function execEditGroup($userID, $groupID, $checkedUser) { if (gettype($checkedUser) != "array") { return "Wrong type of group member!"; } $checkedUser[] = $userID; $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); if (!isValidID($groupID)) { return "Invalid group ID!"; } $groupDAO = new GroupDAO(); $group = $groupDAO->getGroupByID($groupID); if ($group === null) { return "Group doesn't exist!"; } if ($group->getOwner()->getUserID() !== $userID) { return "You are not the owner of this group!"; } $gmDAO = new GroupMemberDAO(); $gms = $gmDAO->getGroupMembersByGroup($group); foreach ($gms as $gm) { $alreadyUser = $gm->getUser(); if (in_array($alreadyUser->getUserID(), $checkedUser)) { continue; } $gmDAO->deleteGroupMember($gm); } return true; }
function execChangeProfile($firstname, $lastname, $sex, $departmentID) { if (!isValidName($firstname) || !isValidName($lastname)) { return "Please enter valid names!"; } if (!isValidID($departmentID)) { return "Invalid department id!"; } $departDAO = new DepartmentDAO(); $depart = $departDAO->getDepartmentByID($departmentID); if ($depart === null) { return "Could not find the depart!"; } $userDAO = new UserDAO(); $user = $userDAO->getUserByID($_SESSION["userID"]); $user->setDepartment($depart); if ($user->getFirstName() != $firstname) { $user->setFirstName($firstname); } if ($user->getLastName() != $lastname) { $user->setLastName($lastname); } if ($user->getGender() != $sex) { $user->setGender($sex); } if (isset($_FILES["uploadphoto"])) { $ans = uploadPhoto($user, $_FILES["uploadphoto"]); if ($ans !== true) { return $ans; } } $userDAO->updateUser($user); return true; }
function verify() { if (isset($_GET["groupid"]) && isset($_GET["accept"])) { $groupID = $_GET["groupid"]; if (!isValidID($groupID)) { return; } $groupDAO = new GroupDAO(); $group = $groupDAO->getGroupByID($groupID); if ($group === null) { return; } $userDAO = new UserDAO(); $user = $userDAO->getUserByID($_SESSION["userID"]); $gmDAO = new GroupMemberDAO(); $gm = $gmDAO->getGroupMember($group, $user); if ($gm === null) { return; } $status = $gm->getAcceptStatus(); if ($status == "1") { return; } if ($_GET["accept"] == "1") { $gm->setAcceptStatus("1"); $gmDAO->updateGroupMember($gm); } elseif ($_GET["accept"] == "3") { $gmDAO->deleteGroupMember($gm); } } }
function uploadFile($userID, $groupID, $file) { $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); if ($user->getRole()->getRoleID() == "4") { return "This user was forbidden to upload file!"; } if (!isValidID($groupID)) { return "Group id is not valid!"; } $groupDAO = new GroupDAO(); $group = $groupDAO->getGroupByID($groupID); if ($group === null) { return "Can not find this group!"; } if ($group->getActivateStatus() === "2") { return "Group is not activated!"; } $groupMemberDAO = new GroupMemberDAO(); $groupMember = $groupMemberDAO->getGroupMember($group, $user); if ($groupMember === null) { return "User didn't belong to this group!"; } if (gettype($file["error"]) == "array") { return "Only accept one file!"; } $res = isValidUploadFile($file["error"]); if ($res !== true) { return $res; } $fileType = -1; $res = isValidImage($file["name"]); if ($res === true) { $fileType = "2"; } $res = isValidFile($file["name"]); if ($res === true) { $fileType = "3"; } if ($fileType === -1) { return "Only accepts jpeg/jpg/gif/png/zip file!"; } $record = new Record($group, $user, $fileType, "temp", "1"); $recordDAO = new RecordDAO(); $recordDAO->insertRecord($record); $fileDir = "upload/"; $filePath = $fileDir . $record->getRecordID() . "_" . $file["name"]; $record->setContent($filePath); $recordDAO->updateRecord($record); if (file_exists($filePath)) { unlink($filePath); } if (!move_uploaded_file($file['tmp_name'], $filePath)) { return "Fail to move file, please contact administrator!"; } return true; }
