function checkForm()
{
global $first_name, $last_name, $login, $password1, $password2, $email;
try {
$secret = filter_input(INPUT_POST, 'secret');
if (empty($last_name) || empty($first_name) || empty($login) || empty($password1) || empty($password2) || empty($email) || empty($secret)) {
throw new Exception('Нужно заполнить все поля');
}
if (!validLogin($login)) {
throw new Exception('Логин должен состоять из не мене 3-х букв латинского алфавиа цыфр и подчерка');
}
if (!validEmail($email)) {
throw new Exception('Неправильный email');
}
if ($password1 != $password1) {
throw new Exception('Пароли не совпадают');
}
if (!validUserName($first_name, $last_name)) {
throw new Exception('Имя и фамилия могут состоять только из букв');
}
if (userExists($login, $email)) {
throw new Exception('Такой логин или email уже существует.');
}
if ($secret != $_SESSION['secret']) {
throw new Exception('Неверно указано число с картинки');
}
} catch (Exception $exc) {
return $exc->getMessage();
}
}
public function signup($username, $email, $password, $storeUserIndependent = 0, $options = array())
{
if (!$storeUserIndependent) {
$dbModel = $this->user_db;
} else {
$dbModel = $this->store_user_db;
}
$salt = strtolower(rand(111111, 999999));
$password = toPassword($password, $salt);
if ($this->isUsernameOccupied($username, 0, $storeUserIndependent)) {
return -3;
} elseif (!validEmail($email)) {
return -5;
} elseif ($this->isEmailOccupied($email, 0, $storeUserIndependent)) {
return -6;
} else {
$regip = ip();
$row = array('username' => $username, 'password' => $password, 'email' => $email, 'regip' => $regip, 'regtime' => SYS_TIME, 'lastloginip' => $regip, 'lastlogintime' => SYS_TIME, 'salt' => $salt);
if (is_array($options) && $options) {
foreach ($options as $k => $v) {
$row[$k] = $v;
}
}
$rt = $dbModel->insert($row, 1);
if ($rt) {
return $rt;
} else {
return 0;
}
}
}
function requestRecommendation($user_id, $author, $email, $message)
{
if (!checkLock("peer")) {
return 6;
}
$config = $GLOBALS['config'];
$user_id = escape($user_id);
$author = escape($author);
$email = escape($email);
if (!validEmail($email)) {
return 1;
}
if (strlen($author) <= 3) {
return 2;
}
//make sure there aren't too many recommendations already
$result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}'");
$row = mysql_fetch_row($result);
if ($row[0] >= $config['max_recommend']) {
return 4;
//too many recommendations
}
//ensure this email hasn't been asked with this user already
$result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}' AND email = '{$email}'");
$row = mysql_fetch_row($result);
if ($row[0] > 0) {
return 5;
//email address already asked
}
lockAction("peer");
//first create an instance
$instance_id = customCreate(customGetCategory('recommend', true), $user_id);
//insert into recommendations table
$auth = escape(uid(64));
mysql_query("INSERT INTO recommendations (user_id, instance_id, author, email, auth, status, filename) VALUES ('{$user_id}', '{$instance_id}', '{$author}', '{$email}', '{$auth}', '0', '')");
$recommend_id = mysql_insert_id();
$userinfo = getUserInformation($user_id);
//array (username, email address, name)
//send email now
$content = page_db("request_recommendation");
$content = str_replace('$USERNAME$', $userinfo[0], $content);
$content = str_replace('$USEREMAIL$', $userinfo[1], $content);
$content = str_replace('$NAME$', $userinfo[2], $content);
$content = str_replace('$AUTHOR$', $author, $content);
$content = str_replace('$EMAIL$', $email, $content);
$content = str_replace('$MESSAGE$', page_convert($message), $content);
$content = str_replace('$AUTH$', $auth, $content);
$content = str_replace('$SUBMIT_ADDRESS$', $config['site_address'] . "/recommend.php?id={$recommend_id}&user_id={$user_id}&auth={$auth}", $content);
$result = one_mail("Recommendation request", $content, $email);
if ($result) {
return 0;
} else {
return 3;
}
}
function csv_reader($dry_run, $options)
{
/*
* This function does all the work of removing unwanted characters,
* spaces, exclamation marks and such from the names in the users.csv
* file.
