function validate_form() { $error = array(); $NumberTickets = clean_int($_POST['numberoftickets']); $MaxMb = clean_number($_POST['MaxMb']); $Max_Mb = clean_number($_POST['Max_Mb']); $MaxTime = clean_int($_POST['MaxTime']); $Max_Time = clean_int($_POST['Max_Time']); $error[] = validate_int($NumberTickets); if (!\Grase\Validate::numericLimit($MaxMb)) { $error[] = sprintf(T_("Invalid value '%s' for Data Limit"), $MaxMb); } if (!\Grase\Validate::numericLimit($Max_Mb)) { $error[] = sprintf(T_("Invalid value '%s' for Data Limit"), $Max_Mb); } if (!\Grase\Validate::numericLimit($MaxTime)) { $error[] = sprintf(T_("Invalid value '%s' for Time Limit"), $MaxTime); } if (!\Grase\Validate::numericLimit($Max_Time)) { $error[] = sprintf(T_("Invalid value '%s' for Time Limit"), $Max_Time); } if ((is_numeric($Max_Mb) || $_POST['Max_Mb'] == 'inherit') && is_numeric($MaxMb)) { $error[] = T_("Only set one Data limit field"); } if ((is_numeric($Max_Time) || $_POST['Max_Time'] == 'inherit') && is_numeric($MaxTime)) { $error[] = T_("Only set one Time limit field"); } // 1000 seems like a reasonable number, if someone wants it increased we can now that we can delete batches if ($NumberTickets > 1000) { $error[] = T_("Max of 1000 tickets per batch"); } $error[] = validate_group($_POST['Group']); return array_filter($error); }
public function deleteFromDB() { global $db; if ($this->plusrelationship_id > 0) { //DELETE ALL SUB-CONTENT //$revs = DocRevision::FetchByGroupDoc( $this->groupdoc_id ); //foreach ( $revs as $rev ) { // $rev->deleteFromDB(); //} $query = sprintf("DELETE FROM plusrelationship WHERE plusrelationship_id = %d", clean_int($this->plusrelationship_id)); $result = mysql_query($query, $db); if ($result) { $this->plusrelationship_id = 0; } } }
public function deleteFromDB() { global $db; if ($this->pluspost_id > 0) { //DELETE ALL SUB-CONTENT $query = sprintf("DELETE FROM pluspost WHERE pluspost_id = %d", clean_int($this->pluspost_id)); $result = mysql_query($query, $db); if ($result) { $this->pluspost_id = 0; } } }
<?php global $form, $listid, $groups; if (preg_match("/\\/includes\\//", $PHP_SELF)) { die("You can't access this file directly!"); } $form = clean_word($form); $listid = clean_int($listid); ?> <script type="text/javascript"> <!-- <![CDATA[ function OkButton () { var parentlist = window.opener.document.<?php echo $form; ?> .elements[<?php echo $listid; ?> ]; var thislist = document.forms[0].elements[0]; var found = ""; // select/deselect all elements for ( i = 0; i < parentlist.length; i++ ) { var state = false; for ( j = 0; j < thislist.length; j++ ) { if ( thislist.options[j].value == parentlist.options[i].value ) { state = thislist.options[i].selected; found += " " + thislist.options[j].value;
} } // Options for login Config that can only be one $singleLoginOptions = array('hideheader' => array("label" => T_("Login Screen Title"), "description" => T_("Hide Title (header) from login screen"), "type" => "bool"), 'hidemenu' => array("label" => T_("Login Screen Menu"), "description" => T_("Hide Menubar from login screen"), "type" => "bool"), 'hidefooter' => array("label" => T_("Login Screen Footer"), "description" => T_("Hide footer from login screen.