function addsite($url, $title, $short_desc, $cat, $def_include, $smap_url, $authent, $prior_level)
{
global $db_con, $mysql_table_prefix, $debug, $dba_act, $common_dir, $add_auth, $home_charset, $curl;
global $depth, $domaincb, $use_prefcharset, $include_dir, $idna, $conv_puny, $cyrillic;
if ($conv_puny && strstr($url, "xn--")) {
require_once "{$include_dir}/idna_converter.php";
// Initialize the converter class
$IDN = new idna_convert(array('idn_version' => 2008));
// Decode it to its readable presentation
$url = $IDN->decode($url);
}
$url = urldecode($url);
// get it readable
if ($cyrillic) {
$url = to_utf8($url);
// because of the bug in PHP function urldecode() we need special processing for CP1252 charset
}
$compurl = parse_url("" . $url);
// we will need all details of the URL
// https scheme requires cURL extension
if (!$curl && $compurl['scheme'] == "https") {
$message = "<p class='msg cntr'><br /><br /><span class='warnadmin'>Sorry, but in order to index URLs containing the https scheme,<br />you need to install the cURL extension on your server.</span><br /><br /><br /></p>";
echo "{$message}";
addsiteform();
exit;
}
// find out whether the URL contains www. or only basic domain
// also remove scheme (http <-> https
// only one will be accepted as new URL to be added to the database
$url1 = $compurl['host'] . "" . $compurl['path'];
$url1 = str_replace("www.", "", $url1);
if ($compurl['path'] == '') {
$url1 = $url1 . "/";
}
if (strpos($url1, "?")) {
$url1 = substr($url1, 0, strpos($url1, "?"));
// remove arguments
}
$url1 = $db_con->real_escape_string($url1);
// now check against already existing site URLs
$sql_query = "SELECT site_ID from " . $mysql_table_prefix . "sites where url like'%{$url1}%'";
$result = $db_con->query($sql_query);
if ($debug && $db_con->errno) {
$err_row = __LINE__ - 2;
printf("<p><span class='red'> MySQL failure: %s \n<br /></span></p>", $db_con->error);
if (__FUNCTION__) {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} in function(): " . __FUNCTION__ . " <br /></span></p>");
} else {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} <br /></span></p>");
}
printf("<p><span class='red'> Script execution aborted. <br /></span>");
printf("<p><strong>Invalid query string, which caused the SQL error:</strong></p>");
echo "<p> {$sql_query} </p>";
exit;
}
$rows = $result->num_rows;
if ($rows == 0) {
$must_include = '';
$must_not_include = '';
if ($def_include == '1') {
// get default values for URL 'must_include' and 'must_not_include'
$must_include = addslashes(@file_get_contents("{$common_dir}/must_include.txt"));
$must_not_include = addslashes(@file_get_contents("{$common_dir}/must_not_include.txt"));
}
// valid sitemap url?
