private function sqlParameter($isADD, &$data, $name, &$field, &$EnumPrunecache, $isSerialized = false, $kA = '', $wS = '') { $output = false; $encapsulation = $isSerialized ? '' : '"'; switch ($field[CONS_XML_TIPO]) { case CONS_TIPO_INT: if (isset($data[$name]) && $data[$name] !== "" && is_numeric($data[$name])) { $output = $data[$name]; } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { $output = $field[CONS_XML_DEFAULT]; } } break; case CONS_TIPO_LINK: if ($field[CONS_XML_LINKTYPE] == CONS_TIPO_INT || $field[CONS_XML_LINKTYPE] == CONS_TIPO_FLOAT) { $encapsulation = ''; } if (isset($data[$name]) && ($data[$name] !== '' && $data[$name] !== 0 || !isset($field[CONS_XML_MANDATORY]))) { # non-mandatory links accept 0 values, otherwise 0 is not acceptable if ((!$isADD && isset($field[CONS_XML_IGNORENEDIT]) || $isADD) && ($data[$name] === 0 || $data[$name] === '')) { break; } else { if (($field[CONS_XML_LINKTYPE] == CONS_TIPO_INT || $field[CONS_XML_LINKTYPE] == CONS_TIPO_FLOAT) && ($data[$name] === '' || !is_numeric($data[$name]))) { $data[$name] = 0; } else { if ($field[CONS_XML_LINKTYPE] == CONS_TIPO_VC && $data[$name] != '') { if ($field[CONS_XML_SPECIAL] == "ucase") { $data[$name] = strtoupper($data[$name]); } if ($field[CONS_XML_SPECIAL] == "lcase") { $data[$name] = strtolower($data[$name]); } } } } # if this is a parent, check if this won't create a cyclic parenting if ($data[$name] !== 0 && $data[$name] !== '' && $field[CONS_XML_MODULE] == $this->name && $this->options[CONS_MODULE_PARENT] == $name) { if (!$isADD && $data[$name] == $data[$this->keys[0]]) { $data[$name] = 0; $this->parent->errorControl->raise(128, $name, $this->name, "Parent=Self"); if (isset($field[CONS_XML_MANDATORY])) { return false; } } else { $antiCicle = $isADD ? array() : array($data[$this->keys[0]]); $idP = isset($data[$name]) ? $data[$name] : 0; if ($idP == null) { $idP = 0; } while ($idP !== 0) { $idP = $this->parent->dbo->fetch("SELECT {$name} FROM " . $this->dbname . " WHERE " . $this->keys[0] . "={$idP}"); if ($idP == NULL) { $idP = 0; } if (in_array($idP, $antiCicle)) { break; } // cicle! $antiCicle[] = $idP; } unset($antiCicle); if ($idP !== 0) { # did not reach root $this->parent->errorControl->raise(128, $name, $this->name, "Initial parent was = " . $data[$name]); $data[$name] = 0; if (isset($field[CONS_XML_MANDATORY])) { return false; } } } } $output = $encapsulation . $data[$name] . $encapsulation; } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { if ($field[CONS_XML_DEFAULT] == "%UID%" && defined("CONS_AUTH_USERMODULE") && $field[CONS_XML_MODULE] == CONS_AUTH_USERMODULE && $_SESSION[CONS_SESSION_ACCESS_LEVEL] > 0 && isset($_SESSION[CONS_SESSION_ACCESS_USER]['id'])) { $output = $encapsulation . $_SESSION[CONS_SESSION_ACCESS_USER]['id'] . $encapsulation; } else { if ($field[CONS_XML_DEFAULT] != "%UID%") { $output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation; } } } } break; case CONS_TIPO_FLOAT: if (isset($data[$name]) && $data[$name] !== "") { $data[$name] = fv($data[$name]); if (is_numeric($data[$name])) { $output = str_replace(",", ".", $data[$name]); } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { $output = $field[CONS_XML_DEFAULT]; } } } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { $output = $field[CONS_XML_DEFAULT]; } } break; case CONS_TIPO_VC: if (isset($data[$name])) { if (!isset($field[CONS_XML_SPECIAL]) || $field[CONS_XML_SPECIAL] != "urla") { if (!isset($field[CONS_XML_CUSTOM])) { $data[$name] = cleanString($data[$name], isset($field[CONS_XML_HTML]), $_SESSION[CONS_SESSION_ACCESS_LEVEL] == 100, $this->parent->dbo); } else { if (!$isSerialized) { $data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo); } } } if (isset($field[CONS_XML_SPECIAL])) { if ($field[CONS_XML_SPECIAL] == "urla") { if (!isset($data[$name]) || $data[$name] == '') { $source = isset($field[CONS_XML_SOURCE]) ? $field[CONS_XML_SOURCE] : "{" . $this->title . "}"; $tp = new CKTemplate($this->parent->template); $tp->tbreak($source); $data[$name] = $tp->techo($data); unset($tp); } $data[$name] = str_replace(">", "", str_replace("<", "", str_replace(""", "", str_replace("'", "", $data[$name])))); $data[$name] = removeSimbols($data[$name], true, false, CONS_FLATTENURL); } if ($field[CONS_XML_SPECIAL] == "login" && $data[$name] != "") { if (!preg_match('/^([A-Za-z0-9_\\-\\.