<?php
//login.php
include_once 'header.php';
echo "<h3>Member Log in</h3>";
$error = $user = $pass = "";
if (isset($_POST['user'])) {
$user = sanitiseString($_POST['user']);
$pass = sanitiseString($_POST['pass']);
if ($user == "" || $pass == "") {
$error = "Not all frields were entered<br /><br />";
} else {
$query = "SELECT * FROM members\n\t\t\t\t WHERE user='******' AND pass='******'";
if (mysql_num_rows(queryMysql($query)) == 0) {
$error = "Username/Password invalid<br />";
} else {
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
die("You are now logged in. Please\n\t\t\t\t<a href='members.php?view={$user}'>click here</a>.");
}
}
}
echo <<<_END
<form method='post' action='login.php'>{$error}
Username <input type='text' maxlength='16' name='user' value='{$user}'
\tonBlur='checkUser(this)'/><span id='info'></span><br />
Password <input type='password' maxlength='16' name='pass'
\tvalue='{$pass}' /><br />
<input type='submit' value='Signup' />
</form>
/**
Recursive function that will permit to read each level of XML nodes
*/
function recursiveKeepassXML($xmlRoot, $xmlLevel = 0)
{
global $meta, $root, $group, $name, $entry, $levelMin, $key, $title, $notes, $pw, $username, $url, $newItem, $temparray, $history, $levelInProgress, $historyLevel, $nbItems, $path, $previousLevel, $generatorFound, $cacheFile, $cacheFileF, $numGroups, $numItems, $foldersSeparator, $itemsSeparator, $lineEndSeparator, $keepassVersion, $arrFolders;
$groupsArray = array();
// For each node, get the name and SimpleXML balise
foreach ($xmlRoot as $nom => $elem) {
/*
* check if file is generated by keepass 1
* key "pwentry" is only used in KP1.xx XML files
*/
//echo $nom."-";
if ($nom == "pwentry") {
if (empty($keepassVersion)) {
$keepassVersion = 1;
$generatorFound = true;
$entry = true;
} else {
$entry = true;
}
//get children
$xmlChildren = $elem->children();
//recursive call
recursiveKeepassXML($xmlChildren, $xmlLevel + 1);
}
//IMPORTING KEEPASS 1 XML FILE
if ($keepassVersion == 1) {
if ($entry == true && $nom == "expiretime") {
//save previous keepass entry
$tree = preg_replace('/\\\\/', $foldersSeparator, $temparray['tree']);
fputs($cacheFile, $tree . $itemsSeparator . $temparray[KP_GROUP] . $itemsSeparator . $temparray[KP_TITLE] . $itemsSeparator . $temparray[KP_PW] . $itemsSeparator . $temparray[KP_USERNAME] . $itemsSeparator . $temparray[KP_URL] . $itemsSeparator . $temparray[KP_UUID] . $itemsSeparator . $temparray[KP_NOTES] . "\n");
if (!in_array($temparray['tree'], $arrFolders)) {
fwrite($cacheFileF, $tree . "\n");
array_push($arrFolders, $temparray['tree']);
}
$temparray = array();
$newItem++;
}
if ($entry == true && $nom == "group") {
$temparray[KP_GROUP] = addslashes(preg_replace('#[\\r\\n]#', '', $elem));
foreach ($elem->attributes() as $attributeskey0 => $attributesvalue1) {
if ($attributeskey0 == "tree") {
$path = explode('\\', $attributesvalue1);
if (count($path) > 1) {
unset($path[0]);
$temparray['tree'] = implode('\\', $path) . '\\' . $temparray[KP_GROUP];
} else {
$temparray['tree'] = $temparray[KP_GROUP];
}
}
}
$numGroups++;
} elseif ($entry == true && $nom == "title") {
$temparray[KP_TITLE] = sanitiseString($elem, '');
} elseif ($entry == true && $nom == "username") {
$temparray[KP_USERNAME] = sanitiseString($elem, '');
} elseif ($entry == true && $nom == "url") {
$temparray[KP_URL] = sanitiseString($elem, '');
} elseif ($entry == true && $nom == "uuid") {
$temparray[KP_UUID] = addslashes(preg_replace('#[\\r\\n]#', '', $elem));
} elseif ($entry == true && $nom == "password") {
