Пример #1
0
/**
* Functions for checking if user exists
*/
function checkingIfUserExists()
{
    include_once 'validate.php';
    include_once 'functions.php';
    if (isset($_POST['email']) && isset($_POST['password'])) {
        $email = cleanInput($_POST['email']);
        $password = cleanInput($_POST['password']);
    }
    if (empty($email) || empty($password)) {
        echo "All fields are required. Please fill in all the fields.";
        exit;
    } else {
        /*checking correctness of form input*/
        $email = filter_var($email, FILTER_SANITIZE_EMAIL);
        if (validateEmail($email) == false) {
            echo "E-mail should be in the format of name@example.com";
            exit;
        }
        if (validateLength($password, 6) == false) {
            echo "Password should contain not less than 6 symbols";
            exit;
        }
        //$password_hash=password_hash($password, PASSWORD_DEFAULT); //PHP 5 >= 5.5.0
        $password_hash = md5($password);
        /*checking if user already exists*/
        if (checkLoggedUserInFile($email, $password_hash) == true) {
            //echo "Hello! You have logged in as ".$_SESSION['user_name'].".";
            header('Location:products.php');
            exit;
        } else {
            echo "No such user, or wrong password.<br>";
            //exit;
        }
    }
}
Пример #2
0
 private function insertValue($key, $value)
 {
     // insert $value into $foundValues
     if ($this->cleanInput == true) {
         $this->foundValues[$key] = cleanInput($value);
     } else {
         $this->foundValues[$key] = $value;
     }
 }
Пример #3
0
function getVar($var) {
	$return = 0;
	
	if(isset($_GET[$var]))
		$return = cleanInput($_GET[$var]);
		
	if(isset($_POST[$var]))
		$return = cleanInput($_POST[$var]);
		
