public function addOrEdit()
{
if (empty($_POST['web_name'])) {
showMessage('网站名称不能为空!', 'admin_csystem_mweb_base_info.html');
} else {
$web_name = safeString($_POST['web_name']);
}
if (empty($_POST['web_extension'])) {
showMessage('网站扩展名不能为空!', 'admin_csystem_mweb_base_info.html');
} else {
$web_extension = safeString($_POST['web_extension']);
}
$content = safeString($_POST['content']);
$type = safeString($_POST['type']);
//实例化syste模型类
$web_base_info_m = M('system');
$action = $web_base_info_m->judge();
if ($action) {
//如果$action不为空,则表示为更新操作
$this->update_base($web_base_info_m, $action, $web_name, $web_extension, $content, $type);
} else {
//如果为空,则表示为添加操作
$this->insert_base($web_base_info_m, $action, $web_name, $web_extension, $content, $type);
}
}
function insertComment($username, $text) {
// if were not connected, connect.
global $isConnected;
if (isset($isConnected) == false)
connectDb ();
//Escape all strings and use the strip_tags() to be more safe
$safe_strings = TRUE;
function safeString($string){
$string = mysql_real_escape_string(strip_tags($string));
return $string;
}
$username = safeString($username);
$text = safeString($text);
//$username = mysql_real_escape_string($username);
//$ $text = mysql_real_escape_string($text);
// date and time
$date = getCurrentDate();
//Inserts a comment dB.
mysql_query("INSERT INTO comment (`username`, `text`, `date`) VALUES ('$username' , '$text', '$date')")
or die("Something went wrong with the insert query" . mysql_error());
}
/**
* 删除留言逻辑操作
* @return
*/
public function message_delete()
{
$id = intval(safeString($_GET['id']));
$message_m = M('message');
if ($message_m->message_delete($id)) {
showMessage('留言删除成功!', "admin_cmessage_mmessage_list.html");
} else {
showMessage('留言删除失败!', "admin_cmessage_mmessage_list.html");
}
}
function uploadSoaps($filePath)
{
$file = fopen($filePath, "r");
$lineCount = 1;
$index = '';
$timeStart = '';
$frameStart = '';
$timeEnd = '';
$frameEnd = '';
$text = '';
while (!feof($file)) {
$line = safeString(fgets($file));
if ($lineCount == 1) {
$index = $line;
} else {
if ($lineCount == 2) {
$line = explode(' ', $line);
$timeStart = safeString(explode(',', $line[0])[0]);
$frameStart = safeString(explode(',', $line[0])[1]);
$timeEnd = safeString(explode(',', $line[2])[0]);
$frameEnd = safeString(explode(',', $line[2])[1]);
} else {
$text .= ' ' . $line;
}
}
$lineCount++;
if ($line == '') {
addSubtitle(1, 1, $index, $timeStart, $frameStart, $timeEnd, $frameEnd, $text);
$index = '';
$timeStart = '';
$frameStart = '';
$timeEnd = '';
$frameEnd = '';
$text = '';
$lineCount = 1;
}
}
fclose($file);
}
<?php
include_once "session.php";
$ime = safeString($_POST['ime']);
$surname = safeString($_POST['surname']);
$mail = safeString($_POST['mail']);
$pass = safeString($_POST['pass']);
$passCheck = safeString($_POST['passCheck']);
$date = date("Y-m-d");
$slika = "./photos/defaultProfile.png";
$admin = 0;
if (!empty($ime) && !empty($surname) && !empty($mail) && !empty($pass) && !empty($passCheck)) {
if ($pass == $passCheck) {
$passHash = password_hash($pass, PASSWORD_DEFAULT);
$arr = array('ime' => $ime, 'priimek' => $surname, 'pass' => $passHash, 'mail' => $mail, 'slika' => $slika, 'dat' => $date);
$query = "INSERT INTO uporabniki (ime, priimek, pass, mail, slika, reg_date) VALUES(:ime, :priimek, :pass, :mail, :slika, :dat)";
Db::execute($query, $arr);
/* Db::ArrayBinder($query,$arr);
$query->execute();*/
echo "Success";
} else {
echo "PassNoMatch";
}
} else {
echo "Fail";
}
$values['tags'] = $tag_string;
// Output to view
$smarty->assign('values', $values);
}
if (isset($_POST['experiment_create'])) {
$eid = (int) safeString($_POST['id']);
$values = array('name' => safeString($_POST['experiment_name']), 'description' => safeString($_POST['experiment_description']));
updateExperiment($eid, $values);
// Something busted here, also need to account for checkboxes
$tags = getTagsForExperiment($eid);
$tag_list = array();
$new_tags = array();
foreach ($tags as $tag) {
$tag_list[] = $tag['tag'];
}
$tag_submit = safeString($_POST['experiment_tags']);
$tag_submit = explode(",", $tag_submit);
foreach ($tag_submit as $tag) {
if (!in_array($tag, $tag_list) && !in_array($tag, $tag_list)) {
$new_tags[] = array('value' => $tag, 'weight' => 2);
}
}
addTagsToExperiment($eid, $new_tags);
$created = true;
$title = "Successfully Edited Experiment";
}
$smarty->assign('eid', $eid);
$smarty->assign('created', $created);
$smarty->assign('user', $session->getUser());
$smarty->assign('title', 'Edit Experiment');
$smarty->assign('content', $smarty->fetch('experiment-edit.tpl'));
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
require_once 'includes/config.php';
$data = array();
$error = false;
$title = 'Could Not Find Article';
$id = -1;
if (isset($_GET['id'])) {
$id = (int) safeString($_GET['id']);
$data = getArticle($id);
$title = 'News: ' . ucwords($data[0]['title']);
}
if ($id == -1 || $id == "") {
$error = true;
}
$smarty->assign('error', $error);
$smarty->assign('data', $data[0]);
$smarty->assign('user', $session->getUser());
$smarty->assign('title', $title);
$smarty->assign('content', $smarty->fetch('news.tpl'));
$smarty->display('skeleton.tpl');
protected function createFormFields(FormBuilder $form, array $fields, $forceRequired = false)
{
foreach ($fields as $name => $field) {
$options = array();
if (!empty($field['label'])) {
$options['label'] = $field['label'];
}
if (!empty($field['placeholder'])) {
$options['attr']['placeholder'] = $field['placeholder'];
}
if (!empty($field['class'])) {
$options['attr']['class'] = $field['class'];
}
if ($forceRequired || !empty($field['required']) && $field['required'] == true) {
$options['required'] = true;
$options['constraints'][] = new Assert\NotBlank();
} else {
$options['required'] = false;
}
if (!empty($field['choices']) && is_array($field['choices'])) {
// Make the keys more sensible.
