protected function clean_str($string)
{
if (defined('STRICT_TYPES') && CAMEL_CASE == '1') {
return (string) self::parameters(['string' => DT::TEXT])->call(__FUNCTION__)->with($string)->returning(DT::TEXT);
} else {
return (string) clean_str($string);
}
}
<?php
// Copyright (C) 2012 Mark Vejvoda, Titus Tscharntke and Tom Reynolds
// The MegaGlest Team, under GNU GPL v3.0
// ==============================================================
define('INCLUSION_PERMITTED', true);
require_once 'config.php';
require_once 'functions.php';
define('DB_LINK', db_connect());
if (isset($_GET['glestVersion'])) {
$glestVersion = (string) clean_str($_GET['glestVersion']);
} else {
$glestVersion = "";
}
$maps_in_db = mysql_db_query(MYSQL_DATABASE, 'SELECT * FROM glestmaps WHERE disabled=0 ORDER BY mapname;');
$all_maps = array();
while ($map = mysql_fetch_array($maps_in_db)) {
array_push($all_maps, $map);
}
unset($maps_in_db);
unset($map);
db_disconnect(DB_LINK);
// Representation starts here
header('Content-Type: text/plain; charset=utf-8');
foreach ($all_maps as &$map) {
$itemVersion = 'v' . "{$map['glestversion']}";
$addItem = false;
if ($glestVersion == '') {
if (version_compare("v3.6.0.3", $itemVersion, ">=")) {
$addItem = true;
}
}
$quitBeforeGameEnd = 0;
if (isset($_GET['quitBeforeGameEnd_' . $factionNumber])) {
$quitBeforeGameEnd = clean_str($_GET['quitBeforeGameEnd_' . $factionNumber]);
}
$quitTime = 0;
if (isset($_GET['quitTime_' . $factionNumber])) {
$quitTime = clean_str($_GET['quitTime_' . $factionNumber]);
}
$playerUUID = "";
if (isset($_GET['playerUUID_' . $factionNumber])) {
$playerUUID = (string) clean_str($_GET['playerUUID_' . $factionNumber]);
}
$playerPlatform = "";
if (isset($_GET['platform_' . $factionNumber])) {
$playerPlatform = (string) clean_str($_GET['platform_' . $factionNumber]);
}
if ($player_statsCount[0] > 0) {
$result = mysql_query('UPDATE glestgameplayerstats SET ' . 'gameUUID=\'' . mysql_real_escape_string($gameUUID) . '\', ' . 'factionIndex=' . $factionIndex . ', ' . 'controlType=' . $controlType . ', ' . 'resourceMultiplier=' . $resourceMultiplier . ', ' . 'factionTypeName=\'' . mysql_real_escape_string($factionTypeName) . '\', ' . 'personalityType=' . $personalityType . ', ' . 'teamIndex=' . $teamIndex . ', ' . 'wonGame=' . $wonGame . ', ' . 'killCount=' . $killCount . ', ' . 'enemyKillCount=' . $enemyKillCount . ', ' . 'deathCount=' . $deathCount . ', ' . 'unitsProducedCount=' . $unitsProducedCount . ', ' . 'resourceHarvestedCount=' . $resourceHarvestedCount . ', ' . 'playerName=\'' . mysql_real_escape_string($playerName) . '\', ' . 'quitBeforeGameEnd=' . $quitBeforeGameEnd . ', ' . 'quitTime=' . $quitTime . ', ' . 'playerUUID=\'' . mysql_real_escape_string($playerUUID) . '\', ' . 'platform=\'' . mysql_real_escape_string($playerPlatform) . '\', ' . 'lasttime=' . 'now()' . ' ' . 'WHERE ' . $whereClause . ' AND factionIndex = ' . $factionIndex . ';');
if (!$result) {
die('part 1b: Invalid query: ' . mysql_error());
}
//echo 'OK1 $factionNumber = ' . $factionNumber;
echo 'OK1b' . $factionNumber;
} else {
