コード例 #1
0
ファイル: data.php プロジェクト: no2key/MuuCMS
 public function proccess($data = NULL, $validations = FALSE)
 {
     if (is_array($validations)) {
         foreach ($validations as $field => $validation) {
             if ($validation === "required") {
                 if (!POST($field)) {
                     $field = $this->rename($field);
                     return array("error" => getAlert("{$field} is required"));
                 }
             } elseif ($validation === "email?") {
                 if (!isEmail(POST($field))) {
                     return array("error" => getAlert("{$field} is not a valid email"));
                 }
             } elseif ($validation === "injection?") {
                 if (isInjection(POST($field))) {
                     return array("error" => getAlert("SQL/HTML injection attempt blocked"));
                 }
             } elseif ($validation === "spam?") {
                 if (isSPAM(POST($field))) {
                     return array("error" => getAlert("SPAM prohibited"));
                 }
             } elseif ($validation === "vulgar?") {
                 if (isVulgar(POST($field))) {
                     return array("error" => getAlert("Your {$field} is very vulgar"));
                 }
             } elseif ($validation === "ping") {
                 if (!ping(POST($field))) {
                     return array("error" => getAlert("Invalid URL"));
                 }
             } elseif (is_string($validation) and substr($validation, 0, 6) === "length") {
                 $count = (int) substr($validation, 7, 8);
                 $count = $count > 0 ? $count : 6;
                 if (strlen(POST($field)) < $count) {
                     return array("error" => getAlert("{$field} must have at least {$count} characters"));
                 }
             } elseif (isset($field["exists"]) and isset($this->table) and POST("save")) {
                 if (is_array($validation)) {
                     $exists = $this->Db->findBy($validation);
                     if ($exists) {
                         return array("error" => getAlert("The record already exists"));
                     }
                 }
             }
         }
     }
     if (is_null($data)) {
         $data = array();
     }
     $POST = POST(TRUE);
     foreach ($POST as $field => $value) {
         if (!in_array($field, $this->ignore)) {
             if (!isset($data[$this->rename($field)])) {
                 $data[$this->rename($field)] = decode(filter($value, "escape"));
             }
         }
     }
     return $data;
 }
コード例 #2
0
ファイル: comments.php プロジェクト: no2key/MuuCMS
 public function saveComments()
 {
     $this->ID_Application = POST("ID_Application");
     $this->ID_Record = POST("ID_Record");
     $this->comment = POST("comment", "clean", FALSE);
     $this->email = POST("email");
     $this->website = POST("website");
     $this->name = SESSION("ZanUser") ? NULL : POST("name");
     $this->username = SESSION("ZanUser") ? SESSION("ZanUser") : NULL;
     $this->ID_User = SESSION("ZanUserID") ? (int) SESSION("ZanUserID") : 0;
     $this->state = "Active";
     $this->date1 = now(4);
     $this->date2 = now(2);
     $this->year = date("Y");
     $this->month = date("m");
     $this->day = date("d");
     $this->URL = POST("URL");
     if ($this->ID_Application === "3") {
         if ($this->comment === NULL) {
             return getAlert("Empty Comment");
         }
         if (isSPAM($this->comment) === TRUE) {
             return getAlert("STOP, SPAM");
         }
         if (isVulgar($this->comment) === TRUE) {
             return getAlert("STOP, The Comment is Vulgar");
         }
         if (isInjection($this->comment) === TRUE) {
             return getAlert("STOP, Injection");
         } else {
             cleanHTML($this->comment);
         }
         if ($this->ID_User > 0) {
             $this->Db->table($this->table);
             $repost = $this->Db->findBySQL("Comment = '{$this->comment}' AND Year = '{$this->year}' AND Month = '{$this->month}' AND Day = '{$this->day}' AND Name = '{$this->name}'");
             if (is_array($repost)) {
                 return getAlert("This Comment has been posted yet");
             }
             $fields = "ID_User, Username, Comment, Start_Date, Text_Date, Year, Month, Day, State";
             $values = "'{$this->ID_User}', '{$this->username}', '{$this->comment}', '{$this->date1}', '{$this->date2}', '{$this->year}', '{$this->month}', '{$this->day}', '{$this->state}'";
