function my_clean($x)
{
global $db;
if (!is_object($db)) {
$db = my_connect();
}
if (is_array($x)) {
foreach ($x as $k => $v) {
$clean[$k] = my_clean($v);
}
} else {
if (is_numeric($x)) {
$clean = $x;
} else {
$clean = $db->real_escape_string($x);
}
}
return $clean;
}
<?php
// add a user's facialmetric equation to the database
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
auth();
$return = array('error' => false, 'errorText' => '');
// clean the equation
// Remove whitespaces
$eq = preg_replace('/\\s+/', '', $_POST['eq']);
$blank_eq = str_replace(array('abs(', 'min(', 'max(', 'atan(', 'asin(', 'acos(', 'tan(', 'sin(', 'cos(', 'sqrt(', 'pow(', 'rad2deg(', 'x[', 'y[', ']', '(', ')', '.', ',', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '-', '*', '/'), '', $eq);
if (!empty($blank_eq)) {
$return['error'] = true;
$return['errorText'] .= 'The equation was not valid. These characters need to be removed: ' . $blank_eq;
} else {
$user = $_SESSION['user_id'];
$name = my_clean($_POST['name']);
$desc = my_clean($_POST['desc']);
$q = new myQuery("REPLACE INTO fm (user_id, name, description, equation) \n VALUES ('{$user}', '{$name}', '{$desc}', '{$_POST['eq']}')");
if ($q->get_affected_rows() == 1) {
$return['name'] = $name;
$return['desc'] = $desc;
$return['eq'] = $_POST['eq'];
} else {
$return['name'] = $q->get_affected_rows();
}
}
scriptReturn($return);
exit;
?>
<?php
// set up data to delineate an image
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
auth();
ini_set('max_execution_time', 10);
if (array_key_exists('img', $_POST)) {
if (is_numeric($_POST['img'])) {
// get saved image by id number
$q = new myQuery('SELECT name FROM img WHERE id=' . intval($_POST['img']));
$name = '/images' . $q->get_one();
echo $name;
exit;
} else {
$name = my_clean($_POST['img']);
}
$imgname = str_replace("//", "/", $name);
if (substr($imgname, -4) == '.tem') {
// find the actual image associated with this tem if only a tem was passed
$imgname = preg_replace('@\\.(jpg|png|gif|tem)$@', '.jpg', $imgname);
if (!file_exists(IMAGEBASEDIR . $imgname)) {
$imgname = preg_replace('@\\.(jpg|png|gif|tem)$@', '.png', $imgname);
} else {
if (!file_exists(IMAGEBASEDIR . $imgname)) {
$imgname = preg_replace('@\\.(jpg|png|gif|tem)$@', '.gif', $imgname);
} else {
if (!file_exists(IMAGEBASEDIR . $imgname)) {
$imgname = preg_replace('@\\.(jpg|png|gif|tem)$@', '.tem', $imgname);
}
}
}
<?php
// get or set a user's read messages
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
auth();
$return = array('error' => false, 'errorText' => '', 'read_msg_ids' => array());
$user = $_SESSION['user_id'];
if (empty($user)) {
$return['error'] = true;
$return['errorText'] = "No user is logged in";
} else {
if (array_key_exists('msg_id', $_POST)) {
// mark a message as read
$msg_id = my_clean($_POST['msg_id']);
$q = new myQuery("INSERT INTO msg (id, user_id, dt) VALUES ('{$msg_id}', '{$user}', NOW())");
}
// get all read messages for this user
$q = new myQuery("SELECT id FROM msg WHERE user_id='{$user}'");
$return['read_msg_ids'] = $q->get_col('id');
}
scriptReturn($return);
exit;
/*
CREATE TABLE msg (
id VARCHAR(32),
