$last_post_time = $row['last_post_time']; } $db->sql_freeresult($result); } if ($last_post_time && $current_time - $last_post_time < intval($config['flood_interval'])) { $error[] = $user->lang['FLOOD_ERROR']; } } // Validate username if ($post_data['username'] && !$user->data['is_registered'] || $mode == 'edit' && $post_data['poster_id'] == ANONYMOUS && $post_data['username'] && $post_data['post_username'] && $post_data['post_username'] != $post_data['username']) { include $phpbb_root_path . 'includes/functions_user.' . $phpEx; $user->add_lang('ucp'); if (($result = validate_username($post_data['username'], !empty($post_data['post_username']) ? $post_data['post_username'] : '')) !== false) { $error[] = $user->lang[$result . '_USERNAME']; } if (($result = validate_string($post_data['username'], false, $config['min_name_chars'], $config['max_name_chars'])) !== false) { $min_max_amount = $result == 'TOO_SHORT' ? $config['min_name_chars'] : $config['max_name_chars']; $error[] = sprintf($user->lang['FIELD_' . $result], $user->lang['USERNAME'], $min_max_amount); } } if ($config['enable_post_confirm'] && !$user->data['is_registered'] && in_array($mode, array('quote', 'post', 'reply'))) { $captcha_data = array('message' => utf8_normalize_nfc(request_var('message', '', true)), 'subject' => utf8_normalize_nfc(request_var('subject', '', true)), 'username' => utf8_normalize_nfc(request_var('username', '', true))); $vc_response = $captcha->validate($captcha_data); if ($vc_response) { $error[] = $vc_response; } } // check form if (($submit || $preview) && !check_form_key('posting')) { $error[] = $user->lang['FORM_INVALID']; }
private function validate_username($username) { $error = array(); if (!function_exists('validate_string')) { include $this->root_path . 'includes/functions_user.' . $this->php_ext; } if (($result = validate_username($username)) !== false) { $error[] = $this->user->lang[$result . '_USERNAME']; } if (($result = validate_string($username, false, $this->config['min_name_chars'], $this->config['max_name_chars'])) !== false) { $min_max_amount = $result == 'TOO_SHORT' ? $this->config['min_name_chars'] : $this->config['max_name_chars']; $error[] = $this->user->lang('FIELD_' . $result, $min_max_amount, $this->user->lang['USERNAME']); } return $error; }
<?php require "ajax-shared-functions.php"; if (!isset($_GET["searchQuery"])) { $do_query = 0; } else { $SearchQuery = validate_string($_GET["searchQuery"]); if (strlen($SearchQuery) >= $config["min_items_search"]) { $do_query = 1; } else { $do_query = 0; } } if ($do_query) { switchConnection("armory", REALM_NAME); $doquery_pls_gm = execute_query("SELECT * FROM `cache_item_search` WHERE `item_name` LIKE '%" . change_whitespace($SearchQuery) . "%' AND `mangosdbkey` = " . $realms[REALM_NAME][2]); $TotalCachedItems = mysql_num_rows($doquery_pls_gm); $item_search_cache = array(); while ($result_pls_gm = mysql_fetch_assoc($doquery_pls_gm)) { $item_search_cache[$result_pls_gm["item_id"]] = $result_pls_gm; $Items[] = array($result_pls_gm["item_id"], $result_pls_gm["item_name"], $result_pls_gm["item_level"], $result_pls_gm["item_source"], $result_pls_gm["item_relevance"]); } switchConnection("mangos", REALM_NAME); if ($config["locales"]) { $ItemsQuery = execute_query("SELECT `entry` FROM `locales_item` WHERE `name_loc" . $config["locales"] . "` LIKE '%" . change_whitespace($SearchQuery) . "%'"); } else { $ItemsQuery = execute_query("SELECT `entry` FROM `item_template` WHERE `name` LIKE '%" . change_whitespace($SearchQuery) . "%'"); } $TotalItems = mysql_num_rows($ItemsQuery); if ($TotalItems > $TotalCachedItems) { while ($ItemInfo = mysql_fetch_assoc($ItemsQuery)) {
