コード例 #1
0
ファイル: ring.php プロジェクト: nolenfelten/TLWSD
         // For replacing
         $DB->exec("UPDATE rings SET validFlag = '0', ciphertext = '{$newCipher}', hash = '{$newHash}' WHERE id = '{$i}'");
         $numValid--;
         if ($numValid < 1) {
             while (!shredData(NONCE_ROOT . "{$req}.ring")) {
                 // If it returns false, wait a few clock cycles
                 usleep(1000);
             }
         }
         // Overwrite
         //ob_end_clean();
         if (!$_COOKIE['neverForward']) {
             header("Location: {$data}");
             die($url);
         } else {
             $data = removeXSS($data);
             // Experimental; without warranty
             include "includes/header.php";
             echo "The destination URL is: <a href=\"" . $data . "\">" . $data . "</a>";
             include "includes/footer.php";
         }
         exit;
     }
     //echo substr( hash_hmac('sha512', $_POST['password'], $salt, false), 0, 64)." != ".$row['hash']."\n"; // DEBUG
 }
 //echo "</pre>";
 //$data = ob_get_clean();
 if (!$found) {
     include "includes/header.php";
     echo "<div style=\"color: red;\">Incorrect password, or it has already been used.</div>\n";
     //echo $data;
コード例 #2
0
ファイル: messages.php プロジェクト: gillima/phplist3
} else {
    unset($start);
}
if (!isset($_SESSION['messagefilter'])) {
    $_SESSION['messagefilter'] = '';
}
if (!empty($_POST['clear'])) {
    $_SESSION['messagefilter'] = '';
    $_SESSION['messagesortby'] = '';
    $_SESSION['messagenumpp'] = MAX_MSG_PP;
    unset($_POST['filter']);
    unset($_POST['numPP']);
    unset($_POST['sortBy']);
}
if (isset($_POST['filter'])) {
    $_SESSION['messagefilter'] = removeXSS($_POST['filter']);
    if ($_SESSION['messagefilter'] == ' --- filter --- ') {
        $_SESSION['messagefilter'] = '';
    }
}
if (!isset($_SESSION['messagenumpp'])) {
    $_SESSION['messagenumpp'] = MAX_MSG_PP;
}
if (isset($_POST['numPP'])) {
    $_SESSION['messagenumpp'] = sprintf('%d', $_POST['numPP']);
    if ($_SESSION['messagenumpp'] <= 0) {
        $_SESSION['messagenumpp'] = MAX_MSG_PP;
    }
}
# remember last one listed
if (!isset($_GET['tab']) && !empty($_SESSION['lastmessagetype'])) {
コード例 #3
0
ファイル: forgot-password.php プロジェクト: sangikumar/IP
    $token = trim($_GET["deny"]);
    if ($token == "" || !validateActivationToken($token, TRUE)) {
        $errors[] = lang("FORGOTPASS_INVALID_TOKEN");
    } else {
        $userdetails = fetchUserDetails(NULL, $token);
        if (!flagLostPasswordRequest($userdetails["user_name"], 0)) {
            $errors[] = lang("SQL_ERROR");
        } else {
            $successes[] = lang("FORGOTPASS_REQUEST_CANNED");
        }
    }
}
//Forms posted
if (!empty($_POST)) {
    $email = removeXSS($_POST["email"]);
    $username = removeXSS(sanitize($_POST["username"]));
    //Perform some validation
    //Feel free to edit / change as required
    if (trim($email) == "") {
        $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
    } else {
        if (!isValidEmail($email) || !emailExists($email)) {
            $errors[] = lang("ACCOUNT_INVALID_EMAIL");
        }
    }
    if (trim($username) == "") {
        $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
    } else {
        if (!usernameExists($username)) {
            $errors[] = lang("ACCOUNT_INVALID_USERNAME");
        }
コード例 #4
0
ファイル: resend-activation.php プロジェクト: sangikumar/IP
<?php

