Exemplo n.º 1
0
require_once 'connect.php';
$link = mysqli_connect($host, $user, $password, $database) or die("Connection error. " . mysqli_error($link));
function checkCaptcha()
{
    if (isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])) {
        $secret = '6Ld7_BITAAAAACP9BFhXD51dUr8AbhfN_PT0BtXF';
        $verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . $secret . '&response=' . $_POST['g-recaptcha-response']);
        $responseData = json_decode($verifyResponse);
        if ($responseData->success) {
            return true;
        } else {
            return false;
        }
    } else {
        return false;
    }
}
if (isset($_POST['author']) && isset($_POST['message'])) {
    $author = htmlentities(mysqli_real_escape_string($link, $_POST['author']));
    $message = htmlentities(mysqli_real_escape_string($link, $_POST['message']));
    $timestamp = date('Y-m-d H:i:s');
    $query = "INSERT INTO posts VALUES(DEFAULT, '{$author}', '{$timestamp}', '{$message}')";
    if (checkCaptcha()) {
        $result = mysqli_query($link, $query) or die("Posting error. " . mysqli_error($link));
        if ($result) {
            echo "<script>if ( confirm(\"Пост добавлен!\") ) { window.location.href = '/_blog/'; }</script>";
        }
    } else {
        echo "<script>alert(\"Captcha неверна.\");</script>";
    }
}
Exemplo n.º 2
0
$tpl->menuitem = MNU_START_NEWS_POST;
require $opt['rootpath'] . 'lib2/logic/captcha.inc.php';
require $opt['rootpath'] . 'lib2/mail.class.php';
$topicid = isset($_REQUEST['topic']) ? $_REQUEST['topic'] : 1;
$newstext = isset($_REQUEST['newstext']) ? $_REQUEST['newstext'] : '';
$newshtml = isset($_REQUEST['newshtml']) ? $_REQUEST['newshtml'] + 0 : 0;
$email = isset($_REQUEST['email']) ? $_REQUEST['email'] : '';
$captcha_id = isset($_REQUEST['captcha_id']) ? $_REQUEST['captcha_id'] : '';
$captcha = isset($_REQUEST['captcha']) ? $_REQUEST['captcha'] : '';
$emailok = false;
$tpl->assign('email_error', 0);
$tpl->assign('captcha_error', 0);
$tpl->assign('confirm', 0);
if (isset($_REQUEST['submit'])) {
    $emailok = is_valid_email_address($email) ? true : false;
    $captchaok = checkCaptcha($captcha_id, $captcha);
    if ($emailok == true && $captchaok == true) {
        // filtern und ausgabe vorbereiten
        $tpl->assign('confirm', 1);
        if ($newshtml == 0) {
            $newstext = htmlspecialchars($newstext, ENT_COMPAT, 'UTF-8');
        } else {
            $purifier = new OcHTMLPurifier($opt);
            $newstext = $purifier->purify($newstext);
        }
        $sTopic = sql_value("SELECT `name` FROM `news_topics` WHERE `id`='&1'", '', $topicid);
        $tpl->assign('newstopic', $sTopic);
        $tpl->assign('newstext', $newstext);
        // in DB schreiben
        sql("INSERT INTO `news` (`content`, `topic`, `display`) VALUES ('&1', '&2', '&3')", $newstext, $topicid, 0);
        $rs = sql("SELECT `email` FROM `user` WHERE `admin`\\&'&1'='&1'", ADMIN_USER);
Exemplo n.º 3
0
 private function validateForm()
 {
     $this->data['field_name'] = $this->input->post('name');
     if (utf8_strlen($this->input->post('name')) < 3 || utf8_strlen($this->input->post('name')) > 20) {
         $this->error['name'] = lang('error_name');
     }
     $this->load->helper('email');
     $this->data['field_email'] = $this->input->post('email');
     if (!valid_email($this->input->post('email'))) {
         $this->error['email'] = lang('error_email');
     }
     $this->data['field_title'] = $this->input->post('title');
     if (utf8_strlen($this->input->post('title')) <= 0) {
         $this->error['title'] = lang('error_title');
