Esempio n. 1
0
function searchQueryValues(&$query, $wine_name, $winery_name, $region_name, $grape_variety, $minCost, $maxCost, $minInputYear, $maxInputYear, $minStock, $minOrdered)
{
    $valueArray = array();
    $queryString = '';
    if (checkInput($wine_name)) {
        $wineName = "%{$wine_name}%";
        $queryString .= ' WHERE (wine.wine_name LIKE :wine_name)';
        $valueArray[':wine_name'] = $wineName;
    }
    if (checkInput($winery_name)) {
        $wineryName = "%{$winery_name}%";
        $queryString .= ' AND (winery.winery_name LIKE :winery_name)';
        $valueArray[':winery_name'] = $wineryName;
    }
    if (checkInput($region_name)) {
        $queryString .= ' AND (region.region_name = :region_name)';
        $valueArray[':region_name'] = $region_name;
    }
    if (checkInput($grape_variety)) {
        $queryString .= ' AND (grape_variety.variety = :grape_variety)';
        $valueArray[':grape_variety'] = $grape_variety;
    }
    /*this will calculate varying cost inquiries whether choosing a maximum
      or a minimum, a range between the max and min or a specific price
      When the cost is calculated, the $queryString and the $valueArray will
      be updated */
    returnCostOfWine($minCost, $maxCost, $queryString, $valueArray);
    returnYearOfWine($minInputYear, $maxInputYear, $queryString, $valueArray);
    returnWineInStock($minStock, $queryString, $valueArray);
    returnWinesOrdered($minOrdered, $queryString, $valueArray);
    $query .= $queryString;
    return $valueArray;
}
Esempio n. 2
0
/**
 * Get the closest two values inside array
 * @param  [Array] $array [Array input]
 * @return [Array]        [Array output]
 */
function closest($array)
{
    $arraySize = count($array);
    if (!checkInput($array, $arraySize)) {
        return "error";
    }
    sort($array);
    $result = getClosestPair($array, $arraySize);
    return [$result[1], $result[2]];
}
Esempio n. 3
0
<?php

require_once "../utils.php";
$state = check_connected();
header("Content-type:text/plain");
// User is connected
if ($state) {
    // User has bought the option
    if (checkOptions("scenario")) {
        /*
         * Check users inputs
         * Good practices against hackers !
         * Belt and shoulder strap :)
         *
         */
        $scenario = checkInput("post", "scenario", "/^.+\$/");
        //Good input
        if ($scenario != false) {
            /*
             * SQL Query
             *
             */
            $scenario = json_decode($scenario);
            $scenario_content = json_encode($scenario->{'content'});
            $sql = "INSERT INTO `webapp_scenarios` (\n\t\t\t\t\t\t`scenario_id`,\n\t\t\t\t\t\t`scenario_datetime`,\n\t\t\t\t\t\t`scenario_name`,\n\t\t\t\t\t\t`scenario_json`,\n\t\t\t\t\t\t`user_id`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\tNULL,\n\t\t\t\t\t\t'" . $scenario->{'datetime'} . "',\n\t\t\t\t\t\t'" . $scenario->{'name'} . "',\n\t\t\t\t\t\t'" . $scenario_content . "',\n\t\t\t\t\t\t'" . $_SESSION["user"]["id"] . "'\n\t\t\t\t\t);";
            /*
             * Exec query, transform the result in json and close the database
             *
             */
            //If there is an sql query
            if ($sql) {
Esempio n. 4
0
    return $day;
}
function toAmiFormat($euroDate, $year)
{
    $euroFormat = DateTime::createFromFormat("d.m.Y", $euroDate . $year);
    $amiFormat = $euroFormat->format("Y-m-d");
    return $amiFormat;
}
$dayArray = input();
$weekArray = [];
$startDay = $_GET["startDay"];
$endDay = $_GET["endDay"];
$statistic = $_GET["statistic"];
$year = $_GET["year"];
$startDay = checkInput($startDay);
$endDay = checkInput($endDay);
if (!($startDay == false) && !($endDay == false)) {
    $startDayAmi = toAmiFormat($startDay, $year);
    $endDayAmi = toAmiFormat($endDay, $year);
    $dayArrayAmi = toAmiFormat($dayArray[0][0], $year);
    $endDayArrayAmi = toAmiFormat($dayArray[0][count($dayArray[0]) - 1], $year);
    if (strtotime($startDayAmi) < strtotime($dayArrayAmi)) {
        $startDay = $dayArray[0][0];
    }
    if (strtotime($startDayAmi) > strtotime($endDayArrayAmi)) {
        $startDay = $dayArray[0][0];
    }
    if (strtotime($endDayAmi) > strtotime($endDayArrayAmi)) {
        $endDay = $dayArray[0][count($dayArray[0]) - 1];
    }
    if (strtotime($startDayAmi) > strtotime($endDayAmi)) {
Esempio n. 5
0
<?php