@]){4,20}$/', $data[$name])) { $data[$name] = ""; $this->parent->errorControl->raise(129, $name, $this->name); break; } } if ($field[CONS_XML_SPECIAL] == "mail" && $data[$name] != "") { if (!isMail($data[$name])) { $data[$name] = ""; $this->parent->errorControl->raise(130, $name, $this->name); break; } } if ($field[CONS_XML_SPECIAL] == "ucase" && $data[$name] != "") { $data[$name] = strtoupper($data[$name]); $data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo); } if ($field[CONS_XML_SPECIAL] == "lcase" && $data[$name] != "") { $data[$name] = strtolower($data[$name]); $data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo); } if ($field[CONS_XML_SPECIAL] == "path" && $data[$name] != "") { if (!preg_match('/^([A-Za-z0-9_\\/\\-]*)$/', $data[$name])) { $data[$name] = ""; $this->parent->errorControl->raise(131, $name, $this->name); break; } } if ($field[CONS_XML_SPECIAL] == "onlinevideo" && $data[$name] != "") { if (!preg_match('/^([A-Za-z0-9_\\-]){8,20}$/', $data[$name])) { $data[$name] = ""; $this->parent->errorControl->raise(132, $name, $this->name); break; } } if ($field[CONS_XML_SPECIAL] == "time" && $data[$name] != "") { if (!preg_match('/^([0-9]){1,2}(:)([0-9]){1,2}$/', $data[$name])) { $data[$name] = ""; $this->parent->errorControl->raise(133, $name, $this->name); break; } else { $data[$name] = explode(":", $data[$name]); $data[$name][0] = (strlen($data[$name][0]) == 1 ? "0" : "") . $data[$name][0]; $data[$name][1] = (strlen($data[$name][1]) == 1 ? "0" : "") . $data[$name][1]; $data[$name] = $data[$name][0] . ":" . $data[$name][1]; } } } if (!$isADD && isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") { break; } else { if ($isADD && (!isset($data[$name]) || $data[$name] == '') && isset($field[CONS_XML_DEFAULT])) { $data[$name] = $field[CONS_XML_DEFAULT]; } } $output = $encapsulation . $data[$name] . $encapsulation; } break; case CONS_TIPO_TEXT: if (isset($data[$name])) { # WYSIWYG garbage ... if (isset($field[CONS_XML_HTML]) && !isset($field[CONS_XML_CUSTOM])) { $data[$name] = str_replace(" ", " ", trim($data[$name])); if (isset($field[CONS_XML_SIMPLEEDITFORCE]) && $data[$name] != '') { if (!defined('C_XHTML_AUTOTAB')) { include CONS_PATH_INCLUDE . "xmlHandler.php"; } $data[$name] = parseHTML($data[$name], true); if ($data[$name] === false) { $this->parent->errorControl->raise(190, $name, $this->name); $data[$name] = ''; break; } } if ($this->invalidHTML($data[$name])) { # external editors garbage that can break HTML $this->parent->errorControl->raise(135, $name, $this->name); } } if (!isset($field[CONS_XML_CUSTOM])) { $data[$name] = cleanString($data[$name], isset($field[CONS_XML_HTML]), $_SESSION[CONS_SESSION_ACCESS_LEVEL] == 100, $this->parent->dbo); } else { if (!$isSerialized) { $data[$name] = addslashes_EX($data[$name], true, $this->parent->dbo); } } if (!$isADD && isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") { break; } $output = $encapsulation . $data[$name] . $encapsulation; } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { $output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation; } } break; case CONS_TIPO_DATETIME: case CONS_TIPO_DATE: if (!isset($data[$name]) || $data[$name] == '') { if (!$isADD && isset($field[CONS_XML_UPDATESTAMP])) { $output = "NOW()"; $data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : ""); // might be used by friendly url or such break; } else { if ($isADD && (isset($field[CONS_XML_TIMESTAMP]) || isset($field[CONS_XML_UPDATESTAMP]))) { $output = "NOW()"; $data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : ""); // might be used by friendly url or such break; } } } if (!isset($data[$name]) && isset($data[$name . "_day"])) { # date came into separated fields, merge them $theDate = $this->parent->intlControl->mergeDate($data, $name . "_"); if (!