function loadPage($url) { global $MARKET_mode; if ($this->options['enable_pages']) { if (preg_match('@^\\d+$@', $url)) { $sql = "SELECT page_template.name AS template_name, page.id, title, summary, text, is_type, market_user.name, market_user.surname, market_user.user_email, DATE_FORMAT(updated, '%d/%m/%Y %H:%i') AS date FROM page LEFT JOIN page_ml USING (id) LEFT JOIN page_ps USING (id) LEFT JOIN market_user ON market_user.user_id=creator LEFT JOIN page_template ON page_template.id=page_template_id WHERE page.id='" . sqlEscape($url) . "' AND publish='1' AND page_ml.lang='" . MARKET_LANG . "'"; } else { $sql = "SELECT page_template.name AS template_name, page.id, title, summary, text, is_type, market_user.name, market_user.surname, market_user.user_email, DATE_FORMAT(updated, '%d/%m/%Y %H:%i') AS date FROM page LEFT JOIN page_ml USING (id) LEFT JOIN page_ps USING (id) LEFT JOIN market_user ON market_user.user_id=creator LEFT JOIN page_template ON page_template.id=page_template_id WHERE url='" . sqlEscape($url) . "' AND publish='1' AND page_ml.lang='" . MARKET_LANG . "'"; } if (sqlQuery($sql, $res)) { $row = sqlFetchAssoc($res); $this->assignGlobal(array('PAGE.Id' => $row['id'], 'PAGE.Summary' => $row['summary'], 'PAGE.Title' => $row['title'], 'PAGE.Text' => $row['text'], 'PAGE.Author' => $row['name'] . ' ' . $row['surname'] . ', ' . MARKET_Filter::noSpam($row['email']), 'PAGE.Mtime' => $row['date'])); if ($row['is_type'] == 'passthrough') { return substr($url, 0, strrpos($url, '.')); } else { if ($row['is_type'] == 'template') { $tname = substr($url, 0, strrpos($url, '.')); $this->preParseTemplate($tname, explode("\n", $row['text'])); $this->parseTemplate('PAGE.Text', $tname, MARKET_DO_NOT_APPEND); } } return $row['template_name']; } } return preg_replace('@\\.html$@', '', $url); }
function sendResetEmail( $username ) { $username = sqlEscape( $username ); $sql = "SELECT * FROM users WHERE username='******'"; $result = tmbo_query( $sql ); if( mysql_num_rows( $result ) == 1 ) { $row = mysql_fetch_assoc( $result ); $code = hashFromUserRow( $row ); $message = "Someone (hopefully you) wants to reset your [this might be offensive] password. To reset your password, please visit the following link: https://".$_SERVER['HTTP_HOST']."/offensive/pwreset.php?x=$code "; if( isValidEmail( $row['email'] ) ) { mail( $row['email'], "resetting your [this might be offensive] password", $message, "From: offensive@thismight.be (this might be offensive)\r\n"/*bcc:ray@mysocalled.com"*/) or trigger_error("could not send email", E_USER_ERROR); echo "An email has been sent containing instructions for resetting your password."; } else { echo "Unfortunately, we don't have a valid email address for that account. There's nothing we can do for you."; } } }
function getReferrerId( $refcode ) { $sql = "SELECT * FROM referrals WHERE referral_code = '".sqlEscape($refcode)."' LIMIT 1"; $result = tmbo_query( $sql ); if( mysql_num_rows( $result ) == 1 ) { $row = mysql_fetch_assoc( $result ); return $row['userid']; } return -1; }
function saveUserData($var, $val) { if ($_SESSION['User']['is_loggedin']) { if ($val) { $_SESSION['User']['data'][$var] = $val; } else { unset($_SESSION['User']['data'][$var]); } $sql = "UPDATE market_user SET data='" . sqlEscape(serialize($_SESSION['User']['data'])) . "' WHERE user_id='" . $_SESSION['User']['user_id'] . "'"; sqlQuery($sql, $res, EXT_DEBUG); return true; } return false; }