     }
     $this->data['field_enquiry'] = $this->input->post('enquiry');
     if (utf8_strlen($this->input->post('enquiry')) <= 0) {
         $this->error['content'] = lang('error_content');
     }
     if (!checkCaptcha($this->input->post('captcha'), 'captcha_contact')) {
         $this->error['captcha'] = lang('error_captcha');
     }
     if (!$this->error) {
         return true;
     } else {
         return false;
     }
 }
Exemplo n.º 4
0
        $contact_achternaam_error = "achternaam is niet ingevuld!";
        $controle = false;
    }
    if (!isset($_POST["contact-email"]) || $_POST["contact-email"] == "") {
        $contact_email_error = "e-mail adres is niet ingevuld";
        $controle = false;
    }
    if (!isset($_POST["contact-onderwerp"]) || $_POST["contact-onderwerp"] == "") {
        $contact_onderwerp_error = "onderwerp is niet ingevuld!";
        $controle = false;
    }
    if (!isset($_POST["contact-bericht"]) || $_POST["contact-bericht"] == "") {
        $contact_bericht_error = "bericht is niet ingevuld!";
        $controle = false;
    }
    if ($controle == true && checkCaptcha($_POST["g-recaptcha-response"])) {
        $to = query("SELECT email FROM schilder limit 0,1", NULL);
        $to = $to[0]['email'];
        $subject = $_POST["contact-onderwerp"];
        $message = "naam afzender: " . $_POST["contact-voornaam"] . " " . $_POST["contact-achternaam"] . "\nemail afzender: " . $_POST['contact-email'] . "\n\n" . $_POST["contact-bericht"];
        $header = "From:contact@hofvanellen.nl \r\n";
        $verzondenmail = mail($to, $subject, $message, $header);
    }
}
?>
<div id="contact-page-content">
    <h4>Voor vragen of opmerkingen, <br>kunt u hier uw gegevens invullen en deze versturen naar Ellen van 't Hof.</h4>
</div>
<div id="contact-foutmelding"> <?php 
if ($controle == true && isset($_POST["contact-submit"])) {
    if ($verzondenmail) {
Exemplo n.º 5
0
$phone = "";
$city = "";
$comment = "";
if (isset($_POST) && !empty($_POST)) {
    if (isset($_POST['full_name']) && !empty($_POST['full_name']) && isset($_POST['patient_name']) && !empty($_POST['patient_name']) && isset($_POST['type']) && !empty($_POST['type']) && isset($_POST['sex']) && !empty($_POST['sex']) && isset($_POST['dob']) && !empty($_POST['dob']) && isset($_POST['email']) && !empty($_POST['email']) && isset($_POST['phone']) && !empty($_POST['phone']) && isset($_POST['city']) && !empty($_POST['city']) && isset($_POST['comment']) && !empty($_POST['comment'])) {
        $full_name = $_POST['full_name'];
        $patient_name = $_POST['patient_name'];
        $type = $_POST['type'];
        $sex = $_POST['sex'];
        $dob = $_POST['dob'];
        $email = $_POST['email'];
        $phone = $_POST['phone'];
        $city = $_POST['city'];
        $comment = $_POST['comment'];
        // Checking if captcha entered is corrected
        if (checkCaptcha($_POST['captcha'])) {
            $to = "*****@*****.**";
            //$to = "*****@*****.**";
            $subject = "Contact Us - Max Healthcare Nigeria - " . $_POST['type'];
            $todayis = date("l, F j, Y, g:i a");