*/
$filename = $options['file'];
$conn = open_db_connection($options);
$table_exists = check_table_exists($conn, $options);
if (!$table_exists) {
echo "\nWarning! Table does not exist\n";
}
if (($handle = fopen($filename, "r")) !== FALSE) {
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
$num = count($data);
//Lower case then capitalise first
$data[0] = ucfirst(strtolower($data[0]));
//Lower case then capitalise first
$data[1] = ucfirst(strtolower($data[1]));
//Lower case the email
$data[2] = strtolower($data[2]);
//$data[2] = preg_replace('/\s+/', "", $data[2]);
// Remove trailing whitespaces
$data[0] = rtrim($data[0]);
// Remove trailing whitespaces
$data[1] = rtrim($data[1]);
// Remove trailing whitespaces
$data[2] = rtrim($data[2]);
// Remove non alphas from firstname
$data[0] = preg_replace('/[^a-z]+\\Z/i', "", $data[0]);
// Remove non alphas (except apostrophes) from surname
$data[1] = preg_replace('/[^a-z\']+\\Z/i', "", $data[1]);
// Add backslashes to escape the apostrophes
$data[0] = addslashes($data[0]);
$data[1] = addslashes($data[1]);
$data[2] = addslashes($data[2]);
echo " email is " . $data[2] . "\n";
if (validEmail($data[2])) {
if ($dry_run) {
echo $data[0] . " " . $data[1] . " " . $data[2] . " would be written to database\n";
} else {
if (!$dry_run) {
update_table($data, $conn);
}
}
} else {
echo $data[0] . " " . $data[1] . " " . $data[2] . " will NOT be written to database as email is invalid\n";
}
}
fclose($handle);
$conn = null;
}
}
function contact_callback()
{
add_filter('wp_die_ajax_handler', 'filter_ajax_hander');
// Clean up the input values
foreach ($_POST as $key => $value) {
if (ini_get('magic_quotes_gpc')) {
$_POST[$key] = stripslashes($_POST[$key]);
}
$_POST[$key] = htmlspecialchars(strip_tags($_POST[$key]));
}
// Assign the input values to variables for easy reference
$name = isset($_POST["name"]) ? $_POST["name"] : '';
$email = isset($_POST["email"]) ? $_POST["email"] : '';
$message = isset($_POST["message"]) ? $_POST["message"] : '';
// Test input values for errors
$errors = array();
if (strlen($name) < 2) {
if (!$name) {
$errors[] = "You must enter a name.";
} else {
$errors[] = "Name must be at least 2 characters.";
}
}
if (!$email) {
$errors[] = "You must enter an email.";
} else {
if (!validEmail($email)) {
$errors[] = "You must enter a valid email.";
}
}
if (strlen($message) < 10) {
if (!$message) {
$errors[] = "You must enter a message.";
} else {
$errors[] = "Message must be at least 10 characters.";
}
}
if ($errors) {
// Output errors and die with a failure message
$errortext = "";
foreach ($errors as $error) {
$errortext .= "<li>" . $error . "</li>";
}
wp_die("<span class='failure'><h3>The following errors occured:</h3><ul>" . $errortext . "</ul></span>");
}
// Send the email
$to = ot_get_option('contact_email', get_option('admin_email'));
$subject = "Contact Form: {$name}";
$message = "'{$name}' from email: {$email} sent a message for you : \n --------------- \n {$message}";
$headers = "From: {$email}";
$result = wp_mail($to, $subject, $message, $headers);
// Die with a success message
wp_die("<span class='success'>Well thank you! Your message has been sent.<br />We'll be in touch pretty soon!</span>", 'Message has been sent !');
}
function csv_reader($dry_run, $options)
{
/*
* Somewhere in this function there will be an if/else statement
* to test valid emails, if not valid, write to STDOUT
* else, call update table
*/
$filename = $options['file'];
/* if (dry_run)
open connection
check if table exists
parse file
don't write to table
write to STDOUT
else if (!dry_run)
open connection
check if table exists
parse file
write to table */
$conn = open_db_connection($options);
check_table_exists($conn);
$row = 1;
if (($handle = fopen($filename, "r")) !== FALSE) {
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) {
$num = count($data);
$data[0] = ucfirst(strtolower($data[0]));
$data[1] = ucfirst(strtolower($data[1]));
$data[2] = strtolower($data[2]);
if (validEmail($data[2])) {
if ($dry_run) {
echo "\ndry_run is set\n";
echo $data[0] . " " . $data[1] . " " . $data[2] . " would be written to database";
} else {
if (!$dry_run) {
echo "\ndry_run is not set\n";
update_table($data, $conn);
}
}
} else {
//echo "\nThis email is not valid\n";
echo "\n" . $data[0] . " " . $data[1] . " " . $data[2] . " will not be written to database as email is invalid\n";
}
// echo " $num fields in line $row: \n";
$row++;
// for ($c=0; $c < $num; $c++) {
// echo $data[$c] . "\n";
// }
