function handleUpload($field_name) {
try{
$pi = pathinfo($_FILES[$field_name]['name']);
$url = '/public/upload/'.nowStr().randomStr(1,1000).'.'.$pi['extension'];
$fn = $_SERVER["DOCUMENT_ROOT"].$url;
if (move_uploaded_file($_FILES[$field_name]['tmp_name'], $fn)) {
return $url;
}
}catch (Exception $e){
throw $e;
return NULL;
}
return NULL;
}
function getFloatCoord($coord)
{
global $db;
$name = randomStr(12, false);
if (!QuerySql("CREATE TEMPORARY TABLE `{$name}` (coord FLOAT(12,8))")) {
return null;
}
QuerySql("INSERT INTO `{$name}` (coord) VALUES ({$coord})");
$res = QuerySql("SELECT coord FROM `{$name}`");
$row = $res->fetch_row();
$res->close();
QuerySql("DROP TABLE `{$name}`");
return $row[0];
}
<?php
require_once '../includes/fonctions.php';
require_once '../includes/pdo.php';
getSession();
if (isset($_POST['email'])) {
$requete = $pdo->prepare("SELECT * FROM users WHERE email = ?;");
$requete->execute([$_POST['email']]);
$user = $requete->fetch();
if (!empty($user)) {
$token = $user->id . "//" . randomStr(100) . sha1(date("dmYHis"));
$requete = $pdo->prepare("UPDATE users SET reset_token = ?, reset_at = NOW() WHERE id = ?;");
$requete->execute([$token, $user->id]);
sendForgotMail($user, $token);
setFlash('success', "Un e-mail vous a été envoyé à l'adresse " . $user->email);
header('location: ../login.php');
exit;
} else {
setFlash('danger', "E-mail inconnu !");
header('location: ../forgot.php');
exit;
}
}
function getRandomGCM()
{
return randomStr(5) . '_' . randomStr(5) . ':' . 'APA91b' . randomStr(64) . '_' . randomStr(5) . '-' . randomStr(12) . '_' . randomStr(9) . '_' . randomStr(11) . '_' . randomStr(1) . '_' . randomStr(26);
}
<?php
require_once "../common.php";
$db = get_db();
$number = $db->real_escape_string(randomStr(7, "0123456789"));
$name = $db->real_escape_string($_POST['name']);
$email = $db->real_escape_string($_POST['email']);
$phone = $db->real_escape_string($_POST['phone']);
$amt = $db->real_escape_string($_POST['guests']);
$time = $db->real_escape_string($_POST['time_process']);
$token = $db->real_escape_string(randomStr());
$table = $tbls['reservations'];
$sql = "INSERT INTO {$table} (number,name,email,phone,guests,time,token) VALUES ('{$number}','{$name}','{$email}','{$phone}','{$amt}','{$time}','{$token}')";
$db->query($sql);
$rid = $db->insert_id;
$headers = "From: Bready Reservations <*****@*****.**>" . "\r\n" . "Content-type: text/html; charset=UTF-8" . "\r\n";
$url = "http://bready.xyz/reservations/inline.php?rid={$rid}&number={$number}&token={$token}";
$fcontents = curl_get_contents($url);
mail($email, "Bready Reservation {$number} Confirmation", $fcontents, $headers);
$db->close();
header("Location: https://bready.xyz/reservations/index.php?text=Success! Please check your email to confirm your reservation.");
<?php
session_start();
function randomStr($len)
{
$strlib = "1a2s3d4f5g6hj8@k9qwert!yupzxcvbnm";
mt_srand();
$str = "";
for ($i = 0; $i < $len; $i++) {
$str .= $strlib[mt_rand(0, 30)];
}
return $str;
}
//随机生成的字符串
$codestr = randomStr(4);
//验证码图片的宽度
$width = 360;
//验证码图片的高度
$height = 60;
//声明需要创建的图层的图片格式
@header("Content-Type:image/png");
//创建一个图层
$vimg = imagecreate($width, $height);
//背景色
$back = imagecolorallocate($vimg, 0xff, 0xff, 0xff);
//模糊点颜色
$pix = imagecolorallocate($vimg, 187, 230, 247);
