public static function logout() { DB::query("DELETE FROM webchat_users WHERE name = '" . DB::esc($_SESSION['user']['name']) . "'"); $_SESSION = array(); unset($_SESSION); return array('status' => 1); }
function _HCM_linkuser($jmeno = "") { $name = DB::esc(_anchorStr($jmeno, false)); $query = DB::query("SELECT id FROM `" . _mysql_prefix . "-users` WHERE username='******'"); if (DB::size($query) != 0) { $query = DB::row($query); return _linkUser($query['id']); } }
function action_show() { if (isset($_GET['id']) && $_GET['id'] > 0) { $id = DB::esc(intval($_GET['id'])); $this->data = $this->model->getAdvert($id); $this->view->setData($this->data); $this->view->setTitle($this->data['title']); $this->view->display('advert_view.php'); } else { $this->action_404(); } }
function action_category() { if (isset($_GET['id']) && $_GET['id'] > 0) { $id = DB::esc(intval($_GET['id'])); $category = new Category($id, $this->model); $this->view->setData(array("category" => $category)); $this->view->setTitle($category->getName()); $this->view->display('category_view.php'); } else { $this->action_404(); } }
private static function explodeParameters($paramsArray) { if (!empty($paramsArray)) { $params = $paramsArray; $pairs = explode('&', $params); foreach ($pairs as $pair) { $part = explode('=', $pair); // SQL Injection protection !!! self::$params[$part[0]] = DB::esc(urldecode($part[1])); } } }
public function getDetails() { $q = "SELECT r.id AS id, u.username AS user1, v.username AS user2, w.name AS grp, title, text, completed, begin, end, created, modified\n FROM reminders AS r \n LEFT OUTER JOIN users AS u ON r.user_id = u.id\n LEFT OUTER JOIN users AS v ON r.backup_user_id = v.id\n LEFT OUTER JOIN roles AS w ON r.group_id = w.id\n WHERE r.id = " . DB::esc($this->id); $results = DB::query($q); if (!$results) { throw new Exception(DB::getMySQLiObject()->error); } $output = null; if ($results) { while ($output[] = mysqli_fetch_assoc($results)) { } } if (!is_null($output) && end($output) == null) { array_pop($output); } return $output; }
/** * Export database data * @param array|null $tables array of table names (with prefix) or null (= all) * @return array temporary file array(handle, path) containing the data */ public function exportData($tables = null) { // find all tables if (!isset($tables)) { $tables = $this->_get_tables(); } // get temporary file $file = _tmpFile(); // vars $null = chr(0); $nullv = chr(1); $prefix_len = strlen(_mysql_prefix) + 1; // headers $ver = _checkVersion('database', null, true); $ver = end($ver); fwrite($file[0], $ver . $null); // data for ($i = 0; isset($tables[$i]); ++$i) { // query $q = DB::query('SELECT * FROM `' . $tables[$i] . '`'); if (DB::size($q) === 0) { // skip empty tables DB::free($q); continue; } // table header $collist = true; fwrite($file[0], substr($tables[$i], $prefix_len) . $null); while ($r = DB::row($q)) { // column list for table header (once) if ($collist) { $collist = false; fwrite($file[0], implode($null, array_keys($r)) . $null . $null); } // row data foreach ($r as $c) { fwrite($file[0], (isset($c) ? DB::esc($c) : $nullv) . $null); } } fwrite($file[0], $null); DB::free($q); $r = null; } // return return $file; }
public function get($group = null) { if (is_null($group)) { $results = DB::query("\n SELECT id, handle_number, handle_name, description, gps_status\n FROM handles\n ORDER BY handle_name ASC\n "); } elseif (is_numeric($group)) { $group_id = DB::esc($group); $results = DB::query("\n SELECT id, handle_number, handle_name, description, gps_status\n FROM handles\n WHERE group_id = {$group_id}\n ORDER BY handle_name ASC\n "); } else { return false; } while ($data[] = mysqli_fetch_assoc($results)) { } if (!is_null($data) && end($data) == null) { array_pop($data); } return $data; }
