public function render($module, $model) { $rtn = "\n[[[\r\n \$prepopulate = (\$object->isNew() ? (isset(\$_POST['" . $this->name . "']) ? strip_tags(\$_POST['" . $this->name . "']) : '') : \$object->get" . DBObject::tableNameToClassName($this->name) . "() * 1000);\r\n \$alt_prepopulate = \$prepopulate;\r\n if (preg_match('/^\\d+\$/', \$prepopulate)) {\r\n \$alt_prepopulate = date('Y-m-d', \$prepopulate/1000);\r\n }\r\n]]]\n"; $id = get_random_string(5); $rtn .= "\n<div id='{$id}' class='form-group'>\r\n <label class='col-sm-2 control-label' for='{$this->name}'>{$this->name} " . ($this->required ? $this->mandatory_field : '') . "</label>\r\n <div class='col-sm-10'>\r\n <div class='input-group'>\r\n <span class='input-group-addon'><i class='fa fa-calendar'></i></span>\r\n <input disabled='disabled' value='[[[ echo htmlentities(str_replace('\\'', '\"', \$alt_prepopulate)) ]]]' type='text' class='form-control altFormat' " . ($this->required ? ' required' : '') . " />\r\n <input value='[[[ echo htmlentities(str_replace('\\'', '\"', \$prepopulate)) ]]]' type='text' id='{$this->name}' name='{$this->name}' class='datepicker form-control' " . ($this->required ? ' required' : '') . " style='position: absolute; top:0; left: 0; z-index: -1' />\r\n </div>\r\n </div>\r\n</div>\r\n<div class='hr-line-dashed'></div>\r\n"; $rtn .= "\r\n <script type='text/javascript'>\r\n \$('#{$id} .datepicker').datepicker({\r\n " . (isset($this->options['dateFormat']) ? 'dateFormat: ' . "'" . $this->options['dateFormat'] . "'" : '') . "\r\n " . (isset($this->options['altFormat']) ? ',altField: "#' . $id . ' .altFormat", altFormat: "' . $this->options['altFormat'] . '"' : '') . "\r\n " . (isset($this->options['changeMonth']) ? ',changeMonth: ' . $this->options['changeMonth'] : '') . "\r\n " . (isset($this->options['changeYear']) ? ',changeYear: ' . $this->options['changeYear'] : '') . "\r\n " . (isset($this->options['yearRange']) ? ',yearRange: ' . "'" . $this->options['yearRange'] . "'" : '') . "\r\n });\r\n \$('#{$id} .input-group-addon').css('cursor', 'pointer').on('click', function(){\r\n \$('#{$id} .datepicker').datepicker('show');\r\n });\r\n </script>\r\n"; return $rtn; }
/** * Generate a spam token and store in session */ static function generateSpamToken($unique_id) { $token_key = get_random_string(8); $token_value = get_random_string(12); if (!isset($_SESSION['spam_tokens'])) { $_SESSION['spam_tokens'] = array(); } // store the generated token in session $_SESSION['spam_tokens'][$unique_id] = array(); $_SESSION['spam_tokens'][$unique_id]['key'] = $token_key; $_SESSION['spam_tokens'][$unique_id]['value'] = $token_value; return array('key' => $token_key, 'value' => $token_value); }
function new_lease_for_video($id, $expiry = -1) { global $db; delete_expired_leases(); $id = (int) $id; $ip = addslashes($_SERVER['REMOTE_ADDR']); if ($lease = lease_for_video($id)) { return $lease; } if ($expiry == -1) { $expiry = EXPIRY; } $now = new DateTime(); $now->modify("+{$expiry} seconds"); $expiry = $now->format('Y-m-d H:i:s'); $url = get_random_string("abcdefghijklmnopqrstuvwxyz0123456789", 3); $query = "INSERT INTO leases(video, url, ip, expiry) VALUES({$id}, \"{$url}\", \"{$ip}\", \"{$expiry}\")"; if ($result = $db->query($query)) { return $url; } return false; }
public function render($module, $model) { $rtn = ""; $prepopulate = '($object->isNew() ? ' . "(isset(\$_POST['{$this->name}']) ? strip_tags(\$_POST['{$this->name}']) : '')" . ' : $object->get' . format_as_class_name($this->name) . '())'; $id = get_random_string(5); $rtn .= "\n<div id='{$id}' class='form-group'>\r\n <label class='col-sm-2 control-label' for='{$this->name}'>{$this->name} " . ($this->required ? $this->mandatory_field : '') . "</label>\r\n <div class='col-sm-10'>\r\n <div class='input-group'>\r\n <span class='input-group-addon'><i class='fa fa-calendar'></i></span><input value='[[[ echo htmlentities(str_replace('\\'', '\"', {$prepopulate})) ]]]' type='text' class='form-control' id='{$this->name}' name='{$this->name}'" . ($this->required ? ' required' : '') . " />\r\n </div>\r\n </div>\r\n</div>\r\n<div class='hr-line-dashed'></div>\r\n"; $rtn .= ' [[[ // include jquery-ui library if not $already_included_at_frontend = Asset::checkAssetAdded(\'jquery-ui\', \'js\', \'frontend\') || Asset::checkAssetAdded(\'jquery_ui\', \'js\', \'frontend\'); if (!$already_included_at_frontend) { echo( "\\n".\'<script type="text/javascript" src="\'.uri(\'modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js\').\'"></script>\'."\\n" ); echo( "\\n".\'<script type="text/javascript">loadCSS("\'.uri(\'modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js\').\'")</script>\'."\\n" ); Asset::addDynamicAsset(\'jquery_ui\', \'js\', \'frontend\', \'<script type="text/javascript" src="\'.uri(\'modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js\').\'"></script>\'); } $already_included_at_backend = Asset::checkAssetAdded(\'jquery-ui\', \'js\', \'backend\') || Asset::checkAssetAdded(\'jquery_ui\', \'js\', \'backend\'); if (!$already_included_at_backend) { echo( "\\n".\'<script type="text/javascript" src="\'.uri(\'modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js\').\'"></script>\'."\\n" ); echo( "\\n".\'<script type="text/javascript">loadCSS("\'.uri(\'modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js\').\'")</script>\'."\\n" ); Asset::addDynamicAsset(\'jquery_ui\', \'js\', \'backend\', \'<script type="text/javascript" src="\'.uri(\'modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js\').\'"></script>\'); } ]]] '; // $already_included_at_frontend = Asset::checkAssetAdded('jquery-ui', 'js', 'frontend') || Asset::checkAssetAdded('jquery_ui', 'js', 'frontend'); // if (!$already_included_at_frontend) { // $rtn .= "\n".'<script type="text/javascript" src="'.uri('modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js').'"></script>'."\n"; // $rtn .= "\n".'<script type="text/javascript">loadCSS('.uri('modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js').')</script>'."\n"; // Asset::addDynamicAsset('jquery_ui', 'js', 'frontend', '<script type="text/javascript" src="'.uri('modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js').'"></script>'); // } // $already_included_at_backend = Asset::checkAssetAdded('jquery-ui', 'js', 'backend') || Asset::checkAssetAdded('jquery_ui', 'js', 'backend'); // if (!$already_included_at_backend) { // $rtn .= "\n".'<script type="text/javascript" src="'.uri('modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js').'"></script>'."\n"; // $rtn .= "\n".'<script type="text/javascript">loadCSS('.uri('modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js').')</script>'."\n"; // Asset::addDynamicAsset('jquery_ui', 'js', 'backend', '<script type="text/javascript" src="'.uri('modules/core/assets/jquery-ui-1.11.4.custom/jquery-ui.min.js').'"></script>'); // } return $rtn; }
function nulluhr() { global $db; update_all_ranks(); $db->query('DELETE FROM ' . DB_PRE . 'ecp_messages WHERE fromdel = 1 AND del = 1'); $result = $db->query('SELECT ID FROM ' . DB_PRE . 'ecp_user WHERE (ondelete < ' . time() . ' AND ondelete != 0) OR (status = 0 AND registerdate < ' . (time() - DELETE_UNAKTIV * 86400) . ')'); while ($row = mysql_fetch_assoc($result)) { delete_user($row['ID']); } $result = $db->query('SELECT ID, money FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_ranks ON (rID = rankID)'); while ($row = mysql_fetch_assoc($result)) { if ($row['money'] != '') { $db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET money = money + ' . $row['money'] . ' WHERE userID = ' . $row['ID']); } } if (BACKUP_AKTIV) { $last = $db->result(DB_PRE . 'ecp_stats', 'lastdbbackup', '1'); if (BACKUP_CYCLE == 'day' or $last + (BACKUP_CYCLE == 'month' ? 