/** * @param $type * @param $user_id * @return array */ public function read_files_by_type_owner($type, $user_id, $limit = '') { check_int($user_id, 'user_id'); check_string($type, 'type'); $sql = "SELECT\n user_files.id AS user_files_id,\n user_file_types.name type,\n files.name file_name,\n files.date_added,\n files.id files_id\n\n FROM user_files\n INNER JOIN user_file_states ON user_file_states.id = user_files.user_file_states_id\n INNER JOIN user_file_types ON user_file_types.id = user_files.user_file_types_id\n INNER JOIN files ON files.id = user_files.files_id\n INNER JOIN users ON users.id = user_files.users_id\n WHERE users.id = {$user_id} AND user_file_types.name = '{$type}'\n ORDER BY files.date_added DESC\n " . ((int) $limit > 0 ? "LIMIT {$limit}" : "") . "\n ;"; return $this->common($sql); }
function nick() { $reg_mb_nick = $this->input->post('reg_mb_nick'); $TRUE = $FALSE = FALSE; // 별명은 한글, 영문, 숫자만 가능 $this->load->helper('chkstr'); if (!check_string($reg_mb_nick, _RT_HANGUL_ + _RT_ALPHABETIC_ + _RT_NUMERIC_)) { $FALSE = '별명은 공백없이 한글, 영문, 숫자만 입력 가능합니다.'; } else { if (strlen($reg_mb_nick) < 4) { $FALSE = '한글 2글자, 영문 4글자 이상 입력 가능합니다.'; } else { $row = $this->Register_model->is('mb_nick', $reg_mb_nick); if ($row != 0) { $FALSE = '이미 존재하는 별명입니다.'; } else { if (preg_match("/[\\,]?" . $reg_mb_nick . "/i", $this->config->item('cf_prohibit_id'))) { $FALSE = '예약어로 사용할 수 없는 별명 입니다.'; } else { $TRUE = '사용하셔도 좋은 별명 입니다.'; } } } } if ($TRUE) { echo '<span class="text-success">' . $TRUE . '</span>'; } else { if ($FALSE) { echo '<span class="text-danger">' . $FALSE . '</span>'; } } }
/** * @param $id * @param $field * @param $value * @param $table * @return array */ public function update_field($id, $field, $value, $table) { check_int($id, 'id'); check_string($field, 'field'); check_string($value, 'value'); check_string($table, 'table'); $sql = "UPDATE `{$table}` SET `{$field}` = " . $this->db->escape($value) . " WHERE id = " . $this->db->escape($id) . ";"; return $this->common($sql); }
function isAuthorized() { global $db, $CNF; session_start(); $cookie_id = check_string($_COOKIE["user_id"], "digits"); $cookie_hash = check_string($_COOKIE["hash"], "string"); if (isset($cookie_id) and isset($cookie_hash)) { $db = new DBLayer($CNF["db_host"], $CNF["db_user"], $CNF["db_pass"], $CNF["db_name"]); $db->query("SET NAMES utf8"); $query_auth = $db->query("SELECT `uid`,`login`,`lastname`,`firstname`,`settings` FROM users WHERE `gid`=1 AND `uid`='{$cookie_id}' AND `pass_hash`='{$cookie_hash}'"); if ($db->num_rows($query_auth) == 1) { $auth = $db->fetch_assoc($query_auth); return $auth; } } return false; }
<?php require 'conf.php'; require 'subs.php'; session_start(); // -- begin ENV -- // $name = empty($_POST['name']) ? '' : check_string($_POST['name'], 'string'); // Login $msg_class = empty($_POST['msg_class']) ? '' : $_POST['msg_class']; // Класс сообщения (failed или success) $msg = empty($_POST['msg']) ? '' : $_POST['msg']; // Сообщения // -- end ENV -- // // ----- BEGIN ----- // if (!isset($_POST['stage'])) { include './forms/login.html'; /*Форма для ввода имени и пароля*/ } else { if ($_POST['stage'] == 'Go') { $admin_login = get_data_from_db(array("0" => "SELECT id,login,fio,email,permission FROM admins WHERE login='******' and pass='******'pass']) . "'")); if ($admin_login[0] != '' and count($admin_login[0]) == 1) { $_SESSION['valid'] = true; $_SESSION['admin_id'] = $admin_login[0][0]['id']; $_SESSION['admin'] = $admin_login[0][0]['login']; $_SESSION['admin_fio'] = $admin_login[0][0]['fio']; $_SESSION['admin_email'] = $admin_login[0][0]['email']; $_SESSION['permission'] = $admin_login[0][0]['permission']; unset($_POST['name'], $_POST['pass'], $_POST['stage']); header("Location: index2.php"); } else { $msg_class = 'failed';