$result = mysql_query('INSERT INTO glestgameplayerstats SET ' . 'gameUUID=\'' . mysql_real_escape_string($gameUUID) . '\', ' . 'factionIndex=' . $factionIndex . ', ' . 'controlType=' . $controlType . ', ' . 'resourceMultiplier=' . $resourceMultiplier . ', ' . 'factionTypeName=\'' . mysql_real_escape_string($factionTypeName) . '\', ' . 'personalityType=' . $personalityType . ', ' . 'teamIndex=' . $teamIndex . ', ' . 'wonGame=' . $wonGame . ', ' . 'killCount=' . $killCount . ', ' . 'enemyKillCount=' . $enemyKillCount . ', ' . 'deathCount=' . $deathCount . ', ' . 'unitsProducedCount=' . $unitsProducedCount . ', ' . 'resourceHarvestedCount=' . $resourceHarvestedCount . ', ' . 'playerName=\'' . mysql_real_escape_string($playerName) . '\', ' . 'quitBeforeGameEnd=' . $quitBeforeGameEnd . ', ' . 'quitTime=' . $quitTime . ', ' . 'platform=\'' . mysql_real_escape_string($playerPlatform) . '\', ' . 'playerUUID=\'' . mysql_real_escape_string($playerUUID) . '\';');
if (!$result) {
die('part 2b: Invalid query: ' . mysql_error());
}
//echo 'OK2 $factionNumber = ' . $factionNumber;
echo 'OK2b' . $factionNumber;
function clean_ar(array $array)
{
foreach ($array as $key => $value) {
$array[$key] = clean_str($value);
}
}
$sql = "SELECT username FROM brandon.2601166_entity_users WHERE username = '******'uname']}'";
$response = $connect->query($sql);
if ($response === null) {
//Do nothing
} else {
if ($response->num_rows != 0) {
$error['extras'] .= "<br />Username already in use!";
$_POST['uname'] = "";
}
}
}
if (!empty($_POST['fname'])) {
clean_str($_POST['fname']);
}
if (!empty($_POST['lname'])) {
clean_str($_POST['lname']);
}
if (!empty($_POST['pass']) && !empty($_POST['cpass'])) {
if ($_POST['pass'] != $_POST['cpass']) {
$_POST['cpass'] = "";
$error['extras'] .= "<br />Passwords don't match!";
}
}
$error['display'] = "table-header-group";
foreach ($_POST as $key => $value) {
if (empty($value)) {
$error[$key] = "*";
$content[$key] = "";
} else {
$error[$key] = "";
$content[$key] = trim($value);
}
$html .= '</ul></div>';
echo $html;
}
date_default_timezone_set('GMT');
$data_file = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'data.dat';
$timezone = 'Asia/Kuala_Lumpur';
$per_page = 25;
$sys_msg = '';
$status = array(0 => 'Not started', 1 => 'In progress', 2 => 'Done', 3 => 'Archived');
$priority = array(1 => 'Low', 2 => 'Normal', 3 => 'High');
$input = array_map('urldecode', $_GET) + $_POST;
$checklist = ds_get();
$input['do'] = @clean_str($input['do']);
$input['task'] = @clean_str($input['task']);
$input['remark'] = @clean_str($input['remark']);
$input['status'] = @(int) $input['status'];
$input['priority'] = @(int) $input['priority'];
$input['id'] = @(int) $input['id'];
$input['pg'] = @(int) $input['pg'];
if ($input['pg'] == 0) {
$input['pg'] = 1;
}
if (in_array($input['do'], array('save', 'update'))) {
if (strlen($input['task']) < 5) {
$sys_msg = 'Min. length for new task is 5 characters.';
}
if (strlen($input['task']) > 500) {
$sys_msg = 'Max. length for new task is 500 characters.';
}
}
<?php
if (isset($_POST['register'])) {
clean_ar($_POST);
$gender = null;
if (isset($_POST['gender'])) {
$gender = clean_str($_POST['gender']);
}
$_POST['city'] = strtolower($_POST['city']);
Auth::Register($user, $gender, $_POST['birthday'], $_POST['state'], $_POST['city'], $_POST['like_sex'], (int) $_POST['height'], (double) $_POST['weight'], sqlc_bool(isset($_POST['search_chat'])), sqlc_bool(isset($_POST['search_friend'])), sqlc_bool(isset($_POST['search_relation'])), sqlc_bool(isset($_POST['search_sex'])));
