Пример #1
0
function register()
{
    global $globals, $mysql, $theme, $done, $error;
    global $user;
    global $l;
    $theme['name'] = 'register';
    $theme['call_theme_func'] = 'register';
    loadlang();
    fheader($title = 'Registration');
    if (isset($_POST['sub_register'])) {
        // special characters, etc not allowed
        // only AlphaNumeric and _ (underscore) charachters allowed
        $username = mandff($_POST['username'], $l['user_req']);
        $password = mandff($_POST['password'], $l['pass_req']);
        $email = mandff($_POST['email'], $l['email_req']);
        $url = $_POST['url'];
        if ($error) {
            return false;
        }
        // cleanup of $_POST not happening.
        // now cleanup of POST happening
        foreach ($_POST as $k => $v) {
            $v = check_input($v);
        }
        $username = $username;
        $password = $password;
        $email = $email;
        $url = $url;
        $salt = 'abc';
        // by default the level of user & privileges are minimum, level=1
        $group = 1;
        // Password & Salt getting md5()'d
        $password = md5($password . $salt);
        $q1 = "SELECT `email` FROM `users` WHERE `email` = '{$email}'";
        $qq1 = mysql_query($q1);
        if (mysql_num_rows($qq1) > 0) {
            $error['email_exists'] = $l['email_exists'];
            return false;
        }
        // $q = "INSERT INTO `users`(`username`, `password`, `email`, `url`, `salt`) VALUES('$username', '$password', '$email', '$url', '$salt') ";
        $q[1] = "INSERT INTO `users`(`username`, `password`, `email`, `url`, `salt`, `group`) VALUES('{$username}', '{$password}', '{$email}', '{$url}', '{$salt}', '{$group}')";
        $qu[1] = mysql_query($q[1]);
        //$ins_id = mysql_insert_id($qu[1]);
        $ins_id = mysql_insert_id();
        //echo "ins_id = " . $ins_id;
        // an insert id goes in here, which becomes the user[uid]
        $q[2] = "INSERT INTO `profile` (`users_uid`) VALUES('{$ins_id}')";
        $qu[2] = mysql_query($q[2]);
        $q[3] = "INSERT INTO `ai_actions_taken` (`users_uid`) VALUES('{$ins_id}')";
        $qu[3] = mysql_query($q[3]);
        if ($qu[1]) {
            $done = true;
        } else {
            $errors = 'faltugiri';
        }
    }
}
Пример #2
0
function ban($userId = null)
{
    global $themedir, $l;
    global $globals, $mysql, $theme, $done, $errors;
    global $user, $notice, $reqPrivs;
    global $qu;
    $theme['name'] = 'bannedList';
    $theme['call_theme_func'] = 'ban';
    loadlang();
    //printrr( $reqPrivs );
    fheader('Ban/Unban');
    /*
    //if ( $notLogged )
    if ( !userUidSet() )
    {
    	$notice['login'] = "******";
    	return false;
    }
    */
    // Check this line again, y putting 0 in last?
    // $uid = ( isset($_GET['uid'] ) ? (int) check_input( $_GET['uid'] ) : 0 );
    // For banning, a user[uid] has to be present in the URL,
    // it its not, then it has to be passed in the function,
    // still if its not, then take it as null, or just return with an error[user_id_empty]
    $uid = isset($_GET['uid']) ? (int) check_input($_GET['uid']) : $userId;
    if (isset($_GET['action']) && $_GET['action'] == 'unban') {
        $q = "DELETE FROM `banned` WHERE `ban_uid`={$uid}";
        $qu = mysql_query($q);
        if ($qu) {
            $notice['unbanned'] = 'User unbanned successfully.';
        } else {
            $error['unbanning_error'] = 'Error while unbanning the user, please try again.';
        }
        return;
    }
    // $q = "SELECT * FROM `banned` b left join `users` u on b.ban_uid = u.uid";
    $q = "SELECT * FROM `banned` WHERE `ban_uid`={$uid}";
    $qu = mysql_query($q);
    // mysql num rows is zero, so user is not banned, so show ban link & ban him
    // fire an INSERT query
    if (mysql_num_rows($qu) == 0) {
        $qI1 = "INSERT INTO `banned`(`ban_uid`, `banned`) VALUES({$uid}, 1)";
        $qI1_e = db_query($qI1);
        $qU1 = "UPDATE `users` set `is_banned`=1 WHERE `uid`='{$uid}'";
        $qU1_e = db_query($qU1);
        if ($qI1_e && $qU1_e) {
            $notice['banned'] = 'User banned successfully!!!';
        } else {
            $error['cudnt_ban'] = 'Couldn\'t ban the user, please try again.';
        }
    } else {
        // user already exists in ban list, so show unban link, and unban him
        $notice['banned'] = 'User already exists in ban list!!!';
    }
}
Пример #3
0
/**
 * tarski_output_navbarinclude() - Adds $navbarInclude variable from constants.php to navbar.
