public function proccess($data = NULL, $validations = FALSE) { if (is_array($validations)) { foreach ($validations as $field => $validation) { if ($validation === "required") { if (!POST($field)) { $field = $this->rename($field); return array("error" => getAlert("{$field} is required")); } } elseif ($validation === "email?") { if (!isEmail(POST($field))) { return array("error" => getAlert("{$field} is not a valid email")); } } elseif ($validation === "injection?") { if (isInjection(POST($field))) { return array("error" => getAlert("SQL/HTML injection attempt blocked")); } } elseif ($validation === "spam?") { if (isSPAM(POST($field))) { return array("error" => getAlert("SPAM prohibited")); } } elseif ($validation === "vulgar?") { if (isVulgar(POST($field))) { return array("error" => getAlert("Your {$field} is very vulgar")); } } elseif ($validation === "ping") { if (!ping(POST($field))) { return array("error" => getAlert("Invalid URL")); } } elseif (is_string($validation) and substr($validation, 0, 6) === "length") { $count = (int) substr($validation, 7, 8); $count = $count > 0 ? $count : 6; if (strlen(POST($field)) < $count) { return array("error" => getAlert("{$field} must have at least {$count} characters")); } } elseif (isset($field["exists"]) and isset($this->table) and POST("save")) { if (is_array($validation)) { $exists = $this->Db->findBy($validation); if ($exists) { return array("error" => getAlert("The record already exists")); } } } } } if (is_null($data)) { $data = array(); } $POST = POST(TRUE); foreach ($POST as $field => $value) { if (!in_array($field, $this->ignore)) { if (!isset($data[$this->rename($field)])) { $data[$this->rename($field)] = decode(filter($value, "escape")); } } } return $data; }
public function saveComments() { $this->ID_Application = POST("ID_Application"); $this->ID_Record = POST("ID_Record"); $this->comment = POST("comment", "clean", FALSE); $this->email = POST("email"); $this->website = POST("website"); $this->name = SESSION("ZanUser") ? NULL : POST("name"); $this->username = SESSION("ZanUser") ? SESSION("ZanUser") : NULL; $this->ID_User = SESSION("ZanUserID") ? (int) SESSION("ZanUserID") : 0; $this->state = "Active"; $this->date1 = now(4); $this->date2 = now(2); $this->year = date("Y"); $this->month = date("m"); $this->day = date("d"); $this->URL = POST("URL"); if ($this->ID_Application === "3") { if ($this->comment === NULL) { return getAlert("Empty Comment"); } if (isSPAM($this->comment) === TRUE) { return getAlert("STOP, SPAM"); } if (isVulgar($this->comment) === TRUE) { return getAlert("STOP, The Comment is Vulgar"); } if (isInjection($this->comment) === TRUE) { return getAlert("STOP, Injection"); } else { cleanHTML($this->comment); } if ($this->ID_User > 0) { $this->Db->table($this->table); $repost = $this->Db->findBySQL("Comment = '{$this->comment}' AND Year = '{$this->year}' AND Month = '{$this->month}' AND Day = '{$this->day}' AND Name = '{$this->name}'"); if (is_array($repost)) { return getAlert("This Comment has been posted yet"); } $fields = "ID_User, Username, Comment, Start_Date, Text_Date, Year, Month, Day, State"; $values = "'{$this->ID_User}', '{$this->username}', '{$this->comment}', '{$this->date1}', '{$this->date2}', '{$this->year}', '{$this->month}', '{$this->day}', '{$this->state}'"; $this->Db->table($this->table, $fields); $this->Db->values($values); $this->insertID1 = $this->Db->save(); $fields = "ID_Application, ID_Comment"; $values = "'3', '{$this->insertID1}'"; $this->Db->table("comments2applications", $fields); $this->Db->values($values); $this->insertID2 = $this->Db->save(); $fields = "ID_Comment2Application, ID_Record"; $values = "'{$this->insertID2}', '{$this->ID_Record}'"; $this->Db->table("comments2records", $fields); $this->Db->values($values); $this->insertID3 = $this->Db->save(); } else { $this->Db->table($this->table); $repost = $this->Db->findBySQL("ID_User = '******' AND Comment = '{$this->comment}' AND Year = '{$this->year}' AND Month = '{$this->month}' AND Day = '{$this->day}'"); if (is_array($repost)) { return getAlert("This Comment has been posted yet"); } if ($this->name === NULL) { return getAlert("Empty Name"); } if (isVulgar($this->name) === TRUE) { return getAlert("STOP, Vulgar Name"); } if (isInjection($this->name) === TRUE) { return getAlert("STOP, Injection"); } else { cleanHTML($this->comment); } if ($this->email === NULL) { return getAlert("Empty Email"); } if (isEmail($this->email) === FALSE) { return getAlert("Invalid Email"); } if (isset($this->website) and ping($this->website) === FALSE) { if (isInjection($this->website) === TRUE) { return getAlert("STOP, Injection"); } else { cleanHTML($this->website); } return getAlert("Invalid Website"); } $fields = "ID_User, Comment, Start_Date, Text_Date, Year, Month, Day, Name, Email, Website, State"; $values = "'{$this->ID_User}', '{$this->comment}', '{$this->date1}', '{$this->date2}', '{$this->year}', '{$this->month}', '{$this->day}', '{$this->name}', '{$this->email}', '{$this->website}', '{$this->state}'"; $this->Db->table($this->table, $fields); $this->Db->values($values); $this->insertID1 = $this->Db->save(); $fields = "ID_Application, ID_Comment"; $values = "'3', '{$this->insertID1}'"; $this->Db->table("comments2applications", $fields); $this->Db->values($values); $this->insertID2 = $this->Db->save(); $fields = "ID_Comment2Application, ID_Record"; $values = "'{$this->insertID2}', '{$this->ID_Record}'"; $this->Db->table("comments2records", $fields); $this->Db->values($values); $this->insertID3 = $this->Db->save(); } if ($this->insertID1 === "rollback" or $this->insertID2 === "rollback" or $this->insertID3 === "rollback") { $this->Db->rollBack(); return getAlert("Insert error"); } else { $this->Db->commit(); return getAlert("The comment has been saved correctly", "success"); } } }
public function process($data = null, $validations = false) { if (is_array($validations)) { foreach ($validations as $field => $validation) { if ($validation === "required") { if (!POST($field)) { $field = $this->rename($field); return array("error" => getAlert(__("{$field} is required"))); } } elseif ($validation === "name?") { if (!isName(POST($field))) { return array("error" => getAlert(__("{$field} is not a valid name"))); } } elseif ($validation === "email?") { if (!isEmail(POST($field))) { return array("error" => getAlert(__("{$field} is not a valid email"))); } } elseif ($validation === "captcha?") { if (!POST("captcha_token") or !POST("captcha_type")) { return array("error" => getAlert(__(POST("captcha_type") === "aritmethic" ? "Please enter your answer again" : "Please type the characters you see in the picture"))); } elseif (POST("captcha_type") === "aritmethic") { if (SESSION("ZanCaptcha" . POST("captcha_token")) != POST($field)) { return array("error" => getAlert(__("Your answer was incorrect"))); } } else { if (SESSION("ZanCaptcha" . POST("captcha_token")) !== POST($field)) { return array("error" => getAlert(__("The characters did not match the picture"))); } } } elseif ($validation === "injection?") { if (isInjection(POST($field))) { return array("error" => getAlert(__("SQL/HTML injection attempt blocked"))); } } elseif ($validation === "spam?") { if (isSPAM(POST($field))) { return array("error" => getAlert(__("SPAM prohibited"))); } } elseif ($validation === "vulgar?") { if (isVulgar(POST($field))) { return array("error" => getAlert(__("Your {$field} is very vulgar"))); } } elseif ($validation === "ping") { if (!ping(POST($field))) { return array("error" => getAlert(__("Invalid URL"))); } } elseif (is_string($validation) and substr($validation, 0, 6) === "length") { $count = (int) substr($validation, 7, 8); $count = $count > 0 ? $count : 6; if (strlen(POST($field)) < $count) { return array("error" => getAlert(__("{$field}") . " " . __("must have at least") . " {$count} " . __("characters"))); } } elseif (isset($field["exists"]) and isset($this->table)) { if (is_array($validation)) { if (isset($validation["or"]) and count($validation) > 2) { unset($validation["or"]); $fields = array_keys($validation); for ($i = 0; $i <= count($fields) - 1; $i++) { $exists = $this->Db->findBy($fields[$i], $validation[$fields[$i]]); if ($exists) { return array("error" => getAlert(__("The " . strtolower($fields[$i]) . " already exists"))); } } } else { $field = array_keys($validation); $exists = $this->Db->findBy($field[0], $validation[$field[0]]); if ($exists) { return array("error" => getAlert(__("The " . strtolower($field[0]) . " already exists"))); } } } } } } if (is_null($data)) { $data = array(); } $POST = POST(true); foreach ($POST as $field => $value) { if (!in_array($field, $this->ignore)) { if (!isset($data[$this->rename($field)])) { $data[$this->rename($field)] = decode(filter($value, "escape")); } } } return $data; }
