function store_account_settings($auth_user, $settings) { echo "store_account_settings()<br />"; if (!filled_out($settings)) { echo "<p>All fields must be filled, Try again.</p>"; return false; } else { if ($settings['account'] > 0) { $query = "UPDATE accounts SET server = '" . $settings['server'] . "',\n port = '" . $settings['port'] . "', type='" . $settings['type'] . "',\n remoteuser = '******'remoteuser'] . "',\n remotepassword = '******'remotepassword'] . "'\n WHERE accountid = '" . $settings['account'] . "'\n AND username='******'"; } else { $query = "INSERT INTO accounts VALUES (\n '" . $auth_user . "',\n '" . $settings['server'] . "', '" . $settings['port'] . "',\n '" . $settings['type'] . "', '" . $settings['remoteuser'] . "',\n '" . $settings['remotepassword'] . "',\n NULL)"; } if ($conn = db_connect()) { $result = $conn->query($query); if ($result) { return true; } else { return false; } } else { echo "<p>Can\\'t save changes.</p>"; return false; } } }
function store_new_post($post) { //validate clean and store a new post $conn = db_connect(); //check no fields are blank if (!filled_out($post)) { return false; } $post = clean_all($post); //check parent exists if ($post['parent'] != 0) { $query = "select postid from header where postid = '" . $post['parent'] . "'"; $result = $conn->query($query); if ($result->num_rows != 1) { return false; } } //check not duplicate $query = "select header.postid from header, body where\n\t\t\t\theader.postid = body.postid and\n\t\t\t\theader.parent = " . $post['parent'] . " and\n\t\t\t\theader.post = '" . $post['poster'] . "' and\n\t\t\t\theader.title = '" . $post['title'] . "' and\n\t\t\t\theader.area = " . $post['area'] . " and\n\t\t\t\tbody.message = '" . $post['message'] . "'"; $result = $conn->query($query); if (!$result) { return false; } if ($result->num_rows > 0) { $this_row = $result->fetch_array(); return $this_row[0]; } $query = "insert into header values\n\t\t\t\t\t('" . $postid['parent'] . "',\n\t\t\t\t\t'" . $postid['poster'] . "',\n\t\t\t\t\t'" . $postid['title'] . "',\n\t\t\t\t\t0,\n\t\t\t\t\t'" . $postid['area'] . "',\n\t\t\t\t\tnow(),\n\t\t\t\t\tnull\n\t\t\t\t\t)'"; $result = $conn->query($query); if (!$result) { return false; } }
function store_new_post($post) { // validate clean and store a new post $conn = db_connect(); // check no fields are blank if (!filled_out($post)) { return false; } $post = clean_all($post); //check parent exists if ($post['parent'] != 0) { $query = "select postid from t_chforum_header where postid = '" . $post['parent'] . "'"; $result = $conn->query($query); if ($result->num_rows != 1) { return false; } } // check not a duplicate $query = "select t_chforum_header.postid from t_chforum_header, t_chforum_body where\n t_chforum_header.postid = t_chforum_body.postid and\n t_chforum_header.chapterid = " . $post['chapterid'] . " and\n t_chforum_header.parent = " . $post['parent'] . " and\n t_chforum_header.poster = '" . $post['poster'] . "' and\n t_chforum_header.title = '" . $post['title'] . "' and\n t_chforum_header.area = " . $post['area'] . " and\n t_chforum_body.message = '" . $post['message'] . "'"; $result = $conn->query($query); if (!$result) { return false; } if ($result->num_rows > 0) { $this_row = $result->fetch_array(); return $this_row[0]; } $query = "insert into t_chforum_header values\n ( null,\n '" . $post['chapterid'] . "',\n '" . $post['parent'] . "',\n '" . $post['poster'] . "',\n '" . $post['title'] . "',\n 0,\n '" . $post['area'] . "',\n now()\n )"; $result = $conn->query($query); if (!$result) { return false; } // note that our parent now has a child $query = "update t_chforum_header set children = 1 where postid = '" . $post['parent'] . "'"; $result = $conn->query($query); if (!