 * 
 * @since 1.5
 * @param array $input
 * @global string $navbarInclude
 * @return array $navbarInclude
 */
function tarski_output_navbarinclude($navbar)
{
    global $navbarInclude;
    if (!check_input($navbar, 'array')) {
        $navbar = array();
    }
    if ($navbarInclude) {
        $navbar['navbarinclude'] = $navbarInclude;
    }
    return $navbar;
}
Пример #4
0
function ssm_send_email()
{
    add_filter('wp_mail_content_type', 'ssm_set_html_content_type');
    function ssm_set_html_content_type()
    {
        return 'text/html';
    }
    //$attachments =  array( WP_CONTENT_DIR . '/uploads/2015/07/04_The-Make-Up.mp3' );
    $headers = 'From: ' . get_option('ssm_email_newsletter_from_name') . ' <' . get_option('ssm_email_newsletter_from_email') . '>' . "\r\n";
    $to = check_input($_REQUEST['sm_email']);
    $subject = get_option('ssm_email_newsletter_subject');
    $message = get_option('ssm_email_newsletter');
    wp_mail($to, $subject, $message, $headers);
    remove_filter('wp_mail_content_type', 'ssm_set_html_content_type');
}
Пример #5
0
function lookItUp($username, $password)
{
    $con = mysql_connect("newer.cwglba5cwihw.us-east-1.rds.amazonaws.com/UserInfo", "bob", "james123");
    if (!$con) {
        die('Could not connect: ' . mysql_error());
    }
    $user = $username;
    $pwd = $password;
    // Make a safe SQL
    $user = check_input($_POST['user']);
    $pwd = check_input($_POST['pwd']);
    $sql = "SELECT * FROM users WHERE\nuser={$user} AND password={$pwd}";
    return mysql_query($sql);
    mysql_close($con);
}
Пример #6
0
 private function set_page()
 {
     if (check_input('number', $_GET['page'])) {
         if ($_GET['page'] > 0) {
             if ($_GET['page'] > $this->mPageCount) {
                 return $this->mPageCount;
             } else {
                 return $_GET['page'];
             }
         } else {
             return 1;
         }
     } else {
         return 1;
     }
 }
Пример #7
0
function permissions()
{
    global $globals, $mysql, $theme, $done, $error;
    global $user;
    global $l;
    $theme['name'] = 'permissions';
    $theme['call_theme_func'] = 'permissions';
    loadlang();
    fheader($title = 'Permissions');
    if (isset($_POST['sub_register'])) {
        $email = mandff($_POST['email'], $l['user_email_req']);
        $password = mandff($_POST['password'], $l['pass_req']);
        if ($error) {
            return false;
        }
        // cleanup of $_POST not happening.
        // now cleanup of POST happening
        foreach ($_POST as $k => $v) {
            $v = check_input($v);
        }
        $email = $email;
        $password = $password;
        $salt = 'abc';
        // Password & Salt getting md5()'d
        $password = md5($password . $salt);
        /*
         * Select only 1 column from email or username
        $q1 = "SELECT * FROM `users` WHERE 
        ( 
        ( `email` = '$email' OR username = '******' ) 
        AND 
        `password` = '$password' 
        ) ";
        */
        $q1 = "SELECT * FROM `users` WHERE \n\t\t`email` = '{$email}' AND `password` = '{$password}' \n\t\tOR \n\t\tusername = '******' AND `password` = '{$password}' \n\t\t";
        $qq1 = db_query($q1);
        if (mysql_num_rows($qq1) > 0) {
            $done = true;
            // if successful login, redirect to index.php
            header("Location: index.php");
        } else {
            $error[] = 'Username/Email not valid';
        }
    }
}
Пример #8
0
function submit_preview($subject, $abstract, $article, $section)
{
    global $allowed_html, $theme, $user;
    include "includes/story.inc";
    $output .= "<FORM ACTION=\"submit.php\" METHOD=\"post\">\n";
    $output .= "<B>" . t("Your name") . ":</B><BR>\n";
    $output .= format_username($user->userid) . "<P>";
    $output .= "<B>" . t("Subject") . ":</B><BR>\n";
    $output .= "<INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"50\" MAXLENGTH=\"60\" VALUE=\"" . check_textfield($subject) . "\"><P>\n";
    $output .= "<B>" . t("Section") . ":</B><BR>\n";
    foreach ($sections = section_get() as $value) {
        $options .= "  <OPTION VALUE=\"{$value}\"" . ($section == $value ? " SELECTED" : "") . ">{$value}</OPTION>\n";
    }
    $output .= "<SELECT NAME=\"section\">{$options}</SELECT><P>\n";
    $output .= "<B>" . t("Abstract") . ":</B><BR>\n";
    $output .= "<TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"10\" NAME=\"abstract\">" . check_textarea($abstract) . "</TEXTAREA><BR>\n";
    $output .= "<SMALL><I>" . t("Allowed HTML tags") . ": " . htmlspecialchars($allowed_html) . ".</I></SMALL><P>\n";
    $output .= "<B>" . t("Extended story") . ":</B><BR>\n";
    $output .= "<TEXTAREA WRAP=\"virtual\" COLS=\"50\" ROWS=\"15\" NAME=\"article\">" . check_textarea($article) . "</TEXTAREA><BR>\n";
    $output .= "<SMALL><I>" . t("Allowed HTML tags") . ": " . htmlspecialchars($allowed_html) . ".</I></SMALL><P>\n";
    $duplicate = db_result(db_query("SELECT COUNT(id) FROM stories WHERE subject = '" . check_input($subject) . "'"));
    if (empty($subject)) {
        $output .= "<FONT COLOR=\"red\">" . t("Warning: you did not supply a subject.") . "</FONT><P>\n";
        $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"" . t("Preview submission") . "\">\n";
    } else {
        if (empty($abstract)) {
            $output .= "<FONT COLOR=\"red\">" . t("Warning: you did not supply an abstract.") . "</FONT><P>\n";
            $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"" . t("Preview submission") . "\">\n";
        } else {
            if ($duplicate) {
                $output .= "<FONT COLOR=\"red\">" . t("Warning: there is already a story with that subject.") . "</FONT><P>\n";
                $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"" . t("Preview submission") . "\">\n";
            } else {
                $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"" . t("Preview submission") . "\">\n";
                $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"" . t("Submit submission") . "\">\n";
            }
        }
    }
    $output .= "</FORM>\n";
    $theme->header();
    $theme->story(new Story($user->userid, $subject, $abstract, $article, $section, time()), "[ " . t("reply to this story") . " ]");
    $theme->box(t("Submit a story"), $output);
    $theme->footer();
}
Пример #9
0
/**
 * implode_proper() - Implodes an array and adds a final conjuction.
