function clean_user($user) { if ($user->name != strip_tags($user->name)) { $x = strip_tags($user->name); echo "ID: {$user->id}\r\nname: {$user->name}\r\nstripped name: {$x}\r\nemail: {$user->email_addr}\r\n-----\r\n"; $x = boinc_real_escape_string($x); $x = trim($x); $query = "update user set name='{$x}' where id={$user->id}"; $retval = mysql_query($query); echo $query; } }
// // BOINC is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // See the GNU Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public License // along with BOINC. If not, see <http://www.gnu.org/licenses/>. // Redirect user to PayPal system require_once "../inc/util.inc"; db_init(); $logged_in_user = get_logged_in_user(false); $amount = post_str("inV"); $item_id = post_int("item_id", true); if ($item_id == null) { $item_id = 1; } $currency = post_str("currency"); if (post_int("anonymous", true) == 1 || $logged_in_user == null) { $userid = 0; } else { $userid = $logged_in_user->id; } $order_time = time(); // Write user id to paypal table, so the return script knows it's expecting this payment mysql_query("INSERT INTO donation_paypal SET order_time = '" . $order_time . "', userid = '{$userid}', item_number=" . $item_id . ", order_amount = '" . boinc_real_escape_string($amount) . "'"); $payment_id = mysql_insert_id(); $URL = "www.paypal.com/cgi-bin/webscr"; $fields = "cmd=_xclick&lc=US&business=" . PAYPAL_ADDRESS . "&quantity=1&item_name=Donation&item_number=" . $payment_id . "_" . $order_time . "&amount=" . $amount . "&no_shipping=1&return=" . URL_BASE . "donated.php?st=Completed&rm=2&cancel_return=" . URL_BASE . "/donated.php&no_note=1¤cy_code=" . $currency . "&bn=PP-BuyNowBF"; header("Location: https://{$URL}?{$fields}"); exit;
function name_search($filter) { $count = 100; $search_string = get_str('search_string'); if (strlen($search_string) < 3) { error_page("search string must be at least 3 characters"); } $s = boinc_real_escape_string($search_string); $s = escape_pattern($s); $fields = "id, create_time, name, country, total_credit, expavg_credit, teamid, url, has_profile, donated"; $users = BoincUser::enum_fields($fields, "name like '{$s}%'", "limit {$count}"); $n = 0; foreach ($users as $user) { if (!filter_user($user, $filter)) { continue; } if ($n == 0) { echo "<h3>User names starting with '" . htmlspecialchars($search_string) . "'</h3>\n"; start_table(); table_header("Name", "Team", "Average credit", "Total credit", "Country", "Joined"); } show_user($user); $n++; } end_table(); if (!$n) { echo "No users matching your search criteria."; } }
xml_error($retval); } } if ($team_id) { $team = lookup_team($team_id); if ($team) { show_team_xml($team); } else { xml_error(-136); } exit; } $team_name = get_str("team_name"); $name_lc = strtolower($team_name); $name_lc = escape_pattern($name_lc); $clause = "name like '%" . boinc_real_escape_string($name_lc) . "%' order by expavg_credit desc limit 100"; $teams = BoincTeam::enum($clause); if ($format == 'xml') { echo "<teams>\n"; $total = 0; foreach ($teams as $team) { show_team_xml($team); $total++; if ($total == 100) { break; } } echo "</teams>\n"; exit; } page_head("Search Results");
// See the GNU Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public License // along with BOINC. If not, see <http://www.gnu.org/licenses/>. // // This file was modified by contributors of "BOINC Web Tweak" project. require_once "../inc/boinc_db.inc"; require_once "../inc/util.inc"; function show_profile_link2($profile, $n) { $user = lookup_user_id($profile->userid); echo "<tr>\r\n\t\t<td>" . user_links($user) . "</td>\r\n\t\t<td>" . date_str($user->create_time) . "</td>\r\n\t\t<td>{$user->country}</td>\r\n\t\t<td>" . (int) $user->total_credit . "</td>\r\n\t\t<td>" . (int) $user->expavg_credit . "</td>\r\n\t\t</tr>\n"; } $search_string = get_str('search_string'); $search_string = strip_tags($search_string); $search_string = boinc_real_escape_string($search_string); $offset = get_int('offset', true); if (!$offset) { $offset = 0; } $count = 10; page_head("Profiles containing '{$search_string}'"); $profiles = BoincProfile::enum("match(response1, response2) against ('{$search_string}') limit {$offset},{$count}"); start_table(); echo "\r\n\t<tr><th>User name</th>\r\n\t<th>Joined project</th>\r\n\t<th>Country</th>\r\n\t<th>Total credit</th>\r\n\t<th>Recent credit</th></tr>\r\n"; $n = 0; foreach ($profiles as $profile) { show_profile_link2($profile, $n + $offset + 1); $n += 1; } end_table();