private function setReply() { $ID_Topic = segment(3); if (segment(4) === "edit") { $action = "edit"; $ID_Reply = segment(5); } elseif (segment(4) === "new") { $action = "save"; } if (segment(6) > 0) { $page = segment(6); } else { $page = 1; } if (SESSION("ZanUserID") > 0) { $this->js("tiny-mce", NULL, "basic"); $this->js("validations", $this->application); if (POST("cancel")) { redirect($this->application . _sh . segment(2) . _sh . segment(3) . _sh); } if (!POST("doAction")) { if ($action === "save") { $topic = $this->Forums_Model->getTopicByID($ID_Topic); } elseif ($action === "edit") { $topic = $this->Forums_Model->getTopicByID($ID_Reply); } if ($topic) { $vars["ID_Post"] = $topic[0]["ID_Post"]; $vars["ID_Forum"] = $topic[0]["ID_Forum"]; if ($action === "save") { $vars["title"] = "Re: " . $topic[0]["Title"]; $vars["content"] = ""; $vars["href"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . "new"); $vars["hrefURL"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh); } elseif ($action === "edit") { $vars["title"] = $topic[0]["Title"]; $vars["content"] = $topic[0]["Content"]; $vars["ID_Topic"] = $topic[0]["ID_Parent"]; $vars["hrefURL"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . "page" . _sh . $page); $vars["href"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . "edit" . _sh . $ID_Reply . _sh . $page); } $vars["action"] = $action; $vars["view"] = $this->view("reply", $this->application, TRUE); $this->template("content", $vars); } } else { if (!POST("title")) { $alert = getAlert("You must to write a title"); } elseif (isEmptyTiny(POST("content", "decode", FALSE))) { $alert = getAlert("You must to a write a content"); } elseif (strlen(POST("title")) < 4) { $alert = getAlert("You must to write a valid title"); } elseif (!POST("content")) { $alert = getAlert("You must to a write a content"); } elseif (strlen(POST("content")) < 4) { $alert = getAlert("You must to write a valid content"); } elseif (isInjection(POST("content", "decode", FALSE))) { $alert = getAlert("The content is invalid"); } elseif (isEmptyTiny(POST("content", "decode", FALSE))) { $alert = getAlert("The content is invalid"); } elseif (isVulgar(strtolower(POST("title")))) { $alert = getAlert("The title is vulgar"); } elseif (isVulgar(strtolower(POST("content")))) { $alert = getAlert("The content is vulgar"); } elseif (isSPAM(POST("content"))) { $alert = getAlert("The content has spam"); } if (isset($alert)) { $vars["alert"] = $alert; $vars["ID_Post"] = POST("ID_Post"); $vars["ID_Forum"] = POST("ID_Forum"); $vars["title"] = POST("title"); $vars["content"] = cleanTiny(POST("content", "decode", FALSE)); $vars["action"] = $action; if ($action === "save") { $vars["href"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . "new"); $vars["hrefURL"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh); } elseif ($action === "edit") { $vars["ID_Topic"] = POST("ID_Topic"); $vars["href"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . "edit" . _sh . $ID_Reply . _sh . $page); $vars["hrefURL"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . "page" . _sh . $page); } $vars["view"] = $this->view("reply", $this->application, TRUE); $this->template("content", $vars); } else { if ($action === "save") { $success = $this->Forums_Model->setReply(); if ($success > 0) { $page = $this->Forums_Model->getPage($ID_Topic); $reply = $this->Forums_Model->addUserReply(); } else { $page = 1; } } elseif ($action === "edit") { $success = $this->Forums_Model->editReply(); } $vars["success"] = $success; $vars["action"] = $action; if ($action === "save") { $vars["href"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . _page . _sh . $page . _sh . "#bottom"); } elseif ($action === "edit") { $vars["href"] = path($this->application . _sh . segment(2) . _sh . $ID_Topic . _sh . _page . _sh . $page); } $vars["view"] = $this->view("reply", $this->application, TRUE); $this->template("content", $vars); } } } else { redirect($this->application . _sh . segment(2) . _sh . segment(3) . _sh); } }