コード例 #1
0
ファイル: companycargo.php プロジェクト: Bakyenga/kyengs
 function index()
 {
     security($this);
     $this->session->set_userdata('page_title', 'Companydrivers');
     $data['userdetails'] = $this->session->userdata('alluserdata');
     $this->load->view('userprofile/dashboard', $data);
 }
コード例 #2
0
ファイル: catalog.php プロジェクト: adrianha/Rafa-Server
 function __construct()
 {
     parent::Controller();
     $this->load->helper('kernel');
     $this->username = security($_REQUEST);
     $this->load->database();
 }
コード例 #3
0
ファイル: payments.php プロジェクト: Bakyenga/kyengs
 function save_step1()
 {
     security($this);
     $urldata = $this->uri->uri_to_assoc(4, array('m', 'action'));
     $data = assign_to_data($urldata);
     # If a file has been uploaded, and there are no errors process it before continuing
     if (trim($_FILES['cashierphoto']['name']) != '' && $_FILES['cashierphoto']['error'] == '' && $this->input->post('editid')) {
         #The file name
         $file_stamp = 'cashierphoto' . $_POST['editid'];
         # Upload the file and return the results of the upload
         $processing_results = $this->acravfile->perfom_file_upload($this->libfileobj, $_FILES['cashierphoto'], $file_stamp, UPLOAD_DIRECTORY, $this->session->userdata('local_allowed_extensions'));
         $_FILES['cashierphoto']['error'] = $processing_results['errors'];
         # Will be saved in the database as the event's document file name
         $_POST['cashierphoto'] = $processing_results['filename'];
     }
     # Display appropriate message based on the results
     if ($this->input->post('save') && $this->process_form_data($urldata, $_POST, 'save')) {
         $data['msg'] = "The payment data was successfully saved.";
     } else {
         # For each error to be displayed as an error, it should start with "ERROR:"
         $data['msg'] = "ERROR: The payment data was not saved or may not be saved correctly. Please contact your administrator.";
     }
     $data['action'] = 'view';
     $data['id'] = $this->input->post('editid');
     # User is updating the company payment data
     if (isset($data['id'])) {
         $data['paymentdetails'] = $this->Query_reader->get_row_as_array('pick_payment_by_company_id', array('companyid' => $data['id']));
     }
     $this->load->view('companyprofile/managepayments', $data);
 }
コード例 #4
0
 /**
  * POST | This handles the registration with validation.
  *
  * @return mixed
  */
 public function storeRegistrationForm()
 {
     $inputs = request()->get();
     $validator = new RegistrationValidator();
     $validation = $validator->validate($inputs);
     if (count($validation)) {
         session()->set('input', $inputs);
         return redirect()->to(url()->previous())->withError(RegistrationValidator::toHtml($validation));
     }
     $token = bin2hex(random_bytes(100));
     $connection = db()->connection();
     try {
         $connection->begin();
         $user = new User();
         $success = $user->create(['email' => $inputs['email'], 'password' => security()->hash($inputs['password']), 'token' => $token]);
         if ($success === false) {
             throw new Exception('It seems we can\'t create an account, ' . 'please check your access credentials!');
         }
         queue(\Components\Queue\Email::class, ['function' => 'registeredSender', 'template' => 'emails.registered-inlined', 'to' => $inputs['email'], 'url' => route('activateUser', ['token' => $token]), 'subject' => 'You are now registered, activation is required.']);
         $connection->commit();
     } catch (TransactionFailed $e) {
         $connection->rollback();
         throw $e;
     } catch (Exception $e) {
         $connection->rollback();
         throw $e;
     }
     return redirect()->to(route('showLoginForm'))->withSuccess(lang()->get('responses/register.creation_success'));
 }
コード例 #5
0
ファイル: companydrivers.php プロジェクト: Bakyenga/kyengs
 function manage_drivers()
 {
     security($this, 'isadmin');
     $urldata = $this->uri->uri_to_assoc(4, array('action'));
     $data = assign_to_data($urldata);
     $this->load->view('userprofile/drivers', $data);
 }
コード例 #6
0
 public function testHelpersFacade()
 {
     $this->assertInstanceOf(\Clarity\Support\Auth\Auth::class, auth());
     $this->assertInstanceOf(\Phalcon\Config::class, config());
     $this->assertInstanceOf(\Phalcon\Mvc\Dispatcher::class, dispatcher());
     $this->assertInstanceOf(\Phalcon\Filter::class, filter());
     $this->assertInstanceOf(\Phalcon\Flash\Direct::class, flash()->direct());
     $this->assertInstanceOf(\Phalcon\Flash\Session::class, flash()->session());
     $this->assertInstanceOf(\League\Flysystem\Filesystem::class, flysystem());
     $this->assertInstanceOf(\League\Flysystem\MountManager::class, flysystem_manager());
     $this->assertInstanceOf(\Clarity\Support\Redirect\Redirect::class, redirect());
     $this->assertInstanceOf(\Clarity\Support\Phalcon\Http\Request::class, request());
     $this->assertInstanceOf(\Phalcon\Http\Response::class, response());
     $this->assertInstanceOf(\Phalcon\Mvc\Router::class, route());
     $this->assertInstanceOf(\Phalcon\Security::class, security());
     $this->assertInstanceOf(\Phalcon\Tag::class, tag());
     $this->assertInstanceOf(\Phalcon\Mvc\Url::class, url());
     $this->assertInstanceOf(\Phalcon\Mvc\View::class, view());
     # getting an error, will check later on
     $this->assertInstanceOf(\Monolog\Logger::class, logger());
     # adapter base functions
     // $this->assertInstanceOf(, cache());
     // $this->assertInstanceOf(, db());
     // $this->assertInstanceOf(, queue());
     // $this->assertInstanceOf(, session());
     $this->assertContains(url()->getBaseUri() . 'auth/login', route('showLoginForm'));
     $this->assertInstanceOf(\Phalcon\Mvc\View::class, view('welcome'));
 }
コード例 #7
0
ファイル: users.php プロジェクト: Bakyenga/kyengs
 function Users()
 {
     parent::Controller();
     security($this);
     $this->session->set_userdata('page_title', 'Company Profile');
     $this->load->model('reminder');
     #this->load->model('reminder');
     security($this);
 }
コード例 #8
0
ファイル: CSRF.php プロジェクト: phalconslayer/slayer
 public function execute($request, callable $next)
 {
     if ($request->isPost()) {
         if (security()->checkToken() === false) {
             # throw exception or redirect the user
             # or render a content using
             # View::take(<resources.view>);exit;
             throw new AccessNotAllowedException('Token mismatch, what are you doing?');
         }
     }
     return $next($request);
 }
コード例 #9
0
 function music_upload($file_name, &$space_left)
 {
     global $database, $url, $user;
     // SET KEY VARIABLES
     $file_maxsize = $user->level_info['level_music_maxsize'];
     $file_exts = explode(",", str_replace(" ", "", strtolower($user->level_info['level_music_exts'])));
     $file_types = explode(",", str_replace(" ", "", strtolower($user->level_info['level_music_mimes'])));
     $new_music = new se_upload();
     $new_music->new_upload($file_name, $file_maxsize, $file_exts, $file_types);
     // CHECK SPACE LEFT
     if ($new_music->file_size > $space_left) {
         $new_music->is_error = 4000087;
     } else {
         $space_left = $space_left - $file_filesize;
     }
     if (!$new_music->is_error) {
         // GENERATE TITLE
         $myId3 = new ID3($file_dest);
         if ($myId3->getInfo()) {
             $id3_artist = trim($myId3->getArtist());
             $id3_title = trim($myId3->getTitle());
             if ($id3_artist && $id3_title) {
                 $music_title = $id3_artist . ' - ' . $id3_title;
             }
         }
         if (!trim($music_title)) {
             $music_title = $new_music->file_name;
         }
         $music_title = security(censor($music_title));
         // INSERT ROW INTO MUSIC TABLE
         $time = time();
         $track_num = $database->database_fetch_array($database->database_query("SELECT music_track_num as track FROM se_music WHERE music_user_id = '{$this->user_id}' ORDER BY music_track_num DESC LIMIT 1"));
         $track_num = $track_num['track'] + 1;
         $database->database_query("\r\n        INSERT INTO se_music\r\n        (\r\n          music_user_id,\r\n          music_track_num,\r\n          music_date,\r\n          music_title,\r\n          music_ext,\r\n          music_filesize\r\n        )\r\n        VALUES\r\n        (\r\n          '{$this->user_id}',\r\n          '{$track_num}',\r\n          '{$time}',\r\n          '{$music_title}',\r\n          '{$new_music->file_ext}',\r\n          '{$new_music->file_size}'\r\n        )\r\n      ");
         $music_id = $database->database_insert_id();
