function add_homecell() { global $info, $errors, $messages; $data = json_decode(file_get_contents("php://input")); $hc_name = $data->hc_name; $desc = $data->description; //VALIDATE $lastname = $hc_name == "" ? $errors['homecell_name'] .= "Enter Homecell name<br />" : validateText($hc_name, 'Homecell Name'); $desc = validateMix($desc, 'Description'); if (!empty($errors)) { $messages['success'] = false; $messages['errors'] = $errors; # code... } else { try { global $db_vars, $errors; $conn = new PDO("mysql:host=" . DB_SERVER . ";dbname=" . DB_NAME, DB_USER, DB_PASS, array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)); $str = "INSERT INTO cmishomecell (hcName, hcDescription) VALUES (?, ?)"; $query = $conn->prepare($str); $query->execute($db_vars); //echo $query->rowCount(); } catch (PDOexception $e) { $errors['db'] = $e->getMessage(); } // if there are no errors, return a message $messages['success'] = true; $messages['message'] = 'Homecell has been successfully added!'; } // return all our data to an AJAX call echo json_encode($messages); }
function validateDOB(&$errors, $fieldList, $fieldName, $required = false) { if (validateText($errors, $fieldList, $fieldName)) { $date = DateTime::createFromFormat('Y-m-d', $fieldList[$fieldName]); if ($date && $date->format('Y-m-d') == $fieldList[$fieldName]) { return true; } else { $errors[$fieldName] = $date->format['Y-m-d'] . ' from ' . $fieldList[$fieldName] . ' is an invalid date of birth'; return false; } } else { if ($required == false) { unset($errors[$fieldName]); return true; } else { return false; } } }
} } # Checks whether the User is logged in and prevents further operations if he/she is not include "function/modules/mod.login.php"; # Otherwise user-specific settings are loaded include userdir . "/" . $_SESSION["user"] . "/settings.php"; # If User already has downloaded his/her PIM-Resources, they are stored in a file # in the User-Dir referenced by the constant "restree" if (file_exists(restree)) { include restree; } # This code-snippet offers the possibility to view the full tree of resources # for development purposes if ($_GET["print_restree"]) { die(str_replace("\n", "<br />", str_replace(" ", " ", print_r($GLOBALS["restree"], true)))); } # The called module should be given by POST or GET # If no module is given, the standard module is taken (see config.php) define("inc_main", RetrieveVar("module", "0110") != "" ? RetrieveVar("module", "0110") : defaultmodule); # If this is an ajax-call just start the mainpage without embracing index.html if (ajax) { $GLOBALS["stdOUT"] = "~mainpage~" . inc_main . "~/mainpage~"; } else { $GLOBALS["stdOUT"] = file_get_contents(designroot . "/display/index.html"); } # Analyse Output for template-Commands $GLOBALS["stdOUT"] = sourceAnalyze($GLOBALS["stdOUT"], true); # Validate output (at least better than nothing) $GLOBALS["stdOUT"] = validateText($GLOBALS["stdOUT"]); # Flush the results echo $GLOBALS["stdOUT"];
$db = new Database($host, $userName, $password, $database); if (!empty($_POST)) { // CSRF token protection if ($_POST['token'] === $_SESSION['token']) { $db = new Database($host, $userName, $password, $database); $user = str_replace(' ', '_', sanitize($_POST['tfb_name'])); $userPassword = sanitize($_POST['tfb_password']); if (empty($user) || empty($userPassword)) { $error = true; header("Location: ../index.php?login_error=empty"); } else { if (!validateText($user, 2, 20)) { $error = true; header("Location: ../index.php?login_error=user"); } else { if (!validateText($userPassword, 10, 50)) { $error = true; header("Location: ../index.php?login_error=pw"); } else { if (!$db->userExists($user)) { $error = true; header("Location: ../index.php?login_error=nonexistent"); } else { if (!$db->checkPassword($user, $userPassword)) { $error = true; header("Location: ../index.php?login_error=wrongpw"); } } } } }