<?php session_start(); ob_start(); include 'db.inc.php'; include 'functions.php'; $action = $_POST['action']; if ($action == "addfeedback") { $url = "personal_trainings.php"; $error_msg = ""; $registration_id = $_SESSION['registration_id']; $trainer_registraion_id = $_POST['trainer_registraion_id']; $post_date = date('Y-m-d h:i:s'); $feed_description = check_string($_POST['feed_description']); if ($feed_description == 1) { $error_msg .= "<li>Enter Some Description</li>"; } else { $feed_description = $_POST['feed_description']; } if ($error_msg == "") { $check = $conn->query("select * from master_feedback where trainer_id='{$trainer_registraion_id}' and registration_id='{$registration_id}'"); $checkrows = $check->num_rows; if ($checkrows > 0) { $error_msg .= "Feedback is Alredy given"; } else { if ($conn->query("insert into master_feedback set registration_id='{$registration_id}',trainer_id='{$trainer_registraion_id}',feed_description='{$feed_description}',status='1',post_date='{$post_date}'") == TRUE) { $error_msg = "success"; } else { $error_msg = ""; $url = "error.php"; }
$level = is_null($level) ? 'testsuite' : $level; break; } } $args->action = $action; $smarty->assign('level', $level); $smarty->assign('page_title', lang_get('container_title_' . $level)); if ($init_opt_transfer) { $opt_cfg = initializeOptionTransfer($tproject_mgr, $tsuite_mgr, $args, $action); } // create web editor objects list($oWebEditor, $webEditorHtmlNames, $webEditorTemplateKey) = initWebEditors($action, $level, $editorCfg); if ($get_c_data) { $name_ok = 1; $c_data = getValuesFromPost($webEditorHtmlNames); if ($name_ok && !check_string($c_data['container_name'], $g_ereg_forbidden)) { $msg = $l18n['string_contains_bad_chars']; $name_ok = 0; } if ($name_ok && $c_data['container_name'] == "") { $msg = $l18n['warning_empty_testsuite_name']; $name_ok = 0; } } switch ($action) { case 'fileUpload': switch ($level) { case 'testsuite': fileUploadManagement($db, $args->testsuiteID, $args->fileTitle, $tsuite_mgr->getAttachmentTableName()); $gui = initializeGui($tsuite_mgr, $args->testsuiteID, $args, $l18n); $gui->refreshTree = 0;
//$str = "\$mb_id = trim(strip_tags(mysql_real_escape_string(\$_POST[mb_id]))); $str = "if (preg_match(\"/[^0-9a-z_]+/i\", \$mb_id)) {\n alert(\"회원아이디는 영문자, 숫자, _ 만 사용할수 있습니다.\");\n}"; $file = str_replace("<?php", "", $file); $file = str_replace("<?", "", $file); $file = str_replace("?" . ">", "", $file); $file = str_replace($str, "", $file); //g5 $str = 'if ($msg = valid_mb_id($mb_id))'; $file = str_replace($str, "//", $file); $str = <<<HEREDOC echo " <html><title>회원정보수정</title><meta http-equiv='Content-Type' content='text/html; charset=\$g4[charset]'></html><body> <form name='fregisterupdate' method='post' action='{\$https_url}/register_form.php'> <input type='hidden' name='w' value='u'> <input type='hidden' name='mb_id' value='{\$mb_id}'> <input type='hidden' name='mb_password' value='{\$tmp_password}'> <input type='hidden' name='is_update' value='1'> </form> <script type='text/javascript'> alert('회원 정보가 수정 되었습니다.'); document.fregisterupdate.submit(); </script> </body> </html>"; HEREDOC; $file = str_replace($str, "alert('회원정보가 수정되었습니다.', \$g4[path]);", $file); if (!check_string($member['mb_name'], _G4_HANGUL_)) { $file = str_replace("set mb_nick", "set mb_name = '\$mb_name', mb_nick", $file); } eval($file); exit;
function mysql_update_query($table, $rsnew, $id_key) { $upd_query = "UPDATE {$table} SET "; $flag = false; $updates_value = array(); foreach ($rsnew as $key => $value) { /* echo "<br><br>analisi campo $key"; echo "<br>vecchio valore ".$rsold->fields($key); echo "<br>nuovo valore ".$updates[$key];*/ //se è il campo id vado al campo successivo if ($key == $id_key) { continue; } if ($value == 'NOW()') { $newvalue = $value; } elseif ($value == 'null') { $newvalue = 'null'; } else { $newvalue = "'" . check_string($value) . "'"; } $updates_value[] = " {$key} = {$newvalue} "; } return $upd_query . " " . implode(',', $updates_value) . " WHERE {$id_key} = '" . $rsnew[$id_key] . "'; "; }
