public function getContent() { global $sql; //Lang::load('blocks/shoutbox/lang.*.php'); $err = new Error(); $note = new Notifier('note-shoutbox'); $form['author'] = LOGGED ? User::$nickname : ''; $form['message'] = ''; if (isset($_POST['reply-shoutbox'])) { $form['author'] = LOGGED ? User::$nickname : filter($_POST['author-shoutbox'], 100); $form['message'] = filter($_POST['message-shoutbox'], Kio::getConfig('message_max', 'shoutbox')); $err->setError('author_empty', t('Author field is required.'))->condition(!$form['author']); $err->setError('author_exists', t('Entered nickname is registered.'))->condition(!LOGGED && is_registered($form['author'])); $err->setError('message_empty', t('Message field is required.'))->condition(!$form['message']); // No errors if ($err->noErrors()) { $sql->exec(' INSERT INTO ' . DB_PREFIX . 'shoutbox (added, author, message, author_id, author_ip) VALUES ( ' . TIMESTAMP . ', "' . $form['author'] . '", "' . cut($form['message'], Kio::getConfig('message_max', 'shoutbox')) . '", ' . UID . ', "' . IP . '")'); $sql->clearCache('shoutbox'); $note->success(t('Entry was added successfully.')); redirect(HREF . PATH . '#shoutbox'); } else { $note->error($err->toArray()); } } // If cache for shoutbox doesn't exists if (!($entries = $sql->getCache('shoutbox'))) { $query = $sql->query(' SELECT u.nickname, u.group_id, s.added, s.author, s.author_id, s.message FROM ' . DB_PREFIX . 'shoutbox s LEFT JOIN ' . DB_PREFIX . 'users u ON u.id = s.author_id ORDER BY s.id DESC LIMIT ' . Kio::getConfig('limit', 'shoutbox')); while ($row = $query->fetch()) { if ($row['author_id']) { $row['author'] = User::format($row['author_id'], $row['nickname'], $row['group_id']); $row['message'] = parse($row['message'], Kio::getConfig('parser', 'shoutbox')); } $entries[] = $row; } $sql->putCacheContent('shoutbox', $entries); } try { $tpl = new PHPTAL('blocks/shoutbox/shoutbox.tpl.html'); $tpl->entries = $entries; $tpl->err = $err->toArray(); $tpl->form = $form; $tpl->note = $note; return $tpl->execute(); } catch (Exception $e) { return template_error($e->getMessage()); //echo Note::error($e->getMessage()); } }
"' . (!LOGGED || $_POST['edit'] ? $form['author'] : '') . '", ' . $user->id . ', "' . IP . '", ' . TIMESTAMP . ', "' . cut($form['content'], $comments['content_max']) . '", "' . $backlink . '")'); $last_id = $sql->lastInsertId(); $sql->exec('UPDATE ' . DB_PREFIX . $holder_sql . ' SET comments = (comments + 1) WHERE id = ' . $connector_id); setcookie('KioCMS-' . COOKIE . '-comments', 'true', TIMESTAMP + $comments['flood_interval'] + 1, '/'); redirect(HREF . PATH . ('#comment-' . $last_id)); } catch (Exception $e) { $info->negative($lang_system['SQL_ERROR']); } } else { // Trzeba wykonać tylko get_user, ponieważ is_registered jest zbędne i wykonuje 1 niepotrzebne zapytanie if (is_registered($form['author'])) { $form['author_id'] = get_user($form['author'], 'nickname'); $form['author'] = ''; } else { $form['author_id'] = 0; } try { $sql->exec(' UPDATE ' . DB_PREFIX . 'comments SET author = "' . $form['author'] . '", author_id = ' . $form['author_id'] . ', content = "' . $form['content'] . '", backlink = "' . $backlink . '" WHERE id = ' . $edited_id); redirect(HREF . $backlink . '#comment-' . $edited_id);
<?php // KioCMS - Kiofol Content Managment System // modules/login/action.php $note->restore(); $form = array('logname' => $_POST['logname-session'] ? filter($_POST['logname-session'], 100) : '', 'pass' => $_POST['pass-session'] ? filter($_POST['pass-session'], 100) : ''); $err->empty_logname('Logname field is required.', !$form['logname'])->logname_not_exists(t('The logname you used isn't registered.'), $form['logname'] && !is_registered($form['logname'], 'logname'))->pass_empty(t('Password field is required.'), !$form['pass'])->pass_invalid(t('Password is invalid.'), $form['pass'] && md5($form['pass']) != $GLOBALS['session']['pass']); $err->isErrors() ? $note->error($err) : redirect(REFERER);
<?php // KioCMS - Kiofol Content Managment System // modules/registration/check.php define('KioCMS', true); define('AJAX', true); require '../../init.php'; echo $_POST['logname'] || $_POST['nickname'] ? is_registered(filter($_POST['logname'] . $_POST['nickname'], 100), $_POST['logname'] ? 'logname' : 'nickname') ? t('Name is <strong>not available</strong>') : t('Name is <strong>available</strong>') : t('Field can't be empty.'); exit;
public function getContent() { global $sql; $err = new Error(); $form = array(); if (Kio::getConfig('informations', 'contact')) { $info = Notifier::factory('note-contact_info')->info(parse(Kio::getConfig('informations', 'contact'), BBCODE . AUTOLINKS . EMOTICONS . CENSURE . PRE)); } if (isset($_POST['send'])) { // Form values $form = array('receiver' => filter($_POST['receiver'], 100), 'sender' => LOGGED ? User::$nickname : filter($_POST['sender'], 100), 'email' => LOGGED ? User::$email : filter($_POST['email'], 100), 'subject' => filter($_POST['subject'], 100), 'message' => filter($_POST['message'], 250)); if (!empty($_COOKIE[COOKIE . '-flood-contact']) && Kio::getConfig('flood_interval')) { $err->setError('flood', t('ERROR_FLOOD')); } else { // Errors if (!LOGGED) { $err->setError('sender_empty', t('Sender field is required.'))->condition(!$form['sender']); $err->setError('sender_exists', t('ERROR_SENDER_EXISTS'))->condition(is_registered($form['sender'], 'nickname')); $err->setError('email_empty', t('E-mail address field is required.'))->condition(!