function resetpwd() { global $db; //判断是否登陆 !isset($_SESSION['user']) && exit('Please login!'); //转到登陆页面 if (!isset($_POST['update'])) { tpl('resetpwd'); } //处理修改密码事件 $post = htmlescape($_POST, 'yes'); $rs = $db->row_query_one("SELECT * FROM user WHERE user='******'user']}'"); if (!isset($rs['passwd']) || $rs['passwd'] != md5($post['passwd'])) { show('提示', '原密码输入错误', '-1'); exit; } $arr = array('user' => $post['user'], 'passwd' => md5($post['newpwd'])); $rs = $db->row_update('user', $arr, "user='******'user']}'"); if ($rs) { $_SESSION['user'] = $post['user']; show('提示', '修改成功,下次登陆请使用新密码', '?module=admin&act=right'); } else { show('提示', '修改密码失败,请稍后再试', '-1'); } exit; }
protected function createItems($rss, $items) { $dom = $this->document; foreach ($items as $_item) { $item = $dom->createElement("item"); if (isset($_item["title"])) { $title = $dom->createElement("title"); $title->nodeValue = htmlescape($_item["title"]); $item->appendChild($title); } if (isset($_item["uri"])) { $link = $dom->createElement("link"); $link->nodeValue = $_item["uri"]; $item->appendChild($link); } if (isset($_item["date"])) { $pubDate = $dom->createElement("pubDate"); $pubDate->nodeValue = date("r", strtotime($_item["date"])); $item->appendChild($pubDate); } $content = $_item["content"]; if (isset($_item["summary"])) { $content = $_item["summary"]; } $desc = $dom->createElement("description"); $desc->appendChild($dom->createCDATASection($content)); $item->appendChild($desc); $rss->appendChild($item); } }
/** * ------------------------------ * 去除html标签并mysql转义关键字符 * ------------------------------ * @param string/array $str 字符串或数组 * @param string $trim yes/no 是否去空格 * @return string/array */ function htmlescape($str, $trim = 'no') { if (is_array($str)) { foreach ($str as $k => $v) { $str[$k] = htmlescape($v); } return $str; } else { $a = get_magic_quotes_gpc(); if ($trim == 'yes') { $str = trim($str); } if ($a == 1) { return htmlspecialchars($str); } elseif ($a == 0) { return addslashes(htmlspecialchars($str)); } } }
protected function createItems($feed, $items) { foreach ($items as $item) { $itemElem = $feed->addChild("entry"); if (array_isset("title", $item)) { $itemElem->addChild("title")->setNodeValue(htmlescape($item["title"])); } $link = $itemElem->addChild("link"); $link->at("rel", "alternate")->at("type", "text/html")->at("href", $item["link"]); if (array_isset("description", $item)) { $itemElem->addChild("summary")->setNodeValue(htmlescape($item["description"])); } if (array_isset("content", $item)) { $content = $itemElem->addChild("content"); $content->at("type", "text")->at("mode", "escaped"); $content->setNodeValue($item["content"], true); } if (array_isset("date", $item)) { $itemElem->addChild("updated")->setNodeValue(date("c", strtotime($item["date"]))); } } }
