function log_to_db($db) { $ERROR_MSG = "usage logger.php?s=subject&p=predicate&v=value&k=key"; // #1 - grab values from query string $subject = array_key_exists('s', $_GET) ? sanitize_string($_GET['s']) : die($ERROR_MSG); $predicate = array_key_exists('p', $_GET) ? sanitize_string($_GET['p']) : die($ERROR_MSG); $value = array_key_exists('v', $_GET) ? sanitize_string($_GET['v']) : die($ERROR_MSG); $key = array_key_exists('k', $_GET) ? sanitize_string($_GET['k']) : die($ERROR_MSG); $timestamp = time(); // #2 - Check to see if user is authorized // if they are, we should get one match from the table $queryString = "SELECT * FROM AuthKey WHERE username = '******' AND key='{$key}'"; // log the query string for debugging purposes echo "\$queryString={$queryString}<br>"; $result = $db->query($queryString); $numRows = count($result->fetchAll()); // #3 - no match? Exit program! if ($numRows == 0) { die("Bad username or key!"); } // #4 - INSERT values into Triple table $queryString = "INSERT INTO Triple (id, subject, predicate, value, timestamp) VALUES (NULL, '{$subject}', '{$predicate}', '{$value}', '{$timestamp}')"; // log the query string for debugging purposes echo "\$queryString={$queryString}<br>"; $result = $db->query($queryString); }
/** * {@inheritDoc} */ public function destroy($session_id) { global $CONFIG; $id = sanitize_string($session_id); $query = "DELETE FROM {$CONFIG->dbprefix}users_sessions WHERE session='{$id}'"; return (bool) $this->db->deleteData($query); }
/** * Check if a invitation code results in a group * * @param string $invite_code the invite code * @param int $group_guid (optional) the group to check * * @return false|ElggGroup */ function group_tools_check_group_email_invitation($invite_code, $group_guid = 0) { if (empty($invite_code)) { return false; } $group_guid = sanitize_int($group_guid, false); // note not using elgg_get_entities_from_annotations // due to performance issues with LIKE wildcard search // prefetch metastring ids for use in lighter joins instead $name_id = elgg_get_metastring_id('email_invitation'); $code_id = elgg_get_metastring_id($invite_code); $sanitized_invite_code = sanitize_string($invite_code); $options = ['limit' => 1, 'wheres' => ["n_table.name_id = {$name_id} AND (n_table.value_id = {$code_id} OR v.string LIKE '{$sanitized_invite_code}|%')"]]; if (!empty($group_guid)) { $options['annotation_owner_guids'] = [$group_guid]; } // find hidden groups $ia = elgg_set_ignore_access(true); $annotations = elgg_get_annotations($options); if (empty($annotations)) { // restore access elgg_set_ignore_access($ia); return false; } $group = $annotations[0]->getEntity(); if ($group instanceof ElggGroup) { // restore access elgg_set_ignore_access($ia); return $group; } // restore access elgg_set_ignore_access($ia); return false; }
/** * Clean up operations on calendar delete * * @param string $event "delete" * @param string $type "object" * @param ElggEntity $entity Entity being deleted */ function delete_event_handler($event, $type, $entity) { if ($entity instanceof Calendar) { // Do not allow users to delete publi calendars if ($entity->isPublicCalendar() && !elgg_is_admin_logged_in()) { register_error(elgg_echo('events:error:public_calendar_delete')); return false; } // Move all orphaned events to the public calendar $owner = $entity->getContainerEntity(); $public_calendar = Calendar::getPublicCalendar($owner); if (!$public_calendar) { register_error(elgg_echo('events:error:no_public_for_orphans')); return false; } $dbprefix = elgg_get_config('dbprefix'); $relationship_name = sanitize_string(Calendar::EVENT_CALENDAR_RELATIONSHIP); $calendar_subtype_id = (int) get_subtype_id('object', Calendar::SUBTYPE); // Get all events that do not appear on container's other calendars $events = new ElggBatch('elgg_get_entities_from_relationship', array('types' => 'object', 'subtypes' => Event::SUBTYPE, 'relationship' => Calendar::EVENT_CALENDAR_RELATIONSHIP, 'relationship_guid' => $entity->guid, 'inverse_relationship' => true, 'limit' => 0, 'wheres' => array("NOT EXISTS(SELECT * FROM {$dbprefix}entity_relationships er2\n\t\t\t\t\tJOIN {$dbprefix}entities e2 ON er2.guid_two = e2.guid\n\t\t\t\t\tWHERE er2.relationship = '{$relationship_name}'\n\t\t\t\t\t\tAND er2.guid_one = e.guid\n\t\t\t\t\t\tAND er2.guid_two != {$entity->guid}\n\t\t\t\t\t\tAND e2.container_guid = {$entity->container_guid}\n\t\t\t\t\t\tAND e2.type = 'object' AND e2.subtype = {$calendar_subtype_id})"))); foreach ($events as $event) { /* @var Event $event */ $public_calendar->addEvent($event); } } return true; }