header("Location: main.php");
}
$body .= "\n<article class='fm-post fm-article'>\n <h2 class='fm-postheader'><a href='Blog Posts/new-post-2.html'>Registrazione</a>\n </h2>\n <div class='fm-postcontent fm-postcontent-2 clearfix'>\n <div class='fm-content-layout'>\n <div class='fm-content-layout-row'>\n <div class='fm-layout-cell layout-item-0' style='width: 100%'>\n <p>\n <form method='post' action='?pg=register'>\n <table border='1'>\n <tr><td>Nome:</td><td>" . $user->getFirstName() . "</td></tr>\n<tr><td>Cognome:</td><td>" . $user->getLastName() . "</td></tr>\n<tr><td>Sesso:</td>\n <td><input type='radio' name='gender' value='m' ";
if ($user->getGender() == 'male') {
$body .= 'checked';
}
$body .= "> M\n <input type='radio' name='gender' value='f' ";
if ($user->getGender() == 'female') {
$body .= 'checked';
}
$body .= "> F\n <input type='radio' name='gender' value='na' ";
if ($user->getGender() == null) {
$body .= 'checked';
}
$body .= "> N/A\n </td>\n</tr>\n<tr><td>Compleanno:</td><td><input type='date' name='birthday' required></td></tr>\n<tr><td>Stato:</td><td><input type='text' name='state' required></td></tr>\n<tr><td>Città:</td><td><input type='text' name='city' required></td></tr>\n<tr><td>Mi piacciono:</td><td>\n <input type='radio' name='like_sex' value='m'> Uomini\n <input type='radio' name='like_sex' value='f'> Donne\n <input type='radio' name='like_sex' value='mf' checked> Uomini e Donne\n </td></tr>\n<tr><td>Cerco:</td><td> <input type='checkbox' name='search_chat'> Chat\n <input type='checkbox' name='search_friend'> Amicizia\n <input type='checkbox' name='search_relation'> Relazione\n <input type='checkbox' name='search_sex'> Sesso\n</td></tr>\n<tr><td>Peso:</td><td><input type='text' name='weight' required></td></tr>\n<tr><td>Altezza:</td><td><input type='text' name='height' required></td></tr>\n<tr><td colspan='2'><input type='submit' name='register' value=' Registrami! '></td> </tr>\n</table>\n</form>\n</p>\n</div>\n</div>\n</div>\n</div>\n\n</article>";
function save_data_sql($i, &$SQL, $imp, $txt, $numCM, $numC, $arrPK, $cols, &$numIns, $numL, $sql)
{
$arr = @explode($imp['sepC'], $txt, $numCM);
foreach ($arr as $j => $v) {
$arr[$j] = @clean_str($v);
}
for ($k = 0; $k < $numC; $k++) {
$v = $arr[$k];
if (@strtoupper($v) == 'NULL') {
$v = 'NULL';
} elseif (!@is_numeric($v)) {
$v = "'" . @addslashes($v) . "'";
}
if (!$imp['pk']) {
$arrD[] = $v;
} elseif (@in_array($k, $arrPK)) {
$arrWhere[] = $cols[$k] . ($v == 'NULL' ? ' IS ' : '=') . $v;
} else {
$arrD[] = $cols[$k] . "={$v}";
}
}
if (!$imp['pk']) {
$numIns++;
if (!$SQL) {
$SQL = $sql;
}
$SQL .= "(" . @implode(",", $arrD) . ")";
if ($numIns == $numL) {
@save_data_sql_run($i, $SQL, $imp);
$SQL = "";
$numIns = 0;
} else {
$SQL .= ",\n";
}
} else {
@save_data_sql_run($i, $sql . @implode(",", $arrD) . " WHERE " . @implode(" AND ", $arrWhere), $imp);
}
}
?>
<?php
foreach ($groups as $group) {
?>
<label class="checkbox"<?php
if (!empty($group->group_description)) {
echo ' title="' . clean_str($group->group_description) . '"';
}
?>
>
<input type="checkbox" name="group[]" value="<?php
echo $group->id;
?>
" />
<strong><?php
echo clean_str($group->group_name);
?>
