function fetchHtml($url, $referer = false) { $info = parse_url($url); if (empty($info['host'])) { return false; } $cookies = "data/cookies_" . str_replace('-', '.', sanitize($info['host'])) . ".txt"; $agent = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1'; $headers = array('ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'ACCEPT_LANGUAGE: en-us,en;q=0.5', 'CACHE_CONTROL: max-age=0'); $c = curl_init(); curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($c, CURLOPT_VERBOSE, false); @curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($c, CURLOPT_USERAGENT, $agent); curl_setopt($c, CURLOPT_HTTPHEADER, $headers); curl_setopt($c, CURLOPT_URL, $url); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); curl_setopt($c, CURLOPT_COOKIEJAR, $cookies); curl_setopt($c, CURLOPT_COOKIEFILE, $cookies); if ($referer !== false) { curl_setopt($c, CURLOPT_REFERER, $url1); } $res = curl_exec($c); if (curl_getinfo($c, CURLINFO_HTTP_CODE) >= 300) { return false; } return $res; }
public function output() { //reset votes if ($this->config('resetvotes')) { $this->reset_votes(); $this->set_config('resetvotes', 0); } if ($this->config('title')) { $this->header = sanitize($this->config('title')); } $this->tpl->add_css("\r\n\t\t\t.quickpolls_radio label{\r\n\t\t\t display: block;\r\n\t\t\t margin-bottom: -10px;\r\n\t\t\t }\r\n\t\t"); $myout = '<div>' . sanitize($this->config('question')) . '</div><br />'; if ($this->in->exists('quickpolls_' . $this->id)) { $blnResult = $this->performVote(); if ($blnResult) { $myout .= $this->showResults(); } else { $myout .= $this->showForm(); } } else { if ($this->config('closedate') > 0 && $this->config('closedate') < $this->time->time || $this->in->get('quickpolls_results', 0) == $this->id && $this->config('showresults') || $this->userVoted()) { $myout .= $this->showResults(); } else { $myout .= $this->showForm(); } } if ($this->config('showresults') && !$this->blnShowResults) { $myout .= '<br /><div><a href="' . $this->SID . '&quickpolls_results=' . $this->id . '">' . $this->user->lang('quickpolls_resuls') . '</a></div>'; } return $myout; }
function login($email, $password) { $user_id = user_id_from_email($email); $email = sanitize($email); $password = MD5($password); return mysql_result(mysql_query("SELECT COUNT(user_id) FROM users WHERE email = '{$email}' AND password = '******'"), 0) == 1 ? $user_id : false; }
function insertElement() { if (isset($_POST['ClassificationID'])) { $ClassificationID = json_decode(sanitize($_POST['ClassificationID'])); } if (isset($_POST['Element'])) { $Element = json_decode(sanitize($_POST['Element'])); } if (isset($_POST['AtomicMass'])) { $AtomicMass = json_decode(sanitize($_POST['AtomicMass'])); } $dbConn = mysqli_connect(server(), username(), password(), db("Elements")); if ($dbConn->connect_error) { die("Connection failed: " . $dbConn->connect_error); } $query = "INSERT INTO Elements ( ClassificationID, Element, AtomicMass ) " . "VALUES ( " . "" . $ClassificationID . ", " . "'" . $Element . "', " . "" . $AtomicMass . " );"; $result = $dbConn->query($query); $return = new stdClass(); $return->querystring = (string) $query; if ($result) { $return->success = true; } else { $return->success = false; } return json_encode($return); }
function login($username, $password) { $user_id = user_id_from_username($username); $username = sanitize($username); $password = md5($password); return mysql_result(mysql_query("SELECT COUNT(user_id) FROM users WHERE username = '******' AND password = '******'"), 0) == 1 ? $user_id : false; }