user_id INT(8) UNSIGNED,
dt DATETIME,
INDEX (user_id)
);
*/
function cleanTags($tags)
{
$tagArray = is_array($tags) ? $tags : explode(';', $tags);
$tagArray = array_filter($tagArray, strlen);
// get rid of blank tags
foreach ($tagArray as $i => $t) {
$t = trim($t);
$t = str_replace(array('"', "'", "\\"), '', $t);
$t = str_replace(' ', '_', $t);
$t = my_clean($t);
$tagArray[$i] = $t;
}
return $tagArray;
}
<?php
// add a user's mask structure to the database
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
auth();
$return = array('error' => false, 'errorText' => '');
$user = $_SESSION['user_id'];
$name = my_clean($_POST['name']);
$tem_id = intval($_POST['tem_id']);
// clean the mask
$mask = preg_replace('/\\s+/', '', $_POST['mask']);
// Remove whitespaces
$blank_mask = str_replace(array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', ',', ';', ':'), '', $mask);
if (!empty($blank_mask)) {
$return['error'] = true;
$return['errorText'] .= 'The equation was not valid. These characters need to be removed: ' . $blank_mask;
} else {
$q = new myQuery("REPLACE INTO mask (user_id, name, tem_id, mask) \n VALUES ('{$user}', '{$name}', '{$tem_id}', '{$mask}')");
if ($q->get_affected_rows() == 1) {
$return['name'] = $name;
$return['mask'] = $mask;
$return['tem_id'] = $tem_id;
} else {
$return['name'] = $q->get_affected_rows();
}
}
scriptReturn($return);
exit;
/*
CREATE TABLE mask (
<?php
// edit the name or notes of a project
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
auth();
$return = array('error' => false, 'errorText' => '');
$user = $_SESSION['user_id'];
$project = intval($_POST['project']);
$newtext = my_clean($_POST['newname']);
$category = $_POST['category'] == "name" ? "name" : "notes";
$q = new myQuery("SELECT 1 FROM project_user WHERE project_id='{$project}' AND user_id='{$user}'");
if ($q->get_affected_rows() > 0) {
$q = new myQuery("UPDATE project SET {$category} = '{$newtext}' WHERE id={$project}");
if ($q->get_affected_rows() == 0) {
$return['error'] = true;
$return['errorText'] = "The project could not be updated";
}
} else {
$return['error'] = true;
$return['errorText'] = "You do not have permission to change this project";
}
scriptReturn($return);
exit;
?>
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
date_default_timezone_set('Europe/London');
include DOC_ROOT . '/include/classes/PHPMailer/PHPMailerAutoload.php';
$return = array('error' => false, 'errorText' => '');
$id = my_clean($_POST['id']);
$auth = cleanData($_POST, 'auth', array("user", "disabled"), $default = 'disabled');
$q = new myQuery("UPDATE user SET status='{$auth}' WHERE id={$id}");
if ($auth == "user" && $q->get_affected_rows() == 1) {
// create a new password
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789123456789";
$password = substr(str_shuffle($chars), 0, 10);
$salt = '$2y$10$' . substr(md5(microtime()), 0, 21) . '$';
$hash = crypt($password, $salt);
$q = new myQuery(array("UPDATE user SET password='******' WHERE id='{$id}'", "SELECT email FROM user WHERE id='{$id}'"));
$email = $q->get_one();
$return['email'] = $email;
if (DEBUG) {
$return['newpass'] = $password;
}
// only for debugging!!!!