$form['email']); $err->setError('email_invalid', t('ERROR_EMAIL_INVALID'))->condition($form['email'] && !is_email($form['email'])); } // $err->setError('phone_invalid', t('ERROR_PHONE_INVALID')) // ->condition($form['phone'] && !preg_match('#^[0-9 ()+-]+$#', $form['phone'])); $err->setError('subject_empty', t('Subject field is required.'))->condition(!$form['subject']); $err->setError('message_empty', t('Message field is required.'))->condition(!$form['message']); } if ($err->noErrors()) { $from = "From: {$form['email']}2"; $msg = "Imię: {$imie}\nE-Mail: {$form['email']}2\nTelefon: {$telefon}\n\nTreść wiadomości:\n{$form['message']}\n\n\n----\nWiadomość została wysłana ze strony {$adres}\nIP: {$ip}"; echo mail($form['email'], $temat, $msg, $from) ? $note->success(t('SUCCESS')) . redirect() : $note->error(t('Wystąpił błąd, spróbuj wysłać później')); if (Kio::getConfig('flood_interval')) { setcookie(COOKIE . '-contact', 'true', TIMESTAMP + Kio::getConfig('flood_interval') + 1, '/'); } $to = "*****@*****.**"; $subject = "Test mail"; $message = "Hello! This is a simple email message."; $from = "*****@*****.**"; $headers = "From: {$from}"; mail($to, $subject, $message, $headers); } else { $this->note->error($err->toArray()); } } $stmt = $sql->setCache('contact')->prepare(' SELECT id, nickname, group_id FROM ' . DB_PREFIX . 'users WHERE id IN (:receivers)'); $stmt->bindParam(':receivers', Kio::getConfig('receivers', 'contact')); $stmt->execute(); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $row['g_name'] = Kio::getGroup($row['group_id'], 'name'); $receivers[] = $row; } try { $tpl = new PHPTAL('modules/contact/contact.tpl.html'); $tpl->message_limit = Kio::getConfig('message_max', 'contact'); $tpl->form = $form; $tpl->user = User::toArray(); $tpl->receivers = $receivers; $tpl->err = $err->toArray(); $tpl->note = $this->note; $tpl->info = isset($info) ? $info : ''; return $tpl->execute(); } catch (Exception $e) { return template_error($e); } }
<?php /* |-------------------------------------------------------------------------- | Registered Folder Redirect Index |-------------------------------------------------------------------------- | | Index page after SSO. | Check if the user is registered, if not, register for them. | Check if the user is Admin, Cyclist. Regirect to correct page. | */ // Include function/config file for feature uses. include_once '../../lib/global.conf.php'; include_once '../../lib/reg.func.php'; date_default_timezone_set("America/Toronto"); $netid = $_SERVER['HTTP_QUEENSU_NETID']; $name = $_SERVER['HTTP_COMMON_NAME']; $email = $_SERVER['HTTP_QUEENSU_MAIL']; $da = date("Y-m-d H:i:s"); // Check if user is registered. if (is_registered($dbc, $netid) == 0) { register_user($dbc, $netid, $name, $email, $da); } // Check if user is admin, and regirect. if (is_admin($dbc, $netid) == 0) { header('Location: ./home.php'); } else { header('Location: ./admin.php'); }
function login() { $this->data['title'] = "Login"; //validate form input $this->form_validation->set_rules('identity', 'Identity', 'required'); $this->form_validation->set_rules('password', 'Password', 'required'); //check to see if the user is logging in $jsondata = file_get_contents(get_api_key() . 'users/lists/format/json'); //convert json object to php associative array $data = json_decode($jsondata, true); //print_mz($data); if ($this->form_validation->run() == true) { $last_link = $this->session->userdata('last_link'); $nik = $this->input->post('identity'); $email = !empty($data['EMAIL']) ? $data['EMAIL'] : $this->input->post('identity'); $user_id = !empty(get_id($nik)) ? get_id($nik) : get_id_by_email($email); $last_login = $this->db->select('last_login')->where('nik', $nik)->or_where('email', $email)->get('users')->row('last_login'); $first_login = !empty($last_login) ? '' : '1'; if ($this->ion_auth->login($this->input->post('identity'), $this->input->post('password'))) { if (!empty($last_link)) { redirect($last_link); } else { if (!is_admin()) { redirect('person/detail/' . $user_id . '/' . $first_login, 'refresh'); } $this->session->set_flashdata('message', $this->ion_auth->messages()); redirect('/', 'refresh'); } } elseif ($this->cekNik($data, 'EMPLID', $this->input->post('identity')) == TRUE && $this->input->post('password') == 'password' && is_registered($this->input->post('identity')) == false) { $getdata = file_get_contents(get_api_key() . 'users/list/EMPLID/' . $this->input->post('identity') . '/format/json'); $data = json_decode($getdata, true); $username = $data['NAME']; $password = $this->input->post('password'); $additional_data = array('first_name' => $data['FIRSTNAME'], 'last_name' => $data['LASTNAME'], 'nik' => $this->input->post('identity'), 'bod' => date('Y-m-d', strtotime($data['BIRTHDATE'])), 'phone' => $data['PHONE'], 'marital_id' => $data['MARITALSTATUS'], 'previous_email' => $data['SMS'], 'bb_pin' => $data['PINBLACKBERRY']); if ($this->ion_auth->register($username, $password, $email, $additional_data)) { $this->send_email_inventory($data['EMPLID']); $mch = array('mchID' => get_mchid($nik)); $this->db->where('nik', $nik); $this->db->update('users', $mch); /*if( $this->send_email_notification($data['EMPLID'])){ $this->session->set_flashdata('message', 'Account is inactive'); redirect("auth/login", 'refresh'); }else{ $this->session->set_flashdata('message', 'Activation Is Inactive'); }*/ $this->send_email_activation($data['EMPLID']); $this->session->set_flashdata('message', 'Account is