private function findData($str) { if (empty($str)) { return false; } //echo $str."\n"; $str = explode(' ', removeSpecialChars($str)); foreach ($str as $k => $v) { $str[$k] = strtoupper($v); } $str_upper = implode(' ', $str); //print_r($str); $keywords = explode(' ', removeSpecialChars(stripUnicode($this->keywords))); foreach ($keywords as $v) { $v = strtoupper($v); if (!in_array($v, $str) && !$this->match($v, $str_upper)) { return false; } } return true; }
function add() { $title = WebApp::post('title') === NULL ? '' : WebApp::post('title'); $p_from = WebApp::post('p_from') === '' ? NULL : getSQLDate(WebApp::post('p_from')); $p_to = WebApp::post('p_to') === '' ? NULL : getSQLDate(WebApp::post('p_to')); $article = WebApp::post('article') === NULL ? '' : WebApp::post('article'); $user = $this->parent->parent->user->getUserID(); $group = $this->parent->parent->user->getGroup(); $aid = removeSpecialChars($title); $article_add = $this->mySQL_w->prepare("INSERT INTO `news_articles` (`title`,`aid`,`user`,`group`,`article`,`date_p`,`publish_f`,`publish_u`) VALUES(?,?,?,?,?,NOW(),?,?)"); if ($article_add == false) { return new ActionResult($this, '/admin/news/article_add', 0, 'Failed to save article.<br />Error: <code>Query failed</code>', B_T_FAIL); } $article_add->bind_param('ssiisss', $title, $aid, $user, $group, $article, $p_from, $p_to); $article_add->execute(); $article_add->store_result(); if ($article_add->affected_rows == 1) { $this->parent->parent->logEvent($this::name_space, 'Added article ' . $title); return new ActionResult($this, '/admin/news/article_view', 1, 'Successfully saved article!', B_T_SUCCESS); } else { $this->parent->parent->logEvent($this::name_space, 'Failed to add article ' . $title); return new ActionResult($this, '/admin/news/article_add', 0, 'Failed to add article.<br />Error: <code>' . $this->mySQL_w->error . '</code>', B_T_FAIL); } }
//load Httpful library require_once './vendor/nategood/httpful/bootstrap.php'; use Httpful\Request; //function to avoid injection of malicious code function removeSpecialChars($string) { $string = str_replace(' ', '', $string); //deletes all spaces return preg_replace('/[^A-Za-z0-9\\-]/', '', $string); //removes special chars } //GET credentials $cred['couponId'] = (int) $_GET['coupon_id']; $cred['passkey'] = substr(removeSpecialChars($_GET['passkey']), 0, 32); //generated passkey is always 32 chars long $cred['issuerGuid'] = removeSpecialChars($_GET['issuer_guid']); //issuerGuid can have different length //start http request try { //POST $response = Request::post('http://dispatcher.onlinelabs4all.org/apis/engine/verifyCoupon')->body(json_encode($cred))->authenticateWith($authUser, $authPass)->addHeader('X-apikey', $X_apikey)->expectsJson()->send(); //check status code if ($response->code === 401) { echo '<b>Error!</b> Status Code: 401 (Unauthorized)'; exit; } else { if ($response->code === 415) { echo '<b>Error!</b> Status Code: 415 (JSON not set)'; exit; } else { if (!($response->code === 200)) {
private function getSlug($slug, $column, $parent) { $count = 1; $i = 0; while ($count > 0) { $new_slug = $slug; if ($i == 0) { $appendage = ''; } else { $appendage = ' ' . $i; } $params = array('slug' => strtolower(removeSpecialChars(str_replace('-' . ($i - 1), '', $new_slug) . $appendage, '-', 'and'))); if (!empty($parent) && isset($this->parent_column)) { $parent_sql = ' AND ' . $this->parent_column . ' = :' . $this->parent_column . ' '; $params[$this->parent_column] = $parent; } else { $parent_sql = ''; } $sql = ' SELECT ' . $column . ' FROM ' . $this->table . ' WHERE ' . $this->slug_value_column . ' = :slug ' . $parent_sql . ' '; $statement = $this->dbh->prepare($sql); $statement->execute($params); $count = count($statement->fetchAll()); ++$i; } return $params['slug']; }
