public function post_create() { $posts = Input::all(); $title = $posts['thread_name']; $contentRaw = $posts['inputarea']; if ($title != '' && strlen($contentRaw) > 10) { $alias = Str::slug($title, '-'); $exist = Thread::where('alias', '=', $alias)->first(); if ($exist != null) { return Redirect::to($exist->id); } $threadData = array('title' => $posts['thread_name'], 'alias' => $alias, 'type' => 0, 'poster_ip' => Request::ip(), 'dateline' => date("Y-m-d H:i:s"), 'last_message_at' => date("Y-m-d H:i:s")); $thread = Thread::create($threadData); if ($thread != null) { $content = static::replace_at(BBCode2Html(strip_tags_attributes($contentRaw)), $thread->id); $postData = array('thread_id' => $thread->id, 'entry' => $content, 'userip' => Request::ip(), 'user_id' => Sentry::user()->id, 'datetime' => date("Y-m-d H:i:s"), 'count' => 1, 'type' => 0); $pst = Post::create($postData); if ($pst != null) { return Redirect::to($thread->id); } } } else { return Redirect::to(URL::full()); } }
function parsetext($text) { $res = $text; // убираем переводы строк внутри тэгов do { $oldRes = $res; $res = preg_replace("/(<[^>]*)[\n\r]/m", '$1 ', $res); } while ($res != $oldRes); $res = auto_link_text($res); $res = strip_tags_attributes($res, array('<strike>', '<s>', '<sup>', '<sub>', '<embed>', '<object>', '<param>', '<p>', '<b>', '<i>', '<br>', '<br/>', '<a>', '<em>', '<font>', '<strong>', '<img>', '<img/>', '<small>', '<big>', '<div>', '<span>')); $res = closetags($res); $res = redirectExternalLinks($res); $res = nl2br($res); $res = str_replace(array("\n", "\r"), " ", $res); $res = trim($res); return $res; }
$var_code = ANONNEWS_ERROR_UPLOAD_ERR; // Generic upload error require "module.error.php"; } if ($error === false) { // Either no file was uploaded or the file was successfully uploaded, continue... if (!empty($_POST['title'])) { if (!empty($_POST['body'])) { if ($file_uploaded === false) { $upload_url = ""; } $body = $_POST['body']; if ($_POST['js_enabled'] === "false") { $body = nl2br($body, false); } $body = mysql_real_escape_string(str_replace("javascript:", "", strip_tags_attributes($body, "<a><b><i><u><span><div><p><br><hr><font><ul><li><ol><dt><dd><h1><h2><h3><h4><h5><h6><h7><del><map><area><strong><em><big><small><sub><sup><ins><pre><blockquote><cite><q><center><marquee><table><tr><td><th>", "href,src,alt,class,style,align,valign,color,face,size,width,height,shape,coords,target,border,cellpadding,cellspacing,colspan,rowspan"))); $title = mysql_real_escape_string($_POST['title']); $language = mysql_real_escape_string($_POST['language']); $query = "INSERT INTO press (`Name`, `Body`, `CommentCount`, `Deleted`, `Approved`, `Attachment`, `Upvotes`, `Mod`, `ExternalAttachment`, `Language`, `Posted`)\n\t\t\t\t\t\t\tVALUES ('{$title}', '{$body}', '0', '0', '0', '{$upload_url}', '0', '', '1', '{$language}', CURRENT_TIMESTAMP)"; if (mysql_query($query)) { $insert_id = mysql_insert_id(); if (!empty($_POST['tags'])) { // tags were entered. $tags = $_POST['tags']; $tags_list = explode(",", $tags); foreach ($tags_list as $tag) { $tag = mysql_real_escape_string(trim(clean_tag($tag))); if (!empty($tag)) { $query = "INSERT INTO tags (`Table`, `ItemId`, `TagName`) VALUES ('press', '{$insert_id}', '{$tag}')"; mysql_query($query); }
<?php echo link_to($sTag, "@tags?name={$sTag}"); if ($i != $last) { echo ', '; } ?> <?php } ?> </h4> <div class="content"> <?php //echo $post->getContent() ?> <?php echo strip_tags_attributes($post->getContent(), $allow); ?> <?php if ($post->getShortened()) { ?> <div id="content-more-<?php echo $post->getId(); ?> " style="display: none"></div> <p id="content-nav1-<?php echo $post->getId(); ?> "> <?php echo link_to_remote('Czytaj dalej tutaj (rozwija treść wpisu)', array('update' => 'content-more-' . $post->getId(), 'url' => 'post/more?id=' . $post->getId(), 'loading' => "showIndicator({$post->getId()})", 'success' => "hideIndicator({$post->getId()})"));