$update_category = true; } if ($_POST['existing_service'][$i]["'description'"] !== $check_services[$i]['name']) { $new_description = sqlEscape($_POST['existing_service'][$i]["'description'"]); $update_description_text .= " WHEN {$current} THEN '{$new_description}'"; $rowsToUpdate .= $current . ','; $update_description = true; } if ($_POST['existing_service'][$i]["'price'"] !== $check_services[$i]['price']) { $new_price = sqlEscape($_POST['existing_service'][$i]["'price'"]); $update_price_text .= " WHEN {$current} THEN {$new_price}"; $rowsToUpdate .= $current . ','; $update_price = true; } if ($_POST['existing_service'][$i]["'time'"] !== $check_services[$i]['time']) { $new_time = sqlEscape($_POST['existing_service'][$i]["'time'"]); $update_time_text .= " WHEN {$current} THEN {$new_time}"; $rowsToUpdate .= $current . ','; $update_time = true; } // } } if ($update_description || $update_price || $update_time || $update_category) { $update = "UPDATE services SET "; if ($update_description) { $update .= "name = CASE id {$update_description_text} END, "; } if ($update_price) { $update .= "price = CASE id {$update_price_text} END, "; } if ($update_time) {
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; $news_type = sqlEscape($_POST['news_type']); $userNews = sqlSelect("SELECT users_news_feed.id, have_read, news_type.type, groups.id AS group_id, name AS group_name, story.story_id, title, users.user_id, username FROM users_news_feed LEFT JOIN groups ON groups.id = users_news_feed.group_id LEFT JOIN story ON story.story_id = users_news_feed.story_id LEFT JOIN users ON users.user_id = users_news_feed.writer_id INNER JOIN `news_type` ON news_type.id = users_news_feed.type_id WHERE users_news_feed.user_id = {$_SESSION['me']['id']} AND news_type.type = '{$news_type}' AND have_read = 0;"); if ($userNews) { echo json_encode($userNews); die; } else { echo 'no news'; } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; if (!isset($_SESSION['user']) && !is_numeric($_POST['group_id'])) { die; } $group_id = sqlEscape($_POST['group_id']); $groupMembers = sqlSelect("SELECT user_id FROM group_members WHERE group_id = {$group_id};"); if ($groupMembers) { echo json_encode($groupMembers); die; } }
<?php // Categories $sql = "SELECT category FROM directory_ml WHERE lang='" . MARKET_LANG . "' AND category <> '' GROUP BY category ORDER BY category"; if (sqlQuery($sql, $res)) { $i = 1; while ($row = sqlFetchAssoc($res)) { $str = ''; $sql = "SELECT prof1, prof2, prof3 FROM directory_ml WHERE lang='" . MARKET_LANG . "' AND category='" . sqlEscape($row['category']) . "'"; if (sqlQuery($sql, $res1)) { $tags = array(); while ($row1 = sqlFetchAssoc($res1)) { for ($j = 1; $j <= 3; $j++) { if ($row1['prof' . $j] && !in_array($row1['prof' . $j], $tags)) { $tags[] = $row1['prof' . $j]; } } } asort($tags); if ($_COOKIE['mplace_menu'] & pow(2, $i - 1)) { $str = '<ul id="ul' . $i . '" class="tags in collapse">'; } else { $str = '<ul id="ul' . $i . '" class="tags collapse">'; } foreach ($tags as $tag) { $str .= '<li><a href="index.html?content=tag&q=' . urlencode($tag) . '">' . htmlspecialchars($tag) . '</a></li>'; } $str .= '</ul>'; } $this->assignLocal('category', 'ROW', array('ndx' => $i, 'title' => $row['category'], 'tags' => $str)); $this->lightParseTemplate('CATEGORY', 'category');
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; require '../../../lang/config.php'; $group_id = sqlEscape($_POST['group_id']); $group_name = sqlEscape($_POST['group_name']); $group_members = sqlEscape($_POST['group_members']); $_SESSION['errors'] = array(); if (!is_numeric($group_id)) { $_SESSION['errors'] = true; } if (empty($group_members)) { array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Fyll i fältet"); header("Location: ../../../groups/{$group_id}/invite"); } if (!empty($group_members)) { $users_exists = sqlSelect("SELECT user_id, username FROM `users` WHERE type = 1 AND user_id IN ({$group_members}) OR username IN ('{$group_members}');"); if (!