function handleEditPage()
{
include_once 'login.php';
include_once 'showEventFunction.php';
$backURL = "<br/><a href = \"index.php\">Back to Home</a>";
// client side validation, if error, disable submit
// if form is set and not empty, continue
$showError = true;
$errOutput = isFormFilled($showError);
if ($errOutput) {
$output = "<h1>Error</h1>";
return $output . $errOutput . $backURL;
}
$event = array();
$errMsg = array();
// prevent sql injection & data sanitize
foreach ($_POST as $field => $value) {
$event[$field] = sanitizeData($value);
}
include_once 'database_conn.php';
$columnLengthSql = "\n\t\tSELECT COLUMN_NAME, CHARACTER_MAXIMUM_LENGTH\n\t\tFROM INFORMATION_SCHEMA.COLUMNS\n\t\tWHERE TABLE_NAME = 'te_events'\n\t\tAND (column_name = 'eventTitle'\n\t\tOR column_name = 'eventDescription')";
//, DATA_TYPE
$COLUMN_LENGTH = getColumnLength($conn, $columnLengthSql);
// check data type and length validation
$isError = false;
$errMsg[] = validateStringLength($event['title'], $COLUMN_LENGTH['eventTitle']);
//title
$errMsg[] = validateStringLength($event['desc'], $COLUMN_LENGTH['eventDescription']);
//desc
$errMsg[] = validateDate($event['startTime']);
//startTime
$errMsg[] = validateDate($event['endTime']);
//endTime
$errMsg[] = validateDecimal($event['price']);
//price
for ($i = 0; $i < count($errMsg); $i++) {
if (!($errMsg[$i] === true)) {
$pageHeader = "Error";
$output = "<h1>{$pageHeader}</h1>";
$output . "{$errMsg[$i]}";
$isError = true;
}
}
//if contain error, halt continue executing the code
if ($isError) {
return $output . $backURL;
}
// prepare sql statement
$sql = "UPDATE te_events SET \n\t\teventTitle=?, eventDescription=?, \n\t\tvenueID=?, catID=?, eventStartDate=?, \n\t\teventEndDate=?, eventPrice=? WHERE eventID=?;";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_bind_param($stmt, "ssssssss", $event['title'], $event['desc'], $event['venue'], $event['category'], $event['startTime'], $event['endTime'], $event['price'], $event['e_id']);
// execute update statement
mysqli_stmt_execute($stmt);
// check is it sucess update
if (mysqli_stmt_affected_rows($stmt)) {
$output = "<h1>{$event['title']} was successfully updated.</h1>";
return $output . $backURL;
} else {
$output = "<h1>Nothing update for {$event['title']}</h1>";
return $output . $backURL;
}
echo "<br/>";
return;
}
function login()
{
include_once 'database_conn.php';
// check is form filled
if (isFormFilled()) {
// if not filled, stop
return;
}
$uid = sanitizeData($_POST['username']);
$pswd = sanitizeData($_POST['password']);
$columnLengthSql = "\n\t\t\tSELECT COLUMN_NAME, CHARACTER_MAXIMUM_LENGTH\n\t\t\tFROM INFORMATION_SCHEMA.COLUMNS\n\t\t\tWHERE TABLE_NAME = 'te_users'\n\t\t\tAND (column_name = 'username'\n\t\t\tOR column_name = 'passwd')";
$COLUMN_LENGTH = getColumnLength($conn, $columnLengthSql);
$isError = false;
$errMsg[] = validateStringLength($uid, $COLUMN_LENGTH['username']);
//uid
$errMsg[] = validateStringLength($pswd, $COLUMN_LENGTH['passwd']);
//pswd
for ($i = 0; $i < count($errMsg); $i++) {
if (!($errMsg[$i] === true)) {
echo "{$errMsg[$i]}";
$isError = true;
}
}
//if contain error, halt continue executing the code
if ($isError) {
return;
}
// check is uid exist
$checkUIDSql = "SELECT passwd, salt FROM te_users WHERE username = ?";
$stmt = mysqli_prepare($conn, $checkUIDSql);
mysqli_stmt_bind_param($stmt, "s", $uid);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
if (mysqli_stmt_num_rows($stmt) <= 0) {
echo "Sorry we don't seem to have that username.";
return;
}
mysqli_stmt_bind_result($stmt, $getHashpswd, $getSalt);
while (mysqli_stmt_fetch($stmt)) {
$hashPswd = $getHashpswd;
$salt = $getSalt;
}
// if exist, then get salt and db hashed password
// create hash based on password
// hash pswd using sha256 algorithm
// concat salt in db by uid
// hash using sha256 algorithm
$pswd = hash("sha256", $salt . hash("sha256", $pswd));
// check does it match with hased password from db
if (strcmp($pswd, $hashPswd) === 0) {
echo "Success login<br/>";
// add session
$_SESSION['logged-in'] = $uid;
// go to url