$result) { return false; } // find our post id, note that there could be multiple headers // that are the same except for id and probably posted time $query = "select t_chforum_header.postid from t_chforum_header left join t_chforum_body on t_chforum_header.postid = t_chforum_body.postid\n where parent = '" . $post['parent'] . "'\n and chapterid = '" . $post['chapterid'] . "'\n and poster = '" . $post['poster'] . "'\n and title = '" . $post['title'] . "'\n and t_chforum_body.postid is NULL"; $result = $conn->query($query); if (!$result) { return false; } if ($result->num_rows > 0) { $this_row = $result->fetch_array(); $id = $this_row[0]; } if ($id) { $query = "insert into t_chforum_body values ({$id}, '" . $post['message'] . "')"; $result = $conn->query($query); if (!$result) { return false; } return $id; } }
function store_new_post($post) { // validate clean and store a new post $conn = db_connect(); // check no fields are blank if (!filled_out($post)) { return false; } $post = clean_all($post); //check parent exists if ($post['parent'] != 0) { $query = "select postid from header where postid = '" . $post['parent'] . "'"; $result = mysql_query($query); if (mysql_numrows($result) != 1) { return false; } } // check not a duplicate $query = "select header.postid from header, body where\n header.postid = body.postid and \n header.parent = " . $post['parent'] . " and\n header.poster = '" . $post['poster'] . "' and\n header.title = '" . $post['title'] . "' and\n header.area = " . $post['area'] . " and \n body.message = '" . $post['message'] . "'"; $result = mysql_query($query); if (!$result) { return false; } if (mysql_numrows($result) > 0) { return mysql_result($result, 0, 0); } $query = "insert into header values\n ('" . $post['parent'] . "', \n '" . $post['poster'] . "', \n '" . $post['title'] . "', \n 0,\n '" . $post['area'] . "',\n now(),\n NULL \n )"; $result = mysql_query($query); if (!$result) { return false; } // note that our parent now has a child $query = 'update header set children = 1 where postid = ' . $post['parent']; $result = mysql_query($query); if (!$result) { return false; } // find our post id, note that there could be multiple headers // that are the same except for id and probably posted time $query = "select header.postid from header left join body on header.postid = body.postid \n where parent = '" . $post['parent'] . "' \n and poster = '" . $post['poster'] . "'\n and title = '" . $post['title'] . "'\n and body.postid is NULL"; $result = mysql_query($query); if (!$result) { return false; } if (mysql_numrows($result) > 0) { $id = mysql_result($result, 0, 0); } if ($id) { $query = "insert into body values ({$id}, '" . $post['message'] . "')"; $result = mysql_query($query); if (!$result) { return false; } return $id; } }
function filled_out($form_vars) { // test that each variable has a value foreach ($form_vars as $key => $value) { // echo "Start key= [" . $key . "] value= " . $value . " <br>\n"; // Debug if (!isset($key) || $value == "") { // echo "Failed key= [" . $key . "] value= " . $value . " <br>\n"; // Debug return false; } else { if (is_array($value)) { // echo "Array Start key= [" . $key . "] value= " . $value . " <br>\n"; // Debug if (!filled_out($value)) { // echo "Failed array key= [" . $key . "] value= " . $value . "<br>\n"; // Debug return false; } // echo "Array success key= [" . $key . "] value= " . $value . " <br>\n"; // Debug } } // echo "Success key= [" . $key . "] value= " . $value . " <br>\n"; // Debug } return true; }
<?php require_once 'book_sc_fns.php'; session_start(); do_html_header('Changing password'); check_admin_user(); if (!filled_out($HTTP_POST_VARS)) { echo 'You have not filled out the form completely. Please try again.'; do_html_url('admin.php', 'Back to administration menu'); do_html_footer(); exit; } else { $new_passwd = $HTTP_POST_VARS['new_passwd']; $new_passwd2 = $HTTP_POST_VARS['new_passwd2']; $old_passwd = $HTTP_POST_VARS['old_passwd']; if ($new_passwd != $new_passwd2) { echo 'Passwords entered were not the same. Not changed.'; } else { if (strlen($new_passwd) > 16 || strlen($new_passwd) < 6) { echo 'New password must be between 6 and 16 characters. Try again.'; } else { // attempt update if (change_password($HTTP_SESSION_VARS['admin_user'], $old_passwd, $new_passwd)) { echo 'Password changed.'; } else { echo 'Password could not be changed.'; } } } }
