function searchQueryValues(&$query, $wine_name, $winery_name, $region_name, $grape_variety, $minCost, $maxCost, $minInputYear, $maxInputYear, $minStock, $minOrdered)
{
$valueArray = array();
$queryString = '';
if (checkInput($wine_name)) {
$wineName = "%{$wine_name}%";
$queryString .= ' WHERE (wine.wine_name LIKE :wine_name)';
$valueArray[':wine_name'] = $wineName;
}
if (checkInput($winery_name)) {
$wineryName = "%{$winery_name}%";
$queryString .= ' AND (winery.winery_name LIKE :winery_name)';
$valueArray[':winery_name'] = $wineryName;
}
if (checkInput($region_name)) {
$queryString .= ' AND (region.region_name = :region_name)';
$valueArray[':region_name'] = $region_name;
}
if (checkInput($grape_variety)) {
$queryString .= ' AND (grape_variety.variety = :grape_variety)';
$valueArray[':grape_variety'] = $grape_variety;
}
/*this will calculate varying cost inquiries whether choosing a maximum
or a minimum, a range between the max and min or a specific price
When the cost is calculated, the $queryString and the $valueArray will
be updated */
returnCostOfWine($minCost, $maxCost, $queryString, $valueArray);
returnYearOfWine($minInputYear, $maxInputYear, $queryString, $valueArray);
returnWineInStock($minStock, $queryString, $valueArray);
returnWinesOrdered($minOrdered, $queryString, $valueArray);
$query .= $queryString;
return $valueArray;
}
/**
* Get the closest two values inside array
* @param [Array] $array [Array input]
* @return [Array] [Array output]
*/
function closest($array)
{
$arraySize = count($array);
if (!checkInput($array, $arraySize)) {
return "error";
}
sort($array);
$result = getClosestPair($array, $arraySize);
return [$result[1], $result[2]];
}
<?php
require_once "../utils.php";
$state = check_connected();
header("Content-type:text/plain");
// User is connected
if ($state) {
// User has bought the option
if (checkOptions("scenario")) {
/*
* Check users inputs
* Good practices against hackers !
* Belt and shoulder strap :)
*
*/
$scenario = checkInput("post", "scenario", "/^.+\$/");
//Good input
if ($scenario != false) {
/*
* SQL Query
*
*/
$scenario = json_decode($scenario);
$scenario_content = json_encode($scenario->{'content'});
$sql = "INSERT INTO `webapp_scenarios` (\n\t\t\t\t\t\t`scenario_id`,\n\t\t\t\t\t\t`scenario_datetime`,\n\t\t\t\t\t\t`scenario_name`,\n\t\t\t\t\t\t`scenario_json`,\n\t\t\t\t\t\t`user_id`\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\tNULL,\n\t\t\t\t\t\t'" . $scenario->{'datetime'} . "',\n\t\t\t\t\t\t'" . $scenario->{'name'} . "',\n\t\t\t\t\t\t'" . $scenario_content . "',\n\t\t\t\t\t\t'" . $_SESSION["user"]["id"] . "'\n\t\t\t\t\t);";
/*
* Exec query, transform the result in json and close the database
*
*/
//If there is an sql query
if ($sql) {
return $day;
}
function toAmiFormat($euroDate, $year)
{
$euroFormat = DateTime::createFromFormat("d.m.Y", $euroDate . $year);
$amiFormat = $euroFormat->format("Y-m-d");
return $amiFormat;
}
$dayArray = input();
$weekArray = [];
$startDay = $_GET["startDay"];
$endDay = $_GET["endDay"];
$statistic = $_GET["statistic"];
$year = $_GET["year"];
$startDay = checkInput($startDay);
$endDay = checkInput($endDay);
if (!($startDay == false) && !($endDay == false)) {
$startDayAmi = toAmiFormat($startDay, $year);
$endDayAmi = toAmiFormat($endDay, $year);
