Esempi in PHP per sanitize_id

Esempio n. 1

File: _profile.php Progetto: khaledkhalil94/SH.A

    case 'feed':
        $data = $_POST;
        unset($data['action']);
        $user_id = $data['user_id'] ?? USER_ID;
        $content = $data['content'];
        $token = $data['token'];
        $now = getNow();
        // check token validation
        if (!Token::validateToken($token)) {
            die(json_encode(['status' => false, 'err' => 'Token is not valid.']));
        }
        $database = new Database();
        $data = ['user_id' => $user_id, 'content' => $content, 'poster_id' => USER_ID, 'date' => $now];
        $insert = $database->insert_data(TABLE_ACTIVITY, $data);
        if ($insert === true) {
            $id = $database->lastId;
            die(json_encode(['status' => true, 'id' => $id]));
        }
    case 'get_post':
        $id = sanitize_id($_GET['id']);
        $post = new Post();
        $comment = $post->get_post($id);
        if (is_object($comment)) {
            die(json_encode($comment));
        } else {
            die(json_encode(['status' => false, 'err' => $comment]));
        }
        break;
    default:
        break;
}

Esempio n. 2

File: message.php Progetto: khaledkhalil94/SH.A

<?php

require_once $_SERVER["DOCUMENT_ROOT"] . "/src/init.php";
if (!$session->is_logged_in()) {
    Redirect::redirectTo("/signup.php");
}
if (!isset($_GET['msg'])) {
    Redirect::redirectTo("../messages");
}
$msgid = sanitize_id($_GET['msg']);
$message = Messages::getMsg($msgid);
if (!$message) {
    Redirect::redirectTo('');
}
$pageTitle = "Messages";
if (!$message) {
    $session->message("Message was not found", "../messages", "warning");
}
Messages::msgSeen(USER_ID, $msgid);
$self = USER_ID == $message->u_id ? true : false;
$arch = $message->deleted == 1 ? true : false;
$staff = $message->ual == 1 ? true : false;
$img_path = $message->img_path;
$date = $message->date;
$sec = "messages";
include ROOT_PATH . "inc/head.php";
?>
<div class="ui container section messages">
	<?php 
echo msgs();
?>

Esempio n. 3

File: _question.php Progetto: khaledkhalil94/SH.A

     $PostID = sanitize_id($data['id']);
     $QNA = new QNA($PostID);
     // check if question exists
     $question = $QNA->get_question();
     if (!is_object($question)) {
         die(json_encode(['status' => false, 'err' => 'Question was not found.']));
     }
     $save = QNA::remove_saved($PostID);
     if ($save === true) {
         die(json_encode(['status' => true]));
     } else {
         die(json_encode(['status' => false, 'err' => $save]));
     }
     break;
 case 'post_delete':
     $PostID = sanitize_id($data['id']);
     $post = new Post();
     // check if post exists
     $post = $post->get_post($PostID, true);
     if (!is_array($post)) {
         die(json_encode(['status' => false, 'err' => 'Post was not found.']));
     }
     if (USER_ID !== $post['user_id'] && USER_ID !== $post['poster_id']) {
         die(json_encode(['status' => false, 'id' => $PostID, 'err' => 'Authentication error.']));
     }
     $post = new Post();
     $post->PostID = $PostID;
     $delete = $post->delete();
     if ($delete === true) {
         die(json_encode(['status' => true]));
     }

Esempio n. 4

File: compose.php Progetto: khaledkhalil94/SH.A

<?php

require_once $_SERVER["DOCUMENT_ROOT"] . "/src/init.php";
//if (!isset($_GET['to'])) exit("404");
$user_id = isset($_GET['to']) ? sanitize_id($_GET['to']) : null;
if (USER_ID == $user_id) {
    $session->message("You can't send a message to yourself.", ".");
}
if (isset($_POST['submit'])) {
    if (!empty(trim($_POST['subject']))) {
        $_POST['id'] = mt_rand(10000, 90000);
        Messages::sendMsg();
    } else {
        echo "Subject cannot be empty.";
    }
}
?>



<div class="ui segment">
	<form class="ui form" id="msg_compose" action="#">
		<div class="field">
			<label>Send to</label>
			<div class="ui search">
				<div class="ui icon input" id="msg_sendto">
					<input name="send_to" class="prompt" type="text" placeholder="Search by username or ID">
					<i class="search icon"></i>
				</div>
				<div class="results"></div>
			</div>

Esempio n. 5

File: post.php Progetto: khaledkhalil94/SH.A

<?php

require_once $_SERVER["DOCUMENT_ROOT"] . "/src/init.php";
$PostID = sanitize_id($_GET['post_id']);
if (!$PostID) {
    Redirect::redirectTo();
}
$post = new Post();
$post = $post->get_post($PostID);
if (!is_object($post)) {
    Redirect::redirectTo();
}
$self_p = $post->user_id === $post->poster_id ? true : false;
$self = $post->user_id === USER_ID ? true : false;
if (USER_ID) {
    $voted = QNA::has_voted($PostID, USER_ID);
}
$votes_count = QNA::get_votes($PostID) ?: "0";
$comments = Comment::get_comments($post->id);
include ROOT_PATH . "inc/head.php";
?>

<body>
	<div class="user-feed post ui container section">
		<div class="feed-post ui segment" id="post-page" post-id="<?php 
echo $post->id;
?>
">
			<?php 
if ($self || $post->poster_id === USER_ID) {
    ?>

Esempio n. 6

File: convo.php Progetto: khaledkhalil94/SH.A

<?php

require_once $_SERVER["DOCUMENT_ROOT"] . "/src/init.php";
$user_id = sanitize_id($_GET['pm']);
$user = new User($user_id);
$user = $user->user;
if (!$user) {
    Redirect::redirectTo('404');
}
$staff = $user->ual == 1 ? true : false;
if (USER_ID == $user_id) {
    Redirect::redirectTo();
}
$pageTitle = "Conversations";
$sec = "messages";
include_once ROOT_PATH . "inc/head.php";
$messages = Messages::getConvo(USER_ID, $user_id);
?>

<div class="main">
	<div class="ui container section message-list">
		<?php 
if ($staff) {
    ?>
		<h3>Your messages with the admin.</h3>
		<?php 
} else {
    ?>
		<h3>Your messages with <?php 
    echo View::user($user_id);
    ?>

Esempio n. 7

File: question_user.php Progetto: khaledkhalil94/SH.A

<?php

// The view for the users
$pageTitle = "Stories";
$id = sanitize_id($_GET['id']) ?: null;
$QNA = new QNA();
if (!($q = $QNA->get_question($id))) {
    // if the id is not in the questions database, try to find it in the comment database.
    if ($q = Comment::getComment($id)) {
        $q = $q['post_id'];
        if ($q == $id) {
            Redirect::redirectTo('404');
        }
        Redirect::redirectTo(BASE_URL . "questions/question.php?id={$q}#{$id}");
    } else {
        Redirect::redirectTo('404');
    }
}
if ($q->status != 1 && !($session->adminCheck() || $session->userCheck($q->uid))) {
    Redirect::redirectTo('404');
}
$user = new User($q->uid);
$user = $user->user;
$self = $q->uid === USER_ID;
$voted = QNA::has_voted($id, USER_ID);
$votes_count = QNA::get_votes($id) ?: "0";
$post_date = $q->created;
$post_modified_date = $q->last_modified;
if ($q->last_modified > $q->created) {
    $edited = " (edited <span class='datetime' title=\"{$post_modified_date}\">{$post_modified_date}</span>)";
} else {