?> </td></tr> <tr><td></td><td><div align="right"><button class="btn btn-sm btn-primary" type="submit" value=" Send" id="submit" >Save</button></div> <br><?php ctrl_submit('Save'); ?> </td></tr> </tbody> </table> </form> <?php if (isset($_POST['submit'])) { require 'includes/functions/validate.php'; validateText($errors, $_POST, 'address'); if (!$errors) { // echo "The number of rooms is *". $_POST['description'].'*'; db_addProperty($_POST['numOfRooms'], $_POST['numberofBaths'], $_POST['numberOfCarParks'], $_POST['defaultRent'], $_POST['defaultPeriod'], $_POST['buyingPrice'], $_POST['address'], $_POST['description'], $_POST['suburb'], $_POST['state'], $_POST['postcode'], $_FILES['userfile']); header("location: http://{$_SERVER['HTTP_HOST']}/property-Management-application/searchProperties.php"); exit; } } ?> </div> </div> </div></div> </body> </html>
... tag1=[tagid] ... tag filter 1 ... tag2=[tagid] ... tag filter 2 ... tag12=0/1 ... tag1-tag2 OR=0, AND=1 Manage terms ***************************************************************/ require_once 'settings.inc.php'; require_once 'connect.inc.php'; require_once 'dbutils.inc.php'; require_once 'utilities.inc.php'; require_once 'simterms.inc.php'; $currentlang = validateLang(processDBParam("filterlang", 'currentlanguage', '', 0)); $currentsort = processDBParam("sort", 'currentwordsort', '1', 1); $currentpage = processSessParam("page", "currentwordpage", '1', 1); $currentquery = processSessParam("query", "currentwordquery", '', 0); $currentstatus = processSessParam("status", "currentwordstatus", '', 0); $currenttext = validateText(processSessParam("text", "currentwordtext", '', 0)); $currenttag1 = validateTag(processSessParam("tag1", "currentwordtag1", '', 0), $currentlang); $currenttag2 = validateTag(processSessParam("tag2", "currentwordtag2", '', 0), $currentlang); $currenttag12 = processSessParam("tag12", "currentwordtag12", '', 0); $wh_lang = $currentlang != '' ? ' and WoLgID=' . $currentlang : ''; $wh_stat = $currentstatus != '' ? ' and ' . makeStatusCondition('WoStatus', $currentstatus) : ''; $wh_query = convert_string_to_sqlsyntax(str_replace("*", "%", mb_strtolower($currentquery, 'UTF-8'))); $wh_query = $currentquery != '' ? ' and (WoText like ' . $wh_query . ' or WoRomanization like ' . $wh_query . ' or WoTranslation like ' . $wh_query . ')' : ''; if ($currenttag1 == '' && $currenttag2 == '') { $wh_tag = ''; } else { if ($currenttag1 != '') { if ($currenttag1 == -1) { $wh_tag1 = "group_concat(WtTgID) IS NULL"; } else { $wh_tag1 = "concat('/',group_concat(WtTgID separator '/'),'/') like '%/" . $currenttag1 . "/%'";
<?php include 'includes/functions/db.php'; include 'includes/functions/formControls.php'; include 'includes/accountSessions.php'; $errors = array(); $loginId = $_SESSION['idLogin']; if (isset($_POST['submit'])) { require 'includes/functions/validate.php'; validateEmail($errors, $_POST, 'email'); validateText($errors, $_POST, 'firstName'); validateText($errors, $_POST, 'lastName'); validateDOB($errors, $_POST, 'DOB'); validateText($errors, $_POST, 'password'); if (!$errors) { $isMale = NULL; if (isset($_POST['gender']) && $_POST['gender'] == 'male') { $isMale = 1; } else { $isMale = 0; } db_updateOwner($loginId, $_POST['email'], $_POST['password'], $_POST['firstName'], $_POST['lastName'], $_POST['DOB'], $isMale); header("location: http://{$_SERVER['HTTP_HOST']}/property-Management-application/ownerProfile.php"); exit; } } ?> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
function getSetting($key) { global $tbpref; $val = get_first_value('select StValue as value from ' . $tbpref . 'settings where StKey = ' . convert_string_to_sqlsyntax($key)); if (isset($val)) { $val = trim($val); if ($key == 'currentlanguage') { $val = validateLang($val); } if ($key == 'currenttext') { $val = validateText($val); } return $val; } else { return ''; } }
$picturePath = saveImageFile("topArticlePicture", "picture/"); //新的置顶图片上传,删除原来图片 if ($currentArticle['type'] == 1) { deleteFile($currentArticle['picturePath']); } } } else { //这不是置顶文章,或者这被改为不是置顶文章 //需要删除原先的置顶图片 if ($currentArticle['type'] == 1) { deleteFile($currentArticle['picturePath']); } } $title = validateText(htmlspecialchars($_POST["title"])); $author = validateText(htmlspecialchars($_POST["author"])); $content = validateText($_POST["content"]); $db->start(); //先删除文件和数据库,然后保存到服务器,避免新上传的同名文件被删除 if (!empty($_FILES['attachmentName']['name'][0])) { echo "附件有改动" . "<br>"; $aWhere = array('articleId =' => $articleId); $currentArticleAttachments = $db->select('attachment', '', $aWhere)->results(); // print_r($currentArticleAttachments); foreach ($currentArticleAttachments as $currentArticleAttachment) { deleteFile($currentArticleAttachment['path']); } $aWhere = array('articleId' => $articleId); if ($db->delete('attachment', $aWhere)->affectedRows() > 0) { echo '删除原来附件成功'; } }
