public function create_new_group($name, $public, $category_id, $max_members, $user_id, $description)
{
$new_group_data = array();
$new_group_data['name'] = sanitize_text($name);
$new_group_data['public'] = $public;
$new_group_data['category'] = sanitize_int($category_id);
$new_group_data['max'] = sanitize_int($max_members);
$new_group_data['creator'] = sanitize_int($user_id);
$new_group_data['desc'] = $this->make_description_safe($description);
$result = $this->save_new_group($new_group_data);
return $result;
}
/**
* Try to fetch the current users IP address
* @return string
*/
function ip_address()
{
//Get IP address - if proxy lets get the REAL IP address
if (!empty($_SERVER['REMOTE_ADDR']) and !empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['REMOTE_ADDR'])) {
$ip = $_SERVER['REMOTE_ADDR'];
} elseif (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = '0.0.0.0';
}
//Clean the IP and return it
return sanitize_text($ip, 2);
}
function the_referers($num = 5, $before = '<li>', $after = '</li>', $none = 'none yet')
{
$completed = 0;
if ($referers = $GLOBALS['post_meta_cache'][wp_id()][$GLOBALS['wp_post_id']]['wp-refer']) {
$referers = array_reverse($referers);
foreach ($referers as $referer) {
$referer = explode(':!-!:', $referer);
$title = mb_conv(sanitize_text($referer[0]), $GLOBALS['blog_charset'], 'auto');
$url = sanitize_text($referer[1], false, true);
echo $before . '<a href="' . $url . '">' . $title . '</a>' . $after;
$completed++;
if ($completed == $num) {
break;
}
}
} else {
echo $before . $none . $after;
}
}
function the_referers($num = 5, $before = "<li>", $after = "</li>", $none = "none yet")
{
global $post_meta_cache, $id, $wp_id, $blog_charset;
$completed = 0;
if ($referers = $post_meta_cache[$wp_id][$id]['wp-refer']) {
$referers = array_reverse($referers);
foreach ($referers as $referer) {
$referer = explode(":!-!:", $referer);
$title = mb_conv(sanitize_text($referer[0]), $blog_charset, "auto");
$url = sanitize_text($referer[1], false, true);
echo $before . "<a href=\"{$url}\">{$title}</a>" . $after;
$completed++;
if ($completed == $num) {
break;
}
}
} else {
echo $before . $none . $after;
}
}
public static function insertComment($comment)
{
$commentText = sanitize_text($comment['commentText']);
$userId = $comment['userId'];
$postId = $comment['postId'];
$query = "INSERT INTO comments VALUES (NULL,'{$commentText}',NOW(),'{$postId}','{$userId}','1')";
$result = @mysql_query($query);
if ($result != false) {
$lastCmmtId = mysql_insert_id();
$lastCmmtQ = "SELECT \n\t\t\tcommentId,\n\t\t\tcommentText,\n\t\t\tUNIX_TIMESTAMP(commentDate) AS commentDate,\n\t\t\tfirstName,\n\t\t\tlastName,\n\t\t\tusername,\n\t\t\tprofilePicAddr\n\t\t\tFROM comments\n\t\t\tJOIN user ON comments.userId = user.userId\n\t\t\tJOIN profilepics ON profilepics.userId = comments.userId\n\t\t\tWHERE comments.commentId = '{$lastCmmtId}' AND profilepics.statusId = 1";
$lastCmmtR = mysql_query($lastCmmtQ);
if ($lastCmmtR != false) {
$lastCmmt = mysql_fetch_array($lastCmmtR);
return $lastCmmt;
} else {
return false;
}
} else {
return false;
}
}
<body></body>
</html><?php
} else {
init_param('GET', 'popuptitle', 'string', '');
init_param('GET', 'popupurl', 'string', '');
init_param('GET', 'text', 'html', '');
init_param('GET', 'post_pingback', 'integer', 0);
$action = 'post';
$pinged = '';
$default_post_cat = get_settings('default_post_category');
/* big funky fixes for browsers' javascript bugs */
$_popuptitle = fix_js_param(get_param('popuptitle'));
$_text = fix_js_param(get_param('text'));
$_popuptitle = sanitize_text($_popuptitle);
$_text = sanitize_text($_text, true);