         // MOVE UPLOADED FILE
         $file_dest = $url->url_userdir($user->user_info[user_id]) . $music_id . "." . $new_music->file_ext;
         $new_music->upload_file($file_dest);
     }
     // RETURN AND DELETE FROM DATABASE IF ERROR
     if ($new_music->is_error) {
         if ($music_id) {
             $database->database_query("DELETE FROM se_music WHERE music_id='{$music_id}' && music_user_id='{$this->user_id}'");
         }
         if ($file_dest) {
             @unlink($file_dest);
         }
         return array('is_error' => $new_music->is_error);
     }
     // RETURN FILE STATS
     return array('music_id' => $music_id, 'music_ext' => $new_music->file_ext, 'music_filesize' => $new_music->file_size, 'music_title' => $music_title);
 }
コード例 #10
0
ファイル: companyusers.php プロジェクト: Bakyenga/kyengs
 function Companyusers()
 {
     parent::Controller();
     $this->load->library('form_validation');
     $this->session->set_userdata('system', 'settings');
     $this->session->set_userdata('page_title', 'Company Users');
     $this->load->model('reminder');
     $this->load->model('email_handler');
     $this->load->model('users', 'user1');
     //$this->load->library('My_Email');
     //$this->load->library('email');
     security($this);
 }
コード例 #11
0
ファイル: bidsReceived.php プロジェクト: Bakyenga/kyengs
 function selectWinner()
 {
     security($this);
     $data['userdetails'] = $this->session->userdata('alluserdata');
     #split posted value to get bid_reply_id and winner company_id
     $post_dets = explode("_", $_POST['chosen']);
     $bid_reply_id = $post_dets[0];
     $company_id = $post_dets[1];
     $posted_by = $post_dets[2];
     #get bid_request company for email purposes
     $this->db->where('bid_request_id', $_POST['bid_request']);
     $result = $this->db->get('company_bid_requests');
     $data['bid_request_info'] = $result->result_array();
     #get winner company details
     $this->db->where('id', $company_id);
     $result = $this->db->get('company');
     $data['company_info'] = $result->result_array();
     #email contents
     $email_details = array("company" => $data['company_info'][0]['companyname'], "bid_title" => $_POST['bid_title'], "request_company" => $data['bid_request_info'][0]['companyname']);
     #notify company via email
     $this->email->subject('ACRAV - BID SUCCESS CONFIRMATION');
     $this->email->message($this->generate_bid_winner_email($email_details));
     $this->email->from("*****@*****.**", 'administator');
     $this->email->to($data['company_info'][0]['emailaddress']);
     #associative array for update statement
     $setWinner = array("bid_winner" => 1);
     #execute update query and notify winner via email
     $this->db->where('reply_id', $bid_reply_id);
     if ($this->db->update('bid_replies', $setWinner)) {
         #send user system notification
         $msgTitle = "Bid Confirmation for " . $_POST['bid_title'];
         $userid = $data['userdetails']['userid'];
         $company_id = $data['userdetails']['compid']['id'];
         $noticeDetails = array("to_company_id" => $company_id, "from_company_id" => $company_id, "title" => $msgTitle, "content" => $this->generate_bid_winner_notice($email_details), "to_employee" => $posted_by, "from_employee" => $userid, "bid_reply_id" => $bid_reply_id, "bid_request_id" => $_POST['bid_request'], "notice_type" => "1");
         $submit_query = $this->Query_reader->db_submit_array($noticeDetails, "notices");
         $this->db->query($submit_query);
         #notify winner via email
         if ($this->email->send()) {
             $data['msg'] = $data['company_info'][0]['companyname'] . " has been selected as the winner of this bid and has been notified via email.";
         } else {
             $data['msg'] = $data['company_info'][0]['companyname'] . " has been selected as the winner of this bid but an Error occurred while sending the notification email.";
         }
     } else {
         #Query failed to execute
         $data['msg'] = "ERROR : An error occured while executing the query. Please try again.";
     }
     $data['curPage'] = 'bids';
     $this->load->view('companybids/bidwinner', $data);
 }
コード例 #12
0
ファイル: companyprofile.php プロジェクト: Bakyenga/kyengs
 function index()
 {
     security($this);
     $data['userdetails'] = $this->session->userdata('alluserdata');
     $query = $this->Query_reader->get_query_by_code('pick_company_info', array('id' => $this->userdata['companyid']));
     $result = $this->db->query($query);
     $company = $result->result_array();
     $data['company_details'] = $company[0];
     $this->db->where('to_employee', $data['userdetails']['userid']);
     $this->db->where('has_read', '0');
     $notices = $this->db->get('notice_details');
     $data['count_notices'] = $notices->num_rows();
     $data['notice_details'] = $notices->result_array();
     $data['curPage'] = 'company';
     $this->load->view('userprofile/register', $data);
 }
コード例 #13
0
ファイル: invitebids.php プロジェクト: Bakyenga/kyengs
 function index()
 {
     security($this);
     $data['userdetails'] = $this->session->userdata('alluserdata');
     #get company cargo
     $this->db->where('company_id', $data['userdetails']['companyid']);
     $result = $this->db->get('containers');
     $data['company_cargo'] = $result->result_array();
     $this->db->where('to_employee', $data['userdetails']['userid']);
     $this->db->where('has_read', '0');
     $notices = $this->db->get('notice_details');
     $data['count_notices'] = $notices->num_rows();
     $data['notice_details'] = $notices->result_array();
     $data['curPage'] = 'bids';
     $this->load->view('userjobs/invitebids', $data);
 }
コード例 #14
0
ファイル: myBids.php プロジェクト: Bakyenga/kyengs
 function newBid()
 {
     security($this);
     $data['userdetails'] = $this->session->userdata('alluserdata');
     $this->db->where('bid_request_id', $this->uri->segment(4));
     $result = $this->db->get('company_bid_requests');
     $data['returned'] = $result->num_rows();
     $data['job_data'] = $result->result_array();
     #get bid replies to help checking if current company previously made a bid for this job
     $sql = 'select companyname from company_bid_requests where bid_request_id =' . $this->uri->segment(4) . ' and company_id = ' . $data['userdetails']['companyid'];
     $bid_replies_result = $this->db->query($sql);
     #company should not respond to its own bid request
     if ($data['userdetails']['companyid'] == $data['job_data'][0]['id']) {
         $data['msg'] = "ERROR : You are not allowed to submit a bid for your own bid request";
         #check if user has previously made a bid for this job
     } elseif ($bid_replies_result) {
         $data['msg'] = "ERROR : You are not allowed to bid MORE THAN ONCE for your a Job.";
     }
     $this->load->view('companybids/submitBids', $data);
 }
コード例 #15
0
ファイル: index.php プロジェクト: blackchat/BitcoinExchange
$Buying_Rate = buyrate($BTE);
$Selling_Rate = sellrate($BTE);
if (!$Buying_Rate) {
    $Buying_Rate = '0';
}
if (!$Selling_Rate) {
    $Selling_Rate = '0';
}
$login_attempts = $_SESSION['login_attempts'];
if (!$login_attempts) {
    $_SESSION['login_attempts'] = 0;
}
$myusername = security($_POST['username']);
$mypassword = security($_POST['password']);
$myrepeat = security($_POST['repeat']);
$form_action = security($_POST['action']);
if ($form_action == "login") {
    $_SESSION['login_attempts'] = $login_attempts + 1;
    if ($login_attempts <= 5) {
        if ($myusername) {
            if ($mypassword) {
                $mypassword2 = md5($mypassword);
                $sql = "SELECT * FROM users WHERE username='******'";
                $result = mysql_query($sql);
                $count = mysql_num_rows($result);
                if ($count == 1) {
                    $Pass_Query = mysql_query("SELECT * FROM users WHERE username='******'");
                    while ($Pass_Row = mysql_fetch_assoc($Pass_Query)) {
                        $db_Login_Pass_Check = $Pass_Row['password'];
                        if ($mypassword2 == $db_Login_Pass_Check) {
                            $return_error = "Logged in.";
コード例 #16
0
                        }
                    } else {
                        $Trade_Message = 'System error.';
                    }
                } else {
                    $Trade_Message = 'Illegal Operation.';
                }
            } else {
                $Trade_Message = 'Illegal Operation.';
            }
        }
    }
}
$PST_Order_Action = security($_POST['order-action']);
$PST_Order_Amount = security($_POST['order-amount']);
$PST_Order_Rate = security($_POST['order-rate']);
