function validateToken($token, $id) { $query = "select user_id from tokens where token = '" . dbEsc($token) . "' AND computer_id = " . dbEsc($id) . ";"; $result = mysql_query($query); $row = mysql_fetch_array($result, MYSQL_ASSOC); return $row['user_id']; }
function logPing($token, $id, $version) { $query = "UPDATE tokens SET last_seen = NOW() WHERE token = '" . dbEsc($token) . "' AND computer_id = " . dbEsc($id); $result = mysql_query($query); if ($result) { echo $version; } else { echo $version; } }
function dbQuery($querySPrintF, $args = NULL) { $db = new Database(); $arg_list = func_get_args(); unset($arg_list[0]); foreach ($arg_list as &$item) { if (is_string($item)) { $item = dbEsc($item); } } $res = $db->link->query(vsprintf($querySPrintF, $arg_list)); if (!$res) { echo $db->link->error; } return $res; }
<?php $version = 1; require_once 'connection.php'; $token = $_POST['token']; $id = $_POST['id']; $tank_name = $_POST['tank_name']; $fluid_type = $_POST['fluid_type']; $percent = $_POST['percent']; $fluid_type = htmlspecialchars($fluid_type); $tank_name = htmlspecialchars($tank_name); $percent = htmlspecialchars($percent); $query = "UPDATE tokens SET last_seen = NOW() WHERE token = '" . dbEsc($token) . "' AND computer_id = " . dbEsc($id); $result = mysql_query($query); if ($result) { $query2 = "UPDATE tanks SET tank_name = '" . dbEsc($tank_name) . "', fluid_type = '" . dbEsc($fluid_type) . "', percent = '" . dbEsc($percent) . "' WHERE token = '" . dbEsc($token) . "'"; $result2 = mysql_query($query2); echo $version; } else { echo 'error: token update query failed.'; } function dbEsc($theString) { $theString = mysql_real_escape_string($theString); return $theString; }
function getComments($dbconn, $xmlDoc, $post_id) { $parentNode = $xmlDoc->createElement('comments'); $query = "select * from comments where post_id = " . dbEsc($post_id) . " order by date DESC"; $result = mysql_query($query); if (!$result) { $statusNode = $xmlDoc->createElement('getComments_status', $query); dbError($xmlDoc, $parentNode, mysql_error()); } else { $statusNode = $xmlDoc->createElement('query_status', 'success'); } while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $query2 = "SELECT username FROM users WHERE user_id = " . $row['user_id']; $result2 = mysql_query($query2); $row2 = mysql_fetch_array($result2, MYSQL_ASSOC); $theChildNode = $xmlDoc->createElement('comment'); $theChildNode->setAttribute('username', $row2['username']); $theChildNode->setAttribute('comment', $row['comment']); $theChildNode->setAttribute('date', $row['date']); $parentNode->appendChild($theChildNode); } $parentNode->appendChild($statusNode); return $parentNode; }
$emptyMsgEN = true; } if (empty($_POST['msg_gr'])) { $emptyMsgGR = true; } if (empty($_POST['link'])) { $emptyLink = true; } if (!$emptyDate && !preg_match("/^(19|20)[0-9]{2}[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])\$/i", $_POST['date'])) { $dateError = true; } $errors = $emptyDate || $empdtyMsgEN || $emptyMsgGR || $emptyLink || $dateError; if (!$errors) { $mid = preg_replace("/[^0-9]/", "", htmlentities($_GET['mid'], ENT_QUOTES)); $connection = dbConnect(); $query = sprintf("UPDATE events SET web_admins_username='******', date='%s', msg_en='%s', msg_gr='%s', link='%s' WHERE id=%s", $_SESSION['username'], $_POST['date'], dbEsc($_POST['msg_en']), dbEsc($_POST['msg_gr']), dbEsc($_POST['link']), $mid); dbUpdate($query, $connection); dbLog('edit event ' . $mid, $connection); header('Location: manageevents.php'); } } else { if (isset($_GET['action']) && $_GET['action'] === 'delete') { $mid = preg_replace("/[^0-9]/", "", htmlentities($_GET['mid'], ENT_QUOTES)); $connection = dbConnect(); $query = sprintf("UPDATE events SET deleted=true WHERE id=%s", $mid); dbUpdate($query, $connection); dbLog('delete event ' . $mid, $connection); header('Location: manageevents.php'); } else { if (isset($_GET['action']) && $_GET['action'] === 'update') { $connection = dbConnect();