$theDate == false || ($theDate == "0000-00-00" || $theDate == "0000-00-00 00:00:00") && isset($field[CONS_XML_IGNORENEDIT])) { break; } # empty date can be ignored, or corrupt date $output = $encapsulation . $theDate . $encapsulation; } else { # came in mySQL format or i18n fromat if (isset($data[$name]) && $data[$name] != "") { $data[$name] = trim($data[$name]); $theDate = $data[$name]; $theDate = $this->parent->intlControl->dateToSql($theDate, $field[CONS_XML_TIPO] == CONS_TIPO_DATETIME); // handles any format of human or sql date if ($theDate === false) { if (substr($data[$name], 0, 5) == "NOW()") { $output = $data[$name]; $data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : ""); // might be used by friendly url or such } else { $this->parent->errorControl->raise(134, $name, $this->name); } } else { $output = $encapsulation . $theDate . $encapsulation; $data[$name] = $theDate; // other fields might need it } } else { if (isset($data[$name])) { // blank if (!$isADD && isset($field[CONS_XML_IGNORENEDIT])) { break; } $output = isset($field[CONS_XML_MANDATORY]) && $field[CONS_XML_MANDATORY] ? $encapsulation . "0000-00-00" . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " 00:00:00" : "") . $encapsulation : 'NULL'; } } } break; case CONS_TIPO_ENUM: if (isset($data[$name])) { if ($data[$name] == "") { # enum does not accept empty values, this means it's a NON-MANDATORY enum comming empty = NULL $output = "NULL"; } else { $data[$name] = str_replace("\"", "", str_replace("'", "", $data[$name])); $output = $encapsulation . $data[$name] . $encapsulation; if (isset($field[CONS_XML_AUTOPRUNE])) { // possible prune //$EnumPrunecache preg_match("@ENUM \\(([^)]*)\\).*@", $field[CONS_XML_SQL], $regs); $enums = explode(",", $regs[1]); $pruneRecipient = ""; for ($ec = 0; $ec < count($enums); $ec++) { if (isset($field[CONS_XML_AUTOPRUNE][$ec]) && $field[CONS_XML_AUTOPRUNE][$ec] == '*') { $pruneRecipient = $enums[$ec]; } } for ($ec = 0; $ec < count($enums); $ec++) { if ("'" . $data[$name] . "'" == $enums[$ec]) { if (isset($field[CONS_XML_AUTOPRUNE][$ec]) && $field[CONS_XML_AUTOPRUNE][$ec] != '0' && $field[CONS_XML_AUTOPRUNE][$ec] != '*') { $EnumPrunecache[] = array($name, $field[CONS_XML_AUTOPRUNE][$ec], $pruneRecipient); } break; // for } } } } } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { $output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation; } } break; case CONS_TIPO_OPTIONS: # must come as a string of 0 and 1 if (isset($data[$name]) && strlen($data[$name]) >= count($field[CONS_XML_OPTIONS])) { # test if they are all 0 and 1! $ok = true; for ($c = 0; $c < strlen($data[$name]); $c++) { if ($data[$name][$c] != "0" && $data[$name][$c] != "1") { $ok = false; break; } } if ($ok) { $output = $encapsulation . $data[$name] . ($isADD ? '0000' : '') . $encapsulation; } } break; case CONS_TIPO_UPLOAD: if (!$isADD) { # upload on add happens AFTER the SQL include, so if it fails, we don't even bother processing upload if (isset($data[$name . "_delete"]) || isset($_FILES[$name]) && $_FILES[$name]['error'] == 0) { // delete ou update $ids = ""; foreach ($this->keys as $key) { $ids .= $data[$key] . "_"; } $ids = substr($ids, 0, strlen($ids) - 1); $this->deleteUploads($data, $name, $ids); } $upOk = $this->prepareUpload($name, $kA, $data); $upvalue = $upOk == '0' ? 'y' : 'n'; if ($upOk != 0 && $upOk != 4) { # notification for the upload (4 = nothing sent, 0 = sent and ok) $this->parent->errorControl->raise(200 + $upOk, $upOk, $this->name, $name); } if ($upOk != 4) { $output = $encapsulation . $upvalue . $encapsulation; } else { // no change, but take this oportunity and check if the file exists! $upvalue = 'n'; $path = CONS_FMANAGER . $this->name . "/"; if (is_dir($path)) { if (isset($this->fields[$name][CONS_XML_FILEPATH])) { $path .= $this->fields[$name][CONS_XML_FILEPATH]; if ($path[strlen($path) - 1] != "/") { $path .= "/"; } if (!is_dir($path)) { safe_mkdir($path); } } # prepares filename with item keys $filename = $path . $name . "_"; foreach ($this->keys as $key) { $filename .= $data[$key] . "_"; } $filename .= "1"; $upvalue = locateAnyFile($filename, $ext, isset($this->fields[$name][CONS_XML_FILETYPES]) ? $this->fields[$name][CONS_XML_FILETYPES] : '') ? 