if ($PST_Order_Action == "buy") {
    if ($PST_Order_Amount) {
        if ($PST_Order_Rate) {
            $PST_Order_Amount = satoshitrim(satoshitize($PST_Order_Amount));
            $PST_Order_Rate = satoshitrim(satoshitize($PST_Order_Rate));
            $PST_Order_Sub_Total = $PST_Order_Amount * $PST_Order_Rate;
            $PST_Order_Sub_Total = satoshitrim(satoshitize($PST_Order_Sub_Total));
            if ($PST_Order_Sub_Total <= $Coin_A_Balance) {
                if ($PST_Order_Sub_Total >= "0.00001") {
                    if ($PST_Order_Sub_Total != 0) {
                        if ($Selling_Rate >= $PST_Order_Rate) {
                            if ($Selling_Rate === $PST_Order_Rate) {
                                $Query = mysql_query("SELECT id, username, amount, rate FROM sell_orderbook WHERE want='{$BTC}' and processed='1' and trade_id = '" . $my_coins->getTradeId() . "' AND trade_with = '{$BTCRYX}' ORDER BY rate DESC LIMIT 1");
                                while ($Row = mysql_fetch_assoc($Query)) {
                                    $CURR_Selling_ID = $Row['id'];
コード例 #17
0
<?php

require "../coinapi_private/data.php";
$getaction = security($_POST['action']);
if (!isset($_SESSION['apiidentity'])) {
    die("n/a");
}
if (isset($_SESSION['apiidentity'])) {
    $EMAIL_INDENT = security($_SESSION['apiidentity']);
    $Query = mysql_query("SELECT email FROM accounts WHERE email='{$EMAIL_INDENT}'");
    if (mysql_num_rows($Query) == 0) {
        die("n/a");
    }
}
if (isset($_POST['speak'])) {
    $speak = security($_POST['speak']);
    if ($speak != "") {
        if ($udb_chathandle) {
            $sql = mysql_query("INSERT INTO chat (id,date,ip,email,username,message,status) VALUES ('','{$date}','{$ip}','{$udb_email}','{$udb_chathandle}','{$speak}','viewable')");
        }
    }
}
コード例 #18
0
ファイル: init.php プロジェクト: nekleenov/sampucp
function changepasswd($changepasswd, $username, $password1, $password2)
{
    global $db;
    global $lang_error;
    $password1 = security($password1);
    $password2 = security($password2);
    if ($changepasswd) {
        if (!$password1 and !$password2) {
            $info = '<div class="alert alert-error" style="margin:0px;"><strong>' . $lang_error['all_info'] . '</strong><br>' . $lang_error['err_01.8'] . '</div>';
            return $info;
        }
        if ($password1 != $password2) {
            $info = '<div class="alert alert-error" style="margin:0px;"><strong>' . $lang_error['all_info'] . '</strong><br>' . $lang_error['err_01.6'] . '</div>';
            return $info;
        }
        if (!preg_match('/^[a-zA-Z0-9]+$/', $password1)) {
            $info = '<div class="alert alert-error" style="margin:0px;"><strong>' . $lang_error['all_info'] . '</strong><br>' . $lang_error['err_01.7'] . '</div>';
            return $info;
        }
        if (strlen($password1) < 6 or strlen($password1) > 15) {
            $info = '<div class="alert alert-error" style="margin:0px;"><strong>' . $lang_error['all_info'] . '</strong><br>' . $lang_error['err_01.8'] . '</div>';
            return $info;
        }
        $sql = $db->query("SELECT * FROM accounts WHERE Name='{$username}'") or die(mysql_error());
        if ($row = $db->fetch_assoc($sql)) {
            $db->query("UPDATE accounts SET pPodarok1 = '0' WHERE Name = '{$username}'") or die(mysql_error());
            $db->query("UPDATE accounts SET pKey = '{$password1}' WHERE Name = '{$username}'") or die(mysql_error());
            $_SESSION['username'] = $row['Name'];
            $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
            $_SESSION['info'] = "changepasswd_ok";
            header("Location: http://" . $_SERVER['HTTP_HOST'] . "/index.php?do=main");
            //$info = '<div class="alert alert-success" style="margin:0px;"><strong>'.$lang_error['all_info'].'</strong><br>'.$lang_error['all_yes'].'</div>';
            //return $info;
        } else {
            $info = '<div class="alert alert-error" style="margin:0px;"><strong>' . $lang_error['all_info'] . '</strong><br>That has happened, contact the administration.</div>';
            return $info;
        }
    }
}
コード例 #19
0
<?php

session_start();
error_reporting(0);
require_once 'auth.php';
if ($Logged_In !== 7) {
    header("Location: index.php");
}
$withdraw_withdraw = security($_POST['action']);
$withdraw_amount = security($_POST['amount']);
$withdraw_address = security($_POST['address']);
$iid = security($_POST['iid']);
if (!$iid) {
    $my_coins->setSelectInstanceId($my_coins->getCoinsInstanceId());
} else {
    if ($iid != $my_coins->getSelectInstanceId()) {
        header("Location: home.php");
    }
}
$iid = $my_coins->getSelectInstanceId();
$cid = $my_coins->getCoinsSelectInstanceId() + 1;
if ($withdraw_withdraw == "withdraw") {
    if ($withdraw_address) {
        if ($withdraw_amount) {
            $withdraw_amount = satoshitize($withdraw_amount);
            if ($withdraw_amount <= $Bitcrystald_Balance[$iid]) {
                $fee = $my_coins->coins[$my_coins->coins_names[$cid]]["fee"];
                $FEEBEE = $my_coins->coins[$my_coins->coins_names[$cid]]["FEEBEE"];
                $set_withdraw_amount = $withdraw_amount - $fee;
                // minus the fee
                $true_withdraw_amount = satoshitize($set_withdraw_amount);
コード例 #20
0
ファイル: admin_header.php プロジェクト: amitjoy/nitd-network
    include_once "include/jsonrpc/json_extension_api.inc";
}
// INITIATE DATABASE CONNECTION
$database =& SEDatabase::getInstance();
// Use this line if you changed the way database connection is loaded
//$database = new se_database($database_host, $database_username, $database_password, $database_name);
// SET LANGUAGE CHARSET
$database->database_set_charset(SE_Language::info('charset'));
// GET SETTINGS
$setting = $database->database_fetch_assoc($database->database_query("SELECT * FROM se_settings LIMIT 1"));
// Instantiate caching object
$cache_object = SECache::getInstance();
// ENSURE NO SQL INJECTIONS THROUGH POST OR GET ARRAYS
$_POST = security($_POST);
$_GET = security($_GET);
$_COOKIE = security($_COOKIE);
// CREATE SESSION
$session_options = @unserialize($setting['setting_session_options']);
if (!empty($session_options)) {
    if (!empty($session_options['storage'])) {
        Configure::write('Session.save', $session_options['storage']);
    }
    if (!empty($session_options['name'])) {
        Configure::write('Session.cookie', $session_options['name']);
    }
    if (!empty($session_options['expire'])) {
        Configure::write('Session.timeout', $session_options['expire']);
    }
}
$session =& SESession::getInstance(null, true);
$session->engine(@$session_options['storage'], $session_options);
コード例 #21
0
<?php

require "../coinapi_private/data.php";
$getaction = security($_POST['action']);
if (!isset($_SESSION['apiidentity'])) {
    die("n/a");
}
if (isset($_SESSION['apiidentity'])) {
    $EMAIL_INDENT = security($_SESSION['apiidentity']);
    $Query = mysql_query("SELECT email FROM accounts WHERE email='{$EMAIL_INDENT}'");
    if (mysql_num_rows($Query) == 0) {
        die("n/a");
    }
}
if (isset($_POST['speakprivate'])) {
    $speak = security($_POST['speakprivate']);
    $to = security($_POST['to']);
    if ($speak != "") {
        if ($udb_chathandle) {
            if ($to) {
                $sql = mysql_query("INSERT INTO privatechat (id,date,ip,email,username,room,message,status) VALUES ('','{$date}','{$ip}','{$udb_email}','{$udb_chathandle}','{$to}','{$speak}','viewable')");
            }
        }
    }
}
コード例 #22
0
<?php

$rq = true;
require './system/system_config.php';
if (isUser($config_db_accounts) === true) {
    header("Location: live.php");
}
$msg = '';
if (isset($_POST['submit'])) {
    if (!isset($_POST['email'])) {
        $msg = 'No email entered!';
    } elseif (!isset($_POST['password'])) {
        $msg = 'No password entered!';
    } else {
        $email = security($_POST['email']);
        $password = encrypy(security($_POST['password']));
        $Function_Query1 = mysql_query("SELECT email, password FROM {$config_db_accounts} WHERE email='{$email}' and password='******'");
        $Function_Query2 = mysql_query("SELECT email, password, status FROM {$config_db_accounts} WHERE email='{$email}' and password='******' and status='1'");
        if (validate_email($email) !== true) {
            $msg = 'Invalid email entered!';
        } elseif (mysql_num_rows($Function_Query1) !== 1) {
            $msg = 'Invalid login credentials!';
        } elseif (mysql_num_rows($Function_Query2) !== 1) {
            $msg = 'Account is disabled!';
        } else {
            $_SESSION['pu'] = $email;
            $msg = 'Logged in successfully.