$_popupurl = sanitize_text(get_param('popupurl'), true, true);
$post_title = $_popuptitle;
$edited_post_title = $post_title;
$content = '<a href="' . $_popupurl . '">' . $_popuptitle . '</a>' . "\n{$_text}";
// autodetect Trackback
$tb_obj = new WP_TrackBack_XML_collection();
$trackback_url = $tb_obj->get($_popupurl);
$target_charset = $tb_obj->charset;
$_css_file = get_custom_url('wp-admin.css');
$_xoops_css = xoops_getcss($GLOBALS['xoopsConfig']['theme_set']);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>WordPress > Bookmarklet</title>
<meta http-equiv="Content-Type" content="text/html; charset=<?php
<?php
require "../includes/conf.inc.php";
require "../includes/functions.inc.php";
$sq = $_POST['search'];
$sqn = sanitize_text($sq);
$searchResult = post::searchPosts($sqn, '');
if ($searchResult == false) {
echo $e;
} else {
if ($searchResult == 'empty') {
echo '<span class="search-wait">No Results Found</span>';
} else {
$srOutput = '';
foreach ($searchResult as $sr) {
$srOutput .= '<a href="' . generate_link($sr['postTitle'], $sr['postId']) . '">' . $sr['postTitle'] . '</a>';
}
echo $srOutput;
}
}
<?php
require_once './includes/configuration.php';
require_once './student/student_controller.php';
$display_message = FALSE;
$sc = new Student_controller();
if (isset($_POST['login'])) {
$user = sanitize_text($_POST['user']);
$pass = sanitize_text($_POST['pass']);
$error_msg;
if ($sc->validate_username($user) !== 1 || $sc->validate_password($pass) === FALSE) {
$error_msg = "Invalid username or password";
$display_message;
} else {
$answer = $sc->log_member_in($user, $pass);
if ($answer !== FALSE && $answer !== TRUE) {
$display_message = TRUE;
} elseif ($answer === FALSE) {
$display_message = TRUE;
}
}
if (isset($_SESSION['logged_in'])) {
if (!empty($_SESSION['tried_url'])) {
$tried_url = $_SESSION['tried_url'];
$_SESSION['tried_url'] = null;
?>
<script>window.location = "<?php
echo $tried_url;
?>
";</script>
<?php
<?php
require "../includes/conf.inc.php";
require "../includes/functions.inc.php";
if (!isset($_SESSION['userLogin'])) {
header("location: login.php");
} else {
if (!isset($_GET['u'])) {
$userId = $_SESSION['userId'];
$userInfo = user::getUserInfoById(1);
/*if($userInfo == false){
echo 'err';
}*/
var_dump($userInfo);
} else {
$userName = sanitize_text($_GET['u']);
if ($userName == '') {
$userId = $_SESSION['userId'];
$userInfo = user::getUserInfoById($userId);
echo 'Dfd';
if ($userInfo == false) {
die($e);
}
} else {
$userInfo = user::getUserInfoByUsername($userName);
if ($userInfo == false) {
die($e);
}
}
}
}
?>
› <?php
echo $title;
?>
</title>
<link rel="stylesheet" href="<?php
echo $css_file;
?>
" type="text/css" />
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $blog_charset;
?>
" />
<?php
if ($redirect == 1) {
$redirect_url = sanitize_text($redirect_url);
?>
<script language="javascript" type="text/javascript">
<!--
function redirect() {
window.location = "<?php
echo $redirect_url;
?>
";
}
setTimeout("redirect();", 600);
//-->
</script>
<?php
}
}
$result = db_query("SELECT * FROM comment WHERE status = 0 AND " . "url LIKE '{$listpath}%' ORDER BY id");
print "<p><a href='{$PHP_SELF}?L'>Show All Comments</a></p>\n";
}
}
if (db_count($result) == 0) {
if ($LOGIN_LEVEL >= AUTH_DEVEL && $op == 'l') {
print "<p>No hidden comments.</p>\n";
} else {
print "<p>No visible comments.</p>\n";
}
} else {
print "<ul>\n";
while ($row = db_next($result)) {
$create_date = date("M d, Y", $row['create_date']);
$create_user = sanitize_email($row['create_user']);
$contents = sanitize_text($row['contents']);
$location = str_replace("_", "?", $row['url']);