$temparray[KP_PW] = sanitiseString($elem, '');
} elseif ($entry == true && $nom == "notes") {
$temparray[KP_NOTES] = sanitiseString($elem, '');
}
}
/*
* check if file is generated by keepass 2
*/
if (trim($elem) == "" && $keepassVersion != 1) {
//check if file is generated by keepass 2
if ($nom == "Meta") {
$meta = true;
}
if ($nom == "Root") {
$root = true;
}
if ($nom == "Group") {
$group = true;
$entry = false;
$name = "";
// recap previous info
if (!empty($temparray[KP_TITLE])) {
//store data
fputs($cacheFile, $temparray[KP_PATH] . $itemsSeparator . $temparray[KP_GROUP] . $itemsSeparator . $temparray[KP_TITLE] . $itemsSeparator . $temparray[KP_PW] . $itemsSeparator . $temparray[KP_USERNAME] . $itemsSeparator . $temparray[KP_URL] . $itemsSeparator . $temparray[KP_UUID] . $itemsSeparator . $temparray[KP_NOTES] . "\n");
//Clean temp array
$temparray[KP_TITLE] = $temparray[KP_NOTES] = $temparray[KP_PW] = $temparray[KP_USERNAME] = $temparray[KP_URL] = "";
//increment number
$numItems++;
}
$historyLevel = 0;
}
//History node needs to be managed in order to not polluate final list
if ($nom == "History") {
$history = true;
$entry = false;
$historyLevel = $xmlLevel;
}
if ($nom == "Entry" && ($xmlLevel < $historyLevel || empty($historyLevel))) {
$entry = true;
$group = false;
// recap previous info
if (!empty($temparray[KP_TITLE])) {
//store data
fputs($cacheFile, $temparray[KP_PATH] . $itemsSeparator . $temparray[KP_GROUP] . $itemsSeparator . $temparray[KP_TITLE] . $itemsSeparator . $temparray[KP_PW] . $itemsSeparator . $temparray[KP_USERNAME] . $itemsSeparator . $temparray[KP_URL] . $itemsSeparator . $temparray[KP_UUID] . $itemsSeparator . $temparray[KP_NOTES] . "\n");
//Clean temp array
$temparray[KP_TITLE] = $temparray[KP_NOTES] = $temparray[KP_PW] = $temparray[KP_USERNAME] = $temparray[KP_URL] = $temparray[KP_UUID] = "";
//increment number
$numItems++;
}
$historyLevel = 0;
}
//get children
$xmlChildren = $elem->children();
//recursive call
recursiveKeepassXML($xmlChildren, $xmlLevel + 1);
//IMPORTING KEEPASS 2 XML FILE
} elseif ($keepassVersion != 1) {
// exit if XML file not generated by KeePass
if ($meta == true && $nom == "Generator" && $elem == "KeePass") {
$generatorFound = true;
$keepassVersion = 2;
break;
} elseif ($root == true && $xmlLevel > $levelMin) {
// error_log($nom.",".$elem." - ");
//Check each node name and get data from some of them
if ($entry == true && $nom == "Key" && $elem == "Title") {
$title = true;
$notes = $pw = $url = $username = false;
} elseif ($entry == true && $nom == "Key" && $elem == "Notes") {
$notes = true;
$title = $pw = $url = $username = false;
} elseif ($entry == true && $nom == "UUID") {
$temparray[KP_UUID] = $elem;
} elseif ($entry == true && $nom == "Key" && $elem == "Password") {
$pw = true;
$notes = $title = $url = $username = false;
} elseif ($entry == true && $nom == "Key" && $elem == "URL") {
$url = true;
$notes = $pw = $title = $username = false;
} elseif ($entry == true && $nom == "Key" && $elem == "UserName") {
$username = true;
$notes = $pw = $url = $title = false;
} elseif ($group == true && $nom == "Name") {
$temparray[KP_GROUP] = addslashes(preg_replace('#[\\r\\n]#', '', $elem));
$temparray['level'] = $xmlLevel;
//build current path
if ($xmlLevel > $levelInProgress) {
if (!empty($temparray[KP_PATH])) {
$temparray[KP_PATH] .= $foldersSeparator . $temparray[KP_GROUP];
} else {
$temparray[KP_PATH] = $temparray[KP_GROUP];
}
} elseif ($xmlLevel == $levelInProgress) {
if ($levelInProgress == 3) {
$temparray[KP_PATH] = $temparray[KP_GROUP];
} else {