session_start();
require '/home/ryo/dev/4webcr8r/libs/functions.php';
// 画像認証ライブラリー
$cryptinstall = '/crypt/cryptographp.fct.php';
require $cryptinstall;
$_POST = checkInput($_POST);
// 固定トークンを確認
if (isset($_POST['ticket'], $_SESSION['ticket'])) {
    $ticket = $_POST['ticket'];
    if ($ticket !== $_SESSION['ticket']) {
        die('不正アクセスの疑いがあります');
    }
} else {
    die('不正アクセスの疑いがあります');
}
$name = isset($_POST['name']) ? $_POST['name'] : NULL;
$email = isset($_POST['email']) ? $_POST['email'] : NULL;
$subject = isset($_POST['subject']) ? $_POST['subject'] : NULL;
$body = isset($_POST['body']) ? $_POST['body'] : NULL;
$code = isset($_POST['code']) ? $_POST['code'] : NULL;
$name = trim($name);
$email = trim($email);
$subject = trim($subject);
$body = trim($body);
$code = trim($code);
$error = array();
if ($name == '') {
    $error[] = 'お名前欄は必須項目です';
} else {
			$_SESSION['notification'][] =	'Er ging iets mis: ' . $e->getMessage();
		}
}

function checkInput(){
	if($_POST['email'] !== '' && $_POST['paswoord'] !== '' && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
		return true;
	} else {
		//$_SESSION['notification'][] = 'Foute invoer';
		return false;
	}
}

if(isset($_POST["registreer"])){
		// controleer geldigheid e-mailadres en of velden zijn ingevuld
		if(!checkInput()){
			$_SESSION['notification'][] = 'Foute invoer';
			header('Location: registratie-form.php');
			break; //  vervangen door een Throw exception??
		} 

		// check of ingevuld email bestaat:
		if(!checkEmailExists($_POST['email'])){

			 $_SESSION['email'] = $_POST['email'];
			 $_SESSION['paswoord'] = $_POST['paswoord'];

			 $ingevoerdPaswoord = $_SESSION['paswoord'];
			 $ingevoerdEmail = $_SESSION['email'];
			 $salt = generateSalt();
			 $HashedSaltPlusPaswoord = hash('SHA512', $ingevoerdPaswoord . $salt);
Esempio n. 7
0
$smarty->compile_dir = 'templates_c';
session_start();
$userName = filter_input(INPUT_POST, 'userName');
$password = filter_input(INPUT_POST, 'password');
$userError = "";
try {
    //connect
    $db = new PDO(PDO_DSN, DB_USER, DB_PASS);
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $stmt = $db->query("SELECT * FROM users");
    $users = $stmt->fetchAll(PDO::FETCH_CLASS);
    foreach ($users as $user) {
        if ($user->name == $userName && $user->password == $password) {
            $userError = "ログインできました。";
            $_SESSION["userName"] = $userName;
            header('Location:index.php');
            break;
        }
        if ($user == end($users)) {
            if (isset($userName) && isset($password)) {
                $userError = "ログインに失敗しました";
            }
        }
    }
} catch (PDOException $e) {
    //    echo $e -> getMessage();
}
$smarty->assign('userName', checkInput($userName));
$smarty->assign('password', checkInput($password));
$smarty->assign('userError', $userError);
$smarty->display('login.tpl');
Esempio n. 8
0
<?php

require_once "../utils.php";
//Connected or not
$state = check_connected();
//If connected
if ($state) {
    /*
     * Check users inputs
     * Good practices against hackers !
     * Belt and shoulder strap :)
     *
     */
    $mois = checkInput("get", "mois", "/^[0-9]{1,2}+\$/");
    /*
     * SQL Query
     *
     */
    //Init
    $sql = false;
    //Check by type
    if ($mois != false) {
        $sql = "SELECT `ca`, `benef`\n\t\t\t\tFROM demo_exemple\n\t\t\t\tWHERE `mois`=" . $mois . ";";
    } else {
        echo "Bad inputs !!";
        exit;
    }
    /*
     * Exec query, transform the result in json and close the database
     *
     */
Esempio n. 9
0
                    $stmt->bindValue(':editContents', $editContents);
                    $stmt->bindValue(':editNumber', $editNumber);
                    $stmt->execute();
                    //                    print ($stmt -> rowCount());
                    //                    var_dump($stmt);
                    if ($stmt->rowCount() == 1) {
                        $editError = "";
                        header('Location:index.php');
                    } else {
                        $editError = "編集に失敗しました";
                    }
                } else {
                    $editError = "編集内容を変更していません";
                }
            } else {
                $userError = "ログインしている名前にしてください";
            }
        }
    }
} catch (PDOException $e) {
    $error = "ただいまデータベースでエラーが発生しています。";
    //    echo $e -> getMessage();
}
$smarty->assign('userName', $_SESSION["userName"]);
$smarty->assign('checkName', checkInput($userName));
$smarty->assign('checkContents', checkInput($editContents));
$smarty->assign('nowContents', $nowContents);
$smarty->assign('editNumber', $editNumber);
$smarty->assign('userError', $userError);
$smarty->assign('editError', $editError);
$smarty->display('edit.tpl');
Esempio n. 10
0
        <!-- endbuild -->