}
fclose($handle);
}
}
/**
* Validate the form
*/
function set_errors($form)
{
$output = array();
// Email
if (!validEmail($form['email'])) {
$output[] = 'email';
}
// Name
$tmp = preg_replace('/[^A-Za-z]/', '', $form['name']);
if (strlen($tmp) == 0) {
$output[] = 'name';
}
// Message
$tmp = preg_replace('/[^A-Za-z]/', '', $form['message']);
if (strlen($tmp) == 0) {
$output[] = 'message';
}
return $output;
}
<?php
require_once './MCAPI.class.php';
extract($_POST);
// Get your API key from http://admin.mailchimp.com/account/api/
define('MC_API_KEY', 'enter you mailchimp api key here');
// Get your list unique id from http://admin.mailchimp.com/lists/
// under settings at the bottom of the page, look for unique id
define('MC_LIST_ID', 'enter you mailchimp unique list id');
// check if email is valid
if (isset($email) && validEmail($email)) {
$api = new MCAPI(MC_API_KEY);
$listID = MC_LIST_ID;
if ($api->listSubscribe($listID, $email, '') === true) {
echo 'success';
} else {
echo 'subscribed';
}
} else {
echo 'invalid';
}
function validEmail($email = NULL)
{
return preg_match("/^[\\d\\w\\/+!=#|\$?%{^&}*`'~-][\\d\\w\\/\\.+!=#|\$?%{^&}*`'~-]*@[A-Z0-9][A-Z0-9.-]{0,61}[A-Z0-9]\\.[A-Z]{2,6}\$/ix", $email);
}
//register a new user. Makes plenty of checks against duplicate users and common emails
require "../common.php";
if (!empty($_GET["code"])) {
verifyUser($_GET['email'], $_GET["code"], $DATABASE);
die;
}
//TODO: Refactor this section
//if any of these are not set, the page will die
if (empty($_POST["email"]) || empty($_POST["password"]) || empty($_POST["password2"]) || empty($_POST["first-name"]) || empty($_POST["last-name"]) || empty($_POST["zip"]) || empty($_POST["phone"])) {
error("Missing Field", "You tried to register without completing a required field");
}
if ($_POST["password"] !== $_POST["password2"]) {
error("Passwords Don't Match", "Your passwords did not match");
}
if (!validEmail($_POST["email"])) {
error("Invalid Email", "Your email " . $_POST["email"] . " is invalid");
}
if (!validPassword($_POST["password"])) {
error("Invalid Password", "Your password must be longer than 8 characters in length");
}
//evaluate mailing preferences
$mailing = 1;
if (!isset($_POST["mailing"])) {
$mailing = 0;
}
//cryptify the password
$password = $_POST["password"];
$hash = password_hash($password, PASSWORD_BCRYPT);
$veriRaw = randomString();
//repackaged for easier imploding later, when creating a new user
/**
* Clean the passed parameter
*
* @param mixed $param the variable we are cleaning
* @param int $type expected format of param after cleaning.
* @return mixed
*/
function clean_param($param, $type)
{
global $CFG, $ERROR, $HUB_FLM;
if (is_array($param)) {
$newparam = array();
foreach ($param as $key => $value) {
$newparam[$key] = clean_param($value, $type);
}
return $newparam;
}
switch ($type) {
case PARAM_TEXT:
// leave only tags needed for multilang
if (is_numeric($param)) {
return $param;
}
$param = stripslashes($param);
$param = clean_text($param);
$param = strip_tags($param, '<lang><span>');
$param = str_replace('+', '+', $param);
$param = str_replace('(', '(', $param);
$param = str_replace(')', ')', $param);
$param = str_replace('=', '=', $param);
$param = str_replace('"', '"', $param);
$param = str_replace('\'', ''', $param);
return $param;
case PARAM_HTML:
// keep as HTML, no processing
$param = stripslashes($param);
$param = clean_text($param);
return trim($param);
case PARAM_INT:
return (int) $param;
case PARAM_NUMBER:
return (double) $param;
case PARAM_ALPHA:
// Remove everything not a-z
return preg_replace('/([^a-zA-Z])/i', '', $param);
case PARAM_ALPHANUM:
// Remove everything not a-zA-Z0-9
return preg_replace('/([^A-Za-z0-9])/i', '', $param);
case PARAM_ALPHAEXT:
// Remove everything not a-zA-Z/_-
return preg_replace('/([^a-zA-Z\\/_-])/i', '', $param);
case PARAM_ALPHANUMEXT:
// Remove everything not a-zA-Z0-9-
return preg_replace('/([^a-zA-Z0-9-])/i', '', $param);
case PARAM_BOOL:
// Convert to 1 or 0
$tempstr = strtolower($param);
if ($tempstr == 'on' or $tempstr == 'yes' or $tempstr == 'true') {
$param = 1;
} else {
if ($tempstr == 'off' or $tempstr == 'no' or $tempstr == 'false') {
$param = 0;
} else {
$param = empty($param) ? 0 : 1;
}
}
return $param;
case PARAM_BOOLTEXT:
// check is an allowed text type boolean
$tempstr = strtolower($param);
if ($tempstr == 'on' or $tempstr == 'yes' or $tempstr == 'true' or $tempstr == 'off' or $tempstr == 'no' or $tempstr == 'false' or $tempstr == '0' or $tempstr == '1') {