'y' : 'n'; } $output = $encapsulation . $upvalue . $encapsulation; } } break; case CONS_TIPO_ARRAY: if (isset($data[$name])) { if (is_array($data[$name])) { $output = $data[$name]; } else { # came in serialized (JSON or php) if ($data[$name][0] == '[') { # JSON $output = @json_decode($data[$name]); } else { $output = @unserialize($data[$name]); } # we will serialize the whole thing if ($output === false) { $this->parent->errorControl->raise(189, $name, $this->name); $output = ""; } } } break; case CONS_TIPO_SERIALIZED: if (isset($data[$name])) { // came raw data, we store as is, YOU should serialize raw data $data[$name] = addslashes_EX($data[$name], true); if (isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") { break; } $output = $encapsulation . $data[$name] . $encapsulation; } else { if ($this->fields[$name][CONS_XML_SERIALIZED] > 1) { // set to WRITE or ALL // note: we ADD fields, never replace, because we should allow partial edits, thus we need to read the original data first $sql = "SELECT {$name} FROM " . $this->dbname . " WHERE {$wS}"; $serialized = $this->parent->dbo->fetch($sql); if ($serialized === false) { $serialized = array(); } else { $serialized = @unserialize($serialized); } $serializedFields = 0; foreach ($this->fields[$name][CONS_XML_SERIALIZEDMODEL] as $exname => &$exfield) { if (isset($data[$name . "_" . $exname])) { $outfield = $this->sqlParameter(true, $data, $name . "_" . $exname, $exfield, $EnumPrunecache, true); if ($outfield !== false && $outfield != 'NULL') { $serialized[$exname] = $outfield; } # we don't need to store NULL like in sql } } $output = $encapsulation . addslashes_EX(serialize($serialized), true, $this->parent->dbo) . $encapsulation; } } break; } # switch return $output; }
$username = new user($sql, "username", $_POST['username']); if ($username->load() == TRUE) { $error['top'] .= "<p>The username is already taken.</p>"; $error['username'] = "******"; } else { $filled['username'] = TRUE; } } $isfilled = TRUE; } else { $error['top'] .= "<p>Your username must be between 3 and 25 characters.</p>"; $error['username'] = "******"; } if (isset($_POST['email']) && $_POST['email'] != "") { $fill['email'] = $_POST['email']; if (strlen($_POST['email']) <= 3 || strlen($_POST['email']) >= 150 || isMail($_POST['email']) == FALSE) { $error['top'] .= "<p>Please enter a valid email.</p>"; $error['email'] = "Please enter a valid email."; } else { $username = new user($sql, "email", $_POST['email']); if ($username->load() == TRUE) { $error['top'] .= "<p>The email is already in use.</p>"; $error['email'] = "The email is already in use."; } else { $filled['email'] = TRUE; } } $isfilled = TRUE; } else { $error['top'] .= "<p>Please enter a valid email.</p>"; $error['email'] = "Please enter a valid email.";
<script>$(document).ready(function() { $("#verifylist").tablesorter(); } ); </script>'; } } else { $pagecontent .= '<div class="notification red"><p>Failed to load users.</p></div>'; } } elseif ($_GET['action'] == "users" && $sessus->adminusers == TRUE) { if (isset($_GET['id'])) { $pagecontent .= '<h3>Edit user</h3>'; if (intval($_GET['id']) != 0) { $user = new user($sql, "id", intval($_GET['id'])); } elseif (isMail($_GET['id']) == TRUE) { $user = new user($sql, "email", e($_GET['id'])); } else { $user = new user($sql, "username", e($_GET['id'])); } if ($user->load()) { $redmsg = ""; $greenmsg = ""; if (isset($_POST['save'])) { $changed = FALSE; $redmsg = ""; $greenmsg = ""; if (isset($_POST['password'])) { $password = randomString(25); $user->changePW($password); $greenmsg = '<p>New user password: '******'</p>
# php log has more than 1Mb, come on! $this->raise(604, "size=" . filesize(CONS_HTTPD_ERRDIR . $httpderrlog), "PHP error log too big"); } } else { $httpderrlog = ""; } if ($this->dimconfig['_errcontrol'] > 100) { # system reports more than 100 errors! $this->errorControl->raise(605, "errors=" . ($httpderrlog != "" && is_file(CONS_HTTPD_ERRDIR . $httpderrlog) ? filesize(CONS_HTTPD_ERRDIR . $httpderrlog) : $this->dimconfig['_errcontrol']), "Too many system errors"); } // quota ok? $quota = isset($this->dimconfig['quota']) ? $this->dimconfig['quota'] : CONS_MAX_QUOTA; $this->dimconfig['_usedquota'] = quota(CONS_FMANAGER, true) * 1024; if ($this->dimconfig['_usedquota'] > $quota) { $this->errorControl->raise(110); if (isset($this->dimconfig['adminmail']) && isMail($this->dimconfig['adminmail'])) { @mail($this->dimconfig['adminmail'], "QUOTA EXCEEDED @ " . $_SESSION['CODE'], "Quota exceeded: " . $this->dimconfig['_usedquota'] . " from {$quota}"); } } // auto clean foreach ($this->modules as $name => &$module) { if (isset($module->options[CONS_MODULE_AUTOCLEAN]) && $module->options[CONS_MODULE_AUTOCLEAN] != "" && (strpos($module->options[CONS_MODULE_AUTOCLEAN], "DAY") !