function store_account_settings($auth_user, $settings)
{
echo "store_account_settings()<br />";
if (!filled_out($settings)) {
echo "<p>All fields must be filled, Try again.</p>";
return false;
} else {
if ($settings['account'] > 0) {
$query = "UPDATE accounts SET server = '" . $settings['server'] . "',\n port = '" . $settings['port'] . "', type='" . $settings['type'] . "',\n remoteuser = '******'remoteuser'] . "',\n remotepassword = '******'remotepassword'] . "'\n WHERE accountid = '" . $settings['account'] . "'\n AND username='******'";
} else {
$query = "INSERT INTO accounts VALUES (\n '" . $auth_user . "',\n '" . $settings['server'] . "', '" . $settings['port'] . "',\n '" . $settings['type'] . "', '" . $settings['remoteuser'] . "',\n '" . $settings['remotepassword'] . "',\n NULL)";
}
if ($conn = db_connect()) {
$result = $conn->query($query);
if ($result) {
return true;
} else {
return false;
}
} else {
echo "<p>Can\\'t save changes.</p>";
return false;
}
}
}
function store_new_post($post)
{
//validate clean and store a new post
$conn = db_connect();
//check no fields are blank
if (!filled_out($post)) {
return false;
}
$post = clean_all($post);
//check parent exists
if ($post['parent'] != 0) {
$query = "select postid from header where postid = '" . $post['parent'] . "'";
$result = $conn->query($query);
if ($result->num_rows != 1) {
return false;
}
}
//check not duplicate
$query = "select header.postid from header, body where\n\t\t\t\theader.postid = body.postid and\n\t\t\t\theader.parent = " . $post['parent'] . " and\n\t\t\t\theader.post = '" . $post['poster'] . "' and\n\t\t\t\theader.title = '" . $post['title'] . "' and\n\t\t\t\theader.area = " . $post['area'] . " and\n\t\t\t\tbody.message = '" . $post['message'] . "'";
$result = $conn->query($query);
if (!$result) {
return false;
}
if ($result->num_rows > 0) {
$this_row = $result->fetch_array();
return $this_row[0];
}
$query = "insert into header values\n\t\t\t\t\t('" . $postid['parent'] . "',\n\t\t\t\t\t'" . $postid['poster'] . "',\n\t\t\t\t\t'" . $postid['title'] . "',\n\t\t\t\t\t0,\n\t\t\t\t\t'" . $postid['area'] . "',\n\t\t\t\t\tnow(),\n\t\t\t\t\tnull\n\t\t\t\t\t)'";
$result = $conn->query($query);
if (!$result) {
return false;
}
}
function store_new_post($post)
{
// validate clean and store a new post
$conn = db_connect();
// check no fields are blank
if (!filled_out($post)) {
return false;
}
$post = clean_all($post);
//check parent exists
if ($post['parent'] != 0) {
$query = "select postid from t_chforum_header where postid = '" . $post['parent'] . "'";
$result = $conn->query($query);
if ($result->num_rows != 1) {
return false;
}
}
// check not a duplicate
$query = "select t_chforum_header.postid from t_chforum_header, t_chforum_body where\n t_chforum_header.postid = t_chforum_body.postid and\n t_chforum_header.chapterid = " . $post['chapterid'] . " and\n t_chforum_header.parent = " . $post['parent'] . " and\n t_chforum_header.poster = '" . $post['poster'] . "' and\n t_chforum_header.title = '" . $post['title'] . "' and\n t_chforum_header.area = " . $post['area'] . " and\n t_chforum_body.message = '" . $post['message'] . "'";
$result = $conn->query($query);
if (!$result) {
return false;
}
if ($result->num_rows > 0) {
$this_row = $result->fetch_array();
return $this_row[0];
}
$query = "insert into t_chforum_header values\n ( null,\n '" . $post['chapterid'] . "',\n '" . $post['parent'] . "',\n '" . $post['poster'] . "',\n '" . $post['title'] . "',\n 0,\n '" . $post['area'] . "',\n now()\n )";
$result = $conn->query($query);
if (!$result) {
return false;
}
// note that our parent now has a child
$query = "update t_chforum_header set children = 1 where postid = '" . $post['parent'] . "'";
$result = $conn->query($query);
