function handleEditPage() { include_once 'login.php'; include_once 'showEventFunction.php'; $backURL = "<br/><a href = \"index.php\">Back to Home</a>"; // client side validation, if error, disable submit // if form is set and not empty, continue $showError = true; $errOutput = isFormFilled($showError); if ($errOutput) { $output = "<h1>Error</h1>"; return $output . $errOutput . $backURL; } $event = array(); $errMsg = array(); // prevent sql injection & data sanitize foreach ($_POST as $field => $value) { $event[$field] = sanitizeData($value); } include_once 'database_conn.php'; $columnLengthSql = "\n\t\tSELECT COLUMN_NAME, CHARACTER_MAXIMUM_LENGTH\n\t\tFROM INFORMATION_SCHEMA.COLUMNS\n\t\tWHERE TABLE_NAME = 'te_events'\n\t\tAND (column_name = 'eventTitle'\n\t\tOR column_name = 'eventDescription')"; //, DATA_TYPE $COLUMN_LENGTH = getColumnLength($conn, $columnLengthSql); // check data type and length validation $isError = false; $errMsg[] = validateStringLength($event['title'], $COLUMN_LENGTH['eventTitle']); //title $errMsg[] = validateStringLength($event['desc'], $COLUMN_LENGTH['eventDescription']); //desc $errMsg[] = validateDate($event['startTime']); //startTime $errMsg[] = validateDate($event['endTime']); //endTime $errMsg[] = validateDecimal($event['price']); //price for ($i = 0; $i < count($errMsg); $i++) { if (!($errMsg[$i] === true)) { $pageHeader = "Error"; $output = "<h1>{$pageHeader}</h1>"; $output . "{$errMsg[$i]}"; $isError = true; } } //if contain error, halt continue executing the code if ($isError) { return $output . $backURL; } // prepare sql statement $sql = "UPDATE te_events SET \n\t\teventTitle=?, eventDescription=?, \n\t\tvenueID=?, catID=?, eventStartDate=?, \n\t\teventEndDate=?, eventPrice=? WHERE eventID=?;"; $stmt = mysqli_prepare($conn, $sql); mysqli_stmt_bind_param($stmt, "ssssssss", $event['title'], $event['desc'], $event['venue'], $event['category'], $event['startTime'], $event['endTime'], $event['price'], $event['e_id']); // execute update statement mysqli_stmt_execute($stmt); // check is it sucess update if (mysqli_stmt_affected_rows($stmt)) { $output = "<h1>{$event['title']} was successfully updated.</h1>"; return $output . $backURL; } else { $output = "<h1>Nothing update for {$event['title']}</h1>"; return $output . $backURL; } echo "<br/>"; return; }
function login() { include_once 'database_conn.php'; // check is form filled if (isFormFilled()) { // if not filled, stop return; } $uid = sanitizeData($_POST['username']); $pswd = sanitizeData($_POST['password']); $columnLengthSql = "\n\t\t\tSELECT COLUMN_NAME, CHARACTER_MAXIMUM_LENGTH\n\t\t\tFROM INFORMATION_SCHEMA.COLUMNS\n\t\t\tWHERE TABLE_NAME = 'te_users'\n\t\t\tAND (column_name = 'username'\n\t\t\tOR column_name = 'passwd')"; $COLUMN_LENGTH = getColumnLength($conn, $columnLengthSql); $isError = false; $errMsg[] = validateStringLength($uid, $COLUMN_LENGTH['username']); //uid $errMsg[] = validateStringLength($pswd, $COLUMN_LENGTH['passwd']); //pswd for ($i = 0; $i < count($errMsg); $i++) { if (!($errMsg[$i] === true)) { echo "{$errMsg[$i]}"; $isError = true; } } //if contain error, halt continue executing the code if ($isError) { return; } // check is uid exist $checkUIDSql = "SELECT passwd, salt FROM te_users WHERE username = ?"; $stmt = mysqli_prepare($conn, $checkUIDSql); mysqli_stmt_bind_param($stmt, "s", $uid); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); if (mysqli_stmt_num_rows($stmt) <= 0) { echo "Sorry we don't seem to have that username."; return; } mysqli_stmt_bind_result($stmt, $getHashpswd, $getSalt); while (mysqli_stmt_fetch($stmt)) { $hashPswd = $getHashpswd; $salt = $getSalt; } // if exist, then get salt and db hashed password // create hash based on password // hash pswd using sha256 algorithm // concat salt in db by uid // hash using sha256 algorithm $pswd = hash("sha256", $salt . hash("sha256", $pswd)); // check does it match with hased password from db if (strcmp($pswd, $hashPswd) === 0) { echo "Success login<br/>"; // add session $_SESSION['logged-in'] = $uid; // go to url $url = $_SERVER['REQUEST_URI']; header("Location: {$url}"); } else { echo "Fail login<br/>"; } }
