Exemplos de Validation::xss_clean em PHP

Exemplo n.º 1

Arquivo: Account.class.php Projeto: amitjoy/Bank_of_Munchen

 public function save($isNewAccount = false)
 {
     //create a new database object.
     $db = DB::getInstance();
     if ($isNewAccount) {
         $data = array("userId" => Validation::xss_clean(DB::makeSafe("'{$this->userId}'")), "balance" => Validation::xss_clean(DB::makeSafe("'{$this->balance}'")), "accountNo" => Validation::xss_clean(DB::makeSafe("'{$this->accountNo}'")), "password" => Validation::xss_clean(DB::makeSafe("'{$this->password}'")), "securitytype" => Validation::xss_clean(DB::makeSafe("'{$this->sectype}'")));
         $this->id = $db->insert($data, "ACCOUNTS");
     }
     return true;
 }

Exemplo n.º 2

Arquivo: success.php Projeto: amitjoy/Bank_of_Munchen

<?php
require_once '../../includes/global.inc.php';

$message = "";

if(isset($_SESSION['logged_in'])) {
    header("Location: accountoverview.php");
}

//check to see if they've submitted the login form
if(isset($_GET['message'])) { 
    $message = Validation::xss_clean($_GET['message']);
}

if (!isset($_GET["success"]))
    header("Location: banklogin.php");

?>

<!DOCTYPE html>
<!--[if lt IE 7]> <html class="ie lt-ie9 lt-ie8 lt-ie7 "> <![endif]-->
<!--[if IE 7]>    <html class="ie lt-ie9 lt-ie8 "> <![endif]-->
<!--[if IE 8]>    <html class="ie lt-ie9 "> <![endif]-->
<!--[if gt IE 8]> <html class="ie "> <![endif]-->
<!--[if !IE]><!-->
<html class="">
<!-- <![endif]-->
<head>
    <title>Registration Success</title>
    <!-- Meta -->
    <meta charset="utf-8">

Exemplo n.º 3

Arquivo: objectmodel.php Projeto: agwan786/framework

 private function def($data = array())
 {
     $obj = new Validation();
     foreach ($data['fields'] as $key => $value) {
         if (isset($value['require']) && $value['require']) {
             if (!isset($this->foo[$key]) || $this->foo[$key] == "" || $this->foo[$key] == null) {
                 if (!isset($this->getData[$key])) {
                     $this->errors[] = ucwords($key) . " can't be null or blank";
                 } else {
                     $this->foo[$key] = $this->getData[$key];
                 }
             }
             if (!($isValid = $obj->validate($value['type'], $this->foo[$key]))) {
                 $this->errors[] = ucwords($key) . " isn't {$value['type']}";
             }
             if (!($fieldData = $obj->xss_clean($this->foo[$key]))) {
                 $this->errors[] = ucwords($key) . " isn't passed xss clean security";
             }
             if (empty($this->errors)) {
                 $fieldValue = isset($this->foo[$key]) ? $this->mysqliFilter($this->foo[$key]) : $this->getData[$key];
             }
         } else {
             $fieldValue = isset($this->foo[$key]) ? $this->mysqliFilter($this->foo[$key]) : "";
         }
         $this->setData[$key] = $fieldValue;
     }
 }

Exemplo n.º 4

Arquivo: usersPrivChange.php Projeto: amitjoy/Bank_of_Munchen

 <!-- // Sidebar Menu END -->
 <!-- Content -->
 <div id="content">
     <nav class="navbar hidden-print main " role="navigation">
         <div class="navbar-header pull-left">
             <div class="user-action user-action-btn-navbar pull-left border-right">
                 <button class="btn btn-sm btn-navbar btn-inverse btn-stroke"><i class="fa fa-bars fa-2x"></i>
                 </button>
             </div>
         </div>
         <ul class="main pull-right ">
             
             <li class="dropdown username">
                 <a href="" class="dropdown-toggle" data-toggle="dropdown">
                     <img src="../assets/images/people/35/2.jpg" class="img-circle"
                     width="30" /><?=Validation::xss_clean($_SESSION["emailId"])?>
                     <span class="caret"></span>
                 </a>
                 <ul class="dropdown-menu pull-right">
                     <li><a href="changepassword.php?csrf_token=<?php echo $token; ?>" class="glyphicons edit no-ajaxify"><i></i>Change Password</a>
                     </li>
                     <li><a href="banklogout.php?lang=en&csrf_token=<?php echo $token; ?>" class="glyphicons lock no-ajaxify"><i></i>Logout</a>
                     </li>
                 </ul>
             </li>
         </ul>
         <div class="navbar-collapse collapse">
             
