public function login($id = null) { $user = $this->user; $this->data['user']['name'] = $user->data()->user; Config::set('html.title', 'Авторизация'); Config::set('html.description.val', 'На этой странице можно залогиниться'); //$user = new User(); $salt = uniqid(); if (!Session::exists(Config::get('session.token_name'))) { Token::generate(); } if (Input::exists()) { if (Token::check(Input::get('token'))) { $validate = new VALIDATE(); $validation = $validate->check($_POST, array('user' => array('required' => true), 'password' => array('required' => true))); if ($validate->passed()) { $remember = Input::get('remember') === 'on' ? true : false; $login = $user->login(Input::get('user'), Input::get('password'), null); if ($login) { Redirect::to('/'); } else { echo '<p>Sorry, logging in failed</p>'; } } else { foreach ($validation->errors() as $error) { //echo $error, '<br/>'; $this->data['validate_errors'][] = $error; } } } } //$this->data['id']=$id; //$this->data['name']=Input::get('name'); $this->view('user/login'); }
Add the JavaScript validation into the display page using the class //-----------------------------------*/ // Allow users to reset their password while logged in if (!empty($LoggedUser['ID']) && $_REQUEST['act'] != 'recover') { header('Location: index.php'); die; } if (BLOCK_OPERA_MINI && isset($_SERVER['HTTP_X_OPERAMINI_PHONE'])) { error('Opera Mini is banned. Please use another browser.'); } // Check if IP is banned if (Tools::site_ban_ip($_SERVER['REMOTE_ADDR'])) { error('Your IP address has been banned.'); } require SERVER_ROOT . '/classes/validate.class.php'; $Validate = new VALIDATE(); if (array_key_exists('action', $_GET) && $_GET['action'] == 'disabled') { require 'disabled.php'; die; } if (isset($_REQUEST['act']) && $_REQUEST['act'] == 'recover') { // Recover password if (!empty($_REQUEST['key'])) { // User has entered a new password, use step 2 $DB->query("\n\t\t\tSELECT\n\t\t\t\tm.ID,\n\t\t\t\tm.Email,\n\t\t\t\tm.ipcc,\n\t\t\t\ti.ResetExpires\n\t\t\tFROM users_main as m\n\t\t\t\tINNER JOIN users_info AS i ON i.UserID = m.ID\n\t\t\tWHERE i.ResetKey = '" . db_string($_REQUEST['key']) . "'\n\t\t\t\tAND i.ResetKey != ''\n\t\t\t\tAND m.Enabled = '1'"); list($UserID, $Email, $Country, $Expires) = $DB->next_record(); if ($UserID && strtotime($Expires) > time()) { // If the user has requested a password change, and his key has not expired $Validate->SetFields('password', '1', 'regex', 'You entered an invalid password. A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol, or is 20 characters or longer', array('regex' => '/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$|.{20,}/')); $Validate->SetFields('verifypassword', '1', 'compare', 'Your passwords did not match.', array('comparefield' => 'password')); if (!empty($_REQUEST['password'])) {
<? include(SERVER_ROOT.'/classes/class_validate.php'); $Val=NEW VALIDATE; if(!empty($_REQUEST['confirm'])) { // Confirm registration $DB->query("SELECT ID FROM users_main WHERE torrent_pass='******'confirm'])."' AND Enabled='0'"); list($UserID)=$DB->next_record(); if($UserID) { $DB->query("UPDATE users_main SET Enabled='1' WHERE ID='$UserID'"); $Cache->increment('stats_user_count'); include('step2.php'); } } elseif(OPEN_REGISTRATION || !empty($_REQUEST['invite'])) { $Val->SetFields('username',true,'regex','You did not enter a valid username.',array('regex'=>'/^[a-z0-9_?]