secureForDB PHP примеры использования

Пример #1

0

Показать файл

Файл: siteSettings.php Проект: ManselD/Old-PHP-Game-Site

<?php

session_start();
include "/home/u220391248/public_html/scripts/config.php";
checkIfAdmin();
checkIfBanned();
if (isset($_POST['submit'])) {
    $registrationDisabled = secureForDB($_POST['registrationDisabled']);
    if (mysql_query("UPDATE websiteSettings SET registrationDisabled = '{$registrationDisabled}'")) {
        $msg = "Your settings have been saved!";
    } else {
        $msg = "Your settings haven't bene saved!";
    }
}
echo $menu;
?>
<title><?php 
echo "{$title}";
?>
</title>
<head>
<link href="/stylesheets/default.css" rel="stylesheet" type="text/css">
<link href="/stylesheets/css_buttons.css" rel="stylesheet" type="text/css">
</head>

<style>
.form{
  position:relative;
  top:250;
  background-color:black;
  width:330;

Пример #2

0

Показать файл

Файл: settings.php Проект: ManselD/Old-PHP-Game-Site

}
$confirmpass = secureString($_POST['currpass']);
$pass = md5(secureForDB($_POST['pass']));
$email = secureForDB($_POST['email']);
if (isset($_POST['cnfrm'])) {
    if (isset($confirmpass)) {
        if (md5($confirmpass) == $p1) {
            if ($pass != "") {
                // Change password
                mysql_query("UPDATE users SET password = '******' WHERE username = '******'");
                echo "<center><font color=green>The password for your account\n        has been changed!</font></center>";
            }
            if (isset($email) && checkEmail($email)) {
                // Change email address
                $query = mysql_query("UPDATE users SET email = '{$email}' WHERE username = '******'");
                echo "If you ever forget your password, you can now use the password reset feature.<br> Just click the link that says \"Forgot Password?\" on the login page.";
            } elseif ($email != "") {
                echo "<font color=red>The email address you have entered is invalid!</font>";
            }
        } else {
            die("<center><font color=red>The password you have entered is invalid!</font></center>");
        }
    }
}
if (isset($_POST['perPage'])) {
    $amountPP = secureForDB($_POST['amountPerPage']);
    mysql_query("UPDATE users SET gamesPerPage = '{$amountPP}' WHERE username = '******'");
    redirect(0, "settings.php");
}
?>
</center>

Пример #3

0

Показать файл

Файл: changeUserDetails.php Проект: ManselD/Old-PHP-Game-Site

 $newPassword = "";
 if (!$_SESSION['account_position'] == "Admin") {
     if ($_SESSION['CurrentUser'] == $username) {
         die("<font color=\"red\">You cannot edit your own details</font>");
     }
 }
 if (getUserData($username, "account_position") == "Admin") {
     die("<br><font color=\"red\">You cannot edit an administrator's details.</font>");
 }
 if (isset($user)) {
     $query = mysql_query("SELECT * FROM users WHERE username = '******'");
     if ($query) {
         $query2 = mysql_query("UPDATE users SET password = '******' WHERE username = '******'");
         if ($query2) {
             echo "<font color=green><center>{$username}'s password has been changed!</center></font>";
             $newPassword = secureForDB($_POST['password']);
             $somethingChanged = true;
         }
         if ($email != "") {
             $query2 = mysql_query("UPDATE users SET email = '{$email}' WHERE username = '******'");
             if ($query2) {
                 echo "<font color=green><center>{$username}'s email address has been changed!</center></font>";
                 $newMail = $email;
                 $somethingChanged = true;
             }
         }
         if ($newUsername != "") {
             $query = mysql_query("UPDATE users SET username = '******' WHERE username = '******'");
             if ($query) {
                 echo "<font color=green><center>{$username}'s new username is now: {$newUsername}</center></font>";
                 $somethingChanged = true;