function postRecord($userID, $groupID, $messageType, $content) { $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); if ($user->getRole()->getRoleID() == "4") { return "This user was forbidden to post!"; } if (!isValidID($groupID)) { return "Group id is not valid!"; } if (!isValidMessageType($messageType)) { return "Message type is not valid!"; } if (gettype($content) != "string" || strlen($content) > 1000) { return "Wrong type content or exceed max length(1000)!"; } if ($messageType == "4") { if (!preg_match("/^http:\\/\\//i", $content)) { return "Only accept http url!"; } $content = substr($content, 7); if ($content === "") { return "Invalid url!"; } } $groupDAO = new GroupDAO(); $group = $groupDAO->getGroupByID($groupID); if ($group === null) { return "Can not find this group!"; } if ($group->getActivateStatus() === "2") { return "Group is not activated!"; } $groupMemberDAO = new GroupMemberDAO(); $groupMember = $groupMemberDAO->getGroupMember($group, $user); if ($groupMember === null) { return "User didn't belong to this group!"; } $record = new Record($group, $user, $messageType, $content, "1"); $recordDAO = new RecordDAO(); $recordDAO->insertRecord($record); return true; }
function execAddToGroup($userID, $groupID, $adduserIDs) { $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); if (!isValidID($groupID)) { return "Invalid group ID!"; } if (gettype($adduserIDs) != "array") { return "Wrong type of user id!"; } if (count($adduserIDs) === 0) { return "You have to choose users to add to this group!"; } foreach ($adduserIDs as $adduserID) { if (!isValidID($adduserID)) { return "Invalid user ID!"; } } $groupDAO = new GroupDAO(); $group = $groupDAO->getGroupByID($groupID); if ($group === null) { return "Group doesn't exist!"; } if ($group->getOwner()->getUserID() !== $userID) { return "You are not the owner of this group!"; } $gmDAO = new GroupMemberDAO(); foreach ($adduserIDs as $auID) { $aduser = $userDAO->getUserByID($auID); if ($aduser === null) { continue; } $gm = $gmDAO->getGroupMember($group, $aduser); if ($gm !== null) { continue; } $gm = new GroupMember($group, $aduser, "2"); $gmDAO->insertGroupMember($gm); } return true; }
function execEditDep($userID, $departmentID, $departmentName) { if (!isValidID($departmentID)) { return "Invalid parent ID!"; } if (!isValidDepartmentName($departmentName)) { return "Invalid department name!"; } $departDAO = new DepartmentDAO(); $depart = $departDAO->getDepartmentByID($departmentID); if ($depart === null) { return "Could not find this department!"; } $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); $role = $user->getRole(); if ($role->getRoleID() == "4" || $role->getRoleID() == "3") { return "You have no right to do this!"; } $depart->setDepartmentName($departmentName); $departDAO->updateDepartment($depart); return true; }
<?php require_once "classes/Recipe.class.php"; require_once "classes/DBUtils.class.php"; // Determine if the user has access to add new recipes, or edit this current one if (!$SMObj->isUserLoggedIn()) { die($LangUI->_('You must be logged into perform the requested action.')); } // Proceed to the next step $iterator = 0; $item_id = "recipe_id_" . $iterator; $item_delete = "recipe_selected_" . $iterator; while (isset($_REQUEST[$item_id])) { // check to see if it is in the list if (isset($_REQUEST[$item_delete]) && $_REQUEST[$item_delete] == "yes") { $recipe_id = isValidID($_REQUEST[$item_id]) ? $_REQUEST[$item_id] : 0; // Figure out who the owner of this recipe is, Editors can edit anyones recipes // The owner of a recipe does not change when someone edits it. if (!$SMObj->checkAccessLevel("EDITOR")) { $sql = "SELECT recipe_user FROM {$db_table_recipes} WHERE recipe_id = " . $DB_LINK->addq($recipe_id, get_magic_quotes_gpc()); $rc = $DB_LINK->Execute($sql); // If the recipe is owned by someone else then do not allow editing if ($rc->fields['recipe_user'] != "" && $rc->fields['recipe_user'] != $SMObj->getUserID()) { die($LangUI->_('You do not have sufficient privileges to delete this recipe!')); } } /* Go ahead and do the delete */ // clean up the old picture if we are suppose to if ($g_rb_database_type == "postgres") { $sql = "SELECT recipe_picture FROM {$db_table_recipes} WHERE recipe_id=" . $DB_LINK->addq($recipe_id, get_magic_quotes_gpc()); $rc = $DB_LINK->Execute($sql);
