function display_date_range_selector($athlete_id, $start, $end)
{
# $monthago=date("j/n/Y",strtotime($start));
# $nextweek=date("j/n/Y",strtotime($end));
$start = validate_date($start, "eu", "eu");
$end = validate_date($end, "eu", "eu");
echo <<<ENDHTML
<form action=view_log.php method=post >
Select Date range:
From <input type=text id=cal1_container name=startdate value="{$start}" >
to <input type=text id=cal2_container name=enddate value="{$end}" >
<input type=submit value=Go>
<input type=hidden name=athlete_id value={$athlete_id} >
</form>
<!-- <TD>
Experimental links:
<a href=my_event_calendar.php > My Event Calendar </a>
<a href=my_training_plan.php> My Training Plan</a>
<a href=my_training_plan.php> My Training Plan</a>
</TD>
</TR>
-->
ENDHTML;
}
protected function _post_args($key, $type = ARGS_TYPE_STRING, $default = '', $params = array())
{
$value = '';
$post_default = '';
$key_exist = array_key_exists($key, $_POST);
$override = array_key_exists('override', $params) ? $params['override'] : FALSE;
$entities_to_ascii = array_key_exists('entities_to_ascii', $params) ? $params['entities_to_ascii'] : FALSE;
$gtzero = array_key_exists('gtzero', $params) ? $params['gtzero'] : TRUE;
switch ($type) {
case ARGS_TYPE_STRING:
$post_default = $override ? $default : '';
$value = $key_exist ? $this->input->post($key, TRUE) ? $this->input->post($key, TRUE) : $post_default : $default;
if ($entities_to_ascii) {
$value = entities_to_ascii($value);
}
break;
case ARGS_TYPE_INT:
$default = validate_integer($default) ? to_int($default) : 0;
$post_default = $override ? $default : 0;
$value = $key_exist ? ($value = $this->input->post($key)) && gtzero_integer($value) ? to_int($value) : $post_default : $default;
break;
case ARGS_TYPE_TRUE_FALSE:
$default = validate_integer($default) ? gtzero_integer($default) ? TRUE : FALSE : FALSE;
$post_default = $override ? $default : FALSE;
$value = $key_exist ? ($value = $this->input->post($key)) && ($gtzero && gtzero_integer($value) || !$gtzero && validate_integer($value)) ? TRUE : $post_default : $default;
break;
case ARGS_TYPE_ARRAY:
$value = $key_exist ? ($value = $this->input->post($key)) && is_array($value) ? $value : array() : (is_array($default) ? $default : array());
break;
case ARGS_TYPE_DECIMAL:
$default = gtzero_decimal($default) ? to_float($default) : 0;
$post_default = $override ? $default : 0;
$value = $key_exist ? ($value = $this->input->post($key)) && gtzero_decimal($value) ? to_float($value) : $post_default : $default;
break;
case ARGS_TYPE_DATE:
$default = validate_date($default) ? $default : '';
$post_default = $override ? $default : '';
$value = $key_exist ? ($value = $this->input->post($key)) && validate_date($value) ? $value : $post_default : $default;
break;
case ARGS_TYPE_DATETIME:
$default = validate_datetime($default) ? $default : '';
$post_default = $override ? $default : '';
$value = $key_exist ? ($value = $this->input->post($key)) && validate_date($value) ? $value : $post_default : $default;
break;
default:
$post_default = $override ? $default : '';
$value = $key_exist ? $this->input->post($key, TRUE) ? $this->input->post($key, TRUE) : $post_default : $default;
break;
}
unset($post_default);
return $value;
}
protected function execute(InputInterface $input, OutputInterface $output)
{
$app = $this->app;
$yaml = new Parser();
$dir = Migration::getDirectory();
$files = Migration::getUnMigratedFiles($app);
$output = Output::style($output);
$total = count($files);
$helper = $this->getHelper('question');
if ($total == 0) {
$output->writeln('<error>No new files to be migrated.</error>');
return;
}
$output->writeln('<highlight>Migration will run the following files:</highlight>');
foreach ($files as $file) {
$output->writeln("<info>- {$file}</info>");
}
$question = new ConfirmationQuestion('<question>Are you sure you want to proceed? (Y/n):</question> ', false);
if (!$helper->ask($input, $output, $question)) {
return;
}
foreach ($files as $file) {
$output->writeln("<info>- Migrating ({$file})</info>");
$content = $yaml->parse(file_get_contents($dir . '/' . $file));
$up = explode(';', trim($content['up']));
$up = array_filter($up);
$date = element('date', $content);
$author = element('author', $content);
$changelog = element('changelog', $content);
$dateFormat = validate_date($date);
$fileFormat = Migration::validateFileFormat($file);
if (!$fileFormat) {
$output->writeln('<error>Invalid file format.</error>');