function listSE($info = '') { $info = sanitizeData($info); $info['stscheck'] = isset($info['stscheck']) ? intval($info['stscheck']) : 1; $pageScriptPath = 'searchengine.php?stscheck=' . $info['stscheck']; $sql = "select * from searchengines where status='{$info['stscheck']}'"; // search for search engine name if (!empty($info['se_name'])) { $sql .= " and url like '%" . addslashes($info['se_name']) . "%'"; $pageScriptPath .= "&se_name=" . $info['se_name']; } $sql .= " order by id"; # pagination setup $this->db->query($sql, true); $this->paging->setDivClass('pagingdiv'); $this->paging->loadPaging($this->db->noRows, SP_PAGINGNO); $pagingDiv = $this->paging->printPages($pageScriptPath, '', 'scriptDoLoad', 'content', 'layout=ajax'); $this->set('pagingDiv', $pagingDiv); $sql .= " limit " . $this->paging->start . "," . $this->paging->per_page; $seList = $this->db->select($sql); $this->set('seList', $seList); $statusList = array($_SESSION['text']['common']['Active'] => 1, $_SESSION['text']['common']['Inactive'] => 0); $this->set('statusList', $statusList); $this->set('info', $info); $this->set('pageNo', $info['pageno']); $this->render('searchengine/list', 'ajax'); }
function create_compared($data, $signature) { $data = sanitizeData($data); $signature = base64_encode($signature . ' - ' . date('h:i:s')); $handle = fopen('./data/submissions/' . $signature, 'w'); fwrite($handle, $data); fclose($handle); return 'OK'; }
function findBacklink($searchInfo) { $urlList = explode("\n", $searchInfo['website_urls']); $list = array(); $i = 1; foreach ($urlList as $url) { $url = sanitizeData($url); if (!preg_match('/\\w+/', $url)) { continue; } if (SP_DEMO) { if ($i++ > 10) { break; } } if (!stristr($url, 'http://')) { $url = "http://" . $url; } $list[] = $url; } $this->set('list', $list); $this->render('backlink/findbacklink'); }
function findQuickRank($searchInfo) { $urlList = explode("\n", $searchInfo['website_urls']); $list = array(); $i = 1; foreach ($urlList as $url) { $url = sanitizeData($url); if (!preg_match('/\\w+/', $url)) { continue; } if (SP_DEMO) { if ($i++ > 10) { break; } } if (!stristr($url, 'http://')) { $url = "http://" . $url; } $list[] = str_replace(array("\n", "\r", "\r\n", "\n\r"), "", trim($url)); } $this->set('list', $list); $this->render('rank/findquickrank'); }
<?php // including the neccasary files include_once '../inc/functions.inc.php'; include_once '../inc/db.inc.php'; // Open a new database connection $db = new PDO(DB_INFO, DB_USER, DB_PASS); // load all the entries $e = retrieveEntries($db, 'blog'); //Remove the fulldisplay tag array_pop($e); //Perform basic sanitization $e = sanitizeData($e); // Add a content type header to ensure proper execution header('Content-Type: application/rss+xml'); // Output the XML declaration echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"; ?> <rss version="2.0"> <channel> <title>My Simple Blog</title> <link>http://localhost/simple_blog/</link> <description>This blog is awesome.</description> <language>en-us</language> <?php // Loop through the entries and generate RSS items foreach ($e as $e) { // Escape HTML to avoid errors $entry = htmlentities($e['entry']); // Build the full URL to the entry
<?php // Include necessary filesize include_once '../inc/functions.inc.php'; include_once '../inc/db.inc.php'; // Open a database connection $db = new PDO(DB_INFO, DB_USER, DB_PASS); // Load all blog post $p = getPosts($db, 'thread'); // Remove the fulldisp flag array_pop($p); // Perform basic data sanitization $p = sanitizeData($p); // Add a content type header to ensure proper execution header('Content-Type: application/rss+xml'); // Output XML declaration echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"; ?> <rss version="2.0"> <channel> <title>Post Hub PHP</title> <link>http://localhost/post-hub-php/</link> <description>This blog is awesome.</description> <language>en-us</language> <?php // Loop through the posts and generate RSS items foreach ($p as $p) { // Escape HTML to avoid errors $post = htmlentities($p['content']);
