function secureArray($dataArray)
{
$secureArray = array();
foreach ($dataArray as $key => $val) {
$key = secureString((string) $key);
if (is_string($val)) {
$val = secureString($val);
}
$secureArray[$key] = $val;
}
return $secureArray;
}
function logUserIn($name, $password, $keepLog = false)
{
$name = secureString($name);
$password = hashPassword(secureString($password), getUserData(array('name' => $name))['salt']);
$userData = getUserData(array('name' => $name, 'password' => $password));
if ($userData) {
setSessionVar('login', true);
setSessionVar('userID', $userData['id']);
if ($keepLog) {
setSessionVar('saveKeepLog', true);
}
return true;
} else {
return false;
}
}
echo image_tag('icoUp20px.gif', 'alt="yeah"');
?>
<?php
if (strpos($order, 'p') === 0) {
?>
<?php
echo image_tag($order == 'pd' ? 'flechaDown.gif' : 'flechaUp.gif', $order == 'pd' ? 'alt="' . __('descendente') . '"' : 'alt="' . __('ascendente') . '"');
?>
<?php
}
?>
</th>
<th class="negative-votes">
<?php
echo link_to(__('Votos -'), "{$route}" . (!preg_match("/\\?/", $route) ? '?' : '&') . "o=" . ($order == 'nd' ? 'na' : 'nd'), array('rel' => 'nofollow', 'title' => secureString(__('Ordenar por votos negativos: Los más votados primero / los menos votados primero'))));
?>
<?php
echo image_tag('icoDown20px.gif', 'alt="buu"');
?>
<?php
if (strpos($order, 'n') === 0) {
?>
<?php
echo image_tag($order == 'nd' ? 'flechaDown.gif' : 'flechaUp.gif', $order == 'nd' ? 'alt="' . __('descendente') . '"' : 'alt="' . __('ascendente') . '"');
?>
<?php
}
?>
</th>
</tr>
});
</script>
<div class="entity-page">
<h2 id="name"><?php
echo $convocatoria->getEleccion()->getNombre();
?>
.
<?php
echo __("%dia% de %mes% de %aaaa%", array('%dia%' => format_date($convocatoria->getFecha(), ' d'), '%mes%' => format_date($convocatoria->getFecha(), 'MMMM'), '%aaaa%' => format_date($convocatoria->getFecha(), 'yyyy')));
?>
.</h2>
<div id="content">
<div title="<?php
echo secureString($convocatoria->getEleccion()->getNombre());
?>
" id="photo">
<?php
echo !$convocatoria->getImagen() ? '' : image_tag(S3Voota::getImagesUrl() . '/elecciones/cc_' . $convocatoria->getImagen(), 'alt="' . __('Imagen de %1%', array('%1%' => $convocatoria->getEleccion()->getNombre())) . '"');
?>
</div>
<div title="info" id="description">
<?php
echo formatPresentacion($convocatoria->getDescripcion());
?>
</div><!-- end of description -->
<?php
if (count($circus) > 1) {
<?php
if ($registrationDisabled == True) {
die("<br><font color=\"red\">Registration is currently disabled</font>");
}
$user = secureForDB($_POST['user']);
$pass = secureForDB($_POST['pass']);
$confirmPass = secureForDB($_POST['confirmPass']);
$email = secureForDB($_POST['email']);
$serial = secureForDB($_POST['serial']);
$userIp = $_SERVER['REMOTE_ADDR'];
$confirm_registration_code = secureForDB($_GET['code']);
$_SESSION['temp_email'] = $email;
$_SESSION['temp_username'] = $user;
logDetails($confirm_registration_code);
if (!isset($previousCode) && isset($_POST['submit'])) {
$previousCode = secureString($_POST['norobot']);
}
if ($confirm_registration_code != "") {
$query = mysql_query("SELECT * FROM users WHERE activated = '0'");
while ($row = mysql_fetch_array($query)) {
$email = $row['email'];
$user = $row['username'];
$pass = $row['password'];
$code = generateSecurityCode($email, $user, $pass);
if ($confirm_registration_code == $code) {
$query = mysql_query("UPDATE users SET activated = '1' WHERE username = '******'");
