Exemplos de scrub_input em PHP

Linguagem de programação: PHP

Método / Função: scrub_input

Exemplos em hotexamples.com: 2

scrub_input em PHP - 2 exemplos encontrados. Esses são os exemplos do mundo real mais bem avaliados de scrub_input em PHP extraídos de projetos de código aberto. Você pode avaliar os exemplos para nos ajudar a melhorar a qualidade deles.

Relacionados

LangsModel

EasyHttp

pdf_rect

buildCapsuleFromConfigFile

StatementDecorator

UpdateSubcategoryCount

UserAgent

Version

unpackUrlParameters

ConvertTimeToHrMin

Related in langs

CommodityReceptionListItem (C#)

GlobalLookupRewriter (C#)

ib_log_error (C++)

SendWeaponAnim (C++)

Context (Go)

git_revparse_single (Go)

CMClass (Java)

GroupRecord (Java)

starmap (Python)

VirtualFileSystem (Python)

Exemplo n.º 1

0

Exibir arquivo

Arquivo: auth_xoops.php Projeto: hoelbing/wrm_installer

function phpraid_login() { global $db_user_id, $db_group_id, $db_user_name, $db_user_email, $db_user_password, $db_table_user_name; global $db_table_group_name, $auth_user_class, $auth_alt_user_class, $table_prefix, $db_raid, $phpraid_config; $username = $password = ""; if (isset($_POST['username'])) { // User is logging in, set encryption flag to 0 to identify login with plain text password. $pwdencrypt = FALSE; $username = mb_strtolower(scrub_input($_POST['username']), "UTF-8"); $password = $_POST['password']; $wrmpass = md5($_POST['password']); } elseif (isset($_COOKIE['username']) && isset($_COOKIE['password'])) { // User is not logging in but processing cooking, set encryption flag to 1 to identify login with encrypted password. $pwdencrypt = TRUE; $username = mb_strtolower(scrub_input($_COOKIE['username']), "UTF-8"); $password = $_COOKIE['password']; $wrmpass = ''; } else { phpraid_logout(); } // from site/page/.. change pwd (testing) //if(isset($_POST['username2'])){ // $username = scrub_input(strtolower($_POST['username2'])); //$password = $pwd_hasher->HashPassword($_POST['password2']); // $password = md5($_POST['password2']); //} //database $sql = sprintf("SELECT " . $db_user_id . "," . $db_user_name . "," . $db_user_email . "," . $db_user_password . " FROM " . $table_prefix . $db_table_user_name . " WHERE " . $db_user_name . " = %s", quote_smart($username)); $result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); //WRM database //$sql = sprintf("SELECT username, password FROM " . $phpraid_config['db_prefix'] . "profile WHERE username = %s", // quote_smart($username) // ); //$result2 = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); //if ($data2 = $db_raid->sql_fetchrow($result2)) //{ // $wrmuserpassword = $data2['password']; //} while ($data = $db_raid->sql_fetchrow($result, true)) { //$testVal = password_check($password, $data[$db_user_id]); //echo "<br>Processing: " . $data[$db_user_name] . " : Password Check: " . $testVal; if ($username == mb_strtolower($data[$db_user_name], "UTF-8") && ($cmspass = password_check($password, $data[$db_user_id], $pwdencrypt))) { // The user has a matching username and proper password in the phpbb database. // We need to validate the users group. If it does not contain the user group that has been set as // authorized to use WRM, we need to fail the login with a proper message. if ($auth_user_class != 0) { $FoundUserInGroup = FALSE; $sql = sprintf("SELECT " . $db_user_id . "," . $db_group_id . " FROM " . $table_prefix . $db_table_group_name . " WHERE " . $db_user_id . " = %s", quote_smart($data[$db_user_id])); $resultgroup = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); while ($datagroup = $db_raid->sql_fetchrow($resultgroup, true)) { if ($datagroup[$db_group_id] == $auth_user_class or $datagroup[$db_group_id] == $auth_alt_user_class) { $FoundUserInGroup = TRUE; } } if ($FoundUserInGroup == FALSE) { phpraid_logout(); return -1; } } // User is properly logged in and is allowed to use WRM, go ahead and process his login. $autologin = scrub_input($_POST['autologin']); if (isset($autologin)) { // they want automatic logins so set the cookie // set to expire in one month setcookie('username', $data[$db_user_name], time() + 2629743); setcookie('password', $cmspass, time() + 2629743); } // set user profile variables $_SESSION['username'] = mb_strtolower($data[$db_user_name], "UTF-8"); $_SESSION['session_logged_in'] = 1; $_SESSION['profile_id'] = $data[$db_user_id]; $_SESSION['email'] = $data[$db_user_email]; if ($phpraid_config['default_group'] != 'nil') { $user_priv = $phpraid_config['default_group']; } else { $user_priv = '0'; } // User is all logged in and setup, the session is initialized properly. Now we need to create the users // profile in the WRM database if it does not already exist. $sql = sprintf("SELECT * FROM " . $phpraid_config['db_prefix'] . "profile WHERE profile_id = %s", quote_smart($_SESSION['profile_id'])); $result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); if ($data = $db_raid->sql_fetchrow($result)) { //We found the profile in the database, update. if ($wrmpass != '') { $sql = sprintf("UPDATE " . $phpraid_config['db_prefix'] . "profile SET email = %s, password = %s, last_login_time = %s WHERE profile_id = %s", quote_smart($_SESSION['email']), quote_smart($wrmpass), quote_smart(time()), quote_smart($_SESSION['profile_id'])); } else { $sql = sprintf("UPDATE " . $phpraid_config['db_prefix'] . "profile SET email = %s, last_login_time = %s WHERE profile_id = %s", quote_smart($_SESSION['email']), quote_smart(time()), quote_smart($_SESSION['profile_id'])); } $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); } else { //Profile not found in the database or DB Error, insert. $sql = sprintf("INSERT INTO " . $phpraid_config['db_prefix'] . "profile VALUES (%s, %s, %s, %s, %s, %s)", quote_smart($_SESSION['profile_id']), quote_smart($_SESSION['email']), quote_smart($wrmpass), quote_smart($user_priv), quote_smart(mb_strtolower($_SESSION['username'], "UTF-8")), quote_smart(time())); $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); } get_permissions(); //security fix unset($username); unset($password); unset($cmspass); unset($wrmpass); return 1; } } return 0; }

