/** * Check string and return "none" if empty * * @param type $string */ function emptyString($string) { if (strlen(cleanString($string)) == 0) { return '<span class="empty">none</span>'; } return $string; }
function getGlobals_help($getPage_connection2) { // session: admin if (isset($_SESSION["admin"])) { $_SESSION["admin"] = cleanString($_SESSION["admin"], true); } else { $_SESSION["admin"] = 0; } // else // session: nation_id if (isset($_SESSION["nation_id"])) { $_SESSION["nation_id"] = cleanString($_SESSION["nation_id"], true); } else { $_SESSION["nation_id"] = 0; } // else // session: user_id if (isset($_SESSION["user_id"])) { $_SESSION["user_id"] = cleanString($_SESSION["user_id"], true); } else { $_SESSION["user_id"] = 0; } // else // get info //$_SESSION["userInfo"] = getUserInfo($getPage_connection2,$_SESSION["user_id"]); //$_SESSION["nationInfo"] = getNationInfo($getPage_connection2,$_SESSION["nation_id"]); }
/** * Make a search from the Google Image API, * Browse the results, * Exclude "not found", "forbidden", "unavailable" status, * Return the path of the found image. * If not found, return an empty string. * If $thumb = true return the thumbnail image width, ortherwise return the full image width. * @param string $search * @param bool $thumb */ function getGoogleImg($search, $thumb = false) { // Clean search string to remove special chars, and replace spaces with + $clean_str = cleanString($search, array(), '+'); // If $thumb = true, look for the thumbnail url, otherwise look for the full image url $target = $thumb ? 'tbUrl' : 'url'; // Construct the Google Image API query $query = 'https://ajax.googleapis.com/ajax/services/search/images?v=1.0&q=' . urlencode($clean_str); // Get the result from query, returns a JSON object $json = file_get_contents($query); // Converts the JSON object in PHP array $results = json_decode($json, true); // If there are results from the query if (!empty($results["responseData"]["results"])) { // Browse each result from response and set it in $result foreach ($results["responseData"]["results"] as $result) { // Retrieve the HTTP headers $file_headers = @get_headers($result[$target]); // If HTTP headers don't contain status 403 (forbidden), 404 (not found) or 503 (unavailable) if (strpos($file_headers[0], '403') === false && strpos($file_headers[0], '404') === false && strpos($file_headers[0], '503') === false) { // Return the absolute image path (http://...) from result with $target as key return $result[$target]; } } } // No image found, return an empty string return ''; }
function findValue($delimeter, $attrib, $xml) { $val = ""; $xml = split("\n", $xml); foreach ($xml as $line) { if (strpos($line, $delimeter) !== FALSE) { $val = $line; break; } } if ($val) { $val = split('"', $val); $tmp = split(' ', $val[0]); $val[0] = trim(str_replace("<" . $delimeter, "", $val[0])); $flag = 0; foreach ($val as $x) { if ($flag) { return $x; } if (cleanString($x) == $attrib) { $flag = 1; } } } return FALSE; }
function cleanOutputForEmployee($employee) { $a = cleanString(8, $employee['Units']); $b = cleanString(45, $employee['Full Name']); $c = " {$employee['Employee Number']}"; return "{$a}|{$b}|{$c}"; }
/** * checkStandard * \brief check the passed in list against the passed in standard. * * The two lists are expected to be arrays with the following format: * * List to be check: associative array with keys: count, showLink, * testOrLink. * * Standard list: associative array, where the key is the count and the * value is the text to compare. * * @param associative array $list * @param associative array $standard * * @return empty array on success, array of errors on fail. * */ function checkStandard($list, $standard, $testName) { if (empty($list)) { return array('ERROR! empty list passed in'); } if (empty($standard)) { return array('ERROR! empty Standard list passed in'); } if (strlen($testName) == 0) { return array('ERROR! no testName supplied'); } $results = array(); foreach ($list as $uiData) { $cleanText = cleanString($uiData['textOrLink']); print "ckSTDB: cleanText is:{$cleanText}\n"; if (array_key_exists($cleanText, $standard)) { $stdCount = $standard[$cleanText]; if ($stdCount != $uiData['count']) { $results[] = "{$testName} FAILED! Should be {$stdCount} files " . "got:{$uiData['count']} for row with text:\n{$cleanText}\n"; } } else { $results[] = "{$testName} FAILED! {$cleanText} did not meet the test Standard\n"; } } //print "ckStdDB: results are:\n";print_r($results) . "\n"; return $results; }
public function __construct($first_name, $last_name, $username, $password, $db) { $this->first_name = cleanString($first_name); $this->last_name = cleanString($last_name); $this->username = cleanString($username); $this->password = cleanString($password); $this->db = $db; $this->insertUser(); }
function removeLastWord($value) { $value = cleanString($value); if (ctype_upper(substr($value, strlen($value) - 1, strlen($value)))) { $value = substr($value, 0, strlen($value) - 1); $value = cleanString($value); } return $value; }