 * 
 * Given the array <code>array('John', 'Paul', 'George', 'Ringo')</code> it will
 * return the string <code>'John, Paul, George and Ringo'</code>.
 * @since 2.0
 * @param $array array
 * @param $glue string
 * @param $last_connective string
 * @return string
 */
function implode_proper($array, $glue = NULL, $last_connective = NULL)
{
    if (!check_input($array, 'array') || count($array) == 0) {
        return;
    }
    if ($glue == NULL) {
        $glue = __(', ', 'tarski');
    }
    if ($last_connective == NULL) {
        $last_connective = __('and', 'tarski');
    }
    $last_value = array_pop($array);
    if (count($array)) {
        $output = implode($glue, $array) . " {$last_connective} {$last_value}";
    } else {
        $output = $last_value;
    }
    return $output;
}
Пример #10
0
function viewProfile()
{
    global $themedir;
    global $globals, $mysql, $theme, $done, $errors, $notice;
    global $l;
    global $time;
    global $user, $reqPrivs;
    global $q, $qu;
    $theme['name'] = 'viewProfile';
    $theme['call_theme_func'] = 'viewProfile';
    loadlang();
    // fheader($title = 'View Profile');
    fheader("View Profile");
    // if NOT logged in, then redirect to "index.php?action=login" , ONLY for the moment
    // if from Admin Board Settings table, loginReq column is 1, then, login is required to view
    // so redirect him to login page
    if ($reqPrivs['board']['loginReq']) {
        if (!userUidSet()) {
            redirect("{$globals['boardurl']}{$globals['only_ind']}action=login");
        }
    }
    // Base64encode for everything coming from URL
    // Checking input, checking everything coming from $_GET url,
    // sanitizing it, and casting it into an (int) datatype
    $uid = isset($_GET["uid"]) ? (int) check_input($_GET["uid"]) : $user["uid"];
    // Add if $user['uid'] != $_GET['uid'] , then, see if he is Admin or Editor
    // Else, Not allowed to access this area, permission denied & return false
    // ---Permission stuff here---
    // or probably uid=$_GET[id] to see other's profile
    // $q  = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON u.uid=p.users_uid WHERE `users_uid`=$uid";
    // Working
    // $q  = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON u.uid=p.users_uid WHERE `u`.`uid`=$uid";
    $qu = array();
    // $q  = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON `u`.`uid`=`p`.`users_uid` JOIN `banned` `b` on `u`.`uid`=`b`.`ban_uid` WHERE `u`.`uid`=$uid";
    $q1 = "SELECT * FROM `users` `u` RIGHT JOIN `profile` `p` ON `u`.`uid`=`p`.`users_uid` WHERE `u`.`uid`={$uid}";
    // JOIN `banned` `b` on `u`.`uid`=`b`.`ban_uid`
    $qu[1] = db_query($q1);
    $q2 = "SELECT * FROM `banned` `b` WHERE  `ban_uid`={$uid}";
    $qu[2] = db_query($q2);
}
Пример #11
0
function func_add_student($login, $option, $db)
{
    $col_students = $db->students;
    if ($login == "") {
        echo "Usage: ./etna_movies.php add_student <login_l>\n";
    } else {
        if ($col_students->find(array('login' => $login))->count() == 0) {
            $nom = my_readline("Name ?\n> ");
            $age = my_readline("Age ?\n> ");
            $email = my_readline("Email ?\n> ");
            $phone = my_readline("Phone number ?\n> ");
            if (check_input($login, $nom, $age, $email, $phone)) {
                $student = array("login" => $login, "name" => $nom, "age" => $age, "email" => $email, "phone" => $phone, "rented_movies" => []);
                $col_students->insert($student);
                echo "User registered !\n";
            } else {
                echo "Incorrect input\n";
            }
        } else {
            echo "Login already used\n";
        }
    }
}
Пример #12
0
function ad_request($data)
{
    global $request_settings;
    prepare_r_hash();
    if (!isset($data['rt'])) {
        $data['rt'] = '';
    }
    if (isset($data['p'])) {
        $request_settings['referer'] = $data['p'];
    } else {
        $request_settings['referer'] = '';
    }
    if (isset($data['longitude'])) {
        $request_settings['longitude'] = $data['longitude'];
    } else {
        $request_settings['longitude'] = '';
    }
    if (isset($data['latitude'])) {
        $request_settings['latitude'] = $data['latitude'];
    } else {
        $request_settings['latitude'] = '';
    }
    if (isset($data['iphone_osversion'])) {
        $request_settings['iphone_osversion'] = $data['iphone_osversion'];
    }
    if (!isset($data['sdk']) or $data['sdk'] != 'banner' && $data['sdk'] != 'vad') {
        $request_settings['sdk'] = 'banner';
    } else {
        $request_settings['sdk'] = $data['sdk'];
    }
    /*Identify Response Type*/
    switch ($data['rt']) {
        case 'javascript':
            $request_settings['response_type'] = 'json';
            $request_settings['ip_origin'] = 'fetch';
            break;
        case 'json':
            $request_settings['response_type'] = 'json';
            $request_settings['ip_origin'] = 'fetch';
            break;
        case 'iphone_app':
            $request_settings['response_type'] = 'xml';
            $request_settings['ip_origin'] = 'fetch';
            break;