inactive'); redirect("auth/login", 'refresh'); } else { $this->session->set_flashdata('message', 'Wrong Password or Account is still inactive, Please Contact The Administrator'); redirect("auth/login", 'refresh'); } } else { $this->session->set_flashdata('message', $this->ion_auth->errors()); redirect('auth/login', 'refresh'); } } else { //the user is not logging in so display the login page //set the flash data error message if there is one $this->data['message'] = validation_errors() ? validation_errors() : $this->session->flashdata('message'); $this->data['identity'] = array('name' => 'identity', 'id' => 'identity', 'type' => 'text', 'value' => $this->form_validation->set_value('identity'), 'placeholder' => 'NIK / E-mail', 'required' => 'required'); $this->data['password'] = array('name' => 'password', 'id' => 'password', 'type' => 'password', 'placeholder' => 'Password', 'required' => 'required'); $this->_render_page('auth/login', $this->data); } }
function MakeNewData() { // 登録者数が限界の場合 if (MAX_USERS <= count(glob(USER . "*"))) { return array(false, "Maximum users.<br />已达到最大用户数量。"); } if (isset($_POST["Newid"])) { trim($_POST["Newid"]); } if (empty($_POST["Newid"])) { return array(false, "Enter ID."); } if (!ereg("[0-9a-zA-Z]{4,16}", $_POST["Newid"]) || ereg("[^0-9a-zA-Z]+", $_POST["Newid"])) { //正規表現 return array(false, "Bad ID"); } if (strlen($_POST["Newid"]) < 4 || 16 < strlen($_POST["Newid"])) { //文字制限 return array(false, "Bad ID"); } if (is_registered($_POST["Newid"])) { return array(false, "This ID has been already used."); } $file = USER . $_POST["Newid"] . "/" . DATA; // PASS //if(isset($_POST["pass1"])) // trim($_POST["pass1"]); if (empty($_POST["pass1"]) || empty($_POST["pass2"])) { return array(false, "Enter both Password."); } if (!ereg("[0-9a-zA-Z]{4,16}", $_POST["pass1"]) || ereg("[^0-9a-zA-Z]+", $_POST["pass1"])) { return array(false, "Bad Password 1"); } if (strlen($_POST["pass1"]) < 4 || 16 < strlen($_POST["pass1"])) { //文字制限 return array(false, "Bad Password 1"); } if (!ereg("[0-9a-zA-Z]{4,16}", $_POST["pass2"]) || ereg("[^0-9a-zA-Z]+", $_POST["pass2"])) { return array(false, "Bad Password 2"); } if (strlen($_POST["pass2"]) < 4 || 16 < strlen($_POST["pass2"])) { //文字制限 return array(false, "Bad Password 2"); } if ($_POST["pass1"] !== $_POST["pass2"]) { return array(false, "Password dismatch."); } $pass = $this->CryptPassword($_POST["pass1"]); // MAKE if (!file_exists($file)) { mkdir(USER . $_POST["Newid"], 0705); $this->RecordRegister($_POST["Newid"]); //ID記録 $fp = fopen("{$file}", "w"); flock($fp, LOCK_EX); $now = time(); fputs($fp, "id={$_POST['Newid']}\n"); fputs($fp, "pass={$pass}\n"); fputs($fp, "last=" . $now . "\n"); fputs($fp, "login="******"\n"); fputs($fp, "start=" . $now . substr(microtime(), 2, 6) . "\n"); fputs($fp, "money=" . START_MONEY . "\n"); fputs($fp, "time=" . START_TIME . "\n"); fputs($fp, "record_btl_log=1\n"); fclose($fp); //print("ID:$_POST[Newid] success.<BR>"); $_SESSION["id"] = $_POST["Newid"]; setcookie("NO", session_id(), time() + COOKIE_EXPIRE); $success = "<div class=\"recover\">ID : {$_POST['Newid']} 注册成功. 请登录吧</div>"; return array(true, $success); //強引... } }
public function getContent() { global $sql; if (!LOGGED) { return no_access('By mieć dostęp do edycji profilu musisz się zalogować.'); } $note = new Notifier(); $err = new Error(); $edit = isset($_POST['edit']) ? true : false; $countries = (include 'lang/countries.php'); asort($countries); //Edit user by ID if (ctype_digit(u1)) { $profile = $sql->query(' SELECT u.* FROM ' . DB_PREFIX . 'users u WHERE u.id = ' . u1)->fetch(PDO::FETCH_ASSOC); if ($profile) { Kio::addTitle(t('Users')); Kio::addBreadcrumb(t('Users'), 'users'); Kio::addTitle($profile['nickname'] . ' - ' . t('Edit profile')); Kio::addBreadcrumb($profile['nickname'], 'profile/' . u1); Kio::addBreadcrumb(t('Edit profile'), 'edit_profile/' . u1); $form = $profile; } else { return not_found(t('Selected user doesn't exists.'), array(t('This person was deleted from database.'), t('Entered URL is invalid.'))); } } else { $profile = User::toArray(); Kio::addTitle(t('Edit profile')); Kio::addBreadcrumb(t('Edit profile'), 'edit_profile'); } $form = $profile; $form['password'] = ''; $form['password2'] = ''; $form['birthdate'] = explode('-', $profile['birthdate']); $form['newsletter'] = $profile['newsletter'] ? 1 : 0; $form['pm_notify'] = $profile['pm_notify'] ? 1 : 0; $form['hide_email'] = $profile['hide_email'] ? 1 : 0; if (!u1 || $profile) { // Edit profile if (!empty($edit)) { $form = array('nickname' => Kio::getConfig('allow_change_nick', 'edit_profile') ? filter($_POST['nickname'], 100) : User::$nickname, 'password' => filter($_POST['password'], 100), 'password2' => filter($_POST['password2'], 100), 'email' => strtolower(filter($_POST['email'], 100)), 'forename' => $_POST['forename'], 'surname' => $_POST['surname'], 'gender' => $_POST['gender'], 'locality' => $_POST['locality'], 'country' => !empty($countries[$_POST['country']]) ? $_POST['country'] : '', 'communicator' => $_POST['communicator'], 'website' => $_POST['website'], 'birthdate' => array_map('intval', (array) $_POST['birthdate']), 'newsletter' => isset($_POST['newsletter']) ? 1 : 0, 'pm_notify' => isset($_POST['pm_notify']) ? 1 : 0, 'hide_email' => isset($_POST['hide_email']) ? 1 : 0, 'avatar' => $_FILES['avatar']['error'] == 0 && !$_POST['delete_avatar'] ? $_FILES['avatar'] : array(), 'delete_avatar' => isset($_POST['delete_avatar']) ? 