$dayArrayAmi = toAmiFormat($dayArray[0][0], $year);
$endDayArrayAmi = toAmiFormat($dayArray[0][count($dayArray[0]) - 1], $year);
if (strtotime($startDayAmi) < strtotime($dayArrayAmi)) {
$startDay = $dayArray[0][0];
}
if (strtotime($startDayAmi) > strtotime($endDayArrayAmi)) {
$startDay = $dayArray[0][0];
}
if (strtotime($endDayAmi) > strtotime($endDayArrayAmi)) {
$endDay = $dayArray[0][count($dayArray[0]) - 1];
}
if (strtotime($startDayAmi) > strtotime($endDayAmi)) {
<?php
session_start();
require '/home/ryo/dev/4webcr8r/libs/functions.php';
// 画像認証ライブラリー
$cryptinstall = '/crypt/cryptographp.fct.php';
require $cryptinstall;
$_POST = checkInput($_POST);
// 固定トークンを確認
if (isset($_POST['ticket'], $_SESSION['ticket'])) {
$ticket = $_POST['ticket'];
if ($ticket !== $_SESSION['ticket']) {
die('不正アクセスの疑いがあります');
}
} else {
die('不正アクセスの疑いがあります');
}
$name = isset($_POST['name']) ? $_POST['name'] : NULL;
$email = isset($_POST['email']) ? $_POST['email'] : NULL;
$subject = isset($_POST['subject']) ? $_POST['subject'] : NULL;
$body = isset($_POST['body']) ? $_POST['body'] : NULL;
$code = isset($_POST['code']) ? $_POST['code'] : NULL;
$name = trim($name);
$email = trim($email);
$subject = trim($subject);
$body = trim($body);
$code = trim($code);
$error = array();
if ($name == '') {
$error[] = 'お名前欄は必須項目です';
} else {
$_SESSION['notification'][] = 'Er ging iets mis: ' . $e->getMessage();
}
}
function checkInput(){
if($_POST['email'] !== '' && $_POST['paswoord'] !== '' && filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
return true;
} else {
//$_SESSION['notification'][] = 'Foute invoer';
return false;
}
}
if(isset($_POST["registreer"])){
// controleer geldigheid e-mailadres en of velden zijn ingevuld
if(!checkInput()){
$_SESSION['notification'][] = 'Foute invoer';
header('Location: registratie-form.php');
break; // vervangen door een Throw exception??
}
// check of ingevuld email bestaat:
if(!checkEmailExists($_POST['email'])){
$_SESSION['email'] = $_POST['email'];
$_SESSION['paswoord'] = $_POST['paswoord'];
$ingevoerdPaswoord = $_SESSION['paswoord'];
$ingevoerdEmail = $_SESSION['email'];
$salt = generateSalt();
$HashedSaltPlusPaswoord = hash('SHA512', $ingevoerdPaswoord . $salt);
$smarty->compile_dir = 'templates_c';
session_start();
$userName = filter_input(INPUT_POST, 'userName');
$password = filter_input(INPUT_POST, 'password');
$userError = "";
try {
//connect
$db = new PDO(PDO_DSN, DB_USER, DB_PASS);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $db->query("SELECT * FROM users");
$users = $stmt->fetchAll(PDO::FETCH_CLASS);
foreach ($users as $user) {
if ($user->name == $userName && $user->password == $password) {
$userError = "ログインできました。";
$_SESSION["userName"] = $userName;
header('Location:index.php');
break;
}
if ($user == end($users)) {
if (isset($userName) && isset($password)) {
$userError = "ログインに失敗しました";
}
}
}
} catch (PDOException $e) {
// echo $e -> getMessage();
}
$smarty->assign('userName', checkInput($userName));
$smarty->assign('password', checkInput($password));
$smarty->assign('userError', $userError);
$smarty->display('login.tpl');
<?php
require_once "../utils.php";
//Connected or not
$state = check_connected();
//If connected
if ($state) {
/*
* Check users inputs
* Good practices against hackers !