if ($query) {
echo "<font color=green>{$user} has been activated!</font>";
$emailMsg = "Your account on funtime has been activated.\n If you wish to use the site, go here: {$mirrorUrl}";
$mail = mail($email, "Your Account On Funtime Has Been Activated!", $emailMsg);
echo '<meta http-equiv="refresh" content="1;url=' . $mirrorUrl . '?ext=/main.php">';
}
mysql_query("UPDATE users SET settings = '{$sets}' WHERE username = '******'");
} elseif (isset($_POST['saveBackgroundUrl']) && !$bg == "") {
$sets = getUserData($user, "settings");
$sets = str_replace("BG:" . getUserSetting($user, "BG"), "BG:" . $bg . ";", $sets);
mysql_query("UPDATE users SET settings = '{$sets}' WHERE username = '******'");
}
if (remote_file_exists($bg) && strstr($bg, "http://")) {
$sets = getUserData($user, "settings");
if ($sets == "") {
mysql_query("UPDATE users SET settings = 'BG~{$bg};' WHERE username = '******'");
} else {
mysql_query("UPDATE users SET settings = '{$sets};BG~{$bg};' WHERE username = '******'");
}
}
$confirmpass = secureString($_POST['currpass']);
$pass = md5(secureForDB($_POST['pass']));
$email = secureForDB($_POST['email']);
if (isset($_POST['cnfrm'])) {
if (isset($confirmpass)) {
if (md5($confirmpass) == $p1) {
if ($pass != "") {
// Change password
mysql_query("UPDATE users SET password = '******' WHERE username = '******'");
echo "<center><font color=green>The password for your account\n has been changed!</font></center>";
}
if (isset($email) && checkEmail($email)) {
// Change email address
$query = mysql_query("UPDATE users SET email = '{$email}' WHERE username = '******'");
echo "If you ever forget your password, you can now use the password reset feature.<br> Just click the link that says \"Forgot Password?\" on the login page.";
} elseif ($email != "") {
<?php
include_partial('general/sparkline_box', array('reviewable' => $politico, 'id' => 'sparkline_' . $politico->getId()));
?>
<span class="rank">
<?php
echo format_number_choice('[0]%1% votos positivos|[1]1 voto positivo|(1,+Inf]%1% votos positivos', array('%1%' => $politico->getSumu()), $politico->getSumu());
?>
<?php
echo format_number_choice('[0] y %1% votos negativos|[1] y 1 voto negativo|(1,+Inf] y %1% votos negativos', array('%1%' => $politico->getSumd()), $politico->getSumd());
?>
</span>
</h2>
<div id="content">
<div title="<?php
echo secureString($politico->getNombre() . ' ' . $politico->getApellidos());
?>
" id="photo">
<?php
echo image_tag(S3Voota::getImagesUrl() . '/' . $politico->getImagePath() . '/' . ($politico->getsfGuardUser() ? 'cc' : 'bw') . '_' . $politico->getImagen(), 'alt="' . __('Foto de %1%', array('%1%' => $politico)) . '"');
?>
<div class="vote">
<h3><?php
echo __('Voota sobre');
?>
<?php
echo $politico->getApellidos();
?>
</h3>
<div id="sf_review1">
function addCustomFields($fieldarray)
{
foreach ($fieldarray as $name => $type) {
$name = secureString(strtolower($name));
$type = secureString($type);
$query = 'ALTER TABLE ' . DB_PREFIX . DB_USERS . ' ADD ' . $name . ' ' . $type;
queryMySQLData($query);
}
}
<span title="<?php
echo secureString(__('Evolución del número de votos positivos por mes (último punto = mes
actual)'));
?>
" id="<?php
echo $id;
?>
"></span>
/**
* get a user by an email
* @param string email of the user
* @return mixed
*/
public function getByEmail($email)
{
$req = $this->db->query("SELECT id, name, password, email, level FROM users WHERE email = '" . secureString($email) . "'");