$options['choices'] = array();
foreach ($field['choices'] as $option) {
$options['choices'][safeString($option)] = $option;
}
}
if (!empty($field['expanded'])) {
$options['expanded'] = $field['expanded'];
}
if (!empty($field['multiple'])) {
$options['multiple'] = $field['multiple'];
}
// Make sure $field has a type, or the form will break.
if (empty($field['type'])) {
$field['type'] = "text";
} elseif ($field['type'] == "email") {
$options['constraints'][] = new Assert\Email();
}
$form->add($name, $field['type'], $options);
}
return $form;
}
<?php
require_once "praveenlib.php";
require_once "applib.php";
$keys = array("eventId");
$respjson = array("status" => "unprocessed", "errorCode" => 1);
if (checkGET($keys)) {
$conn = connectSQL();
if ($conn) {
$eventId = safeString($conn, $_GET['eventId']);
$sql = "select userId,userName,ticketId from eventregistration where eventId={$eventId} and status=1";
if ($export = $conn->query($sql)) {
$header = '';
$data = '';
while ($fieldinfo = mysqli_fetch_field($export)) {
$header .= $fieldinfo->name . "\t";
}
while ($row = mysqli_fetch_row($export)) {
$line = '';
foreach ($row as $value) {
if (!isset($value) || $value == "") {
$value = "\t";
} else {
$value = str_replace('"', '""', $value);
$value = '"' . $value . '"' . "\t";
}
$line .= $value;
}
$data .= trim($line) . "\n";
}
$data = str_replace("\r", "", $data);
/**
* Get the next record. ('next' is defined as 'first one published after this one')
*/
public function next($field = "datepublish", $where = array())
{
$field = safeString($field);
$params = array($field => '<' . $this->values[$field], 'limit' => 1, 'order' => $field . ' DESC', 'returnsingle' => true);
$next = $this->app['storage']->getContent($this->contenttype['singular_slug'], $params, $dummy, $where);
return $next;
}
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
require_once 'includes/config.php';
require_once 'includes/database.php';
$errors = array();
if (isset($_POST['email'])) {
$email = safeString($_POST['email']);
$tmp = $db->query('select * from users where email="' . $email . '"');
if (isset($tmp[0])) {
$auth = $tmp[0]['auth'];
$subject = 'Password Reset Link';
$message = 'It seems you\'ve forgotten your password. Click <a href="http://isense.cs.uml.edu/reset.php?auth=' . $auth . '"> here </a> to reset your password';
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= 'From: admin@127.0.0.1';
if (mail('"' . $email . '"', $subject, $message, $headers)) {
$smarty->assign('success', 1);
} else {
$smarty->assign('success', 0);
}
} else {
$smarty->assign('success', -1);
/**
* Inserts a linked list to the the different weblogs.
*
* @param array $params
* @param object $smarty
* @return string
*/
function smarty_weblog_list($params, &$smarty)
{
global $PIVOTX;
$params = cleanParams($params);
$aExclude = array();
if (!empty($params['exclude'])) {
$aExclude = explode(",", $params['exclude']);
$aExclude = array_map("trim", $aExclude);
$aExclude = array_map("safe_string", $aExclude);
}
$Current_weblog = $PIVOTX['weblogs']->getCurrent();
$format = getDefault($params['format'], "<li %active%><a href='%link%' title='%payoff%'>%display%</a></li>");
$active = getDefault($params['current'], "class='activepage'");
$output = array();
$weblogs = $PIVOTX['weblogs']->getWeblogs();
//echo "<pre>\n"; print_r($weblogs); echo "</pre>";
foreach ($weblogs as $key => $weblog) {
if (in_array(safeString($weblog['name']), $aExclude)) {
continue;
}
$this_output = $format;
$this_output = str_replace("%link%", $weblog['link'], $this_output);
$this_output = str_replace("%name%", $weblog['name'], $this_output);
$this_output = str_replace("%display%", $weblog['name'], $this_output);
$this_output = str_replace("%payoff%", cleanAttributes($weblog['payoff']), $this_output);
$this_output = str_replace("%internal%", $key, $this_output);
if ($Current_weblog == $key) {
$this_output = str_replace("%active%", $active, $this_output);
} else {
$this_output = str_replace("%active%", "", $this_output);
}
$output[$weblog['name']] .= $this_output;
}
if ($params['sort'] == "title") {
ksort($output);
}
return stripslashes(implode("\n", $output));
}
/**
* Load the configuration from the various YML files.
*/
public function getConfig()
{
$config = array();
// Read the config
$config['general'] = array_merge($this->parseConfigYaml('config.yml'), $this->parseConfigYaml('config_local.yml'));
$config['taxonomy'] = $this->parseConfigYaml('taxonomy.yml');
$tempContentTypes = $this->parseConfigYaml('contenttypes.yml');
$config['menu'] = $this->parseConfigYaml('menu.yml');
$config['routing'] = $this->parseConfigYaml('routing.yml');
$config['permissions'] = $this->parseConfigYaml('permissions.yml');
$config['extensions'] = array();
// fetch the theme config. requires special treatment due to the path
$this->app['resources']->initializeConfig($config);
$paths = $this->app['resources']->getPaths();
$themeConfigFile = $paths['themepath'] . '/config.yml';
$config['theme'] = $this->parseConfigYaml($themeConfigFile, array(), false);
// @todo: If no config files can be found, get them from bolt.cm/files/default/
$this->paths = $this->app['resources']->getPaths();
$this->setDefaults();
// Make sure old settings for 'contentsCss' are still picked up correctly
if (isset($config['general']['wysiwyg']['ck']['contentsCss'])) {
$config['general']['wysiwyg']['ck']['contentsCss'] = array(1 => $config['general']['wysiwyg']['ck']['contentsCss']);
}
// Make sure old settings for 'accept_file_types' are not still picked up. Before 1.5.4 we used to store them
// as a regex-like string, and we switched to an array. If we find the old style, fall back to the defaults.
if (isset($config['general']['accept_file_types']) && !is_array($config['general']['accept_file_types'])) {
unset($config['general']['accept_file_types']);
}
// Merge the array with the defaults. Setting the required values that aren't already set.
$config['general'] = array_merge_recursive_distinct($this->defaultConfig, $config['general']);
// Make sure the cookie_domain for the sessions is set properly.
if (empty($config['general']['cookies_domain'])) {
if (isset($_SERVER['HTTP_HOST'])) {
$hostname = $_SERVER['HTTP_HOST'];
} elseif (isset($_SERVER['SERVER_NAME'])) {
$hostname = $_SERVER['SERVER_NAME'];
} else {
$hostname = '';
}
// Don't set the domain for a cookie on a "TLD" - like 'localhost', or if the server_name is an IP-address
if (strpos($hostname, '.') > 0 && preg_match("/[a-z0-9]/i", $hostname)) {
if (preg_match("/^www[0-9]*./", $hostname)) {
$config['general']['cookies_domain'] = '.' . preg_replace("/^www[0-9]*./", '', $hostname);
} else {
$config['general']['cookies_domain'] = '.' . $hostname;
}
// Make sure we don't have consecutive '.'-s in the cookies_domain..