* Belt and shoulder strap :)
*
*/
$mois = checkInput("get", "mois", "/^[0-9]{1,2}+\$/");
/*
* SQL Query
*
*/
//Init
$sql = false;
//Check by type
if ($mois != false) {
$sql = "SELECT `ca`, `benef`\n\t\t\t\tFROM demo_exemple\n\t\t\t\tWHERE `mois`=" . $mois . ";";
} else {
echo "Bad inputs !!";
exit;
}
/*
* Exec query, transform the result in json and close the database
*
*/
$stmt->bindValue(':editContents', $editContents);
$stmt->bindValue(':editNumber', $editNumber);
$stmt->execute();
// print ($stmt -> rowCount());
// var_dump($stmt);
if ($stmt->rowCount() == 1) {
$editError = "";
header('Location:index.php');
} else {
$editError = "編集に失敗しました";
}
} else {
$editError = "編集内容を変更していません";
}
} else {
$userError = "ログインしている名前にしてください";
}
}
}
} catch (PDOException $e) {
$error = "ただいまデータベースでエラーが発生しています。";
// echo $e -> getMessage();
}
$smarty->assign('userName', $_SESSION["userName"]);
$smarty->assign('checkName', checkInput($userName));
$smarty->assign('checkContents', checkInput($editContents));
$smarty->assign('nowContents', $nowContents);
$smarty->assign('editNumber', $editNumber);
$smarty->assign('userError', $userError);
$smarty->assign('editError', $editError);
$smarty->display('edit.tpl');
<!-- endbuild -->
<!-- build:js /_/js/lib/modernizr/modernizr.js -->
<script src="/_/bower_components/modernizr/modernizr.js"></script>
<!-- endbuild -->
<!-- build:js /_/js/respond.js -->
<!--[if lt IE 9]>
<script src="/_/bower_components/respond/respond.min.js"></script>
<![endif]-->
<!-- endbuild -->
<?php
$loginError = false;
if (isset($_POST['loginAction'])) {
$query = $db->query("SELECT * FROM Usuarios WHERE Nombre = '" . checkInput($_POST['username']) . "'");
if ($query) {
$res = $query->fetch_object();
if (!$res == null) {
// if(!function_exists('password_verify'))
// require_once $_SERVER['DOCUMENT_ROOT'].'/lib/password.php';
$pass = $_POST['password'];
if (password_verify($pass, $res->Contrasena)) {
$_SESSION['uid'] = $res->idUsuario;
$_SESSION['username'] = $res->Nombre;
$_SESSION['admin'] = $res->Admin;
} else {
$loginError = true;
}
} else {
$loginError = true;
$parent = $_POST['ID'];
redirectURI('/admin/categories.php', 'catID=' . $parent);
} elseif ($_POST['action'] == 'edit') {
$LOG->write('3', 'admin/addProduct.php: action=edit');
$cat_query = DB_query("SELECT *\n\t\t\t\t\tFROM products\n\t\t\t\t\tWHERE products_id = " . $_POST['ID']);
$cat = DB_fetchArray($cat_query);
if (!checkInput($_POST['name'], 'string')) {
redirectURI('/admin/addProduct.php', 'action=edit&pID=' . $_POST['ID'] . '&error=name_error');
}
if (!checkInput($_POST['description'], 'string')) {
redirectURI('/admin/addProduct.php', 'action=edit&pID=' . $_POST['ID'] . '&error=desc_error');
}
if (!checkInput($_POST['stock'], 'int')) {
redirectURI('/admin/addProduct.php', 'action=edit&pID=' . $_POST['ID'] . '&error=stock_error');
}
if (!checkInput($_POST['price'], 'price')) {
redirectURI('/admin/addProduct.php', 'action=edit&pID=' . $_POST['ID'] . '&error=price_error');
}
$LOG->write('3', sizeof($_FILE));
$image1 = $_FILES['image_small'];
// Wenn Image-Auswahl leer bleibt, so wird altes Bild in DB behalten und nicht geleert.
// Sonst keine Änderungen im Produkt ohne Neuauswahl des Bildes möglich.
