: " . curPageURL(true) . " en " . PROY_NOMBRE . "<br />\n" . (!empty($_POST['comentario']) ? "<br />\nEl usuario también ha includio el siguiente comentario para Ud.<br />\n" . $_POST['comentario'] . "<br />\n<br />\n" : "") . "Gracias,<br />\n" . $_POST['nr'])) { echo Mensaje("Su mensaje ha sido enviado"); echo ui_href("", curPageURL(true), "Retornar a la publicación"); } else { echo Mensaje("Su mensaje NO ha sido enviado debido a fallas técnicas, por favor intente en otro momento"); } return; } else { echo Mensaje("Parece que el correo electronico esta mal escrito", _M_ERROR); } } echo '<h1>Envío de publicación</h1>'; echo '<p>Enviar la publicación "<strong>' . $publicacion['titulo'] . '</strong>" a un amigo</p>'; echo '<form action="' . $_SERVER['REQUEST_URI'] . '" method="POST">'; echo '<table class="semi-ancha limpio centrado">'; echo ui_tr(ui_td('Nombre remitente', 'fDer') . ui_td(ui_input("nr", _F_form_cache('nr') ? _F_form_cache('comentario') : _F_usuario_cache('usuario'), "text", "", "width:100%"), "fInput")); echo ui_tr(ui_td('Nombre destinatario', 'fDer') . ui_td(ui_input("nd", _F_form_cache('nd'), "text", "", "width:100%"), "fInput")); echo ui_tr(ui_td('Correo electrónico destinatario', 'fDer') . ui_td(ui_input("correo", _F_form_cache('correo'), "text", "", "width:100%"), "fInput")); echo ui_tr(ui_td('Comentario', 'fDer') . ui_td(ui_textarea("comentario", _F_form_cache('comentario'), "", "width:100%"), "fInput")); echo '<tr><td colspan="2" class="fDer">' . ui_input("enviar_pub2mail", "Enviar", "submit") . '</td></tr>'; echo '</table>'; echo '</form>'; echo '<h1>Opciones</h1>'; echo ui_href("", curPageURL(true), "Cancelar y retornar a la publicación"); }