if (!$result) {
return false;
}
// find our post id, note that there could be multiple headers
// that are the same except for id and probably posted time
$query = "select t_chforum_header.postid from t_chforum_header left join t_chforum_body on t_chforum_header.postid = t_chforum_body.postid\n where parent = '" . $post['parent'] . "'\n and chapterid = '" . $post['chapterid'] . "'\n and poster = '" . $post['poster'] . "'\n and title = '" . $post['title'] . "'\n and t_chforum_body.postid is NULL";
$result = $conn->query($query);
if (!$result) {
return false;
}
if ($result->num_rows > 0) {
$this_row = $result->fetch_array();
$id = $this_row[0];
}
if ($id) {
$query = "insert into t_chforum_body values ({$id}, '" . $post['message'] . "')";
$result = $conn->query($query);
if (!$result) {
return false;
}
return $id;
}
}
function store_new_post($post)
{
// validate clean and store a new post
$conn = db_connect();
// check no fields are blank
if (!filled_out($post)) {
return false;
}
$post = clean_all($post);
//check parent exists
if ($post['parent'] != 0) {
$query = "select postid from header where postid = '" . $post['parent'] . "'";
$result = mysql_query($query);
if (mysql_numrows($result) != 1) {
return false;
}
}
// check not a duplicate
$query = "select header.postid from header, body where\n header.postid = body.postid and \n header.parent = " . $post['parent'] . " and\n header.poster = '" . $post['poster'] . "' and\n header.title = '" . $post['title'] . "' and\n header.area = " . $post['area'] . " and \n body.message = '" . $post['message'] . "'";
$result = mysql_query($query);
if (!$result) {
return false;
}
if (mysql_numrows($result) > 0) {
return mysql_result($result, 0, 0);
}
$query = "insert into header values\n ('" . $post['parent'] . "', \n '" . $post['poster'] . "', \n '" . $post['title'] . "', \n 0,\n '" . $post['area'] . "',\n now(),\n NULL \n )";
$result = mysql_query($query);
if (!$result) {
return false;
}
// note that our parent now has a child
$query = 'update header set children = 1 where postid = ' . $post['parent'];
$result = mysql_query($query);
if (!$result) {
return false;
}
// find our post id, note that there could be multiple headers
// that are the same except for id and probably posted time
$query = "select header.postid from header left join body on header.postid = body.postid \n where parent = '" . $post['parent'] . "' \n and poster = '" . $post['poster'] . "'\n and title = '" . $post['title'] . "'\n and body.postid is NULL";
$result = mysql_query($query);
if (!$result) {
return false;
}
if (mysql_numrows($result) > 0) {
$id = mysql_result($result, 0, 0);
}
if ($id) {
$query = "insert into body values ({$id}, '" . $post['message'] . "')";
$result = mysql_query($query);
if (!$result) {
return false;
}
return $id;
}
}
function filled_out($form_vars)
{
// test that each variable has a value
foreach ($form_vars as $key => $value) {
// echo "Start key= [" . $key . "] value= " . $value . " <br>\n"; // Debug
if (!isset($key) || $value == "") {
// echo "Failed key= [" . $key . "] value= " . $value . " <br>\n"; // Debug
return false;
} else {
if (is_array($value)) {
// echo "Array Start key= [" . $key . "] value= " . $value . " <br>\n"; // Debug
if (!filled_out($value)) {
// echo "Failed array key= [" . $key . "] value= " . $value . "<br>\n"; // Debug
return false;
}
// echo "Array success key= [" . $key . "] value= " . $value . " <br>\n"; // Debug
}
}
// echo "Success key= [" . $key . "] value= " . $value . " <br>\n"; // Debug
}
return true;
}
<?php
require_once 'book_sc_fns.php';
session_start();
do_html_header('Changing password');
check_admin_user();
if (!filled_out($HTTP_POST_VARS)) {
echo 'You have not filled out the form completely.