             $this->Db->table($this->table, $fields);
             $this->Db->values($values);
             $this->insertID1 = $this->Db->save();
             $fields = "ID_Application, ID_Comment";
             $values = "'3', '{$this->insertID1}'";
             $this->Db->table("comments2applications", $fields);
             $this->Db->values($values);
             $this->insertID2 = $this->Db->save();
             $fields = "ID_Comment2Application, ID_Record";
             $values = "'{$this->insertID2}', '{$this->ID_Record}'";
             $this->Db->table("comments2records", $fields);
             $this->Db->values($values);
             $this->insertID3 = $this->Db->save();
         } else {
             $this->Db->table($this->table);
             $repost = $this->Db->findBySQL("ID_User = '******' AND Comment = '{$this->comment}' AND Year = '{$this->year}' AND Month = '{$this->month}' AND Day = '{$this->day}'");
             if (is_array($repost)) {
                 return getAlert("This Comment has been posted yet");
             }
             if ($this->name === NULL) {
                 return getAlert("Empty Name");
             }
             if (isVulgar($this->name) === TRUE) {
                 return getAlert("STOP, Vulgar Name");
             }
             if (isInjection($this->name) === TRUE) {
                 return getAlert("STOP, Injection");
             } else {
                 cleanHTML($this->comment);
             }
             if ($this->email === NULL) {
                 return getAlert("Empty Email");
             }
             if (isEmail($this->email) === FALSE) {
                 return getAlert("Invalid Email");
             }
             if (isset($this->website) and ping($this->website) === FALSE) {
                 if (isInjection($this->website) === TRUE) {
                     return getAlert("STOP, Injection");
                 } else {
                     cleanHTML($this->website);
                 }
                 return getAlert("Invalid Website");
             }
             $fields = "ID_User, Comment, Start_Date, Text_Date, Year, Month, Day, Name, Email, Website, State";
             $values = "'{$this->ID_User}', '{$this->comment}', '{$this->date1}', '{$this->date2}', '{$this->year}', '{$this->month}', '{$this->day}', '{$this->name}', '{$this->email}', '{$this->website}', '{$this->state}'";
             $this->Db->table($this->table, $fields);
             $this->Db->values($values);
             $this->insertID1 = $this->Db->save();
             $fields = "ID_Application, ID_Comment";
             $values = "'3', '{$this->insertID1}'";
             $this->Db->table("comments2applications", $fields);
             $this->Db->values($values);
             $this->insertID2 = $this->Db->save();
             $fields = "ID_Comment2Application, ID_Record";
             $values = "'{$this->insertID2}', '{$this->ID_Record}'";
             $this->Db->table("comments2records", $fields);
             $this->Db->values($values);
             $this->insertID3 = $this->Db->save();
         }
         if ($this->insertID1 === "rollback" or $this->insertID2 === "rollback" or $this->insertID3 === "rollback") {
             $this->Db->rollBack();
             return getAlert("Insert error");
         } else {
             $this->Db->commit();
             return getAlert("The comment has been saved correctly", "success");
         }
     }
 }
コード例 #3
0
ファイル: data.php プロジェクト: jgianpiere/ZanPHP
 public function process($data = null, $validations = false)
 {
     if (is_array($validations)) {
         foreach ($validations as $field => $validation) {
             if ($validation === "required") {
                 if (!POST($field)) {
                     $field = $this->rename($field);
                     return array("error" => getAlert(__("{$field} is required")));
                 }
             } elseif ($validation === "name?") {
                 if (!isName(POST($field))) {
                     return array("error" => getAlert(__("{$field} is not a valid name")));
                 }
             } elseif ($validation === "email?") {
                 if (!isEmail(POST($field))) {
                     return array("error" => getAlert(__("{$field} is not a valid email")));
                 }
             } elseif ($validation === "captcha?") {
                 if (!POST("captcha_token") or !POST("captcha_type")) {
                     return array("error" => getAlert(__(POST("captcha_type") === "aritmethic" ? "Please enter your answer again" : "Please type the characters you see in the picture")));
