$last_post_time = $row['last_post_time'];
}
$db->sql_freeresult($result);
}
if ($last_post_time && $current_time - $last_post_time < intval($config['flood_interval'])) {
$error[] = $user->lang['FLOOD_ERROR'];
}
}
// Validate username
if ($post_data['username'] && !$user->data['is_registered'] || $mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username']) {
include $phpbb_root_path . 'includes/functions_user.' . $phpEx;
$user->add_lang('ucp');
if (($result = validate_username($post_data['username'], !empty($post_data['post_username']) ? $post_data['post_username'] : '')) !== false) {
$error[] = $user->lang[$result . '_USERNAME'];
}
if (($result = validate_string($post_data['username'], false, $config['min_name_chars'], $config['max_name_chars'])) !== false) {
$min_max_amount = $result == 'TOO_SHORT' ? $config['min_name_chars'] : $config['max_name_chars'];
$error[] = sprintf($user->lang['FIELD_' . $result], $user->lang['USERNAME'], $min_max_amount);
}
}
if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply'))) {
$captcha_data = array('message' => utf8_normalize_nfc(request_var('message', '', true)), 'subject' => utf8_normalize_nfc(request_var('subject', '', true)), 'username' => utf8_normalize_nfc(request_var('username', '', true)));
$vc_response = $captcha->validate($captcha_data);
if ($vc_response) {
$error[] = $vc_response;
}
}
// check form
if (($submit || $preview) && !check_form_key('posting')) {
$error[] = $user->lang['FORM_INVALID'];
}
private function validate_username($username)
{
$error = array();
if (!function_exists('validate_string')) {
include $this->root_path . 'includes/functions_user.' . $this->php_ext;
}
if (($result = validate_username($username)) !== false) {
$error[] = $this->user->lang[$result . '_USERNAME'];
}
if (($result = validate_string($username, false, $this->config['min_name_chars'], $this->config['max_name_chars'])) !== false) {
$min_max_amount = $result == 'TOO_SHORT' ? $this->config['min_name_chars'] : $this->config['max_name_chars'];
$error[] = $this->user->lang('FIELD_' . $result, $min_max_amount, $this->user->lang['USERNAME']);
}
return $error;
}
<?php
require "ajax-shared-functions.php";
if (!isset($_GET["searchQuery"])) {
$do_query = 0;
} else {
$SearchQuery = validate_string($_GET["searchQuery"]);
if (strlen($SearchQuery) >= $config["min_items_search"]) {
$do_query = 1;
} else {
$do_query = 0;
}
}
if ($do_query) {
switchConnection("armory", REALM_NAME);
$doquery_pls_gm = execute_query("SELECT * FROM `cache_item_search` WHERE `item_name` LIKE '%" . change_whitespace($SearchQuery) . "%' AND `mangosdbkey` = " . $realms[REALM_NAME][2]);
$TotalCachedItems = mysql_num_rows($doquery_pls_gm);
$item_search_cache = array();
while ($result_pls_gm = mysql_fetch_assoc($doquery_pls_gm)) {
$item_search_cache[$result_pls_gm["item_id"]] = $result_pls_gm;
$Items[] = array($result_pls_gm["item_id"], $result_pls_gm["item_name"], $result_pls_gm["item_level"], $result_pls_gm["item_source"], $result_pls_gm["item_relevance"]);
}
switchConnection("mangos", REALM_NAME);
if ($config["locales"]) {
$ItemsQuery = execute_query("SELECT `entry` FROM `locales_item` WHERE `name_loc" . $config["locales"] . "` LIKE '%" . change_whitespace($SearchQuery) . "%'");
} else {
$ItemsQuery = execute_query("SELECT `entry` FROM `item_template` WHERE `name` LIKE '%" . change_whitespace($SearchQuery) . "%'");
}
$TotalItems = mysql_num_rows($ItemsQuery);
if ($TotalItems > $TotalCachedItems) {
while ($ItemInfo = mysql_fetch_assoc($ItemsQuery)) {
if ($_POST['secure_input'] != $_SESSION['secure_token']) {
throw new Exception("Wrong secured token");
}
if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['password2'])) {
throw new Exception("Missing information");
}
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
if (strlen($username) < 4) {
throw new Exception("Username is to short, minimum 4 characters");
}
if (strlen($password) < 6) {
throw new Exception("Password is to short, minimum 6 characters");
}
if (!validate_string($username)) {
throw new Exception("Invalid characters in the username");
}
if ($password != $password2) {
throw new Exception("Passwords did not match");
}
$db = new DB("users");
$db->select("user_name = '" . $username . "'");
if ($db->numRows()) {
throw new Exception("Username does already exist");
}
$passkey = md5(uniqid(true));
$password_secret = generatePassword(12);
$password_hash = md5($password_secret . $password . $password_secret);
$db = new DB("users");
$db->setColPrefix("user_");
function validate_string_or_error($string, $valid_chars)
{
$invalid_chars = validate_string($string, $valid_chars, true);
if ($invalid_chars == true) {
return $string;
}
header('Content-type: text/html');
print "ERROR: Invalid chars in \"{$string}\": \"{$invalid_chars}\"";
return '';
}
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$country = $_POST['country'];
// Validate POST data
$b_is_first_name_valid = validate_string($first_name);
$b_is_last_name_valid = validate_string($last_name);
$b_is_address_valid = validate_address($address1, $address2);
$b_is_city_valid = validate_city($city);
$b_is_state_valid = validate_string($state);
$b_is_zip_valid = validate_zip($zip);
$b_is_country_valid = validate_string($country);
// Verify required fields have been populated with valid input.
if ($b_is_first_name_valid == true && $b_is_last_name_valid == true && $b_is_address_valid == true && $b_is_city_valid == true && $b_is_state_valid == true && $b_is_zip_valid == true && $b_is_country_valid == true) {
// Create array of data to submit.
$data = array('first_name' => $first_name, 'last_name' => $last_name, 'address1' => $address1, 'address2' => $address2, 'city' => $city, 'state' => $state, 'zip' => $zip, 'country' => $country);
// Submit data to database.
$b_rc = submit_to_database($data);
if ($b_rc == true) {
// Print html and body tags.
echo "<html>\n";
echo "<body>\n";
// Show registration confirmation message.
echo "Thanks for registering!<br>\n";
// Close body and html tags.
echo "</body>\n";
echo "</html>\n";
<?php
if (!defined("Armory")) {
header("Location: ../error.php");
exit;
}
$error = "";
if (!isset($_GET["character"])) {
$error = "If you are seeing this error message, you must have followed a bad link to this page.";
} else {
if (!($request = validate_string($_GET["character"]))) {
$error = "You have entered " . $_GET["character"] . " which is invalid character name.";
} else {
switchConnection("characters", REALM_NAME);
$StatQuery = execute_query("SELECT `guid`, `data`, `name`, `race`, `class` FROM `characters` WHERE `name` = '" . $request . "'" . exclude_GMs() . " LIMIT 1");
if (!($data = mysql_fetch_assoc($StatQuery))) {
$error = "Character " . $request . " does not exist on realm " . REALM_NAME;
}
}
}
if ($error) {
?>
<div class="parchment-top">
<div class="parchment-content">
<?php
showerror("character", $error);
} else {
require "configuration/statisticshandler.php";
$stat = assign_stats($data);
switchConnection("characters", REALM_NAME);
$guildid = mysql_fetch_assoc(execute_query("SELECT `guildid` FROM `guild_member` WHERE `guid` = " . $stat["guid"] . " LIMIT 1"));