function getGlobals_search($getPage_connection2) { // session: admin if (isset($_SESSION["admin"])) { $_SESSION["admin"] = cleanString($_SESSION["admin"], true); } else { $_SESSION["admin"] = 0; } // else // session: results output if (isset($_SESSION["results_output"])) { } else { $_SESSION["results_output"] = "Search length requirements are not met! Search must be 5-75 characters long."; } // else if (count($_POST)) { // post: search terms if (isset($_POST["search"])) { $_SESSION["search"] = cleanString($_POST["search"], false); } else { $_SESSION["search"] = ""; } // else $_SESSION["results"] = array(""); // parse results into separate strings if (stristr($_SESSION["search"], " ") === false) { $_SESSION["results"][0] = $_SESSION["search"]; } else { $_SESSION["results"] = explode(" ", $_SESSION["search"]); } // else } else { if (count($_GET)) { } } // else if // session: nation_id if (isset($_SESSION["nation_id"])) { $_SESSION["nation_id"] = cleanString($_SESSION["nation_id"], true); } else { $_SESSION["nation_id"] = 0; } // else // session: user_id if (isset($_SESSION["user_id"])) { $_SESSION["user_id"] = cleanString($_SESSION["user_id"], true); } else { $_SESSION["user_id"] = 0; } // else // get info //$_SESSION["userInfo"] = getUserInfo($getPage_connection2,$_SESSION["user_id"]); //$_SESSION["nationInfo"] = getNationInfo($getPage_connection2,$_SESSION["nation_id"]); }
public function __construct($password, $username, $db) { //echo "password: "******"<br>"; //echo "username: "******"<br>"; $this->username = cleanString($username); $password = cleanString($password); $this->password = hashPasswords($password, $this->username); //echo $this->password. "<br>"; $this->db = $db; $this->sqlSelect(); }
function getGlobals_deactivate($getPage_connection2) { // session: admin if (isset($_SESSION["admin"])) { $_SESSION["admin"] = cleanString($_SESSION["admin"], true); } else { $_SESSION["admin"] = 0; } // else if (count($_POST)) { // post: current action if (isset($_POST["action"])) { $_SESSION["action"] = cleanString($_POST["action"], true); } else { $_SESSION["action"] = ""; } // else // post: current password if (isset($_POST["current_password"])) { $_SESSION["current_password"] = cleanString($_POST["current_password"], true); } else { $_SESSION["current_password"] = ""; } // else } else { if (count($_GET)) { } } // else if // session: nation_id if (isset($_SESSION["nation_id"])) { $_SESSION["nation_id"] = cleanString($_SESSION["nation_id"], true); } else { $_SESSION["nation_id"] = 0; } // else // session: user_id if (isset($_SESSION["user_id"])) { $_SESSION["user_id"] = cleanString($_SESSION["user_id"], true); } else { $_SESSION["user_id"] = 0; } // else // get info //$_SESSION["userInfo"] = getUserInfo($getPage_connection2,$_SESSION["user_id"]); //$_SESSION["nationInfo"] = getNationInfo($getPage_connection2,$_SESSION["nation_id"]); }
function readFromFile($conn, $fname, $dryrun) { //This is my function to read from the csv file. if ($dryrun) { fwrite(STDOUT, "\n[DRYRUN: Reading from file (\"" . $fname . "\")]"); } else { fwrite(STDOUT, "\n[Reading from file (\"" . $fname . "\") and Inserting into DB]"); } $file = fopen($fname, "r"); //Open the file. $firstLine = true; //We don't need the first line (it's the headers). while (!feof($file)) { //While we are not at the end of the file... if ($firstLine) { $firstLine = false; fgetcsv($file); //Read in the first line and don't do anything with it. } else { $person = fgetcsv($file); //Read in all details. $name = cleanString($person[0]); //Clean the string. $surname = cleanString($person[1]); //Clean the string. $email = trim(strtolower($person[2])); //trim trims whitespace, strtolower puts the string to lowercase. $emailFlag = filter_var($email, FILTER_VALIDATE_EMAIL); //Use php's function for checking valid emails. if ($emailFlag) { //If it's a valid email... if (!$dryrun) { //If we are not on a dry run, we have access to the DB. insertRecord($conn, $name, $surname, $email); //Call function to insert. } else { fwrite(STDOUT, "\nPerson: " . $name . " " . $surname . " (" . $email . ")"); } } else { //If email isn't valid, tell the user. fwrite(STDOUT, "\n[ERROR]: The supplied email address, \"" . $email . "\", is invalid"); } } } fclose($file); //Close the file after we are done. }
function getGlobals_info($getPage_connection2) { // session: admin if (isset($_SESSION["admin"])) { $_SESSION["admin"] = cleanString($_SESSION["admin"], true); } else { $_SESSION["admin"] = 0; } // else if (count($_GET) > 1) { // get: info id if (isset($_GET["info_id"])) { $_SESSION["info_id"] = cleanString($_GET["info_id"], true); } else { $_SESSION["info_id"] = 0; } // else // get: section if (isset($_GET["section"])) { $_SESSION["section"] = cleanString($_GET["section"], true); } else { $_SESSION["section"] = 0; } // else } // if // session: nation_id if (isset($_SESSION["nation_id"])) { $_SESSION["nation_id"] = cleanString($_SESSION["nation_id"], true); } else { $_SESSION["nation_id"] = 0; } // else // session: user_id if (isset($_SESSION["user_id"])) { $_SESSION["user_id"] = cleanString($_SESSION["user_id"], true); } else { $_SESSION["user_id"] = 0; } // else // get info //$_SESSION["userInfo"] = getUserInfo($getPage_connection2,$_SESSION["user_id"]); //$_SESSION["nationInfo"] = getNationInfo($getPage_connection2,$_SESSION["nation_id"]); }