function welcome_privmsg_send(&$registration_details) { global $username, $main_smarty, $current_user; include_once mnminclude . 'user.php'; include_once 'config.php'; include_once my_pligg_base . '/modules/simple_messaging/kmessaging/class.KMessaging.php'; $siteName = $main_smarty->get_config_vars('PLIGG_Visual_Name'); // User ID of Admin define('welcome_privmsg_admin_id', '1'); // Message Subject define('welcome_privmsg_subject', 'Welcome to ' . $siteName); // Message Body define('welcome_privmsg_body', 'Thanks for registering on our site!'); // Check User ID != 0 if ($registration_details['id'] > 0) { $msg_subject = sanitize(welcome_privmsg_subject, 2); $msg_body = welcome_privmsg_body; $msg_to_ID = $registration_details['id']; $msg_from_ID = welcome_privmsg_admin_id; $message = new KMessaging(true); $msg_result = $message->SendMessage($msg_subject, $msg_body, $msg_from_ID, $msg_to_ID, 0); if ($msg_result != 0) { echo "Module Error #" . $msg_result; } } else { // Unable to find User ID echo "Module Error #1"; die; } }
function login($username, $password) { $user_id = user_id_from_username($username); $username = sanitize($username); $password = hash('sha512', $password); return mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `bplay_users` WHERE `username`='{$username}' AND `password`='{$password}'"), 0) == 1 ? $user_id : false; }
public function createProject() { $project_name = sanitize($_POST['projectName']); $user_id = sanitize($_POST['userId']); $errors = array(); if (empty($project_name)) { $errors[] = "Please enter a project name! \n"; } if (count($errors) == 0) { $dbh = new PDO("mysql:host=" . $GLOBALS['db_host'] . ";dbname=" . $GLOBALS['db_db'], $GLOBALS['db_user'], $GLOBALS['db_pass']); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $stmt = $dbh->prepare("select * from projects where UserID = :userId and ProjectName = :projectName"); $stmt->execute(array('userId' => $user_id, "projectName" => $project_name)); if ($stmt->rowCount()) { echo "Project with name: " . $project_name . " already exists!"; } else { $stmt = $dbh->prepare("insert into projects (UserID, ProjectName) values ( :userId, :projectName) "); $stmt->execute(array('userId' => $user_id, "projectName" => $project_name)); $project_id = $dbh->lastInsertId(); if ($stmt->rowCount()) { $project = array("projectName" => $project_name, "projectId" => $project_id); echo json_success_data("Project Created Sucessfully", $project); } else { echo json_error_msg("Project NOT Created Sucessfully"); } } } }
function welcome_privmsg_send() { global $username, $main_smarty, $current_user; include_once mnminclude . 'user.php'; include_once './3rdparty/kmessaging/class.KMessaging.php'; $siteName = $main_smarty->get_config_vars('PLIGG_Visual_Name'); // User ID of Admin define('welcome_privmsg_admin_id', '1'); // Message Subject define('welcome_privmsg_subject', 'Welcome to ' . $siteName); // Message Body define('welcome_privmsg_body', 'Thanks for registering on our site. If you have any questions, be sure to visit our FAQ section. Sincerely, Webmaster'); // Check User ID != 0 if ($current_user->user_id > 0) { $msg_subject = sanitize(welcome_privmsg_subject, 2); $msg_body = welcome_privmsg_body; $msg_to_ID = $current_user->user_id; $msg_from_ID = welcome_privmsg_admin_id; $message = new KMessaging(true); $msg_result = $message->SendMessege($msg_subject, $msg_body, $msg_from_ID, $msg_to_ID, 0); if ($msg_result != 0) { echo "Module Error #" . $msg_result; } } else { // Unable to find User ID echo "Module Error #1"; die; } }
public function output() { if ($this->config('pk_mycontent_headtext')) { $this->header = sanitize($this->config('pk_mycontent_headtext')); } return html_entity_decode(htmlspecialchars_decode($this->config('pk_mycontent_useroutput'))); }
function getDatabases() { // retrieve and sanitize posted values. if (isset($_POST['server'])) { $server = json_decode(sanitize($_POST['server'])); } if (isset($_POST['username'])) { $username = json_decode(sanitize($_POST['username'])); } if (isset($_POST['password'])) { $password = json_decode(sanitize($_POST['password'])); } $databaseNames = array(); $dbConn = mysqli_connect($server, $username, $password); $query = "SHOW DATABASES"; $result = $dbConn->query($query); if ($result) { while ($row = $result->fetch_array()) { array_push($databaseNames, $row[0]); } } $return = new stdClass(); $return->credentials = $server + " " + $username + " " + $password; $return->succsss = true; $return->errorMessage = ""; $return->data['database_names'] = $databaseNames; $json = json_encode($return); return $json; }