        <!-- build:js /_/js/lib/modernizr/modernizr.js -->
        <script src="/_/bower_components/modernizr/modernizr.js"></script>
        <!-- endbuild -->

<!-- build:js /_/js/respond.js -->
<!--[if lt IE 9]>
<script src="/_/bower_components/respond/respond.min.js"></script>
<![endif]-->
<!-- endbuild -->

<?php 
$loginError = false;
if (isset($_POST['loginAction'])) {
    $query = $db->query("SELECT * FROM Usuarios WHERE Nombre = '" . checkInput($_POST['username']) . "'");
    if ($query) {
        $res = $query->fetch_object();
        if (!$res == null) {
            //				if(!function_exists('password_verify'))
            //					require_once $_SERVER['DOCUMENT_ROOT'].'/lib/password.php';
            $pass = $_POST['password'];
            if (password_verify($pass, $res->Contrasena)) {
                $_SESSION['uid'] = $res->idUsuario;
                $_SESSION['username'] = $res->Nombre;
                $_SESSION['admin'] = $res->Admin;
            } else {
                $loginError = true;
            }
        } else {
            $loginError = true;
Esempio n. 11
0
     $parent = $_POST['ID'];
     redirectURI('/admin/categories.php', 'catID=' . $parent);
 } elseif ($_POST['action'] == 'edit') {
     $LOG->write('3', 'admin/addProduct.php: action=edit');
     $cat_query = DB_query("SELECT *\n\t\t\t\t\tFROM products\n\t\t\t\t\tWHERE products_id = " . $_POST['ID']);
     $cat = DB_fetchArray($cat_query);
     if (!checkInput($_POST['name'], 'string')) {
         redirectURI('/admin/addProduct.php', 'action=edit&pID=' . $_POST['ID'] . '&error=name_error');
     }
     if (!checkInput($_POST['description'], 'string')) {
         redirectURI('/admin/addProduct.php', 'action=edit&pID=' . $_POST['ID'] . '&error=desc_error');
     }
     if (!checkInput($_POST['stock'], 'int')) {
         redirectURI('/admin/addProduct.php', 'action=edit&pID=' . $_POST['ID'] . '&error=stock_error');
     }
     if (!checkInput($_POST['price'], 'price')) {
         redirectURI('/admin/addProduct.php', 'action=edit&pID=' . $_POST['ID'] . '&error=price_error');
     }
     $LOG->write('3', sizeof($_FILE));
     $image1 = $_FILES['image_small'];
     // Wenn Image-Auswahl leer bleibt, so wird altes Bild in DB behalten und nicht geleert.
     // Sonst keine Änderungen im Produkt ohne Neuauswahl des Bildes möglich.
     if ($image1['name'] != "") {
         $image_uri_1 = uploadImage($image1);
     } else {
         $image_uri_1 = $cat['image_small'];
     }
     $image2 = $_FILES['image_big'];
     if ($image2['name'] != "") {
         $image_uri_2 = uploadImage($image2);
     } else {
Esempio n. 12
0
    exit;
}
//Connected or not
$state = check_connected();
//If not connected
if (!$state) {
    /*
     * User connection
     *
     */
    //If validation of the Sign in form
    if (isset($_POST["go"])) {
        //Login & pass from form
        $login = strtolower(checkInput("post", "login", "/^[a-zA-Z0-9]{1,}\$/"));
        $password = checkInput("post", "password", "/.*/");
        $id_country = checkInput("post", "id_country", "/^[1-4]\$/");
        //If inputs are ok
        if ($login != false && $password != false && $id_country != false) {
            //Check user
            $db = connectDataBase();
            $sql = "SELECT `user_login`, `group_name` FROM `webapp_users`\n\t\t\t\t\tWHERE `user_login` = '{$login}'\n\t\t\t\t\tAND `user_pass` = SHA1('{$password}')\n\t\t\t\t\tLIMIT 1;";
            $query = $db->query($sql);
            //Ok if one result
            if ($query->rowCount() == 1) {
                //Save user information in session
                $_SESSION["user"] = getInfosFromLogin($login);
                //If account is correctly configured
                if ($_SESSION["user"] != false) {
                    //Create cookies
                    $hash = hash("sha512", "{$cookie_password} {$login}");
                    setcookie("ok", $hash, $cookie_time_to_live, "/" . $cookie_path . "/");
            if ($query) {
                echo '<script>
							alert("You has successfully changed your password. \\nPlease login to continue."); 
						</script>';
                session_unset();
                session_destroy();
                echo '<meta http-equiv="refresh" content= "0;url=http://localhost/cls/login.php" />';
            }
        } else {
            echo '<script>alert("The password you entered does not match with those in files.");</script>';
        }
    }
}
if (isset($_POST['chgEml'])) {
    $newEml = checkInput($_POST['newEml']);
    $Pwd = checkInput($_POST['Pwd']);
    $valid = checkValidity();
    if ($valid) {
        if (sha1($Pwd) == $_SESSION['user_password']) {
            $query = mysql_query("UPDATE profile SET email = '{$newEml}' WHERE user_name='{$username}';", $connect) or die(mysql_error());
            if ($query) {
                echo '<script>
							alert("You has successfully changed your email. \\nPlease login to continue."); 
						</script>';
                session_unset();
                session_destroy();
                echo '<meta http-equiv="refresh" content= "0;url=http://localhost/cls/login.php" />';
            }
        } else {
            echo '<script>alert("The password you entered does not match with those in files.");</script>';
        }
Esempio n. 14
0
<?php