protected function createItems($feed, $items) { $dom = $this->document; foreach ($items as $_item) { $item = $dom->createElement("entry"); if (isset($_item["title"])) { $title = $dom->createElement("title"); $title->nodeValue = htmlescape($_item["title"]); $item->appendChild($title); } if (isset($_item["uri"])) { $link = $dom->createElement("link"); $link->setAttribute("rel", "alternate"); $link->setAttribute("type", "text/html"); $link->setAttribute("href", $_item["uri"]); $item->appendChild($link); } if (isset($_item["date"])) { $modified = $dom->createElement("modified"); $modified->nodeValue = date("c", strtotime($_item["date"])); $item->appendChild($modified); } if (isset($_item["summary"])) { $summary = $dom->createElement("summary"); $summary->setAttribute("type", "text/plain"); $summary->nodeValue = htmlescape($_item["summary"]); $item->appendChild($summary); } if (isset($_item["content"])) { $content = $dom->createElement("content"); $content->setAttribute("type", "text/html"); $content->setAttribute("mode", "escaped"); $content->appendChild($dom->createCDATASection($_item["content"])); $item->appendChild($content); } $feed->appendChild($item); } }
protected function getHtmlWriter($name, $inputName, $id = null, $class = null) { if ($name !== "" && !in_array($name, $this->allowCols, true)) { $this->allowCols[] = $name; } static $htmlWriter = null; $value = null; if ($htmlWriter === null) { $htmlWriter = new Form_Html(); } else { $htmlWriter->clear(); } $value = $this->get($name); if (isset($this->columns[$name]) && $this->columns[$name]->isBool()) { if ($value !== null) { $value = $value ? 1 : 0; } } elseif (is_string($value)) { $value = htmlescape($value); } return $htmlWriter->setName($inputName)->setValue($value)->setId($id)->setClass($class); }
function parse_radio_tag($basedir, $tpl_path, $hf, $attrs) { global $CONFIG; $sel_value = hfvalue($attrs['radio'], $hf); $name = $attrs['name']; $delim = htmlescape_back($attrs['delim']); if (!preg_match("/^\\//", $tpl_path)) { $tpl_path = "{$basedir}/{$tpl_path}"; } $lines = preg_split("/[\r\n]+/", file_get_contents($CONFIG['SITE_TEMPLATES'] . $tpl_path)); $result; for ($i = 0; $i < count($lines); $i++) { list($value, $desc) = preg_split("/\\|/", $lines[$i]); if (!strlen($value) && !strlen($desc)) { continue; } parse_lang($desc); $desc = parse_cache_template($desc, $hf); if (!array_key_exists('noescape', $attrs)) { $value = htmlescape($value); $desc = htmlescape($desc); } $str_checked = ''; if ($value == $sel_value) { $str_checked = " checked='checked' "; } $result .= "<label class='radio {$delim}'><input type='radio' name=\"{$name}\" value=\"{$value}\" {$str_checked}>{$desc}</label>"; } return $result; }
//var_dump(baseURL); $images[] = $thumbDiv . '<a href="' . baseURL . pfolder . 'object/' . $match['kid'] . '/e/' . $kid . '/"> <img class="essayImg" src="' . getThumbURLFromFileName($match['Image']['localName'], $thumbWidth, $thumbHeight) . '" title="' . htmlescape(htmlChars($match['Title'])) . '" alt="' . htmlescape(htmlChars($match['Title'])) . '" /> <div class="clearboth"><strong>' . $match['Title'] . '</strong><br />' . ' </div></a></div>'; } else { $fields = array('Title', 'Image'); $query = new KORA_Clause("KID", "!=", " "); $multiObj = KORA_Search(token, $projID, $multPartID, $query, $fields); $m[] = array(); foreach ($multiObj as $mpo) { $m[] = $mpo['kid']; } $assocObj = array_intersect($match['Multi-Part Associator'], $m); $images[] = $thumbDiv . '<a href="' . baseURL . pfolder . 'object/' . $assocObj[0] . '/y/' . $kid . '/"> <img class="essayImg" src="' . getThumbURLFromFileName($multiObj[$assocObj[0]]['Image']['localName'], $thumbWidth, $thumbHeight) . '" title="' . htmlescape(htmlChars($multiObj[$assocObj[0]]['Title'])) . '" alt="' . htmlescape(htmlChars($multiObj[$assocObj[0]]['Title'])) . '" /> <div class="clearboth"><strong>' . $match['Title'] . '</strong><br />' . ' </div></a></div>'; } $i++; $groupNo++; } echo ""; } } echo "<div>"; echo str_replace($totalReplacements, $images, $value['Description']) . '<br />'; echo "</div>"; } else { echo "<div>"; echo fixTags($value['Description']) . '<br />';