== false || strpos($module->options[CONS_MODULE_AUTOCLEAN], "WEEK") !== false || strpos($module->options[CONS_MODULE_AUTOCLEAN], "MONTH") !== false || strpos($module->options[CONS_MODULE_AUTOCLEAN], "YEAR") !== false)) { # daily only runs autocleans with DAY, WEEK, MONTH or YEAR if ($module->options[CONS_MODULE_VOLATILE]) { $sql = "DELETE FROM " . $module->dbname . " WHERE " . $module->options[CONS_MODULE_AUTOCLEAN]; $this->dbo->simpleQuery($sql); } else { $sql = "SELECT * FROM " . $module->dbname . " WHERE " . $module->options[CONS_MODULE_AUTOCLEAN]; $this->dbo->query($sql, $r, $n); if ($n > 0) { $this->safety = false;
function raise($errCode, $parameter = "", $module = "", $extended = "") { if (!CONS_ONSERVER && $errCode == 1000) { return; } # this will happen every single hit on development mode if ($this->errorCount == CONS_MAX_ERRORS) { $errCode = 178; } // abort (gracefully) if ($this->errorCount > CONS_MAX_ERRORS) { die("178 too many errors, error during error report found"); } #-- quickly set the fatal error flag if (!isset($this->ERRORS[$errCode])) { $parameter = $errCode; $errCode = 603; } if (!is_dir(CONS_PATH_LOGS)) { safe_mkdir(CONS_PATH_LOGS); } if (($this->ERRORS[$errCode] == CONS_ERROR_FATAL_MAIL || $this->ERRORS[$errCode] == CONS_ERROR_NOTIFYMAIL) && !CONS_ONSERVER) { if (isMail(CONS_MASTERMAIL)) { @mail(CONS_MASTERMAIL, "Fatal error at " . (isset($_SESSION['CODE']) ? $_SESSION['CODE'] : "Unknown domain") . " err {$errCode}", "Data: {$parameter}\nModule:{$module}", CONS_MASTERMAIL); } } #-- 404 errors ... if ($errCode == 103 || $errCode == 114 || $errCode == 166 || $errCode == 171) { $fd = fopen(CONS_PATH_LOGS . $_SESSION['CODE'] . "/404.log", "a"); if ($fd) { fwrite($fd, date("Y-m-d H:i:s") . " e{$errCode} " . $this->parent->context_str . $this->parent->action . " (" . $this->parent->original_action . ") referer=" . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "-") . "\n"); fclose($fd); return; } else { $errCode = 179; $parameter = $this->parent->context_str . $this->parent->action; } } #-- ok normal errors ... if (is_object($module)) { $module = $module->name; } $showToUser = CONS_DEVELOPER || $this->ERRORS[$errCode] == CONS_ERROR_NOTICE_SHOW || $this->ERRORS[$errCode] == CONS_ERROR_WARNING_SHOW || $this->ERRORS[$errCode] == CONS_ERROR_ERROR_SHOW || $this->ERRORS[$errCode] == CONS_ERROR_SEC_SHOW || $this->ERRORS[$errCode] == CONS_ERROR_NOTICESTOP || $this->ERRORS[$errCode] == CONS_ERROR_MESSAGE; $lowLog = $this->ERRORS[$errCode] == CONS_ERROR_NOTICE || $this->ERRORS[$errCode] == CONS_ERROR_WARNING || $this->ERRORS[$errCode] == CONS_ERROR_WARNING_SHOW; $securityLog = $this->ERRORS[$errCode] == CONS_ERROR_SEC || $this->ERRORS[$errCode] == CONS_ERROR_SEC_SHOW; $highLog = $this->ERRORS[$errCode] == CONS_ERROR_ERROR || $this->ERRORS[$errCode] == CONS_ERROR_ERROR_SHOW || $this->ERRORS[$errCode] == CONS_ERROR_FATAL || $this->ERRORS[$errCode] == CONS_ERROR_NOTIFYMAIL; $actionLog = $this->ERRORS[$errCode] < CONS_ERROR_WARNING && ($errCode >= 300 && $errCode < 400); $stopScript = $this->ERRORS[$errCode] == CONS_ERROR_FATAL || $this->ERRORS[$errCode] == CONS_ERROR_FATAL_NOLOG || $this->ERRORS[$errCode] == CONS_ERROR_NOTICESTOP || $this->ERRORS[$errCode] == CONS_ERROR_FATAL_MAIL; $storeInWarning = $this->ERRORS[$errCode] != CONS_ERROR_MESSAGE; $redWarning = $this->ERRORS[$errCode] != CONS_ERROR_MESSAGE && $this->ERRORS[$errCode] != CONS_ERROR_NOTICE_SHOW && $this->ERRORS[$errCode] != CONS_ERROR_NOTICE && !$actionLog; # These are logs that, once displayed to the users, should be in red (actual errors) if (!