session_start();
require 'conn.php';
//include "index2.php";
$target_dir = "uploads/";
$uploadOk = 1;
$uploadsuccess = "";
$uploaderror = $uploaderror1 = $uploaderror2 = $uploaderror3 = "";
//check if image file is a fake
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
    $target_file = checkInput($target_file);
    $imageFiletype = pathinfo($target_file, PATHINFO_EXTENSION);
    $userid = $_SESSION['id'];
    if (isset($_POST["submit"])) {
        $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
        if ($check !== false) {
            "File is an image -  " . $check["mime"] . " . " . "<br />";
            $uploadOk = 1;
        } else {
            $uploaderror1 = "File is not an image." . "<br />";
            $uploadOk = 0;
        }
    }
    //end of if - submit
    //check if already file exists
    if (file_exists($target_file)) {
        $uploaderror2 = "Sorry, file already exists." . "<br />";
        $uploadOk = 0;
    }
Esempio n. 15
0
<?php

require_once "../online/utils.php";
//---------------------------------------------------------------------------
//
// Update manifest --- Start
//
//---------------------------------------------------------------------------
//Signin or signout
$sign = checkInput("get", "sign", "/^in|out\$/");
if ($sign != false) {
    //Destination
    if ($sign == "in") {
        $title = "Sign in";
        $goto = "app.php";
    } else {
        $title = "Sign out";
        $goto = "../index.php";
    }
    //Error
} else {
    echo "Bad parameter!";
    exit;
}
function redirection()
{
    global $goto;
    ?>
	window.setTimeout("window.location.href = \"<?php 
    echo $goto;
    ?>
		<meta name="description" content="">
		<?php 
require "_/inc/head.php";
?>

</head>
<body>
	<?php 
require '_/inc/header.php';
?>
	<div id="PageBody">
		<?php 
if (isset($_POST['titulo'])) {
    require_once 'editarContenidoDBA.php';
} else {
    $query = $db->query("SELECT Contenido.*, GROUP_CONCAT(DISTINCT Autores.Nombre SEPARATOR ', ') AS Autores, GROUP_CONCAT(DISTINCT Generos.Nombre SEPARATOR ', ') AS Generos, GROUP_CONCAT(DISTINCT Temas.Nombre SEPARATOR ', ') AS Temas, Editorial.Nombre AS Editorial FROM Contenido\n\t\t\t\t\t\t\t\t\t\tJOIN Autores_has_Contenido ON Contenido.idContenido = Autores_has_Contenido.Contenido_idContenido\n\t\t\t\t\t\t\t\t\t\tJOIN Autores ON Autores_has_Contenido.Autores_idAutor = Autores.idAutor\n\t\t\t\t\t\t\t\t\t\tJOIN Contenido_has_Generos ON Contenido.idContenido = Contenido_has_Generos.Contenido_idContenido\n\t\t\t\t\t\t\t\t\t\tJOIN Generos ON Contenido_has_Generos.Generos_idGenero = Generos.idGenero\n\t\t\t\t\t\t\t\t\t\tJOIN Contenido_has_Temas ON Contenido.idContenido = Contenido_has_Temas.Contenido_idContenido\n\t\t\t\t\t\t\t\t\t\tJOIN Temas ON Contenido_has_Temas.Temas_idTema = Temas.idTema\n\t\t\t\t\t\t\t\t\t\tJOIN Editorial ON Contenido.Editorial_idEditorial = Editorial.idEditorial\n\t\t\t\t\t\t\t\t\tWHERE idContenido = '" . checkInput($_GET['idContenido']) . "'");
    $res = $query->fetch_object();
    ?>
		<div class="container">
			<div class="row">
				<div class="col-md-6 col-md-offset-3 text-center">
					<h1>Editar contenido</h1>
				</div>
			</div>
			<div class="row">
				<div class="col-md-6 col-md-offset-3 text-center">
					<img id="portada" src="">
				</div>
			</div>
			<form role="form" method="post" >
				<input type="hidden" name="idContenido" value="<?php 
Esempio n. 17
0
<?php