function getEnchantmentDesc($enchantment) { if ($enc = getEnchantment($enchantment)) { return "<a href=?enchant={$enchantment}>" . validateText($enc['description']) . "</a>"; } return "Enchant {$enchantment}"; }
$posMap = $point['target_map']; $posX = $point['target_position_x']; $posY = $point['target_position_y']; $posZ = $point['target_position_z']; transformWorldCoordinates($posMap, $posX, $posY, $posZ); if ($mapId == $posMap and $areaY1 >= $posY and $areaY2 <= $posY and $areaX1 >= $posX and $areaX2 <= $posX) { $x = ($posX - $areaX1) / ($areaX2 - $areaX1) * 100; $y = ($posY - $areaY1) / ($areaY2 - $areaY1) * 100; $mapdata['points'][$i]['id'] = $point['id']; $mapdata['points'][$i]['x'] = $y; $mapdata['points'][$i]['y'] = $x; $mapdata['points'][$i]['image'] = "images/map_points/binder_icon.gif"; $mapdata['points'][$i]['icenterx'] = 8; $mapdata['points'][$i]['icentery'] = 8; $mapdata['points'][$i]['href'] = ''; $mapdata['points'][$i]['tooltip'] = validateText($point['name']); $i++; } } } // Выбираем лучший масштаб if ($mapdata['imageX']) { $bestScale = 768 / $mapdata['imageX']; if ($bestScale > 0.0 && $bestScale < 0.4) { $bestScale = 0.25; } else { if ($bestScale > 0.4 && $bestScale < 0.62) { $bestScale = 0.5; } else { if ($bestScale > 0.62 && $bestScale < 0.87) { $bestScale = 0.75;
private function edit() { if (empty($_GET['id'])) { $this->show_all(); } else { if (empty($_POST)) { $id_employee = $_GET['id']; $employee = $this->model->get($id_employee); if ($employee) { $section = file_get_contents('Views/Employee/edit.html'); $dicc = array('{id}' => $employee['id_employee'], '{nombre}' => $employee['emp_name'], '{apellido}' => $employee['emp_last_name'], '{RFC}' => $employee['RFC'], '{email}' => $employee['emp_email'], '{telefono}' => $employee['emp_phone'], '{celular}' => $employee['emp_cellpone'], '{direcccion}' => $employee['address'], '{colonia}' => $employee['colony']); $section = strtr($section, $dicc); $this->template($section); } else { echo 'no existe ese empleado para editarlo'; } } else { $id_employee = $_GET['id']; require_once "Controllers/Validaciones.php"; $name = validateName($_POST['name']); $last_name = validateName($_POST['last_name']); $RFC = validateRFC($_POST['RFC']); $email = validateEmail($_POST['email']); $phone = $_POST['phone']; $cellphone = $_POST['cellphone']; $address = $_POST['address']; $colony = validateText($_POST['colony']); $city = $_POST['city']; $employee = new Employee($name, $last_name, $RFC, $email, $phone, $cellphone, $address, $colony, $city); $result = $this->model->edit($employee, $id_employee); if ($result) { $this->show_message("success", "El empleado se edito correctamente"); } else { $this->show_message("danger", "No se edito no puede haber duplicados en el correo o el RFC"); } } } }
function validate_contest_submission($post_arr) { $errors = array(); if (false == validateText($post_arr['name'])) { $errors['name'] = 'Please enter a valid name.'; } if (false == validateEmail($post_arr['email'])) { $errors['email'] = 'Please enter a valid email.'; } if (false == validateText($post_arr['entry-textarea'])) { $errors['entry-textarea'] = 'Please enter a valid reason.'; } if (false == isset($post_arr['student']) || false == validateStudent($post_arr['student'])) { $errors['student'] = 'Please choose yes or no.'; } if ($post_arr['student'] == 'yes' && false == validateText($post_arr['student-id'])) { $errors['student-id'] = 'Please enter a valid student id.'; } if (false == isset($post_arr['confirmation'])) { $errors['confirmation'] = 'Please confirm.'; } return count($errors) == 0 ? true : $errors; }