return;
} elseif (!$dateFormat) {
$output->writeln('<error>Invalid date (YYYY-mm-dd HH:mm:ss).</error>');
return;
} elseif (!$author) {
$output->writeln('<error>Invalid author.</error>');
return;
} elseif (!$changelog) {
$output->writeln('<error>Invalid changelog.</error>');
return;
}
foreach ($up as $query) {
$app['db']::statement(trim($query));
}
$info = Migration::getFileInfo($file);
$app['db']->table('migrations')->insert(['version' => $info['version'], 'author' => $author, 'filename' => $file, 'changelog' => $changelog, 'created_at' => $date, 'updated_at' => new \DateTime()]);
}
}
$seconds = array(convert_time_seconds($duration[0]), convert_time_seconds($duration[1]), convert_time_seconds($duration[2]), convert_time_seconds($duration[3]));
$distance = array($_POST["s_distance"], $_POST["b_distance"], $_POST["r_distance"], 0);
$notes = array($_POST["s_notes"], $_POST["b_notes"], $_POST["r_notes"], $_POST["str_notes"]);
$min_hr = array($_POST["s_min_hr"], $_POST["b_min_hr"], $_POST["r_min_hr"], 0);
$avg_hr = array($_POST["s_avg_hr"], $_POST["b_avg_hr"], $_POST["r_avg_hr"], 0);
$max_hr = array($_POST["s_max_hr"], $_POST["b_max_hr"], $_POST["r_max_hr"], 0);
$avg_rpms = $_POST["avg_rpms"];
$calsburned = array($_POST["s_calsburned"], $_POST["b_calsburned"], $_POST["r_calsburned"], 0);
$updatingswim = $_POST["updatingswim"];
$updatingbike = $_POST["updatingbike"];
$updatingrun = $_POST["updatingrun"];
$updatingblognotes = $_POST["updatingblognotes"];
$blog_notes = $_POST["blog_notes"];
for ($i = 0; $i < 3; $i++) {
// Validate data.
if (!validate_date($workout_date[$i])) {
$error[$i] = true;
}
if (!validate_time($workout_time[$i])) {
$error[$i] = true;
}
if (!validate_time($duration[$i])) {
$error[$i] = true;
}
if (!validate_distance($distance[$i])) {
$error[$i] = true;
}
if (!validate_notes($notes[$i])) {
$error[$i] = true;
}
if (!validate_heartrate($min_hr[$i])) {
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
require "headers.php";
$search_phase = mysql_escape_string($_POST['query']);
// for normal search
$next_link = $_GET['a'];
// for pagination
$predefined = $_GET['b'];
// for predefined
if ($predefined) {
$search_phase = decode_predefined($predefined, $token, $url_key);
}
// for predefined
if ($next_link) {
$s_variables = decode_search_url($next_link, $token, $url_key);
$tslice_next = validate_date($s_variables[tslice]);
$search_phase = $s_variables[search_phase];
$offset_arch = $s_variables[offset_arch];
$offset_day = $s_variables[offset_day];
$tag_count = $s_variables[tag_count];
}
if ($tag_count == "t") {
$start_from = $offset_day;
}
$plain_phase = $search_phase;
// fix me
include "upper.php";
//need to initialize counter here
$r = 0;
// we need to rewrite this part internaly...
if (!$search_phase) {
return '';
}
//error msgs - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - -
$image_type_error = "No valid image was selected. File must be of type gif, jpeg, png or bmp.";
$chars_error = "Please do not use symbols or special characters.";
$invalid_title_error = "Invalid Title.";
$invalid_title_error .= $chars_error;
$invalid_description_error = "Invalid description.";
$invalid_description_error .= $chars_error;
$invalid_date = "Invalid Date.";
$impossible_event_date = "The chosen date has already passed.";
//verify if input is valid - - - - - - - - - - - - - - - - - - - - - - - -
//validate date
$event_date = date("Y-m-d", strtotime($_POST['event_date']));
$current_datetime = date("Y-m-d H:i:s");
if (!validate_date($event_date)) {
header("Location: create_event.php?errorMsg=" . urlencode($invalid_date));
return '';
}
if (strtotime($event_date) - strtotime($current_datetime) < 0) {
header("Location: create_event.php?errorMsg=" . urlencode($impossible_event_date));
return '';
}
//validate image
$image_type = exif_imagetype($_FILES['image']['tmp_name']);
if ($image_type == null) {
header("Location: create_event.php?errorMsg=" . urlencode($image_type_error));
return '';
}
$file_extension;
switch ($image_type) {
$active = isset($_POST['active']) && $_POST['active'] == 'on';
// validate input
$valid = true;
if (empty($title)) {
$title_error = 'Please enter Title';
$valid = false;
}
if (empty($url)) {
$url_error = 'Please enter URL';
$valid = false;
}
if (empty($uploaded_on)) {
$uploaded_on_error = 'Please enter Upload Date';
$valid = false;
}
if (!validate_date($uploaded_on)) {
$uploaded_on_error = 'Please enter upload date in format YYYY-MM-dd';