public function addAdvert($title, $type, $tel, $email, $content, $category, $holder) { $title = DB::esc($_POST["title"]); $tel = DB::esc($_POST["tel"]); $email = DB::esc($_POST["email"]); $content = DB::esc($_POST["content"]); $category = DB::esc($_POST["category"]); $holder = DB::esc($_POST["holder"]); $type = DB::esc($_POST["type"]); $date = date("Y-m-d"); $res = DB::query("INSERT INTO adverts (id_holder,title,content,type,category_id,date,tel,email) " . "VALUES({$holder},'{$title}','{$content}',{$type},{$category},'{$date}','{$tel}','{$email}')"); if ($res) { $json_data = array("result" => TRUE, "msg" => "Оголошення додано."); } else { $json_data = array("result" => FALSE, "msg" => "Виникла помилка. Спробуйте ще раз"); } echo json_encode($json_data); }
protected function handlerForm() { $login = strip_tags(DB::esc($_POST['login'])); $password = strip_tags(DB::esc($_POST['password'])); if (!empty($login) && !empty($password)) { $password = md5($password); $query = "SELECT id FROM users WHERE login='******' AND password= '******'"; $result = DB::query($query); $this->getMessageQueryErr($result, __FUNCTION__); if ($result->num_rows == 1) { $_SESSION['user'] = TRUE; header("Location:?option=admin"); } else { exit("Такого пользователя нет"); } } else { exit("Поля не заполнены"); } }
public function get($options = 'empty') { if (is_array($options)) { $dbresult = DB::query("SELECT id,name FROM roles WHERE name = '" . DB::esc($options['role']) . "'"); if ($dbresult->num_rows == 1) { $role_result = $dbresult->fetch_array(); $this->role_id = $role_result['id']; } else { throw new Exception('unknown chat'); } $q = "SELECT * FROM (\r\n \t\t\tSELECT t.id, t.text, t.created, users.username, users.avatar\r\n \tFROM chatlines AS t INNER JOIN users ON t.user_id = users.id"; if ($options['first_id'] && is_numeric($options['first_id'])) { $first_id = DB::esc($options['first_id']); $limit_paging = DB::esc($options['limit_paging']); $q .= " WHERE t.id < {$first_id}"; $q .= " AND t.role_id = " . $this->role_id; $q .= " ORDER BY t.id DESC LIMIT {$limit_paging}) t"; $q .= " ORDER BY id ASC"; } else { $since = DB::esc($options['since']); $q .= $since ? " WHERE t.created >= '" . $since . "'" : ""; $q .= " AND t.role_id = " . $this->role_id; $q .= " ORDER BY t.id DESC LIMIT 20) t"; $q .= " ORDER BY id ASC"; } $results = DB::query($q); } else { throw new Exception('Invalid arguments for getChats'); } $data[] = array('timestamp' => date('Y-m-d G:i:s'), 'limit' => 'true'); while ($data[] = mysqli_fetch_assoc($results)) { } if (!is_null($data) && end($data) == null) { array_pop($data); } if ($limit_paging && count($data) < $limit_paging + 1) { $data[0]['limit'] = 'false'; } $data[0]['query'] = $q; return $data; }
public function setTicket($tick_no) { $q = "UPDATE messages SET ticket_id = " . DB::esc($tick_no) . "\n WHERE id = " . DB::esc($this->id); $res = DB::query($q); if (!$res) { throw new Exception(DB::getMySQLiObject()->error); } }
// filtr skupiny $grouplimit = ""; $grouplimit2 = "1"; if (isset($_GET['group'])) { $group = intval($_GET['group']); if ($group != -1) { $grouplimit = " AND `" . _mysql_prefix . "-groups`.id=" . $group; $grouplimit2 = "`group`=" . $group; } } else { $group = -1; } // aktivace vyhledavani if (isset($_GET['search']) and $_GET['search'] != "") { $search = true; $searchword = DB::esc($_GET['search']); } else { $search = false; } // filtry - vyber skupiny, vyhledavani $output .= ' <table class="wintable"> <tr> <td> <form class="cform" action="index.php" method="get"> <input type="hidden" name="p" value="users-list" /> <input type="hidden" name="search"' . _restoreGetValue('search', '') . ' /> <strong>' . $_lang['admin.users.list.groupfilter'] . ':</strong> ' . _admin_authorSelect("group", $group, "id!=2", null, $_lang['global.all'], true) . ' </select> <input type="submit" value="' . $_lang['global.apply'] . '" /> </form>