if ($_POST['secure_input'] != $_SESSION['secure_token']) { throw new Exception("Wrong secured token"); } if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['password2'])) { throw new Exception("Missing information"); } $username = $_POST['username']; $password = $_POST['password']; $password2 = $_POST['password2']; if (strlen($username) < 4) { throw new Exception("Username is to short, minimum 4 characters"); } if (strlen($password) < 6) { throw new Exception("Password is to short, minimum 6 characters"); } if (!validate_string($username)) { throw new Exception("Invalid characters in the username"); } if ($password != $password2) { throw new Exception("Passwords did not match"); } $db = new DB("users"); $db->select("user_name = '" . $username . "'"); if ($db->numRows()) { throw new Exception("Username does already exist"); } $passkey = md5(uniqid(true)); $password_secret = generatePassword(12); $password_hash = md5($password_secret . $password . $password_secret); $db = new DB("users"); $db->setColPrefix("user_");
function validate_string_or_error($string, $valid_chars) { $invalid_chars = validate_string($string, $valid_chars, true); if ($invalid_chars == true) { return $string; } header('Content-type: text/html'); print "ERROR: Invalid chars in \"{$string}\": \"{$invalid_chars}\""; return ''; }
$first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $address1 = $_POST['address1']; $address2 = $_POST['address2']; $city = $_POST['city']; $state = $_POST['state']; $zip = $_POST['zip']; $country = $_POST['country']; // Validate POST data $b_is_first_name_valid = validate_string($first_name); $b_is_last_name_valid = validate_string($last_name); $b_is_address_valid = validate_address($address1, $address2); $b_is_city_valid = validate_city($city); $b_is_state_valid = validate_string($state); $b_is_zip_valid = validate_zip($zip); $b_is_country_valid = validate_string($country); // Verify required fields have been populated with valid input. if ($b_is_first_name_valid == true && $b_is_last_name_valid == true && $b_is_address_valid == true && $b_is_city_valid == true && $b_is_state_valid == true && $b_is_zip_valid == true && $b_is_country_valid == true) { // Create array of data to submit. $data = array('first_name' => $first_name, 'last_name' => $last_name, 'address1' => $address1, 'address2' => $address2, 'city' => $city, 'state' => $state, 'zip' => $zip, 'country' => $country); // Submit data to database. $b_rc = submit_to_database($data); if ($b_rc == true) { // Print html and body tags. echo "<html>\n"; echo "<body>\n"; // Show registration confirmation message. echo "Thanks for registering!<br>\n"; // Close body and html tags. echo "</body>\n"; echo "</html>\n";
<?php if (!defined("Armory")) { header("Location: ../error.php"); exit; } $error = ""; if (!isset($_GET["character"])) { $error = "If you are seeing this error message, you must have followed a bad link to this page."; } else { if (!($request = validate_string($_GET["character"]))) { $error = "You have entered " . $_GET["character"] . " which is invalid character name."; } else { switchConnection("characters", REALM_NAME); $StatQuery = execute_query("SELECT `guid`, `data`, `name`, `race`, `class` FROM `characters` WHERE `name` = '" . $request . "'" . exclude_GMs() . " LIMIT 1"); if (!($data = mysql_fetch_assoc($StatQuery))) { $error = "Character " . $request . " does not exist on realm " . REALM_NAME; } } } if ($error) { ?> <div class="parchment-top"> <div class="parchment-content"> <?php showerror("character", $error); } else { require "configuration/statisticshandler.php"; $stat = assign_stats($data); switchConnection("characters", REALM_NAME); $guildid = mysql_fetch_assoc(execute_query("SELECT `guildid` FROM `guild_member` WHERE `guid` = " . $stat["guid"] . " LIMIT 1"));