//字体色
$fontColor = imagecolorallocate($vimg, 41, 163, 238);
//绘模糊作用的点
mt_srand();
{
return substr($s, 0, 20) === sha1(substr($s, 20), TRUE);
}
define('COUNT_FILES', 3);
$storage = new FileStorage(dirname(__FILE__) . '/tmp');
// clear playground
for ($i = 0; $i <= COUNT_FILES; $i++) {
$storage->write($i, randomStr(), array());
}
// test loop
echo "Testing...\n";
Debug::timer();
$hits = array('ok' => 0, 'notfound' => 0, 'error' => 0, 'cantwrite' => 0, 'cantdelete' => 0);
for ($counter = 0; $counter < 1000; $counter++) {
// write
$ok = $storage->write(rand(0, COUNT_FILES), randomStr(), array());
if ($ok === FALSE) {
$hits['cantwrite']++;
}
// remove
//$ok = $storage->remove(rand(0, COUNT_FILES));
//if (!$ok) $hits['cantdelete']++;
// read
$res = $storage->read(rand(0, COUNT_FILES));
// compare
if ($res === NULL) {
$hits['notfound']++;
} elseif (checkStr($res)) {
$hits['ok']++;
} else {
$hits['error']++;
public function widget($args, $instance)
{
extract($args);
extract($instance);
$randomStr = randomStr();
echo $before_widget;
?>
<div class="wrapper">
<?php
echo $htmltag;
echo $title;
?>
</<?php
echo $htmltag;
?>
>
<div class="jcarousel-wrapper" id="<?php
echo trim($select_no) . $randomStr;
?>
">
<div class="jcarousel">
<ul>
<?php
global $wpdb;
$rw = $wpdb->get_results("SELECT *from " . $wpdb->prefix . "jw_easy_logo_slider JOIN " . $wpdb->prefix . "jw_easy_logo_slider_setting where\n\n\t\t\t\t" . $wpdb->prefix . "jw_easy_logo_slider_setting.name='" . $select_no . "'");
foreach ($rw as $setting) {
$res = $setting->setting;
$show = unserialize($res);
}
$rows = $wpdb->get_results("SELECT * from " . $wpdb->prefix . "jw_easy_logo_slider JOIN " . $wpdb->prefix . "jw_easy_logo_slider_setting where " . $wpdb->prefix . "jw_easy_logo_slider_setting.id = " . "" . $wpdb->prefix . "jw_easy_logo_slider.slider_id" . " AND " . $wpdb->prefix . "jw_easy_logo_slider_setting.name='" . $select_no . "'");
foreach ($rows as $row) {
?>
<li>
<style>
.easy-logo_image {height:<?php
if ($show['image_ht'] != '') {
echo $show['image_ht'];
} else {
echo "150px";
}
?>
!important}
</style>
<?php
if ($row->url != '') {
?>
<a href="<?php
echo $row->url;
?>
" target="<?php
if ($show['url_target'] != '') {
echo $show['url_target'];
} else {
echo "_blank";
}
?>
" title="<?php
echo stripcslashes($row->title);
?>
"><img src='<?php
$upload_dir = wp_upload_dir();
echo $upload_dir["baseurl"] . "/" . "easy_logo_slider/" . $row->image;
?>
' class="easy-logo_image" alt="" /></a>
<?php
} else {
?>
<img src='<?php
$upload_dir = wp_upload_dir();
echo $upload_dir["baseurl"] . "/" . "easy_logo_slider/" . $row->image;
?>
' class="easy-logo_image" alt="" title="<?php
echo stripcslashes($row->title);
?>
" />
<?php
}
?>
<?php
if ($row->url != '') {
?>
<a href="<?php
echo $row->url;
?>
" target="<?php
if ($show['url_target'] != '') {
echo $show['url_target'];
} else {
echo "_blank";
}
?>
" title="<?php
echo stripcslashes($row->title);
?>
">
<h3><?php
if ($show['jw_easy_logo_slider_title_sh'] != "hide" and $show['jw_easy_logo_slider_title_sh'] != '') {
echo stripcslashes($row->title);
}
?>
</h3>
</a>
<?php
} else {
?>
<h3><?php
if ($show['jw_easy_logo_slider_title_sh'] != "hide" and $show['jw_easy_logo_slider_title_sh'] != '') {
echo stripcslashes($row->title);
}
?>
</h3>
<?php
}
?>
<?php