/** * Check if a invitation code results in a group * * @param string $invite_code the invite code * @param int $group_guid (optional) the group to check * * @return boolean|ElggGroup a group for the invitation or false */ function group_tools_check_group_email_invitation($invite_code, $group_guid = 0) { $result = false; if (!empty($invite_code)) { // note not using elgg_get_entities_from_annotations // due to performance issues with LIKE wildcard search // prefetch metastring ids for use in lighter joins instead $name_id = add_metastring('email_invitation'); $code_id = add_metastring($invite_code); $sanitized_invite_code = sanitize_string($invite_code); $options = array('limit' => 1, 'wheres' => array("n_table.name_id = {$name_id} AND (n_table.value_id = {$code_id} OR v.string LIKE '{$sanitized_invite_code}|%')")); if (!empty($group_guid)) { $options["annotation_owner_guids"] = array($group_guid); } $annotations = elgg_get_annotations($options); if (!$annotations) { return $result; } // find hidden groups $ia = elgg_set_ignore_access(true); $group = $annotations[0]->getEntity(); if ($group) { $result = $group; } // restore access elgg_set_ignore_access($ia); } return $result; }
/** * Get access collection by its name from database * * @param string $name Collection name * @return stdClass */ public function getCollectionIdByName($name) { $name = sanitize_string($name); $query = "SELECT * FROM {$this->dbprefix}access_collections\n\t\t\t\t\tWHERE name = '{$name}'"; $collection = get_data_row($query); return $collection ? $collection->id : 0; }
protected function getOptions() { $options = parent::getOptions(); if ($this->banned === true) { $options['wheres'][] = "u.banned = 'yes'"; } elseif ($this->banned === false) { $options['wheres'][] = "u.banned = 'no'"; } if ($this->admin === true) { $options['wheres'][] = "u.admin = 'yes'"; } elseif ($this->admin === false) { $options['wheres'][] = "u.admin = 'no'"; } if ($this->search) { $q = sanitize_string($this->search); $where = "u.name LIKE \"%{$q}%\" OR u.username LIKE \"%{$q}%\""; if (\elgg_is_admin_logged_in()) { $where .= " u.email LIKE \"%{$q}%\""; } $options['wheres'][] = "({$where})"; } /* * "Unvalidated" means metadata of validated is not set or not truthy. * We can't use elgg_get_entities_from_metadata() because you can't say * "where the entity has metadata set OR it's not equal to 1". */ if ($this->validated === false) { $validated_id = \elgg_get_metastring_id('validated'); $one_id = \elgg_get_metastring_id('1'); $options['wheres'][] = "NOT EXISTS (\n\t\t\t\tSELECT 1 FROM {$this->getDB()->getPrefix()}metadata validated_md\n\t\t\t\tWHERE validated_md.entity_guid = e.guid\n\t\t\t\t\tAND validated_md.name_id = {$validated_id}\n\t\t\t\t\tAND validated_md.value_id = {$one_id})"; } return $options; }
function log_to_db($db) { $ERROR_MSG = "usage logger.php?u=user&n=name&t=startTime&a=address&e=email&la=latitude&ln=longitude&k=key"; //Grab the values from the original query string $user = array_key_exists('u', $_GET) ? sanitize_string($_GET['u']) : die($ERROR_MSG); $name = array_key_exists('n', $_GET) ? sanitize_string($_GET['n']) : die($ERROR_MSG); $startTime = array_key_exists('t', $_GET) ? sanitize_string($_GET['t']) : die($ERROR_MSG); $address = array_key_exists('a', $_GET) ? sanitize_string($_GET['a']) : die($ERROR_MSG); $email = array_key_exists('e', $_GET) ? sanitize_string($_GET['e']) : die($ERROR_MSG); $latitude = array_key_exists('la', $_GET) ? sanitize_string($_GET['la']) : die($ERROR_MSG); $longitude = array_key_exists('ln', $_GET) ? sanitize_string($_GET['ln']) : die($ERROR_MSG); $key = array_key_exists('k', $_GET) ? sanitize_string($_GET['k']) : die($ERROR_MSG); //authenticate the user $queryString = "SELECT * FROM AuthKey WHERE username = '******' AND password='******'"; echo "\$queryString={$queryString}<br>"; $result = $db->query($queryString); $numRows = count($result->fetchAll()); echo $numRows; // #3 - no match? Exit program! if ($numRows == 0) { die("Bad username or key!"); } echo "user is correct"; //insert data into the table! $queryString = "INSERT INTO Events (ID, EventName, Location, Emails, DateTime, Creator, Lat, Long, Reminder) VALUES (NULL, '{$name}', '{$address}', '{$email}', '{$startTime}', '{$email}', '{$latitude}', '{$longitude}', 'False')"; echo "\$queryString={$queryString}<br>"; $result = $db->query($queryString); echo "did a thing"; }