require_once "../utils.php";
$state = check_connected();
header("Content-type:text/plain");
// User is connected
if ($state) {
    // User has bought the option
    if (checkOptions("scenario")) {
        /*
         * Check users inputs
         * Good practices against hackers !
         * Belt and shoulder strap :)
         *
         */
        $id = checkInput("post", "id", "/^[0-9]+\$/");
        //Good input
        if ($id != false) {
            /*
             * SQL Query
             *
             */
            $sql = "DELETE FROM `webapp_scenarios`\n\t\t\t\t\tWHERE `scenario_id` = " . $id . "\n\t\t\t\t\tAND `user_id` = " . $_SESSION["user"]["id"] . ";";
            /*
             * Exec query, transform the result in json and close the database
             *
             */
            // If there is an sql query
            if ($sql) {
                // New PDO
                $db = connectDataBase();
Esempio n. 18
0
<?php

require_once "../utils.php";
//Connected or not
$state = check_connected();
//If connected
if ($state) {
    //If user have buy option
    if (checkOptions("password")) {
        //If validation of the form
        if (isset($_POST["password_old"])) {
            //Inputs
            $current = checkInput("post", "password_old", "/^.+\$/");
            $new1 = checkInput("post", "password_new1", "/^.+\$/");
            $new2 = checkInput("post", "password_new2", "/^.+\$/");
            //If inputs are ok
            if ($current != false && $new1 != false && $new2 != false) {
                //Check current password
                $db = connectDataBase();
                $sql = "SELECT `user_id` FROM `webapp_users`\n\t\t\t\t\t\tWHERE `user_login` = '" . $_SESSION["user"]["login"] . "'\n\t\t\t\t\t\tAND `user_pass` = SHA1('{$current}') LIMIT 1;";
                $query = $db->query($sql);
                //Ok if one result
                if ($query->rowCount() == 1) {
                    //If new passwords are equal
                    if ($new1 == $new2) {
                        //Set new password in database
                        $sql = "UPDATE `webapp_users` SET `user_pass` = SHA1('" . $new1 . "') WHERE `webapp_users`.`user_id` = " . $_SESSION["user"]["id"] . ";";
                        if ($db->query($sql)) {
                            //---------------------------------------------------------------------------
                            //
                            // Password changed --- Start
Esempio n. 19
0
if (isset($_POST['tipo4'])) {
    $whereString .= ' and o.' . checkInput($_POST['tipo4']) . ' like "%' . checkInput($_POST['texto4']) . '%"';
}
if (isset($_POST['tipo5'])) {
    $whereString .= ' and o.' . checkInput($_POST['tipo5']) . ' like "%' . checkInput($_POST['texto5']) . '%"';
}
if (isset($_POST['tipo6'])) {
    $whereString .= ' and o.' . checkInput($_POST['tipo6']) . ' like "%' . checkInput($_POST['texto6']) . '%"';
}
if ($_POST['tipo1'] == 'Todo') {
    $whereString = 'o where o.Nombre like "%' . checkInput($_POST['texto1']) . '%" or 
					o.Autores like "%' . checkInput($_POST['texto1']) . '%" or o.Tipo like "%' . checkInput($_POST['texto1']) . '%"
					or o.Editorial like "%' . checkInput($_POST['texto1']) . '%" or o.UPC like "%' . checkInput($_POST['texto1']) . '%"
					or o.Idioma like "%' . checkInput($_POST['texto1']) . '%" or o.FechaPublicacion like "%' . checkInput($_POST['texto1']) . '%"
					or o.Generos like "%' . checkInput($_POST['texto1']) . '%" or o.Temas like "%' . checkInput($_POST['texto1']) . '%"
					or o.Edades like "%' . checkInput($_POST['texto1']) . '%"';
}
$query = $db->query($string . $whereString);
while ($res = $query->fetch_object()) {
    ?>
				<tr>
					<td><img src = "<?php 
    echo $res->Portada;
    ?>
" /></td>
					<td><?php 
    echo $res->Nombre;
    ?>
</td>
					<td><?php 
    echo $res->Autores;
Esempio n. 20
0
<?php

