Пример #1
0
/**
 * @param $value
 * @return string
 */
function quote_smart($value)
{
    return "'" . safe_value($value) . "'";
}
Пример #2
0
$url_host = safe_value($url_host);
$url_from = isset($_GET['from']) ? sanitizeInput($_GET['from']) : '';
$url_from = htmlentities($url_from);
$url_from = safe_value($url_from);
$url_submit = isset($_GET['submit']) ? sanitizeInput($_GET['submit']) : '';
$url_submit = htmlentities($url_submit);
$url_submit = safe_value($url_submit);
$url_list = isset($_GET['list']) ? sanitizeInput($_GET['list']) : '';
$url_list = htmlentities($url_list);
$url_list = safe_value($url_list);
$url_domain = isset($_GET['domain']) ? sanitizeInput($_GET['domain']) : '';
$url_domain = htmlentities($url_domain);
$url_domain = safe_value($url_domain);
$url_id = isset($_GET['id']) ? sanitizeInput($_GET['id']) : '';
$url_id = htmlentities($url_id);
$url_id = safe_value($url_id);
// Split user/domain if necessary (from detail.php)
$touser = '';
$to_domain = '';
if (preg_match('/(\\S+)@(\\S+)/', $url_to, $split)) {
    $touser = $split[1];
    $to_domain = $split[2];
} else {
    $to_domain = $url_to;
}
// Type
switch ($url_type) {
    case 'h':
        $from = $url_host;
        break;
    case 'f':
Пример #3
0
    $myusername = $_SERVER['PHP_AUTH_USER'];
    $mypassword = $_SERVER['PHP_AUTH_PW'];
} else {
    // Define $myusername and $mypassword
    $myusername = $_POST['myusername'];
    $mypassword = $_POST['mypassword'];
}
$myusername = sanitizeInput($myusername);
$mypassword = sanitizeInput($mypassword);
if (USE_LDAP === true && ($result = ldap_authenticate($myusername, $mypassword)) !== null) {
    $_SESSION['user_ldap'] = '1';
    $myusername = safe_value($result);
} else {
    if ($mypassword != '') {
        $myusername = safe_value($myusername);
        $mypassword = safe_value($mypassword);
    } else {
        header("Location: login.php?error=emptypassword");
        die;
    }
}
$sql = "SELECT * FROM users WHERE username='******'";
$result = dbquery($sql);
if (!$result) {
    $message = 'Invalid query: ' . mysql_error() . "\n";
    $message .= 'Whole query: ' . $sql;
    die($message);
}
// mysql_num_row is counting table row
$usercount = mysql_num_rows($result);
if ($usercount == 0) {