/** * Callback function for token input search * * @param string $term Search term * @param array $options Options * @return array */ public function search($term, $options = array()) { $term = sanitize_string($term); $query = str_replace(array('_', '%'), array('\\_', '\\%'), $term); $options['metadata_names'] = array('location', 'temp_location'); $options['group_by'] = "v.string"; $options['wheres'] = array("v.string LIKE '%{$query}%'"); return elgg_get_metadata($options); }
function getArguments($request) { // Override if request arguments are not proper $arguments = array(); // Defaults for below $arguments['limit'] = 50; if (array_key_exists('limit', $request)) { $limit = sanitize_numeric($request['limit']); // Ignore if it doesn't seem numeric if (is_numeric($limit)) { $arguments['limit'] = max(min($limit, 50), 1); } } $arguments['maxdistance'] = 10000; if (array_key_exists('maxdistance', $request)) { $maxdistance = sanitize_numeric($request['maxdistance']); if (is_numeric($maxdistance)) { // We expect miles from user, convert to meters here for API $arguments['maxdistance'] = max(min($maxdistance * 1609.344, 50000), 1000); } } $arguments['minprice'] = null; if (array_key_exists('minprice', $request)) { $minprice = sanitize_numeric($request['minprice']); if (is_numeric($minprice)) { $arguments['minprice'] = max(min($minprice, 4), 0); } } $arguments['maxprice'] = null; if (array_key_exists('maxprice', $request)) { $maxprice = sanitize_numeric($request['maxprice']); if (is_numeric($maxprice)) { $arguments['maxprice'] = max(min($maxprice, 4), 0); } } // No defaults for below if (array_key_exists('zip', $request)) { $zip = sanitize_numeric($request['zip']); if (is_numeric($zip)) { // Remove leading zeros $arguments['zip'] = ltrim($zip, "0"); } } if (array_key_exists('latitude', $request) && array_key_exists('longitude', $_REQUEST)) { $latitude = sanitize_numeric($request['latitude']); $longitude = sanitize_numeric($request['longitude']); if (is_numeric($latitude) && is_numeric($longitude)) { $arguments['latitude'] = $latitude; $arguments['longitude'] = $longitude; } } if (array_key_exists('pagetoken', $request)) { $pagetoken = sanitize_string($request['pagetoken']); $arguments['pagetoken'] = $pagetoken; } return $arguments; }
protected function renderTable($limit, $offset = 0) { static $count; static $iterator; $options = ['query' => sanitize_string($this->option('keyword')), 'guids' => $this->option('guid') ?: ELGG_ENTITIES_ANY_VALUE, 'types' => $this->option('type') ?: 'object', 'subtypes' => $this->option('subtype') ?: ELGG_ENTITIES_ANY_VALUE, 'limit' => $limit, 'offset' => (int) $offset, 'order_by' => 'e.guid ASC']; if ($this->option('keyword')) { $results = elgg_trigger_plugin_hook('search', $this->option('type') ?: 'object', $options, []); $count = $results['count']; $batch = $results['entities']; } else { $options['count'] = true; if (!$count) { $count = elgg_get_entities($options); } unset($options['count']); $batch = new ElggBatch('elgg_get_entities', $options); } if (!$count) { $this->write('<comment>No entities to display</comment>'); return; } $headers = ['#', 'GUID', 'Type', 'Title/name', 'Description', 'Owner', 'Container', 'Access']; if ($this->option('full-view')) { $headers[] = 'Metadata'; } $table = new Table($this->output); $table->setHeaders($headers); foreach ($batch as $entity) { /* @var $entity \ElggEntity */ $row = [$iterator, $entity->guid, ($subtype = $entity->getSubtype()) ? elgg_echo("item:{$entity->type}:{$subtype}") : elgg_echo("item:{$entity->type}"), elgg_get_excerpt($entity->getDisplayName(), 25), elgg_get_excerpt($entity->description, 25), ($owner = $entity->getOwnerEntity()) ? '[' . $owner->guid . '] ' . elgg_get_excerpt($owner->getDisplayName(), 25) : '', ($container = $entity->getContainerEntity()) ? '[' . $container->guid . '] ' . elgg_get_excerpt($container->getDisplayName(), 25) : '', '[' . $entity->access_id . '] ' . elgg_get_excerpt(get_readable_access_level($entity->access_id), 25)]; if ($this->option('full-view')) { $metadata = new \ElggBatch('elgg_get_metadata', ['guids' => $entity->guid, 'limit' => 0]); $metatable = []; foreach ($metadata as $md) { $name = $md->name; $values = (array) $md->value; foreach ($values as $value) { $metatable[] = "{$name}: {$value}"; } } $row[] = implode("\n", $metatable); } $table->addRow($row); $table->addRow(new TableSeparator()); $iterator++; } $table->render(); if ($count > $limit + $offset) { $helper = $this->getHelper('question'); $question = new ConfirmationQuestion('Load next batch [y,n]?', true); if (!$helper->ask($this->input, $this->output, $question)) { return; } $this->renderTable($limit, $limit + $offset); } }
/** * Loads a token from the DB * * @param string $token Token * @return UserToken|false */ public static function load($token) { $dbprefix = elgg_get_config('dbprefix'); $token = sanitize_string($token); $row = get_data_row("SELECT * FROM {$dbprefix}users_apisessions WHERE token='{$token}'"); if (!$row) { return false; } return new UserToken($row); }
/** * Constructor * @param array $policy An array of policy clauses */ public function __construct(array $policy = array()) { $this->dbprefix = elgg_get_config('dbprefix'); $policy = $this->normalizePolicy($policy); $this->setSenderType($policy['sender']); $this->setRecipientType($policy['recipient']); $this->relationship = sanitize_string($policy['relationship']); $this->inverse_relationship = (bool) $policy['inverse_relationship']; $this->group_relationship = sanitize_string($policy['group_relationship']); }
/** * Sanitize message body and make it a safe HTML string. * * @param array $msg Message object * @return array Message object with sanitized body. */ function sanitize_message($msg) { $message_body = $msg['message']; // Messages entered by user or operator cannot contain any markup if ($msg['kind'] == Thread::KIND_USER || $msg['kind'] == Thread::KIND_AGENT) { $message_body = safe_htmlspecialchars($message_body); } $msg['message'] = sanitize_string($message_body, 'low', 'moderate'); return $msg; }
function tokeninput_search($query, $options = array()) { $query = sanitize_string($query); // replace mysql vars with escaped strings $q = str_replace(array('_', '%'), array('\\_', '\\%'), $query); $dbprefix = elgg_get_config('dbprefix'); $options['types'] = array('user', 'group'); $options['joins'] = array("LEFT JOIN {$dbprefix}users_entity ue ON ue.guid = e.guid", "LEFT JOIN {$dbprefix}groups_entity ge ON ge.guid = e.guid"); $options['wheres'] = array("(ue.name LIKE '%{$q}%' OR ue.username LIKE '%{$q}%' OR ge.name LIKE '%{$q}%')"); return elgg_get_entities($options); }
/** * Prepares batch options * * @param array $options ege* options * @return array */ protected function prepareBatchOptions(array $options = array()) { if (!in_array($this->getter, array('elgg_get_entities', 'elgg_get_entities_from_metadata', 'elgg_get_entities_from_relationship'))) { return $options; } $sort = elgg_extract('sort', $options); unset($options['sort']); if (!is_array($sort)) { $sort = array('time_created' => 'DESC'); } $dbprefix = elgg_get_config('dbprefix'); $order_by = array(); foreach ($sort as $field => $direction) { $field = sanitize_string($field); $direction = strtoupper(sanitize_string($direction)); if (!in_array($direction, array('ASC', 'DESC'))) { $direction = 'ASC'; } switch ($field) { case 'alpha': if (elgg_extract('types', $options) == 'user') { $options['joins']['ue'] = "JOIN {$dbprefix}users_entity ue ON ue.guid = e.guid"; $order_by[] = "ue.name {$direction}"; } else { if (elgg_extract('types', $options) == 'group') { $options['joins']['ge'] = "JOIN {$dbprefix}groups_entity ge ON ge.guid = e.guid"; $order_by[] = "ge.name {$direction}"; } else { if (elgg_extract('types', $options) == 'object') { $options['joins']['oe'] = "JOIN {$dbprefix}objects_entity oe ON oe.guid = e.guid"; $order_by[] = "oe.title {$direction}"; } } } break; case 'type': case 'subtype': case 'guid': case 'owner_guid': case 'container_guid': case 'site_guid': case 'enabled': case 'time_created': case 'time_updated': case 'last_action': case 'access_id': $order_by[] = "e.{$field} {$direction}"; break; } } $options['order_by'] = implode(',', $order_by); return $options; }