print "<li><a href='{$location}'>{$row['url']}</a> " . " by {$create_user} on {$create_date} " . "<a href='{$PHP_SELF}?e{$row['id']}+p{$row['url']}'>Edit</a> " . "· <a href='{$PHP_SELF}?d{$row['id']}+p{$row['url']}'>Delete</a>" . "<br><tt>{$contents}</tt></li>\n";
}
print "</ul>\n";
}
db_free($result);
html_footer();
break;
case 'm':
// Moderate
if (array_key_exists("MODPOINTS", $_COOKIE)) {
$modpoints = $_COOKIE["MODPOINTS"];
} else {
$modpoints = 5;
}
if ($is_macIE && !isset($IEMac_bookmarklet_fix)) {
$popuptitle = preg_replace($wp_macIE_correction["in"], $wp_macIE_correction["out"], $popuptitle);
$text = preg_replace($wp_macIE_correction["in"], $wp_macIE_correction["out"], $text);
}
if ($is_winIE && !isset($IEWin_bookmarklet_fix)) {
$popuptitle = preg_replace("/\\%u([0-9A-F]{4,4})/e", "'&#'.base_convert('\\1',16,10).';'", $popuptitle);
$text = preg_replace("/\\%u([0-9A-F]{4,4})/e", "'&#'.base_convert('\\1',16,10).';'", $text);
}
if ($is_gecko && !isset($Gecko_bookmarklet_fix)) {
$popuptitle = preg_replace($wp_gecko_correction["in"], $wp_gecko_correction["out"], $popuptitle);
$text = preg_replace($wp_gecko_correction["in"], $wp_gecko_correction["out"], $text);
}
$post_title = $_REQUEST['post_title'];
if (!empty($post_title)) {
// $post_title = stripslashes($post_title);
$post_title = sanitize_text($post_title);
} else {
$post_title = $popuptitle;
}
// I'm not sure why we're using $edited_post_title in the edit-form.php, but we are
// and that is what is being included below. For this reason, I am just duplicating
// the var instead of changing the assignment on the lines above.
// -- Alex King 2004-01-07
$edited_post_title = $post_title;
$content = $_REQUEST['content'];
if (!empty($content)) {
$content = stripslashes($content);
} else {
$content = '<a href="' . $popupurl . '">' . $popuptitle . '</a>' . "\n{$text}";
}
/* /big funky fixes */
<?php
require "../includes/conf.inc.php";
require "../includes/functions.inc.php";
if (isset($_POST['email'])) {
$email = sanitize_text($_POST['email']);
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
$selQuery = "SELECT user.userId FROM user WHERE user.email = '{$email}'";
$selResult = @mysql_query($selQuery) or die($e);
$numEmail = mysql_num_rows($selResult);
if ($numEmail != 1) {
echo 0;
} else {
echo 1;
}
} else {
echo 2;
}
}
} else {
$answer = "Something went wrong. Please reload page and try again!";
}
?>
<script>alert("<?php
echo $answer;
?>
");</script>
<?php
} elseif (isset($_POST['edit'])) {
$student_level_in_group = $student->get_student_level_in_group($group->get_id());
if ($student_level_in_group === 2 || $student_level_in_group === 3) {
$safe_name = sanitize_text($_POST['editGroupName']);
$safe_max_size = sanitize_int($_POST['editGroupSize']);
$safe_category = sanitize_int($_POST['editGroupCategory']);
$safe_description = sanitize_text($_POST['editGroupDescription']);
if ($student_level_in_group === 2) {
$safe_name = $group->get_name();
$safe_max_size = $group->get_max_members();
$safe_category = $group->get_category_id();
$edit_message = $group->update_group($safe_name, $safe_max_size, $safe_category, $safe_description);
$edited = TRUE;
} elseif ($student_level_in_group === 3) {
if ($gc->validate_if_category($safe_category) === FALSE) {
$safe_category = $group->get_category_id();
}
$edit_message = $group->update_group($safe_name, $safe_max_size, $safe_category, $safe_description);
$edited = TRUE;
}
}
}
public function search_for_student($search_string)
{
$results = array();
if ($this->validate_email($search_string)) {
$results = $this->search_for_email(sanitize_email($search_string));
} else {
$username_results = $this->search_for_username(sanitize_text($search_string));