1 : 0, 'photo' => isset($_FILES['photo']) ? $_FILES['photo'] : null, 'delete_photo' => isset($_POST['delete_photo']) ? 1 : 0, 'title' => $_POST['title'], 'interests' => $_POST['interests'], 'signature' => $_POST['signature']); $allowed_types = array('image/png' => 'png', 'image/jpeg' => 'jpg', 'image/gif' => 'gif'); // Nickname $err->setError('nickname_empty', t('ERROR_NICKNAME_EMPTY'))->condition(!$form['nickname']); $err->setError('nickname_exists', t('ERROR_NICKNAME_EXISTS'))->condition(Kio::getConfig('allow_change_nick', 'edit_profile') && $form['nickname'] && strtolower($form['nickname']) != strtolower($profile['nickname']) && is_registered($form['nickname'])); // Password $err->setError('password_differ', t('ERROR_PASSWORD_DIFFER'))->condition($form['password'] != $form['password2']); // E-mail $err->setError('email_empty', t('ERROR_EMAIL_EMPTY'))->condition(!$form['email']); if ($form['email']) { $err->setError('email_invalid', t('ERROR_EMAIL_INVALID'))->condition($form['email'] && !is_email($form['email'])); $err->setError('email_exists', t('ERROR_EMAIL_EXISTS'))->condition($form['email'] != $profile['email'] && is_email($form['email']) && is_registered($form['email'], 'email')); } // Birthdate $err->setError('birthdate_invalid', t('ERROR_BIRTHDATE'))->condition(array_sum($form['birthdate']) > 0 && !is_date('Y-n-j', $form['birthdate'][0] . '-' . $form['birthdate'][1] . '-' . $form['birthdate'][2])); // Avatar if ($form['avatar']) { $err->avatar_invalid_type(t('ERROR_ava'))->condition(!in_array($form['avatar']['type'], array_keys($allowed_types))); $err->avatar_exceeded_max_size(t('ERROR_ava'))->condition(Kio::getConfig('avatar_size_max', 'edit_profile') && !$err->isError('avatar_invalid_type') && $form['avatar']['size'] > Kio::getConfig('avatar_size_max', 'edit_profile')); } // No errors if ($err->noErrors()) { if ($form['delete_avatar']) { unlink(ROOT . 'images/avatars/' . $profile['id'] . '.' . User::$avatar); } if ($form['avatar']) { move_uploaded_file($_FILES['avatar']['tmp_name'], ROOT . 'images/avatars/' . $profile['id'] . '.' . $allowed_types[$form['avatar']['type']]); if ($allowed_types[$form['avatar']['type']] != User::$avatar) { unlink(ROOT . 'images/avatars/' . $profile['id'] . '.' . User::$avatar); } } $form['birthdate'] = array_sum($form['birthdate']) > 0 ? $form['birthdate'][0] . '-' . $form['birthdate'][1] . '-' . $form['birthdate'][2] : ''; $sql->exec(' UPDATE ' . DB_PREFIX . 'users SET nickname = "' . (Kio::getConfig('allow_change_nick', 'edit_profile') ? $form['nickname'] : User::$nickname) . '", ' . ($form['password'] ? 'pass = "******",' : '') . ' email = "' . $form['email'] . '", forename = "' . $form['forename'] . '", surname = "' . $form['surname'] . '", gender = ' . ($form['gender'] == 1 || $form['gender'] == 2 ? (int) $form['gender'] : 0) . ', locality = "' . $form['locality'] . '", country = "' . $form['country'] . '", communicator = "' . $form['communicator'] . '", website = "' . $form['website'] . '", birthdate = "' . $form['birthdate'] . '", newsletter = ' . $form['newsletter'] . ', pm_notify = ' . $form['pm_notify'] . ', hide_email = ' . $form['hide_email'] . ', ' . ($form['avatar'] ? 'avatar = "' . $allowed_types[$form['avatar']['type']] . '",' : ($form['delete_avatar'] ? 'avatar = "",' : '')) . ' title = "' . $form['title'] . '", interests = "' . $form['interests'] . '", signature = "' . $form['signature'] . '" WHERE id = ' . $profile['id']); $note->success(t('Your profile was modified successfully.')); redirect(HREF . 'edit_profile'); } else { $note->error($err->toArray()); } } try { $tpl = new PHPTAL('modules/edit_profile/edit_profile.tpl.html'); $tpl->profile = $profile; $tpl->countries = $countries; $tpl->allow_change_nick = Kio::getConfig('allow_change_nick', 'edit_profile'); $tpl->form = $form; $tpl->err = $err->toArray(); $tpl->note = $note; return $tpl->execute(); } catch (Exception $e) { return template_error($e); } } }
if(empty($_GET['agreement'])) { //show_message($_LANG['passport_js']['agreement']); $msg = rpcLang('user.php', 'agreement'); $code = '1'; jsonExit("{\"status\":\"$msg\",\"code\":\"$code\"}"); } if (strlen($username) < 3) { //show_message($_LANG['passport_js']['username_shorter']); $msg = rpcLang('user.php', 'username_shorter'); $code = '1'; jsonExit("{\"status\":\"$msg\",\"code\":\"$code\"}"); } if (!is_registered($username)) { $msg = rpcLang('user.php', 'username_is_registered'); $code = '1'; jsonExit("{\"status\":\"$msg\",\"code\":\"$code\"}"); } if (strlen($password) < 6) { //show_message($_LANG['passport_js']['password_shorter']); $msg = rpcLang('user.php', 'password_shorter'); $code = '1'; jsonExit("{\"status\":\"$msg\",\"code\":\"$code\"}"); } if (strpos($password, ' ') > 0) {