Exemplo n.º 2

0

Exibir arquivo

Arquivo: auth_iums.php Projeto: hoelbing/wrm_installer

function phpraid_login() { global $db_raid, $phpraid_config; global $db_user_id, $db_user_name, $db_user_email, $db_user_password, $table_prefix, $db_table_user_name; $username = $password = ""; if (isset($_POST['username'])) { // User is logging in, set encryption flag to 0 to identify login with plain text password. $pwdencrypt = FALSE; $username = mb_strtolower(scrub_input($_POST['username']), "UTF-8"); $password = $_POST['password']; } elseif (isset($_COOKIE['username']) && isset($_COOKIE['password'])) { // User is not logging in but processing cooking, set encryption flag to 1 to identify login with encrypted password. $pwdencrypt = TRUE; $username = mb_strtolower(scrub_input($_COOKIE['username']), "UTF-8"); $password = $_COOKIE['password']; } else { phpraid_logout(); } $sql = "SELECT * FROM " . $phpraid_config['db_prefix'] . "profile"; $sql = sprintf("SELECT " . $db_user_id . " , " . $db_user_name . " , " . $db_user_email . " , " . $db_user_password . " FROM " . $table_prefix . $db_table_user_name . " WHERE " . $db_user_name . " = %s", quote_smart($username)); $result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); while ($data = $db_raid->sql_fetchrow($result, true)) { if ($username == mb_strtolower($data[$db_user_name], "UTF-8") && ($cmspass = password_check($password, $data[$db_user_id], $pwdencrypt))) { // User is properly logged in and is allowed to use WRM, go ahead and process his login. $autologin = scrub_input($_POST['autologin']); if (isset($autologin)) { // they want automatic logins so set the cookie // set to expire in one month setcookie('username', $data[$db_user_name], time() + 2629743); setcookie('password', $cmspass, time() + 2629743); } // set user profile variables $_SESSION['username'] = mb_strtolower($data[$db_user_name], "UTF-8"); $_SESSION['session_logged_in'] = 1; $_SESSION['profile_id'] = $data[$db_user_id]; $_SESSION['email'] = $data[$db_user_email]; // get user permissions get_permissions(); // ******************** // * NOTE * IUMS Auth does not do profile checking like external bridges do. // ******************** /* if($phpraid_config['default_group'] != 'nil') $user_priv = $phpraid_config['default_group']; else $user_priv = '0'; */ // User is all logged in and setup, the session is initialized properly. Now we need to create the users // profile in the WRM database if it does not already exist. /* $sql = sprintf("SELECT * FROM " . $phpraid_config['db_prefix'] . "profile WHERE profile_id = %s", quote_smart($_SESSION['profile_id']) ); $result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); if ($data = $db_raid->sql_fetchrow($result)) {*/ //We found the profile in the database, update. /* $sql = sprintf( "UPDATE " . $phpraid_config['db_prefix'] . "profile ". " SET email = %s, password = %s, last_login_time = %s WHERE profile_id = %s", quote_smart($_SESSION['email']),quote_smart($wrmuserpassword), quote_smart(time()),quote_smart($_SESSION['profile_id']) ); $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); } else { //Profile not found in the database or DB Error, insert. $sql = sprintf("INSERT INTO " . $phpraid_config['db_prefix'] . "profile VALUES (%s, %s, %s, %s, %s, %s)", quote_smart($_SESSION['profile_id']), quote_smart($_SESSION['email']), quote_smart($wrmuserpassword), quote_smart($user_priv), quote_smart(strtolower($_SESSION['username'])), quote_smart(time()) ); $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); }*/ $sql = sprintf("UPDATE " . $phpraid_config['db_prefix'] . "profile SET last_login_time=%s WHERE profile_id=%s", quote_smart(time()), quote_smart($_SESSION['profile_id'])); $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); //security fix unset($username); unset($password); unset($cmspass); return 1; } } return 0; }