2592000 : 604800) < time()) { $backup_obj = new MySQL_Backup(); $backup_obj->server = MYSQL_HOST; $backup_obj->username = MYSQL_USER; $backup_obj->password = MYSQL_PASS; $backup_obj->database = MYSQL_DATABASE; $backup_obj->tables = array(); $backup_obj->drop_tables = true; $backup_obj->struct_only = false; $backup_obj->comments = true; $backup_obj->fname_format = 'd_m_y__H_i_s'; $string = get_random_string(8, 2); if ($backup_obj->Execute(MSB_SAVE, 'uploads/forum/' . $string . '.sql.gz', true)) { $m = new XMail(); // set from address and name $m->From(SITE_EMAIL); // add to address and name $m->AddTo(BACKUP_EMAIL); // set subject $m->Subject(BACKUP_AUTO); // set text/plain version of message $m->Text(DATE . ': ' . date('d.m.Y H:i:s')); // add attachment ('text/plain' file) $m->Attach(date('Y_m_d') . '.sql.gz', 'application/x-gzip'); $f = 'uploads/forum/' . $string . '.sql.gz'; $id = MIME::unique(); // add inline attachment '$f' file with ID '$id' $m->Attach(file_get_contents($f), FUNC::mime_type($f), null, null, null, 'attachment', $id); if (SMTP_AKTIV) { $c = $m->Connect(SMTP_HOST, (int) SMTP_PORT, SMTP_USER, SMTP_PASS, 'tls', 10, 'localhost', null, 'plain'); //or die(print_r($m->Result)); } if ($m->Send(SMTP_AKTIV ? $c : null)) { $db->query('UPDATE ' . DB_PRE . 'ecp_stats SET lastdbbackup = ' . strtotime('today 00:00:00')); } unlink('uploads/forum/' . $string . '.sql.gz'); } } } $result = $db->query('SELECT attachID, strname FROM ' . DB_PRE . 'ecp_forum_attachments WHERE (tID = 0 OR bID = 0) AND uploadzeit < ' . (time() - 1000)); while ($row = $db->fetch_assoc()) { @unlink('upload/forum/' . $row['attachID'] . '_' . $row['strname']); } $db->query('DELETE FROM ' . DB_PRE . 'ecp_forum_attachments WHERE (tID = 0 OR bID = 0) AND uploadzeit < ' . (time() - 1000)); // Buchungen durchf�hren $buchresult = $db->query('SELECT `ID`, `verwendung`, `intervall`, `betrag`, `nextbuch`, `tagmonat` FROM ' . DB_PRE . 'ecp_clankasse_auto WHERE nextbuch <= \'' . time() . '\''); while ($row = mysql_fetch_assoc($buchresult)) { $db->query('INSERT INTO ' . DB_PRE . 'ecp_clankasse_transaktion (`geld`, `verwendung`, `datum`, `userID`) VALUES (-' . $row['betrag'] . ', \'' . mysql_real_escape_string($row['verwendung']) . '\', ' . time() . ', 0)'); $db->query('UPDATE ' . DB_PRE . 'ecp_clankasse SET kontostand = kontostand - ' . $row['betrag']); switch ($row['tagmonat']) { case 1: $nextdate = strtotime('+ ' . (int) $row['intervall'] . ' month'); break; case 15: $nextdate = strtotime('+ ' . (int) $row['intervall'] . ' month'); break; case 28: $nextdate = strtotime('+ ' . (int) $row['intervall'] . ' month'); } $db->query('UPDATE ' . DB_PRE . 'ecp_clankasse_auto SET `nextbuch` = \'' . $nextdate . '\''); } $db->query('DELETE FROM ' . DB_PRE . 'ecp_forum_search WHERE datum < ' . (time() - 86400)); $result = $db->query('SELECT COUNT(sID) as anzahl, sID FROM ' . DB_PRE . 'ecp_server_stats GROUP BY sID'); while ($row = mysql_fetch_assoc($result)) { if ($row['anzahl'] > SERVER_MAX_LOG) { $db->query('DELETE FROM ' . DB_PRE . 'ecp_server_stats WHERE sID = ' . $row['sID'] . ' ORDER BY datum ASC LIMIT ' . ($row['anzahl'] - SERVER_MAX_LOG)); } } }
$auto_enroll_id = $_REQUEST['auto_enroll_id']; } else { $auto_enroll_id = 0; } if (isset($_POST['save']) || isset($_POST['add'])) { /* insert or update a category */ // $cat_parent_id = intval($_POST['cat_parent_id']); $name = trim($_POST['name']); $name = $addslashes($name); $name = validate_length($name, 50); if (isset($_POST['add']) && !$_POST['add_ids']) { $msg->addError('NO_ITEM_SELECTED'); } if (!$msg->containsErrors()) { if ($auto_enroll_id == 0) { $sql = "INSERT INTO " . TABLE_PREFIX . "auto_enroll(associate_string, name) \n\t\t\t VALUES ('" . get_random_string(6, 10) . "', '" . $name . "')"; $result = mysql_query($sql, $db) or die(mysql_error()); $auto_enroll_id = mysql_insert_id($db); write_to_log(AT_ADMIN_LOG_INSERT, 'auto_enroll', mysql_affected_rows($db), $sql); } else { $sql = "UPDATE " . TABLE_PREFIX . "auto_enroll\n\t\t\t SET name = '" . $name . "'\n\t\t\t WHERE auto_enroll_id = " . $auto_enroll_id; $result = mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_UPDATE, 'auto_enroll', mysql_affected_rows($db), $sql); } if (isset($_POST['add'])) { foreach ($_POST['add_ids'] as $elem) { $sql = "SELECT count(*) cnt FROM " . TABLE_PREFIX . "auto_enroll_courses\n\t\t\t\t WHERE auto_enroll_id = " . $auto_enroll_id . "\n\t\t\t\t AND course_id = " . $elem; $result = mysql_query($sql, $db) or die(mysql_error()); $row = mysql_fetch_assoc($result); if ($row["cnt"] == 0) { $sql = "INSERT INTO " . TABLE_PREFIX . "auto_enroll_courses (auto_enroll_id, course_id)\n\t\t\t\t\t VALUES (" . $auto_enroll_id . ", " . $elem . ")";
function __construct() { parent::__construct(); global $objLogin; $this->params = array(); if (isset($_POST['album_code'])) { $this->params['album_code'] = prepare_input($_POST['album_code']); } if (isset($_POST['album_type'])) { $this->params['album_type'] = prepare_input($_POST['album_type']); } if (isset($_POST['priority_order'])) { $this->params['priority_order'] = prepare_input($_POST['priority_order']); } if (isset($_POST['is_active'])) { $this->params['is_active'] = prepare_input($_POST['is_active']); } else { $this->params['is_active'] = '0'; } $this->primaryKey = 'id'; $this->tableName = TABLE_GALLERY_ALBUMS; $this->dataSet = array(); $this->error = ''; $this->formActionURL = 'index.php?admin=mod_gallery_management'; $this->actions = array('add' => true, 'edit' => true, 'details' => true, 'delete' => true); $this->actionIcons = true; $this->allowRefresh = true; $this->allowTopButtons = true; $this->allowLanguages = false; $this->languageId = $objLogin->GetPreferredLang(); $this->WHERE_CLAUSE = ''; // WHERE... $this->ORDER_CLAUSE = 'ORDER BY priority_order ASC'; // ORDER BY date_created DESC $this->isAlterColorsAllowed = true; $this->isPagingAllowed = true; $this->pageSize = 20; $this->isSortingAllowed = true; $this->isFilteringAllowed = false; // define filtering fields $this->arrFilteringFields = array(); /////////////////////////////////////////////////////////////////////////////// // 1. prepare translation fields array $this->arrTranslations = $this->PrepareTranslateFields(array('name', 'description')); /////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////// // 2. prepare translations array for edit/detail modes $sql_translation_description = $this->PrepareTranslateSql(TABLE_GALLERY_ALBUMS_DESCRIPTION, 'gallery_album_id', array('name', 'description')); /////////////////////////////////////////////////////////////////////////////// // prepare album types array $arr_album_types = array('images' => _IMAGES, 'video' => _VIDEO); $arr_is_active = array('0' => '<span class=no>' . _NO . '</span>', '1' => '<span class=yes>' . _YES . '</span>'); //---------------------------------------------------------------------- // VIEW MODE //---------------------------------------------------------------------- $this->VIEW_MODE_SQL = 'SELECT ga.' . $this->primaryKey . ', ga.album_code, ga.album_type, UCASE(ga.album_code) as mod_album_code, CONCAT(UCASE(SUBSTRING(ga.album_type, 1, 1)),LCASE(SUBSTRING(ga.album_type, 2))) as mod_album_type, gad.name, gad.description, ga.priority_order, ga.is_active, CONCAT("<a href=index.php?admin=mod_gallery_upload_items&album=", album_code, ">' . _UPLOAD . '</a> (", (SELECT COUNT(*) as cnt FROM ' . TABLE_GALLERY_ALBUM_ITEMS . ' gi WHERE gi.album_code = ga.album_code) , ")") as link_upload_items FROM (' . $this->tableName . ' ga LEFT OUTER JOIN ' . TABLE_GALLERY_ALBUMS_DESCRIPTION . ' gad ON ga.id = gad.gallery_album_id AND gad.language_id = \'' . $this->languageId . '\')'; // define view mode fields $this->arrViewModeFields = array('name' => array('title' => _ALBUM_NAME, 'type' => 'label', 'align' => 'left', 'width' => '15%', 'maxlength' => '30'), 'description' => array('title' => _DESCRIPTION, 'type' => 'label', 'align' => 'left', 'width' => '', 'maxlength' => '50'), 'mod_album_code' => array('title' => _ALBUM_CODE, 'type' => 'label', 'align' => 'center', 'width' => '12%'), 'mod_album_type' => array('title' => _TYPE, 'type' => 'label', 'align' => 'center', 'width' => '8%'), 'is_active' => array('title' => _ACTIVE, 'type' => 'enum', 'align' => 'center', 'width' => '8%', 'sortable' => true, 'nowrap' => '', 'visible' => true, 'source' => $arr_is_active), 'priority_order' => array('title' => _ORDER, 'type' => 'label', 'align' => 'center', 'width' => '8%', 'movable' => true), 'link_upload_items' => array('title' => _ITEMS, 'type' => 'label', 'align' => 'center', 'width' => '12%')); //---------------------------------------------------------------------- // ADD MODE //---------------------------------------------------------------------- // define add mode fields $max_order = self::GetParameter('action') == 'add' ? $this->GetMaxOrder('priority_order', 999) : 0; $this->arrAddModeFields = array('separator_general' => array('separator_info' => array('legend' => _GENERAL), 'album_code' => array('title' => '', 'type' => 'hidden', 'required' => true, 'readonly' => false, 'default' => get_random_string(8)), 'album_type' => array('title' => _TYPE, 'type' => 'enum', 'required' => true, 'readonly' => false, 'source' => $arr_album_types), 'priority_order' => array('title' => _ORDER, 'type' => 'textbox', 'width' => '50px', 'maxlength' => '3', 'default' => $max_order, 'required' => true, 'readonly' => false, 'validation_type' => 'numeric'), 'is_active' => array('title' => _ACTIVE, 'type' => 'checkbox', 'readonly' => false, 'true_value' => '1', 'false_value' => '0', 'default' => '1'))); //---------------------------------------------------------------------- // EDIT MODE //---------------------------------------------------------------------- // define edit mode fields $this->EDIT_MODE_SQL = 'SELECT ' . $this->tableName . '.' . $this->primaryKey . ', UCASE(' . $this->tableName . '.album_code) as album_code, ' . $this->tableName . '.album_type, CONCAT(UCASE(SUBSTRING(' . $this->tableName . '.album_type, 1, 1)),LCASE(SUBSTRING(' . $this->tableName . '.album_type, 2))) as mod_album_type, ' . $sql_translation_description . ' ' . $this->tableName . '.priority_order, ' . $this->tableName . '.is_active FROM ' . $this->tableName . ' WHERE ' . $this->tableName . '.' . $this->primaryKey . ' = _RID_'; // define edit mode fields $this->arrEditModeFields = array('separator_general' => array('separator_info' => array('legend' => _GENERAL), 'album_code' => array('title' => _CODE, 'type' => 'label'), 'album_type' => array('title' => _TYPE, 'type' => 'enum', 'required' => true, 'readonly' => false, 'source' => $arr_album_types), 'priority_order' => array('title' => _ORDER, 'type' => 'textbox', 'width' => '50px', 'maxlength' => '3', 'required' => true, 'readonly' => false, 'validation_type' => 'numeric'), 'is_active' => array('title' => _ACTIVE, 'type' => 'checkbox', 'readonly' => false, 'true_value' => '1', 'false_value' => '0'))); //---------------------------------------------------------------------- // DETAILS MODE //---------------------------------------------------------------------- $this->DETAILS_MODE_SQL = $this->EDIT_MODE_SQL; $this->arrDetailsModeFields = array('separator_general' => array('separator_info' => array('legend' => _GENERAL), 'album_code' => array('title' => _CODE, 'type' => 'label'), 'mod_album_type' => array('title' => _TYPE, 'type' => 'label'), 'priority_order' => array('title' => _ORDER, 'type' => 'label'), 'is_active' => array('title' => _ACTIVE, 'type' => 'enum', 'source' => $arr_is_active))); /////////////////////////////////////////////////////////////////////////////// // 3. add translation fields to all modes $this->AddTranslateToModes($this->arrTranslations, array('name' => array('title' => _NAME, 'type' => 'textbox', 'width' => '410px', 'required' => true, 'maxlength' => '125', 'readonly' => false), 'description' => array('title' => _DESCRIPTION, 'type' => 'textarea', 'width' => '410px', 'height' => '90px', 'required' => false, 'maxlength' => '255', 'validation_maxlength' => '255', 'readonly' => false))); /////////////////////////////////////////////////////////////////////////////// }
<?php function get_random_string($valid_chars, $length) { // start with an empty random string $random_string = ""; // count the number of chars in the valid chars string so we know how many choices we have $num_valid_chars = strlen($valid_chars); // repeat the steps until we've created a string of the right length for ($i = 0; $i < $length; $i++) { // pick a random number from 1 up to the number of valid chars $random_pick = mt_rand(1, $num_valid_chars); // take the random character out of the string of valid chars // subtract 1 from $random_pick because strings are indexed starting at 0, and we started picking at 1 $random_char = $valid_chars[$random_pick - 1]; // add the randomly-chosen char onto the end of our string so far $random_string .= $random_char; } // return our finished random string return $random_string; } $valid_chars = 'abcdefghijklmnopqurstuvwxvz09865135462!@#$$%^&*(()_{}:LABCDEFGHJHIKLMNOPEQREURSTYUWXYZ'; for ($i = 0; $i < 1000; $i++) { echo "INSERT INTO `spreadit`.`posts` (`id`, `user_id`, `created_at`, `type`, `data`, `updated_at`, `section_id`, `title`, `upvotes`, `downvotes`, `url`, `comment_count`, `markdown`) VALUES (NULL, " . rand(0, 40) . ", " . time() . ", 1, '" . get_random_string($valid_chars, rand(0, 2000)) . "', " . time() . ", " . rand(0, 10) . ", '" . get_random_string($valid_chars, rand(6, 128)) . "', " . rand(0, 100) . ", " . rand(0, 100) . ", '" . get_random_string($valid_chars, rand(10, 128)) . "', " . rand(0, 100) . ", '" . get_random_string($valid_chars, rand(0, 4000)) . "');"; }
echo '<script>window.location.replace("' . curPageURL() . '?e=token");</script>'; } exit; } //Functions if ($_POST[$_SESSION['token']['act']] == 'admin_user_add') { if (trim(preg_replace('/\\s+/', '', $_POST['name'])) != '' && preg_match('/^[A-Za-z0-9À-ÿ\\/\\s\'-]+$/', $_POST['name'])) { $_POST['name'] = trim(preg_replace('/\\s+/', ' ', $_POST['name'])); } else { header('Content-Type: application/json; charset=utf-8'); echo json_encode(array(0 => 'Invalid Name: only alphanumeric and single quote allowed')); exit; } $_POST['mail'] = trim(preg_replace('/\\s+/', '', $_POST['mail'])); $_POST['mail'] = $_POST['mail'] != '' && filter_var($_POST['mail'], FILTER_VALIDATE_EMAIL) ? $_POST['mail'] : exit; $pass = get_random_string(5); $dpass = hash('whirlpool', crypt($pass, '$#%H4!df84a$%#RZ@£')); $_POST['role'] = is_numeric($_POST['role']) ? $_POST['role'] : exit; try { $DBH = new PDO("mysql:host={$Hostname};dbname={$DatabaseName}", $Username, $Password); $DBH->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $query = "INSERT INTO " . $SupportUserTable . " (`name`,`mail`,`password`,`status`,`ip_address`) VALUES (?,?,?,?,?) "; $STH = $DBH->prepare($query); $ip = '127.0.0.1'; $STH->bindParam(1, $_POST['name'], PDO::PARAM_STR); $STH->bindParam(2, $_POST['mail'], PDO::PARAM_STR); $STH->bindParam(3, $dpass, PDO::PARAM_STR); $STH->bindParam(4, $_POST['role'], PDO::PARAM_STR); $STH->bindParam(5, $ip, PDO::PARAM_STR); $STH->execute(); $uid = $DBH->lastInsertId();
function invite_member($email, $userid, $group = '', $groupname = '') { $regcode = get_random_string(); if (empty($group)) { $group = 'NULL'; } $sql = "INSERT INTO `goingdutch`.`register` (`email` ,`userid`, `code` , `group`, `timestamp`)\n VALUES ('" . mysql_real_escape_string(email) . "', {$userid}, '" . mysql_real_escape_string($regcode) . "', {$group}, CURRENT_TIMESTAMP )"; if (!($result = mysql_query($sql))) { return false; } // send email $regcodes = space_code($regcode); $from = '*****@*****.**'; $from_name = 'Going Dutch'; if (!empty($groupname)) { $groupname = 'group "' . $groupname . '"'; } $subject = "Invitation to join Going Dutch {$groupname}"; //$website = 'http://inthere.nl/dutch'; $website = LOGIN_URL; $link = "<a href=\"{$website}?code={$regcode}\">this link</a>"; $html = "Please register using {$link}<br /><br>"; $html .= "Or register on {$website} with this code<br />{$regcodes}"; if (!smtpmailer($email, $from, $from_name, $subject, $html, array('*****@*****.**', 'Do not reply to this address'), 'to')) { echo " something went wrong <br />"; echo $smtpmailer_error; } }
