function secureArray($dataArray) { $secureArray = array(); foreach ($dataArray as $key => $val) { $key = secureString((string) $key); if (is_string($val)) { $val = secureString($val); } $secureArray[$key] = $val; } return $secureArray; }
function logUserIn($name, $password, $keepLog = false) { $name = secureString($name); $password = hashPassword(secureString($password), getUserData(array('name' => $name))['salt']); $userData = getUserData(array('name' => $name, 'password' => $password)); if ($userData) { setSessionVar('login', true); setSessionVar('userID', $userData['id']); if ($keepLog) { setSessionVar('saveKeepLog', true); } return true; } else { return false; } }
echo image_tag('icoUp20px.gif', 'alt="yeah"'); ?> <?php if (strpos($order, 'p') === 0) { ?> <?php echo image_tag($order == 'pd' ? 'flechaDown.gif' : 'flechaUp.gif', $order == 'pd' ? 'alt="' . __('descendente') . '"' : 'alt="' . __('ascendente') . '"'); ?> <?php } ?> </th> <th class="negative-votes"> <?php echo link_to(__('Votos -'), "{$route}" . (!preg_match("/\\?/", $route) ? '?' : '&') . "o=" . ($order == 'nd' ? 'na' : 'nd'), array('rel' => 'nofollow', 'title' => secureString(__('Ordenar por votos negativos: Los más votados primero / los menos votados primero')))); ?> <?php echo image_tag('icoDown20px.gif', 'alt="buu"'); ?> <?php if (strpos($order, 'n') === 0) { ?> <?php echo image_tag($order == 'nd' ? 'flechaDown.gif' : 'flechaUp.gif', $order == 'nd' ? 'alt="' . __('descendente') . '"' : 'alt="' . __('ascendente') . '"'); ?> <?php } ?> </th> </tr>
}); </script> <div class="entity-page"> <h2 id="name"><?php echo $convocatoria->getEleccion()->getNombre(); ?> . <?php echo __("%dia% de %mes% de %aaaa%", array('%dia%' => format_date($convocatoria->getFecha(), ' d'), '%mes%' => format_date($convocatoria->getFecha(), 'MMMM'), '%aaaa%' => format_date($convocatoria->getFecha(), 'yyyy'))); ?> .</h2> <div id="content"> <div title="<?php echo secureString($convocatoria->getEleccion()->getNombre()); ?> " id="photo"> <?php echo !$convocatoria->getImagen() ? '' : image_tag(S3Voota::getImagesUrl() . '/elecciones/cc_' . $convocatoria->getImagen(), 'alt="' . __('Imagen de %1%', array('%1%' => $convocatoria->getEleccion()->getNombre())) . '"'); ?> </div> <div title="info" id="description"> <?php echo formatPresentacion($convocatoria->getDescripcion()); ?> </div><!-- end of description --> <?php if (count($circus) > 1) {
<?php if ($registrationDisabled == True) { die("<br><font color=\"red\">Registration is currently disabled</font>"); } $user = secureForDB($_POST['user']); $pass = secureForDB($_POST['pass']); $confirmPass = secureForDB($_POST['confirmPass']); $email = secureForDB($_POST['email']); $serial = secureForDB($_POST['serial']); $userIp = $_SERVER['REMOTE_ADDR']; $confirm_registration_code = secureForDB($_GET['code']); $_SESSION['temp_email'] = $email; $_SESSION['temp_username'] = $user; logDetails($confirm_registration_code); if (!isset($previousCode) && isset($_POST['submit'])) { $previousCode = secureString($_POST['norobot']); } if ($confirm_registration_code != "") { $query = mysql_query("SELECT * FROM users WHERE activated = '0'"); while ($row = mysql_fetch_array($query)) { $email = $row['email']; $user = $row['username']; $pass = $row['password']; $code = generateSecurityCode($email, $user, $pass); if ($confirm_registration_code == $code) { $query = mysql_query("UPDATE users SET activated = '1' WHERE username = '******'"); if ($query) { echo "<font color=green>{$user} has been activated!</font>"; $emailMsg = "Your account on funtime has been activated.\n If you wish to use the site, go here: {$mirrorUrl}"; $mail = mail($email, "Your Account On Funtime Has Been Activated!", $emailMsg); echo '<meta http-equiv="refresh" content="1;url=' . $mirrorUrl . '?ext=/main.php">';