$config['general']['cookies_domain'] = str_replace('..', '.', $config['general']['cookies_domain']);
} else {
$config['general']['cookies_domain'] = '';
}
}
// Make sure Bolt's mount point is OK:
$config['general']['branding']['path'] = '/' . safeString($config['general']['branding']['path']);
// Make sure $config['taxonomy'] is an array. (if the file is empty, YAML parses it as NULL)
if (empty($config['taxonomy'])) {
$config['taxonomy'] = array();
}
// Clean up taxonomies
foreach ($config['taxonomy'] as $key => $value) {
if (!isset($config['taxonomy'][$key]['name'])) {
$config['taxonomy'][$key]['name'] = ucwords($config['taxonomy'][$key]['slug']);
}
if (!isset($config['taxonomy'][$key]['singular_name'])) {
if (isset($config['taxonomy'][$key]['singular_slug'])) {
$config['taxonomy'][$key]['singular_name'] = ucwords($config['taxonomy'][$key]['singular_slug']);
} else {
$config['taxonomy'][$key]['singular_name'] = ucwords($config['taxonomy'][$key]['slug']);
}
}
if (!isset($config['taxonomy'][$key]['slug'])) {
$config['taxonomy'][$key]['slug'] = strtolower(safeString($config['taxonomy'][$key]['name']));
}
if (!isset($config['taxonomy'][$key]['singular_slug'])) {
$config['taxonomy'][$key]['singular_slug'] = strtolower(safeString($config['taxonomy'][$key]['singular_name']));
}
if (!isset($config['taxonomy'][$key]['has_sortorder'])) {
$config['taxonomy'][$key]['has_sortorder'] = false;
}
// Make sure the options are $key => $value pairs, and not have implied integers for keys.
if (!empty($config['taxonomy'][$key]['options']) && is_array($config['taxonomy'][$key]['options'])) {
$options = array();
// FIXME using $value variable seems bad idea because of outer loop uses too
foreach ($config['taxonomy'][$key]['options'] as $optionkey => $value) {
if (is_numeric($optionkey)) {
$optionkey = makeSlug($value);
// was: strtolower(safeString($value));
}
$options[$optionkey] = $value;
}
$config['taxonomy'][$key]['options'] = $options;
}
// If taxonomy is like tags, set 'tagcloud' to true by default.
if ($config['taxonomy'][$key]['behaves_like'] == 'tags' && !isset($config['taxonomy'][$key]['tagcloud'])) {
$config['taxonomy'][$key]['tagcloud'] = true;
}
}
// Clean up contenttypes
$config['contenttypes'] = array();
foreach ($tempContentTypes as $key => $temp) {
// If the slug isn't set, and the 'key' isn't numeric, use that as the slug.
if (!isset($temp['slug']) && !is_numeric($key)) {
$temp['slug'] = makeSlug($key);
}
// If neither 'name' nor 'slug' is set, we need to warn the user. Same goes for when
// neither 'singular_name' nor 'singular_slug' is set.
if (!isset($temp['name']) && !isset($temp['slug'])) {
$error = sprintf("In contenttype <code>%s</code>, neither 'name' nor 'slug' is set. Please edit <code>contenttypes.yml</code>, and correct this.", $key);
$llc = new Configuration\LowlevelChecks($this->app['resources']);
$llc->lowlevelError($error);
}
if (!isset($temp['singular_name']) && !isset($temp['singular_slug'])) {
$error = sprintf("In contenttype <code>%s</code>, neither 'singular_name' nor 'singular_slug' is set. Please edit <code>contenttypes.yml</code>, and correct this.", $key);
$llc = new Configuration\LowlevelChecks($this->app['resources']);
$llc->lowlevelError($error);
}
if (!isset($temp['slug'])) {
$temp['slug'] = makeSlug($temp['name']);
}
if (!isset($temp['singular_slug'])) {
$temp['singular_slug'] = makeSlug($temp['singular_name']);
}
if (!isset($temp['show_on_dashboard'])) {
$temp['show_on_dashboard'] = true;
}
if (!isset($temp['show_in_menu'])) {
$temp['show_in_menu'] = true;
}
if (!isset($temp['sort'])) {
$temp['sort'] = '';
}
if (!isset($temp['default_status'])) {
$temp['default_status'] = 'draft';
}
// Make sure all fields are lowercase and 'safe'.
$tempfields = $temp['fields'];
$temp['fields'] = array();
// Set a default group and groups array.
$currentgroup = false;
$temp['groups'] = array();
foreach ($tempfields as $key => $value) {
// FIXME Fix name 'keys' for fields
$key = str_replace('-', '_', strtolower(safeString($key, true)));
$temp['fields'][$key] = $value;
// If field is a "file" type, make sure the 'extensions' are set, and it's an array.
if ($temp['fields'][$key]['type'] == 'file' || $temp['fields'][$key]['type'] == 'filelist') {
if (empty($temp['fields'][$key]['extensions'])) {
$temp['fields'][$key]['extensions'] = array_intersect(array('doc', 'docx', 'txt', 'md', 'pdf', 'xls', 'xlsx', 'ppt', 'pptx', 'csv'), $config['general']['accept_file_types']);
}
if (!is_array($temp['fields'][$key]['extensions'])) {
$temp['fields'][$key]['extensions'] = array($temp['fields'][$key]['extensions']);
}
}
// If field is an "image" type, make sure the 'extensions' are set, and it's an array.
if ($temp['fields'][$key]['type'] == 'image' || $temp['fields'][$key]['type'] == 'imagelist') {
if (empty($temp['fields'][$key]['extensions'])) {
$temp['fields'][$key]['extensions'] = array_intersect(array('gif', 'jpg', 'jpeg', 'png'), $config['general']['accept_file_types']);
}
if (!is_array($temp['fields'][$key]['extensions'])) {
$temp['fields'][$key]['extensions'] = array($temp['fields'][$key]['extensions']);
}
}
// If the field has a 'group', make sure it's added to the 'groups' array, so we can turn
// them into tabs while rendering. This also makes sure that once you started with a group,
// all others have a group too.
if (!empty($temp['fields'][$key]['group'])) {
$currentgroup = $temp['fields'][$key]['group'];
$temp['groups'][] = $currentgroup;
} else {
$temp['fields'][$key]['group'] = $currentgroup;
}
}
// Make sure the 'uses' of the slug is an array.
if (isset($temp['fields']['slug']) && isset($temp['fields']['slug']['uses']) && !is_array($temp['fields']['slug']['uses'])) {
$temp['fields']['slug']['uses'] = array($temp['fields']['slug']['uses']);
}
// Make sure taxonomy is an array.
if (isset($temp['taxonomy']) && !is_array($temp['taxonomy'])) {
$temp['taxonomy'] = array($temp['taxonomy']);
}
// when adding relations, make sure they're added by their slug. Not their 'name' or 'singular name'.
if (!empty($temp['relations']) && is_array($temp['relations'])) {
// FIXME using variable $key seems a bad idea while outer loop uses the same
foreach ($temp['relations'] as $key => $relation) {
if ($key != makeSlug($key)) {
$temp['relations'][makeSlug($key)] = $temp['relations'][$key];
unset($temp['relations'][$key]);
}
}
}
// Make sure the 'groups' has unique elements, if there are any.
if (!empty($temp['groups'])) {
$temp['groups'] = array_unique($temp['groups']);
} else {
unset($temp['groups']);
}
$config['contenttypes'][$temp['slug']] = $temp;
}
// Set all the distinctive arrays as part of our Config object.