            $message = "<table style='max-width:600px;width:100%;font-family:sans-serif;font-size:14px;line-height:20px;'>\n       <tr>\n               <td style='width:20%'>Date</td>\n               <td style='width:10%'>:</td>\n               <td style='width:70%'>{$todayis}</td>\n       </tr>\n\n       <tr>\n               <td style='width:20%'>Name</td>\n               <td style='width:10%'>:</td>\n               <td style='width:70%'> " . $_POST['full_name'] . "</td>\n       </tr>\n\n       <tr>\n               <td style='width:20%'>Patient Name</td>\n               <td style='width:10%'>:</td>\n               <td style='width:70%'> " . $_POST['patient_name'] . "</td>\n       </tr>\n\n        <tr>\n               <td style='width:20%'>Type</td>\n               <td style='width:10%'>:</td>\n               <td style='width:70%'> " . $_POST['type'] . "</td>\n       </tr>\n\n       <tr>\n               <td style='width:20%'>Gender</td>\n               <td style='width:10%'>:</td>\n               <td style='width:70%'> " . $_POST['sex'] . "</td>\n       </tr>\n\n       <tr>\n               <td style='width:20%'>Patient Birth Date</td>\n               <td style='width:10%'>:</td>\n               <td style='width:70%'> " . $_POST['dob'] . "</td>\n       </tr>\n\n       <tr>\n               <td style='width:20%'>Email</td>\n               <td style='width:10%'>:</td>\n               <td style='width:70%'> " . $_POST['email'] . "</td>\n       </tr>\n\n        <tr>\n               <td style='width:20%'>Phone</td>\n               <td style='width:10%'>:</td>\n               <td style='width:70%'> " . $_POST['phone'] . "</td>\n       </tr>\n\n\n        <tr>\n               <td style='width:20%'>City</td>\n               <td style='width:10%'>:</td>\n               <td style='width:70%'> " . $_POST['city'] . "</td>\n       </tr>\n\n        <tr>\n               <td style='width:20%'>Comment</td>\n               <td style='width:10%'>:</td>\n               <td style='width:70%'> " . $_POST['comment'] . "</td>\n       </tr>\n\n\n\n</table>";
            /*$message = "
            		Date - $todayis
            		Name - " . $_POST['full_name'] . "
            		Patient Name - " . $_POST['patient_name'] . "
            		Type - " . $_POST['type'] . "
            		Gender - " . $_POST['sex'] . "
            		Patient Birth Date - " . $_POST['dob'] . "
            		Email - " . $_POST['email'] . "
            		Phone - " . $_POST['phone'] . "
            		City - " . $_POST['city'] . "
Exemplo n.º 6
0
session_start();
function checkCaptcha($response)
{
    if (isset($_SESSION['captcha_login_form']) && strtolower($_SESSION['captcha_login_form']) === strtolower($response)) {
        $res = true;
    } else {
        $res = false;
    }
    //this has to be done everytime you check captcha
    //otherwise your captcha is ineffective (not one-time)
    unset($_SESSION['captcha_login_form']);
    return $res;
}
if (isset($_POST['CAPTCHA'])) {
    if (checkCaptcha($_POST['CAPTCHA'])) {
        echo "Valid.";
    } else {
        echo "Invalid.";
    }
}
?>


<form method='post'>
<label>Captcha:</label>
<input type='text' name='CAPTCHA' placeholder='captcha' />
<a href='#' onclick='var t=document.getElementById("captcha"); t.src=t.src+"&amp;"+Math.random();' 
><img id='captcha' src='purecaptcha_img.php?t=login_form' height='22'/></a>
<br/>
Exemplo n.º 7
0
<?php

// niet via hier openen ga naar /admin/index.php
$usernameError = "";
$passwordError = "";
$password = "";
$username = "";
$correct = true;
if ($_SESSION["attempts"] == null) {
    $_SESSION["attempts"] = 0;
}
// check post
if (isset($_POST["username"]) && isset($_POST["password"])) {
    $_SESSION["attempts"]++;
    if ($_SESSION["attempts"] < 3 || checkCaptcha($_POST["g-recaptcha-response"])) {
        $password = trim($_POST["password"]);
        $username = trim($_POST["username"]);
        if ($username == "") {
            // check naam input
            $usernameError = "Naam is verplicht";
            $correct = false;
        }
        if ($password == "") {
