function option_html($selected = '', $arr = array()) { $selected = trim($selected); foreach ($arr as $k => $v) { $k = secure_data($k); $is_selected = $k === $selected ? 'selected="selected"' : ''; echo '<option value="' . $k . '" ' . $is_selected . '>' . $v . '</option>'; } }
function understanding($input, $db) { $output = ''; $action = ''; //Initial check (mainly for size) $input_params = text_parameters($input); //If input is correct, eval hardcoded commands $hard = hardcoded($input, $db); if ($hard != FALSE) { $type = 'Hardcoded'; $output .= addslashes($hard['output']); if ($hard['out_type'] == 'append') { $method = 'append'; } else { $method = 'html'; } $action = "\$('#" . $hard['element'] . "')." . $method . "('" . $output . "')"; } else { $output .= 'Input: <b>' . $input . '</b><br>'; //In case we're done work already and cached it $meaning = check_cache_for_input($input); //Sanitize from common errors of transmitting data in computer systems $meaning = sanitize($meaning); //Make sure nothing in input will threaten system in any way. Output is code, ready to execute $input_secured = secure_data($meaning); //Determining data type, content type $input_types = typification($meaning); //Create simplified version in case of too complex input can slow down understanding $input_simplified = simplify($meaning, $input_types); $types = get_main_types($input_types); if ($types === FALSE) { //Can't be die("Unknown type of input. Something really wrong"); } $results = array(); foreach ($types as $type) { //echo $type; $results[] = output_mapping($input, $type); } $best_result = best_result($results); $output .= 'Input type: ' . $best_result['type'] . '<br><br>Output:<br><br>'; $output .= "<b>" . $best_result['output'] . "</b><br><br>"; $action = "\$('#output').append('" . $output . "');"; } return array('output' => $output, 'action' => $action); }
<?php require_once 'config.php'; $id = secure_data($_GET['id']); $uk = secure_data($_GET['uk']); $payment_data = mysql_get_rows('payments', array('where' => "md5(id)='{$id}' AND md5(unique_key)='{$uk}'"), 1); if (!$payment_data) { header("Location: " . SITE_URL . "admin/"); die; } $user_data = mysql_get_rows('users', array('where' => "id='{$payment_data['user_id']}'"), 1); $messages = array(); $overdue = 0; if ($payment_data['info_updated'] == 1) { $msg_types = implode(',', array(0, 1, 2, 3, 4, 5, 6)); $info_data = mysql_get_rows('messages', array('where' => "payment_id='{$payment_data['id']}' AND msg_type='1'"), 1); $messages = mysql_get_rows('messages', array('where' => "payment_id='{$payment_data['id']}' AND msg_type IN ({$msg_types})")); $time = time(); $deliver_time = strtotime($payment_data['order_start_date']) + $info_data['days'] * 86400; if (in_array($payment_data['job_status'], array(2, 4)) && $time > $deliver_time) { $overdue = 1; } } if (!is_array($messages)) { $messages = array(); } ?> <div id="page-wrapper"> <div class="loader-parent clearfix mb20"> <h1 class="page-header">Outsource Info</h1> <div class="well well-msg clearfix">
<?php checkAjax(); $error = 0; $message = ''; $fields = array('name', 'content', 'parent'); $required_fields = array('name', 'content', 'parent'); $insert_data = array(); $return_data = array('status' => 0); foreach ($fields as $field) { if ($field === 'content') { $val = addslashes(trim($_POST[$field])); } else { $val = secure_data($_POST[$field]); } if (in_array($field, $required_fields) && $val === '') { $error = 1; $message .= $message !== '' ? '<br>Please fill up all data' : 'Please fill up all data'; break; } $insert_data[$field] = $val; } if ($error == 0) { $parent = $insert_data['parent']; $course_id = selectDB(" WHERE id='{$parent}'", 'course_sections', 'course_id'); $insert_data['created_at'] = date('Y-m-d H:i:s', time()); $insert_data['type'] = 2; $insert_data['course_id'] = $course_id; insertDB($insert_data, 'course_sections'); $_SESSION['msg_selector'] = 'success'; $_SESSION['msg_message'] = 'step added succesfully.';
function evalArg($type, $arg) { switch ($type) { case 'string': $arg = is_string($arg) ? $arg : ''; break; case 'int': $arg = secure_data($arg, "int"); break; case 'array_int': $arg = string2array4ID($arg); break; default: $arg = ""; break; } return $arg; }
(check?)remember me */ if (!isLoggedIn()) { //validation variables $username_not_empty = TRUE; // $username_valid is set by check_in.php $password_not_empty = TRUE; $passwords_match = TRUE; $username = ''; //check if wants to login if (isset($_POST['username']) && isset($_POST['password'])) { $username = $_POST['username']; $password = $_POST['password']; //secure data agains code injection $username = secure_data($username); $password = secure_data($password); //check if username is not empty if (empty($username)) { $username_not_empty = FALSE; } $query = "SELECT password, salt\n\t\t\t\t\t\tFROM {$usertable}\n\t\t\t\t\t\tWHERE username = '******';"; $query2 = "SELECT password, salt, username\n\t\t\t\t\t\tFROM {$usertable}\n\t\t\t\t\t\tWHERE email = '{$username}';"; $result = mysql_query($query); $result2 = mysql_query($query2); //check if username exists if (mysql_num_rows($result) < 1 && mysql_num_rows($result2) < 1) { $username_valid = FALSE; } //check if password is not empty if (empty($password)) { $password_not_empty = FALSE;