<?php #---------------------------------------------# # ********* RotorCMS ********* # # Author : Vantuz # # Email : visavi.net@mail.ru # # Site : http://visavi.net # # ICQ : 36-44-66 # # Skype : vantuzilla # #---------------------------------------------# require_once 'includes/start.php'; require_once 'includes/functions.php'; require_once 'includes/header.php'; $act = isset($_GET['act']) ? check($_GET['act']) : 'index'; $domain = check_string($config['home']); switch ($act) { ############################################################################################ ## Авторизация ## ############################################################################################ case 'index': $login = isset($_REQUEST['login']) ? check(utf_lower($_REQUEST['login'])) : ''; $pass = isset($_REQUEST['pass']) ? md5(md5(trim($_REQUEST['pass']))) : ''; if (!empty($_POST['cookietrue']) || !empty($_GET['login'])) { $cookietrue = 1; } if (!empty($login) && !empty($pass)) { $udata = DB::run()->queryFetch("SELECT `users_login`, `users_pass` FROM `users` WHERE LOWER(`users_login`)=? OR LOWER(`users_nickname`)=? LIMIT 1;", array($login, $login)); if (!empty($udata)) { if ($pass == $udata['users_pass']) { if (!empty($cookietrue)) { setcookie('cooklog', $udata['users_login'], time() + 3600 * 24 * 365, '/', $domain);
if ($_FILES['upload_cv']['name'] != "") { $upload_cv = uploadFile($file_name, $file_temp, $file_type, $file_size, "cv"); if (preg_match("<li>", $upload_cv)) { $error_msg .= $upload_cv; } } else { if ($check_upload_cv != '') { $upload_cv = $check_upload_cv; } else { $error_msg .= "<li>Please Upload your CV</li>"; } } } else { $upload_cv = ""; } $preffered_location_flag = check_string($_POST['preffered_location']); if ($preffered_location_flag == 1) { $error_msg .= "<li>Please enter valid location</li>"; } else { $preffered_location = $_POST['preffered_location']; } $brief_profile_flag = $_POST['brief_profile']; if ($brief_profile_flag == "") { $error_msg .= "<li>Please enter valid text in your profile</li>"; } else { $brief_profile = $_POST['brief_profile']; } $brief_profile = ereg_replace("\n", "<br/>", $_POST['brief_profile']); $keyword_skill_flag = $_POST['keyword_skill']; if ($keyword_skill_flag == "") { $error_msg .= "<li>Please enter valid text in your keyword</li>";
$rating = check_string($_REQUEST['rating'], 'digits'); $result = rateTicket($admin_login["uid"], $ticket, $rating); break; case "changeTicketStatus": $ticket = check_string($_REQUEST['ticket'], 'digits'); $status = check_string($_REQUEST['status'], 'digits'); $result = changeTicketStatus($admin_login["uid"], $ticket, $status); break; case 'reloadComments': require_once "../vendor/autoload.php"; Twig_Autoloader::register(); $loader = new Twig_Loader_Filesystem("../templates/helpdesk"); $twig = new Twig_Environment($loader, array("cache" => "")); $c['users'] = getUsers(); $c['uid'] = $admin_id; $ticket_id = check_string($_REQUEST['ticket_id'], 'digits'); $hide_autocomments = check_string($_REQUEST['hide_autocomments'], 'text'); $c['ticket']['comments'] = getTicketComments($ticket_id); $template = $hide_autocomments == 0 ? 'ticket_edit_comments.twig' : 'client/ticket_view_comments.twig'; $result['comments_block'] = $twig->render($template, $c); $result['success'] = true; unset($result['msg']); break; } } /* Возвращаем результат также в виде JSON-объекта. * В случае безошибочного получения результата, * Делаем $result['success'] = true; * Остальные параметры - опциональные * */ print_r(json_encode($result));
$company_contact_email = $_POST['company_contact_email']; } $comapny_landline = $_REQUEST['comapny_landline']; $address1_flag = check_string($_REQUEST['address1']); if ($address1_flag == 1) { $error_msg .= "<li>Enter valid address1</li>"; } else { $address1 = $_REQUEST['address1']; } $address2_flag = check_string($_REQUEST['address2']); if ($address2_flag == 1) { $error_msg .= "<li>Enter valid address2</li>"; } else { $address2 = $_REQUEST['address2']; } $address3 = $_POST['address3']; $pincode_flag = check_string($_REQUEST['pincode']); if ($pincode_flag == 1) { $error_msg .= "<li>Enter valid pincode</li>"; } else { $pincode = $_REQUEST['pincode']; } if ($error_msg == "") { if ($conn->query("update job_profile set fname='{$fname}',company_name='{$company_name}',company_profile='{$company_profile}',company_contact_email='{$company_contact_email}',comapny_landline='{$comapny_landline}',address1='{$address1}',address2='{$address2}',address3='{$address3}',pincode='{$pincode}' where registration_id='{$registration_id}'") == TRUE) { $error_msg = "success"; } else { $url = "error.php"; $error_msg = ""; } } echo json_encode(array('url' => $url, 'error_msg' => $error_msg));