function createEnergyEntry($dbConn, $token, $id) { $query = "INSERT INTO energy_storage (token, computer_id) VALUES ('" . dbEsc($token) . "', " . dbEsc($id) . ")"; $result = mysql_query($query); }
function removeEvent($dbconn, $xmlDoc, $event_id) { $recordDataNode = $xmlDoc->createElement('recorddata'); $query2 = "DELETE FROM redstone_events WHERE event_id = '" . dbEsc($event_id) . "'"; $result2 = mysql_query($query2); if (!$result2) { $statusNode = $xmlDoc->createElement('status', $query); dbError($xmlDoc, $recordDataNode, mysql_error()); } else { $statusNode = $xmlDoc->createElement('status', 'success'); } $recordDataNode->appendChild($statusNode); return $recordDataNode; }
header('Location: admincp.php'); } $emptyName = false; $emptyPass = false; $valid_err = false; // LOGIN if (isset($_POST['loginForm'])) { if (empty($_POST['username'])) { $emptyName = true; } if (empty($_POST['pass'])) { $emptyPass = true; } if (!$emptyName && !$emptyPass) { $connection = dbConnect(); $query = sprintf("SELECT * FROM web_admins WHERE username='******'", dbEsc($_POST['username'])); $res = dbQuery($query, $connection); if (crypt($_POST['pass'], $res[0]['pass']) == $res[0]['pass']) { $_SESSION['loggedIn'] = true; $_SESSION['username'] = $res[0]['username']; $_SESSION['postLang'] = 'gr'; $_SESSION['feedLang'] = 'gr'; dbLog('login', $connection); header('Location: admincp.php'); } else { dbLog('failed login', $connection); $valid_err = true; } } } $title = 'Foss UoA - Κοινότητα Ανοιχτού Λογισμικού Καποδιστριακού Πανεπιστημίου Αθηνών - Admin Login';
} else { if (isset($_POST['editFeedForm'])) { if (empty($_POST['title'])) { $emptyTitle = true; } if (empty($_POST['link'])) { $emptyLink = true; } if (empty($_POST['desc'])) { $emptyDesc = true; } $errors = $emptyTitle || $emptyLink || $emptyDesc; if (!$errors) { $mid = preg_replace("/[^0-9]/", "", htmlentities($_GET['mid'], ENT_QUOTES)); $connection = dbConnect(); $query = sprintf("UPDATE feeds SET web_admins_username='******', title='%s', link='%s', description='%s', date='%s', type='%s', lang='%s' WHERE id=%s", $_SESSION['username'], dbEsc($_POST['title']), dbEsc($_POST['link']), dbEsc($_POST['desc']), date("Y-m-d"), $_POST['feedType'], $_SESSION['feedLang'], $mid); dbUpdate($query, $connection); dbLog('edit feed entry ' . $mid, $connection); header('Location: managefeeds.php'); } } else { if (isset($_GET['action']) && $_GET['action'] === "delete") { $mid = preg_replace("/[^0-9]/", "", htmlentities($_GET['mid'], ENT_QUOTES)); $connection = dbConnect(); $query = sprintf("UPDATE feeds SET deleted=true WHERE id=%s", $mid); dbUpdate($query, $connection); dbLog('delete feed entry ' . $mid, $connection); header('Location: managefeeds.php'); } else { if (isset($_GET['action']) && $_GET['action'] === "update" && isset($_GET['type'])) { $type = $_GET['type'] == 'generalRSS' ? 'General RSS' : 'Meetings RSS';
