public static function validateId($id) { return validateId($id); }
require_once 'database/pdo_mysqlUtil.php'; require_once 'database/FileUtil.php'; require_once 'security/validation.php'; require_once 'security/rbac.php'; ?> <?php if (!authenticate(3)) { die("没有权限"); } ?> <?php //PDO_Class_Wrapper version if ($_SERVER["REQUEST_METHOD"] == "POST") { $pageId = validateId(htmlspecialchars($_POST["pageId"])); $photos = saveFiles("photoName", "photo/"); //不判断附件是否上传成功 $isCorrect = true; $db->start(); for ($i = 0; $i < count($photos); $i++) { $photoData = array("path" => $photos[$i], "name" => basename($photos[$i]), "pageId" => $pageId); // print_r($photos); $photoId = $db->insert('photo', $photoData)->getLastInsertId(); if (!$photoId > 0) { $isCorrect = false; } } if ($isCorrect) { $db->end(); echo "添加成功" . "<br>";
require_once 'model/' . $_file . '.php'; /** * miembro_editar.php * * Genera el formulario con los datos del miembro para poder modificarlos. * Para ello usa como parámetro el Identificador de Miembro. * La fecha de incorporación sólo es modificable por el Administrador. * @access Privado El mismo Miembro o Administrador * @param integer id_miembro Identificador del Miembro * */ //print_r($_REQUEST); // Extrae las variables necesarias para el script extract(arrayKeys($_REQUEST, array('id_miembro', 'idioma'))); // Obtiene el id_miembro y verifica si es correcto $id_miembro = validateId($id_miembro); // Controla el acceso a la pagina accessOwnMember($id_miembro); // TODO function to validate languages (here and in forms!) // Si hay cambio de idioma, lo recibe por GET if (isset($_GET['idioma'])) { // Muestra error si la cadena está vacía if (empty($idioma)) { error(); } elseif (!isset($_languages[$idioma])) { // Si no existe el ídioma muestra error error(); } } else { // Obtiene el idioma si no ha cambiado $idioma = isset($idioma) && isset($_languages[$idioma]) ? $idioma : $_lang;
<?php require 'conn.php'; $singleImage = False; $image_link = ""; $imageId = ""; $vote_class = "enabled"; $vote_text = "UPVOTE"; try { if (isset($_GET['image'])) { $imageId = $_GET['image']; validateId($imageId); $stmt = $conn->prepare("SELECT * FROM images where id = :id"); $stmt->execute([':id' => $imageId]); $result = $stmt->fetch(); if (!$result) { redirect(); } else { // check if the user has already voted on image if (isset($_COOKIE['voted_on'])) { $votedArray = explode(',', $_COOKIE['voted_on']); if (in_array($result['id'], $votedArray)) { $vote_class = "disabled"; $vote_text = "VOTED"; } } $singleImage = true; $image_link = "/assets/images/cars/" . $result['image_name'] . ".jpg"; $imageId = $result['id']; } }
$query = "SELECT capacity FROM groups WHERE name='{$group}'"; $result = $conn->query($query); $result = mysqli_fetch_row($result); echo $result[0]; } // Try to make the connection with the database. $connection = new Connection(); $conn = $connection->createConnection(); if ($conn) { // Get the action from the registration factory. $action = $_REQUEST['action']; if ($action === 'insert') { insertPerson($conn); } else { if ($action === 'validateId') { validateId($conn); } else { if ($action === 'validateEmail') { validateEmail($conn); } else { if ($action === 'validateGroup') { validateGroup($conn); } else { if ($action === 'decrement') { decrementCapacity($conn); } else { if ($action === 'capacity') { isThereCapacity($conn); } } }
function auth(&$error) { global $command, $sessionAuth, $admcookielogin, $admcookiepassword, $sessionAuth; global $admlogin, $admpassword, $uid, $gid, $useCookie, $group, $HTTP_POST_VARS; unset($error); switch ($HTTP_POST_VARS["command"]) { case "logout": addToLog("Logout!"); $uid = $sessionAuth["uid"]; logUser($uid, "LOGOUT"); //session_unregister("sessionAuth"); unset($_SESSION["sessionAuth"]); session_destroy(); // erases cookies eraseCookies(); unset($admlogin); unset($admpassword); unset($admcookielogin); unset($admcookiepassword); unset($uid); htmlProlog($_SERVER['PHP_SELF'], "Logout", false); echo "<center>\n"; echo "You are not logged any more<br>\n"; echo "Click <a href='index.php'>here</a> to login<br>\n"; echo "</center>\n"; htmlEpilog(); die; break; case "chPassword": addToLog("Change pass!"); global $chOldPass, $chNewPass, $chConfirmNewPass; if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group))) { $error = "Invalid login '{$admlogin}'"; eraseCookies(); return 