if (!preg_match("/http:\\/\\//", $smap_url)) {
$smap_url = 'NULL';
}
$sql_query = "SELECT * from " . $mysql_table_prefix . "sites";
$result = $db_con->query($sql_query);
if ($debug && $db_con->errno) {
$err_row = __LINE__ - 2;
printf("<p><span class='red'> MySQL failure: %s \n<br /></span></p>", $db_con->error);
if (__FUNCTION__) {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} in function(): " . __FUNCTION__ . " <br /></span></p>");
} else {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} <br /></span></p>");
}
printf("<p><span class='red'> Script execution aborted. <br /></span>");
printf("<p><strong>Invalid query string, which caused the SQL error:</strong></p>");
echo "<p> {$sql_query} </p>";
exit;
}
$count = $result->num_rows;
// current count of URLs in table 'sites'
// clean admin's input
$url = $db_con->real_escape_string(substr(trim($url), 0, 1024));
if ($title) {
$title = $db_con->real_escape_string(cleaninput(substr(trim($title), 0, 255)));
}
if ($short_desc) {
$short_desc = $db_con->real_escape_string(cleaninput(trim($short_desc)));
}
if ($disallowed) {
$disallowed = $db_con->real_escape_string(cleaninput(trim($disallowed)));
}
if ($smap_url) {
$smap_url = $db_con->real_escape_string(substr(trim($smap_url), 0, 1024));
}
if ($authent) {
$authent = $db_con->real_escape_string(cleaninput(substr(trim($authent), 0, 255)));
}
// insert new URL into sites table
$sql_query = "INSERT INTO " . $mysql_table_prefix . "sites (url, title, short_desc, spider_depth, required, disallowed, can_leave_domain, db, smap_url, authent, use_prefcharset, prior_level)\n VALUES ('{$url}', '{$title}', '{$short_desc}', '{$depth}', '{$must_include}', '{$must_not_include}', '{$domaincb}', '{$dba_act}', '{$smap_url}', '{$authent}', '{$use_prefcharset}', '{$prior_level}')";
$db_con->query($sql_query);
if ($debug && $db_con->errno) {
$err_row = __LINE__ - 2;
printf("<p><span class='red'> MySQL failure: %s \n<br /></span></p>", $db_con->error);
if (__FUNCTION__) {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} in function(): " . __FUNCTION__ . " <br /></span></p>");
} else {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} <br /></span></p>");
}
printf("<p><span class='red'> Script execution aborted. <br /></span>");
printf("<p><strong>Invalid query string, which caused the SQL error:</strong></p>");
echo "<p> {$sql_query} </p>";
exit;
}
$sql_query = "SELECT site_ID from " . $mysql_table_prefix . "sites where url='{$url}'";
$result = $db_con->query($sql_query);
if ($db_con->errno) {
$err_row = __LINE__ - 2;
printf("<p><span class='red'> MySQL failure: %s \n<br /></span></p>", $db_con->error);
if (__FUNCTION__) {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} in function(): " . __FUNCTION__ . " <br /></span></p>");
} else {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} <br /></span></p>");
}
printf("<p><span class='red'> Script execution aborted. <br /></span>");
echo "<p> {$sql_query} </p>";
exit;
}
$row = $result->fetch_array(MYSQLI_NUM);
$site_id = $row[0];
$sql_query = "SELECT category_id from " . $mysql_table_prefix . "categories";
$result = $db_con->query($sql_query);
if ($debug && $db_con->errno) {
$err_row = __LINE__ - 2;
printf("<p><span class='red'> MySQL failure: %s \n<br /></span></p>", $db_con->error);
if (__FUNCTION__) {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} in function(): " . __FUNCTION__ . " <br /></span></p>");
} else {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} <br /></span></p>");
}
printf("<p><span class='red'> Script execution aborted. <br /></span>");
printf("<p><strong>Invalid query string, which caused the SQL error:</strong></p>");
echo "<p> {$sql_query} </p>";
exit;
}
while ($row = $result->fetch_array(MYSQLI_NUM)) {
$cat_id = $row[0];
if ($cat[$cat_id] == 'on') {
$db_con->query("INSERT INTO " . $mysql_table_prefix . "site_category (site_id, category_id) values ('{$site_id}', '{$cat_id}')");
}
}
if (!$db_con->errno) {
$message = "<p class='msg'> New Site added to database {$dba_act} ...</p>";
}
} else {
echo "<br />\n <p class='msg cntr'><span class='warnadmin'> {$url} </span></p>\n <br />\n <p class='msg cntr'><span class='warnadmin'> Site already in database </span></p>\n <br />\n ";
addsiteform();
exit;
}
// delete all invalid URLs from table 'sites'
$sql_query = "DELETE from " . $mysql_table_prefix . "sites where site_id='0' OR site_id=''";
$db_con->query($sql_query);