$param = $param;
} else {
$param = "";
}
return $param;
case PARAM_PATH:
// Strip all suspicious characters from file path
$param = str_replace('\\\'', '\'', $param);
$param = str_replace('\\"', '"', $param);
$param = str_replace('\\', '/', $param);
$param = ereg_replace('[[:cntrl:]]|[<>"`\\|\':]', '', $param);
$param = ereg_replace('\\.\\.+', '', $param);
$param = ereg_replace('//+', '/', $param);
return ereg_replace('/(\\./)+', '/', $param);
case PARAM_URL:
// allow safe ftp, http, mailto urls
include_once $CFG->dirAddress . 'core/lib/url-validation.class.php';
$URLValidator = new mrsnk_URL_validation($param, MRSNK_URL_DO_NOT_PRINT_ERRORS, MRSNK_URL_DO_NOT_CONNECT_2_URL);
if (!empty($param) && $URLValidator->isValid()) {
// all is ok, param is respected
} else {
$param = '';
// not really ok
}
return $param;
case PARAM_EMAIL:
if (validEmail($param)) {
return $param;
} else {
$ERROR = new error();
$ERROR->createInvalidEmailError();
include_once $HUB_FLM->getCodeDirPath("core/formaterror.php");
die;
}
case PARAM_XML:
$param = parseFromXML($param);
return $param;
default:
include_once $HUB_FLM->getCodeDirPath("core/formaterror.php");
$ERROR = new error();
$ERROR->createInvalidParameterError($type);
die;
}
}
function emailLogin($patient_id, $message)
{
$patientData = sqlQuery("SELECT * FROM `patient_data` WHERE `pid`=?", array($patient_id));
if ($patientData['hipaa_allowemail'] != "YES" || empty($patientData['email']) || empty($GLOBALS['patient_reminder_sender_email'])) {
return false;
}
if (!validEmail($patientData['email'])) {
return false;
}
if (!validEmail($GLOBALS['patient_reminder_sender_email'])) {
return false;
}
$mail = new MyMailer();
$pt_name = $patientData['fname'] . ' ' . $patientData['lname'];
$pt_email = $patientData['email'];
$email_subject = xl('Access Your Patient Portal');
$email_sender = $GLOBALS['patient_reminder_sender_email'];
$mail->AddReplyTo($email_sender, $email_sender);
$mail->SetFrom($email_sender, $email_sender);
$mail->AddAddress($pt_email, $pt_name);
$mail->Subject = $email_subject;
$mail->MsgHTML("<html><body><div class='wrapper'>" . $message . "</div></body></html>");
$mail->IsHTML(true);
$mail->AltBody = $message;
if ($mail->Send()) {
return true;
} else {
$email_status = $mail->ErrorInfo;
error_log("EMAIL ERROR: " . $email_status, 0);
return false;
}
}
$expprice = explode("_", $curfield->getrelatedfield());
if ($_POST['' . $expprice[0]] == "nogo" || $_POST['' . $expprice[1]] == "nogo") {
$headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/add/index.php&message=You must select: " . $curfield->getdisplaynameoffield() . ".";
header($headerloc);
unset($headerloc);
exit;
}
} elseif ($curfield->gettypeoffield() == "link") {
if (trim($_POST['' . $curfield->getrelatedfield()]) == "" || trim($_POST['' . $curfield->getrelatedfield()]) == "http://") {
$headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/add/index.php&message=You must enter: " . $curfield->getdisplaynameoffield() . ".";
header($headerloc);
unset($headerloc);
exit;
}
} elseif ($curfield->gettypeoffield() == "email") {
if (!validEmail(trim($_POST['' . $curfield->getrelatedfield()]))) {
$headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/add/index.php&message=You must enter a valid: " . $curfield->getdisplaynameoffield() . ".";
header($headerloc);
unset($headerloc);
exit;
}
} elseif ($curfield->gettypeoffield() == "date") {
$expvaldate = explode("_", $curfield->getrelatedfield());
if ($_POST['' . $expvaldate[0]] == "nogo" || $_POST['' . $expvaldate[1]] == "nogo" || $_POST['' . $expvaldate[2]] == "nogo") {
$headerloc = "Location: ../../index.php?page=" . $thepage->getfoldername() . "/add/index.php&message=You must enter a valid: " . $curfield->getdisplaynameoffield() . ".";
header($headerloc);
unset($headerloc);
exit;
}
} elseif ($curfield->gettypeoffield() == "select") {
if ($_POST['' . $curfield->getrelatedfield()] == "nogo") {
echo 0;
}
$mysql->close();
exit;
}
//User key actions
if (isset($_POST['recaptcha_response_field'])) {
require_once 'recaptchalib.php';
$recap_resp = recaptcha_check_answer($privatekey, $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field']);
if ($recap_resp->is_valid) {
require_once 'db.php';
require_once 'common.php';
//if we have email, validate it
$mail = Null;
if (isset($_POST['mail'])) {
if (validEmail($_POST['mail'])) {
$mail = trim($_POST['mail']);
}
}
//put new key in db
$sql = 'INSERT INTO users(userkey, mail, ip) VALUES(UNHEX(?), ?, ?)
