function GetDNSsecRecordsFromDnsshop($domain, $type) { // DNS mysql database global $mysqli_dns; if (!isset($mysqli_dns) || empty($mysqli_dns)) { create_db_connection('mysqli_dns', 'dns'); } global $mysqli_dns; $sql = 'SELECT domains.id, domains.name, dnssec.type, dnssec.record FROM domains INNER JOIN dnssec ON (domains.id = dnssec.domainid) WHERE domains.name LIKE "' . $mysqli_dns->real_escape_string($domain) . '" AND dnssec.type LIKE "' . $mysqli_dns->real_escape_string($type) . '"'; $query = $mysqli_dns->query($sql); if (!isset($query) || empty($query) || $query->num_rows == "0") { return FALSE; } else { $num = 0; while ($row = $query->fetch_array(MYSQLI_ASSOC)) { $array[$num] = $row['record']; $num++; } if ($num === 0) { return FALSE; } else { return $array; } } }
function writeDbDeleteCheck($sql) { if (getUserConfig('dbsynchron') != "") { //check for delete items to play on sync if (substr($sql, 0, 12) == "delete from ") { $table = trim(strtok(substr($sql, 12), " ")); if ($table != "junk_items") { $where = strtok(" "); $where = strtok(""); $del = create_db_connection(); $del->openselect("select id from " . $table . " where " . $where); $delids = ""; while (!$del->eof()) { if ($delids != "") { $delids .= ","; } $delids .= $del->getvalue("id"); $del->movenext(); } $del = create_db_connection(); $del->addnew("junk_items"); $del->setvalue("fromtable", $table); $del->setvalue("delid", $delids); $del->setvalue("operation", 3); $del->update(); } } } }
function getNextNumberFromSql($sql, $field, $starting = '') { $newconn = create_db_connection(); $newconn->openselect(parseAndReplaceAll($sql)); $maxvalue = $starting; if (!$newconn->eof()) { $maxvalue = $newconn->getvalue($field); $newconn->close(); } return getNextNumber($maxvalue); }
<?php require_once 'lib/template_lib.php'; require_once 'lib/license_lib.php'; require_once 'lib/security_lib.php'; require_once 'lib/db_lib.php'; $serial_number = FALSE; $registration_key = FALSE; $db_conn = create_db_connection(); $serial_number = null; $registration_key = null; //verify the serial number and registration key don't contain any dangerous characters if (isset($_POST['serial_number'])) { if (validate_alphanumeric_pattern($_POST['serial_number'])) { $serial_number = $_POST['serial_number']; } } if (isset($_POST['registration_key'])) { if (validate_registration_key($_POST['registration_key'])) { $registration_key = $_POST['registration_key']; } } $result = false; if ($serial_number != null && $registration_key != null) { //test registration key decoding $result = DecodeRegistrationKey($serial_number, $registration_key); if ($result !== false) { $smarty->assign('serial_number', $result->serialNumber); $smarty->assign('registration_key', $result->registrationKey); if ($result->numberOfLicensesPurchased == 0) { $smarty->assign('license_count', 'site_license');
function makecontact_execute($action, $slot) { global $_POST; global $_GET; global $_CONFIG; require_once "config/db.php"; global $conn; global $_local_error; $_local_error = ""; global $_local_reloadform; $_local_reloadform = ""; global $render_current_slot; global $current_slots; //mark slot on execution stack $render_current_slot++; $current_slots[$render_current_slot] = $slot; if (getUserConfig("pageprotection") == "yes") { if (isset($_POST['fprotection']) && $_POST['fprotection'] != "") { if (isset($_GET['ajax']) && $_GET['ajax'] == 1) { if (intval(session_getvalue("protection_page")) != intval($_POST['fprotection'])) { $_local_error = getLT("protectionerror"); } } else { if (intval(session_getvalue("protection_page")) != intval($_POST['fprotection']) + 1) { $_local_error = getLT("protectionerror"); } } } } //set