function sanitize($input_string, $sanitize_level = 3) { if (is_array($input_string)) { foreach ($input_string as $output_key => $output_value) { $output_string[$output_key] = sanitize_string($output_value, $sanitize_level); } unset($output_key, $output_value); } else { $output_string = sanitize_string($input_string, $sanitize_level); } return $output_string; }
function add_nurse_control() { if (filter_input(INPUT_GET, 'nurse_id') && filter_input(INPUT_GET, 'fname') && filter_input(INPUT_GET, 'sname') && filter_input(INPUT_GET, 'zone') && filter_input(INPUT_GET, 'phone') && filter_input(INPUT_GET, 'gender')) { $obj = get_nurse_model(); $nurse_id = sanitize_string(filter_input(INPUT_GET, 'nurse_id')); $fname = sanitize_string(filter_input(INPUT_GET, 'fname')); $sname = sanitize_string(filter_input(INPUT_GET, 'sname')); $district_zone = sanitize_string(filter_input(INPUT_GET, 'zone')); $phone = sanitize_string(filter_input(INPUT_GET, 'phone')); $gender = sanitize_string(filter_input(INPUT_GET, 'gender')); if ($obj->add_nurses($nurse_id, $fname, $sname, $district_zone, $phone, $gender)) { echo '{"result":1,"message": "nurse added successfully"}'; } else { echo '{"result":0,"message": "unable to add nurse"}'; } } }
/** * Set session geopositioning * Cache geocode along the way * * @param string $location * @param float $latitude * @param float $longitude * @return void */ function set_geopositioning($location = '', $latitude = 0, $longitude = 0) { $location = sanitize_string($location); $lat = (double) $latitude; $long = (double) $longitude; $latlong = elgg_geocode_location($location); if ($latlong) { $latitude = elgg_extract('lat', $latlong); $longitude = elgg_extract('long', $latlong); } else { if ($location && $latitude && $longitude) { $dbprefix = elgg_get_config('dbprefix'); $query = "INSERT INTO {$dbprefix}geocode_cache\n\t\t\t\t(location, lat, `long`) VALUES ('{$location}', '{$lat}', '{$long}')\n\t\t\t\tON DUPLICATE KEY UPDATE lat='{$lat}', `long`='{$long}'"; insert_data($query); } } $_SESSION['geopositioning'] = array('location' => $location, 'latitude' => (double) $latitude, 'longitude' => (double) $longitude); }
/** * {@inheritdoc} */ public function handle(ElggEntity $entity) { $value = get_input($this->getShortname()); $value = strip_tags($value); // update access collection name if group name changes if ($entity->guid && $value != $entity->name) { $entity_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8'); $ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $entity_name); $acl = get_access_collection($entity->group_acl); if ($acl) { $db_prefix = elgg_get_config('dbprefix'); $query = "UPDATE {$db_prefix}access_collections SET name = '{$ac_name}'\n\t\t\t\tWHERE id = {$entity->group_acl}"; update_data($query); } } $entity->name = $value; return $entity; }
/** * Custom clauses for forum ordering */ function hj_forum_order_by_clauses($hook, $type, $options, $params) { $order_by = $params['order_by']; $direction = $params['direction']; list($prefix, $column) = explode('.', $order_by); if (!$prefix || !$column) { return $options; } if ($prefix !== 'forum') { return $options; } $prefix = sanitize_string($prefix); $column = sanitize_string($column); $direction = sanitize_string($direction); $dbprefix = elgg_get_config('dbprefix'); $order_by_prev = elgg_extract('order_by', $options, false); switch ($column) { case 'topics': $options = hj_framework_get_order_by_descendant_count_clauses(array('hjforum', 'hjforumtopic'), $direction, $options); break; case 'posts': $options = hj_framework_get_order_by_descendant_count_clauses(array('hjforumpost'), $direction, $options); break; case 'author': $options['joins'][] = "JOIN {$dbprefix}users_entity ue ON ue.guid = e.owner_guid"; $options['order_by'] = "ue.name {$direction}"; break; case 'sticky': $subtype_ids = implode(',', array(get_subtype_id('object', 