Пример #4

0

Показать файл

Файл: categorize.php Проект: ManselD/Old-PHP-Game-Site

.content {
padding: 5;
}

.title{
margin:5;
}
</style>
<?php 
echo $menu;
?>
<div class="content">
<font color=white>
<?php 
if (isset($_GET['tag'])) {
    $tag = secureForDB($_GET['tag']);
    if ($tag == "") {
        die("<center><font color=red>Derp, you haven't entered a tag...</font></center>");
    }
    $query = mysql_query("SELECT * FROM gmes WHERE tags LIKE '%{$tag}%' ORDER BY gme_name");
    while ($row = mysql_fetch_array($query)) {
        $tags = $row['tags'];
        $tags = explode(";", $tags);
        $id = $row['id'];
        foreach ($tags as $item) {
            if ($item == $tag) {
                $list .= $id . ";";
            }
        }
    }
    $list = explode(";", $list);

Пример #5

0

Показать файл

Файл: PlaySWF.php Проект: ManselD/Old-PHP-Game-Site

<?php

include "/home/u220391248/public_html/scripts/config.php";
error_reporting(0);
$user = $_SESSION['CurrentUser'];
$id = secureForDB($_GET['id']);
$playAnotherRandomGame = secureForDB($_GET['randomGameBtn']);
if ($id == 0) {
    header("Location: /main.php");
    return;
}
checkIfLoggedIn();
checkIfBanned();
$query = mysql_query("SELECT * FROM gmes WHERE id = '{$id}'");
$arr = mysql_fetch_array($query);
$name = $arr['filename'];
$gme_type = $arr['type'];
$shockwaveUrl = "http://dl.dropboxusercontent.com/u/88620415/swf_files/shockwave/";
$mainUrl = "http://dl.dropboxusercontent.com/u/88620415/swf_files/";
switch ($gme_type) {
    case "flash":
        //Carry on
        break;
    case "shockwave":
        break;
    case "java":
        header("Location: JVA-GME.php?id={$id}");
        return;
        break;
    default:
        die("<center><font color=red>Error! Contact the owner about an invalid link</font></center>");

Пример #6

0

Показать файл

Файл: request.php Проект: ManselD/Old-PHP-Game-Site

<?php

include "/home/u220391248/public_html/scripts/config.php";
checkIfLoggedIn();
checkIfBanned();
if (isset($_POST['submit'])) {
    $name = secureForDB($_POST['name']);
    $url = secureForDB($_POST['url']);
    $email = getUserData($user, "email");
    $date = date("dS F Y");
    mysql_query("INSERT INTO requests SET username = '******', email = '{$email}', game_name = '{$name}', game_url = '{$url}', date = '{$date}'");
}
$form = base64_encode('<style>
.form{
	position:relative;
	top:250;
	width:300;
	margin:5;
	padding:5;
	background-color:black;
}
</style>
<center>
<div class="form">
<form action="" method="POST">
<table>
<tr>
<td><font color="white">Game Name:</font></td>
<td><input type="text" name="name"></td>
</tr>

Пример #7

0

Показать файл

Файл: ban.php Проект: ManselD/Old-PHP-Game-Site

            } else {
                echo "<center><font color=red>An unexpected error has occured!<br>" . mysql_error() . "</font></center>";
            }
        }
    } elseif ($banMsg == "") {
        echo "<center><font color=red>You can't ban someone without a message</font></center>";
    } else {
        if (!isset($_POST['customMsg'])) {
            echo "<center><font color=red>You can't ban someone without a message</font></center>";
        }
    }
}
// Custom Message Ban
if (!$_POST['customMsg'] == "") {
    preventEditingAdminBan();
    $msg = secureForDB("CustomMsg:" . $_POST['customMsg']);
    $query = mysql_query("UPDATE users SET bannedBy = '{$user}', ban_message = '{$msg}' WHERE username = '******'");
    if ($query) {
        logBan();
        echo "<center><font color=green>The user {$username} has been banned with your custom message!</font></center>";
        die;
    } else {
        echo "<center><font color=red>An unexpected error has occured!</font></center>";
    }
}
// Unban User
if (!$username == "") {
    if (in_array($bannedBy, $unremovableBans)) {
        die('<center><font color="red">You cannot modify an administrator\'s ban</font></center>');
    }
    if (isset($_POST['unban'])) {