                 <script type="text/javascript">
                    window.location = "live.php";
                    function relayer() {
                       window.location = "live.php";
コード例 #23
0
ファイル: sqli-protection.php プロジェクト: exluap/meteor
<?php

//SQLi Protection
$table = $prefix . 'sqli-settings';
@($query = mysqli_query($connect, "SELECT * FROM `{$table}`"));
@($row = mysqli_fetch_assoc($query));
if ($row['protection'] == "Yes") {
    //Santization of all fileds and requests
    $_GET = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
    $_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
    $table2 = $prefix . 'sqli-patterns';
    @($query2 = mysqli_query($connect, "SELECT * FROM `{$table2}`"));
    while ($row2 = mysqli_fetch_array($query2, MYSQL_ASSOC)) {
        @($string = $_SERVER['QUERY_STRING']);
        if (strpos(strtolower($string), $row2['pattern']) !== false) {
            $attacked_page = security('' . $page . '?' . $string . '');
            $type = "SQLi";
            //AutoBan
            if ($row['autoban'] == "Yes") {
                $autoban = 'Yes';
                $btable = $prefix . 'bans';
                @($bansvalid = mysqli_query($connect, "SELECT * FROM `{$btable}` WHERE ip='{$ip}' LIMIT 1"));
                @($bansvalidator = mysqli_num_rows($bansvalid));
                if ($bansvalidator <= "0") {
                    $log = mysqli_query($connect, "INSERT INTO `{$btable}` (ip, date, time, reason, autoban) VALUES ('{$ip}', '{$date}', '{$time}', '{$type}', 'Yes')");
                }
            }
            $autoban = 'No';
            //Logging the Attack
            if ($row['logging'] == "Yes") {
                $ltable = $prefix . 'logs';
コード例 #24
0
<?php

require "../coinapi_private/data.php";
if ($udb_email) {
    $pm_handle = security($_POST['handle']);
    $pm_rand = rand(100, 999);
    $im_name = $pm_handle . $pm_rand;
    $sql = mysql_query("INSERT INTO newims (id,date,ip,email,username,room,handle,status) VALUES ('','{$date}','{$ip}','{$udb_email}','{$udb_chathandle}','{$im_name}','{$pm_handle}','waiting')");
    echo '<script type="text/javascript">
            $(\'#' . $im_name . 'privatechatter\').submit(function() {
               $.ajax({
                  data: $(this).serialize(),
                  type: $(this).attr(\'method\'),
                  url: $(this).attr(\'action\'),
                  success: function(response) {
                     $(\'#' . $im_name . 'speakprivate\').val(\'\');
                  }
               });
               return false;
            });
            setTimeout(function() {
               $("#' . $im_name . 'privatechatroom").load("ajax_chatroom_private.php?to=' . $im_name . '");
               $(\'#' . $im_name . 'privatechatroom\').scrollTop($(\'#' . $im_name . 'privatechatroom\')[0].scrollHeight);
            }, 500);
            setInterval(function () {
               $("#' . $im_name . 'privatechatroom").load("ajax_chatroom_private.php?to=' . $im_name . '");
               $(\'#' . $im_name . 'privatechatroom\').scrollTop($(\'#' . $im_name . 'privatechatroom\')[0].scrollHeight);
            }, 1500);
            $(function() {
               $("#' . $im_name . '").draggable();
            });
コード例 #25
0
ファイル: postfix.index.php プロジェクト: brucewu16899/1.6.x
function main_switch()
{
    cookies_main();
    //if(GET_CACHED(__FILE__,__FUNCTION__,$_GET["main"])){return;}
    $array["transport_settings"] = '{transport_settings}';
    $array["security_settings"] = '{security_settings}';
    $array["tweaks"] = '{tweaks}';
    if (isset($_GET["ajaxmenu"])) {
        echo "<div id='main_config_postfix'>";
    }
    switch ($_GET["main"]) {
        case "transport_settings":
            $html = Transport_rules_redirect();
            //SET_CACHED(__FILE__,__FUNCTION__,$_GET["main"],$html);
            echo $html;
            break;
        case "transport_settings_rules":
            $html = Transport_rules();
            //SET_CACHED(__FILE__,__FUNCTION__,$_GET["main"],$html);
            echo $html;
            break;
        case "security_settings":
            $html = security();
            SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
            echo $html;
            break;
        case "security2":
            $html = security2();
            SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
            echo $html;
            break;
        case "tweaks":
            $html = tweaks();
            SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
            echo $html;
            break;
        case "filters":
            $html = filters_section();
            SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
            echo $html;
            break;
        case "mailbox":
            $html = mailbox_section();
            SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
            echo $html;
            break;
        case "status":
            $html = status_section();
            SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
            echo $html;
            break;
        case "filters-connect":
            $html = filters_connect_section();
            SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
            echo $html;
            break;
        default:
            $html = Transport_rules();
            SET_CACHED(__FILE__, __FUNCTION__, $_GET["main"], $html);
            echo $html;
            break;
    }
    if (isset($_GET["ajaxmenu"])) {
        echo "</div>";
    }
}
コード例 #26
0
<?php

session_start();
error_reporting(0);
require_once 'jsonRPCClient.php';
require_once 'auth.php';
$ajax_id = security($_GET['id']);
if (!$user_session) {
    $do = "nothing";
} else {
    if ($ajax_id == "pending-deposits") {
        require 'ajax/pending-deposits.php';
    }
    if ($ajax_id == "balances") {
        require 'ajax/balances.php';
    }
}
if ($ajax_id == "buyorders") {
    require 'ajax/buyorders.php';
}
if ($ajax_id == "sellorders") {
    require 'ajax/sellorders.php';
}
if ($ajax_id == "orderspast") {
    require 'ajax/orderspast.php';
}
if ($ajax_id == "orderscancel") {
    require 'ajax/orderscancel.php';
}
if ($ajax_id == "stats") {
    require 'ajax/stats.php';
コード例 #27
0
ファイル: class_field.php プロジェクト: amitjoy/nitd-network
 function field_list($validate = 0, $format = 0, $search = 0, $field_where = "")
 {
     global $database, $datetime, $setting;
     // GET NON DEPENDENT FIELDS IN CAT IF NECESSARY
     $field_count = 0;
     $this->fields = array();
     $field_query = "SELECT " . $this->type . "field_id AS field_id, " . $this->type . "field_order AS field_order, " . $this->type . "field_title AS field_title, " . $this->type . "field_desc AS field_desc, " . $this->type . "field_signup AS field_signup, " . $this->type . "field_error AS field_error, " . $this->type . "field_type AS field_type, " . $this->type . "field_style AS field_style, " . $this->type . "field_maxlength AS field_maxlength, " . $this->type . "field_link AS field_link, " . $this->type . "field_options AS field_options, " . $this->type . "field_required AS field_required, " . $this->type . "field_regex AS field_regex, " . $this->type . "field_special AS field_special, " . $this->type . "field_html AS field_html, " . $this->type . "field_search AS field_search, " . $this->type . "field_display AS field_display FROM se_" . $this->type . "fields WHERE " . $this->type . "field_dependency='0'";
     if ($field_where != "") {
         $field_query .= " AND ({$field_where})";
     }
     $field_query .= " ORDER BY " . $this->type . "field_order";
     $fields = $database->database_query($field_query);
     while ($field_info = $database->database_fetch_assoc($fields)) {
         // SET FIELD VARS
         $is_field_error = 0;
         $field_value = "";
         $field_value_formatted = "";
         $field_value_min = "";
         $field_value_max = "";
         $field_options = array();
         // FIELD TYPE SWITCH
         switch ($field_info[field_type]) {
             case 1:
                 // TEXT FIELD
             // TEXT FIELD
             case 2:
                 // TEXTAREA
                 // VALIDATE POSTED FIELD VALUE
                 if ($validate == 1) {
                     // RETRIEVE POSTED FIELD VALUE AND FILTER FOR ADMIN-SPECIFIED HTML TAGS
                     $var = "field_" . $field_info[field_id];
                     $field_value = security(cleanHTML(censor($_POST[$var]), $field_info[field_html]));
                     if ($field_info[field_type] == 2) {
                         $field_value = str_replace("\r\n", "<br>", $field_value);
                     }
                     // CHECK FOR REQUIRED
                     if ($field_info[field_required] != 0 && trim($field_value) == "") {
                         $this->is_error = 96;
                         $is_field_error = 1;
                     }
                     // RUN PREG MATCH (ONLY FOR TEXT FIELDS)
                     if ($field_info[field_regex] != "" && trim($field_value) != "") {
                         if (!preg_match($field_info[field_regex], $field_value)) {
                             $this->is_error = 97;
                             $is_field_error = 1;
                         }
                     }
                     // UPDATE SAVE VALUE QUERY
                     if ($this->field_query != "") {
                         $this->field_query .= ", ";
                     }
                     if ($field_info[field_special] == 2 || $field_info[field_special] == 3) {
                         $field_value = ucwords($field_value);
                     }
                     $this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
                     // CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
                 } elseif ($search == 1) {
                     if ($field_info[field_search] == 2) {
                         $var1 = "field_" . $field_info[field_id] . "_min";
                         if (isset($_POST[$var1])) {
                             $field_value_min = $_POST[$var1];
                         } elseif (isset($_GET[$var1])) {
                             $field_value_min = $_GET[$var1];
                         } else {
                             $field_value_min = "";
                         }
                         $var2 = "field_" . $field_info[field_id] . "_max";
                         if (isset($_POST[$var2])) {
                             $field_value_max = $_POST[$var2];
                         } elseif (isset($_GET[$var2])) {
                             $field_value_max = $_GET[$var2];
                         } else {
                             $field_value_max = "";
                         }
                         if ($field_value_min != "") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']} >= {$field_value_min}";
                             $this->url_string .= $var1 . "=" . urlencode($field_value_min) . "&";
                         }
                         if ($field_value_max != "") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']} <= {$field_value_max}";
                             $this->url_string .= $var2 . "=" . urlencode($field_value_max) . "&";
                         }
                     } elseif ($field_info[field_search] == 1) {
                         $var = "field_" . $field_info[field_id];
                         if (isset($_POST[$var])) {
                             $field_value = $_POST[$var];
                         } elseif (isset($_GET[$var])) {
                             $field_value = $_GET[$var];
                         } else {
                             $field_value = "";
                         }
                         if ($field_value != "") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']} LIKE '%{$field_value}%'";