$this->data = $config;
}
}
if ($description == '') {
array_push($errors, 'The video description can not be blank.');
}
$values['description'] = $description;
$citystate = '';
if (isset($_POST['video_citystate'])) {
$citystate = safeString($_POST['video_citystate']);
}
if ($citystate == '') {
array_push($errors, 'The video city and states can not be blank.');
}
$values['citystate'] = $citystate;
$street = '';
if (isset($_POST['video_street'])) {
$street = safeString($_POST['video_street']);
}
if ($street == '') {
array_push($errors, 'The video street scan not be blank.');
}
$values['street'] = $street;
if (!isset($_FILES['video_file'])) {
array_push($errors, 'No session file was entered.');
}
if (strpos($_FILES['video_file']['type'], "video") === FALSE) {
array_push($errors, 'The file you uploaded is not a video');
}
if (count($errors) == 0) {
/* Might want to check the move code, this could cause colisions */
$target_path = '/tmp/';
$target_path = $target_path . basename($_FILES['video_file']['name']);
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
require_once '../includes/config.php';
if (isset($_GET['action']) && isset($_GET['follower']) && isset($_GET['followee'])) {
$result = false;
$action = safeString($_GET['action']);
$follower = safeString($_GET['follower']);
$followee = safeString($_GET['followee']);
switch ($action) {
case "follow":
$result = addGraphEdge($follower, $followee);
break;
case "unfollow":
$result = deleteGraphEdge($follower, $followee);
break;
}
if ($result) {
echo "worked!";
} else {
echo "failed!";
}
}
public function getContent($contenttypeslug, $parameters = "", &$pager = array())
{
global $app;
$returnsingle = false;
// Some special cases, like 'entry/1' or 'page/about' need to be caught before further processing.
if (preg_match('#^([a-z0-9_-]+)/([0-9]+)$#i', $contenttypeslug, $match)) {
// like 'entry/12'
$contenttypeslug = $match[1];
$parameters['id'] = $match[2];
$returnsingle = true;
} else {
if (preg_match('#^([a-z0-9_-]+)/([a-z0-9_-]+)$#i', $contenttypeslug, $match)) {
// like 'page/lorem-ipsum-dolor'
$contenttypeslug = $match[1];
$parameters['slug'] = $match[2];
$returnsingle = true;
} else {
if (preg_match('#^([a-z0-9_-]+)/(latest|first)/([0-9]+)$#i', $contenttypeslug, $match)) {
// like 'page/lorem-ipsum-dolor'
$contenttypeslug = $match[1];
$parameters['order'] = 'datecreated ' . ($match[2] == "latest" ? "DESC" : "ASC");
$parameters['limit'] = $match[3];
}
}
}
$limit = !empty($parameters['limit']) ? $parameters['limit'] : 100;
$page = !empty($parameters['page']) ? $parameters['page'] : 1;
// If we're allowed to use pagination, use the 'page' parameter.
if (!empty($parameters['paging'])) {
$page = !empty($_REQUEST['page']) ? $_REQUEST['page'] : $page;
}
$contenttype = $this->getContentType($contenttypeslug);
// If we can't match to a valid contenttype, return (undefined) content;
if (!$contenttype) {
$emptycontent = new Content('', $contenttypeslug);
$app['log']->add("Storage: No valid contenttype '{$contenttypeslug}'");
return $emptycontent;
}
// If requesting something with a content-type slug in singular, return only the first item.
if ($contenttype['singular_slug'] == $contenttypeslug || isset($parameters['returnsingle'])) {
$returnsingle = true;
}
$tablename = $this->prefix . $contenttype['slug'];
// for all the non-reserved parameters that are fields, we assume people want to do a 'where'
foreach ($parameters as $key => $value) {
if (in_array($key, array('order', 'where', 'limit', 'offset'))) {
continue;
// Skip this one..
}
if (!in_array($key, $this->getContentTypeFields($contenttype['slug'])) && !in_array($key, array("id", "slug", "datecreated", "datechanged", "username", "status"))) {
continue;
// Also skip if 'key' isn't a field in the contenttype.
}
$where[] = $this->parseWhereParameter($key, $value);
}
// If we need to filter, add the WHERE for that.
// InnoDB doesn't support full text search. WTF is up with that shit?
if (!empty($parameters['filter'])) {
$filter = safeString($parameters['filter']);
$filter_where = array();
foreach ($contenttype['fields'] as $key => $value) {
if (in_array($value['type'], array('text', 'textarea', 'html'))) {
$filter_where[] = sprintf("`%s` LIKE '%%%s%%'", $key, $filter);
}
}
if (!empty($filter_where)) {
$where[] = "(" . implode(" OR ", $filter_where) . ")";
}
}
$queryparams = "";
// implode 'where'
if (!empty($where)) {
$queryparams .= " WHERE (" . implode(" AND ", $where) . ")";
}
// Order
if (!empty($parameters['order'])) {
$order = safeString($parameters['order']);
if ($order[0] == "-") {
$order = substr($order, 1) . " DESC";
}
$queryparams .= " ORDER BY " . $order;
}
// Make the query for the pager..
$pagerquery = "SELECT COUNT(*) AS count FROM {$tablename}" . $queryparams;
// Add the limit
$queryparams .= sprintf(" LIMIT %s, %s;", ($page - 1) * $limit, $limit);
// Make the query to get the results..
$query = "SELECT * FROM {$tablename}" . $queryparams;
if (!$returnsingle) {
// echo "<pre>" . util::var_dump($query, true) . "</pre>";
}
$rows = $this->db->fetchAll($query);
// Make sure content is set, and all content has information about its contenttype
$content = array();
foreach ($rows as $key => $value) {
$content[$value['id']] = new Content($value, $contenttype);
}
// Make sure all content has their taxonomies
$this->getTaxonomy($content);
// Iterate over the contenttype's taxonomy, check if there's one we can use for grouping.
// If so, iterate over the content, and set ['grouping'] for each unit of content.
// But only if we're not sorting manually (i.e. have a ?order=.. parameter or $parameter['order'] )
if (empty($_GET['order']) && empty($parameters['order']) || $contenttype['sort'] == $parameters['order']) {
$have_grouping = false;
$taxonomy = $this->getContentTypeTaxonomy($contenttypeslug);
foreach ($taxonomy as $taxokey => $taxo) {
if ($taxo['behaves_like'] == "grouping") {
$have_grouping = true;
break;
}
}
if ($have_grouping) {
uasort($content, function ($a, $b) {
if ($a->group == $b->group) {
return 0;
}
return $a->group < $b->group ? -1 : 1;
});
}
}
if (!$returnsingle) {
// Set up the $pager array with relevant values..
$rowcount = $this->db->executeQuery($pagerquery)->fetch();
$pager = array('for' => $contenttypeslug, 'count' => $rowcount['count'], 'totalpages' => ceil($rowcount['count'] / $limit), 'current' => $page, 'showing_from' => ($page - 1) * $limit + 1, 'showing_to' => ($page - 1) * $limit + count($content));
$GLOBALS['pager'][$contenttypeslug] = $pager;
}
// If we requested a singular item..
if ($returnsingle) {
if (util::array_first_key($content)) {
return util::array_first($content);
} else {
$msg = sprintf("Storage: requested specific single content '%s%s%s', not found.", $contenttypeslug, isset($match[2]) ? "/" . $match[2] : "", isset($match[3]) ? "/" . $match[3] : "");
$app['log']->add($msg);
return false;
}
} else {
return $content;
}
}
<?php
include_once "./core/session.php";
include_once "./core/safetyFunctions.php";
$id = safeString($_POST['id']);
$status = safeString($_POST['status']);
$query = "UPDATE events SET status= :status WHERE id = :id";
$arr = array("status" => $status, "id" => $id);
$result = Db::execute($query, $arr);
?>
<?php
require_once 'praveenlib.php';
$conn = connectSQL();
if ($conn) {
$username = safeString($conn, $_POST['username']);
$password = safeString($conn, $_POST['password']);
$sql = "insert into login (username, password) values('{$username}','{$password}'); ";
$conn->query($sql);
if (!$conn->errno) {
$id = mysqli_insert_id($conn);
$sql = "insert into lastlocation VALUES ({$id},'{$username}','0','0')";
$conn->query($sql);
}
} else {
echo $conn->error;
}
/**
* Return a 'safe string' version of a given string.
*
* @see function safeString() in app/classes/lib.php.