function getContent() { global $cfg, $user, $sql, $plug; $note = new Notifier(); $tpl = new PHPTAL('plugins/comments/comments.tpl.html'); $err = new Error(); $tpl->entries = ''; if ($this->total_comments != -1 && !Kio::getConfig('view_only_logged', 'comments')) { if ($this->total_comments > 0) { $tpl->backlink = $this->backlink; $tpl->cfg = $cfg; $tpl->user = $user; $tpl->entries = $this->getEntries(); } else { $note->info('There is no comments.'); } if (!Kio::getConfig('add_only_logged', 'comments') || LOGGED) { if ($this->edited) { $form = array('id' => $this->edited['comment_id'], 'author' => $this->edited['comment_author'], 'author_id' => $this->edited['comment_author_id'], 'message' => $this->edited['comment_message']); if (!$form['author']) { $form['author'] = User::getNickname(BY_ID, $this->edited['comment_author_id']); } $this->edit_mode = true; } else { $form['author'] = User::$nickname; } $add = isset($_POST['add']) ? true : false; $edit = isset($_POST['edit']) ? true : false; // Add or delete if (isset($_POST['add']) || $edit) { $form['author'] = isset($_POST['add']) && LOGGED ? User::$nickname : filter($_POST['author'], 100); $form['message'] = filter($_POST['message'], Kio::getConfig('message_max', 'comments')); $err->setError('author_empty', t('Author field is required.'))->condition(!$form['author']); $err->setError('author_exists', t('Entered nickname is registered.'))->condition($add && !LOGGED && is_registered($form['author'], 'nickname')); $err->setError('message_empty', t('Message field is required.'))->condition(!$form['message']); // No errors if ($err->noErrors()) { // Add if (isset($_POST['add'])) { $sql->exec(' INSERT INTO ' . DB_PREFIX . 'comments ( comment_owner, comment_owner_child_id, comment_author, comment_author_id, comment_author_ip, comment_added, comment_message, comment_backlink) VALUES( "' . u0 . '", ' . $this->connector_id . ', "' . (!LOGGED || isset($_POST['edit']) ? $form['author'] : '') . '", ' . UID . ', "' . IP . '", ' . TIMESTAMP . ', "' . $form['message'] . '", "' . $this->backlink . '")'); $last = $sql->lastInsertId(); $sql->exec(' UPDATE ' . DB_PREFIX . $this->owner . ' SET comments = (comments + 1) WHERE id = ' . $this->connector_id); setcookie(COOKIE . '-comments', 'true', TIMESTAMP + Kio::getConfig('flood_interval', 'comments') + 1, '/'); redirect(HREF . PATH . '#comment-' . $last); } else { if (isset($_POST['edit'])) { if ($form['author_id'] = User::getId(BY_NICKNAME, $form['author'])) { $form['author'] = ''; } else { $form['author_id'] = 0; } $sql->exec(' UPDATE ' . DB_PREFIX . 'comments SET comment_author = "' . $form['author'] . '", comment_author_id = ' . $form['author_id'] . ', comment_message = "' . $form['message'] . '" WHERE comment_id = ' . $this->edited['comment_id']); redirect(HREF . $this->edited['comment_backlink'] . '#comment-' . $this->edited['comment_id']); } } } else { $note->error($err->toArray()); } } else { if (isset($_POST['delete_id']) && ctype_digit($_POST['delete_id'])) { $sql->exec(' DELETE FROM ' . DB_PREFIX . 'comments WHERE comment_id = ' . $_POST['delete_id'] . '; UPDATE ' . DB_PREFIX . $this->owner . ' SET comments = (comments - 1) WHERE id = ' . $this->connector_id); redirect(strpos(REFERER, 'admin') ? REFERER : '#comments'); } } //$tpl->comments = $comments; $tpl->form = $form; $tpl->err = $err->toArray(); } else { $note->error(sprintf('Dodawanie komentarzy jest możliwe tylko dla <a href="%1$slogin">zalogowanych</a> osób, <a href="%1$sregistration">zarejestruj się</a> jeśli nie masz jeszcze konta.', HREF)); } } else { if ($this->total_comments != -1) { $note->error(array('Komentarze są widoczne tylko dla zalogowanych osób.', '<a href="' . HREF . 'registration">Zarejestruj się</a> jeśli nie masz jeszcze konta.')); } } $tpl->edit_mode = $this->edit_mode; $tpl->total_comments = $this->total_comments; $tpl->note = $note; return $tpl->execute(); }
<?php // KioCMS - Kiofol Content Managment System // blocks/shoutbox/action.php $form['author'] = LOGGED ? $user->nickname : filter($_POST['author-shoutbox'], 100); $form['message'] = $_POST['message-shoutbox'] ? filter($_POST['message-shoutbox'], $cfg->shoutbox['message_max']) : ''; $err->author_empty(t('Field <strong>author</strong> can not be empty.'), !$form['author']); $err->author_exists(t('Entered <strong>nickname</strong> is registered.'), !LOGGED && is_registered($form['author'])); $err->message_empty(t('Field <strong>message</strong> can not be empty.'), !$form['message']); // No errors if (!$err->count()) { $sql->exec(' INSERT INTO ' . DB_PREFIX . 'shoutbox (added, author, message, author_id, author_ip) VALUES ( ' . TIMESTAMP . ', "' . $form['author'] . '", "' . cut($form['message'], $cfg->shoutbox['message_max']) . '", ' . $user->id . ', "' . IP . '")', 'shoutbox.txt'); $note->success(t('Entry was added successfully.')); redirect(HREF . PATH . '#shoutbox'); } else { $note->error($err); }
function registration_model_helper($bid, $pin) { // Make sure that the passport has not already been registered. If it has // already been registered, then we can go straight to the stats. If not, // we try to submit the user's registration. if (is_registered($bid)) { return handle_stats($bid, $pin); } else { $registration = sanitized_registration(); // Make sure that the entered registration fields are valid. $badRegistrationFields = validate_registration($registration); if (count($badRegistrationFields) == 0) { register_user($bid, $registration); $user = get_user($bid); log_entry(LOG_MODE_USER, LOG_USER_ACTION_REGISTER, array("actorUid" => $user["uid"], "actorBid" => $bid, "targetUid" => $user["uid"], "targetBid" => $bid, "comment" => addslashes(serialize($registration)))); return handle_stats($bid, $pin, array("justRegistered" => true)); } else { return handle_registration($bid, $pin, $registration, array("badRegistration" => $badRegistrationFields)); } } }