//echo "pagemode = user<br> "; } else { //echo 'fail '; } } } checkMode('init'); //echo '<br>Name: ' . $uname. " <br>PassSHA1: ".$upass; $db = mysqli_connect($dbhost, $dbuname, $dbupass, $dbname); if (mysqli_connect_errno()) { //echo "Failed to connect to MySQL: " . mysqli_connect_error(); echo "<script type='text/javascript'>displayLoginError('error', 'MySQL conn failed: " . mysqli_connect_error() . "')</script>"; } if (isset($_POST['Login'])) { $unamesub = addslashes(strip_tags_attributes($_POST['unamesub'])); $upassSHA = addslashes(strip_tags_attributes($_POST['upasssub'])); $user = mysqli_query($db, "SELECT * FROM Users WHERE name='{$unamesub}'"); $row = mysqli_fetch_array($user); $passwordFromPost = $_POST['upasssub']; $hashedPasswordFromDB = $row['pass']; $mode = $row['isAdmin']; //echo "<script type='text/javascript'>console.log('" . $mode . "');</script>"; if (password_verify($passwordFromPost, $hashedPasswordFromDB)) { echo "<script type='text/javascript'>\$('#passvalid').css('color','#99c68e') //light green\n\t\t\t\t\t\t.removeClass('fa-exclamation-triangle')\n\t\t\t\t\t\t.addClass('fa-check-square');</script>"; if ($mode == 1) { $_SESSION['mode'] = 'admin'; } else { $_SESSION['mode'] = 'loggeduser'; } $_SESSION['user'] = $unamesub; $_SESSION['username'] = $row['disname'];
$passtoset = password_hash($newpass, PASSWORD_BCRYPT, $options); $sql = "UPDATE Users SET pass='******' WHERE name='{$userToSet}'"; if (mysqli_query($db, $sql)) { echo 1; } else { echo 0; } } } else { echo 0; } } if (isset($_POST['newemail'])) { $newemail = addslashes(strip_tags_attributes($_POST['newemail'])); //$newemail = addslashes($_POST['newemail']); $userToSet = addslashes(strip_tags_attributes($_POST['user'])); $user = $sessionUser; if ($userToSet === $user || $sessionMode === 'admin') { $sql = "UPDATE Users SET email='{$newemail}' WHERE name='{$userToSet}'"; if (mysqli_query($db, $sql)) { echo 1; } else { echo 0; } } else { echo 'user does not match userSet'; } } if (isset($_POST['userlist'])) { if ($_POST['userlist'] == 'all') { if (isset($sessionMode)) {
} mysqli_close($db); //header('Location: ' . dirname($_SERVER['REQUEST_URI'])); echo '<script type="text/javascript">location.href = "' . dirname($_SERVER['REQUEST_URI']) . '";</script>'; } if (isset($_POST['Edit'])) { if (isset($_POST['type'])) { if ($_POST['type'] === 'reply') { //bla } } else { $newtitle = addslashes(strip_tags_attributes($_POST['title'])); $newtags = addslashes(strip_tags_attributes($_POST['tags'])); $isNSFW = $_POST['nsfwcheck']; } $newcontent = addslashes(strip_tags_attributes($_POST['content'])); $postid = $_POST['postid']; $return_to = $_GET['return_to']; $db = mysqli_connect($dbhost, $dbuname, $dbupass, $dbname); if (mysqli_connect_errno()) { //echo "Failed to connect to MySQL: " . mysqli_connect_error(); echo "<script type='text/javascript'>displayLoginError('error', 'MySQL conn failed: " . mysqli_connect_error() . "')</script>"; } if (!isset($_POST['type'])) { $sql = "UPDATE Posts SET title='{$newtitle}', content='{$newcontent}', tags='{$newtags}', isNSFW='{$isNSFW}' WHERE PID={$postid}"; $header = dirname($_SERVER['REQUEST_URI']) . 'index.php?p=' . $return_to; } else { $sql = "UPDATE Replies SET content='{$newcontent}' WHERE PID={$postid}"; $header = dirname($_SERVER['REQUEST_URI']) . 'post.php?reply_to=' . $return_to; } if (!mysqli_query($db, $sql)) {