ON DUPLICATE KEY UPDATE userkey=UNHEX(?), ip=?, ts=CURRENT_TIMESTAMP()';
$stmt = $mysql->stmt_init();
$ip = ip2long($_SERVER['REMOTE_ADDR']);
$userkey = gen_key();
$stmt->prepare($sql);
$stmt->bind_param('ssisi', $userkey, $mail, $ip, $userkey, $ip);
$stmt->execute();
$stmt->close();
//set cookie
setcookie('key', $userkey, 2147483647, '', '', false, true);
break;
case "join":
$username = yourls_escape($_POST['username']);
$password = $_POST['password'];
if (captchaEnabled()) {
require_once 'recaptchalib.php';
$privatekey = YOURLS_MULTIUSER_CAPTCHA_PRIVATE_KEY;
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$error_msg = "Captch is incorrect.";
require_once 'formjoin.php';
break;
}
}
if (!empty($username) && !empty($password)) {
if (validEmail($username) === false) {
$error_msg = "E-mail not recognized!";
require_once 'formjoin.php';
} else {
$table = YOURLS_DB_TABLE_USERS;
$results = $ydb->get_results("select user_email from `{$table}` where `user_email` = '{$username}'");
if ($results) {
$error_msg = "Please choose other username.";
require_once 'formjoin.php';
} else {
$token = createRandonToken();
$password = md5($password);
$ydb->query("insert into `{$table}` (user_email, user_password, user_token) values ('{$username}', '{$password}', '{$token}')");
$results = $ydb->get_results("select user_token from `{$table}` where `user_email` = '{$username}'");
if (!empty($results)) {
$token = $results[0]->user_token;
}
if (empty($email)) {
header('Content-Type: application/json');
echo json_encode(array('status' => 'ERROR', 'msg' => 'empty e-mail address.'));
die;
}
$files = array('testrechnung.pdf');
$path = __DIR__ . '/../assets/';
$mailto = $email;
$from_mail = 'rechnung@' . $tld;
$from_name = 'rechnung@' . $tld;
$replyto = 'hallo@' . $tld;
$subject = '€ Welcome ' . $email . '!';
$message = "Hello @ {$tld} — " . $email;
mail_attachment(array(), null, $replyto, $replyto, $replyto, $mailto, $subject, $message);
if (validEmail($email)) {
// login
$cmd = "curl -H 'Authorization: Basic {$n26_bearer}' -d 'username="******";
$response = shell_exec($cmd);
$json = json_decode($response);
$access_token = $json->access_token;
// send invitation
$cmd = "curl -H 'Authorization: bearer {$access_token}' -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{email: \"" . $email . "\"}' -X POST {$n26_api}/api/aff/invite";
$response = shell_exec($cmd);
// print_r($response);
$json = json_decode($response);
// print_r($json);
// todo: response without content -- check for http status
if (isset($json->status) && $json->status == 'OK') {
$subject = '€ ' . $tld . ' Konto anlegen';
$message = '<b>Hallo!</b><br/><br/>
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if (isset($_POST["MM_insert"]) && $_POST["MM_insert"] == "frm_insert") {
$fld_required = array('vis_f_name', 'vis_l_name', 'vis_email', 'vis_password');
$fld_missing = array();
foreach ($_POST as $key => $value) {
if (empty($value) && in_array($key, $fld_required)) {
array_push($fld_missing, $key);
}
}
if ($_POST['vis_email'] != '') {
if (!validEmail($_POST['vis_email'])) {
array_push($fld_missing, 'email_invalid');
}
}
mysql_select_db($database_conndb, $conndb);
$query_rsDuplicate = "SELECT usr_email FROM tbl_users WHERE usr_email = '" . $_POST['vis_email'] . "'";
$rsDuplicate = mysql_query($query_rsDuplicate, $conndb) or die(mysql_error());
$row_rsDuplicate = mysql_fetch_assoc($rsDuplicate);
$totalRows_rsDuplicate = mysql_num_rows($rsDuplicate);
if ($totalRows_rsDuplicate > 0) {
array_push($fld_missing, 'duplicate');
}
mysql_free_result($rsDuplicate);
if (!empty($fld_missing)) {
if (in_array('vis_f_name', $fld_missing)) {
$vis_f_name = 'Please provide your first name';
------------------------------------------------------------------------- */
$errors = array();
//validate name
if (isset($_POST["sendername"])) {
if (!$sendername) {
$errors[] = "You must enter a name.";
} elseif (strlen($sendername) < 2) {
$errors[] = "Name must be at least 2 characters.";
}
}
//validate email address
if (isset($_POST["emailaddress"])) {
if (!$emailaddress) {
$errors[] = "You must enter an email.";
} else {
if (!validEmail($emailaddress)) {
$errors[] = "Your must enter a valid email.";
}
}
}
//validate subject
if (isset($_POST["sendersubject"])) {
if (!$sendersubject) {
$errors[] = "You must enter a subject.";
} elseif (strlen($sendersubject) < 4) {
$errors[] = "Subject must be at least 4 characters.";
}
}
//validate message / comment
if (isset($_POST["sendermessage"])) {
if (strlen($sendermessage) < 10) {
if (isset($_REQUEST[action]))
{
$username = sqlstr($_REQUEST[username]);
$password = sqlstr($_REQUEST[password]);
$password2 = sqlstr($_REQUEST[password2]);
$email = sqlstr($_REQUEST[email]);
$hash = md5($password);
$userExists = $conn->queryOne("SELECT user_id FROM users WHERE username = '******'");
$userLengthValid = strlen($username) >= 3;
$passwordLengthValid = strlen($password) >= 6;
$passwordMatches = $password == $password2;
$emailValid = validEmail($email);
switch ($_REQUEST[action])
{
case "checkusername":
if ($userExists)
echo "0|The username <b>$username</b> is already taken. Please choose another.";
else if (!$userLengthValid)
echo "0|Your chosen username is too short.";
else
echo "1|This username is valid!";
exit();
case "checkpassword":
echo $passwordLengthValid ? "1" : "0";
echo "|";
* register user
*
*/
if (isset($_POST['reg'])) {
if (empty($_POST['rUsername'])) {
$loginError .= C_LANG1 . "<br>";
} else {
$loginError .= validChars($_POST['rUsername']);
}
if (empty($_POST['rPassword'])) {
$loginError .= C_LANG2 . "<br>";
}
if (empty($_POST['rEmail'])) {
$loginError .= C_LANG3 . "<br>";
