protected function validate_posted_data($data, &$errors = array())
{
if (empty($data['awpcp_sender_name'])) {
$errors['awpcp_sender_name'] = __('Please enter your name.', 'AWPCP');
}
if (empty($data['awpcp_sender_email'])) {
$errors['awpcp_sender_email'] = __('Please enter your email.', 'AWPCP');
} else {
if (!isValidEmailAddress($data['awpcp_sender_email'])) {
$errors['ad_contact_email'] = __("The email address you entered was not a valid email address. Please check for errors and try again.", "AWPCP");
}
}
if (empty($data['awpcp_contact_message'])) {
$errors['awpcp_contact_message'] = __('There was no text in your message. Please enter a message.', 'AWPCP');
}
if (get_awpcp_option('useakismet')) {
$spam_filter = awpcp_listing_reply_spam_filter();
if ($spam_filter->is_spam($data)) {
$errors['awpcp_contact_message'] = __('Your message was flagged as spam. Please contact the administrator of this site.', 'AWPCP');
}
}
if (get_awpcp_option('captcha-enabled')) {
$captcha = awpcp_create_captcha(get_awpcp_option('captcha-provider'));
$error = '';
if (!$captcha->validate($error)) {
$errors['captcha'] = $error;
}
}
return empty($errors);
}
if (!$isAdminFull) {
echo "<p>Access denied.</p>";
} else {
$sql = "SELECT mail, name, player_id, msn from $playerstable ".
"where player_id order by player_id asc";
$result = mysql_query($sql);
$i = 1;
$block = 200;
while($row = mysql_fetch_array($result)) {
$name = $row['name'];
$mail = $row['mail'];
if (!isValidEmailAddress($mail)) {
$mail = $row['msn'];
}
if (!isValidEmailAddress($mail)) {
// echo "<p>Invalid mail address for [$player_id] $name: $mail</p>";
}
else {
$player_id = $row['player_id'];
// echo "<p>Player: [$player_id] $name | Mail: $mail</p>";
$sql2 = "SELECT userId from $playerstatustable ".
"where userId = '$player_id' and type='B' and active='Y'";
$result2 = mysql_query($sql2);
if (mysql_num_rows($result2) > 0) {
// echo "<p>Player ".$name." is banned!</p>";
}
else {
echo $mail.",";
}
$_REQUEST['to'] = $image->user_id;
} else {
die("ERROR: no image/user specified");
}
} else {
$msg = '';
}
$recipient = new GeographUser($_REQUEST['to']);
$from_name = !empty($_REQUEST['from_name']) ? stripslashes($_REQUEST['from_name']) : die('ERROR: no name');
$from_email = !empty($_REQUEST['from_email']) ? stripslashes($_REQUEST['from_email']) : die('ERROR: no email');
$domain = !empty($_REQUEST['domain']) && preg_match('/^[\\w.]+$/', $_REQUEST['domain']) ? stripslashes($_REQUEST['domain']) : die('ERROR: no domain');
$msg = !empty($_REQUEST['message']) ? $msg . stripslashes($_REQUEST['message']) : die('ERROR: no message');
#$msg = preg_replace("/[^\r]\n/","\r\n",$msg);
$ok = true;
$errors = array();
if (!isValidEmailAddress($from_email)) {
$ok = false;
$errors['from_email'] = 'Please specify a valid email address';
}
if (!isValidRealName($from_name)) {
$ok = false;
$errors['from_name'] = 'Only letters A-Z, a-z, hyphens and apostrophes allowed';
}
if (strlen($msg) == 0) {
$ok = false;
$errors['msg'] = "Please enter a message to send";
}
if (isSpam($msg)) {
$ok = false;
$errors['msg'] = "Sorry, this looks like spam";
}
while ($row = mysql_fetch_array($result)) {
// for each player that played do...