/** * Send forgotten password * @param $email */ public function SendPassword($email) { global $objSettings; $lang = Application::Get('lang'); // deny all operations in demo version if (strtolower(SITE_MODE) == 'demo') { $this->error = _OPERATION_BLOCKED; return false; } if (!empty($email)) { if (check_email_address($email)) { if (!PASSWORDS_ENCRYPTION) { $sql = 'SELECT id, first_name, last_name, user_name, password, preferred_language FROM ' . TABLE_ACCOUNTS . ' WHERE email = ' . quote_text(encode_text($email)) . ' AND is_active = 1'; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'aes') { $sql = 'SELECT id, first_name, last_name, user_name, AES_DECRYPT(password, ' . quote_text(PASSWORDS_ENCRYPT_KEY) . ') as password, preferred_language FROM ' . TABLE_ACCOUNTS . ' WHERE email = ' . quote_text(encode_text($email)) . ' AND is_active = 1'; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'md5') { $sql = 'SELECT id, first_name, last_name, user_name, \'\' as password, preferred_language FROM ' . TABLE_ACCOUNTS . ' WHERE email = ' . quote_text($email) . ' AND is_active = 1'; } } } $temp = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY); if (is_array($temp) && count($temp) > 0) { ////////////////////////////////////////////////////////////////// if (!PASSWORDS_ENCRYPTION) { $password = $temp['password']; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'aes') { $password = $temp['password']; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'md5') { $password = get_random_string(8); $sql = 'UPDATE ' . TABLE_ACCOUNTS . ' SET password = '******' WHERE id = ' . (int) $temp['id']; database_void_query($sql); } } } send_email($email, $objSettings->GetParameter('admin_email'), 'password_forgotten', array('{FIRST NAME}' => $temp['first_name'], '{LAST NAME}' => $temp['last_name'], '{USER NAME}' => $temp['user_name'], '{USER PASSWORD}' => $password, '{BASE URL}' => APPHP_BASE, '{WEB SITE}' => $_SERVER['SERVER_NAME'], '{YEAR}' => date('Y')), $temp['preferred_language']); ////////////////////////////////////////////////////////////////// return true; } else { $this->error = _EMAIL_NOT_EXISTS; return false; } } else { $this->error = _EMAIL_IS_WRONG; return false; } } else { $this->error = _EMAIL_EMPTY_ALERT; return false; } return true; }
function forum_edit_replay($id, $bid, $tid) { global $db; $thread = $db->fetch_assoc('SELECT `threadID`, `bID`, `threadname`, a.boardparentID, ' . DB_PRE . 'ecp_forum_threads.closed,userID, comment, attachs,postname, adatum, a.editcom,a.editmocom,a.rightsread, a.commentsperpost, a.moneyperpost, a.boardparentID, a.name, a.attachments, a.attachmaxsize, a.postcom, a.attachfiles, b.rightsread as parentRead FROM ' . DB_PRE . 'ecp_forum_threads LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (bID = a.boardID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (b.boardID = a.boardparentID) LEFT JOIN ' . DB_PRE . 'ecp_forum_comments ON (comID = ' . $id . ') WHERE threadID = ' . $tid . ' AND bID = ' . $bid); if (@$_SESSION['userID'] and find_access($thread['rightsread']) and find_access($thread['parentRead']) and (find_access($thread['editcom']) and $_SESSION['userID'] == $thread['userID'] or find_access($thread['editmocom'])) and $db->errorNum() == 0) { if (isset($_POST['comment'])) { if ($_POST['comment'] == '' or isset($_POST['username']) and $_POST['username'] == '' or isset($_POST['title']) and $_POST['title'] == '') { table(ERROR, NOT_NEED_ALL_INPUTS); $tpl = new smarty(); $tpl->assign('func', 'edit'); $tpl->assign('func2', '&comID=' . $id); $tpl->assign('comment', $_POST['comment']); if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) { $tpl->assign('title', $thread['threadname']); } if ($thread['userID'] == 0) { $tpl->assign('username', $thread['postname']); } ob_start(); if ($thread['attachments'] and $thread['attachmaxsize']) { $attachs = $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'mID = ' . $id . ' AND tID = ' . $tid); if ($thread['attachments'] > $attachs) { $rand = get_random_string(16, 2); $tpl->assign('attach', find_access($thread['attachfiles'])); $tpl->assign('maxsize', $thread['attachmaxsize']); $tpl->assign('rand', $rand); $tpl->assign('sid', session_name() . '=' . session_id()); $tpl->assign('maxuploads', $thread['attachments'] - $attachs); $tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'] - $attachs, goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO)); $_SESSION['forum']['attach'][$bid] = $rand; } } $tpl->assign('quote', true); $tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html'); $content = ob_get_contents(); ob_end_clean(); main_content(FORUM_POST_EDIT, $content, '', 1); } else { if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_forum_comments SET postname = \'%s\', comment = \'%s\', edits =edits +1, editdatum = %d, edituserID = %d WHERE comID = %d', strsave(htmlspecialchars(@$_POST['username'])), strsave(comment_save($_POST['comment'])), time(), @(int) $_SESSION['userID'], $id))) { if (find_access($thread['attachfiles'])) { if (UPLOAD_METHOD == 'old') { $maxattach = $thread['attachments'] - $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'bID = ' . $bid . ' AND mID = ' . $id); foreach ($_FILES as $key => $value) { if ($_FILES[$key] == '' or $maxattach <= 0 or $_FILES[$key]['size'] > $thread['attachmaxsize']) { continue; } $mine = getMimeType($_FILES[$key]['tmp_name'], $_FILES[$key]['name']); if ($mine == 'application/zip' or $mine == 'application/x-rar-compressed' or $mine == 'image/bmp' or $mine == 'image/gif' or $mine == 'image/jpeg' or $mine == 'image/png' or $mine == 'application/pdf' or $mine == 'text/plain' or $mine == 'text/css' or $mine == 'text/html') { $sha1 = sha1_file($_FILES[$key]['tmp_name']); if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_forum_attachments (`bID`, `userID`, `name`, `size`, `strname`, uploadzeit, IP, tID, mID) VALUES (%d, %d, \'%s\', %d, \'%s\', %d, \'%s\', %d, %d)', $bid, @(int) $_SESSION['userID'], strsave($_FILES[$key]['name']), (int) $_FILES[$key]['size'], $sha1, time(), $_SERVER['REMOTE_ADDR'], $tid, $id))) { move_uploaded_file($_FILES[$key]['tmp_name'], 'uploads/forum/' . $db->last_id() . '_' . $sha1); umask(0); chmod('uploads/forum/' . $db->last_id() . '_' . $sha1, CHMOD); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $tid); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $id); } $maxattach--; } } } else { $db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_forum_attachments SET `tID` = %d, `mID` = %d WHERE validation = \'%s\' AND bID = %d', $id, $comid, strsave($_GET['rand']), $bid)); if ($db->affekt_rows()) { $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $id); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $comid); } } } if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) { $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET threadname = \'' . strsave(htmlspecialchars($_POST['title'])) . '\', vonname = \'' . strsave(htmlspecialchars(@$_POST['username'])) . '\' WHERE threadID = ' . $tid); } $last = $db->fetch_assoc('SELECT userID,postname,adatum, tID FROM ' . DB_PRE . 'ecp_forum_comments WHERE boardID = ' . $bid . ' ORDER BY adatum DESC LIMIT 1'); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_boards SET `lastpostuserID` = ' . (int) $last['userID'] . ', `lastpostuser` = \'' . $last['postname'] . '\', `lastpost` = ' . (int) $last['adatum'] . ', lastthreadID = ' . (int) $last['tID'] . ' WHERE (boardID = ' . $bid . ' OR boardID = ' . $thread['boardparentID'] . ')'); $last = $db->fetch_assoc('SELECT userID,postname,adatum FROM ' . DB_PRE . 'ecp_forum_comments WHERE tID = ' . $tid . ' ORDER BY adatum DESC LIMIT 1'); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET `lastuserID` = ' . $last['userID'] . ', `lastusername` = \'' . $last['postname'] . '\', `lastreplay` = ' . $last['adatum'] . ' WHERE threadID = ' . $tid); unset($_SESSION['forum']['attach'][$bid]); $anzahl = $db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND boardID =' . $bid . ' AND adatum < ' . $thread['adatum']); header1('?section=forum&action=thread&boardID=' . $bid . '&threadID=' . $tid . '&page=' . (ceil(($anzahl - 1) / LIMIT_FORUM_COMMENTS) + 1) . '#com_' . $id); } } } else { $tpl = new smarty(); $tpl->assign('comment', htmlspecialchars($thread['comment'])); $tpl->assign('func', 'edit'); $tpl->assign('func2', '&comID=' . $id); if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) { $tpl->assign('title', $thread['threadname']); } if ($thread['userID'] == 0) { $tpl->assign('username', $thread['postname']); } ob_start(); if ($thread['attachments'] and $thread['attachmaxsize']) { $attachs = $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'mID = ' . $id . ' AND tID = ' . $tid); if ($thread['attachments'] > $attachs) { $rand = get_random_string(16, 2); $tpl->assign('attach', find_access($thread['attachfiles'])); $tpl->assign('maxsize', $thread['attachmaxsize']); $tpl->assign('rand', $rand); $tpl->assign('sid', session_name() . '=' . session_id()); $tpl->assign('maxuploads', $thread['attachments'] - $attachs); $tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'] - $attachs, goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO)); $_SESSION['forum']['attach'][$bid] = $rand; } } $tpl->assign('quote', true); $tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html'); $content = ob_get_contents(); ob_end_clean(); main_content(FORUM_POST_EDIT, $content, '', 1); } } else { table(ERROR, ACCESS_DENIED); } }
