function Create() { $bcode = escapeSQL($this->bcode); $bno = escapeSQL($this->bno); $bname = escapeSQL($this->bname); $uid = escapeSQL($this->uid); $sql = "SELECT count(*) cnt FROM banks where uid = {$uid} and bno = '{$bno}' and bcode = '{$bcode}'"; $o = queryScalar($sql); if ($o->cnt > 0) { return -2; } $sql = "INSERT INTO `banks` (`bcode`,`bno`,`bname`,`uid`) VALUES ('{$bcode}','{$bno}','{$bname}','{$uid}')"; mysql_query($sql); return 1; }
function updateCurrentUser() { $uid = $this->uid; $email = escapeSQL($this->email); $name = escapeSQL($this->name); $rid = escapeSQL($this->rid); $avt = escapeSQL($this->avt); $sql = "update users set email = '{$email}', name = '{$name}', rid = {$rid}, avt = '{$avt}' where uid = {$uid} "; $ret = mysql_query($sql); if ($ret) { $this->getCurrentUser(); } return $ret; }
/** * Remove a subscribtion * * @param integer bug ID * @param string hash * * @return void */ function unsubscribe($bug_id, $hash) { global $dbh; $hash = escapeSQL($hash); $bug_id = (int) $bug_id; $query = "\n\t\tSELECT bug_id, email, unsubscribe_date, unsubscribe_hash\n\t\tFROM bugdb_subscribe\n\t\tWHERE bug_id = ? AND unsubscribe_hash = ? LIMIT 1\n\t"; $sub = $dbh->prepare($query)->execute(array($bug_id, $hash))->fetch(MDB2_FETCHMODE_ASSOC); if (!$sub) { return false; } $now = time(); $requested_on = $sub['unsubscribe_date']; /* 24hours delay to answer the mail */ if ($now - $requested_on > 24 * 60 * 60) { return false; } $query = "\n\t\tDELETE FROM bugdb_subscribe\n\t\tWHERE bug_id = ? AND unsubscribe_hash = ? AND email = ?\n\t"; $dbh->prepare($query)->execute(array($bug_id, $hash, $sub['email'])); return true; }
# file_append('log.txt', $res); header("Content-Type: application/json"); echo json_encode($data); exit; } foreach ($data as $item) { $text = preg_replace('/(' . $ajax_autocomplete_title . ')/i', '<em>\\1</em>', $item['title']); $text .= $item['year'] ? "<span class='informal'> (" . $item['year'] . ")</span>" : ''; $ret .= "<li id='" . $item['id'] . "'>" . $text . "</li>"; } $ret = "<ul>{$ret}</ul>"; exit($ret); } // duplicate check if ($ajax_check_duplicate) { $q = escapeSQL($ajax_check_duplicate); $res = runSQL("SELECT id, title FROM " . TBL_DATA . " WHERE imdbid='" . $q . "' OR title LIKE '%" . $q . "%' AND owner_id=" . get_current_user_id()); header('X-JSON: ' . json_encode($res)); exit; } // XML import if ($config['xml'] && $import == 'xml') { require_once './core/xml.php'; // xml file upload if (isset($_FILES['xmlfile']) && is_uploaded_file($_FILES['xmlfile']['tmp_name'])) { $file = $_FILES['xmlfile']['tmp_name']; $xmldata = file_get_contents($file); unlink($file); } // uploading XML data directly or loaded from file if (!empty($xmldata)) {
function saveWithdraw($val, $dt, $bank) { $val = escapeSQL($val); $dt = escapeSQL($dt); $bank = escapeSQL($bank); $uid = S("user")['uid']; $value = "{$val},{$dt},{$bank}"; $withdraw = intval($val); if ($withdraw > Trans::getInstance()->getBalance()) { return -2; } $withdrawpending = $withdraw + Trans::getInstance()->getWithdrawPending(); if ($withdrawpending > Trans::getInstance()->getBalance()) { return -3; } $sql = "select count(*) cnt from trans where trans_value = '{$value}' and uid = {$uid} and trans_type = 'W'"; $o = queryScalar($sql); if ($o->cnt) { return -1; } $sql = "insert into trans(uid, trans_type, trans_value) values({$uid}, 'W', '{$value}')"; mysql_query($sql); return 1; }