{1,20}$/iD')); $Val->SetFields('email',true,'email','You did not enter a valid email address.'); $Val->SetFields('password',true,'string','You did not enter a valid password (6 - 40 characters).',array('minlength'=>6,'maxlength'=>40)); $Val->SetFields('confirm_password',true,'compare','Your passwords do not match.',array('comparefield'=>'password')); $Val->SetFields('readrules',true,'checkbox','You did not check the box that says you will read the rules.'); $Val->SetFields('readwiki',true,'checkbox','You did not check the box that says you will read the wiki.'); $Val->SetFields('agereq',true,'checkbox','You did not check the box that says you are 13 or older.'); //$Val->SetFields('captcha',true,'string','You did not enter a captcha code.',array('minlength'=>6,'maxlength'=>6)); if(!empty($_REQUEST['submit'])) { // User has submitted registration form $Err=$Val->ValidateForm($_REQUEST); /* if(!$Err && strtolower($_SESSION['captcha'])!=strtolower($_REQUEST['captcha'])) { $Err="You did not enter the correct captcha code.";
<?php authorize(); include SERVER_ROOT . '/classes/validate.class.php'; $Val = new VALIDATE(); $P = array(); $P = db_array($_POST); if ($P['category'] > 0 || check_perms('site_collages_renamepersonal')) { $Val->SetFields('name', '1', 'string', 'The name must be between 3 and 100 characters', array('maxlength' => 100, 'minlength' => 3)); } else { // Get a collage name and make sure it's unique $name = $LoggedUser['Username'] . "'s personal collage"; $P['name'] = db_string($name); $DB->query("\n\t\tSELECT ID\n\t\tFROM collages\n\t\tWHERE Name = '" . $P['name'] . "'"); $i = 2; while ($DB->has_results()) { $P['name'] = db_string("{$name} no. {$i}"); $DB->query("\n\t\t\tSELECT ID\n\t\t\tFROM collages\n\t\t\tWHERE Name = '" . $P['name'] . "'"); $i++; } } $Val->SetFields('description', '1', 'string', 'The description must be between 10 and 65535 characters', array('maxlength' => 65535, 'minlength' => 10)); $Err = $Val->ValidateForm($_POST); if (!$Err && $P['category'] === '0') { $DB->query("\n\t\tSELECT COUNT(ID)\n\t\tFROM collages\n\t\tWHERE UserID = '{$LoggedUser['ID']}'\n\t\t\tAND CategoryID = '0'\n\t\t\tAND Deleted = '0'"); list($CollageCount) = $DB->next_record(); if ($CollageCount >= $LoggedUser['Permissions']['MaxCollages'] || !check_perms('site_collages_personal')) { $Err = 'You may not create a personal collage.'; } elseif (check_perms('site_collages_renamepersonal') && !stristr($P['name'], $LoggedUser['Username'])) { $Err = 'Your personal collage\'s title must include your username.'; }
<? //******************************************************************************// //--------------- Take edit ----------------------------------------------------// // This pages handles the backend of the 'edit torrent' function. It checks // // the data, and if it all validates, it edits the values in the database // // that correspond to the torrent in question. // //******************************************************************************// enforce_login(); require(SERVER_ROOT.'/classes/class_validate.php'); $Validate = new VALIDATE; //******************************************************************************// //--------------- Set $Properties array ----------------------------------------// // This is used if the form doesn't validate, and when the time comes to enter // // it into the database. // $Properties=array(); $TypeID = (int)$_POST['type']; $Type = $Categories[$TypeID-1]; $TorrentID = (int)$_POST['torrentid']; $Properties['Remastered'] = (isset($_POST['remaster']))? 1 : 0; if($Properties['Remastered']) { $Properties['UnknownRelease'] = (isset($_POST['unknown'])) ? 1 : 0; $Properties['RemasterYear'] = $_POST['remaster_year']; $Properties['RemasterTitle'] = $_POST['remaster_title']; $Properties['RemasterRecordLabel'] = $_POST['remaster_record_label']; $Properties['RemasterCatalogueNumber'] = $_POST['remaster_catalogue_number']; } if(!$Properties['Remastered'] || $Properties['UnknownRelease']) {