protected function getHtmlWriter($name, $inputName, $attrs = "") { static $htmlWriter = null; if ($htmlWriter === null) { $htmlWriter = new Form_Html(); } else { $htmlWriter->clear(); } $value = $this->get($name); if (is_string($value)) { $value = htmlescape($value, APP_ENCODING); } return $htmlWriter->setName($inputName)->setValue($value)->setAttributes($attrs); }
public function checkbox($data) { static $chknm = 0; $html = array(); $name = $this->name; $value = $this->value; if (!is_array($value)) { $value = array(); } // remove id. $attrs = preg_replace('/(^id="[^"]*"| id="[^"]*")/', '', $this->attributes); foreach ($data as $v => $text) { $_id = "checkbox_" . $chknm++; $check = $this->openTag("input", 'id="' . $_id . '" ' . $attrs) . 'type="checkbox" '; $check .= 'name="' . $name . '[]" value="' . htmlescape($v) . '"'; if (!is_empty($value) && in_array($v, $value)) { $check .= ' checked="checked"'; } $check .= ' /><label for="' . $_id . '">' . htmlescape($text) . '</label>'; $html[] = $check; } return implode(" " . PHP_EOL, $html); }
$imageHeader = true; } if (!empty($value['Object Type']) && $value['Object Type'] == "Image" && $value['Image Gallery'] != 'True') { // At the start of each 3 associated objects, start a new row if ($i == 0) { echo "\n<tr>"; } echo '<td valign="top">'; if (!empty($value['Title'])) { if (!empty($value['Image'])) { $thumbWidth = 1500; $thumbHeight = 1500; //highslide display for SINGLE image echo '<div id="object">'; echo '<a class="highslide" onclick="return hs.expand(this, { slideshowGroup: \'imgGroup-' . $imageGroupNo . '\' })" href="' . getThumbnailKORA($value['Image']['localName'], 1500, 1500) . '"> <img src="' . getThumbnailKORA($value['Image']['localName'], $thumbWidth, $thumbHeight) . '" title="' . htmlescape(htmlChars($value['Title'])) . '" alt="' . htmlescape(htmlChars($value['Title'])) . '" /> </a> <div class="highslide-heading">' . $value['Title'] . '</div> <div class="highslide-caption"><a href="' . baseURL . 'sidiyyababa/object/' . $value['kid'] . '/">View Full Record</a><br /> </div>'; //echo '<div class="clearboth"></div>'; echo '</div>'; $imageGroupNo++; } } if (!empty($value['Title'])) { if (!empty($value['Image'])) { echo '<a href="' . getThumbnailKORA($value['Image']['localName'], 1500, 1500) . '" onclick="return hs.expand(this, { slideshowGroup: \'imgGroup-' . $imageGroupNo . '\' })">' . $value['Title'] . '</a> <div class="highslide-heading">' . htmlChars($value['Title']) . '</div> <div class="highslide-caption"><a href="' . baseURL . 'sidiyyababa/object/' . $value['kid'] . '/">View Full Record</a><br /> ' . '</div>