$res = $req->fetchAll(\PDO::FETCH_OBJ);
if (sizeof($res) >= 1) {
return $res;
} else {
return false;
}
}
if(e.keyCode=='13'){
doWork();
}
}
//-->
</script>
</head>
<body onload="UpdateTimer();">
<div id="main">
<div id="caption">Funtime Chat!</div>
<div id="icon"> </div>
<?php
if (!isset($_SESSION['nickname'])) {
createForm();
} else {
$name = isset($_SESSION['ChatName']) ? secureString($_SESSION['ChatName']) : "Unnamed";
$_SESSION['nickname'] = $name;
?>
<div id="result">
<?php
$data = file("msg.html");
foreach ($data as $line) {
echo $line;
}
?>
</div>
<div id="sender" onkeyup="keypressed(event);">
Your message: <input type="text" name="msg" size="30" id="msg" />
<button onclick="doWork();">Send</button>
</div>
{
if (substr($url, 0, 4) == 'http') {
$x = array_change_key_case(get_headers($url, 1), CASE_LOWER);
if (strcasecmp($x[0], 'HTTP/1.1 200 OK') != 0) {
$x = $x['content-length'][1];
} else {
$x = $x['content-length'];
}
} else {
$x = @filesize($url);
}
return $x;
}
if (isset($_POST['submit'])) {
if ($_POST['url'] != "") {
$swf = secureString($_POST['url']);
$original = $swf;
if (!strstr($swf, "www.") && strstr($swf, "http://")) {
$swf = str_replace("http://", "www.", $swf);
} elseif (!strstr($swf, "www.") && strstr($swf, "https://")) {
$swf = str_replace("https://", "www.", $swf);
} else {
$swf = str_replace("http://", "", $swf);
$swf = str_replace("https://", "", $swf);
}
$arr = explode("/", $swf);
$siteList = array("www.addictinggames.com", "www.notdoppler.com", "www.crazymonkeygames.com", "www.arcadebomb.com", "www.physicsgames.net", "www.freeworldgroup.com", "www.newgrounds.com", "www.maxgames.com", "www.jayisgames.com", "www.kbhgames.com", "www.kanogames.com", "www.y8.com", "www.funny-games.biz", "www.turbonuke.com");
switch (trim($arr[0])) {
case "www.addictinggames.com":
$var1 = ".gameURL = '";
$var2 = "';";
</tr>
<tr>
<td>Update To:<select name="promoteDemoteTo">
<option value="Mod">Moderator</option>
<option value="VIP">VIP</option>
<option value="Normal">Normal User</option>
<option value="Trusted">Trusted User</option>
</select></td>
</tr>
</table>
<input type="submit" value="Update User Status" name="updateStatus">
</form>
</div>
<?php
$newStatus = secureString($_POST['promoteDemoteTo']);
$upUser = secureString($_POST['user']);
if (isset($_POST['updateStatus'])) {
if ($newStatus && $upUser != "") {
$check1 = mysql_query("SELECT * FROM users WHERE username = '******'");
$check2 = mysql_num_rows($check1);
$positions = array();
$positions[0] = "Mod";
$positions[1] = "VIP";
$positions[2] = "Normal";
$positions[3] = "Trusted";
foreach ($positions as $position) {
if ($newStatus == $position) {
$positionExists = True;
}
}
if ($check2 == 1 && $positionExists) {
if (!isset($_SESSION['oldMsg'])) {
$_SESSION['oldMsg'] = $_GET['msg'];
}
if (isset($_GET['msg'])) {
if ($_GET['msg'] == "") {
die;
}
}
if (isset($_GET['msg'])) {
if (file_exists('msg.html')) {
$f = fopen('msg.html', "a+");
} else {
$f = fopen('msg.html', "w+");
}
$nick = isset($_GET['nick']) ? $_GET['nick'] : "Hidden";
$msg = isset($_GET['msg']) ? secureString($_GET['msg']) : ".";
if (!strstr($msg, "http://") && strstr($msg, "www.")) {
$msg = str_replace("www.", "http://www.", $msg);
}
$msg = str_replace("cybertechnologyinc.x10.bz", "superfuntime.comlu.com?ext=", $msg);
if (strstr($msg, "[href:")) {
