/** * send mail */ function _sendmail($cp) { //$mail->SMTPDebug = 3; // Enable verbose debug output $to = $cp->email_domain ? $cp->email_domain : ADMIN_EMAIL; $res = send_mail1($to, _post('subject'), _post('body')); ajax_output(strip_tags($res)); }
function saveBanner() { $banID = _post("banID"); $url = _post("url"); $link = _post("link"); $text = _post("text"); $param = _post("param"); $isactive = _post("isactive"); $fParts = split("\\.", $url); //echo '<hr><pre>'; print_r($fParts);echo '</pre><hr>'; if (count($fParts) == 1) { $type = $fParts[0]; } else { $type = $fParts[1]; } if (!$banID) { $query = "INSERT INTO pm_banners (`url`, `type`, `link`,`text` ,`param`, `isactive`) \n\t\t\tVALUES ('" . $url . "', '" . $type . "', '" . $link . "', '" . $text . "', '" . $param . "', '" . $isactive . "')\n\t\t\t"; } else { $query = "UPDATE pm_banners SET \n\t\t\t\t`url` = '" . $url . "',\n\t\t\t\t`type` = '" . $type . "',\n\t\t\t\t`link` = '" . $link . "',\n\t\t\t\t`text` = '" . $text . "',\n\t\t\t\t`isactive` = '" . $isactive . "',\n\t\t\t\t`param` = '" . $param . "'\n\t\t\tWHERE banID = '" . $banID . "'"; } //echo $query; if (!mysql_query($query)) { trigger_error("Error while updating banner [{$query}] - " . mysql_error(), PM_FATAL); } header("Location: /admin?cmd=banner"); }
function saveVote() { $qID = _post("qID"); $Question = _post("Question"); $Ans1 = _post("Ans1"); $Ans2 = _post("Ans2"); $Ans3 = _post("Ans3"); $Ans4 = _post("Ans4"); $Ans5 = _post("Ans5"); $Ans6 = _post("Ans6"); $Ans7 = _post("Ans7"); $Ans8 = _post("Ans8"); $Ans9 = _post("Ans9"); $Ans10 = _post("Ans10"); $isactive = _post("isactive"); $isdefault = _post("isdefault"); if (!$qID) { $query = "INSERT INTO pm_vote (`Question`, `Ans1`, `Ans2`, `Ans3`, `Ans4`, `Ans5`, `Ans6`, `Ans7`, `Ans8`, `Ans9`, `Ans10`, `isdefault`, `isactive`) \n\t\t\tVALUES ('" . $Question . "', '" . $Ans1 . "', '" . $Ans2 . "', '" . $Ans3 . "', '" . $Ans4 . "', '" . $Ans5 . "', '" . $Ans6 . "', '" . $Ans7 . "', '" . $Ans8 . "', '" . $Ans9 . "', '" . $Ans10 . "', '" . $isdefault . "', '" . $isactive . "')\n\t\t\t"; } else { $query = "UPDATE pm_vote SET \n\t\t\t\t`Question` = '" . $Question . "',\n\t\t\t\t`Ans1` = '" . $Ans1 . "',\n\t\t\t\t`Ans2` = '" . $Ans2 . "',\n\t\t\t\t`Ans3` = '" . $Ans3 . "',\n\t\t\t\t`Ans4` = '" . $Ans4 . "',\n\t\t\t\t`Ans5` = '" . $Ans5 . "',\n\t\t\t\t`Ans6` = '" . $Ans6 . "',\n\t\t\t\t`Ans7` = '" . $Ans7 . "',\n\t\t\t\t`Ans8` = '" . $Ans8 . "',\n\t\t\t\t`Ans9` = '" . $Ans9 . "',\n\t\t\t\t`Ans10` = '" . $Ans10 . "',\n\t\t\t\t`isdefault` = '" . $isdefault . "',\n\t\t\t\t`isactive` = '" . $isactive . "'\n\t\t\tWHERE qID = '" . $qID . "'"; } //echo $query; if (!mysql_query($query)) { trigger_error("Error while updating vote [{$query}] - " . mysql_error(), PM_FATAL); } header("Location: /admin?cmd=vote"); }
function updateFromRequest() { parent::updateFromRequest(); $category = _post("fld_category"); $categoryLbl = _post("fld_category_lbl"); $item = _post("fld_item"); $itemLbl = _post("fld_item_lbl"); $completed = _post("fld_completed"); $frequency = _post("fld_frequency"); $frequencyComparator = _post("fld_frequency_comparator"); $this->completed = $completed == 'yes'; $this->frequency = $frequency; $this->frequencyComparator = $frequencyComparator; // update labels // xxx todo abstract this out to a manager (which may or may not defer to core options handling code)! // xxx this belongs more in the rule manager $dbLbl = getLabel($category, 