if ($image1['name'] != "") {
$image_uri_1 = uploadImage($image1);
} else {
$image_uri_1 = $cat['image_small'];
}
$image2 = $_FILES['image_big'];
if ($image2['name'] != "") {
$image_uri_2 = uploadImage($image2);
} else {
exit;
}
//Connected or not
$state = check_connected();
//If not connected
if (!$state) {
/*
* User connection
*
*/
//If validation of the Sign in form
if (isset($_POST["go"])) {
//Login & pass from form
$login = strtolower(checkInput("post", "login", "/^[a-zA-Z0-9]{1,}\$/"));
$password = checkInput("post", "password", "/.*/");
$id_country = checkInput("post", "id_country", "/^[1-4]\$/");
//If inputs are ok
if ($login != false && $password != false && $id_country != false) {
//Check user
$db = connectDataBase();
$sql = "SELECT `user_login`, `group_name` FROM `webapp_users`\n\t\t\t\t\tWHERE `user_login` = '{$login}'\n\t\t\t\t\tAND `user_pass` = SHA1('{$password}')\n\t\t\t\t\tLIMIT 1;";
$query = $db->query($sql);
//Ok if one result
if ($query->rowCount() == 1) {
//Save user information in session
$_SESSION["user"] = getInfosFromLogin($login);
//If account is correctly configured
if ($_SESSION["user"] != false) {
//Create cookies
$hash = hash("sha512", "{$cookie_password} {$login}");
setcookie("ok", $hash, $cookie_time_to_live, "/" . $cookie_path . "/");
if ($query) {
echo '<script>
alert("You has successfully changed your password. \\nPlease login to continue.");
</script>';
session_unset();
session_destroy();
echo '<meta http-equiv="refresh" content= "0;url=http://localhost/cls/login.php" />';
}
} else {
echo '<script>alert("The password you entered does not match with those in files.");</script>';
}
}
}
if (isset($_POST['chgEml'])) {
$newEml = checkInput($_POST['newEml']);
$Pwd = checkInput($_POST['Pwd']);
$valid = checkValidity();
if ($valid) {
if (sha1($Pwd) == $_SESSION['user_password']) {
$query = mysql_query("UPDATE profile SET email = '{$newEml}' WHERE user_name='{$username}';", $connect) or die(mysql_error());
if ($query) {
echo '<script>
alert("You has successfully changed your email. \\nPlease login to continue.");
</script>';
session_unset();
session_destroy();
echo '<meta http-equiv="refresh" content= "0;url=http://localhost/cls/login.php" />';
}
} else {
echo '<script>alert("The password you entered does not match with those in files.");</script>';
}
<?php
session_start();
require 'conn.php';
//include "index2.php";
$target_dir = "uploads/";
$uploadOk = 1;
$uploadsuccess = "";
$uploaderror = $uploaderror1 = $uploaderror2 = $uploaderror3 = "";
//check if image file is a fake
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$target_file = checkInput($target_file);
$imageFiletype = pathinfo($target_file, PATHINFO_EXTENSION);
$userid = $_SESSION['id'];
if (isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if ($check !== false) {
"File is an image - " . $check["mime"] . " . " . "<br />";
$uploadOk = 1;
} else {
$uploaderror1 = "File is not an image." . "<br />";
$uploadOk = 0;
}
}
//end of if - submit
//check if already file exists
if (file_exists($target_file)) {
$uploaderror2 = "Sorry, file already exists." . "<br />";
$uploadOk = 0;
}
<?php
require_once "../online/utils.php";
//---------------------------------------------------------------------------
//
// Update manifest --- Start
//
//---------------------------------------------------------------------------
//Signin or signout
$sign = checkInput("get", "sign", "/^in|out\$/");
if ($sign != false) {
//Destination
if ($sign == "in") {
$title = "Sign in";
$goto = "app.php";
} else {
$title = "Sign out";
$goto = "../index.php";
}
//Error
} else {
echo "Bad parameter!";
exit;
}
function redirection()
{
global $goto;
?>
window.setTimeout("window.location.href = \"<?php
echo $goto;
?>
<meta name="description" content="">
<?php
require "_/inc/head.php";
?>
</head>
<body>
<?php
require '_/inc/header.php';
?>
<div id="PageBody">
<?php
if (isset($_POST['titulo'])) {
require_once 'editarContenidoDBA.php';
} else {
$query = $db->query("SELECT Contenido.*, GROUP_CONCAT(DISTINCT Autores.Nombre SEPARATOR ', ') AS Autores, GROUP_CONCAT(DISTINCT Generos.Nombre SEPARATOR ', ') AS Generos, GROUP_CONCAT(DISTINCT Temas.Nombre SEPARATOR ', ') AS Temas, Editorial.Nombre AS Editorial FROM Contenido\n\t\t\t\t\t\t\t\t\t\tJOIN Autores_has_Contenido ON Contenido.idContenido = Autores_has_Contenido.Contenido_idContenido\n\t\t\t\t\t\t\t\t\t\tJOIN Autores ON Autores_has_Contenido.Autores_idAutor = Autores.idAutor\n\t\t\t\t\t\t\t\t\t\tJOIN Contenido_has_Generos ON Contenido.idContenido = Contenido_has_Generos.Contenido_idContenido\n\t\t\t\t\t\t\t\t\t\tJOIN Generos ON Contenido_has_Generos.Generos_idGenero = Generos.idGenero\n\t\t\t\t\t\t\t\t\t\tJOIN Contenido_has_Temas ON Contenido.idContenido = Contenido_has_Temas.Contenido_idContenido\n\t\t\t\t\t\t\t\t\t\tJOIN Temas ON Contenido_has_Temas.Temas_idTema = Temas.idTema\n\t\t\t\t\t\t\t\t\t\tJOIN Editorial ON Contenido.Editorial_idEditorial = Editorial.idEditorial\n\t\t\t\t\t\t\t\t\tWHERE idContenido = '" . checkInput($_GET['idContenido']) . "'");
$res = $query->fetch_object();
?>
<div class="container">
<div class="row">
<div class="col-md-6 col-md-offset-3 text-center">
<h1>Editar contenido</h1>
</div>
</div>
<div class="row">
<div class="col-md-6 col-md-offset-3 text-center">
<img id="portada" src="">
</div>
</div>
<form role="form" method="post" >
<input type="hidden" name="idContenido" value="<?php
<?php
require_once "../utils.php";
$state = check_connected();
header("Content-type:text/plain");
// User is connected
if ($state) {
// User has bought the option
if (checkOptions("scenario")) {
/*
* Check users inputs
* Good practices against hackers !