if ($debug && $db_con->errno) {
$err_row = __LINE__ - 2;
printf("<p><span class='red'> MySQL failure: %s \n<br /></span></p>", $db_con->error);
if (__FUNCTION__) {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} in function(): " . __FUNCTION__ . " <br /></span></p>");
} else {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} <br /></span></p>");
}
printf("<p><span class='red'> Script execution aborted. <br /></span>");
printf("<p><strong>Invalid query string, which caused the SQL error:</strong></p>");
echo "<p> {$sql_query} </p>";
exit;
}
$sql_query = "SELECT* from " . $mysql_table_prefix . "sites";
$result = $db_con->query($sql_query);
if ($debug && $db_con->errno) {
$err_row = __LINE__ - 2;
printf("<p><span class='red'> MySQL failure: %s \n<br /></span></p>", $db_con->error);
if (__FUNCTION__) {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} in function(): " . __FUNCTION__ . " <br /></span></p>");
} else {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} <br /></span></p>");
}
printf("<p><span class='red'> Script execution aborted. <br /></span>");
printf("<p><strong>Invalid query string, which caused the SQL error:</strong></p>");
echo "<p> {$sql_query} </p>";
exit;
}
$new_count = $result->num_rows;
// count of URLs after adding new site
if ($count == $new_count) {
$message = "<p class='msg'> New Site not added to database {$dba_act}, because invlid</p>";
}
return $message;
}
<br />
<a class='bkbtn' href='addurl.php' title='Go back to Suggest form'>".$sph_messages['BackToSubForm']."</a>
</body>
</html>
";
die ('');
}
error_reporting(E_ALL);
session_destroy();
}
// clean input
$url = cleaninput(cleanup_text(trim(substr ($url, 0,100))));
$title = cleaninput(cleanup_text(trim(substr ($title, 0,100))));
$description = cleaninput(cleanup_text(nl2br(trim(substr ($description, 0,250)))));
$email = cleaninput(cleanup_text(trim(substr ($email, 0,100))));
// check Url
$input = $url;
validate_url($input);
$url = $input;
// check Title
if(!preg_match('/^[[:print:]]{5,100}$/', $title)) {
echo "<h1>$mytitle</h1><br />
<p class='em cntr warnadmin'>
".$sph_messages['InvTitle']."
<br />
</p>
<br />
<a class='bkbtn' href='addurl.php' title='Go back to Suggest form'>".$sph_messages['BackToSubForm']."</a>
if(isset($_POST["send_answer"])) {
if(empty($_POST["answer"])) {
$answer_error = "See väli on kohustuslik!";
} else {
$answer = cleanInput($_POST["answer"]);
}
if(empty($_POST["answer_type"])) {
$answer_type_error = "See väli on kohustuslik!";
} else {
$answer_type = cleanInput($_POST["answer_type"]);
}
$current_id = cleaninput($_POST["current_id"]) + 0;
if($answer_error == "" && $answer_type_error == "") {
$Resume->sendAnswer($current_id, $answer_type, $answer);
} else {
$response->error->message = "Viga! Sa ei täitnud kõike kohustuslike lahtreid!";
}
}
}
}
}
require_once("../header.php");
$category = cleaninput($_GET['category']);
}
if (isset($_GET['mark'])) {
$mark = cleaninput($_GET['mark']);
}
if (isset($_GET['results'])) {
$results = cleaninput($_GET['results']);
}
if (isset($_GET['start'])) {
$start = cleaninput($_GET['start']);
}
if (isset($_GET['start_links'])) {
$start_links = cleaninput($_GET['start_links']);
}
if (isset($_GET['adv'])) {
$adv = cleaninput($_GET['adv']);
}
require_once "{$include_dir}/searchfuncs.php";
require_once "{$include_dir}/categoryfuncs.php";
include "{$language_dir}/{$language}-language.php";
if ($mark == $sph_messages['markbold']) {
$mark = 'markbold';
}
if ($mark == $sph_messages['markyellow']) {
$mark = 'markyellow';
}
if ($mark == $sph_messages['markgreen']) {
$mark = 'markgreen';
}
if ($mark == $sph_messages['markblue']) {
$mark = 'markblue';
if (empty($_POST["job_company1"])) {
$job_company_error1 = "See väli on kohustuslik!";
} else {
$job_company1 = cleaninput($_POST["job_company1"]);
}
if (empty($_POST["job_email1"])) {
$job_email_error1 = "See väli on kohustuslik!";
} else {
$job_email1 = cleaninput($_POST["job_email1"]);
}
if (empty($_POST["job_number1"])) {
$job_number_error1 = "See väli on kohustuslik!";
} else {
$job_number1 = cleaninput($_POST["job_number1"]);
}
if ($job_company_error1 == "" && $job_email_error1 == "" && $job_number_error1 == "") {
$response = $Profile->editCompany($job_company1, $job_email1, $job_number1, $old_name);
}
}
}
}
}
require_once("../header.php");
?>
<!--
include "functions.php";
/*
including filewriter class to write the changes made to CSS files from the settings panel.