        case 'android_app':
            $request_settings['response_type'] = 'xml';
            $request_settings['ip_origin'] = 'fetch';
            break;
        case 'ios_app':
            $request_settings['response_type'] = 'xml';
            $request_settings['ip_origin'] = 'fetch';
            break;
        case 'ipad_app':
            $request_settings['response_type'] = 'xml';
            $request_settings['ip_origin'] = 'fetch';
            break;
        case 'xml':
            $request_settings['response_type'] = 'xml';
            $request_settings['ip_origin'] = 'request';
            break;
        case 'api':
            $request_settings['response_type'] = 'xml';
            $request_settings['ip_origin'] = 'request';
            break;
        case 'api-fetchip':
            $request_settings['response_type'] = 'xml';
            $request_settings['ip_origin'] = 'fetch';
            break;
        default:
            $request_settings['response_type'] = 'html';
            $request_settings['ip_origin'] = 'request';
            break;
    }
    if (MAD_MAINTENANCE) {
        noad();
    }
    if (!check_input($data)) {
        global $errormessage;
        print_error(1, $errormessage, $request_settings['sdk'], 1);
        return false;
    }
    global $zone_detail;
    $zone_detail = get_placement($data);
    if (!$zone_detail) {
        global $errormessage;
        print_error(1, $errormessage, $request_settings['sdk'], 1);
        return false;
    }
    $request_settings['adspace_width'] = $zone_detail['zone_width'];
    $request_settings['adspace_height'] = $zone_detail['zone_height'];
    $request_settings['channel'] = getchannel();
    update_last_request();
    set_geo($request_settings['ip_address']);
    set_device($request_settings['user_agent']);
    build_query();
    if ($campaign_query_result = launch_campaign_query($request_settings['campaign_query'])) {
        if (!process_campaignquery_result($campaign_query_result)) {
            launch_backfill();
        }
    } else {
        launch_backfill();
    }
    global $display_ad;
    if (isset($display_ad['available']) && $display_ad['available'] == 1) {
        track_request(1);
        display_ad();
    } else {
        track_request(0);
        noad();
    }
}
Пример #13
0
        return false;
    }
    return true;
}
function check_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
if (isset($_POST['submit'])) {
    if (verifyFormToken('form1')) {
        $name = check_input($_POST["name"]);
        $email = check_input($_POST["emailaddress"]);
        $message = check_input($_POST["message"]);
        $ForwardTo = '*****@*****.**';
        $details = 'Name: ' . $name . "\n" . 'Email: ' . $email . "\n" . 'Message: ' . $message . "\n";
        $data['success'] = true;
        $data['message'] = 'Success!';
        mail($ForwardTo, "Construction of Hope Contact", $details, "From:{$email}");
    } else {
        $data['success'] = false;
        $data['errors'] = $errors;
    }
    exit('
      <body>

    <div class="modal fade" tabindex="-1" role="dialog">
  <div class="modal-dialog">
    <div class="modal-content" style="top:4em">
Пример #14
0
        return $error;
    }
    if ($password_new != $password_conf) {
        $error = "<font color=\"red\">The passwords don't match!</font>";
        return $error;
    }
    if (!check_password($password_new) && $_COOKIE["security_level"] == "2") {
        $error = "<font color=\"red\">The new password is not valid!<br />Password policy: minimum 6 characters containing at least one uppercase letter, lowercase letter and number.";
        return $error;
    }
    return $error;
}
if (isset($_POST["action"])) {
    $password_new = $_REQUEST["password_new"];
    $password_conf = $_REQUEST["password_conf"];
    $message = check_input($password_new, $password_conf);
    // Debugging
    // echo "I was here!";
    if (!$message) {
        $login = $_SESSION["login"];
        $password_new = mysqli_real_escape_string($link, $password_new);
        $password_new = hash("sha1", $password_new, false);
        $password_curr = $_REQUEST["password_curr"];
        $password_curr = mysqli_real_escape_string($link, $password_curr);
        $password_curr = hash("sha1", $password_curr, false);
        $sql = "SELECT password FROM users WHERE login = '******' AND password = '******'";
        // Debugging
        // echo $sql;
        $recordset = $link->query($sql);
        if (!$recordset) {
            die("Error: " . $link->error);
Пример #15
0
$page_type = "website";
// website or blog *トップページのみ記述
$page_ogimage = "";
// og:imageを個別に設定する場合パスを記述
function check_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
$name = check_input($_POST["name"]);
$tel = check_input($_POST["tel"]);
$email = check_input($_POST["email"]);
$company = check_input($_POST["company"]);
$text = check_input($_POST["text"]);
//入力チェック
$errormsg = array();
//名前
if ($name == null) {
    $errormsg[] = "NAMEを入力してください。";
}
if ($email == null) {
    $errormsg[] = "E-MAILを入力してください。";
}
$ret = preg_match("/^[a-zA-Z0-9_\\.\\-]+?@[A-Za-z0-9_\\.\\-]+\$/", $email);
if (!$ret) {
    $errormsg[] = "E-MAILを正しい形式で入力して下さい。";