Пример #8

0

Показать файл

Файл: update_gme_db.php Проект: ManselD/Old-PHP-Game-Site

            }
            $del = mysql_query("DELETE FROM gmes WHERE id = '{$gmeID}'");
            if ($del) {
                mysql_query("ALTER TABLE gmes AUTO_INCREMENT = {$i};");
                $gMsg = $gmeName . " has been removed successfully!";
            } else {
                $eMsg = "An error has occured while trying to remove\n" . $gmeName;
            }
        } else {
            $eMsg = "There is no Gme with that Name/ID";
        }
    }
}
if (isset($_POST['addOne'])) {
    $gme_name = secureForDB($_POST['gmeName']);
    $swfFile = secureForDB($_POST['swfName']);
    if ($gme_name != "" && $swfFile != "") {
        $query = "INSERT INTO gmes SET filename = '{$swfFile}', gme_name = '{$gme_name}'";
        $check = mysql_query("SELECT * FROM gmes WHERE filename = '{$swfFile}'");
        $check2 = mysql_query("SELECT * FROM gmes WHERE gme_name = '{$gme_name}'");
        $actualCheck = mysql_num_rows($check);
        $actualCheck2 = mysql_num_rows($check2);
        if ($actualCheck == 0 && $actualCheck2 == 0) {
            $result = mysql_query($query);
            if ($result) {
                $gMsg = "{$gme_name} has been added!";
            }
        }
    }
}
if (isset($_POST['genList'])) {

Пример #9

0

Показать файл

Файл: error.php Проект: ManselD/Old-PHP-Game-Site

	</tr>

	<tr>
    <td><font color="white">Confirm New Password:</td>
	<td><input type="password" name="confirmNewPassword"></td>
	</tr>
	</table>
	<input type="submit" class="btn rc05 f10 p05 dk blue" value="Change Password!" name="submit">
	</form>
	</div>
	</center>
	</body>';
    if (isset($_POST['currentPassword'], $_POST['newPassword'], $_POST['confirmNewPassword'])) {
        $currPass = secureForDB($_POST['currentPassword']);
        $newPass = secureForDB($_POST['newPassword']);
        $confirmNewPass = secureForDB($_POST['confirmNewPassword']);
        $arr = explode(":", $_SESSION['INSECURE_PASS_DATA']);
        $TMP_USER = $arr[0];
        $TMP_PASS = $arr[1];
        if (md5($currPass) == $TMP_PASS) {
            if ($newPass == $confirmNewPass) {
                if (getPasswordStrength($newPass) >= $globalPasswordStrength) {
                    $hash = md5($newPass);
                    $result = mysql_query("UPDATE users SET password = '******' WHERE username = '******'");
                    if ($result) {
                        unset($_SESSION['INSECURE_PASS_DATA']);
                        echo '<center><font color="green">Your password has been successfully changed, you may now login!<center>
						<meta http-equiv="refresh" content="3; url=' . $mirrorUrl . '">';
                    } else {
                        echo "<center><font color=\"red\">An unexpected error has occured!</center>";
                    }

Пример #10

0

Показать файл

Файл: privateMessage.php Проект: ManselD/Old-PHP-Game-Site

?>
" name="name"></td>
	</tr>
	
	<tr>
		<td><textarea name="body" style="margin: 3px; height: 250px; width: 500px; "></textarea><br></td>
	</tr>
</table>
<div class="btn">
<input type="submit" class="btn rc05 f10 p05 dk blue" name="submit" value="Send PM!">
</div>
</form>