            // check ww input
            $passwordError = "Wachtwoord is verplicht";
            $correct = false;
        }
        if ($correct) {
            // check combi naam+ww
            $password = hash("sha256", $password);
            $query = "SELECT Username FROM gebruikers WHERE Username = ? AND Wachtwoord = ?";
Exemplo n.º 8
0
</script>

<?php 
$params = array($_GET["id"]);
// eerst schilderij ophalen
$schilderijlijst = query("SELECT S.titel, S.jaar, S.hoogte, S.breedte, S.beschrijving, \n            C.Categorie_naam, SC.Subcategorie_naam, M.Materiaal_soort, S.img, S.prijs, S.lijst, \n            S.passepartout, S.isStaand\n FROM schilderij S \n  JOIN categorie C ON C.CategorieID = S.CategorieID \n  LEFT JOIN subcategorie SC ON SC.SubcategorieID = S.SubcategorieID \n  JOIN materiaal M ON M.MateriaalID = S.MateriaalID\n  \n  WHERE S.Schilderij_ID = ? AND S.OpWebsite = 1", $params);
if (count($schilderijlijst) != 1) {
    header("location: gallerij.php");
    exit;
}
$schilderij = $schilderijlijst[0];
$naam = "";
$commentaar = "";
$email = "";
$correct = true;
if (isset($_POST["naam"]) && isset($_POST["commentaar"]) && checkCaptcha($_POST["g-recaptcha-response"])) {
    $commentaar = uppercase($_POST["commentaar"]);
    $naam = trim($_POST["naam"]);
    if ($naam == "") {
        $naamleeg = "Naam is verplicht";
        $correct = false;
    }
    if ($commentaar == "") {
        $commentaarleeg = "Commentaar is verplicht";
        $correct = false;
    }
    if ($correct) {
        $naamklant = str_replace("<", "&lt;", $_POST["naam"]);
        $naamklant = str_replace(">", "&gt;", $naamklant);
        $naamklant = uppercase($naamklant);
        $email = str_replace("<", "&lt;", $_POST["email"]);
Exemplo n.º 9
0
function handleRequest($action)
{
    switch ($action) {
        case 'getLevelList':
            // [uid], [orderBy], [orderDir]
            $orderDirs = array('id' => 'ASC', 'playcount' => 'DESC', 'updated' => 'DESC', 'name' => 'ASC', 'user_id' => 'DESC');
            $orderBy = reqparam('orderBy');
            if (!in_array($orderBy, array_keys($orderDirs))) {
                $orderBy = 'id';
            }
            $orderDir = reqparam('orderDir');
            if (!in_array($orderDir, array('ASC', 'DESC'))) {
                $orderDir = $orderDirs[$orderBy];
            }
            $data = sql('SELECT levels.id, UNIX_TIMESTAMP(levels.updated) AS updated, levels.name, levels.desc, levels.user_id, users.username
							FROM levels
							LEFT JOIN users ON levels.user_id=users.id
							WHERE 1
							' . (reqparam('uid') ? ' AND levels.user_id=:uid' : '') . '
							ORDER BY levels.' . $orderBy . ' ' . $orderDir, array(':uid' => reqparam('uid')));
            output(array('levels' => $data));
            break;
        case 'getLevel':
            // id
            $data = sql('SELECT levels.id,  UNIX_TIMESTAMP(levels.updated) AS updated, levels.name, levels.desc, levels.data, levels.user_id, users.username
							FROM levels
							LEFT JOIN users ON levels.user_id=users.id
							WHERE levels.id=:id
							LIMIT 1', array(':id' => reqparam('id')), 1);
            output($data);
            break;
        case 'saveLevel':
            // sid, [id], name, [desc], data
            $user = sql('SELECT users.id FROM users, sessions WHERE sessions.id=:sid AND users.id=sessions.user_id LIMIT 1', array(':sid' => reqparam('sid')), 1);
            if (!$user) {
                error('Invalid session!');
            }
            if (reqparam('id') == 'null') {
                $_REQUEST['id'] = null;
            }