$logged = 0;
$sendmail = 0;
$name = $row[0];
if (!empty($name)) {
$profileurl = $directory . "/editprofile.php";
$gamesquery = "select * from {$gamestable} " . "WHERE (winner = '{$name}' OR winner2 = '{$name}' OR loser = '{$name}' OR loser2 = '{$name}') " . "AND deleted = 'no' " . "AND dateday = '{$yesterday}' " . "ORDER BY date DESC";
$playergames = mysql_query($gamesquery);
$gamescount = mysql_num_rows($playergames);
$playerquery = "SELECT mail, sendGamesMail from {$playerstable} " . "WHERE name = '{$name}'";
$player = mysql_query($playerquery);
$playerresult = mysql_fetch_array($player);
$toAddress = $playerresult['mail'];
$sendGamesMail = $playerresult['sendGamesMail'] == 'yes';
if (isValidEmailAddress($toAddress) && $sendGamesMail) {
$subject = "[{$leaguename}] {$name}'s games for {$yesterday}";
$head = "From:" . $adminmail . "\r\nReply-To:" . $adminmail . "\r\nReturn-Path:" . $adminmail;
$message = "Hello {$name},\n" . "\n" . "here's a summary of the {$leaguename} games you played today.\n" . "\n";
while ($row_game = mysql_fetch_array($playergames)) {
$gametime = date("h:i a", $row_game['date']);
$winpoints = $row_game['winpoints'];
$winner = $row_game['winner'];
$winner2 = $row_game['winner2'];
if (strlen($winner2) > 0) {
$winner = $winner . "/" . $winner2;
}
$winnerresult = $row_game['winnerresult'];
$loserresult = $row_game['loserresult'];
$loser = $row_game['loser'];
$loser2 = $row_game['loser2'];
$smarty->assign_by_ref('image', $image);
}
//try and send?
if (!$throttle && isset($_POST['msg'])) {
$ok = true;
$msg = htmlentities(trim(stripslashes($_POST['msg'])));
$errors = array();
if (!isValidEmailAddress($from_email)) {
$ok = false;
$errors['from_email'] = $MESSAGES['ecard']['email_invalid'];
}
if (!isValidRealName($from_name)) {
$ok = false;
$errors['from_name'] = $MESSAGES['ecard']['name_chars'];
}
if (!isValidEmailAddress($to_email)) {
$ok = false;
$errors['to_email'] = $MESSAGES['ecard']['email_invalid'];
}
if (!isValidRealName($to_name)) {
$ok = false;
$errors['to_name'] = $MESSAGES['ecard']['name_chars'];
}
if (strlen($msg) == 0) {
$ok = false;
$errors['msg'] = $MESSAGES['ecard']['empty_message'];
}
$smarty->assign_by_ref('errors', $errors);
$smarty->assign_by_ref('msg', html_entity_decode($msg));
//will be re-htmlentities'ed when output
$smarty->assign_by_ref('charset', $CONF['mail_charset']);
$msgs .= "Send [" . $address . "] -> ";
$result = sendHtmlMail($address, $mailSubject, $userMailText, $plainText);
$msgs .= "Result [" . $result . "]<br>";
logSentMail("", $address, $mailType);
} else {
if (mysql_real_escape_string($_POST['target']) == 'all') {
$sql = "SELECT mail, name, player_id, msn from $playerstable " .
"where player_id <= " . $limit2 . " and player_id >= " . $limit1 . " " .
"and sendNewsletter = 'yes' order by player_id asc";
$result3 = mysql_query($sql);
$msgs .= "<p>".mysql_num_rows($result3)." matched your query</p>";
while ($row = mysql_fetch_array($result3)) {
$name = $row['name'];
$mail = $row['mail'];
$invalidEmail = $row['invalidEmail'] == 1;
if (!isValidEmailAddress($mail) || $invalidEmail) {
$msgs .= "Invalid mail address for [$player_id] $name: $mail<br>";
} else {
$player_id = $row['player_id'];
$msgs .= "Player: [$player_id] $name ->";
$sql2 = "SELECT userId from $playerstatustable " .