$valid = false;
}
// insert data
if ($valid) {
// first check if we already have this url
$sql = "SELECT title FROM bayans WHERE url = '{$url}'";
$already_saved = false;
foreach ($PDO->query($sql) as $row) {
$existing_url_for_title = $row['title'];
$already_saved = true;
break;
}
if (!$already_saved) {
$PDO->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
require "headers.php";
include "upper.php";
print '<h2>' . $trash_name[$lang] . '</h2>';
print '<small>' . $trash_desc[$lang] . '</small></h2>';
$action = $_GET['a'];
// decompose link
$variables = decode_url2($action, $token, $url_key);
$tslice = $variables[tslice];
$talker = $variables[talker];
$server = $variables[server];
$action = $variables[action];
$lnk = $variables[lnk];
// validation
$talker = mysql_escape_string($talker);
$server = mysql_escape_string($server);
if (validate_date($tslice) == "f") {
unset($action);
$unset($tslice);
}
if ($action == "undelete") {
if (undo_deleted_chat($talker, $server, $user_id, $tslice, $xmpp_host, $lnk) == "t") {
$back_link = "{$tslice}@{$talker}@{$server}@";
$back_link = encode_url($back_link, $token, $url_key);
print '<center><div style="background-color: #fad163; text-align: center; font-weight: bold; width: 200pt;">' . $undo_info[$lang] . '<br>';
print '<a href="' . $view_type . '?a=' . $back_link . '" style="color: blue;">' . $trash_vit[$lang] . '</a></div></center><br>';
} else {
unset($talker);
print '<center><div style="background-color: #fad163; text-align: center; font-weight: bold; width: 200pt;">';
print 'Unusual error accured during processing your request. Please report it (Code:JUF).</div></center>';
}
}
} else {
$valid_name = 1;
}
if (!validate_cost($amount)) {
error_message("Amount can't be blank!");
$valid_amount = 0;
} else {
$valid_amount = 1;
}
if (!validate_date($sdate)) {
error_message("Start date can't be blank!");
$valid_sdate = 0;
} else {
$valid_sdate = 1;
}
if (!validate_date($edate)) {
error_message("End date can't be blank!");
$valid_edate = 0;
} else {
$valid_edate = 1;
}
if ($valid_name && $valid_discount && $valid_amount && $valid_sdate && $valid_edate) {
//add it!
$addcoupon_query = "call couponAdd( '{$name}', '{$amount}', '{$sdate}', '{$edate}' )";
if ($dbconn->query("{$addcoupon_query}")) {
//Now, link the coupon the the product in the tbl_ProductCoupon table
$addcoupon_id_query = "SELECT LAST_INSERT_ID()";
$addcoupon_id_query_result = $dbconn->query("{$addcoupon_id_query}");
while ($row = mysqli_fetch_array($addcoupon_id_query_result)) {
$coupon_id = $row['LAST_INSERT_ID()'];
}
}
if (isset($_POST['imdb_rating'])) {
$imdb_rating = fix_string($_POST['imdb_rating']);
}
if (isset($_POST['rating'])) {
$rating = fix_string($_POST['rating']);
}
if (isset($_POST['date'])) {
$date = fix_string($_POST['date']);
}
$fail = validate_title($title);
$fail .= validate_director($director);
$fail .= validate_year($year);
$fail .= validate_rating($rating);
$fail .= validate_imdb_rating($imdb_rating);
$fail .= validate_date($date);
if ($fail == '') {
$connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
$ti_temp = mysql_entities_fix_string($connection, $title);
$di_temp = mysql_entities_fix_string($connection, $director);
$ye_temp = mysql_entities_fix_string($connection, $year);
$im_temp = mysql_entities_fix_string($connection, $imdb_rating);
$ra_temp = mysql_entities_fix_string($connection, $rating);
$da_temp = mysql_entities_fix_string($connection, $date);
if (isset($_POST['entry_id'])) {
$ei_temp = mysql_entities_fix_string($connection, $_POST['entry_id']);
$query = "UPDATE movies SET title='{$ti_temp}', director='{$di_temp}', year='{$ye_temp}',\n imdb_rating='{$im_temp}', rating='{$ra_temp}', date='{$da_temp}'\n WHERE user_id='{$user_id}' AND entry_id='{$ei_temp}'";
} else {
$query = "INSERT INTO movies(title, director, year, imdb_rating, rating, date, user_id)\n VALUES('{$ti_temp}', '{$di_temp}', '{$ye_temp}', '{$im_temp}', '{$ra_temp}', '{$da_temp}',\n '{$user_id}')";
}
$result = $connection->query($query);
<tr><td height="57"><a href="' . $view_type . '"><img src="img/' . $brand_logo . '" alt="logo" border="0"></a></td></tr>
<tr><td valign="top" height="35"><form action="search_v2.php" method="post">
<input id="t_search" type="text" name="query" class="cc" value="' . htmlspecialchars(stripslashes($search_phase)) . '">
');
if ($search_loc == 1) {
if (isset($_GET[c])) {
$enc->decrypt_url($_GET['c']);