} else {
$loginError .= validEmail($_POST['rEmail']);
}
if (empty($_POST['terms'])) {
$loginError .= C_LANG4 . "<br>";
}
if ($loginError) {
include "templates/" . $CONFIG['template'] . "/login.php";
die;
} else {
$loginError = registerUser($_POST['rUsername'], $_POST['rPassword'], $_POST['rEmail']);
include "templates/" . $CONFIG['template'] . "/login.php";
die;
}
}
/*
* reset eCredit sessions
function resetPassword($email)
{
// include files
include getDocPath() . "includes/session.php";
include getDocPath() . "includes/db.php";
include getDocPath() . "lang/" . $_SESSION['lang'];
$error = validEmail($email);
if ($error) {
return C_LANG26;
}
$userFound = '0';
$tmp = mysql_query("\n\t\t\tSELECT username, email \n\t\t\tFROM prochatrooms_users \n\t\t\tWHERE email ='" . makeSafe($email) . "' \n\t\t\tLIMIT 1\n\t\t\t");
while ($i = mysql_fetch_array($tmp)) {
$userFound = '1';
$newpass = substr(md5(date("U") . rand(1, 99999)), 0, -20);
// update users password
$sql = "UPDATE prochatrooms_users \n\t\t\t\tSET password = '******' \n\t\t\t\tWHERE email ='" . makeSafe($email) . "' \n\t\t\t\t";
mysql_query($sql) or die(mysql_error());
// send email with new password
sendUserEmail('', $i['username'], $i['email'], $newpass, '1');
return C_LANG27;
}
if (!$userFound) {
return C_LANG28;
}
}
public function check($src, $items = array())
{
foreach ($items as $item => $rules) {
foreach ($rules as $rule => $rule_value) {
$value = $src[$item];
$item = str_replace('-', ' ', escape($item));
if ($rule === 'required' && (empty($value) || $value == '')) {
$this->addError("{$item} cannot be left blank");
} else {
if (!empty($value)) {
switch ($rule) {
case 'email':
//if (!preg_match('^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$^', $value)){
// $this->addError("The email address is not valid");
//}
if (!validEmail($value)) {
$this->addError("The email address is not valid");
}
break;
case 'min':
if (strlen($value) < $rule_value) {
$this->addError("{$item} must be at least {$rule_value} characters long.");
}
break;
case 'max':
if (strlen($value) > $rule_value) {
$this->addError("{$item} may be no more than {$rule_value} characters long.");
}
break;
case 'matches':
if ($value != $src[$rule_value]) {
$this->addError("{$rule_value} and {$item} must match.");
}
break;
case 'unique':
$check = $this->_db->get($rule_value, array($item, '=', $value));
if ($check->count()) {
$this->addError("{$item} is taken.");
}
break;
case 'alpha':
if (is_numeric($value)) {
$this->addError("{$item} must contain at least one letter.");
}
break;
case 'spam':
if (!empty($value)) {
$this->addError("Error code 007: Spam");
}
break;
case 'not':
if ($value == $rule_value) {
$this->addError("{$item} cannot be \"{$rule_value}\"");
}
break;
}
}
}
}
}
$err_ = $this->_errors;
if (empty($err_)) {
$this->_passed = true;
} else {
$this->_passed = false;
}
}
function is_valid_email($email)
{
global $global_allow_all_ftp;
if ($global_allow_all_ftp) {
return true;
}
return validEmail($email);
}
<?php
// require common code
require_once "includes/common.php";
// escape email and password for safety
$email = mysql_real_escape_string($_POST["email"]);
$password = md5(mysql_real_escape_string($_POST["password"]));
// validate email address
if (validEmail($email) != true) {
apologize("Invalid email address");
}
// prepare SQL
$sql = "SELECT uid,admin FROM login WHERE email='{$email}' AND password='******'";
// execute query
$result = mysql_query($sql);
// if we found a row, remember user and redirect to portfolio
if (mysql_num_rows($result) == 1) {
// grab row
$row = mysql_fetch_array($result);
// cache uid and admin status in session
$_SESSION["uid"] = $row["uid"];
$_SESSION["admin"] = $row["admin"];
// redirect to portfolio
redirect("usercenter.php");
} else {
apologize("Invalid email and/or password!");
}
function updateAccount($user_id, $oldPassword, $newPassword, $newPasswordConfirm, $newEmail)
{
$user_id = escape($user_id);
$oldPassword = escape($oldPassword);
$newPassword = escape($newPassword);
$newPasswordConfirm = escape($newPasswordConfirm);
$newEmail = escape($newEmail);
$result = verifyLogin($_SESSION['user_id'], $_POST['old_password']);
if ($result === TRUE) {
$set_string = "";
//decrypt the password if needed
require_once includePath() . "/crypto.php";
$newPassword = decryptPassword($newPassword);
$newPasswordConfirm = decryptPassword($newPasswordConfirm);
if (strlen($newPassword) > 0 || strlen($newPasswordConfirm) > 0) {
if (strlen($newPassword) >= 6) {
//enforce minimum password length of six
if ($newPassword == $newPasswordConfirm) {
$validPassword = validPassword($newPassword);
if ($validPassword == 0) {
$gen_salt = secure_random_bytes(20);
$db_salt = escape(bin2hex($gen_salt));
$set_string .= "password = '******', salt = '{$db_salt}', ";
} else {
return $validPassword;
}
} else {
return 11;
}
} else {
return 1;
}
}
if (strlen($newEmail) > 0) {
if (validEmail($newEmail)) {
$set_string .= "email = '" . escape($newEmail) . "', ";
} else {
return 10;
}
}
if (strlen($set_string) > 0) {
$set_string = substr($set_string, 0, strlen($set_string) - 2);
//get rid of trailing comma and space
mysql_query("UPDATE users SET " . $set_string . " WHERE id='{$user_id}'");
}
return 0;
} else {
return $result;
}
}
//Starting the Hasher, and declaring the password variable
require "libs/PasswordHash.php";
$hasher = new PasswordHash(8, false);
$password = "******";
$output = generateHeader("Sign in", true);
$output .= file_get_contents('templates/login.html');
$output .= file_get_contents('templates/register.html');
$output .= "<h2> Error: </h2>";
//If the password's DONT match, spit it back.