function scrapeTable($inputGrid, $stationID) { $entries = $inputGrid->find("tr"); $rowCount = 0; foreach ($entries as $entry) { $trainDepartureTime = ""; $isDeviationInDeparture = ""; $trainDeviatingDepartureTime = ""; $trainName = ""; $trainLink = ""; $trainDestination = ""; $trainOperatorName = ""; $trainOperatorLink = ""; $trainCurrentState = ""; $trainCurrentStatePlace = ""; $trainDeviationInMinutes = ""; $trainDeviationType = ""; $trainType = ""; $trainTrack = ""; $cells = $entry->find("td"); $colCount = 0; if ($rowCount > 0) { foreach ($cells as $cell) { $divs = $cell->find("div"); $divCount = 0; $isDeviationInDeparture = false; foreach ($divs as $div) { $data = strip_tags_attributes($div, '<a>', 'href'); if ($colCount == 0) { if ($divCount == 0) { $trainDepartureTime = $data; # print("Ordinarie avgångstid: " . $trainDepartureTime); } if ($divCount == 1) { if ($data == "Avgick") { $isDeviationInDeparture = true; } else { $isDeviationInDeparture = false; } } if ($divCount == 2 && $isDeviationInDeparture == true) { $trainDeviatingDepartureTime = $data; # print("\nAvgick: ". $data); } } if ($colCount == 1) { // 1. Tåg nr + länk if ($divCount == 0) { $trainLink = get_href($data); $trainName = str_replace(" till", "", strip_tags(fix_chars($data))); $trainName = str_replace("Tåg nr ", "", $trainName); # print("Tåg nr: ". $trainName); } // 2. Destination if ($divCount == 1) { $trainDestination = fix_chars($data); # print(" Till: " . $trainDestination ); } // 3. Operatör + länk if ($divCount == 2) { $trainOperatorLink = get_href($data); $trainOperatorName = fix_chars(trim(strip_tags($data))); # print (" Operatör: " . $trainOperatorName . " (" . $trainOperatorLink . ")" ); } } if ($colCount == 2) { // Tåg som just passerat / ankommit if ($divCount == 0) { if (strpos($data, "Ankom")) { $trainCurrentState = "ARRIVED"; $trainCurrentStatePlace = str_replace("Ankom ", "", fix_chars($data)); } else { $trainCurrentState = "PASSED"; $trainCurrentStatePlace = str_replace("Passerade ", "", fix_chars($data)); } # print("--> " . $trainCurrentState . " " . $trainCurrentStatePlace ); } // Avvikelse i minuter if ($divCount == 1) { if (strpos($data, "tidig")) { $trainDeviationInMinutes = str_replace(" min tidig", "", fix_chars($data)); $trainDeviationType = "EARLY"; } else { $trainDeviationInMinutes = str_replace(" min försenad", "", fix_chars($data)); $trainDeviationType = "EARLY"; } # print(" (" . $trainDeviationInMinutes . " " . $trainDeviationType . ")"); } } if ($colCount == 3) { // Hämta tågtyp if ($divCount == 0) { $trainType = fix_chars($data); # print("Tågtyp: " . $trainType); } } if ($colCount == 4) { if ($divCount == 0) { $trainTrack = trim($data); # print("Spår: " . $data); } } $divCount++; } # print("\n"); $colCount++; } } // trainDepartureTime, isDeviationInDeparture, trainDeviatingDepartureTime // trainName, trainLink, trainDestination, trainOperatorName, trainOperatorLink, // trainCurrentState, trainCurrentStatePlace // trainDeviationInMinutes, trainDeviationType // trainType, trainTrack $dataset = array('StationID' => $stationID, 'Avgång' => $trainDepartureTime, 'Avvikelse' => $isDeviationInDeparture, 'AvvikelseAvgång' => $isDeviationInDeparture, 'TågNamn' => $trainName, 'TågLänk' => $trainLink, 'Destination' => $trainDestination, 'Operatör' => $trainOperatorName, 'OperatörLänk' => $trainOperatorLink, 'Aktuellt' => $trainCurrentState, 'AktuelltPlats' => $trainCurrentStatePlace, 'AvvikelseMinuter' => $trainDeviationInMinutes, 'AvvikelseTyp' => $trainDeviationType, 'TågTyp' => $trainType, 'Spår' => $trainTrack); if ($rowCount > 0) { scraperwiki::save(array('Avgång', 'TågNamn'), $dataset); #print("Tågnamn : " . $trainName); } #print( "\n" ); $rowCount++; } }
