Example #1
0
function server_module_info($arg)
{
    $sitePass = $arg;
    global $CONF_SitePassword;
    global $CONF_version, $CONF_releaseDate, $opMode, $CONF_isMasterServer, $CONF_admin_email;
    if (!securityCheck($sitePass)) {
        return new IXR_Error(4000, 'Access Denied');
    }
    return array($CONF_version, $CONF_releaseDate, $opMode, $CONF_isMasterServer, $CONF_admin_email);
}
Example #2
0
function fixUmlautEntry($string)
{
    $text = str_replace('ä', 'ä', $string);
    $text = str_replace('ö', 'ö', $text);
    $text = str_replace('ü', 'ü', $text);
    $text = str_replace('Ä', 'Ä', $text);
    $text = str_replace('Ö', 'Ö', $text);
    $text = str_replace('Ü', 'Ü', $text);
    $text = str_replace('ß', 'ß', $text);
    $text = securityCheck($text);
    return $text;
}
Example #3
0
function takeoffs_getTakeoffs($arg)
{
    $sitePass = $arg[0];
    $tm = $arg[1];
    $onlyTakeoffs = $arg[2];
    if (!securityCheck($sitePass)) {
        return new IXR_Error(4000, 'Access Denied');
    }
    $waypoints = getWaypoints($tm, $onlyTakeoffs, 0);
    return array(count($waypoints), $waypoints);
    // return array(1,array($waypoints[0]));
}
Example #4
0
function pilots_getPilots($args)
{
    $sitePass = $args[0];
    if (!securityCheck($sitePass)) {
        return new IXR_Error(4000, 'Access Denied');
    }
    $pilotsList = array(0);
    for ($i = 1; $i < count($args); $i++) {
        $getPilotID = $args[$i];
        $pilotsList[$i] = getPilotInfo($getPilotID, 0);
    }
    return $pilotsList;
}
Example #5
0
 $errorMsg = array();
 $photoData = array();
 // array to hold the data on the photo submitted
 $mailed = false;
 // Not mailed yet
 // %^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
 //
 // SECTION 2: Process for when the form is submitted
 // Ideal Situation - user submits form & $_FILES array is not empty
 if (isset($_POST['btnSubmit']) and !empty($_FILES)) {
     // config.php is used to validate the image file
     include 'lib/config.php';
     // %^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
     //
     // SECTION 2a: Security
     if (!securityCheck($path_parts, $yourURL, true)) {
         $msg = '<p>Sorry, you cannot access this page. ';
         $msg .= 'Security breach detected and reported.';
         die($msg);
     }
     // %^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
     //
     // SECTION 2b: Sanitize data
     // Remove any potential JS or HTML code from users input on the form.
     // Follow same order as declared in SECTION 1c.
     // Already sanitized when initalized, add direct to data array
     // CODE WITH GET FOR EASY TESTING
     // array of PhotoData order: ActivityId, NetId, imageLink, Caption, approve
     // 1.) Add the activityId to the photoData array
     $activityID = (int) htmlentities($_POST["hidActivityId"], ENT_QUOTES, "UTF-8");
     $photoData[] = $activityID;
Example #6
0
// create array to hold error messages filled (if any) in 2d displayed in 3c.
$errorMsg = array();
// array used to hold form values that will be written to a CSV file
$dataRecord = array();
$mailed = false;
// have we mailed the information to the user?
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
//
// SECTION: 2 Process for when the form is submitted
//
if (isset($_POST["btnSubmit"])) {
    //@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    //
    // SECTION: 2a Security
    //
    if (!securityCheck(true)) {
        $msg = "<p>Sorry you cannot access this page. ";
        $msg .= "Security breach detected and reported</p>";
        die($msg);
    }
    //@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    //
    // SECTION: 2b Sanitize (clean) data
    // remove any potential JavaScript or html code from users input on the
    // form. Note it is best to follow the same order as declared in section 1c.