/** * This functions send a PAYMENT_CHANGE request with the sub operation goodwill * to the RatePAY API and saves all necessary informations in the DB * @param string $oID * @param string $paymentType * * @return array */ function voucherRequest($oID, $paymentType) { $cab = new pi_ratepay_rechnung(); if (isset($_POST)) { $operation = 'PAYMENT_CHANGE'; if ($paymentType == "pi_ratepay_rechnung") { $pi_ratepay = new pi_ratepay_rechnung(); $pi_table_prefix = 'pi_ratepay_rechnung'; $pi_payment_type = 'INVOICE'; } else { $pi_ratepay = new pi_ratepay_rate(); $pi_table_prefix = 'pi_ratepay_rate'; $pi_payment_type = 'INSTALLMENT'; } $profileId = $pi_ratepay->profileId; $securityCode = $pi_ratepay->securityCode; $systemId = $_SERVER['SERVER_ADDR']; $query = xtc_db_query("select customers_id,customers_country,billing_country,delivery_country from orders where orders_id = '" . xtc_db_input($oID) . "'"); $customerIdArray = xtc_db_fetch_array($query); $customerId = $customerIdArray['customers_id']; $subOperation = 'credit'; $query = xtc_db_query("select customers_gender, date_format(customers_dob, '%Y-%m-%d') as customers_dob, customers_email_address, customers_telephone from " . TABLE_CUSTOMERS . " where customers_id ='" . xtc_db_input($customerId) . "'"); $customerXTC = xtc_db_fetch_array($query); $email = $customerXTC['customers_email_address']; $query = xtc_db_query("select transaction_id, transaction_short_id from " . $pi_table_prefix . "_orders where order_number = '" . xtc_db_input($oID) . "'"); $transactionArray = xtc_db_fetch_array($query); $query = xtc_db_query("select * from orders a, orders_total b where a.orders_id = '" . xtc_db_input($oID) . "' and a.orders_id = b.orders_id and class = 'ot_total'"); $order = xtc_db_fetch_array($query); if (isset($_POST['voucherAmount'])) { if (preg_match("/^[0-9]{1,4}\$/", $_POST['voucherAmount'])) { $piRatepayVoucher = $_POST['voucherAmount']; if (isset($_POST['voucherAmountKomma']) && $_POST['voucherAmountKomma'] != '') { if (preg_match("/^[0-9]{2}\$/", $_POST['voucherAmountKomma'])) { $piRatepayVoucher = $piRatepayVoucher . "." . $_POST['voucherAmountKomma']; } else { if (preg_match("/^[0-9]{1}\$/", $_POST['voucherAmountKomma'])) { $piRatepayVoucher = $piRatepayVoucher . "." . $_POST['voucherAmountKomma'] . "0"; } else { $piRatepayVoucher = $piRatepayVoucher . ".00"; $message = PI_RATEPAY_ERRORVOUCHER; return array('result' => 'ERROR', 'message' => $message); } } } else { $piRatepayVoucher = $piRatepayVoucher . ".00"; $message = PI_RATEPAY_ERRORVOUCHER; return array('result' => 'ERROR', 'message' => $message); } if ($piRatepayVoucher > $order['value']) { $message = PI_RATEPAY_ERRORVOUCHER; return array('result' => 'ERROR', 'message' => $message); } else { $piRatepayVoucher = $piRatepayVoucher * -1; $ratepay = new Ratepay_XML(); $ratepay->live = $pi_ratepay->testOrLive(); $request = $ratepay->getXMLObject(); $request->addChild('head'); $head = $request->{'head'}; $head->addChild('system-id', $systemId); $head->addChild('transaction-id', $transactionArray['transaction_id']); $head->addChild('transaction-short-id', $transactionArray['transaction_short_id']); $operation = $head->addChild('operation', $operation); $operation->addAttribute('subtype', $subOperation); $credential = $head->addChild('credential'); $credential->addChild('profile-id', $profileId); $credential->addChild('securitycode', $securityCode); $external = $head->addChild('external'); $external->addChild('order-id', $oID); $content = $request->addChild('content'); $content->addChild('customer'); if (strtoupper($customerXTC['customers_gender']) == "F") { $gender = "F"; } else { if (strtoupper($customerXTC['customers_gender']) == "M") { $gender = "M"; } else { $gender = "U"; } } $customer = $content->customer; $customer->addCDataChild('first-name', removeSpecialChars(utf8_encode($order['customers_firstname']))); $customer->addCDataChild('last-name', removeSpecialChars(utf8_encode($order['customers_lastname']))); $customer->addChild('gender', $gender); $customer->addChild('date-of-birth', (string) utf8_encode($customerXTC['customers_dob'])); $customer->addChild('contacts'); $contacts = $customer->contacts; $contacts->addChild('email', utf8_encode($email)); $contacts->addChild('phone'); $phone = $contacts->phone; $phone->addChild('direct-dial', utf8_encode($customerXTC['customers_telephone'])); $customer->addChild('addresses'); $addresses = $customer->addresses; $addresses->addChild('address'); $addresses->addChild('address'); $billingAddress = $addresses->address[0]; $shippingAddress = $addresses->address[1]; $billingAddress->addAttribute('type', 'BILLING'); $shippingAddress->addAttribute('type', 'DELIVERY'); $billingAddress->addCDataChild('street', removeSpecialChars(utf8_encode($order['delivery_street_address']))); $billingAddress->addChild('zip-code', utf8_encode($order['delivery_postcode'])); $billingAddress->addCDataChild('city', removeSpecialChars(utf8_encode($order['delivery_city']))); $billingAddress->addChild('country-code', utf8_encode($order['delivery_country_iso_code_2'])); $shippingAddress->addCDataChild('street', removeSpecialChars(utf8_encode($order['delivery_street_address']))); $shippingAddress->addChild('zip-code', utf8_encode($order['delivery_postcode'])); $shippingAddress->addCDataChild('city', removeSpecialChars(utf8_encode($order['delivery_city']))); $shippingAddress->addChild('country-code', utf8_encode($order['delivery_country_iso_code_2'])); $customer->addChild('nationality', utf8_encode($order['delivery_country_iso_code_2'])); $customer->addChild('customer-allow-credit-inquiry', 'yes'); $shoppingBasket = $content->addChild('shopping-basket'); $shoppingBasket->addAttribute('currency', 'EUR'); $items = $shoppingBasket->addChild('items'); $sql = "select * from " . $pi_table_prefix . "_orderdetails a left join orders_products b on b.orders_id = a.order_number and a.article_number = b.orders_products_id where a.order_number = '" . xtc_db_input($oID) . "' and article_number != ''"; $query = xtc_db_query($sql); $i = 0; $shippingCost = 0; $couponTax = 0; while ($mItem = xtc_db_fetch_array($query)) { $qty = $mItem['ordered'] - $mItem['returned'] - $mItem['canceled']; if ($mItem['article_name'] != 'pi-Merchant-Voucher' && $mItem['article_number'] != 'SHIPPING' && $mItem['article_number'] != 'DISCOUNT' && $mItem['article_number'] != 'COUPON') { $items->addCDataChild('item', removeSpecialChars(utf8_encode($mItem['article_name']))); $items->item[$i]->addAttribute('article-number', $mItem['products_id']); $items->item[$i]->addAttribute('quantity', $qty); $items->item[$i]->addAttribute('unit-price', number_format($mItem['products_price'] / (100 + $mItem['products_tax']) * 100, 2, '.', '')); $items->item[$i]->addAttribute('total-price', number_format($mItem['products_price'] / (100 + $mItem['products_tax']) * 100 * $qty, 2, '.', '')); $items->item[$i]->addAttribute('tax', number_format($qty * ($mItem['products_price'] / (100 + $mItem['products_tax']) * $mItem['products_tax']), 2, '.', '')); } else { if ($mItem['article_name'] == 'pi-Merchant-Voucher') { $items->addChild('item', PI_RATEPAY_VOUCHER); $items->item[$i]->addAttribute('article-number', $mItem['article_number']); $items->item[$i]->addAttribute('quantity', $qty); $items->item[$i]->addAttribute('unit-price', number_format($mItem['article_netUnitPrice'], 2, '.', '')); $items->item[$i]->addAttribute('total-price', number_format($qty * $mItem['article_netUnitPrice'], 2, '.', '')); $items->item[$i]->addAttribute('tax', number_format(0, 2, '.', '')); } elseif ($mItem['article_number'] == 'SHIPPING') { $shippingCost = $mItem['article_netUnitPrice']; $items->addChild('item', utf8_encode($mItem['article_name'])); $items->item[$i]->addAttribute('article-number', $mItem['article_number']); $items->item[$i]->addAttribute('quantity', $qty); $items->item[$i]->addAttribute('unit-price', number_format($shippingCost, 2, '.', '')); $items->item[$i]->addAttribute('total-price', number_format($qty * $shippingCost, 