echo "<br/>";*/ $firstame = $_REQUEST['firstname'] == "" ? $errors['firstname'] .= "Enter Firstname<br />" : validateText($_REQUEST['firstname'], 'Firstname'); //$middlename = ($_REQUEST['middlename'] == "") ? "" : validateText($_REQUEST['middlename'], 'Middlename'); $middlename = validateText($_REQUEST['middlename'], 'Middlename'); $lastname = $_REQUEST['lastname'] == "" ? $errors['lastname'] .= "Enter Lastname<br />" : validateText($_REQUEST['lastname'], 'Lastname'); $dob = $_REQUEST['dob'] == "" ? $errors['dob'] .= "Select date of birth<br />" : validateDate($_REQUEST['dob'], 'dob'); $gender = validateSelectOption($_REQUEST['gender'], 'gender'); $marital_status = validateSelectOption($_REQUEST['marital_status'], 'marital status'); //$dob = ($_REQUEST['dob'] == "") ? $errors['dob'] .= "Select date of birth<br />" : validateDate($_REQUEST['dob'], 'dob'); //$age = ($_REQUEST['age'] == "") ? $errors['age'] .= "Enter age<br />" : validateNumber($_REQUEST['age'], 'Age'); $address = $_REQUEST['address'] == "" ? $errors['adress'] .= "Enter adress<br />" : validateMix($_REQUEST['address'], 'Address'); $district = $_REQUEST['district'] == "" ? $errors['district'] .= "Enter district<br />" : validateText($_REQUEST['district'], 'District'); //$phone = validatePhone($_REQUEST['cellphone'], 'cellphone'); array_push($db_vars, $_REQUEST['cellphone']); $email = validateEmail($_REQUEST['email'], 'email'); $occupation = validateText($_REQUEST['occupation'], 'occupation'); // the second column is the label to be displayed on error $homecell = validateSelectOption($_REQUEST['homecell'], 'homecell'); $membership = validateSelectOption($_REQUEST['membership'], 'membership'); $locations = validateSelectOption($_REQUEST['locations'], 'location'); $baptism = validateSelectOption($_REQUEST['baptism'], 'baptism'); $baptism_date = $_REQUEST['baptism_date'] == "" ? $errors['baptism_date'] .= "Select baptism date<br />" : validateDate($_REQUEST['baptism_date'], 'baptism date'); $sunday_class = validateSelectOption($_REQUEST['sunday_class'], 'sunday class'); $channel = validateSelectOption($_REQUEST['channel'], 'channel'); $ministry = validateSelectOption($_REQUEST['ministry'], 'ministry'); // //print_r($db_vars); // } include 'db.php'; // return a response =========================================================== // response if there are errors
private function edit() { if (empty($_GET['id'])) { $this->show_all(); } else { if (empty($_POST)) { $id_piece = $_GET['id']; $piece = $this->model->get($id_piece); if ($piece) { $section = file_get_contents('Views/Piece/edit.html'); $dicc = array('{id}' => $piece['id_piece'], '{nombre}' => $piece['piece_name']); $section = strtr($section, $dicc); $this->template($section); } else { echo 'no existe esa pieza'; } } else { $id_piece = $_GET['id']; require_once "Controllers/Validaciones.php"; $name = validateText($_POST['name']); $result = $this->model->edit($name, $id_piece); if ($result) { $this->show_message("success", "La pieza se edito exitosamente"); } else { $this->show_message("danger", "No se edito, no puede haber duplicados en el nombre"); } } } }
$user = str_replace(' ', '_', sanitize($_POST['tfb_name'])); $tfbpass1 = sanitize($_POST['tfb_password1']); $tfbpass2 = sanitize($_POST['tfb_password2']); $tfbemail1 = sanitize($_POST['tfb_email1']); $tfbemail2 = sanitize($_POST['tfb_email2']); $address = sanitize($_POST['address']); if (empty($user) || empty($tfbpass1) || empty($tfbpass2) || empty($tfbemail1) || empty($tfbemail2) || empty($address)) { $feedback = "All fields must be filled."; } else { if (!validateText($user, 2, 20)) { $feedback = "The username must be a string of 2-20 characters."; } if (!validateText($address, 2, 50)) { $feedback = "The address must be a string of 2-50 characters."; } if (!validateText($tfbemail1, 6, 50)) { $feedback = "The email must be a string of 6-50 characters."; } if (!$feedback) { if ($tfbemail1 != $tfbemail2) { $feedback = "The email was not correctly repeated."; } else { $pattern = '/^(?=.*\\d)(?=.*?[a-zA-Z])(?=.*?[\\W_]).{10,}$/'; if (preg_match($pattern, $tfbpass1) != 1) { $feedback = "The password does not meet the requirements."; } else { if ($tfbpass1 != $tfbpass2) { $feedback = "The password was not correctly repeated."; } else { $password = password_hash($tfbpass1, PASSWORD_DEFAULT); $db->createUser($user, $password, $address, $tfbemail1);