}
//内容
if ($text == null) {
Пример #16
0
<?php

/* Set e-mail recipient */
$myemail = "*****@*****.**";
/* Check all form inputs using check_input function */
$name = check_input($_POST['inputName'], "Your Name");
$email = check_input($_POST['inputEmail'], "Your E-mail Address");
$subject = check_input($_POST['inputSubject'], "Message Subject");
$message = check_input($_POST['inputMessage'], "Your Message");
/* If e-mail is not valid show error message */
if (!preg_match("/([\\w\\-]+\\@[\\w\\-]+\\.[\\w\\-]+)/", $email)) {
    show_error("Invalid e-mail address");
}
/* Let's prepare the message for the e-mail */
$subject = "Someone has sent you a message";
$message = "\n\nRomex Construction: You have received a new message \n\nName: {$name}\nEmail: {$email}\nSubject: {$subject}\n\nMessage:\n{$message}\n\n";
/* Send the message using mail() function */
mail($myemail, $subject, $message);
/* Redirect visitor to the thank you page */
header('Location: http://romexconstruction.com');
exit;
/* Functions we used */
function check_input($data, $problem = '')
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    if ($problem && strlen($data) == 0) {
        show_error($problem);
    }
    return $data;
            $errmsg .= 'Please enter Valid ProductID<br>';
        }
        if ($errmsg == '') {
            function check_input($data)
            {
                $data = trim($data);
                $data = stripslashes($data);
                $data = htmlspecialchars($data);
                $data = mysql_real_escape_string($data);
                return $data;
            }
            $Productid = check_input($_POST['Productid']);
            $Product_name = check_input($_POST['Product_name']);
            $Product_type = check_input($_POST['Product_type']);
            $Product_price = check_input($_POST['Product_price']);
            $Product_description = check_input($_POST['Product_description']);
            $Productobj = new Product();
            if ($Productobj->update_product($Productid, $Product_name, $Product_type, $Product_price, $Product_description)) {
                $msg .= 'Product Details successfully updated.<br>';
            } else {
                $errmsg .= '!Opps Some thing went wrong.<br>';
            }
        }
    }
}
include_once "../../includes/dbclose.inc.php";
?>

<?php 
require_once "../layouts/user_header.php";
?>
            $errmsg .= 'Please enter Valid CampaignID<br>';
        }
        if ($errmsg == '') {
            function check_input($data)
            {
                $data = trim($data);
                $data = stripslashes($data);
                $data = htmlspecialchars($data);
                $data = mysql_real_escape_string($data);
                return $data;
            }
            $Campaignid = check_input($_POST['Campaignid']);
            $Campaign_name = check_input($_POST['Campaign_name']);
            $Campaign_type = check_input($_POST['Campaign_type']);
            $Campaign_budget = check_input($_POST['Campaign_budget']);
            $Campaign_description = check_input($_POST['Campaign_description']);
            $Campaignobj = new Campaign();
            if ($Campaignobj->delete_Campaign($Campaignid, $Campaign_name, $Campaign_type, $Campaign_budget, $Campaign_description)) {
                $msg .= 'Campaign Details successfully Deleted.<br>';
                $Campaignid = "";
                $Campaign_name = "";
                $Campaign_type = "";
                $Campaign_budget = "";
                $Campaign_description = "";
            } else {
                $errmsg .= '!Opps Some thing went wrong.<br>';
            }
        }
    }
}
include_once "../../includes/dbclose.inc.php";
Пример #19
0
} else {
    $postuname = addslashes(trim($_POST['uname']));
    $postupwd = addslashes(trim($_POST['upwd']));
    $postuemail = addslashes(trim($_POST['uemail']));
}
function check_input($value)
{
    // 如果不是数字则加引号
    if (!is_numeric($value)) {
        $value = mysql_real_escape_string($value);
    }
    return $value;
}
$postuname = check_input($postuname);
$postupwd = check_input($postupwd);
$postuemail = check_input($postuemail);
$sql = "insert into user(uname,upwd,uemail,activekey,regdate)values('" . $postuname . "','" . md5($postupwd) . "','" . $postuemail . "','" . $key . "','" . time() . "')";
$num = $conne->uidRst($sql);
if ($num == 1) {
    //插入成功时发送邮件
    //用户激活链接
    $url = 'http://' . $_SERVER['HTTP_HOST'] . '/activation.php';
    //urlencode函数转换url中的中文编码
    //带反斜杠
    $url .= '?name=' . urlencode($postuname) . '&k=' . $key;
    //定义登录使用的邮箱
    $envelope = '*****@*****.**';
    $password = '******';
    $port = 25;
    $auth = 'login';
    $smtp = 'smtp.126.com';
Пример #20
0
function handle_bind_account($PARAMS)
{
    $device = @$PARAMS['device'];
    $platform = @$PARAMS['plat'];
    $caption = @$PARAMS['cap'];
    $username = check_input(@$PARAMS['user']);
    $nickname = check_input(@$PARAMS['nick']);
    $cap_view = make_capview($username, $nickname, $caption);
    /********************************
    	判断新收到的账户,是否应该被收录	
    	********************************/
    if (empty($username) && empty($nickname)) {