*
* @param $str
* @param bool $strict
* @param string $extrachars
* @return string
*/
public function safestring($str, $strict = false, $extrachars = "")
{
return safeString($str, $strict, $extrachars);
}
public function setFromPost($values, $contenttype)
{
global $app;
$values = cleanPostedData($values);
// Some field type need to do things to the POST-ed value.
foreach ($contenttype['fields'] as $fieldname => $field) {
if ($field['type'] == "video" && isset($values[$fieldname])) {
$video = $values[$fieldname];
// update the HTML, according to given width and height
if (!empty($video['width']) && !empty($video['height'])) {
$video['html'] = preg_replace("/width=(['\"])([0-9]+)(['\"])/i", 'width=${1}' . $video['width'] . '${3}', $video['html']);
$video['html'] = preg_replace("/height=(['\"])([0-9]+)(['\"])/i", 'height=${1}' . $video['height'] . '${3}', $video['html']);
}
$responsiveclass = "responsive-video";
// See if it's widescreen or not..
if ($video['width'] / $video['height'] > 1.76) {
$responsiveclass .= " widescreen";
}
if (strpos($video['url'], "vimeo") !== false) {
$responsiveclass .= " vimeo";
}
$video['responsive'] = sprintf('<div class="%s">%s</div>', $responsiveclass, $video['html']);
$values[$fieldname] = $video;
}
}
// TODO: check for allowed file types..
// Handle file-uploads.
if (!empty($_FILES)) {
foreach ($_FILES as $key => $file) {
$filename = sprintf("%s/files/%s/%s", $app['paths']['rootpath'], date("Y-m"), safeString($file['name'][0], false, "[]{}()"));
$basename = sprintf("/%s/%s", date("Y-m"), safeString($file['name'][0], false, "[]{}()"));
if ($file['error'][0] != UPLOAD_ERR_OK) {
$app['log']->add("Upload: Error occured during upload: " . $file['error'][0], 2);
continue;
}
if (substr($key, 0, 11) != "fileupload-") {
$app['log']->add("Upload: skipped an upload that wasn't for Content.", 2);
continue;
}
$fieldname = substr($key, 11);
// Make sure the folder exists.
makeDir(dirname($filename));
// Check if we don't have doubles.
if (is_file($filename)) {
while (is_file($filename)) {
$filename = $this->upcount_name($filename);
$basename = $this->upcount_name($basename);
}
}
if (is_writable(dirname($filename))) {
// Yes, we can create the file!
move_uploaded_file($file['tmp_name'][0], $filename);
$app['log']->add("Upload: uploaded file '{$basename}'.", 2);
$values[$fieldname] = $basename;
} else {
$app['log']->add("Upload: couldn't write upload '{$basename}'.", 2);
}
}
}
$this->setValues($values);
}
<?php
require_once "praveenlib.php";
$keys = array("FBId", "userName", "link");
$respjson = array("userType" => "people", "status" => "unprocessed", "errorCode" => 1);
if (checkPOST($keys)) {
$conn = connectSQL();
if ($conn) {
$fbId = safeString($conn, $_POST['FBId']);
$userName = safeString($conn, $_POST['userName']);
$link = safeString($conn, $_POST['link']);
$sql = "select (id) from users where FBId={$fbId} limit 1";
if ($result = $conn->query($sql)) {
$userCount = $result->num_rows;
if ($userCount == 0) {
$sql = "insert into users(FBId,userName,link) values ({$fbId},'{$userName}','{$link}')";
$result = $conn->query($sql);
if ($result) {
$id = $conn->insert_id;
$respjson['userId'] = $id;
$respjson["status"] = "Success";
$respjson["errorCode"] = 0;
} else {
$respjson["status"] = "SQL error";
$respjson["SqlError"] = $conn->error;
$respjson["errorCode"] = 4;
}
} else {
$row = $result->fetch_array();
$respjson['userId'] = $row["id"];
$respjson["status"] = "Success";
/**
* Check if the current version of the DB is updated to the latest version,
* and update it if it isn't..
*
*/
function checkDBVersion()
{
global $PIVOTX, $dbversion;
if ($PIVOTX['config']->get('db_version') >= $dbversion) {
return;
}
$db_version = $PIVOTX['config']->get('db_version');
$entriestable = safeString($PIVOTX['config']->get('db_prefix') . "entries", true);
$categoriestable = safeString($PIVOTX['config']->get('db_prefix') . "categories", true);
$commentstable = safeString($PIVOTX['config']->get('db_prefix') . "comments", true);
$trackbackstable = safeString($PIVOTX['config']->get('db_prefix') . "trackbacks", true);
$pagestable = safeString($PIVOTX['config']->get('db_prefix') . "pages", true);
$extratable = safeString($PIVOTX['config']->get('db_prefix') . "extrafields", true);
$tagstable = safeString($PIVOTX['config']->get('db_prefix') . "tags", true);
// DB changes from PivotX 2.0 alpha 2 to alpha 3.
if (intval($db_version) < 1) {
debug("now updating DB to version 1..");
// We need to set the URI's for all entries in the DB.
$this->query("SELECT uid,title FROM {$entriestable}");
while ($entry = $this->fetch_row()) {
$uri = makeURI($entry['title']);
$this->query("UPDATE {$entriestable} SET uri=" . $this->quote($uri) . " WHERE uid= " . $entry['uid']);
}
// Add fultext search for entries and pages..
// $this->query("ALTER TABLE $entriestable ADD FULLTEXT(title, subtitle, introduction, body);");
// $this->query("ALTER TABLE $pagestable ADD FULLTEXT(title, subtitle, introduction, body);");
debug("Updated DB to version 1");
$PIVOTX['config']->set('db_version', 1);
}
// DB changes introduced between Alpha 4 and Beta 1.
if (intval($db_version) < 3) {
debug("now updating DB to version 3..");
// Add extrafields field for entries and pages..
$this->query("CREATE TABLE {$extratable} (\n\t\t uid INTEGER PRIMARY KEY,\n\t\t contenttype TEXT NOT NULL,\n\t\t target_uid INTEGER(11) NOT NULL DEFAULT 0,\n\t\t fieldkey TEXT NOT NULL,\n\t\t value TEXT NOT NULL\n\t\t );");
debug("Updated DB to version 3");
$PIVOTX['config']->set('db_version', 3);
}
// DB changes from PivotX 2.0 beta 1 to beta 2.
if (intval($db_version) < 4) {
debug("now updating DB to version 4..");
// Add fultext search for entries and pages..
//$this->query("ALTER TABLE $entriestable DROP INDEX title;");
//$this->query("ALTER TABLE $pagestable DROP INDEX title;");
//$this->query("ALTER TABLE $entriestable ADD FULLTEXT(title, subtitle, introduction, body, keywords);");
//$this->query("ALTER TABLE $pagestable ADD FULLTEXT(title, subtitle, introduction, body, keywords);");
debug("Updated DB to version 4");
$PIVOTX['config']->set('db_version', 4);
}
// DB changes for PivotX 2.0 RC 1d and up.
if (intval($db_version) < 5) {
// Add indices to speed up JOINs..
//$this->query("ALTER TABLE $categoriestable ADD KEY `target_uid` (`target_uid`);");
//$this->query("ALTER TABLE $commentstable ADD KEY `entry_uid` (`entry_uid`);");
//$this->query("ALTER TABLE $commentstable ADD KEY `date` (`date`);");
debug("Updated DB to version 5");
$PIVOTX['config']->set('db_version', 5);
}
// DB changes for PivotX 2.1 and up.
if (intval($db_version) < 6) {
// Add column to store useragent for comments..