function checkandadd(&$uPOST) { $a = 0; while (isset($uPOST["varn" . $a])) { if (isset($uPOST["varv" . $a])) { if (extExists($uPOST["varn" . $a], 1)) { db_connect(); $query = "SELECT `value` from `ext` WHERE `data`='" . $uPOST["varn" . $a] . "' AND `maxmin`='1' LIMIT 1"; sanitize($uPOST["varn" . $a]); $result = mysql_query($query) or die("query failed"); db_disconnect(); $c_row = mysql_fetch_assoc($result); if ($uPOST["varv" . $a] > $c_row['value']) { //echo "highest"; extInsert($uPOST["varn" . $a], 1, $uPOST["varv" . $a], $uPOST['uts']); } } } if (isset($uPOST["varv" . $a])) { if (extExists($uPOST["varn" . $a], 0)) { db_connect(); $query = "SELECT `value` from `ext` WHERE `data`='" . $uPOST["varn" . $a] . "' AND `maxmin`='0' LIMIT 1"; sanitize($uPOST["varn" . $a]); $result = mysql_query($query) or die("query failed"); db_disconnect(); $c_row = mysql_fetch_assoc($result); if ($uPOST["varv" . $a] < $c_row['value']) { //echo "lowest"; extInsert($uPOST["varn" . $a], 0, $uPOST["varv" . $a], $uPOST['uts']); } } } $a++; } }
function editRanks() { // Doh, globals! global $MySelf; global $DB; // Are we allowed to do this? if (!$MySelf->canEditRank()) { makeNotice("You do not have sufficient rights to access this page.", "warning", "Access denied"); } // Get all unique rank IDS. $ranks = $DB->query("SELECT DISTINCT rankid FROM ranks"); // Edit each one at a time. while ($rankID = $ranks->fetchRow()) { $ID = $rankID[rankid]; if (isset($_POST["title_" . $ID . "_name"])) { // Cleanup $name = sanitize($_POST["title_" . $ID . "_name"]); numericCheck($_POST["order_" . $ID], 0); $order = $_POST["order_" . $ID]; // Update the Database. $DB->query("UPDATE ranks SET name='" . $name . "', rankOrder='" . $order . "' WHERE rankid='" . $ID . "' LIMIT 1"); } } header("Location: index.php?action=showranks"); }
public function getUploadedFile($tag, $where = '/app/cache/uploads/') { $return = array('error' => false, 'path' => false, 'name' => false); if (isset($_FILES[$tag]['name']) && $_FILES[$tag]['name'] != '') { $image = $_FILES[$tag]; $orig_name = isset($image['name']) ? $image['name'] : false; $type = isset($image['type']) ? $image['type'] : false; $tmp_name = isset($image['tmp_name']) ? $image['tmp_name'] : false; $error_value = isset($image['error']) ? $image['error'] : false; if ($error_value === false) { $return['error'] = 'The file could not be uploaded because ' . $error_value; } else { $dots = explode('.', $orig_name); if (count($dots) == 1) { $return['error'] = 'Your filename does not have an extension'; } else { $extension = $dots[count($dots) - 1]; unset($dots[count($dots) - 1]); $orig_file_name = implode('.', $dots); $new_name = sanitize(trim($orig_file_name)) . '_' . md5(time() . $orig_name) . '.' . $extension; while (file_exists(path($where . $new_name))) { $new_name = time() % 100 . $new_name; } if (!move_uploaded_file($tmp_name, path($where . $new_name))) { $return['error'] = 'The file could not be uploaded. Please try again.'; } else { $return['path'] = $where . $new_name; $return['name'] = $orig_name; } } } } return $return; }
function dowork() { global $db; $canIhaveAccess = 0; $canIhaveAccess = $canIhaveAccess + checklevel('god'); if ($canIhaveAccess == 1) { if (is_writable('../settings.php') == 0) { die("Error: settings.php is not writeable."); } $action = isset($_REQUEST['action']) && sanitize($_REQUEST['action'], 3) != '' ? sanitize($_REQUEST['action'], 3) : "view"; if ($action == "view") { $config = new pliggconfig(); if (isset($_REQUEST['page'])) { $config->var_page = sanitize($_REQUEST['page'], 3); $config->showpage(); } else { $config->listpages(); } } if ($action == "save") { $config = new pliggconfig(); $config->var_id = substr(sanitize($_REQUEST['var_id'], 3), 6, 10); $config->var_value = $db->escape($_REQUEST['var_value']); $config->store(); } } }