include '../functions/valueCheck.inc';
include '../../lang/lang_de.php';
if (checkInput($_GET['input'], $_GET['constraint'])) {
    echo 'true';
} else {
    //echo $_GET['input'];
    echo $lang['admin_errmsgs'][$_GET['id']];
}
Esempio n. 21
0
<html>
<title>Umassmed lncRNA</title>
<head>
<link rel="stylesheet" type="text/css" href="css/background.css">
<link rel="stylesheet" type="text/css" href="css/data.css">

<!--AJAX library-->
<script src="http://code.jquery.com/jquery-1.7.1.min.js" type = "text/javascript"></script>

<!--HighCharts library-->
<script src="js/highcharts/highcharts.js" type = "text/javascript"></script>
<script src="js/highcharts/grid.js" type = "text/javascript"></script>
<script src="js/switch.js" type = "text/javascript"></script>
<?php 
include 'php/database.php';
if (isset($_REQUEST["geneID"]) && checkInput($_REQUEST["geneID"])) {
    $sKey = $_REQUEST["geneID"];
} else {
    header('Location: /~wespisea/search.html');
}
//Sanitize input
//Construct variables for html
$geneID = explode(".", $sKey);
$geneID = $geneID[0];
$ensemblLink = "http://ensembl.org/Multi/Search/Results?species=all;idk=;q=" . $geneID;
/*Construct data for Transcript Expression Chart*/
//Access database
$db = new lncRNA_DB();
if (!$db) {
    echo $db->lastErrorMsg();
}
    $queryEditorial = $db->query("INSERT INTO Editorial (Nombre) VALUES ('{$editorial}')");
    $editorialId = $db->insert_id;
}
$query = $db->query('UPDATE Contenido SET
	Nombre = \'' . checkInput($_POST['titulo']) . '\',
	Tipo = \'' . checkInput($_POST['tipo']) . '\',
	UPC = \'' . checkInput($_POST['upc']) . '\',
	Editorial_idEditorial = \'' . $editorialId . '\',
	Idioma = \'' . checkInput($_POST['idioma']) . '\',
	FechaPublicacion = \'' . checkInput($_POST['fechaPublicacion']) . '\',
	PublicoMeta = \'' . checkInput($_POST['edad']) . '\',
	URLPortada = \'' . checkInput($_POST['portada']) . '\',
	Grande = \'' . (isset($_POST['grande']) ? 1 : 0) . '\'
	WHERE idContenido = \'' . checkInput($_POST['idContenido']) . '\'');
if ($query) {
    $idContenido = checkInput($_POST['idContenido']);
    $db->query("DELETE FROM Autores_has_Contenido WHERE Contenido_idContenido = '{$idContenido}'");
    $db->query("DELETE FROM Contenido_has_Generos WHERE Contenido_idContenido = '{$idContenido}'");
    $db->query("DELETE FROM Contenido_has_Temas WHERE Contenido_idContenido = '{$idContenido}'");
    foreach ($autoresId as $idAutor) {
        $query = $db->query("INSERT INTO Autores_has_Contenido (Autores_idAutor, Contenido_idContenido) VALUES ('{$idAutor}', '{$idContenido}')");
    }
    foreach ($generosId as $idGenero) {
        $query = $db->query("INSERT INTO Contenido_has_Generos (Generos_idGenero, Contenido_idContenido) VALUES ('{$idGenero}', '{$idContenido}')");
    }
    foreach ($temasId as $idTema) {
        $query = $db->query("INSERT INTO Contenido_has_Temas (Temas_idTema, Contenido_idContenido) VALUES ('{$idTema}', '{$idContenido}')");
    }
    echo 'Contenido editado correctamente';
} else {
    if ($db->errno == 1062) {
    }
}
$editorial = checkInput($_POST['editorial']);
$queryEditorialExistente = $db->query("SELECT idEditorial FROM Editorial WHERE Nombre = '{$editorial}'");
if ($queryEditorialExistente->num_rows == 1) {
    $editorialId = $queryEditorialExistente->fetch_object()->idEditorial;
} else {
    $queryEditorial = $db->query("INSERT INTO Editorial (Nombre) VALUES ('{$editorial}')");
    $editorialId = $db->insert_id;
}
$query = $db->query('INSERT INTO Contenido (Nombre, Tipo, UPC, Editorial_idEditorial, Idioma, FechaPublicacion, PublicoMeta, URLPortada, Grande) VALUES(' . '\'' . checkInput($_POST['titulo']) . '\',' . '\'' . checkInput($_POST['tipo']) . '\',' . '\'' . checkInput($_POST['upc']) . '\',' . '\'' . $editorialId . '\',' . '\'' . checkInput($_POST['idioma']) . '\',' . '\'' . checkInput($_POST['fechaPublicacion']) . '\',' . '\'' . checkInput($_POST['edad']) . '\',' . '\'' . checkInput($_POST['portada']) . '\',' . '\'' . (isset($_POST['grande']) ? 1 : 0) . '\')');
if ($query) {
    $idContenido = $db->insert_id;
    foreach ($autoresId as $idAutor) {
        $query = $db->query("INSERT INTO Autores_has_Contenido (Autores_idAutor, Contenido_idContenido) VALUES ('{$idAutor}', '{$idContenido}')");
    }
    foreach ($generosId as $idGenero) {
        $query = $db->query("INSERT INTO Contenido_has_Generos (Generos_idGenero, Contenido_idContenido) VALUES ('{$idGenero}', '{$idContenido}')");
    }
    foreach ($temasId as $idTema) {
        $query = $db->query("INSERT INTO Contenido_has_Temas (Temas_idTema, Contenido_idContenido) VALUES ('{$idTema}', '{$idContenido}')");
    }
    $query = $db->query("INSERT INTO Copia SET Contenido_idContenido = '{$idContenido}'");
    echo 'Contenido agregado correctamente';
} else {
    if ($db->errno == 1062) {
        $queryLibroExistente = $db->query("SELECT idContenido, Nombre FROM Contenido WHERE UPC = '" . checkInput($_POST['upc']) . "'");
        $res = $queryLibroExistente->fetch_object();
        echo $res->Nombre . ' ya existe, ¿deseas <a href="/admin/editarContenido?idContenido=' . $res->idContenido . '">editarlo</a>?';
    }
}
Esempio n. 24
0
<?php