\n Please consider adding a link back to http://grasehotspot.org if you are hiding the footer"), "type" => "bool"), 'hidehelplink' => array("label" => T_("Help Link"), "description" => T_("Hide Help link from menu and footer"), "type" => "bool"), 'disablejavascript' => array("label" => T_("Disable Javascript Login"), "description" => T_("Force all logins to be through the less secure non-javascript method"), "type" => "bool"), 'disableallcss' => array("label" => T_("Disable All Default CSS"), "description" => T_("All css files will be excluded from the login pages, and only the css below (Main CSS) will be used"), "type" => "bool"), 'logintitle' => array("label" => T_("Page Title"), "description" => T_("The page title that is displayed on the login page"), "type" => "text"), 'autocreategroup' => array("label" => T_("Free Login Group"), "description" => T_("The group to create 'Free Login' users in. Leave blank to disable free logins"), "type" => "text"), 'freeloginbuttontext' => array("label" => T_("Free Login Button Text"), "description" => T_("Text to show on the Free Login button if enabled above. Defaults to 'Free Access'"), "type" => "text"), 'hidenormallogin' => array("label" => T_("Hide Username/Password (Voucher) login form"), "description" => T_("Hides the login form (username/password fields). Useful if you only want a free login button"), "type" => "bool")); // Templates $templateOptions = array('termsandconditions' => array("label" => T_("Terms and Conditions"), "description" => T_("Terms and Conditions of use (HTML) - Leave empty to not display"), "type" => "html"), 'maincss' => array("label" => T_("Main CSS"), "description" => T_("Cascading style sheet that is applied to all portal pages (use !important to override a style if your\n settings here don't seem to work, it may be that the builtin css has a more specific selector than your one\n here, look at radmin.css for id's and classes)"), "type" => "css"), 'helptext' => array("label" => T_("Help and Information Page"), "description" => T_("Help and Information page contents, leaving this blank does not remove the link, see above options for removing the link."), "type" => "html"), 'aboveloginhtml' => array("label" => T_("HTML Above login form"), "description" => T_("HTML to insert above login form (and free login)"), "type" => "html"), 'belowloginhtml' => array("label" => T_("HTML Below login form"), "description" => T_("HTML to insert below login form"), "type" => "html"), 'loggedinnojshtml' => array("label" => T_("Logged In HTML"), "description" => T_("HTML for successful login when not using javascript"), "type" => "html")); loadLoginOptions($Settings); if (isset($_POST['submit'])) { foreach ($singleLoginOptions as $singleOption => $attributes) { switch ($attributes['type']) { default: case "string": $postValue = trim(\Grase\Clean::text($_POST[$singleOption])); break; case "int": $postValue = trim(clean_int($_POST[$singleOption])); break; case "number": $postValue = trim(clean_number($_POST[$singleOption])); break; case "bool": if (isset($_POST[$singleOption])) { $postValue = 'TRUE'; } else { $postValue = 'FALSE'; } break; } if ($postValue != $attributes['value']) { // Update options in database $Settings->setSetting($singleOption, $postValue);
} if (!(isset($vouchermaxmb[$key]) || isset($vouchermaxtime[$key]))) { $warning[] = T_("It is not recommended having vouchers without a data or time limit"); } // validate limits //$error[] = validate_datalimit($groupdatalimit[$key]); // Silence warnings (@) as we don't care if they are set or not' if (!\Grase\Validate::numericLimit($vouchermaxtime[$key])) { $error[] = sprintf(T_("Invalid value '%s' for Time Limit"), $vouchermaxtime[$key]); } if (!