// $this->query("ALTER TABLE $commentstable ADD useragent TEXT NOT NULL AFTER ip;");
$this->query("BEGIN TRANSACTION;");
$this->query("CREATE TEMPORARY TABLE t1_backup (\n\t\t\t\t\t \tuid INTEGER PRIMARY KEY,\n\t\t\t\t\t entry_uid INTEGER(11) NOT NULL DEFAULT 0,\n\t\t\t\t\t name TEXT NOT NULL,\n\t\t\t\t\t email TEXT NOT NULL,\n\t\t\t\t\t url TEXT NOT NULL,\n\t\t\t\t\t ip TEXT NOT NULL,\n\t\t\t\t\t date DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',\n\t\t\t\t\t comment TEXT NOT NULL,\n\t\t\t\t\t registered INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t\t notify INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t\t discreet INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t\t moderate INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t\t spamscore INTEGER(4) NOT NULL DEFAULT 0\n\t\t\t\t\t );");
$this->query("INSERT INTO t1_backup SELECT uid,entry_uid,name,email,url,ip,date,comment,registered,notify,discreet,moderate,spamscore FROM {$commentstable};");
$this->query("DROP TABLE {$commentstable};");
$this->query("CREATE TABLE {$commentstable} (\n\t\t\t\t\t \tuid INTEGER PRIMARY KEY,\n\t\t\t\t\t entry_uid INTEGER(11) NOT NULL DEFAULT 0,\n\t\t\t\t\t name TEXT NOT NULL,\n\t\t\t\t\t email TEXT NOT NULL,\n\t\t\t\t\t url TEXT NOT NULL,\n\t\t\t\t\t ip TEXT NOT NULL,\n\t\t\t\t\t useragent TEXT NOT NULL,\n\t\t\t\t\t date DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',\n\t\t\t\t\t comment TEXT NOT NULL,\n\t\t\t\t\t registered INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t\t notify INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t\t discreet INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t\t moderate INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t\t spamscore INTEGER(4) NOT NULL DEFAULT 0\n\t\t\t\t\t );");
$this->query("INSERT INTO {$commentstable} SELECT uid,entry_uid,name,email,url,ip,'',date,comment,registered,notify,discreet,moderate,spamscore FROM t1_backup;");
$this->query("DROP TABLE t1_backup;");
$this->query("COMMIT;");
debug("Updated DB to version 6");
$PIVOTX['config']->set('db_version', 6);
}
if (intval($db_version) < 7) {
// Add column to store moderate for trackbacks..
//$this->query("ALTER TABLE `$trackbackstable` ADD `moderate` TINYINT NOT NULL AFTER `excerpt` ;");
$this->query("BEGIN TRANSACTION;");
$this->query("CREATE TEMPORARY TABLE t1_backup (\n\t\t\t\t\t uid INTEGER PRIMARY KEY,\n\t\t\t\t\t entry_uid INTEGER(11) NOT NULL DEFAULT 0,\n\t\t\t\t\t name TEXT NOT NULL,\n\t\t\t\t\t title TEXT NOT NULL,\n\t\t\t\t\t url TEXT NOT NULL,\n\t\t\t\t\t ip TEXT NOT NULL,\n\t\t\t\t\t date DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',\n\t\t\t\t\t excerpt TEXT NOT NULL,\n\t\t\t\t\t spamscore INTEGER(4) NOT NULL default 0\n\t\t\t\t\t \t);");
$this->query("INSERT INTO t1_backup SELECT uid,entry_uid,name,title,url,ip,date,excerpt,spamscore FROM {$trackbackstable};");
$this->query("DROP TABLE {$trackbackstable};");
$this->query("CREATE TABLE {$trackbackstable} (\n\t\t\t\t\t uid INTEGER PRIMARY KEY,\n\t\t\t\t\t entry_uid INTEGER(11) NOT NULL DEFAULT 0,\n\t\t\t\t\t name TEXT NOT NULL,\n\t\t\t\t\t title TEXT NOT NULL,\n\t\t\t\t\t url TEXT NOT NULL,\n\t\t\t\t\t ip TEXT NOT NULL,\n\t\t\t\t\t date DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',\n\t\t\t\t\t excerpt TEXT NOT NULL,\n\t\t\t\t\t moderate INTEGER(4) NOT NULL default 0,\n\t\t\t\t\t spamscore INTEGER(4) NOT NULL default 0\n\t\t\t\t\t );");
$this->query("INSERT INTO {$trackbackstable} SELECT uid,entry_uid,name,title,url,ip,date,excerpt,0,spamscore FROM t1_backup;");
$this->query("DROP TABLE t1_backup;");
$this->query("COMMIT;");
debug("Updated DB to version 7");
$PIVOTX['config']->set('db_version', 7);
}
if (intval($db_version) < 8) {
// Add Indices to tags table...
//$this->query("ALTER TABLE `$tagstable` ADD INDEX ( `target_uid` ) ;");
//$this->query("ALTER TABLE `$tagstable` ADD INDEX ( `tag`(32) ) ;");
debug("Updated DB to version 8");
$PIVOTX['config']->set('db_version', 8);
}
if (intval($db_version) < 9) {
// Add Indices to extrafields table...
//$this->query("ALTER TABLE `$extratable` ADD INDEX ( `target_uid` ) ;");
//$this->query("ALTER TABLE `$extratable` ADD INDEX ( `fieldkey`(16) ) ;");
// Bob is a moran. Why in the name of sweet jeebus would someone ever define a column name like comment_COUNT as a tinytext. Sheeesh...