public function download() { $id = intval($_GET['id']); $this->loadModel('schnippet'); $schnippet = new Schnippet(); $schnippet->load($id); if ($schnippet->getMember('protected') == 'on' && (!isset($_SESSION[APP_SES . 'id']) || $_SESSION[APP_SES . 'id'] == 0)) { $_SESSION[APP_SES . 'route'] = '/application/schnippets&m=edit&id=' . $_GET['id']; gotoUrl('/?route=/users/users'); exit; } // remove all non-alphanumeric characters from title to make filename then replace whitespace with underscores $title = cleanString($schnippet->getMember('title')); // get file extension $ext = getExt($schnippet->getMember('lang')); header("Content-Type: plain/text"); header("Content-Disposition: Attachment; filename={$title}.{$ext}"); header("Pragma: no-cache"); echo $schnippet->getMember('code'); }
public function insert() { $song_data = array('song_title' => cleanString($this->input->post('song_title')), 'song_year' => cleanString($this->input->post('song_year')), 'song_price' => cleanString($this->input->post('song_price'))); /* Insert the song and retrieve the song ID */ $song_id = $this->song_model->add($song_data); $file_name = $song_data['song_title']; /* Create directory for file upload */ $path = "data/music/songs/{$song_id}"; if (!is_dir($path)) { mkdir($path, 755); // Create the song directory } /* Load the Upload class */ $this->load->library('upload'); /* Upload the song cover */ $this->upload_cover($path); /* Upload the file list */ $this->upload_songfile($file_name, $path); /* Proceed to upload songs in the editor */ header("Location: " . base_url() . "admin/singles/"); }
public function index() { /* Prevent SQL injection. */ $search = html_escape($_GET['s']); $search = cleanString(trim($search)); // Get the album search results from the database $query = $this->db->like('album_title', $search); $query = $this->db->or_like('album_year', $search); $query = $this->db->order_by('album_title ASC'); $query = $this->db->get('db_album'); $data['albumList'] = $query->result(); $data['albumCount'] = $query->num_rows(); // Get the song search results from the database (singles) $query = $this->db->like('song_title', $search); $query = $this->db->or_like('song_year', $search); $query = $this->db->order_by('song_title ASC'); $query = $this->db->get('db_song'); $data['songList'] = $query->result(); $data['songCount'] = $query->num_rows(); // Get the song search results from the database (albums) $query = $this->db->like('track_title', $search); $query = $this->db->order_by('track_title ASC'); $this->db->from('db_album_track'); $query = $this->db->get(); $data['albumSongList'] = $query->result(); $data['albumSongCount'] = $query->num_rows(); // Get the videos search results from the database $query = $this->db->like('album_title', $search); $query = $this->db->or_like('album_year', $search); $query = $this->db->get('db_album'); $data['videoList'] = $query->result(); $data['videoCount'] = $query->num_rows(); /* Load the view files */ $data['title'] = 'Resultados de la busqueda'; $this->load->view('header', $data); $this->load->view('search_results', $data); $this->load->view('footer'); }
function snapRegisterNewXmppUser($emailaddress) { global $APPCONFIG; include_once '../extensions/XMPPHP/XMPPHP_XMPP.php'; $conf = $APPCONFIG['XMPP']; $passwd = $conf['userpasswd']; $userJID = cleanString($emailaddress) . time() . '@' . $conf['server']; $conn = new XMPPHP_XMPP($conf['server'], $conf['port'], $conf['adminuser'], $conf['adminpasswd'], $conf['resource'], $conf['domain']); $conn->autoSubscribe(true); $conn->useEncryption(false); $resp = array(); try { $conn->connect(); $conn->processUntil('session_start'); $conn->registerNewUser($userJID, $emailaddress, $passwd); $conn->processUntil('done'); $conn->disconnect(); return array('xmppuserid' => $userJID, 'xmpppasswd' => $passwd); } catch (XMPPHP_Exception $e) { return 0; //die($e->getMessage()); } }
function soap_returned_msg($test_xml_string) { $test_xml_string = cleanString($test_xml_string); if (!simplexml_load_string($test_xml_string)) { echo json_encode(array("error")); } else { file_put_contents("LOG/usage_" . $_SESSION['user_email'] . ".txt", date("F j, Y, g:i a") . " " . $_SERVER['REMOTE_ADDR'] . "\r\n", FILE_APPEND | LOCK_EX); $xml = simplexml_load_string($test_xml_string); $arrayTweets = array(); foreach ($xml->children() as $tnum) { if ($tnum['tweetID'] != "") { $tweet = new Tweet(); $tweet->initializeMembers($tnum); array_push($arrayTweets, $tweet); } } echo json_encode($arrayTweets); //free variable to avoid memory leak foreach ($arrayTweets as $t) { unset($t); } unset($arrayTweets); } }