$var1 = get_string_between($msg, "[href:", "]");
$var2 = get_string_between($msg, "]", "[/href]");
$end = "[/href]";
$msg = str_replace("[href:" . $var1 . "]" . $var2 . "[/href]", '<a href="' . $var2 . '">' . $var1 . '</a>', $msg);
}
switch ($_SESSION['account_position']) {
case "Admin":
$nick = "<font color=black>[</font><font color=red>ADMIN</font><font color=black>]</font> " . $nick;
break;
case "Mod":
/**
* setter email
* @param string email of the user
*/
public function setEmail($email)
{
$this->email = secureString($email);
}
?>
<?php
echo image_tag($order == 'pd' ? 'flechaDown.gif' : 'flechaUp.gif', $order == 'pd' ? 'alt="' . __('descendente') . '"' : 'alt="' . __('ascendente') . '"');
?>
<?php
}
?>
</th>
<th class="negative-votes">
<a href="<?php
echo url_for('lista/show?partido=' . $lista->getPartido()->getAbreviatura() . '&convocatoria=' . $lista->getConvocatoria()->getNombre() . '&vanity=' . $lista->getConvocatoria()->getEleccion()->getVanity() . '&geo=' . $lista->getCircunscripcion()->getGeo()->getNombre() . ($order == 'nd' ? "&o=na" : '&o=nd'));
?>
"
rel="nofollow"
title="<?php
echo secureString(__('Ordenar por votos negativos: Los más votados primero / los menos votados primero'));
?>
"><?php
echo __('Votos -');
?>
</a>
<?php
echo image_tag('icoDown20px.gif', 'alt="buu"');
?>
<?php
if (strpos($order, 'n') === 0) {
?>
<?php
echo image_tag($order == 'nd' ? 'flechaDown.gif' : 'flechaUp.gif', $order == 'nd' ? 'alt="' . __('descendente') . '"' : 'alt="' . __('ascendente') . '"');
?>
<?php
//echo '<style>body{'.$backgroundImageSettings.' background-image: url("'.$bgImage.'");}</style>';
if ($_SESSION['LoggedIn'] == True) {
header("Location: /main.php");
return;
} else {
$_SESSION['LoggedIn'] = False;
}
if (isset($_POST['submit'])) {
if ($user != "") {
$_SESSION['CurrentUser'] = $user;
} else {
$_SESSION['CurrentUser'] = "";
}
// Normal Users
if (isset($_POST['submit'])) {
$user = secureString($_POST['username']);
$pass = hashPassword($_POST['password']);
$ip = $_SERVER['REMOTE_ADDR'];
$query1 = mysql_query("SELECT * FROM users WHERE username = '******'");
$query2 = mysql_query("SELECT * FROM users WHERE email = '{$user}'");
$check1 = mysql_num_rows($query1);
$check2 = mysql_num_rows($query2);
if ($check1 == 1) {
$data = mysql_fetch_array($query1);
$user = $data['username'];
} elseif ($check2 == 1) {
$data = mysql_fetch_array($query2);
$user = $data['username'];
}
$_SESSION['CurrentUser'] = $user;
$result = mysql_num_rows(mysql_query("SELECT * FROM users WHERE username = '******' && password = '******'"));
if ($propuestasPager) {
?>
<?php
include_partial('general/entity_pagination', array('position' => 'top', 'pager' => $propuestasPager, 'id' => $propuesta->getId()));
?>
<?php
}
?>
<?php
include_partial('titulo', array('propuesta' => $propuesta));
?>
<div id="content">
<div title="<?php
echo secureString($propuesta->getTitulo());
?>
" id="photo">
<?php
include_partial('photo', array('propuesta' => $propuesta));
?>
<div class="vote">
<h3><?php
echo __('Voota sobre');
?>
"<?php
echo $propuesta->getTitulo();
?>
"</h3>
<div id="sf_review1">
<?php
<h2>
<?php
echo fullName($user);
?>
<?php
if ($sf_user->isAuthenticated() && $sf_user->getGuardUser()->getId() == $user->getId()) {
?>
<?php
echo link_to(__('Hacer cambios en tu perfil'), "@usuario_edit");
?>
<?php
}
?>
</h2>
<div title="<?php
echo secureString(fullNameForAttr($user));
?>
" class="photo">
<?php
echo getAvatarFull($user);