$search_query = ''; $root = 1; $art = 1; $post = 1; $image = 0; } /* --- modul --- */ if (_template_autoheadings == 1) { $module .= "<h1>" . $_lang['mod.search'] . "</h1>"; } $module .= "\n<p class='bborder'>" . $_lang['mod.search.p'] . "</p>\n\n<form action='index.php' method='get'>\n<input type='hidden' name='m' value='search' />\n" . _xsrfProtect() . "\n<input type='text' name='q' class='inputmedium' value='" . _htmlStr($search_query) . "' /> <input type='submit' value='" . $_lang['mod.search.submit'] . "' /><br />\n" . $_lang['mod.search.where'] . ": \n<label><input type='checkbox' name='root' value='1'" . _checkboxActivate($root) . " /> " . $_lang['mod.search.where.root'] . "</label> \n<label><input type='checkbox' name='art' value='1'" . _checkboxActivate($art) . " /> " . $_lang['mod.search.where.articles'] . "</label> \n<label><input type='checkbox' name='post' value='1'" . _checkboxActivate($post) . " /> " . $_lang['mod.search.where.posts'] . "</label> \n<label><input type='checkbox' name='img' value='1'" . _checkboxActivate($image) . " /> " . $_lang['mod.search.where.images'] . "</label>\n</form>\n\n"; /* --- vyhledavani --- */ if ($search_query != '' && _xsrfCheck(true)) { if (mb_strlen($search_query) >= 3) { // priprava $search_query_sql = DB::esc('%' . $search_query . '%'); $results = array(); // polozka: array(link, titulek, perex) $public = !_loginindicator; // funkce na skladani vyhledavaciho dotazu function _tmpSearchQuery($alias, $cols) { $output = '('; for ($i = 0, $last = sizeof($cols) - 1; isset($cols[$i]); ++$i) { $output .= $alias . '.' . $cols[$i] . ' LIKE \'' . $GLOBALS['search_query_sql'] . '\''; if ($i !== $last) { $output .= ' OR '; } } $output .= ')'; return $output;
public function save() { DB::query("\n\t\t\tINSERT INTO webchat_lines (author, gravatar, text, room, room_do, tss, czyt)\n\t\t\tVALUES (\n\t\t\t\t'" . DB::esc($this->author) . "',\n\t\t\t\t'" . DB::esc($this->gravatar) . "',\n\t\t\t\t'" . DB::esc($this->text) . "',\n\t\t\t\t'" . $this->room . "',\n\t\t\t\t'" . $this->room_od . "',\n\t\t\t\t'" . time() . "',\n\t\t\t\t'" . $this->czyt . "'\n\t\t)"); // Returns the MySQLi object of the DB class return DB::getMySQLiObject(); }
} else { $module .= _formMessage(2, str_replace(array("*1*", "*2*"), array(_maxloginattempts, _maxloginexpire / 60), $_lang['login.attemptlimit'])); } break; default: $module .= "<p class='bborder'>" . $_lang['mod.lostpass.p'] . "</p>"; // kontrola promennych, odeslani emailu $sent = false; if (isset($_POST['username'])) { if (_iplogCheck(7)) { // nacteni promennych $username = _anchorStr($_POST['username'], false); $email = DB::esc($_POST['email']); // kontrola promennych if (_captchaCheck()) { $userdata = DB::query("SELECT email,password,salt,username FROM `" . _mysql_prefix . "-users` WHERE username='******' AND email='" . $email . "'"); if (DB::size($userdata) != 0) { // odeslani emailu $userdata = DB::row($userdata); $link = _url . "/index.php?m=lostpass&link&user="******"&hash=" . md5($userdata['email'] . $userdata['salt'] . $userdata['password']); $text_tags = array("*domain*", "*username*", "*link*", "*date*", "*ip*"); $text_contents = array(_getDomain(), $userdata['username'], $link, _formatTime(time()), _userip); if (_mail($userdata['email'], str_replace('*domain*', _getDomain(), $_lang['mod.lostpass.mail.subject']), str_replace($text_tags, $text_contents, $_lang['mod.lostpass.mail.text']), "Content-Type: text/plain; charset=UTF-8\n" . _sysMailHeader())) { $module .= _formMessage(1, $_lang['mod.lostpass.cmailsent']); _iplogUpdate(7); $sent = true; } else { $module .= _formMessage(3, $_lang['hcm.mailform.msg.failure2']); } } else { $module .= _formMessage(2, $_lang['mod.lostpass.notfound']);