$users_exists) { if (strlen($group_members) >= 3) { array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Spelarna finns inte"); } if (strlen($group_members) == 1) { array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Spelaren finns inte"); } } else { $members_exists = sqlSelect("SELECT users.user_id, users.username, group_members.status FROM users INNER JOIN `group_members` ON users.user_id = group_members.user_id WHERE group_members.group_id = {$group_id} AND group_members.user_id IN ({$group_members});"); if ($members_exists) { foreach ($members_exists as $member) { if ($member['status'] == 1) {
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; require '../../../lib/Pusher/config.php'; $words = sqlEscape($_POST['words']); $story = $_POST['story']; if (strlen($words) >= 1 && strlen($words) <= 50 && is_numeric($story)) { // Check if my turn $my_turn = sqlSelect("SELECT id, on_turn, round, story.rounds FROM story_writers INNER JOIN story ON story_writers.story_id = story.story_id WHERE story_writers.story_id = {$story} AND user_id = {$_SESSION['me']['id']};"); if ($my_turn[0]['on_turn'] != 1) { die; } $insertWords = "INSERT INTO row (user_id, words, story_id, date) VALUES ({$_SESSION['me']['id']}, '{$words}', {$story}, now());"; $finishMyTurn = "UPDATE `story_writers` SET `on_turn` = 0, round = round + 1, `date` = now() WHERE story_id = {$story} AND user_id = {$_SESSION['me']['id']};"; $ok = ''; if (sqlAction($insertWords) && sqlAction($finishMyTurn)) { $ok = true; } else { die; } // $round = sqlSelect("SELECT MIN(round) AS current, rounds AS end FROM story_writers INNER JOIN story ON story_writers.story_id = story.story_id WHERE story_writers.story_id = {$story};"); $round = sqlSelect("SELECT round AS current, rounds AS end FROM story_writers INNER JOIN story ON story_writers.story_id = story.story_id WHERE story_writers.story_id = {$story} ORDER BY story_writers.id DESC LIMIT 1;"); // Check if story is finished // $rounds_left = $my_turn[0]['rounds'] - $my_turn[0]['round'] - 1; $rounds_left = $round[0]['end'] - $round[0]['current']; if ($rounds_left == -1) { if (sqlAction("UPDATE story SET status = 2 WHERE story_id = {$story};")) { $story_writers = sqlSelect("SELECT user_id FROM `story_writers` WHERE story_id = {$story} AND user_id != {$_SESSION['me']['id']};"); if ($story_writers) {
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['group_id']) && is_numeric($_POST['group_id'])) { $groupId = $_POST['group_id']; } else { die; } session_start(); require '../../../mysql/query.php'; require '../../../lang/config.php'; $num_of_errors = 0; $title = sqlEscape($_POST['title']); $text = sqlEscape($_POST['text']); $rounds = sqlEscape($_POST['rounds']); $current_round = 1; $max_writers = 'null'; $nonsensmode = 1; $public = 'null'; $with_group = $groupId; $story = sqlAction("INSERT INTO story (title, rounds, current_round, max_writers, nonsens_mode, join_public, with_group, status, started_by_user, views) VALUES ('{$title}', {$rounds}, {$current_round}, {$max_writers}, {$nonsensmode}, {$public}, {$with_group}, 1, {$_SESSION['me']['id']}, 0);", $getLastId = true); if ($story) { if (sqlAction("INSERT INTO row (user_id, words, story_id, date) VALUES ({$_SESSION['me']['id']}, '{$text}', {$story}, now());")) { $story_writers = "INSERT INTO story_writers (story_id, user_id, on_turn, round, date) VALUES ({$story}, {$_SESSION['me']['id']}, 0, 2, now()), "; $writers = sqlSelect("SELECT user_id FROM group_members WHERE group_id = {$groupId} AND user_id != {$_SESSION['me']['id']};"); $i = 0; foreach ($writers as $writer) { if ($i == 0) { $on_turn = 1; } else { $on_turn = 0;