$actionLog) { $this->errorCount++; } #-- $errstr = $this->parent->langOut('e' . $errCode) . " (e{$errCode}) {$module} {$parameter} {$extended}"; $errstrfull = $errCode . "|" . $module . "|" . $parameter . "|" . $extended . "|" . implode("|", $this->parent->log); # Error file: # date|client|uri|errCode|module|parameters|extended parameters|log[|...] # Action file: # YmdHismodule|parameter|extended parameters $status = date("d/m/Y H:i:s") . "|" . (isset($_SESSION['CODE']) ? $_SESSION['CODE'] : '?') . "|" . $_SERVER['REQUEST_URI']; if ($showToUser) { $this->parent->setLog($redWarning ? $highLog || $stopScript ? CONS_LOGGING_ERROR : CONS_LOGGING_WARNING : ($errCode == 300 ? CONS_LOGGING_SUCCESS : CONS_LOGGING_NOTICE), $errstr); } if ($storeInWarning) { $this->parent->warning[] = $errstr; } if ($lowLog || $securityLog || $highLog) { if (isset($_SESSION['CODE'])) { if (isset($_SESSION['CODE']) && !is_dir(CONS_PATH_LOGS . $_SESSION['CODE'] . "/")) { safe_mkdir(CONS_PATH_LOGS . $_SESSION['CODE'] . "/"); } if (!is_file(CONS_PATH_LOGS . $_SESSION['CODE'] . "/err" . date("Ymd") . ".log") || filesize(CONS_PATH_LOGS . $_SESSION['CODE'] . "/err" . date("Ymd") . ".log") < CONS_MAX_LOGFILESIZE) { $fd = fopen(CONS_PATH_LOGS . $_SESSION['CODE'] . "/err" . date("Ymd") . ".log", "a"); if ($fd) { fwrite($fd, $status . "|" . $errstrfull . "\n"); fclose($fd); } } if ($highLog) { if (isset($this->parent->dimconfig['_cronD']) && $this->parent->dimconfig['_cronD'] == date("d")) { $this->parent->dimconfig['_errcontrol'] = isset($this->parent->dimconfig['_errcontrol']) ? $this->parent->dimconfig['_errcontrol'] + 1 : 1; } else { $this->parent->dimconfig['_errcontrol'] = 1; } $this->parent->saveConfig(true); } } # centralized log (the framework supports multiple domains, this log is a single log for all domains) if ($highLog && (!is_file(CONS_PATH_LOGS . "err" . date("Ymd") . ".log") || filesize(CONS_PATH_LOGS . "err" . date("Ymd") . ".log") < CONS_MAX_LOGFILESIZE)) { $fd = fopen(CONS_PATH_LOGS . "err" . date("Ymd") . ".log", "a"); if ($fd) { fwrite($fd, $status . "|" . $errstrfull . "\n"); fclose($fd); } } } if ($actionLog && !CONS_ECONOMICMODE) { if (isset($_SESSION['CODE']) && !is_dir(CONS_PATH_LOGS . $_SESSION['CODE'] . "/")) { safe_mkdir(CONS_PATH_LOGS . $_SESSION['CODE'] . "/"); } $fd = fopen(CONS_PATH_LOGS . $_SESSION['CODE'] . "/act" . date("Ymd") . ".log", "a"); if ($fd) { if ($errCode >= 301 && $errCode <= 305) { $parameter = "e" . $errCode; fwrite($fd, date("YmdHis") . $module . "|{$parameter}|{$extended}|{$extended}" . "\n"); } else { $parameter = $parameter == CONS_ACTION_INCLUDE ? "include" : ($parameter == CONS_ACTION_UPDATE ? "edit" : ($parameter == CONS_ACTION_DELETE ? "delete" : $parameter)); fwrite($fd, date("YmdHis") . $module . "|{$parameter}|{$extended}|" . ($this->parent->logged() ? $_SESSION[CONS_SESSION_ACCESS_USER]['login'] : "******") . "\n"); } fclose($fd); } } if ($stopScript) { $this->parent->headerControl->showHeaders('500', true); echo "<div style='border:1px solid #FFCCCC;padding:10px;margin:20px;'>\n\t\t\t\t<b>{$parameter}</b> ({$errCode})\n\t\t\t \t<div style='border-top: 1px solid #CCCCCC;'>" . nl2br($this->errorToMessage($errCode, $parameter, $module, $extended)) . "</div>" . "<div style='border-top: 1px solid #CCCCCC;'>SystemLog:<br/><div style='font-size:10px'>" . implode("<br/>", $this->parent->log) . "</div></div>" . ($this->parent->debugmode ? "<div style='border-top: 1px solid #CCCCCC;'>DBLog:<br/><div style='font-size:10px'>" . implode("<br/>", $this->parent->dbo->log) . "</div></div>" : "") . ($this->parent->offlineMode ? "<div style='border-top: 1px solid #CCCCCC;'>DB DOWN</div>" : "") . "</div>Prescia"; $this->parent->close(true); } }