<?php 
if (isset($_POST['submit'])) {
    $name = secureForDB($_POST['name']);
    if (is_numeric($name)) {
        $query = mysql_query("SELECT * FROM users WHERE id = '{$name}'");
        $arr = mysql_fetch_array($query);
        $name = $arr['username'];
    }
    $query = mysql_query("SELECT * FROM users WHERE username = '******'");
    $arr = mysql_fetch_array($query);
    $email = $arr['email'];
    $subject = 'You have recieved a PM from ' . $user . '';
    $body = secureString($_POST['body']);
    $body .= '<br>----------<br>To reply to this PM, go <a href="' . $mirrorUrl . '?ext=/scripts/privateMessage.php?rid=' . $userDetails['id'] . '">here</a>';
    $headers = "Content-Type: text/html;";
    $success = mail($email, $subject, $body, $headers);
    if ($success) {
        $gMsg = "A PM to {$name} has been sent!";

Пример #11

0

Показать файл

Файл: JqueryDo.php Проект: ManselD/Old-PHP-Game-Site

        if ($favourites != "") {
            $list .= '<div id="favourites"><table border="2"><tr><th><center><div id="title">Game</div></center></th><th><center><div id="title">Remove</div></center></th></tr>';
            foreach ($arr as $id) {
                if ($id != "") {
                    $data = mysql_fetch_array(mysql_query("SELECT * FROM gmes WHERE id = '{$id}'"));
                    $gme_name = $data['gme_name'];
                    $list .= '<tr><td><div id="gmeName"><a id="link" href="' . $mirrorUrl . '?ext=/scripts/PlaySWF.php?id=' . $id . '">' . $gme_name . '</a></div></td><td><a id="x" href="javascript:removeFav(' . $id . ')"><center>Remove</center></a></td></tr>';
                }
            }
            $list .= "</div></table>";
            $list = base64_encode($list);
            returnData($list);
            break;
        }
        break;
    case "removeRequest":
        $id = secureForDB($_POST['id']);
        mysql_query("UPDATE requests SET hidden = '1' WHERE id = '{$id}'");
        $q = mysql_query("SELECT * FROM requests WHERE hidden = '0'");
        if (!mysql_num_rows($q) == 0) {
            $tbl = '<div id="requests"><table border="1"><tr><th>Game Name</th><th>Username</th><th>Email</th><th>Date</th><th>Remove</th></tr>';
            while ($row = mysql_fetch_array($q)) {
                $tbl .= '<tr><td><a href="' . $row['game_url'] . '">' . $row['game_name'] . '</a></td><td>' . $row['username'] . '</td><td>' . $row['email'] . '</td><td>' . $row['date'] . '</td><td><a id="remove" href="javascript:removeRequest(' . $row['id'] . ');">X</a></td></tr>';
            }
            $tbl .= "</table>";
            returnData(base64_encode($tbl));
        } else {
            returnData(base64_encode("There are currently no requests"));
        }
        break;
}

Пример #12

0

Показать файл

Файл: resetpass.php Проект: ManselD/Old-PHP-Game-Site

			<td><font color=white>Confirm New Password:</font></td>
			<td><input type="password" name="confirmpass"/></td>
			</tr>
			
			</table>
			<div class="sub2">
			<input type="submit" class="btn rc05 f10 p05 dk blue" value="Change Password" name="newpass"/>
			</div>
			</form>
			</div>
			</center>';
            if (isset($_POST['newpassword'])) {
                if (secureForDB($_POST['confirmpass']) == $_POST['newpassword']) {
                    $passStrength = getPasswordStrength(secureForDB($_POST['newpassword']));
                    if ($passStrength >= $globalPasswordStrength) {
                        $newPass = hashPassword(secureForDB($_POST['newpassword']));
                        $query = mysql_query("SELECT * FROM reset_pass WHERE code = '{$code}'");
                        $arr = mysql_fetch_array($query);
                        $user = $arr['username'];
                        $check = mysql_num_rows($query);
                        if ($check == 1) {
                            $update = mysql_query("UPDATE users SET password = '******' WHERE username = '******'");
                            if ($update) {
                                mysql_query("DELETE FROM reset_pass WHERE code = '{$code}'");
                                echo "<center><font color=green>The password to your account has been reset!<br>You may now login with your new \tpassword.</font></center>";
                                redirect(3, "/login.php");
                            }
                        } else {
                            echo '<div class="bMsg"><center><font color=red>An unexpected error has occured!</font></center></div>';
                        }
                    } else {