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; require '../../../lang/config.php'; $friends = sqlEscape($_POST['friends']); $_SESSION['errors'] = array(); if (empty($friends)) { array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Fyll i fältet"); header('Location: ../../../profile?view=friends'); } if (!empty($friends)) { $users = sqlSelect("SELECT user_id, username FROM `users` WHERE type = 1 AND user_id IN ({$friends}) OR username IN ({$friends});"); if (!$users) { if (strlen($friends) >= 3) { array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Spelarna finns inte"); } if (strlen($friends) == 1) { array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Spelaren finns inte"); } } else { $already_friends = sqlSelect("SELECT users.user_id, users.username, friends.status, friends.sender FROM users INNER JOIN `friends` ON users.user_id = friends.user_id WHERE friends.user_id IN ({$friends}) UNION SELECT users.user_id, users.username, friends.status, friends.sender FROM users INNER JOIN `friends` ON users.user_id = friends.friend_user_id WHERE friends.friend_user_id IN ({$friends});"); if ($already_friends) { foreach ($already_friends as $friend) { if ($friend['status'] == 1) { array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Du är redan vän med <a href=\"profile?view={$friend['user_id']}\">{$friend['username']}</a>"); } if ($friend['status'] == 0 && $friend['sender'] == $_SESSION['user']['id']) { array_push($_SESSION['errors'], "<span class=\"ion-android-warning\"> Du har redan skickat vänförfrågan till <a href=\"profile?view={$friend['user_id']}\">{$friend['username']}</a>"); }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); if (isset($_SESSION['company']['id']) && is_numeric($_SESSION['company']['id']) && isset($_SESSION['me']['id']) && is_numeric($_SESSION['me']['id']) && is_numeric($_POST['id'])) { require '../../mysql/query.php'; $start = sqlEscape($_POST['start']); if (sqlAction("DELETE FROM bookings WHERE id = {$_POST['id']} AND start = '{$start}';")) { echo 1; die; } else { echo 0; die; } // $times = sqlSelect("SELECT id, booked_at, start, end, invoice, webpay, in_place FROM `bookings` WHERE DATE(`start`) = '{$day}' AND company_id = {$_SESSION['company']['id']} AND employer_id = {$_SESSION['me']['id']};"); // if ($times) // echo json_encode($times); // else // echo 0; // die; } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; $old = sqlEscape($_POST['password']); $new = sqlEscape($_POST['new_password']); $new_repeat = sqlEscape($_POST['password_confirm']); if (strlen($old) > 5 && strlen($old) < 25 && strlen($new) > 5 && strlen($new) < 25 && strlen($new_repeat) > 5 && strlen($new_repeat) < 25 && $new === $new_repeat) { $password = sqlSelect("SELECT password FROM users WHERE user_id = {$_SESSION['user']['id']};"); if (password_verify($old, $password[0]['password'])) { $pass = password_hash($new, PASSWORD_DEFAULT); if (sqlAction("UPDATE users SET password = '******' WHERE user_id = {$_SESSION['user']['id']};")) { echo json_encode(array('success' => true)); die; } } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; if (strlen($_POST['new_password']) < 6) { echo json_encode(array('password_too_short' => true)); die; } if (strlen($_POST['new_password']) > 25) { echo json_encode(array('password_too_long' => true)); die; } $password = sqlEscape($_POST['new_password']); $email = sqlEscape($_POST['email']); $token = sqlEscape($_POST['token']); $getUser = sqlSelect("SELECT user_id FROM users WHERE email = '{$email}' AND reset_password_key = '{$token}';"); if ($getUser) { $newPassword = password_hash($password, PASSWORD_DEFAULT); if (sqlAction("UPDATE users SET password = '******', reset_password_key = null WHERE user_id = {$getUser[0]['user_id']} AND email = '{$email}' AND reset_password_key = '{$token}';")) { echo json_encode(array('success' => true)); die; } } }