$name_results = $this->search_for_name(sanitize_text($search_string));
$email_results = $this->search_for_first_part_of_email($search_string);
foreach ($username_results as $username_result) {
$results[] = $username_result;
}
foreach ($name_results as $name_result) {
if (!in_array($name_result, $results)) {
$results[] = $name_result;
}
}
foreach ($email_results as $email_result) {
if (!in_array($email_result, $results)) {
$results[] = $email_result;
}
}
}
return $results;
}
}
$student = new Student($_SESSION['user_id']);
if (!isset($_GET['id'])) {
if (!isset($_GET['usr'])) {
$student_visited = $student;
} else {
if (sanitize_text(strtolower($_GET['usr'])) == "buddies") {
?>
<script>window.location = "<?php
echo SERVER . BASE;
?>
student/buddies.php";</script>
<?php
}
$sc = new Student_controller();
$user_array = $sc->get_member_with_username(sanitize_text($_GET['usr']));
$student_visited = new Student($user_array['id']);
}
} else {
$student_visited = new Student($_GET['id']);
}
/*
* Setting buddy statuses
*/
$buddies_pending = FALSE;
$buddies = FALSE;
if (isset($_POST['becomeBuddy'])) {
if ($student_visited->apply_for_buddies($student->get_id())) {
$buddies_pending = TRUE;
} else {
$buddies_pending = FALSE;
$username = "";
$firstname = "";
$lastname = "";
$email = "";
$error_message = "";
if (isset($_POST['join'])) {
$username = sanitize_text($_POST['username']);
$firstname = sanitize_text($_POST['firstname']);
$lastname = sanitize_text($_POST['lastname']);
$email = sanitize_email($_POST['email']);
//First, let's check if token is correct!
$form_token = $_POST['token'];
$sess_token = retrieve_session_token();
if ($form_token === $sess_token) {
$pass1 = sanitize_text($_POST['password1']);
$pass2 = sanitize_text($_POST['password2']);
$answer = $sc->create_student($username, $firstname, $lastname, $email, $pass1, $pass2);
if ($answer !== TRUE) {
?>
<script>
window.location = "#sign-up";
</script>
<?php
$error_message = "You have not filled out the form according to the requirements";
} else {
$sc->log_member_in($username, $pass1);
?>
<script>
alert('Welcome! :)');
window.location = "<?php
echo W1BASE;
private function save_new_group_name($group_name)
{
global $dbCon;
$safe_name = sanitize_text($group_name);
$sql = "UPDATE `group` SET name = ? WHERE id = ?;";
$stmt = $dbCon->prepare($sql);
if ($stmt === false) {
trigger_error('SQL Error: ' . $dbCon->error, E_USER_ERROR);
}
$stmt->bind_param('si', $safe_name, $this->id);
//Bind parameters.
$stmt->execute();
$rows = $stmt->affected_rows;
if ($rows == 1) {
$stmt->close();
return TRUE;
}
$error = $stmt->error;
$stmt->close();
return $error;
}
/**
* Set the file name
*
* This function takes a filename as input and filters it to make it safe
* for use. It also gets the file extension. Finally, it looks for the
* existence of a file with the same name. If found, it will append a
* number to the end of the filename to avoid overwriting a pre-existing file.
*
* @access public
* @param string
* @param string
* @return string
*/
function process_filename($filename = '')
{
//First get the extension of the file
$ext = strrchr($filename, '.');
//Then get the file name
$filename = $ext === FALSE ? $filename : substr($filename, 0, -strlen($ext));
//Should we encrypt the filename?
if ($this->encrypt_name == TRUE) {
mt_srand();
//Set the file name to a random value
$filename = md5(uniqid(mt_rand()));
} else {
//Make the files name "filename" safe (no weird chars allowed like "/")
$filename = sanitize_text($filename, 1);
/*
* Separate extensions with "_" to prevent possible script execution
* from Apache's handling of files with multiple extensions.