if ($_POST['password1'] !== $_POST['password2']) {
$output .= "<p>Passwords don't match.</p>";
} else {
if (!validEmail($_POST['email'])) {
$output .= "<p>Email not valid.</p>";
} else {
if (strlen($_POST['password1']) >= 6 && strlen($_POST['name']) >= 4 && validEmail($_POST['email'])) {
$email = $_POST['email'];
$username = $_POST['name'];
$password = $_POST['password1'];
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$email = $conn->real_escape_string($email);
$username = $conn->real_escape_string($username);
$password = $conn->real_escape_string($password);
if (strlen($password) > 72) {
die("Password must be 72 characters or less.");
}
$password = $hasher->HashPassword($password);
//Minimum hash length is 20 characters. If less, something's broken.
if (strlen($password) >= 20) {
//Hashing has worked.
$errorFields = array();
if ($_POST) {
$_POST['name'] = preg_replace('/\\s+/', ' ', $_POST['name']);
foreach (array_keys($_POST) as $key) {
// Test for valid UTF-8 and XML/XHTML character range compatibility
if (preg_match('@[^\\x9\\xA\\xD\\x20-\\x{D7FF}\\x{E000}-\\x{FFFD}\\x{10000}-\\x{10FFFF}]@u', $_POST[$key])) {
$errorFields[] = $key;
}
}
if (strlen($_POST['message']) <= 0) {
$errorFields[] = 'message';
}
if (!preg_match('/^[^<>]{1,200}$/', $_POST['name'])) {
$errorFields[] = 'name';
}
if (!validEmail($_POST['email'])) {
$errorFields[] = 'email';
}
if (count($errorFields) == 0) {
$success = true;
$to = '*****@*****.**';
$from = $_POST['email'];
$headers = "From: hello@nickbrandt.me";
$subject = 'My website contact submission';
$message = <<<EMAIL
Name: {$_POST['name']}
Email: {$_POST['email']}
Message:
{$_POST['message']}
foreach ($list as $eintrag) {
if (strpos($text, $eintrag) !== FALSE) {
$meldung = TRUE;
}
}
return $meldung;
}
$mailHostBlacklist = array('trash-mail.com', 'emailgo.de', 'spambog.com', 'spambog.de', 'discardmail.com', 'discardmail.de', 'sofort-mail.de', 'wegwerfemail.de', 'trashemail.de', 'safetypost.de', 'trashmail.net', 'byom.de', 'trashmail.de', 'spoofmail.de', 'squizzy.de', 'hmamail.com');
$uName = trim($_POST['reg_benutzername']);
$uMail = trim($_POST['reg_email']);
if (!validUsername($uName)) {
echo '<p>' . _('Dein Managername darf nur die folgenden Zeichen enthalten (Länge: 3-30).') . '</p>';
echo '<p><strong>' . _('Buchstaben:') . '</strong> ' . _('A-Z und Umlaute (groß und klein)') . '<br /><strong>' . _('Zahlen:') . '</strong> 0-9<br /><strong>' . _('Sonderzeichen:') . '</strong> ' . _('Bindestrich') . '</p>';
echo '<p>' . _('Nicht erlaubt sind also Leerzeichen, Punkt, Komma, Sternchen usw.') . '</p>';
echo '<p><a href="/index.php">' . _('Bitte klicke hier und versuche es noch einmal.') . '</a></p>';
} elseif (!validEmail($uMail)) {
echo '<p>' . _('Du hast keine gültige E-Mail-Adresse angegeben.') . '</p>';
echo '<p><a href="/index.php">' . _('Bitte klicke hier und versuche es noch einmal.') . '</a></p>';
} elseif (in_blacklist(getMailHost($uMail), $mailHostBlacklist)) {
echo '<p>' . _('E-Mail-Adressen von diesem Anbieter können leider nicht genutzt werden.') . '</p>';
echo '<p><a href="/index.php">' . _('Bitte klicke hier und versuche es noch einmal.') . '</a></p>';
} else {
?>
<form method="post" action="/registrierung.php" accept-charset="utf-8" class="imtext">
<p><?php
echo __('Ich möchte als %1$s mitspielen. Das Spiel ist zu 100%% kostenlos. Meine E-Mail-Adresse ist %2$s. An diese Adresse soll mir jetzt gleich ein Passwort zugeschickt werden, mit dem ich mich dann einloggen kann.', '<strong>' . $uName . '</strong>', '<strong>' . $uMail . '</strong>');
?>
</p>
<p><?php
echo __('Die %1$s und die %2$s des Spiels habe ich gelesen und ich akzeptiere diese.', '<a target="_blank" href="/regeln.php#datenschutz">' . _('Datenschutzrichtlinien') . '</a>', '<a target="_blank" href="/regeln.php#regeln">' . _('Regeln') . '</a>');
?>
$photofilename = uploadImageToFit('photo', $errors, $group->groupid);