$time2_start = $enc->time_start;
$time2_end = $enc->time_end;
} else {
$time2_start = $_POST[time2_start];
$time2_end = $_POST[time2_end];
if (validate_date($time2_start) === false) {
unset($time2_start);
}
if (validate_date($time2_start) === false) {
unset($time2_end);
}
}
if ($time2_start and $time2_end) {
if (strtotime("{$time2_start}") > strtotime("{$time2_end}")) {
$alert = $time_range_w[$lang];
unset($search_phase);
}
}
$db->get_uniq_chat_dates();
$result = $db->result;
foreach ($result as $row) {
$r++;
$to_tble[$r] = $row[at];
}
if ($tslice != "") {
list($y, $m, $selected) = split("-", $tslice);
$mo = "{$y}-{$m}";
} else {
if (isset($left)) {
$mo = $left;
}
if (isset($right)) {
$mo = $right;
}
}
if (!isset($mo)) {
$mo = date("Y-n");
}
// validate mo if fail, silently fallback to current date
if (validate_date($mo . "-1") === false) {
unset($tslice);
unset($e_string);
unset($talker);
$mo = date("Y-m");
}
// master div
$html->set_body('<div>');
// calendar div
if ($talker) {
$float = "left;";
} else {
$float = "none;";
}
// select list
$db->get_user_stats_drop_down();
} else {
$valid_discount = 1;
}
if (!validate_cost($amount)) {
error_message("Check entry for amount<br/>");
$valid_amount = 0;
} else {
$valid_amount = 1;
}
if (!validate_date($startdate)) {
error_message("Check entry for start date<br/>");
$valid_startdate = 0;
} else {
$valid_startdate = 1;
}
if (!validate_date($enddate)) {
error_message("Check entry for end date<br/>");
$valid_enddate = 0;
} else {
$valid_enddate = 1;
}
// we should be validated at this point
if ($valid_name && $valid_discount && $valid_amount && $valid_startdate && $valid_enddate) {
$update_query = "UPDATE tbl_Coupon SET name='{$name}', amount='{$amount}', startDate='{$startdate}',endDate='{$enddate}' WHERE couponId='{$selectcoupon}'";
//run the query and report the result.
if ($dbconn->query("{$update_query}")) {
ok_message("Coupon updated!");
} else {
error_message("Something went wrong");
}
} else {
/**
* Validation of a date/time which checks if the string passed is a valid date and time.
* **Allowed date formats**
*
* - `d-m-y` 31-12-2014 separators can be a period, dash, forward slash, but not allow space
* - `m-d-y` 12-31-2014 separators can be a period, dash, forward slash, but not allow space
* - `y-m-d` 2014-12-31 separators can be a period, dash, forward slash, but not allow space
*
* @param string $value The date/time string being checked
* @param string $dateFormat The date format only to be validated against. Default is y-m-d for 2014-12-31.
* @param string $timeFormat The time format: 12, 24 or both
*
* @return bool TRUE on success; FALSE on failure
*/
function validate_datetime($value, $dateFormat = 'y-m-d', $timeFormat = 'both')
{
if (empty($value)) {
return true;
}
$value = trim($value);
$generalPattern = '/^([\\d]{1,4}[-\\/.][\\d]{1,2}[-\\/.][\\d]{1,4})(\\s+.{4,}\\s*(am|pm)?)$/i';
if (preg_match_all($generalPattern, $value, $matches)) {
$date = $matches[1][0];
$time = $matches[2][0];
return validate_date($date, $dateFormat) && validate_time($time, $timeFormat);
} else {
return false;
}
}
}
if (!validate_text(1, htmlspecialchars($_POST['logonname']))) {
error_message("Check entry for logon username");
$valid_logon = 0;
} else {
$username = htmlspecialchars($_POST['logonname']);
$valid_logon = 1;
}
if (!validate_password(htmlspecialchars($_POST['password']))) {
error_message("Check entry for password");
$valid_password = 0;
} else {
$password = htmlspecialchars($_POST['password']);
$valid_password = 1;
}
if (!validate_date(htmlspecialchars($_POST['hiredate']))) {
error_message("Check entry for hire date");
$valid_hiredate = 0;
} else {
$hiredate = htmlspecialchars($_POST['hiredate']);
$valid_hiredate = 1;
}
// we should be validated at this point
if ($valid_fname && $valid_lname && $valid_logon && $valid_password && $valid_hiredate) {
//hash the password
$password = md5($password);
$admin = $_POST['role'];
$add_query = "call employeeAdd('{$username}', '{$password}', '{$firstname}', '{$lastname}', '{$admin}', '{$hiredate}')";
//run the query and report the result.
if ($dbconn->query("{$add_query}")) {
ok_message("User added!");
// Return FALSE if there aren't 3 items:
if (count($array) != 3) {
return false;
}
// Return FALSE if it's not a valid date:
if (!checkdate($array[0], $array[1], $array[2])) {
return false;
}
// Return the array:
return $array;
}
// End of validate_date() function.