// email new password to the user
$to = $email;
$subject = 'WebMorph.org Account Authorized';
$headers = "From: lisa.debruine@glasgow.ac.uk\r\n";
$headers .= "Reply-To: lisa.debruine@glasgow.ac.uk\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$message = "<html><body style='color: rgb(50,50,50); font-family:\"Lucida Grande\"';>" . "<p>Hi {$email},</p>\n" . "<p>Your requested <a href='http://webmorph.org'>WebMorph</a> account has been authorized.</p>\n" . "<p>Remember, WebMorph is in beta testing, so there are likely to be problems sometimes. \n WebMorph should work with Chrome and Safari, but I develop in FireFox, so errors are usually \n caught there first.</p>\n" . "<div style='border: 3px solid hsl(200,100%,20%); " . " box-shadow: 2px 2px 4px rgba(0,0,0,0.5);border-radius: 1em; padding: 1em; " . " text-align: center; width: 18em; margin: auto;'>\n" . " Your new password:\n" . " <div style='font-size: 200%; margin-top: 0.5em;'>{$password}</div>\n" . "</div>\n" . "<p>You can reset your password after logging in by going to the Preferences menu option.</p>\n" . "<p>Kind regards,</p>\n" . "<p>Lisa DeBruine</p>\n" . "</body></html>\n.";
$text_message = "Hi {$email},\n" . "Your requested <a href='http://webmorph.org'>WebMorph</a> account has been authorized.\n\n" . "Remember, WebMorph is in beta testing, so there are likely to be problems sometimes. \n WebMorph should work with Chrome and Safari, but I develop in FireFox, so errors are usually \n caught there first. \n\n" . "Your new password: {$password} \n\n" . "You can reset your password after logging in by going to the Preferences menu option.</p>\n\n" . "Kind regards,\n" . "Lisa DeBruine\n.";
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
date_default_timezone_set('Europe/London');
include DOC_ROOT . '/include/classes/PHPMailer/PHPMailerAutoload.php';
$return = array('error' => false, 'errorText' => '');
$email = my_clean($_POST['email']);
$q = new myQuery("SELECT id, firstname, lastname FROM user WHERE LCASE(email)=LCASE('{$email}')");
if ($q->get_num_rows() == 1) {
$res = $q->get_one_array();
$id = $res['id'];
// create a new password
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789123456789";
$password = substr(str_shuffle($chars), 0, 10);
$salt = '$2y$10$' . substr(md5(microtime()), 0, 21) . '$';
$hash = crypt($password, $salt);
$q = new myQuery("UPDATE user SET password='******' WHERE LCASE(email)=LCASE('{$email}') AND id='{$id}'");
if (DEBUG) {
$return['newpass'] = $password;
}
// only for debugging!!!!
// email new password to the user
$to = $email;
$subject = 'WebMorph.org password change';
$headers = "From: lisa.debruine@glasgow.ac.uk\r\n";
$headers .= "Reply-To: lisa.debruine@glasgow.ac.uk\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$message = "<html><body style='color: rgb(50,50,50); font-family:\"Lucida Grande\"';>" . "<p>Hi {$email},</p>\n" . "<p>You (or someone) just reset your password at <a href='http://webmorph.org'>WebMorph</a>.</p>\n" . "<div style='border: 3px solid hsl(200,100%,20%); " . " box-shadow: 2px 2px 4px rgba(0,0,0,0.5);border-radius: 1em; padding: 1em; " . " text-align: center; width: 18em; margin: auto;'>\n" . " Your new password:\n" . " <div style='font-size: 200%; margin-top: 0.5em;'>{$password}</div>\n" . "</div>\n" . "<p>You can reset your password after logging in by going to the Preferences menu option.</p>\n" . "<p>Kind regards,</p>\n" . "<p>Lisa DeBruine</p>\n" . "</body></html>\n.";