public function step_user() { $objDatabase = $this->objCIFunctions->createConnection(); //Get User $objResult = $objDatabase->query('SELECT * FROM __users;'); if ($objResult) { while ($arrUserdata = $objResult->fetchAssoc()) { if ($this->pdh->get('user', 'check_username', array(sanitize($arrUserdata['user_login']))) != 'false') { $strPassword = md5(generateRandomBytes()); $salt = $this->user->generate_salt(); $new_password = $this->user->encrypt_password($strPassword, $salt) . ':' . $salt; $arrData = array('username' => $arrUserdata['user_login'], 'user_password' => $new_password, 'user_email' => register('encrypt')->encrypt($arrUserdata['user_email']), 'user_active' => 1, 'rules' => 1, 'user_registered' => strtotime($arrUserdata['user_registered'])); $intUserID = $this->pdh->put('user', 'insert_user', array($arrData, false)); if (!$intUserID) { return false; } $arrImported[] = $arrUserdata['user_login']; } } } $this->pdh->process_hook_queue(); //Display imported Users $out = '<h2>' . $this->user->lang('ci_imported_users') . '</h2> <table class="table">'; foreach ($arrImported as $val) { $out .= '<tr><td>' . $val . '</td></tr>'; } $out .= '</table>'; return $out; }
function addNewUser() { // globals global $DB; global $MySelf; global $MB_EMAIL; // Sanitize the input. $USERNAME = $MySelf->getUsername; $NEW_USER = strtolower(sanitize($_POST[username])); // supplied new username. if (!ctypeAlnum($NEW_USER)) { makeNotice("Only characters a-z, A-Z and 0-9 are allowed as username.", "error", "Invalid Username"); } /* Password busines */ if ($_POST[pass1] != $_POST[pass2]) { makeNotice("The passwords did not match!", "warning", "Passwords invalid", "index.php?action=newuser", "[retry]"); } $PASSWORD = encryptPassword("{$_POST['pass1']}"); $PASSWORD_ENC = $PASSWORD; /* lets see if the users (that is logged in) has sufficient * rights to create even the most basic miner. Level 3+ is * needed. */ if (!$MySelf->canAddUser()) { makeNotice("You are not authorized to do that!", "error", "Forbidden"); } // Lets prevent adding multiple users with the same name. if (userExists($NEW_USER) >= 1) { makeNotice("User already exists!", "error", "Duplicate User", "index.php?action=newuser", "[Cancel]"); } // So we have an email address? if (empty($_POST[email])) { // We dont! makeNotice("You need to supply an email address!", "error", "Account not created"); } else { // We do. Clean it. $NEW_EMAIL = sanitize($_POST[email]); } // Inser the new user into the database! $DB->query("insert into users (username, password, email, addedby, confirmed) " . "values (?, ?, ?, ?, ?)", array("{$NEW_USER}", "{$PASSWORD_ENC}", "{$NEW_EMAIL}", $MySelf->getUsername(), "1")); // Were we successfull? if ($DB->affectedRows() == 0) { makeNotice("Could not create user!", "error"); } else { // Write the user an email. global $SITENAME; $mail = getTemplate("newuser", "email"); $mail = str_replace('{{USERNAME}}', "{$NEW_USER}", $mail); $mail = str_replace('{{PASSWORD}}', "{$PASSWORD}", $mail); $mail = str_replace('{{SITE}}', "http://" . $_SERVER['HTTP_HOST'] . "/", $mail); $mail = str_replace('{{CORP}}', "{$SITENAME}", $mail); $mail = str_replace('{{CREATOR}}', "{$USERNAME}", $mail); $to = $NEW_EMAIL; $DOMAIN = $_SERVER['HTTP_HOST']; $subject = "Welcome to MiningBuddy"; $headers = "From:" . $MB_EMAIL; mail($to, $subject, $mail, $headers); makeNotice("User added and confirmation email sent.", "notice", "Account created", "index.php?action=editusers"); } }