"where userId = '$player_id' and type='B' and active='Y'";
$result2 = mysql_query($sql2);
if (mysql_num_rows($result2) > 0) {
$msgs .= "Player " . $name . " is banned!<br>";
} else {
$unsubscribeUrl = "http://www.yoursite/unsubscribe.php?id=" . md5($name);
$userMailText = str_replace('%playername%', $name, $mailText);
$userMailText = str_replace('%unsubscribeLink%', $unsubscribeUrl, $userMailText);
$plainText = str_replace('%playername%', $name, $plainText);
<?php
include 'config.php';
include 'functions.php';
$name = mysql_real_escape_string(addslashes(trim($_POST['name'])));
$email = mysql_real_escape_string(addslashes(trim($_POST['email'])));
$mail = isValidEmailAddress($email);
$bib = mysql_query("select * from invites where email='{$email}'");
$numb = mysql_num_rows($bib);
if ($numb == 0) {
if ($mail == 1) {
$sql = mysql_query("\n\t\t\t\t\t INSERT INTO `invites` (\n\t\t\t\t\t`invite_id` ,\n\t\t\t\t\t`name` ,\n\t\t\t\t\t`email` ,\n\t\t\t\t\t`permet`\n\t\t\t\t\t)\n\t\t\t\t\tVALUES (\n\t\t\t\t\tNULL , 'person', '{$email}', '0'\n\t\t\t\t\t);\n\t\t\t\t\t ");
if ($sql) {
echo "<div id='good'>Thanks! Expect to hear from us soon!</div>";
}
} else {
echo "Oops! Please enter a valid email address.";
}
} else {
echo "Looks like you already request access!";
}
while ($row = mysql_fetch_array($result)) {
$played_array[] = $row[0];
}
$alloldplayersquery = "SELECT player_id, name, mail " . "FROM {$playerstable} " . "WHERE approved = 'yes' " . "AND (UNIX_TIMESTAMP() - activeDate > {$disableSpan})";
$playerresult = mysql_query($alloldplayersquery);
while ($row = mysql_fetch_array($playerresult)) {
$name = $row['name'];
$userId = $row['player_id'];
if (!in_array($name, $played_array)) {
// has not played in X weeks
$sendmail = 0;
$mailSentResult = 0;
$sql = "UPDATE {$playerstable} " . "SET approved = 'no' " . "where name='{$name}'";
$updateResult = mysql_query($sql);
$toAddress = $row['mail'];
if (isValidEmailAddress($toAddress)) {
$subject = "[{$leaguename}] {$name} account passivated";
$head = "From:" . $adminmail . "\r\nReply-To:" . $adminmail . "";
$message = "Hello {$name},\n" . "\n" . "Since you have not played any {$leaguename} games in " . $weeks . " weeks, \n" . "your account has been passivated.\n" . "\n" . "If you want your account reactivated sometime, simply post in the forum \n" . "activation thread at http://www.yoursite/forum/viewtopic.php?t=1084\n" . "\n" . "\n" . "- The " . $leaguename . " Staff\n";
$sendmail = @mail($toAddress, $subject, $message, $head);
$mailSentResult = logSentMail($name, $toAddress, 'passivated');
}
// if valid address
$date = time();
$link = $directory . "/info.php?#8";
$reason = "automatically passivated on " . formatDate($date);
$sql = "INSERT INTO {$playerstatustable} (userId, userName, type, active, " . "date, expireDate, forumLink, reason) " . "VALUES ('{$userId}', '{$name}', 'I', 'Y', " . "'{$date}', '', '{$link}', '{$reason}')";
$result = mysql_query($sql);
$adminMessage .= "[{$name}] " . "passivated [{$updateResult}] " . "address [{$toAddress}] " . "mail sent [{$sendmail}] " . "log [{$mailSentResult}] " . "status [{$result}]\n";
}
}
function updateUser($userName, $userPass, $newUserEmail, $newUserPass)
{
global $con;
$ret = array(0, 0);
if ($newUserEmail !== 0 || $newUserPass !== 0) {
if ($stmt = $con->prepare("SELECT userID, userEmail, userPass, userSalt FROM users WHERE userName = ? LIMIT 1")) {
$stmt->bind_param('s', $userName);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($user_id, $user_email, $db_password, $salt);
$stmt->fetch();
if ($stmt->num_rows == 1) {
if ($db_password == passHash($salt, $userPass)) {
if ($newUserEmail !== 0 && $newUserEmail !== $user_email) {
if (isValidEmailAddress($newUserEmail)) {
if ($check_stmt = $con->prepare("SELECT userName FROM users WHERE userEmail = ? LIMIT 1")) {
$check_stmt->bind_param('s', $newUserEmail);