2, '.', '')); $items->item[$i]->addAttribute('tax', number_format(getShippingTaxAmount($qty * $shippingCost), 2, '.', '')); } elseif ($mItem['article_number'] == 'DISCOUNT') { $items->addChild('item', utf8_encode($mItem['article_name'])); $items->item[$i]->addAttribute('article-number', $mItem['article_number']); $items->item[$i]->addAttribute('quantity', $qty); $items->item[$i]->addAttribute('unit-price', number_format($mItem['article_netUnitPrice'], 2, '.', '')); $items->item[$i]->addAttribute('total-price', number_format($qty * $mItem['article_netUnitPrice'], 2, '.', '')); $items->item[$i]->addAttribute('tax', number_format(0, 2, '.', '')); } elseif ($mItem['article_number'] == 'COUPON') { $couponTax = ($mItem['article_netUnitPrice'] / (100 + $cab->getCouponTaxRate()) * 100 - $mItem['article_netUnitPrice']) * -1; $items->addChild('item', utf8_encode($mItem['article_name'])); $items->item[$i]->addAttribute('article-number', $mItem['article_number']); $items->item[$i]->addAttribute('quantity', $qty); $items->item[$i]->addAttribute('unit-price', number_format($cab->getCouponAmount($mItem['article_netUnitPrice'] * -1), 2, '.', '')); $items->item[$i]->addAttribute('total-price', number_format($qty * $cab->getCouponAmount($mItem['article_netUnitPrice'] * -1), 2, '.', '')); $items->item[$i]->addAttribute('tax', number_format($cab->getCouponTaxAmount($mItem['article_netUnitPrice'] * -1), 2, '.', '')); } } $i++; } $sql = "SELECT count( * ) as nr FROM " . $pi_table_prefix . "_orderdetails WHERE article_name = 'pi-Merchant-Voucher'"; $query = xtc_db_query($sql); $nr = xtc_db_fetch_array($query); if (!empty($_POST['voucherAmount']) && !empty($_POST['voucherAmountKomma'])) { $items->addChild('item', PI_RATEPAY_VOUCHER); $items->item[$i]->addAttribute('article-number', "pi-Merchant-Voucher-" . $nr['nr']); $items->item[$i]->addAttribute('quantity', '1'); $items->item[$i]->addAttribute('unit-price', number_format($piRatepayVoucher, 2, ".", "")); $items->item[$i]->addAttribute('total-price', number_format($piRatepayVoucher, 2, ".", "")); $items->item[$i]->addAttribute('tax', number_format(0, 2, ".", "")); } $content->addChild('payment'); $payment = $content->payment; $payment->addAttribute('method', $pi_payment_type); $payment->addAttribute('currency', 'EUR'); $total = $order['value'] + $piRatepayVoucher; // Add the shopping basket amoutn later because we need the shipping cost $shoppingBasket->addAttribute('amount', number_format($total, 2, '.', '')); $payment->addChild('amount', number_format($total, 2, '.', '')); $payment->addChild('usage', utf8_encode($pi_ratepay->testOrLiveUsage())); if ($pi_payment_type == "INSTALLMENT") { $payment->addChild('installment-details'); $payment->addChild('debit-pay-type', 'BANK-TRANSFER'); } $response = $ratepay->paymentOperation($request); $first_name = removeSpecialChars(utf8_encode($order['customers_firstname'])); $last_name = removeSpecialChars(utf8_encode($order['customers_lastname'])); if ($response) { $resultCode = (string) $response->head->processing->result->attributes()->code; $result = (string) $response->head->processing->result; $pi_ratepay->piRatepayLog($oID, $transactionArray['transaction_id'], $operation, $subOperation, $request, $response, $first_name, $last_name); if ((string) $response->head->processing->status->attributes()->code == "OK" && (string) $response->head->processing->result->attributes()->code == "403") { $sql = "INSERT INTO " . $pi_table_prefix . "_orderdetails\n\t\t\t\t\t\t\t\t\t\t(order_number, article_number,\n\t\t\t\t\t\t\t\t\t\tarticle_name, ordered, article_netUnitPrice) VALUES\n\t\t\t\t\t\t\t\t\t\t('" . $oID . "', 'pi-Merchant-Voucher-" . xtc_db_input($nr['nr']) . "',\n\t\t\t\t\t\t\t\t\t\t'pi-Merchant-Voucher',1," . xtc_db_input($piRatepayVoucher) . ")"; xtc_db_query($sql); $sql = "INSERT INTO " . $pi_table_prefix . "_history\n\t\t\t\t\t\t\t\t\t\t(order_number, article_number,\n\t\t\t\t\t\t\t\t\t\tquantity, method, submethod) VALUES\n\t\t\t\t\t\t\t\t\t\t('" . xtc_db_input($oID) . "', 