} mysql_query("UPDATE users SET settings = '{$sets}' WHERE username = '******'"); } elseif (isset($_POST['saveBackgroundUrl']) && !$bg == "") { $sets = getUserData($user, "settings"); $sets = str_replace("BG:" . getUserSetting($user, "BG"), "BG:" . $bg . ";", $sets); mysql_query("UPDATE users SET settings = '{$sets}' WHERE username = '******'"); } if (remote_file_exists($bg) && strstr($bg, "http://")) { $sets = getUserData($user, "settings"); if ($sets == "") { mysql_query("UPDATE users SET settings = 'BG~{$bg};' WHERE username = '******'"); } else { mysql_query("UPDATE users SET settings = '{$sets};BG~{$bg};' WHERE username = '******'"); } } $confirmpass = secureString($_POST['currpass']); $pass = md5(secureForDB($_POST['pass'])); $email = secureForDB($_POST['email']); if (isset($_POST['cnfrm'])) { if (isset($confirmpass)) { if (md5($confirmpass) == $p1) { if ($pass != "") { // Change password mysql_query("UPDATE users SET password = '******' WHERE username = '******'"); echo "<center><font color=green>The password for your account\n has been changed!</font></center>"; } if (isset($email) && checkEmail($email)) { // Change email address $query = mysql_query("UPDATE users SET email = '{$email}' WHERE username = '******'"); echo "If you ever forget your password, you can now use the password reset feature.<br> Just click the link that says \"Forgot Password?\" on the login page."; } elseif ($email != "") {
<?php include_partial('general/sparkline_box', array('reviewable' => $politico, 'id' => 'sparkline_' . $politico->getId())); ?> <span class="rank"> <?php echo format_number_choice('[0]%1% votos positivos|[1]1 voto positivo|(1,+Inf]%1% votos positivos', array('%1%' => $politico->getSumu()), $politico->getSumu()); ?> <?php echo format_number_choice('[0] y %1% votos negativos|[1] y 1 voto negativo|(1,+Inf] y %1% votos negativos', array('%1%' => $politico->getSumd()), $politico->getSumd()); ?> </span> </h2> <div id="content"> <div title="<?php echo secureString($politico->getNombre() . ' ' . $politico->getApellidos()); ?> " id="photo"> <?php echo image_tag(S3Voota::getImagesUrl() . '/' . $politico->getImagePath() . '/' . ($politico->getsfGuardUser() ? 'cc' : 'bw') . '_' . $politico->getImagen(), 'alt="' . __('Foto de %1%', array('%1%' => $politico)) . '"'); ?> <div class="vote"> <h3><?php echo __('Voota sobre'); ?> <?php echo $politico->getApellidos(); ?> </h3> <div id="sf_review1">
function addCustomFields($fieldarray) { foreach ($fieldarray as $name => $type) { $name = secureString(strtolower($name)); $type = secureString($type); $query = 'ALTER TABLE ' . DB_PREFIX . DB_USERS . ' ADD ' . $name . ' ' . $type; queryMySQLData($query); } }
<span title="<?php echo secureString(__('Evolución del número de votos positivos por mes (último punto = mes actual)')); ?> " id="<?php echo $id; ?> "></span>
/** * get a user by an email * @param string email of the user * @return mixed */ public function getByEmail($email) { $req = $this->db->query("SELECT id, name, password, email, level FROM users WHERE email = '" . secureString($email) . "'"); $res = $req->fetchAll(\PDO::FETCH_OBJ); if (sizeof($res) >= 1) { return $res; } else { return false; } }