private function sqlParameter($isADD, &$data, $name, &$field, &$EnumPrunecache, $isSerialized = false, $kA = '', $wS = '') { $output = false; $encapsulation = $isSerialized ? '' : '"'; switch ($field[CONS_XML_TIPO]) { case CONS_TIPO_INT: if (isset($data[$name]) && $data[$name] !== "" && is_numeric($data[$name])) { $output = $data[$name]; } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { $output = $field[CONS_XML_DEFAULT]; } } break; case CONS_TIPO_LINK: if ($field[CONS_XML_LINKTYPE] == CONS_TIPO_INT || $field[CONS_XML_LINKTYPE] == CONS_TIPO_FLOAT) { $encapsulation = ''; } if (isset($data[$name]) && ($data[$name] !== '' && $data[$name] !== 0 || !isset($field[CONS_XML_MANDATORY]))) { # non-mandatory links accept 0 values, otherwise 0 is not acceptable if ((!$isADD && isset($field[CONS_XML_IGNORENEDIT]) || $isADD) && ($data[$name] === 0 || $data[$name] === '')) { break; } else { if (($field[CONS_XML_LINKTYPE] == CONS_TIPO_INT || $field[CONS_XML_LINKTYPE] == CONS_TIPO_FLOAT) && ($data[$name] === '' || !is_numeric($data[$name]))) { $data[$name] = 0; } else { if ($field[CONS_XML_LINKTYPE] == CONS_TIPO_VC && $data[$name] != '') { if ($field[CONS_XML_SPECIAL] == "ucase") { $data[$name] = strtoupper($data[$name]); } if ($field[CONS_XML_SPECIAL] == "lcase") { $data[$name] = strtolower($data[$name]); } } } } # if this is a parent, check if this won't create a cyclic parenting if ($data[$name] !== 0 && $data[$name] !== '' && $field[CONS_XML_MODULE] == $this->name && $this->options[CONS_MODULE_PARENT] == $name) { if (!$isADD && $data[$name] == $data[$this->keys[0]]) { $data[$name] = 0; $this->parent->errorControl->raise(128, $name, $this->name, "Parent=Self"); if (isset($field[CONS_XML_MANDATORY])) { return false; } } else { $antiCicle = $isADD ? array() : array($data[$this->keys[0]]); $idP = isset($data[$name]) ? $data[$name] : 0; if ($idP == null) { $idP = 0; } while ($idP !== 0) { $idP = $this->parent->dbo->fetch("SELECT {$name} FROM " . $this->dbname . " WHERE " . $this->keys[0] . "={$idP}"); if ($idP == NULL) { $idP = 0; } if (in_array($idP, $antiCicle)) { break; } // cicle! $antiCicle[] = $idP; } unset($antiCicle); if ($idP !== 0) { # did not reach root $this->parent->errorControl->raise(128, $name, $this->name, "Initial parent was = " . $data[$name]); $data[$name] = 0; if (isset($field[CONS_XML_MANDATORY])) { return false; } } } } $output = $encapsulation . $data[$name] . $encapsulation; } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { if ($field[CONS_XML_DEFAULT] == "%UID%" && defined("CONS_AUTH_USERMODULE") && $field[CONS_XML_MODULE] == CONS_AUTH_USERMODULE && $_SESSION[CONS_SESSION_ACCESS_LEVEL] > 0 && isset($_SESSION[CONS_SESSION_ACCESS_USER]['id'])) { $output = $encapsulation . $_SESSION[CONS_SESSION_ACCESS_USER]['id'] . $encapsulation; } else { if ($field[CONS_XML_DEFAULT] != "%UID%") { $output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation; } } } } break; case CONS_TIPO_FLOAT: if (isset($data[$name]) && $data[$name] !== "") { $data[$name] = fv($data[$name]); if (is_numeric($data[$name])) { $output = str_replace(",", ".", $data[$name]); } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { $output = $field[CONS_XML_DEFAULT]; } } } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { $output = $field[CONS_XML_DEFAULT]; } } break; case CONS_TIPO_VC: if (isset($data[$name])) { if (!isset($field[CONS_XML_SPECIAL]) || $field[CONS_XML_SPECIAL] != "urla") { if (!isset($field[CONS_XML_CUSTOM])) { $data[$name] = cleanString($data[$name], isset($field[CONS_XML_HTML]), $_SESSION[CONS_SESSION_ACCESS_LEVEL] == 100, $this->parent->dbo); } else { if (!$isSerialized) { $data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo); } } } if (isset($field[CONS_XML_SPECIAL])) { if ($field[CONS_XML_SPECIAL] == "urla") { if (!isset($data[$name]) || $data[$name] == '') { $source = isset($field[CONS_XML_SOURCE]) ? $field[CONS_XML_SOURCE] : "{" . $this->title . "}"; $tp = new CKTemplate($this->parent->template); $tp->tbreak($source); $data[$name] = $tp->techo($data); unset($tp); } $data[$name] = str_replace(">", "", str_replace("<", "", str_replace(""", "", str_replace("'", "", $data[$name])))); $data[$name] = removeSimbols($data[$name], true, false, CONS_FLATTENURL); } if ($field[CONS_XML_SPECIAL] == "login" && $data[$name] != "") { if (!preg_match('/^([A-Za-z0-9_\\-\\.@]){4,20}$/', $data[$name])) { $data[$name] = ""; $this->parent->errorControl->raise(129, $name, $this->name); break; } } if ($field[CONS_XML_SPECIAL] == "mail" && $data[$name] != "") { if (!isMail($data[$name])) { $data[$name] = ""; $this->parent->errorControl->raise(130, $name, $this->name); break; } } if ($field[CONS_XML_SPECIAL] == "ucase" && $data[$name] != "") { $data[$name] = strtoupper($data[$name]); $data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo); } if ($field[CONS_XML_SPECIAL] == "lcase" && $data[$name] != "") { $data[$name] = strtolower($data[$name]); $data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo); } if ($field[CONS_XML_SPECIAL] == "path" && $data[$name] != "") { if (!preg_match('/^([A-Za-z0-9_\\/\\-]*)$/', $data[$name])) { $data[$name] = ""; $this->parent->errorControl->raise(131, $name, $this->name); break; } } if ($field[CONS_XML_SPECIAL] == "onlinevideo" && $data[$name] != "") { if (!preg_match('/^([A-Za-z0-9_\\-]){8,20}$/', $data[$name])) { $data[$name] = ""; $this->parent->errorControl->raise(132, $name, $this->name); break; } } if ($field[CONS_XML_SPECIAL] == "time" && $data[$name] != "") { if (!preg_match('/^([0-9]){1,2}(:)([0-9]){1,2}$/', $data[$name])) { $data[$name] = ""; $this->parent->errorControl->raise(133, $name, $this->name); break; } else { $data[$name] = explode(":", $data[$name]); $data[$name][0] = (strlen($data[$name][0]) == 1 ? "0" : "") . $data[$name][0]; $data[$name][1] = (strlen($data[$name][1]) == 1 ? "0" : "") . $data[$name][1]; $data[$name] = $data[$name][0] . ":" . $data[$name][1]; } } } if (!