$mult_fields = array('Part Number', 'Image', 'Title', 'Total Parts', 'Segment Title', 'Transcript', 'Translation', 'Start Time', "End Time"); $mult_order[] = array('field' => 'Part Number', 'direction' => SORT_ASC); $mult_query = new KORA_Clause("KID", "IN", $mult_assocs); $mult_obj = KORA_Search(token, $projID, $multPartID, $mult_query, $mult_fields, $mult_order); //var_dump($mult_obj); $i = 0; $j = 0; $segmentHeader = false; foreach ($mult_obj as $m) { echo "<div>"; if (!empty($m['Image'])) { $thumbWidth = 150; $thumbHeight = 150; echo '<div class="object"><a class="highslide" href="' . getFullURLFromFileName($m['Image']['localName'], 1500, 1500) . '" onclick="return hs.expand(this)">'; //echo '<img src="'.getThumbnailKORA($m['Image']['localName'], $thumbWidth, $thumbHeight).'" alt="'.htmlescape(htmlChars($m['Title'])).'" width="95" /></a> echo '<img src="' . getThumbURLFromFileName($m['Image']['localName'], $thumbWidth, $thumbHeight) . '" alt="' . htmlescape(htmlChars($m['Title'])) . '" width="95" /></a> <div class="highslide-heading">' . htmlChars($m['Title']) . '</div> <div class="highslide-caption">Total Pages: ' . $m['Total Parts'] . '</div> </div>'; if ($i == 3 - 1) { echo '<div class="clearboth"></div>'; $i = -1; } } if (!empty($m['Segment Title'])) { if (!$segmentHeader) { //echo "click sub-title for interview segments<br />"; $segmentHeader = true; }
function AddRes($CryptKey, $BoardPath, $BoardID, $ThreadID, $FROM, $mail, $MESSAGE) { $Subject = file_get_contents($BoardPath . "/" . $BoardID . "/subject.txt", true); $Num = GetResNumber($BoardPath, $BoardID, $ThreadID) + 1; SetResNumber($BoardPath, $BoardID, $ThreadID, $Num); $DatFile = $BoardPath . "/" . $BoardID . "/dat/" . $ThreadID . ".dat"; if (strpos($FROM, "#") !== FALSE) { $FROMTripKey = substr($FROM, strpos($FROM, "#"), strlen($FROM)); $Trip = MakeTrip($FROMTripKey); $FROMTrip = str_replace($FROMTripKey, $Trip, $FROM); } else { $FROMTrip = $FROM; } $htmlFROM = htmlescape($FROMTrip); $htmlmail = htmlescape($mail); $ID = MakeID($_SERVER["REMOTE_ADDR"], $CryptKey); $Date = date("Y/m/d(w) H:i:s.00", time()); $DateJP = preg_replace("/\\((.+?)\\)/", "(" . JapaneseDay(date("w")) . ")", $Date); $BRMESSAGE = \str_replace(array("\r\n", "\r", "\n"), "<br>", htmlescape($MESSAGE)); $WriteData = "{$htmlFROM}<>{$htmlmail}<>{$DateJP} ID:{$ID}<>{$BRMESSAGE}<>\n"; $sfp = fopen($DatFile, "a"); fwrite($sfp, $WriteData); fclose($sfp); }
function action() { global $db; //判断是否登陆 !isset($_SESSION['user']) && exit('Please login!'); //判断tid的合法性 if (isset($_GET['tid']) && $_GET['tid'] > 0 && $_GET['tid'] <= 3) { $tid = ceil($_GET['tid']); } if (isset($_POST['tid']) && $_POST['tid'] > 0 && $_POST['tid'] <= 3) { $tid = ceil($_POST['tid']); } !isset($tid) && exit('tid不合法!'); //获取表的信息 (!isset($_GET['tb']) || $_GET['tb'] == '' || $_GET['tb'] == 0) && exit('tb error!'); $tables = Cache::R('tables', 5000); if (!$tables) { $tables = $db->row_select('tables'); @Cache::W('tables', $tables); } //获取表名 $tb = intval($_GET['tb']); !($tbname = get_table_name($tb, $tables)) && exit('tb error!'); //转到添加记录页面 if (isset($_GET['do']) && $_GET['do'] == 'add') { $arr = array('id' => '', 'tid' => $tid, 'sub' => '添加', 'do' => 'add', 'tb' => $tb); tpl($tbname . '_edit', 'arr', $arr); } //转到修改记录页面 if (isset($_GET['do']) && $_GET['do'] == 'edit') { (!isset($_GET['id']) || $_GET['id'] == '') && show('', '操作错误!