$text_message = "Hi {$email},\n" . "You (or someone) just reset your password at <a href='http://webmorph.org'>WebMorph</a>.\n\n" . "Your new password: {$password} \n\n" . "You can reset your password after logging in by going to the Preferences menu option.</p>\n\n" . "Kind regards,\n" . "Lisa DeBruine\n.";
//mail($to, $subject, $message, $headers);
$return['error'] = true;
$return['errorText'] .= "<li>Your account has been disabled.</li>";
} else {
if ($hash == $hash_check) {
$return['user'] = $id;
$q = new myQuery("INSERT INTO login (user_id, logintime) VALUES ({$id}, NOW())");
// set session variables
$_SESSION['user_id'] = $id;
if ($id == 1) {
$_SESSION['superuser'] = true;
}
// check if they have any project folders
$q = new myQuery("SELECT project_id FROM project_user WHERE user_id={$id}");
if ($q->get_num_rows() == 0) {
$notes = my_clean("{$res['firstname']} {$res['lastname']} ({$res['email']}) first project");
$projname = my_clean("{$res['firstname']} {$res['lastname']} Project");
$q = new myQuery("INSERT INTO project (user_id, name, dt, notes) VALUES ({$id}, '{$projname}', NOW(), '{$notes}')");
$new_proj_id = $q->get_insert_id();
$mydir = IMAGEBASEDIR . $new_proj_id;
if ($new_proj_id > 1 && !mkdir($mydir, DIRPERMS)) {
$return['error'] = true;
$return['errorText'] .= '<li>Your default image directory could not be created</li>';
$q->set_query("DELETE FROM project WHERE id={$new_proj_id}");
} else {
mkdir($mydir . '/.tmp', DIRPERMS);
mkdir($mydir . '/.trash', DIRPERMS);
copy(DOC_ROOT . '/include/examples/_female_avg.jpg', $mydir . '/_female_avg.jpg');
copy(DOC_ROOT . '/include/examples/_female_avg.tem', $mydir . '/_female_avg.tem');
copy(DOC_ROOT . '/include/examples/_male_avg.jpg', $mydir . '/_male_avg.jpg');
copy(DOC_ROOT . '/include/examples/_male_avg.tem', $mydir . '/_male_avg.tem');
$q = new myQuery("INSERT INTO project_user (project_id, user_id) VALUES ({$new_proj_id}, {$id})");
$return['errorText'] .= '<li>' . $email . ' is an invalid email address</li>';
} else {
// check if email is already in use
$q = new myQuery("SELECT id FROM user WHERE LCASE(email)=LCASE('{$email}')");
if ($q->get_num_rows() == 1) {
$return['error'] = true;
$return['errorText'] .= '<li>A user with the email address “' . $email . '” already exists.</li>';
} else {
// register the new user!
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890123456789";
$password = substr(str_shuffle($chars), 0, 10);
$salt = '$2y$10$' . substr(md5(microtime()), 0, 21) . '$';
$hash = crypt($password, $salt);
$firstname = my_clean($_POST['firstname']);
$lastname = my_clean($_POST['lastname']);
$org = my_clean($_POST['org']);
$sex = in_array($_POST['sex'], array('male', 'female', 'other')) ? $_POST['sex'] : 'NULL';
$research = $_POST['research'] == 'true' ? 1 : 0;
$business = $_POST['business'] == 'true' ? 1 : 0;
$personal = $_POST['personal'] == 'true' ? 1 : 0;
$school = $_POST['school'] == 'true' ? 1 : 0;
$art = $_POST['art'] == 'true' ? 1 : 0;
$status = $_POST['invite'] === 'faces94' ? 'user' : 'requested';
$q = new myQuery("INSERT INTO user \n (email, password, firstname, lastname, organisation, sex, research, business, personal, art, school, status, regdate) \n VALUES ('{$email}', '{$hash}', '{$firstname}', '{$lastname}', '{$org}', '{$sex}', {$research}, {$business}, {$personal}, {$art}, {$school}, '{$status}', NOW())");
date_default_timezone_set('Europe/London');
include DOC_ROOT . '/include/classes/PHPMailer/PHPMailerAutoload.php';
if ($status == "requested") {
$q = new myQuery("SELECT COUNT(*) as c FROM user WHERE status='requested'");
$wait_list = $q->get_one();