/** * Russell, 2012-11-10: Shared functionality useed in index.php and * codetester.php. * Side-affect, can't use browser's back button to get old results as * a re-post will have a different nonce so will block */ function get_nonce() { $nonce = isset($_SESSION['nonce']) ? $_SESSION['nonce'] : hash('sha512', get_random_string()); $_SESSION['nonce'] = $nonce; return $nonce; }
/** * Send activation email * @param $email */ public static function Reactivate($email) { global $objSettings; // deny all operations in demo version if (strtolower(SITE_MODE) == 'demo') { self::$static_error = _OPERATION_BLOCKED; return false; } if (!empty($email)) { if (check_email_address($email)) { $sql = 'SELECT id, first_name, last_name, user_name, registration_code, preferred_language, is_active '; if (!PASSWORDS_ENCRYPTION) { $sql .= ', user_password '; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'aes') { $sql .= ', AES_DECRYPT(user_password, \'' . PASSWORDS_ENCRYPT_KEY . '\') as user_password '; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'md5') { $sql .= ', \'\' as user_password '; } } } $sql .= 'FROM ' . TABLE_CUSTOMERS . ' WHERE email = \'' . $email . '\''; $temp = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY); if (is_array($temp) && count($temp) > 0) { if ($temp['registration_code'] != '' && $temp['is_active'] == '0') { //////////////////////////////////////////////////////// if (!PASSWORDS_ENCRYPTION) { $user_password = $temp['user_password']; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'aes') { $user_password = $temp['user_password']; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'md5') { $user_password = get_random_string(8); $sql = 'UPDATE ' . TABLE_CUSTOMERS . ' SET user_password = \'' . md5($user_password) . '\' WHERE id = ' . $temp['id']; database_void_query($sql); } } } send_email($email, $objSettings->GetParameter('admin_email'), 'new_account_created_confirm_by_email', array('{FIRST NAME}' => $temp['first_name'], '{LAST NAME}' => $temp['last_name'], '{USER NAME}' => $temp['user_name'], '{USER PASSWORD}' => $user_password, '{REGISTRATION CODE}' => $temp['registration_code'], '{WEB SITE}' => $_SERVER['SERVER_NAME'], '{BASE URL}' => APPHP_BASE, '{YEAR}' => date('Y')), $temp['preferred_language']); //////////////////////////////////////////////////////// return true; } else { self::$static_error = _EMAILS_SENT_ERROR; return false; } } else { self::$static_error = _EMAIL_NOT_EXISTS; return false; } } else { self::$static_error = _EMAIL_IS_WRONG; return false; } } else { self::$static_error = _EMAIL_EMPTY_ALERT; return false; } return true; }
public function putPassword($password) { $this->setSalt(get_random_string(16)); $this->setPassword(md5($this->getSalt() . $password)); }
/** * Set auto-login token * @since Version 3.2 * @version 3.2 * @return boolean * * @param int $cookieExpire */ public function setAutoLogin($cookieExpire) { if (empty($cookieExpire)) { $cookieExpire = RP_AUTOLOGIN_EXPIRE; } if (!is_null(filter_input(INPUT_SERVER, "HTTP_X_FORWARDED_FOR", FILTER_SANITIZE_STRING))) { #!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $clientAddr = filter_input(INPUT_SERVER, "HTTP_X_FORWARDED_FOR", FILTER_SANITIZE_STRING); #$_SERVER['HTTP_X_FORWARDED_FOR']; } else { $clientAddr = filter_input(INPUT_SERVER, "REMOTE_ADDR", FILTER_SANITIZE_URL); #$_SERVER['REMOTE_ADDR']; } $data = array("user_id" => $this->id, "autologin_token" => get_random_string("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 16), "autologin_expire" => $cookieExpire, "autologin_ip" => $clientAddr, "autologin_hostname" => filter_input(INPUT_SERVER, "REMOTE_HOST", FILTER_SANITIZE_STRING), "autologin_last" => time(), "autologin_time" => time()); if (is_null($data['autologin_hostname'])) { $data['autologin_hostname'] = $clientAddr; } $autologin = array("user_id" => $this->id, "token" => $data['autologin_token']); if ($this->db->insert("nuke_users_autologin", $data)) { setcookie("rp_autologin", base64_encode(implode(":", $autologin)), $cookieExpire, RP_AUTOLOGIN_PATH, RP_AUTOLOGIN_DOMAIN, RP_SSL_ENABLED, true); $this->addNote("Autologin token set"); return true; } return false; }
<?php require_once 'config.php'; require_once 'functions.php'; $soluciones = array(); $result = (require_once './preguntas.php'); shuffle($result); $body = ''; for ($ex = 0; $ex < TOTAL_EXAMENES_A_GENERAR; $ex++) { $num_pregunta = 1; $referencia_examen = mb_strtoupper(get_random_string(4, 4, true, false, false)); if ($ex > 0) { $body .= '<div class="newpage"></div>' . PHP_EOL; } $body .= '<p>Nombre: <span class="referenciaexamen"> COD: ' . $referencia_examen . '</span></p>'; $soluciones[$referencia_examen] = array(); foreach ($result as $a => $b) { $body .= '<div id="pregunta' . $num_pregunta . '" class="pregunta">'; $body .= '<h2 class="titulopregunta">' . $num_pregunta . ') ' . $b['titulo'] . '</h2>' . PHP_EOL; if ($b['tipo'] == 'TEST') { $body .= '<ul class="listarespuestastest">' . PHP_EOL; $respuestas_rnd = shuffle_assoc($b['respuestas']); $i = 'a'; foreach ($respuestas_rnd as $c => $d) { $body .= '<li class="resupestatest">' . $i . ') ' . $c . '</li>' . PHP_EOL; if ($d) { $soluciones[$referencia_examen][$num_pregunta] = $i; } $i++; } $body .= '</ul>' . PHP_EOL;
function forgot_password($con) { if (isset($_POST['Submit'])) { $user = strtolower(mysqli_real_escape_string($con, $_POST['username'])); $email = strtolower(mysqli_real_escape_string($con, $_POST['email'])); $check_email_user = mysqli_query($con, "SELECT password, salt FROM user WHERE username= '******' AND email = '{$email}'") or die(mysqli_error($con)); if (mysqli_num_rows($check_email_user) == 1) { $pw1 = get_random_string("abcdefghijklmnopqrstuwxyz1234567890_!#\$%&=", 7); //create new salt, generate crypt and store new PW and salt $cost = 10; $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.'); $salt = sprintf("\$2a\$%02d\$", $cost) . $salt; $password_final = crypt($pw1, $salt); $mail = smtpmailer($email, "*****@*****.**", "ETM Automated mail", "Eve Trade Master - login details", "You have recently requested a new password at www.evetrademaster.com. Your new password is '{$pw1}'"); $update_pw_salt = mysqli_query($con, "UPDATE user SET password = '******', salt = '{$salt}' WHERE username = '******' ") or die(mysqli_error($con)); if ($update_pw_salt) { } else { echo "Error establishing database connection. Try again later"; } } else { echo "Data doesn't match our records"; } } else { ?> Forgot your password? Type your email and username and we'll send you a new one. <form method="POST" action="forgot_password.php" ><fieldset> <div class="form-group"> Email <input class="form-control" type = "text" size="30" name="email"> </div> <div class="form-group"> Username<input class="form-control" type = "text" size="20" name="username"> </div> <p align='center'><input type ="Submit" name="Submit" value="Submit" class="btn btn-lg btn-success"></p> </fieldset></form> <?php } }
function account_del_account() { global $db; if ($db->result(DB_PRE . 'ecp_user', 'ondelete', 'ID = ' . $_SESSION['userID'])) { if ($db->query('UPDATE ' . DB_PRE . 'ecp_user SET ondelete = 0 WHERE ID = ' . $_SESSION['userID'])) { $db->query('DELETE FROM ' . DB_PRE . 'ecp_user_codes WHERE userID = ' . $_SESSION['userID'] . ' AND art = \'account_del\''); table(INFO, ACCOUNT_DELETE_REMOVE); } } else { if (isset($_GET['agree'])) { $str = get_random_string(10, 2); $db->query('DELETE FROM ' . DB_PRE . 'ecp_user_codes WHERE userID = ' . $_SESSION['userID'] . ' AND art = \'account_del\''); if (send_email($_SESSION['email'], ACCOUNT_DELETE, CONFIRM_LINK . ': ' . SITE_URL . '?section=account&action=confirmdel&code=' . $str . '&id=' . $_SESSION['userID'])) { if ($db->query('INSERT INTO ' . DB_PRE . 'ecp_user_codes (`userID`, `code`, `art`) VALUES (\'' . $_SESSION['userID'] . '\', \'' . strsave($str) . '\', \'account_del\')')) { table(INFO, EMAIL_SEND_SUCCESS); } } else { if ($db->query('UPDATE ' . DB_PRE . 'ecp_user SET ondelete = ' . strtotime('tomorrow 23:59') . ' WHERE ID = ' . $_SESSION['userID'])) { table(INFO, str_replace('{zeit}', date('d.m.Y H:i', strtotime('tomorrow 23:59')), ACCOUNT_DELETE_ON)); } } } else { table(INFO, ACCOUNT_DEL_QUEST); } } }