function getSql($mode, $part) { switch ($part) { case 'FULL': $sql = 'SELECT ' . $this->cmd['RETURN'] . ' FROM ' . $this->cmd['OF'] . ' WHERE ' . $this->cmd['WHERE'] . ' AND ('; break; case 'WHERE': $sql = ' AND ('; break; } $tokens = $this->search_for; if (preg_match('@^CONCAT@', $this->cmd['SEARCH IN'])) { $search_in = array(trim($this->cmd['SEARCH IN'])); } else { $search_in = $this->arrayTrim(explode(',', $this->cmd['SEARCH IN'])); } $search_as = $this->arrayTrim(explode(',', $this->search_as)); if ($mode == 'multiple') { $counti = count($tokens); for ($i = 0; $i < $counti; $i++) { $in[$i][] = $search_in[$i]; $as[$i][] = $search_as[$i]; } } else { $in[0] = $search_in; $as[0] = $search_as; } $counti = count($tokens); for ($i = 0; $i < $counti; $i++) { $sql .= "("; $countk = count($in[$i]); for ($k = 0; $k < $countk; $k++) { $countj = count($tokens[$i]); for ($j = 0; $j < $countj; $j++) { if (preg_match('@\\*@', $tokens[$i][$j]['token'])) { $tokens[$i][$j]['token'] = preg_replace('@\\*@', '%', $tokens[$i][$j]['token']); } /* if (preg_match('@(.+)_ids$@', $search_in[$j], $matches)) { $keyword_sql = "SELECT $matches[1].id FROM $matches[1] WHERE title='$tokens[0][$i]'"; $sqp =& $this->getRef('Sql_Parser'); $sqp->parseSQL($keyword_sql); $keyword_sql = $sqp->getSQL(); if (sqlQuery($keyword_sql, $res)) { $token = ',' . sqlResult($res, 0) . ','; } else { $token = $tokens[0][$i]; } } else { $token = $tokens[$i][$j]; } */ if ($tokens[$i][$j]['logic'] == 'NOT') { $token = $tokens[$i][$j]['token']; $equal = '<>'; $like = 'NOT LIKE'; $and = 'AND'; } else { $token = preg_replace('@^\\+@', '', $tokens[$i][$j]['token']); $equal = '='; $like = 'LIKE'; if ($mode == 'multiple') { $and = 'OR'; } else { if ($mode == 'allwords') { $and = 'OR'; } else { $and = 'AND'; } } } if (preg_match('@\\%@', $token)) { $search_as = 'nochange'; } else { $search_as = $as[$i][$k]; } switch ($search_as) { case 'exact': $sql .= $in[$i][$k] . " {$like} '" . sqlEscape($token) . "'"; break; case 'nochange': $sql .= $in[$i][$k] . " {$like} '" . sqlEscape($token) . "'"; break; case 'start': $sql .= $in[$i][$k] . " {$like} '" . sqlEscape($token) . "%'"; break; case 'end': $sql .= $in[$i][$k] . " {$like} '%" . sqlEscape($token) . "'"; break; case 'both': default: $sql .= $in[$i][$k] . " {$like} '%" . sqlEscape($token) . "%'"; } if ($j < $countj - 1) { $sql .= " {$and} "; } } if ($k < $countk - 1) { $sql .= ') OR ('; } else { $sql .= ')'; } } if ($i < $counti - 1) { $sql .= ') AND ('; } else { $sql .= ')'; } } if ($part == 'FULL') { if ($this->cmd['GROUP BY']) { $sql .= ' GROUP BY ' . $this->cmd['GROUP BY']; } if ($this->cmd['ORDER BY']) { $sql .= ' ORDER BY ' . $this->cmd['ORDER BY']; } } return $sql; }
function rawQuery($query) { global $queries, $querytext, $loguser, $dblink, $debugMode, $logSqlErrors, $dbpref, $loguserid, $mysqlCellClass; // if($debugMode) // $queryStart = usectime(); $res = @$dblink->query($query); if (!$res) { $theError = $dblink->error; if ($logSqlErrors) { $thequery = sqlEscape($query); $ip = sqlEscape($_SERVER["REMOTE_ADDR"]); $time = time(); if (!