'rule_action_category'); if ($category && $dbLbl != $categoryLbl) { // update sqlStatement("UPDATE list_options SET title = ? WHERE list_id = 'rule_action_category' AND option_id = ?", array($categoryLbl, $category)); } $dbLbl = getLabel($item, 'rule_action'); if ($item && $dbLbl != $itemLbl) { // update sqlStatement("UPDATE list_options SET title = ? WHERE list_id = 'rule_action' AND option_id = ?", array($itemLbl, $item)); } $this->category = $category; $this->item = $item; $this->itemLbl = $itemLbl; $this->categoryLbl = $categoryLbl; }
/** * Return all post parameters or a single post parameter. * * @param string|null $param * Parameter name to retrieve, or null to get all. * @param mixed $default * Default value to use when the parameter is missing. * @return mixed */ public function fromPost($param = null, $default = null) { $result = _post($param); if (null === $result && null !== $default) { $result = $default; } return $result; /* if (null === $this->postParams) { $request = $this->getController()->getRequest(); if ($request->getHeaders('accept')->match('application/json')) { $content = $request->getContent(); $this->postParams = json_decode($content, true); } else { $this->postParams = parent::fromPost(null, $default); } } if ($param === null) { return $this->postParams; } else { return isset($this->postParams[$param]) ? $this->postParams[$param] : $default; } */ }
function authenticate() { $q = "SELECT userID FROM pm_users WHERE login=\"" . mysql_escape_string(_post('login')) . "\" AND Password = \"" . mysql_escape_string(md5(_post('psw'))) . "\" AND uDeleted=0 AND isUserGroup=0"; $qr = mysql_query($q); if (!$qr) { trigger_error("Invaild query while reading user info - " . mysql_error(), PM_FATAL); } $count = mysql_num_rows($qr); if ($count == 1) { list($userID) = mysql_fetch_row($qr); if ($userID) { // trigger_error("Auth userID: $userID", PM_WARNING); $sessionID = _cookie("sessionID"); // trigger_error("Auth sessionID: $sessionID", PM_WARNING); if (!$sessionID) { $sessionID = $this->generateSessionID(); } setcookie("sessionID", $sessionID, time() + 30 * 24 * 60 * 60, "/"); //expire in a month mysql_query("REPLACE INTO pm_sessions (sessionID, userID, CreateTime) VALUES(\"{$sessionID}\", {$userID}, NOW())"); mysql_query("UPDATE pm_users SET LoginDate=NOW() WHERE userID={$userID}"); $this->userID = $userID; return true; } } return false; }
function updateFromRequest() { parent::updateFromRequest(); $age = _post("fld_value"); $timeUnit = TimeUnit::from(_post("fld_timeunit")); $this->value = $age; $this->timeUnit = $timeUnit; }
function updateFromRequest() { parent::updateFromRequest(); $value = _post("fld_value"); $exploded = explode(" ", $value); $diagInfo = explode(":", $exploded[0]); $this->codeType = $diagInfo[0]; $this->id = $diagInfo[1]; }
function edit_teacher_POST($id) { $description = _post('description'); $teacher = new Teacher($id); if ($description) { $teacher->update('description', $description); } redirect("teacher/{$id}/edit"); }