缺少id', '-1'); $id = ceil($_GET['id']); $arr = $db->row_select_one($tbname, "id={$id}"); $arr['sub'] = '修改'; $arr['do'] = 'edit'; $arr['tb'] = $tb; tpl($tbname . '_edit', 'arr', $arr); } //添加一条记录 if (isset($_POST['add'])) { $Model = new Model($tbname); if (isset($_POST['content'])) { $Model->_validate = array(array('content', '')); } $rs = $Model->insert(); $Model->msg($rs, '数据添加成功!', '数据添加失败!', URL); } //更新一条记录 if (isset($_POST['edit'])) { $Model = new Model($tbname); if (isset($_POST['list_id'])) { $id = ceil($_POST['id']); $list_id = ceil($_POST['list_id']); $post = htmlescape($_POST); $arr = array('id' => $list_id, 'name' => $post['name'], 'introduction' => $post['introduction'], 'say' => $post['say'], 'img' => $post['img']); $rs = $db->row_update('teacher', $arr, "id={$id}"); $Model->msg($rs, '数据修改成功!', '数据修改失败!', URL); } if (isset($_POST['content'])) { $Model->_validate = array(array('content', '')); } $rs = $Model->update(); if ($tbname == 'studio') { $Model->msg($rs, '数据修改成功!', '数据修改失败', '?module=admin&act=action&tb=10&tid=1&do=edit&id=1'); } $Model->msg($rs, '数据修改成功!', '数据修改失败!', URL); } //修改开班信息标题 if (isset($_POST['update'])) { $title = htmlescape($_POST['title']); $rs = $db->row_update('classes', array('title' => $title), "id=-1"); if ($rs) { show('', '修改开班信息标题成功!', URL); } else { show('', '修改失败,请稍后再试!', '-1'); } } //删除一条记录 if (isset($_GET['do']) && $_GET['do'] == 'del') { (!isset($_GET['id']) || $_GET['id'] == '') && show('', '操作错误!缺少id', '-1'); $id = ceil($_GET['id']); $rs = $db->row_delete($tbname, "id={$id}"); if ($rs) { show('提示', '删除成功!', "index.php?module=admin&act=action&tid={$tid}&tb={$tb}"); } else { show('提示', '删除失败!', '-1'); } } //批量删除 if (isset($_POST['del'])) { !isset($_POST['id']) && show('', '没有选中项', '-1'); $rs = $db->delete_row($tbname, number($_POST['id'])); if ($rs) { show('提示', '批量删除成功!', URL); } else { show('提示', '批量删除失败!', '-1'); } } $Page = new Page($tbname, "tid={$tid}"); $pageInfo = $Page->get_basic_info(); $data = $Page->get_data(); $buttonBasic = $Page->button_basic(0, 0); $buttonSelect = $Page->button_select(); $arr = array('pageInfo' => $pageInfo, 'data' => $data, 'buttonBasic' => $buttonBasic, 'buttonSelect' => $buttonSelect, 'tid' => $tid, 'tb' => $tb); tpl($tbname, 'arr', $arr); }
function h($string, $charset = APP_ENCODING) { return htmlescape($string, $charset); }
function h($string, $charset = null) { return htmlescape($string, $charset); }
protected function createItems($rdf, $items) { $dom = $this->document; foreach ($items as $_item) { $item = $dom->createElement("item"); if (isset($_item["title"])) { $title = $dom->createElement("title"); $title->nodeValue = htmlescape($_item["title"]); $item->appendChild($title); } if (isset($_item["uri"])) { $link = $dom->createElement("link"); $link->nodeValue = $_item["uri"]; $item->setAttribute("rdf:about", $_item["uri"]); $item->appendChild($link); } if (isset($_item["date"])) { $date = $dom->createElement("dc:date"); $date->nodeValue = date("c", strtotime($_item["date"])); $item->appendChild($date); } if (isset($_item["summary"])) { $desc = $dom->createElement("description"); $desc->nodeValue = htmlescape($_item["summary"]); $item->appendChild($desc); } if (isset($_item["content"])) { $content = $dom->createElement("content:encoded"); $content->appendChild($dom->createCDATASection($_item["content"])); $item->appendChild($content); } $rdf->appendChild($item); } }