$url = $_SERVER['REQUEST_URI'];
header("Location: {$url}");
} else {
echo "Fail login<br/>";
}
}
function listSE($info = '')
{
$info = sanitizeData($info);
$info['stscheck'] = isset($info['stscheck']) ? intval($info['stscheck']) : 1;
$pageScriptPath = 'searchengine.php?stscheck=' . $info['stscheck'];
$sql = "select * from searchengines where status='{$info['stscheck']}'";
// search for search engine name
if (!empty($info['se_name'])) {
$sql .= " and url like '%" . addslashes($info['se_name']) . "%'";
$pageScriptPath .= "&se_name=" . $info['se_name'];
}
$sql .= " order by id";
# pagination setup
$this->db->query($sql, true);
$this->paging->setDivClass('pagingdiv');
$this->paging->loadPaging($this->db->noRows, SP_PAGINGNO);
$pagingDiv = $this->paging->printPages($pageScriptPath, '', 'scriptDoLoad', 'content', 'layout=ajax');
$this->set('pagingDiv', $pagingDiv);
$sql .= " limit " . $this->paging->start . "," . $this->paging->per_page;
$seList = $this->db->select($sql);
$this->set('seList', $seList);
$statusList = array($_SESSION['text']['common']['Active'] => 1, $_SESSION['text']['common']['Inactive'] => 0);
$this->set('statusList', $statusList);
$this->set('info', $info);
$this->set('pageNo', $info['pageno']);
$this->render('searchengine/list', 'ajax');
}
function create_compared($data, $signature)
{
$data = sanitizeData($data);
$signature = base64_encode($signature . ' - ' . date('h:i:s'));
$handle = fopen('./data/submissions/' . $signature, 'w');
fwrite($handle, $data);
fclose($handle);
return 'OK';
}
function findBacklink($searchInfo)
{
$urlList = explode("\n", $searchInfo['website_urls']);
$list = array();
$i = 1;
foreach ($urlList as $url) {
$url = sanitizeData($url);
if (!preg_match('/\\w+/', $url)) {
continue;
}
if (SP_DEMO) {
if ($i++ > 10) {
break;
}
}
if (!stristr($url, 'http://')) {
$url = "http://" . $url;
}
$list[] = $url;
}
$this->set('list', $list);
$this->render('backlink/findbacklink');
}
function findQuickRank($searchInfo)
{
$urlList = explode("\n", $searchInfo['website_urls']);
$list = array();
$i = 1;
foreach ($urlList as $url) {
$url = sanitizeData($url);
if (!preg_match('/\\w+/', $url)) {
continue;
}
if (SP_DEMO) {
if ($i++ > 10) {
break;
}
}
if (!stristr($url, 'http://')) {
$url = "http://" . $url;
}
$list[] = str_replace(array("\n", "\r", "\r\n", "\n\r"), "", trim($url));
}
$this->set('list', $list);
$this->render('rank/findquickrank');
}
<?php
// including the neccasary files
include_once '../inc/functions.inc.php';
include_once '../inc/db.inc.php';
// Open a new database connection
$db = new PDO(DB_INFO, DB_USER, DB_PASS);
// load all the entries
$e = retrieveEntries($db, 'blog');
//Remove the fulldisplay tag
array_pop($e);
//Perform basic sanitization
$e = sanitizeData($e);
// Add a content type header to ensure proper execution
header('Content-Type: application/rss+xml');
// Output the XML declaration
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
?>
<rss version="2.0">
<channel>
<title>My Simple Blog</title>
<link>http://localhost/simple_blog/</link>
<description>This blog is awesome.</description>
<language>en-us</language>
<?php
// Loop through the entries and generate RSS items
foreach ($e as $e) {
// Escape HTML to avoid errors
$entry = htmlentities($e['entry']);
// Build the full URL to the entry
<?php
// Include necessary filesize
include_once '../inc/functions.inc.php';
include_once '../inc/db.inc.php';
// Open a database connection
$db = new PDO(DB_INFO, DB_USER, DB_PASS);
// Load all blog post
$p = getPosts($db, 'thread');
// Remove the fulldisp flag
array_pop($p);
// Perform basic data sanitization
$p = sanitizeData($p);
// Add a content type header to ensure proper execution
header('Content-Type: application/rss+xml');
// Output XML declaration
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
?>
<rss version="2.0">
<channel>
<title>Post Hub PHP</title>
<link>http://localhost/post-hub-php/</link>
<description>This blog is awesome.</description>
<language>en-us</language>
<?php
// Loop through the posts and generate RSS items
foreach ($p as $p) {