// Check for a form submission:
if (isset($_POST['start'], $_POST['end'])) {
// Call the validation function on both dates:
if ((list($sm, $sd, $sy) = validate_date($_POST['start'])) && (list($em, $ed, $ey) = validate_date($_POST['end']))) {
// If it's okay, adjust the DateTime objects:
$start->setDate($sy, $sm, $sd);
$end->setDate($ey, $em, $ed);
// The start date must come first:
if ($start < $end) {
// Determine the interval:
$interval = $start->diff($end);
// Print the results:
echo "<p>The event has been planned starting on {$start->format($format)} and ending on {$end->format($format)}, which is a period of {$interval->days} day(s).</p>";
} else {
// End date must be later!
echo '<p class="error">The starting date must precede the ending date.</p>';
}
} else {
// An invalid date!
/**
* Change date format
*
* @param string $date
* @param string $formatFrom d-m-Y
* @param string $formatTo Y-m-d
* @return string
*/
function change_date_format($date, $formatFrom, $formatTo)
{
if (!$date || !validate_date($date, $formatFrom)) {
return '';
}
return \DateTime::createFromFormat($formatFrom, $date)->format($formatTo);
}
if ($process_id == "2") {
// remove first seq as this is always request_id...
array_shift($_POST);
// control
$num = count($_POST);
$i = 0;
while (array_keys($_POST)) {
$i++;
$enc_data = array_shift($_POST);
// decompose data
$variables = decode_url2($enc_data, $token, $url_key);
$tslice = $variables[tslice];
$talker = $variables[talker];
$server = $variables[server];
// validate
if (validate_date($tslice) == "f" or !ctype_digit($talker) or !ctype_digit($server)) {
print '<div class="message" style="width: 400px;">';
print $ajax_error[$lang] . '<br><a href="#" onClick="$(\'#fav_result\').fadeOut(\'slow\');" ><u>' . $fav_discard[$lang] . '</u></a></div>';
exit;
}
$query = "delete from jorge_favorites where owner_id='{$user_id}' and peer_name_id='{$talker}' and peer_server_id='{$server}' and tslice='{$tslice}'";
mysql_query($query);
// stop on any error
if (mysql_errno() > 0) {
print '<div class="message" style="width: 400px;">';
print $ajax_error[$lang] . '<br><a style="font-weight: normal;" href="#" onClick="$(\'#fav_result\').fadeOut(\'slow\');" ><u>' . $fav_discard[$lang] . '</u></a>';
print '</div><br>';
exit;
}
}
if ($i == $num and $num != 0) {
function is_time_format($timeFormatString)
{
return validate_date($timeFormatString, 'H:i:s');
}
print '<input id="t_search" type="text" name="query" class="cc" value="' . $search_phase . '">' . "\n";
if ($search_loc == 1) {
if (isset($_GET[c])) {
$trange_from_get = $_GET[c];
$time2s = decode_trange($trange_from_get, $token, $url_key);
$time2_start = $time2s[0];
$time2_end = $time2s[1];
} else {
$time2_start = $_POST[time2_start];
$time2_end = $_POST[time2_end];
}
if ($time2_start or $time2_end) {
if (validate_date($time2_start == "f")) {
unset($time2_start);
}
if (validate_date($time2_start == "f")) {
unset($time2_end);
}
if ($time2_start and $time2_end) {
if (strtotime("{$time2_start}") > strtotime("{$time2_end}")) {
$alert = $time_range_w[$lang];
unset($search_phase);
}
}
}
$result = db_q($user_id, $server, $tslice_table, $talker, $search_p, 1, $offset_arch, $xmpp_host);
while ($results = mysql_fetch_array($result)) {
$r++;
$to_tble[$r] = $results[at];
}
print '<select class="cc" name="time2_start" style="text-align: center;">' . "\n";
function startElement($parser, $name, $attrs)
{
global $all_data, $CVE, $debug, $output, $insert, $vendor, $vendors, $product, $products, $vers, $count_entries, $desc_type, $html_output, $vendor_array;
if ($debug) {
echo "processing tag named '{$name}'\n";
}
//
// the switch statement should enumerate all of the possible name tags.
// State is kept using global variables, so that nested tags can
// access their context.