<?php require_once "classes/Pager.class.php"; $where = isset($_GET['where']) && isValidLetter($_GET['where'], "%") ? $_GET['where'] : ''; $page = isset($_GET['page']) && isValidID($_GET['page']) ? $_GET['page'] : 1; if (empty($where)) { $where = $alphabet[0]; // Set the default on to 'a' so that we don't have everything listed (faster this way) } // Pull First Letters $let = ":"; $sql = "SELECT DISTINCT LOWER(SUBSTRING(ingredient_name, 1, 1)) AS A FROM {$db_table_ingredients} WHERE ingredient_user = '******'"; $rc = $DB_LINK->Execute($sql); DBUtils::checkResult($rc, NULL, NULL, $sql); while (!$rc->EOF) { if (ord($rc->fields[0]) >= 192 and ord($rc->fields[0]) <= 222 and ord($rc->fields[0]) != 215) { // "Select lower" $rc->fields[0] = chr(ord($rc->fields[0]) + 32); } // above doesn't work with ascii > 192, this fixes it $let .= $rc->fields[0]; // it could be "a" or "A", so just go with the only returned item $rc->MoveNext(); } ?> <table cellspacing="0" cellpadding="1" border="0" width="100%"> <tr> <td align="left" class="title"><?php echo $LangUI->_('Ingredient Index'); ?>
function changeUserProfile($userID, $departmentID, $firstname, $lastname, $gender) { $userDAO = new UserDAO(); $departmentDAO = new DepartmentDAO(); $user = $userDAO->getUserByID($userID); $department = $departmentDAO->getDepartmentByID($departmentID); if (!isValidID($userID) || !isValidID($departmentID)) { return "Invalid ID!"; } if ($department === null) { return "Department: " . $departmentID . " doesn't exist!"; } $user->setDepartment($dept); if (!isValidName($firstname)) { return "Invalid first name!"; } $user->setFirstName($firstname); if (!isValidName($lastname)) { return "Invalid last name!"; } $user->setLastName($lastname); if ($gender !== 0 && $gender !== 1) { return "Please select Male or Female!"; } $user->setGender($gender); $userDAO->updateUser($user); }
<!-- Load Data Section --> <?php $store_id = isValidID($_GET['store_id']) ? $_GET['store_id'] : 0; $sql = "SELECT store_name,store_layout FROM {$db_table_stores} WHERE store_id=" . $DB_LINK->addq($store_id, get_magic_quotes_gpc()) . " AND store_user='******'"; $rc = $DB_LINK->Execute($sql); DBUtils::checkResult($rc, NULL, NULL, $sql); $store_name = $rc->fields['store_name']; $store_layout = split(',', $rc->fields['store_layout']); $sql = "SELECT location_id, location_desc FROM {$db_table_locations}"; $rc = $DB_LINK->Execute($sql); DBUtils::checkResult($rc, NULL, NULL, $sql); $locations = DBUtils::createList($rc, 'location_id', 'location_desc'); ?> <!-- Navigation section --> <table cellspacing="0" cellpadding="1" border="0" width="100%"> <tr> <td align="left" class="title"> <?php echo $LangUI->_('Store Layout For: ') . $store_name . "<br>"; ?> </td> </tr> </table> <table cellspacing="1" cellpadding="2" border="0" class="ing" width="40%"> <tr> <th><?php echo $LangUI->_('Section Name'); ?> </th> </tr>
<?php require_once "classes/DBUtils.class.php"; $recipe_id = isValidID($_GET['recipe_id']) ? $_GET['recipe_id'] : 0; ?> <table cellspacing="0" cellpadding="1" border="0" width="100%"> <tr> <td align="left" class="title"><?php echo $LangUI->_('Parent recipes'); ?> </td> </tr> </table> <p> <?php $sql = "SELECT related_parent,recipe_name FROM {$db_table_related_recipes}\n\t\tLEFT JOIN {$db_table_recipes} ON recipe_id=related_parent\n\t\tWHERE related_child=" . $DB_LINK->addq($recipe_id, get_magic_quotes_gpc()); $rc = $DB_LINK->Execute($sql); DBUtils::checkResult($rc, NULL, NULL, $sql); // Test to see if we found anything if ($rc->RecordCount() == 0) { echo $LangUI->_('No matching recipes found') . '.'; } // Display all of the matching recipes that use said ingredient while (!$rc->EOF) { echo '<a href="index.php?m=recipes&a=view&recipe_id=' . $rc->fields['related_parent'] . '">' . $rc->fields['recipe_name'] . "</a><br />\n"; $rc->MoveNext(); }