Please try again.';
do_html_url('admin.php', 'Back to administration menu');
do_html_footer();
exit;
} else {
$new_passwd = $HTTP_POST_VARS['new_passwd'];
$new_passwd2 = $HTTP_POST_VARS['new_passwd2'];
$old_passwd = $HTTP_POST_VARS['old_passwd'];
if ($new_passwd != $new_passwd2) {
echo 'Passwords entered were not the same. Not changed.';
} else {
if (strlen($new_passwd) > 16 || strlen($new_passwd) < 6) {
echo 'New password must be between 6 and 16 characters. Try again.';
} else {
// attempt update
if (change_password($HTTP_SESSION_VARS['admin_user'], $old_passwd, $new_passwd)) {
echo 'Password changed.';
} else {
echo 'Password could not be changed.';
}
}
}
}
<?php
require_once 'bookmark_fns.php';
//session_start();
//create short variable names
if (isset($_POST['del_me'])) {
$del_me = $_POST['del_me'];
}
if (isset($_SESSION['valid_user'])) {
$valid_user = $_SESSION['valid_user'];
}
do_html_header('Deleting bookmarks');
check_valid_user();
if (!filled_out($_POST)) {
echo 'You have not chosen any bookmarks to delete.
Please try again.';
display_user_menu();
exit;
} else {
if (isset($del_me) && count($del_me) > 0) {
foreach ($del_me as $url) {
if (delete_bm($valid_user, $url)) {
echo 'Deleted ' . htmlspecialchars($url) . '.<br />';
} else {
echo 'Could not delete ' . htmlspecialchars($url) . '.<br />';
}
}
} else {
echo 'No bookmarks selected for deletion';
}
}
function store_account($normal_user, $admin_user, $details)
{
if (!filled_out($details)) {
echo 'All fields must be filled in. Try again.<br /><br />';
return false;
} else {
if (subscriber_exists($details['email'])) {
//check logged in as the user they are trying to change
if (get_email() == $details['email']) {
$query = "update subscribers set realname = '{$details['realname']}',\r\n mimetype = '{$details['mimetype']}'\r\n where email = '" . $details[email] . "'";
if (db_connect() && mysql_query($query)) {
return true;
} else {
echo 'could not store changes.<br /><br /><br /><br /><br /><br />';
return false;
}
} else {
echo '<p>Sorry, that email address is already registered here.';
echo '<p>You will need to log in with that address to change ' . ' its settings.';
return false;
}
} else {
$query = "insert into subscribers \r\n values ('{$details['email']}',\r\n '{$details['realname']}',\r\n '{$details['mimetype']}',\r\n password('{$details['new_password']}'),\r\n 0)";
if (db_connect() && mysql_query($query)) {
return true;
} else {
echo 'Could not store new account.<br /><br /><br /><br /><br /><br />';
return false;
}
}
}
}
function store_account_settings($auth_user, $settings)
{
if (!filled_out($settings)) {
echo 'All fields must be filled in. Try again.<br /><br />';
return false;
} else {
if ($settings['account'] > 0) {
$query = "update accounts set server = '{$settings['server']}',\r\n port = {$settings['port']}, type = '{$settings['type']}',\r\n remoteuser = '******'remoteuser']}', \r\n remotepassword = '******'remotepassword']}' \r\n where accountid = {$settings['account']} \r\n and username = '******'";
} else {
$query = "insert into accounts values ('{$auth_user}', \r\n '{$settings['server']}', {$settings['port']}, \r\n '{$settings['type']}', '{$settings['remoteuser']}', \r\n '{$settings['remotepassword']}', NULL)";
}
if (db_connect() && mysql_query($query)) {
return true;
} else {
echo 'could not store changes.<br /><br /><br /><br /><br /><br />';
return false;
}
}
}
<?php
// include function files for this application
require_once 'book_sc_fns.php';
session_start();
do_html_header('Adding a book');
if (check_admin_user()) {
if (filled_out($_POST)) {
$isbn = $_POST['isbn'];
$title = $_POST['title'];
$author = $_POST['author'];
$catid = $_POST['catid'];
$price = $_POST['price'];
$description = $_POST['description'];
if (insert_book($isbn, $title, $author, $catid, $price, $description)) {
echo "Book '" . stripslashes($title) . "' was added to the database.<br />";
} else {
echo "Book '" . stripslashes($title) . "' could not be added to the database.<br />";
}
} else {
echo 'You have not filled out the form. Please try again.';
}
do_html_url('admin.php', 'Back to administration menu');
} else {
echo 'You are not authorised to view this page.';
}
do_html_footer();
function store_account_settings($auth_user, $settings)
{
if (!filled_out($settings)) {
echo "<p>All fields must be filled in. Try again.</p>";
return false;
} else {
if ($settings['account'] > 0) {
$query = "update accounts set server = '" . $settings[server] . "',\n port = " . $settings[port] . ", type = '" . $settings[type] . "',\n remoteuser = '******',\n remotepassword = '******'\n where accountid = '" . $settings[account] . "'\n and username = '******'";
} else {
$query = "insert into accounts values ('" . $auth_user . "',\n '" . $settings[server] . "', '" . $settings[port] . "',\n '" . $settings[type] . "', '" . $settings[remoteuser] . "',\n '" . $settings[remotepassword] . "', NULL)";
}
if ($conn = db_connect()) {
$result = $conn->query($query);
if ($result) {
return true;
} else {
return false;
}
} else {
echo "<p>Could not store changes.</p>";
return false;
}
}
}
<?php
require_once 'fns.php';
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
$email = $_POST['email'];
session_start();
try {
//验证所填项目是否为空,;以后做到前台!!!!