	return $return;
}
Пример #4
0
	function sanitize($input) {
		if (is_array($input)) {
			foreach($input as $var=>$val) {
				$output[$var] = sanitize($val);
			}
		} else {
			if (get_magic_quotes_gpc()) {
				$input = stripslashes($input);
			}
			$input  = cleanInput($input);
			$output = mysql_real_escape_string($input);
		}
		return $output;
	}
Пример #5
0
/**
 * Second half of the sanitize function
 * This one stripslashes() and escapes the input
 * 
 * @param type $input
 * @return type
 */
function sanitize($input)
{
    if (is_array($input)) {
        foreach ($input as $var => $val) {
            $output[$var] = $this->sanitize($val);
        }
    } else {
        if (get_magic_quotes_gpc()) {
            $input = stripslashes($input);
        }
        $output = cleanInput($input);
    }
    return $output;
}
Пример #6
0
 public function check_userid()
 {
     if (isAjaX()) {
         $data = array();
         $username = cleanInput($_POST['userid']);
         if (checkVar($username) && !$this->model->username_exists($username)) {
             $data['result'] = "<div class='message success'>Great! You found a username not in use</div>";
             $data['inuse'] = TRUE;
         } else {
             $data['result'] = "<div class='message warning'>That username is already in use. (Usernames take 2 minutes without use to expire)</div>";
             $data['inuse'] = FALSE;
         }
         $this->view->json($data);
     }
 }
Пример #7
0
function sanitize($input)
{
    $invalid_characters = array("\$", "1À", "1'", "=", "!", "%", "#", "<", ">", "[", "]", "{", "}", "/", "'", ";", ",", "|");
    if (is_array($input)) {
        foreach ($input as $var => $val) {
            $output[$var] = sanitize($val);
        }
    } else {
        if (get_magic_quotes_gpc()) {
            $input = stripslashes($input);
        }
        $input = cleanInput($input);
        $output = str_ireplace($invalid_characters, '', $input);
    }
    return $output;
}
Пример #8
0
function sanitize($input)
{
    if (is_array($input)) {
        foreach ($input as $var => $val) {
            $output[$var] = sanitize($val);
        }
    } else {
        if (get_magic_quotes_gpc()) {
            $input = stripslashes($input);
        }
        $input = cleanInput($input);
        $link = mysqli_connect('localhost', 'root', '8PaHucre');
        $output = $link->real_escape_string($input);
    }
    return $output;
}
Пример #9
0
function sanitize($input)
{
    if (is_array($input)) {
        foreach ($input as $var => $val) {
            $output[$var] = sanitize($val);
        }
    } else {
        if (get_magic_quotes_gpc()) {
            $input = stripslashes($input);
        }
        //$input  = cleanInput($input);
        //$output = mysql_real_escape_string($input);
        $output = cleanInput($input);
    }
    return $output;
    // USAGE: good_string = sanitize($bad_string);
    // Anti Hacking END
}
Пример #10
0
/**
* Functions for checking & validating form
*/
function checkingFormAndSaveNewUser()
{
    include_once 'validate.php';
    if (isset($_POST['username']) && isset($_POST['email']) && isset($_POST['password']) && isset($_POST['confirm_password']) && isset($_POST['agree'])) {
        $username = cleanInput($_POST['username']);
        $email = cleanInput($_POST['email']);
        $password = cleanInput($_POST['password']);
        $confirm_password = cleanInput($_POST['confirm_password']);
        $agree = $_POST['agree'];
        if (validateUsername($username) == false) {
            echo "Name should contain capitals and lower case, not less than 2 symbols";
            exit;
        }
        $email = filter_var($email, FILTER_SANITIZE_EMAIL);
        if (validateEmail($email) == false) {
            echo "E-mail should be in the format of name@example.com";
            exit;
        }
        if (validateLength($password, 6) == false) {
            echo "Password should contain not less than 6 symbols";
            exit;
        }
        if (validateConfirm($password, $confirm_password) == false) {
            echo "Passwords do not match";
            exit;
        }
        //$password_hash=password_hash($password, PASSWORD_DEFAULT); //PHP 5 >= 5.5.0
        $password_hash = md5($password);
        $dir_for_saved_users = "./user/";
        if (!is_dir($dir_for_saved_users)) {
            mkdir($dir_for_saved_users, 0777, true);
        }
        chmod('./user/', 0777);
        $filename = $dir_for_saved_users . "user_info";
        $new_user_info = $username . ":" . $email . ":" . $password_hash . "\n";
        file_put_contents($filename, $new_user_info, FILE_APPEND);
        //$_SESSION['name'] = $username;
        echo "You have signed up successfully! <a href='index.php'>Log in</a>";
    } else {
        echo "All fields are required. Please fill in all the fields.";
        exit;
    }
}
Пример #11
0
 public function register()
 {
     $data = array();
     if (isset($_POST['register'])) {
         $openid = $_POST['identity'];
