コード例 #1
0
ファイル: login.php プロジェクト: DINKIN/rokket
 protected static function loginPost()
 {
     $email = type::post('email', 'string');
     $password = type::post('password', 'string');
     $remember = type::post('remember', 'int');
     if (is_null($email) || is_null($password) || $email == '' || $password == '') {
         echo message::info(lang::get('fill_out_both'));
         return;
     }
     $sql = new sql();
     $sql->query('SELECT password, salt, id FROM ' . sql::table('user') . ' WHERE `email` = "' . $sql->escape($email) . '"');
     if (!$sql->num()) {
         echo message::danger(sprintf(lang::get('email_not_found'), htmlspecialchars($email)), true);
         $shake = 1;
         return;
     }
     $sql->result();
     if (!self::checkPassword($password, $sql->get('salt'), $sql->get('password'))) {
         echo message::danger(lang::get('wrong_pw'));
         $shake = 1;
         return;
     }
     self::loginSession();
     self::$userID = $sql->get('id');
     $_SESSION['login'] = $sql->get('id');
     if ($remember) {
         setcookie("remember", $sql->get('id'), time() + 3600 * 24 * 7);
     }
 }
コード例 #2
0
/**
 * Installiert ein Template
 * @param $file Dateiname des Templates
 * @param $template_name Name mit dem das Template installiert werden soll
 * @param [$debug=false] Debugflag 
 */
function rex_installTemplate($file, $template_name, $debug = false)
{
    global $REX, $REX_USER;
    $content = sql::escape(file_get_contents($file . '.tpl'));
    $sql = new rex_sql();
    $sql->debugsql = $debug;
    $qry = 'INSERT INTO ' . $REX['TABLE_PREFIX'] . 'template SET `name` = ' . sql::escape($template_name) . ', `content` = ' . $content . ', `createdate` = ' . sql::escape(time()) . ', `createuser` = ' . sql::escape($REX_USER->getValue('login'));
    $sql->setQuery(_prepare_query($qry));
    return $sql->getError();
}
コード例 #3
0
 /**
  * @access protected
  */
 function _getSQLSetString()
 {
     $set = ' SET' . '  re_id = "' . sql::escape($this->getParentId()) . '"' . ', name = "' . sql::escape($this->getName()) . '"' . ', path = "' . sql::escape($this->getPath()) . '"' . ', hide = "' . sql::escape($this->isHidden()) . '"' . ', updatedate = "' . sql::escape($this->getUpdateDate()) . '"' . ', createdate = "' . sql::escape($this->getCreateDate()) . '"' . ', updateuser = "******"' . ', createuser = "******"';
     return $set;
 }
コード例 #4
0
ファイル: db2.php プロジェクト: Alambos/books
 static function __combine_where($keys, $revelance = FALSE)
 {
     self::$revelance = FALSE;
     $implode = ' AND ';
     if (!is_array($keys) or empty($keys)) {
         return '';
     }
     if (self::$SAFE_MODE_WHERE) {
         foreach ($keys as $key => $value) {
             if (is_null($value)) {
                 $a[] = self::__combine_keyn($key) . ' IS NULL';
             } else {
                 $a[] = self::__combine_keyn($key) . '=' . sql::escape($value);
             }
         }
     } else {
         $a = array();
         foreach ($keys as $key => $v) {
             if (!is_array($v)) {
                 $v = array($v);
             }
             foreach ($v as $value) {
                 if ($key === 'OR') {
                     $implode = ' OR ';
                 } elseif (substr($key, -1) == '!' and is_null($value) or $value === '') {
                     $a[] = self::__combine_keyn(substr($key, 0, -1)) . ' IS NOT NULL';
                 } elseif (is_null($value) or $value === '') {
                     $a[] = self::__combine_keyn($key) . ' IS NULL';
                 } elseif (substr($key, -1) == '!') {
                     $a[] = self::__combine_keyn(substr($key, 0, -1)) . '!=' . sql::escape($value);
                 } elseif ($key == '^') {
                     $a[] = 'MAX(' . self::__combine_keyn($value) . ')';
                 } elseif (substr($key, -2) == '~~') {
                     $temp = 'MATCH (' . self::__combine_keyn(substr($key, 0, -2)) . ') AGAINST (' . sql::escape($value) . ')';
                     if ($revelance) {
                         self::$revelance = $temp . ' AS `revelance`';
                     }
                     $a[] = $temp;
                 } elseif (substr($key, -1) == '~') {
                     $a[] = self::__combine_keyn(substr($key, 0, -1)) . ' LIKE ' . sql::escape($value);
                 } elseif (substr($key, -2) == '>=') {
                     $a[] = self::__combine_keyn(substr($key, 0, -2)) . '>=' . sql::escape($value);
                 } elseif (substr($key, -2) == '<=') {
                     $a[] = self::__combine_keyn(substr($key, 0, -2)) . '<=' . sql::escape($value);
                 } elseif (substr($key, -1) == '>') {
                     $a[] = self::__combine_keyn(substr($key, 0, -1)) . '>' . sql::escape($value);
                 } elseif (substr($key, -1) == '<') {
                     $a[] = self::__combine_keyn(substr($key, 0, -1)) . '<' . sql::escape($value);
                 } else {
                     $a[] = self::__combine_keyn($key) . '=' . sql::escape($value);
                 }
             }
         }
     }
     return ' WHERE ' . implode($implode, $a) . $addon;
 }
コード例 #5
0
ファイル: members.php プロジェクト: sakki54/PHS-Website
.css" rel="stylesheet" type='text/css'>
    <link href='https://fonts.googleapis.com/css?family=Open+Sans' rel='stylesheet' type='text/css'>
  </head>
  <body>
    <?php 
include 'inserts/navbar.php';
?>
    <div id="mainDiv">
      <?php 
//$mysqli->query("SET NAMES 'UTF8'");
//TODO: Limiting on graph
$perPage = 40;
$query = "SELECT rsn, clanRank, skill1 FROM rsAcc";
if (isset($_GET['search']) && !empty($_GET['search'])) {
    if (preg_match('([A-Za-z0-9\\-\\_]+)', $_GET['search'])) {
        $query = $query . " WHERE rsn LIKE '%" . $sql->escape($_GET['search']) . "%'";
    }
} else {
    $query = $query . " ORDER BY " . $sortType . " " . $sortDir;
}
$query = $query . " LIMIT " . ($page - 1) * $perPage . ", " . $page * $perPage;
$result = $sql->query($query);
if (mysqli_num_rows($result) != 0) {
    ?>
      <div id="membersHeader">
        Clan Members
      </div>
      <table id="membersTable">
        <tr>
          <!--<th class="memPic">Avatar</th>-->
          <th class="memName">Name <a href="?page=<?php 
コード例 #6
0
 /**
  * @access protected
  */
 function _getSQLSetString()
 {
     $set = ' SET' . '  re_file_id = "' . $this->getParentId() . '"' . ', category_id = "' . sql::escape($this->getCategoryId()) . '"' . ', filetype = "' . sql::escape($this->getType()) . '"' . ', filename = "' . sql::escape($this->getFileName()) . '"' . ', originalname = "' . sql::escape($this->getOrgFileName()) . '"' . ', filesize = "' . sql::escape($this->getSize()) . '"' . ', width = "' . sql::escape($this->getWidth()) . '"' . ', height = "' . sql::escape($this->getHeight()) . '"' . ', title = "' . sql::escape($this->getTitle()) . '"' . ', description = "' . sql::escape($this->getDescription()) . '"' . ', copyright = "' . sql::escape($this->getCopyright()) . '"' . ', updatedate = "' . sql::escape($this->getUpdateDate(null)) . '"' . ', createdate = "' . sql::escape($this->getCreateDate(null)) . '"' . ', updateuser = "******"' . ', createuser = "******"';
     return $set;
 }
コード例 #7
0
ファイル: user.php プロジェクト: DINKIN/rokket
</a>
        <button type="submit" name="sendNew"><?php 
    echo lang::get('add');
    ?>
</button>
        