$temparray[KP_PATH] = substr($temparray[KP_PATH], 0, strrpos($temparray[KP_PATH], $foldersSeparator) + strlen($foldersSeparator)) . $temparray[KP_GROUP];
}
} else {
$diff = abs($xmlLevel - $levelInProgress) + 1;
$tmp = explode($foldersSeparator, $temparray[KP_PATH]);
$temparray[KP_PATH] = "";
for ($x = 0; $x < count($tmp) - $diff; $x++) {
if (!empty($temparray[KP_PATH])) {
$temparray[KP_PATH] = $temparray[KP_PATH] . $foldersSeparator . $tmp[$x];
} else {
$temparray[KP_PATH] = $tmp[$x];
}
}
if (!empty($temparray[KP_PATH])) {
$temparray[KP_PATH] .= $foldersSeparator . $temparray[KP_GROUP];
} else {
$temparray[KP_PATH] = $temparray[KP_GROUP];
}
}
//store folders
if (!in_array($temparray[KP_PATH], $groupsArray)) {
fwrite($cacheFileF, $temparray[KP_PATH] . "\n");
array_push($groupsArray, $temparray[KP_PATH]);
//increment number
$numGroups++;
}
//Store actual level
$levelInProgress = $xmlLevel;
$previousLevel = $temparray[KP_GROUP];
} elseif ($title == true && $nom == "Value") {
$title = false;
$temparray[KP_TITLE] = sanitiseString($elem, '');
} elseif ($notes == true && $nom == "Value") {
$notes = false;
$temparray[KP_NOTES] = sanitiseString($elem, '');
} elseif ($pw == true && $nom == "Value") {
$pw = false;
$temparray[KP_PW] = sanitiseString($elem, '');
} elseif ($url == true && $nom == "Value") {
$url = false;
$temparray[KP_URL] = sanitiseString($elem, '');
} elseif ($username == true && $nom == "Value") {
$username = false;
$temparray[KP_USERNAME] = sanitiseString($elem, '');
}
}
}
}
}
<?php
//xmlget.php
if (isset($_GET['url'])) {
header('Content-Type: text/xml');
echo file_get_contents("http://" . sanitiseString($_GET['url']));
}
function sanitiseString($var)
{
$var = strip_tags($var);
$var = htmlentities($var);
return stripslashes($var);
}
$name2 = "{$view}'s";
}
echo "<h3>{$name1} Messages</h3>";
showProfile($view);
//The HTML form for writing messages:
echo <<<_END
<form method='post' action='messages.php?view={$view}'>
Type here to leave a message:<br />
<textarea name='text' cols='40' rows='3'></textarea><br />
Public<input type='radio' name='pm' value='0' checked='checked' />
Private<input type='radio' name='pm' value='1' />
<input type='submit' value='Post Message' /></form>
_END;
//Check for user deleting a message:
if (isset($_GET['erase'])) {
$erase = sanitiseString($_GET['erase']);
queryMysql("DELETE FROM messages WHERE id={$erase}\n\t\t\t\t AND recip='{$user}'");
}
//Now display all messages in descending time order:
$query = "SELECT * FROM messages WHERE recip='{$view}'\n\t\t\t ORDER BY time DESC";
$result = queryMysql($query);
$num = mysql_num_rows($result);
for ($j = 0; $j < $num; ++$j) {
$row = mysql_fetch_row($result);
if ($row[3] == 0 || $row[1] == $user || $row[2] == $user) {
echo date('M jS \'y g:sa:', $row[4]);
echo " <a href='messages.php?";
echo "view={$row['1']}'>{$row['1']}</a> ";
if ($row[3] == 0) {
echo "wrote: "{$row['5']}" ";
} else {
<?php
//checkuser.php
include_once 'functions.php';
if (isset($_POST['user'])) {
$user = sanitiseString($_POST['user']);
$query = "SELET * FROM members WHERE user='******'";
if (mysql_num_row(queryMysql($query))) {
echo "<font color=red> ←\n\t\t\tSorry, already taken</font>";
} else {
echo "<font color=green> ←\n\t\t\tUsername available</font>";
}
}
<?php
//photos.php
require_once "photos_header.php";
if (isset($_GET['view'])) {
$view = sanitiseString($_GET['view']);
} else {
$view = "home";
}
if ($view != "") {
echo "view parameter: {$view}<br />";
echo <<<_END
<p>{$view} content goes here.</p>
</div></body></html>
_END;
}
$name = "{$view}'s";
}
echo "<h3>{$name} Page</h3>";