/** * Check view and edit permissions. * * @param $op * The type of operation. Either 'view' or 'edit'. */ function have_access($op) { global $user; $db = DBConnection::instance(); $field_id = (int) _post('fid'); if (!$field_id) { $field_id = (int) _get('fid'); } $field = (object) $db->dq("SELECT entity_id, entity_type, delta FROM {mytinytodo_fields} WHERE id = ?", $field_id)->fetch_assoc(); $field_info = field_info_field_by_id($field->delta); if ($field->entity_type == 'node') { if (!($node = node_load($field->entity_id))) { return false; } $node_access = $op == 'edit' ? 'update' : $op; if (node_access($node_access, $node, $user) && field_access($op, $field_info, $field->entity_type, $node, $user)) { return true; } } else { if ($field->entity_type == 'user') { if (!($account = user_load($field->entity_id))) { return false; } if (field_access($op, $field_info, $field->entity_type, $account, $user)) { return true; } } else { if ($field->entity_type == 'comment') { if (!($comment = comment_load($field->entity_id))) { return false; } if ($op == 'view' && !user_access('access comments')) { return false; } else { if ($op == 'edit' && !comment_access($op, $comment)) { return false; } } if (field_access($op, $field_info, $field->entity_type, $comment, $user)) { return true; } } else { if (module_exists('entity')) { if (!($entity = entity_load($field_id))) { return false; } $entity_access = $op == 'edit' ? 'update' : $op; if (entity_access($entity_access, $field->entity_type, $entity, $user) && field_access($op, $field_info, $field->entity_type, $entity, $user)) { return true; } } } } } return false; }
function updateFromRequest() { parent::updateFromRequest(); $this->table = _post("fld_table"); $this->column = _post("fld_column"); $this->value = _post("fld_value"); $this->valueComparator = _post("fld_value_comparator"); $this->frequency = _post("fld_frequency"); $this->frequencyComparator = _post("fld_frequency_comparator"); }
private function _check_csrf() { if (!_is_post()) { return; } if (_post('form_key') !== Session::form_key()) { Log::write(chr(27) . '[41m' . chr(27) . '[37m** POSSIBLE CSRF **' . chr(27) . '[0m'); Errors::show_404(); } }
public static function acc_number() { $zones = _post('zones'); $routes = _post('routes'); $category = _post('category'); $array = array($zones, $routes, $category); //$acc_no = implode( $array); $acc_no = var_dump(implode('Ksm', array())); // The modified acc_no. return $acc_no; }
function updateFromRequest() { parent::updateFromRequest(); $age = _post("fld_value"); $timeUnit = TimeUnit::from(_post("fld_timeunit")); if ($timeUnit == null) { $timeUnit = TimeUnit::from(_post("fld_target_interval_type")); } $this->value = $age; $this->timeUnit = $timeUnit; }
function add_course_POST() { $name = _post('name'); $teacher = _post('teacher'); $description = _post('description'); if ($name && $teacher) { $course = Course::create(compact('name', 'teacher', 'description')); redirect('course/' . $course->id); } else { show_form(); } }
function add_teacher_POST() { $name = _post('name'); $gender = _post('gender'); $description = _post('description'); if ($name && $gender) { $teacher = Teacher::create(compact('name', 'gender', 'description')); redirect('teacher/' . $teacher->id); } else { show_form(); } }
function login_POST() { $username = _post('username'); $password = _post('password'); if ($user = User::check($username, $password)) { $user->login(); $back_url = _get('back_url') ?: DEFAULT_LOGIN_REDIRECT_URL; redirect($back_url); } else { $GLOBALS['msg'] = $GLOBALS['config']['error']['info']['USERNAME_OR_PASSWORD_INCORRECT']; } }
function my_POST() { $user = $GLOBALS['user']; $name = _post('name'); if ($name) { $user->update('name', $name); } $newPass = _post('newPass'); if ($newPass) { $user->update('name', $newPass); } redirect('my'); }