if(e.keyCode=='13'){ doWork(); } } //--> </script> </head> <body onload="UpdateTimer();"> <div id="main"> <div id="caption">Funtime Chat!</div> <div id="icon"> </div> <?php if (!isset($_SESSION['nickname'])) { createForm(); } else { $name = isset($_SESSION['ChatName']) ? secureString($_SESSION['ChatName']) : "Unnamed"; $_SESSION['nickname'] = $name; ?> <div id="result"> <?php $data = file("msg.html"); foreach ($data as $line) { echo $line; } ?> </div> <div id="sender" onkeyup="keypressed(event);"> Your message: <input type="text" name="msg" size="30" id="msg" /> <button onclick="doWork();">Send</button> </div>
{ if (substr($url, 0, 4) == 'http') { $x = array_change_key_case(get_headers($url, 1), CASE_LOWER); if (strcasecmp($x[0], 'HTTP/1.1 200 OK') != 0) { $x = $x['content-length'][1]; } else { $x = $x['content-length']; } } else { $x = @filesize($url); } return $x; } if (isset($_POST['submit'])) { if ($_POST['url'] != "") { $swf = secureString($_POST['url']); $original = $swf; if (!strstr($swf, "www.") && strstr($swf, "http://")) { $swf = str_replace("http://", "www.", $swf); } elseif (!strstr($swf, "www.") && strstr($swf, "https://")) { $swf = str_replace("https://", "www.", $swf); } else { $swf = str_replace("http://", "", $swf); $swf = str_replace("https://", "", $swf); } $arr = explode("/", $swf); $siteList = array("www.addictinggames.com", "www.notdoppler.com", "www.crazymonkeygames.com", "www.arcadebomb.com", "www.physicsgames.net", "www.freeworldgroup.com", "www.newgrounds.com", "www.maxgames.com", "www.jayisgames.com", "www.kbhgames.com", "www.kanogames.com", "www.y8.com", "www.funny-games.biz", "www.turbonuke.com"); switch (trim($arr[0])) { case "www.addictinggames.com": $var1 = ".gameURL = '"; $var2 = "';";
</tr> <tr> <td>Update To:<select name="promoteDemoteTo"> <option value="Mod">Moderator</option> <option value="VIP">VIP</option> <option value="Normal">Normal User</option> <option value="Trusted">Trusted User</option> </select></td> </tr> </table> <input type="submit" value="Update User Status" name="updateStatus"> </form> </div> <?php $newStatus = secureString($_POST['promoteDemoteTo']); $upUser = secureString($_POST['user']); if (isset($_POST['updateStatus'])) { if ($newStatus && $upUser != "") { $check1 = mysql_query("SELECT * FROM users WHERE username = '******'"); $check2 = mysql_num_rows($check1); $positions = array(); $positions[0] = "Mod"; $positions[1] = "VIP"; $positions[2] = "Normal"; $positions[3] = "Trusted"; foreach ($positions as $position) { if ($newStatus == $position) { $positionExists = True; } } if ($check2 == 1 && $positionExists) {
if (!isset($_SESSION['oldMsg'])) { $_SESSION['oldMsg'] = $_GET['msg']; } if (isset($_GET['msg'])) { if ($_GET['msg'] == "") { die; } } if (isset($_GET['msg'])) { if (file_exists('msg.html')) { $f = fopen('msg.html', "a+"); } else { $f = fopen('msg.html', "w+"); } $nick = isset($_GET['nick']) ? $_GET['nick'] : "Hidden"; $msg = isset($_GET['msg']) ? secureString($_GET['msg']) : "."; if (!strstr($msg, "http://") && strstr($msg, "www.")) { $msg = str_replace("www.", "http://www.", $msg); } $msg = str_replace("cybertechnologyinc.x10.bz", "superfuntime.comlu.com?ext=", $msg); if (strstr($msg, "[href:")) { $var1 = get_string_between($msg, "[href:", "]"); $var2 = get_string_between($msg, "]", "[/href]"); $end = "[/href]"; $msg = str_replace("[href:" . $var1 . "]" . $var2 . "[/href]", '<a href="' . $var2 . '">' . $var1 . '</a>', $msg); } switch ($_SESSION['account_position']) { case "Admin": $nick = "<font color=black>[</font><font color=red>ADMIN</font><font color=black>]</font> " . $nick; break; case "Mod":