function alertaHeartbeat() { $objAlerta = new Alerta(); $alertas = $objAlerta->obtenerAlertas($_SESSION['usuario_activo']); $items = ''; $chatBoxes = array(); foreach ($alertas as $alerta) { $chat['message'] = sanitize($chat['message']); $items .= <<<EOD \t\t\t\t\t { \t\t\t"s": "0", \t\t\t"f": "icos", \t\t\t"m": "{$chat['message']}" \t }, EOD; } $objAlerta->actualizaRecibido($_SESSION['usuario_activo']); if ($items != '') { $items = substr($items, 0, -1); } header('Content-type: application/json'); ?> { "items": [ <?php echo $items; ?> ] } <?php exit(0); }
function __construct($user, $display, $pass, $email, $country, $state, $city, $address, $zip, $phone) { //Used for display only $this->displayname = $display; //Sanitize $this->clean_email = sanitize($email); $this->clean_password = trim($pass); $this->username = sanitize($user); $this->user_country = sanitize($country); $this->user_state = sanitize($state); $this->user_city = sanitize($city); $this->user_address = sanitize($address); $this->user_zip = sanitize($zip); $this->user_phone = sanitize($phone); if (usernameExists($this->username)) { $this->username_taken = true; } else { if (displayNameExists($this->displayname)) { $this->displayname_taken = true; } else { if (emailExists($this->clean_email)) { $this->email_taken = true; } else { //No problems have been found. $this->status = true; } } } }
public function output() { $myOut = ''; $number = $this->config->get('pk_latestnews_amount') ? (int) $this->config->get('pk_latestnews_amount') : 5; $showToolTip = $this->config->get('pk_latestnews_showtooltip') !== false ? (int) $this->config->get('pk_latestnews_showtooltip') : true; $allnews = $this->pdh->aget('news', 'news', 0, array($this->pdh->sort($this->pdh->get('news', 'id_list'), 'news', 'date', 'desc'))); $i = 0; foreach ($allnews as $nid => $new) { if ((!$new['news_start'] or $new['news_start'] and $new['news_start'] < $this->time->time) and (!$new['news_stop'] or $new['news_stop'] and $new['news_stop'] > $this->time->time) && $this->pdh->get('news', 'has_permission', array($nid)) && $i < $number) { $news_array[$nid] = $new; $i++; } } if (is_array($news_array)) { $myOut = '<table width="100%" border="0" cellspacing="1" cellpadding="2" class="colorswitch">'; foreach ($news_array as $news_id => $news) { $wraptext = '<a href="' . $this->root_path . 'viewnews.php' . $this->SID . '&id=' . $news_id . '">' . $news['news_headline'] . '</a>'; $tooltip = sprintf($this->user->lang('news_submitter'), sanitize($news['username']), $this->time->user_date($news['news_date'], false, true)); $nocomments = isset($news['nocomments']) ? $news['nocomments'] : 0; if ($nocomments != 1) { // get the count of comments per news: $this->comments->SetVars(array('attach_id' => $news['news_id'], 'page' => 'news')); $comcount = $this->comments->Count(); $comments_counter = $comcount == 1 ? $comcount . ' ' . $this->user->lang('news_comment') : $comcount . ' ' . $this->user->lang('news_comments'); $comments_counter = $comcount == 1 ? $comcount . ' ' . $this->user->lang('news_comment') : $comcount . ' ' . $this->user->lang('news_comments'); $tooltip .= '<br />' . $comments_counter; } $category = $this->config->get('enable_newscategories') == 1 ? $tooltip .= '<br />' . $this->user->lang('category') . ': ' . $news['news_category'] : ''; $content = $showToolTip ? $this->html->ToolTip($tooltip, $wraptext) : $wraptext; $myOut .= '<tr><td>' . $this->time->user_date($news['news_date']) . '</td><td>' . $content . '</td></tr>'; } $myOut .= '</table>'; } return $myOut; }