// Escape HTML to avoid errors
$post = htmlentities($p['content']);
function updateMyProfile($userInfo)
{
$userInfo = sanitizeData($userInfo);
$userId = isLoggedIn();
$this->set('post', $userInfo);
$errMsg['userName'] = formatErrorMsg($this->validate->checkUname($userInfo['userName']));
if (!empty($userInfo['password'])) {
$errMsg['password'] = formatErrorMsg($this->validate->checkPasswords($userInfo['password'], $userInfo['confirmPassword']));
$passStr = "password = '******'password']) . "',";
}
$errMsg['firstName'] = formatErrorMsg($this->validate->checkBlank($userInfo['firstName']));
$errMsg['lastName'] = formatErrorMsg($this->validate->checkBlank($userInfo['lastName']));
$errMsg['email'] = formatErrorMsg($this->validate->checkEmail($userInfo['email']));
if (!$this->validate->flagErr) {
if ($userInfo['userName'] != $userInfo['oldName']) {
if ($this->__checkUserName($userInfo['userName'])) {
$errMsg['userName'] = formatErrorMsg($_SESSION['text']['login']['usernameexist']);
$this->validate->flagErr = true;
}
}
if ($userInfo['email'] != $userInfo['oldEmail']) {
if ($this->__checkEmail($userInfo['email'])) {
$errMsg['email'] = formatErrorMsg($_SESSION['text']['login']['emailexist']);
$this->validate->flagErr = true;
}
}
if (!$this->validate->flagErr) {
$sql = "update users set\r\n\t\t\t\t\t\tusername = '******'userName']) . "',\r\n\t\t\t\t\t\tfirst_name = '" . addslashes($userInfo['firstName']) . "',\r\n\t\t\t\t\t\tlast_name = '" . addslashes($userInfo['lastName']) . "',\r\n\t\t\t\t\t\t{$passStr}\r\n\t\t\t\t\t\temail = '" . addslashes($userInfo['email']) . "'\r\n\t\t\t\t\t\twhere id={$userId}";
$this->db->query($sql);
$this->set('msg', $this->spTextUser['Saved My Profile Details']);
$this->showMyProfile();
exit;
}
}
$this->set('errMsg', $errMsg);
$this->showMyProfile($userInfo);
}
<legend><?php
echo $legend;
?>
</legend>
<label>Title
<input type="text" value="<?php
echo htmlentities($title);
?>
" name="title" maxlength="150" />
</label>
<label>Image
<input type="file" name="image">
</label>
<label>Entry
<textarea name="entry" cols="45" rows="10"><?php
echo sanitizeData($entry);
?>
</textarea>
</label>
<input type="hidden" name="id" value="<?php
echo $id;
?>
">
<input type="hidden" name="page" value="<?php
echo $page;
?>
" />
<input type="submit" name="submit" value="Save Entry" />
<input type="submit" name="submit" value="Cancel" />
</fieldset>
</form>
include_once SP_CTRLPATH . "/proxy.ctrl.php";
$controller = new ProxyController();
$controller->view->menu = 'adminpanel';
$controller->layout = 'ajax';
$controller->set('spTextPanel', $controller->getLanguageTexts('panel', $_SESSION['lang_code']));
$controller->spTextProxy = $controller->getLanguageTexts('proxy', $_SESSION['lang_code']);
$controller->set('spTextProxy', $controller->spTextProxy);
$controller->set('spTextSA', $controller->getLanguageTexts('siteauditor', $_SESSION['lang_code']));
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
switch ($_POST['sec']) {
case "create":
$_POST = sanitizeData($_POST, true, true);
$controller->createProxy($_POST);
break;
case "update":
$_POST = sanitizeData($_POST, true, true);
$controller->updateProxy($_POST);
break;
case "activateall":
if (!empty($_POST['ids'])) {
foreach ($_POST['ids'] as $id) {
$controller->__changeStatus($id, 1);
}
}
$controller->listProxy($_POST);
break;
case "inactivateall":
if (!empty($_POST['ids'])) {
foreach ($_POST['ids'] as $id) {
$controller->__changeStatus($id, 0);
}
function showDirectoryManager($info = '')
{
$info = sanitizeData($info);
$info['stscheck'] = isset($info['stscheck']) ? intval($info['stscheck']) : 1;
$capcheck = isset($info['capcheck']) ? $info['capcheck'] == 'yes' ? 1 : 0 : "";
$sql = "SELECT *,l.lang_name FROM directories d,languages l where d.lang_code=l.lang_code and working='{$info['stscheck']}'";
if (!empty($info['dir_name'])) {
$sql .= " and domain like '%" . addslashes($info['dir_name']) . "%'";
}
if ($info['capcheck'] != '') {
$sql .= " and is_captcha='{$capcheck}'";
}
if (isset($info['google_pagerank']) && $info['google_pagerank'] != '') {