require_once 'config.php'; require_once 'functions.php'; session_start(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $name = $_POST['name']; $row_password = $_POST['password']; $errors = array(); // バリデーション if ($name == '') { $errors['name'] = 'ユーザネームが未入力です'; } if ($row_password == '') { $errors['password'] = '******'; } if (is_registered($name)) { $errors['registered_name'] = '既に登録されているユーザーネームなので変更してください'; } $password = my_password_hash($row_password); // バリデーション突破後 if (empty($errors)) { $dbh = connectDatabase(); $sql = "insert into users (name, hashed_password, created_at) values\n (:name, :password, now());"; $stmt = $dbh->prepare($sql); $stmt->bindParam(":name", $name); $stmt->bindParam(":password", $password); $stmt->execute(); var_dump($_POST); echo '<hr>'; var_dump($errors); header('Location: login.php');
//$database = new Database("46.229.230.242", "ps011500", "ckeqexon", "ps011500db"); // DEVELOPING - PDO // $dsn = 'mysql:dbname=ps011500db;host=46.229.230.242'; // $user = '******'; // $passwd = 'ckeqexon'; // $database = new Database($dsn, $user, $passwd); // DEVELOPING - classic mysql $dsn = 'localhost'; $dbuser = '******'; $passwd = ''; $database_name = 'iqsklad'; $database = new Database($dsn, $dbuser, $passwd, $database_name); global $uzivatel; //definovanie globalnej premennej repreyentujucej uzivatela global $aktivny_sklad; if (is_registered()) { //uzivatel je prihlaseny //natiahnutie udajov o uzivatelovi z databazy $uzivatel = new User(); $uzivatel->loadFromDatabase($_SESSION["user"]); //toto bz som nahradil natiahnutia zo session, bude to rychlejsie $aktivny_sklad = najdi_aktivny_sklad(); //nacita do premennej aktivny_sklad vsetkz udaje o sklade } if (!isset($message)) { global $message; $message = new Message(); //definovanie objektu na vypisovanie sprav } global $page; $page = new Page();
private function formSumbit() { global $sql; $form['author'] = isset($_POST['add']) && LOGGED ? User::$nickname : filter($_POST['author'], 100); $form['email'] = strtolower(filter($_POST['email'], 100)); $form['website'] = filter($_POST['website'], 100); $form['message'] = filter($_POST['message'], Kio::getConfig('message_max', 'guestbook'), TRIM . NO_HTML . ANTISPAM . ANTIFLOOD_COOKIE, 'guestbook'); $this->err->setError('author_empty', t('Author field is required.'))->condition(empty($form['author']))->setError('author_exists', t('The nickname you used belongs to a registered user.'))->condition(isset($_POST['add']) && !LOGGED && is_registered($form['author']))->setError('email_invalid', t('E-mail address you entered is invalid.'))->condition(empty($form['email']) && !is_email($form['email']))->setError('message_empty', t('Message field is required.'))->condition(empty($form['message']))->setError('message_spam', t('ERROR_MESSAGE_SPAM'))->condition()->setError('flood', t(defined('FLOOD') && FLOOD == 1 ? 'ERROR_FLOOD' : 'ERROR_FLOOD2'))->condition(!$this->edit_mode && defined('FLOOD'))->setError('incorrect_auth', t('ERROR_INCORRECT_AUTH'))->condition($_POST['auth'] != AUTH); // No errors if ($this->err->noErrors()) { // Add if (isset($_POST['add'])) { // Nie działa rollback //$sql->beginTransaction(); $sql->exec(' INSERT INTO ' . DB_PREFIX . 'guestbook (added, author, author_id, author_ip, email, website, message) VALUES( ' . TIMESTAMP . ', "' . (!LOGGED ? $form['author'] : '') . '", ' . UID . ', "' . IP . '", "' . $form['email'] . '", "' . ($form['website'] && !strpos($form['website'], '://') ? 'http://' : '') . $form['website'] . '", "' . $form['message'] . '")'); $last_id = $sql->lastInsertId(); $sql->exec(' UPDATE ' . DB_PREFIX . 'stats SET stat_value = stat_value + 1 WHERE stat_name = "entries" AND stat_owner = "guestbook"'); $sql->clearCacheGroup('guestbook_*'); $sql->clearCache('stats'); setcookie(COOKIE . '-guestbook', true, TIMESTAMP + Kio::getConfig('flood_interval', 'guestbook'), '/'); $this->note->success(array(t('Entry was added successfully.'), t('<a href="#entry-' . $last_id . '">Go to entry</a>.'))); redirect(HREF . 'guestbook'); //$sql->commit(); } else { $form['author_id'] = User::getId(BY_NICKNAME, $form['author']); if ($form['author_id']) { $form['author'] = ''; } // Dwukrotny limit treści dla moderatorów $sql->exec(' UPDATE ' . DB_PREFIX . 'guestbook SET author = "' . $form['author'] . '", author_id = ' . (int) $form['author_id'] . ', email = "' . $form['email'] . '", website = "' . $form['website'] . '", message = "' . filter($_POST['message'], Kio::getConfig('message_max', 'guestbook') * 1.5) . '" WHERE id = ' . $edited_id); $sql->clearCacheGroup('guestbook_*'); $this->note->success(t('Entry was modified successfully.')); redirect(HREF . 'guestbook'); } } else { $this->note->restore()->error($this->err->toArray()); } return $form; }
public function getContent() { global $sql; $this->note = new Notifier(); $err = new Error(); // Redirect logged users to front page // Activate account // registration/activate/234/sfs9fsefsef36dsdgesefe4td if (u1 == 'activate' && ctype_digit(u2)) { return $this->accountActivation(); } else { if (Kio::getConfig('type', 'registration') == 0) { return $this->note->error('Rejestracja została <strong>wstrzymana</strong>.'); } else { // Kio::addJsCode('$(\'#check_logname\').click(function(){alert();});'); // Registering if (isset($_POST['register'])) { // filter(string, limit) $form = array('logname' => $_POST['logname'] ? filter($_POST['logname'], 100) : '', 'nickname' => $_POST['nickname'] ? filter($_POST['nickname'], 100) : '', 'pass' => $_POST['pass'] ? filter($_POST['pass'], 100) : '', 'pass2' => $_POST['pass2'] ? filter($_POST['pass2'], 100) : '', 'email' => strtolower(filter($_POST['email'], 100)), 'rules' => $_POST['rules'] ? true : false, 'newsletter' => $_POST['newsletter'] ? 1 : 0, 'pm_notify' => $_POST['pm_notify'] ? 1 : 0, 'hide_email' => $_POST['hide_email'] ? 