$check_stmt->execute();
$check_stmt->store_result();
$check_stmt->bind_result($user_name);
$check_stmt->fetch();
if ($check_stmt->num_rows == 0) {
if ($update_stmt = $con->prepare("UPDATE users SET userEmail=? WHERE userID=? LIMIT 1")) {
$update_stmt->bind_param('si', $newUserEmail, $user_id);
$update_stmt->execute();
$ret[0] = true;
} else {
$ret[0] = -3;
//problem with db
}
} else {
$ret[0] = -4;
//username or email exists
}
}
} else {
$ret[0] = -5;
//invalid email or username
}
}
if ($newUserPass !== 0) {
if ($db_password !== passHash($salt, $newUserPass)) {
$randomSalt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
$password = passHash($randomSalt, $newUserPass);
if ($update_stmt = $con->prepare("UPDATE users SET userPass=?, userSalt=? WHERE userID=? LIMIT 1")) {
$update_stmt->bind_param('ssi', $password, $randomSalt, $user_id);
$update_stmt->execute();
$ret[1] = true;
} else {
$ret[1] = -3;
//problem with db
}
}
}
} else {
$ret[1] = -2;
//wrong pass
}
} else {
$ret[0] = -1;
//no user
}
} else {
$ret[0] = -3;
//problem with db
}
} else {
$ret[0] = -6;
//no change value given
}
return $ret;
}
/**
* Create a new account
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function store(Request $request, ReservedSubdomain $reserved_subdomain)
{
// [
// "full_name" => "Nick Law"
// "organisation" => "Stryve Technologies"
// "subdomain" => "stryve-tech-123"
// "phone" => "0423 640 190"
// "email" => "*****@*****.**"
// ]
// sanitize passed params and get geo data
$request = $this->account->sanitizeAndExpandRegistrationRequest($request);
dd($request);
// Check email address id valid
if (!isValidEmailAddress($request->email)) {
throw new HttpBadRequestException('Invalid email address.', 4002);
}
// check subdomain meets length and regex specifications
if (!$this->account->isValidSubdomain($request->subdomain)) {
throw new HttpBadRequestException('Invalid subdomain.', 4003);
}
// check subdomain is not already taken or reserved
if ($this->account->exists($request->subdomain) || $reserved_subdomain->isReserved($request->subdomain)) {
throw new HttpConflictException('Account already exists.', 4091);
}
// begin database transactions
DB::transaction(function () {
// create new user
// create new account
// create account email addresses
});
// set the connection options
$options = ['database' => $database, 'prefix' => $database_prefix];
// get the default connection detail so we can revert back
$defaultConnection = getDefaultDatabaseConnetion();
// set the new connection
setDatabaseConnetion($database, $options);
// create the new tenants database
$this->tenant->createNewTenantDatabase($database);
// run the new tenant migration
$this->tenant->runNewTenantMigration($database);
// \DB::disconnect($request->database);
// dd(\DB::connection('svr1'));
// run new tenant seeder
$this->tenant->runNewTenantTableSeeder($database);
// reset the default database connection
// setDatabaseConnetion($defaultConnection['connection'], $defaultConnection['options']);
// $default = \Config::get('database.default');
// dd(\Config::get('database.connections.' . $default));
exit('done');
// \DB::statement(\DB::raw('CREATE DATABASE ' . $request->database));
// \Artisan::call('migrate', [
// '--database' => $request->database,
// '--path' => 'app/Stryve/Database/Migrations/Tenant'
// ]);
//
/***/
// // Will contain the array of connections that appear in our database config file.
// $connections = \Config::get('database.connections');
// // This line pulls out the default connection by key (by default it's `mysql`)
// $defaultConnection = $connections[\Config::get('database.default')];
// // Now we simply copy the default connection information to our new connection.
// $newConnection = $defaultConnection;
// $options = [
// 'database' => $request->database,
// 'prefix' => $request->database_prefix
// ];
// // Override the database name.