        omp_trace($PARAMS);
        return return_bind(array('status' => 'error'));
    }
    if (count($username) > 100 || count($nickname) > 100) {
        omp_trace('username or nickname too long');
        return return_bind(array('status' => 'error'));
    }
    $platform_list = mmc_array_keys(NS_BINDING_LIST);
    if (!in_array($platform, $platform_list)) {
        mmc_array_set(NS_BINDING_LIST, $platform, $caption);
    }
    $ns_bind_list = NS_BINDING_LIST . $platform;
    $bind_info = mmc_array_get($ns_bind_list, $device);
    omp_trace($bind_info);
    $changed = false;
    if ($bind_info) {
        if ($username) {
            if ($bind_info['username'] != $username) {
                $bind_info['username'] = $username;
                $changed = true;
            }
        }
        if ($nickname) {
            if ($bind_info['nickname'] != $nickname) {
                $bind_info['nickname'] = $nickname;
                $changed = true;
            }
        }
    } else {
        $bind_info = array();
        $bind_info['username'] = $username;
        $bind_info['nickname'] = $nickname;
        $changed = true;
    }
    $mem = api_open_mmc();
    if (!$changed) {
        omp_trace('not changed');
        //绑定信息没有改变的时候,确定绑定显示列表是正常输出的
        if ($binded_list = $mem->ns_get(NS_BINDED_CAPTION, $device)) {
            if (in_array($cap_view, $binded_list)) {
                omp_trace($cap_view . ' in binded_list');
                omp_trace($binded_list);
                return return_bind(array('status' => 'ok'));
            } else {
                omp_trace('but binbed capview missed');
            }
        } else {
            omp_trace('but binbed capview error');
        }
    }
    /********************************
    		记录绑定的账户
    	********************************/
    //1、收录绑定信息
    if (mmc_array_set($ns_bind_list, $device, $bind_info) > 0) {
        $caption && mmc_array_caption($ns_bind_list, $caption);
        omp_trace('update caption: ' . $caption);
    }
    //2、制作绑定账户的标识列表
    $new_key = md5($caption . '@' . $platform . '@' . $device);
    $new_val = md5($username . '(' . $nickname . ')@' . $device);
    $changed = false;
    if ($binded_list = $mem->ns_get(NS_BINDED_LIST, $device)) {
        if ($binded_list[$new_key] !== $new_val) {
            $binded_list[$new_key] = $new_val;
            $changed = true;
        }
    } else {
        $binded_list[$new_key] = $new_val;
        $changed = true;
    }
    //更新绑定账户标记列表
    if ($changed) {
        $mem->ns_set(NS_BINDED_LIST, $device, $binded_list);
        omp_trace('update bind md5 info: ' . json_encode($binded_list));
    }
    //3、制作绑定账户显示列表
    if ($bind_account = $mem->ns_get(NS_BINDED_CAPTION, $device)) {
        if (!in_array($cap_view, $bind_account)) {
            $bind_account[] = $cap_view;
            $mem->ns_set(NS_BINDED_CAPTION, $device, $bind_account);
            omp_trace('set account info ok: ' . json_encode($bind_account));
        }
    } else {
        $mem->ns_set(NS_BINDED_CAPTION, $device, array($cap_view));
        omp_trace('set 1st account info ok: ' . $cap_view);
    }
    /********************************
    	异步通知第三方代码
    	********************************/
    $bind_info['device'] = $device;
    $bind_info['platform'] = $platform;
    $bind_info['caption'] = $caption;
    counter(COUNT_ON_BINDING);
    call_async_php('/on_account_binding.php', $bind_info);
    return return_bind(array('status' => 'ok'));
}
Пример #21
0
$resp = null;
# the error code from reCAPTCHA, if any
$error = null;
# was there a reCAPTCHA response?
if ($_POST["recaptcha_response_field"]) {
    $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
    if ($resp->is_valid) {
        if (isset($_POST['uname'])) {
            $msg = "";
            if ($_POST['uname'] == "") {
                $msg .= "<br />User Name cannot be left empty!<br />";
            }
            if ($_POST['pass'] == "") {
                $msg .= "<br />Password cannot be left empty!<br />";
            } else {
                $po_uname = check_input($_POST['uname']);
                $po_pass = md5($_POST['pass']);
                $query = sprintf("select * from users where username='******' and password='******'");
                $result = mysql_query($query);
                //	print_r($query);
                if (mysql_num_rows($result) == 0) {
                    $msg .= "Wrong login details entered!";
                    @mysql_close();
                } else {
                    while ($row = mysql_fetch_assoc($result)) {
                        $auth_id = $row['userid'];
                        $auth_gid = $row['usergid'];
                        $auth_name = $row['username'];
                        $auth_pass = $row['password'];
                        $auth_status = $row['status'];
                    }
Пример #22
0
/**
 * wrap_navlist() - Wraps the Tarski navbar in an unordered list element.
 * 
 * Unlike other navbar filters, wrap_navlist() doesn't make $navbar an array
 * if it isn't one, since that would result in it outputting an empty
 * unordered list. Instead, it simply returns false.
