function display_login() { nav_start_outer("Login", ""); $login_username = sanatize_username($_POST['login_username']); $php_self = $_SERVER['PHP_SELF']; ?> <div id="login" class="centerpiece"> <form name="loginform" method="POST" action="<?php echo $php_self; ?> "> <table> <tr> <td>Username:</td> <td><input type="text" name="login_username" size="30" autocomplete="no" value="<?php echo $login_username; ?> "></td> </tr> <tr> <td>Password:</td> <td colspan="2"><input type="password" name="login_password" size="30" autocomplete="no"> <input type="submit" name="submit_login" value="Log in"> <input type="submit" name="submit_registration" value="Register"></td> </tr> </table> </form> </div> <div class="footer warning"> <?php global $login_error; echo $login_error; ?> </div> <script>document.loginform.login_username.focus();</script> <?php nav_end_outer(); }
function display_login() { nav_start_outer("Login"); ?> <div></div> <div id="login" class="centerpiece"> <form name=login_form method=POST action="<?php echo $_SERVER['PHP_SELF']; ?> "> <table> <tr> <td>Username:</td> <td><input type=text name=loginusername size=30 autocomplete=no value=<?php echo htmlspecialchars($_POST['loginusername']); ?> ></td> </tr> <tr> <td>Password:</td> <td colspan=2><input type=password name=loginpassword size=30 autocomplete=no> <input type=submit name=submitlogin value="Log in"> <input type=submit name=submit_registration value="Register"></td> </tr> </table> </form> </div> <div class="footer warning"> <?php global $login_error; echo $login_error; ?> </div> <script>document.login_form.loginusername.focus();</script> <?php nav_end_outer(); }
<?php require_once "includes/common.php"; nav_start_outer("Home"); nav_start_inner(); ?> <b>Balance:</b> <?php $sql = "SELECT Zoobars FROM Person WHERE PersonID={$user->id}"; $rs = $db->executeQuery($sql); $balance = $rs->getValueByNr(0, 0); echo $balance > 0 ? $balance : 0; ?> zoobars<br/> <b>Your profile:</b> <form method="POST" name=profile_form action="<?php echo $_SERVER['PHP_SELF']; ?> "> <textarea name="profileupdate"> <?php if ($_POST['profilesubmit']) { // Check for profile submission $profile = $_POST['profileupdate']; if ($user->id != "*") { $sql = "UPDATE Person SET Profile='{$profile}' " . "WHERE PersonID={$user->id}"; $db->executeQuery($sql); // Overwrite profile in database } }
<?php require_once "includes/common.php"; global $php_self; global $secret_token; global $form_token; nav_start_outer("Transfer", $secret_token); nav_start_inner(); /* UNTRUSTED DATA SANITIZATION */ $recipient = sanatize_username($_POST['recipient']); /* reflected & used in SQL query */ $submission_status = $_POST['submission']; /* not reflected or stored */ $zoobars = (int) $_POST['zoobars']; /* reflected, cast will sanatize */ /* END UNTRUSTED DATA SANITIZATION */ if ($submission_status && $form_token && $form_token == $secret_token) { $sql = "SELECT Zoobars FROM Person WHERE PersonID={$user->id}"; $rs = $db->executeQuery($sql); $sender_balance = (int) $rs->getValueByNr(0, 0) - $zoobars; $sql = "SELECT PersonID FROM Person WHERE Username='******'"; $rs = $db->executeQuery($sql); $recipient_exists = $rs->getValueByNr(0, 0); if ($zoobars > 0 && $sender_balance >= 0 && $recipient_exists) { $sql = "UPDATE Person SET Zoobars = {$sender_balance} " . "WHERE PersonID={$user->id}"; $db->executeQuery($sql); $sql = "SELECT Zoobars FROM Person WHERE Username='******'"; $rs = $db->executeQuery($sql); $recipient_balance = (int) $rs->getValueByNr(0, 0) + $zoobars; $sql = "UPDATE Person SET Zoobars = {$recipient_balance} " . "WHERE Username='******'"; $db->executeQuery($sql);