showProfile($view);
echo "<a href='messages.php?view={$view}'>{$name} Messages</a><br />";
die("<a href='friends.php?view={$view}'>{$name} Friends</a><br />");
}
if (isset($_GET['add'])) {
$add = sanitiseString($_GET['add']);
$query = "SELECT * FROM friends WHERE user='******'\n\t\t\t AND friend='{$user}'";
if (!mysql_num_rows(queryMysql($query))) {
$query = "INSERT INTO friends VALUES ('{$add}', '{$user}')";
queryMysql($query);
}
} elseif (isset($_GET['remove'])) {
$remove = sanitiseString($_GET['remove']);
$query = "DELETE FROM friends WHERE user='******'\n\t\t\t AND friend='{$user}'";
queryMysql($query);
}
$result = queryMysql("SELECT user FROM members ORDER BY user");
$num = mysql_num_rows($result);
echo "<h3>Other Members</h3><ul>";
for ($j = 0; $j < $num; ++$j) {
$row = mysql_fetch_row($result);
if ($row[0] == $user) {
continue;
}
echo "<li><a href='members.php?view={$row['0']}'>{$row['0']}</a>";
$query = "SELECT * FROM friends WHERE user='******'0']}'\n\t\t\t AND friend='{$user}'";
$t1 = mysql_num_rows(queryMysql($query));
$query = "SELECT * FROM friends WHERE user='******'\n\t\t\t AND friend='{$row['0']}'";
function sanitiseMySQL($var)
{
$var = mysql_real_escape_string($var);
$var = sanitiseString($var);
return $var;
}
<?php
//convert.php
//A program to convert values between Fahrenheit and Celcius.
$f = $c = "";
if (isset($_POST['f'])) {
$f = sanitiseString($_POST['f']);
}
if (isset($_POST['c'])) {
$f = sanitiseString($_POST['c']);
}
if ($f != '') {
$c = intval(5 / 9) * ($f - 32);
$out = "{$f} F equals {$c} C";
} else {
if ($c != '') {
$f = intval(9 / 5 * $c + 32);
$out = "{$c} C equals {$f} F";
} else {
$out = "";
}
}
echo <<<_END
<html><head><title>Temperature Converter</title>
</head>
<body><pre>
Enter either Fahrenheit or Celcius and click on Convert
<b>{$out}</b>
<form method="post" action="convert.php">
Fahrenheit <input type="text" name="f" size="7" />
<?php
//profile.php
include_once 'header.php';
if (!isset($_SESSION['user'])) {
die("<br /><br />You need to login to view this page");
}
$user = $_SESSION['user'];
echo "<h3>Edit your Profile</h3>";
if (isset($_POST['text'])) {
$text = sanitiseString($_POST['text']);
$text = preg_replace('/\\s\\+/', ' ', $text);
$query = "SELECT * FROM profiles WHERE user='******'";
if (mysql_num_rows(queryMysql($query))) {
queryMysql("UPDATE profiles SET text='{$text}'\n\t\t\t\t\tWHERE user='******'");
} else {
$query = "INSERT INTO profiles VALUES('{$user}', '{$text}')";
queryMysql($query);
}
} else {
$query = "SELECT * FROM profiles WHERE user='******'";
$result = queryMysql($query);
if ($result) {
$row = mysql_fetch_row($result);
$text = stripslashes($row[1]);
} else {
$text = "";
}
}
$text = stripslashes(preg_replace('/\\s\\+/', ' ', $text));
if (isset($_FILES['image']['name'])) {
<?php
//photos_header.php
//Top part of each photos page.
require_once 'header.php';
if (isset($_GET['view'])) {
$view = ucwords(sanitiseString($_GET['view']));
echo "<h1>Photos - {$view}</h1>";
} else {
echo "<h1>Photos</h1>";
}
echo <<<_END
<div id="mainbox">
<div id="link-submenu">
<ul>
<li><a href="photos.php?view=sunrises">sunrises</a></li>
<li><a href="photos.php?view=sunsets">sunsets</a></li>
<li><a href="photos.php?view=mountains and valleys">mountains & valleys</a></li>
<li><a href="photos.php?view=cities">cities</a></li>
<li><a href="photos.php?view=beaches and oceans">beaches & oceans</a></li>
<li><a href="photos.php?view=trees and plants">trees & plants</a></li>
<li><a href="photos.php?view=animals">animals</a></li>
</ul>
</div>
</div>
_END
;