<?php require_once "classes/Units.class.php"; require_once "classes/DBUtils.class.php"; $recipe_id = isset($_GET['recipe_id']) && isValidID($_GET['recipe_id']) ? $_GET['recipe_id'] : 0; $total_ingredients = isset($_GET['total_ingredients']) && isValidID($_REQUEST['total_ingredients']) ? $_REQUEST['total_ingredients'] : 0; $total_related = isset($_GET['total_related']) && isValidID($_REQUEST['total_related']) ? $_REQUEST['total_related'] : 0; $show_ingredient_ordering = isset($_REQUEST['show_ingredient_order']) ? 'yes' : ''; $private = isset($_REQUEST['private']) ? TRUE : FALSE; // Declarations $n = 0; $p = 0; $ingredients = null; if ($g_rb_debug) { $show_ingredient_ordering = "yes"; } // Determine if the user has access to add new recipes, or edit this current one if (!$SMObj->isUserLoggedIn()) { die($LangUI->_('You must be logged into perform the requested action.')); } if ($recipe_id && !$SMObj->checkAccessLevel("EDITOR")) { // Figure out who the owner of this recipe is, Editors can edit anyones recipes // The owner of a recipe does not change when someone edits it. $sql = "SELECT recipe_user FROM {$db_table_recipes} WHERE recipe_id = " . $DB_LINK->addq($recipe_id, get_magic_quotes_gpc()); $rc = $DB_LINK->Execute($sql); // If the recipe is owned by someone else then do not allow editing if ($rc->fields['recipe_user'] != "" && $rc->fields['recipe_user'] != $SMObj->getUserID()) { die($LangUI->_('You are not the owner of this recipe, you are not allowed to edit it')); } } // get the information about the recipe (empty query if new recipe)
</script> <hr size=1 noshade> <?php $query = ""; $query_order = " ORDER BY ingredient_name"; $query_all = "SELECT * FROM {$db_table_ingredients} WHERE ingredient_user = '******' AND"; // Do not display anything if no search has been requested if (!isset($_REQUEST['search'])) { $query = ""; } else { // Construct the query $query = $query_all; if ($_REQUEST['name'] != "") { $query .= " ingredient_name LIKE '%" . $DB_LINK->addq($_REQUEST['name'], get_magic_quotes_gpc()) . "%' AND"; } if (isValidID($_REQUEST['location_id'])) { $query .= " ingredient_location=" . $DB_LINK->addq($_REQUEST['location_id'], get_magic_quotes_gpc()); } $query = preg_replace("/AND\$/", "", $query); // Put the order on the end $query .= $query_order; } /* ---------------------- The Query has been made, format and output the values returned from the database ----------------------*/ if ($query != "") { $counter = 0; $rc = $DB_LINK->Execute($query); DBUtils::checkResult($rc, NULL, NULL, $query); // Error check # exit if we did not find any matches
<?php require_once "libraries/head.php"; if (!isLogin()) { sendAjaxRedirect("index.php"); } if (isset($_POST["userid"]) && isset($_POST["newrole"])) { if (!isValidID($_POST["userid"]) || !isValidID($_POST["newrole"])) { sendAjaxResErr("User or role status invalid!"); } $result = executeChange($_SESSION["userID"], $_POST["userid"], $_POST["newrole"]); if ($result === true) { sendAjaxResSuc("Change role status successfully!"); } else { sendAjaxResErr($result); } } function executeChange($currUser, $userid, $newrole) { if ($newrole !== "1" && $newrole !== "2" && $newrole !== "3" && $newrole !== "4") { return "Invalid status!"; } $userDAO = new UserDAO(); $userChan = $userDAO->getUserByID($userid); $userCurr = $userDAO->getUserByID($currUser); //get current session user if ($userCurr->getRole()->getRoleID() !== "1" && $userCurr->getRole()->getRoleID() !== "2") { return "You have no right to change user status!"; } if ($userChan === null) { //database