// foreach($newConnection as $item => $value)
// $newConnection[$item] = isset($options[$item]) ? $options[$item] : $newConnection[$item];
// // dd($newConnection);
// // $newConnection['database'] = $request->database;
// // This will add our new connection to the run-time configuration for the duration of the request.
// \Config::set('database.connections.'.$request->database, $newConnection);
/***/
// count number of table from each database server
// select database server with the least number of databases
// // set the default connections options so we can revert back
// $conn_name = \Config::get('database.default');
// $defaultOptions = \Config::get('database.connections.'.$conn_name);
// // clone the default options
// $default = $defaultOptions;
// // the new conneciton options
// $options = [
// 'database' => $request->database,
// 'prefix' => $request->database_prefix
// ];
// // replace default options
// foreach($default as $item => $value)
// $default[$item] = isset($options[$item]) ? $options[$item] : $default[$item];
// // set the new connection
// \Config::set('database.connections.'.$conn_name, $default);
// try inserting new tenant DB
\DB::statement(\DB::raw('CREATE DATABASE ' . $request->database));
// dd(\Config::get('database.connections.db_svr_0'));
// $this->tenant->runNewTenantMigration($request->database);
// run new tenant migration
\Artisan::call('migrate', ['--database' => $conn->getConnectionName(), '--path' => 'app/Stryve/Database/Migrations/Tenant']);
// \Config::set('database.connections.'.\Config::get('database.default'), $defaultConnection);
// dd(\Config::get('database.connections.'.\Config::get('database.default')));
exit('done');
// set the connection to insert the new tenant database
// $connection = new ConnectOTF($options); // $this->tenant->setNewDbConnection($request);
// dd($connection->getDefaultOptions());
// create new tenant database
// $connection->createDatabase($request->database);
// dd(\Config::get('database.connections.'.$connection->getConnectionName()));
// perform initaial database table migration
// perform initial database seed
// reset the connection bac to its default
// $connection->getConnection()->resetDefaultConnection();
// add request data to stryve_admin database
// \Artisan::call('migrate:rollback');
}
function scrubData($string, $type = "text")
{
switch ($type) {
case "text":
// magic quotes test
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
$string = strip_tags($string);
$string = htmlspecialchars($string, ENT_QUOTES);
break;
case "richtext":
// magic quotes test
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
break;
case "email":
// magic quotes test
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
//removes any tags protecting against javascript injection
$string = strip_tags($string);
//checks to see if the email is in valid email format, if not return a blank string
if (!isValidEmailAddress($string)) {
$string = '';
}
break;
case "integer":
// this just makes it into a whole number; might not be a good solution...
$string = round($string);
break;
}
return $string;
}
}
$errors = array();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = $_POST['name'];
$title = $_POST['title'];
$email = $_POST['email'];
$body = $_POST['body'];
if (empty($name)) {
$errors['name'] = '名前が入力されていません';
}
if (empty($title)) {
$errors['title'] = '件名が入力されていません';
}
if (empty($email)) {
$errors['email'] = 'メールアドレスが入力されていません';
} elseif (!isValidEmailAddress($email)) {
$errors['email'] = 'メールアドレスの形式が間違っています。';
}
if (empty($body)) {
$errors['body'] = '本文が入力されていません';
}
if (empty($errors)) {
$to = "*****@*****.**";
if (!sendMail($name, $email, $to, $title, $body)) {
$errors['sendmail'] = "何らかの原因でメールが遅れませんでした。";
} else {
header('Location: inquery-complate.html');
}
}
}
?>
/**
* force inline login if user isn't authenticated
* only return after successful login
*/
function login($inline = true)
{
global $MESSAGES;
$logged_in = false;
if (!$this->registered) {
$errors = array();
//lets see if we are processing a login?
if (isset($_POST['email'])) {
$email = stripslashes(trim($_POST['email']));
$password = stripslashes(trim($_POST['password']));
$remember_me = isset($_POST['remember_me']) ? 1 : 0;
$db = $this->_getDB();
$sql = "";
if (isValidEmailAddress($email)) {
$sql = 'select * from user where email=' . $db->Quote($email) . ' limit 1';
} elseif (isValidRealName($email)) {
$sql = 'select * from user where nickname=' . $db->Quote($email) . ' limit 1';
}
if (strlen($sql)) {
//user registered?