                             $this->url_string .= $var . "=" . urlencode($field_value) . "&";
                         }
                     } else {
                         $field_value = "";
                     }
                     // DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
                 } else {
                     // RETRIEVE DATABASE FIELD VALUE
                     if ($this->value_info != "") {
                         $value_column = $this->type . "value_" . $field_info[field_id];
                         $field_value = $this->value_info[$value_column];
                     }
                 }
                 // FORMAT VALUE FOR DISPLAY
                 if ($format == 1 && $field_info[field_display] != 0) {
                     // LINK BROWSABLE FIELD VALUES IF NECESSARY
                     if ($field_info[field_display] == 2) {
                         $br_exploded_field_values = explode("<br>", trim($field_value));
                         $exploded_field_values = array();
                         foreach ($br_exploded_field_values as $key => $value) {
                             $comma_exploded_field_values = explode(",", trim($value));
                             array_walk($comma_exploded_field_values, 'link_field_values', array($field_info[field_id], "", $field_info[field_link], $field_info[field_display]));
                             $exploded_field_values[$key] = implode(", ", $comma_exploded_field_values);
                         }
                         $field_value_formatted = implode("<br>", $exploded_field_values);
                         // MAKE SURE TO LINK FIELDS WITH A LINK TAG
                     } else {
                         $exploded_field_values = array(trim($field_value));
                         array_walk($exploded_field_values, 'link_field_values', array($field_info[field_id], "", $field_info[field_link], $field_info[field_display]));
                         $field_value_formatted = implode("", $exploded_field_values);
                     }
                     // DECODE TO MAKE HTML TAGS FOR FIELDS VALID
                     $field_value_formatted = htmlspecialchars_decode($field_value_formatted, ENT_QUOTES);
                     // FORMAT VALUE FOR FORM
                 } else {
                     if ($field_info[field_type] == 1) {
                         $options = unserialize($field_info[field_options]);
                         for ($i = 0, $max = count($options); $i < $max; $i++) {
                             SE_Language::_preload_multi($options[$i][label]);
                             SE_Language::load();
                             $field_options[] = array('label' => SE_Language::_get($options[$i][label]));
                         }
                     }
                     if ($field_info[field_type] == 2) {
                         $field_value = str_replace("<br>", "\r\n", $field_value);
                     }
                 }
                 break;
             case 3:
                 // SELECT BOX
             // SELECT BOX
             case 4:
                 // RADIO BUTTON
                 // VALIDATE POSTED FIELD
                 if ($validate == 1) {
                     // RETRIEVE POSTED FIELD VALUE
                     $var = "field_" . $field_info[field_id];
                     $field_value = censor($_POST[$var]);
                     // CHECK FOR REQUIRED
                     if ($field_info[field_required] != 0 && ($field_value == "-1" || $field_value == "")) {
                         $this->is_error = 96;
                         $is_field_error = 1;
                     }
                     // UPDATE SAVE VALUE QUERY
                     if ($this->field_query != "") {
                         $this->field_query .= ", ";
                     }
                     $this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
                     // CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
                 } elseif ($search == 1) {
                     if ($field_info[field_search] == 2) {
                         $var1 = "field_" . $field_info[field_id] . "_min";
                         if (isset($_POST[$var1])) {
                             $field_value_min = $_POST[$var1];
                         } elseif (isset($_GET[$var1])) {
                             $field_value_min = $_GET[$var1];
                         } else {
                             $field_value_min = "";
                         }
                         $var2 = "field_" . $field_info[field_id] . "_max";
                         if (isset($_POST[$var2])) {
                             $field_value_max = $_POST[$var2];
                         } elseif (isset($_GET[$var2])) {
                             $field_value_max = $_GET[$var2];
                         } else {
                             $field_value_max = "";
                         }
                         if ($field_value_min != "" && $field_value_min != "-1") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']} >= {$field_value_min}";
                             $this->url_string .= $var1 . "=" . urlencode($field_value_min) . "&";
                         }
                         if ($field_value_max != "" && $field_value_max != "-1") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']} <= {$field_value_max}";
                             $this->url_string .= $var2 . "=" . urlencode($field_value_max) . "&";
                         }
                     } elseif ($field_info[field_search] == 1) {
                         $var = "field_" . $field_info[field_id];
                         if (isset($_POST[$var])) {
                             $field_value = $_POST[$var];
                         } elseif (isset($_GET[$var])) {
                             $field_value = $_GET[$var];
                         } else {
                             $field_value = "";
                         }
                         if ($field_value != "-1" && $field_value != "") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
                             $this->url_string .= $var . "=" . urlencode($field_value) . "&";
                         }
                     } else {
                         $field_value = "";
                     }
                     // DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
                 } else {
                     // RETRIEVE DATABASE FIELD VALUE
                     if ($this->value_info != "") {
                         $value_column = $this->type . "value_" . $field_info[field_id];
                         $field_value = $this->value_info[$value_column];
                     }
                 }
                 // LOOP OVER FIELD OPTIONS
                 $options = unserialize($field_info[field_options]);
                 for ($i = 0, $max = count($options); $i < $max; $i++) {
                     $dep_field_info = "";
                     $dep_field_value = "";
                     $dep_field_options = "";
                     // OPTION HAS DEPENDENCY
                     if ($options[$i][dependency] == "1") {
                         $dep_field_query = "SELECT " . $this->type . "field_id AS field_id, " . $this->type . "field_type AS field_type, " . $this->type . "field_title AS field_title, " . $this->type . "field_style AS field_style, " . $this->type . "field_options AS field_options, " . $this->type . "field_maxlength AS field_maxlength, " . $this->type . "field_link AS field_link, " . $this->type . "field_required AS field_required, " . $this->type . "field_regex AS field_regex, " . $this->type . "field_display AS field_display FROM se_" . $this->type . "fields WHERE " . $this->type . "field_id='" . $options[$i][dependent_id] . "' AND " . $this->type . "field_dependency='{$field_info['field_id']}'";
                         $dep_field = $database->database_query($dep_field_query);
                         if ($database->database_num_rows($dep_field) != "1") {
                             $options[$i][dependency] = 0;
                         } else {
                             $dep_field_info = $database->database_fetch_assoc($dep_field);
                             // VALIDATE POSTED FIELD VALUE
                             if ($validate == 1) {
                                 // OPTION SELECTED
                                 if ($field_value == $options[$i][value]) {
                                     $dep_var = "field_" . $dep_field_info[field_id];
                                     $dep_field_value = censor($_POST[$dep_var]);
                                     // DEP FIELD TYPE
                                     switch ($dep_field_info[field_type]) {
                                         // TEXT FIELD
                                         case "1":
                                             // CHECK FOR REQUIRED
                                             if ($dep_field_info[field_required] != 0 && trim($dep_field_value) == "") {
                                                 $this->is_error = 96;
                                                 $is_field_error = 1;
                                             }
                                             // RUN PREG MATCH
                                             if ($dep_field_info[field_regex] != "" && trim($dep_field_value) != "") {
                                                 if (!preg_match($dep_field_info[field_regex], $dep_field_value)) {
                                                     $this->is_error = 97;
                                                     $is_field_error = 1;
                                                 }
                                             }
                                             break;
                                             // SELECT BOX
                                         // SELECT BOX
                                         case "3":
                                             // CHECK FOR REQUIRED
                                             if ($dep_field_info['field_required'] != 0 && ($dep_field_value == "-1" || $dep_field_value == "")) {
                                                 $this->is_error = 96;
                                                 $is_field_error = 1;
                                             }
                                             break;
                                     }
                                     // OPTION NOT SELECTED
                                 } else {
                                     $dep_field_value = "";
                                 }
                                 // UPDATE SAVE VALUE QUERY
                                 if ($this->field_query != "") {
                                     $this->field_query .= ", ";
                                 }
                                 $this->field_query .= $this->type . "value_{$dep_field_info['field_id']}='{$dep_field_value}'";
                                 // DO NOT VALIDATE POSTED FIELD VALUE
                             } else {
                                 // RETRIEVE DATABASE FIELD VALUE
                                 if ($this->value_info != "") {
                                     $value_column = $this->type . "value_" . $dep_field_info[field_id];
                                     $dep_field_value = $this->value_info[$value_column];
                                 }
                             }
                             // RETRIEVE DEP FIELD OPTIONS
                             $dep_options = unserialize($dep_field_info[field_options]);
                             for ($i2 = 0, $max2 = count($dep_options); $i2 < $max2; $i2++) {