* http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext
*/
if (strpos($filename, '.') !== FALSE) {
//First, break apart the name into pieces
$parts = explode('.', $filename);
foreach ($parts as &$part) {
//If this extension is not allowed
if (!in_array($part, $this->allowed_types)) {
//add a underscore to the name to make it un-usable
$part .= '_';
}
}
//Put the filename back togeither
$filename = implode('.', $parts);
}
}
//Check to see if the file with this name exists already
if (file_exists($this->upload_path . $filename . $ext)) {
//If we should NOT overwrite the existing files
if (!$this->overwrite) {
//Then keep adding a number to the file name
//until you find one that doesn't exist!
for ($i = 1; $i < 1000; $i++) {
if (!file_exists($this->upload_path . $filename . $i . $ext)) {
$filename .= $i;
break;
}
}
}
}
//Set the name and file extension
$this->file_name = $filename;
$this->file_ext = substr($ext, 1);
}
<link rel="stylesheet" href="<?php
echo $css_file;
?>
" type="text/css" />
<meta http-equiv="Content-Type" content="text/html; charset=<?php
echo $blog_charset;
?>
" />
<?php
if ($redirect == 1) {
?>
<script language="javascript" type="text/javascript">
<!--
function redirect() {
window.location = "<?php
echo sanitize_text($redirect_url);
?>
";
}
setTimeout("redirect();", 600);
//-->
</script>
<?php
}
}
?>
<script language="javascript" type="text/javascript">
//<![CDATA[
function profile(userID) {
window.open ("profile.php?action=viewprofile&profile=1&user="******"Profile", "width=500, height=450, location=0, menubar=0, resizable=0, scrollbars=1, status=1, titlebar=0, toolbar=0, screenX=60, left=60, screenY=60, top=60");
}
<?php
require "../includes/conf.inc.php";
require "../includes/functions.inc.php";
if (isset($_GET['q'])) {
if (!empty($_GET['q'])) {
$sq = sanitize_text($_GET['q']);
$searchResult = post::searchPosts($sq, '');
if ($searchResult == false) {
die($e);
}
} else {
header("location: ../search/");
}
} else {
$sq = "Search";
$searchResult = "undefined";
}
?>
<!doctype html>
<html lang="en">
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width,intial-scale=1" />
<head>
<title><?php
if (isset($_GET['q'])) {
echo trim(htmlentities($_GET['q']));
} else {
echo 'Search';
<?php
require "../includes/conf.inc.php";
require "../includes/functions.inc.php";
if (isset($_POST['institutionName'])) {
$institutionName = sanitize_text($_POST['institutionName']);
$insQuery = "INSERT INTO institutions VALUES (NULL,'{$institutionName}')";
$insResult = @mysql_query($insQuery) or die($e);
$selQuery = "SELECT * FROM institutions";
$selResult = @mysql_query($selQuery) or die($e);
echo '<option value="NULL">Choose Your Institution</option>';
while ($institution = mysql_fetch_array($selResult)) {
echo '<option value="' . $institution['institutionId'] . '">' . $institution['institutionName'] . '</option>';
}
}
<?php
require "../includes/conf.inc.php";
require "../includes/functions.inc.php";
if (isset($_POST['token'], $_POST['email'], $_POST['password'], $_POST['repassword'])) {
$token = $_POST['token'];
$email = sanitize_text($_POST['email']);
$password = sanitize_text($_POST['password']);
$repassword = sanitize_text($_POST['repassword']);
$newToken = md5($salt . $email);
if ($token == $newToken) {
$query = "SELECT admin.adminId FROM admin WHERE admin.email = '{$email}' AND admin.statusId = 2";
$result = mysql_query($query);
$count = mysql_num_rows($result);
if ($count != 0) {