\Grase\Validate::numericLimit($vouchermaxmb[$key])) { $error[] = sprintf(T_("Invalid value '%s' for Data Limit"), $vouchermaxmb[$key]); } // TODO validate groupname, it already comes in in the correct format though $error = array_filter($error); $vouchersettings[\Grase\Clean::groupName($name)] = array_filter(array('VoucherName' => \Grase\Clean::groupName($name), 'VoucherLabel' => \Grase\Clean::text($name), 'VoucherPrice' => @clean_number($voucherprice[$key]), 'VoucherGroup' => $vouchergroup[$key], 'MaxMb' => @clean_number($vouchermaxmb[$key]), 'MaxTime' => @clean_int($vouchermaxtime[$key]), 'Description' => @\Grase\Clean::text($voucherdesc[$key]), 'TopupVoucher' => $vouchertopup[$key] ? TRUE : FALSE, 'InitVoucher' => $voucherinit[$key] ? TRUE : FALSE)); } if (sizeof($error) == 0) { // No errors. Save groups //$Settings->setSetting("groups", serialize($groupexpiries)); foreach ($vouchersettings as $attributes) { //$Settings->setGroup($attributes); $Settings->setVoucher($attributes); } // Delete vouchers no longer referenced foreach ($Settings->getVoucher() as $oldvoucher => $oldvouchersettings) { if (!isset($vouchersettings[$oldvoucher])) { $Settings->deleteVoucher($oldvoucher); } } $success[] = T_("Vouchers updated");
public function deleteFromDB() { global $db; if ($this->plusperson_id > 0) { //DELETE ALL SUB-CONTENT $rs = PlusRelationship::FetchRelationshipsByOwner($this->googleplus_id); foreach ($rs as $r) { $r->deleteFromDB(); } $rs = PlusRelationship::FetchRelationshipsByCircled($this->googleplus_id); foreach ($rs as $r) { $r->deleteFromDB(); } $query = sprintf("DELETE FROM plusperson WHERE plusperson_id = %d", clean_int($this->plusperson_id)); $result = mysql_query($query, $db); if ($result) { $this->plusperson_id = 0; } } }
case "string": $postValue = trim(\Grase\Clean::text($_POST[$selectOption])); // TODO Validate from list of valid vars break; } $networkOptions[$selectOption] = $postValue; } foreach ($multiNetworkOptions as $multiOption => $attributes) { $postValue = array(); foreach ($_POST[$multiOption] as $value) { switch ($attributes['type']) { case "string": $postValue[] = \Grase\Clean::text($value); break; case "int": $postValue[] = clean_int($value); break; case "number": $postValue[] = clean_number($value); break; case "ip": if (trim($value)) { $postValue[] = long2ip(ip2long(trim($value))); } break; } } $postValue = array_filter($postValue); $networkOptions[$multiOption] = $postValue; } // TODO: validate network settings
if ($type == 'User') { $user['Username'] = \Grase\Clean::username($_POST['Username']); $user['Password'] = \Grase\Clean::text($_POST['Password']); } if ($type == 'Computer') { $user['Username'] = \Grase\Clean::username($_POST['mac']); $user['mac'] = $user['Username']; $user['Password'] = DatabaseFunctions::getInstance()->getChilliConfigSingle('macpasswd'); } $user['MaxMb'] = $_POST['MaxMb']; $user['Max_Mb'] = clean_number($_POST['Max_Mb']); if ($_POST['Max_Mb'] == 'inherit') { $user['Max_Mb'] = 'inherit'; } $user['MaxTime'] = $_POST['MaxTime']; $user['Max_Time'] = clean_int($_POST['Max_Time']); if ($_POST['Max_Time'] == 'inherit') { $user['Max_Time'] = 'inherit'; } $user['Group'] = \Grase\Clean::text($_POST['Group']); $user['Expiration'] = expiry_for_group(\Grase\Clean::text($_POST['Group'])); $user['Comment'] = \Grase\Clean::text($_POST['Comment']); // Validate details $error = validate_form($user, $type); if ($error) { $templateEngine->assign("user", $user); $templateEngine->assign("error", $error); $templateEngine->displayPage($templateFile); exit; } else { // Load group settings so we can use Expiry, MaxMb and MaxTime
protected function clean_smallint($input) { return clean_int($input); }