'hjforum'), get_subtype_id('object', 'hjforumtopic'))); $options['selects'][] = "SUM(stickymsv.string) stickyval"; $options['joins'][] = "JOIN {$dbprefix}metadata stickymd ON e.guid = stickymd.entity_guid"; $options['joins'][] = "JOIN {$dbprefix}metastrings stickymsn ON (stickymsn.string = 'sticky')"; $options['joins'][] = "LEFT JOIN {$dbprefix}metastrings stickymsv ON (stickymd.name_id = stickymsn.id AND stickymd.value_id = stickymsv.id)"; $options['group_by'] = 'e.guid'; $options['order_by'] = "FIELD(e.subtype, {$subtype_ids}), ISNULL(SUM(stickymsv.string)), SUM(stickymsv.string) = 0, SUM(stickymsv.string) {$direction}, e.time_created DESC"; break; } if ($order_by_prev) { $options['order_by'] = "{$order_by_prev}, {$options['order_by']}"; } return $options; }
public function create() { if (isConnectMySql()) { // creation de la personne $sqlPersonne = 'INSERT INTO projetGL_personne(nom, prenom, adresse, telephone, mail) VALUES (\'' . sanitize_string($this->_personne->getNom()) . '\', \'' . sanitize_string($this->_personne->getPrenom()) . '\', \'' . sanitize_string($this->_personne->getAdresse()) . '\', \'' . sanitize_string($this->_personne->getTelephone()) . '\', \'' . sanitize_string($this->_personne->getMail()) . '\');'; if ($_SESSION["link"]->query($sqlPersonne) === true) { // creer le contact liée à la personne creer $persId = $_SESSION["link"]->insert_id; $sqlContact = 'INSERT INTO projetGL_contact(client, personne, etat) VALUES (' . $this->_client . ', ' . $persId . ', 1);'; if ($_SESSION["link"]->query($sqlContact) === true) { return $persId; } else { return 0; } } else { return 0; } } else { return 0; } }
function edit() { $userid = abs((int) $this->uri->segment(4)); if (!empty($userid)) { $this->form_validation->set_rules('userid', 'Username', 'required'); $this->form_validation->set_rules('nama', 'Nama', 'required'); $this->form_validation->set_rules('jabid', 'Jabatan', 'required'); if ($this->form_validation->run() == FALSE) { $this->data['user'] = $this->admin->get_user($userid); $this->data['title'] = 'Edit Data Pengguna'; $this->data['template'] = 'user/edit'; $this->load->view('backend/index', $this->data); } else { $posts = $this->input->post(); foreach ($posts as $key => $val) { if ($key != 'passwd' && $key != 'passwd2' && $key != 'id') { $data[$key] = sanitize_string($val); } } $this->admin->update_user($data, $this->input->post('id')); $this->session->set_flashdata('message_type', 'success'); $this->session->set_flashdata('message', 'Data berhasil diperbaharui'); if ($this->input->post('passwd') && $this->input->post('passwd') != '' && $this->input->post('passwd2') && $this->input->post('passwd2') != '') { if ($this->input->post('passwd') == $this->input->post('passwd')) { $datapasswd = array('passwd' => md5(sanitize_string($this->input->post('passwd')))); $this->admin->update_user($datapasswd, $this->input->post('id')); $this->session->set_flashdata('message_type', 'success'); $this->session->set_flashdata('message', 'Data berhasil diperbaharui'); } else { $this->session->set_flashdata('message_type', 'error'); $this->session->set_flashdata('message', 'Password tidak valid'); } } redirect('backend/user'); } } else { redirect('backend'); } }
/** * Log a system event related to a specific object. * * This is called by the event system and should not be called directly. * * @param object $object The object you're talking about. * @param string $event The event being logged * @return void */ function system_log($object, $event) { global $CONFIG; static $log_cache; static $cache_size = 0; if ($object instanceof Loggable) { /* @var ElggEntity|ElggExtender $object */ if (datalist_get('version') < 2012012000) { // this is a site that doesn't have the ip_address column yet return; } // reset cache if it has grown too large if (!is_array($log_cache) || $cache_size > 500) { $log_cache = array(); $cache_size = 0; } // Has loggable interface, extract the necessary information and store $object_id = (int) $object->getSystemLogID(); $object_class = get_class($object); $object_type = $object->getType(); $object_subtype = $object->getSubtype(); $event = sanitise_string($event); $time = time(); $ip_address = sanitize_string(_elgg_services()->request->getClientIp()); if (!