} else { if ($citeOrder == "year") { $query .= " ORDER BY year DESC, first_author, author_count, author, title"; } elseif ($citeOrder == "type") { // sort records first by record type (and thesis type), then in the usual way: $query .= " ORDER BY type DESC, thesis DESC, first_author, author_count, author, year, title"; } elseif ($citeOrder == "type-year") { // sort records first by record type (and thesis type), then by year (descending), then in the usual way: $query .= " ORDER BY type DESC, thesis DESC, year DESC, first_author, author_count, author, title"; } elseif ($citeOrder == "creation-date") { // sort records such that newly added/edited records get listed top of the list: $query .= " ORDER BY created_date DESC, created_time DESC, modified_date DESC, modified_time DESC, serial DESC"; } else { if (!empty($recordIDSelector)) { // if a record identifier (either 'serial', 'call_number' or 'cite_key') was entered via the 'show.php' web form $query .= " ORDER BY " . escapeSQL($recordIDSelector) . ", author, year DESC, publication"; } else { if (preg_match("/^Cite\$/i", $displayType)) { $query .= " ORDER BY first_author, author_count, author, year, title"; } else { $query .= " ORDER BY author, year DESC, publication"; } } } } // Build the correct query URL: // (we skip unnecessary parameters here since 'search.php' will use it's default values for them) $queryParametersArray = array("sqlQuery" => $query, "client" => $client, "formType" => "sqlSearch", "submit" => $displayType, "viewType" => $viewType, "showQuery" => $showQuery, "showLinks" => $showLinks, "showRows" => $showRows, "rowOffset" => $rowOffset, "wrapResults" => $wrapResults, "citeOrder" => $citeOrder, "citeStyle" => $citeStyle, "exportFormat" => $exportFormat, "exportType" => $exportType, "exportStylesheet" => $exportStylesheet, "citeType" => $citeType, "headerMsg" => $headerMsg); // Save the URL of the current 'show.php' request to the 'referer' session variable: // NOTE: since function 'start_session()' prefers '$_SESSION['referer']' over '$_SERVER['HTTP_REFERER']', this means that '$referer' // contains a 'show.php' URL and not e.g. a '*_search.php' URL; this, in turn, can prevent the "NoPermission_ForSQL" warning
$author_email = ''; } else { $author_email = $_GET['author_email']; $qae = $dbh->quoteSmart($author_email); $where_clause .= ' AND (bugdb.email = ' . $qae . ' OR bugdb.handle=' . $qae . ')'; } $where_clause .= ' AND (packages.package_type = ' . $dbh->quoteSmart(SITE); if ($pseudo = array_intersect($pseudo_pkgs, $_GET['package_name'])) { $where_clause .= " OR bugdb.package_name"; if (count($pseudo) > 1) { $where_clause .= " IN ('" . join("', '", escapeSQL($pseudo)) . "')"; } else { $where_clause .= " = '" . implode('', escapeSQL($pseudo)) . "'"; } } else { $where_clause .= " OR bugdb.package_name IN ('" . join("', '", escapeSQL($pseudo_pkgs)) . "')"; } $where_clause .= ')'; $query .= $where_clause; if (isset($_GET['direction']) && $_GET['direction'] != 'DESC') { $direction = 'ASC'; } else { $direction = 'DESC'; } if (empty($_GET['order_by']) || !array_key_exists($_GET['order_by'], $order_options)) { $order_by = 'id'; } else { $order_by = $_GET['order_by']; } if (empty($_GET['reorder_by']) || !array_key_exists($_GET['reorder_by'], $order_options)) { $reorder_by = '';
