function _checkRemembered($cookie)
{
$arr = unserialize(base64_decode($cookie));
list($username, $token) = $arr;
if (!$username or !$token) {
return;
}
/* UNTRUSTED DATA SANITIZATION */
$username = sanatize_username($username);
$token = sanatize_username($token);
/* END UNTRUSTED DATA SANITIZATION */
$sql = "SELECT * FROM Person WHERE " . "(Username = '******') AND (Token = '{$token}')";
$rs = $this->db->executeQuery($sql);
if ($rs->next()) {
$this->id = $rs->getCurrentValueByName("PersonID");
$this->username = $rs->getCurrentValueByName("Username");
}
}
function display_login()
{
nav_start_outer("Login", "");
$login_username = sanatize_username($_POST['login_username']);
$php_self = $_SERVER['PHP_SELF'];
?>
<div id="login" class="centerpiece">
<form name="loginform" method="POST" action="<?php
echo $php_self;
?>
">
<table>
<tr>
<td>Username:</td>
<td><input type="text" name="login_username" size="30" autocomplete="no" value="<?php
echo $login_username;
?>
"></td>
</tr>
<tr>
<td>Password:</td>
<td colspan="2"><input type="password" name="login_password" size="30" autocomplete="no">
<input type="submit" name="submit_login" value="Log in">
<input type="submit" name="submit_registration" value="Register"></td>
</tr>
</table>
</form>
</div>
<div class="footer warning">
<?php
global $login_error;
echo $login_error;
?>
</div>
<script>document.loginform.login_username.focus();</script>
<?php
nav_end_outer();
}
<?php
require_once "includes/common.php";
global $php_self;
global $secret_token;
global $form_token;
nav_start_outer("Transfer", $secret_token);
nav_start_inner();
/* UNTRUSTED DATA SANITIZATION */
$recipient = sanatize_username($_POST['recipient']);
/* reflected & used in SQL query */
$submission_status = $_POST['submission'];
/* not reflected or stored */
$zoobars = (int) $_POST['zoobars'];
/* reflected, cast will sanatize */
/* END UNTRUSTED DATA SANITIZATION */
if ($submission_status && $form_token && $form_token == $secret_token) {
$sql = "SELECT Zoobars FROM Person WHERE PersonID={$user->id}";
$rs = $db->executeQuery($sql);
$sender_balance = (int) $rs->getValueByNr(0, 0) - $zoobars;
$sql = "SELECT PersonID FROM Person WHERE Username='******'";
$rs = $db->executeQuery($sql);
$recipient_exists = $rs->getValueByNr(0, 0);
if ($zoobars > 0 && $sender_balance >= 0 && $recipient_exists) {
$sql = "UPDATE Person SET Zoobars = {$sender_balance} " . "WHERE PersonID={$user->id}";
$db->executeQuery($sql);
$sql = "SELECT Zoobars FROM Person WHERE Username='******'";
$rs = $db->executeQuery($sql);
$recipient_balance = (int) $rs->getValueByNr(0, 0) + $zoobars;
$sql = "UPDATE Person SET Zoobars = {$recipient_balance} " . "WHERE Username='******'";
$db->executeQuery($sql);
<input type="text" name="user" value="<?php
echo $selecteduser;
?>
" size="10">
<input type="submit" value="View"></nobr>
</form>
<div id="profileheader"><!-- user data appears here --></div>
<?php
$sql = "SELECT Profile, Username, Zoobars FROM Person " . "WHERE Username='******'";
$rs = $db->executeQuery($sql);
if ($rs->next()) {
// Sanitize and display profile
list($profile, $username, $zoobars) = $rs->getCurrentValues();
/* UNTRUSTED DATA SANITIZATION */
$zoobars = (int) $zoobars;
$username = sanatize_username($username);
$profile = prepare_profile_for_output($profile);
/* END UNTRUSTED DATA SANITIZATION */
echo "<div class='profilecontainer'><b>Profile</b>";
echo "<p id='profile'>{$profile}</p></div>";
} else {
if ($selecteduser) {
// user parameter present but user not found
echo '<p class="warning" id="baduser">Cannot find that user.</p>';
}
}
$zoobars = $zoobars > 0 ? $zoobars : 0;
echo "<span id='zoobars' class='{$zoobars}'/>";
?>
<script type="text/javascript">
var total = parseInt(document.getElementById('zoobars').className);