                 } elseif (POST("captcha_type") === "aritmethic") {
                     if (SESSION("ZanCaptcha" . POST("captcha_token")) != POST($field)) {
                         return array("error" => getAlert(__("Your answer was incorrect")));
                     }
                 } else {
                     if (SESSION("ZanCaptcha" . POST("captcha_token")) !== POST($field)) {
                         return array("error" => getAlert(__("The characters did not match the picture")));
                     }
                 }
             } elseif ($validation === "injection?") {
                 if (isInjection(POST($field))) {
                     return array("error" => getAlert(__("SQL/HTML injection attempt blocked")));
                 }
             } elseif ($validation === "spam?") {
                 if (isSPAM(POST($field))) {
                     return array("error" => getAlert(__("SPAM prohibited")));
                 }
             } elseif ($validation === "vulgar?") {
                 if (isVulgar(POST($field))) {
                     return array("error" => getAlert(__("Your {$field} is very vulgar")));
                 }
             } elseif ($validation === "ping") {
                 if (!ping(POST($field))) {
                     return array("error" => getAlert(__("Invalid URL")));
                 }
             } elseif (is_string($validation) and substr($validation, 0, 6) === "length") {
                 $count = (int) substr($validation, 7, 8);
                 $count = $count > 0 ? $count : 6;
                 if (strlen(POST($field)) < $count) {
                     return array("error" => getAlert(__("{$field}") . " " . __("must have at least") . " {$count} " . __("characters")));
                 }
             } elseif (isset($field["exists"]) and isset($this->table)) {
                 if (is_array($validation)) {
                     if (isset($validation["or"]) and count($validation) > 2) {
                         unset($validation["or"]);
                         $fields = array_keys($validation);
                         for ($i = 0; $i <= count($fields) - 1; $i++) {
                             $exists = $this->Db->findBy($fields[$i], $validation[$fields[$i]]);
                             if ($exists) {
                                 return array("error" => getAlert(__("The " . strtolower($fields[$i]) . " already exists")));
                             }
                         }
                     } else {
                         $field = array_keys($validation);
                         $exists = $this->Db->findBy($field[0], $validation[$field[0]]);
                         if ($exists) {
                             return array("error" => getAlert(__("The " . strtolower($field[0]) . " already exists")));
                         }
                     }
                 }
             }
         }
     }
     if (is_null($data)) {
         $data = array();
     }
     $POST = POST(true);
     foreach ($POST as $field => $value) {
         if (!in_array($field, $this->ignore)) {
             if (!isset($data[$this->rename($field)])) {
                 $data[$this->rename($field)] = decode(filter($value, "escape"));
             }
         }
     }
     return $data;
 }
コード例 #4
0
ファイル: forums.php プロジェクト: no2key/MuuCMS
 private function setReply()
 {
     $ID_Topic = segment(3);
     if (segment(4) === "edit") {
         $action = "edit";
         $ID_Reply = segment(5);
     } elseif (segment(4) === "new") {
         $action = "save";
     }
     if (segment(6) > 0) {
         $page = segment(6);
     } else {
         $page = 1;
     }
     if (SESSION("ZanUserID") > 0) {
         $this->js("tiny-mce", NULL, "basic");
         $this->js("validations", $this->application);
         if (POST("cancel")) {
             redirect($this->application . _sh . segment(2) . _sh . segment(3) . _sh);
         }
         if (!POST("doAction")) {
             if ($action === "save") {
                 $topic = $this->Forums_Model->getTopicByID($ID_Topic);
             } elseif ($action === "edit") {
                 $topic = $this->Forums_Model->getTopicByID($ID_Reply);
             }
             if ($topic) {
                 $vars["ID_Post"] = $topic[0]["ID_Post"];
                 $vars["ID_Forum"] = $topic[0]["ID_Forum"];
                 if ($action === "save") {
                     $vars["title"] = "Re: " . $topic[0]["Title"];