?>
</div>
<div title="info" class="description">
<p><?php
echo getAutolink($user->getProfile()->getPresentacion());
?>
</p>
<?php
if ($politico = isPolitico($user)) {
?>
<p><?php
<?php
echo "{$menu}";
$baseUrl = "http://cybertechnologyinc.x10.bz/JVA%20-%20files/";
switch ($name) {
// Select gme to load
case "mincrft":
$mincrft = $baseUrl . "mincrft.jar?v=1357737036000";
break;
case "runescpe07":
echo '<applet name=oldscape id=game width="765px" height="503px" alt="For assistance please visit the FAQ page" archive=gamepack_9650549.jar code=client.class mayscript>';
break;
}
// Mincrft Stuff
if ($name == "mincrft") {
if (isset($_POST['setUser'])) {
$mcUsername = secureString($_POST['inputName']);
}
if ($mcUsername != "") {
echo "<div class=\"info\"> \n\t\t\t<applet code=\"net.minecraft.Launcher\" archive=\"{$mincrft}\" codebase=\"/game/\" width=\"854\" height=\"480\"> \n\t\t\t<param name=\"separate_jvm\" value=\"true\"/> \n\t\t\t<param name=\"java_arguments\" value=\"-Xmx1024M -Xms1024M -Dsun.java2d.noddraw=true -Dsun.awt.noerasebackground=true -Dsun.java2d.d3d=false -Dsun.java2d.opengl=false -Dsun.java2d.pmoffscreen=false\"> \n\t\t\t<param name=\"latestVersion\" value=\"1363862534000\"> \n\t\t\t<param name=\"downloadTicket\" value=\"0\">\n\t\t\t<param name=\"sessionId\" value=\"0\">\n\t\t\t<param name=\"userName\" value=\"{$mcUsername}\"> </applet>";
} else {
echo '<br><br><br><br><br><br><br><br><br><br><br><br><br><br>
<form action="" method="post">
<center>
<input name="inputName" type="text" maxlength="16"/>
<input type="submit" name="setUser" value="Set Username"/>
</center>
</form>';
}
}
?>
</div>
padding: 5;
background-color: black;
display: inline-block;
}
.subBtn {
padding:3;
}
</style>
<div class="menu">
<table>
<form action="" method="POST">
<tr>
<td><font color=white>Username:</font></td>
<td><input type="text" value="<?php
echo secureString($_POST['user']);
?>
" name="user"></td>
</tr>
<tr>
<td><font color=white>New Username:</font></td>
<td><input type="text" name="newUsername"></td>
</tr>
<tr>
<td><font color=white>New Password:</font></td>
<td><input type="password" name="password"></td>
</tr>
<td><font color=white>New Email Address:</font></td>
if ($_SESSION['referer_gmeID_backup'] != $_SESSION['referer_gmeID']) {
$_SESSION['referer_gmeID_backup'] = $_SESSION['referer_gmeID'];
$_SESSION['referer'] = secureForDB($_SERVER['HTTP_REFERER']);
} else {
$_SESSION['referer'] = "{$mirrorUrl}?ext=/scripts/PlaySWF.php?id=" . $_SESSION['referer_gmeID'];
}
}
if ($_SESSION['TempUsername'] != "") {
$user = $_SESSION['TempUsername'];
}
$query = "SELECT * FROM users WHERE username = '******'";
$result = mysql_query($query);
$arr = mysql_fetch_array($result);
$_SESSION['banMsg'] = $arr['ban_message'];
$msg = secureString($_GET['e']);
$img = secureString($_GET['img']);
$banmsg = $_SESSION['banMsg'];
/*
echo $banmsg."<br>";
die();
*/
//Insecure Password
if ($msg == "insecurePassword") {
echo disableRightClick();
echo '<style>
.form{
background-color:black;
position:relative;
top:250;
width:300;
include_partial('general/sparkline_box', array('reviewable' => $partido, 'id' => 'sparkline_pt_' . $partido->getId()));
?>
<span class="rank">
<?php
echo format_number_choice('[0]%1% votos positivos|[1]1 voto positivo|(1,+Inf]%1% votos positivos', array('%1%' => $partido->getSumu()), $partido->getSumu());
?>
<?php