        </form>
        
    </div>
</div>

<?php 
} elseif ($action == 'edit' && $id) {
    if (isset($_POST['send'])) {
        $sqlUser = new sql();
        $sqlUser->result("SELECT * FROM " . sql::table('user') . " WHERE id = '" . $sqlUser->escape($id) . "'");
        $perms = json_decode(type::post('rights'));
        $rights = [];
        foreach ($perms as $key => $val) {
            foreach ($val as $var) {
                $rights[] = $key . '[' . $var . ']';
            }
        }
        $sql = new sql();
        $sql->setTable('user');
        $sql->setWhere('id=' . $id);
        $admin = isset($_POST['admin']) ? 1 : 0;
        $sql->addPost('perms', implode('|', $rights));
        $sql->addPost('firstname', type::post('firstname'));
        $sql->addPost('name', type::post('name'));
        $sql->addPost('email', type::post('email'));
コード例 #8
0
ファイル: ksiazki.php プロジェクト: Alambos/books
 static function cache_update($kod)
 {
     $dane = db2::escape_data(sql::fetchone(sql::query('SELECT `ksiazki`.*, `pozycz`.`od`, `pozycz`.`kto` FROM `ksiazki` LEFT OUTER JOIN `pozycz` ON `pozycz`.`id`=`ksiazki`.`id` WHERE `ksiazki`.`id`=' . sql::escape($kod))));
     self::cache_add($kod, $dane);
 }