1 : 0); // Errors $err->setError('logname_empty', t('Logname field is required.'))->condition(!$form['logname']); $err->setError('logname_exists', t('The logname you used is already registered.'))->condition(is_registered($form['logname'], 'logname')); $err->setError('nickname_empty', t('Nickname field is required.'))->condition(!$form['nickname']); $err->setError('nickname_exists', t('The nickname you used is already registered.'))->condition(is_registered($form['nickname'], 'nickname')); $err->setError('pass_empty', t('Password field is required.'))->condition(!$form['pass']); $err->setError('pass_not_match', t('Passwords do not match.'))->condition($form['pass'] != $form['pass2'] && $form['pass']); $err->setError('email_empty', t('E-mail field is required.'))->condition(!$form['email']); $err->setError('email_invalid', t('E-mail address you entered is invalid.'))->condition($form['email'] && !is_email($form['email'])); $err->setError('email_exists', t('The e-mail you used is already registered.'))->condition(is_registered($form['email'], 'email')); $err->setError('rules_not_accepted', t('Accepting the rules is required.'))->condition(!$form['rules'] && Kio::getConfig('show_rules', 'registration')); // No errors if ($err->noErrors()) { $blocked = 1; switch (Kio::getConfig('type', 'registration')) { case 1: $blocked = 'NULL'; $message = 'Rejestracja przebiegła pomyślnie, możesz się teraz zalogować.'; break; case 2: $message = 'Rejestracja przebiegła pomyślnie.<br />Wymagana jest aktywacja konta poprzez kliknięcie w odnośnik wysłany na Twoją skrzynkę e-mail.'; break; default: $message = 'Rejestracja przebiegła pomyślnie.<br />Wymagana jest aktywacja konta przez administratora, wówczas zostaniesz powiadomiony e-mail'em.'; } // Detect country $form['country'] = end(explode('.', gethostbyaddr(IP))); $form['country'] = $lang_system['COUNTRIES'][$form['country']] ? $form['country'] : ''; $stmt = $sql->prepare(' INSERT INTO ' . DB_PREFIX . 'users SET logname = :logname, nickname = :nickname, email = :email, pass = :pass, registered = :registered, country = :country, newsletter = :newsletter, pm_notify = :pm_notify, hide_email = :hide_email, blocked = :blocked, time_zone = :time_zone, ip = :ip, auth_code = :auth_code, http_agent = :http_agent; UPDATE ' . DB_PREFIX . 'stats SET content = content + 1 WHERE name = "registered_users"'); $stmt->execute(array('logname' => $form['logname'], 'nickname' => $form['nickname'], 'email' => $form['email'], 'pass' => md5($form['pass']), 'registered' => TIMESTAMP, 'country' => $form['country'], 'newsletter' => $form['newsletter'], 'pm_notify' => $form['pm_notify'], 'hide_email' => $form['hide_email'], 'blocked' => 1, 'time_zone' => Kio::getConfig('time_zone'), 'ip' => IP, 'auth_code' => auth_code($form['logname']), 'http_agent' => filter($_SERVER['HTTP_USER_AGENT'], 250))); $this->note->success($message); redirect(HREF . 'registration'); } else { $this->note->error($err->toArray()); } } // // No action // else // { // $this->note->info(array(t('Register and enjoy additional services.'))); // } try { $tpl = new PHPTAL('modules/registration/registration.tpl.html'); $tpl->form = $form; $tpl->entries = $entries; $tpl->err = $err->toArray(); $tpl->note = $this->note; return $tpl->execute(); } catch (Exception $e) { return template_error($e); } } } }
<h3 style='padding-left:25%; font-weight:bold;'><a name="general-faq"></a>General FAQ</h3> <ol style='width:75%; padding-left:28%; font-size: 16px;'> <li>How do I login?</li> <ul><li>To log into the system, you can simply click the Login button found in the top right corner of the main page. You will need to provide your Queen's NetID and password to log into the system.</li></ul> <br><li>Can I login if I am not a student, staff, or faculty at Queen's?</li> <ul><li>Unfortunately, if you are not a member of the Queen's University community, you cannot register any bicycles with the system.</li></ul> <br><li>In that case, what <strong>can</strong> I do?</li> <ul><li>If you are not a member of the Queen's University community, you are able to search the database by serial number and if it is present in the database, you will be able to file a report with information on where you found the bicycle and how you would like to return it.</li></ul> <br><li>How do I file a missing report if I've found a bicycle?</li> <ul><li>Enter the serial number of the bicycle into the serial search field and click the Search button. If you are unable to find a serial number of the bicycle, you can still submit a report about the bicycle, simply leave the serial search field blank and click the Search button.</li></ul> <br><li>I can't find the bicycle's serial number!</li> <ul><li>Don't Panic! Within the Useful Links section at the bottom of the page, there should be a link with instructions on how to find a serial number on a bicycle.</li></ul> </ol> <?php if (isset($_SERVER['HTTP_QUEENSU_NETID']) and is_registered($dbc, $_SERVER['HTTP_QUEENSU_NETID'])) { ?> <br> <h3 style='padding-left:25%; font-weight:bold;'><a name="cyclist-faq"></a>Cyclist FAQ</h3> <ol style='width:75%; padding-left:28%; font-size: 16px;'> <li>How do I register a bicycle?</li> <ul><li>After you login to the system, you will be directed to the Cyclist home page. Clicking the "Add Bicycle" button will bring you to a page where you can add your bicycle.</li></ul> <br><li>How do I file a missing report if I've lost my bicycle?