$isADD && isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") { break; } else { if ($isADD && (!isset($data[$name]) || $data[$name] == '') && isset($field[CONS_XML_DEFAULT])) { $data[$name] = $field[CONS_XML_DEFAULT]; } } $output = $encapsulation . $data[$name] . $encapsulation; } break; case CONS_TIPO_TEXT: if (isset($data[$name])) { # WYSIWYG garbage ... if (isset($field[CONS_XML_HTML]) && !isset($field[CONS_XML_CUSTOM])) { $data[$name] = str_replace(" ", " ", trim($data[$name])); if (isset($field[CONS_XML_SIMPLEEDITFORCE]) && $data[$name] != '') { if (!defined('C_XHTML_AUTOTAB')) { include CONS_PATH_INCLUDE . "xmlHandler.php"; } $data[$name] = parseHTML($data[$name], true); if ($data[$name] === false) { $this->parent->errorControl->raise(190, $name, $this->name); $data[$name] = ''; break; } } if ($this->invalidHTML($data[$name])) { # external editors garbage that can break HTML $this->parent->errorControl->raise(135, $name, $this->name); } } if (!isset($field[CONS_XML_CUSTOM])) { $data[$name] = cleanString($data[$name], isset($field[CONS_XML_HTML]), $_SESSION[CONS_SESSION_ACCESS_LEVEL] == 100, $this->parent->dbo); } else { if (!$isSerialized) { $data[$name] = addslashes_EX($data[$name], true, $this->parent->dbo); } } if (!$isADD && isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") { break; } $output = $encapsulation . $data[$name] . $encapsulation; } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { $output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation; } } break; case CONS_TIPO_DATETIME: case CONS_TIPO_DATE: if (!isset($data[$name]) || $data[$name] == '') { if (!$isADD && isset($field[CONS_XML_UPDATESTAMP])) { $output = "NOW()"; $data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : ""); // might be used by friendly url or such break; } else { if ($isADD && (isset($field[CONS_XML_TIMESTAMP]) || isset($field[CONS_XML_UPDATESTAMP]))) { $output = "NOW()"; $data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : ""); // might be used by friendly url or such break; } } } if (!isset($data[$name]) && isset($data[$name . "_day"])) { # date came into separated fields, merge them $theDate = $this->parent->intlControl->mergeDate($data, $name . "_"); if (!$theDate == false || ($theDate == "0000-00-00" || $theDate == "0000-00-00 00:00:00") && isset($field[CONS_XML_IGNORENEDIT])) { break; } # empty date can be ignored, or corrupt date $output = $encapsulation . $theDate . $encapsulation; } else { # came in mySQL format or i18n fromat if (isset($data[$name]) && $data[$name] != "") { $data[$name] = trim($data[$name]); $theDate = $data[$name]; $theDate = $this->parent->intlControl->dateToSql($theDate, $field[CONS_XML_TIPO] == CONS_TIPO_DATETIME); // handles any format of human or sql date if ($theDate === false) { if (substr($data[$name], 0, 5) == "NOW()") { $output = $data[$name]; $data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : ""); // might be used by friendly url or such } else { $this->parent->errorControl->raise(134, $name, $this->name); } } else { $output = $encapsulation . $theDate . $encapsulation; $data[$name] = $theDate; // other fields might need it } } else { if (isset($data[$name])) { // blank if (!$isADD && isset($field[CONS_XML_IGNORENEDIT])) { break; } $output = isset($field[CONS_XML_MANDATORY]) && $field[CONS_XML_MANDATORY] ? $encapsulation . "0000-00-00" . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " 00:00:00" : "") . $encapsulation : 'NULL'; } } } break; case CONS_TIPO_ENUM: if (isset($data[$name])) { if ($data[$name] == "") { # enum does not accept empty values, this means it's a NON-MANDATORY enum comming empty = NULL $output = "NULL"; } else { $data[$name] = str_replace("\"", "", str_replace("'", "", $data[$name])); $output = $encapsulation . $data[$name] . $encapsulation; if (isset($field[CONS_XML_AUTOPRUNE])) { // possible prune //$EnumPrunecache preg_match("@ENUM \\(([^)]*)\\).*@", $field[CONS_XML_SQL], $regs); $enums = explode(",", $regs[1]); $pruneRecipient = ""; for ($ec = 0; $ec < count($enums); $ec++) { if (isset($field[CONS_XML_AUTOPRUNE][$ec]) && $field[CONS_XML_AUTOPRUNE][$ec] == '*') { $pruneRecipient = $enums[$ec]; } } for ($ec = 0; $ec < count($enums); $ec++) { if ("'" . $data[$name] . "'" == $enums[$ec]) { if (isset($field[CONS_XML_AUTOPRUNE][$ec]) && $field[CONS_XML_AUTOPRUNE][$ec] != '0' && $field[CONS_XML_AUTOPRUNE][$ec] != '*') { $EnumPrunecache[] = array($name, $field[CONS_XML_AUTOPRUNE][$ec], $pruneRecipient); } break; // for } } } } } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { $output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation; } } break; case CONS_TIPO_OPTIONS: # must come as a string of 0 and 1 if (isset($data[$name]) && strlen($data[$name]) >= count($field[CONS_XML_OPTIONS])) { # test if they are all 0 and 1! $ok = true; for ($c = 0; $c < strlen($data[$name]); $c++) { if ($data[$name][$c] != "0" && $data[$name][$c] != "1") { $ok = false; break; } } if ($ok) { $output = $encapsulation . $data[$name] . ($isADD ? '0000' : '') . $encapsulation; } } break; case CONS_TIPO_UPLOAD: if (!