    $Start = htmlentities($_POST["txtStart"], ENT_QUOTES, "UTF-8");
    $dataRecord[] = $Start;
    $Building = htmlentities($_POST["lstBuilding"], ENT_QUOTES, "UTF-8");
    $dataRecord[] = $Building;
    $Department = htmlentities($_POST["txtDepartment"], ENT_QUOTES, "UTF-8");
    $dataRecord[] = $Department;
Example #7
0
<?php

require_once $_SERVER['DOCUMENT_ROOT'] . '/vereinsverwaltung/src/conf/config.php';
//Prüfen ob Benutzer angemeldet, sonst redirect zu login Seite
securityCheck();
//Prüfen ob Formular abgeschickt wurde
if ($_POST) {
    //Formulardaten in Arrayspeichern und prüfen ob Valide -> sonst error Nachricht
    $userData = getDataFromPost();
    if (!isset($userData['error'])) {
        //Verbindung mit Datenbank aufbauen
        $dbmanager = new DBManager();
        if ($dbmanager->isConnected()) {
            //Neues Objekt der Klasse user mit übergebenen Daten in datenbank speichern
            if ($dbmanager->persist('User', [$userData])) {
                $_SESSION['message'] = ['type' => 'success', 'text' => 'Das Mitglied wurde im System gespeichert'];
                //Redirect overview -> Übersicht mit Erfolsmeldung
                header('location: ' . LINK_OVERVIEW);
            } else {
                $_SESSION['message'] = ['type' => 'danger', 'text' => 'Die Daten konnten nicht gespeichert werde'];
            }
        } else {
            $_SESSION['message'] = ['type' => 'danger', 'text' => 'Es konnte keine Verbindung zur Datenbank hergestellt werden'];
        }
    } else {
        $_SESSION['message'] = ['text' => $userData['error'], 'type' => 'danger'];
    }
}
//Klassen zum rendern von HTML-Templates (Layout Menü)
$tmpl = new Templating();
$wrappers = $tmpl->renderWrapper('layoutMenu.html');
Example #8
0
//Below is a separate data Record used for a separate insert statement
$secondDataRecord = array();
//third data record for getting the hotel primary key
$thirdDataRecord = array();
$fourthDataRecord = array();
$fourthDataRecord[] = $hotelList;
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
//
// SECTION: 2 Process for when the form is submitted
//
if (isset($_POST["btnSubmit"])) {
    //@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    //
    // SECTION: 2a Security
    //
    if (!securityCheck($path_parts, $yourURL, TRUE)) {
        $msg = "<p>Sorry you cannot access this page. ";
        $msg .= "Security breach detected and reported</p>";
        die($msg);
    }
    //@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    //
    // SECTION: 2b Sanitize (clean) data
    $email = filter_var($_POST["txtEmail"], FILTER_SANITIZE_EMAIL);
    $dataRecord[] = $email;
    $firstName = htmlentities($_POST["txtFirstName"], ENT_QUOTES, "UTF-8");
    $dataRecord[] = $firstName;
    $lastName = htmlentities($_POST["txtLastName"], ENT_QUOTES, "UTF-8");
    $dataRecord[] = $lastName;
    $radConfirm = htmlentities($_POST["radConfirm"], ENT_QUOTES, "UTF-8");
    //$dataRecord[] = $radConfirm;
Example #9
0
function flights_find($arg)
{
    global $db, $flightsTable;
    global $takeoffRadious, $CONF;
    require_once "FN_pilot.php";
    $sitePass = $arg[0];
    $lat = $arg[1];
    $lon = -$arg[2];
    $limit = $arg[3];
    if (!securityCheck($sitePass)) {
        return new IXR_Error(4000, 'Access Denied');
    }
    $firstPoint = new gpsPoint();
    $firstPoint->lat = $lat;
    $firstPoint->lon = $lon;
    // calc TAKEOFF - LANDING PLACES
    if (count($waypoints) == 0) {
        $waypoints = getWaypoints(0, 1);
    }
    $takeoffIDTmp = 0;
    $minTakeoffDistance = 10000000;