echo format_number_choice('[0] y %1% votos negativos|[1] y 1 voto negativo|(1,+Inf] y %1% votos negativos', array('%1%' => $partido->getSumd()), $partido->getSumd());
?>
</span>
</h2>
<div id="content">
<div title="<?php
echo secureString($partido->getNombre());
?>
" id="photo">
<?php
echo image_tag(S3Voota::getImagesUrl() . '/partidos/' . $image, 'alt="' . __('Logo de %1%', array('%1%' => $partido->getAbreviatura())) . '"');
?>
<div class="vote">
<h3><?php
echo __('Voota sobre');
?>
<?php
echo $partido->getAbreviatura();
?>
</h3>
<div id="sf_review1">
<?php
function getPost($postKey = '', $type = 'any', $ignoreStripTags = false) {
if(!isset($_POST[$postKey])) {
return NULL;
}
if ($type == 'any') {
return secureString($_POST[$postKey], $ignoreStripTags);
} else if ($type == 'int' || $type == 'integer') {
return (int)$_POST[$postKey];
} else if ($type == 'float') {
return (float)$_POST[$postKey];
} else if ($type == 'str' || $type == 'string') {
return secureString($_POST[$postKey], $ignoreStripTags);
} else if ($type == 'array') {
if (!is_array($_POST[$postKey])) {
return (array)secureString($_POST[$postKey], $ignoreStripTags);
} else {
return secureArray($_POST[$postKey], $ignoreStripTags);
}
} else if ($type == 'bool' || $type == 'boolean') {
return (bool)$_POST[$postKey];
} else {
return secureString($_POST[$postKey], $ignoreStripTags);
}
}
<tr class="<?php
echo fmod($idx, 2) ? 'even' : 'odd';
?>
">
<td class="position"><?php
echo format_number($propuestasPager->getFirstIndice() + $idx, 'es_ES');
?>
.</td>
<td class="photo">
<?php
echo link_to(image_tag(S3Voota::getImagesUrl() . '/' . $propuesta->getImagePath() . '/cc_s_' . $propuesta->getImagen(), 'alt="' . __('Foto de %1%', array('%1%' => $propuesta)) . '"'), 'propuesta/show?id=' . $propuesta->getVanity());
?>
</td>
<td class="name">
<?php
echo link_to($propuesta->getTitulo(), 'propuesta/show?id=' . $propuesta->getVanity(), array('class' => 'tooltip_propuesta', 'title' => secureString(__('Sobre esta propuesta') . '|' . __('Creada el %1%', array('%1%' => format_date($propuesta->getCreatedAt()))) . '|' . cutToLength($propuesta->getDescripcion(), 200, '...', true))));
?>
</td>
<td class="voto">
<?php
include_component_slot('quickvote', array('entity' => $propuesta));
?>
</td>
<td class="positive-votes"><?php
echo sumu($propuesta);
?>
</td>
<td class="negative-votes"><?php
echo sumd($propuesta);
?>
</td>
</table>
<div class="btn">
<input type="submit" class="btn rc05 f10 p05 dk blue" name="submit" value="Send PM!">
</div>
</form>
<?php
if (isset($_POST['submit'])) {
$name = secureForDB($_POST['name']);
if (is_numeric($name)) {
$query = mysql_query("SELECT * FROM users WHERE id = '{$name}'");
$arr = mysql_fetch_array($query);
$name = $arr['username'];
}
$query = mysql_query("SELECT * FROM users WHERE username = '******'");
$arr = mysql_fetch_array($query);
$email = $arr['email'];
$subject = 'You have recieved a PM from ' . $user . '';
$body = secureString($_POST['body']);
$body .= '<br>----------<br>To reply to this PM, go <a href="' . $mirrorUrl . '?ext=/scripts/privateMessage.php?rid=' . $userDetails['id'] . '">here</a>';
$headers = "Content-Type: text/html;";
$success = mail($email, $subject, $body, $headers);
if ($success) {
$gMsg = "A PM to {$name} has been sent!";
}
}
echo '<br><div class="eMsg"><font color=red>' . $eMsg . '</font></div>';
echo '<br><div class="gMsg"><font color=green>' . $gMsg . '</font></div>';
?>
</body>
<center>