} } if(!isset($_REQUEST['action'])) { include(SERVER_ROOT.'/sections/tools/tools.php'); die(); } if (substr($_REQUEST['action'],0,7) == 'sandbox' && !isset($argv[1])) { if (!check_perms('site_debug') || !check_perms('admin_access_log')) { error(403); } } include(SERVER_ROOT."/classes/class_validate.php"); $Val=NEW VALIDATE; include(SERVER_ROOT.'/classes/class_feed.php'); $Feed = new FEED; switch ($_REQUEST['action']){ //Services case 'get_host': include('services/get_host.php'); break; //Managers case 'forum': include('managers/forum_list.php'); break; case 'forum_alter':
/*-- TODO ---------------------------// Add the javascript validation into the display page using the class //-----------------------------------*/ if (!empty($LoggedUser['ID'])) { header('Location: index.php'); die; } if (BLOCK_OPERA_MINI && isset($_SERVER['HTTP_X_OPERAMINI_PHONE'])) { error('Opera Mini is banned, please use another browser.'); } // Check if IP is banned if (site_ban_ip($_SERVER['REMOTE_ADDR'])) { error('Your IP has been banned.'); } require ASSETS . "/class_validate.php"; $Validate = new VALIDATE(); if (array_key_exists('action', $_GET) && $_GET['action'] == 'disabled') { require 'disabled.php'; die; } if (isset($_REQUEST['act']) && $_REQUEST['act'] == "recover") { // Recover password if (!empty($_REQUEST['key'])) { // User has entered a new password, use step 2 $DB->query("SELECT \n\t\t\tm.ID,\n\t\t\tm.Email,\n\t\t\ti.ResetExpires \n\t\t\tFROM users_main AS m \n\t\t\tINNER JOIN users_info AS i ON i.UserID=m.ID \n\t\t\tWHERE i.ResetKey='" . db_string($_REQUEST['key']) . "' \n\t\t\tAND i.ResetKey<>'' \n\t\t\tAND m.Enabled='1'"); list($UserID, $Email, $Expires) = $DB->next_record(); if ($UserID && strtotime($Expires) > time()) { // If the user has requested a password change, and his key has not expired $Validate->SetFields('password', '1', 'string', 'You entered an invalid password.', array('maxlength' => '40', 'minlength' => '6')); $Validate->SetFields('verifypassword', '1', 'compare', 'Your passwords did not match.', array('comparefield' => 'password')); if (!empty($_REQUEST['password'])) {
<? $P=array(); $P=db_array($_POST); include(SERVER_ROOT.'/classes/class_validate.php'); $Val = new VALIDATE; $Val->SetFields('title', '1','string','The title must be between 3 and 100 characters',array('maxlength'=>100, 'minlength'=>3)); //$Val->SetFields('alias', '1','string','Please include at least 1 alias, the entire string should be between 2 and 100 characters.',array('maxlength'=>100, 'minlength'=>2)); $Err = $Val->ValidateForm($_POST); if(!$Err) { $DB->query("SELECT ID FROM wiki_articles WHERE Title='$P[title]'"); if($DB->record_count()>0) { list($ID) = $DB->next_record(); $Err = 'An article with that name already exists <a href="wiki.php?action=article&id='.$ID.'">here</a>.'; } } if($Err) { $_SESSION['error_message'] = $Err; header('Location: wiki.php?action=create'); die(); } if(check_perms('admin_manage_wiki')){ $Read=$_POST['minclassread']; $Edit=$_POST['minclassedit']; if(!is_number($Read)) { error(0); } //int? if(!is_number($Edit)) { error(0); } if($Edit > $LoggedUser['Class']){ error('You can\'t restrict articles above your own level'); }