</strong>
- (<em><?php
echo $this->newsletters->count_users($group->id);
?>
Users</em>)
</label><br />
<?php
}
?>
</fieldset>
</td>
<td>
<h4>You may add as many additional recipients as you like. Please provide a comma or line separated list of email addresses to send this mail to. Each user will be emailed separately.</h4>
<textarea name="additional_recipients"></textarea>
echo "ERROR fb_album is not a number! ({$fb_album_id})";
exit;
}
$photos = $fb->get("/{$fb_album_id}/photos?fields=picture", $token)->getGraphEdge()->asArray();
foreach ($photos as $photo) {
echo "<a href='?pg=album&show_album={$album_id}&fb_upload={$photo['id']}'> <img src='{$photo['picture']}'> </a>";
}
break;
default:
echo "ERROR!";
}
exit;
}
//delete image
if (isset($_GET['delete_photo'])) {
$photo_id = clean_str($_GET['delete_photo']);
if (is_numeric($photo_id)) {
$DB->query("delete from photo where id= {$photo_id}");
}
}
//facebook upload image
if (isset($_GET['fb_upload'])) {
$fb_photo_id = $_GET['fb_upload'];
$fb_photo = $fb->get("/{$fb_photo_id}?fields=picture", $token)->getGraphNode()->asArray();
$DB->query("insert into photo values ( null, {$album_id}, '{$fb_photo['picture']}', 'facebook' )");
if ($DB->error != null) {
echo "DB error: {$DB->error} ({$DB->errno})";
}
}
//upload image
if (isset($_GET['uploaded'])) {
function remove_tag_with_this_needle($str, $needle)
{
$pos = stripos($str, $needle);
//get pos of needle
if ($pos != "") {
$char = "";
$accumulate = "";
$start_get = false;
while ($char != "<") {
$pos--;
$char = substr($str, $pos, 1);
if ($char == " ") {
$start_get = true;
}
if ($start_get) {
$accumulate .= $char;
}
}
//print "pos_of_start_tag [$pos]<br>";
$pos_of_start_tag = $pos;
//now determine what type of tag it is
$accumulate = substr($accumulate, 0, strlen($accumulate) - 1);
$accumulate = reverse_str($accumulate);
//print "<hr>$str<hr>$accumulate";
//now find the pos of the end tag e.g. </div
$char = "";
$pos = $pos_of_start_tag;
$end_tag = "</" . $accumulate . ">";
//print "<br>end tag is " . $end_tag;
while ($char != $end_tag) {
$pos++;
$char = substr($str, $pos, strlen($end_tag));
}
//print"<hr>pos of end tag [$pos]<hr>";
$pos_of_end_tag = $pos;
$str = remove_substr_from_this_position($str, $pos_of_start_tag, $pos_of_end_tag, strlen($end_tag));
if (stripos($str, $needle) != "") {
$str = remove_tag_with_this_needle($str, $needle);
}
}
return trim(clean_str($str));
}
public function GetIDOrganization($sekondname)
{
include_once 'db.php';
$sekondname = clean_str($sekondname);
$resull_org = mysql_query("SELECT * FROM `site_base.organization` WHERE `findnamesecond`='{$sekondname}'");
echo $sekondname;
if ($myorg = mysql_fetch_array($resull_org)) {
return $myorg['id'];
} else {
$ret = 0;
echo ' ошибка ';
return $ret;
}
}
function get_agent($str)
{
$str = trim(clean_str($str));
$str = strip_tags($str);
$agent = "";
if (substr($str, strlen($str) - 1) != ")") {
return "";
}
//get start pos of agent
$pos = find_pos_of_this_char_by_moving_backwards($str, "(");
if ($pos != "") {
$agent = trim(substr($str, $pos, strlen($str)));
//get end pos of agent
$pos = find_pos_of_this_char_by_moving_backwards($agent, ")");
if ($pos != "") {
$agent = substr($agent, 0, $pos + 1);
}
$agent = str_replace("e.g.,", '', $agent);