         $username = cleanInput($_POST['username']);
         $email = cleanInput($_POST['email']);
         $fullname = cleanInput($_POST['fullname']);
         $gender = cleanInput($_POST['gender']);
         $country = cleanInput($_POST['country']);
         $postcode = cleanInput($_POST['postcode']);
         $language = cleanInput($_POST['language']);
         $timezone = cleanInput($_POST['timezone']);
         $errors = array();
         if (is_numeric($_POST['dob-year'])) {
             $dob = $_POST['dob-month'] . '/' . $_POST['dob-day'] . '/' . $_POST['dob-year'];
         } else {
             $errors[] = array('title' => 'Invalid Input', 'text' => 'Year must be numeric');
             $data['errors'] = $errors;
             $this->view->load('auth/register', $data);
             return;
         }
         $identity = $this->model->create_userprofile($username, $email, $fullname, $dob, $gender, $postcode, $country, $language, $timezone);
         if (!$identity) {
             $errors[] = array('title' => 'Error', 'text' => 'Could not generate user profile');
             $data['errors'] = $errors;
             $this->view->load('auth/register', $data);
             return;
         }
         if ($this->model->register_openid($identity, $openid)) {
             if ($this->model->login_user($identity)) {
                 redirect('dashboard');
             }
             $errors[] = array('title' => 'Error', 'text' => 'Could not login user');
         } else {
             $errors[] = array('title' => 'Error', 'text' => 'Could not register openid');
         }
     }
     if (!empty($errors)) {
         $data['errors'] = $errors;
     }
     $this->view->load('auth/register', $data);
 }
Пример #12
0
function hasACL($name, $action, $level, $uid = false)
{
    if (!isLoggedIn(false)) {
        return false;
    }
    global $suid, $mysqli;
    $n = cleanInput('/[^a-zA-Z0-9_]/', strtolower($name));
    $a = strtolower($action);
    $l = strtoupper($level);
    $u = cleanInput('/[^0-9]/', strtolower($suid));
    if ($uid != false) {
        $u = cleanInput('/[^0-9]/', strtolower($uid));
    }
    $M_result = $mysqli->query("SELECT {$n} FROM acls WHERE user_id={$u};");
    if ($M_result == false) {
        return false;
    }
    $M_row = $M_result->fetch_assoc();
    $v = strtoupper($M_row[$n]);
    $s = -1;
    if ($a == 'read' || $a == 'r') {
        $s = 0;
    } else {
        if ($a == 'write' || $a == 'w') {
            $s = 1;
        }
    }
    if ($s == -1) {
        error_log("Invalid ACL action: {$a} / {$action}.");
        return false;
    }
    $g = substr($v, $s, 1);
    if ($g == $l || $g == 'E' && $l == 'S') {
        return true;
    } else {
        return false;
    }
}
Пример #13
0
function getClasses($uid)
{
    global $mysqli, $suid;
    $u = cleanInput('/[^0-9]/', strtolower($uid));
    $result = [];
    if (hasACL("teacher_panel", "R", "E")) {
        $M_result = $mysqli->query("SELECT name,id FROM class;");
        while ($M_row = $M_result->fetch_assoc()) {
            $result[] = ["id" => $M_row['id'], "name" => $M_row['name']];
        }
    } else {
        $M_result = $mysqli->query("SELECT class_id FROM class_acls WHERE user_id={$uid};");
        while ($M_row = $M_result->fetch_assoc()) {
            $M_result2 = $mysqli->query("SELECT name FROM class WHERE id=" . $M_row['class_id'] . ";");
            $n = "Unknown";
            if ($M_result2 != false) {
                $M_row2 = $M_result2->fetch_assoc();
                $n = $M_row2['name'];
            }
            $result[] = ["id" => $M_row['class_id'], "name" => $n];
        }
    }
    return $result;
}
Пример #14
0
$firstname = "";
$lastname = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (isset($_POST["create"])) {
        if (empty($_POST["create_email"])) {
            $create_email_error = "See väli on kohustuslik";
        } else {
            $create_email = cleanInput($_POST["create_email"]);
        }
        if (empty($_POST["create_password"])) {
            $create_password_error = "See väli on kohustuslik";
        } else {
            if (strlen($_POST["create_password"]) < 8) {
                $create_password_error = "Peab olema vähemalt 8 tähemärki pikk!";
            } else {
                $create_password = cleanInput($_POST["create_password"]);
            }
        }
        if (empty($_POST["firstname"])) {
            $firstname_error = "See väli on kohustuslik!";
        } else {
            $firstname = test_input($_POST["firstname"]);
        }
        if (empty($_POST["lastname"])) {
            $lastname_error = "See väli on kohustuslik!";
        } else {
            $lastname = test_input($_POST["lastname"]);
        }
        if ($create_email_error == "" && $create_password_error == "" && $firstname_error == "" && $lastname_error == "") {
            // räsi paroolist, mille salvestame ab'i
            $hash = hash("sha512", $create_password);
Пример #15
0
					}
				}