 * @since 2.0
 * @see tarski_navbar()
 * @param string $navbar
 * @return string $navbar
 */
function wrap_navlist($navbar)
{
    if (check_input($navbar, 'array')) {
        array_unshift($navbar, '<ul class="primary xoxo">');
        array_push($navbar, '</ul>');
        return $navbar;
    } else {
        return false;
    }
}
Пример #23
0
 /**
  * 修改数据,参数为必须
  * @param string|array $data
  * @param string $where WHERE 条件以及后续语句
  * @return bool $q 只有语句执行成功就返回 true
  */
 public function update($data = array(), $where = null, $tb_name = null)
 {
     if (!$tb_name) {
         show_error('empty table name');
         return false;
     }
     $sql = '';
     $q = false;
     $sqlwhere = ' WHERE ' . trim($where);
     $update_data = '';
     if (is_array($data)) {
         foreach ($data as $k => $v) {
             $update_data .= ", `{$k}` = " . check_input($v);
         }
     } else {
         $update_data = $data;
     }
     $update_data = trim($update_data, ', ');
     $sql = 'UPDATE `' . $tb_name . '` SET ' . $update_data . $sqlwhere;
     if (!is_null($where)) {
         $q = $this->query($sql);
     } else {
         show_error("sql error: {$sql}");
     }
     return $q;
 }
Пример #24
0
<?php

$myemail = '*****@*****.**';
//$myemail  = '*****@*****.**';
/* Check all form inputs using check_input function */
if (!check_input($_POST['name']) || !check_input($_POST['email']) || !check_input($_POST['tel']) || !check_input($_POST['text']) || !check_input($_POST['contact'])) {
    echo json_encode(array('success' => 'false', 'msg' => 'Bitte überprüfen Sie Ihre Eingaben!'));
    exit;
}
$name = check_input($_POST['name']);
$email = check_input($_POST['email']);
$Telefon = check_input($_POST['tel']);
$Kommentar = check_input($_POST['text']);
$contact = check_input($_POST['contact']);
$subject = "Kontaktanfrage Wellness Oase";
$message = "\nEine neue Kontaktanfrage wurde auf www.wellnessaufruegen.de abgeschickt:\n\n\nName: {$name}\nE-mail: {$email}\nTelefon: {$Telefon}\n\nKontakt über: {$contact}\n\nKommentar:\n{$Kommentar}\n\n\n-----------------------------------------------------------------------------\nBitte nicht auf diese Mail antworten - sie wurde automatisch generiert!\n-----------------------------------------------------------------------------\n";
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/plain; charset=UTF-8' . "\r\n";
$headers .= 'From: wellnessaufruegen.de Webmailer' . "\r\n";
/* Send the message using mail() function */
mail($myemail, $subject, $message, $headers);
echo json_encode(array('success' => 'true', 'msg' => 'Erfolgreich abgesendet!'));
exit;
/* Functions we used */
function check_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    if (!$data || strlen($data) == 0) {
        return false;
Пример #25
0
<?php

/* Set e-mail recipient */
$myemail = "*****@*****.**";
/* Check all form inputs using check_input function */
$full_name = check_input($_POST['full_name'], "Enter your full name (first and last)");
$email = check_input($_POST['email']);
$telephone = check_input($_POST['telephone'], "Enter your telephone number");
$comments = check_input($_POST['comments'], "Write your message");
$subject = "crg.io email inquiry";
/* If e-mail is not valid show error message */
if (!preg_match("/([\\w\\-]+\\@[\\w\\-]+\\.[\\w\\-]+)/", $email)) {
    show_error("E-mail address not valid");
}
/* Let's prepare the message for the e-mail */
$comments = "\nName: {$full_name}\nE-mail: {$email}\nTelephone: {$telephone}\nComments: {$comments}\n";
/* Send the message using mail() function */
mail('*****@*****.**', $subject, $telephone, $comments);
/* Redirect visitor to the thank you page */
header('Location: thanks.php');
exit;
/* Functions we used */
function check_input($data, $problem = '')
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    if ($problem && strlen($data) == 0) {
        show_error($problem);
    }
    return $data;
Пример #26
0
Файл: params.php Проект: rjha/sc
check_input($number, $qparams, 1, 1, "before");
$number++;
#5
$qparams = array("gpage" => "-123");
check_input($number, $qparams, 1, 1, "before");
$number++;
#6
$qparams = array("gpage" => "2", "gpa" => "0");
check_input($number, $qparams, 2, 0, "after");
$number++;
#7
$qparams = array("gpage" => "2", "gpa" => "\$#@");
check_input($number, $qparams, 2, 0, "after");
$number++;
#8
$qparams = array("gpage" => "2", "gpa" => 2, "gpb" => 2);
check_input($number, $qparams, 2, 2, "before");
$number++;
#9
$qparams = array("gpage" => "2", "gpa" => 2, "gpb" => "0");
check_input($number, $qparams, 2, 0, "before");
$number++;
#10
$qparams = array("gpage" => "2", "gpa" => 2, "gpb" => "@#@@@\$");
check_input($number, $qparams, 2, 0, "before");
$number++;
#11
$qparams = array("gpage" => "2", "gpa" => 2, "gpb" => "  ");
check_input($number, $qparams, 2, 2, "after");
$number++;
printf("  *** Testing over *** \n\n");
Пример #27
0
<?php

//Connect to database
require "sqlconnect.php";
//Check for updated information form submit; if true, update happens, else form is displayed
if (!empty($_POST)) {
    $username = check_input($_POST['username']);
    //Check user exists
    $query = "\n            SELECT *\n            FROM users\n            WHERE\n                username = :username\n        ";
    //Search parameter
    $query_params = array(':username' => $username);
    try {
        //Execute query
        $stmt = $db->prepare($query);
        $result = $stmt->execute($query_params);
    } catch (PDOException $ex) {
        print_r($db->errorInfo());
        echo "<P>";
        print_r($stmt->errorInfo());
        die("Failed to run user existence check.");
    }
    //Retrieve username from 'users' table.
    $row = $stmt->fetch();
    if ($row) {
        $tempPass = uniqid();
        $sender = "*****@*****.**";
        $recipient = $row['email'];
        $subject = "Temporary Password";
        $message = "Here is your temporary password: "******"From: " . $sender;
        mail($recipient, $subject, $message);
Пример #28
0
        $value = "'" . mysql_real_escape_string($value) . "'";
    } else {
        $value = intval($value);
    }
    return $value;
}
$uagent = $_SERVER['HTTP_REFERER'];
$IP = $_SERVER['REMOTE_ADDR'];
echo "<br>";
echo 'Your IP ADDRESS is: ' . $IP;
echo "<br>";
//echo 'Your User Agent is: ' .$uagent;
// take the variables
if (isset($_POST['uname']) && isset($_POST['passwd'])) {
    $uname = check_input($_POST['uname']);
    $passwd = check_input($_POST['passwd']);
    /*
    echo 'Your Your User name:'. $uname;
    echo "<br>";
    echo 'Your Password:'******'Your User Agent String:'. $uagent;
    echo "<br>";
    echo 'Your User Agent String:'. $IP;
    */
    //logging the connection parameters to a file for analysis.