public static function getUsers() { if ($_SESSION['user']['name']) { $user = new ChatUser(array('name' => $_SESSION['user']['name'])); $user->update(); } // Deleting chats older than 5 minutes and users inactive for 30 seconds //DB::query("DELETE FROM webchat_lines WHERE ts < SUBTIME(NOW(),'0:25:0')"); DB::query("DELETE FROM webchat_users WHERE last_activity < SUBTIME(NOW(),'0:15:30')"); $result = DB::query('SELECT * FROM webchat_users WHERE gravatar<>"' . $_SESSION['user_id'] . '" ORDER BY name ASC LIMIT 18'); $users = array(); $us = array(); while ($user = $result->fetch_object()) { $user->gravatar = $user->gravatar; $ilejest = 0; if ($_COOKIE['chat_0'] != "off") { $ilejest = DB::query('SELECT COUNT(*) as asd FROM webchat_lines WHERE tss>"' . DB::esc($_COOKIE['chat_' . $user->gravatar . '']) . '" and room_do="' . $user->gravatar . '" and room="' . $_SESSION['user_id'] . '" and czyt="0"')->fetch_object()->asd; if ($ilejest >= 1) { $user->ile_a = '<span class="ilejest" id="user_ile_' . $user->gravatar . '">(' . $ilejest . ')</span>'; } else { $user->ile_a = ''; } } $us[] = $user->gravatar; $users[] = $user; } $ile_u = DB::query('SELECT COUNT(*) as cnt FROM webchat_users')->fetch_object()->cnt; if ($ile_u >= 1) { $ile_u = $ile_u - 1; } $result = DB::query('SELECT * FROM webchat_lines WHERE czyt=0 and room="' . $_SESSION['user_id'] . '" GROUP by author'); while ($use = $result->fetch_object()) { if (!in_array($use->room_do, $us)) { $user->gravatar = $use->room_do; $user->name = $use->author; $ilejest = 0; if ($_COOKIE['chat_0'] != "off") { $ilejest = DB::query('SELECT COUNT(*) as asd FROM webchat_lines WHERE room_do="' . $user->gravatar . '" and room="' . $_SESSION['user_id'] . '" and czyt="0"')->fetch_object()->asd; if ($ilejest >= 1) { $user->ile_a = '<span class="ilejest" id="user_ile_' . $user->gravatar . '">(' . $ilejest . ')</span>'; } else { $user->ile_a = ''; } } $users[] = $user; } } return array('users' => $users, 'ile_a' => $ile_a, 'total' => $ile_u); }
} /* --- priprava --- */ if (isset($_GET['c'])) { $c = _get('c'); $returntolist = true; } else { $c = '1'; $returntolist = false; } /* --- ulozeni --- */ if (isset($_POST['title'])) { // nacteni promennych $title = DB::esc(_htmlStr($_POST['title'])); $column = _post('column'); $ord = floatval($_POST['ord']); $content = DB::esc(_filtrateHCM($_POST['content'])); $visible = _checkboxLoad('visible'); $public = _checkboxLoad('public'); $class = trim($_POST['class']); if ($class === '') { $class = null; } else { $class = DB::esc(_htmlStr($class)); } // vlozeni DB::query("INSERT INTO `" . _mysql_prefix . "-boxes` (ord,title,content,visible,public,`column`,class) VALUES (" . $ord . ",'" . $title . "','" . $content . "'," . $visible . "," . $public . ",'" . DB::esc($column) . "'," . (isset($class) ? '\'' . $class . '\'' : 'NULL') . ")"); define('_redirect_to', 'index.php?p=content-boxes-edit&c=' . urlencode($column) . '&created'); return; } /* --- vystup --- */ $output .= "\n<a href='index.php?p=" . ($returntolist ? "content-boxes-edit&c=" . urlencode($c) : "content-boxes") . "' class='backlink'>< " . $_lang['global.return'] . "</a>\n<h1>" . $_lang['admin.content.boxes.new.title'] . "</h1>\n<p class='bborder'></p>\n\n<form class='cform' action='index.php?p=content-boxes-new&c=" . urlencode($c) . "' method='post'>\n\n<table class='formtable'>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.title'] . "</strong></td>\n<td><input type='text' name='title' class='inputmedium' maxlength='96' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.boxes.column'] . "</strong></td>\n<td><input type='text' maxlength='64' name='column' value='" . _htmlStr($c) . "' class='inputmedium' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.ord'] . "</strong></td>\n<td><input