*/
include "../" . MODS_DIRECTORY . "/class.filewriter.php";
include "../" . USER_DIRECTORY . "/header.php";
$js = "<script src=\"{$website}/" . JS_DIRECTORY . "/jquery.hashchange.js\"></script>\n<script src=\"{$website}/" . JS_DIRECTORY . "/admin.base.js\"></script>";
subheader(_("Site Settings"), null, $js);
if ($sesslife == true) {
if ($is_admin == 1) {
/*
processing the updated values if the form is submitted, else show the respective settings page to the admin.
*/
if (isset($_POST["updatesettings"])) {
if (isset($_POST["section"])) {
$_section = cleaninput($_POST["section"]);
if (!empty($_section)) {
if ($_section == "general") {
$web = cleanInput($_POST["website"]);
$webtitle = cleanInput($_POST["title"]);
$description = cleanInput($_POST["description"]);
$keywords = cleanInput($_POST["keywords"]);
$sending_email = cleanInput($_POST["sending_email"]);
$user_verification = intval($_POST["user_verification"]);
if (!empty($web) && !empty($webtitle)) {
/*
remove the "/" from the website address.
*/
if (substr($web, strlen($web) - 1) == "/") {
$web = substr($web, 0, strlen($web) - 1);
}
}
$plus_nr = '';
@(include "" . $settings_dir . "/db" . $dba_act . "/conf_" . $mysql_table_prefix . ".php");
if (!$plus_nr) {
include "/settings/backup/Sphider-plus_default-configuration.php";
}
if ($debug == '0') {
error_reporting(0);
// suppress PHP messages
}
//set_error_handler('error_handler', E_ALL); // local error_handler only for debugging. DO NOT USE ON SHARED HOSTING SYSTEMS ! ! !
set_time_limit(0);
$action = '';
$action = $_GET['action'];
// what to do now?
$action = substr(cleaninput($action), '0', '6');
// clean input as it comes from a far away client
if ($action == 'GetLog') {
// enter here for fresh log info
$sql_query = "SELECT real_log from " . $mysql_table_prefix . "real_log LIMIT 1";
$result = $db_con->query($sql_query);
if ($debug && $db_con->errno) {
$err_row = __LINE__ - 2;
printf("<p><span class='red'> MySQL failure: %s \n<br /></span></p>", $db_con->error);
if (__FUNCTION__) {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} in function(): " . __FUNCTION__ . " <br /></span></p>");
} else {
printf("<p><span class='red'> Found in script: " . __FILE__ . " row: {$err_row} <br /></span></p>");
}
printf("<p><span class='red'> Script execution aborted. <br /></span>");
printf("<p><strong>Invalid query string, which caused the SQL error:</strong></p>");
public function new_recipe()
{
$data = array();
include 'lib/libraries/upload.class.php';
if (isset($_POST['save'])) {
$data['errors'] = array();
$author_id = Session::get('id');
$owner_id = $author_id;
// validate form
$name = cleaninput($_POST['name']);
if (empty($name)) {
$data['errors'][] = array('title' => 'Invalid Input', 'text' => '`Name` cannot be blank');
}
$description = cleaninput($_POST['description']);
if (empty($description)) {
$data['errors'][] = array('title' => 'Invalid Input', 'text' => '`Description` cannot be blank');
}
$is_private = isset($_POST['is_private']) && $_POST['is_private'] == '1' ? 1 : 0;
$prep_directions = cleaninput($_POST['prep-directions']);
$cook_directions = cleaninput($_POST['cook-directions']);
$post_directions = cleaninput($_POST['post-directions']);
// sanitized not checked.