function updateMyProfile($userInfo) { $userInfo = sanitizeData($userInfo); $userId = isLoggedIn(); $this->set('post', $userInfo); $errMsg['userName'] = formatErrorMsg($this->validate->checkUname($userInfo['userName'])); if (!empty($userInfo['password'])) { $errMsg['password'] = formatErrorMsg($this->validate->checkPasswords($userInfo['password'], $userInfo['confirmPassword'])); $passStr = "password = '******'password']) . "',"; } $errMsg['firstName'] = formatErrorMsg($this->validate->checkBlank($userInfo['firstName'])); $errMsg['lastName'] = formatErrorMsg($this->validate->checkBlank($userInfo['lastName'])); $errMsg['email'] = formatErrorMsg($this->validate->checkEmail($userInfo['email'])); if (!$this->validate->flagErr) { if ($userInfo['userName'] != $userInfo['oldName']) { if ($this->__checkUserName($userInfo['userName'])) { $errMsg['userName'] = formatErrorMsg($_SESSION['text']['login']['usernameexist']); $this->validate->flagErr = true; } } if ($userInfo['email'] != $userInfo['oldEmail']) { if ($this->__checkEmail($userInfo['email'])) { $errMsg['email'] = formatErrorMsg($_SESSION['text']['login']['emailexist']); $this->validate->flagErr = true; } } if (!$this->validate->flagErr) { $sql = "update users set\r\n\t\t\t\t\t\tusername = '******'userName']) . "',\r\n\t\t\t\t\t\tfirst_name = '" . addslashes($userInfo['firstName']) . "',\r\n\t\t\t\t\t\tlast_name = '" . addslashes($userInfo['lastName']) . "',\r\n\t\t\t\t\t\t{$passStr}\r\n\t\t\t\t\t\temail = '" . addslashes($userInfo['email']) . "'\r\n\t\t\t\t\t\twhere id={$userId}"; $this->db->query($sql); $this->set('msg', $this->spTextUser['Saved My Profile Details']); $this->showMyProfile(); exit; } } $this->set('errMsg', $errMsg); $this->showMyProfile($userInfo); }
<legend><?php echo $legend; ?> </legend> <label>Title <input type="text" value="<?php echo htmlentities($title); ?> " name="title" maxlength="150" /> </label> <label>Image <input type="file" name="image"> </label> <label>Entry <textarea name="entry" cols="45" rows="10"><?php echo sanitizeData($entry); ?> </textarea> </label> <input type="hidden" name="id" value="<?php echo $id; ?> "> <input type="hidden" name="page" value="<?php echo $page; ?> " /> <input type="submit" name="submit" value="Save Entry" /> <input type="submit" name="submit" value="Cancel" /> </fieldset> </form>
include_once SP_CTRLPATH . "/proxy.ctrl.php"; $controller = new ProxyController(); $controller->view->menu = 'adminpanel'; $controller->layout = 'ajax'; $controller->set('spTextPanel', $controller->getLanguageTexts('panel', $_SESSION['lang_code'])); $controller->spTextProxy = $controller->getLanguageTexts('proxy', $_SESSION['lang_code']); $controller->set('spTextProxy', $controller->spTextProxy); $controller->set('spTextSA', $controller->getLanguageTexts('siteauditor', $_SESSION['lang_code'])); if ($_SERVER['REQUEST_METHOD'] == 'POST') { switch ($_POST['sec']) { case "create": $_POST = sanitizeData($_POST, true, true); $controller->createProxy($_POST); break; case "update": $_POST = sanitizeData($_POST, true, true); $controller->updateProxy($_POST); break; case "activateall": if (!empty($_POST['ids'])) { foreach ($_POST['ids'] as $id) { $controller->__changeStatus($id, 1); } } $controller->listProxy($_POST); break; case "inactivateall": if (!empty($_POST['ids'])) { foreach ($_POST['ids'] as $id) { $controller->__changeStatus($id, 0); }
function showDirectoryManager($info = '') { $info = sanitizeData($info); $info['stscheck'] = isset($info['stscheck']) ? intval($info['stscheck']) : 1; $capcheck = isset($info['capcheck']) ? $info['capcheck'] == 'yes' ? 1 : 0 : ""; $sql = "SELECT *,l.lang_name FROM directories d,languages l where d.lang_code=l.lang_code and working='{$info['stscheck']}'"; if (!empty($info['dir_name'])) { $sql .= " and domain like '%" . addslashes($info['dir_name']) . "%'"; } if ($info['capcheck'] != '') { $sql .= " and is_captcha='{$capcheck}'"; } if (isset($info['google_pagerank']) && $info['google_pagerank'] != '') { $sql .