public function editar_usuario() { //carregar Model $this->load->model('Usuarios_model', 'usuarios'); $check = array('nome' => TRUE, 'email' => TRUE, 'data' => TRUE); $data = array(); $user = $_POST; /*******************VALIDAÇOES DOS CAMPOS DO FORMULARIO*****************/ //Validar Campo Nome if ($user['nome'] == '') { $check['nome'] = FALSE; $data['msg'][1] = "O campo nome precisa ser preenchido."; } //Validar Campo email $this->load->helper('quick'); $check['email'] = isMail($user['email']); if ($check['email'] == FALSE || $_POST['email'] == '') { $check['email'] = FALSE; $data['msg'][2] = "Email Inválido. Digite um email válido."; } //Validar o campo data if ($user['data_de_nascimento'] == '') { $check['data'] = FALSE; $data['msg'][3] = "A data precisa ser preenchida."; } elseif (!validateDate($user['data_de_nascimento'])) { $check['data'] = FALSE; $data['msg'][3] = "A data está no formato incorreto."; } //Se tudo deu certo na validação encaminha para o banco if ($check['nome'] && $check['email'] && $check['data']) { //Formate a data para armazenar no banco $user['data_de_nascimento'] = to_mysql_data($user['data_de_nascimento']); //Resgata id e prepara vetor para editar no banco $id = $user['idd']; unset($user['idd']); $this->usuarios->editar_usuario($user, $id); $data['mensagem'] = "Edição realizada!"; $data['usuario'] = $this->usuarios->info_do_usuario_pelo_id($id); $this->template->load('template_view', 'usuario/editar_usuario', $data); } else { $data['mensagem'] = "Editar."; $data['usuario'] = $this->usuarios->info_do_usuario_pelo_id($user['idd']); $this->template->load('template_view', 'usuario/editar_usuario', $data); } }
function sendMail($mailto, $subject, &$mail, $mailfrom = "", $header = "", $isHTML = true, $attach = "") { # mailto = destination mail, accepts extended version (name <mail>) and comma delimited list # subject = subject line # mail = template with the fill mail >>>OBJECT<<< # mailfrom = "from" mail # header (optional) = headers, you might or might not fill a Content-Type # isHTML = if true, adds proper Content-Type # attach = filename for attachment $subject = str_replace("\n", "", $subject); // bye exploit $subject = str_replace("\r", "", $subject); // bye exploit if (preg_match('!\\S!u', $subject) !== 0) { $subject = '=?UTF-8?B?' . base64_encode($subject) . '?='; } if ($mailfrom == "" && strpos($mailto, ",") === false) { $mailfrom = $mailto; } // no mailfrom, use mailti if ($header != "" && $header[strlen($header) - 1] != "\n") { $header .= "\n"; } // add \n at the end of the last line of pre-defined header $mailfrom = str_replace("\n", "", $mailfrom); // bye exploit if (strpos(strtoupper($header), "RETURN-PATH:") === false && isMail($mailfrom, true)) { // no R-P, add if possible $header .= "Return-path: {$mailfrom}\n"; } if (strpos(strtoupper($header), "REPLY-TO:") === false && isMail($mailfrom, true)) { // no R-T, add if possible $header .= "Reply-To: {$mailfrom}\n"; } if (strpos(strtoupper($header), "FROM:") === false && isMail($mailfrom, true)) { // no FROM, add if possible $header .= "From: {$mailfrom}\n"; } if ($isHTML || $attach != "") { // HTML mode with attachment $isHTML = true; $bound = "--=XYZ_" . md5(date("dmYis")) . "_ZYX"; $bnext = "--=NextPart_XYZ_" . md5(date("dm")) . ".E0_PART"; $header .= "Content-Type:multipart/" . ($attach != "" ? "mixed" : "alternative") . "; boundary=\"{$bound}\"\n"; } else { // not HTML nor with attachment $header .= "Content-Type:text/plain; charset=utf-8\n"; } $header .= "MIME-Version: 1.0\n"; $header .= "x-mailer: PresciaMailer\n"; $mail->assign("IP", CONS_IP); $mail->assign("HOUR", date("H:i")); $mail->assign("DATA", date("d/m/Y")); $mail->assign("DATE", date("m/d/Y")); $corpo = $mail->techo(); if ($attach != "" && is_file($attach)) { // deal with attachment //Open file and convert to base64 $fOpen = fopen($attach, "rb"); $fAtach = fread($fOpen, filesize($attach)); $ext = explode(".", $attach); $ext = array_pop($ext); $fAtach = base64_encode($fAtach); fclose($fOpen); $fAtach = chunk_split($fAtach); $corpoplain = preg_replace("/( ){2,}/", " ", cleanHTML($corpo)); // Add multipart message $sBody = "This is a multipart MIME message.\n\n"; $sBody .= "--{$bound}\n"; $sBody .= "Content-Type: multipart/alternative; boundary=\"{$bnext}\"\n\n\n"; $sBody .= "--{$bnext}\n" . "Content-Type: text/plain; charset=utf-8\n\n" . $corpoplain . "\n\n" . "--{$bnext}\n"; $sBody .= "Content-Type:text/html; charset=utf-8\n\n"; $sBody .= "{$corpo} \n\n"; $sBody .= "--{$bnext}--\n\n"; $sBody .= "--{$bound}\n"; $fname = explode("/", str_replace("\\", "/", $attach)); $sBody .= "Content-Disposition: attachment; filename=" . array_pop($fname) . "\n"; if (!function_exists("getMime")) { include_once CONS_PATH_INCLUDE . "getMime.php"; } $sBody .= "Content-Type: " . getMime($ext) . "\n"; $sBody .