// the data, and if it all validates, it builds the torrent file, then writes // // the data to the database and the torrent to the disk. // //******************************************************************************// // Maximum allowed size for uploaded files. // http://php.net/upload-max-filesize ini_set('upload_max_filesize', 2097152); // 2 Mibibytes ini_set('max_file_uploads', 100); define(MAX_FILENAME_LENGTH, 180); include SERVER_ROOT . '/classes/validate.class.php'; include SERVER_ROOT . '/classes/feed.class.php'; include SERVER_ROOT . '/sections/torrents/functions.php'; include SERVER_ROOT . '/classes/file_checker.class.php'; enforce_login(); authorize(); $Validate = new VALIDATE(); $Feed = new FEED(); define('QUERY_EXCEPTION', true); // Shut up debugging //******************************************************************************// //--------------- Set $Properties array ----------------------------------------// // This is used if the form doesn't validate, and when the time comes to enter // // it into the database. // $Properties = array(); $Type = $Categories[(int) $_POST['type']]; $TypeID = $_POST['type'] + 1; $Properties['CategoryName'] = $Type; $Properties['Title'] = $_POST['title']; $Properties['Remastered'] = isset($_POST['remaster']) ? 1 : 0; if ($Properties['Remastered'] || isset($_POST['unknown'])) { $Properties['UnknownRelease'] = isset($_POST['unknown']) ? 1 : 0;
<?php //NumTorrents is actually the number of things in the collage, the name just isn't generic. authorize(); include SERVER_ROOT . '/classes/validate.class.php'; $Val = new VALIDATE(); function add_artist($CollageID, $ArtistID) { global $Cache, $LoggedUser, $DB; $DB->query("\n\t\tSELECT MAX(Sort)\n\t\tFROM collages_artists\n\t\tWHERE CollageID = '{$CollageID}'"); list($Sort) = $DB->next_record(); $Sort += 10; $DB->query("\n\t\tSELECT ArtistID\n\t\tFROM collages_artists\n\t\tWHERE CollageID = '{$CollageID}'\n\t\t\tAND ArtistID = '{$ArtistID}'"); if (!$DB->has_results()) { $DB->query("\n\t\t\tINSERT IGNORE INTO collages_artists\n\t\t\t\t(CollageID, ArtistID, UserID, Sort, AddedOn)\n\t\t\tVALUES\n\t\t\t\t('{$CollageID}', '{$ArtistID}', '{$LoggedUser['ID']}', '{$Sort}', '" . sqltime() . "')"); $DB->query("\n\t\t\tUPDATE collages\n\t\t\tSET NumTorrents = NumTorrents + 1, Updated = '" . sqltime() . "'\n\t\t\tWHERE ID = '{$CollageID}'"); $Cache->delete_value("collage_{$CollageID}"); $Cache->delete_value("artists_collages_{$ArtistID}"); $Cache->delete_value("artists_collages_personal_{$ArtistID}"); $DB->query("\n\t\t\tSELECT UserID\n\t\t\tFROM users_collage_subs\n\t\t\tWHERE CollageID = {$CollageID}"); while (list($CacheUserID) = $DB->next_record()) { $Cache->delete_value("collage_subs_user_new_{$CacheUserID}"); } } } $CollageID = $_POST['collageid']; if (!is_number($CollageID)) { error(404); } $DB->query("\n\tSELECT UserID, CategoryID, Locked, NumTorrents, MaxGroups, MaxGroupsPerUser\n\tFROM collages\n\tWHERE ID = '{$CollageID}'"); list($UserID, $CategoryID, $Locked, $NumTorrents, $MaxGroups, $MaxGroupsPerUser) = $DB->next_record();