{ //email verification madness return preg_match("/^[-_.[:alnum:]]+@((([[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]])\\.)+(ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)\$|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))\$/i", $email); } if (isset($_POST['Register'])) { $unamesub = addslashes(strip_tags_attributes($_POST['unamesub'])); $uemailsub = addslashes(strip_tags_attributes($_POST['uemailsub'])); $uage = $_POST['dateyear'] . '-' . $_POST['datemonth'] . '-' . $_POST['dateday']; if ($_POST['upasssub'] != $_POST['upasssub2']) { echo '<script type="text/javascript">displayLoginError(\'error\', \'Passwords must match\');</script>'; } else { if (preg_match('/\\s/', $unamesub)) { echo '<script type="text/javascript">displayLoginError(\'error\', \'Username cannot have spaces\');</script>'; } else { $options = ['cost' => 11]; $upass = password_hash(addslashes(strip_tags_attributes($_POST['upasssub'])), PASSWORD_BCRYPT, $options); //$upass = SHA2($_POST['upass'], 512); $default = 'not set'; $passwordFromPost = $upass; //check to see if uname/email is taken $sql = "INSERT INTO Users (name, pass, email, disname, age, isAdmin, filterPref)\n\t VALUES ('{$unamesub}', \n\t '{$passwordFromPost}',\n\t '{$uemailsub}',\n\t '{$unamesub}',\n\t '{$uage}',\n\t '0',\n\t '1')"; if (!mysqli_query($db, $sql)) { die('Error: ' . mysqli_error($db)); } //header('Location: ' . dirname($_SERVER['REQUEST_URI']) . '/login.php'); echo '<script type="text/javascript">location.href = "login.php";</script>'; } } } ?>
public function post_post() { $data = json_decode(Input::get('json')); $fields = array('post' => $data->inputarea, 'threadid' => $data->thread_id); if (Sentry::guest()) { return json_encode(array("success" => 0, "msg" => "üye olda gel")); } //filter falan ama sonra .. $userid = Sentry::user()->id; $userip = Request::ip(); $cThread = Thread::where('id', '=', $fields['threadid'])->first(); /*FLOOD PROTECTION*/ #################### /*$_messageTime = Post::where(function ($query) use ($cThread,$userid){ $query->where('thread_id','=',$cThread->id); $query->where('user_id', '=',$userid); }) ->order_by('datetime','DESC') ->first(array('datetime')); if($_messageTime){ $_timestamp = strtotime($_messageTime->datetime); $_timeCalc = time()-10; if($_timestamp >= $_timeCalc) { return json_encode(array("success" => 0,"msg" => "C*k hızlı giriyorsun babacan!")); } }*/ #################### /*FLOOD PROTECTION*/ // Check user has 10 post if he newbie member if (Sentry::user()->user_type == 0) { $fulled = false; $post = Post::where('user_id', '=', Sentry::user()->id); if ($post->count() >= 10) { return json_encode(array("success" => 0, "msg" => "Çaylak Olarak Bu kadar Yazdıgınız Yeter.\nLütfen Bir adminin onaylamasını bekleyiniz.")); } } if (Sentry::user()->has_access('can_post') && $cThread->type == 0) { if (Sentry::user()->user_type == 0) { $post_type = 0; } else { $post_type = 1; } if (strlen(trim($fields['post'])) >= 5 || Sentry::user()->has_access('is_mod')) { $max = Post::where('thread_id', '=', $fields['threadid'])->max('count'); $post = static::replace_at(BBCode2Html(strip_tags_attributes($fields['post'])), $fields['threadid']); $postData = array('thread_id' => $fields['threadid'], 'entry' => $post, 'userip' => $userip, 'user_id' => $userid, 'datetime' => date("Y-m-d H:i:s"), 'count' => $max + 1, 'type' => $post_type); /* Update last message on thread table */ $cThread->last_message_at = date("Y-m-d H:i:s"); $cThread->save(); $id = DB::table('posts')->insert_get_id($postData); $entry = Post::with('author')->where_id($id)->first(); $threadid = $fields['threadid']; $count = Post::where(function ($query) use($threadid) { $query->where('thread_id', '=', $threadid); $query->where('type', '=', 1); })->count(); // cache deki konuyu okumuş memberlari sil DB::query('DELETE FROM xr_threadsmembers WHERE thread_id=?', array($threadid)); /*Page Function*/ $pagenum = ceil($count / static::$per_page); //doing ajax callbacks //create view $view = array("id" => $entry->id, "count" => $entry->count, "entry" => $entry->entry, "author" => $entry->author->username, "date" => $entry->datetime, "page" => $pagenum); return Response::json($view); } else { return json_encode(array("success" => 0, "msg" => "entry çok kısa babacan")); } } else { return json_encode(array("success" => 0, "msg" => "yetki yok hocam")); } return json_encode(array("success" => 0, "msg" => "Undefined Error!")); }
function filter_basic($input) { return strip_tags_attributes($input, "<b><i><u><span><p><font><ul><li><ol><dt><dd><del><strong><big><small><sub><sup><ins><pre><blockquote><cite><q><center><table><tr><td><th>", "href,src,alt,class,style,align,valign,color,face,size,width,height,border,cellpadding,cellspacing,colspan,rowspan"); }
</p> </div> <div class="modal-footer"> <button id="delSubBtn" data-dismiss="modal" value="Delete" name="deletepost" class="btn btn-submit" onClick="document.getElementById('delpost').submit()">Delete</button> </div> </div> </div> </div> <form action="login.php" method="post" name="logout" id="logout"> <input type="hidden" value="logout"> </form> <?php if (isset($_POST["submitcomment"])) { if ($isLoggedUser || $isAdmin) { $content = addslashes(strip_tags_attributes($_POST["submitcommenttextarea"])); if ($content != '') { //Change this so that apostraphes and stuff can be used $creator = '<a href="user.php?u=' . $_SESSION['user'] . '">' . $_SESSION['username'] . '</a>'; date_default_timezone_set('America/New_York'); $timestamp = date("m/d/Y") . ' at ' . date("h:i:s a"); $reply_to = $_GET['reply_to']; $sql = "INSERT INTO Replies (reply_to, content, creator, timestamp)\n\t VALUES ('{$reply_to}', \n\t '{$content}', \n\t '{$creator}',\n\t '{$timestamp}')"; if (!mysqli_query($db, $sql)) { die('Error: ' . mysqli_error($db)); } echo '<script type="text/javascript">location.href = "post.php?' . $_SERVER['QUERY_STRING'] . '";</script>'; } } } if (isset($_POST['deletereply'])) {
function clean_richtext($text) { /*{{{*/ $allowtags = '<a><b><i><u><blockquote><img><strong><em><font><p><ol><ul><li><h1><h2><h3><h4><h5><h6><strike><span><br><table><tbody><th><tr><td><caption><colgroup><div><embed>'; $allowattributes = 'href,target,src,width,height,alt,title,size,face,color,align,style,name,rowspan,colspan,border,rev,class'; $text = preg_replace("/<(script.*?)>(.*?)<(\\/script.*?)>/si", "", $text); // strip out any \r characters. all we need is \n // $text = strtr($text, array("\r" => '', '&' => '&')); // $text = strtr($text, array("onmouseover" => '', 'onmouseout' => '', 'on')); $text = utf8_sanitize($text); $text = strip_tags_attributes($text, $allowtags, $allowattributes); $text = preg_replace('/mso-.*?:.*?(;|\\"|\'|>)/si', '$1', $text); // $text = preg_replace('/(?<!href=")(?<!src=")((https?:\/\/)([-a-zA-Z0-9@:%_\+.~#?&\/=]+))/i', '<a href="$1" target="_blank">$3</a>', $text); // XSS protection: <a href="javascript: alert(... $text = preg_replace('/href=([\'"]).*?javascript:(.*)?\\1/i', 'href="#$2"', $text); $text = tidy_html($text); return $text; }