                                 SE_Language::_preload($dep_options[$i2][label]);
                                 $dep_field_options[] = array('value' => $dep_options[$i2][value], 'label' => $dep_options[$i2][label]);
                                 if ($dep_options[$i2][value] == $dep_field_value) {
                                     $dep_field_value_formatted = $dep_options[$i2][label];
                                 }
                             }
                         }
                     }
                     // FORMAT VALUE FOR DISPLAY IF OPTION IS SELECTED
                     if ($format == 1 && $field_value == $options[$i][value] && $field_info[field_display] != 0) {
                         SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
                         SE_Language::load();
                         $field_value_formatted = SE_Language::_get($options[$i][label]);
                         // LINK FIELD VALUES IF NECESSARY
                         if ($field_info[field_display] == 2) {
                             link_field_values($field_value_formatted, "", array($field_info[field_id], $options[$i][value], "", $field_info[field_display]));
                         }
                         // ADD DEPENDENT VALUE TO FIELD VALUE
                         if ($dep_field_value != "" && $dep_field_info[field_display] != 0) {
                             if ($dep_field_info[field_type] == 3) {
                                 $dep_field_value_formatted = SE_Language::_get($dep_field_value_formatted);
                             } else {
                                 $dep_field_value_formatted = $dep_field_value;
                             }
                             link_field_values($dep_field_value_formatted, "", array($dep_field_info[field_id], $dep_field_value, $dep_field_info[field_link], $dep_field_info[field_display]));
                             $field_value_formatted .= " " . SE_Language::_get($dep_field_info[field_title]) . " " . $dep_field_value_formatted;
                         }
                     }
                     // SET OPTIONS ARRAY
                     SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
                     $field_options[] = array('value' => $options[$i][value], 'label' => $options[$i][label], 'dependency' => $options[$i][dependency], 'dep_field_id' => $dep_field_info[field_id], 'dep_field_title' => $dep_field_info[field_title], 'dep_field_type' => $dep_field_info[field_type], 'dep_field_required' => $dep_field_info[field_required], 'dep_field_maxlength' => $dep_field_info[field_maxlength], 'dep_field_options' => $dep_field_options, 'dep_field_style' => $dep_field_info[field_style], 'dep_field_value' => $dep_field_value, 'dep_field_error' => $dep_field_error);
                 }
                 break;
             case 5:
                 // DATE FIELD
                 // SET MONTH, DAY, AND YEAR FORMAT FROM SETTINGS
                 switch ($setting[setting_dateformat]) {
                     case "n/j/Y":
                     case "n.j.Y":
                     case "n-j-Y":
                         $month_format = "n";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "mdy";
                         break;
                     case "Y/n/j":
                     case "Ynj":
                         $month_format = "n";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "ymd";
                         break;
                     case "Y-n-d":
                         $month_format = "n";
                         $day_format = "d";
                         $year_format = "Y";
                         $date_order = "ymd";
                         break;
                     case "Y-m-d":
                         $month_format = "m";
                         $day_format = "d";
                         $year_format = "Y";
                         $date_order = "ymd";
                         break;
                     case "j/n/Y":
                     case "j.n.Y":
                         $month_format = "n";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "dmy";
                         break;
                     case "M. j, Y":
                         $month_format = "M";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "mdy";
                         break;
                     case "F j, Y":
                     case "l, F j, Y":
                         $month_format = "F";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "mdy";
                         break;
                     case "j F Y":
                     case "D j F Y":
                     case "l j F Y":
                         $month_format = "F";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "dmy";
                         break;
                     case "D-j-M-Y":
                     case "D j M Y":
                     case "j-M-Y":
                         $month_format = "M";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "dmy";
                         break;
                     case "Y-M-j":
                         $month_format = "M";
                         $day_format = "j";
                         $year_format = "Y";
                         $date_order = "ymd";
                         break;
                 }
                 // VALIDATE POSTED VALUE
                 if ($validate == 1) {
                     // RETRIEVE POSTED FIELD VALUE
                     $var1 = "field_" . $field_info[field_id] . "_1";
                     $var2 = "field_" . $field_info[field_id] . "_2";
                     $var3 = "field_" . $field_info[field_id] . "_3";
                     $field_1 = $_POST[$var1];
                     $field_2 = $_POST[$var2];
                     $field_3 = $_POST[$var3];
                     // ORDER DATE VALUES PROPERLY
                     switch ($date_order) {
                         case "mdy":
                             $month = $field_1;
                             $day = $field_2;
                             $year = $field_3;
                             break;
                         case "ymd":
                             $year = $field_1;
                             $month = $field_2;
                             $day = $field_3;
                             break;
                         case "dmy":
                             $day = $field_1;
                             $month = $field_2;
                             $year = $field_3;
                             break;
                     }
                     // CONSTRUCT FIELD VALUE
                     $field_value = str_pad($year, 4, '0', STR_PAD_LEFT) . "-" . str_pad($month, 2, '0', STR_PAD_LEFT) . '-' . str_pad($day, 2, '0', STR_PAD_LEFT);
                     // CHECK FOR REQUIRED
                     if ($field_info['field_required'] && ($month == "00" || $day == "00" || $year == "00")) {
                         $this->is_error = 96;
                         $is_field_error = 1;
                     }
                     // UPDATE SAVE VALUE QUERY
                     if ($this->field_query != "") {
                         $this->field_query .= ", ";
                     }
                     $this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
                     // CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
                 } elseif ($search == 1) {
                     // DATE IS A BIRTHDAY
                     if ($field_info[field_special] == 1) {
                         // RESET DATE ORDER SO MONTH IS LAST
                         $date_order = "mdy";
                         // RETRIEVE MIN/MAX YEARS
                         $var3_min = "field_" . $field_info[field_id] . "_3_min";
                         $var3_max = "field_" . $field_info[field_id] . "_3_max";
                         if (isset($_POST[$var3_min])) {
                             $field_3_min = $_POST[$var3_min];
                         } elseif (isset($_GET[$var3_min])) {
                             $field_3_min = $_GET[$var3_min];
                         } else {
                             $field_3_min = "";
                         }
                         if (isset($_POST[$var3_max])) {
                             $field_3_max = $_POST[$var3_max];
                         } elseif (isset($_GET[$var3_max])) {
                             $field_3_max = $_GET[$var3_max];
                         } else {
                             $field_3_max = "";
                         }
                         $this->url_string .= $var3_min . "=" . urlencode($field_3_min) . "&";
                         $this->url_string .= $var3_max . "=" . urlencode($field_3_max) . "&";
                         // CONSTRUCT SEARCH VALUES (MIN YEAR)
                         // IMPORTANT NOTE - BECAUSE IT DISPLAYS THE AGE (NOT THE YEAR) TO THE SEARCHER, THIS ACTUALLY CORRESPONDS TO THE MINIMUM AGE (MAXIMUM YEAR)
                         $field_value_min = str_pad($field_3_min, 4, '0', STR_PAD_LEFT);
                         if ($field_value_min != "0000") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']}<='{$field_value_min}-" . date('m', time()) . "-" . date('d', time()) . "'";
                         }
                         // CONSTRUCT SEARCH VALUES (MAX YEAR)
                         // IMPORTANT NOTE - BECAUSE IT DISPLAYS THE AGE (NOT THE YEAR) TO THE SEARCHER, THIS ACTUALLY CORRESPONDS TO THE MAXIMUM AGE (MINIMUM YEAR)
                         $field_value_max = str_pad($field_3_max, 4, '0', STR_PAD_LEFT);
                         if ($field_value_max != "0000") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= $this->type . "value_{$field_info['field_id']}>=DATE_ADD('" . ($field_value_max - 1) . "-" . date('m', time()) . "-" . date('d', time()) . "', INTERVAL 1 DAY)";
                         }
                         // EXCLUDE USERS WHO HAVE NOT ENTERED A BIRTH YEAR
                         if ($field_value_min != "0000" || $field_value_max != "0000") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= "YEAR(" . $this->type . "value_{$field_info['field_id']})<>'0000'";
                         }
                         // DATE IS NOT A BIRTHDAY
                     } else {
                         // RETRIEVE VALUES
                         $var1 = "field_" . $field_info[field_id] . "_1";
                         $var2 = "field_" . $field_info[field_id] . "_2";
                         $var3 = "field_" . $field_info[field_id] . "_3";
                         if (isset($_POST[$var1])) {
                             $field_1 = $_POST[$var1];
                         } elseif (isset($_GET[$var1])) {
                             $field_1 = $_GET[$var1];
                         } else {
                             $field_1 = "";
                         }
                         if (isset($_POST[$var2])) {
                             $field_2 = $_POST[$var2];
                         } elseif (isset($_GET[$var2])) {
                             $field_2 = $_GET[$var2];
                         } else {
                             $field_2 = "";
                         }
                         if (isset($_POST[$var3])) {
                             $field_3 = $_POST[$var3];
                         } elseif (isset($_GET[$var3])) {
                             $field_3 = $_GET[$var3];
                         } else {
                             $field_3 = "";
                         }
                         $this->url_string .= $var1 . "=" . urlencode($field_1) . "&";
                         $this->url_string .= $var2 . "=" . urlencode($field_2) . "&";
                         $this->url_string .= $var3 . "=" . urlencode($field_3) . "&";
                         // ORDER DATE VALUES PROPERLY