function joinEvent() { // Lets import some globals, why not. global $MySelf; global $DB; $ID = $MySelf->getID(); // Are we allowed to be here? if (!$MySelf->canSeeEvents()) { makeNotice("You are not allowed to do this!", "error", "Forbidden"); } // Is the ID safe? if (!is_numeric($_GET[id]) || $_GET[id] < 0) { makeNotice("Invalid ID given!", "error", "Invalid Data"); } // Get the current list of members. $JOINS = $DB->getCol("SELECT signups FROM events WHERE id='{$_GET['id']}'"); $JOINS = unserialize($JOINS[0]); // Add this ones ship. $JOINS[$ID] = sanitize($_GET[type]); // And store it back into the db. $p = $DB->query("UPDATE events SET signups = '" . serialize($JOINS) . "' WHERE ID='{$_GET['id']}' LIMIT 1"); // Inform the user. if ($_GET[type] != "quit") { makeNotice("You have joined Event #{$_GET['id']}. Have fun, and dont be late!", "notice", "Joinup complete.", "index.php?action=showevent&id={$_GET['id']}", "[OK]"); } else { makeNotice("You have left Event #{$_GET['id']}.", "notice", "Left Event", "index.php?action=showevent&id={$_GET['id']}", "[OK]"); } }
function showImage($src, $type = null) { ?> <div class="col-md-3 item item-<?php print sanitize($type); ?> " data-type="<?php print $type; ?> "> <!-- <a href="<?php print BGALLERY_URL . '/image.php?img=' . BGALLERY_CURRENT . '/' . $src; ?> " target="_blank"> --> <a href="<?php print $src; ?> " target="_blank"> <img data-src="<?php print BGALLERY_URL; ?> thumbs/galleries/<?php print BGALLERY_CURRENT . '/' . $src; ?> " class="img-thumbnail"> <strong><?php print preg_replace("#(.*)\\.(jpg|png)\$#i", "\\1", basename($src)); ?> </strong> </a> </div> <?php }
function user_role($username) { $username = sanitize($username); $query = mysql_query("SELECT Role FROM user WHERE Username = '******'"); $result = mysql_result($query, 0); return $result; }
/** * Добавляет нового пользователя в базу или редактирует профиль существующего пользователя. * * @param array $data данные. * @param array $errors ошибки, возникшие в ходе выполнения операции. * @return array|bool возвращает пользователя или false в случаи критической ошибки. */ function userSave(array $data, array &$errors = null) { $id = isset($data['id']) ? (int) $data['id'] : null; $user = sanitize($data, userSanitizeRules(), $errors); if ($errors) { return $user; } if (!$id) { $storedUser = storageGetItemBy(ENTITY_USER, 'username', $user['username']); if ($storedUser) { $errors['exists'] = 'Пользователь с таким именем уже существует!'; return $user; } $user['created'] = mktime(); } if ($user['password'] != $data['password_repeat']) { $errors['password'] = '******'; return $user; } $user['password'] = password_hash($user['password'], PASSWORD_DEFAULT); $status = storageSaveItem(ENTITY_USER, $user); if (!$status) { $errors['db'] = 'Не удалось записать данные в базу'; } return $user; }
function createProject($name, $videoUrl, $sha1password) { $retours = array("success" => 0, "error" => "", "value" => ""); $name = sanitize($name); if ($name == "") { $name = sha1(rand()); } if (!file_exists($name)) { $zip = new ZipArchive(); $res = $zip->open("create.zip"); if ($res === TRUE) { $zip->extractTo($name); $zip->close(); file_put_contents($name . "/file/project.xml", str_replace("__video__", $videoUrl, file_get_contents($name . "/file/project.xml"))); file_put_contents($name . "/file/projectPassword.txt", $sha1password); $retours["success"] = 1; } else { $retours["success"] = -1; $retours["error"] = "No seed found"; } } else { $retours["success"] = 0; $retours["error"] = "Project already exists"; } $retours["value"] = $name; echo json_encode($retours); }
public function output() { if ($this->config('pk_quickpolls_title')) { $this->header = sanitize($this->config('pk_quickpolls_title')); } $myout = '<table cellspacing="0" cellpadding="2" width="100%"><tr><td>'; $myout .= sanitize($this->config('pk_quickpolls_question')) . '</td></tr>'; $this->tpl->add_css("\n\t\t\t.quickpolls_radio label{\n\t\t\t display: block;\n\t\t\t margin-bottom: -10px;\n\t\t\t }\n\t\t"); $myout .= '<tr><td>'; if ($this->in->exists('quickpolls_' . $this->id)) { $blnResult = $this->performVote(); if ($blnResult) { $myout .= $this->showResults(); } else { $myout .= $this->showForm(); if ($this->config('pk_quickpolls_showresults')) { $myout .