$isADD) { # upload on add happens AFTER the SQL include, so if it fails, we don't even bother processing upload if (isset($data[$name . "_delete"]) || isset($_FILES[$name]) && $_FILES[$name]['error'] == 0) { // delete ou update $ids = ""; foreach ($this->keys as $key) { $ids .= $data[$key] . "_"; } $ids = substr($ids, 0, strlen($ids) - 1); $this->deleteUploads($data, $name, $ids); } $upOk = $this->prepareUpload($name, $kA, $data); $upvalue = $upOk == '0' ? 'y' : 'n'; if ($upOk != 0 && $upOk != 4) { # notification for the upload (4 = nothing sent, 0 = sent and ok) $this->parent->errorControl->raise(200 + $upOk, $upOk, $this->name, $name); } if ($upOk != 4) { $output = $encapsulation . $upvalue . $encapsulation; } else { // no change, but take this oportunity and check if the file exists! $upvalue = 'n'; $path = CONS_FMANAGER . $this->name . "/"; if (is_dir($path)) { if (isset($this->fields[$name][CONS_XML_FILEPATH])) { $path .= $this->fields[$name][CONS_XML_FILEPATH]; if ($path[strlen($path) - 1] != "/") { $path .= "/"; } if (!is_dir($path)) { safe_mkdir($path); } } # prepares filename with item keys $filename = $path . $name . "_"; foreach ($this->keys as $key) { $filename .= $data[$key] . "_"; } $filename .= "1"; $upvalue = locateAnyFile($filename, $ext, isset($this->fields[$name][CONS_XML_FILETYPES]) ? $this->fields[$name][CONS_XML_FILETYPES] : '') ? 'y' : 'n'; } $output = $encapsulation . $upvalue . $encapsulation; } } break; case CONS_TIPO_ARRAY: if (isset($data[$name])) { if (is_array($data[$name])) { $output = $data[$name]; } else { # came in serialized (JSON or php) if ($data[$name][0] == '[') { # JSON $output = @json_decode($data[$name]); } else { $output = @unserialize($data[$name]); } # we will serialize the whole thing if ($output === false) { $this->parent->errorControl->raise(189, $name, $this->name); $output = ""; } } } break; case CONS_TIPO_SERIALIZED: if (isset($data[$name])) { // came raw data, we store as is, YOU should serialize raw data $data[$name] = addslashes_EX($data[$name], true); if (isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") { break; } $output = $encapsulation . $data[$name] . $encapsulation; } else { if ($this->fields[$name][CONS_XML_SERIALIZED] > 1) { // set to WRITE or ALL // note: we ADD fields, never replace, because we should allow partial edits, thus we need to read the original data first $sql = "SELECT {$name} FROM " . $this->dbname . " WHERE {$wS}"; $serialized = $this->parent->dbo->fetch($sql); if ($serialized === false) { $serialized = array(); } else { $serialized = @unserialize($serialized); } $serializedFields = 0; foreach ($this->fields[$name][CONS_XML_SERIALIZEDMODEL] as $exname => &$exfield) { if (isset($data[$name . "_" . $exname])) { $outfield = $this->sqlParameter(true, $data, $name . "_" . $exname, $exfield, $EnumPrunecache, true); if ($outfield !== false && $outfield != 'NULL') { $serialized[$exname] = $outfield; } # we don't need to store NULL like in sql } } $output = $encapsulation . addslashes_EX(serialize($serialized), true, $this->parent->dbo) . $encapsulation; } } break; } # switch return $output; }
public function update($album_id) { $album_data = array('album_id' => $album_id, 'album_price' => cleanString($this->input->post('album_price')), 'album_desc' => $this->input->post('album_desc')); $this->album_model->update($album_data); $path = "data/music/albums/{$album_id}"; /* Load the Upload class */ $this->load->library('upload'); $this->upload_cover($path); header("Location: " . base_url() . "admin/albums"); }
$post['thumb'] = $temp_file . '.png'; } else { fancyDie("Error while processing audio/video."); } } } $thumb_location = "thumb/" . $post['thumb']; list($thumb_maxwidth, $thumb_maxheight) = thumbnailDimensions($post); if (!createThumbnail($file_location, $thumb_location, $thumb_maxwidth, $thumb_maxheight)) { fancyDie("Could not create thumbnail."); } addVideoOverlay($thumb_location); $thumb_info = getimagesize($thumb_location); $post['thumb_width'] = $thumb_info[0]; $post['thumb_height'] = $thumb_info[1]; $post['file_original'] = cleanString($embed['title']); $post['file'] = str_ireplace(array('src="https://', 'src="http://'), 'src="//', $embed['html']); } else { if (isset($_FILES['file'])) { if ($_FILES['file']['name'] != "") { validateFileUpload(); if (!is_file($_FILES['file']['tmp_name']) || !is_readable($_FILES['file']['tmp_name'])) { fancyDie("File transfer failure. Please retry the submission."); } if (TINYIB_MAXKB > 0 && filesize($_FILES['file']['tmp_name']) > TINYIB_MAXKB * 1024) { fancyDie("That file is larger than " . TINYIB_MAXKBDESC . "."); } $post['file_original'] = trim(htmlentities(substr($_FILES['file']['name'], 0, 50), ENT_QUOTES)); $post['file_hex'] = md5_file($_FILES['file']['tmp_name']); $post['file_size'] = $_FILES['file']['size']; $post['file_size_formatted'] = convertBytes($post['file_size']);