$form_admin = empty($_POST['form_admin']) ? '' : check_string($_POST['form_admin'], 'string'); // Логин админа с формы $form_permission_id = empty($_POST['form_permission_id']) ? '' : check_string($_POST['form_permission_id'], 'digits'); // Права доступа админа (группа) с формы if (isset($_POST['form_admin_email']) and $_POST['form_admin_email'] != '') { if (check_string($_POST['form_admin_email'], 'email')) { $form_admin_email = $_POST['form_admin_email']; } else { $form_admin_email = ''; } } else { $form_admin_email = ''; } $form_admin_pass = empty($_POST['form_admin_pass']) ? '' : $_POST['form_admin_pass']; // Пароль админа с формы $action = empty($_REQUEST['action']) ? '' : check_string($_REQUEST['action'], 'string'); // Действие //$msg_class = empty($_POST['msg_class']) ? '' : $_POST['msg_class']; // Класс сообщения (failed или success) $page_name = 'Личный кабинет: ' . $admin_fio; // -- end ENV -- // // ----- BEGIN ----- // switch ($action) { case 'cabinet_edit': //Проверка введённых данных if (strlen($form_admin_fio) > 3 and strlen($form_admin) > 3 and $form_permission_id != '' and $form_admin_email != '') { if ($permission_id == 1) { if ($form_admin_pass != '') { $query_cabinet_edit = "UPDATE admins SET login='******',fio='" . $form_admin_fio . "',pass='******',email='" . $form_admin_email . "',permission=" . $form_permission_id . " WHERE id=" . $admin_id; } else { // Иначе пароль не указан, пароль не менять $query_cabinet_edit = "UPDATE admins SET login='******',fio='" . $form_admin_fio . "',email='" . $form_admin_email . "',permission=" . $form_permission_id . " WHERE id=" . $admin_id;
if ($permissions["bills"] == 'deny') { unset($TITLE["bills"]); } if ($permissions["users"] == 'deny') { unset($TITLE["users"]); } $c['sections'] = $TITLE; $c['dir'] = "helpdesk/reports"; $c['admin_fio'] = $c["lastname"] . " " . $c["firstname"]; $c['notify'] = getBurnedCounts($c["uid"]); $admins = getAdmins(true); $performer = isset($_REQUEST["performer"]) ? check_string($_REQUEST["performer"], "digits") : null; $p = isset($performer) ? array($admins[$performer]['uid'] => $admins[$performer]) : $admins; // print_r($p); $month = (int) (isset($_REQUEST["m"]) ? check_string($_REQUEST["m"], "digits") : date("m")); $year = isset($_REQUEST["y"]) ? check_string($_REQUEST["y"], "digits") : date("Y"); $days = date("t", strtotime("{$year}-{$month}-1")); if ($month > 0) { $dates = "{$year}-{$month}-1,{$year}-{$month}-{$days} 23:59:59"; } else { $dates = "{$year}-1-1,{$year}-12-31 23:59:59"; } $c["performer"] = $performer; $c["MONTHS"] = $MONTHS; $c["MONTHS"][0] = "весь год"; $c["month"] = $month; $c["year"] = $year; $c["dates"] = $dates; foreach ($p as $admin) { $uid = $admin['uid']; $p[$uid]['filter_opened'] = '{"performers":"@' . $uid . '@","dates":"' . $dates . '"}';
// Разбитая дата: Array ( [0] => day [1] => month [2] => year ) for ($i = 2; $i >= 0; $i--) { @($birthday .= $date_expl[$i]); } // Дата в SQL-формате: yearmonthday } else { $msg = 'Дата рождения не верна!'; $msg_class = 'failed'; $birthday = '00000000'; } // - Переменные модулей: $mod_(modulename)_(varname) $mod_ad_login = empty($_POST['mod_ad_login']) ? '' : check_string($_POST['mod_ad_login'], 'string'); // Имя пользователя в АД (pkobzev) $mod_ad_passwd = empty($_POST['mod_ad_passwd']) ? '' : check_string($_POST['mod_ad_passwd'], 'string'); $mod_aexpres_login = empty($_POST['mod_aexpres_login']) ? '' : check_string($_POST['mod_aexpres_login'], 'string'); $mod_mail_login = empty($_POST['mod_mail_login']) ? '' : check_string($_POST['mod_mail_login'], 'email'); // - unset($sprav_data, $areaArray, $postArray, $gildArray, $date_expl); // Удаление