= '</td></tr><tr><td><a href="' . $this->SID . '&quickpolls_results=' . $this->id . '">' . $this->user->lang('pk_quickpolls_resuls') . '</a>'; } } } else { if ($this->config('pk_quickpolls_closedate') > 0 && $this->config('pk_quickpolls_closedate') < $this->time->time || $this->in->get('quickpolls_results', 0) == $this->id && $this->config('pk_quickpolls_showresults') || $this->userVoted()) { $myout .= $this->showResults(); } else { $myout .= $this->showForm(); if ($this->config('pk_quickpolls_showresults')) { $myout .= '</td></tr><tr><td><a href="' . $this->SID . '&quickpolls_results=' . $this->id . '">' . $this->user->lang('pk_quickpolls_resuls') . '</a>'; } } } $myout .= '</td></tr>'; $myout .= '</table>'; return $myout; }
function captcha_configure() { global $main_smarty, $the_template; $q_1_low = isset($_REQUEST['q_1_low']) ? $_REQUEST['q_1_low'] : ''; $q_1_high = isset($_REQUEST['q_1_high']) ? $_REQUEST['q_1_high'] : ''; $q_2_low = isset($_REQUEST['q_2_low']) ? $_REQUEST['q_2_low'] : ''; $q_2_high = isset($_REQUEST['q_2_high']) ? $_REQUEST['q_2_high'] : ''; if ($q_1_low != '') { misc_data_update('captcha_math_q1low', $q_1_low); } else { $q_1_low = get_misc_data('captcha_math_q1low') == '' ? 1 : get_misc_data('captcha_math_q1low'); } if ($q_1_high != '') { misc_data_update('captcha_math_q1high', $q_1_high); } else { $q_1_high = get_misc_data('captcha_math_q1high') == '' ? 5 : get_misc_data('captcha_math_q1high'); } if ($q_2_low != '') { misc_data_update('captcha_math_q2low', $q_2_low); } else { $q_2_low = get_misc_data('captcha_math_q2low') == '' ? 1 : get_misc_data('captcha_math_q2low'); } if ($q_2_high != '') { misc_data_update('captcha_math_q2high', $q_2_high); } else { $q_2_high = get_misc_data('captcha_math_q2high') == '' ? 5 : get_misc_data('captcha_math_q2high'); } $main_smarty->assign('q_1_low', sanitize($q_1_low, 2)); $main_smarty->assign('q_1_high', sanitize($q_1_high, 2)); $main_smarty->assign('q_2_low', sanitize($q_2_low, 2)); $main_smarty->assign('q_2_high', sanitize($q_2_high, 2)); }
function toggleCan() { global $DB; $name = sanitize($_GET[canid]); $DB->query("UPDATE cans SET isFull=1 XOR isFull WHERE id='{$name}' LIMIT 1"); header("Location: index.php?action=cans"); }
function __construct($user, $display, $pass, $email, $colist, $contact) { //Used for display only $this->displayname = $display; //Sanitize $this->clean_email = sanitize($email); $this->clean_password = trim($pass); $this->username = sanitize($user); $this->colist_agent = $colist; $this->contact_person = $contact; if (usernameExists($this->username)) { $this->username_taken = true; } else { if (displayNameExists($this->displayname)) { $this->displayname_taken = true; } else { if (emailExists($this->clean_email)) { $this->email_taken = true; } else { //No problems have been found. $this->status = true; } } } }
function Authenticate($username, $pass, $remember = false, $already_salted_pass = '') { global $db; $dbusername = sanitize($db->escape($username), 4); $user = $db->get_row("SELECT * FROM " . table_users . " WHERE user_login = '******'"); if ($already_salted_pass == '') { $saltedpass = generateHash($pass, substr($user->user_pass, 0, SALT_LENGTH)); } else { $saltedpass = $already_salted_pass; } if ($user->user_id > 0 && $user->user_pass === $saltedpass && $user->user_lastlogin != "0000-00-00 00:00:00") { $this->user_login = $user->user_login; $this->user_id = $user->user_id; $vars = array('user' => serialize($this), 'can_login' => true); check_actions('login_pass_match', $vars); if ($vars['can_login'] != true) { return false; } $this->authenticated = TRUE; $this->md5_pass = md5($user->user_pass); $this->SetIDCookie(1, $remember); $lastip = $_SERVER['REMOTE_ADDR']; $sql = "UPDATE " . table_users . " SET user_lastip = '{$lastip}', user_lastlogin = now() WHERE user_id = {$user->user_id} LIMIT 1"; $db->query($sql); return true; } return false; }