/*
UserCake Version: 2.0.2
http://usercake.com
*/
require_once "models/config.php";
if (!securePage($_SERVER['PHP_SELF'])) {
    die;
}
//Forms posted
if (!empty($_POST) && $emailActivation) {
    $email = removeXSS($_POST["email"]);
    $username = removeXSS($_POST["username"]);
    //Perform some validation
    //Feel free to edit / change as required
    if (trim($email) == "") {
        $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");
    } else {
        if (!isValidEmail($email) || !emailExists($email)) {
            $errors[] = lang("ACCOUNT_INVALID_EMAIL");
        }
    }
    if (trim($username) == "") {
        $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
    } else {
        if (!usernameExists($username)) {
            $errors[] = lang("ACCOUNT_INVALID_USERNAME");
        }
    }
    if (count($errors) == 0) {
コード例 #5
0
ファイル: xssTest.php プロジェクト: nolenfelten/TLWSD
<?php

include_once "includes/header.php";
?>
<h1>XSS Filter testing ground!</h1>
<?php 
$vectors = array("https://tlwsd.in", "https://eff.org", "irc://20.111.15.65/owned", "'>://dsfjk:'\"\";", "http://\"><img src=\"/index.php\" />", "http://\"><script>alert('Unfiltered');</script>", $_SERVER['PHP_SELF'], "https://<IMG SRC=javascript:alert(&quot;XSS&quot;)>", "http://';alert(String.fromCharCode(88,83,83))//\\';alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>\">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>");
foreach ($vectors as $v) {
    //echo "<p style=\"display: inline-block; width: 400px; margin: 0;\">{$v}</p>";
    $r = removeXSS($v);
    if (is_array($r)) {
        var_dump($r);
        echo "<br />\n";
    } elseif (!empty($r)) {
        echo $r . "<br />\n";
    } else {
        echo "<em>NULL -- Didn't pass the test!</em><br />\n";
    }
}
?>

<?php 
include_once "includes/footer.php";
コード例 #6
0
ファイル: login.php プロジェクト: sangikumar/IP
}
//Prevent the user visiting the logged in page if he/she is already logged in
if (isUserLoggedIn()) {
    session_write_close();
    header("Location:account.php");
    die;
}
$uname = "";
if (!empty($_GET)) {
    $uname = $_GET['uname'];
}
//Forms posted
if (!empty($_POST)) {
    $errors = array();
    $username = removeXSS(sanitize(trim($_POST["username"])));
    $password = removeXSS(trim($_POST["password"]));
    if (!empty($username)) {
        $uname = $username;
    }
    //Perform some validation
    //Feel free to edit / change as required
    if ($username == "") {
        $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
    }
    if ($password == "") {
        $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
    }
    if (count($errors) == 0) {
        if (candidateExists($username)) {
            $userdetails = fetchCandDetails($username, $password);
            if (!isset($userdetails["candidateid"])) {
コード例 #7
0
ファイル: send_core.php プロジェクト: atlcurling/tkt
        $_POST["forwardsubject"] = removeXSS($_POST["forwardsubject"]);
    }
    if (!isset($_POST["forwardmessage"])) {
        $_POST["forwardmessage"] = "";
    } else {
        $_POST["forwardmessage"] = removeXSS($_POST["forwardmessage"]);
    }
    if (!isset($_POST["forwardfooter"])) {
        $_POST["forwardfooter"] = "";
    } else {
        $_POST["forwardfooter"] = removeXSS($_POST["forwardfooter"]);
    }
    if (!isset($_POST["msgsubject"])) {
        $_POST["msgsubject"] = removeXSS($_POST["subject"]);
    } else {
        $_POST['subject'] = removeXSS($_POST['msgsubject']);
    }
    if ((!isset($_POST["year"]) || !is_array($_POST["year"])) && $_POST["embargo"] && $_POST["embargo"] != "0000-00-00 00:00:00") {
        $embargo->setDateTime($_POST["embargo"]);
    }
    if ((!isset($_POST["year"]) || !is_array($_POST["year"])) && $_POST["repeatuntil"] && $_POST["repeatuntil"] != "0000-00-00 00:00:00") {
        $repeatuntil->setDateTime($_POST["repeatuntil"]);
    }
    # not sure why this is here, but it breaks things when tables are used in the
    # message, so for now disable it.
    if (0) {
        #$usefck) {
        $_POST["message"] = nl2br($_POST["message"]);
    }
    // Load the criteria settings...
}