if ($length < 1 || preg_match('/^.*(?=.*[a-z|A-Z]).*$/', $length)) { $length = 20; } if ($lc) { $validcharacters .= 'abcdefghijklmnopqrstuvwxyz'; } if ($uc) { $validcharacters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; } if ($sym) { $validcharacters .= '!@#$%^&*()_+=-[{]};:\'",<.>/?`~'; } if ($num) { $validcharacters .= '0123456789'; } $password = get_random_string($validcharacters, (int) $length); } if (isset($_POST['length'])) { $temp = $_POST['length']; } else { $temp = 20; } ?> <html> <body> <?php if ($password != '') { echo 'Password is: <div class="password"><strong>' . $password . '</strong></div><br />'; } echo '<form action="generatepassword.php" method="POST">';
$q = 'SELECT username, email FROM users WHERE email="' . $email . '" LIMIT 1'; if ($r = mysql_query($q, $dbConn)) { $row = mysql_fetch_array($r); if (is_array($row)) { //found an account with a matching email. $username = $row['username']; $email = $row['email']; } else { $error['nouser'] = '******'t belong to a registered user.'; } } else { $error['mysql'] = 'Bad database connection.'; } if (empty($error)) { // mysql fields to complete are id, time, email, resetcode $code = get_random_string() . time() . get_random_string(); $q = "INSERT INTO pass_reset values (NULL, CURRENT_TIMESTAMP, '{$email}', '{$code}')"; if ($r = mysql_query($q, $dbConn)) { $to = strip_tags($email); $subject = "No Clan: Password reset request"; $link = rurl() . htmlentities($_SERVER['PHP_SELF']) . '?resetCode=' . $code; $nc = rurl(); $body = trim("Hi {$username}!<br/>\n\n\t\t\t\t\t\tYou seem to have forgotten your account's details.\n\t\t\t\t\t\tYour registered username is: {$username}<br />\n\n\t\t\t\t\t\tTo select a new password, you have to follow this link:<br />\n\n\t\t\t\t\t\t<a href='{$link}'>{$link}</a><br />\n\n\t\t\t\t\t\t<br />\n\n\t\t\t\t\t\t(or copy&paste the url on your browser)<br />\n\n\t\t\t\t\t\tPlease take note that this code is temporary and\n\t\t\t\t\t\tonly lasts for 3 hours. After this period, you will\n\t\t\t\t\t\thave to request a new password reset.<br />\n\n\t\t\t\t\t\t<br />\n\n\t\t\t\t\t\tIf you didn't request a password reset and you\n\t\t\t\t\t\twant to keep your current password, you may ignore\n\t\t\t\t\t\tthis email.<br />\n\n\t\t\t\t\t\t<br />\n\n\t\t\t\t\t\tSee you soon.<br/>\n\n\t\t\t\t\t\tNo Clan - <a href='{$nc}'>{$nc}</a><br/>\n<br/>\n"); if (send_mail($to, $subject, $body)) { // Finish all $request = 'sent'; } else { $error['bademail'] = 'We are sorry, we couldn\'t send the email. Please contact the administration.'; } } else { $error['mysql'] = 'Request failed. Have you already requested a password reset?';
$STH->bindParam(3, $_POST['title'], PDO::PARAM_STR); $STH->bindParam(4, $_POST['priority'], PDO::PARAM_INT); $STH->bindParam(5, $_POST['wsurl'], PDO::PARAM_STR); $STH->bindParam(6, $_POST['contype'], PDO::PARAM_STR); $STH->bindParam(7, $_POST['ftpus'], PDO::PARAM_STR); $STH->bindParam(8, $_POST['ftppass'], PDO::PARAM_STR); $STH->bindParam(9, $key, PDO::PARAM_STR); $STH->bindParam(10, $date, PDO::PARAM_STR); $STH->bindParam(11, $date, PDO::PARAM_STR); $STH->bindParam(12, $ena, PDO::PARAM_STR); $STH->execute(); echo '<script>parent.$(".main").nimbleLoader("show", {position : "fixed",loaderClass : "loading_bar_body",hasBackground : true,zIndex : 999,backgroundColor : "#fff",backgroundOpacity : 0.9});</script>'; //Assign Reference Number $tkid = $DBH->lastInsertId(); $ip = retrive_ip(); $randomref = get_random_string(6); $spadd = str_split(strrev($_SESSION['id'] . '')); $lll = count($spadd); for ($i = 0; $i < $lll; $i++) { $spadd[$i] = $letarr[$spadd[$i]]; } $randomref = implode('', $spadd) . $randomref; $query = "UPDATE " . $SupportTicketsTable . " SET ref_id=? WHERE id=? "; $STH = $DBH->prepare($query); $STH->bindParam(1, $randomref, PDO::PARAM_STR); $STH->bindParam(2, $tkid, PDO::PARAM_INT); $STH->execute(); //Insert Message $query = "INSERT INTO " . $SupportMessagesTable . "(`user_id`,`message`,`ticket_id`,`ip_address`,`created_time`) VALUES (?,?,?,?,?);"; $STH = $DBH->prepare($query); $STH->bindParam(1, $_SESSION['id'], PDO::PARAM_INT);
/** * Draws mass mail form * $param $draw */ public function DrawMassMailForm($draw = true) { global $objSettings; $template_subject = ''; $template_content = ''; $result = database_query('SELECT COUNT(*) as cnt FROM ' . $this->TABLE_NAME . ' WHERE is_active = 1 AND email_notifications = 1 AND email != \'\'', DATA_ONLY, FIRST_ROW_ONLY); $members_emails_count = isset($result['cnt']) ? $result['cnt'] : 0; $result = database_query('SELECT COUNT(*) as cnt FROM ' . TABLE_ACCOUNTS . ' WHERE is_active = 1 AND email != \'\'', DATA_ONLY, FIRST_ROW_ONLY); $admins_emails_count = isset($result['cnt']) ? $result['cnt'] : 0; $emails_count = $members_emails_count + $admins_emails_count; $result = database_query('SELECT COUNT(*) as cnt FROM ' . TABLE_NEWS_SUBSCRIBED . ' WHERE email != \'\'', DATA_ONLY, FIRST_ROW_ONLY); $newsletter_subscribers_count = isset($result['cnt']) ? $result['cnt'] : 0; $send_copy_to_admin = '1'; $email_from = $objSettings->GetParameter('admin_email'); $template_code = isset($_GET['template_code']) ? prepare_input($_GET['template_code']) : ''; $duration = isset($_POST['duration']) ? (int) $_POST['duration'] : '5'; $members_module_installed = Modules::IsModuleInstalled($this->MODULE_NAME); // load appropriate email template if ($template_code != '') { $template = $this->GetTemplate($template_code, Application::Get('lang')); $template_subject = $template['template_subject']; $template_content = $template['template_content']; } if ($this->error == true) { $template_code = isset($_POST['template_name']) ? prepare_input($_POST['template_name']) : ''; $template_subject = isset($_POST['subject']) ? prepare_input($_POST['subject']) : ''; $template_content = isset($_POST['message']) ? prepare_input($_POST['message']) : ''; } $output = '<script type="text/javascript"> function duration_OnChange(val){ var el_package_size = (document.getElementById(\'package_size\')) ? document.getElementById(\'package_size\') : null; if(val == \'\' && el_package_size){ el_package_size.selectedIndex = 0; el_package_size.disabled = \'disabled\'; }else{ el_package_size.disabled = \'\'; } } function email_to_OnChange(val){ var el_send_copy_to_admin = (document.getElementById(\'send_copy_to_admin\')) ? document.getElementById(\'send_copy_to_admin\') : null; if(val == \'admins\' && el_send_copy_to_admin){ el_send_copy_to_admin.disabled = \'disabled\'; }else{ el_send_copy_to_admin.disabled = \'\'; } } function OnSubmit_Check(){ var email_to = (document.getElementById(\'email_to\')) ? document.getElementById(\'email_to\').value : \'\'; var email_from = (document.getElementById(\'email_from\')) ? document.getElementById(\'email_from\').value : \'\'; var subject = (document.getElementById(\'subject\')) ? document.getElementById(\'subject\').value : \'\'; var message = (document.getElementById(\'message\')) ? document.getElementById(\'message\').value : \'\'; if(email_to == \'\'){ alert(\'' . str_replace('_FIELD_', _EMAIL_TO, _FIELD_CANNOT_BE_EMPTY) . '\'); document.getElementById(\'email_to\').focus(); return false; }else if(email_from == \'\'){ alert(\'' . str_replace('_FIELD_', _EMAIL_FROM, _FIELD_CANNOT_BE_EMPTY) . '\'); document.getElementById(\'email_from\').focus(); return false; }else if(email_from != \'\' && !appIsEmail(email_from)){ alert(\'' . str_replace('_FIELD_', _EMAIL_FROM, _FIELD_MUST_BE_EMAIL) . '\'); document.getElementById(\'email_from\').focus(); return false; }else if(subject == \'\'){ alert(\'' . str_replace('_FIELD_', _SUBJECT, _FIELD_CANNOT_BE_EMPTY) . '\'); document.getElementById(\'subject\').focus(); return false; }else if(message == \'\'){ alert(\'' . str_replace('_FIELD_', _MESSAGE, _FIELD_CANNOT_BE_EMPTY) . '\'); document.getElementById(\'message\').focus(); return false; }else if(email_to == \'all\'){ if(!confirm(\'' . _PERFORM_OPERATION_COMMON_ALERT . '\')){ return false; } } return true; } </script>'; $output .