/** * setter email * @param string email of the user */ public function setEmail($email) { $this->email = secureString($email); }
?> <?php echo image_tag($order == 'pd' ? 'flechaDown.gif' : 'flechaUp.gif', $order == 'pd' ? 'alt="' . __('descendente') . '"' : 'alt="' . __('ascendente') . '"'); ?> <?php } ?> </th> <th class="negative-votes"> <a href="<?php echo url_for('lista/show?partido=' . $lista->getPartido()->getAbreviatura() . '&convocatoria=' . $lista->getConvocatoria()->getNombre() . '&vanity=' . $lista->getConvocatoria()->getEleccion()->getVanity() . '&geo=' . $lista->getCircunscripcion()->getGeo()->getNombre() . ($order == 'nd' ? "&o=na" : '&o=nd')); ?> " rel="nofollow" title="<?php echo secureString(__('Ordenar por votos negativos: Los más votados primero / los menos votados primero')); ?> "><?php echo __('Votos -'); ?> </a> <?php echo image_tag('icoDown20px.gif', 'alt="buu"'); ?> <?php if (strpos($order, 'n') === 0) { ?> <?php echo image_tag($order == 'nd' ? 'flechaDown.gif' : 'flechaUp.gif', $order == 'nd' ? 'alt="' . __('descendente') . '"' : 'alt="' . __('ascendente') . '"'); ?> <?php
//echo '<style>body{'.$backgroundImageSettings.' background-image: url("'.$bgImage.'");}</style>'; if ($_SESSION['LoggedIn'] == True) { header("Location: /main.php"); return; } else { $_SESSION['LoggedIn'] = False; } if (isset($_POST['submit'])) { if ($user != "") { $_SESSION['CurrentUser'] = $user; } else { $_SESSION['CurrentUser'] = ""; } // Normal Users if (isset($_POST['submit'])) { $user = secureString($_POST['username']); $pass = hashPassword($_POST['password']); $ip = $_SERVER['REMOTE_ADDR']; $query1 = mysql_query("SELECT * FROM users WHERE username = '******'"); $query2 = mysql_query("SELECT * FROM users WHERE email = '{$user}'"); $check1 = mysql_num_rows($query1); $check2 = mysql_num_rows($query2); if ($check1 == 1) { $data = mysql_fetch_array($query1); $user = $data['username']; } elseif ($check2 == 1) { $data = mysql_fetch_array($query2); $user = $data['username']; } $_SESSION['CurrentUser'] = $user; $result = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username = '******' && password = '******'"));
if ($propuestasPager) { ?> <?php include_partial('general/entity_pagination', array('position' => 'top', 'pager' => $propuestasPager, 'id' => $propuesta->getId())); ?> <?php } ?> <?php include_partial('titulo', array('propuesta' => $propuesta)); ?> <div id="content"> <div title="<?php echo secureString($propuesta->getTitulo()); ?> " id="photo"> <?php include_partial('photo', array('propuesta' => $propuesta)); ?> <div class="vote"> <h3><?php echo __('Voota sobre'); ?> "<?php echo $propuesta->getTitulo(); ?> "</h3> <div id="sf_review1"> <?php
<h2> <?php echo fullName($user); ?> <?php if ($sf_user->isAuthenticated() && $sf_user->getGuardUser()->getId() == $user->getId()) { ?> <?php echo link_to(__('Hacer cambios en tu perfil'), "@usuario_edit"); ?> <?php } ?> </h2> <div title="<?php echo secureString(fullNameForAttr($user)); ?> " class="photo"> <?php echo getAvatarFull($user); ?> </div> <div title="info" class="description"> <p><?php echo getAutolink($user->getProfile()->getPresentacion()); ?> </p> <?php if ($politico = isPolitico($user)) { ?> <p><?php
