function inputsvalidation() { $validateresult = array(); $validateresult['curpassword'] = validateinput("curpassword", "Current Password", array("validpassword")); $validateresult['password'] = validateinput("password", "Password", array("password", "match|repassword")); return $validateresult; }
function inputsvalidation() { $validateresult = array(); $validateresult['fullname'] = validateinput("fullname", "Full name", array("required", 4)); $validateresult['email'] = validateinput("email", "Email", array("required", 5, "email", "emailused")); $validateresult['username'] = validateinput("username", "Username", array("required", 4, "username")); $validateresult['password'] = validateinput("password", "Password", array("password", "match|repassword")); return $validateresult; }
function inputsvalidation() { $validateresult = array(); $validateresult['username'] = validateinput("username", "Username", array("required", 4)); $validateresult['secretword'] = validateinput("secretword", "Password", array("required", 8)); foreach ($validateresult as $key => $value) { //echo $value. $control; if ($value != 1) { $inputsvalid = false; $_SESSION['results']['message'] = "Username / Password is invalid"; header("Location: ../index.php"); } else { ${$key} = $_POST[$key]; } } if (validuser($username, $secretword)) { $_SESSION['userid'] = getuserid($username); header("Location: ../workspace.php"); } else { $_SESSION['results']['message'] = "Username / Password is invalid"; header("Location: ../index.php"); } }
echo "New record created successfully<br>"; } else { echo "Error: " . $oosql . "<br>" . mysqli_error($conn); } $sql1 = "SELECT Pnumber FROM numbers WHERE IDNKey='{$idnkey}'"; $result1 = mysqli_query($conn, $sql1); $row1 = $result1->fetch_assoc(); $pnum = $row1["Pnumber"]; $start = "UPDATE numbers SET DateofContact='{$date}',"; //Setup our SQL template for easy access $end = " WHERE Pnumber='{$pnum}'"; $mid = "o"; //Handle Furnace and AC Ages $submit = false; $fage = validateinput($_POST["fage"]); $acage = validateinput($_POST["acage"]); if ($fage != "0") { //if furnace age is entered if ($acage != "0") { //if ac age is entered $mid = " FAge='{$fage}' , ACAge='{$acage}'"; } else { $mid = " FAge={$fage}"; } $submit = true; } elseif ($acage != "0") { //but AC age is $mid = " ACAge={$acage}"; $submit = true; } //Execute the SQL command for furnaces and AC
<td> <form method="post" action="{$_SERVER['PHP_SELF']}?action=deleteuser&id={$id}"> <input type="submit" value="delete"> </form> </td> <td> <form method="post" action="users.php{$cancel_action}"> <input type="submit" value="cancel"> </form> </td> </tr> </table> EOT; break; case "deleteuser": $input = validateinput($_GET, $fields_def, array('id')); if (!$input) { break; } $id = $input['id']; if (!$userprivileges['manageusers']) { if ($userid != $id || $userid < 1) { print "You are not permitted to access this page !<br>\n"; break; } } # --- set his news items' author to the special 'deleted' user --- $query = "update news set userid=-1 where userid={$id}"; mysql_query($query, $DBconnection) or die("Could not execute query !"); # --- set his projects' maintainer to the special 'deleted' user --- $query = "update projects set userid=-1 where userid={$id}";
<head> <title>CoolHeat comfort CRM</title> <link rel="stylesheet" type="text/css" href="/Main Style.css"> <link rel="shortcut icon" href="/icon.ico" /> </head> <body> <?php session_start(); $conn = new mysqli($_SESSION["servername"], $_SESSION["Dusername"], $_SESSION["Dpassword"], $_SESSION["dbname"]); // Check connection include '..\\Validate.php'; if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } $AT = $_SESSION["AccountType"]; $text = validateinput($_POST["text"]); $IDN = $_SESSION["IDNKey"]; $agent = $_SESSION["idnum"]; $date = date('Y/m/d H:i:s'); $date = str_replace('/', '-', $date); $sql = "INSERT INTO notes (IDNKey,Date,Text,AgentID) VALUES('{$IDN}','{$date}','{$text}','{$agent}')"; if ($conn->query($sql) === TRUE) { //echo "New record created successfully"; } else { echo "Error: " . $sql . "<br>" . $conn->error; } if ($AT == 0 || $AT == 7) { echo "<form action='/Calendar/CreateNote.php' method='post'>\n\t\tAdd Another Note:\n\t\t<input type='text' value='' name='text'><br>\n\t\t<input type='submit' value='Create Note'>\n\t\t</form><br>\n\t\t<form action='/CallCenterAgents/getnextnumber.php' method='post'>\n\t\tNext Number:<input type='submit' value='Next Number'>\n\t\t</form><br>\n\t\t<form action='/CallCenterAgents/Callbacks.php' method='post'>\n\t\tManage Callbacks:<input type='submit' value='Callbacks'>\n\t\t</form>"; } else { if ($AT == 1) { echo "<form action= '/SalesAgents/savebookings.php' method='post'>\n\t\t\t\t<input type='number' value='0' name='Mode' hidden>\n\t\t\t\t<input type='submit' value='Back' class='calbutton'>\n\t\t\t\t";
<td <form method="post" action="{$_SERVER['PHP_SELF']}"> <input type="submit" value="cancel"> </form> </td> </tr> </table> EOT; break; case "deletecategory": if (!$userprivileges['managefaqcategories']) { print "You are not permitted to access this page !<br>\n"; break; } $input = validateinput($_GET, $faq_categories_fields_def, array('id')); if (!$input) { break; } //--- delete all entries in that category ---// $query = "delete from faqentries where category={$input['id']}"; mysql_query($query, $DBconnection) or die("Could not execute query !"); //--- remove category from the database ---// $query = "delete from faqcategories where id={$input['id']}"; mysql_query($query, $DBconnection) or die("Could not execute query !"); echo <<<EOT Deleted !<br> <br> <a href="{$_SERVER['PHP_SELF']}">back</a> EOT;