<?php require_once 'bookmark_fns.php'; //session_start(); //create short variable names if (isset($_POST['del_me'])) { $del_me = $_POST['del_me']; } if (isset($_SESSION['valid_user'])) { $valid_user = $_SESSION['valid_user']; } do_html_header('Deleting bookmarks'); check_valid_user(); if (!filled_out($_POST)) { echo 'You have not chosen any bookmarks to delete. Please try again.'; display_user_menu(); exit; } else { if (isset($del_me) && count($del_me) > 0) { foreach ($del_me as $url) { if (delete_bm($valid_user, $url)) { echo 'Deleted ' . htmlspecialchars($url) . '.<br />'; } else { echo 'Could not delete ' . htmlspecialchars($url) . '.<br />'; } } } else { echo 'No bookmarks selected for deletion'; } }
function store_account($normal_user, $admin_user, $details) { if (!filled_out($details)) { echo 'All fields must be filled in. Try again.<br /><br />'; return false; } else { if (subscriber_exists($details['email'])) { //check logged in as the user they are trying to change if (get_email() == $details['email']) { $query = "update subscribers set realname = '{$details['realname']}',\r\n mimetype = '{$details['mimetype']}'\r\n where email = '" . $details[email] . "'"; if (db_connect() && mysql_query($query)) { return true; } else { echo 'could not store changes.<br /><br /><br /><br /><br /><br />'; return false; } } else { echo '<p>Sorry, that email address is already registered here.'; echo '<p>You will need to log in with that address to change ' . ' its settings.'; return false; } } else { $query = "insert into subscribers \r\n values ('{$details['email']}',\r\n '{$details['realname']}',\r\n '{$details['mimetype']}',\r\n password('{$details['new_password']}'),\r\n 0)"; if (db_connect() && mysql_query($query)) { return true; } else { echo 'Could not store new account.<br /><br /><br /><br /><br /><br />'; return false; } } } }
function store_account_settings($auth_user, $settings) { if (!filled_out($settings)) { echo 'All fields must be filled in. Try again.<br /><br />'; return false; } else { if ($settings['account'] > 0) { $query = "update accounts set server = '{$settings['server']}',\r\n port = {$settings['port']}, type = '{$settings['type']}',\r\n remoteuser = '******'remoteuser']}', \r\n remotepassword = '******'remotepassword']}' \r\n where accountid = {$settings['account']} \r\n and username = '******'"; } else { $query = "insert into accounts values ('{$auth_user}', \r\n '{$settings['server']}', {$settings['port']}, \r\n '{$settings['type']}', '{$settings['remoteuser']}', \r\n '{$settings['remotepassword']}', NULL)"; } if (db_connect() && mysql_query($query)) { return true; } else { echo 'could not store changes.<br /><br /><br /><br /><br /><br />'; return false; } } }
<?php // include function files for this application require_once 'book_sc_fns.php'; session_start(); do_html_header('Adding a book'); if (check_admin_user()) { if (filled_out($_POST)) { $isbn = $_POST['isbn']; $title = $_POST['title']; $author = $_POST['author']; $catid = $_POST['catid']; $price = $_POST['price']; $description = $_POST['description']; if (insert_book($isbn, $title, $author, $catid, $price, $description)) { echo "Book '" . stripslashes($title) . "' was added to the database.<br />"; } else { echo "Book '" . stripslashes($title) . "' could not be added to the database.<br />"; } } else { echo 'You have not filled out the form. Please try again.'; } do_html_url('admin.php', 'Back to administration menu'); } else { echo 'You are not authorised to view this page.'; } do_html_footer();
