function strips(&$el)
{
if (is_array($el)) {
foreach ($el as $k => $v) {
strips($el[$k]);
}
} else {
$el = trim(stripslashes($el));
}
}
function strips(&$arr, $k = "")
{
if (is_array($arr)) {
foreach ($arr as $k => $v) {
if (strtoupper($k) != "GLOBALS") {
strips($arr["{$k}"]);
}
}
} else {
$arr = stripslashes($arr);
}
}
function strips(&$el)
{
if (is_array($el)) {
foreach ($el as $k => $v) {
if ($k != 'GLOBALS' && !strstr($k, "_ENV") && !strstr($k, "_SERVER")) {
strips($el[$k]);
}
}
} else {
$el = stripslashes($el);
}
}
function strips(&$a)
{
// Проверка переменной;
if (isset($a) and is_array($a)) {
foreach ($a as $k => $v) {
// Рекурсивный вызов функции;
strips($a[$k]);
}
} else {
// Удаление лишних пробелов;
$a = preg_replace("/ +/", " ", trim($a));
// Обработка строк для записи в БД;
//$a = mysql_real_escape_string($a);
}
}
function strips(&$el)
{
if (is_array($el)) {
foreach ($el as $k => $v) {
if ($k != "GLOBALS") {
strips($el["{$k}"]);
}
}
} else {
$el = stripslashes($el);
}
}
strips($_REQUEST);
if (isset($_SERVER['PHP_AUTH_USER'])) {
strips($_SERVER['PHP_AUTH_USER']);
}
if (isset($_SERVER['PHP_AUTH_PW'])) {
strips($_SERVER['PHP_AUTH_PW']);
}
}
// $aGetQuery - массив содержащий все get-параметры
// $sRequest - строка запроса, $nRequest - ee длина
// $aRequest - массив элементов запроса
$url = parse_url($_SERVER['REQUEST_URI']);
if (isset($url['query'])) {
parse_str($url['query'], $url['query']);
if (get_magic_quotes_gpc()) {
strips($url['query']);
}
$aGetQuery = $url['query'];
} else {
$aGetQuery = array();
}
$sRequest = unslashify($url['path']);
$nRequest = strlen($sRequest);
$aRequest = explode('/', $sRequest);
// libs, нужные в том числе и ядру
// Components // ***TODO***: Кэшировать в файле алиасы таблиц, чтобы не дергать каждый раз базу
$Components = new Components();
foreach ($Components->getAllTablesAndAliases() as $v) {
$v['alias'] = 'DB_TBL_' . strtoupper($v['alias']);
if (!defined($v['alias'])) {
define($v['alias'], $v['name']);
ini_set('display_errors', 'Off');
ini_set('log_errors', 'On');
ini_set('error_log', ROOT_DIR . DS . 'tmp' . DS . 'error.log');
}
/*
* Bersihkan Magic Quotes jika ada
*/
function strips($val)
{
$value = is_array($val) ? array_map('strips', $val) : stripslashes($val);
return $value;
}
if (get_magic_quotes_gpc()) {
$_GET = strips($_GET);
$_POST = strips($_POST);
$_COOKIE = strips($_COOKIE);
}
/*
* bersihkan variabel $_GLOBALS
*/
if (ini_get('register_globals')) {
$array = array('_SESSION', '_POST', '_GET', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES');
foreach ($array as $value) {
foreach ($GLOBALS[$value] as $key => $var) {
if ($var === $GLOBALS[$key]) {
unset($GLOBALS[$key]);
}
}
}
}
/*
function strips(&$param)
{
if (is_array($param)) {
foreach ($param as $k => $v) {
strips($param[$k]);
}
} else {
$param = stripslashes($param);
//$param = utf8Filter($param);
}
}
require_once FLGR_COMMON . '/common.php';
// Все общие функции
// Сервер может быть настроен так, чтобы экранировать
// слеши во входных массивах. Восстанавливаем
// нормальное состояние массивов.