type='text' name='ord' value='1' class='inputmedium' /></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.class'] . "</strong></td>\n<td><input type='text' name='class' class='inputmedium' maxlength='24' /></td>\n</tr>\n\n<tr class='valign-top'>\n<td class='rpad'><strong>" . $_lang['admin.content.form.content'] . "</strong></td>\n<td><textarea name='content' class='areasmall_100pwidth codemirror' rows='9' cols='33'></textarea></td>\n</tr>\n\n<tr>\n<td class='rpad'><strong>" . $_lang['admin.content.form.settings'] . "</strong></td>\n<td>\n<label><input type='checkbox' name='visible' value='1' checked='checked' /> " . $_lang['admin.content.form.visible'] . "</label> \n<label><input type='checkbox' name='public' value='1' checked='checked' /> " . $_lang['admin.content.form.public'] . "</label>\n</td>\n</tr>\n\n<tr>\n<td></td>\n<td><input type='submit' value='" . $_lang['global.create'] . "' /></td>\n</tr>\n\n</table>\n\n" . _xsrfProtect() . "</form>\n\n";
public function handle() { $q = "UPDATE sms SET handled_at = NOW(), handled_by = " . DB::esc($this->handled_by) . " WHERE id = " . DB::esc($this->id); $res = DB::query($q); if (!$res) { throw new Exception(DB::getMySQLiObject()->error); } }
$lastid = $id; } $quotes = "'"; $skip = false; switch ($var) { case "title": $val = DB::esc(_htmlStr($val)); break; case "full": $val = 'IF(in_storage,full,\'' . DB::esc(_htmlStr($val)) . '\')'; $quotes = ''; break; case "prevtrigger": $var = "prev"; if (!_checkboxLoad('i' . $id . '_autoprev')) { $val = DB::esc(_htmlStr($_POST['i' . $id . '_prev'])); } else { $val = ""; } break; case "ord": $val = intval($val); $quotes = ''; break; default: $skip = true; break; } // ukladani a cachovani if (!$skip) { // ulozeni
public function save() { DB::query("\r\n\t\t\tINSERT INTO webchat_lines (author, gravatar, text)\r\n\t\t\tVALUES (\r\n\t\t\t\t'" . DB::esc($this->author) . "',\r\n\t\t\t\t'" . DB::esc($this->gravatar) . "',\r\n\t\t\t\t'" . DB::esc($this->text) . "'\r\n\t\t)"); // Returns the MySQLi object of the DB class return DB::getMySQLiObject(); }
/** * make a WHERE clause with the current filter and search * * @param array $replace (optional) replace wildcards in SQL * @param array $columns (optional) string database columns to search in * @param array $columns_integer (optional) integer database columns to search in * @return string */ public function where(array $replace=array(), array $columns=array(), array $columns_integer=array()) { $where = array(); // filter foreach ( $this->filter as $key => $filtersql ) { if (!$filtersql) continue; // check for manipulations if (!isset($this->filters[$key][$filtersql])) continue; $where[] = strtr($filtersql, $replace); } // search if ( $this->search ) { $where_search = array(); foreach ( $columns as $column ) { $where_search[] = $column." ILIKE ".DB::esc("%".$this->search."%"); } // search in integer values only when searching for a non-zero integer if (intval($this->search)) { foreach ( $columns_integer as $column ) { $where_search[] = $column."=".intval($this->search); } } if ($where_search) { if (count($where_search)==1) $where[] = $where_search[0]; else $where[] = "(".join(" OR ", $where_search).")"; } } if ($where) { if (count($where)==1) return $where[0]; else return "(".join(" AND ", $where).")"; } return ""; }
$continue = true; } } else { $id = -1; $query = array('author' => _loginid, 'question' => "", 'answers' => "", 'locked' => 0); $new = true; $actionbonus = ""; $submitcaption = $_lang['global.create']; $continue = true; } /* --- ulozeni / vytvoreni --- */ if (isset($_POST['question'])) { // nacteni promennych $question = _htmlStr(trim($_POST['question'])); $query['question'] = $question; $question = DB::esc($question); // odpovedi $answers = @explode("\n", $_POST['answers']); $answers_new = array(); foreach ($answers as $answer) { $answers_new[] = _htmlStr(trim($answer)); } $answers = _arrayRemoveValue($answers_new, ""); $answers_count = count($answers); $answers = @implode("\n", $answers); $query['answers'] = $answers; if (_loginright_adminpollall) { $author = intval($_POST['author']); } else { $author = _loginid; }