$ip_address) { $ip_address = '0.0.0.0'; } $performed_by = elgg_get_logged_in_user_guid(); if (isset($object->access_id)) { $access_id = $object->access_id; } else { $access_id = ACCESS_PUBLIC; } if (isset($object->enabled)) { $enabled = $object->enabled; } else { $enabled = 'yes'; } if (isset($object->owner_guid)) { $owner_guid = $object->owner_guid; } else { $owner_guid = 0; } // Create log if we haven't already created it if (!isset($log_cache[$time][$object_id][$event])) { $query = "INSERT DELAYED into {$CONFIG->dbprefix}system_log\n\t\t\t\t(object_id, object_class, object_type, object_subtype, event,\n\t\t\t\tperformed_by_guid, owner_guid, access_id, enabled, time_created, ip_address)\n\t\t\tVALUES\n\t\t\t\t('{$object_id}','{$object_class}','{$object_type}', '{$object_subtype}', '{$event}',\n\t\t\t\t{$performed_by}, {$owner_guid}, {$access_id}, '{$enabled}', '{$time}', '{$ip_address}')"; insert_data($query); $log_cache[$time][$object_id][$event] = true; $cache_size += 1; } } }
$error = $obj->validate(); if ($_POST['content'] == '') { $error .= "Please Enter Content" . '<br>'; } if ($_POST['content'] != '') { $sel_projectupdateno = mysql_fetch_assoc($con->recordselect("SELECT count(*) as total FROM projectupdate WHERE projectId='" . $_GET['projectId'] . "'")); $num_of_rows = $sel_projectupdateno['total'] + 1; $currentTime = time(); $textcontent = unsanitize_string($content); //$textcontent= trim(strip_tags($content)); //echo 'abc'.$updateTitle;exit; //echo 'aaaa'.$updateTitle;exit; //echo "UPDATE projectupdate SET updateTitle='".sanitize_string($updateTitle)."' AND updateDescription='".$textcontent."' WHERE projectupdateId='".$_GET['projectId']."'";exit; $con->update("UPDATE projectupdate SET updateDescription='' WHERE projectupdateId='" . $_GET['projectId'] . "'"); $con->update("UPDATE projectupdate SET updateDescription='" . addslashes($content) . "' WHERE projectupdateId='" . $_GET['projectId'] . "'"); $con->update("UPDATE projectupdate SET updateTitle='" . sanitize_string($updateTitle) . "' WHERE projectupdateId='" . $_GET['projectId'] . "'"); $sel_project_id = mysql_fetch_assoc($con->recordselect("SELECT * FROM projectupdate WHERE projectupdateId='" . $_GET['projectId'] . "'")); $sel_project_name = mysql_fetch_assoc($con->recordselect("SELECT * FROM projectbasics WHERE projectId='" . $sel_project_id['projectId'] . "'")); $sel_project_detail = $con->recordselect("SELECT * FROM `projectbacking` WHERE projectId='" . $sel_project_id['projectId'] . "' GROUP BY `userId`"); while ($sel_project_backers = mysql_fetch_assoc($sel_project_detail)) { $sel_project_backer_user = mysql_fetch_assoc($con->recordselect("SELECT * FROM users WHERE userId='" . $sel_project_backers['userId'] . "'")); if ($sel_project_backer_user['updatesNotifyBackedProject'] == 1) { $artical = ""; //tableborder { border: 1px solid #CCCCCC; } $artical = "<html><head><style>.body{font-family:Arial, Helvetica, sans-serif; font-size:12px; }\n\t\t\t.mtext {font-family: Arial, Helvetica, sans-serif;font-size: 12px;color: #333333;text-decoration: none;}\n\t\t\ta { font-family: Arial, Helvetica, sans-serif;font-size: 12px;color: #A11B1B;font-weight: normal;text-decoration: underline;}\n\t\t\ta:hover {font-family: Arial, Helvetica, sans-serif;font-size: 12px;font-weight: normal;color: #A11B1B;text-decoration: none;}\n\t\t\t</style></head>"; $artical .= "<body><strong>Hello " . $sel_project_backer_user['name'] . ", </strong><br />"; $artical .= "<br /><table width='100%' cellspacing='0' cellpadding='0' class='tableborder' align='left'>"; /*$artical.="<tr><td height='80' style='border-bottom:solid 1px #f2f2f2; padding:5px; background-color: #999999;' valign='middle'><img src='".SITE_IMG."logo_fundraiser.png' /></td> </tr>";*/ $artical .= "<tr><td colspan='2'>Updates on <b>" . $sel_project_name['projectTitle'] . " Edited: </b> " . "</td></tr>"; $artical .= "<tr><td colspan='2'>Update #" . $num_of_rows . " " . unsanitize_string($_POST['updateTitle']) . "</td></tr>";