//
switch ($name) {
case 'ENTRY':
$count_entries++;
// get name and publication date
$CVE = validate_CVE($attrs['NAME']);
$published = validate_date($attrs['PUBLISHED']);
$CVSS_score = '';
$severity = '';
$CVSS_base = '';
$custom_severity = '';
if (isset($attrs['CVSS_SCORE'])) {
$CVSS_score = $attrs['CVSS_SCORE'];
}
if (isset($attrs['SEVERITY'])) {
$severity = $attrs['SEVERITY'];
}
if (isset($attrs['CVSS_BASE_SCORE'])) {
$CVSS_base = $attrs['CVSS_BASE_SCORE'];
}
//assign custom severity here
//example:
if (floatval($CVSS_base) > 4) {
$custom_severity = 'HIGH';
} else {
if (floatval($CVSS_base) > 3) {
$custom_severity = 'MEDIUM';
} else {
$custom_severity = 'LOW';
}
}
$vendors = '';
$products = '';
$versions = '';
// other attributes, such as severity, are available
// see http://nvd.nist.gov/download/nvdcve-xmldoc.cfm
if ($debug) {
echo "found CVE entry {$CVE} with publication date " . $attrs['PUBLISHED'] . "\n";
}
if ($output) {
if ($html_output) {
echo "\"<a href = \"http://web.nvd.nist.gov/view/vuln/detail?vulnId={$CVE}\">{$CVE}</a>\",";
} else {
echo "\"{$CVE}\",";
}
echo "\"{$published}\",\"{$CVSS_score}\",\"{$severity}\",\"{$custom_severity}\",";
}
break;
case 'DESCRIPT':
// if there ever was more than one type of description
// remember which source with a global
// NVD or CVE
$desc_type = $attrs['SOURCE'];
// reset data accumulator
$all_data = '';
// need to wait for end tag to get contents
//if ($output) {
// echo "\"$desc_type\",";
//}
break;
case 'PROD':
$vendor = $attrs['VENDOR'];
$product = $attrs['NAME'];
$vendor_array = '';
$vers = '';
if ($CVE == '') {
echo "error, no CVE number";
die;
}
if ($debug) {
echo "found vendor {$vendor}";
echo " found product {$product}\n";
}
if ($vendor == "") {
// this happens
echo "NVD integrity alert: no vendor for product {$product}, CVE is {$CVE}\n";
}
if ($product == "") {
echo "NVD integrity alert: no product, CVE is {$CVE}\n";
}
if ($output) {
$vendor_array .= "{$vendor} - {$product};";
//$products .= $product;
echo "\"{$vendor}\",\"{$product}\",";
}
break;
case 'LOSS_TYPES':
break;
case 'VULNS_TYPES':
break;
case 'REF':
// source, url, etc...
if ($debug) {
echo " reference from " . $attrs['SOURCE'];
echo " is available at " . $attrs['URL'];
echo "\n";
}
$all_data = '';
// need to wait for end tag to get contents
#if ($output) {
# echo "\"" . $attrs['SOURCE'] . "\",\"" . $attrs['URL'] . "\",";
#}
break;
case 'VERS':
if (isset($attrs['NUM'])) {
$vers .= $attrs['NUM'];
}
if (isset($attrs['EDITION'])) {
$vers .= ' ' . $attrs['EDITION'];
}
if ($debug) {
echo " version " . $attrs['NUM'];
echo " of product {$product} is vulnerable\n";
}
if ($output) {
echo "\"{$vers}\",";
}
break;
case '':
break;
}
}
function validate_form_data($details, $columns)
{
# Validate Form Data
# check Date fields
foreach ($details as $column) {
# Get Form Data
${$column} = $columns[$column];
# if a field has been left blank then remove it from the columns list
# prevents attempts to add a null value to a not null field type
# (eg. integer). Will have to add an extra check for mandatory fields tba.
if ("X{${$column}}" == "X") {
unset($columns[$column]);
# Skip the rest of this foreach loop
continue;
}
$query = "SELECT {$column} from log limit 1";
#$result = pg_query($query) or die('Query failed: ' . pg_last_error());
$result = do_sql($query);
$type = pg_field_type($result, 0);
// Check some specific columns
// Distance: if not set then set to zero
switch ($column) {
case "distance":
if ("X{$columns[$column]}" == "X") {
$columns[$column] = 0;
} elseif (preg_match("/\\s*(\\d+\\.?\\d*)\\s*(\\w*)\\s*/", $columns[$column], $parts)) {
#$parts = $matches[0];
$units = array("km", "m", "miles", "mi");
if (in_array($parts[2], $units)) {
$columns[$column] = $parts[1];
$columns["distance_units"] = $parts[2];
} else {
$columns[$column] = $parts[1];
}
}
break;
}
// Check that all field entries are valid for their data type.
switch ($type) {
case "date":
if ($formatted_date = validate_date(${$column}, "eu", "eu")) {
#${$column}=$formatted_date ;
$columns[$column] = $formatted_date;
} else {
bad_data($column, $type, $columns[$column]);
}
break;
case "interval":
if ($formatted_interval = validate_interval(${$column})) {
#${$column}=$formatted_interval ;
$columns[$column] = $formatted_interval;
} else {
bad_data($column, $type, $columns[$column]);
}
break;
case "bool":
if ("X{$columns[$column]}" == "X") {
// if blank then assume false.