    $i = 0;
    foreach ($waypoints as $waypoint) {
        $takeoff_distance = $firstPoint->calcDistance($waypoint);
        if ($takeoff_distance < $minTakeoffDistance) {
            $minTakeoffDistance = $takeoff_distance;
            $takeoffIDTmp = $waypoint->waypointID;
        }
        $i++;
    }
    $nearestWaypoint = new waypoint($takeoffIDTmp);
    $nearestWaypoint->getFromDB();
    //$nearestWaypoint;
    //$minTakeoffDistance;
    if ($limit > 0) {
        $lim = "LIMIT {$limit}";
    } else {
        $lim = "";
    }
    $where_clause = "AND takeoffID={$nearestWaypoint->waypointID}";
    $query = "SELECT * FROM {$flightsTable} WHERE private=0 {$where_clause} ORDER BY FLIGHT_POINTS  DESC {$lim} ";
    //echo $query;
    $res = $db->sql_query($query);
    if ($res <= 0) {
        return new IXR_Error(4000, 'Error in query! ' . $query);
    }
    $flights = array();
    $i = 0;
    while ($row = mysql_fetch_assoc($res)) {
        $name = getPilotRealName($row["userID"], $row["serverID"]);
        $link = htmlspecialchars("http://" . $_SERVER['SERVER_NAME'] . getLeonardoLink(array('op' => 'show_flight', 'flightID' => $row['ID'])));
        $this_year = substr($row['DATE'], 0, 4);
        $linkIGC = htmlspecialchars("http://" . $_SERVER['SERVER_NAME'] . getRelMainDir() . str_replace("%PILOTID%", getPilotID($row["userServerID"], $row["userID"]), str_replace("%YEAR%", $this_year, $CONF['paths']['igc'])) . '/' . $row['filename']);
        //$flightsRelPath."/".$row[userID]."/flights/".$this_year."/".$row[filename] );
        if ($row['takeoffVinicity'] > $takeoffRadious) {
            $location = getWaypointName($row['takeoffID']) . " [~" . sprintf("%.1f", $row['takeoffVinicity'] / 1000) . " km]";
        } else {
            $location = getWaypointName($row['takeoffID']);
        }
        $flights[$i]['pilot'] = htmlspecialchars($name);
        $flights[$i]['takeoff'] = htmlspecialchars($location);
        $flights[$i]['date'] = $row['DATE'];
        $flights[$i]['duration'] = $row['DURATION'];
        $flights[$i]['openDistance'] = $row['MAX_LINEAR_DISTANCE'];
        $flights[$i]['OLCkm'] = $row['FLIGHT_KM'];
        $flights[$i]['OLCScore'] = $row['FLIGHT_POINTS'];
        $flights[$i]['OLCtype'] = $row['BEST_FLIGHT_TYPE'];
        $flights[$i]['displayLink'] = $link;
        $i++;
    }
    return array($i, $flights);
    //return array($i,0);
}
Example #10
0
$errorMsg = array();
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
//
// SECTION: 2 Process for when the form is submitted
//
if (isset($_POST["btnSubmit"])) {
    $hidCustomerId = (int) htmlentities($_POST['hidCustomerId'], ENT_QUOTES, "UTF-8");
    if ($hidCustomerId >= 1) {
        $update = true;
    }
    $hidOrderId = htmlentities($_POST['hidOrderId'], ENT_QUOTES, "UTF-8");
    //@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    //
    // SECTION: 2a Security
    //
    if (!securityCheck($path_parts, $yourURL, $form = false)) {
        $msg = "<p>Sorry you cannot access this page. ";
        $msg .= "Security breach detected and reported</p>";
        die($msg);
    }
    //@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    //
    // SECTION: 2b Sanitize (clean) data
    //
    //
    $firstName = htmlentities($_POST['txtFirstName'], ENT_QUOTES, "UTF-8");
    $customerInfo[] = $firstName;
    $lastName = htmlentities($_POST['txtLastName'], ENT_QUOTES, "UTF-8");
    $customerInfo[] = $lastName;
    $email = htmlentities($_POST['txtEmail'], ENT_QUOTES, "UTF-8");
    $customerInfo[] = $email;