function register_POST() { $username = _post('username'); $password = _post('password'); $gender = _post('gender'); $school = _post('school'); $year = _post('year'); if ($username && $password && $gender && $school && $year) { $user = User::create(compact('username', 'password', 'gender', 'school', 'year')); $user->login(); redirect(); } }
/** * @author ryan <*****@*****.**> */ function discuss_comment($comment) { if (!$GLOBALS['has_login']) { exit; } $comment = new Comment($comment); $content = _post('content'); if ($content) { $comment->discuss($content, $GLOBALS['user']); $teacherId = $comment->teacher; redirect("teacher/{$teacherId}/comment/{$comment->id}"); } }
function updateFromRequest() { parent::updateFromRequest(); $lifestyle = _post("fld_lifestyle"); $value = _post("fld_value"); $matchType = _post("fld_value_type"); $this->type = $lifestyle; if ($matchType == "any") { $this->matchValue = null; } else { $this->matchValue = $value; } }
/** * @author ryan <*****@*****.**> */ function comment_action($type, $id) { if (!$GLOBALS['has_login']) { return; } $title = _post('title'); $content = _post('content'); if ($title && $content) { $user = $GLOBALS['user']; $o = new $type($id); $o->comment($title, $content, $user); } $t = camel2under($type); redirect("{$t}/{$id}"); }
function comment_add_POST($teacher, $comment) { if (!$GLOBALS['has_login']) { return; } $comment = new Comment($comment); if ($GLOBALS['user']->id != $comment->user) { return; } $content = _post('content'); if (!$content) { return; } $comment->addContent($content); redirect("teacher/{$teacher}/comment/{$comment->id}"); }
/** * Sanitize input values from POST * @param mixed $post The value or The array of values being sanitized. * @return mixed the cleaned value */ function _post($post) { if (is_array($post)) { foreach ($post as $name => $value) { if (is_array($value)) { $post[$name] = _post($value); } else { $value = stripslashes($value); $value = _sanitize($value); $post[$name] = $value; } } } else { $value = stripslashes($post); $value = _sanitize($value); return $value; } return $post; }
function getContent($args) { $aID = _post("vote"); $qID = _post("qID"); $cmd = _post("cmd"); $res = ""; switch ($cmd) { case "vote": if (!$this->checkIfUserVoted($qID)) { $this->makeVote($qID, $aID); $res .= "<div class=\"podbor\"><p><strong>Внимание!</strong></p>\n\t\t\t\t\t\t\t\t<p>Вы не можете голосовать больше одного раза</p></div>\n\t\t\t\t\t\t\t\t"; } else { $res .= "<div class=\"podbor\"><p><strong>Внимание!</strong></p>\n\t\t\t\t\t\t\t\t<p>Спасибо. Ваш голос учтен</p></div>"; } break; } $res .= $this->getResults($args); return $res; }
public function testPOST() { $input = 'Hello World'; $this->assertEqual(_post($input), 'Hello World'); $input = array('str' => 'Hello World'); $this->assertEqual(_post($input), array('str' => 'Hello World')); $input = 'Hello <a href="javascript:alert(\'xss\');">World</a>'; $this->assertEqual(_post($input), 'Hello <a href="javascript:alert(\'xss\');">World</a>'); $input = array('str' => 'Hello World', 'xss' => 'Hello <a href="javascript:alert(\'xss\');">World</a>'); $this->assertEqual(_post($input), array('str' => 'Hello World', 'xss' => 'Hello <a href="javascript:alert(\'xss\');">World</a>')); $input = '<IMG SRC=javascript:alert("XSS")>'; $this->assertEqual(_post($input), '<IMG SRC=javascript:alert("XSS")>'); $input = '"Double quotes"'; $this->assertEqual(_post($input), '"Double quotes"'); $input = "'Single quotes'"; $this->assertEqual(_post($input), "'Single quotes'"); $input = "'Single quotes' & \"Double quotes\""; $this->assertEqual(_post($input), "'Single quotes' & \"Double quotes\""); $input = "<b>Wörmann</b>"; $this->assertEqual(_post($input), '<b>Wörmann</b>'); }