$columns[$column] = "n";
} elseif (!validate_boolean(${$column})) {
bad_data($column, $type, $columns[$column]);
}
break;
case "int4":
if (is_int(intval($columns[$column])) || $columns[$column] == 0) {
$columns[$column] = intval($columns[$column]);
} else {
bad_data($column, $type, $columns[$column]);
}
break;
case "float4":
if (is_numeric($columns[$column])) {
break;
} else {
bad_data($column, $type, $columns[$column]);
}
break;
case "text":
# Might want to limit length here
break;
}
}
// return the array of corrected columns
return $columns;
## END OF FUNCTION
}
$sql = "update project p set owner_id={$owner_id} where prj_id={$prj_id}";
$resultSet = $dbConn->Execute($sql);
}
// update
if ($validator_clearance) {
if (isset($_POST['bsubmit']) && isset($_POST['prj_id']) && isset($_POST['afko']) && isset($_POST['project_description']) && isset($_POST['year'])) {
if (isset($_POST['comment'])) {
$comment = pg_escape_string($_POST['comment']);
} else {
$comment = '';
}
$description = $_POST['project_description'];
$afko = trim($_POST['afko']);
$year = $_POST['year'];
$course = $_POST['course'];
$valid_until = validate_date($_POST['valid_until']);
if ($_POST['bsubmit'] == 'Update' && isset($_POST['prj_id'])) {
$sql = "begin work;\n" . "update project set prj_id={$prj_id}, afko='{$afko}', description='{$description}',\n" . "year={$year}, comment='{$comment}', valid_until='{$valid_until}',course={$course}\n" . "where prj_id={$prj_id} and owner_id='{$peer_id}';";
if (isset($_POST['activity_project'])) {
$sql .= "insert into activity_project select {$prj_id} where {$prj_id} not in (select prj_id from activity_project);\n";
} else {
$sql .= "delete from activity_project where prj_id={$prj_id};\n";
}
$sql .= "commit;\n";
$resultSet = $dbConn->Execute($sql);
if ($resultSet === false) {
die("<br>Cannot update project values with " . $sql . " reason " . $dbConn->ErrorMsg() . "<br>");
}
$_SESSION['prj_id'] = $prj_id;
}
}
function load_the_form()
{
$html = '';
//check if exitst
if (isset($_POST['lessons-id'])) {
//validate
if (get_posts($_POST['lessons-id'])) {
//update or add database
if (get_option('namaste_csv_lesson_id')) {
update_option('namaste_csv_lesson_id', $_POST['lessons-id']);
} else {
add_option('namaste_csv_lesson_id', $_POST['lessons-id']);
}
} else {
//error msg
$html .= '<p style="color:red;font-weight:bold;">' . __('Either lesson id is not in the data base or it is not a number.', 'namaste-csv') . '</p>';
}
}
//check if exitst
if (isset($_POST['namaste_csv_start_date'])) {
//validate
if (validate_date($_POST['namaste_csv_start_date'])) {
//update database
if (get_option('namaste_csv_start_date')) {
update_option('namaste_csv_start_date', $_POST['namaste_csv_start_date']);
} else {
add_option('namaste_csv_start_date', $_POST['namaste_csv_start_date']);
}
} else {
//error msg
$html .= '<p style="color:red;font-weight:bold;">' . __('Incorrect date or date format.', 'namaste-csv') . '</p>';
}
}
if (isset($_POST['namaste_csv_end_date'])) {
if (validate_date($_POST['namaste_csv_end_date'])) {
//update database
if (get_option('namaste_csv_end_date')) {
update_option('namaste_csv_end_date', $_POST['namaste_csv_end_date']);
} else {
add_option('namaste_csv_end_date', $_POST['namaste_csv_end_date']);
}
} else {
//error msg
$html .= '<p style="color:red;font-weight:bold;">' . __('Incorrect date or date format.', 'namaste-csv') . '</p>';
}
}
$html .= "<form method='post'>";
$html .= "<label for='lessons-id'>" . __('Lessons id', 'namaste-csv') . "</br><input type='number' name='lessons-id' id='lessons-id' value='" . get_option('namaste_csv_lesson_id') . "'></label></br>";
$html .= "<label for='namaste_csv_start_date'>" . __('Lessons start date', 'namaste-csv') . "</br><input type='text' name='namaste_csv_start_date' id='namaste_csv_start_date' value='" . get_option('namaste_csv_start_date') . "' placeholder='format: yyyy-mm-dd'></label></br>";
$html .= "<label for='namaste_csv_end_date'>" . __('Lessons end date', 'namaste-csv') . "</br><input type='text' name='namaste_csv_end_date' id='namaste_csv_end_date' value='" . get_option('namaste_csv_end_date') . "' placeholder='format: yyyy-mm-dd'></label></br>";
$html .= "<input type='submit' value='" . __('Submit', 'namaste-csv') . "'>";
$html .= "</form>";
return $html;
}
function get_athlete_data($athlete_id, $details_to_view, $split, $startdate, $enddate, $extra)