$loguserid) { $loguserid = 0; } $get = sqlEscape(var_export($_GET, true)); $post = sqlEscape(var_export($_POST, true)); $cookie = sqlEscape(var_export($_COOKIE, true)); $theError = sqlEscape($theError); $logQuery = "INSERT INTO {$dbpref}queryerrors (`user`,`ip`,`time`,`query`,`get`,`post`,`cookie`, `error`) VALUES ({$loguserid}, '{$ip}', {$time}, '{$thequery}', '{$get}', '{$post}', '{$cookie}', '{$theError}')"; $res = @$dblink->query($logQuery); } if ($debugMode) { $bt = ""; if (function_exists("backTrace")) { $bt = backTrace(); } die(nl2br($bt) . "<br /><br />" . htmlspecialchars($theError) . "<br /><br />Query was: <code>" . htmlspecialchars($query) . "</code>"); /* <br />This could have been caused by a database layout change in a recent git revision. Try running the installer again to fix it. <form action=\"install/doinstall.php\" method=\"POST\"><br /> <input type=\"hidden\" name=\"action\" value=\"Install\" /> <input type=\"hidden\" name=\"existingSettings\" value=\"true\" /> <input type=\"submit\" value=\"Click here to re-run the installation script\" /></form>");*/ } trigger_error("MySQL Error.", E_USER_ERROR); die("MySQL Error."); } $queries++; if ($debugMode) { $mysqlCellClass = ($mysqlCellClass + 1) % 2; $querytext .= "<tr class=\"cell{$mysqlCellClass}\"><td><pre style=\"white-space:pre-wrap;\">" . htmlspecialchars(preg_replace('/^\\s*/m', "", $query)) . "</pre></td><td>"; if (function_exists("backTrace")) { $querytext .= backTrace(); } } return $res; }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); if (isset($_SESSION['company']['id']) && is_numeric($_SESSION['company']['id']) && isset($_SESSION['me']['id']) && is_numeric($_SESSION['me']['id'])) { require '../../mysql/query.php'; $day = sqlEscape($_POST['day']); $times = sqlSelect("SELECT bookings.id AS booking_id, booked_at, start, end, invoice, webpay, in_place, customers.id AS customer_id, customers.first_name, customers.last_name, category.name FROM `bookings` INNER JOIN customers INNER JOIN services INNER JOIN category ON bookings.customer_id = customers.id AND bookings.service_id = services.id AND services.category_id = category.id WHERE DATE(`start`) = '{$day}' AND bookings.company_id = {$_SESSION['company']['id']} AND employer_id = {$_SESSION['me']['id']};"); // echo "SELECT id, booked_at, start, end, invoice, webpay, in_place, customers.id, customers.first_name, customers.last_name FROM `bookings` INNER JOIN customers ON bookings.customer_id = customers.id WHERE DATE(`start`) = '{$day}' AND company_id = {$_SESSION['company']['id']} AND employer_id = {$_SESSION['me']['id']};"; // die; // echo "SELECT bookings.id AS booking_id, booked_at, start, end, invoice, webpay, in_place, customers.id AS customer_id, customers.first_name, customers.last_name, services.name FROM `bookings` INNER JOIN customers INNER JOIN services ON bookings.customer_id = customers.id AND bookings.service_id = services.id WHERE DATE(`start`) = '{$day}' AND company_id = {$_SESSION['company']['id']} AND employer_id = {$_SESSION['me']['id']};"; // die; if ($times) { echo json_encode($times); } else { echo 0; } die; } }
case "label": break; case "text": case "textarea": case 'themeselector': $sets[] = $field . " = '" . SqlEscape($_POST[$field]) . "'"; break; case "password": if ($_POST[$field]) { $sets[] = $field . " = '" . SqlEscape($_POST[$field]) . "'"; } break; case "select": $val = $_POST[$field]; if (array_key_exists($val, $item['options'])) { $sets[] = $field . " = '" . sqlEscape($val) . "'"; } break; case "number": $num = (int) $_POST[$field]; if ($num < 1) { $num = $item['min']; } elseif ($num > $item['max']) { $num = $item['max']; } $sets[] = $field . " = " . $num; break; case "datetime": if ($_POST[$item['presetname']] != -1) { $_POST[$field] = $_POST[$item['presetname']]; }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); if (isset($_SESSION['company']['id']) && is_numeric($_SESSION['company']['id']) && isset($_SESSION['me']['id']) && is_numeric($_SESSION['me']['id'])) { require '../../mysql/query.php'; $open = sqlEscape($_POST['open']); $close = sqlEscape($_POST['close']); $start = new DateTime($open); $end = new DateTime($close); $hourDiff = $start->diff($end); if ($hourDiff->i == 30) { $hourDiff->h++; } $array = array(); for ($i = 1; $i <= $hourDiff->h * 2; $i++) { if ($start->format('Y-m-d H:i') != '2016-03-21 12:00' && $start->format('Y-m-d H:i') != '2016-03-21 12:30') { array_push($array, $start->format('Y-m-d H:i')); } $start = $start->modify('+30 minutes'); } echo json_encode($array); die; } }
<?php set_include_path(".."); require_once( 'offensive/assets/header.inc' ); // Include, and check we've got a connection to the database. require_once( 'admin/mysqlConnectionInfo.inc' ); if(!isset($link) || !$link) $link = openDbConnection(); require_once('offensive/assets/functions.inc'); $sql = "SELECT userid FROM users WHERE username LIKE '" . sqlEscape($_REQUEST['finduser']) . "'"; $result = tmbo_query($sql); $row = mysql_fetch_array( $result ); if( mysql_num_rows( $result ) == 1 ) { header("Location: ".Link::user($row['userid'])); } else { header("Location: ".$_SERVER['HTTP_REFERER']); } ?>
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; if (isset($_POST['description'])) { $text = sqlEscape($_POST['description']); if (sqlAction("UPDATE users SET personal_text = '{$text}' WHERE user_id = {$_SESSION['user']['id']};")) { echo json_encode(array('success' => true)); die; } } }
<?php header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Headers: X-Requested-With, Content-Type'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $postdata = file_get_contents('php://input'); $request = json_decode($postdata); require '../../../mysql/query.php'; require '../../../lang/config.php'; $user = sqlEscape($request->user); $password = sqlEscape($request->password); $user_exists = sqlSelect("SELECT user_id, username, password, profile_img FROM `users` WHERE type = 1 AND username = '******' OR email = '{$user}';"); if (!$user_exists) { echo 'Fel användarnamn'; } else { $pwd = $user_exists[0]['password']; if (password_verify($password, $pwd)) { $data['user']['id'] = $user_exists[0]['user_id']; $data['user']['name'] = $user_exists[0]['username']; $data['user']['img'] = $user_exists[0]['profile_img']; echo json_encode($data['user']); } else { echo 'Fel lösenord'; } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../../mysql/query.php'; require '../../../lang/config.php'; $group_id = sqlEscape($_POST['group_id']); $group_name = sqlEscape($_POST['group_name']); $group_description = sqlEscape($_POST['group_description']); if (sqlAction("UPDATE groups SET description = '{$group_description}' WHERE id = {$group_id};") && sqlAction("INSERT INTO group_news_feed (group_id, user_id, type, what, date) VALUES ({$group_id}, {$_SESSION['user']['id']}, 'edited_description', 'null', now());")) { // require '../../group_members.php'; // $members = getGroupMembers($group_id); header("Location: ../../../groups/{$group_id}/description"); } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../mysql/query.php'; $mail = sqlEscape($_POST['mail']); $password = sqlEscape($_POST['password']); // $company_exists = sqlSelect("SELECT id, Bolagsnamn, password FROM companies WHERE Bolagsnamn = 'Testfrisör';"); $user_exists = sqlSelect("SELECT companies_employers.id, first_name, last_name, mail, companies_employers.password, companies.id AS company_id, companies.Bolagsnamn FROM `companies_employers` INNER JOIN companies ON companies_employers.company_id = companies.id WHERE mail = '{$mail}';"); if ($user_exists) { $pwd = $user_exists[0]['password']; if (password_verify($password, $pwd)) { $_SESSION['me'] = array('id' => $user_exists[0]['id'], 'first_name' => $user_exists[0]['first_name'], 'last_name' => $user_exists[0]['last_name'], 'mail' => $user_exists[0]['mail']); $_SESSION['company'] = array('id' => $user_exists[0]['company_id'], 'name' => $user_exists[0]['Bolagsnamn']); header('Location: ../../company/todo'); } else { header('Location: ../../login'); } } else { header('Location: ../../login'); } }
echo "[{\"id\":\"{$term}\",\"name\":\"{$term}\"}]"; // echo '[{"id":0,"name":"Test"}]'; // echo json_encode(array('id' => $services['id'], 'name' => $services['name'])); } } if ($search == 'my_services') { $my_services = sqlSelect("SELECT services.id, services.name AS service_name, price, time, category.name AS category_name FROM `companies_employers_services` INNER JOIN services INNER JOIN category ON companies_employers_services.service_id = services.id AND services.category_id = category.id WHERE companies_employers_services.employer_id = {$_SESSION['me']['id']} AND category.name LIKE '%{$term}%';"); if ($my_services) { echo json_encode($my_services); } } if ($search == 'timestamp' && !empty($_POST['timestamp'])) { $date = sqlEscape($_POST['timestamp']); $times = sqlSelect("SELECT schedule.id, timestamp, booked, customers.first_name, customers.last_name, customers.mail FROM `schedule` LEFT JOIN customers ON schedule.customer_id = customers.id WHERE DATE(timestamp) = '{$date}' AND company_id = {$_SESSION['company']['id']} ORDER BY timestamp;"); if ($times) { echo json_encode($times); } else { echo 0; } } if ($search == 'personnr') { $personnr = sqlEscape($_POST['term']); $customer = sqlSelect("SELECT id, first_name, last_name, mail, tel FROM customers WHERE person_nr = '{$personnr}';"); if ($customer) { echo json_encode($customer); } else { echo 0; } } } }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../mysql/query.php'; $input = json_decode($_POST['login']); $user = sqlEscape($input->user); $password = sqlEscape($input->password); $user_exists = sqlSelect("SELECT id, person_nr, first_name, last_name, mail, tel, password FROM customers WHERE person_nr = '{$user}' OR mail = '{$user}';"); if ($user_exists) { $pwd = $user_exists[0]['password']; if (password_verify($password, $pwd)) { $_SESSION['me'] = array('id' => $user_exists[0]['id'], 'personnr' => $user_exists[0]['person_nr'], 'first_name' => $user_exists[0]['first_name'], 'last_name' => $user_exists[0]['last_name'], 'mail' => $user_exists[0]['mail'], 'tel' => $user_exists[0]['id']); echo 1; } else { echo 'wrong password'; } } else { echo 'wrong username'; } }
function bb2_db_escape($string) { // return mysql_real_escape_string($string); return sqlEscape($string); // No-op when database not in use. }
function logEvent($type, $str, $user_id = 0) { if (!$user_id) { $user_id = $_SESSION['User']['user_id']; } $sql = "INSERT INTO log (id, user_id, type, text, tstamp) VALUES ('', '" . sqlEscape($user_id) . "', '" . sqlEscape($type) . "', '" . sqlEscape($str) . "', NOW())"; sqlQuery($sql, $res); }
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { session_start(); require '../../mysql/query.php'; if (isset($_SESSION['company']['id']) && is_numeric($_SESSION['company']['id']) && isset($_POST['timestamp'])) { $timestamp = sqlEscape($_POST['timestamp']); $insert = sqlAction("INSERT INTO schedule (timestamp, booked, company_id, employer_id) VALUES ('{$timestamp}', 0, {$_SESSION['company']['id']}, {$_SESSION['me']['id']});", true); if (is_numeric($insert)) { echo $insert; } } }