<?php require_once "includes/common.php"; nav_start_outer("Transfer"); nav_start_inner(); if ($_POST['submission']) { $recipient = $db->quote($_POST['recipient']); $zoobars = (int) $_POST['zoobars']; $sql = "SELECT Zoobars FROM Person WHERE PersonID={$user->id}"; $rs = $db->executeQuery($sql); $sender_balance = $rs->getValueByNr(0, 0) - $zoobars; $sql = "SELECT PersonID FROM Person WHERE Username='******'"; $rs = $db->executeQuery($sql); $recipient_exists = $rs->getValueByNr(0, 0); if ($zoobars > 0 && $sender_balance >= 0 && $recipient_exists) { $sql = "UPDATE Person SET Zoobars = {$sender_balance} " . "WHERE PersonID={$user->id}"; $db->executeQuery($sql); $sql = "SELECT Zoobars FROM Person WHERE Username='******'"; $rs = $db->executeQuery($sql); $recipient_balance = $rs->getValueByNr(0, 0) + $zoobars; $sql = "UPDATE Person SET Zoobars = {$recipient_balance} " . "WHERE Username='******'"; $db->executeQuery($sql); $result = "Sent {$zoobars} zoobars"; } else { $result = "Transfer to {$recipient} failed."; } } ?> <p><b>Balance:</b> <?php $sql = "SELECT Zoobars FROM Person WHERE PersonID={$user->id}";
<?php require_once "includes/common.php"; global $php_self; global $secret_token; global $form_token; nav_start_outer("Home", $secret_token); nav_start_inner(); /* UNTRUSTED DATA SANITIZATION */ $profile_submit = $_POST['profile_submit']; $profile = sanatize_profile($_POST['profile_update']); /* END UNTRUSTED DATA SANITIZATION */ ?> <b>Balance:</b> <?php $sql = "SELECT Zoobars FROM Person WHERE PersonID={$user->id}"; $rs = $db->executeQuery($sql); $balance = (int) $rs->getValueByNr(0, 0); echo $balance > 0 ? $balance : 0; ?> zoobars<br/> <b>Your profile:</b> <form method="POST" name="profileform" action="<?php echo $php_self; ?> "> <textarea name="profile_update"> <?php if ($profile_submit && $form_token && $form_token == $secret_token) { // Check for profile submission $sql = "UPDATE Person SET Profile='{$profile}' " . "WHERE PersonID={$user->id}";
<?php require_once "includes/common.php"; nav_start_outer("Users"); nav_start_inner(); ?> <form name="profileform" method="GET" action="<?php echo $_SERVER['PHP_SELF']; ?> "> <nobr>User: <input type="text" name="user" value="<?php echo stripslashes($_GET['user']); ?> " size=10> <input type="submit" value="View"></nobr> </form> <div id="profileheader"><!-- user data appears here --></div> <?php $selecteduser = $db->quote($_GET['user']); $sql = "SELECT Profile, Username, Zoobars FROM Person " . "WHERE Username='******'"; $rs = $db->executeQuery($sql); if ($rs->next()) { // Sanitize and display profile list($profile, $username, $zoobars) = $rs->getCurrentValues(); echo "<div class=profilecontainer><b>Profile</b>"; $allowed_tags = '<a><br><b><h1><h2><h3><h4><i><img><li><ol><p><strong><table>' . '<tr><td><th><u><ul><em><span>'; $profile = strip_tags($profile, $allowed_tags); $disallowed = 'javascript:|window|eval|setTimeout|setInterval|target|' . 'onAbort|onBlur|onChange|onClick|onDblClick|' . 'onDragDrop|onError|onFocus|onKeyDown|onKeyPress|' . 'onKeyUp|onLoad|onMouseDown|onMouseMove|onMouseOut|' . 'onMouseOver|onMouseUp|onMove|onReset|onResize|' . 'onSelect|onSubmit|onUnload'; $profile = preg_replace("/{$disallowed}/i", " ", $profile);
<?php require_once "includes/common.php"; global $php_self; global $secret_token; nav_start_outer("Users", $secret_token); nav_start_inner(); /* UNTRUSTED DATA SANITIZATION */ $selecteduser = sanatize_username($_GET['user']); // only allow innocuous characters /* END UNTRUSTED DATA SANITIZATION */ ?> <form name="profileform" method="GET" action="<?php echo $php_self; ?> "> <nobr>User: <input type="text" name="user" value="<?php echo $selecteduser; ?> " size="10"> <input type="submit" value="View"></nobr> </form> <div id="profileheader"><!-- user data appears here --></div> <?php $sql = "SELECT Profile, Username, Zoobars FROM Person " . "WHERE Username='******'"; $rs = $db->executeQuery($sql); if ($rs->next()) { // Sanitize and display profile list($profile, $username, $zoobars) = $rs->getCurrentValues(); /* UNTRUSTED DATA SANITIZATION */