        if(isset($_POST["new_primary"])){
          if (empty($_POST["primary_name"]) ) {
						$primary_name_error = "See väli on kohustuslik";
					}else{
						$primary_name = cleanInput($_POST["primary_name"]);
					}
          if (empty($_POST["primary_start"]) ) {
						$primary_start_error = "See väli on kohustuslik";
					}else{
						$primary_start = cleanInput($_POST["primary_start"]);
					}
          $primary_end = cleanInput($_POST["primary_end"]);
          $primary_info = cleanInput($_POST["primary_info"]);

          if ($primary_name_error == "" && $primary_start_error == "") {
						$response = $Resume->newPrimary($cvid->id, $primary_name, $primary_start, $primary_end, $primary_info, $file_to_trim);

					}

        }

      }
    }
  }
 ?>


<div class="row">
if (!isset($_SESSION["logged_in_user_id"])) {
    header("Location: login.php");
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (isset($_POST["create_team"])) {
        $GK = cleanInput($_POST["GK"]);
        $LB = cleanInput($_POST["LB"]);
        $CB1 = cleanInput($_POST["CB1"]);
        $CB2 = cleanInput($_POST["CB2"]);
        $RB = cleanInput($_POST["RB"]);
        $LM = cleanInput($_POST["LM"]);
        $CM1 = cleanInput($_POST["CM1"]);
        $CM2 = cleanInput($_POST["CM2"]);
        $RM = cleanInput($_POST["RM"]);
        $ST1 = cleanInput($_POST["ST1"]);
        $ST2 = cleanInput($_POST["ST2"]);
    }
    echo "Dreamteam edukalt lisatud!";
    createTeam($GK, $LB, $CB1, $CB2, $RB, $LM, $CM1, $CM2, $RM, $ST1, $ST2);
}
function cleanInput($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
function test_input($data)
{
    $data = trim($data);
    $data = stripslashes($data);
Пример #17
0
            $Job->deleteJobData($_GET["delete"]);
        }
        if (isset($_GET["update"])) {
            $Job->updateJobData($_GET["job_id"], $_GET["job_name"], $_GET["job_desc"], $_GET["job_company"], $_GET["job_county"], $_GET["job_parish"], $_GET["job_location"], $_GET["job_address"]);
        }
    }
}
if (isset($_GET["view"])) {
    $Job->singleJobData($_GET["view"]);
    $singleJob = $Job->singleJobData($_GET["view"]);
}
//kõik tööd objektide kujul massiivis
$job_array = $Job->getAllData();
$keyword = "";
if (isset($_GET["keyword"])) {
    $keyword = cleanInput($_GET["keyword"]);
    //otsime
    $job_array = $Job->getAllData($keyword);
} else {
    //Naitame koiki tulemus
    $job_array = $Job->getAllData();
}
?>
<!-- Modal -->
<script type="text/javascript">
    $(window).load(function(){
        $('#myModal').modal('show');
    });
</script>