временных переменных // -- end ENV -- // // ----- BEGIN ----- // switch ($action) { case 'add': if ($stage == 'save') { $query_add = "INSERT INTO users(date_add,fio1,fio2,fio3,birthday,photo,post_id,area_id,gild_id,status,comment,admin_add_id) VALUES (NOW(),'" . $fio1 . "','" . $fio2 . "','" . $fio3 . "'," . $birthday . ",'" . $photoname . "'," . $post_id . "," . $area_id . "," . $gild_id . ",1,'" . $comment . "',(SELECT id from admins WHERE login='******'))"; if (write_data_to_db($query_add, 'insert')) { $msg = 'Заявка отправлена'; $msg_class = 'success'; $msg_mail = "Сотрудник " . $fio1 . ' ' . $fio2 . ' ' . $fio3 . " принят на должность " . $posts[$post_id] . " с " . date('d.m.Y') . "г." . $cfg_mail_sign; mail_send($cfg_mailto, "Новый сотрудник: " . $fio1 . " " . $fio2 . " " . $fio3, $msg_mail); } else {
/** * Checks a test project name for sintax correctness * * @param string $name the name to check * @return map with keys: status_ok, msg **/ function checkNameSintax($name) { $forbidden_pattern = config_get('ereg_forbidden'); $ret['status_ok'] = 1; $ret['msg'] = 'ok'; if ($name == "") { $ret['msg'] = lang_get('info_product_name_empty'); $ret['status_ok'] = 0; } if ($ret['status_ok'] && !check_string($name, $forbidden_pattern)) { $ret['msg'] = lang_get('string_contains_bad_chars'); $ret['status_ok'] = 0; } return $ret; }
function init_args(&$treeMgr) { $args = new stdClass(); $_REQUEST = strings_stripSlashes($_REQUEST); $args->containerType = isset($_REQUEST['containerType']) ? $_REQUEST['containerType'] : 'testsuite'; $args->details = isset($_REQUEST['details']) ? $_REQUEST['details'] : ''; $args->midAirCollisionTimeStamp = isset($_REQUEST['midAirCollisionTimeStamp']) ? $_REQUEST['midAirCollisionTimeStamp'] : ''; $args->userID = $_SESSION['userID']; $args->userObj = $_SESSION['currentUser']; $args->tproject_name = ''; $args->tproject_id = isset($_REQUEST['tproject_id']) ? intval($_REQUEST['tproject_id']) : 0; if ($args->tproject_id) { $dummy = $treeMgr->get_node_hierarchy_info($args->tproject_id); $args->tproject_name = $dummy['name']; } $args->refreshTree = testproject::getUserChoice($args->tproject_id, array('tcaseTreeRefreshOnAction', 'edit_mode')); $keys2loop = array('nodes_order' => null, 'tcaseSet' => null, 'target_position' => 'bottom', 'doAction' => ''); foreach ($keys2loop as $key => $value) { $args->{$key} = isset($_REQUEST[$key]) ? $_REQUEST[$key] : $value; } $args->tsuite_name = isset($_REQUEST['testsuiteName']) ? $_REQUEST['testsuiteName'] : null; $args->bSure = isset($_REQUEST['sure']) && $_REQUEST['sure'] == 'yes'; $args->assigned_keyword_list = isset($_REQUEST['assigned_keyword_list']) ? $_REQUEST['assigned_keyword_list'] : ""; // integer values $keys2loop = array('testsuiteID' => null, 'containerID' => null, 'objectID' => null, 'copyKeywords' => 0); foreach ($keys2loop as $key => $value) { $args->{$key} = isset($_REQUEST[$key]) ? intval($_REQUEST[$key]) : $value; } // hmmm IMHO depends on action // Would like to remove if (is_null($args->containerID)) { $args->containerID = $args->tproject_id; } if (isset($_REQUEST['container_name'])) { $args->nameIsOK = true; $args->msg = ''; $args->container_name = $args->name = trim($_REQUEST['container_name']); if (!check_string($args->container_name, config_get('ereg_forbidden'))) { $args->msg = lang_get('string_contains_bad_chars'); $args->nameIsOK = false; } if ($args->nameIsOK && $args->container_name == '') { $args->msg = lang_get('warning_empty_com_name'); $args->nameIsOK = false; } } return $args; }
function valid_mb_name($mb_name) { if (!check_string($mb_name, G5_HANGUL)) { return "이름은 공백없이 한글만 입력 가능합니다."; } else { return ""; } }
