public function paging($start, $end, $max, $where = array(), $options = null) { $page = isset($start) ? (int) Input::escape($start) : 1; $perPage = isset($end) && Input::escape($end) <= $max ? (int) Input::escape($end) : 5; $pages = $page > 1 ? $page * $perPage - $perPage : 0; $this->_total = ceil($this->count()[0]->Total / $perPage); $this->_database->select(array($this->_rows), $this->_table, $where, array('LIMIT' => "{$pages},{$perPage}")); return $this->_database->results(); }
public function setInput() { $input = Input::escape(Input::get($this->key)); if (!empty($input)) { try { $this->isSet = true; if ($this->isDate) { $input = Input::getdate($this->key); $input = $input->format('Y-m-d'); } else { if ($this->isNumber) { $input = Input::escape(Input::getnumber($this->key)); } else { $input = Input::escape(Input::getWordName($this->key)); } } } catch (InvalidArgumentException $e) { $this->isSet = false; $this->exMessage = $e->getMessage(); var_dump('invalarg'); } catch (OutOfRangeException $e) { $this->isSet = false; $this->exMessage = $e->getMessage(); var_dump('outorange'); } catch (DomainException $e) { $this->isSet = false; $this->exMessage = $e->getMessage(); var_dump('domainex'); } catch (LengthException $e) { $this->isSet = false; $this->exMessage = $e->getMessage(); var_dump('length'); } catch (RangeException $e) { $this->isSet = false; $this->exMessage = $e->getMessage(); var_dump('range'); } catch (Exception $e) { $this->isSet = false; $this->exMessage = $e->getMessage(); var_dump('exp'); } } return $input; }
function pageController() { session_start(); $username = Input::has('username') ? Input::get('username') : ""; $password = Input::has('password') ? Input::get('password') : ""; $username = Input::escape($username); $password = Input::escape($password); if (Auth::attempt($username, $password)) { header('Location: authorized.php'); die; } // $attemptedUsername = isset($_POST['username']) ? $_POST['username'] : ''; // $attemptedPassword = isset($_POST['password']) ? $_POST['password'] : ''; // if($attemptedUsername == $username && $attemptedPassword == $password) { // $_SESSION['logged_in_user'] = $username; // header('Location: authorized.php'); // die(); // } elseif($attemptedPassword != '' || $attemptedUsername != '') { // echo "The username or password is incorrect"; // } return ['username' => $username, 'password' => $password]; }
// continue only if there aren't any errors if ($errorHandler->hasErrors() === false) { $phpmailer = new PHPMailer(); $mailer = new Mail($errorHandler, $phpmailer); /*=========================================================== = Composing email with customer order = ===========================================================*/ $recipient = Config::get('mail/receive_orders_to'); $subject = 'Заказ'; $body = 'Адрес: <b>' . Input::escape(Input::get('address')) . '</b><br>'; $body .= 'Ф.И.О.: <b>' . Input::escape(Input::get('customer_name')) . '</b><br>'; if (empty(Input::get('quantity')) === false) { $body .= 'Количество экземпляров: <b>' . Input::get('quantity') . '</b><br>'; } if (empty(Input::get('info')) === false) { $body .= 'Дополнительная информация: <b>' . Input::escape(Input::get('info')) . '</b><br>'; } /** * compose a section of email conserning book info * (desired fields can be configured by website administrator through config.ini) **/ $desiredMailData = Config::csvToArray(Config::get('mail/product_info')); $mailData = ''; foreach ($desiredMailData as $field) { $mailData .= $field . ': <b>' . $book->{$field} . '</b><br>'; } $body .= '<br>Информация о товаре:<br> ' . $mailData; // send it $mailer->mail($recipient, $subject, $body); if ($errorHandler->hasErrors() === true) { Session::flash('home', 'Произошла ошибка при попытке отправить письмо с информацией о заказе.');
<title>Login</title> </head> <body> Session Id: <?php echo $sessionId; ?> <br> View Count: <?php echo $viewCount; ?> <form method="POST"> <label>Name</label> <input value ="<?php echo Input::escape($name); ?> "type="text" name="name"><br> <label>Password</label> <input value ="<?php echo Input::escape($password); ?> "type="password" name="password"><br> <input type="submit"> <input type="hidden" name="reset" value="reset"> </form> <script language="javascript"> <?php echo $javascript; ?> </script> </body> </html>
require_once '../Input.php'; require_once '../Auth.php'; session_start(); if (!Auth::check()) { header("Location: login.php"); die; } $username = ucfirst(Auth::user()); ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="description" content="Assignment 7.1.4. POST Requests"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Authorized</title> <link rel="shortcut icon" href="/img/php.png"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css"> <link rel="stylesheet" href="/css/form-example.css"> </head> <body> <h2>Congratulations, You're Authorized!!!</h2> <h2><?php echo 'Hello, ' . Input::escape($username); ?> </h2> <a class="btn btn-primary" href="/logout.php">Logout</a> </body> </html>