$str = substr($row->description, 0, $show['limit_description']);
?>
<?php
if ($show['jw_easy_logo_slider_desc_sh'] != "hide") {
echo '<p class="descp">' . stripcslashes($str) . '</p>';
}
?>
</li>
<?php
}
?>
</ul>
</div>
<a href="#" class="jcarousel-control-prev" title="Previous">‹</a>
<a href="#" class="jcarousel-control-next" title="Next">›</a>
<p class="jcarousel-pagination"></p>
</div>
<script type='text/javascript'>create_jcarousel('<?php
echo trim($select_no) . $randomStr;
?>
');</script>
</div>
<?php
echo $after_widget;
}
* @date 2015-08-03 11:51:15
* @version $Id$
*/
session_start();
header('Content-Type=image/png;charset=utf-8');
//随机字符生成函数
function randomStr($len)
{
$oldStr = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$newStr = '';
for ($i = 0; $i < $len; $i++) {
$newStr .= $oldStr[mt_rand(0, 61)];
}
return $newStr;
}
$a = randomStr(4);
//echo $a;
//设置图像宽高
$height = 40;
$width = 100;
//生成图像
$img = imagecreatetruecolor($width, $height);
//设置图像背景颜色
$imgcolor = imagecolorallocate($img, 255, 255, 255);
//设置像素点颜色
$pixels = imagecolorallocate($img, 255, 0, 0);
//设置字符颜色
$font = imagecolorallocate($img, 41, 163, 238);
//绘制像素点
for ($i = 0; $i < 1000; $i++) {
imagesetpixel($img, mt_rand(0, $width), mt_rand(0, $height), $pixels);
return substr($s, 0, 20) === sha1(substr($s, 20), TRUE);
}
define('COUNT_FILES', 3);
set_time_limit(0);
SafeStream::register();
// clear playground
for ($i = 0; $i <= COUNT_FILES; $i++) {
file_put_contents('safe://tmp/testfile' . $i, randomStr());
}
// test loop
echo "Testing (with SafeStream)...\n";
Debug::timer();
$hits = array('ok' => 0, 'notfound' => 0, 'error' => 0, 'cantwrite' => 0, 'cantdelete' => 0);
for ($counter = 0; $counter < 1000; $counter++) {
// write
$ok = @file_put_contents('safe://tmp/testfile' . rand(0, COUNT_FILES), randomStr());
if ($ok === FALSE) {
$hits['cantwrite']++;
}
// delete
// $ok = @unlink('safe://testfile'.rand(0, COUNT_FILES));
// if (!$ok) $hits['cantdelete']++;
// read
$res = @file_get_contents('safe://tmp/testfile' . rand(0, COUNT_FILES));
// compare
if ($res === FALSE) {
$hits['notfound']++;
} elseif (checkStr($res)) {
$hits['ok']++;
} else {
$hits['error']++;
$result_stmt = null;
}
}
if ($result_stmt !== null) {
$user = $result_stmt->fetch(PDO::FETCH_ASSOC);
/* Check whether user is banned */
if ($user['deactivated']) {
redirectTo('index.php', array('showmessage' => '8'));
exit;
}
if ($adminchecked && Settings::Get('panel.allow_preset_admin') == '1' || $adminchecked == false) {
if ($user !== false) {
// build a activation code
$timestamp = time();
$first = substr(md5($user['loginname'] . $timestamp . randomStr(16)), 0, 15);
$third = substr(md5($user['email'] . $timestamp . randomStr(16)), -15);
$activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10);
// Drop all existing activation codes for this user
$stmt = Database::prepare("DELETE FROM `" . TABLE_PANEL_ACTIVATION . "`\n\t\t\t\t\t\tWHERE `userid` = :userid\n\t\t\t\t\t\tAND `admin` = :admin");
$params = array("userid" => $adminchecked ? $user['adminid'] : $user['customerid'], "admin" => $adminchecked ? 1 : 0);
Database::pexecute($stmt, $params);
// Add new activation code to database
$stmt = Database::prepare("INSERT INTO `" . TABLE_PANEL_ACTIVATION . "`\n\t\t\t\t\t\t(userid, admin, creation, activationcode)\n\t\t\t\t\t\tVALUES (:userid, :admin, :creation, :activationcode)");