/* --- prihlaseni --- */ _checkKeys('_POST', array('form_url')); if (!isset($_POST['username'])) { $_POST['username'] = ''; } if (!isset($_POST['password'])) { $_POST['password'] = ''; } $result = 0; $username = ""; $ipbound = isset($_POST['ipbound']); if (!_loginindicator) { if (_xsrfCheck()) { if (_iplogCheck(1)) { // nacteni promennych $username = DB::esc($_POST['username']); $email = strpos($_POST['username'], '@') !== false; $password = $_POST['password']; $persistent = _checkboxLoad('persistent'); // nalezeni uzivatele $query = DB::query("SELECT * FROM `" . _mysql_prefix . "-users` WHERE `" . ($email ? 'email' : 'username') . "`='" . $username . "'" . (!$email && $username !== '' ? ' OR publicname=\'' . $username . '\'' : '')); if (DB::size($query) != 0) { $query = DB::row($query); if (empty($username)) { $username = $query['username']; } $groupblock = DB::query_row("SELECT blocked FROM `" . _mysql_prefix . "-groups` WHERE id=" . $query['group']); if ($query['blocked'] == 0 and $groupblock['blocked'] == 0) { if (_md5Salt($password, $query['salt']) == $query['password']) { // navyseni poctu prihlaseni DB::query("UPDATE `" . _mysql_prefix . "-users` SET logincounter=logincounter+1 WHERE id=" . $query['id']);
/* --- priprava, kontrola pristupovych prav --- */ $message = ""; if (!(_loginright_adminsection or _loginright_admincategory or _loginright_adminbook or _loginright_adminseparator or _loginright_admingallery or _loginright_adminintersection or _loginright_adminpluginpage)) { $continue = false; $output .= _formMessage(3, $_lang['global.accessdenied']); } else { $continue = true; } /* --- akce --- */ if ($continue && isset($_POST['do'])) { foreach ($_POST as $id => $title) { if ($id == "do") { continue; } $id = intval($id); $title = DB::esc(_htmlStr(trim($title))); if ($title == "") { $title = $_lang['global.novalue']; } DB::query("UPDATE `" . _mysql_prefix . "-root` SET title='" . $title . "' WHERE id=" . $id); } $message = _formMessage(1, $_lang['global.saved']); } /* --- vystup --- */ if ($continue) { $output .= "<p class='bborder'>" . $_lang['admin.content.titles.p'] . "</p>" . $message . "\n\n<form action='index.php?p=content-titles' method='post'>\n<input type='hidden' name='do' value='1' />\n\n<table>\n<tr><td><strong>" . $_lang['global.item'] . "</strong></td><td class='lpad'><strong>" . $_lang['global.type'] . "</strong></td></tr>\n"; // funkce function _admin_titleListItem($item, $ipad = false) { global $_lang; $type_array = _admin_getTypeArray();
$rights .= "</table></fieldset><fieldset><legend>" . mb_substr($item, 1) . "</legend><table>"; } } /* --- ulozeni --- */ if (isset($_POST['title'])) { $newdata = array(); // zakladni atributy $newdata['title'] = DB::esc(_htmlStr(trim($_POST['title']))); if ($newdata['title'] == "") { $newdata['title'] = DB::esc($_lang['global.novalue']); } $newdata['descr'] = DB::esc(_htmlStr(trim($_POST['descr']))); if ($id != 2) { $newdata['icon'] = DB::esc(_htmlStr(trim($_POST['icon']))); } $newdata['color'] = DB::esc(preg_replace('/([^0-9a-zA-Z#])/s', '', trim($_POST['color']))); if ($id > 2) { $newdata['blocked'] = _checkboxLoad("blocked"); } if ($id != 2) { $newdata['reglist'] = _checkboxLoad("reglist"); } // uroven, blokovani if ($id > 2) { $newdata['level'] = intval($_POST['level']); if ($newdata['level'] > _loginright_level) { $newdata['level'] = _loginright_level - 1; } if ($newdata['level'] >= 10000) { $newdata['level'] = 9999; }