<div class="col-xs-12 col-sm-2 text-center">
Пример #18
0
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    // kontrollin mis nuppu vajutati
    if (isset($_POST["login"])) {
        if (empty($_POST["email"])) {
            //jah oli tühi
            $email_error = "See väli on kohustuslik";
        } else {
            //puhastame muutuja võimalikest üleliigsetest sümbolitest
            $email = cleanInput($_POST["email"]);
        }
        //kas parool on tühi
        //jah on tühi
        if (empty($_POST["password"])) {
            $password_error = "See väli on kohustuslik";
        } else {
            $password = cleanInput($_POST["password"]);
        }
        // Kui oleme siia jõudnud, võime kasutaja sisse logida
        if ($password_error == "" && $email_error == "") {
            echo "Võib sisse logida! Kasutajanimi on " . $email . " ja parool on " . $password;
            $password_hash = hash("sha512", $password);
            $stmt = $mysqli->prepare("SELECT id, email FROM user_sample WHERE email=? AND password=?");
            $stmt->bind_param("ss", $email, $password_hash);
            //paneme vastuse muutujatesse
            $stmt->bind_result($id_from_db, $email_from_db);
            $stmt->execute();
            if ($stmt->fetch()) {
                //leidis
                echo "<br>";
                echo "Kasutaja id=" . $id_from_db;
            } else {
Пример #19
0
if (!isset($_GET["offers_data_id"])) {
    header("Location: requests.php");
}
$price = $comment = "";
$price_error = $comment_error = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (isset($_POST["add_new_offer"])) {
        if (empty($_POST["price"])) {
            $price_error = "Hind on kohustuslik";
        } else {
            $price = cleanInput($_POST["price"]);
        }
        if (empty($_POST["comment"])) {
            $comment_error = "Kommentaar on kohustuslik";
        } else {
            $comment = cleanInput($_POST["comment"]);
        }
        if ($price_error == "" && $comment_error == "") {
            $OfferManager->addNewOffer($_POST["request_id"], $_SESSION["logged_in_user_id"], $price, $comment);
            header("Location: requests.php");
        }
    }
}
function cleanInput($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
?>
Пример #20
0
function sanitizeme($input)
{
    if (is_array($input)) {
        foreach ($input as $var => $val) {
            $output[$var] = sanitizeme($val);
        }
    } else {
        if (get_magic_quotes_gpc()) {
            $input = stripslashes($input);
        }
        //echo "Raw Input:" . $input . "<br />";
        $input = cleanInput($input);
        $input = strip_tags($input);
        // Remove HTML
        $input = htmlspecialchars($input);
        // Convert characters
        $input = trim(rtrim(ltrim($input)));
        // Remove spaces
        $input = $input;
        // Prevent SQL Injection
        $output = $input;
    }
    if (isset($output) && $output != '') {
        return $output;
    } else {
        return false;
    }
}
Пример #21
0
            $create_password_error = "See vali on kohustuslik";
        } else {
            if (strlen($_POST["create_password"]) < 8) {
                $create_password_error = "Peab olema vahemalt 8 tahemarki pikk!";
            } else {
                $create_password = cleanInput($_POST["create_password"]);
            }
            if (empty($_POST["firstname"])) {
                $firstname_error = "See vali on kohustuslik";
            } else {
                $firstname = cleanInput($_POST["firstname"]);
            }
            if (empty($_POST["lastname"])) {
                $lastname_error = "See vali on kohustuslik";
            } else {
                $lastname = cleanInput($_POST["lastname"]);
            }
        }
        if ($create_email_error == "" && $create_password_error == "" && $firstname_error == "" && $lastname_error == "") {
            echo "Võib kasutajat luua! Kasutajanimi on " . $create_email . " ja parool on " . $create_password;
            $password_hash = hash("sha512", $create_password);
            echo "<br>";
            echo $password_hash;
            // functions.php failis käivina funktsiooni
            createUser($create_email, $password_hash, $firstname, $lastname);
        }
    }
}
function cleanInput($data)
{
    $data = trim($data);
Пример #22
0
    //kustutab kõik sessiooni muutujad
    session_destroy();
    header("Location: login.php");
}
//mängu lisamise errorid
$game_name = $baskets = $game_name_error = $baskets_error = "";
if (isset($_POST["create_game"])) {
    if (empty($_POST["game_name"])) {
        $game_name_error = "See väli on kohustuslik";
    } else {
        $game_name = cleanInput($_POST["game_name"]);
    }
    if (empty($_POST["baskets"])) {
        $baskets_error = "See väli on kohustuslik";
    } else {
        $baskets = cleanInput($_POST["baskets"]);
    }
    if ($game_name_error == "" && $baskets_error == "") {
        // functions.php failis käivina funktsiooni
        //msg on message
        $msg = createGame($game_name, $baskets);
        if ($msg != "") {
            //salvestamine õnnestus
            //teen tühjaks input väljad
            $game_name = "";
            $baskets = "";
            echo $msg;
        }
    }
}
// create if end
Пример #23
0
    header("Location: login.php");
}
$autonr = $sisenemismass = $autonr_error = $sisenemismass_error = "";
// et ei ole tühjad
// clean input
// salvestate
if (isset($_POST["create"])) {
    if (empty($_POST["auto"])) {
        $autonr_error = "See väli on kohustuslik";
    } else {
        $autonr = cleanInput($_POST["auto"]);
    }
    if (empty($_POST["sisenemismass"])) {
        $sisenemismass_error = "See väli on kohustuslik";
    } else {
        $sisenemismass = cleanInput($_POST["sisenemismass"]);
    }
    if ($autonr_error == "" && $sisenemismass_error == "") {
        $message = createCar($autonr, $sisenemismass);
        header("Location: data2.php");
        if ($message != "") {
            //salvestamine õnnestus
            // teen tühjaks input value'd
            $autonr = "";
            $sisenemismass = "";
            echo $message;
        }
    }
}
// create if end
function cleanInput($data)
Пример #24
0
<?php

