<?php //login.php include_once 'header.php'; echo "<h3>Member Log in</h3>"; $error = $user = $pass = ""; if (isset($_POST['user'])) { $user = sanitiseString($_POST['user']); $pass = sanitiseString($_POST['pass']); if ($user == "" || $pass == "") { $error = "Not all frields were entered<br /><br />"; } else { $query = "SELECT * FROM members\n\t\t\t\t WHERE user='******' AND pass='******'"; if (mysql_num_rows(queryMysql($query)) == 0) { $error = "Username/Password invalid<br />"; } else { $_SESSION['user'] = $user; $_SESSION['pass'] = $pass; die("You are now logged in. Please\n\t\t\t\t<a href='members.php?view={$user}'>click here</a>."); } } } echo <<<_END <form method='post' action='login.php'>{$error} Username <input type='text' maxlength='16' name='user' value='{$user}' \tonBlur='checkUser(this)'/><span id='info'></span><br /> Password <input type='password' maxlength='16' name='pass' \tvalue='{$pass}' /><br /> <input type='submit' value='Signup' /> </form>
/** Recursive function that will permit to read each level of XML nodes */ function recursiveKeepassXML($xmlRoot, $xmlLevel = 0) { global $meta, $root, $group, $name, $entry, $levelMin, $key, $title, $notes, $pw, $username, $url, $newItem, $temparray, $history, $levelInProgress, $historyLevel, $nbItems, $path, $previousLevel, $generatorFound, $cacheFile, $cacheFileF, $numGroups, $numItems, $foldersSeparator, $itemsSeparator, $lineEndSeparator, $keepassVersion, $arrFolders; $groupsArray = array(); // For each node, get the name and SimpleXML balise foreach ($xmlRoot as $nom => $elem) { /* * check if file is generated by keepass 1 * key "pwentry" is only used in KP1.xx XML files */ //echo $nom."-"; if ($nom == "pwentry") { if (empty($keepassVersion)) { $keepassVersion = 1; $generatorFound = true; $entry = true; } else { $entry = true; } //get children $xmlChildren = $elem->children(); //recursive call recursiveKeepassXML($xmlChildren, $xmlLevel + 1); } //IMPORTING KEEPASS 1 XML FILE if ($keepassVersion == 1) { if ($entry == true && $nom == "expiretime") { //save previous keepass entry $tree = preg_replace('/\\\\/', $foldersSeparator, $temparray['tree']); fputs($cacheFile, $tree . $itemsSeparator . $temparray[KP_GROUP] . $itemsSeparator . $temparray[KP_TITLE] . $itemsSeparator . $temparray[KP_PW] . $itemsSeparator . $temparray[KP_USERNAME] . $itemsSeparator . $temparray[KP_URL] . $itemsSeparator . $temparray[KP_UUID] . $itemsSeparator . $temparray[KP_NOTES] . "\n"); if (!in_array($temparray['tree'], $arrFolders)) { fwrite($cacheFileF, $tree . "\n"); array_push($arrFolders, $temparray['tree']); } $temparray = array(); $newItem++; } if ($entry == true && $nom == "group") { $temparray[KP_GROUP] = addslashes(preg_replace('#[\\r\\n]#', '', $elem)); foreach ($elem->attributes() as $attributeskey0 => $attributesvalue1) { if ($attributeskey0 == "tree") { $path = explode('\\', $attributesvalue1); if (count($path) > 1) { unset($path[0]); $temparray['tree'] = implode('\\', $path) . '\\' . $temparray[KP_GROUP]; } else { $temparray['tree'] = $temparray[KP_GROUP]; } } } $numGroups++; } elseif ($entry == true && $nom == "title") { $temparray[KP_TITLE] = sanitiseString($elem, ''); } elseif ($entry == true && $nom == "username") { $temparray[KP_USERNAME] = sanitiseString($elem, ''); } elseif ($entry == true && $nom == "url") { $temparray[KP_URL] = sanitiseString($elem, ''); } elseif ($entry == true && $nom == "uuid") { $temparray[KP_UUID] = addslashes(preg_replace('#[\\r\\n]#', '', $elem)); } elseif ($entry == true && $nom == "password") { $temparray[KP_PW] = sanitiseString($elem, ''); } elseif ($entry == true && $nom == "notes") { $temparray[KP_NOTES] = sanitiseString($elem, ''); } } /* * check if file is generated by keepass 2 */ if (trim($elem) == "" && $keepassVersion != 1) { //check if file is generated by keepass 2 if ($nom == "Meta") { $meta = true; } if ($nom == "Root") { $root = true; } if ($nom == "Group") { $group = true; $entry = false; $name = ""; // recap previous info if (!empty($temparray[KP_TITLE])) { //store data fputs($cacheFile, $temparray[KP_PATH] . $itemsSeparator . $temparray[KP_GROUP] . $itemsSeparator . $temparray[KP_TITLE] . $itemsSeparator . $temparray[KP_PW] . $itemsSeparator . $temparray[KP_USERNAME] . $itemsSeparator . $temparray[KP_URL] . $itemsSeparator . $temparray[KP_UUID] . $itemsSeparator . $temparray[KP_NOTES] . "\n"); //Clean temp array $temparray[KP_TITLE] = $temparray[KP_NOTES] = $temparray[KP_PW] = $temparray[KP_USERNAME] = $temparray[KP_URL] = ""; //increment number $numItems++; } $historyLevel = 0; } //History node needs to be managed in order to not polluate final list if ($nom == "History") { $history = true; $entry = false; $historyLevel = $xmlLevel; } if ($nom == "Entry" && ($xmlLevel < $historyLevel || empty($historyLevel))) { $entry = true; $group = false; // recap previous info if (!empty($temparray[KP_TITLE])) { //store data fputs($cacheFile, $temparray[KP_PATH] . $itemsSeparator . $temparray[KP_GROUP] . $itemsSeparator . $temparray[KP_TITLE] . $itemsSeparator . $temparray[KP_PW] . $itemsSeparator . $temparray[KP_USERNAME] . $itemsSeparator . $temparray[KP_URL] . $itemsSeparator . $temparray[KP_UUID] . $itemsSeparator . $temparray[KP_NOTES] . "\n"); //Clean temp array $temparray[KP_TITLE] = $temparray[KP_NOTES] = $temparray[KP_PW] = $temparray[KP_USERNAME] = $temparray[KP_URL] = $temparray[KP_UUID] = ""; //increment number $numItems++; } $historyLevel = 0; } //get children $xmlChildren = $elem->children(); //recursive call recursiveKeepassXML($xmlChildren, $xmlLevel + 1); //IMPORTING KEEPASS 2 XML FILE } elseif ($keepassVersion != 1) { // exit if XML file not generated by KeePass if ($meta == true && $nom == "Generator" && $elem == "KeePass") { $generatorFound = true; $keepassVersion = 2; break; } elseif ($root == true && $xmlLevel > $levelMin) { // error_log($nom.",".$elem." - "); //Check each node name and get data from some of them if ($entry == true && $nom == "Key" && $elem == "Title") { $title = true; $notes = $pw = $url = $username = false; } elseif ($entry == true && $nom == "Key" && $elem == "Notes") { $notes = true; $title = $pw = $url = $username = false; } elseif ($entry == true && $nom == "UUID") { $temparray[KP_UUID] = $elem; } elseif ($entry == true && $nom == "Key" && $elem == "Password") { $pw = true; $notes = $title = $url = $username = false; } elseif ($entry == true && $nom == "Key" && $elem == "URL") { $url = true; $notes = $pw = $title = $username = false; } elseif ($entry == true && $nom == "Key" && $elem == "UserName") { $username = true; $notes = $pw = $url = $title = false; } elseif ($group == true && $nom == "Name") { $temparray[KP_GROUP] = addslashes(preg_replace('#[\\r\\n]#', '', $elem)); $temparray['level'] = $xmlLevel; //build current path if ($xmlLevel > $levelInProgress) { if (!empty($temparray[KP_PATH])) { $temparray[KP_PATH] .