$config['themes'] = 'default'; } if ($config['nickname'] == '' && file_exists(BASEDIR . 'INSTALL.php') && !strstr($php_self, 'INSTALL.php')) { header('Location: ' . BASEDIR . 'INSTALL.php?' . SID); exit; } if ($config['closedsite'] == 1 && !strstr($php_self, 'pages/closed.php') && !strstr($php_self, 'input.php') && $log != $config['nickname']) { header('Location: ' . $config['home'] . '/pages/closed.php?' . SID); exit; } $header_title = ''; ############################################################################################ ## Кто-откуда ## ############################################################################################ if ($http_referer != 'Не определено') { $checkref = check_string($http_referer); if ($checkref != $config['servername']) { if (preg_match('#^([a-z0-9_\\-\\.])+(\\.([a-z0-9\\/])+)+$#', $checkref)) { $refstring = search_string(DATADIR . 'referer.dat', $checkref, 0); if ($refstring) { $textref = no_br($checkref . '|' . ($refstring[1] + 1) . '|' . SITETIME . '|' . $ip . '|'); replace_lines(DATADIR . 'referer.dat', $refstring['line'], $textref); } else { $textref = no_br($checkref . '|1|' . SITETIME . '|' . $ip . '|'); write_files(DATADIR . 'referer.dat', $textref . "\r\n"); } $refcount = counter_string(DATADIR . 'referer.dat'); if ($refcount >= $config['referer']) { delete_lines(DATADIR . 'referer.dat', array(0, 1)); } }
$mh_reply = preg_replace('#[^0-9\\-]#', '', trim($mh_reply)); $mh_message = clean_xss_tags(trim($mh_message)); if (!$mh_reply) { alert('보내는 번호를 입력해주세요.'); } if (!$mh_message) { alert('메세지를 입력해주세요.'); } if ($is_admin != 'super') { $mh_reply = get_hp($mh_reply, 0); if (!$mh_reply) { alert("보내는 번호가 올바르지 않습니다."); } } else { $mh_reply = str_replace("-", "", $mh_reply); if (!check_string($mh_reply, G5_NUMERIC)) { alert("보내는 번호가 올바르지 않습니다."); } } $mh_hp = explode(',', $mh_hp); if ($mb_id) { $mb = get_member($mb_id); if (!$mb['mb_sms'] || !$mb['mb_open']) { alert("정보를 공개하지 않았습니다."); } if ($mb['mb_hp']) { array_push($mh_hp, $mb['mb_hp']); } } if (!count($mh_hp)) { alert('받는 번호를 입력해주세요.');
function mb_nick_check($str) { if (!check_string($str, _RT_HANGUL_ + _RT_ALPHABETIC_ + _RT_NUMERIC_)) { $this->form_validation->set_message('mb_nick_check', '별명은 공백없이 한글, 영문, 숫자만 입력 가능합니다.'); return FALSE; } if (preg_match("/[\\,]?" . $str . "/i", $this->config->item('cf_prohibit_id'))) { $this->form_validation->set_message('mb_nick_check', $str . ' 은(는) 예약어로 사용하실 수 없는 별명입니다.'); return FALSE; } if (!$this->input->post('w') || $this->input->post('mb_nick_default') != $this->input->post('mb_nick')) { $row = $this->Register_model->is('mb_nick', $str); if ($row != 0) { $this->form_validation->set_message('mb_nick_check', $str . ' 은(는) 이미 다른분이 사용중인 별명이므로 사용이 불가합니다.'); return FALSE; } } return TRUE; }
/** * @param $users_id * @param $data * @return array */ public function update_user_work_experience($users_id, $data) { $id = $data['id']; check_int($id, 'id'); check_int($users_id, 'users_id'); foreach ($data as $index => $value) { if ($value === 'users_id') { check_int($value, $index); } elseif (in_array($index, array('users_id', 'position', 'year_from', 'month_from', 'company')) === true) { check_string($value, $index); } } $date_from = date('Y-m-d', strtotime($data['year_from'] . ' ' . $data['month_from'])); $date_to = date('Y-m-d', strtotime($data['year_to'] . ' ' . $data['month_to'])); $data['monthly_salary'] = ''; $data['is_present'] = 0; if ($data['month_to'] === 'Present') { $data['is_present'] = 1; $date_to = ''; } $sql = "UPDATE user_work_experieces\n SET\n position = " . $this->db->escape($data['position']) . ",\n date_from = " . $this->db->escape($date_from) . ",\n " . (strlen($date_to) > 0 ? "date_to = " . $this->db->escape($date_to) . "," : "") . "\n is_present = " . $this->db->escape($data['is_present']) . ",\n monthly_salary = " . $this->db->escape($data['monthly_salary']) . ",\n company = " . $this->db->escape($data['company']) . ",\n description = " . $this->db->escape($data['description']) . "\n WHERE id = {$id} AND users_id = {$users_id}\n "; return $this->common($sql); }