    $fp = fopen('result.txt', 'a');
    fwrite($fp, 'Referer:' . $uname . "\n");
    fclose($fp);
    $sql = "SELECT  users.username, users.password FROM users WHERE users.username={$uname} and users.password={$passwd} ORDER BY users.id DESC LIMIT 0,1";
    $result1 = mysql_query($sql);
Пример #29
0
 $State = check_input($_POST['State']);
 $ZIP = check_input($_POST['ZIP']);
 $Country = check_input($_POST['Country']);
 $Email = check_input($_POST['Email']);
 $Telephone = check_input($_POST['Telephone']);
 $Ext = check_input($_POST['Ext']);
 $Fax = check_input($_POST['Fax']);
 $Birthdate = check_input($_POST['Birthdate']);
 $Gender = check_input($_POST['Gender']);
 $IsSubmission = check_input($_POST['IsSubmission']);
 $PaperTitle = check_input($_POST['PaperTitle']);
 $PaperSession = check_input($_POST['PaperSession']);
 $IsExhibition = check_input($_POST['IsExhibition']);
 $Passport = check_input($_POST['Passport']);
 $CountryPassport = check_input($_POST['CountryPassport']);
 $StayTime = check_input($_POST['StayTime']);
 if (!mysql_query("delete from InvitationLetter_table where \n\t\t  FirstName='{$_POST['FirstName']}' and \n\t\t  FamilyName='{$_POST['FamilyName']}' and\n\t\t  Company='{$_POST['Company']}'", $con)) {
     echo "<script>\n\t\t\t  alert('Failed to connect to server. Pleas submit again later.');\n\t\t\t  </script>";
     die('Could not connect: ' . mysql_error());
 } else {
     if (!mysql_query("insert into InvitationLetter_table \n\t\t  (\n\t\t\t  FirstName,\n\t\t\t  FamilyName,\n\t\t\t  Name,\n\t\t\t  Title,\n\t\t\t  Company,\n\t\t\t  Address,\n\t\t\t  AddressC,\n\t\t\t  City,\n\t\t\t  State,\n\t\t\t  ZIP,\n\t\t\t  Country,\n\t\t\t  Email,\n\t\t\t  Telephone,\n\t\t\t  Ext,\n\t\t\t  Fax,\n\t\t\t  Birthdate,\n\t\t\t  Gender,\n\t\t\t  IsSubmission,\n\t\t\t  PaperTitle,\n\t\t\t  PaperSession,\n\t\t\t  IsExhibition,\n\t\t\t  Passport,\n\t\t\t  CountryPassport,\n\t\t\t  StayTime\n\t\t   )\n\t\t   values\n\t\t   (\n\t\t\t  {$FirstName},\n\t\t\t  {$FamilyName},\n\t\t\t  {$Name},\n\t\t\t  {$Title},\n\t\t\t  {$Company},\n\t\t\t  {$Address},\n\t\t\t  {$AddressC},\n\t\t\t  {$City},\n\t\t\t  {$State},\n\t\t\t  {$ZIP},\n\t\t\t  {$Country},\n\t\t\t  {$Email},\n\t\t\t  {$Telephone},\n\t\t\t  {$Ext},\n\t\t\t  {$Fax},\n\t\t\t  STR_TO_DATE({$Birthdate},'%m/%d/%Y'),\n\t\t\t  {$Gender},\n\t\t\t  {$IsSubmission},\n\t\t\t  {$PaperTitle},\n\t\t\t  {$PaperSession},\n\t\t\t  {$IsExhibition},\n\t\t\t  {$Passport},\n\t\t\t  {$CountryPassport},\n\t\t\t  {$StayTime}\n\t\t   )\n\t\t   ", $con)) {
         echo "<script>\n\t\t\t  alert('Failed to connect to server. Pleas submit again later.');\n\t\t\t  </script>";
         die('Could not connect: ' . mysql_error());
     } else {
         require "back-end/getword.php";
         echo "<script>\n\t\t\t  alert('Thank you for submitting your information! The Invitation letter will be sent before soon.');\n\t\t\t  </script>";
         $FirstName = $_POST['FirstName'];
         $FamilyName = $_POST['FamilyName'];
         $Name = $FirstName . " " . $FamilyName;
         $Title = $_POST['Title'];
         $Company = $_POST['Company'];
Пример #30
0
    $details['email'] = $THEUSER->email();
} else {
    $details["email"] = trim(get_http_var("email"));
}
// MJ OA_437 add reccomend arg to indicate this alert is by way of a recommendation
$details['recommended'] = trim(get_http_var("r"));
$details['keyword'] = trim(get_http_var("keyword"));
$details['pid'] = trim(get_http_var("pid"));
if ($details['pid'] == 'Any') {
    $details['pid'] = '';
}
// Check the input.
// If there are any errors with the submission, $errors (an array)
// will have elements. The keys will be the name of form elements,
// and the values will be text to display when we show the form again.
$errors = check_input($details);
if (!sizeof($errors) && (get_http_var('submitted') && ($details['keyword'] || $details['pid']) || get_http_var('only') && ($details['keyword'] || $details['pid']) || $details['keyword'] && $details['pid'])) {
    add_alert($details);
} else {
    $PAGE->page_start();
    $PAGE->stripe_start();
    $PAGE->block_start(array('id' => 'alerts', 'title' => 'Request an OpenAustralia.org Email Alert'));
    display_form($details, $errors);
    $PAGE->block_end();
    $end = array();
    if (!get_http_var('only') || !$details['pid'] || $details['keyword']) {
        $end[] = array('type' => 'include', 'content' => 'search');
    }
    $PAGE->stripe_end($end);
    $PAGE->page_end();
}