if (!filled_out($username) || !filled_out($email)) {
throw new Exception('有表单项未填,请返回重试');
}
//验证两次所填密码是否一致
if ($password != $password2) {
throw new Exception('密码不一致');
}
//判断密码长度是否合理
if (strlen($password) < 6 || strlen($password) > 16) {
throw new Exception('密码必须在6-16个字符之间');
}
//验证邮箱
if (!valid_email($email)) {
throw new Exception("邮箱不合法");
}
//尝试 注册
register($username, $email, $password);
$_SESSION['valid_user'] = $username;
//登录成功显示页面
do_html_header('Registration successful');
echo "注册成功,";
public function config_site()
{
global $LANG;
if (empty($_SESSION['step4'])) {
if (!empty($_SESSION['step3']) && is_file(PH7_ROOT_PUBLIC . '_constants.php')) {
session_regenerate_id(true);
if (empty($_SESSION['val'])) {
$_SESSION['val']['site_name'] = 'My Own Social/Dating Site!';
$_SESSION['val']['admin_login_email'] = '';
$_SESSION['val']['admin_email'] = '';
$_SESSION['val']['admin_feedback_email'] = '';
$_SESSION['val']['admin_return_email'] = '';
$_SESSION['val']['admin_username'] = '******';
$_SESSION['val']['admin_first_name'] = '';
$_SESSION['val']['admin_last_name'] = '';
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['config_site_submit'])) {
if (filled_out($_POST)) {
foreach ($_POST as $sKey => $sVal) {
$_SESSION['val'][$sKey] = trim($sVal);
}
if (validate_email($_SESSION['val']['admin_login_email']) && validate_email($_SESSION['val']['admin_email']) && validate_email($_SESSION['val']['admin_feedback_email']) && validate_email($_SESSION['val']['admin_return_email'])) {
if (validate_username($_SESSION['val']['admin_username']) == 0) {
if (validate_password($_SESSION['val']['admin_password']) == 0) {
if (validate_identical($_SESSION['val']['admin_password'], $_SESSION['val']['admin_passwords'])) {
if (!find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_username']) && !find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_first_name']) && !find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_last_name'])) {
if (validate_name($_SESSION['val']['admin_first_name'])) {
if (validate_name($_SESSION['val']['admin_last_name'])) {
@(require_once PH7_ROOT_PUBLIC . '_constants.php');
@(require_once PH7_PATH_APP . 'configs/constants.php');
require PH7_PATH_FRAMEWORK . 'Loader/Autoloader.php';
// To load "Security" class.