default filter $control_filter = ""; $control_name = "makecontact"; $control_table = "projectissues"; $control_id = "id"; //check for rights if (getUserConfig('dinsec_makecontact_cando', $action) == 'no') { $_local_error = getLT('nopermissions'); } if (getUserConfig('dinsec_makecontact_canpost', $action) == 'no') { $_local_error = getLT('nopermissions'); } if (session_getvalue("blockaccess_makecontact") == "yes") { $_local_error = getLT('nopermissions'); } if (session_getvalue("blockaccess_projectissues") == "yes") { $_local_error = getLT('nopermissions'); } if ($_local_error == "") { switch ($action) { case 'add': if (isset($_POST['cancel_button']) && $_POST['cancel_button'] == getLT('cancel')) { $_local_error = 'usercanceled'; setSlotView($slot, "add"); break; } if ($_local_error == '') { if (!isset($_POST['iname']) || $_POST['iname'] == '' || strip_tags($_POST['iname']) == '') { $_local_error .= getLT('iname') . ' ' . getLT('shouldbefilled'); } } if ($_local_error == '') { if (!isset($_POST['iemail']) || $_POST['iemail'] == '' || strip_tags($_POST['iemail']) == '') { $_local_error .= getLT('iemail') . ' ' . getLT('shouldbefilled'); } } if ($_local_error == '') { if (!isset($_POST['icontactname']) || $_POST['icontactname'] == '' || strip_tags($_POST['icontactname']) == '') { $_local_error .= getLT('icontactname') . ' ' . getLT('shouldbefilled'); } } if ($_local_error == '') { if (!isset($_POST['useraddress'])) { $_local_error .= getLT('javascript?'); } else { $ab_def = strtok($_POST['useraddress'], "-"); $ab_test = $ab_def . '-' . number_format(floatVal($ab_def . '.12') * 0.34, 4, '.', ''); if ($ab_test !== $_POST['useraddress']) { $_local_error .= getLT('antiboterror?'); } } } if ($_local_error == "") { $conn->addnew($control_table); $conn->setvalue('iname', correctPostValue($_POST['iname'])); $conn->setvalue('iemail', correctPostValue($_POST['iemail'])); $conn->setvalue('icontactname', correctPostValue($_POST['icontactname'])); $html = correctPostValue($_POST['idesc']); $html = str_ireplace("<script", "[script", $html); $html = str_ireplace("<link", "[link", $html); $html = str_ireplace("<style", "[style", $html); $conn->setvalue('idesc', $html); $conn->setvalue('projectid', $_CONFIG['projectid']); $conn->setvalue('idate', date("Y-m-d H:i:s")); $id = $conn->update(); if ($id != "") { session_addvalue($slot . '_info', getLT('wblank')); session_setvalue($slot . "_viewid", $id); setSlotView($slot, "add"); } else { $_local_error = getLT('unableadd'); break; } } case 'sendemail': if (isset($_POST['cancel_button']) && $_POST['cancel_button'] == getLT('cancel')) { $_local_error = 'usercanceled'; break; } if ($_local_error == "") { ob_start(); require_once "config/htmlreport.php"; require_once "config/templates.php"; require_once "config/mail.php"; global $_templates; require_once "config/utils.php"; $_control_replace_sql = "parseAndReplaceAll"; $pdf = new HtmlReport(""); $emailbody = ob_get_contents(); ob_end_clean(); $emailbody = html_entity_decode($emailbody); $emailsubject = getLT('emailcontact'); global $mails_sql_conn; $mails_sql_conn = create_db_connection(); $mails_sql_conn->openselect($_control_replace_sql("select pemails as email from projects where id=0[config.projectid]")); $noemail = false; if ($mails_sql_conn->eof()) { $noemail = true; } while (!