            if (reqparam('id')) {
                $oldlevel = sql('SELECT id, user_id FROM levels WHERE id=:id', array(':id' => reqparam('id')), 1);
                if (!$oldlevel) {
                    $_REQUEST['id'] = null;
                } elseif ($oldlevel['user_id'] != $user['id']) {
                    error('Trying to overwrite another user\'s level!');
                }
            }
            sql('INSERT INTO levels (' . (reqparam('id') ? '`id`, ' : '') . '`user_id`, `name`, `desc`, `data`)
					VALUES(' . (reqparam('id') ? ':id, ' : '') . ':uid, :name, :desc, :data)
					ON DUPLICATE KEY UPDATE id=LAST_INSERT_ID(id), `name`=:name, `desc`=:desc, `data`=:data', array(':id' => reqparam('id'), ':uid' => array('val' => $user['id'], 'type' => PDO::PARAM_INT), ':name' => reqparam('name'), ':desc' => reqparam('desc'), ':data' => reqparam('data')), 1, $insertID);
            output(array('id' => $insertID));
            break;
        case 'getUserData':
            // uid
            $data = sql('SELECT id, username, (SELECT COUNT(*) FROM levels WHERE user_id=:uid) AS level_count FROM users WHERE id=:uid', array(':uid' => reqparam('uid')), 1);
            output($data);
            break;
        case 'getSessionData':
            // sid
            $data = sql('SELECT users.id, users.username, sessions.id AS sid FROM users, sessions WHERE sessions.id=:sid AND users.id=sessions.user_id LIMIT 1', array(':sid' => reqparam('sid')), 1);
            if (!empty($data)) {
                output($data);
            } else {
                error('Invalid session!');
            }
            break;
        case 'logout':
            // sid
            sql('DELETE FROM sessions WHERE id=:sid LIMIT 1', array(':sid' => reqparam('sid')), 0);
            output(true);
            break;
        case 'login':
            // username, password
            // Get user info
            $data = sql('SELECT id, username FROM users WHERE username=:username AND password=:password LIMIT 1', array(':username' => reqparam('username'), ':password' => reqparam('password')), 1);
            if (!empty($data)) {
                // Create a new session
                $data['sid'] = uniqid('', true);
                sql('INSERT INTO sessions (id, user_id) VALUES(:sid, :uid)', array(':sid' => $data['sid'], ':uid' => $data['id']), 0);
                // Limit to 5 open sessions per user
                sql('DELETE FROM sessions WHERE user_id=:uid AND id NOT IN ( SELECT id FROM ( SELECT id FROM sessions WHERE user_id=:uid ORDER BY created DESC LIMIT 5 ) foo )', array(':uid' => $data['id']), 0);
                output($data);
            } else {
                error('Invalid username or password!');
            }
            break;
        case 'register':
            // usrename, password, captcha_challenge, captcha_response
            // Check captcha
            $resp = checkCaptcha();
            if (!$resp->is_valid) {
                error('Invalid CAPTCHA answer!');
            }
            // Check if username exists
            $data = sql('SELECT * FROM users WHERE username=:username LIMIT 1', array(':username' => reqparam('username')));
            if (count($data) > 0) {
                error('Username already taken!');
            }
            // Create new user
            sql('INSERT INTO users (username, password) VALUES(:username, :password)', array(':username' => reqparam('username'), ':password' => reqparam('password')), 0);
            return handleRequest('login');
            break;
        default:
            error('Invalid action');
    }
}