if (strlen(trim($str)) == 0) {
echo '<p>' . _e('Let JavaScript do what it is supposed to do!', 'simple-support-ticket-system') . '</p>';
echo '<p><form onsubmit="back();return false;"><input class="button" value="';
_e('Back', 'simple-support-ticket-system');
echo '" type="submit"></input></form></p>';
// abort script
exit;
} else {
return true;
}
}
// Check for invalid Text
checkText($_POST["name"]);
checkText($_POST["mail"]);
checkText($_POST["title"]);
checkText($_POST["problem"]);
$absendername = stripslashes(sanitize_text_field($_POST["name"]));
$absendermail = stripslashes(sanitize_email($_POST["mail"]));
$title = stripslashes(sanitize_text_field($_POST["title"]));
$problem = stripslashes(implode("\n", array_map('sanitize_text_field', explode("\n", $_POST['problem']))));
if (isset($_POST["rechner"])) {
$rechner = stripslashes(sanitize_text_field($_POST["rechner"]));
} else {
$rechner = NULL;
}
if (isset($_POST["raum"])) {
$raum = stripslashes(sanitize_text_field($_POST["raum"]));
} else {
$raum = NULL;
}
if (isset($_POST["telefon"])) {
***************************************************************/
/**************************************************************
Call: check_text.php?...
op=Check ... do the check
Check (parse & split) a Text (into sentences/words)
***************************************************************/
include "connect.inc.php";
include "settings.inc.php";
include "utilities.inc.php";
pagestart('Check a Text', true);
if (isset($_REQUEST['op'])) {
echo '<p><input type="button" value="<< Back" onclick="history.back();" /></p>';
if (strlen(prepare_textdata($_REQUEST['TxText'])) > 65000) {
echo "<p>Error: Text too long, must be below 65000 Bytes.</p>";
} else {
echo checkText($_REQUEST['TxText'], $_REQUEST['TxLgID']);
}
echo '<p><input type="button" value="<< Back" onclick="history.back();" /></p>';
} else {
?>
<form class="validate" action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="post">
<table class="tab3" cellspacing="0" cellpadding="5">
<tr>
<td class="td1 right">Language:</td>
<td class="td1">
<select name="TxLgID" class="notempty setfocus">
<?php
echo get_languages_selectoptions(getSetting('currentlanguage'), '[Choose...]');
/**
* Creates a form in order to change the password - if the authcode is valid
*
* @return string
*/
protected function actionPwdReset()
{
$strReturn = "";
if (!validateSystemid($this->getParam("systemid"))) {
return $this->getLang("login_change_error", "user");
}
$objUser = new class_module_user_user($this->getParam("systemid"));
if ($objUser->getStrAuthcode() != "" && $this->getParam("authcode") == $objUser->getStrAuthcode() && $objUser->getStrUsername() != "") {
if ($this->getParam("reset") == "") {
//Loading a small form to change the password
$strTemplateID = $this->objTemplate->readTemplate("/elements.tpl", "login_form");
$arrTemplate = array();
$strForm = "";
$strForm .= $this->objToolkit->getTextRow($this->getLang("login_password_form_intro", "user"));
$strForm .= $this->objToolkit->formHeader(class_link::getLinkAdminHref($this->getArrModule("modul"), "pwdReset"));
$strForm .= $this->objToolkit->formInputText("username", $this->getLang("login_loginUser", "user"), "", "inputTextShort");
$strForm .= $this->objToolkit->formInputPassword("password1", $this->getLang("login_loginPass", "user"), "", "inputTextShort");
$strForm .= $this->objToolkit->formInputPassword("password2", $this->getLang("login_loginPass2", "user"), "", "inputTextShort");
$strForm .= $this->objToolkit->formInputSubmit($this->getLang("login_changeButton", "user"), "", "", "inputSubmitShort");
$strForm .= $this->objToolkit->formInputHidden("reset", "reset");
$strForm .= $this->objToolkit->formInputHidden("authcode", $this->getParam("authcode"));
$strForm .= $this->objToolkit->formInputHidden("systemid", $this->getParam("systemid"));
$strForm .= $this->objToolkit->formClose();
$arrTemplate["form"] = $strForm;
$arrTemplate["loginTitle"] = $this->getLang("login_loginTitle", "user");
$arrTemplate["loginJsInfo"] = $this->getLang("login_loginJsInfo", "user");
$arrTemplate["loginCookiesInfo"] = $this->getLang("login_loginCookiesInfo", "user");
//An error occurred?
if ($this->getParam("loginerror") == 1) {
$arrTemplate["error"] = $this->getLang("login_loginError", "user");
}
$strReturn = $this->objTemplate->fillTemplate($arrTemplate, $strTemplateID);
} else {
//check the submitted passwords.