= $foldersSeparator . $temparray[KP_GROUP]; } else { $temparray[KP_PATH] = $temparray[KP_GROUP]; } } elseif ($xmlLevel == $levelInProgress) { if ($levelInProgress == 3) { $temparray[KP_PATH] = $temparray[KP_GROUP]; } else { $temparray[KP_PATH] = substr($temparray[KP_PATH], 0, strrpos($temparray[KP_PATH], $foldersSeparator) + strlen($foldersSeparator)) . $temparray[KP_GROUP]; } } else { $diff = abs($xmlLevel - $levelInProgress) + 1; $tmp = explode($foldersSeparator, $temparray[KP_PATH]); $temparray[KP_PATH] = ""; for ($x = 0; $x < count($tmp) - $diff; $x++) { if (!empty($temparray[KP_PATH])) { $temparray[KP_PATH] = $temparray[KP_PATH] . $foldersSeparator . $tmp[$x]; } else { $temparray[KP_PATH] = $tmp[$x]; } } if (!empty($temparray[KP_PATH])) { $temparray[KP_PATH] .= $foldersSeparator . $temparray[KP_GROUP]; } else { $temparray[KP_PATH] = $temparray[KP_GROUP]; } } //store folders if (!in_array($temparray[KP_PATH], $groupsArray)) { fwrite($cacheFileF, $temparray[KP_PATH] . "\n"); array_push($groupsArray, $temparray[KP_PATH]); //increment number $numGroups++; } //Store actual level $levelInProgress = $xmlLevel; $previousLevel = $temparray[KP_GROUP]; } elseif ($title == true && $nom == "Value") { $title = false; $temparray[KP_TITLE] = sanitiseString($elem, ''); } elseif ($notes == true && $nom == "Value") { $notes = false; $temparray[KP_NOTES] = sanitiseString($elem, ''); } elseif ($pw == true && $nom == "Value") { $pw = false; $temparray[KP_PW] = sanitiseString($elem, ''); } elseif ($url == true && $nom == "Value") { $url = false; $temparray[KP_URL] = sanitiseString($elem, ''); } elseif ($username == true && $nom == "Value") { $username = false; $temparray[KP_USERNAME] = sanitiseString($elem, ''); } } } } }
<?php //xmlget.php if (isset($_GET['url'])) { header('Content-Type: text/xml'); echo file_get_contents("http://" . sanitiseString($_GET['url'])); } function sanitiseString($var) { $var = strip_tags($var); $var = htmlentities($var); return stripslashes($var); }
$name2 = "{$view}'s"; } echo "<h3>{$name1} Messages</h3>"; showProfile($view); //The HTML form for writing messages: echo <<<_END <form method='post' action='messages.php?view={$view}'> Type here to leave a message:<br /> <textarea name='text' cols='40' rows='3'></textarea><br /> Public<input type='radio' name='pm' value='0' checked='checked' /> Private<input type='radio' name='pm' value='1' /> <input type='submit' value='Post Message' /></form> _END; //Check for user deleting a message: if (isset($_GET['erase'])) { $erase = sanitiseString($_GET['erase']); queryMysql("DELETE FROM messages WHERE id={$erase}\n\t\t\t\t AND recip='{$user}'"); } //Now display all messages in descending time order: $query = "SELECT * FROM messages WHERE recip='{$view}'\n\t\t\t ORDER BY time DESC"; $result = queryMysql($query); $num = mysql_num_rows($result); for ($j = 0; $j < $num; ++$j) { $row = mysql_fetch_row($result); if ($row[3] == 0 || $row[1] == $user || $row[2] == $user) { echo date('M jS \'y g:sa:', $row[4]); echo " <a href='messages.php?"; echo "view={$row['1']}'>{$row['1']}</a> "; if ($row[3] == 0) { echo "wrote: "{$row['5']}" "; } else {
<?php //checkuser.php include_once 'functions.php'; if (isset($_POST['user'])) { $user = sanitiseString($_POST['user']); $query = "SELET * FROM members WHERE user='******'"; if (mysql_num_row(queryMysql($query))) { echo "<font color=red> ←\n\t\t\tSorry, already taken</font>"; } else { echo "<font color=green> ←\n\t\t\tUsername available</font>"; } }
<?php //photos.php require_once "photos_header.php"; if (isset($_GET['view'])) { $view = sanitiseString($_GET['view']); } else { $view = "home"; } if ($view != "") { echo "view parameter: {$view}<br />"; echo <<<_END <p>{$view} content goes here.</p> </div></body></html> _END; }