= "Content-Transfer-Encoding: base64\n\n{$fAtach}\n"; $sBody .= "--{$bound}--\n\n"; } else { if ($isHTML) { $corpoplain = preg_replace("/( ){2,}/", " ", stripHTML($corpo)); $sBody = "This is a multipart MIME message.\n\n"; $sBody .= "--{$bound}\n" . "Content-Type: text/plain; charset=utf-8\n\n" . $corpoplain . "\n\n" . "--{$bound}\n" . "Content-Type: text/html; charset=utf-8\n\n" . $corpo . "\n\n" . "--{$bound}--\n"; } else { $sBody = $corpo; } } if (substr($subject, 0, 3) == "NS:") { $sBody .= chr(0); } // Newsletter character flag if (preg_match('@^([^<]*)<([^>]*)>(.?)$@i', $mailfrom, $matches) == 1) { $mailfrom = $matches[2]; } // removes expanded mail mode $ok = false; // will return false ONLY if ALL submissions fail $mailto = explode(",", $mailto); foreach ($mailto as $mt) { $mt = trim($mt); // Subject: =?UTF-8?B?".base64_encode($subject)."?= if (!@mail($mt, $subject, $sBody, $header, '-f' . $mailfrom)) { $ok = @mail($mt, $subject, $sBody, $header, '-r' . $mailfrom) || $ok; } else { $ok = true; } } return $ok; }
$sqlVerificar = "SELECT * FROM cliente WHERE cpf ='" . $cpf . "'"; $sql = mysql_query($sqlVerificar) or die(mysql_error()); $count = mysql_num_rows($sql); //Funcao para validar CPF $cpfValidar = CPF($cpf); if ($cpfValidar == false) { ?> <script> window.location.href = 'cadastro.php?status=erro'; </script> <?php } //Fim Validacao do CPF //Validacao do E-mail if (isMail($email) == false) { ?> <script> window.location.href = 'cadastro.php?statusEmail=erro'; </script> <?php } // VERIFICAÇOES PARA SABER SE OS CAMPOS DIGITADOS ESTÃO VAZIOS. if ($nome == '') { echo "<script>alert('DIGITE SEU NOME')</script>"; echo "<script>window.location.href = 'cadastro.php'</script>"; } else { if ($cpf == '') { echo "<script>alert('DIGITE O SEU CPF')</script>"; echo "<script>window.location.href = 'cadastro.php'</script>"; } else {
return preg_match("/^[-_.[:alnum:]]+@((([[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]])\\.)+(ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)\$|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))\$/i", $verify_email); } $error_name = false; $error_email = false; $validate = false; if (isset($_POST["subs_submit"])) { $name = ""; $email = ""; // Get the first name if (trim($_POST['ftr_name']) === '') { $error_name = true; } else { $name = trim($_POST['ftr_name']); } // Get the email if (trim($_POST['email']) === '' || !isMail($_POST['email'])) { $error_email = true; } else { $email = trim($_POST['email']); } if (!$error_name && !$error_email) { if (isset($name) && isset($email)) { //Check and Insert data into Database global $wpdb; $table_name = $wpdb->prefix . 'subs'; if ($wpdb->get_var("SHOW TABLES LIKE '{$table_name}'") != $table_name) { //table not in database. Create new table $charset_collate = $wpdb->get_charset_collate(); $sql = "CREATE TABLE {$table_name} (\n\t\t\t\tid mediumint(9) NOT NULL AUTO_INCREMENT,\n\t\t\t\tname text NOT NULL,\n\t\t\t\temail text NOT NULL,\n\t\t\t\tUNIQUE KEY id (id)\n\t\t\t\t) {$charset_collate};"; require_once ABSPATH . 'wp-admin/includes/upgrade.php'; dbDelta($sql);
} $data = array('name' => $_POST['name'], 'email' => isset($_POST['email']) ? $_POST['email'] : '', 'login' => isset($_POST['ulogin']) ? $_POST['ulogin'] : '', 'password' => $_POST['upassword'], 'userprefs' => serialize($up), 'id_group' => $this->registrationGroup); if ($core->logged()) { $data['id'] = $_SESSION[CONS_SESSION_ACCESS_USER]['id']; unset($data['id_group']); unset($data['login']); if ($_POST['upassword'] == '') { unset($_POST['upassword']); } # remember to allow users to change themselves $ok = $core->runAction('users', CONS_ACTION_UPDATE, $data); } else { if ($core->tCaptcha('captcha', true)) { $core->safety = false; // allow guests to register (add user) if (!isset($_REQUEST['email']) && isMail($data['login'])) { $data['email'] = $data['login']; } // if the email is the login $ok = $core->runAction('users', CONS_ACTION_INCLUDE, $data); $core->safety = true; if ($ok) { $id = $core->lastReturnCode; $core->authControl->logUser($id, CONS_AUTH_SESSION_NEW); } else { $core->authControl->logsGuest(); } } } $core->action = "profile"; if ($ok) {