/** * Removes all relationships originating from a particular entity * * @param int $guid GUID of the subject or target entity (see $inverse) * @param string $relationship Type of the relationship (optional, default is all relationships) * @param bool $inverse_relationship Is $guid the target of the deleted relationships? By default, $guid is the * subject of the relationships. * @param string $type The type of entity related to $guid (defaults to all) * * @return true */ function remove_entity_relationships($guid, $relationship = "", $inverse_relationship = false, $type = '') { global $CONFIG; $guid = (int) $guid; if (!empty($relationship)) { $relationship = sanitize_string($relationship); $where = "AND er.relationship = '{$relationship}'"; } else { $where = ""; } if (!empty($type)) { $type = sanitize_string($type); if (!$inverse_relationship) { $join = "JOIN {$CONFIG->dbprefix}entities e ON e.guid = er.guid_two"; } else { $join = "JOIN {$CONFIG->dbprefix}entities e ON e.guid = er.guid_one"; $where .= " AND "; } $where .= " AND e.type = '{$type}'"; } else { $join = ""; } $guid_col = $inverse_relationship ? "guid_two" : "guid_one"; delete_data("\n\t\tDELETE er FROM {$CONFIG->dbprefix}entity_relationships AS er\n\t\t{$join}\n\t\tWHERE {$guid_col} = {$guid}\n\t\t{$where}\n\t"); return true; }
/** * Check to see if a user has already created an annotation on an object * * @param int $entity_guid Entity guid * @param string $annotation_type Type of annotation * @param int $owner_guid Defaults to logged in user. * * @return bool * @since 1.8.0 */ function elgg_annotation_exists($entity_guid, $annotation_type, $owner_guid = null) { global $CONFIG; if (!$owner_guid && !($owner_guid = elgg_get_logged_in_user_guid())) { return false; } $entity_guid = sanitize_int($entity_guid); $owner_guid = sanitize_int($owner_guid); $annotation_type = sanitize_string($annotation_type); $sql = "SELECT a.id FROM {$CONFIG->dbprefix}annotations a" . " JOIN {$CONFIG->dbprefix}metastrings m ON a.name_id = m.id" . " WHERE a.owner_guid = {$owner_guid} AND a.entity_guid = {$entity_guid}" . " AND m.string = '{$annotation_type}'"; if (get_data_row($sql)) { return true; } return false; }
/** * Returns localized string. * * @param string $text A text which should be localized * @param array $params Indexed array with placeholders. * @param string|null $locale Target locale code. If null is passed in the * current locale will be used. * @param boolean $raw Indicates if the result should be sanitized or not. * @return string Localized text. */ function getlocal($text, $params = null, $locale = null, $raw = false) { if (is_null($locale)) { $locale = get_current_locale(); } $string = get_localized_string($text, $locale); if ($params) { for ($i = 0; $i < count($params); $i++) { $string = str_replace("{" . $i . "}", $params[$i], $string); } } return $raw ? $string : sanitize_string($string, 'low', 'moderate'); }
/** * {@inheritdoc} */ protected function update() { global $CONFIG; if (!parent::update()) { return false; } $guid = (int) $this->guid; $title = sanitize_string($this->title); $description = sanitize_string($this->description); $query = "UPDATE {$CONFIG->dbprefix}objects_entity\n\t\t\tset title='{$title}', description='{$description}' where guid={$guid}"; return $this->getDatabase()->updateData($query) !== false; }
register_error(elgg_echo("groups:cantcreate")); forward(REFERER); } $group = new ElggGroup($group_guid); // load if present, if not create a new group if ($group_guid && !$group->canEdit()) { register_error(elgg_echo("groups:cantedit")); forward(REFERER); } // Assume we can edit or this is a new group if (sizeof($input) > 0) { foreach ($input as $shortname => $value) { // update access collection name if group name changes if (!$is_new_group && $shortname == 'name' && $value != $group->name) { $group_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8'); $ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $group_name); $acl = get_access_collection($group->group_acl); if ($acl) { // @todo Elgg api does not support updating access collection name $db_prefix = elgg_get_config('dbprefix'); $query = "UPDATE {$db_prefix}access_collections SET name = '{$ac_name}' \n\t\t\t\t\tWHERE id = {$group->group_acl}"; update_data($query); } } $group->{$shortname} = $value; } } // Validate create if (!$group->name) { register_error(elgg_echo("groups:notitle")); forward(REFERER);