         </div>
     </nav>
     <!-- // END navbar -->

Exemplo n.º 5

Arquivo: global.inc.php Projeto: amitjoy/Bank_of_Munchen

<?php

error_reporting(E_ERROR | E_PARSE | E_WARNING);
// error_reporting(E_ALL);
//start the session
session_start();
// Requirements
require_once '../../libs/nocsrf.php';
require_once '../../classes/User.class.php';
require_once '../../classes/UserTools.class.php';
require_once '../../classes/DB.class.php';
require_once '../../classes/Account.class.php';
require_once '../../includes/constants.inc.php';
require_once '../../utils/InputValidation.util.php';
//connect to the database
$db = DB::getInstance();
$db->connect();
//initialize UserTools object
$userTools = new UserTools();
//refresh session variables if logged in
if (isset($_SESSION['logged_in'])) {
    $user = unserialize(Validation::xss_clean($_SESSION['user']));
    $_SESSION['user'] = serialize($userTools->get(Validation::xss_clean($_SESSION["emailId"])));
}

Exemplo n.º 6

Arquivo: makeAdmin.php Projeto: amitjoy/Bank_of_Munchen

if (filter_var($sessionEmailId, FILTER_VALIDATE_EMAIL) != true) {
    header ("Location: error.php?message=Email Validation Failed");
  }

if (!$userTools->isAdmin($sessionEmailId)) {
    header("Location: banklogin.php");
}



try {

  NoCSRF::check( 'csrf_token', $_GET, true, 60*10, false );

  $emailToUpdate = Validation::xss_clean(DB::makeSafe ($_GET["emailId"]));

  if (filter_var($emailToUpdate, FILTER_VALIDATE_EMAIL) != true) {
    header ("Location: error.php?message=Email Validation Failed");
  }


  $updateData = array (
      "isAdmin" => 1
    );

  // Make the user active
  $db->update ($updateData, "USERS", "emailId = '$emailToUpdate'");

  //send TAN email to the user 
    $message = Swift_Message::newInstance()

Exemplo n.º 7

Arquivo: banksignup.php Projeto: amitjoy/Bank_of_Munchen

        <script>
          alert("Captcha Validation Failed");
        </script>
        <?php
        exit;
    }

    //retrieve the $_POST variables
    $firstName = Validation::xss_clean(DB::makeSafe($_POST["firstName"]));
    $middleName = Validation::xss_clean(DB::makeSafe($_POST["middleName"]));
    $lastName = Validation::xss_clean(DB::makeSafe($_POST["lastName"]));
    $emailId = Validation::xss_clean(DB::makeSafe($_POST["emailId"]));
    $mobileNo = Validation::xss_clean(DB::makeSafe($_POST["mobileNo"]));
    $password = Validation::xss_clean(DB::makeSafe($_POST["password"]));
    $password_confirm = Validation::xss_clean(DB::makeSafe($_POST['retypePassword']));
	$securityType = Validation::xss_clean(DB::makeSafe($_POST['radio']));

    //initialize variables for form validation
    $success = true;
    $userTools = new UserTools();
    
    //validate that the form was filled out correctly
    if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) {
        $success = false;
        ?>
        <script>
          alert("Email Validation Failed");
        </script>
        <?php
    }

Exemplo n.º 8

Arquivo: upload.php Projeto: amitjoy/Bank_of_Munchen

<?php

require_once("../../classes/PluploadHandler.php");
require_once '../../includes/global.inc.php';

//check to see if they're logged in
if(!isset($_SESSION['logged_in'])) {
    header("Location: banklogin.php");
}

PluploadHandler::no_cache_headers();
PluploadHandler::cors_headers();

$emailId = Validation::xss_clean($_SESSION["emailId"]);

if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) {
    header ("Location: error.php?message=Email Validation Failed");
}

$targetDir = LOCATION_OF_UPLOAD_DIR . $emailId;
$targetDirBlankFile = LOCATION_OF_UPLOAD_DIR . $emailId . "/index.php"; //Used to prevent listing of the folder contents

$fileName = date("Y-m-d_His").".txt";

if (!file_exists($targetDir)) {
    mkdir($targetDir, 0777, true);
}

if (!file_exists($targetDirBlankFile)) {
	fopen($targetDirBlankFile, "w");
}

Exemplo n.º 9

Arquivo: rejecttransaction.php Projeto: amitjoy/Bank_of_Munchen

	$data = mysql_query("SELECT * FROM USERS WHERE emailId = '$emailId' AND isActive = 1 AND isAdmin = 1");

	if (mysql_num_rows($data) == 1) {

		$updateData = array (
				"isActive" => 2
			);

		$transactionToUpdate = Validation::xss_clean(DB::makeSafe ($_GET["id"]));

		if (filter_var($transactionToUpdate, FILTER_VALIDATE_INT) != true) {
    		header ("Location: error.php?message=Transaction ID Validation Failed");
	    }