</li> <ul><li>If you've lost your bicycle you can mark your bicycle as missing by clicking the checkbox in the missing column of that bicycle's row. The checkbox will bring you to a new page where you will be prompted to enter the details of your loss. That is, of course, provided you were smart enough to register your bicycle before losing it.</li></ul> <br><li>How do I edit my bicycle's information?</li> <ul><li>To edit any of your bicycle's information, just click on the information you want to change to open an inline-editing box which will allow you to make your change. Optionally, just get it right the first time.</li></ul> <br><li>How do I edit my bicycle's picture?</li> <ul><li>If you hover your mouse over your bicycle's picture, a camera icon will appear over the picture's center. Clicking on the picture will bring you to a new page where you can choose a new picture for your bicycle. Try to avoid too much dirt, please.</li></ul> <br><li>How do I delete my bicycle?</li> <ul><li>You may have noticed a red X button at the end of each bicycle entry. Pressing this button will bring up a prompt checking if you're really, really, really sure that you want to delete that bicycle entry. Please actually be sure because deletion is permanent.</li></ul> <br><li>How do I edit my phone number?</li>
if ($customer == null) { $message = 'Your email does not match our database.'; include 'customer_login.php'; } else { $_SESSION['customerId'] = $customer['customerID']; $products = get_products(); include 'product_register.php'; } } } } else { if ($action == 'register_product') { $customerID = $_SESSION['customerId']; $submitted_product = filter_input(INPUT_POST, 'product'); if (!$submitted_product == null) { if (!is_registered($submitted_product)) { $inserted = add_registration($customerID, $submitted_product); if ($inserted) { $message = 'Product (' . $submitted_product . ') was registered succesfully.'; } else { $message = 'Product (' . $submitted_product . ') could not be registered.'; } } else { $message = 'Product (' . $submitted_product . ') has already been registered.'; } include 'product_register.php'; } } else { if ($action == 'logout') { // Unset all of the session variables. $_SESSION = array();
<?php global $database; //spristupni databazove funckie global $uzivatel; // trieda aktualneho uzivatela global $aktivny_sklad; //trieda aktivne zvoleneho skladu $organizacia = new Organizacia(); $organizacia->loadFromDatabase($uzivatel->getIdOrganizacie()); // stranka zobrazi sa len ked uzivatel JE prihlaseny, inak presmeruje na zakladn index.php if (!is_registered()) { global $page; $page->redirect(); } ?> <ul id="zoznam_skladov"> <?php //nacitame sklady na prepinac, prednastaveny bude aktivny sklad $query = $database->select("SELECT * FROM sklad WHERE organizacia_id = '" . $organizacia->getID() . "'"); while ($vysl = $database->fetch_array($query)) { //prebehne vsetky nacitane sklady uzivatela //kontrola na aktualnost skladu if ($aktivny_sklad->getId() == $vysl["id"]) { // pri aktivnom sklade vypiseme len nazov echo "<li>" . $vysl["name"] . "</li>"; } else { echo "<li><form><input type='submit' name='submit' value='" . $vysl["name"] . "' >\r\n <input type='hidden' name='sklad_id' value='" . $vysl["id"] . "' >\r\n <input type='hidden' name='action' value='aktivuj_sklad' > \r\n <input type='hidden' name='pageaction' value='items'>\r\n </form></li>"; } } ?>
public function getContent() { global $sql, $user, $cfg; //Lang::load('blocks/shoutbox/lang.*.php'); $err = new Error(); $note = new Notifier('note-shoutbox'); $form = array(); $form['author'] = $user->nickname; if ($_POST['reply-shoutbox']) { $form['author'] = LOGGED ? $user->nickname : filter($_POST['author-shoutbox'], 100); $form['message'] = filter($_POST['message-shoutbox'], $cfg->shoutbox['message_max']); $err->author_empty(t('Field <strong>author</strong> can not be empty.'), !$form['author']); $err->author_exists(t('Entered <strong>nickname</strong> is registered.'), !LOGGED && is_registered($form['author'])); $err->message_empty(t('Field <strong>message</strong> can not be empty.'), !$form['message']); // No errors if (!$err->count()) { $sql->exec(' INSERT INTO ' . DB_PREFIX . 'shoutbox (added, author, message, author_id, author_ip) VALUES ( ' . TIMESTAMP . ', "' . $form['author'] . '", "' . cut($form['message'], $cfg->shoutbox['message_max']) . '", ' . $user->id . ', "' . IP . '")', 'shoutbox.txt'); $note->success(t('Entry was added successfully.')); redirect(HREF . PATH . '#shoutbox'); } else { $note->error($err); } } // If cache for shoutbox doesn't exists if (!($entries = $sql->getCache('shoutbox'))) { $query = $sql->query(' SELECT u.nickname, u.group_id, s.added, s.author, s.author_id, s.message FROM ' . DB_PREFIX . 'shoutbox s, ' . DB_PREFIX . 'users u WHERE u.id = s.author_id ORDER BY s.id DESC LIMIT ' . $cfg->shoutbox['limit']); while ($row = $query->fetch()) { if ($row['author_id']) { $row['author'] = User::format($row['author_id'], $row['nickname'], $row['group_id']); $row['message'] = parse($row['message'], $cfg->shoutbox['parser']); } $entries[] = $row; } $sql->putCacheContent('shoutbox', $entries); } try { $tpl = new PHPTAL('blocks/shoutbox/sbox_overall.html'); $tpl->cfg = $cfg; $tpl->entries = $entries; $tpl->err = $err->toArray(); $tpl->form = $form; $tpl->note = $note; $tpl->user = $user; return $tpl->execute(); } catch (Exception $e) { return template_error($e->getMessage()); //echo Note::error($e->getMessage()); } }