if ($config['multiuser']) { // get owner from session- or use current user session_default('owner', get_username(get_current_user_id())); // if we don't have read all permissions, limit visibility using cross-user permissions if (!check_permission(PERM_READ)) { $JOINS = ' LEFT JOIN ' . TBL_PERMISSIONS . ' ON ' . TBL_DATA . '.owner_id = ' . TBL_PERMISSIONS . '.to_uid'; $WHERES .= ' AND ' . TBL_PERMISSIONS . '.from_uid = ' . get_current_user_id() . ' AND ' . TBL_PERMISSIONS . '.permissions & ' . PERM_READ . ' != 0'; } // further limit to single owner if ($owner != $lang['filter_any']) { $WHERES .= " AND " . TBL_USERS . ".name = '" . addslashes($owner) . "'"; } } // searching? if ($ajax_quicksearch || $quicksearch) { $qs = escapeSQL($ajax_quicksearch ? $ajax_quicksearch : $quicksearch); $WHERES .= ' AND (title LIKE "%' . $qs . '%" OR subtitle LIKE "%' . $qs . '%")'; } // async request for quick-searching within current spec if ($ajax_quicksearch) { // do hard work $SQL = 'SELECT ' . TBL_DATA . '.id, title, subtitle FROM ' . TBL_DATA . ' LEFT JOIN ' . TBL_USERS . ' ON ' . TBL_DATA . '.owner_id = ' . TBL_USERS . '.id LEFT JOIN ' . TBL_USERSEEN . ' ON ' . TBL_DATA . '.id = ' . TBL_USERSEEN . '.video_id AND ' . TBL_USERSEEN . '.user_id = ' . get_current_user_id() . "\n {$JOINS} \n WHERE {$WHERES}\n ORDER BY {$ORDER}\n LIMIT 20"; $result = runSQL($SQL); foreach ($result as $item) { $title = preg_replace('/(' . $ajax_quicksearch . ')/i', '<em>\\1</em>', $item['title']); if ($item['subtitle']) { $title .= ' - ' . $item['subtitle']; }
/** * Fetch bug resolves * * @return array array of resolves */ function get_resolve_reasons($project = false) { global $dbh; $where = ''; if ($project !== false) { $project = escapeSQL($project); $where .= "WHERE (project = '{$project}' OR project = '')"; } $resolves = $variations = array(); $res = $dbh->prepare("SELECT * FROM bugdb_resolves {$where}")->execute(array()); if (PEAR::isError($res)) { throw new Exception("SQL Error in get_resolve_reasons"); } while ($row = $res->fetchRow(MDB2_FETCHMODE_ASSOC)) { if (!empty($row['package_name'])) { $variations[$row['name']][$row['package_name']] = $row['message']; } else { $resolves[$row['name']] = $row; } } return array($resolves, $variations); }
/** * Checks if the user was authenticated and if the received auth cookie is valid. * Function is called for every page except login.php! * * TODO Check if guest login shouldn't also be effective if disable public access is enabled * Currently userid returned is 0 in that case * * @param string $redirect Redirect to login page if authentication check unsuccessful */ function auth_check($redirect = true) { global $config; $result = true; // single user mode- login as admin if (!$config['multiuser']) { if (empty($_COOKIE['VDBuserid'])) { login_as($config['adminid']); } } // auth check only in multiuser mode if ($config['multiuser'] && $_COOKIE['VDBuserid'] !== $config['guestid']) { $result = false; $referer = substr($_SERVER['PHP_SELF'], strrpos($_SERVER['PHP_SELF'], '/') + 1) . '?' . $_SERVER['QUERY_STRING']; // already logged in? $userid = $_COOKIE['VDBuserid']; $user = $_COOKIE['VDBusername']; $pass = $_COOKIE['VDBpassword']; // auth cookies present? if (preg_match('/[a-z]+/i', $user) && preg_match('/[0-9]+/', $pass) && is_numeric($userid)) { // Dummy-Query to establish mysql connection. // VERY UGLY hack - without an established connection escapeSQL returns false in some PHP/Mysql versions // and this leads to getting logged out all the time runSQL('SELECT 1'); // This is the crucial bit, lets just test the cookiecode with SQL again. $res = runSQL("SELECT cookiecode FROM " . TBL_USERS . " WHERE name='" . escapeSQL($user) . "' AND id={$userid}"); $result = $res[0]['cookiecode'] == $pass; } // HTTP basic authentication (for RSS feed)? // Hack for mod_fastcgi [muddle @ 2010-01-17]: if (!