$params = array("userid" => $adminchecked ? $user['adminid'] : $user['customerid'], "admin" => $adminchecked ? 1 : 0, "creation" => $timestamp, "activationcode" => $activationcode);
Database::pexecute($stmt, $params);
$rstlog = FroxlorLogger::getInstanceOf(array('loginname' => 'password_reset'));
$rstlog->logAction(USR_ACTION, LOG_WARNING, "User '" . $user['loginname'] . "' requested a link for setting a new password.");
// Set together our activation link
$protocol = empty($_SERVER['HTTPS']) ? 'http' : 'https';
// this can be a fixed value to avoid potential exploiting by modifying headers
$host = Settings::Get('system.hostname');
<?php
session_start();
require_once '../diy/config.php';
if (isset($_GET['get_started'])) {
$crud = CRUD::getInstance();
$stored = true;
while ($stored) {
$code = randomStr(6);
$check_code = $crud->select(TABLE_NAME, "app_id", "where activation_code={$code}");
if ($crud->getNumRows() == 0) {
$stored = false;
}
}
$query = "INSERT INTO " . TABLE_NAME . "(`client_id`,`app_key`,`name`,`category_id`,`theme_json`,`features_json`,`activation_code`,`added_date`) VALUES('{$_SESSION['client']['client_id']}',UUID(),'{$_GET['name']}','{$_GET['category']}','{}','{}','{$code}','" . date('Y-m-d H:i:s') . "')";
$insert = $crud->custom("insert", $query);
if ($insert) {
$app = $crud->select(TABLE_NAME, "`app_key`", "where app_id='{$crud->getInsertId()}'");
if ($app) {
$app = $crud->getFirst();
}
$app_key = $app['app_key'];
if (!file_exists(DOC_ROOT_DIY . 'diy-data/' . $app_key)) {
mkdir(DOC_ROOT_DIY . 'diy-data/' . $app_key);
if (!file_exists(DOC_ROOT_DIY . 'diy-data/' . $app_key . '/gallery')) {
mkdir(DOC_ROOT_DIY . 'diy-data/' . $app_key . '/gallery');
}
}
header('Location:' . RESOURCE_PATH_DIY . $app_key . '/create');
} else {
header('Location:' . $_SERVER['HTTP_REFERER']);
if ($_FILES['file']['error'] > 0) {
echo json_encode(array("status" => 601, "message" => $_FILES['file']['error']));
exit(1);
}
//check if the file is an image
if (strrpos($_FILES['file']['type'], "image") !== false) {
$safename = $_FILES['file']['name'];
$safename = str_replace("#", "No.", $safename);
$safename = str_replace("\$", "Dollar.", $safename);
$safename = str_replace("%", "percent", $safename);
$safename = str_replace("^", "", $safename);
$safename = str_replace("&", "and", $safename);
$safename = str_replace("*", "", $safename);
$safename = str_replace("?", "", $safename);
$safenameArr = explode(".", $safename);
$safename = $safenameArr[count($safenameArr) - 2] . "__" . randomStr() . ".jpg";
//just to make sure there are no overriddens
if (file_exists($safename)) {
echo json_encode(array("status" => 601, "message" => "File Already Exists"));
exit(1);
}
//upload process
if ($_FILES['file']['type'] == 'image/jpeg' || $_FILES['file']['type'] == 'image/pjpeg') {
$new_img = imagecreatefromjpeg($_FILES['file']['tmp_name']);
} elseif ($_FILES['file']['type'] == 'image/gif') {
$new_img = imagecreatefromgif($_FILES['file']['tmp_name']);
} elseif ($_FILES['file']['type'] == 'image/png' || $_FILES['file']['type'] == 'image/x-png') {
$new_img = imagecreatefrompng($_FILES['file']['tmp_name']);
}
list($width, $height) = getimagesize($_FILES['file']['tmp_name']);
$imgratio = $width / $height;
