PHP MakeSecure 예제들

프로그래밍 언어: PHP

메소드/함수: MakeSecure

hotexamples.com에서의 예제들: 2

PHP MakeSecure - 2개의 예제가 발견되었습니다. 이것들은 오픈소스 프로젝트에서 추출된 PHP의 MakeSecure에 대한 실세계 최고 등급의 예제들입니다. 예제들을 평가하여 예제의 품질 향상에 도움을 줄 수 있습니다.

예제 #1

파일 보기

파일: functions.php 프로젝트: BackupTheBerlios/comacms-svn

/**
 * GetPostOrGet
 *
 * This function make it easier to catch a variable which is send by GET or POST
 * if the variable dosen't exist this function returns null
 * @return mixed
 * @var Name $Name is the name of the variable wthich value is to return
 */
function GetPostOrGet($Name)
{
    global $_POST, $_GET;
    $value = null;
    // no GET- or POST-variable available
    if (isset($_POST[$Name])) {
        // exists an POST-value?
        $value = $_POST[$Name];
    } else {
        if (isset($_GET[$Name])) {
            // exists an GET-value?
            $value = $_GET[$Name];
        }
    }
    $value = MakeSecure($value);
    return $value;
}

예제 #2

파일 보기

파일: edit_text_page.php 프로젝트: BackupTheBerlios/comacms-svn

 function Save($page_id)
 {
     global $user, $admin_lang;
     $page_edit_comment = GetPostOrGet('pageEditComment');
     $page_title = GetPostOrGet('pageTitle');
     $page_text = GetPostOrGet('pageText');
     if (GetPostOrGet('pagePreview') != '') {
         return $this->Edit($page_id, $page_title, $page_text, $page_edit_comment);
     }
     if (GetPostOrGet('pageAbort') != '') {
         header('Location: admin.php?page=pagestructure');
         die;
     }
     if ($page_title != '' && $page_id != '' && $page_text != '') {
         $sql = "SELECT struct.*, text.*\r\n\t\t\t\tFROM ( " . DB_PREFIX . "pages struct\r\n\t\t\t\tLEFT JOIN " . DB_PREFIX . "pages_text text ON text.page_id = struct.page_id )\r\n\t\t\t\tWHERE struct.page_id='{$page_id}' AND struct.page_type='text'";
         $old_result = db_result($sql);
         $html = TextActions::ConvertToPreHTML($page_text);
         if ($old = mysql_fetch_object($old_result)) {
             // exists the page?
             if ($old->page_title != $page_title || MakeSecure($old->text_page_html) != $html) {
                 if (!($page_title == $old->page_title && $old->text_page_text == '')) {
                     $sql = "INSERT INTO " . DB_PREFIX . "pages_history (page_id, page_type, page_name, page_title, page_parent_id, page_lang, page_creator, page_date, page_edit_comment)\r\n\t\t\t\t\t\t\t\tVALUES({$old->page_id}, '{$old->page_type}', '{$old->page_name}', '{$old->page_title}', {$old->page_parent_id}, '{$old->page_lang}', {$old->page_creator}, {$old->page_date}, '{$old->page_edit_comment}')";
                     db_result($sql);
                     $lastid = mysql_insert_id();
                     $sql = "INSERT INTO " . DB_PREFIX . "pages_text_history (page_id, text_page_text)\r\n\t\t\t\t\t\t\t\tVALUES ({$lastid}, '{$old->text_page_text}')";
                     db_result($sql);
                 }
                 //$html =  TextActions::ConvertToPreHTML($page_text);
                 $sql = "UPDATE " . DB_PREFIX . "pages_text\r\n\t\t\t\t\t\t\tSET text_page_text='{$page_text}', text_page_html='{$html}'\r\n\t\t\t\t\t\t\tWHERE page_id='{$old->page_id}'";
                 db_result($sql);
                 $sql = "UPDATE " . DB_PREFIX . "pages\r\n\t\t\t\t\t\t\tSET page_creator={$user->ID}, page_date=" . mktime() . ", page_title='{$page_title}', page_edit_comment='{$page_edit_comment}'\r\n\t\t\t\t\t\t\tWHERE page_id={$page_id}";
                 db_result($sql);
                 header("Location: admin.php?page=pagestructure");
                 return "Die Seite sollte gespeichert sein!";
             } else {