= " and google_pagerank='" . intval($info['google_pagerank']) . "'"; } if (!empty($info['langcode'])) { $info['lang_code'] = $info['langcode']; } if (!empty($info['lang_code'])) { $sql .= " and d.lang_code='" . addslashes($info['lang_code']) . "'"; } $sql .= " order by id"; # pagination setup $this->db->query($sql, true); $this->paging->setDivClass('pagingdiv'); $this->paging->loadPaging($this->db->noRows, SP_PAGINGNO); $pageScriptPath = 'directories.php?sec=directorymgr&dir_name=' . urlencode($info['dir_name']) . "&stscheck={$info['stscheck']}&capcheck=" . $info['capcheck']; $pageScriptPath .= "&google_pagerank=" . $info['google_pagerank'] . "&langcode=" . $info['lang_code']; $pagingDiv = $this->paging->printPages($pageScriptPath); $this->set('pagingDiv', $pagingDiv); $sql .= " limit " . $this->paging->start . "," . $this->paging->per_page; $statusList = array($_SESSION['text']['common']['Active'] => 1, $_SESSION['text']['common']['Inactive'] => 0); $captchaList = array($_SESSION['text']['common']['Yes'] => 'yes', $_SESSION['text']['common']['No'] => 'no'); $langCtrler = new LanguageController(); $langList = $langCtrler->__getAllLanguages(); $this->set('langList', $langList); $this->set('statusList', $statusList); $this->set('captchaList', $captchaList); $dirList = $this->db->select($sql); $this->set('list', $dirList); $this->set('info', $info); $this->set('ctrler', $this); $this->render('directory/list'); }
$response['message'] = 'Not logged in.'; $response['status'] = 401; echo json_encode($response); die; } session_write_close(); if (array_key_exists('action', $_GET) && $_GET['action'] == 'getMaxExecutionTime') { header("Expires: " . gmdate("D, d M Y H:i:s", time() + 60) . " GMT"); header_remove("Pragma"); $response['status'] = 200; $response['message'] = 'OK'; $response['results'] = array('max_execution_time' => ini_get('max_execution_time')); echo json_encode($response); die; } $sanitizedData = sanitizeData($requestData); $sanitizedData['fields'] = mapFields($requestData['fields']); $fieldsArray = $sanitizedData['fields']; $sanitizedData['fields'] = serializeFields($sanitizedData['fields']); $fieldsSerialized = $sanitizedData['fields']; $sanitizedData = addTimestamps($sanitizedData); try { $resultDataset = array(); $jobTable = Doctrine_Core::getTable('WPTJob'); foreach ($sanitizedData['job_id'] as $key => $jobId) { $job = $jobTable->find($jobId); $resultDataset[$jobId] = getGraphData($jobId, $sanitizedData['startTimestamp'], $sanitizedData['endTimestamp'], $sanitizedData['percentile'], $sanitizedData['trimAbove'], $sanitizedData['adjustUsing'], $sanitizedData['trimBelow'], $sanitizedData['todStartHour'], $sanitizedData['todEndHour'], $fieldsSerialized); $resultDataset[$jobId] = array('jobId' => $job['Id'], 'jobName' => $job['Label'], 'dataSet' => getResultsDataAvgMod($sanitizedData['startTimestamp'], $sanitizedData['endTimestamp'], $sanitizedData['interval'], $resultDataset[$jobId], $fieldsArray, $sanitizedData['aggregateMethod'])); } $response['status'] = 200; $response['message'] = 'OK';
include_once 'firephp/0.3.2/fb.php'; include_once 'utils.inc'; include_once 'jash/functions.inc'; header('Content-Type: application/json'); header('Cache-Control: public', TRUE); $requestData = $_GET; $response = array('status' => null, 'message' => null, 'results' => null); if (null === ($userId = getCurrentUserId())) { $response['message'] = 'Not logged in.'; $response['status'] = 401; echo json_encode($response); die; } session_write_close(); try { $requestDataSanitized = sanitizeData($requestData); $requestDataSanitized = addTimestamps($requestDataSanitized); $bucketWidth = $requestDataSanitized['width']; if (!is_array($requestData['field'])) { $requestData['field'] = array($requestData['field']); } $jobTable = Doctrine_Core::getTable('WPTJob'); $job = $jobTable->find($requestDataSanitized['job']); $jobLabel = $job['Label']; $fields = array(); foreach ($requestData['field'] as $key => $fieldName) { $fields[] = mapMetricFieldForm2Db($fieldName); } $result = array(); $minBucket = null; $maxBucket = null;