$admin = mysql_fetch_array($result);
$adminId = $admin['adminId'];
if ($password == $repassword) {
$entryPassword = md5($password);
$insQ = "UPDATE admin SET admin.statusId = '1' , admin.password = '******' WHERE admin.adminId = '{$adminId}'";
$insR = mysql_query($insQ);
if (!$insR) {
$response = array('success' => 0, 'error' => 4, 'errorMsg' => 'Opps! Something Went wrong. Please Try Again Later', 'debugError' => mysql_error());
} else {
$response = array('success' => 1, 'error' => 0);
}
} else {
$response = array('success' => 0, 'error' => 3, 'errorMsg' => 'Password didnot Match.');
}
} else {
$response = array('success' => 0, 'error' => 2, 'errorMsg' => 'The email you entered couldnot be found.');
exit;
}
if (get_settings('use_comment_preview') && $action != 'confirm') {
$show_cblock = 0;
include 'header.php';
$comment = balanceTags($comment, 1);
$comment = convert_chars($comment);
$comment = apply_filters('post_comment_text', $comment);
$comment_preview = apply_filters('comment_text', $comment);
$author_preview = apply_filters('comment_author', $author);
$author_preview = empty($url) ? $author_new : "<a href='{$url}' rel='external'>{$author_new}</a>";
$author_edit = sanitize_text($author);
$url_edit = sanitize_text($url, false, true);
$email_edit = sanitize_text($email);
$comment_edit = sanitize_text($comment);
$redirect_to_edit = sanitize_text($redirect_to, false, true);
include get_custom_path('confirm-template.php');
include XOOPS_ROOT_PATH . "/footer.php";
exit;
} else {
if (get_settings('use_comment_preview') && $action == 'confirm') {
if (!$xoopsWPTicket->check()) {
redirect_header($location, 3, $xoopsWPTicket->getErrors());
}
}
$now = current_time('mysql');
$comment = balanceTags($comment, 1);
$comment = convert_chars($comment);
$comment = format_to_post($comment);
$comment = apply_filters('post_comment_text', $comment);
$comment_author = $author;
<?php
header("Content-type: text/javascript");
include "../includes/conf.inc.php";
include "../includes/functions.inc.php";
if (isset($_POST['email'])) {
$email = $_POST['email'];
$email = sanitize_text($email);
$query = "SELECT \n\tadmin.adminId,\n\tadmin.firstName,\n\tadmin.lastName,\n\tadmin.email \n\tFROM admin \n\tWHERE admin.email = '{$email}'\n\tAND admin.statusId = 1";
$result = mysql_query($query);
if (!$result) {
$response = array('success' => 0, 'error' => 1, 'errorMsg' => 'Opps! Something went wrong.');
} else {
$adminNum = mysql_num_rows($result);
if ($adminNum == 0) {
$response = array('success' => 0, 'error' => 2, 'errorMsg' => 'Incorrect Information Provided. Please try again.');
} else {
$admin = mysql_fetch_array($result);
$adminId = $admin['adminId'];
$adminFirstName = $admin['firstName'];
$adminLastName = $admin['lastName'];
$adminEmail = $admin['email'];
$token = md5($salt . $adminEmail);
$resetLink = $website . "admin/reset.php?token=" . $token;
$updQuery = "UPDATE admin SET admin.statusId = 2 WHERE admin.adminId = '{$adminId}'";
$updRes = mysql_query($updQuery);
if (!$updRes) {
$response = array('success' => 0, 'error' => 1, 'errorMsg' => 'Opps! Something went wrong.');
} else {
$subject = "Password Reset.";