'pi-Merchant-Voucher-" . xtc_db_input($nr['nr']) . "',\n\t\t\t\t\t\t\t\t\t\t'1',\n\t\t\t\t\t\t\t\t\t\t'Credit created', 'added')"; xtc_db_query($sql); $discountSql = "SELECT * FROM `orders_total` WHERE class='pi_ratepay_voucher' and orders_id = '" . xtc_db_input($oID) . "'"; $discountResult = xtc_db_query($discountSql); $discountCount = xtc_db_num_rows($discountResult); if ($discountCount > 0) { $discountArray = xtc_db_fetch_array($discountResult); $value = $discountArray['value']; $value = $value + $piRatepayVoucher; $value = number_format($value, 4, ".", ""); $discountTotalUpdate = "update orders_total set value = " . xtc_db_input($value) . " where class='pi_ratepay_voucher' and orders_id = '" . xtc_db_input($oID) . "'"; xtc_db_query($discountTotalUpdate); $value = number_format($value, 2, ",", ""); $discountTotalUpdate = "update orders_total set text = '<font color=\"ff0000\">" . xtc_db_input($value) . " EUR</font>' where class='pi_ratepay_voucher' and orders_id = '" . xtc_db_input($oID) . "'"; xtc_db_query($discountTotalUpdate); } else { $value = number_format($piRatepayVoucher, 4, ".", ""); $valueFormat = number_format($value, 2, ",", ""); $discountTotalInsert = "INSERT INTO `orders_total` (`orders_id`, `title`, `text`, `value`, `class`, `sort_order`) VALUES ('" . xtc_db_input($oID) . "', 'Gutschein:', '<font color=\"ff0000\"> " . xtc_db_input($valueFormat) . " EUR</font>', " . xtc_db_input($value) . ", 'pi_ratepay_voucher', 98)"; xtc_db_query($discountTotalInsert); } $sql = "update orders_total set value = value+{$piRatepayVoucher} where class = 'ot_total' and orders_id = '" . xtc_db_input($oID) . "'"; xtc_db_query($sql); $sql = "select value from orders_total where class = 'ot_total' and orders_id = '" . xtc_db_input($oID) . "'"; $totalq = xtc_db_query($sql); $total = xtc_db_fetch_array($totalq); $totalText = number_format($total['value'], 2, ",", "."); $sql = "update orders_total set text = '<b>" . xtc_db_input($totalText) . " EUR</b>' where class = 'ot_total' and orders_id = '" . xtc_db_input($oID) . "'"; xtc_db_query($sql); $message = PI_RATEPAY_SUCCESSVOUCHER; return array('result' => 'SUCCESS', 'message' => $message); } else { $message = PI_RATEPAY_ERRORVOUCHER; return array('result' => 'ERROR', 'message' => $message); } } else { $message = PI_RATEPAY_SERVICE; return array('result' => 'ERROR', 'message' => $message); } } } else { $message = PI_RATEPAY_ERRORVOUCHER; return array('result' => 'ERROR', 'message' => $message); } } } }
/** * tries to fetch location information out of text in html */ function getLocation($href) { global $counter; $unknown = array('country' => 'unknown', 'continent' => 'unknown'); if (!$href || $href == "") { return $unknown; } // check store for known $store = getData("* FROM swdata where link LIKE '{$href}'"); if ($store && count(array_diff_assoc($store, $unknown))) { return array('country' => $store[0]['country'], 'continent' => $store[0]['continent']); } $counter++; $list = getCountryList(); $html = scraperWiki::scrape("http://www.who.int/{$href}"); $dom = new simple_html_dom(); $dom->load($html); // seek location in text foreach ($dom->find("div[@id='primary']") as $data) { $text = removeSpecialChars(strtolower($data->plaintext)); // tries to find a country name in the text foreach ($list as $key => $value) { // stripos = case insensitive strpos if (stripos($text, $key) !== false) { return array('country' => $key, 'continent' => $value); } } } // seek location in link foreach ($dom->find("div[@id='primary'] a") as $data) { $result = getLocation($data->href); if (count(array_diff_assoc($result, $unknown))) { return $result; } } return $unknown; }