$sql .= " and google_pagerank='" . intval($info['google_pagerank']) . "'";
}
if (!empty($info['langcode'])) {
$info['lang_code'] = $info['langcode'];
}
if (!empty($info['lang_code'])) {
$sql .= " and d.lang_code='" . addslashes($info['lang_code']) . "'";
}
$sql .= " order by id";
# pagination setup
$this->db->query($sql, true);
$this->paging->setDivClass('pagingdiv');
$this->paging->loadPaging($this->db->noRows, SP_PAGINGNO);
$pageScriptPath = 'directories.php?sec=directorymgr&dir_name=' . urlencode($info['dir_name']) . "&stscheck={$info['stscheck']}&capcheck=" . $info['capcheck'];
$pageScriptPath .= "&google_pagerank=" . $info['google_pagerank'] . "&langcode=" . $info['lang_code'];
$pagingDiv = $this->paging->printPages($pageScriptPath);
$this->set('pagingDiv', $pagingDiv);
$sql .= " limit " . $this->paging->start . "," . $this->paging->per_page;
$statusList = array($_SESSION['text']['common']['Active'] => 1, $_SESSION['text']['common']['Inactive'] => 0);
$captchaList = array($_SESSION['text']['common']['Yes'] => 'yes', $_SESSION['text']['common']['No'] => 'no');
$langCtrler = new LanguageController();
$langList = $langCtrler->__getAllLanguages();
$this->set('langList', $langList);
$this->set('statusList', $statusList);
$this->set('captchaList', $captchaList);
$dirList = $this->db->select($sql);
$this->set('list', $dirList);
$this->set('info', $info);
$this->set('ctrler', $this);
$this->render('directory/list');
}
$response['message'] = 'Not logged in.';
$response['status'] = 401;
echo json_encode($response);
die;
}
session_write_close();
if (array_key_exists('action', $_GET) && $_GET['action'] == 'getMaxExecutionTime') {
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 60) . " GMT");
header_remove("Pragma");
$response['status'] = 200;
$response['message'] = 'OK';
$response['results'] = array('max_execution_time' => ini_get('max_execution_time'));
echo json_encode($response);
die;
}
$sanitizedData = sanitizeData($requestData);
$sanitizedData['fields'] = mapFields($requestData['fields']);
$fieldsArray = $sanitizedData['fields'];
$sanitizedData['fields'] = serializeFields($sanitizedData['fields']);
$fieldsSerialized = $sanitizedData['fields'];
$sanitizedData = addTimestamps($sanitizedData);
try {
$resultDataset = array();
$jobTable = Doctrine_Core::getTable('WPTJob');
foreach ($sanitizedData['job_id'] as $key => $jobId) {
$job = $jobTable->find($jobId);
$resultDataset[$jobId] = getGraphData($jobId, $sanitizedData['startTimestamp'], $sanitizedData['endTimestamp'], $sanitizedData['percentile'], $sanitizedData['trimAbove'], $sanitizedData['adjustUsing'], $sanitizedData['trimBelow'], $sanitizedData['todStartHour'], $sanitizedData['todEndHour'], $fieldsSerialized);
$resultDataset[$jobId] = array('jobId' => $job['Id'], 'jobName' => $job['Label'], 'dataSet' => getResultsDataAvgMod($sanitizedData['startTimestamp'], $sanitizedData['endTimestamp'], $sanitizedData['interval'], $resultDataset[$jobId], $fieldsArray, $sanitizedData['aggregateMethod']));
}
$response['status'] = 200;
$response['message'] = 'OK';
include_once 'firephp/0.3.2/fb.php';
include_once 'utils.inc';
include_once 'jash/functions.inc';
header('Content-Type: application/json');
header('Cache-Control: public', TRUE);
$requestData = $_GET;
$response = array('status' => null, 'message' => null, 'results' => null);
if (null === ($userId = getCurrentUserId())) {
$response['message'] = 'Not logged in.';
$response['status'] = 401;
echo json_encode($response);
die;
}
session_write_close();
try {
$requestDataSanitized = sanitizeData($requestData);
$requestDataSanitized = addTimestamps($requestDataSanitized);
$bucketWidth = $requestDataSanitized['width'];
if (!is_array($requestData['field'])) {
$requestData['field'] = array($requestData['field']);
}
$jobTable = Doctrine_Core::getTable('WPTJob');
$job = $jobTable->find($requestDataSanitized['job']);
$jobLabel = $job['Label'];
$fields = array();
foreach ($requestData['field'] as $key => $fieldName) {
$fields[] = mapMetricFieldForm2Db($fieldName);
}
$result = array();
$minBucket = null;
$maxBucket = null;