/** * Write a timeline log * * Log array: * - uid * - message * - timeline * - module * - link * - time * - app_key * * @return bool */ public function insertAction() { $result = array('status' => 0, 'message' => __('Timeline post failed.')); $uid = (int) _post('uid'); $timeline = _post('timeline'); $title = _post('title'); $message = _post('message'); $time = (int) _post('time') ?: time(); $link = _post('link'); $appKey = _post('app_key'); $module = _post('module'); if (!$uid || !$timeline || !$message) { return $result; } // Check timeline $rowset = $this->getModel('timeline')->find($timeline, 'name'); if (!$rowset && !$appKey) { return $result; // Register timeline meta if not exist } elseif (!$rowset && $appKey) { $data = array('name' => $timeline, 'module' => $module, 'title' => $title ?: $timeline, 'app_key' => $appKey, 'active' => 1); // Insert timeline meta $row = $this->getModel('timeline')->createRow($data); $row->save(); if (!$row->id) { return $result; } } // Add timeline log $log = compact('uid', 'timeline', 'message', 'time', 'link'); $stauts = Pi::api('timeline', 'user')->add($log); if ($stauts) { $result['status'] = 1; $result['message'] = __('Timeline added successfully.'); } return $result; }
public function login() { $this->layout = 'blank'; $user = new User(_post('user')); $user->refine(); if (!$user->validate_login()) { $this->flash->add('message_error', $user->errors->get_messages()); $this->back(); } $remember_me = is_blank(_post('remember_me')) ? false : true; $user->login($remember_me); $return_url = _get('return_url'); if (empty($return_url)) { $return_url = '/'; } $this->redirect_to($return_url); }
if ($by_post) { $labor_expense = _post('labor_expense'); $wear_tear = _post('wear_tear'); $st_expense = _post('st_expense'); $st_price = _post('st_price'); $weight_ratio = _post('weight_ratio'); Setting::set(compact('labor_expense', 'wear_tear', 'st_expense', 'st_price', 'weight_ratio')); redirect('setting'); // refresh } break; case 'password': if ($by_post) { $password = _post('password'); $new_password = _post('new_password'); $re_password = _post('re_password'); if (empty($password)) { $msg = $ERROR_INFO['PASSWORD_EMPTY']; } elseif (!$user->checkPassword($password)) { $msg = $ERROR_INFO['PASSWORD_INCORRECT']; } elseif (empty($new_password)) { $msg = $ERROR_INFO['NEW_PASSWORD_EMPTY']; } elseif ($new_password !== $re_password) { $msg = $ERROR_INFO['PASSWORD_NOT_SAME']; } else { $user->changePassword($new_password); redirect(); } } break; default:
</div> <div class="row"> <div class="col-md-5"> <h3>Caraceristici</h3> <hr> <div class="alert alert-info"><strong>Info!</strong> Introduceti cate o caracteristica pe linie.</div> <textarea class="form-control" name="produs_caracteristici" style="height:200px;" placeholder="Introduceti cate o caracteristica pe linie."><?php _post("produs_caracteristici"); ?> </textarea> </div> <div class="col-md-7"> <h3>Descriere</h3> <hr> <textarea name="produs_descriere" class="editor"><?php _post("produs_descriere"); ?> </textarea> </div> </div> <hr> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <button type="submit" class="btn btn-primary" name="add_produs_btn"><i class="fa fa-plus"></i> Adauga produs</button> </div> </div> </form> <?php TPL::thing('footer', 'text', function () {