<?php /* if (isset($LoggedUser)) { //Silly user, what are you doing here! header('Location: index.php'); die(); } */ include SERVER_ROOT . '/classes/validate.class.php'; $Val = new VALIDATE(); if (!empty($_REQUEST['confirm'])) { // Confirm registration $DB->query("\n\t\tSELECT ID\n\t\tFROM users_main\n\t\tWHERE torrent_pass = '******'confirm']) . "'\n\t\t\tAND Enabled = '0'"); list($UserID) = $DB->next_record(); if ($UserID) { $DB->query("\n\t\t\tUPDATE users_main\n\t\t\tSET Enabled = '1'\n\t\t\tWHERE ID = '{$UserID}'"); $Cache->increment('stats_user_count'); include 'step2.php'; } } elseif (OPEN_REGISTRATION || !empty($_REQUEST['invite'])) { $Val->SetFields('username', true, 'regex', 'You did not enter a valid username.', array('regex' => USERNAME_REGEX)); $Val->SetFields('email', true, 'email', 'You did not enter a valid email address.'); $Val->SetFields('password', true, 'regex', 'A strong password is 8 characters or longer, contains at least 1 lowercase and uppercase letter, and contains at least a number or symbol, or is 20 characters or longer', array('regex' => '/(?=^.{8,}$)(?=.*[^a-zA-Z])(?=.*[A-Z])(?=.*[a-z]).*$|.{20,}/')); $Val->SetFields('confirm_password', true, 'compare', 'Your passwords do not match.', array('comparefield' => 'password')); $Val->SetFields('readrules', true, 'checkbox', 'You did not select the box that says you will read the rules.'); $Val->SetFields('readwiki', true, 'checkbox', 'You did not select the box that says you will read the wiki.'); $Val->SetFields('agereq', true, 'checkbox', 'You did not select the box that says you are 13 years of age or older.'); //$Val->SetFields('captcha', true, 'string', 'You did not enter a captcha code.', array('minlength' => 6, 'maxlength' => 6)); if (!empty($_POST['submit'])) {
<? //******************************************************************************// //--------------- Take edit request --------------------------------------------// include(SERVER_ROOT.'/classes/class_validate.php'); $Validate = new VALIDATE; $RequestID = $_POST['requestid']; if(!is_number($RequestID)) { error(0); } $P = db_array($_POST); //----- Validate $Validate->SetFields('artist', '0','string','The artist name must be between 2 and 100 characters.',array('maxlength'=>100, 'minlength'=>2)); $Validate->SetFields('name', '0','string','The title must be between 2 and 255 characters.',array('maxlength'=>255, 'minlength'=>2)); $Validate->SetFields('description', '1','string','You must enter a description.',array('maxlength'=>10000, 'minlength'=>2)); $Validate->SetFields('tags', '1','string','You must enter at least one tag.',array('maxlength'=>255, 'minlength'=>2)); $Err=$Validate->ValidateForm($_POST); // Validate the form if($Err) { $_SESSION['Error'] = $Err; $_SESSION['data'] = $_POST; header('Location: '.$_SERVER['HTTP_REFERER']); die(); } else { $DB->query("SELECT UserID, TimeAdded FROM requests WHERE ID='$RequestID'");
<?php authorize(); include SERVER_ROOT . '/classes/validate.class.php'; $Val = new VALIDATE(); function add_torrent($CollageID, $GroupID) { global $Cache, $LoggedUser, $DB; $DB->query("\n\t\tSELECT MAX(Sort)\n\t\tFROM collages_torrents\n\t\tWHERE CollageID = '{$CollageID}'"); list($Sort) = $DB->next_record(); $Sort += 10; $DB->query("\n\t\tSELECT GroupID\n\t\tFROM collages_torrents\n\t\tWHERE CollageID = '{$CollageID}'\n\t\t\tAND GroupID = '{$GroupID}'"); if (!