Example #1
0
<?php 
if (!isset($start)) {
    $start = 0;
}
if (isset($_COOKIE['user'])) {
    $errors = '';
    if (isset($_POST['post'])) {
        if ($_POST['post'] == 'true') {
            if (!empty($_POST['message'])) {
                if (empty($errors)) {
                    $date = date('ymdHi');
                    $_POST['message'] = htmlentities(stripslashes(trim(mysql_prep($_POST['message']))));
                    $_POST['message'] = trim(mysql_prep($_POST['message']));
                    badw($_POST['message']);
                    $_POST['message'] = badw($_POST['message']);
                    $underu = $_COOKIE['user'] . '_' . $_GET['user'];
                    $sql = "INSERT INTO cc (c_to, under, c_From, message, date) VALUES ('{$_GET['user']}', '{$underu}', '{$_COOKIE['user']}', '{$_POST['message']}','{$date}')";
                    mysql_query($sql);
                    $_POST['message'] = '';
                    header("Location: chitchat.php?user="******"user"] . "&start=" . $_GET["start"] . "");
                }
            } else {
                $errors .= 'The post is empty';
            }
        }
    }
    ?>

<div id="Content1">
<h1 class="uoi">Chit Chat</h1>
Example #2
0
     $errors .= "The description is to short<br />";
 }
 if (empty($_POST['subject'])) {
     $errors .= "The subject is empty<br />";
 }
 if (empty($_POST['description'])) {
     $errors .= "The description is empty<br />";
 }
 if (empty($errors)) {
     if (isset($_POST['subject']) && isset($_POST['description'])) {
         $_POST['subject'] = trim(mysql_prep($_POST['subject']));
         $_POST['description'] = trim(mysql_prep($_POST['description']));
         badw($_POST['subject']);
         $_POST['subject'] = badw($_POST['subject']);
         badw($_POST['description']);
         $_POST['description'] = badw($_POST['description']);
         $date = date('ymdHi');
         if (getenv('HTTP_CLIENT_IP')) {
             $ip = getenv('HTTP_CLIENT_IP');
         } elseif (getenv('HTTP_X_FORWARDED_FOR')) {
             $ip = getenv('HTTP_X_FORWARDED_FOR');
         } elseif (getenv('HTTP_X_FORWARDED')) {
             $ip = getenv('HTTP_X_FORWARDED');
         } elseif (getenv('HTTP_FORWARDED_FOR')) {
             $ip = getenv('HTTP_FORWARDED_FOR');
         } elseif (getenv('HTTP_FORWARDED')) {
             $ip = getenv('HTTP_FORWARDED');
         } else {
             $ip = $_SERVER['REMOTE_ADDR'];
         }
         $sql = "INSERT INTO errors (subject, description, ip, status, date) VALUES ('{$_POST['subject']}', '{$_POST['description']}', '{$ip}', 'pending', '{$date}')";
Example #3
0
 if (isset($_POST['spassword'])) {
     if ($_POST['spassword'] === 'naked') {
         $errors .= 'Bad words are not allowed<br />';
     }
 }
 if (isset($_POST['spassword'])) {
     if ($_POST['spassword'] === 'sex') {
         $errors .= 'Bad words are not allowed<br />';
     }
 }
 if (isset($_POST['spassword'])) {
     if ($_POST['spassword'] === 'sexy') {
         $errors .= 'Bad words are not allowed<br />';
     }
 }
 badw($_POST['sname']);
 $_POST['sname'] = badw2($_POST['sname']);
 if (isset($_POST['sname'])) {
     if (strlen($_POST['sname']) > 15) {
         $errors .= "The name is to long<br />";
     }
 }
 if (!preg_match("~^[A-Za-z0-9]*\$~", $_POST['sname'])) {
     $errors .= "The name is not valid<br />";
 }
 if (isset($_POST['spassword'])) {
     if (strlen($_POST['spassword']) > 30) {
         $errors .= "The password is to long<br />";
     }
 }
 if (isset($_POST['spassword']) && isset($_POST['spassword_confirm'])) {
Example #4
0
                 }
                 if (empty($_POST['age'])) {
                     $_POST['age'] = '';
                 }
                 $query = "SELECT * FROM users WHERE name = '{$_COOKIE['user']}' LIMIT 1";
                 $result = mysql_query($query);
                 while ($row = mysql_fetch_array($result)) {
                     $password = $row['password'];
                     $_POST['about'] = trim(mysql_prep($_POST['about']));
                     if (isset($_POST['email'])) {
                         $_POST['email'] = trim(mysql_prep($_POST['email']));
                     }
                     if (empty($_POST['about'])) {
                         $_POST['about'] = 'none';
                     }
                     badw($_POST['about']);
                     $_POST['about'] = badw_code($_POST['about']);
                     if (isset($_POST['email'])) {
                         $sql = "UPDATE users SET email = '{$_POST['email']}', about = '{$_POST['about']}', gender = '{$_POST['gender']}', age = '{$_POST['age']}'  WHERE name = '{$_COOKIE['user']}' AND password = '******'";
                     } else {
                         $sql = "UPDATE users SET about = '{$_POST['about']}', gender = '{$_POST['gender']}', age = '{$_POST['age']}'  WHERE name = '{$_COOKIE['user']}' AND password = '******'";
                     }
                 }
                 mysql_query($sql);
                 header("Location: editprofile.php?edited=true");
             }
         }
     }
 }
 if (isset($_GET['edited'])) {
     if ($_GET['edited'] == 'true') {