function server_module_info($arg)
{
$sitePass = $arg;
global $CONF_SitePassword;
global $CONF_version, $CONF_releaseDate, $opMode, $CONF_isMasterServer, $CONF_admin_email;
if (!securityCheck($sitePass)) {
return new IXR_Error(4000, 'Access Denied');
}
return array($CONF_version, $CONF_releaseDate, $opMode, $CONF_isMasterServer, $CONF_admin_email);
}
function fixUmlautEntry($string)
{
$text = str_replace('ä', 'ä', $string);
$text = str_replace('ö', 'ö', $text);
$text = str_replace('ü', 'ü', $text);
$text = str_replace('Ä', 'Ä', $text);
$text = str_replace('Ö', 'Ö', $text);
$text = str_replace('Ü', 'Ü', $text);
$text = str_replace('ß', 'ß', $text);
$text = securityCheck($text);
return $text;
}
function takeoffs_getTakeoffs($arg)
{
$sitePass = $arg[0];
$tm = $arg[1];
$onlyTakeoffs = $arg[2];
if (!securityCheck($sitePass)) {
return new IXR_Error(4000, 'Access Denied');
}
$waypoints = getWaypoints($tm, $onlyTakeoffs, 0);
return array(count($waypoints), $waypoints);
// return array(1,array($waypoints[0]));
}
function pilots_getPilots($args)
{
$sitePass = $args[0];
if (!securityCheck($sitePass)) {
return new IXR_Error(4000, 'Access Denied');
}
$pilotsList = array(0);
for ($i = 1; $i < count($args); $i++) {
$getPilotID = $args[$i];
$pilotsList[$i] = getPilotInfo($getPilotID, 0);
}
return $pilotsList;
}
$errorMsg = array();
$photoData = array();
// array to hold the data on the photo submitted
$mailed = false;
// Not mailed yet
// %^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
//
// SECTION 2: Process for when the form is submitted
// Ideal Situation - user submits form & $_FILES array is not empty
if (isset($_POST['btnSubmit']) and !empty($_FILES)) {
// config.php is used to validate the image file
include 'lib/config.php';
// %^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
//
// SECTION 2a: Security
if (!securityCheck($path_parts, $yourURL, true)) {
$msg = '<p>Sorry, you cannot access this page. ';
$msg .= 'Security breach detected and reported.';
die($msg);
}
// %^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
//
// SECTION 2b: Sanitize data
// Remove any potential JS or HTML code from users input on the form.
// Follow same order as declared in SECTION 1c.
// Already sanitized when initalized, add direct to data array
// CODE WITH GET FOR EASY TESTING
// array of PhotoData order: ActivityId, NetId, imageLink, Caption, approve
// 1.) Add the activityId to the photoData array
$activityID = (int) htmlentities($_POST["hidActivityId"], ENT_QUOTES, "UTF-8");
$photoData[] = $activityID;
// create array to hold error messages filled (if any) in 2d displayed in 3c.
$errorMsg = array();
// array used to hold form values that will be written to a CSV file
$dataRecord = array();
$mailed = false;
// have we mailed the information to the user?
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
//
// SECTION: 2 Process for when the form is submitted
//
if (isset($_POST["btnSubmit"])) {
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
//
// SECTION: 2a Security
//
if (!securityCheck(true)) {
$msg = "<p>Sorry you cannot access this page. ";
$msg .= "Security breach detected and reported</p>";
die($msg);
}
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
//
// SECTION: 2b Sanitize (clean) data
// remove any potential JavaScript or html code from users input on the
// form. Note it is best to follow the same order as declared in section 1c.
$Start = htmlentities($_POST["txtStart"], ENT_QUOTES, "UTF-8");
$dataRecord[] = $Start;
$Building = htmlentities($_POST["lstBuilding"], ENT_QUOTES, "UTF-8");
$dataRecord[] = $Building;
$Department = htmlentities($_POST["txtDepartment"], ENT_QUOTES, "UTF-8");
$dataRecord[] = $Department;
<?php
require_once $_SERVER['DOCUMENT_ROOT'] . '/vereinsverwaltung/src/conf/config.php';
//Prüfen ob Benutzer angemeldet, sonst redirect zu login Seite
securityCheck();
//Prüfen ob Formular abgeschickt wurde
if ($_POST) {
//Formulardaten in Arrayspeichern und prüfen ob Valide -> sonst error Nachricht
$userData = getDataFromPost();
if (!isset($userData['error'])) {
//Verbindung mit Datenbank aufbauen
$dbmanager = new DBManager();
if ($dbmanager->isConnected()) {
//Neues Objekt der Klasse user mit übergebenen Daten in datenbank speichern
if ($dbmanager->persist('User', [$userData])) {
$_SESSION['message'] = ['type' => 'success', 'text' => 'Das Mitglied wurde im System gespeichert'];
//Redirect overview -> Übersicht mit Erfolsmeldung
header('location: ' . LINK_OVERVIEW);
} else {
$_SESSION['message'] = ['type' => 'danger', 'text' => 'Die Daten konnten nicht gespeichert werde'];
}
} else {
$_SESSION['message'] = ['type' => 'danger', 'text' => 'Es konnte keine Verbindung zur Datenbank hergestellt werden'];
}
} else {
$_SESSION['message'] = ['text' => $userData['error'], 'type' => 'danger'];
}
}