0; } if (crypt($chOldPass, "NL") == $admpassword && $chNewPass == $chConfirmNewPass) { sqlquery("UPDATE user SET password='******' WHERE uid='{$uid}'"); $admpassword = $chNewPass; addToLog("Changed password to '{$chNewPass}':'" . crypt($chNewPass, "NL") . "'"); //session_unregister("sessionAuth"); unset($_SESSION["sessionAuth"]); session_destroy(); } case "login": $admpassword = crypt($admpassword, "NL"); addToLog("Login! -- admlogin='******', admpassword='******'"); if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group))) { $error = "Invalid login '{$admlogin}'"; print $error; eraseCookies(); return 0; } $sessionAuth = array("admlogin" => $admlogin, "admpassword" => $admpassword, "uid" => $uid); //session_register("sessionAuth"); $_SESSION["sessionAuth"] = $sessionAuth; if ($useCookie) { setupCookies($admlogin, $admpassword); } logUser($uid, "LOGIN"); return 1; break; default: if (!isset($sessionAuth) || $sessionAuth["admlogin"] == "") { print "no sessionauth or admlogin is blank"; if (!isset($admcookielogin)) { addToLog("cookie not set"); return false; } else { $admlogin = $admcookielogin; $admpassword = $admcookiepassword; } } else { $admlogin = $sessionAuth["admlogin"]; $admpassword = $sessionAuth["admpassword"]; $uid = $sessionAuth["uid"]; } if (!($uid = validateId($admlogin, $admpassword, $useCookie, $gid, $group))) { if (!$uid) { $error = "Invalid login '{$admlogin}'"; eraseCookies(); return false; } } $sessionAuth = array("admlogin" => $admlogin, "admpassword" => $admpassword, "uid" => $uid); //session_register("sessionAuth"); $_SESSION["sessionAuth"] = $sessionAuth; if ($useCookie) { setupCookies($admlogin, $admpassword); } else { eraseCookies(); } //logUser($uid, "BROWSE"); return 1; break; } }
require_once 'error/ErrorUtil.php'; require_once 'database/pdo_mysqlUtil.php'; require_once 'database/FileUtil.php'; require_once 'security/validation.php'; require_once 'security/rbac.php'; ?> <?php if (!authenticate(2)) { die("没有权限"); } ?> <?php //PDO_Class_Wrapper version $articleId = validateId(htmlspecialchars($_GET["articleId"])); $aWhere = array('articleId =' => $articleId); $data = $db->select('article', '', $aWhere)->results(); $currentArticle = $data[0]; if ($currentArticle == NULL || !isset($currentArticle['articleId']) || !$currentArticle['articleId'] > 0) { die("该文章不存在"); } //删除原来的置顶图片 if ($currentArticle['type'] == 1) { deleteFile($currentArticle['picturePath']); } $db->start(); //删除附件文件 $aWhere = array('articleId =' => $articleId); $currentArticleAttachments = $db->select('attachment', '', $aWhere)->results(); foreach ($currentArticleAttachments as $currentArticleAttachment) {
require_once 'error/ErrorUtil.php'; require_once 'database/pdo_mysqlUtil.php'; require_once 'security/validation.php'; require_once 'security/rbac.php'; ?> <?php if (!authenticate(1)) { die("没有权限"); } ?> <?php //PDO_Class_Wrapper version $adminId = validateId(htmlspecialchars($_GET["adminId"])); $aWhere = array('adminId =' => $adminId); $admins = $db->select('admin', '', $aWhere)->results(); if (!count($admins) > 0) { die("该ID不存在"); } $aWhere = array('adminId' => $adminId); if ($db->delete('admin', $aWhere)->affectedRows() > 0) { echo '删除成功'; echo '<br><a href="controller.php">返回管理页面</a>'; } else { die("删除失败"); } ?> <?php
require_once 'error/ErrorUtil.php'; require_once 'database/pdo_mysqlUtil.php'; require_once 'database/FileUtil.php'; require_once 'security/validation.php'; require_once 'security/rbac.php'; ?> <?php if (!authenticate(2)) { die("没有权限"); } ?> <?php //PDO_Class_Wrapper version $photoId = validateId(htmlspecialchars($_GET["photoId"])); $aWhere = array('photoId =' => $photoId); $data = $db->select('photo', '', $aWhere)->results(); $currentPhoto = $data[0]; if ($currentPhoto == NULL || !isset($currentPhoto['photoId']) || !$currentPhoto['photoId'] > 0) { die("该照片不存在"); } //删除照片文件 deleteFile($currentPhoto['path']); //删除照片数据库 $aWhere = array('photoId' => $photoId); if ($db->delete('photo', $aWhere)->affectedRows() > 0) { echo "删除成功" . "<br>"; echo '<br><a href="controller.php">返回管理页面</a>'; } else { $db->rollback();
public static function validateId($id) { if (validateId($id)) { $sql_getProduct = "SELECT * FROM `st_product` WHERE id > {$id}"; $results = Yii::app()->db->createCommand($sql_getProduct)->queryAll(); return isset($results[0]) ? true : false; } else { return false; } }