die; } ?> <!DOCTYPE html> <html> <head> <title>LOGIN</title> <link rel= "stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css"> <link rel= "stylesheet" href="/logincss.css"> </head> <body> <h2>PLEASE LOGIN</h2> <div id = "container"> <form method="POST"> <label>UserName:</label> <input value="<?php echo Input::escape($userName); ?> " type="text" name="userName"><br> <label>Password:</label> <input type="password" name="password"><br> <input type="submit"> </form> <h2><?php echo $login; ?> <h2> </div> </body> </html>
public function __set($name, $value) { $value = Input::escape($value); $this->attributes[$name] = $value; }
?> </td> <td><?php echo Input::escape($park['location']); ?> </td> <td><?php echo Input::escape($park['date_established']); ?> </td> <td><?php echo Input::escape($park['area_in_acres']); ?> </td> <td><?php echo Input::escape($park['description']); ?> </td> <td> <form role="form" method="POST"> <button type="submit" class="btn btn-info btn-xs" value="<?php echo $park['id']; ?> " name="id">Delete</button> </form> </td> </tr> </tbody> <?php } ?>
<div class="parks-container"> <h1>US National Parks</h1> <div class="flex-container"> <?php foreach ($parks as $park) { ?> <div class="each-park"> <h3><a href="http://www.google.com/#safe=on&q=<?php echo $park['park_name']; ?> +national+park" target="_blank"><?php echo $park['park_name']; ?> </a>,<br><?php echo Input::escape($park['park_loc']); ?> </h3> <ul class="park-info"> <li><span>Established:</span> <?php echo $park['date_est']; ?> </li> <li><span>Area:</span> <?php echo $park['area_in_acres']; ?> acres</li> <li><button type="button" class="btn btn-primary open-desc-modal" data-toggle="modal" data-target="#desc-modal" data-description="<?php echo $park['about_park']; ?> ">Description</button></li>
private function _parseOperators($value, $escape = true) { $operator = '` ='; if (strpos($value, '>') !== false or strpos($value, '<') !== false) { if (substr($value, 1, 1) == '=' or substr($value, 0, 2) == '<>') { $operator = '` ' . substr($value, 0, 2); $value = substr($value, 2, strlen($value)); } else { $operator = '` ' . substr($value, 0, 1); $value = substr($value, 1, strlen($value)); } } elseif (strpos($value, '!=') !== false) { $operator = '` ' . substr($value, 0, 2); $value = substr($value, 2, strlen($value)); } $value = is_numeric($value) ? $value : '\'' . ($escape ? Input::escape($value) : $value) . '\''; return array('operator' => $operator, 'value' => $value); }
</li> <li>Location: <?php echo Input::escape($nationalPark['location']); ?> </li> <li>Date-Established: <?php echo Input::escape($nationalPark['date_established']); ?> </li> <li>Area in Acres: <?php echo Input::escape($nationalPark['area_in_acres']); ?> </li> </ul> <p class="description col-md-12">Description: <?php echo Input::escape($nationalPark['description']); ?> </p> </div> <?php } ?> </div> </div> <!-- .nationalParksLoop --> <?php foreach ($errors as $error) { ?> <p><?php echo $error; ?>
if (Token::check(Input::get('token'))) { if (Input::found('book_edit')) { $sql = 'SELECT id FROM book WHERE title = ?;'; $id = Database::getInstance()->query($sql, [Input::get('book_edit')])->first()->id; if (isset($id) == false) { $input = Input::escape(Input::get('book_edit')); Session::flash('home', 'Книги под названием "' . $input . '" не существует'); Redirect::to(); } Redirect::to('editbook.php?id=' . $id); } if (Input::found('author_edit')) { $sql = 'SELECT id FROM author WHERE name = ?;'; $id = Database::getInstance()->query($sql, [Input::get('author_edit')])->first()->id; if (isset($id) == false) { $input = Input::escape(Input::get('author_edit')); Session::flash('home', 'Автора под именем "' . $input . '" не существует'); Redirect::to(); } Redirect::to('editauthor.php?id=' . $id); } } } // there would be 2 forms on this page so we need to generate anti-csrf token beforehand $token = Token::generate(); ?> <div class="wrapper"> <div class="manage"> <a href="addbook.php"> <div class="option"> <p>Добавить новую книгу в каталог</p>
<meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="description" content="Assignment 7.1.4. POST Requests"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Login</title> <link rel="shortcut icon" href="/img/php.png"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css"> <link rel="stylesheet" href="/css/form-example.css"> </head> <body> <form method="POST" role="form"> <h4><?php echo $loginError; ?> </h4> <div class="form-group"> <label for="username">Username</label> <input type="text" class="form-control" name="username"> </div> <div class="form-group"> <label for="password">Password</label> <input type="password" class="form-control" name="password"> </div> <h5><?php echo $info . ' ' . Input::escape($username); ?> </h5> <button class="btn btn-primary">Submit</button> </form> </body> </html>