$prep_time_hours = isset($_POST['prep-hours']) && is_numeric($_POST['prep-hours']) ? $_POST['prep-hours'] : 0;
$prep_time_minutes = isset($_POST['prep-minutes']) && is_numeric($_POST['prep-minutes']) ? $_POST['prep-minutes'] : 0;
$cook_time_hours = isset($_POST['cook-hours']) && is_numeric($_POST['cook-hours']) ? $_POST['cook-hours'] : 0;
$cook_time_minutes = isset($_POST['cook-minutes']) && is_numeric($_POST['cook-minutes']) ? $_POST['cook-minutes'] : 0;
$picture = '';
if (isset($_FILES['picture'])) {
$ihandle = new upload($_FILES['picture']);
if ($ihandle->uploaded) {
$ihandle->file_new_name_body = md5($_FILES['picture']['name']);
// needs salt? picture names will append incremental numerics if exist.
$ihandle->image_resize = true;
$ihandle->image_x = 260;
$ihandle->image_y = 180;
$ihandle->file_max_size = 1024 * 1024;
// 1MB
$ihandle->image_ratio_crop = true;
$handle->allowed = array('image/png', 'image/jpeg', 'image/gif');
$ihandle->process('uploads/');
if ($ihandle->processed) {
$picture = $ihandle->file_dst_pathname;
} else {
$data['errors'][] = array('title' => 'Upload Error', 'text' => $ihandle->error);
}
}
}
// nice
list($ingredients, $amounts, $units) = array($_POST['ingredient'], $_POST['ingredient-amount'], $_POST['ingredient-unit']);
$ingredientsArray = array();
foreach ($ingredients as $k => $ingredient) {
$ingredientsArray[] = array('ingredient' => $ingredient, 'amount' => $amounts[$k], 'unit' => $units[$k]);
}
$tagsArray = explode(' ', cleaninput($_POST['tags']));
if (!$this->model->insert_recipe($owner_id, $author_id, $name, $description, $is_private, $picture, $prep_directions, $cook_directions, $post_directions, $prep_time_hours, $prep_time_minutes, $cook_time_hours, $cook_time_minutes, $ingredientsArray, $tagsArray)) {
$data['errors'][] = array('title' => 'Insert Error', 'text' => 'Unable to insert records to database.');
}
if (empty($data['errors'])) {
redirect('collection');
}
}
$data['scripts'] = array('/assets/js/recipe.js');
$this->view->load('collection/recipe', $data);
}
$firstname = "";
$lastname = "";
// kontrolli ainult siis, kui kasutaja vajutab "logi sisse" nuppu
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_POST["login"])) {
//kontrollime, et e-post ei oleks tühi
if (empty($_POST["email"])) {
$email_error = "Ei saa olla tühi";
} else {
$email = cleaninput($_POST["email"]);
}
//kontrollime parooli
if (empty($_POST["password"])) {
$password_error = "Ei saa olla tühi";
} else {
$password = cleaninput($_POST["password"]);
}
if ($password_error == "" && $email_error == "") {
echo "Sisselogimine. Kasutajanimi on " . $email . " ja parool on " . $password;
$hash = hash("sha512", $password);
$stmt = $mysqli->prepare("SELECT id, email FROM users WHERE email=? AND password=?");
// küsimärkide asendus
$stmt->bind_param("ss", $email, $hash);
$stmt->bind_result($id_from_db, $email_from_db);
$stmt->execute();
// teeb päringu ja kui on tõene (st et ab oli see väärtus)
if ($stmt->fetch()) {