* Belt and shoulder strap :)
*
*/
$id = checkInput("post", "id", "/^[0-9]+\$/");
//Good input
if ($id != false) {
/*
* SQL Query
*
*/
$sql = "DELETE FROM `webapp_scenarios`\n\t\t\t\t\tWHERE `scenario_id` = " . $id . "\n\t\t\t\t\tAND `user_id` = " . $_SESSION["user"]["id"] . ";";
/*
* Exec query, transform the result in json and close the database
*
*/
// If there is an sql query
if ($sql) {
// New PDO
$db = connectDataBase();
<?php
require_once "../utils.php";
//Connected or not
$state = check_connected();
//If connected
if ($state) {
//If user have buy option
if (checkOptions("password")) {
//If validation of the form
if (isset($_POST["password_old"])) {
//Inputs
$current = checkInput("post", "password_old", "/^.+\$/");
$new1 = checkInput("post", "password_new1", "/^.+\$/");
$new2 = checkInput("post", "password_new2", "/^.+\$/");
//If inputs are ok
if ($current != false && $new1 != false && $new2 != false) {
//Check current password
$db = connectDataBase();
$sql = "SELECT `user_id` FROM `webapp_users`\n\t\t\t\t\t\tWHERE `user_login` = '" . $_SESSION["user"]["login"] . "'\n\t\t\t\t\t\tAND `user_pass` = SHA1('{$current}') LIMIT 1;";
$query = $db->query($sql);
//Ok if one result
if ($query->rowCount() == 1) {
//If new passwords are equal
if ($new1 == $new2) {
//Set new password in database
$sql = "UPDATE `webapp_users` SET `user_pass` = SHA1('" . $new1 . "') WHERE `webapp_users`.`user_id` = " . $_SESSION["user"]["id"] . ";";
if ($db->query($sql)) {
//---------------------------------------------------------------------------
//
// Password changed --- Start
if (isset($_POST['tipo4'])) {
$whereString .= ' and o.' . checkInput($_POST['tipo4']) . ' like "%' . checkInput($_POST['texto4']) . '%"';
}
if (isset($_POST['tipo5'])) {
$whereString .= ' and o.' . checkInput($_POST['tipo5']) . ' like "%' . checkInput($_POST['texto5']) . '%"';
}
if (isset($_POST['tipo6'])) {
$whereString .= ' and o.' . checkInput($_POST['tipo6']) . ' like "%' . checkInput($_POST['texto6']) . '%"';
}
if ($_POST['tipo1'] == 'Todo') {
$whereString = 'o where o.Nombre like "%' . checkInput($_POST['texto1']) . '%" or
o.Autores like "%' . checkInput($_POST['texto1']) . '%" or o.Tipo like "%' . checkInput($_POST['texto1']) . '%"
or o.Editorial like "%' . checkInput($_POST['texto1']) . '%" or o.UPC like "%' . checkInput($_POST['texto1']) . '%"
or o.Idioma like "%' . checkInput($_POST['texto1']) . '%" or o.FechaPublicacion like "%' . checkInput($_POST['texto1']) . '%"
or o.Generos like "%' . checkInput($_POST['texto1']) . '%" or o.Temas like "%' . checkInput($_POST['texto1']) . '%"
or o.Edades like "%' . checkInput($_POST['texto1']) . '%"';
}
$query = $db->query($string . $whereString);
while ($res = $query->fetch_object()) {
?>
<tr>
<td><img src = "<?php
echo $res->Portada;
?>
" /></td>
<td><?php
echo $res->Nombre;
?>
</td>
<td><?php
echo $res->Autores;
<?php
include '../functions/valueCheck.inc';
include '../../lang/lang_de.php';
if (checkInput($_GET['input'], $_GET['constraint'])) {
echo 'true';
} else {
//echo $_GET['input'];
echo $lang['admin_errmsgs'][$_GET['id']];
}
<html>
<title>Umassmed lncRNA</title>
<head>
<link rel="stylesheet" type="text/css" href="css/background.css">
<link rel="stylesheet" type="text/css" href="css/data.css">