$mails_sql_conn->eof()) { $mailman = createMailObject(); $mailman->IsHTML(true); $emailto = $mails_sql_conn->getvalue("email"); $emailreply = ""; $emailbcc = ""; $emailcc = ""; $emailfrom = ""; $emailbody = getFileContent(getFilePathFor('html', 'makecontact')); require_once "config/utils.php"; $emailbody = parseAndReplaceAll($emailbody); $emailreply = correctPostValue($_POST["iemail"]); $mailman->Body = $emailbody; $mailman->Subject = $emailsubject; $mailman->ClearAddresses(); $mailman->AddAddress($emailto); if ($emailbcc != "") { $mailman->AddBCC($emailbcc); } if ($emailcc != "") { $mailman->AddCC($emailcc); } if ($emailfrom != "") { $mailman->FromName = ""; $mailman->From = $emailfrom; } if ($emailreply != '') { $mailman->AddReplyTo($emailreply); } $mailman->send(); $mails_sql_conn->movenext(); } $mails_sql_conn->close(); if ($noemail) { session_addvalue($slot . '_error', getLT('noemailfound')); } else { session_addvalue($slot . '_info', getLT('yourmessageissent')); } } break; default: //$_local_error="slot:".$slot." unknown post action: ".$action; setSlotView($slot, ""); break; } } if (isset($_POST['cancel_button']) && $_POST['cancel_button'] == getLT('cancel')) { //if($_local_error!="") session_addvalue($slot.'_error',getLT($_local_error)); $_local_error = ''; } else { if ($_local_reloadform != "" || $_local_error != "" || $action == "justreloadform") { //save post for later use foreach ($_POST as $key => $val) { if (is_array($val)) { session_setvalue('savedpost_makecontact_' . $key, correctPostValue(implode(",", str_replace(',', ' ', $_POST[$key])))); } else { session_setvalue('savedpost_makecontact_' . $key, correctPostValue($val)); } } if ($_local_error != "") { session_addvalue($slot . '_error', $_local_error); } } } $render_current_slot--; return $_local_error; }
function stream_do_action_toevoegen($account, $admin = 2) { global $lang; global $stream_bitrates; global $stream_host_poorten; global $mysqli; if (!isset($mysqli) || empty($mysqli)) { create_db_connection('mysqli', 'central'); } global $mysqli; $bitrate = FALSE; $host = FALSE; $poort = FALSE; $admin_user = FALSE; $admin_pass = FALSE; $name = FALSE; $max_listeners = FALSE; foreach ($stream_bitrates as $type) { if (get_value_post('bitrate') == $type) { $bitrate = $type; } } $post_port = get_value_post('poort'); if ($post_port !== FALSE) { $post_port2 = explode(':', $post_port); foreach ($stream_host_poorten as $hostname => $ports) { if ($post_port2[0] == $hostname) { foreach ($ports as $port) { if ($post_port2[1] == $port) { $sql = 'SELECT * FROM `stream_streams` WHERE `host` LIKE "' . $mysqli->real_escape_string($hostname) . '" AND `poort` LIKE "' . $mysqli->real_escape_string($port) . '" LIMIT 1'; $query = $mysqli->query($sql); if (!isset($query) || empty($query) || $query->num_rows == "0") { $poort = $port; $host = $hostname; } } } } } } $admin_user = get_value_post('admin_user'); $admin_pass = get_value_post('admin_pass'); $name = get_value_post('name'); $max_listeners = get_value_post('max_listeners'); $genre = get_value_post('genre'); $description = get_value_post('description'); $url = get_value_post('url'); $source_pass = get_value_post('source_pass'); $relay_pass = get_value_post('relay_pass'); $mountpoint = get_value_post('mountpoint'); $master_server = get_value_post('master_server'); $master_port = get_value_post('master_port'); $master_user = get_value_post('master_user'); $master_pass = get_value_post('master_pass'); $ftp_pass = get_value_post('ftp_pass'); $streamtype = get_value_post('streamtype'); $shoutcastkey = get_value_post('shoutcastkey'); if ($bitrate === FALSE || $host === FALSE || $poort === FALSE || $admin_user === FALSE || $admin_pass === FALSE || $name === FALSE || $max_listeners === FALSE) { $html = '<br /><br />' . $lang->translate(929) . '<br /><br />'; } else { $availablelisteners = pakketten_get_value_size_stream(get_value_session('from_db', 'id'), 'listeners') - pakketten_get_value_used_stream(get_value_session('from_db', 'id'), 'listeners'); if ($max_listeners < $availablelisteners) { $sql2 = 'INSERT INTO `stream_streams` (`poort`,`admin_user`,`admin_pass`,`max_listeners`,`bitrate`,`account`,`name`,`host`,`genre`,`description`,`url`,`source_pass`,`relay_pass`,`mountpoint`,`master_server`,`master_port`,`master_user`,`master_pass`,`changed2`,`changed`,`type`,`shoutcastkey`) VALUES ("' . $mysqli->real_escape_string($poort) . '","' . $mysqli->real_escape_string($admin_user) . '","' . $mysqli->real_escape_string($admin_pass) . '","' . $mysqli->real_escape_string($max_listeners) . '","' . $mysqli->real_escape_string($bitrate) . '","' . $mysqli->real_escape_string($account) . '","' . $mysqli->real_escape_string($name) . '","' . $mysqli->real_escape_string($host) . '","' . $mysqli->real_escape_string($genre) . '","' . $mysqli->real_escape_string($description) . '","' . $mysqli->real_escape_string($url) . '","' . $mysqli->real_escape_string($source_pass) . '","' . $mysqli->real_escape_string($relay_pass) . '","' . $mysqli->real_escape_string($mountpoint) . '","' . $mysqli->real_escape_string($master_server) . '","' . $mysqli->real_escape_string($master_port) . '","' . $mysqli->real_escape_string($master_user) . '","' . $mysqli->real_escape_string($master_pass) . '","1","1","' . $mysqli->real_escape_string($streamtype) . '","' . $mysqli->real_escape_string($shoutcastkey) . '")'; $mysqli->query($sql2); $id = $mysqli->insert_id; if (get_value_post('ftp_pass') != FALSE && get_value_post('ftp_pass') != '') { $sql = 'INSERT INTO `stream_ftpuser` (`userid`,`passwd`,`homedir`) VALUES ("stream' . $id . '","' . $mysqli->real_escape_string(get_value_post('ftp_pass')) . '","/home/icecast/stream' . $id . '")'; $mysqli->query($sql); $sql = 'INSERT INTO `stream_ftpquotalimits` (`name`,`limit_type`) VALUES ("stream' . $id . '","hard")'; $mysqli->query($sql); } $html = '<br /><br />' . $lang->translate(930) . '<br /><br />'; } else { $html = '<br /><br />' . $lang->translate(931) . '<br /><br />'; } } return $html; }
function dns_do_action_superontkoppelen($id, $account, $admin = 2) { global $lang; $data = dns_get_value_domain($id); if (pakketten_check_is_allowed($data['account'], 'DNS', $admin)) { global $mysqli_dns; if (!isset($mysqli_dns) || empty($mysqli_dns)) { create_db_connection('mysqli_dns', 'dns'); } global $mysqli_dns; $sql = 'UPDATE `domains` SET `type` = "NATIVE", `master` = NULL, `last_check` = NULL WHERE `id` = "' . $mysqli_dns->real_escape_string($id) . '"'; $mysqli_dns->query($sql); $html = '<br /><br /><p>' . $lang->translate(798) . '</p><br /><br />'; } else { $html = '<br /><br />'; $html .= $lang->translate(792) . '<br /><br />'; } return $html; }
function resetUniqueValue($md5, $value, $user, $userid = 0) { $connf = create_db_connection(); $connf->execute("update " . getUserConfig("dbprefix") . "uniquevalues set util='" . $connf->escape($value) . "' where md5='" . $connf->escape($md5) . "' and user='******' and userid=0" . intval($userid)); return $value; }
if (check_user_subuser(get_value_session('from_db', 'id'), $pakket['user_id'], $type = 3) !== FALSE || $pakket['user_id'] == get_value_session('from_db', 'id') || get_value_session('from_db', 'is_admin') == '1') { if (pakketten_do_action_verwijder($pakket['user_id'], get_value_get('id')) == FALSE) { $html .= '<br /><p><b>' . $lang->translate(676) . '</b></p><br /><br />'; } else { $html .= '<br /><p><b>' . $lang->translate(677) . '</b></p><br /><br />'; } } } } elseif (get_value_get('type') == 'bewerken' && check_user_right(get_value_session('from_db', 'id'), 'pakketbewerken', get_value_session('from_db', 'is_admin')) !== FALSE) { $pakket = pakketten_get_value_details(get_value_session('from_db', 'id'), get_value_get('id'), get_value_session('from_db', 'is_admin')); if ($pakket !