echo "Kasutaja logis sisse id=" . $id_from_db;
} else {
echo "Valed andmed!";
}
include "../function_common_58462554.php";
function clean($str)
{
$str = preg_replace('/[^A-Za-z0-9]/', '', $str);
$str = @trim($str);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
$str = filter_var($str, FILTER_SANITIZE_STRING);
$str = htmlentities($str);
return mysql_real_escape_string($str);
}
$set = 0;
if (isset($_POST['changep'])) {
$password = $_POST['password'];
$password = cleaninput($password);
$password = clean($password);
$salt8955 = '5dG2T8564F556csf5df9eAsd454fR54d';
$encrypted05pass = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($salt8955), $password, MCRYPT_MODE_CBC, md5(md5($salt8955))));
$sql = "UPDATE userids845 SET Pwd5='{$encrypted05pass}' WHERE Pid5=1";
executesql($sql, $link);
$set = 1;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
$_SESSION['seCureCon54684s2s'] = $codeDB;
include "../check-authentication-or-session.php";
include "../config_cA_soft_9564.php";
include "../function_common_58462554.php";
if (isset($_POST['addoffer'])) {
$offerid = $_POST['offerid'];
$rlink = $_POST['rlink'];
$olink = $_POST['olink'];
$ulink = $_POST['ulink'];
$mailserver = $_POST['mailserver'];
$offerid = cleaninput($offerid);
# $rlink=cleaninput($rlink);
# $olink=cleaninput($olink);
$ulink = cleaninput($ulink);
$sponsor = cleaninput($_POST['sponsor']);
$account = cleaninput($_POST['account']);
$date = date('d/m/Y');
$rlink = str_replace("[ms]", $mailserver, $rlink);
$listnm = '';
if (isset($_POST['listnm'])) {
foreach ($_POST['listnm'] as $lst) {
$listnm .= "," . $lst;
}
}
$listnm = substr($listnm, 1);
$sql = "INSERT INTO offers( rlink, olink, ulink, adddate, offerid, clicks, opens,listname,sponsor,account) VALUES ('{$rlink}','{$olink}','{$ulink}','{$date}','{$offerid}',0,0,'{$listnm}','{$sponsor}','{$account}')";
executesql($sql, $link);
header("location:listoffer.php");
}
?>
<!DOCTYPE html>
$link = cleaninput(substr(trim($_GET['link']), 0, 255));
}
if (isset($_GET['title'])) {
$title = cleaninput(substr(trim($_GET['title']), 0, 255));
}
if (isset($_GET['db'])) {
$db = cleaninput(substr(trim($_GET['db']), 0, 1));
}
if (isset($_GET['prefix'])) {
$prefix = cleaninput(substr(trim($_GET['prefix']), 0, 20));
}
if (isset($_GET['sort'])) {
$sort = cleaninput(substr(trim($_GET['sort']), 0, 20));
}
if (isset($_GET['submit'])) {
$submit = cleaninput(substr(trim($_GET['submit']), 0, 20));
}
if ($sep_media && $query_m && ($submit == $sph_messages['m_search'] || stristr($submit, "media"))) {
$query = $query_m;
// search for media only (as of the separate search form)
} else {
$query = $query_t;
// combined query input
}
$query = preg_replace("/<|>/", "", $query);
// delete tags from query
// if search with 'wildcards' at the end of each search string should become default,
// uncoment the following row.
//$query = $query."*";
//if 'Search only Media' should become default,
//uncomment the following 3 rows