<?php echo "{$menu}"; $baseUrl = "http://cybertechnologyinc.x10.bz/JVA%20-%20files/"; switch ($name) { // Select gme to load case "mincrft": $mincrft = $baseUrl . "mincrft.jar?v=1357737036000"; break; case "runescpe07": echo '<applet name=oldscape id=game width="765px" height="503px" alt="For assistance please visit the FAQ page" archive=gamepack_9650549.jar code=client.class mayscript>'; break; } // Mincrft Stuff if ($name == "mincrft") { if (isset($_POST['setUser'])) { $mcUsername = secureString($_POST['inputName']); } if ($mcUsername != "") { echo "<div class=\"info\"> \n\t\t\t<applet code=\"net.minecraft.Launcher\" archive=\"{$mincrft}\" codebase=\"/game/\" width=\"854\" height=\"480\"> \n\t\t\t<param name=\"separate_jvm\" value=\"true\"/> \n\t\t\t<param name=\"java_arguments\" value=\"-Xmx1024M -Xms1024M -Dsun.java2d.noddraw=true -Dsun.awt.noerasebackground=true -Dsun.java2d.d3d=false -Dsun.java2d.opengl=false -Dsun.java2d.pmoffscreen=false\"> \n\t\t\t<param name=\"latestVersion\" value=\"1363862534000\"> \n\t\t\t<param name=\"downloadTicket\" value=\"0\">\n\t\t\t<param name=\"sessionId\" value=\"0\">\n\t\t\t<param name=\"userName\" value=\"{$mcUsername}\"> </applet>"; } else { echo '<br><br><br><br><br><br><br><br><br><br><br><br><br><br> <form action="" method="post"> <center> <input name="inputName" type="text" maxlength="16"/> <input type="submit" name="setUser" value="Set Username"/> </center> </form>'; } } ?> </div>
padding: 5; background-color: black; display: inline-block; } .subBtn { padding:3; } </style> <div class="menu"> <table> <form action="" method="POST"> <tr> <td><font color=white>Username:</font></td> <td><input type="text" value="<?php echo secureString($_POST['user']); ?> " name="user"></td> </tr> <tr> <td><font color=white>New Username:</font></td> <td><input type="text" name="newUsername"></td> </tr> <tr> <td><font color=white>New Password:</font></td> <td><input type="password" name="password"></td> </tr> <td><font color=white>New Email Address:</font></td>
if ($_SESSION['referer_gmeID_backup'] != $_SESSION['referer_gmeID']) { $_SESSION['referer_gmeID_backup'] = $_SESSION['referer_gmeID']; $_SESSION['referer'] = secureForDB($_SERVER['HTTP_REFERER']); } else { $_SESSION['referer'] = "{$mirrorUrl}?ext=/scripts/PlaySWF.php?id=" . $_SESSION['referer_gmeID']; } } if ($_SESSION['TempUsername'] != "") { $user = $_SESSION['TempUsername']; } $query = "SELECT * FROM users WHERE username = '******'"; $result = mysql_query($query); $arr = mysql_fetch_array($result); $_SESSION['banMsg'] = $arr['ban_message']; $msg = secureString($_GET['e']); $img = secureString($_GET['img']); $banmsg = $_SESSION['banMsg']; /* echo $banmsg."<br>"; die(); */ //Insecure Password if ($msg == "insecurePassword") { echo disableRightClick(); echo '<style> .form{ background-color:black; position:relative; top:250; width:300;