                         switch ($date_order) {
                             case "mdy":
                                 $month = str_pad($field_1, 2, '0', STR_PAD_LEFT);
                                 $day = str_pad($field_2, 2, '0', STR_PAD_LEFT);
                                 $year = str_pad($field_3, 4, '0', STR_PAD_LEFT);
                                 break;
                             case "ymd":
                                 $year = str_pad($field_1, 4, '0', STR_PAD_LEFT);
                                 $month = str_pad($field_2, 2, '0', STR_PAD_LEFT);
                                 $day = str_pad($field_3, 2, '0', STR_PAD_LEFT);
                                 break;
                             case "dmy":
                                 $day = str_pad($field_1, 2, '0', STR_PAD_LEFT);
                                 $month = str_pad($field_2, 2, '0', STR_PAD_LEFT);
                                 $year = str_pad($field_3, 4, '0', STR_PAD_LEFT);
                                 break;
                         }
                         // CONSTRUCT FIELD VALUE
                         $field_value = $year . "-" . $month . '-' . $day;
                         if ($month != "00") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= "MONTH(" . $this->type . "value_{$field_info['field_id']})='{$month}'";
                         }
                         if ($day != "00") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= "DAY(" . $this->type . "value_{$field_info['field_id']})='{$day}'";
                         }
                         if ($year != "0000") {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= "YEAR(" . $this->type . "value_{$field_info['field_id']})='{$year}'";
                         }
                     }
                     // DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
                 } else {
                     // RETRIEVE DATABASE FIELD VALUE
                     if ($this->value_info != "") {
                         $value_column = $this->type . "value_" . $field_info[field_id];
                         $field_value = $this->value_info[$value_column];
                     } else {
                         $field_value = "0000-00-00";
                     }
                 }
                 $year = substr($field_value, 0, 4);
                 $month = substr($field_value, 5, 2);
                 $day = substr($field_value, 8, 2);
                 // FORMAT VALUE FOR DISPLAY
                 if ($format == 1 && $field_info[field_display] != 0) {
                     if ($field_value != "0000-00-00") {
                         if ($year == "0000") {
                             $year = "";
                         }
                         if ($month == "00") {
                             $month = "";
                         } else {
                             $month = $datetime->cdate("F", mktime(0, 0, 0, $month, 1, 1990));
                         }
                         if ($day == "00") {
                             $day = "";
                         } else {
                             $day = $datetime->cdate("{$day_format}", mktime(0, 0, 0, 1, $day, 1990));
                         }
                         switch ($date_order) {
                             case "mdy":
                                 $field_value_formatted = "{$month} {$day} {$year}";
                                 break;
                             case "ymd":
                                 $field_value_formatted = "{$year} {$month} {$day}";
                                 break;
                             case "dmy":
                                 $field_value_formatted = "{$day} {$month} {$year}";
                                 break;
                         }
                         if ($field_info[field_display] == 2) {
                             link_field_values($field_value_formatted, "", array($field_info[field_id], $field_value, "", $field_info[field_display]));
                         }
                     }
                     // FORMAT VALUE FOR FORM
                 } else {
                     // GET LANGUAGE VARS
                     SE_Language::_preload_multi(579, 580, 581);
                     // CONSTRUCT MONTH ARRAY
                     $month_array = array();
                     $month_array[0] = array('name' => "579", 'value' => "0", 'selected' => "");
                     for ($m = 1; $m <= 12; $m++) {
                         if ($month == $m) {
                             $selected = " SELECTED";
                         } else {
                             $selected = "";
                         }
                         $month_array[$m] = array('name' => $datetime->cdate("{$month_format}", mktime(0, 0, 0, $m, 1, 1990)), 'value' => $m, 'selected' => $selected);
                     }
                     // CONSTRUCT DAY ARRAY
                     $day_array = array();
                     $day_array[0] = array('name' => "580", 'value' => "0", 'selected' => "");
                     for ($d = 1; $d <= 31; $d++) {
                         if ($day == $d) {
                             $selected = " SELECTED";
                         } else {
                             $selected = "";
                         }
                         $day_array[$d] = array('name' => $datetime->cdate("{$day_format}", mktime(0, 0, 0, 1, $d, 1990)), 'value' => $d, 'selected' => $selected);
                     }
                     // CONSTRUCT YEAR ARRAY
                     $year_array = array();
                     $year_count = 1;
                     $current_year = $datetime->cdate("Y", time());
                     $year_array[0] = array('name' => "581", 'value' => "0", 'selected' => "");
                     for ($y = $current_year; $y >= 1920; $y--) {
                         if ($year == $y) {
                             $selected = " SELECTED";
                         } else {
                             $selected = "";
                         }
                         $year_array[$year_count] = array('name' => $y, 'value' => $y, 'selected' => $selected);
                         $year_count++;
                     }
                     // ORDER DATE ARRAYS PROPERLY
                     switch ($date_order) {
                         case "mdy":
                             $date_array1 = $month_array;
                             $date_array2 = $day_array;
                             $date_array3 = $year_array;
                             break;
                         case "ymd":
                             $date_array1 = $year_array;
                             $date_array2 = $month_array;
                             $date_array3 = $day_array;
                             break;
                         case "dmy":
                             $date_array1 = $day_array;
                             $date_array2 = $month_array;
                             $date_array3 = $year_array;
                             break;
                     }
                 }
                 break;
             case 6:
                 // CHECKBOXES
                 // VALIDATE POSTED FIELD
                 if ($validate == 1) {
                     // RETRIEVE POSTED FIELD VALUE
                     $var = "field_" . $field_info[field_id];
                     $field_value = $_POST[$var];
                     // CHECK FOR REQUIRED
                     if ($field_info[field_required] != 0 && count($field_value) == 0) {
                         $this->is_error = 96;
                         $is_field_error = 1;
                     }
                     // UPDATE SAVE VALUE QUERY
                     if ($this->field_query != "") {
                         $this->field_query .= ", ";
                     }
                     $this->field_query .= $this->type . "value_{$field_info['field_id']}='" . implode(",", $field_value) . "'";
                     // CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
                 } elseif ($search == 1) {
                     $var = "field_" . $field_info[field_id];
                     if (isset($_POST[$var])) {
                         $field_value = $_POST[$var];
                     } elseif (isset($_GET[$var])) {
                         $field_value = $_GET[$var];
                     } else {
                         $field_value = "";
                     }
                     if (count($field_value) != 0 && $field_value != "") {
                         for ($o = 0; $o < count($field_value); $o++) {
                             if ($this->field_query != "") {
                                 $this->field_query .= " AND ";
                             }
                             $this->field_query .= "FIND_IN_SET('" . $field_value[$o] . "', " . $this->type . "value_{$field_info['field_id']})";
                             $this->url_string .= $var . "[]=" . urlencode($field_value[$o]) . "&";
                         }
                     }
                     // DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
                 } else {
                     // RETRIEVE DATABASE FIELD VALUE
                     if ($this->value_info != "") {
                         $value_column = $this->type . "value_" . $field_info[field_id];
                         $field_value = explode(",", $this->value_info[$value_column]);
                     }
                 }
                 // LOOP OVER FIELD OPTIONS
                 $options = unserialize($field_info[field_options]);
                 for ($i = 0, $max = count($options); $i < $max; $i++) {
                     $dep_field_info = "";
                     $dep_field_value = "";
                     $dep_field_options = "";
                     // OPTION HAS DEPENDENCY
                     if ($options[$i][dependency] == "1") {
                         $dep_field_query = "SELECT " . $this->type . "field_id AS field_id, " . $this->type . "field_type AS field_type, " . $this->type . "field_title AS field_title, " . $this->type . "field_style AS field_style, " . $this->type . "field_options AS field_options, " . $this->type . "field_maxlength AS field_maxlength, " . $this->type . "field_link AS field_link, " . $this->type . "field_required AS field_required, " . $this->type . "field_regex AS field_regex, " . $this->type . "field_display AS field_display FROM se_" . $this->type . "fields WHERE " . $this->type . "field_id='" . $options[$i][dependent_id] . "' AND " . $this->type . "field_dependency='{$field_info['field_id']}'";
                         $dep_field = $database->database_query($dep_field_query);
                         if ($database->database_num_rows($dep_field) != "1") {
                             $options[$i][dependency] = 0;
                         } else {
                             $dep_field_info = $database->database_fetch_assoc($dep_field);
                             // VALIDATE POSTED FIELD VALUE
                             if ($validate == 1) {
                                 // OPTION SELECTED
                                 if (in_array($options[$i][value], $field_value)) {
                                     $dep_var = "field_" . $dep_field_info[field_id];
                                     $dep_field_value = censor($_POST[$dep_var]);
                                     // DEP FIELD TYPE
                                     switch ($dep_field_info[field_type]) {
                                         // TEXT FIELD
                                         case "1":
                                             // CHECK FOR REQUIRED
                                             if ($dep_field_info[field_required] != 0 && trim($dep_field_value) == "") {