require_once "../utils.php";
//Connected or not
$state = check_connected();
//If connected
if ($state) {
    //If user have buy option
    if (checkOptions("scenario")) {
        /*
         * Check users inputs
         * Good practices against hackers !
         * Belt and shoulder strap :)
         *
         */
        $name = checkInput("get", "name", "/^[a-zA-Z0-9 ]+\$/");
        //Good input
        if ($name != false) {
            /*
             * SQL Query
             *
             */
            $sql = "SELECT \t`scenario_name`\n\t\t\t\t\tFROM webapp_scenarios\n\t\t\t\t\tWHERE (\n\t\t\t\t\t\tuser_id=" . $_SESSION["user"]["id"] . " AND\n\t\t\t\t\t\t`scenario_name`='" . $name . "'\n\t\t\t\t\t);";
            /*
             * Exec query, transform the result in json and close the database
             *
             */
            //If there is an sql query
            if ($sql) {
                //new PDO
                $db = connectDataBase();
Esempio n. 25
0
        $lastname = checkInput($_POST["lastname"]);
        if (!preg_match("/^[a-zA-Z]*\$/", $lastname)) {
            $errors["lastname"] = "*Only letters allowed in lastnames";
        }
    }
    if (empty($_POST["gender"])) {
        $errors["gender"] = "*Gender is required";
    } else {
        $gender = $_POST["gender"];
    }
    if (empty($_POST["email"])) {
        $errors["email"] = "*Email address is required";
    } else {
        $email = checkInput($_POST["email"]);
        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            $emailErr = "*Invalid email format";
        }
    }
    if (empty($_POST["comment"])) {
        $comment = "";
    } else {
        $comment = checkInput($_POST["comment"]);
    }
}
function checkInput($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
?>
</head>
<?php 
$idUsuario = checkInput($_GET['idUsuario']);
$queryUsuario = $db->query("SELECT * FROM Usuarios WHERE idUsuario = '{$idUsuario}'");
$res = $queryUsuario->fetch_object();
?>
<body>
	<?php 
require '_/inc/header.php';
?>
	<div id="PageBody">
		<div class="container">
			<?php 
if (isset($_POST['contrasena'])) {
    $nuevaCont = password_hash(checkInput($_POST['contrasena']), PASSWORD_DEFAULT);
    $query = $db->query("UPDATE Usuarios SET Contrasena='{$nuevaCont}' WHERE idUsuario='{$idUsuario}'");
    if ($query) {
        echo '<p>La contraseña se configuró exitosamente.</p>';
    }
} else {
    ?>
			<div class="row">
				<div class="col-md-6 col-md-offset-3 text-center">
					<h1>Cambiar contraseña a <?php 
    echo $res->Nombre;
    ?>
</h1>
				</div>
			</div>
			<form role="form" method="post" >
Esempio n. 27
0
<?php