<!--AJAX library-->
<script src="http://code.jquery.com/jquery-1.7.1.min.js" type = "text/javascript"></script>
<!--HighCharts library-->
<script src="js/highcharts/highcharts.js" type = "text/javascript"></script>
<script src="js/highcharts/grid.js" type = "text/javascript"></script>
<script src="js/switch.js" type = "text/javascript"></script>
<?php
include 'php/database.php';
if (isset($_REQUEST["geneID"]) && checkInput($_REQUEST["geneID"])) {
$sKey = $_REQUEST["geneID"];
} else {
header('Location: /~wespisea/search.html');
}
//Sanitize input
//Construct variables for html
$geneID = explode(".", $sKey);
$geneID = $geneID[0];
$ensemblLink = "http://ensembl.org/Multi/Search/Results?species=all;idk=;q=" . $geneID;
/*Construct data for Transcript Expression Chart*/
//Access database
$db = new lncRNA_DB();
if (!$db) {
echo $db->lastErrorMsg();
}
$queryEditorial = $db->query("INSERT INTO Editorial (Nombre) VALUES ('{$editorial}')");
$editorialId = $db->insert_id;
}
$query = $db->query('UPDATE Contenido SET
Nombre = \'' . checkInput($_POST['titulo']) . '\',
Tipo = \'' . checkInput($_POST['tipo']) . '\',
UPC = \'' . checkInput($_POST['upc']) . '\',
Editorial_idEditorial = \'' . $editorialId . '\',
Idioma = \'' . checkInput($_POST['idioma']) . '\',
FechaPublicacion = \'' . checkInput($_POST['fechaPublicacion']) . '\',
PublicoMeta = \'' . checkInput($_POST['edad']) . '\',
URLPortada = \'' . checkInput($_POST['portada']) . '\',
Grande = \'' . (isset($_POST['grande']) ? 1 : 0) . '\'
WHERE idContenido = \'' . checkInput($_POST['idContenido']) . '\'');
if ($query) {
$idContenido = checkInput($_POST['idContenido']);
$db->query("DELETE FROM Autores_has_Contenido WHERE Contenido_idContenido = '{$idContenido}'");
$db->query("DELETE FROM Contenido_has_Generos WHERE Contenido_idContenido = '{$idContenido}'");
$db->query("DELETE FROM Contenido_has_Temas WHERE Contenido_idContenido = '{$idContenido}'");
foreach ($autoresId as $idAutor) {
$query = $db->query("INSERT INTO Autores_has_Contenido (Autores_idAutor, Contenido_idContenido) VALUES ('{$idAutor}', '{$idContenido}')");
}
foreach ($generosId as $idGenero) {
$query = $db->query("INSERT INTO Contenido_has_Generos (Generos_idGenero, Contenido_idContenido) VALUES ('{$idGenero}', '{$idContenido}')");
}
foreach ($temasId as $idTema) {
$query = $db->query("INSERT INTO Contenido_has_Temas (Temas_idTema, Contenido_idContenido) VALUES ('{$idTema}', '{$idContenido}')");
}
echo 'Contenido editado correctamente';
} else {
if ($db->errno == 1062) {
}
}
$editorial = checkInput($_POST['editorial']);
$queryEditorialExistente = $db->query("SELECT idEditorial FROM Editorial WHERE Nombre = '{$editorial}'");
if ($queryEditorialExistente->num_rows == 1) {
$editorialId = $queryEditorialExistente->fetch_object()->idEditorial;
} else {
$queryEditorial = $db->query("INSERT INTO Editorial (Nombre) VALUES ('{$editorial}')");
$editorialId = $db->insert_id;
}
$query = $db->query('INSERT INTO Contenido (Nombre, Tipo, UPC, Editorial_idEditorial, Idioma, FechaPublicacion, PublicoMeta, URLPortada, Grande) VALUES(' . '\'' . checkInput($_POST['titulo']) . '\',' . '\'' . checkInput($_POST['tipo']) . '\',' . '\'' . checkInput($_POST['upc']) . '\',' . '\'' . $editorialId . '\',' . '\'' . checkInput($_POST['idioma']) . '\',' . '\'' . checkInput($_POST['fechaPublicacion']) . '\',' . '\'' . checkInput($_POST['edad']) . '\',' . '\'' . checkInput($_POST['portada']) . '\',' . '\'' . (isset($_POST['grande']) ? 1 : 0) . '\')');