Framework\Loader\Autoloader::getInstance()->init();
try {
require_once PH7_ROOT_INSTALL . 'inc/_db_connect.inc.php';
// SQL EXECUTE
$oSqlQuery = $DB->prepare('INSERT INTO ' . $_SESSION['db']['prefix'] . 'Admins
(profileId , username, password, email, firstName, lastName, joinDate, lastActivity, ip)
VALUES (1, :username, :password, :email, :firstName, :lastName, :joinDate, :lastActivity, :ip)');
$sCurrentDate = date('Y-m-d H:i:s');
$oSqlQuery->execute(array('username' => $_SESSION['val']['admin_username'], 'password' => Framework\Security\Security::hashPwd($_SESSION['val']['admin_password']), 'email' => $_SESSION['val']['admin_login_email'], 'firstName' => $_SESSION['val']['admin_first_name'], 'lastName' => $_SESSION['val']['admin_last_name'], 'joinDate' => $sCurrentDate, 'lastActivity' => $sCurrentDate, 'ip' => client_ip()));
$oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :siteName WHERE name = \'siteName\'');
$oSqlQuery->execute(array('siteName' => $_SESSION['val']['site_name']));
$oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :adminEmail WHERE name = \'adminEmail\'');
$oSqlQuery->execute(array('adminEmail' => $_SESSION['val']['admin_email']));
$oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :feedbackEmail WHERE name = \'feedbackEmail\'');
$oSqlQuery->execute(array('feedbackEmail' => $_SESSION['val']['admin_feedback_email']));
$oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :returnEmail WHERE name = \'returnEmail\'');
$oSqlQuery->execute(array('returnEmail' => $_SESSION['val']['admin_return_email']));
// We finalise by putting the correct permission to the config files
$this->_chmodConfigFiles();
$_SESSION['step4'] = 1;
redirect(PH7_URL_SLUG_INSTALL . 'service');
} catch (\PDOException $oE) {
$aErrors[] = $LANG['database_error'] . escape($oE->getMessage());
}
} else {
$aErrors[] = $LANG['bad_last_name'];
}
} else {
$aErrors[] = $LANG['bad_first_name'];
}
} else {
$aErrors[] = $LANG['insecure_password'];
}
} else {
$aErrors[] = $LANG['passwords_different'];
}
} elseif (validate_password($_SESSION['val']['admin_password']) == 1) {
$aErrors[] = $LANG['password_too_short'];
} elseif (validate_password($_SESSION['val']['admin_password']) == 2) {
$aErrors[] = $LANG['password_too_long'];
} elseif (validate_password($_SESSION['val']['admin_password']) == 3) {
$aErrors[] = $LANG['password_no_number'];
} elseif (validate_password($_SESSION['val']['admin_password']) == 4) {
$aErrors[] = $LANG['password_no_upper'];
}
} elseif (validate_username($_SESSION['val']['admin_username']) == 1) {
$aErrors[] = $LANG['username_too_short'];
} elseif (validate_username($_SESSION['val']['admin_username']) == 2) {
$aErrors[] = $LANG['username_too_long'];
} elseif (validate_username($_SESSION['val']['admin_username']) == 3) {
$aErrors[] = $LANG['bad_username'];
}
} else {
$aErrors[] = $LANG['bad_email'];
}
} else {
$aErrors[] = $LANG['all_fields_mandatory'];
}
}
} else {
redirect(PH7_URL_SLUG_INSTALL . 'config_system');
}
} else {
redirect(PH7_URL_SLUG_INSTALL . 'service');
}
$this->oView->assign('sept_number', 4);
$this->oView->assign('errors', @$aErrors);
unset($aErrors);
$this->oView->display('config_site.tpl');
}
function store_account($normal_user, $admin_user, $details)
{
if (!filled_out($details)) {
echo "<p>All fields must be filled in. Try again.</p>";
return false;
} else {
if (subscriber_exists($details['email'])) {
//check logged in as the user they are trying to change
if (get_email() == $details['email']) {
$query = "update subscribers set\n realname = '" . $details[realname] . "',\n mimetype = '" . $details[mimetype] . "'\n where email = '" . $details[email] . "'";
if ($conn = db_connect()) {
if ($conn->query($query)) {
return true;
} else {
return false;
}
} else {
echo "<p>Could not store changes.</p>";
return false;
}
} else {
echo "<p>Sorry, that email address is already registered here.</p>\n <p>You will need to log in with that address to\n change its settings.</p>";
return false;
}
} else {
// new account
$query = "insert into subscribers\n values ('" . $details[email] . "',\n '" . $details[realname] . "',\n '" . $details[mimetype] . "',\n sha1('" . $details[new_password] . "'),\n 0)";
if ($conn = db_connect()) {
if ($conn->query($query)) {
return true;
} else {
return false;
}
} else {
echo "<p>Could not store new account.</p>";
return false;
}
}
}
}