if (get_magic_quotes_gpc()) {
strips($_GET);
strips($_POST);
strips($_FILES);
strips($_COOKIE);
strips($_REQUEST);
if (isset($_SERVER['PHP_AUTH_USER'])) {
strips($_SERVER['PHP_AUTH_USER']);
}
if (isset($_SERVER['PHP_AUTH_PW'])) {
strips($_SERVER['PHP_AUTH_PW']);
}
}
// $aGetQuery - массив содержащий все get-параметры
// $sRequest - строка запроса, $nRequest - ee длина
// $aRequest - массив элементов запроса
$url = parse_url($_SERVER['REQUEST_URI']);
if (isset($url['query'])) {
parse_str($url['query'], $url['query']);
$aGetQuery = $url['query'];
} else {
$aGetQuery = array();
}
$sRequest = unslashify($url['path']);
$nRequest = strlen($sRequest);
$aRequest = explode('/', $sRequest);
if(isset($_POST['usn']) && isset($_POST['pwd'])){
if($_SESSION['kodever']==$_POST['kodever']){
require_once(PATH_FUNGSI."/koneksi.php");
$k = new koneksi;
$usn = strtolower(strips($_POST['usn']));
$pwd = md5(strips($_POST['pwd']));
$sql = "select level from tbl_admin where usn='$usn' and pwd='$pwd'";
$q = $k->exQ($sql);
if($q){
if(mysql_num_rows($q)==1){
$unique = genUnique(32);
$sql = "update tbl_admin set unique_id='$unique',last_login='******' where usn='$usn'";
$k->exQ($sql);
$data = mysql_fetch_array($q,MYSQL_NUM);
$_SESSION['usn']=$usn;
$_SESSION['pwd']=strips($_POST['pwd']);
$_SESSION['levelUser']=$data[0];
$_SESSION['uniqueId']=$unique;
// login ke forum
#include_once("forum.php");
// redirect halaman
header("Location: ".$_SERVER['HTTP_REFERER']);
die();
}else{
$smarty->assign("pesan","Invalid Username or Password !");
session_destroy();
}
}else{
redirect("../error.php?p=1");
}
}else{
$smarty->assign('pesan',"Data updated, wait pproval for your parent".$usr->pesan.$meta);
$smarty->assign('dshowMe',true);
}else{
$smarty->assign('pesan',"Failed to edit Membersip !".$usr->pesan.$meta);
}
}
}
}
//pilih aksi
if(isset($_POST['edit'])){
$edit = true;
$smarty->assign("edit","true");
}
$idUnik = strips($_SESSION['userId']);
$sql = "select id,name,email,date_format(tglLahir,'%Y-%m-%d') as tglLahir,date_format(tglLahir,'%D %M %y') as waktu,
tmpLahir,alamat,negara,noRumah,noHp,hobby,ortu,noHportu,handicap,golfClub,gambar,if(recomendation=1,'checked','') as rec,
if(recomendation=1,'Yes','No') as recomen,level,group_type,package,reward_earned,
ranking_point,trial_point,editProfile from tbl_membership where id='$idUnik'";
$result = $usr->exQ($sql);
if(@mysql_num_rows($result)>0){
$data = mysql_fetch_array($result,MYSQL_ASSOC);
foreach($data as $k=>$value){
$listProfile[$k] = $value;
if($k == 'gambar'){
if($value != ""){
$listProfile['gambar'] = IMAGE_MEMBER."/".$data['gambar'];
}else {
$listProfile['gambar'] = IMAGE_MEMBER."/noPict.jpg";
}
$menuitems[0]['url'] = "http://...";
$menuitems[0]['text'] = "ダミー";
$smarty->assign("menuitems", $menuitems);
//ヘッダ
$smarty->assign("head" . "簡易掲示板");
//メインコンテンツ
$contents = array();
$dbh = mysql_connect($db_host, $db_username, $db_password);
if ($dbh !== false) {
$sqlstr = "use {$db_name}";
mysql_query($sqlstr, $dbh);
//削除マークのない20件を抽出
$sqlstr = "select * from mybbs where mark = '0' order by dt desc limit 20";
$result = mysql_query($sqlstr, $dbh);
while ($row = mysql_fetch_assoc($result)) {
$row = sanitate(strips($row));
$form_id = "form_" . $row['id'];
$row['caption'] = '<form action="delete.php" method="get" id="' . $form_id . '>">' . '<input type="hidden" name="id" value="' . $row['id'] . '" />' . '<input type="password" size="10" name="pass" />' . '<input type="submit" value="削除" />' . '</form>';
'<div style="cusor:pointer;" onClick="javascript:document.getElementById(¥"' . $form_id . '¥").style.display=¥"block¥";¥">削除する</div>';
array_push($contents, $row);
}
}
//print_r($contents);
$smarty->assign("contents", $contents);
//投稿フォーム
$form['action'] = "bbswrite.php";
$form['title'] = '';
$form['body'] = 'Name<input type="text" name="name" /><br>' . 'Mail<input type="text" name="mailaddr" /><Br>' . 'Pass<input type="password" name="pass" /><br>' . 'Subject<input type="text" name="subject" /><Br>' . '本文<textarea rows="5" cols="40" name="body" /></textarea><br>' . '<input type="submit" value="新規投稿" />';
$smarty->assign("form", $form);
$smarty->assign("contents", $contents);
$smarty->display("index.tpl");
/**
* @return void
*/
private function inputCheck()
{
/**
* magic gemor
*/
if (get_magic_quotes_gpc()) {
strips($_GET);
strips($_POST);
strips($_COOKIE);
strips($_REQUEST);
if (isset($_SERVER['PHP_AUTH_USER'])) {
strips($_SERVER['PHP_AUTH_USER']);
}
if (isset($_SERVER['PHP_AUTH_PW'])) {
strips($_SERVER['PHP_AUTH_PW']);
}
}
}