                 // no changes
                 // TODO: Show it to the user
                 return "keine Ver&auml;nderungen!!";
             }
         } else {
             // it dosen't
             // TODO: Show it to the user
             return "error2!!";
         }
     } else {
         //restore the old version if $change is given
         $change = GetPostOrGet('change');
         $sure = GetPostOrGet('sure');
         if (is_numeric($change)) {
             //load old version
             //load actual version
             $sql = "SELECT struct.*, text.*\r\n\t\t\t\t\t\tFROM ( " . DB_PREFIX . "pages struct\r\n\t\t\t\t\t\tLEFT JOIN " . DB_PREFIX . "pages_text text ON text.page_id = struct.page_id )\r\n\t\t\t\t\t\tWHERE struct.page_id='{$page_id}' AND struct.page_type='text'";
             $actual_result = db_result($sql);
             $sql = "SELECT *\r\n\t\t\t\t\t\tFROM (" . DB_PREFIX . "pages_history page\r\n\t\t\t\t\t\tLEFT JOIN " . DB_PREFIX . "pages_text_history text ON text.page_id = page.id ) \r\n\t\t\t\t\t\tWHERE page.page_id={$page_id}\r\n\t\t\t\t\t\tORDER BY  page.page_date ASC\r\n\t\t\t\t\t\tLIMIT " . ($change - 1) . ",1";
             $old_result = db_result($sql);
             if (($old = mysql_fetch_object($old_result)) && ($actual = mysql_fetch_object($actual_result))) {
                 if ($sure == 1) {
                     $sql = "INSERT INTO " . DB_PREFIX . "pages_history (page_id, page_type, page_name, page_title, page_parent_id, page_lang, page_creator, page_date, page_edit_comment)\r\n\t\t\t\t\t\t\t\tVALUES({$actual->page_id}, '{$actual->page_type}', '{$actual->page_name}', '{$actual->page_title}', {$actual->page_parent_id}, '{$actual->page_lang}', {$actual->page_creator}, {$actual->page_date}, '{$actual->page_edit_comment}')";
                     db_result($sql);
                     $lastid = mysql_insert_id();
                     $sql = "INSERT INTO " . DB_PREFIX . "pages_text_history (page_id, text_page_text)\r\n\t\t\t\t\t\t\t\tVALUES ({$lastid}, '{$actual->text_page_text}')";
                     db_result($sql);
                     $html = TextActions::ConvertToPreHTML($old->text_page_text);
                     $sql = "UPDATE " . DB_PREFIX . "pages_text\r\n\t\t\t\t\t\t\t\tSET text_page_text='{$old->text_page_text}', text_page_html='{$html}'\r\n\t\t\t\t\t\t\t\tWHERE page_id='{$page_id}'";
                     db_result($sql);
                     $page_edit_comment = sprintf($admin_lang['restored_from_version'], $change);
                     $sql = "UPDATE " . DB_PREFIX . "pages\r\n\t\t\t\t\t\t\t\tSET page_creator={$user->ID}, page_date=" . mktime() . ", page_title='{$old->page_title}', page_edit_comment='{$page_edit_comment}'\r\n\t\t\t\t\t\t\t\tWHERE page_id={$page_id}";
                     db_result($sql);
                     header("Location: admin.php?page=pagestructure");
                 } else {
                     $out = '';
                     $out .= "M&ouml;chten Sie diesen Text:<pre class=\"code\">{$actual->text_page_text}</pre>wirklich durch diesen Text:<pre class=\"code\">{$old->text_page_text}</pre>ersetzen?<br />\r\n\t\t\t\t\t\t\t\t<a href=\"admin.php?page=pagestructure&amp;action=savePage&amp;pageID={$page_id}&amp;change={$change}&amp;sure=1\" class=\"button\">" . $admin_lang['yes'] . "</a>\r\n\t\t \t\t\t\t\t\t<a href=\"admin.php?page=pagestructure&amp;action=pageInfo&amp;pageID={$page_id}\" class=\"button\">" . $admin_lang['no'] . "</a>";
                     return $out;
                 }
             }
         }
         // TODO: Manage Errors and show them to the user
         return "error!!";
     }
 }