// $this->query("ALTER TABLE `$entriestable` CHANGE `comment_count` `comment_count` INT NOT NULL;");
// $this->query("ALTER TABLE `$entriestable` CHANGE `trackback_count` `trackback_count` INT NOT NULL;");
$this->query("BEGIN TRANSACTION;");
$this->query("CREATE TEMPORARY TABLE t1_backup (\n\t\t\t\t\t \t uid INTEGER PRIMARY KEY,\t\t \t \n\t\t\t\t\t\t\t\t title TEXT NOT NULL,\n\t\t\t\t\t uri TEXT NOT NULL,\n\t\t\t\t\t\t\t\t subtitle TEXT NOT NULL,\n\t\t\t\t\t\t\t\t introduction TEXT NOT NULL,\n\t\t\t\t\t\t\t\t body TEXT NOT NULL,\n\t\t\t\t\t convert_lb INTEGER(11) NOT NULL DEFAULT 0,\n\t\t\t\t\t\t\t\t status TEXT NOT NULL,\n\t\t\t\t\t\t\t\t date DATETIME NOT NULL,\n\t\t\t\t\t\t\t\t publish_date DATETIME NOT NULL,\n\t\t\t\t\t\t\t\t edit_date DATETIME NOT NULL,\n\t\t\t\t\t\t\t\t user TEXT NOT NULL,\n\t\t\t\t\t allow_comments INTEGER(11) NOT NULL DEFAULT 0,\n\t\t\t\t\t\t\t\t keywords TEXT NOT NULL,\n\t\t\t\t\t\t\t\t via_link TEXT NOT NULL,\n\t\t\t\t\t\t\t\t via_title TEXT NOT NULL,\n\t\t\t\t\t\t\t\t comment_count INTEGER(11) NOT NULL,\n\t\t\t\t\t\t\t\t comment_names TEXT NOT NULL,\n\t\t\t\t\t\t\t\t trackback_count INTEGER(11) NOT NULL,\n\t\t\t\t\t\t\t\t trackback_names TEXT NOT NULL,\n\t\t\t\t\t\t\t\t extrafields TEXT NOT NULL\n\t\t\t\t\t \t);");
$this->query("INSERT INTO t1_backup SELECT uid,title,uri,subtitle,introduction,body,convert_lb,status,date,publish_date,edit_date,user,allow_comments,keywords,via_link,via_title,comment_count,comment_names,trackback_count,trackback_names,extrafields FROM {$entriestable};");
$this->query("DROP TABLE {$entriestable};");
$this->query("CREATE TABLE {$entriestable} (\n\t\t\t\t\t \t uid INTEGER PRIMARY KEY,\t\t \t \n\t\t\t\t\t\t\t\t title TEXT NOT NULL,\n\t\t\t\t\t uri TEXT NOT NULL,\n\t\t\t\t\t\t\t\t subtitle TEXT NOT NULL,\n\t\t\t\t\t\t\t\t introduction TEXT NOT NULL,\n\t\t\t\t\t\t\t\t body TEXT NOT NULL,\n\t\t\t\t\t convert_lb INTEGER(11) NOT NULL DEFAULT 0,\n\t\t\t\t\t\t\t\t status TEXT NOT NULL,\n\t\t\t\t\t\t\t\t date DATETIME NOT NULL,\n\t\t\t\t\t\t\t\t publish_date DATETIME NOT NULL,\n\t\t\t\t\t\t\t\t edit_date DATETIME NOT NULL,\n\t\t\t\t\t\t\t\t user TEXT NOT NULL,\n\t\t\t\t\t allow_comments INTEGER(11) NOT NULL DEFAULT 0,\n\t\t\t\t\t\t\t\t keywords TEXT NOT NULL,\n\t\t\t\t\t\t\t\t via_link TEXT NOT NULL,\n\t\t\t\t\t\t\t\t via_title TEXT NOT NULL,\n\t\t\t\t\t\t\t\t comment_count INTEGER(11) NOT NULL,\n\t\t\t\t\t\t\t\t comment_names TEXT NOT NULL,\n\t\t\t\t\t\t\t\t trackback_count INTEGER(11) NOT NULL,\n\t\t\t\t\t\t\t\t trackback_names TEXT NOT NULL,\n\t\t\t\t\t\t\t\t extrafields TEXT NOT NULL\n\t\t\t\t\t );");
$this->query("INSERT INTO {$entriestable} SELECT uid,title,uri,subtitle,introduction,body,convert_lb,status,date,publish_date,edit_date,user,allow_comments,keywords,via_link,via_title,comment_count,comment_names,trackback_count,trackback_names,extrafields FROM t1_backup;");
$this->query("DROP TABLE t1_backup;");
$this->query("COMMIT;");
debug("Updated DB to version 9");
$PIVOTX['config']->set('db_version', 9);
}
if (intval($db_version) < 10) {
// Add column to category for entrytypes..
// $this->query("ALTER TABLE `$categoriestable` ADD `contenttype` TINYTEXT NOT NULL AFTER `uid` ;");
// $this->query("UPDATE `$categoriestable` SET `contenttype` = 'entry' WHERE 1;");
$this->query("BEGIN TRANSACTION;");
$this->query("CREATE TEMPORARY TABLE t1_backup (\n\t\t\t\t uid INTEGER PRIMARY KEY,\n\t\t\t\t category TEXT NOT NULL,\n\t\t\t\t target_uid INTEGER(11) NOT NULL DEFAULT '0'\n\t\t\t\t \t);");
$this->query("INSERT INTO t1_backup SELECT uid,category,target_uid FROM {$categoriestable};");
$this->query("DROP TABLE {$categoriestable};");
$this->query("CREATE TABLE {$categoriestable} (\n\t\t\t\t uid INTEGER PRIMARY KEY,\n\t\t contenttype TEXT NOT NULL,\n\t\t\t\t category TEXT NOT NULL,\n\t\t\t\t target_uid INTEGER(11) NOT NULL DEFAULT '0'\n\t\t\t\t );");
$this->query("INSERT INTO {$categoriestable} SELECT uid, 'entry', category, target_uid FROM t1_backup;");
$this->query("DROP TABLE t1_backup;");
$this->query("COMMIT;");
// Add column to comments for entrytypes..
// $this->query("ALTER TABLE `$commentstable` ADD `contenttype` TINYTEXT NOT NULL AFTER `uid` ;");
// $this->query("UPDATE `$commentstable` SET `contenttype` = 'entry' WHERE 1;");
$this->query("BEGIN TRANSACTION;");
$this->query("CREATE TEMPORARY TABLE t1_backup (\n\t\t\t\t \tuid INTEGER PRIMARY KEY,\n\t\t\t\t entry_uid INTEGER(11) NOT NULL DEFAULT 0,\n\t\t\t\t name TEXT NOT NULL,\n\t\t\t\t email TEXT NOT NULL,\n\t\t\t\t url TEXT NOT NULL,\n\t\t\t\t ip TEXT NOT NULL,\n\t\t\t\t useragent TEXT NOT NULL,\n\t\t\t\t date DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',\n\t\t\t\t comment TEXT NOT NULL,\n\t\t\t\t registered INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t notify INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t discreet INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t moderate INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t spamscore INTEGER(4) NOT NULL DEFAULT 0\n\t\t\t\t \t);");
$this->query("INSERT INTO t1_backup SELECT uid,entry_uid,name,email,url,ip,useragent,date,comment,registered,notify,discreet,moderate,spamscore FROM {$commentstable};");
$this->query("DROP TABLE {$commentstable};");
$this->query("CREATE TABLE {$commentstable} (\n\t\t\t\t \tuid INTEGER PRIMARY KEY,\n\t\t \t\tcontenttype TEXT NOT NULL,\n\t\t\t\t entry_uid INTEGER(11) NOT NULL DEFAULT 0,\n\t\t\t\t name TEXT NOT NULL,\n\t\t\t\t email TEXT NOT NULL,\n\t\t\t\t url TEXT NOT NULL,\n\t\t\t\t ip TEXT NOT NULL,\n\t\t\t\t useragent TEXT NOT NULL,\n\t\t\t\t date DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',\n\t\t\t\t comment TEXT NOT NULL,\n\t\t\t\t registered INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t notify INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t discreet INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t moderate INTEGER(4) NOT NULL DEFAULT 0,\n\t\t\t\t spamscore INTEGER(4) NOT NULL DEFAULT 0\n\t\t\t\t );");
$this->query("INSERT INTO {$commentstable} SELECT uid,'entry',entry_uid,name,email,url,ip,useragent,date,comment,registered,notify,discreet,moderate,spamscore FROM t1_backup;");
$this->query("DROP TABLE t1_backup;");
$this->query("COMMIT;");
debug("Updated DB to version 10");
$PIVOTX['config']->set('db_version', 10);
}
if (intval($db_version) < 11) {
// Add indexes to extrafields..