		$emailIdOfTransaction = Validation::xss_clean(DB::makeSafe ($_GET["emailId"]));

		if (filter_var($emailIdOfTransaction, FILTER_VALIDATE_EMAIL) != true) {
    		header ("Location: error.php?message=Email Validation Failed");
 	    }

		$transactionArray = $db->select("TRANSACTIONS", "id = '$transactionToUpdate'");

		// Check to see if the admin is rejecting its own transaction
		if ($emailIdOfTransaction == $emailId) {
			header("Location: error.php?message=You can't reject your own transaction");
			return;
		}


		// Make the transaction rejected

Exemplo n.º 10

Arquivo: pdf.php Projeto: amitjoy/Bank_of_Munchen

require_once '../../includes/global.inc.php';
require_once '../../libs/pdf/mpdf.php';
require_once '../../utils/Generators.util.php';
require_once '../../includes/mail.inc.php';

//check to see if they're logged in
if(!isset($_SESSION['logged_in'])) {
    header("Location: banklogin.php");
}

try {
  NoCSRF::check( 'csrf_token', $_GET, true, 60*10, false );
  
  $emailIdToRetrieveData = Validation::xss_clean(DB::makeSafe($_GET['emailId']));
  $emailId = Validation::xss_clean(DB::makeSafe($_SESSION["emailId"]));

  if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) {
    header ("Location: error.php?message=Email Validation Failed");
  }

  if (filter_var($emailIdToRetrieveData, FILTER_VALIDATE_EMAIL) != true) {
    header ("Location: error.php?message=Email Validation Failed");
  }

  if (strlen($emailIdToRetrieveData) != 0)
      if (!$userTools->isAdmin($emailId) && ($emailId != $emailIdToRetrieveData)) {
          header("Location: banklogin.php");
      }

  $userData = $db->select("USERS", "emailId = '$emailIdToRetrieveData' AND isActive = 1");

Exemplo n.º 11

Arquivo: banklogin.php Projeto: amitjoy/Bank_of_Munchen

//check to see if they've submitted the login form
if(isset($_POST['submit_logon'])) { 

    //CAPTCHA Validation
    if (!$securimage->check($_POST['captcha_code'])) {
        ?>
        <script>
          alert("Captcha Validation Failed");
        </script>
        <?php
        exit;
    }

    $username = Validation::xss_clean(DB::makeSafe($_POST['email']));
    $password = Validation::xss_clean(DB::makeSafe($_POST['password']));

    if (filter_var($username, FILTER_VALIDATE_EMAIL) != true) {
        header ("Location: error.php?message=Email Validation Failed");
    }

    $userTools = new UserTools();

    if ($userTools->login($username, $password)){ 
        //successful login, redirect them to a page
        header("Location: accountoverview.php?csrf_token=$token");
    } else {
        $error = "Incorrect username or password. Please try again.";
    }
}

Exemplo n.º 12

Arquivo: forgotpassword.php Projeto: amitjoy/Bank_of_Munchen

<?php
require_once '../../includes/global.inc.php';
require_once '../../utils/Account.util.php';
require_once '../../includes/mail.inc.php';
require_once '../../utils/Generators.util.php';

//check to see if they're logged in
//if(!isset($_SESSION['logged_in'])) {
//    header("Location: banklogin.php");
//}

$emailToReset = Validation::xss_clean(DB::makeSafe($_GET["mailId"]));

if (filter_var($emailToReset, FILTER_VALIDATE_EMAIL) != true) {
    echo("Email Validation Failed");
    return;
}


try {

	$db = DB::getInstance();
	$db->connect();

	$accData = $db->select("ACCOUNTS", "userId = '$emailToReset'");
	
	
	if (is_array($accData) && $accData["userId"] != "") {

		$password = Generators::randomPasswordGenerate (15);
		$passwordwithqoutes="'".hash('sha512', $password)."'";

Exemplo n.º 13

Arquivo: approveuser.php Projeto: amitjoy/Bank_of_Munchen

$sessionEmailId = Validation::xss_clean($_SESSION["emailId"]);

if (filter_var($sessionEmailId, FILTER_VALIDATE_EMAIL) != true) {
    header ("Location: error.php?message=Email Validation Failed");
}

if (!$userTools->isAdmin($sessionEmailId)) {
    header("Location: banklogin.php");
}

try {
  NoCSRF::check( 'csrf_token', $_GET, true, 60*10, false );

  $emailToUpdate = Validation::xss_clean(DB::makeSafe ($_GET["emailId"]));
  $initialAmount = Validation::xss_clean(DB::makeSafe ($_GET["initial_amount"]));

  $updateData = array (
        "isActive" => 1
      );

  // Update the initial balance
  $updateBalanceData = array (
      "balance" => $initialAmount
    );

  if (filter_var($emailToUpdate, FILTER_VALIDATE_EMAIL) != true) {
    header ("Location: error.php?message=Email Validation Failed");
  }