//Klassen zum rendern von HTML-Templates (Layout Menü)
$tmpl = new Templating();
$wrappers = $tmpl->renderWrapper('layoutMenu.html');
//Below is a separate data Record used for a separate insert statement
$secondDataRecord = array();
//third data record for getting the hotel primary key
$thirdDataRecord = array();
$fourthDataRecord = array();
$fourthDataRecord[] = $hotelList;
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
//
// SECTION: 2 Process for when the form is submitted
//
if (isset($_POST["btnSubmit"])) {
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
//
// SECTION: 2a Security
//
if (!securityCheck($path_parts, $yourURL, TRUE)) {
$msg = "<p>Sorry you cannot access this page. ";
$msg .= "Security breach detected and reported</p>";
die($msg);
}
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
//
// SECTION: 2b Sanitize (clean) data
$email = filter_var($_POST["txtEmail"], FILTER_SANITIZE_EMAIL);
$dataRecord[] = $email;
$firstName = htmlentities($_POST["txtFirstName"], ENT_QUOTES, "UTF-8");
$dataRecord[] = $firstName;
$lastName = htmlentities($_POST["txtLastName"], ENT_QUOTES, "UTF-8");
$dataRecord[] = $lastName;
$radConfirm = htmlentities($_POST["radConfirm"], ENT_QUOTES, "UTF-8");
//$dataRecord[] = $radConfirm;
function flights_find($arg)
{
global $db, $flightsTable;
global $takeoffRadious, $CONF;
require_once "FN_pilot.php";
$sitePass = $arg[0];
$lat = $arg[1];
$lon = -$arg[2];
$limit = $arg[3];
if (!securityCheck($sitePass)) {
return new IXR_Error(4000, 'Access Denied');
}
$firstPoint = new gpsPoint();
$firstPoint->lat = $lat;
$firstPoint->lon = $lon;
// calc TAKEOFF - LANDING PLACES
if (count($waypoints) == 0) {
$waypoints = getWaypoints(0, 1);
}
$takeoffIDTmp = 0;
$minTakeoffDistance = 10000000;
$i = 0;
foreach ($waypoints as $waypoint) {
$takeoff_distance = $firstPoint->calcDistance($waypoint);
if ($takeoff_distance < $minTakeoffDistance) {
$minTakeoffDistance = $takeoff_distance;
$takeoffIDTmp = $waypoint->waypointID;
}
$i++;
}
$nearestWaypoint = new waypoint($takeoffIDTmp);
$nearestWaypoint->getFromDB();
//$nearestWaypoint;
//$minTakeoffDistance;
if ($limit > 0) {
$lim = "LIMIT {$limit}";
} else {
$lim = "";
}
$where_clause = "AND takeoffID={$nearestWaypoint->waypointID}";
$query = "SELECT * FROM {$flightsTable} WHERE private=0 {$where_clause} ORDER BY FLIGHT_POINTS DESC {$lim} ";
//echo $query;
$res = $db->sql_query($query);
if ($res <= 0) {
return new IXR_Error(4000, 'Error in query! ' . $query);
}
$flights = array();
$i = 0;
while ($row = mysql_fetch_assoc($res)) {
$name = getPilotRealName($row["userID"], $row["serverID"]);
$link = htmlspecialchars("http://" . $_SERVER['SERVER_NAME'] . getLeonardoLink(array('op' => 'show_flight', 'flightID' => $row['ID'])));
$this_year = substr($row['DATE'], 0, 4);
$linkIGC = htmlspecialchars("http://" . $_SERVER['SERVER_NAME'] . getRelMainDir() . str_replace("%PILOTID%", getPilotID($row["userServerID"], $row["userID"]), str_replace("%YEAR%", $this_year, $CONF['paths']['igc'])) . '/' . $row['filename']);
//$flightsRelPath."/".$row[userID]."/flights/".$this_year."/".$row[filename] );
if ($row['takeoffVinicity'] > $takeoffRadious) {
$location = getWaypointName($row['takeoffID']) . " [~" . sprintf("%.1f", $row['takeoffVinicity'] / 1000) . " km]";
} else {
$location = getWaypointName($row['takeoffID']);
}
$flights[$i]['pilot'] = htmlspecialchars($name);
$flights[$i]['takeoff'] = htmlspecialchars($location);
$flights[$i]['date'] = $row['DATE'];
$flights[$i]['duration'] = $row['DURATION'];
$flights[$i]['openDistance'] = $row['MAX_LINEAR_DISTANCE'];
$flights[$i]['OLCkm'] = $row['FLIGHT_KM'];
$flights[$i]['OLCScore'] = $row['FLIGHT_POINTS'];
$flights[$i]['OLCtype'] = $row['BEST_FLIGHT_TYPE'];
$flights[$i]['displayLink'] = $link;
$i++;
}
return array($i, $flights);
//return array($i,0);
}
$errorMsg = array();
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
//
// SECTION: 2 Process for when the form is submitted
//
if (isset($_POST["btnSubmit"])) {
$hidCustomerId = (int) htmlentities($_POST['hidCustomerId'], ENT_QUOTES, "UTF-8");
if ($hidCustomerId >= 1) {
$update = true;
}
$hidOrderId = htmlentities($_POST['hidOrderId'], ENT_QUOTES, "UTF-8");
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
//
// SECTION: 2a Security
//
if (!securityCheck($path_parts, $yourURL, $form = false)) {
$msg = "<p>Sorry you cannot access this page. ";
$msg .= "Security breach detected and reported</p>";
die($msg);
}
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
//
// SECTION: 2b Sanitize (clean) data
//
//
$firstName = htmlentities($_POST['txtFirstName'], ENT_QUOTES, "UTF-8");
$customerInfo[] = $firstName;
$lastName = htmlentities($_POST['txtLastName'], ENT_QUOTES, "UTF-8");
$customerInfo[] = $lastName;
$email = htmlentities($_POST['txtEmail'], ENT_QUOTES, "UTF-8");
$customerInfo[] = $email;