== FALSE) { if (check_user_subuser(get_value_session('from_db', 'id'), $pakket['user_id'], $type = 3) !== FALSE || $pakket['user_id'] == get_value_session('from_db', 'id') || get_value_session('from_db', 'is_admin') == '1') { if (get_value_get('p') == "dns") { if (get_value_post('submit')) { if (!isset($mysqli) || empty($mysqli)) { create_db_connection('mysqli', 'central'); } $domlimiet = get_value_post('domlimit'); $temlimiet = get_value_post('temlimit'); if ($domlimiet !== FALSE && $temlimiet !== FALSE) { $sql = "UPDATE `pakketten_dns` SET `max_domain` = '" . $mysqli->real_escape_string($domlimiet) . "', `max_templates` = '" . $mysqli->real_escape_string($temlimiet) . "' WHERE `id` LIKE '" . $mysqli->real_escape_string($pakket['pakket_id']) . "'"; $query = $mysqli->query($sql); $html .= '<br /><p><b>' . $lang->translate(673) . '</b></p><br /><br />'; } else { $html .= '<br /><p><b>' . $lang->translate(674) . '</b></p><br /><br />'; } } else { $pakket_name = $pakket['pakket_name']; $domain_pakket_limit = dns_get_value_pakket($pakket['pakket_id'], 'domain'); $template_pakket_limit = dns_get_value_pakket($pakket['pakket_id'], 'template'); $domain_pakket_used = dns_get_value_current_usage($pakket['pakket_id'], 'domain');
function pakketten_do_action_create_stream() { global $mysqli; if (!isset($mysqli) || empty($mysqli)) { create_db_connection('mysqli', 'central'); } global $mysqli; $temp = 1; if (get_value_session('from_db', 'is_admin') == 1) { $sql = 'INSERT INTO `pakketten_stream` (`max_listeners`) VALUES ("' . $mysqli->real_escape_string(get_value_post('listeners')) . '")'; $mysqli->query($sql); $id = $mysqli->insert_id; if ($id != 0) { $sql = 'INSERT INTO `pakketten` (`type`,`user_id`,`pakket_id`) VALUES ("stream","' . $mysqli->real_escape_string(get_value_post('klant')) . '","' . $mysqli->real_escape_string($id) . '")'; $mysqli->query($sql); $id2 = $mysqli->insert_id; if ($id2 != 0) { return TRUE; } else { return FALSE; } } else { return FALSE; } } else { if (check_user_subuser(get_value_session('from_db', 'id'), get_value_post('klant'))) { $availablelisteners = pakketten_get_value_size_stream(get_value_session('from_db', 'id'), 'listeners') - pakketten_get_value_used_stream(get_value_session('from_db', 'id'), 'listeners'); if (get_value_post('listeners') < $availablelisteners) { $sql = 'INSERT INTO `pakketten_stream` (`max_listeners`) VALUES ("' . $mysqli->real_escape_string(get_value_post('listeners')) . '")'; $mysqli->query($sql); $id = $mysqli->insert_id; if ($id != 0) { $sql = 'INSERT INTO `pakketten` (`type`,`user_id`,`pakket_id`) VALUES ("stream","' . $mysqli->real_escape_string(get_value_post('klant')) . '","' . $mysqli->real_escape_string($id) . '")'; $mysqli->query($sql); $id2 = $mysqli->insert_id; if ($id2 != 0) { return TRUE; } else { return FALSE; } } else { return FALSE; } } else { return FALSE; } } else { return FALSE; } } }
function matchExists($match_id) { $user = array(); $matchExists = false; $mysqli = create_db_connection(); if (!($stmt = $mysqli->prepare("SELECT match_id FROM matches WHERE match_id = ?"))) { error_log("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error, 3, "leagueweb.error"); } if (!$stmt->bind_param("i", $match_id)) { error_log("Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error, 3, "leagueweb.error"); } if (!$stmt->execute()) { error_log("Execute failed: (" . $stmt->errno . ") " . $stmt->error, 3, "leagueweb.error"); } else { $stmt->bind_result($matchId); $stmt->fetch(); //we just want the first one $someId = $matchId; } if ($match_id == $someId) { $matchExists = true; } return $matchExists; }