                     $vars["content"] = "";
                     $vars["href"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . "new");
                     $vars["hrefURL"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh);
                 } elseif ($action === "edit") {
                     $vars["title"] = $topic[0]["Title"];
                     $vars["content"] = $topic[0]["Content"];
                     $vars["ID_Topic"] = $topic[0]["ID_Parent"];
                     $vars["hrefURL"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . "page" . _sh . $page);
                     $vars["href"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . "edit" . _sh . $ID_Reply . _sh . $page);
                 }
                 $vars["action"] = $action;
                 $vars["view"] = $this->view("reply", $this->application, TRUE);
                 $this->template("content", $vars);
             }
         } else {
             if (!POST("title")) {
                 $alert = getAlert("You must to write a title");
             } elseif (isEmptyTiny(POST("content", "decode", FALSE))) {
                 $alert = getAlert("You must to a write a content");
             } elseif (strlen(POST("title")) < 4) {
                 $alert = getAlert("You must to write a valid title");
             } elseif (!POST("content")) {
                 $alert = getAlert("You must to a write a content");
             } elseif (strlen(POST("content")) < 4) {
                 $alert = getAlert("You must to write a valid content");
             } elseif (isInjection(POST("content", "decode", FALSE))) {
                 $alert = getAlert("The content is invalid");
             } elseif (isEmptyTiny(POST("content", "decode", FALSE))) {
                 $alert = getAlert("The content is invalid");
             } elseif (isVulgar(strtolower(POST("title")))) {
                 $alert = getAlert("The title is vulgar");
             } elseif (isVulgar(strtolower(POST("content")))) {
                 $alert = getAlert("The content is vulgar");
             } elseif (isSPAM(POST("content"))) {
                 $alert = getAlert("The content has spam");
             }
             if (isset($alert)) {
                 $vars["alert"] = $alert;
                 $vars["ID_Post"] = POST("ID_Post");
                 $vars["ID_Forum"] = POST("ID_Forum");
                 $vars["title"] = POST("title");
                 $vars["content"] = cleanTiny(POST("content", "decode", FALSE));
                 $vars["action"] = $action;
                 if ($action === "save") {
                     $vars["href"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . "new");
                     $vars["hrefURL"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh);
                 } elseif ($action === "edit") {
                     $vars["ID_Topic"] = POST("ID_Topic");
                     $vars["href"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . "edit" . _sh . $ID_Reply . _sh . $page);
                     $vars["hrefURL"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . "page" . _sh . $page);
                 }
                 $vars["view"] = $this->view("reply", $this->application, TRUE);
                 $this->template("content", $vars);
             } else {
                 if ($action === "save") {
                     $success = $this->Forums_Model->setReply();
                     if ($success > 0) {
                         $page = $this->Forums_Model->getPage($ID_Topic);
                         $reply = $this->Forums_Model->addUserReply();
                     } else {
                         $page = 1;
                     }
                 } elseif ($action === "edit") {
                     $success = $this->Forums_Model->editReply();
                 }
                 $vars["success"] = $success;
                 $vars["action"] = $action;
                 if ($action === "save") {
                     $vars["href"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . _page . _sh . $page . _sh . "#bottom");
                 } elseif ($action === "edit") {
                     $vars["href"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . _page . _sh . $page);
                 }
                 $vars["view"] = $this->view("reply", $this->application, TRUE);
                 $this->template("content", $vars);
             }
         }
     } else {
         redirect($this->application . _sh . segment(2) . _sh . segment(3) . _sh);
     }
 }