$result && !isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['Authorization']) && !empty($_SERVER['Authorization'])) { list($auth_type, $auth_cred) = explode(' ', $_SERVER['Authorization']); if ($auth_type == 'Basic') { list($auth_user, $auth_pass) = explode(":", base64_decode($auth_cred)); $_SERVER['PHP_AUTH_USER'] = $auth_user; $_SERVER['PHP_AUTH_PW'] = $auth_pass; } } if (!$result && isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { $user = $_SERVER['PHP_AUTH_USER']; $pass = $_SERVER['PHP_AUTH_PW']; // check if basic auth headers are valid if (preg_match('/[a-z]/i', $user)) { // auth successful if password matches $res = runSQL("SELECT * FROM " . TBL_USERS . " WHERE name='" . escapeSQL($user) . "'"); // if user is found, set cookie to make sure he's recognized if (count($res)) { $result = md5($pass) == $res[0]['passwd']; if ($result) { login_as($res[0]['id']); } } } } // autologin as guest? if (!$result && !$config['denyguest']) { login_as($config['guestid']); $result = true; } // goto login page if anything was fishy if ($redirect && !$result && !defined('AUTH_NOREDIRECT')) { redirect('login.php?refer=' . urlencode($referer)); } } return $result; }
function escapeJsStr($str) { return escapeSQL($str); }
function html_image_put_cache($tag, $value) { $res = runSQL("REPLACE INTO " . TBL_CACHE . " SET tag='" . escapeSQL($tag) . "', value='" . escapeSQL($value) . "'"); }
function DelPair($relation, $srcConcept, $srcAtom, $tgtConcept, $tgtAtom) { if ($srcAtom === "") { ExecEngineSHOUTS("DelPair: srcAtom is empty string."); } if ($srcAtom === "") { ExecEngineSHOUTS("DelPair: tgtAtom is empty string."); } /* $relationTableInfo from Generics.php contains array with all relations, for each relation the following is specified: - srcConcept : srcConcept of relation - tgtConcept : tgtConcept of relation - table : database table in which the relation is populated - srcCol : column of database table in which the srcConcept is placed - tgtCol : column of database table in which the tgtConcept is placed */ global $relationTableInfo; /* $tableColumInfo from Generics.php contains array with all database tables and their columns, for each tablecolumn the following is specified: - concept : the atoms of which concept are set here - unique : whether or not the value in the column must be unique. 'true' for properties - null : whether or not the value in the column can be NULL. in case of UNI relations */ global $tableColumnInfo; // check if $relation appears in $relationTableInfo $found = false; foreach ($relationTableInfo as $key => $arr) { if ($key == "rel_" . $relation . "_" . $srcConcept . "_" . $tgtConcept) { $found = true; $table = $arr['table']; $srcCol = $arr['srcCol']; $tgtCol = $arr['tgtCol']; } } if (!$found) { // Errors in ADL script may corrupt the database, so we die (leaving a suicide note) ExecEngineSHOUTS("ERROR: Cannot find {$relation}\\[{$srcConcept}\\*{$tgtConcept}\\] signature."); ExecEngineSays("DelPair({$relation},{$srcConcept},{$srcAtom},{$tgtConcept},{$tgtAtom})"); ExecEngineSays("If you have defined this relation in Ampersand, then you must be sure to also have defined an INTERFACE that uses this relation (or else it does not show up in the PHP relation administration."); die; } // get table column properties for $srcCol and $tgtCol $srcColUnique = $tableColumnInfo[$table][$srcCol]['unique']; $srcColNull = $tableColumnInfo[$table][$srcCol]['null']; $tgtColUnique = $tableColumnInfo[$table][$tgtCol]['unique']; $tgtColNull = $tableColumnInfo[$table][$tgtCol]['null']; // SQL escape table, column and atom names $tableEsc = escapeSQL($table); $srcColEsc = escapeSQL($srcCol); $tgtColEsc = escapeSQL($tgtCol); $srcAtomEsc = escapeSQL($srcAtom); $tgtAtomEsc = escapeSQL($tgtAtom); // generate database query if ($srcColNull xor $tgtColNull) { if ($srcColNull) { $query = "UPDATE `{$tableEsc}` SET `{$srcColEsc}`=NULL WHERE `{$srcColEsc}`='{$srcAtomEsc}' AND `{$tgtColEsc}`='{$tgtAtomEsc}'"; } else { $query = "UPDATE `{$tableEsc}` SET `{$tgtColEsc}`=NULL WHERE `{$srcColEsc}`='{$srcAtomEsc}' AND `{$tgtColEsc}`='{$tgtAtomEsc}'"; } } elseif ($srcColNull and $tgtColNull) { $query = "DELETE FROM `{$tableEsc}` WHERE `{$srcColEsc}`='{$srcAtomEsc}' AND `{$tgtColEsc}`='{$tgtAtomEsc}';"; } else { // neither srcCol nor tgtCol can be null ==> delete query $query = "DELETE FROM `{$tableEsc}` WHERE `{$srcColEsc}`='{$srcAtomEsc}' AND `{$tgtColEsc}`='{$tgtAtomEsc}';"; } // execute database query queryDb($query); // log ExecEngineWhispers("Delete pair ({$srcAtom},{$tgtAtom}) from {$relation}({$srcConcept}*{$tgtConcept})"); emitLog("DelPair({$relation},{$srcConcept},{$srcAtom},{$tgtConcept},{$tgtAtom})"); emitLog($query); }
function quote_smart($value) { // Remove slashes from value if 'magic_quotes_gpc = On': $value = stripSlashesIfMagicQuotes($value); // Remove any leading or trailing whitespace: $value = trim($value); // Quote & escape special chars if not a number or a numeric string: if (!is_numeric($value)) { $value = "\"" . escapeSQL($value) . "\""; } elseif (preg_match("/^0+\\d+\$/", $value)) { $value = "\"" . $value . "\""; } return $value; }
function editDelete($rel, $isFlipped, $parentAtom, $childAtom) { global $relationTableInfo; global $tableColumnInfo; emitLog("editDelete({$rel}, " . ($isFlipped ? 'true' : 'false') . ", {$parentAtom}, {$childAtom})"); $srcAtom = $isFlipped ? $childAtom : $parentAtom; $tgtAtom = $isFlipped ? $parentAtom : $childAtom; $table = $relationTableInfo[$rel]['table']; $srcCol = $relationTableInfo[$rel]['srcCol']; $tgtCol = $relationTableInfo[$rel]['tgtCol']; $tableEsc = escapeSQL($table); $srcAtomEsc = escapeSQL($srcAtom); $tgtAtomEsc = escapeSQL($tgtAtom); $srcColEsc = escapeSQL($srcCol); $tgtColEsc = escapeSQL($tgtCol); if ($tableColumnInfo[$table][$tgtCol]['null']) { // note: this uniqueness is not set as an SQL table attribute $query = "UPDATE `{$tableEsc}` SET `{$tgtColEsc}`=NULL WHERE `{$srcColEsc}`='{$srcAtomEsc}' AND `{$tgtColEsc}`='{$tgtAtomEsc}';"; } else { $query = "DELETE FROM `{$tableEsc}` WHERE `{$srcColEsc}`='{$srcAtomEsc}' AND `{$tgtColEsc}`='{$tgtAtomEsc}';"; } emitLog($query); queryDb($query); }
$result = runSQL($SQL); $count = 0; foreach ($result as $video) { $SQL = ''; $keys = array(); foreach ($video as $key => $value) { if ($key == 'id') { continue; } $new = html_clean_utf8($value); if ($new != $value) { $keys[] = $key; if ($SQL) { $SQL .= ', '; } $SQL .= "{$key} = '" . escapeSQL($new) . "'"; } } if ($SQL) { $count++; echo ($submit ? 'Converting: ' : '<b>Conversion needed:</b> ') . $video['title'] . "<br/>\n"; // actually perform the conversion? if ($submit) { $SQL = "UPDATE " . TBL_DATA . " SET {$SQL} WHERE id = " . $video['id']; runSQL($SQL); } else { foreach ($keys as $key) { echo $key . ': ' . htmlentities($video[$key]) . "<br/>\n"; } echo "<br/>\n"; }