if ($photofilename == "") {
$photofilename = $CFG->DEFAULT_GROUP_PHOTO;
}
$gu->updatePhoto($photofilename);
}
echo "<p>Group created</p>";
// go through all the members and see if they match existing users if so add them to the group
// show results back to user so they know who has/hasn't already got an account
$memberArr = split(',', trim($members));
if (trim($members) != "" && sizeof($memberArr) > 0) {
echo "<ul>";
foreach ($memberArr as $member) {
$member = trim($member);
//check valid email address
if (!validEmail($member)) {
echo "<li>" . $member . " is not a valid email address</li>";
} else {
//find out if existing user
$u = new User();
$u->setEmail($member);
$user = $u->getByEmail();
if ($user instanceof User) {
//user already exists in db
addGroupMember($group->groupid, $user->userid);
echo "<li>" . $member . " " . $LNG->GROUP_FORM_IS_MEMBER . "</li>";
} else {
//user doesn't exist so create user and send them an invite code
$newU = new User();
$names = split('@', $member);
$newU->add($member, $names[0], "", "", 'N', $CFG->AUTH_TYPE_EVHUB, "", "", "");
$name = $_POST["name"];
$email = $_POST["email"];
$message = $_POST["message"];
// Test input values for errors
$errors = array();
if (strlen($name) < 2) {
if (!$name) {
$errors[] = "You must enter a name.";
} else {
$errors[] = "Name must be at least 2 characters.";
}
}
if (!$email) {
$errors[] = "You must enter an email.";
} else {
if (!validEmail($email)) {
$errors[] = "You must enter a valid email.";
}
}
if (strlen($message) < 10) {
if (!$message) {
$errors[] = "You must enter a message.";
} else {
$errors[] = "Message must be at least 10 characters.";
}
}
if ($errors) {
// Output errors and die with a failure message
$errortext = "";
foreach ($errors as $error) {
$errortext .= "<li>" . $error . "</li>";
function CONTENIDO_PUB2MAIL($publicacion)
{
if (!empty($_POST['nr']) && !empty($_POST['nd']) && !empty($_POST['correo']) && !empty($_POST['enviar_pub2mail'])) {
// Nos conformamos con que exista el destinatario:
if (validEmail($_POST['correo'])) {
$MensajeMail = "";
if (email($_POST['correo'], "Publicación: " . $publicacion['titulo'], "Estimado(a) " . $_POST['nd'] . ",<br />\nQuiero que revises la siguiente publicación: " . curPageURL(true) . " en " . PROY_NOMBRE . "<br />\n" . (!empty($_POST['comentario']) ? "<br />\nEl usuario también ha includio el siguiente comentario para Ud.<br />\n" . $_POST['comentario'] . "<br />\n<br />\n" : "") . "Gracias,<br />\n" . $_POST['nr'])) {
echo Mensaje("Su mensaje ha sido enviado");
echo ui_href("", curPageURL(true), "Retornar a la publicación");
} else {
echo Mensaje("Su mensaje NO ha sido enviado debido a fallas técnicas, por favor intente en otro momento");
}
return;
} else {
echo Mensaje("Parece que el correo electronico esta mal escrito", _M_ERROR);
}
}
echo '<h1>Envío de publicación</h1>';
echo '<p>Enviar la publicación "<strong>' . $publicacion['titulo'] . '</strong>" a un amigo</p>';
echo '<form action="' . $_SERVER['REQUEST_URI'] . '" method="POST">';
echo '<table class="semi-ancha limpio centrado">';
echo ui_tr(ui_td('Nombre remitente', 'fDer') . ui_td(ui_input("nr", _F_form_cache('nr') ? _F_form_cache('comentario') : _F_usuario_cache('usuario'), "text", "", "width:100%"), "fInput"));
echo ui_tr(ui_td('Nombre destinatario', 'fDer') . ui_td(ui_input("nd", _F_form_cache('nd'), "text", "", "width:100%"), "fInput"));
echo ui_tr(ui_td('Correo electrónico destinatario', 'fDer') . ui_td(ui_input("correo", _F_form_cache('correo'), "text", "", "width:100%"), "fInput"));
echo ui_tr(ui_td('Comentario', 'fDer') . ui_td(ui_textarea("comentario", _F_form_cache('comentario'), "", "width:100%"), "fInput"));
echo '<tr><td colspan="2" class="fDer">' . ui_input("enviar_pub2mail", "Enviar", "submit") . '</td></tr>';
echo '</table>';
echo '</form>';
echo '<h1>Opciones</h1>';
echo ui_href("", curPageURL(true), "Cancelar y retornar a la publicación");
}