<?php $version = 1; require_once 'connection.php'; $token = $_POST['token']; $id = $_POST['id']; $bat_name = $_POST['bat_name']; $energy_type = $_POST['energy_type']; $percent = $_POST['percent']; $energy_type = htmlspecialchars($energy_type); $bat_name = htmlspecialchars($bat_name); $percent = htmlspecialchars($percent); $query = "UPDATE tokens SET last_seen = NOW() WHERE token = '" . dbEsc($token) . "' AND computer_id = " . dbEsc($id); $result = mysql_query($query); if ($result) { $query2 = "UPDATE energy_storage SET bat_name = '" . dbEsc($bat_name) . "', energy_type = '" . dbEsc($energy_type) . "', percent = '" . dbEsc($percent) . "' WHERE token = '" . dbEsc($token) . "'"; $result2 = mysql_query($query2); echo $version; } else { echo 'error: token update query failed.'; } function dbEsc($theString) { $theString = mysql_real_escape_string($theString); return $theString; }
function checkEvents($token) { $query = "SELECT * from redstone_events WHERE redstone_token = '" . dbEsc($token) . "'"; $result = mysql_query($query); while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $query2 = "SELECT * FROM tanks WHERE token = '" . $row['storage_token'] . "'"; $result2 = mysql_query($query2); $row2 = mysql_fetch_array($result2, MYSQL_ASSOC); $side = ''; if ($row['side'] == 'top_side') { $side = 'top'; } if ($row['side'] == 'bottom_side') { $side = 'bottom'; } if ($row['side'] == 'front_side') { $side = 'front'; } if ($row['side'] == 'back_side') { $side = 'back'; } if ($row['event_type'] == '1') { if (intval($row2['percent']) > intval($row['trigger_value'])) { $query3 = "UPDATE redstone_controls SET " . $side . " = " . $row['output']; $result3 = mysql_query($query3); } } if ($row['event_type'] == '2') { if (intval($row2['percent']) < intval($row['trigger_value'])) { $query3 = "UPDATE redstone_controls SET " . $side . " = " . $row['output']; $result3 = mysql_query($query3); } } $query2 = "SELECT * FROM energy_storage WHERE token = '" . $row['storage_token'] . "'"; $result2 = mysql_query($query2); $row2 = mysql_fetch_array($result2, MYSQL_ASSOC); $side = ''; if ($row['side'] == 'top_side') { $side = 'top'; } if ($row['side'] == 'bottom_side') { $side = 'bottom'; } if ($row['side'] == 'front_side') { $side = 'front'; } if ($row['side'] == 'back_side') { $side = 'back'; } if ($row['event_type'] == '1') { if (intval($row2['percent']) > intval($row['trigger_value'])) { $query3 = "UPDATE redstone_controls SET " . $side . " = " . $row['output']; $result3 = mysql_query($query3); } } if ($row['event_type'] == '2') { if (intval($row2['percent']) < intval($row['trigger_value'])) { $query3 = "UPDATE redstone_controls SET " . $side . " = " . $row['output']; $result3 = mysql_query($query3); } } } }
dbLog('new post', $connection); header('Location: manageposts.php'); } } else { if (isset($_POST['editPostForm'])) { if (empty($_POST['title'])) { $emptyTitle = true; } if (empty($_POST['body'])) { $emptyBody = true; } $errors = $emptyTitle || $emptyBody; if (!$errors && !isset($_POST['preview'])) { $mid = preg_replace("/[^0-9]/", "", htmlentities($_GET['mid'], ENT_QUOTES)); $connection = dbConnect(); $query = sprintf("UPDATE posts SET web_admins_username='******', title='%s', edit_date='%s', body='%s', lang='%s' WHERE id=%s", $_SESSION['username'], dbEsc($_POST['title']), date("Y-m-d"), dbEsc($_POST['body']), $_SESSION['postLang'], $mid); dbUpdate($query, $connection); dbLog('edit post ' . $mid, $connection); header('Location: manageposts.php'); } } else { if (isset($_GET['action']) && $_GET['action'] === "delete") { $mid = preg_replace("/[^0-9]/", "", htmlentities($_GET['mid'], ENT_QUOTES)); $connection = dbConnect(); $query = sprintf("UPDATE posts SET deleted=true WHERE id=%s", $mid); dbUpdate($query, $connection); dbLog('delete post ' . $mid, $connection); header('Location: manageposts.php'); } } }