function hyphenize($string) { return strtolower(preg_replace(array('#[\\s-]+#', '#[^A-Za-z0-9\\. -]+#'), array('-', ''), cleanString(urldecode($string)))); }
function getGlobals_organizations($getPage_connection2) { // session: admin if (isset($_SESSION["admin"])) { $_SESSION["admin"] = cleanString($_SESSION["admin"], true); } else { $_SESSION["admin"] = 0; } // else if (count($_POST)) { // post: current action if (isset($_POST["action"])) { $_SESSION["action"] = cleanString($_POST["action"], true); } else { $_SESSION["action"] = ""; } // else // post: organization id if (isset($_POST["org"])) { $_SESSION["org"] = cleanString($_POST["org"], true); } else { $_SESSION["org"] = ""; } // else // post: name for organization if (isset($_POST["orgname"])) { $_SESSION["name"] = cleanString($_POST["orgname"], false); } else { $_SESSION["name"] = ""; } // else // post: nation for organization if (isset($_POST["orgnation"])) { $_SESSION["nation"] = cleanString($_POST["orgnation"], false); } else { $_SESSION["nation"] = ""; } // else } else { if (count($_GET)) { } } // else if // session: nation_id if (isset($_SESSION["nation_id"])) { $_SESSION["nation_id"] = cleanString($_SESSION["nation_id"], true); } else { $_SESSION["nation_id"] = 0; } // else // session: user_id if (isset($_SESSION["user_id"])) { $_SESSION["user_id"] = cleanString($_SESSION["user_id"], true); } else { $_SESSION["user_id"] = 0; } // else // get info //$_SESSION["userInfo"] = getUserInfo($getPage_connection2,$_SESSION["user_id"]); //$_SESSION["nationInfo"] = getNationInfo($getPage_connection2,$_SESSION["nation_id"]); }
$view->clientes = Cliente::getClientes(); $view->contentTemplate = "templates/clientesGrid.php"; // seteo el template que se va a mostrar break; case 'saveClient': // limpio todos los valores antes de guardarlos // por ls dudas venga algo raro $id = intval($_POST['id']); $n_rfi = cleanString($_POST['n_rfi']); $ccosto = cleanString($_POST['ccosto']); $desc_rfi = cleanString($_POST['desc_rfi']); $obs_rfi = cleanString($_POST['obs_rfi']); $f_rfi = cleanString($_POST['f_rfi']); $user_gen = cleanString($_POST['user_gen']); $user_soli = cleanString($_POST['user_soli']); $estado = cleanString($_POST['estado']); $cliente = new Cliente($id); $cliente->setn_rfi($n_rfi); $cliente->setccosto($ccosto); $cliente->setdesc_rfi($desc_rfi); $cliente->setobs_rfi($obs_rfi); $cliente->setf_rfi($f_rfi); $cliente->setuser_gen($user_gen); $cliente->setuser_soli($user_soli); $cliente->setestado($estado); $cliente->save(); break; case 'newClient': $view->client = new Cliente(); $view->label = 'Nuevo RFI'; $view->disableLayout = true;
function getGlobals_policies($getPage_connection2) { // get session: admin if (isset($_SESSION["admin"])) { $_SESSION["admin"] = cleanString($_SESSION["admin"], true); } else { $_SESSION["admin"] = 0; } // else if (count($_POST)) { // post: current action if (isset($_POST["action"])) { $_SESSION["action"] = cleanString($_POST["action"], true); } else { $_SESSION["action"] = ""; } // else // post: formal name input for changing formal name if (isset($_POST["formalname"])) { $_SESSION["formal_name"] = cleanString($_POST["formalname"], false); } else { $_SESSION["formal_name"] = 0; } // else // post: formal name input for changing formal name if (isset($_POST["prod-percent"])) { $_SESSION["prod_percent"] = cleanString($_POST["prod-percent"], true); } else { $_SESSION["prod_percent"] = 0; } // else // post: array of production targets if (isset($_POST["prod"])) { $_SESSION["prod"] = $_POST["prod"]; } else { $_SESSION["prod"] = array(0 => 0, 1 => 0, 2 => 0, 3 => 0, 4 => 0, 5 => 0, 6 => 0, 7 => 0, 8 => 0); } // else } else { if (count($_GET)) { } } // else if // session: nation_id if (isset($_SESSION["nation_id"])) { $_SESSION["nation_id"] = cleanString($_SESSION["nation_id"], true); } else { $_SESSION["nation_id"] = 0; } // else // session: user_id if (isset($_SESSION["user_id"])) { $_SESSION["user_id"] = cleanString($_SESSION["user_id"], true); } else { $_SESSION["user_id"] = 0; } // else // get info //$_SESSION["userInfo"] = getUserInfo($getPage_connection2,$_SESSION["user_id"]); //$_SESSION["nationInfo"] = getNationInfo($getPage_connection2,$_SESSION["nation_id"]); }