require_once "db.php";
//be mindful of VARIABLE_SCOPE
require_once "mail.php";
if (isset($_GET['news_subscr'])) {
    if (!empty($_POST['email'])) {
        $mail_check = spamCheck($_POST['email']);
        if ($mail_check == false) {
            echo "3";
        } else {
            $email = cleanInput($_POST['email']);
            $q = mysqli_query($conn, "select email from news_l where email='{$email}'");
            if (mysqli_num_rows($q) > 0) {
                echo "0";
            } else {
                $q = mysqli_query($conn, "insert into news_l (email) values ('{$email}')");
                if ($q) {
                    echo "1";
                    /*$to=$email;
                     	$frm="*****@*****.**";
                     	$sbj="TechShule Newsletter Subscription";
                     	$msg="Thank you for Subscribing to the Best Tech News and Information on Startups across Africa.";
                     	if(sendMsg($to, $frm, $sbj, $msg)){
                     		echo "1";
                     	}*/
                }
            }
        }
    } else {
        echo "2";
Пример #25
0
	<a href ="?logout=1">Logi välja</a>

</p>


<?php 
if (isset($_POST["create"])) {
    if (empty($_POST["car_plate"])) {
        $car_plate_error = "See väli on kohustuslik";
    } else {
        $car_plate = cleanInput($_POST["car_plate"]);
    }
    if (empty($_POST["color"])) {
        $color_error = "See väli on kohustuslik";
    } else {
        $color = cleanInput($_POST["color"]);
    }
    if ($car_plate_error == "" && $color_error == "") {
        // msg on message funktsioonist
        $msg = createCarPlate($car_plate, $color);
        if ($msg != "") {
            // Salvestamine õnnestus
            // teen tühjaks input value
            $car_palte = "";
            $color = "";
            echo $msg;
        }
    }
}
// create if end
// funktsioon, mis eemaldab kõikvõimaliku üleliigse tekstist
Пример #26
0
    }
    if (empty($_POST["picture"])) {
        $picture_error = "See väli on kohustuslik";
    } else {
        $picture = cleanInput($_POST["picture"]);
    }
    if ($title_error == "" && $season_error == "" && $description_error == "" && $picture_error == "") {
        echo "Sisestatud!";
        $add_response = $Series->addSeries($title, $season, $description, $picture);
    }
}
if (isset($_POST["createList"])) {
    if (empty($_POST["name"])) {
        $name_error = "Field is empty";
    } else {
        $name = cleanInput($_POST["name"]);
    }
    if ($name_error == "") {
        echo "List created";
        $add_list_response = $Series->createList($name);
    }
}
function cleanInput($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}
require_once "../header.php";
?>
Пример #27
0
     $type = cleanInput($_REQUEST['type']);
     if (!empty($_REQUEST['name'])) {
         $name = cleanInput($_REQUEST['name']);
     } else {
         $name = '';
     }
     if ($type == 'desktop' || $type == 'mobile') {
         $name = $type;
         $type = 'extension';
         if ($name == 'mobile') {
             $name = 'mobilewebapp';
         }
     }
 }
 if (!empty($_REQUEST['subtype'])) {
     $subtype = cleanInput($_REQUEST['subtype']);
 }
 if (file_exists(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'writable' . DIRECTORY_SEPARATOR . 'cache' . DIRECTORY_SEPARATOR . $theme . $type . $name . $cbfn . $color . '.css') && DEV_MODE != 1) {
     if (!empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) && strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) == filemtime(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'writable' . DIRECTORY_SEPARATOR . 'cache' . DIRECTORY_SEPARATOR . $theme . $type . $name . $cbfn . $color . '.css')) {
         header("HTTP/1.1 304 Not Modified");
         exit;
     }
     readfile(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'writable' . DIRECTORY_SEPARATOR . 'cache' . DIRECTORY_SEPARATOR . $theme . $type . $name . $cbfn . $color . '.css');
     $css = ob_get_clean();
 } else {
     include_once dirname(__FILE__) . DIRECTORY_SEPARATOR . 'themes' . DIRECTORY_SEPARATOR . 'standard' . DIRECTORY_SEPARATOR . 'config.php';
     if (file_exists(dirname(__FILE__) . DIRECTORY_SEPARATOR . "themes" . DIRECTORY_SEPARATOR . $theme . DIRECTORY_SEPARATOR . 'config.php')) {
         include_once dirname(__FILE__) . DIRECTORY_SEPARATOR . "themes" . DIRECTORY_SEPARATOR . $theme . DIRECTORY_SEPARATOR . 'config.php';
     }
     if ($type != 'core' || $name != 'default') {
         if (!empty($name) && $cbfn != 'desktop') {
Пример #28
0
FB::log($_REQUEST, "getPrice php: starting REQUEST=");
//require 'incsess.php';
if (!isset($_SESSION)) {
    //FB::log("ADMIN php, start session");
    session_start();
}
require_once "config.php";
include_once "languages/" . POS_DEFAULT_LANGUAGE . ".php";
require_once "database.php";
require_once "helpers.php";
if (!isset($_GET['item'])) {
    echo "Failure getting data from getPrice.php. Check item is sent in request.";
}
if (isset($_GET['item']) && isset($_GET['base'])) {
    $base = cleanInput($_GET['base']);
    //FB::log($base,"getPrice.php base=");
    $item = cleanInput($_GET['item']);
    //FB::log($item,"getPrice.php item=");
    $sql = "SELECT {$base} FROM items WHERE item_number = '" . $item . "'";
    $result = $db->QPResults($sql);
    echo $result[$base];
}
if (isset($_GET['tax']) && isset($_GET['item'])) {
    $item = cleanInput($_GET['item']);
    $sql = "SELECT tax_percent FROM items WHERE item_number = '" . $item . "'";
    $result = $db->QPResults($sql);
    echo $result['tax_percent'];
}
?>