$message = "<html><body style='color: rgb(50,50,50); font-family:\"Lucida Grande\"';>" . "<p>Hi {$firstname} {$lastname},</p>\n" . "<p>You (or someone) just created an account at <a href='http://webmorph.org'>WebMorph</a>.</p>\n" . "<p>You will receive an email with your password when your account is authorized. \n Because WebMorph is in alpha testing, we are limiting the number of users. \n You are number {$wait_list} on the wait list.</p>\n" . "<p>Kind regards,</p>\n" . "<p>Lisa DeBruine</p>\n" . "</body></html>\n.";
$text_message = "Hi {$firstname} {$lastname},\n" . "You (or someone) just created an account at <a href='http://webmorph.org'>WebMorph</a>.\n\n" . "You will receive an email with your password when your account is authorized. Because WebMorph is in alpha testing, we are limiting the number of users. You are number {$wait_list} on the wait list.\n" . "Kind regards,\n" . "Lisa DeBruine\n.";
<?php
// create a new project
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
auth();
$return = array('error' => false, 'errorText' => '');
$user = $_SESSION['user_id'];
$name = my_clean($_POST['name']);
$notes = my_clean($_POST['notes']);
$q = new myQuery("INSERT INTO project (user_id, name, dt, notes) \n VALUES ('{$user}', '{$name}', NOW(), '{$notes}')");
$new_proj_id = $q->get_insert_id();
$mydir = IMAGEBASEDIR . $new_proj_id;
try {
if (file_exists($mydir)) {
throw new Exception("<li>{$new_proj_id} already exists</li>");
} else {
if (!mkdir($mydir, DIRPERMS)) {
throw new Exception("<li>{$new_proj_id} could not be created</li>");
} else {
mkdir($mydir . '/.tmp', DIRPERMS);
mkdir($mydir . '/.trash', DIRPERMS);
copy(DOC_ROOT . '/include/examples/_female_avg.jpg', $mydir . '/_female_avg.jpg');
copy(DOC_ROOT . '/include/examples/_female_avg.tem', $mydir . '/_female_avg.tem');
copy(DOC_ROOT . '/include/examples/_male_avg.jpg', $mydir . '/_male_avg.jpg');
copy(DOC_ROOT . '/include/examples/_male_avg.tem', $mydir . '/_male_avg.tem');
copy(DOC_ROOT . '/include/examples/webmorph_template_batchAvg.txt', $mydir . '/_batchAvg_template.txt');
copy(DOC_ROOT . '/include/examples/webmorph_template_batchTrans.txt', $mydir . '/_batchTrans_template.txt');
copy(DOC_ROOT . '/include/examples/webmorph_template_batchEdit.txt', $mydir . '/_batchEdit_template.txt');
$return['project'] = $new_proj_id;
$q = new myQuery("INSERT INTO project_user (project_id, user_id) VALUES ({$new_proj_id}, {$user})");
$q->set_query("INSERT INTO img (user_id, dt, project_id, name, width, height) " . "VALUES ({$user}, NOW(), {$new_proj_id}, '/_female_avg.jpg', 1350, 1800), " . " ({$user}, NOW(), {$new_proj_id}, '/_male_avg.jpg', 1350, 1800)");
<?php
// get next or prev image in a user's database
// need to add failsafes if the database is out of date (or r-write to look in directories rather than the db)
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
auth();
$return = array('error' => false, 'errorText' => '');
$id = $_SESSION['user_id'];
if (array_key_exists('next', $_POST)) {
$thisImg = my_clean($_POST['next']);
$order = 1;
} elseif (array_key_exists('prev', $_POST)) {
$thisImg = my_clean($_POST['prev']);
$order = -1;
}
preg_match("/^\\d{1,11}\\//", $thisImg, $project);
$project = str_replace('/', '', $project[0]);
$path = pathinfo(IMAGEBASEDIR . $thisImg);
$dir = $path['dirname'];
$filename = $path['basename'];
$filelist = glob($dir . '/*.{jpg,png,gif}', GLOB_BRACE);
$n = count($filelist);
if ($n) {
sort($filelist);
$return['filelist'] = $filelist;
$key = array_search(IMAGEBASEDIR . $thisImg, $filelist);
$newkey = ($n + ($key + $order)) % $n;
$return['img'] = str_replace(IMAGEBASEDIR, '', $filelist[$newkey]);
} else {
$return['error'] = true;
}