if ($query) {
$idContenido = $db->insert_id;
foreach ($autoresId as $idAutor) {
$query = $db->query("INSERT INTO Autores_has_Contenido (Autores_idAutor, Contenido_idContenido) VALUES ('{$idAutor}', '{$idContenido}')");
}
foreach ($generosId as $idGenero) {
$query = $db->query("INSERT INTO Contenido_has_Generos (Generos_idGenero, Contenido_idContenido) VALUES ('{$idGenero}', '{$idContenido}')");
}
foreach ($temasId as $idTema) {
$query = $db->query("INSERT INTO Contenido_has_Temas (Temas_idTema, Contenido_idContenido) VALUES ('{$idTema}', '{$idContenido}')");
}
$query = $db->query("INSERT INTO Copia SET Contenido_idContenido = '{$idContenido}'");
echo 'Contenido agregado correctamente';
} else {
if ($db->errno == 1062) {
$queryLibroExistente = $db->query("SELECT idContenido, Nombre FROM Contenido WHERE UPC = '" . checkInput($_POST['upc']) . "'");
$res = $queryLibroExistente->fetch_object();
echo $res->Nombre . ' ya existe, ¿deseas <a href="/admin/editarContenido?idContenido=' . $res->idContenido . '">editarlo</a>?';
}
}
<?php
require_once "../utils.php";
//Connected or not
$state = check_connected();
//If connected
if ($state) {
//If user have buy option
if (checkOptions("scenario")) {
/*
* Check users inputs
* Good practices against hackers !
* Belt and shoulder strap :)
*
*/
$name = checkInput("get", "name", "/^[a-zA-Z0-9 ]+\$/");
//Good input
if ($name != false) {
/*
* SQL Query
*
*/
$sql = "SELECT \t`scenario_name`\n\t\t\t\t\tFROM webapp_scenarios\n\t\t\t\t\tWHERE (\n\t\t\t\t\t\tuser_id=" . $_SESSION["user"]["id"] . " AND\n\t\t\t\t\t\t`scenario_name`='" . $name . "'\n\t\t\t\t\t);";
/*
* Exec query, transform the result in json and close the database
*
*/
//If there is an sql query
if ($sql) {
//new PDO
$db = connectDataBase();
$lastname = checkInput($_POST["lastname"]);
if (!preg_match("/^[a-zA-Z]*\$/", $lastname)) {
$errors["lastname"] = "*Only letters allowed in lastnames";
}
}
if (empty($_POST["gender"])) {
$errors["gender"] = "*Gender is required";
} else {
$gender = $_POST["gender"];
}
if (empty($_POST["email"])) {
$errors["email"] = "*Email address is required";
} else {
$email = checkInput($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "*Invalid email format";
}
}
if (empty($_POST["comment"])) {
$comment = "";
} else {
$comment = checkInput($_POST["comment"]);
}
}
function checkInput($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
</head>
<?php
$idUsuario = checkInput($_GET['idUsuario']);
$queryUsuario = $db->query("SELECT * FROM Usuarios WHERE idUsuario = '{$idUsuario}'");
$res = $queryUsuario->fetch_object();
?>
<body>
<?php
require '_/inc/header.php';
?>
<div id="PageBody">
<div class="container">
<?php
if (isset($_POST['contrasena'])) {
$nuevaCont = password_hash(checkInput($_POST['contrasena']), PASSWORD_DEFAULT);
$query = $db->query("UPDATE Usuarios SET Contrasena='{$nuevaCont}' WHERE idUsuario='{$idUsuario}'");
if ($query) {
echo '<p>La contraseña se configuró exitosamente.</p>';
}
} else {
?>
<div class="row">
<div class="col-md-6 col-md-offset-3 text-center">