<?php require_once "classes/DBUtils.class.php"; require_once "classes/Fraction.class.php"; // Read in the globals $mode = isset($_REQUEST['mode']) ? $_REQUEST['mode'] : 'print'; $store_id = isset($_REQUEST['store_id']) && isValidID($_REQUEST['store_id']) ? stripslashes($_REQUEST['store_id']) : 0; // the selected store layout $show_sections = isset($_REQUEST['show_sections']) ? $_REQUEST['show_sections'] : ''; $listObj = $_SESSION['shoppinglist']; // The layout contains the sections $useLayout = array(); // Load the store names from the database $sql = "SELECT store_id, store_name FROM {$db_table_stores} WHERE store_user = '******'"; $rc = $DB_LINK->Execute($sql); DBUtils::checkResult($rc, NULL, NULL, $sql); $stores = DBUtils::createList($rc, 'store_id', 'store_name'); $stores = array("0" => $LangUI->_("(Show All)")) + $stores; // Load the section names so we can print them for headers later (only if requested) $sql = "SELECT location_id, location_desc FROM {$db_table_locations} ORDER BY location_desc ASC"; $rc = $DB_LINK->Execute($sql); DBUtils::checkResult($rc, NULL, NULL, $sql); $locations = DBUtils::createList($rc, 'location_id', 'location_desc'); if ($store_id > 0) { // We need to do the query again (MySQL odd behavior) $sql = "SELECT store_layout FROM {$db_table_stores} WHERE store_user = '******' AND store_id = " . $DB_LINK->addq($store_id, get_magic_quotes_gpc()); $rc = $DB_LINK->Execute($sql); DBUtils::checkResult($rc, NULL, NULL, $sql); // get the list of sections to display, default is 'default' $useLayout = split(',', $rc->fields[0]); if (!count($useLayout)) {
$sql = "DELETE FROM {$db_table_ingredientmaps} WHERE map_recipe=" . $DB_LINK->addq($recipe_id, get_magic_quotes_gpc()); $result = $DB_LINK->Execute($sql); // Also clear out the related_recipes $sql = "DELETE FROM {$db_table_related_recipes} WHERE related_parent=" . $DB_LINK->addq($recipe_id, get_magic_quotes_gpc()); $result = $DB_LINK->Execute($sql); } $recipe_id = $recipeObj->getID(); /* Add the ingredients into the database. The order field is needed because mysql does not consistently put them in or retrieve them in a specific order. */ foreach ($ingArray as $ing) { $ing->setID($recipe_id); $ing->insertMap(); } // Add all the related recipes in. $i = 0; while (isset($_POST['relatedId_' . $i]) && isValidID($_POST['relatedId_' . $i])) { if (isset($_POST['relatedRequired_' . $i])) { $required = $DB_LINK->true; } else { $required = $DB_LINK->false; } $sql = "INSERT INTO {$db_table_related_recipes} (related_parent, related_child, related_required, related_order) VALUES (" . $DB_LINK->addq($recipe_id, get_magic_quotes_gpc()) . ", " . $DB_LINK->addq($_POST['relatedId_' . $i], get_magic_quotes_gpc()) . ", '" . $required . "', " . $i . ")"; $rc = $DB_LINK->Execute($sql); DBUtils::checkResult($rc, NULL, NULL, $sql); $i++; } ?>
<?php require_once "libraries/head.php"; require_once "libraries/class.FastTemplate.php"; if (!isLogin()) { exit; } $tpl = new FastTemplate("templates/"); $tpl->define(array("group_checked_member" => "index/group_checked_member.html")); if (isset($_POST["groupid"])) { $groupID = $_POST["groupid"]; if (!isValidID($groupID)) { return; } $userID = $_SESSION["userID"]; $groupDAO = new GroupDAO(); $group = $groupDAO->getGroupByID($groupID); if ($group === null) { return; } $gmDAO = new GroupMemberDAO(); $gms = $gmDAO->getGroupMembersByGroup($group); $flag = false; foreach ($gms as $gm) { if ($gm->getUser()->getUserID() === $userID) { continue; } $tpl->assign("INDEX_GROUP_CHECKED_USERID", $gm->getUser()->getUserID()); $tpl->assign("INDEX_GROUP_CHECKED_USERNAME", $gm->getUser()->getFirstName() . " " . $gm->getUser()->getLastName()); $tpl->parse("MAIN", ".group_checked_member"); $flag = true;
function inputOK($postVal, $dtyID, $rtyID) { if (!@$labelToID) { $labelToID = mysql__select_assoc("defTerms", "trm_Label", "trm_ID", "1"); } /*****DEBUG****/ //error_log("postvalue = ".print_r($postVal,true)); // if value is term label if (!is_numeric($postVal) && array_key_exists($postVal, $labelToID)) { $postVal = $labelToID[$postVal]; } return isValidID($postVal, $dtyID, $rtyID); }
echo "Welcome " . $user->data['username'] . "!"; ?> <br /><br /> <div id='errorBox'> <div id='keymanage'> Search for server keys by user: <input class='user' maxlength='40' type='text' value=''/> </div> </div> </center> <?php } else { ?> Download <?php if (isValidID($user->data['user_type'])) { ?> <p class="backBtn">| <a href="?managekeys=1">Manage Server Keys</a></p> <?php } ?> <hr class="hr1" /> <br /> <center> <?php echo "Welcome " . $user->data['username'] . "!"; if (true || isGroup($userID)) { ?> <br /><br /> <div id='errorBox'>Notice: this is a beta release. It's unstable and support is limited. <hr class="hr1">