// This is a huge performance improvement when you query a lot of extrafields
//$this->query("ALTER TABLE `$extratable` ADD INDEX ( `target_uid` );");
// Most fields differ so we want a fulltext here
//$this->query("ALTER TABLE `$extratable` ADD FULLTEXT (`value`);");
debug("Updated DB to version 11");
$PIVOTX['config']->set('db_version', 11);
}
}
<?php
require_once "praveenlib.php";
require_once "applib.php";
$keys = array("eventId", "eventName", "dateTime", "ticketCount");
$respjson = array("status" => "unprocessed", "errorCode" => 1);
if (checkPOST($keys)) {
$conn = connectSQL();
if ($conn) {
$eventId = safeString($conn, $_POST['eventId']);
$eventName = safeString($conn, $_POST['eventName']);
$dateTime = safeString($conn, $_POST['dateTime']);
$ticketCount = safeString($conn, $_POST['ticketCount']);
$sql = "update events set eventName='{$eventName}',eventDate='{$dateTime}',ticketCount={$ticketCount} where eventId={$eventId}";
if ($result = $conn->query($sql)) {
$sql = "select userToken from users where id in (select userId from eventregistration where eventId={$eventId})";
if ($result = $conn->query($sql)) {
$ids = array();
while ($row = $result->fetch_array()) {
$ids[] = $row[0];
}
$retJSON = sendPushNotification($ids, "Event Modified", $eventName . " is Modified");
$respjson["pushReturn"] = $retJSON;
$respjson["status"] = "Success";
$respjson["errorCode"] = 0;
} else {
$respjson["status"] = "SQL error";
$respjson["SqlError"] = $conn->error;
$respjson["errorCode"] = 4;
}
} else {
/**
* Get the parameter for the 'order by' part of a query.
* (tightly coupled to $this->getContent())
*
* @param array $contenttype
* @param string $order_value
* @return string
*/
private function decodeQueryOrder($contenttype, $order_value)
{
$order = false;
if ($order_value === false || $order_value === '') {
if ($this->isValidColumn($contenttype['sort'], $contenttype, true)) {
$order = $this->getEscapedSortorder($contenttype['sort'], false);
}
} else {
$par_order = safeString($order_value);
if ($par_order == 'RANDOM') {
$dboptions = $this->app['config']->getDBOptions();
$order = $dboptions['randomfunction'];
} elseif ($this->isValidColumn($par_order, $contenttype, true)) {
$order = $this->getEscapedSortorder($par_order, false);
}
}
return $order;
}
if ($page == '') {
$page = 1;
}
// Alphanumeric
if (!eregi('^[A-Z0-9]+$', $ASIN)) {
$ASIN = '';
}
// alphabetic ????? why only small letters?
if (!eregi('^[a-z]+$', $mode)) {
$mode = 'Books';
}
// casting? to int
$page = intval($page);
$browseNode = intval($browseNode);
// wtf??? no reference for safeString function
$search = safeString($search);
if (!isset($_SESSION['cart'])) {
session_register('cart');
$_SESSION['cart'] = [];
}
// instead of three if statements I used switch
// more convenient way
switch ($action) {
case 'addtocart':
addToCart($_SESSION['cart'], $ASIN, $mode);
break;
case 'deletefromcart':
deleteFromCart($_SESSION['cart'], $ASIN);
break;
case 'emptycart':
$_SESSION['cart'] = [];
/**
* Makes the HTML for a jtip
*/
function makeJtip($caption, $str)
{
static $tip_id = 0;
$tip_id++;
$caption = str_replace("'", "'", $caption);
$str = str_replace("'", "'", $str);
$id = "tip{$tip_id}_" . safeString($caption, true);
$html = sprintf("<span class='formInfo'><a href='#' class='jTip' name='%s'\n rel='%s' id='%s'><img src='pics/information.png' width='16' height='16' alt='i' /></a></span>\n", $caption, $str, $id);
$html .= sprintf("<noscript>%s</noscript>\n", $str);
return $html;
}
<?php
require_once "praveenlib.php";
require_once "applib.php";
$keys = array("eventId");
$respjson = array("status" => "unprocessed", "errorCode" => 1);
if (checkPOST($keys)) {
$conn = connectSQL();
if ($conn) {
$eventId = safeString($conn, $_POST['eventId']);
$sql = "delete from events where eventId={$eventId}";
if ($result = $conn->query($sql)) {
$sql = "select userToken from users where id in (select userId from eventregistration where eventId={$eventId})";
if ($result = $conn->query($sql)) {
$ids = array();
while ($row = $result->fetch_array()) {
$ids[] = $row[0];
}
$retJSON = sendPushNotification($ids, "Event Removed", $eventName . " is Removed");
$respjson["pushReturn"] = $retJSON;
$respjson["status"] = "Success";
$respjson["errorCode"] = 0;
} else {
$respjson["status"] = "SQL error";
$respjson["SqlError"] = $conn->error;
$respjson["errorCode"] = 4;
}
} else {
$respjson["status"] = "SQL error";
$respjson["SqlError"] = $conn->error;
$respjson['sql'] = $sql;
<?php
require_once "praveenlib.php";
$keys = array("userId");
$respjson = array("status" => "unprocessed", "errorCode" => 1);
if (checkPOST($keys)) {
$conn = connectSQL();
if ($conn) {
$userid = safeString($conn, $_POST['userId']);
$respjson['userId'] = $userid;
$sql = "select eventName,eventId from events WHERE userId={$userid} AND eventDate>NOW()";
if ($result = $conn->query($sql)) {
$respjson["list"] = array();
while ($row = $result->fetch_array()) {
$entry = array($row['eventId'], $row['eventName']);
$respjson["list"][] = $entry;
}
$respjson["status"] = "Success";
$respjson["errorCode"] = 0;
} else {
$respjson["status"] = "SQL error";
$respjson["SqlError"] = $conn->error;
$respjson["errorCode"] = 4;
}
} else {
$respjson["status"] = "SQL Connection error";
$respjson["SqlError"] = $conn->error;
$respjson["errorCode"] = 3;
}
} else {
$respjson["status"] = "insufficient Data";
/**
* Modify a string, so that we can use it for slugs. Like
* safeString, but using hyphens instead of underscores.
*
* @param string $str
* @param int $length
* @internal param string $type
* @return string
*/
function makeSlug($str, $length = 64)
{
$str = safeString(strip_tags($str));
$str = str_replace(" ", "-", $str);
$str = strtolower(preg_replace("/[^a-zA-Z0-9_-]/i", "", $str));
$str = preg_replace("/[-]+/i", "-", $str);
if ($length > 0) {
$str = substr($str, 0, $length);
}
$str = trim($str, " -");
// Make sure it doesn't start or end with '-'..
return $str;
}
protected function trim_file_name($name, $type, $index, $content_range)
{
// Remove path information and dots around the filename, to prevent uploading
// into different directories or replacing hidden system files.
// Also remove control characters and spaces (\x00..\x20) around the filename:
$file_name = trim(basename(stripslashes($name)), "... ");
// Add missing file extension for known image types:
if (strpos($file_name, '.') === false && preg_match('/^image\\/(gif|jpe?g|png)/', $type, $matches)) {
$file_name .= '.' . $matches[1];
}
while (is_dir($this->get_upload_path($file_name))) {
$file_name = $this->upcount_name($file_name);
}
$uploaded_bytes = $this->fix_integer_overflow(intval($content_range[1]));
while (is_file($this->get_upload_path($file_name))) {
if ($uploaded_bytes === $this->get_file_size($this->get_upload_path($file_name))) {
break;
}
$file_name = $this->upcount_name($file_name);
}
// Added for Bolt: Make sure we don't have quotes or other characters we don't want in filenames.
$file_name = safeString($file_name, false, "[]{}()");
return $file_name;
}