$name = "{$view}'s"; } echo "<h3>{$name} Page</h3>"; showProfile($view); echo "<a href='messages.php?view={$view}'>{$name} Messages</a><br />"; die("<a href='friends.php?view={$view}'>{$name} Friends</a><br />"); } if (isset($_GET['add'])) { $add = sanitiseString($_GET['add']); $query = "SELECT * FROM friends WHERE user='******'\n\t\t\t AND friend='{$user}'"; if (!mysql_num_rows(queryMysql($query))) { $query = "INSERT INTO friends VALUES ('{$add}', '{$user}')"; queryMysql($query); } } elseif (isset($_GET['remove'])) { $remove = sanitiseString($_GET['remove']); $query = "DELETE FROM friends WHERE user='******'\n\t\t\t AND friend='{$user}'"; queryMysql($query); } $result = queryMysql("SELECT user FROM members ORDER BY user"); $num = mysql_num_rows($result); echo "<h3>Other Members</h3><ul>"; for ($j = 0; $j < $num; ++$j) { $row = mysql_fetch_row($result); if ($row[0] == $user) { continue; } echo "<li><a href='members.php?view={$row['0']}'>{$row['0']}</a>"; $query = "SELECT * FROM friends WHERE user='******'0']}'\n\t\t\t AND friend='{$user}'"; $t1 = mysql_num_rows(queryMysql($query)); $query = "SELECT * FROM friends WHERE user='******'\n\t\t\t AND friend='{$row['0']}'";
function sanitiseMySQL($var) { $var = mysql_real_escape_string($var); $var = sanitiseString($var); return $var; }
<?php //convert.php //A program to convert values between Fahrenheit and Celcius. $f = $c = ""; if (isset($_POST['f'])) { $f = sanitiseString($_POST['f']); } if (isset($_POST['c'])) { $f = sanitiseString($_POST['c']); } if ($f != '') { $c = intval(5 / 9) * ($f - 32); $out = "{$f} F equals {$c} C"; } else { if ($c != '') { $f = intval(9 / 5 * $c + 32); $out = "{$c} C equals {$f} F"; } else { $out = ""; } } echo <<<_END <html><head><title>Temperature Converter</title> </head> <body><pre> Enter either Fahrenheit or Celcius and click on Convert <b>{$out}</b> <form method="post" action="convert.php"> Fahrenheit <input type="text" name="f" size="7" />
<?php //profile.php include_once 'header.php'; if (!isset($_SESSION['user'])) { die("<br /><br />You need to login to view this page"); } $user = $_SESSION['user']; echo "<h3>Edit your Profile</h3>"; if (isset($_POST['text'])) { $text = sanitiseString($_POST['text']); $text = preg_replace('/\\s\\+/', ' ', $text); $query = "SELECT * FROM profiles WHERE user='******'"; if (mysql_num_rows(queryMysql($query))) { queryMysql("UPDATE profiles SET text='{$text}'\n\t\t\t\t\tWHERE user='******'"); } else { $query = "INSERT INTO profiles VALUES('{$user}', '{$text}')"; queryMysql($query); } } else { $query = "SELECT * FROM profiles WHERE user='******'"; $result = queryMysql($query); if ($result) { $row = mysql_fetch_row($result); $text = stripslashes($row[1]); } else { $text = ""; } } $text = stripslashes(preg_replace('/\\s\\+/', ' ', $text)); if (isset($_FILES['image']['name'])) {
<?php //photos_header.php //Top part of each photos page. require_once 'header.php'; if (isset($_GET['view'])) { $view = ucwords(sanitiseString($_GET['view'])); echo "<h1>Photos - {$view}</h1>"; } else { echo "<h1>Photos</h1>"; } echo <<<_END <div id="mainbox"> <div id="link-submenu"> <ul> <li><a href="photos.php?view=sunrises">sunrises</a></li> <li><a href="photos.php?view=sunsets">sunsets</a></li> <li><a href="photos.php?view=mountains and valleys">mountains & valleys</a></li> <li><a href="photos.php?view=cities">cities</a></li> <li><a href="photos.php?view=beaches and oceans">beaches & oceans</a></li> <li><a href="photos.php?view=trees and plants">trees & plants</a></li> <li><a href="photos.php?view=animals">animals</a></li> </ul> </div> </div> _END ;