                                                 $this->is_error = 96;
                                                 $is_field_error = 1;
                                             }
                                             // RUN PREG MATCH
                                             if ($dep_field_info[field_regex] != "" && trim($dep_field_value) != "") {
                                                 if (!preg_match($dep_field_info[field_regex], $dep_field_value)) {
                                                     $this->is_error = 97;
                                                     $is_field_error = 1;
                                                 }
                                             }
                                             break;
                                             // SELECT BOX
                                         // SELECT BOX
                                         case "3":
                                             // CHECK FOR REQUIRED
                                             if ($dep_field_info['field_required'] != 0 && ($dep_field_value == "-1" || $dep_field_value == "")) {
                                                 $this->is_error = 96;
                                                 $is_field_error = 1;
                                             }
                                             break;
                                     }
                                     // OPTION NOT SELECTED
                                 } else {
                                     $dep_field_value = "";
                                 }
                                 // UPDATE SAVE VALUE QUERY
                                 if ($this->field_query != "") {
                                     $this->field_query .= ", ";
                                 }
                                 $this->field_query .= $this->type . "value_{$dep_field_info['field_id']}='{$dep_field_value}'";
                                 // DO NOT VALIDATE POSTED FIELD VALUE
                             } else {
                                 // RETRIEVE DATABASE FIELD VALUE
                                 if ($this->value_info != "") {
                                     $value_column = $this->type . "value_" . $dep_field_info[field_id];
                                     $dep_field_value = $this->value_info[$value_column];
                                 }
                             }
                             // RETRIEVE DEP FIELD OPTIONS
                             $dep_options = unserialize($dep_field_info[field_options]);
                             for ($i2 = 0, $max2 = count($dep_options); $i2 < $max2; $i2++) {
                                 SE_Language::_preload($dep_options[$i2][label]);
                                 $dep_field_options[] = array('value' => $dep_options[$i2][value], 'label' => $dep_options[$i2][label]);
                                 if ($dep_options[$i2][value] == $dep_field_value) {
                                     $dep_field_value_formatted = $dep_options[$i2][label];
                                 }
                             }
                         }
                     }
                     // FORMAT VALUE FOR DISPLAY IF OPTION IS SELECTED
                     if ($format == 1 && in_array($options[$i][value], $field_value) && $field_info[field_display] != 0) {
                         SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
                         SE_Language::load();
                         $formatted_prelim = SE_Language::_get($options[$i][label]);
                         // LINK FIELD VALUES IF NECESSARY
                         if ($field_info[field_display] == 2) {
                             link_field_values($formatted_prelim, "", array($field_info[field_id], $options[$i][value], "", $field_info[field_display]));
                         }
                         // ADD DEPENDENT VALUE TO FIELD VALUE
                         if ($dep_field_value != "" && $dep_field_info[field_display] != 0) {
                             if ($dep_field_info[field_type] == 3) {
                                 $dep_field_value_formatted = SE_Language::_get($dep_field_value_formatted);
                             } else {
                                 $dep_field_value_formatted = $dep_field_value;
                             }
                             link_field_values($dep_field_value_formatted, "", array($dep_field_info[field_id], $dep_field_value, $dep_field_info[field_link], $dep_field_info[field_display]));
                             $field_value_formatted .= " " . SE_Language::_get($dep_field_info[field_title]) . " " . $dep_field_value_formatted;
                         }
                         if (trim($field_value_formatted) != "") {
                             $field_value_formatted .= ", ";
                         }
                         $field_value_formatted .= $formatted_prelim;
                     }
                     // SET OPTIONS ARRAY
                     SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
                     $field_options[] = array('value' => $options[$i][value], 'label' => $options[$i][label], 'dependency' => $options[$i][dependency], 'dep_field_id' => $dep_field_info[field_id], 'dep_field_title' => $dep_field_info[field_title], 'dep_field_type' => $dep_field_info[field_type], 'dep_field_required' => $dep_field_info[field_required], 'dep_field_maxlength' => $dep_field_info[field_maxlength], 'dep_field_options' => $dep_field_options, 'dep_field_style' => $dep_field_info[field_style], 'dep_field_value' => $dep_field_value, 'dep_field_error' => $dep_field_error);
                 }
                 break;
         }
         // SET FIELD ERROR IF ERROR OCCURRED
         if ($is_field_error == 1) {
             $field_error = $field_info[field_error];
         } else {
             $field_error = 0;
         }
         // SET FIELD VALUE ARRAY FOR LATER USE
         // FIX THIS FOR CHECKBOXES (USED FOR SUBNETS?)
         $this->fields_new[$this->type . "value_" . $field_info[field_id]] = $field_value;
         // SET SPECIAL FIELDS, IF NECESSARY
         if ($field_info[field_special] != 0) {
             $this->field_special[$field_info[field_special]] = $field_value;
         }
         // SAVE FORMATTED FIELD VALUE IN ARRAY
         if ($field_value_formatted != "") {
             $this->field_values[] = $field_value_formatted;
         }
         // SET FIELD ARRAY AND INCREMENT FIELD COUNT
         if ($format == 0 && $search == 0 || $format == 1 && $field_value_formatted != "" || $search == 1 && $field_info[field_search] != 0) {
             SE_Language::_preload_multi($field_info[field_title], $field_info[field_desc], $field_info[field_error]);
             $this->fields[] = $this->fields_all[] = array('field_id' => $field_info[field_id], 'field_title' => $field_info[field_title], 'field_desc' => $field_info[field_desc], 'field_type' => $field_info[field_type], 'field_required' => $field_info[field_required], 'field_style' => $field_info[field_style], 'field_maxlength' => $field_info[field_maxlength], 'field_special' => $field_info[field_special], 'field_signup' => $field_info[field_signup], 'field_search' => $field_info[field_search], 'field_options' => $field_options, 'field_value' => $field_value, 'field_value_formatted' => $field_value_formatted, 'field_value_min' => $field_value_min, 'field_value_max' => $field_value_max, 'field_error' => $field_error, 'date_array1' => $date_array1, 'date_array2' => $date_array2, 'date_array3' => $date_array3);
             $field_count++;
         }
     }
 }
コード例 #28
0
}
$msg = '';
if (isset($_POST['submit'])) {
    if (!isset($_POST['username'])) {
        $msg = 'No username entered!';
    } elseif (!isset($_POST['email'])) {
        $msg = 'No email entered!';
    } elseif (!isset($_POST['password'])) {
        $msg = 'No password entered!';
    } elseif (!isset($_POST['repeat'])) {
        $msg = 'Password not repeated!';
    } else {
        $username = security($_POST['username']);
        $email = security($_POST['email']);
        $password = encrypy(security($_POST['password']));
        $repeat = encrypy(security($_POST['repeat']));
        $Function_Query1 = mysql_query("SELECT email FROM {$config_db_accounts} WHERE email='{$email}'");
        $Function_Query2 = mysql_query("SELECT username FROM {$config_db_accounts} WHERE username='******'");
        if ($password !== $repeat) {
            $msg = 'Passwords did not match!';
        } elseif ($config_registrations !== true) {
            $msg = 'Registration is disabled.';
        } elseif (validate_email($email) !== true) {
            $msg = 'Invalid email entered!';
        } elseif (validate_username($username) !== true) {
            $msg = 'Invalid username entered!';
        } elseif (strlen($username) <= 3 && strlen($username) >= 15) {
            $msg = 'Usernames between 3 and 15 charecters!';
        } elseif (mysql_num_rows($Function_Query1) === 1) {
            $msg = 'Email already has an account!';
        } elseif (mysql_num_rows($Function_Query2) === 1) {
コード例 #29
0
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
/**~. (c) 2014 Garrett R. Morris, OpenEx.pw .~**->>             
 *Licensed Under the MIT License : http://www.opensource.org/licenses/mit-license.php
 ***************************************/
//
//CSRF Protection
//
$token = security($_POST["csrf_token"]);
if (empty($token)) {
    $errors[] = "a security error occured. please try again";
    //we know the token is missing, but we don't let the end user know that.
} else {
    if (!$loggedInUser->csrf_validate($token)) {
        $errors[] = "a security error occured. please try again.";
        //the token was wrong, but same here.
    }
}
/*
basic usage
class:
$loggedInUser->csrf_token(true); <-- creates the token
$loggedInUser->csrf_token; <-- accesses the token from its storage in the session object
$loggedInUser->csrf_validate(); <-- validates and regenerates the token
コード例 #30
0
<?php

require "../coinapi_private/data.php";
$datec = date('G');
$result = mysql_query("SELECT * FROM box2 WHERE datec='{$datec}'");
$num_rows = mysql_num_rows($result);
if ($num_rows > 4) {
    $onloader = 'It seams someone is trying to abuse us.\\nTry again a later today.';
} else {
    if (isset($_POST['addr'])) {
        $User_Address = security(strip_tags($_POST['addr']));
    }
    if (isset($_POST['addr'])) {
        if ($User_Address != "") {
            $result = mysql_query("SELECT * FROM box2 WHERE date='{$date}' and address='{$User_Address}'");
            $num_rows = mysql_num_rows($result);
            if ($num_rows == 0) {
                $result = mysql_query("SELECT * FROM box2 WHERE ip='{$ip}' and date='{$date}'");
                $num_rows = mysql_num_rows($result);
                if ($num_rows == 0) {
                    $result = mysql_query("SELECT * FROM box2 WHERE email='{$udb_email}' and date='{$date}'");
                    $num_rows = mysql_num_rows($result);
                    if ($num_rows == 0) {
                        $send_amount = "0.01";
                        $json_url = 'http://bdrf.info/api_mec.php?puk=jCM8kKazKMOcUDyhP80vIYYjy5DdGixnhr&prk=FsDCfGc8tUUDnoyjwezqxHQOJ9lXOiYUz8ScD&act=sendcoin&acnt=TheAdminsEmail@address.com&sid=BDRFM&to=' . $User_Address . '&amount=' . $send_amount;
                        $ch = curl_init();
                        curl_setopt($ch, CURLOPT_URL, $json_url);
                        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                        $json_feed = curl_exec($ch);
                        curl_close($ch);
                        $txid_array = json_decode($json_feed, true);