public function update() { DB::query("\r\n INSERT INTO webchat_users (name, gravatar)\r\n VALUES (\r\n '" . DB::esc($this->name) . "',\r\n '" . DB::esc($this->gravatar) . "'\r\n ) ON DUPLICATE KEY UPDATE last_activity = NOW()"); }
<?php /* --- kontrola jadra --- */ if (!defined('_core')) { exit; } /* --- akce --- */ $message = ""; if (isset($_POST['user'])) { $user = DB::esc(_anchorStr(trim($_POST['user']))); $query = DB::query("SELECT id,password FROM `" . _mysql_prefix . "-users` WHERE username='******'"); if (DB::size($query) != 0) { $query = DB::row($query); _userLogout(false); $_SESSION[_sessionprefix . "user"] = $query['id']; $_SESSION[_sessionprefix . "password"] = $query['password']; $_SESSION[_sessionprefix . "ip"] = _userip; $_SESSION[_sessionprefix . "ipbound"] = true; define('_redirect_to', _indexroot . 'index.php?m=login'); return; } else { $message = _formMessage(2, $_lang['global.baduser']); } } /* --- vystup --- */ $output .= "\n<p class='bborder'>" . $_lang['admin.other.transm.p'] . "</p>\n" . $message . "\n<form action='index.php?p=other-transm' method='post'>\n<strong>" . $_lang['global.user'] . ":</strong> <input type='text' name='user' class='inputsmall' /> <input type='submit' value='" . $_lang['global.login'] . "' />\n" . _xsrfProtect() . "</form>\n";
/** * save not yet confirmed mail address and send confirmation request * * @param string $mail */ public function set_mail($mail) { if ( strtotime($this->mail_lock_expiry) > time() ) { warning(_("We have sent an email with a confirmation code already in the last hour. Please try again later!")); redirect(); } $this->mail_unconfirmed = $mail; DB::transaction_start(); do { $this->mail_code = Login::generate_token(16); $sql = "SELECT id FROM member WHERE mail_code=".DB::esc($this->mail_code); } while ( DB::numrows($sql) ); // The member has 7 days to confirm the email address. $this->update(['mail_unconfirmed', 'mail_code'], "mail_code_expiry = now() + interval '7 days'"); DB::transaction_commit(); $subject = _("Email confirmation request"); $body = _("Please confirm your email address by clicking the following link:")."\n" .BASE_URL."confirm_mail.php?code=".$this->mail_code."\n\n" ._("If this link does not work, please open the following URL in your web browser:")."\n" .BASE_URL."confirm_mail.php\n" ._("On that page enter the code:")."\n" .$this->mail_code; if ( send_mail($mail, $subject, $body) ) { $this->update(array(), "mail_lock_expiry = now() + interval '1 hour'"); success(_("Your email address has been saved. An email with a confirmation code has been sent.")); } else { warning(sprintf(_("Your email address has been saved, but the email with the confirmation code could not be sent. Try again later or contact %s.")), MAIL_SUPPORT); } // notification to old mail address if ($this->mail) { $subject = _("Change of your email address"); $body = _("Someone, probably you, changed your email address to:")."\n" .$this->mail_unconfirmed."\n\n" ._("If this was not you, somebody else got access to your account. In this case please log in as soon as possible and change your password:"******"\n" .BASE_URL."settings.php\n" .sprintf(_("Then try to set the email address back to your one and contact %s!"), MAIL_SUPPORT); send_mail($this->mail, $subject, $body); } }
* * @author Magnus Rosenbaum <*****@*****.**> * @package Basisentscheid */ require "inc/common_http.php"; Login::logout(); if (!empty($_REQUEST['code'])) { $code = $_REQUEST['code']; $sql = "SELECT * FROM member WHERE password_reset_code=".DB::esc($code)." AND password_reset_code_expiry > now()"; $result = DB::query($sql); $member = DB::fetch_object($result, "Member"); if (!$member) { warning(_("The code is invalid!")); } } else { $code = ""; $member = false; } $password = "";