// id-картриджа $model = isset($_REQUEST["model"]) ? check_string($_REQUEST["model"], "digits") : 0; // Модель картриджи $full = isset($_REQUEST["full"]) ? check_string($_REQUEST["full"], "digits") : null; // Кол-во полных картриджей $use = isset($_REQUEST["use"]) ? check_string($_REQUEST["use"], "digits") : null; // Кол-во картриджей в работе $comment = isset($_REQUEST["comment"]) ? check_string($_REQUEST["comment"], "text") : null; // Комментарий к картриджам $find_text = isset($_REQUEST["find_text"]) ? check_string($_REQUEST["find_text"], "text") : null; // Текст для поиска $msg_class = isset($_REQUEST["msg_class"]) ? check_string($_REQUEST["msg_class"], "text") : null; // Класс сообщения $msg = isset($_REQUEST["msg"]) ? check_string($_REQUEST["msg"], "text") : null; // Сообщения $page_num = isset($_REQUEST["page_num"]) ? check_string($_REQUEST["page_num"], "digits") : 0; // Номер страницы $notifies = getBurnedCounts($admin_login["uid"]); // $order_by = isset($_SESSION["order_by"]) ? "ORDER BY ".$_SESSION["order_by"] : "ORDER BY `id`";// Настройка сортировки // Фильтр для использования в SQL-запросах: $filter_sql = " WHERE `deleted` != 1 "; $filter_sql .= $area != 0 ? " AND `area`={$area}" : ""; $filter_sql .= $model != 0 ? " AND `model`={$model}" : ""; // Фильтр для использования c GET-параметрами: $filter = $area != 0 ? "&area={$area}" : "&area=0"; $filter .= $model != 0 ? "&model={$model}" : "&model=0"; // Заполнение селекторов территорий, отделов и должностей $query_models = $db->query("SELECT `id`, `name`, `cartridge4u_id`,\r\n (select count(*) from supply where `model` = supply_models.`id` and `use` > 0) as `count`\r\n FROM supply_models\r\n WHERE `deleted` is null ORDER BY `name`"); while ($models_res = $db->fetch_row($query_models)) { $models[$models_res[0]] = $models_res[1]; $cartridge4u_id[$models_res[0]] = $models_res[2];
$TPm = str_replace('[max_len]', $config['max_pm_len'], $TPm); } else { // usereingaben checken --------------------------- $err_mess = ''; $r_user = db_query("SELECT \n\t\t user_id,\n\t\t user_name,\n\t\t\t user_mail,\n\t\t\t pm_count,\n\t\t\t groupids\n\t\t FROM " . $pref . "user WHERE user_name='" . addslashes($username) . "'"); if (db_rows($r_user) != 1) { $err_mess .= 'Es ist kein User mit diesem Namen registriert.'; } else { $user = db_result($r_user); if ($user['user_id'] == U_ID) { $err_mess .= 'Du kannst keine Nachricht an Dich selbst senden.'; } if ($art == 1 && ($user['user_mail'] == '' || $config['mail_func'] == 0)) { $err_mess .= ($err_mess == '' ? '' : '<br />') . 'Ein Versand per E-Mail ist leider nicht möglich.'; } $err_mess .= ($err_mess == '' ? '' : '<br />') . check_string($topic, 1); if (strlen($text) < 3) { $err_mess .= ($err_mess == '' ? '' : '<br />') . 'Der Text ist zu kurz.'; } if (strlen($text) > $config['max_pm_len']) { $err_mess .= ($err_mess == '' ? '' : '<br />') . 'Der Text ist zu lang.'; } if ($user['pm_count'] == $config['max_pm_count']) { $P = globalPermissions($user['groupids']); if ($P[19] == 0) { $err_mess .= ($err_mess == '' ? '' : '<br />') . 'Die PMbox des Empfängers ist leider voll.'; db_query("UPDATE " . $pref . "user SET\n\t\t\t\t\t pm_overflow='1'\n\t\t\t\t\t WHERE user_id='{$user['user_id']}'"); } } } if ($err_mess != '') {
<?php /* * index.php * general page * */ ini_set('display_errors', 1); error_reporting(E_ALL ^ E_NOTICE); session_start(); require 'subs.php'; require 'conf.inc.php'; require "lib/dblayer.php"; require_once 'vendor/autoload.php'; // Twig инициализация $loader = new Twig_Loader_Filesystem('templates'); // Twig папка с шаблонами $twig = new Twig_Environment($loader, array('cache' => '')); // Twig no cache $stage = isset($_REQUEST['stage']) ? check_string($_REQUEST['stage'], 'string') : null; // Стадия if (isset($_SESSION['valid']) and $_SESSION['valid'] == true) { // -- vars -- Установка, проверка переменных и введённых данных $admin_fio = $_SESSION['admin_fio']; // -- end vars // --------- НАЧАЛО ------------------------------------ // echo $twig->render('base.html', array('dir' => basename(__DIR__), 'title' => 'Главная страница', 'admin_fio' => $admin_fio, 'section' => basename(__DIR__) == 'www' ? '' : basename(__DIR__), 'sections' => array('' => 'Главная', 'bills' => 'Счета', 'users' => 'Пользователи', 'supply' => 'Расходники'))); // --------- КОНЕЦ ------------------------------------- // } else { header('Location: http://' . $_SERVER['HTTP_HOST'] . '/auth.php'); }