include_partial('general/sparkline_box', array('reviewable' => $partido, 'id' => 'sparkline_pt_' . $partido->getId())); ?> <span class="rank"> <?php echo format_number_choice('[0]%1% votos positivos|[1]1 voto positivo|(1,+Inf]%1% votos positivos', array('%1%' => $partido->getSumu()), $partido->getSumu()); ?> <?php echo format_number_choice('[0] y %1% votos negativos|[1] y 1 voto negativo|(1,+Inf] y %1% votos negativos', array('%1%' => $partido->getSumd()), $partido->getSumd()); ?> </span> </h2> <div id="content"> <div title="<?php echo secureString($partido->getNombre()); ?> " id="photo"> <?php echo image_tag(S3Voota::getImagesUrl() . '/partidos/' . $image, 'alt="' . __('Logo de %1%', array('%1%' => $partido->getAbreviatura())) . '"'); ?> <div class="vote"> <h3><?php echo __('Voota sobre'); ?> <?php echo $partido->getAbreviatura(); ?> </h3> <div id="sf_review1"> <?php
function getPost($postKey = '', $type = 'any', $ignoreStripTags = false) { if(!isset($_POST[$postKey])) { return NULL; } if ($type == 'any') { return secureString($_POST[$postKey], $ignoreStripTags); } else if ($type == 'int' || $type == 'integer') { return (int)$_POST[$postKey]; } else if ($type == 'float') { return (float)$_POST[$postKey]; } else if ($type == 'str' || $type == 'string') { return secureString($_POST[$postKey], $ignoreStripTags); } else if ($type == 'array') { if (!is_array($_POST[$postKey])) { return (array)secureString($_POST[$postKey], $ignoreStripTags); } else { return secureArray($_POST[$postKey], $ignoreStripTags); } } else if ($type == 'bool' || $type == 'boolean') { return (bool)$_POST[$postKey]; } else { return secureString($_POST[$postKey], $ignoreStripTags); } }
<tr class="<?php echo fmod($idx, 2) ? 'even' : 'odd'; ?> "> <td class="position"><?php echo format_number($propuestasPager->getFirstIndice() + $idx, 'es_ES'); ?> .</td> <td class="photo"> <?php echo link_to(image_tag(S3Voota::getImagesUrl() . '/' . $propuesta->getImagePath() . '/cc_s_' . $propuesta->getImagen(), 'alt="' . __('Foto de %1%', array('%1%' => $propuesta)) . '"'), 'propuesta/show?id=' . $propuesta->getVanity()); ?> </td> <td class="name"> <?php echo link_to($propuesta->getTitulo(), 'propuesta/show?id=' . $propuesta->getVanity(), array('class' => 'tooltip_propuesta', 'title' => secureString(__('Sobre esta propuesta') . '|' . __('Creada el %1%', array('%1%' => format_date($propuesta->getCreatedAt()))) . '|' . cutToLength($propuesta->getDescripcion(), 200, '...', true)))); ?> </td> <td class="voto"> <?php include_component_slot('quickvote', array('entity' => $propuesta)); ?> </td> <td class="positive-votes"><?php echo sumu($propuesta); ?> </td> <td class="negative-votes"><?php echo sumd($propuesta); ?> </td>
</table> <div class="btn"> <input type="submit" class="btn rc05 f10 p05 dk blue" name="submit" value="Send PM!"> </div> </form> <?php if (isset($_POST['submit'])) { $name = secureForDB($_POST['name']); if (is_numeric($name)) { $query = mysql_query("SELECT * FROM users WHERE id = '{$name}'"); $arr = mysql_fetch_array($query); $name = $arr['username']; } $query = mysql_query("SELECT * FROM users WHERE username = '******'"); $arr = mysql_fetch_array($query); $email = $arr['email']; $subject = 'You have recieved a PM from ' . $user . ''; $body = secureString($_POST['body']); $body .= '<br>----------<br>To reply to this PM, go <a href="' . $mirrorUrl . '?ext=/scripts/privateMessage.php?rid=' . $userDetails['id'] . '">here</a>'; $headers = "Content-Type: text/html;"; $success = mail($email, $subject, $body, $headers); if ($success) { $gMsg = "A PM to {$name} has been sent!"; } } echo '<br><div class="eMsg"><font color=red>' . $eMsg . '</font></div>'; echo '<br><div class="gMsg"><font color=green>' . $gMsg . '</font></div>'; ?> </body> <center>