function store_account_settings($auth_user, $settings) { if (!filled_out($settings)) { echo "<p>All fields must be filled in. Try again.</p>"; return false; } else { if ($settings['account'] > 0) { $query = "update accounts set server = '" . $settings[server] . "',\n port = " . $settings[port] . ", type = '" . $settings[type] . "',\n remoteuser = '******',\n remotepassword = '******'\n where accountid = '" . $settings[account] . "'\n and username = '******'"; } else { $query = "insert into accounts values ('" . $auth_user . "',\n '" . $settings[server] . "', '" . $settings[port] . "',\n '" . $settings[type] . "', '" . $settings[remoteuser] . "',\n '" . $settings[remotepassword] . "', NULL)"; } if ($conn = db_connect()) { $result = $conn->query($query); if ($result) { return true; } else { return false; } } else { echo "<p>Could not store changes.</p>"; return false; } } }
<?php require_once 'fns.php'; $username = $_POST['username']; $password = $_POST['password']; $password2 = $_POST['password2']; $email = $_POST['email']; session_start(); try { //验证所填项目是否为空,;以后做到前台!!!! if (!filled_out($username) || !filled_out($email)) { throw new Exception('有表单项未填,请返回重试'); } //验证两次所填密码是否一致 if ($password != $password2) { throw new Exception('密码不一致'); } //判断密码长度是否合理 if (strlen($password) < 6 || strlen($password) > 16) { throw new Exception('密码必须在6-16个字符之间'); } //验证邮箱 if (!valid_email($email)) { throw new Exception("邮箱不合法"); } //尝试 注册 register($username, $email, $password); $_SESSION['valid_user'] = $username; //登录成功显示页面 do_html_header('Registration successful'); echo "注册成功,";
public function config_site() { global $LANG; if (empty($_SESSION['step4'])) { if (!empty($_SESSION['step3']) && is_file(PH7_ROOT_PUBLIC . '_constants.php')) { session_regenerate_id(true); if (empty($_SESSION['val'])) { $_SESSION['val']['site_name'] = 'My Own Social/Dating Site!'; $_SESSION['val']['admin_login_email'] = ''; $_SESSION['val']['admin_email'] = ''; $_SESSION['val']['admin_feedback_email'] = ''; $_SESSION['val']['admin_return_email'] = ''; $_SESSION['val']['admin_username'] = '******'; $_SESSION['val']['admin_first_name'] = ''; $_SESSION['val']['admin_last_name'] = ''; } if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['config_site_submit'])) { if (filled_out($_POST)) { foreach ($_POST as $sKey => $sVal) { $_SESSION['val'][$sKey] = trim($sVal); } if (validate_email($_SESSION['val']['admin_login_email']) && validate_email($_SESSION['val']['admin_email']) && validate_email($_SESSION['val']['admin_feedback_email']) && validate_email($_SESSION['val']['admin_return_email'])) { if (validate_username($_SESSION['val']['admin_username']) == 0) { if (validate_password($_SESSION['val']['admin_password']) == 0) { if (validate_identical($_SESSION['val']['admin_password'], $_SESSION['val']['admin_passwords'])) { if (!find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_username']) && !find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_first_name']) && !find($_SESSION['val']['admin_password'], $_SESSION['val']['admin_last_name'])) { if (validate_name($_SESSION['val']['admin_first_name'])) { if (validate_name($_SESSION['val']['admin_last_name'])) { @(require_once PH7_ROOT_PUBLIC . '_constants.php'); @(require_once PH7_PATH_APP . 'configs/constants.php'); require PH7_PATH_FRAMEWORK . 'Loader/Autoloader.php'; // To load "Security" class. Framework\Loader\Autoloader::getInstance()->init(); try { require_once PH7_ROOT_INSTALL . 'inc/_db_connect.inc.php'; // SQL EXECUTE $oSqlQuery = $DB->prepare('INSERT INTO ' . $_SESSION['db']['prefix'] . 