//remove 1st char if ';' or '"' or '('
if (in_array(substr($agent, 0, 1), array(';', '"'))) {
$agent = trim(substr($agent, 1, strlen($agent)));
}
} else {
$agent = "";
}
$agent = trim(remove_chars($agent));
return $agent;
}
function get_tabular_data($str)
{
global $wrap;
/*
<table>
<tr>
<td>field 1</td>
<td>value 1</td>
</tr>
<tr>
<td>field 2</td>
<td>value 3</td>
</tr>
</table>
*/
$str = str_ireplace('<tr', "xxx<tr", $str);
$str = str_ireplace('xxx', "&arr[]=", $str);
$str = trim($str);
$arr = array();
parse_str($str);
//print "after parse_str recs = " . count($arr) . "$wrap $wrap";
$arr_tr = $arr;
$i = 0;
$rights = "";
$publisher = "";
foreach ($arr_tr as $tr) {
$i++;
$tr = str_ireplace("<td", "xxx<td", $tr);
$tr = str_ireplace('xxx', "&arr[]=", $tr);
$arr = array();
parse_str($tr);
/*
print "after parse_str recs = " . count($arr) . "$wrap $wrap";
print"<pre>";print_r($arr);print"</pre>";
*/
$field = trim(strip_tags($arr[0]));
$value = trim(strip_tags($arr[1]));
//print "$field = $value <br>";
if ($field == "Rights:") {
$rights = clean_str($value);
}
if ($field == "Publisher:") {
$publisher = clean_str($value);
}
}
//print"<pre>";print_r($return_arr);print"</pre>";
return array($rights, $publisher);
}
$min_weight = (double) $_GET['min_weight'];
$max_weight = (double) $_GET['max_weight'];
$min_height = (int) $_GET['min_height'];
$max_height = (int) $_GET['max_height'];
$qr_str = "select *, (datediff( curdate(), birthday ) /365) as age from user\n where datediff( curdate(), `birthday` ) /365 between {$age_min} and {$age_max} and weight between {$min_weight} and {$max_weight} and height between {$min_height} and {$max_height} ";
if (!(isset($_GET['m']) && isset($_GET['f']) && isset($_GET['sex_na']))) {
if (isset($_GET['m']) && !isset($_GET['f'])) {
$qr_str .= "and gender= 'm' ";
} else {
if (!isset($_GET['m']) && isset($_GET['f'])) {
$qr_str .= "and gender= 'f' ";
}
}
}
if (!empty($_GET['city'])) {
$qr_str .= "and city= '" . clean_str($_GET['city']) . "' ";
}
switch ($_GET['order']) {
case 'login':
$qr_str .= " order by last_login desc";
break;
}
//echo '<br>'.$qr_str.'<br>';
$qr = $DB->query($qr_str);
if ($DB->error != null) {
echo $DB->error . ' ( ' . $DB->errno . ' ) <br>';
}
if ($qr->num_rows == 0) {
$body .= '<h3>NESSUN RISULTATO!</h3>';
} else {
$body .= "<table><tr> <th>Nome</th> <th>Età</th> <th>Città</th> <th>Altezza</th> <th>Peso</th> <th>Cerco</th> <th>Ultimo login</th> </tr>";
/**
* determine which sport is active and collect the ids
* @return: array
*/
function get_active_sport($result, $sport)
{
//debug_show($sport);
//exit();
$arr = array();
$ids['sports'] = array();
$ids['leagues'] = array();
$ids['match'] = array();
$requested_sport = strtolower($sport);
$temp_array = array();
foreach ($result as $sport => $parent) {
if (empty($parent) === FALSE) {
$key_id = key($parent);
if (isset($parent[$key_id]['sport'])) {
$sport_name = strtolower($parent[$key_id]['sport']);
} else {
echo "sport name can't be found.";
exit;
}
if ($sport_name != "soccer") {
// set 6 matches per page
$batch = array(6, 12, 18, 24, 30);
$ctr = 1;
$n = 1;
foreach ($parent as $key => $row) {
if (isset($row['odds_id'])) {
// remove odds id key
$odds_info = $row[$row['odds_id']];
unset($row[$row['odds_id']]);
$row['odds_details'] = $odds_info;