} if (!$mb_email) { alert('E-mail 이 넘어오지 않았습니다.'); } if (preg_match("/[\\,]?{$mb_id}/i", $config['cf_prohibit_id'])) { alert("\\'{$mb_id}\\' 은(는) 예약어로 사용하실 수 없는 회원아이디입니다."); } if (preg_match("/[\\,]?{$mb_nick}/i", $config['cf_prohibit_id'])) { alert("\\'{$mb_nick}\\' 은(는) 예약어로 사용하실 수 없는 별명입니다."); } // 이름은 한글만 가능 if (!check_string($mb_name, _G4_HANGUL_)) { alert('이름은 공백없이 한글만 입력 가능합니다.'); } // 별명은 한글, 영문, 숫자만 가능 if (!check_string($mb_nick, _G4_HANGUL_ + _G4_ALPHABETIC_ + _G4_NUMERIC_)) { alert('별명은 공백없이 한글, 영문, 숫자만 입력 가능합니다.'); } if ($w == '') { if (strtolower($mb_id) == strtolower($mb_recommend)) { alert('본인을 추천할 수 없습니다.'); } $sql = " select count(*) as cnt from {$g4['member_table']} where mb_nick = '{$mb_nick}' "; $row = sql_fetch($sql); if ($row['cnt']) { alert("\\'{$mb_nick}\\' 은(는) 이미 다른분이 사용중인 별명이므로 사용이 불가합니다."); } $sql = " select count(*) as cnt from {$g4['member_table']} where mb_email = '{$mb_email}' "; $row = sql_fetch($sql); if ($row['cnt']) { alert("\\'{$mb_email}\\' 은(는) 이미 다른분이 사용중인 E-mail이므로 사용이 불가합니다.");
$new['user_id'] = $post['user_id']; $new['guest_name'] = $post['guest_name']; $new['text'] = $post['post_text']; $new['topic'] = $thread['thread_topic']; $data['boardtable'] = editForm($new, $boardid, $threadid, $postid, $config['mail_func'], $config['smilies'], 1); } else { $new['user_id'] = $post['user_id']; $data['boardtable'] = editForm($new, $boardid, $threadid, $postid, $config['mail_func'], $config['smilies'], $new['code']); } } else { // check entrys ----------------------- $err_mess = ''; if ($post['user_id'] == 0) { $err_mess = check_string($new['autor'], 0); } $err_mess = check_string($new['topic'], 1); if (strlen($text) < $config['min_post_len']) { $err_mess .= ($err_mess == '' ? '' : '<br />') . 'Der Text ist zu kurz.'; } if (strlen($text) > $config['max_post_len']) { $err_mess .= ($err_mess == '' ? '' : '<br />') . 'Der Text ist zu lang.'; } if ($err_mess != '') { $mess = '<form action="edit.php" method="post" name="sendback"> ' . $err_mess . ' <input type="hidden" name="boardid" value="' . $boardid . '" /> <input type="hidden" name="threadid" value="' . $threadid . '" /> <input type="hidden" name="postid" value="' . $postid . '" /> <input type="hidden" name="new[page]" value="' . $page . '" /> <input type="hidden" name="action" value="edit" /> <input type="hidden" name="back" value="1" />';
$create_dir = "upload/training_doc/" . $registration_id; if (!file_exists($create_dir)) { mkdir($create_dir, 0777); } $area_of_interest = $_POST['area_of_interest']; if ($area_of_interest == "") { $error_msg .= "<li>Please Select a category</li>"; } $description = $_POST['description']; if ($description == "") { $error_msg .= "<li>Enter Some Description</li>"; } else { $description = $_REQUEST['description']; } $description = ereg_replace("\n", "<br/>", $_POST['description']); $title = check_string($_POST['title']); if ($title == 1) { $error_msg .= "<li>Enter Title</li>"; } else { $title = $_REQUEST['title']; } $file_name = $_FILES['doc']['name']; $file_temp = $_FILES['doc']['tmp_name']; $file_type = $_FILES['doc']['type']; $file_size = $_FILES['doc']['size']; if ($_FILES['doc']['name'] != "") { $doc = uploadFile($file_name, $file_temp, $file_type, $file_size, "training_doc"); if (preg_match("<li>", $upload_cv)) { $error_msg .= $upload_cv; } } else {
<li>current lang: <?php _pass($ESPCONFIG['lang']); ?> </li> <li>available langs: <?php _pass(implode(', ', esp_getlocales())); ?> <br /> (<?php _pass(implode(', ', array_keys(esp_getlocale_map()))); ?> ) </li> <li>GNU Gettext test: <?php esp_setlocale('en_US'); check_string(_('%%%% Gettext Test Failed'), 'Passed'); ?> </li> <li>Catalog Open Test: <?php $ret = fopen($ESPCONFIG['locale_path'] . '/en_US/LC_MESSAGES/messages.mo', 'r'); check_bool($ret !== false, true); fclose($ret); ?> </li> </ul></td></tr> <tr><th>PHP Session Test</th></tr> <tr><td><ul> <li>session.save_path: <?php if (stristr(PHP_OS, 'win') && substr(ini_get('session.save_path'), 0, 1) == '/') { _fail(ini_get('session.save_path'));