$body = "\n\t\t\t\t\t<html>\n\t\t\t\t\t<head>\n\t\t\t\t\t\t<title>Password Reset</title>\n\t\t\t\t\t\t<link href=\"http://fonts.googleapis.com/css?family=Open+Sans\" rel=\"stylesheet\" type=\"text/css\"/>\n\t\t\t\t\t\t<style>\n\t\t\t\t\t\tbody{\n\t\t\t\t\t\t\tfont:100% 'Open Sans',Segoe UI, Calibri, Candara, Arial, sans-serif;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ta{\n\t\t\t\t\t\t\tcolor:#008ED7;\n\t\t\t\t\t\t\ttext-decoration:none;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\ta:hover{\n\t\t\t\t\t\t\ttext-decoration:underline;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\t</style>\n\t\t\t\t\t</head>\n\t\t\t\t\t<body>\n\t\t\t\t\tDear {$adminFirstName} {$adminLastName},<br/><br/>\n\n\t\t\t\t\tA request to reset password was received from your <a href={$website}>Plus Two Notes</a> account - {$adminEmail}. (Admin Id: <b>{$adminId}</b>)<br/><br/>\n\n\t\t\t\t\t<br/>\n\n\t\t\t\t\t<a href={$resetLink}>{$resetLink}</a><br/><br/>\n\n\t\t\t\t\tClick the above link to reset your password or copy and paste in the address bar of your browser.<br /><br />\n\n\t\t\t\t\t<b>Support</b><br/>\n\n\t\t\t\t\tFor any support with respect to your relationship with us you can always contact us directly using the following Information.<br/><br/>\n\n\t\t\t\t\tEmail address: contact@plustwonotes.com\n\n\t\t\t\t\t<br /><br />\n\n\t\t\t\t\t<i>This is auto generated email. Please donot reply</i>\n\t\t\t\t\t</body>\n\t\t\t\t\t</html>\n\n\t\t\t\t";
<?php
require "../includes/conf.inc.php";
require "../includes/functions.inc.php";
if (isset($_POST['commentText']) && !empty($_POST['commentText'])) {
$comment['commentText'] = sanitize_text($_POST['commentText']);
$comment['userId'] = intval($_POST['userId']);
$comment['postId'] = intval($_POST['postId']);
$comment = comment::insertComment($comment);
if ($comment == false) {
echo false;
} else {
$cmmtDate = ago($comment['commentDate']);
echo '<li class="comment">
<div class="commenterProfilePic">
<img src="' . $website . $comment['profilePicAddr'] . '"/>
</div>
<div class="commentDetail">
<a href="' . $website . 'account/profile/' . $comment['username'] . '" class="commenter">' . $comment['firstName'] . ' ' . $comment['lastName'] . '</a><br />
<p>' . $comment['commentText'] . '</p>
<span>' . $cmmtDate . '</span>
</div>
<div class="cleaner"></div>
</li>';
}
}
<?php
require "../includes/conf.inc.php";
require "../includes/functions.inc.php";
if (!isset($_SESSION['login']) && isset($_POST['login'])) {
//taking the inputs in
$username = $_POST['username'];
$password = $_POST['password'];
//cleaning the inputs
$username = sanitize_text($username);
$password = sanitize_text($password);
$password = md5($password);
$query = "SELECT * FROM admin WHERE ( admin.username = '******' OR admin.email = '{$username}' ) AND admin.password = '******'";
$result = mysql_query($query, $conn) or die("Error");
$count = mysql_num_rows($result);
if ($count == 1) {
$admin = mysql_fetch_array($result);
if ($admin['statusId'] == 1) {
$_SESSION['login'] = 1;
$_SESSION['adminId'] = $admin['adminId'];
header("location: ../admin/");
} else {
$_SESSION['error'] = 3;
header("location: ../admin/login.php");
}
} else {
$_SESSION['error'] = 2;
header("location: ../admin/login.php");
}
} else {
header("location: ../admin/");
function comment_edit_action()
{
$BD = $_POST['comment_post_board'];
$ID = $_POST['comment_post_id'];
$CM = $_POST['comment_id'];
$OK = TRUE;
$who = isset($_SESSION['member']['id']) ? $_SESSION['member']['id'] : 0;
if ($_POST['comment_modify_author'] != $who) {
$OK = FALSE;
set_clue('登入身份已經變動要繼續動作請再切換!');
}
if (empty($_POST['comment_author_nicename'])) {
$OK = FALSE;
set_clue('請記得填寫回覆作者名稱!');
}
if (empty($_POST['comment_content'])) {
$OK = FALSE;
set_clue('最重要的回覆怎麼可以不寫呢!');
}