/** * returns a randomly generated password of length $maxlen. inspired by * {@link http://www.phpbuilder.com/columns/jesus19990502.php3} and * {@link http://es2.php.net/manual/en/function.str-shuffle.php#73254} * * @param int $maxlen The maximum size of the password being generated. * @return string */ function generate_password($maxlen = 10) { global $CFG; if (empty($CFG->passwordpolicy)) { $fillers = PASSWORD_DIGITS; $wordlist = file($CFG->wordlist); $word1 = trim($wordlist[rand(0, count($wordlist) - 1)]); $word2 = trim($wordlist[rand(0, count($wordlist) - 1)]); $filler1 = $fillers[rand(0, strlen($fillers) - 1)]; $password = $word1 . $filler1 . $word2; } else { $maxlen = !empty($CFG->minpasswordlength) ? $CFG->minpasswordlength : 0; $digits = $CFG->minpassworddigits; $lower = $CFG->minpasswordlower; $upper = $CFG->minpasswordupper; $nonalphanum = $CFG->minpasswordnonalphanum; $additional = $maxlen - ($lower + $upper + $digits + $nonalphanum); // Make sure we have enough characters to fulfill // complexity requirements $passworddigits = PASSWORD_DIGITS; while ($digits > strlen($passworddigits)) { $passworddigits .= PASSWORD_DIGITS; } $passwordlower = PASSWORD_LOWER; while ($lower > strlen($passwordlower)) { $passwordlower .= PASSWORD_LOWER; } $passwordupper = PASSWORD_UPPER; while ($upper > strlen($passwordupper)) { $passwordupper .= PASSWORD_UPPER; } $passwordnonalphanum = PASSWORD_NONALPHANUM; while ($nonalphanum > strlen($passwordnonalphanum)) { $passwordnonalphanum .= PASSWORD_NONALPHANUM; } // Now mix and shuffle it all $password = str_shuffle(substr(str_shuffle($passwordlower), 0, $lower) . substr(str_shuffle($passwordupper), 0, $upper) . substr(str_shuffle($passworddigits), 0, $digits) . substr(str_shuffle($passwordnonalphanum), 0, $nonalphanum) . substr(str_shuffle($passwordlower . $passwordupper . $passworddigits . $passwordnonalphanum), 0, $additional)); } // Added by SMS: 8/7/2011 // To make sure that the newly generated passwork does not have any special characters. $password = removeSpecialChars($password); return substr($password, 0, $maxlen); }
/** * Sets content basket articles for payment change request * * @param Object $items Request items object * @param String $subtype Payment subtype * @param Array $articles Current articles */ function setRatepayContentBasketItemsItemChange($items, $subtype, $articles) { foreach ($articles as $article) { $quant = $article['bestellt'] - $article['storniert'] - $article['retourniert']; if ($quant > 0) { $tax = ($article['einzelpreis'] * $quant) - (round($article['einzelpreis_net'] * $quant,2)); $title = ''; $title = removeSpecialChars(html_entity_decode($article['name'])); $item = $items->addCDataChild('item', $title); $item->addAttribute('article-number', $article['bestellnr']); $item->addAttribute('quantity', $quant); $item->addAttribute('unit-price', number_format($article['einzelpreis_net'],2,".","")); $item->addAttribute('total-price', number_format($article['einzelpreis_net']*$quant,2,".","")); $item->addAttribute('tax', number_format($tax,2,".","")); } } }
<?php /** * Este arquivo tem por objetivo mover as imagens recebidas no $_FILES para o destino * recebido no $_GET. É chamado pelo Uploadify das galerias (CodeIgniter>>backend) */ $ok = false; $dest = urldecode(base64_decode($_GET['path'])); $file = $_FILES['Filedata']; if (is_array($file) && count($file) > 0) { if (move_uploaded_file($file['tmp_name'], $dest . removeSpecialChars(strtolower($file['name'])))) { $ok = true; } } echo $ok; /** * Script para remover acentos e caracteres especiais: */ function removeSpecialChars($oldText) { // Se corrige os acentos com iso, taca iso if (strlen($oldText) > strlen(utf8_decode($oldText))) { $oldText = utf8_decode($oldText); } /* * A função "strtr" substitui os caracteres acentuados pelos não acentuados. * A função "ereg_replace" utiliza uma expressão regular que remove todos os * caracteres que não são letras, números e são diferentes de "_" (underscore). */ $newText = preg_replace('[^a-zA-Z0-9_-.]', '', strtr($oldText, 'áàãâéêíóôõúüçÁÀÃÂÉÊÍÓÔÕÚÜÇ ', 'aaaaeeiooouucAAAAEEIOOOUUC_')); if (!(strlen($newText) > 0)) {