$DB->has_results()) { $DB->query("\n\t\t\tINSERT IGNORE INTO collages_torrents\n\t\t\t\t(CollageID, GroupID, UserID, Sort, AddedOn)\n\t\t\tVALUES\n\t\t\t\t('{$CollageID}', '{$GroupID}', '{$LoggedUser['ID']}', '{$Sort}', '" . sqltime() . "')"); $DB->query("\n\t\t\tUPDATE collages\n\t\t\tSET NumTorrents = NumTorrents + 1, Updated = '" . sqltime() . "'\n\t\t\tWHERE ID = '{$CollageID}'"); $Cache->delete_value("collage_{$CollageID}"); $Cache->delete_value("torrents_details_{$GroupID}"); $Cache->delete_value("torrent_collages_{$GroupID}"); $Cache->delete_value("torrent_collages_personal_{$GroupID}"); $DB->query("\n\t\t\tSELECT UserID\n\t\t\tFROM users_collage_subs\n\t\t\tWHERE CollageID = {$CollageID}"); while (list($CacheUserID) = $DB->next_record()) { $Cache->delete_value("collage_subs_user_new_{$CacheUserID}"); } } } $CollageID = $_POST['collageid']; if (!is_number($CollageID)) { error(404); } $DB->query("\n\tSELECT UserID, CategoryID, Locked, NumTorrents, MaxGroups, MaxGroupsPerUser\n\tFROM collages\n\tWHERE ID = '{$CollageID}'"); list($UserID, $CategoryID, $Locked, $NumTorrents, $MaxGroups, $MaxGroupsPerUser) = $DB->next_record();
<?php //******************************************************************************// //--------------- Take mass PM -------------------------------------------------// // This pages handles the backend of the 'Send Mass PM' function. It checks // // the data, and if it all validates, it sends a PM to everyone who snatched // // the torrent. // //******************************************************************************// authorize(); enforce_login(); require SERVER_ROOT . '/classes/validate.class.php'; $Validate = new VALIDATE(); $TorrentID = (int) $_POST['torrentid']; $GroupID = (int) $_POST['groupid']; $Subject = $_POST['subject']; $Message = $_POST['message']; //******************************************************************************// //--------------- Validate data in edit form -----------------------------------// // FIXME: Still need a better perm name if (!check_perms('site_moderate_requests')) { error(403); } $Validate->SetFields('torrentid', '1', 'number', 'Invalid torrent ID.', array('maxlength' => 1000000000, 'minlength' => 1)); // we shouldn't have torrent IDs higher than a billion $Validate->SetFields('groupid', '1', 'number', 'Invalid group ID.', array('maxlength' => 1000000000, 'minlength' => 1)); // we shouldn't have group IDs higher than a billion either $Validate->SetFields('subject', '0', 'string', 'Invalid subject.', array('maxlength' => 1000, 'minlength' => 1)); $Validate->SetFields('message', '0', 'string', 'Invalid message.', array('maxlength' => 10000, 'minlength' => 1)); $Err = $Validate->ValidateForm($_POST); // Validate the form if ($Err) {
<? //******************************************************************************// //--------------- Fill a request -----------------------------------------------// $RequestID = $_POST['requestid']; if(!is_number($RequestID)) { error(0); } $URL = trim($_POST['url']); include(SERVER_ROOT.'/classes/class_validate.php'); $Validate = new VALIDATE; // Make sure the URL they entered is on our site, and is a link to a torrent $URLRegex = '/^https?:\/\/(www\.|ssl\.)?'.NONSSL_SITE_URL.'\/torrents\.php\?id=([0-9]+)/i'; $Validate->SetFields('url', '1','regex','The URL must be a link to a torrent on the site.',array('regex'=>$URLRegex)); $Err=$Validate->ValidateForm($_POST); // Validate the form if($Err) { // if something didn't validate $_SESSION['Error'] = $Err; header('Location: requests.php?action=viewrequest&id='.$RequestID); exit; } // Get torrent ID $URLRegex = '/torrents\.php\?id=([0-9]+)/i'; preg_match($URLRegex, $URL, $Matches); $TorrentID=$Matches[1]; if(!$TorrentID || (int)$TorrentID == 0){ error(404); } $DB->query("SELECT ID, Time FROM torrents_group WHERE ID='$TorrentID'"); list($GroupID, $FillTime) = $DB->next_record();