if ($key == "COUNT(*)") { //! columns looking like functions $link = h(ME . "select=" . urlencode($TABLE)); $i = 0; foreach ((array) $_GET["where"] as $v) { if (!array_key_exists($v["col"], $unique_array)) { $link .= h(where_link($i++, $v["col"], $v["val"], $v["op"])); } } foreach ($unique_array as $k => $v) { $link .= h(where_link($i++, $k, $v)); } } } if (!$link) { if (is_mail($val)) { $link = "mailto:{$val}"; } if ($protocol = is_url($row[$key])) { $link = $protocol == "http" && $HTTPS ? $row[$key] : "{$protocol}://www.adminer.org/redirect/?url=" . urlencode($row[$key]); } } $id = h("val[{$unique_idf}][" . bracket_escape($key) . "]"); $value = $_POST["val"][$unique_idf][bracket_escape($key)]; $h_value = h($value !== null ? $value : $row[$key]); $long = strpos($val, "<i>...</i>"); $editable = is_utf8($val) && $rows[$n][$key] == $row[$key] && !$functions[$key]; $text = ereg('text|lob', $field["type"]); echo $_GET["modify"] && $editable || $value !== null ? "<td>" . ($text ? "<textarea name='{$id}' cols='30' rows='" . (substr_count($row[$key], "\n") + 1) . "'>{$h_value}</textarea>" : "<input name='{$id}' value='{$h_value}' size='{$lengths[$key]}'>") : "<td id='{$id}' ondblclick=\"" . ($editable ? "selectDblClick(this, event" . ($long ? ", 2" : ($text ? ", 1" : "")) . ")" : "alert('" . h(lang('Use edit link to modify this value.')) . "')") . ";\">" . $adminer->selectVal($val, $link, $field); } }
/** Format value to use in select * @param string * @param string * @param array * @param int * @return string HTML */ function select_value($val, $link, $field, $text_length) { global $adminer, $HTTPS; if (is_array($val)) { $return = ""; foreach ($val as $k => $v) { $return .= "<tr>" . ($val != array_values($val) ? "<th>" . h($k) : "") . "<td>" . select_value($v, $link, $field, $text_length); } return "<table cellspacing='0'>{$return}</table>"; } if (!$link) { $link = $adminer->selectLink($val, $field); } if ($link === null) { if (is_mail($val)) { $link = "mailto:{$val}"; } if ($protocol = is_url($val)) { $link = $protocol == "http" && $HTTPS || preg_match('~WebKit~i', $_SERVER["HTTP_USER_AGENT"]) ? $val : "https://www.adminer.org/redirect/?url=" . urlencode($val); } } $return = $adminer->editVal($val, $field); if ($return !== null) { if ($return === "") { // === - may be int $return = " "; } elseif (!is_utf8($return)) { $return = ""; // htmlspecialchars of binary data returns an empty string } elseif ($text_length != "" && is_shortable($field)) { $return = shorten_utf8($return, max(0, +$text_length)); // usage of LEFT() would reduce traffic but complicate query - expected average speedup: .001 s VS .01 s on local network } else { $return = h($return); } } return $adminer->selectVal($return, $link, $field, $val); }
function info_check() { if (!isset($this->user_info['user']) || empty($this->user_info['user'])) { return "用户名为空"; } if (strlen($this->user_info['user']) > 20 || strlen($this->user_info['user']) < 4) { return "用户名长度不符"; } if (is_numeric($this->user_info['user'])) { return "用户名不能全为数字"; } if (is_numeric($this->user_info['user'][0])) { return "用户名首位不能为数字"; } if (!isset($this->user_info['pwd']) || !isset($this->user_info['pwd2']) || $this->user_info['pwd'] == '') { return "密码为空"; } if (strlen($this->user_info['pwd']) < 6) { return "密码必须大于6位"; } if (strlen($this->user_info['pwd']) > 16) { return "密码必须不能大于16位"; } if ($this->user_info['pwd'] != $this->user_info['pwd2']) { return "两次密码不一致"; } if (isset($this->user_info['email'])) { if (!is_mail($this->user_info['email'])) { return "邮箱不正确"; } } if (isset($this->user_info['tel']) && strlen($this->user_info['tel']) != 11) { return "手机号码错误"; } return 'OK'; }