<?php require_once "libraries/head.php"; if (!isLogin()) { sendAjaxRedirect("login.php"); } if (isset($_POST["groupid"]) && isset($_POST["newstatus"])) { if (!isValidID($_POST["groupid"]) || !isValidID($_POST["newstatus"])) { sendAjaxResErr("Group ID or Status invalid!"); } $result = executeChange($_SESSION["userID"], $_POST["groupid"], $_POST["newstatus"]); if ($result === true) { sendAjaxResSuc("Change group status successfully!"); } else { sendAjaxResErr($result); } } function executeChange($userID, $groupID, $newStatus) { $newStatus = $newStatus; if ($newStatus !== "1" && $newStatus !== "2" && $newStatus !== "3") { return "Invalid status!"; } $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); $groupDAO = new GroupDAO(); $group = $groupDAO->getGroupByID($groupID); if ($group === null) { return "Could not find this group!"; } if ($group->getActivateStatus() === $newStatus) {
function inputOK($postVal, $dtyID, $rtyID) { if (!@$labelToID) { $labelToID = mysql__select_assoc("defTerms", "trm_Label", "trm_ID", "1"); } // if value is term label if (!is_numeric($postVal) && array_key_exists($postVal, $labelToID)) { $postVal = $labelToID[$postVal]; } return $postVal ? isValidID($postVal, $dtyID, $rtyID) : false; }
<?php require_once "classes/Recipe.class.php"; $recipe_id = isValidID($_REQUEST['recipe_id']) ? $_REQUEST['recipe_id'] : 0; $recipeObj = new Recipe($recipe_id); $recipeObj->loadRecipe(); ?> <table cellspacing="0" cellpadding="1" border="0" width="100%"> <tr> <td align="left" class="title"> <?php echo $LangUI->_('Review Recipe'); ?> </td> </tr> </table> <p> <table cellspacing="0" cellpadding="1" border="0" width="100%"> <tr> <td align="center" class="title"> <?php echo $recipeObj->name; ?> </td> </tr> </table> <P> <b><?php echo $LangUI->_('Rating'); ?> :</b><br />
<?php require_once 'libs/phpmailer/class.phpmailer.php'; $recipe_id = isset($_POST['recipe_id']) && isValidID($_POST['recipe_id']) ? $_POST['recipe_id'] : 0; $sendToAddress = isset($_POST['email_address']) ? $_POST['email_address'] : ""; $message = isset($_POST['message']) ? $_POST['message'] : ""; if ($recipe_id == 0 || $sendToAddress == "") { die($LangUI->_('e-Mail address to send to and recipe ID are required to send a message')); } // Only trust logged in users to email if (!$SMObj->isUserLoggedIn()) { die($LangUI->_('You must be logged into perform the requested action.')); } $htmlData = get_data($g_rb_fullurl . "index.php?m=recipes&a=view&print=yes&format=no&recipe_id=" . $recipe_id); $htmlData = "<fieldset>" . $message . "</fieldset>" . $htmlData . '<p><a href="' . $g_rb_fullurl . 'index.php?m=recipes&a=view&recipe_id=' . $recipe_id . '">Visit Recipe Website</a></p>'; function get_data($url) { $ch = curl_init(); $timeout = 5; curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout); $data = curl_exec($ch); curl_close($ch); return $data; } $mail = new PHPMailer(); $mail->IsSMTP(); // telling the class to use SMTP //$mail->SMTPDebug = 2; // enables SMTP debug information (for testing) $mail->SMTPAuth = true;
<div id="ingredientAddEditContainer"> <?php require_once "classes/Units.class.php"; require_once "classes/DBUtils.class.php"; $ingredient_id = isset($_GET['ingredient_id']) && isValidID($_GET['ingredient_id']) ? $_GET['ingredient_id'] : 0; if (!$SMObj->isUserLoggedIn()) { die($LangUI->_('You must be logged into perform the requested action.')); } if ($ingredient_id && !