$strPass1 = trim($this->getParam("password1"));
$strPass2 = trim($this->getParam("password2"));
if ($strPass1 == $strPass2 && checkText($strPass1, 3, 200) && $objUser->getStrUsername() == $this->getParam("username")) {
if ($objUser->getObjSourceUser()->isPasswordResettable() && method_exists($objUser->getObjSourceUser(), "setStrPass")) {
$objUser->getObjSourceUser()->setStrPass($strPass1);
$objUser->getObjSourceUser()->updateObjectToDb();
}
$objUser->setStrAuthcode("");
$objUser->updateObjectToDb();
class_logger::getInstance()->addLogRow("changed password of user " . $objUser->getStrUsername(), class_logger::$levelInfo);
$strReturn .= $this->getLang("login_change_success", "user");
} else {
$strReturn .= $this->getLang("login_change_error", "user");
}
}
} else {
$strReturn .= $this->getLang("login_change_error", "user");
}
return $strReturn;
}
/**
* Validates e-mail input. Method is modified based on com_contact's _validateInputs.
*
* @param String|Array $email Email address
* @param String $subject Email subject
* @param String $body Email body
* @return Boolean
* @access public
* @since 2.1
*/
function validateInputs($email, $subject, $body)
{
global $mtconf;
$document =& JFactory::getDocument();
// Prevent form submission if one of the banned text is discovered in the email field
if (false === checkText($email, $mtconf->get('banned_email'))) {
$document->setError(JText::sprintf('Mesghasbannedtext', 'Email'));
return false;
}
// Prevent form submission if one of the banned text is discovered in the subject field
if (false === checkText($subject, $mtconf->get('banned_subject'))) {
$document->setError(JText::sprintf('Mesghasbannedtext', 'Subject'));
return false;
}
// Prevent form submission if one of the banned text is discovered in the text field
if (false === checkText($body, $mtconf->get('banned_text'))) {
$document->setError(JText::sprintf('Mesghasbannedtext', 'Message'));
return false;
}
// test to ensure that only one email address is entered
if (is_string($email)) {
$check = explode('@', $email);
if (strpos($email, ';') || strpos($email, ',') || strpos($email, ' ') || count($check) > 2) {
$document->setError(JText::_('You cannot enter more than one email address', true));
return false;
}
}
return true;
}
<?php
// Zugriff einschränken
defined('ABSPATH') or die('No script kiddies please!');
// Um $wpdb nutzen zu können
global $wpdb;
$prob = sanitize_text_field($_POST["problem"]);
checkText($prob);
$opt1 = sanitize_text_field($_POST["opt1"]);
$opt2 = sanitize_text_field($_POST["opt2"]);
$opt3 = sanitize_text_field($_POST["opt3"]);
$datepicker = sanitize_text_field($_POST["datepicker"]);
$take = implode("\n", array_map('sanitize_text_field', explode("\n", $_POST['take'])));
$done = implode("\n", array_map('sanitize_text_field', explode("\n", $_POST['done'])));
$answer = implode("\n", array_map('sanitize_text_field', explode("\n", $_POST['answer'])));
$wpdb->query($wpdb->prepare("UPDATE {$wpdb->prefix}sts_options SET ts_value = CASE \n WHEN ts_option = 'problem' THEN %s\n\tWHEN ts_option = 'opt_field_1' THEN %s\n WHEN ts_option = 'opt_field_2' THEN %s\n WHEN ts_option = 'opt_field_3' THEN %s\n WHEN ts_option = 'datepicker' THEN %s\n WHEN ts_option = 'mail_take' THEN %s\n WHEN ts_option = 'mail_done' THEN %s\n WHEN ts_option = 'mail_answer' THEN %s\n\tELSE ts_value\nEND", $prob, $opt1, $opt2, $opt3, $datepicker, $take, $done, $answer));
// Check if JavaScript is manipulated
function checkText($str)
{
if (strlen(trim($str)) == 0) {
echo '<p>' . _e('Let JavaScript do what it is supposed to do!', 'simple-support-ticket-system') . '</p>';
echo '<p><form onsubmit="back();return false;"><input class="button" value="';
_e('Back', 'simple-support-ticket-system');
echo '" type="submit"></input></form></p>';
// abort script
exit;
} else {
return true;
}
}
?>