function process_create_profile($user, $profile) { global $config; $response1 = post_str('response1', true); $response2 = post_str('response2', true); $language = post_str('language'); $privatekey = parse_config($config, "<recaptcha_private_key>"); if ($privatekey) { $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { $profile->response1 = $response1; $profile->response2 = $response2; show_profile_form($profile, tra("Your ReCaptcha response was not correct. Please try again.")); return; } } if (!akismet_check($user, $response1)) { $profile->response1 = $response1; $profile->response2 = $response2; show_profile_form($profile, tra("Your first response was flagged as spam by the Akismet anti-spam system. Please modify your text and try again.")); return; } if (!akismet_check($user, $response2)) { $profile->response1 = $response1; $profile->response2 = $response2; show_profile_form($profile, tra("Your second response was flagged as spam by the Akismet anti-spam system. Please modify your text and try again.")); return; } if (isset($_POST['delete_pic'])) { $delete_pic = $_POST['delete_pic']; } else { $delete_pic = "off"; } if (strlen($response1) == 0 && strlen($response2) == 0 && $delete_pic != "on" && !is_uploaded_file($_FILES['picture']['tmp_name'])) { error_page(tra("Your profile submission was empty.")); exit; } if ($delete_pic == "on") { delete_user_pictures($profile->userid); $profile->has_picture = false; $profile->verification = 0; } $profile ? $hasPicture = $profile->has_picture : ($hasPicture = false); if (is_uploaded_file($_FILES['picture']['tmp_name'])) { $hasPicture = true; if ($profile) { $profile->verification = 0; } // echo "<br>Name: " . $_FILES['picture']['name']; // echo "<br>Type: " . $_FILES['picture']['type']; // echo "<br>Size: " . $_FILES['picture']['size']; // echo "<br>Temp name: " . $_FILES['picture']['tmp_name']; $images = getImages($_FILES['picture']['tmp_name']); // Write the original image file to disk. // TODO: define a constant for image quality. ImageJPEG($images[0], IMAGE_PATH . $user->id . '.jpg'); ImageJPEG($images[1], IMAGE_PATH . $user->id . '_sm.jpg'); } $response1 = sanitize_html($response1); $response2 = sanitize_html($response2); if ($profile) { $query = " response1 = '" . boinc_real_escape_string($response1) . "'," . " response2 = '" . boinc_real_escape_string($response2) . "'," . " language = '" . boinc_real_escape_string($language) . "'," . " has_picture = '{$hasPicture}'," . " verification = '{$profile->verification}'" . " WHERE userid = '{$user->id}'"; $result = BoincProfile::update_aux($query); if (!$result) { error_page(tra("Could not update the profile: database error")); } } else { $query = 'SET ' . " userid = '{$user->id}'," . " language = '" . boinc_real_escape_string($language) . "'," . " response1 = '" . boinc_real_escape_string($response1) . "'," . " response2 = '" . boinc_real_escape_string($response2) . "'," . " has_picture = '{$hasPicture}'," . " verification=0"; $result = BoincProfile::insert($query); if (!$result) { error_page(tra("Could not create the profile: database error")); } $user->update("has_profile=1"); } page_head(tra("Profile saved")); echo tra("Congratulations! Your profile was successfully entered into our database.") . "<br><br>" . tra("%1View your profile%2", "<a href=\"view_profile.php?userid=" . $user->id . "\">", "</a><br>"); page_tail(); }