$SMObj->checkAccessLevel("EDITOR")) { // Figure out who the owner of this ingredient is, Editors can edit anyones recipes // The owner of a ingredient does not change when someone edits it. $sql = "SELECT ingredient_user FROM {$db_table_ingredients} WHERE ingredient_id = " . $DB_LINK->addq($ingredient_id, get_magic_quotes_gpc()); $rc = $DB_LINK->Execute($sql); // If the recipe is owned by someone else then do not allow editing if ($rc->fields['ingredient_user'] != "" && $rc->fields['ingredient_user'] != $SMObj->getUserID()) { die($LangUI->_('You are not the owner of this ingredient, you are not allowed to edit it')); } } // get the information about the Ingredient (empty query if new Ingredient) if ($ingredient_id) { $sql = "SELECT *\n\t\t\tFROM {$db_table_ingredients}\n\t\t\tLEFT JOIN {$db_table_units} ON ingredient_unit = unit_id\n\t\t\tWHERE ingredient_id = " . $DB_LINK->addq($ingredient_id, get_magic_quotes_gpc()); $ingredients = $DB_LINK->Execute($sql); DBUtils::checkResult($ingredients, NULL, NULL, $sql); } ?> <script language="javascript"> $(document).ready(function() { $('#ingredient_form').validate(); $("#ingredient_name").autocomplete({
<?php $killOverride = true; $pageTitle = "SeaAuth - Unidentified Account"; require_once "authlib.php"; if (isValidID()) { $conn = $altConn = null; header('Location: index.php'); die(''); } //Check if it's a new ip $addr = $_SERVER['REMOTE_ADDR']; $cmd = $conn->prepare("select userID, active from {$userTable} where addr = :addr"); $cmd->bindParam(":addr", $addr, PDO::PARAM_STR, 16); $cmd->execute(); $results = $cmd->fetchAll(); if (count($results) === 0) { //For Debugging if (isset($_SESSION['userID'])) { unset($_SESSION); session_destroy(); } //End of debugging logEvent($conn, $logTable, "Foreign device connected {$addr}"); $conn = $altConn = null; header("Location: new-user.php"); die(''); } else { if ($results[0]['active'] == '0') { header('Location: lockout.php'); die('');
<?php require "libs/lightopenid/openid.php"; $provider = isset($_GET['provider']) ? $_GET['provider'] : 'google'; // I like google $mode = isset($_GET['mode']) ? $_GET['mode'] : ''; $user_id = isset($_GET['user_id']) && isValidID($_GET['user_id']) ? $_GET['user_id'] : null; $redirectTo = "index.php"; try { $openid = new LightOpenID($_SERVER['SERVER_NAME']); if (!$openid->mode) { $openid->required = array('namePerson/friendly', 'namePerson/first', 'namePerson/last', 'contact/email', 'pref/language'); if ($provider == "google") { $openid->identity = 'https://www.google.com/accounts/o8/id'; } header('Location: ' . $openid->authUrl()); } if ($openid->mode == 'cancel') { echo 'Login Canceled!'; } else { session_start(); $_SESSION['openID_AddIdentity'] = null; // clear out just in case. if ($openid->validate()) { $attribs = $openid->getAttributes(); if ($mode == "create") { $_SESSION['openID_provider'] = $provider; $_SESSION['openID_identity'] = $openid->identity; $_SESSION['openID_name'] = $attribs['namePerson/first'] . " " . $attribs['namePerson/last']; $_SESSION['openID_email'] = isset($attribs['contact/email']) ? $attribs['contact/email'] : null; $_SESSION['openID_language'] = isset($attribs['pref/language']) ? $attribs['pref/language'] : "English";
<?php require_once "classes/DBUtils.class.php"; require_once "classes/Restaurant.class.php"; // Read in the POST values $restaurant_id = isValidID($_GET['restaurant_id']) ? $_GET['restaurant_id'] : 0; $restaurant_name = isset($_POST['restaurant_name']) ? htmlentities(stripslashes($_POST['restaurant_name']), ENT_QUOTES) : ''; $restaurant_website = isset($_POST['restaurant_website']) ? htmlentities(stripslashes($_POST['restaurant_website']), ENT_QUOTES) : ''; $restaurant_address = isset($_POST['restaurant_address']) ? htmlentities(stripslashes($_POST['restaurant_address']), ENT_QUOTES) : ''; $restaurant_city = isset($_POST['restaurant_city']) ? htmlentities(stripslashes($_POST['restaurant_city']), ENT_QUOTES) : ''; $restaurant_state = isset($_POST['restaurant_state']) ? htmlentities(stripslashes($_POST['restaurant_state']), ENT_QUOTES) : ''; $restaurant_zip = isset($_POST['restaurant_zip']) ? htmlentities(stripslashes($_POST['restaurant_zip']), ENT_QUOTES) : ''; $restaurant_country = isset($_POST['restaurant_country']) ? htmlentities(stripslashes($_POST['restaurant_country']), ENT_QUOTES) : ''; $restaurant_phone = isset($_POST['restaurant_phone']) ? htmlentities(stripslashes($_POST['restaurant_phone']), ENT_QUOTES) : ''; $restaurant_hours = isset($_POST['restaurant_hours']) ? addslashes($_POST['restaurant_hours']) : ''; $restaurant_price = isValidID($_POST['restaurant_price']) ? $_POST['restaurant_price'] : 0; $restaurant_delivery = isset($_POST['restaurant_delivery']) ? $DB_LINK->true : $DB_LINK->false; $restaurant_dine_in = isset($_POST['restaurant_dine_in']) ? $DB_LINK->true : $DB_LINK->false; $restaurant_carry_out = isset($_POST['restaurant_carry_out']) ? $DB_LINK->true : $DB_LINK->false; $restaurant_credit = isset($_POST['restaurant_credit']) ? $DB_LINK->true : $DB_LINK->false; $restaurant_picture_oid = isset($_POST['restaurant_picture_oid']) ? $_POST['restaurant_picture_oid'] : 'NULL'; // to keep postgres clean $restaurant_picture_type = isset($_FILES['restaurant_picture']['type']) ? $_FILES['restaurant_picture']['type'] : ''; $remove_picture = isset($_POST['remove_picture']) ? $_POST['remove_picture'] : ''; $restaurant_menu_text = isset($_POST['restaurant_menu_text']) ? htmlentities(stripslashes($_POST['restaurant_menu_text']), ENT_QUOTES) : ''; $restaurant_comments = isset($_POST['restaurant_comments']) ? htmlentities(stripslashes($_POST['restaurant_comments']), ENT_QUOTES) : ''; if ($restaurant_id && !$SMObj->checkAccessLevel("EDITOR")) { // Figure out who the owner of this restaurant is, Editors can edit anyones items $sql = "SELECT restaurant_user FROM {$db_table_restaurants} WHERE restaurant_id = " . $DB_LINK->addq($restaurant_id, get_magic_quotes_gpc()); $rc = $DB_LINK->Execute($sql); // If the recipe is owned by someone else then do not allow editing
<?php require_once "classes/Restaurant.class.php"; require_once "classes/DBUtils.class.php"; $restaurant_id = isValidID($_GET['restaurant_id']) ? $_GET['restaurant_id'] : 0; if ($restaurant_id && !$SMObj->checkAccessLevel("EDITOR")) { // Figure out who the owner of this restaurant is, Editors can edit anyones items $sql = "SELECT restaurant_user FROM {$db_table_restaurants} WHERE restaurant_id = " . $DB_LINK->addq($restaurant_id, get_magic_quotes_gpc()); $rc = $DB_LINK->Execute($sql); // If the recipe is owned by someone else then do not allow editing if ($rc->fields['restaurant_user'] != "" && $rc->fields['restaurant_user'] != $SMObj->getUserID()) { die($LangUI->_('You are not the owner of this restaurant, you are not allowed to delete it')); } } // clean up the old picture if we are suppose to if ($g_rb_database_type == "postgres") { $sql = "SELECT restaurant_picture FROM {$db_table_restaurants} WHERE restaurant_id=" . $DB_LINK->addq($restaurant_id, get_magic_quotes_gpc()); $rc = $DB_LINK->Execute($sql); if (trim($rc->fields['restaurant_picture']) != "") { $rc = $DB_LINK->BlobDelete($rc->fields['restaurant_picture']); DBUtils::checkResult($rc, $LangUI->_('Picture successfully deleted'), NULL, $sql); } } // In Postgres everything will be cleaned up with one delete $RestaurantObj = new Restaurant($restaurant_id); $RestaurantObj->delete(); ?> <I><?php echo $LangUI->_('Restaurant Deleted'); ?> </I>
<?php require_once "libraries/head.php"; require_once "libraries/class.FastTemplate.php"; if (!isLogin()) { exit; } if (isset($_POST["departid"])) { if (!isValidID($_POST["departid"])) { exit; } displayDepartUser($_POST["departid"], $_SESSION["userID"]); } function displayDepartUser($departID, $userID) { $tpl = new FastTemplate("templates/"); $tpl->define(array("user" => "index/user.html", "department" => "index/department.html", "depart_user" => "index/depart_user.html", "header" => "index/header.html")); $departDAO = new DepartmentDAO(); $depart = $departDAO->getDepartmentByID($departID); if ($departID == "1" || $depart === null) { $tpl->assign("INDEX_DEPART_USER_HEADER", ""); } else { $tpl->assign("INDEX_HEADER_NAME", $depart->getDepartmentName()); $tpl->parse("INDEX_DEPART_USER_HEADER", "header"); } $result = findDepartAndUser($departID, $userID); if ($result === false || count($result) === 0) { $tpl->assign("INDEX_DEPART_USER", ""); } else { foreach ($result as $node) { if ($node["type"] == 1) {