{
// Set start and end dates
$startdmy = validate_date($startdate, "eu", "eu");
$enddmy = validate_date($enddate, "eu", "eu");
// Get array of dates in this range (range array dates are in Epoch secs)
$daterange = generate_date_range($startdmy, $enddmy);
$numcols = count($details_to_view);
# Get this athlete's data from the db
$result = do_sql("SELECT * from log \n WHERE athlete_id = '{$athlete_id}' and parent_session=0 \n and start_date >= '{$startdmy}' and start_date <= '{$enddmy}'\n ORDER BY start_date, start_time, stage ");
// get first entry
$row = pg_fetch_array($result, null, PGSQL_ASSOC);
// Start date loop to print each date
foreach ($daterange as $date) {
// Check for new week (Monday)
if (preg_match("/Mon/i", date("D", $date))) {
// if it is Monday then print a weekly totals row
show_week_row($athlete_id, $date, $numcols);
}
// print the day info row
print_date_row($date);
// Check that main entry has been selected for viewing and print it
// need pg style Y-n-j date for comparison
$pgdate = date("Y-m-d", $date);
// Display the entries for the day if they exist
do {
// if the row does not match the current date then break
// from this while loop into the next date loop iteration
$start_date = $row['start_date'];
if ("{$pgdate}" == "{$start_date}") {
$session_id = $row['session_id'];
check_for_subsessions_and_print($athlete_id, $session_id, $details_to_view, $split, $row, $extra);
// Get next row data and see if it is for this date
while ($row = pg_fetch_array($result, null, PGSQL_ASSOC)) {
$start_date = $row['start_date'];
if ("{$pgdate}" == "{$start_date}") {
echo "<TR><TD class=firstcolumn> </TD>\n";
$session_id = $row['session_id'];
check_for_subsessions_and_print($athlete_id, $session_id, $details_to_view, $split, $row, $extra);
} else {
//if it's not then get the next date (hanging on to this row data)
break 2;
}
// end of while loop
}
} else {
print_blank_row($details_to_view);
break;
}
// end of do/while loop
} while ($row = pg_fetch_array($result, null, PGSQL_ASSOC));
//end of foreach date loop
}
// END OF FUNCTION
}
if ($tslice != "") {
list($y, $m, $selected) = split("-", $tslice);
$mo = "{$y}-{$m}";
} else {
if (isset($left)) {
$mo = $left;
}
if (isset($right)) {
$mo = $right;
}
}
if (!isset($mo)) {
$mo = date("Y-n");
}
// validate mo if fail, silently fallback to current date
if (validate_date($mo . "-1") == "f") {
unset($tslice);
unset($e_string);
unset($talker);
$mo = date("Y-m");
}
$get_chats = "select substring(at,1,7) as at_send, at from `logdb_stats_{$xmpp_host}` where owner_id = '{$user_id}' group by substring(at,1,7) order by str_to_date(at,'%Y-%m-%d') desc";
$ch_mo = mysql_query($get_chats);
// master div
print '<div>' . "\n";
// calendar div
if ($talker) {
$float = "left;";
} else {
$float = "none;";
}
if ($canAdd) {
// Check that user can add a contract to this property
$errors = array();
// Check if post values are set. If false, user has opened page the first time
if (isset($_POST['tenant']) || isset($_POST['tenantCnt']) || isset($_POST['startDate']) || isset($_POST['endDate']) || isset($_POST['dayOfPayment']) || isset($_POST['frequency'])) {
require $relative . 'data/php/user/validate.inc';
// Validate POST values
if (!isset($_POST['tenant']) || $_POST['tenant'] == '') {
$errors['tenant'] = 'Please select a tenant';
}
if (!is_numeric($_POST['tenantCnt'])) {
$errors['tenantCnt'] = 'Please specify a valid number of tenants';
}
validate_date($errors, $_POST['startDate'], 'startDate');
if (isset($_POST['endDate']) && $_POST['endDate'] != '') {
validate_date($errors, $_POST['endDate'], 'endDate');
}
if (!isset($_POST['dayOfPayment']) || $_POST['dayOfPayment'] == '') {
$errors['dayOfPayment'] = 'Please select a day of payment';
}
if (!isset($_POST['frequency']) || $_POST['frequency'] == '') {
$errors['frequency'] = 'Please select the frequency of rent payment';
}
if (!isset($errors['tenant']) && !isset($errors['tenantCnt']) && !isset($errors['startDate']) && !isset($errors['endDate']) && !isset($errors['dayOfPayment']) && !isset($errors['frequency'])) {
// form is valid
// Check to see if the tenant is in a contract that hasn't ended yet
$query = 'SELECT tenant FROM contract WHERE tenant = ? AND ended = 0;';
$result = select($query, array(intval($_POST['tenant'])), false);
if ($result == false) {
// Tenant can have a new contract
$tenant = intval($_POST['tenant']);