= '<form action="index.php?admin=mass_mail" method="post" style="margin:0px;"> ' . draw_hidden_field('task', 'send', false) . ' ' . draw_hidden_field('email_random_code', get_random_string(10), false) . ' ' . draw_token_field(false) . ' <table border="0" cellspacing="10"> <tr> <td align="left" valign="top"> <fieldset style="height:410px;"> <legend><b>' . _FORM . ':</b></legend> <table width="97%" align="center" border="0" cellspacing="5"> <tr> <td align="right" nowrap="nowrap"> <label>' . _EMAIL_TEMPLATES . ':</label><br> ' . prepare_permanent_link('index.php?admin=email_templates', '[ ' . _MANAGE_TEMPLATES . ' ]', '', '') . ' </td> <td></td> <td> <table cellpadding="0" cellspacing="0"> <tr valign="middle"> <td> <select name="template_name" id="template_name" style="margin-bottom:3px;" onchange="javascript:appGoTo(\'admin=mass_mail&template_code=\'+this.value)"> <option value="">-- ' . _NO_TEMPLATE . ' --</option>'; $templates = $this->GetAllTemplates('is_system_template=0'); for ($i = 0; $i < $templates[1]; $i++) { $output .= '<option'; $output .= $templates[0][$i]['is_system_template'] == '1' ? ' style="background-color:#ffffcc;color:#000055"' : ''; $output .= $template_code == $templates[0][$i]['template_code'] ? ' selected="selected"' : ''; $output .= ' value="' . encode_text($templates[0][$i]['template_code']) . '">' . $templates[0][$i]['template_name'] . '</option>'; } $output .= ' </select> </td> </tr> </table> </td> </tr> <tr> <td align="right" nowrap="nowrap"><label>' . _EMAIL_TO . ':</label></td> <td><span class="mandatory_star">*</span></td> <td> <select name="email_to" id="email_to" style="margin-bottom:3px;" onchange="email_to_OnChange(this.value)"> <option value="">-- ' . _SELECT . ' --</option> <option value="test" style="background-color:#ffffcc;color:#000055">' . _TEST_EMAIL . ' (' . $email_from . ')</option>'; if (Modules::IsModuleInstalled('news')) { $output .= '<option value="newsletter_subscribers" style="background-color:#ffccff;color:#000055">' . _NEWSLETTER_SUBSCRIBERS . ' (' . $newsletter_subscribers_count . ')</option>'; } if ($members_module_installed) { $output .= '<optgroup label="' . $this->MEMBERS_NAME . '">'; $output .= '<option value="members|all">' . _ALL . ' (' . $members_emails_count . ')</option>'; if (self::$PROJECT == 'ShoppingCart' || self::$PROJECT == 'BusinessDirectory' || self::$PROJECT == 'HotelSite') { $arrMembersGroups = CustomerGroups::GetAllGroupsByCustomers(); } else { if (self::$PROJECT == 'MedicalAppointment') { $arrMembersGroups = PatientGroups::GetAllGroupsByPatiens(); } else { $arrMembersGroups = UserGroups::GetAllGroupsByUsers(); } } $member_groups_emails_count = 0; if ($arrMembersGroups[1] > 0) { foreach ($arrMembersGroups[0] as $key => $val) { if ($val[$this->MODULE_NAME . '_count']) { $output .= '<option value="members|' . $val['id'] . '">' . $val['name'] . ' (' . $val[$this->MODULE_NAME . '_count'] . ')</option>'; $member_groups_emails_count += $val[$this->MODULE_NAME . '_count']; } } } $member_non_groups_emails = $members_emails_count - $member_groups_emails_count; $output .= '<option value="members|uncategorized">' . _UNCATEGORIZED . ' (' . $member_non_groups_emails . ')</option>'; $output .= '</optgroup>'; } $output .= '<option value="admins">' . _ADMINS . ' (' . $admins_emails_count . ')</option>'; if ($members_module_installed) { $output .= '<option value="all">' . $this->ADMINS_MEMBERS_NAME . ' (' . $emails_count . ')</option>'; } $output .= '</select> </td> </tr> <tr> <td align="right" nowrap="nowrap"><label for="email">' . _EMAIL_FROM . ':</label></td> <td><span class="mandatory_star">*</span></td> <td> <input type="text" name="email_from" style="width:210px" id="email_from" value="' . decode_text($email_from) . '" maxlength="70" /> </td> </tr> <tr valign="top"> <td align="right" nowrap="nowrap"><label>' . _SUBJECT . ':</label></td> <td><span class="mandatory_star">*</span></td> <td> <input type="text" style="width:410px" name="subject" id="subject" value="' . decode_text($template_subject) . '" maxlength="255" /> </td> </tr> <tr valign="top"> <td align="right" nowrap="nowrap"><label>' . _MESSAGE . ':</label></td> <td><span class="mandatory_star">*</span></td> <td> <textarea style="width:465px;margin-right:10px;" rows="10" name="message" id="message">' . $template_content . '</textarea> </td> </tr>'; $output .= '<tr valign="middle"> <td colspan="2"></td> <td><img src="images/question_mark.png" alt="">' . _MASS_MAIL_ALERT . '</td> </tr>'; $output .= '<tr><td colspan="3" nowrap style="height:6px;"></td></tr> <tr> <td align="right" nowrap="nowrap"><a href="javascript:void(0);" onclick="appPopupWindow(\'mail_preview.html\',\'message\')">[ ' . _PREVIEW . ' ]</a></td> <td></td> <td> <div style="float:left"><input type="checkbox" class="form_checkbox" name="send_copy_to_admin" id="send_copy_to_admin" ' . ($send_copy_to_admin == '1' ? 'checked="checked"' : '') . ' value="1"> <label for="send_copy_to_admin">' . _SEND_COPY_TO_ADMIN . '</label></div> <div style="float:right"><input class="form_button" type="submit" name="btnSubmit" value="' . _SEND . '" onclick="return OnSubmit_Check();"> </div> </td> </tr> </table> </fieldset> </td> <td align="left" valign="top"> <fieldset style="padding-' . Application::Get('defined_right') . ':10px;"> <legend>' . _PREDEFINED_CONSTANTS . ':</legend> <ul> <li>{FIRST NAME} <br><span style="color:a0a0a0">' . _PC_FIRST_NAME_TEXT . '</span></li> <li>{LAST NAME} <br><span style="color:a0a0a0">' . _PC_LAST_NAME_TEXT . '</span></li> <li>{USER NAME} <br><span style="color:a0a0a0">' . _PC_USER_NAME_TEXT . '</span></li> <li>{USER EMAIL} <br><span style="color:a0a0a0">' . _PC_USER_EMAIL_TEXT . '</span></li> <li>{BASE URL} <br><span style="color:a0a0a0">' . _PC_WEB_SITE_BASED_URL_TEXT . '</span></li> <li>{WEB SITE} <br><span style="color:a0a0a0">' . _PC_WEB_SITE_URL_TEXT . '</span></li> <li>{YEAR} <br><span style="color:a0a0a0">' . _PC_YEAR_TEXT . '</span></li> </ul> </fieldset> </td> </tr> </table> </form>'; if ($draw) { echo $output; } else { return $output; } }
/** * Do (prepare) order * @param $payment_type */ public static function DoOrder($payment_type = '') { //global $objSettings; global $objLogin; if (SITE_MODE == 'demo') { self::$message = draw_important_message(_OPERATION_BLOCKED, false); return false; } // check if customer has reached the maximum number of allowed 'open' orders $max_orders = ModulesSettings::Get('payments', 'maximum_allowed_orders'); $sql = 'SELECT COUNT(*) as cnt FROM ' . TABLE_ORDERS . ' WHERE customer_id = ' . (int) $objLogin->GetLoggedID() . ' AND (status = 0 OR status = 1)'; $result = database_query($sql, DATA_ONLY); $cnt = isset($result[0]['cnt']) ? (int) $result[0]['cnt'] : 0; if ($cnt >= $max_orders) { self::$message = _MAX_ORDERS_ERROR; return false; } $return = false; $currency = MicroGrid::GetParameter('currency', false); $plan_id = MicroGrid::GetParameter('plan_id', false); $payment_type = MicroGrid::GetParameter('payment_type', false); $additionalInfo = ''; $payed_by = 0; $listings_amount = 0; $order_price = 0; $vat_percent = ModulesSettings::Get('payments', 'vat_value'); $vat_cost = 0; $total_price = 0; // add order to database if (in_array($payment_type, array('online', 'paypal', '2co', 'authorize'))) { if ($payment_type == 'paypal') { $payed_by = '1'; $status = '0'; } else { if ($payment_type == '2co') { $payed_by = '2'; $status = '0'; } else { if ($payment_type == 'authorize') { $payed_by = '3'; $status = '0'; } else { $payed_by = '0'; $status = '0'; } } } $sql = 'SELECT ap.id, ap.listings_count, ap.price, ap.duration FROM ' . TABLE_ADVERTISE_PLANS . ' ap WHERE ap.id = ' . (int) $plan_id; $result = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY); if ($result[1] > 0) { $listings_amount = $result[0]['listings_count']; $order_price = $result[0]['price'] * Application::Get('currency_rate'); $vat_cost = $order_price * ($vat_percent / 100); $total_price = $order_price + $vat_cost; ///////////////////////////////////////////////////////////////// $sql = 'SELECT id, order_number FROM ' . TABLE_ORDERS . ' WHERE customer_id = ' . (int) $objLogin->GetLoggedID() . ' AND status = 0 ORDER BY id DESC'; $result = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY); if ($result[1] > 0) { $sql_start = 'UPDATE ' . TABLE_ORDERS . ' SET '; $order_number = $result[0]['order_number']; $sql_end = ' WHERE order_number = \'' . $order_number . '\''; } else { $sql_start = 'INSERT INTO ' . TABLE_ORDERS . ' SET '; $order_number = strtoupper(get_random_string(10)); $sql_end = ''; } $sql_middle = 'order_number = \'' . $order_number . '\', order_description = \'' . _LISTINGS_PURCHASING . '\', order_price = ' . number_format((double) $order_price, (int) Application::Get('currency_decimals'), '.', '') . ', vat_percent = ' . $vat_percent . ', vat_fee = ' . number_format((double) $vat_cost, (int) Application::Get('currency_decimals'), '.', '') . ', total_price = ' . number_format((double) $total_price, (int) Application::Get('currency_decimals'), '.', '') . ', currency = \'' . $currency . '\', advertise_plan_id = ' . $plan_id . ', listings_amount = ' . (int) $listings_amount . ', customer_id = ' . (int) @$objLogin->GetLoggedID() . ', transaction_number = \'\', created_date = \'' . date('Y-m-d H:i:s') . '\', payment_date = \'0000-00-00 00:00:00\', payment_type = ' . $payed_by . ', payment_method = 0, coupon_number = \'\', discount_campaign_id = 0, additional_info = \'' . $additionalInfo . '\', cc_type = \'\', cc_holder_name = \'\', cc_number = \'\', cc_expires_month = \'\', cc_expires_year = \'\', cc_cvv_code = \'\', status = ' . (int) $status . ', status_changed = \'0000-00-00 00:00:00\', email_sent = 0'; $sql = $sql_start . $sql_middle . $sql_end; if (database_void_query($sql)) { $return = true; } else { self::$message = _ORDER_PEPARING_ERROR; $return = false; } } else { self::$message = _ORDER_PEPARING_ERROR; $return = false; } } else { self::$message = _ORDER_PEPARING_ERROR; $return = false; } if (SITE_MODE == 'development' && !empty(self::$message)) { self::$message .= '<br>' . $sql . '<br>' . mysql_error(); } return $return; }
function project_pg() { function get_random_string($valid_chars, $length) { // start with an empty random string $random_string = ""; // count the number of chars in the valid chars string so we know how many choices we have $num_valid_chars = strlen($valid_chars); // repeat the steps until we've created a string of the right length for ($i = 0; $i < $length; $i++) { // pick a random number from 1 up to the number of valid chars $random_pick = mt_rand(1, $num_valid_chars); // take the random character out of the string of valid chars // subtract 1 from $random_pick because strings are indexed starting at 0, and we started picking at 1 $random_char = $valid_chars[$random_pick - 1]; // add the randomly-chosen char onto the end of our string so far $random_string .= $random_char; } // return our finished random string return $random_string; } $password = ''; $lc = 0; $uc = 0; $sym = 0; $num = 0; if (isset($_REQUEST['generate'])) { $validcharacters = ''; if (isset($_POST['lc'])) { $lc = $_POST['lc']; } else { $lc = 0; } if (isset($_POST['uc'])) { $uc = $_POST['uc']; } else { $uc = 0; } if (isset($_POST['sym'])) { $sym = $_POST['sym']; } else { $sym = 0; } if (isset($_POST['num'])) { $num = $_POST['num']; } else { $num = 0; } $length = $_POST['length']; if ($length < 1 || preg_match('/^.*(?=.*[a-z|A-Z]).*$/', $length)) { $length = 20; } if ($lc) { $validcharacters .= 'abcdefghijklmnopqrstuvwxyz'; } if ($uc) { $validcharacters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; } if ($sym) { $validcharacters .= '!@#$%^&*()_+=-[{]};:\'",<.>/?`~'; } if ($num) { $validcharacters .= '0123456789'; } if ($lc || $uc || $sym || $num) { $password = get_random_string($validcharacters, (int) $length); } else { $password = '******'; } } if (isset($_POST['length'])) { $temp = $_POST['length']; } else { $temp = 20; } // More if ($password != '') { echo 'Password is: <div class="password"><strong>' . htmlspecialchars($password) . '</strong></div><br />'; } echo '<form action="index.php" method="POST">'; echo 'Types:<br />'; if (isset($lc) && $lc) { $l[0] = 'checked'; } else { $l[0] = ''; } if (isset($uc) && $uc) { $l[1] = 'checked'; } else { $l[1] = ''; } if (isset($sym) && $sym) { $l[2] = 'checked'; } else { $l[2] = ''; } if (isset($num) && $num) { $l[3] = 'checked'; } else { $l[3] = ''; } echo '<input type="checkbox" name="lc" value="1" ' . $l[0] . '>Lowercase letters<br />'; echo '<input type="checkbox" name="uc" value="1" ' . $l[1] . '>Uppercase letters<br />'; echo '<input type="checkbox" name="sym" value="1" ' . $l[2] . '>Symbols<br />'; echo '<input type="checkbox" name="num" value="1" ' . $l[3] . '>Numbers<br />'; echo 'Length: <input type="text" name="length" value="' . $temp . '" size="5" /><br />'; echo '<input type="submit" name="generate" value="Generate Password" /><br />'; echo '</form>'; }
?> videos/player/mediaelement-and-player.min.js"></script> <script src="<?php echo $siteRoot; ?> js/plugins.js"></script> <script src="<?php echo $siteRoot; ?> js/script.js?<?php echo get_random_string(); ?> "></script> <?php if ($admin == true && $page != "all_pics") { echo '<script src="' . $siteRoot . 'js/editable.js?' . get_random_string() . '" type="text/javascript"></script>'; } ?> <script type="text/javascript"> /* Update _setAccount value to user's Google Analytic account and uncomment this script var _gaq = _gaq || []; _gaq.push(['_setAccount', '//////']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();*/ </script> </body>
$auto_enroll_id = $_REQUEST['auto_enroll_id']; } else { $auto_enroll_id = 0; } if (isset($_POST['save']) || isset($_POST['add'])) { /* insert or update a category */ $name = trim($_POST['name']); $name = $addslashes($name); $name = validate_length($name, 50); if (isset($_POST['add']) && !$_POST['add_ids']) { $msg->addError('NO_ITEM_SELECTED'); } if (!$msg->containsErrors()) { if ($auto_enroll_id == 0) { $sql = "INSERT INTO %sauto_enroll(associate_string, name) VALUES ('%s', '%s')"; $rows_inserted = queryDB($sql, array(TABLE_PREFIX, get_random_string(6, 10), $name)); $auto_enroll_id = at_insert_id(); write_to_log(AT_ADMIN_LOG_INSERT, 'auto_enroll', $rows_inserted, $sqlout); } else { $sql = "UPDATE %sauto_enroll SET name = '%s' WHERE auto_enroll_id = %d"; $rows_updated = queryDB($sql, array(TABLE_PREFIX, $name, $auto_enroll_id)); write_to_log(AT_ADMIN_LOG_UPDATE, 'auto_enroll', $rows_updated, $sqlout); } if (isset($_POST['add'])) { foreach ($_POST['add_ids'] as $elem) { // unable to determine the purpose of this query // which always returns $row['cnt'] == 0, during queryDB() testing. $sql = "SELECT count(*) cnt FROM %sauto_enroll_courses\n\t\t\t\t WHERE auto_enroll_id = %d\n\t\t\t\t AND course_id = %d"; $row = queryDB($sql, array(TABLE_PREFIX, $auto_enroll_id, $elem), TRUE); if ($row["cnt"] == 0) { $sql = "INSERT INTO %sauto_enroll_courses (auto_enroll_id, course_id) VALUES (%d, %d)";
/** * Creates new menu * @param $param - array of parameters */ public function MenuCreate($params = array()) { // Block operation in demo mode if (strtolower(SITE_MODE) == 'demo') { $this->error = _OPERATION_BLOCKED; return false; } // Get input parameters if (isset($params['name'])) { $this->menu['menu_name'] = $params['name']; } if (isset($params['menu_placement'])) { $this->menu['menu_placement'] = $params['menu_placement']; } if (isset($params['order'])) { $this->menu['menu_order'] = $params['order']; } if (isset($params['language_id'])) { $this->menu['language_id'] = $params['language_id']; } if (isset($params['access_level'])) { $this->menu['access_level'] = $params['access_level']; } // Prevent creating of empty records in our 'menus' table if ($this->menu['menu_name'] != '') { $menu_code = strtoupper(get_random_string(10)); $total_languages = Languages::GetAllActive(); for ($i = 0; $i < $total_languages[1]; $i++) { $m = self::GetAll(' menu_order ASC', TABLE_MENUS, '', $total_languages[0][$i]['abbreviation']); $max_order = (int) ($m[1] + 1); $sql = 'INSERT INTO ' . TABLE_MENUS . ' (language_id, menu_code, menu_name, menu_placement, menu_order, access_level) VALUES(\'' . $total_languages[0][$i]['abbreviation'] . '\', \'' . $menu_code . '\', \'' . encode_text($this->menu['menu_name']) . '\', \'' . $this->menu['menu_placement'] . '\', ' . $max_order . ', \'' . $this->menu['access_level'] . '\')'; if (!database_void_query($sql)) { $this->error = _TRY_LATER; return false; } } return true; } else { $this->error = _MENU_NAME_EMPTY; return false; } }
function get_file_name_hash($length = 8) { return time() . get_random_string($length); }
function encrypt($content) { // add random char at both ends $content = get_random_string(4) . $content . get_random_string(4); // base64_encode $content = base64_encode($content); // swap at position 4 $content = substr($content, 4, strlen($content) - 4) . substr($content, 0, 4); // reverse it $content = strrev($content); return $content; }