* */ require_once "lib/nusoap.php"; require_once "constants.php"; require_once "FunctionCollection.php"; error_reporting(E_ERROR); session_start(); //if(!isset($_SESSION['client'])){ $_SESSION['client'] = new nusoap_client(getWsdlAddress(), true); $_SESSION['client']->soap_defencoding = 'UTF-8'; $_SESSION['client']->decode_utf8 = false; //} $mode = $_GET["mode"]; $minlat = $_GET["minlat"]; $maxlat = $_GET["maxlat"]; $minlon = $_GET["minlon"]; $maxlon = $_GET["maxlon"]; $region = $_GET["region"]; $timewindow = $_GET["timewindow"]; $resultArray = array(); if (strlen($mode) <= 0 || strlen($minlat) <= 0 || strlen($maxlat) <= 0 || strlen($minlon) <= 0 || strlen($maxlon) <= 0) { array_push($resultArray, "fail"); //file_put_contents("testfile.txt", "fail2", FILE_APPEND | LOCK_EX); //file_put_contents("testfile.txt", "\r\n", FILE_APPEND | LOCK_EX); } else { $params = array('mode' => $mode, 'minlat' => $minlat, 'maxlat' => $maxlat, 'minlon' => $minlon, 'maxlon' => $maxlon, 'region' => $region, 'timewindow' => $timewindow); $resultString = $_SESSION['client']->call("sendConfig", $params, const_namespace); $resultString = cleanString($resultString); array_push($resultArray, $resultString); } echo json_encode($resultArray);
function addUserSignup($user_id, $user_fullname, $user_email, $password, $lang, $token) { global $core; # Clean Up user_id $user_id = preg_replace("( )", "_", $user_id); $user_id = cleanString($user_id); # Check if user's information already exist in not pending users $rs1 = $core->con->select("SELECT user_id, user_fullname, user_email\n\t\tFROM " . $core->prefix . "user\n\t\tWHERE lower(user_id) = '" . strtolower($user_id) . "'\n\t\tOR lower(user_fullname) = '" . strtolower($user_fullname) . "'\n\t\tOR lower(user_email) = '" . strtolower($user_email) . "'"); if ($rs1->count() > 0) { if ($rs1->f('user_id') == $user_id) { $error[] = sprintf(T_('The user %s already exists'), $user_id); } if ($rs1->f('user_fullname') == $user_fullname) { $error[] = sprintf(T_('The user %s already exists'), $user_fullname); } if ($rs1->f('user_email') == $user_email) { $error[] = sprintf(T_('The email address %s is already in use'), $user_email); } } else { # Check if website is already in use $rs2 = $core->con->select("SELECT " . $core->prefix . "user.user_id\n\t\t\tFROM " . $core->prefix . "user, " . $core->prefix . "site\n\t\t\tWHERE " . $core->prefix . "site.user_id = " . $core->prefix . "user.user_id\n\t\t\tAND site_url = '" . $url . "'"); if ($rs2->count() > 0) { $error[] = sprintf(T_('The website %s is already assigned to the user %s'), $url, $user_id); } } # All OK if (empty($error)) { $cur = $core->con->openCursor($core->prefix . 'user'); $cur->user_id = $user_id; $cur->user_fullname = $user_fullname; $cur->user_email = $user_email; $cur->user_pwd = crypt::hmac('BP_MASTER_KEY', $password); $cur->user_token = $token; $cur->user_status = 0; $cur->user_lang = $lang; $cur->created = array(' NOW() '); $cur->modified = array(' NOW() '); $cur->insert(); } return $error; }
$nbPages = ceil($data[0] / $nbElements); for ($i = 1; $i <= $nbPages; $i++) { $pages .= '<td onclick=\'displayLogs(\\"copy_logs\\", ' . $i . ', \'\')\'><span style=\'cursor:pointer;' . ($_POST['page'] == $i ? 'font-weight:bold;font-size:18px;\'>' . $i : '\'>' . $i) . '</span></td>'; } } $pages .= '</tr></table>'; //define query limits if (isset($_POST['page']) && $_POST['page'] > 1) { $start = $nbElements * ($_POST['page'] - 1) + 1; } else { $start = 0; } //launch query $rows = DB::query("SELECT l.date as date, u.login as login, l.label as label\n FROM " . prefix_table("log_system") . " as l\n INNER JOIN " . prefix_table("users") . " as u ON (l.qui=u.id)\n WHERE %l\n ORDER BY date DESC\n LIMIT {$start}, {$nbElements}", $where); foreach ($rows as $reccord) { $label = explode('@', addslashes(cleanString($reccord['label']))); $logs .= '<tr><td>' . date($_SESSION['settings']['date_format'] . " " . $_SESSION['settings']['time_format'], $reccord['date']) . '</td><td align=\\"left\\">' . $label[0] . '</td><td align=\\"center\\">' . $reccord['login'] . '</td></tr>'; } echo '[{"tbody_logs": "' . $logs . '" , "log_pages" : "' . $pages . '"}]'; break; /** * CASE display a full listing with items EXPRIED */ /** * CASE display a full listing with items EXPRIED */ case "generate_renewal_listing": if ($_POST['period'] == "0") { $date = time(); } elseif ($_POST['period'] == "1month") { $date = mktime(date('h'), date('i'), date('s'), date('m') + 1, date('d'), date('y'));
<?php @(include 'utilities/all.php'); header("Content-Type: application/json"); checkGetParameter('item_id'); checkGetParameter('fb_id'); $item_id = cleanString(getGet('item_id')); $fb_id = cleanString(getGet('fb_id')); $sql = "UPDATE items SET item_status=2 WHERE item_id={$item_id} AND fb_id={$fb_id}"; $result = db_query($sql); $out['success'] = true; echo json_encode($out);
$_POST['pass_field_1'] = cleanString($_POST['pass_field_1'], 30); } if ($_POST['pass_field_2']) { $_POST['pass_field_2'] = cleanString($_POST['pass_field_2'], 30); } if ($_POST['email']) { $_POST['email'] = cleanString($_POST['email'], 140); } if ($_POST['passcurr']) { $_POST['passcurr'] = cleanString($_POST['passcurr'], 40); } if ($_POST['pass1']) { $_POST['pass1'] = cleanString($_POST['pass1'], 40); } if ($_POST['pass2']) { $_POST['pass2'] = cleanString($_POST['pass2'], 40); } if ($_POST['salt']) { $_POST['salt'] = ''; } if ($_POST['key']) { $_POST['key'] = ''; } // check for errors $alertArr = array(); if (!$_POST['pass_field_curr']) { $alertArr[] = $ALERT['PASS_CURR_NO']; } // Recheck password of registered users if (confirmUser($_SESSION['username'], $_POST['passcurr']) != 0) { $alertArr[] = $ALERT['PASS_CURR_WRONG'];