Пример #29
0
if (isset($msqly)) {
    die('Püüad mind häkkida');
}
$errors = array();
$input = array();
$show_form = True;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    //defineerime array ja käime kogu tsükli läbi muutujan fild for loop.
    foreach (array('username', 'password') as $field) {
        if (empty($_POST[$field])) {
            //pole infot saatnud
            $errors[$field] = "See väli on kohustuslik";
        } else {
            // puhastame muutuja võimalikest üleliigsetest sümbolitest
            $input[$field] = cleanInput($_POST[$field]);
        }
    }
    if (empty($errors)) {
        $hash = hash("sha512", $input['password']);
        $stmt = $mysqli->prepare('SELECT id, email FROM users WHERE email =? AND password=?');
        if (!$stmt) {
            die("juhtus viga" . $mysqli->error);
        }
        $stmt->bind_param("ss", $input['username'], $hash);
        //muutujad tulemustele
        $stmt->bind_result($id_from_db, $email_from_db);
        $stmt->execute();
        //Kontrollin kas tulemusi leiti
        if ($stmt->fetch()) {
            // ab'i oli midagi
Пример #30
0
 function compare_type($a, $b)
 {
     $type = cleanInput($_GET['sortId']);
     $aId = null;
     $bId = null;
     if (isset($a['percentages'])) {
         foreach ($a['percentages'] as $key => $per) {
             if ($per['exerciseTypeID'] == $type) {
                 $aId = $key;
                 break;
             }
         }
     }
     if (isset($b['percentages'])) {
         foreach ($b['percentages'] as $key => $per) {
             if ($per['exerciseTypeID'] == $type) {
                 $bId = $key;
                 break;
             }
         }
     }
     if ($aId === null && $bId === null) {
         return 0;
     }
     if ($aId !== null && $bId === null) {
         return 1;
     }
     if ($aId === null && $bId !== null) {
         return -1;
     }
     return strnatcmp($a['percentages'][$aId]['points'], $b['percentages'][$bId]['points']);
 }