$templateEngine->assign("username", $_GET['username']); } elseif (isset($_GET['allsessions'])) { $sessions = DatabaseFunctions::getInstance()->getRadiusUserSessionsDetails(); $totalRows = sizeof($sessions); $numPerPage = $_GET['items'] ? abs($_GET['items']) : 25; // TODO check this is safe $page = $_GET['page'] ? abs($_GET['page']) : 0; //TODO check this is safe $pages = floor($totalRows / $numPerPage); if ($page > $pages) { $page = $pages; } $currentStartItem = $page * $numPerPage; $displaySessions = array_slice($sessions, $currentStartItem, $numPerPage, true); $templateEngine->assign("sessions", $displaySessions); $templateEngine->assign("pages", $pages); $templateEngine->assign("perpage", $numPerPage); $templateEngine->assign("currentpage", $page); } else { $templateEngine->assign("activesessions", DatabaseFunctions::getInstance()->getActiveRadiusSessionsDetails()); if ($_GET['refresh']) { $refresh = clean_int($_GET['refresh']) * 60; if ($refresh < 60) { $refresh = 60; } $templateEngine->assign("autorefresh", $refresh); } } $templateEngine->assign('usercomments', DatabaseFunctions::getInstance()->getAllUsersComments()); $templateEngine->displayPage('sessions.tpl'); // TODO: Data usage over "forever"
if (!\Grase\Validate::bandwidthOptions($groupBandwidthDownLimit[$key], bandwidth_options())) { $error[] = sprintf(T_("Invalid Bandwidth Limit '%s'"), $groupBandwidthDownLimit[$key]); } if (!\Grase\Validate::bandwidthOptions($groupBandwidthUpLimit[$key], bandwidth_options())) { $error[] = sprintf(T_("Invalid Bandwidth Limit '%s'"), $groupBandwidthUpLimit[$key]); } //TODO we don't validate that it's not 0, relying on HTML5 to do that $error[] = @validate_int($groupSimultaneousUse[$key], true); // TODO: Validate Login-Time $error[] = @validate_uucptimerange($groupLoginTime[$key]); $error = array_filter($error); if (isset($groupRecurTime[$key]) xor isset($groupRecurTimeLimit[$key])) { $error[] = sprintf(T_("Need both a time limit and recurrance for '%s'"), \Grase\Clean::text($name)); } $groups[\Grase\Clean::groupName($name)] = array_filter(array('DataRecurTime' => \Grase\Clean::text($groupRecurData[$key]), 'DataRecurLimit' => clean_number($groupRecurDataLimit[$key]), 'TimeRecurTime' => @\Grase\Clean::text($groupRecurTime[$key]), 'TimeRecurLimit' => @clean_int($groupRecurTimeLimit[$key]), 'BandwidthDownLimit' => @clean_int($groupBandwidthDownLimit[$key]), 'BandwidthUpLimit' => @clean_int($groupBandwidthUpLimit[$key]), 'SimultaneousUse' => @clean_int($groupSimultaneousUse[$key]), 'LoginTime' => @$groupLoginTime[$key], 'IdleTimeout' => @clean_int($groupIdleTimeout[$key]))); $groupSettings[\Grase\Clean::groupName($name)] = array_filter(array('GroupName' => \Grase\Clean::groupName($name), 'Comment' => \Grase\Clean::text($groupComment[$key]), 'GroupLabel' => \Grase\Clean::text($name), 'Expiry' => @$groupExpiry[$key], 'ExpireAfter' => @$groupExpireAfter[$key], 'MaxMb' => @clean_number($groupDataLimit[$key]), 'MaxTime' => @clean_int($groupTimeLimit[$key]))); } if (sizeof($error) == 0) { // No errors. Save groups foreach ($groupSettings as $attributes) { $Settings->setGroup($attributes); } // Delete groups no longer referenced foreach ($Settings->getGroup() as $oldgroup => $oldgroupsettings) { if (!isset($groupSettings[$oldgroup])) { $Settings->deleteGroup($oldgroup); } } // Delete groups from radgroupreply not in groupExpiries... // Deleting groups out of radgroupreply will modify current users // Need to do check for any users still using group, if no user then delete