$max_len = $field["type"] == "textarea" ? 65536 : 1024; // 65 kilobytes max for textarea and 1024 for other $value = $_POST["wb_input_{$idx}"]; $value = htmlspecialchars($value); $value = @substr($value, 0, $max_len); if ($field["type"] == "select") { $options = explode(";", $field["options"]); $data[$idx] = trim($options[intval($value)]); } else { $data[$idx] = $value; } if ($field["fidx"] == 0) { $mail_from_name = $value; } if ($field["fidx"] == 1) { $mail_from = is_mail($value); } } if (!$mail_from_name) { $mail_from_name = "Anonymous"; } if (!$mail_from) { $mail_from = $mail_to; } global $wb_form_send_state; $wb_form_send_state = false; if ($mail_to) { $mailer = new PHPMailer(); $mailer->PluginDir = dirname(__FILE__) . "/phpmailer/"; $style = "* { font: 12px Arial; }\nstrong { font-weight: bold; }"; $mailer->AddAddress($mail_to);
function handleForms($page_id) { global $forms, $formErrors, $def_lang, $lang, $user_domain; $formErrors = new stdClass(); // check to ensure that all parameters are ok as well as protect from bots // and hackers if (!isset($_POST['wb_form_id']) || $_POST['message'] !== '' || !isset($forms) || !is_array($forms) || !isset($page_id) || !(isset($forms[$page_id]) || isset($forms['blog'])) || !(isset($forms[$page_id][$_POST['wb_form_id']]) || isset($forms['blog'][$_POST['wb_form_id']])) || !(isset($forms[$page_id][$_POST['wb_form_id']]['fields']) || isset($forms['blog'][$_POST['wb_form_id']]['fields'])) || isset($_POST['forms']) || isset($_GET['forms'])) { return; } $replyToMode = true; if (!class_exists('PHPMailer')) { include dirname(__FILE__) . '/phpmailer/class.phpmailer.php'; } $form = isset($forms[$page_id][$_POST['wb_form_id']]) ? $forms[$page_id][$_POST['wb_form_id']] : $forms['blog'][$_POST['wb_form_id']]; $fields = $form['fields']; $email_list = array_map('trim', explode(';', $form['email'])); $mail_to = array(); foreach ($email_list as $eml) { if ($m = is_mail($eml)) { $mail_to[] = $m; } } $mail_from = reset($mail_to); $mail_from_name = 'NoName'; global $wb_form_send_state; $wb_form_send_state = false; $data = array(); foreach ($fields as $idx => $field) { if (!isset($_POST["wb_input_{$idx}"])) { return; // all fields must be present } $max_len = $field["type"] == "textarea" ? 65536 : 1024; // 65 kilobytes max for textarea and 1024 for other $value = $_POST["wb_input_{$idx}"]; if (empty($value) && strlen($value) == 0) { if (!isset($formErrors->required)) { $formErrors->required = array(); } $formErrors->required[] = "wb_input_{$idx}"; } $value = htmlspecialchars($value); $value = @substr($value, 0, $max_len); if ($field["type"] == "select") { $options = explode(";", tr_($field["options"], $lang)); $data[$idx] = trim($options[intval($value)]); } else { $data[$idx] = $value; } if ($field["fidx"] == 0) { $mail_from_name = $value; } if ($field["fidx"] == 1) { $mail_from = is_mail($value); } } $formErrors_t = (array) $formErrors; if (!empty($formErrors_t)) { return; } // must not have any errors if (!$mail_from_name) { $mail_from_name = "Anonymous"; } if (!$mail_from) { $mail_from = reset($mail_to); } if (!empty($mail_to)) { $mailer = new PHPMailer(); // $mailer->PluginDir = dirname(__FILE__) . "/phpmailer/"; if (isset($form['smtpEnable']) && $form['smtpEnable']) { include dirname(__FILE__) . '/phpmailer/class.smtp.php'; $mailer->isSMTP(); $mailer->Host = isset($form['smtpHost']) && $form['smtpHost'] ? $form['smtpHost'] : 'localhost'; $mailer->Port = isset($form['smtpPort']) && intval($form['smtpPort']) ? intval($form['smtpPort']) : 25; $mailer->SMTPSecure = isset($form['smtpEncryption']) && $form['smtpEncryption'] ? $form['smtpEncryption'] : ''; if (isset($form['smtpUsername']) && $form['smtpUsername'] && isset($form['smtpPassword']) && $form['smtpPassword']) { $mailer->SMTPAuth = true; $mailer->Username = isset($form['smtpUsername']) && $form['smtpUsername'] ? $form['smtpUsername'] : ''; $mailer->Password = isset($form['smtpPassword']) && $form['smtpPassword'] ? $form['smtpPassword'] : ''; } } $style = "* { font: 12px Arial; }\nstrong { font-weight: bold; }"; foreach ($mail_to as $eml) { $mailer->AddAddress($eml); } if ($replyToMode) { $mailer->SetFrom('no-reply@' . $user_domain, $mail_from_name); $mailer->addReplyTo($mail_from, $mail_from_name); } else { $mailer->SetFrom($mail_from, $mail_from_name); } $mailer->CharSet = 'utf-8'; //$mailer->MsgHTML(preg_replace('/([\x{80}-\x{FFFFFF}])/ue', "mb_convert_encoding('$1', 'HTML-ENTITIES', 'UTF-8')", $tpl->getHTML())); $message = '<table cellspacing="5" cellpadding="0">'; foreach ($fields as $idx => $field) { $name = tr_($field["name"]); $value = $data[$idx]; if ($field["type"] == "textarea") { $message .= "<tr><td colspan=\"2\"><strong>{$name}: </strong></td></tr>\n<tr><td colspan=\"2\">" . nl2br($value) . "</td></tr>\n"; } else { $message .= "<tr><td><strong>{$name}: </strong></td><td>" . nl2br($value) . "</td></tr>\n"; } } $message .= '</table>'; $html = '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>' . $form["subject"] . '</title> <meta http-equiv=Content-Type content="text/html; charset=utf-8"> ' . ($style ? "<style><!--\n{$style}\n--></style>\n\t\t" : "") . '</head> <body>' . $message . '</body> </html>'; $mailer->MsgHTML($html); $mailer->AltBody = strip_tags(str_replace("</tr>", "</tr>\n", $message)); $mailer->Subject = $form["subject"]; ob_start(); $res = $mailer->Send(); $err = ob_get_clean(); if ($res) { $wb_form_send_state = isset($form['sentMessage']) && $form['sentMessage'] ? $form['sentMessage'] : 'Form was sent.'; } else { $wb_form_send_state = 'Form sending failed.'; } } else { $wb_form_send_state = 'Form configuration error.'; } }
$unique_idf = ""; foreach ($unique_array as $key => $val) { if (($jush == "sql" || $jush == "pgsql") && strlen($val) > 64) { $key = strpos($key, '(') ? $key : idf_escape($key); //! columns looking like functions $key = "MD5(" . ($jush == 'sql' && preg_match("~^utf8_~", $fields[$key]["collation"]) ? $key : "CONVERT({$key} USING " . charset($connection) . ")") . ")"; $val = md5($val); } $unique_idf .= "&" . ($val !== null ? urlencode("where[" . bracket_escape($key) . "]") . "=" . urlencode($val) : "null%5B%5D=" . urlencode($key)); } echo "<tr" . odd() . ">" . (!$group && $select ? "" : "<td>" . checkbox("check[]", substr($unique_idf, 1), in_array(substr($unique_idf, 1), (array) $_POST["check"]), "", "this.form['all'].checked = false; formUncheck('all-page');") . ($is_group || information_schema(DB) ? "" : " <a data-toggle='tooltip' data-placement='top' title='" . lang('edit') . "' class='btn btn-xs btn-default' href='" . h(ME . "edit=" . urlencode($TABLE) . $unique_idf) . "'><i class='fa fa-pencil fa-fw'></i></a>")); foreach ($row as $key => $val) { if (isset($names[$key])) { $field = $fields[$key]; if ($val != "" && (!isset($email_fields[$key]) || $email_fields[$key] != "")) { $email_fields[$key] = is_mail($val) ? $names[$key] : ""; //! filled e-mails can be contained on other pages } $link = ""; if (preg_match('~blob|bytea|raw|file~', $field["type"]) && $val != "") { $link = ME . 'download=' . urlencode($TABLE) . '&field=' . urlencode($key) . $unique_idf; } if (!$link && $val !== null) { // link related items foreach ((array) $foreign_keys[$key] as $foreign_key) { if (count($foreign_keys[$key]) == 1 || end($foreign_key["source"]) == $key) { $link = ""; foreach ($foreign_key["source"] as $i => $source) { $link .= where_link($i, $foreign_key["target"][$i], $rows[$n][$source]); } $link = ($foreign_key["db"] != "" ? preg_replace('~([?&]db=)[^&]+~', '\\1' . urlencode($foreign_key["db"]), ME) : ME) . 'select=' . urlencode($foreign_key["table"]) . $link;