include 'database.php';
$geneID = $_POST["geneID"];
//Search bar autocomplete for gene ID
if (isset($geneID)) {
    $matches = array();
    if (!checkInput($geneID)) {
        return;
    }
    //Connect to database
    $db = new lncRNA_DB();
    if (!$db) {
        echo $db->lastErrorMsg();
    }
    $sql = "SELECT geneID FROM TransData WHERE geneID LIKE '" . $geneID . "%'";
    $ret = $db->query($sql);
    $row = $ret->fetchArray(SQLITE_ASSOC);
    //Get first 5 search results
    for ($ctr = 0; $ctr < 5 && $row; $row = $ret->fetchArray(SQLITE_ASSOC)) {
        if (!in_array($row["geneID"], $matches)) {
            $matches[$ctr++] = $row["geneID"];
        }
    }
    $db->close();
    echo json_encode($matches);
}
$x = $_POST["x"];
$y = $_POST["y"];
//Axes change on PCA Data Chart
if (isset($x) && isset($y)) {
Esempio n. 28
0
        }
        if ($compose_new_win == '1') {
            Header("Location: {$location}/compose.php?mail_sent=yes");
        } else {
            Header("Location: {$location}/right_main.php?mailbox={$urlMailbox}" . "&startMessage={$startMessage}&mail_sent=yes");
        }
    } else {
        if ($compose_new_win == '1') {
            compose_Header($color, $mailbox);
        } else {
            displayPageHeader($color, $mailbox);
        }
        if (isset($AttachFailure)) {
            plain_error_message(_("Could not move/copy file. File not attached"), $color);
        }
        checkInput(true);
        showInputForm($session);
        /* sqimap_logout($imapConnection); */
    }
} elseif (isset($html_addr_search_done)) {
    if ($compose_new_win == '1') {
        compose_Header($color, $mailbox);
    } else {
        displayPageHeader($color, $mailbox);
    }
    if (isset($send_to_search) && is_array($send_to_search)) {
        foreach ($send_to_search as $k => $v) {
            if (substr($k, 0, 1) == 'T') {
                if ($send_to) {
                    $send_to .= ', ';
                }
Esempio n. 29
0
<?php

require '../lib.inc/init.php';
$login = strip_tags(trim($_POST['login']));
$passwd = strip_tags(trim($_POST['passwd']));
if (checkInput($login) && checkInput($passwd)) {
    $user = new User($login, $passwd);
    $user->makeAuth($db->getAuthInfo($login));
} else {
}
?>

Esempio n. 30
0
  * index.php: This is the main page for quizzes
  *
  * PHP Version 5
  *
  * It displays a menu of the first quizzes, and links for a New Quiz
  * and to the other quizzes
  *
  * @category   Quiz_Plugin
  * @package    Webworks_Webme
  * @subpackage Quiz
  * @author     Belinda Hamilton <*****@*****.**>
  * @license    General Purpose License Version 2
  * @link       www.kvweb.me
*/
if (isset($_POST['action'])) {
    $errors = checkInput($_POST);
    if (empty($errors)) {
        unset($_POST['errors']);
        $quizName = addslashes($_POST['name']);
        $quizTopic = addslashes($_POST['description']);
        $numberOfQuestions = (int) $_POST['number_of_questions'];
        $enabled = (int) $_POST['enabled'];
        if ($id) {
            dbQuery("update quiz_quizzes \n\t\t\t\tset name = '{$quizName}',\n\t\t\t\tdescription = '{$quizTopic}',\n\t\t\t\tnumber_of_questions = '{$numberOfQuestions}',\n\t\t\t\tenabled = {$enabled}\n\t\t\t\twhere id = '{$id}'");
        } else {
            dbQuery("INSERT INTO quiz_quizzes\n\t\t\t\t(\n\t\t\t\tname,\n\t\t\t\tdescription,\n\t\t\t\tnumber_of_questions,\n\t\t\t\tenabled\n\t\t\t\t)\n\t\t\t\tVALUES\n\t\t\t\t(\n\t\t\t\t'{$quizName}',\n\t\t\t\t'{$quizTopic}',\n\t\t\t\t'{$numberOfQuestions}',\n\t\t\t\t'{$enabled}'\n\t\t\t\t)");
            $id = dbOne('select LAST_INSERT_ID() AS id', 'id');
            header('location: /ww.admin/plugin.php' . '?_plugin=quiz&_page=index&action=newQuestion&id=' . $id);
        }
    }
}