$arr = $db->GetRow($sql);
if (count($arr)) {
$md5password = hash_hmac('md5', $password, $arr['salt']);
//passwords match?
if ($arr['password'] == $md5password) {
//final test = if they have no rights, they haven't confirmed
//their registration
if (strlen($arr['rights'])) {
//copy user fields into this object
foreach ($arr as $name => $value) {
if (!is_numeric($name)) {
$this->{$name} = $value;
}
}
//temporary nickname fix for beta accounts
if (strlen($this->nickname) == 0) {
$this->nickname = str_replace(" ", "", $this->realname);
}
//give user a remember me cookie?
if ($remember_me) {
$token = md5(uniqid(rand(), 1));
$db->query("insert into autologin(user_id,token) values ('{$this->user_id}', '{$token}')");
setcookie('autologin', $this->user_id . '_' . $token, time() + 3600 * 24 * 365, '/');
}
//we're changing privilege state, so we should
//generate a new session id to avoid fixation attacks
session_regenerate_id();
$this->registered = true;
$logged_in = true;
//log into forum too
$this->_forumLogin();
if (isset($_SESSION['maptt'])) {
unset($_SESSION['maptt']);
}
} else {
$errors['general'] = sprintf($MESSAGES['class_user']['must_confirm'], $email);
}
} else {
//speak friend and enter
$errors['password'] = $MESSAGES['class_user']['invalid_password'];
}
} else {
//sorry son, your name's not on the list
$errors['email'] = $MESSAGES['class_user']['user_unknown'];
}
} else {
$errors['email'] = $MESSAGES['class_user']['user_invalid'];
}
}
//failure to login means we never return - we show a login page
//instead...
if (!$logged_in) {
$smarty = new GeoGraphPage();
$smarty->assign('remember_me', isset($_COOKIE['autologin']) ? 1 : 0);
$smarty->assign('inline', $inline);
$smarty->assign('email', $email);
$smarty->assign('password', $password);
$smarty->assign('errors', $errors);
$smarty->assign_by_ref('_post', $_POST);
$smarty->display('login.tpl');
exit;
}
} else {
$logged_in = true;
}
//we're logged in
return $logged_in;
}
*/
require_once 'geograph/global.inc.php';
require_once 'geograph/security.inc.php';
include_messages('contact');
init_session();
$smarty = new GeographPage();
if (isset($_POST['msg'])) {
//get the inputs
$msg = stripslashes(trim($_POST['msg']));
$from = stripslashes(trim($_POST['from']));
$subject = stripslashes(trim($_POST['subject']));
$smarty->assign('msg', $msg);
$smarty->assign('from', $from);
$smarty->assign('subject', $subject);
//ensure we only got one from line
if (isValidEmailAddress($from)) {
if (strlen($msg)) {
if (strlen($subject) == 0) {
$subject = 'Re: ' . $_SERVER['HTTP_HOST'];
}
$msg .= "\n\n-------------------------------\n";
$msg .= "Referring page: " . $_POST['referring_page'] . "\n";
if ($_SESSION['user']->user_id) {
$msg .= "User profile: http://{$_SERVER['HTTP_HOST']}/profile/{$_SESSION['user']->user_id}\n";
}
$msg .= "Browser: " . $_SERVER['HTTP_USER_AGENT'] . "\n";
$envfrom = is_null($CONF['mail_envelopefrom']) ? null : "-f {$CONF['mail_envelopefrom']}";
$encsubject = mb_encode_mimeheader($CONF['mail_subjectprefix'] . $subject, $CONF['mail_charset'], $CONF['mail_transferencoding']);
$mime = "MIME-Version: 1.0\n" . "Content-Type: text/plain; charset={$CONF['mail_charset']}\n" . "Content-Disposition: inline\n" . "Content-Transfer-Encoding: 8bit";
mail($CONF['contact_email'], $encsubject, $msg, 'From: ' . $from . "\n" . $mime, $envfrom);
$smarty->assign('message_sent', true);