if (!empty($_POST['comment_author_email']) && !email_check($_POST['comment_author_email'])) {
$OK = FALSE;
set_clue('請填寫正確的電子郵件位址!');
}
if ($OK) {
$comment_author_ip = ip2long($_SERVER['REMOTE_ADDR']);
$comment_author_nicename = sanitize_text($_POST['comment_author_nicename']);
$comment_content = trim($_POST['comment_content']);
$comment_modify = date("Y-m-d H:i:s");
$comment_modify_member = $_POST['comment_modify_author'];
if (isset($_POST['comment_modify_author']) && $_POST['comment_modify_author'] > 0) {
$comment_modify_who = sanitize_text($_POST['comment_modify_who']);
} else {
$comment_modify_who = $comment_author_nicename;
}
$change['key'] = array('comment_author_ip', 'comment_author_nicename', 'comment_content', 'comment_modify', 'comment_modify_member', 'comment_modify_who');
$change['value'] = array($comment_author_ip, $comment_author_nicename, $comment_content, $comment_modify, $comment_modify_member, $comment_modify_who);
if (!empty($_POST['comment_author_email'])) {
$change['key'][] = 'comment_author_email';
$change['value'][] = strtolower($_POST['comment_author_email']);
}
$where['key'] = 'id';
$where['value'] = $CM;
inset('comments', $change, $where);
unset($_SESSION['comment']);
header('location: ' . OUT_PATH . $ID . '#comment-' . $CM);
} else {
if (!isset($_SESSION['comment'])) {
$_SESSION['comment'] = array();
}
$_SESSION['comment']['author_nicename'] = $_POST['comment_author_nicename'];
$_SESSION['comment']['author_email'] = $_POST['comment_author_email'];
$_SESSION['comment']['content'] = $_POST['comment_content'];
$_SESSION['comment']['modify_who'] = isset($_POST['comment_modify_who']) ? $_POST['comment_modify_who'] : '';
$_SESSION['comment']['certify'] = TRUE;
$_SESSION['comment']['id'] = $CM;
header('location: ' . OUT_PATH . 'comment/' . $CM);
}
}
";</script>
<?php
die;
}
$student = new Student($_SESSION['user_id']);
$crooked = false;
if (!isset($_GET['s'])) {
?>
<script>window.location = "<?php
echo BASE;
?>
";</script>
<?php
die;
} else {
$search_string = sanitize_text($_GET['s']);
if ($_GET['s'] !== $search_string) {
//Something is not as it should be!
$crooked = true;
$message = "You bastard! We've logged your search with ip: " . get_ip_address();
}
$sc = new Student_controller();
$search_student_ids = $sc->search_for_student($search_string);
}
?>
<html>
<head>
<meta charset="UTF-8">
<title><?php
echo $student->get_firstname();
?>
<?php
require "../../includes/conf.inc.php";
require "../../includes/functions.inc.php";
if (isset($_POST['postTitle'])) {
$adminId = $_SESSION['adminId'];
$postTitle = $_POST['postTitle'];
$postTypId = $_POST['postTypId'];
$subjectId = $_POST['subjectId'];
$imp = $_POST['imp'];
$postText = $_POST['postText'];
$postTitle = ucfirst(sanitize_text($postTitle));
$postText = trim(mysql_real_escape_string(stripslashes($postText)));
if ($postTitle == '' || $postText == '') {
//when any entry is empty
$response = array('success' => 0, 'error' => 1, 'errorMsg' => 'Either Post Title Or Post Body is empty!');
} else {
$newPost = array('postTitle' => $postTitle, 'postText' => $postText, 'subjectId' => $subjectId, 'postTypId' => $postTypId, 'adminId' => $adminId, 'statusId' => 2, 'imp' => $imp);
if (!post::create($newPost)) {
$response = array('success' => 0, 'error' => 2, 'errorMsg' => 'Opps! Something Went Wrong!');
} else {
$response = array('success' => 1, 'error' => 0);
}
}
/*$_SESSION['response'] = $response;
header("location: add.php");*/
echo json_encode($response);
}