break; # --------------------------- # --------------------------- # ------ LIST PROJECTS ------ # --------------------------- # --------------------------- # --------------------------- # --------------------------- # ------ LIST PROJECTS ------ # --------------------------- # --------------------------- default: # --- validate input --- // match_userid and order are pretty safe but it doesn't hurt to // validate them anyway $input = validateinput($_GET, $query_fields_def, array('category', 'match_name', 'match_id', 'os', 'completed', 'perpage', 'start', 'order', 'match_userid', 'show_deleted')); if ($input === False) { break; } # --- fetch os list --- $query = "select * from oses order by name"; $oslist = mysql_query($query, $DBconnection) or die("Could not execute query !"); $numberos = mysql_num_rows($oslist); # --- set filters default values --- $category = isset($input['category']) ? $input['category'] : '-1'; $match_name = $input['match_name']; $match_id = $input['match_id']; $os = isset($input['os']) ? $input['os'] : '-1'; $completed = isset($input['completed']) ? $input['completed'] : 0; $perpage = isset($input['perpage']) ? $input['perpage'] : 50; $start = isset($input['start']) ? $input['start'] : 0;
$sql = "SELECT * FROM quotes WHERE IDNKey='{$idnkey}'"; $result = mysqli_query($conn, $sql); $idq = 0; if (mysqli_num_rows($result) > 0) { $row = $result->fetch_assoc(); $idq = $row["IDKey"]; $_SESSION["IDQKey"] = $idq; } if ($_POST["Mode"] == 1) { $fn = validateinput($_POST["Fname"]); $ln = validateinput($_POST["Lname"]); $add = validateinput($_POST["Address"]); $at = validateinput($_POST["Btime"]); $ac = validateinput($_POST["ACAge"]); $fa = validateinput($_POST["FAge"]); $pnum = validateinput($_POST["Pnumber"]); $cell = $_POST["Cell"]; $rad = $_POST["rad"]; $price = $_POST["price"]; $expiry = $_POST["exp"]; $date = substr(date('Y/m/d H:i:s'), 0, 10); $date = str_replace('/', '-', $date); $expiry = str_replace('/', '-', $expiry); $sql = "Update numbers SET Fname='{$fn}',Lname='{$ln}',Address='{$add}',ACAge='{$ac}',FAge='{$fa}',Pnumber='{$pnum}',CellNumber='{$cell}' WHERE IDNKey='{$idnkey}';"; $result = mysqli_query($conn, $sql); $flags = $_POST["check"]; $Aflag = '0'; $Fflag = '0'; $Tflag = '0'; $Bflag = '0'; $Sflag = '0';
$query = "delete from news where id={$input['id']}"; mysql_query($query, $DBconnection) or die("Could not execute query !"); UpdateRSS($DBconnection); echo <<<EOT Deleted!<br> <br> <a href="{$_SERVER['PHP_SELF']}">Back</a> EOT; break; //--------------------------------------------------------------------- //--------------------------------------------------------------------- default: //--- Show temporary notices ---// show_motd(); //--- validate input ---// $input = validateinput($_GET, $query_fields_def, array('step', 'start')); if ($input === False) { break; } //--- set input default values ---// // max number news items to show at one time $step = isset($input['step']) ? $input['step'] : 8; // number news items to skip $start = isset($input['start']) ? $input['start'] : 0; //--- compute number of news items ---// $query = "select count(*) as count from news"; $result = mysql_query($query, $DBconnection) or die("Could not execute query !"); $total = mysql_result($result, 0, "count"); //--- fetch news ---// $query = "select * from news order by id desc limit {$step} offset {$start}"; $result = mysql_query($query, $DBconnection) or die("Could not execute query !");
} if ($userlogin == "") { $userlogin = "******"; } # --------------- get user id ----------------- $userid = 0; $usergroup = 0; if ($userlogin != "anonymous") { # We need to validate userpassword even if it is crypted at this point # in a normal usecase because it can be coming directly from the cookie # and thus could be forged. # Tags are not allowed in the password field at this point since the # crypted version of the password should be an hexadecimal string and # as such not contain any tag. $fields_def = array('login' => array('type' => 'char', 'size' => 20, 'required' => True), 'password' => array('type' => 'char', 'size' => 32, 'required' => True)); $login_input = validateinput(array('login' => $userlogin, 'password' => $userpassword), $fields_def, array('login', 'password')); if (!$login_input) { $wrong_login_or_password = 1; } else { $query = "select id,groupid,email from users where login='******'login']}' and password='******'password']}'"; $result = mysql_query($query, $DBconnection) or die("Could not execute query !"); if (mysql_num_rows($result) < 1) { # could be 0 (no row) or -1 (error) $wrong_login_or_password = 1; } else { $userid = mysql_result($result, 0, "id"); $usergroup = mysql_result($result, 0, "groupid"); $useremail = mysql_result($result, 0, "email"); $query = "update users set lastlogin = CURRENT_TIMESTAMP where id={$userid}"; mysql_query($query, $DBconnection) or die("Could not execute query !"); }