}
// combine same league
$my_country_league = $row['country_league'] . $n;
//$arr[$sport_name][$my_country_league][$key] = $row;
$arr[$sport_name . ' - ' . $my_country_league][$key] = $row;
if ($requested_sport == 'all' || $sport_name == $requested_sport) {
// collect all id's
array_push($ids['leagues'], $my_country_league);
array_push($ids['match'], $key);
}
if (in_array($ctr, $batch)) {
$n++;
}
$ctr++;
}
}
if ($requested_sport == 'all' || $sport_name == $requested_sport) {
// collect all the id's
array_push($ids['sports'], clean_str($sport_name));
}
}
}
$requestedsport = str_replace(' ', '', $requested_sport);
if ($requested_sport != 'all') {
if (array_key_exists($requested_sport, $arr)) {
$temp_array = $arr[$requested_sport];
unset($arr);
$arr[$requested_sport] = $temp_array;
} else {
if (array_key_exists($requestedsport, $this->json_sports_config())) {
unset($arr);
$arr[$requested_sport] = "NOTACTIVE";
} else {
return "NOTFOUND";
}
}
}
$arr['myids'] = $ids;
//debug_show($arr);
return $arr;
}
require_once 'config.php';
require_once 'functions.php';
// Representation starts here
header('Content-Type: text/html; charset=utf-8');
// echo ' <h1>Game Stats</h1>' . PHP_EOL;
echo ' <table>' . PHP_EOL;
echo ' <tr>' . PHP_EOL;
echo ' <th title="gameDuration">Game Duration</th>' . PHP_EOL;
echo ' <th title="maxConcurrentUnitCount">Maximum Concurrent Units</th>' . PHP_EOL;
echo ' <th title="totalEndGameConcurrentUnitCount">Total Units at End</th>' . PHP_EOL;
echo ' <th title="isHeadlessServer">Headless Server</th>' . PHP_EOL;
echo ' </tr>' . PHP_EOL;
// get stats for a specific game
$gameUUID = "";
if (isset($_GET['gameUUID'])) {
$gameUUID = (string) clean_str($_GET['gameUUID']);
//printf( "Game UUID = %s\n", htmlspecialchars( $gameUUID, ENT_QUOTES ), PHP_EOL );
define('DB_LINK', db_connect());
// consider replacing this by a cron job
cleanupServerList();
$whereClause = 'gameUUID=\'' . mysql_real_escape_string($gameUUID) . '\'';
$stats_in_db = mysql_query('SELECT * FROM glestgamestats WHERE ' . $whereClause . ';');
$all_stats = array();
while ($stats = mysql_fetch_array($stats_in_db)) {
array_push($all_stats, $stats);
}
unset($stats_in_db);
unset($stats);
$player_stats_in_db = mysql_query('SELECT * FROM glestgameplayerstats WHERE ' . $whereClause . ' ORDER BY factionIndex;');
$all_player_stats = array();
while ($player_stats = mysql_fetch_array($player_stats_in_db)) {
<link rel="stylesheet" href="css/scrollup.css" type="text/css" media="screen">
<script src="js/scrollup.js" type="text/javascript"></script>
<title>Данные по ценам</title>
<body bgcolor="#EEE9E9">
<?php
include_once 'system/user.php';
include_once 'system/file.php';
include_once 'system/funktions.php';
$curent_user = new user();
//$curent_user->Create_user('xoe01','kwR145vvh','*****@*****.**',1,7);
if ($curent_user->Login($_POST['username'], $_POST['password'])) {
include 'interf/top.php';
include 'interf/left.php';
$action = clean_str($_GET['action']);
//$actionmode=clean_str($_GET['actionmode']);
if (!$action) {
$action = "action/main_use.php";
}
if (file_exists('action/' . $action . '.php')) {
include 'action/' . $action . '.php';
// include 'action/upload.php?id=1';
} else {
include 'action/main_use.php';
}
//echo "action= $action";
?>
<?php
} else {