'Admins (profileId , username, password, email, firstName, lastName, joinDate, lastActivity, ip) VALUES (1, :username, :password, :email, :firstName, :lastName, :joinDate, :lastActivity, :ip)'); $sCurrentDate = date('Y-m-d H:i:s'); $oSqlQuery->execute(array('username' => $_SESSION['val']['admin_username'], 'password' => Framework\Security\Security::hashPwd($_SESSION['val']['admin_password']), 'email' => $_SESSION['val']['admin_login_email'], 'firstName' => $_SESSION['val']['admin_first_name'], 'lastName' => $_SESSION['val']['admin_last_name'], 'joinDate' => $sCurrentDate, 'lastActivity' => $sCurrentDate, 'ip' => client_ip())); $oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :siteName WHERE name = \'siteName\''); $oSqlQuery->execute(array('siteName' => $_SESSION['val']['site_name'])); $oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :adminEmail WHERE name = \'adminEmail\''); $oSqlQuery->execute(array('adminEmail' => $_SESSION['val']['admin_email'])); $oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :feedbackEmail WHERE name = \'feedbackEmail\''); $oSqlQuery->execute(array('feedbackEmail' => $_SESSION['val']['admin_feedback_email'])); $oSqlQuery = $DB->prepare('UPDATE ' . $_SESSION['db']['prefix'] . 'Settings SET value = :returnEmail WHERE name = \'returnEmail\''); $oSqlQuery->execute(array('returnEmail' => $_SESSION['val']['admin_return_email'])); // We finalise by putting the correct permission to the config files $this->_chmodConfigFiles(); $_SESSION['step4'] = 1; redirect(PH7_URL_SLUG_INSTALL . 'service'); } catch (\PDOException $oE) { $aErrors[] = $LANG['database_error'] . escape($oE->getMessage()); } } else { $aErrors[] = $LANG['bad_last_name']; } } else { $aErrors[] = $LANG['bad_first_name']; } } else { $aErrors[] = $LANG['insecure_password']; } } else { $aErrors[] = $LANG['passwords_different']; } } elseif (validate_password($_SESSION['val']['admin_password']) == 1) { $aErrors[] = $LANG['password_too_short']; } elseif (validate_password($_SESSION['val']['admin_password']) == 2) { $aErrors[] = $LANG['password_too_long']; } elseif (validate_password($_SESSION['val']['admin_password']) == 3) { $aErrors[] = $LANG['password_no_number']; } elseif (validate_password($_SESSION['val']['admin_password']) == 4) { $aErrors[] = $LANG['password_no_upper']; } } elseif (validate_username($_SESSION['val']['admin_username']) == 1) { $aErrors[] = $LANG['username_too_short']; } elseif (validate_username($_SESSION['val']['admin_username']) == 2) { $aErrors[] = $LANG['username_too_long']; } elseif (validate_username($_SESSION['val']['admin_username']) == 3) { $aErrors[] = $LANG['bad_username']; } } else { $aErrors[] = $LANG['bad_email']; } } else { $aErrors[] = $LANG['all_fields_mandatory']; } } } else { redirect(PH7_URL_SLUG_INSTALL . 'config_system'); } } else { redirect(PH7_URL_SLUG_INSTALL . 'service'); } $this->oView->assign('sept_number', 4); $this->oView->assign('errors', @$aErrors); unset($aErrors); $this->oView->display('config_site.tpl'); }
function store_account($normal_user, $admin_user, $details) { if (!filled_out($details)) { echo "<p>All fields must be filled in. Try again.</p>"; return false; } else { if (subscriber_exists($details['email'])) { //check logged in as the user they are trying to change if (get_email() == $details['email']) { $query = "update subscribers set\n realname = '" . $details[realname] . "',\n mimetype = '" . $details[mimetype] . "'\n where email = '" . $details[email] . "'"; if ($conn = db_connect()) { if ($conn->query($query)) { return true; } else { return false; } } else { echo "<p>Could not store changes.</p>"; return false; } } else { echo "<p>Sorry, that email address is already registered here.</p>\n <p>You will need to log in with that address to\n change its settings.</p>"; return false; } } else { // new account $query = "insert into subscribers\n values ('" . $details[email] . "',\n '" . $details[realname] . "',\n '" . $details[mimetype] . "',\n sha1('" . $details[new_password] . "'),\n 0)"; if ($conn = db_connect()) { if ($conn->query($query)) { return true; } else { return false; } } else { echo "<p>Could not store new account.</p>"; return false; } } } }