<h1>Cambiar contraseña a <?php
echo $res->Nombre;
?>
</h1>
</div>
</div>
<form role="form" method="post" >
<?php
include 'database.php';
$geneID = $_POST["geneID"];
//Search bar autocomplete for gene ID
if (isset($geneID)) {
$matches = array();
if (!checkInput($geneID)) {
return;
}
//Connect to database
$db = new lncRNA_DB();
if (!$db) {
echo $db->lastErrorMsg();
}
$sql = "SELECT geneID FROM TransData WHERE geneID LIKE '" . $geneID . "%'";
$ret = $db->query($sql);
$row = $ret->fetchArray(SQLITE_ASSOC);
//Get first 5 search results
for ($ctr = 0; $ctr < 5 && $row; $row = $ret->fetchArray(SQLITE_ASSOC)) {
if (!in_array($row["geneID"], $matches)) {
$matches[$ctr++] = $row["geneID"];
}
}
$db->close();
echo json_encode($matches);
}
$x = $_POST["x"];
$y = $_POST["y"];
//Axes change on PCA Data Chart
if (isset($x) && isset($y)) {
}
if ($compose_new_win == '1') {
Header("Location: {$location}/compose.php?mail_sent=yes");
} else {
Header("Location: {$location}/right_main.php?mailbox={$urlMailbox}" . "&startMessage={$startMessage}&mail_sent=yes");
}
} else {
if ($compose_new_win == '1') {
compose_Header($color, $mailbox);
} else {
displayPageHeader($color, $mailbox);
}
if (isset($AttachFailure)) {
plain_error_message(_("Could not move/copy file. File not attached"), $color);
}
checkInput(true);
showInputForm($session);
/* sqimap_logout($imapConnection); */
}
} elseif (isset($html_addr_search_done)) {
if ($compose_new_win == '1') {
compose_Header($color, $mailbox);
} else {
displayPageHeader($color, $mailbox);
}
if (isset($send_to_search) && is_array($send_to_search)) {
foreach ($send_to_search as $k => $v) {
if (substr($k, 0, 1) == 'T') {
if ($send_to) {
$send_to .= ', ';
}
<?php
require '../lib.inc/init.php';
$login = strip_tags(trim($_POST['login']));
$passwd = strip_tags(trim($_POST['passwd']));
if (checkInput($login) && checkInput($passwd)) {
$user = new User($login, $passwd);
$user->makeAuth($db->getAuthInfo($login));
} else {
}
?>
* index.php: This is the main page for quizzes
*
* PHP Version 5
*
* It displays a menu of the first quizzes, and links for a New Quiz
* and to the other quizzes
*
* @category Quiz_Plugin
* @package Webworks_Webme
* @subpackage Quiz
* @author Belinda Hamilton <*****@*****.**>
* @license General Purpose License Version 2
* @link www.kvweb.me
*/
if (isset($_POST['action'])) {
$errors = checkInput($_POST);
if (empty($errors)) {
unset($_POST['errors']);
$quizName = addslashes($_POST['name']);
$quizTopic = addslashes($_POST['description']);
$numberOfQuestions = (int) $_POST['number_of_questions'];
$enabled = (int) $_POST['enabled'];
if ($id) {
dbQuery("update quiz_quizzes \n\t\t\t\tset name = '{$quizName}',\n\t\t\t\tdescription = '{$quizTopic}',\n\t\t\t\tnumber_of_questions = '{$numberOfQuestions}',\n\t\t\t\tenabled = {$enabled}\n\t\t\t\twhere id = '{$id}'");
} else {
dbQuery("INSERT INTO quiz_quizzes\n\t\t\t\t(\n\t\t\t\tname,\n\t\t\t\tdescription,\n\t\t\t\tnumber_of_questions,\n\t\t\t\tenabled\n\t\t\t\t)\n\t\t\t\tVALUES\n\t\t\t\t(\n\t\t\t\t'{$quizName}',\n\t\t\t\t'{$quizTopic}',\n\t\t\t\t'{$numberOfQuestions}',\n\t\t\t\t'{$enabled}'\n\t\t\t\t)");
$id = dbOne('select LAST_INSERT_ID() AS id', 'id');
header('location: /ww.admin/plugin.php' . '?_plugin=quiz&_page=index&action=newQuestion&id=' . $id);
}
}
}