Пример #13

0

Показать файл

Файл: search.php Проект: ManselD/Old-PHP-Game-Site

<?php

include "/home/u220391248/public_html/scripts/config.php";
checkIfLoggedIn();
checkIfBanned();
disableRightClick();
echo $menu;
$echoForm = True;
$search = secureForDB($_POST['search']);
$results = "";
$count = 0;
if (isset($_POST['submit'])) {
    if ($search != "") {
        $echoForm = False;
        $query = mysql_query("SELECT * FROM gmes WHERE gme_name LIKE '%{$search}%'");
        $results = '<table border="1"><tr><th><div id="title"><center>Game</center></div></th><th><div id="title"><center>Views</center></div></th></tr>';
        while ($row = mysql_fetch_array($query)) {
            $name = $row['gme_name'];
            $ID = $row['id'];
            $views = $row['views'];
            $results .= '<tr><td><a id="link" href="' . $mirrorUrl . '?ext=\\scripts\\PlaySWF.php?id=' . $ID . '">' . $name . '</a></div></td><td><div id="views">' . $views . '</td></tr>';
            $count++;
        }
        $results .= '</table>';
    }
}
?>
<title><?php 
echo "{$title}";
?>
</title>

Пример #14

0

Показать файл

Файл: favourites.php Проект: ManselD/Old-PHP-Game-Site

<?php

include "/home/u220391248/public_html/scripts/config.php";
$action = secureForDB($_GET['action']);
switch ($action) {
    case "deleteAllItems":
        $query = mysql_query("UPDATE users SET favourite_games = '' WHERE username = '******'");
        break;
}
checkIfLoggedIn();
checkIfBanned();
disableRightClick();
?>

<?php 
?>
<title><?php 
echo "{$title}";
?>
</title>
<head>
<link href="/stylesheets/default.css" rel="stylesheet" type="text/css">
<link href="/stylesheets/css_buttons.css" rel="stylesheet" type="text/css">
</head>
<style type="text/css">
.content {
padding: 5;
}

#gmeName{
margin-left:5;

Пример #15

0

Показать файл

Файл: register.php Проект: ManselD/Old-PHP-Game-Site

<input type="submit" class="btn rc05 f10 p05 dk blue" value="Register" name="submit"/>
</div>
</form>
</div>
<br>
<?php 
if ($registrationDisabled == True) {
    die("<br><font color=\"red\">Registration is currently disabled</font>");
}
$user = secureForDB($_POST['user']);
$pass = secureForDB($_POST['pass']);
$confirmPass = secureForDB($_POST['confirmPass']);
$email = secureForDB($_POST['email']);
$serial = secureForDB($_POST['serial']);
$userIp = $_SERVER['REMOTE_ADDR'];
$confirm_registration_code = secureForDB($_GET['code']);
$_SESSION['temp_email'] = $email;
$_SESSION['temp_username'] = $user;
logDetails($confirm_registration_code);
if (!isset($previousCode) && isset($_POST['submit'])) {
    $previousCode = secureString($_POST['norobot']);
}
if ($confirm_registration_code != "") {
    $query = mysql_query("SELECT * FROM users WHERE activated = '0'");
    while ($row = mysql_fetch_array($query)) {
        $email = $row['email'];
        $user = $row['username'];
        $pass = $row['password'];
        $code = generateSecurityCode($email, $user, $pass);
        if ($confirm_registration_code == $code) {
            $query = mysql_query("UPDATE users SET activated = '1' WHERE username = '******'");

PHP secureForDB примеры использования