<?php session_start(); $id_testResult = $_SESSION["id_testResult"]; $username_patient = $_SESSION["username"]; $genderm = $_SESSION["gender"]; $id_riskTest = $_SESSION["id_riskTest"]; $score_value = $_SESSION["test_score"]; $message_patient = $DoctorErr = $success_medCase = ""; $docOptions = $problem = $id_profileDoctor = $checkbox_count = 0; if (isset($_POST["toDoctorButton"])) { if (!empty($_POST["patientMessage"])) { $message_patient = secure_data($_POST["patientMessage"]); } if (empty($_POST['doctor_list'])) { $DoctorErr = "Select 1 doctor"; $problem = $problem + 1; } else { $checkbox_count = count($_POST['doctor_list']); if ($checkbox_count > 1) { $DoctorErr = "Select exactly 1 doctor"; $problem = $problem + 1; } else { foreach ($_POST['doctor_list'] as $value) { $str = $value; } if ($str == 1) { $id_profileDoctor = 1; } elseif ($str == 2) { $id_profileDoctor = 2; } elseif ($str == 3) {
<?php $header = 0; require_once '../config.php'; $return_data = array('status' => 0); $allowed_types = array('image/png', 'image/jpg', 'image/jpeg', 'image/bmp'); $allowed_ext = array('png', 'jpg', 'jpeg', 'bmp'); //$filename = trim($_POST['filename']); //print_r($_FILES); exit; $path = secure_data($_POST['path']); $file = $_FILES['Filedata']; $filetype = $file['type']; $fileext = substr(strrchr($file['name'], '.'), 1); if (in_array($fileext, $allowed_ext) && in_array($filetype, $allowed_types)) { $newname = rand() . '_' . time() . '_' . rand() . '.' . $fileext; $destination = UPLOAD_ROOT . $path . '/' . $newname; $action = copy($file['tmp_name'], $destination); if ($action) { $return_data['status'] = 1; $return_data['filename'] = $newname; $return_data['filepath'] = UPLOAD_URL . $path . '/' . $newname; } else { $return_data['message'] = 'An error occured.'; } } else { $return_data['message'] = 'Please upload valid image.'; } echo json_encode($return_data); exit;
<?php include 'config.php'; checkAjax(); $return_data = array('status' => 0); $section_id = secure_data($_POST['sectionId']); $step_id = secure_data($_POST['stepId']); $enable = secure_data($_POST['changeEnable']); $user_id = $_SESSION['agent']; // Check if record exists or not $is_exists = mysql_get_rows('user_completed_couse', array('where' => "section_id='{$section_id}' AND user_id='{$user_id}'"), 1); if ($is_exists === '') { $section_data = mysql_get_rows('course_sections', array('where' => "id='{$section_id}'"), 1); $insert_values = array('user_id' => $user_id, 'course_id' => $section_data['course_id'], 'section_id' => $section_id); $id = insertDB($insert_values, 'user_completed_couse'); $completed = array(); } else { $id = $is_exists['id']; if (trim($is_exists['completed']) === '') { $completed = array(); } else { $completed = explode(',', trim($is_exists['completed'])); } } if ($enable == 1) { $completed[] = $step_id; array_unique($completed); $str_completed = implode(',', $completed); updateDB("completed = '{$str_completed}'", "WHERE id='{$id}'", 'user_completed_couse'); $return_data['status'] = 1; $return_data['enable'] = 1;
if (isLoggedIn()) { header('Location: ../index.php'); } //check if username and password fields are not empty if (isset($_POST['username']) && isset($_POST['pass1']) && isset($_POST['pass2'])) { //connect to the DB $conn = mysql_connect($dbhost, $dbuser, $dbpass); mysql_select_db($dbname, $conn); //secure data agains code injection $username = secure_data($_POST['username']); $pass1 = secure_data($_POST['pass1']); $pass2 = secure_data($_POST['pass2']); $email1 = secure_data($_POST['email1']); $email2 = secure_data($_POST['email2']); $fname = secure_data($_POST['fname']); $lname = secure_data($_POST['lname']); //check if username is not empty if (empty($username)) { $username_not_empty = FALSE; } //check if username is valid if (!ctype_alnum($username) || strlen($username) > 15) { $username_valid = FALSE; } //check if user exists $query = "SELECT username\r\t\t\t\t\tFROM {$usertable}\r\t\t\t\t\tWHERE username = '******';"; $result = mysql_query($query); // user exists if (mysql_num_rows($result) > 0) { $username_not_duplicate = FALSE; }
<?php require_once '../config.php'; checkAjax(); $section_id = secure_data($_POST['section_id']); $return_data = array('status' => 0); if ($section_id > 0) { $qry = "SELECT * FROM course_sections WHERE id = '{$section_id}' AND type=1"; $result = mysql_query($qry); if (mysql_num_rows($result) > 0) { $row = mysql_fetch_assoc($result); $return_data['status'] = 1; $return_data['name'] = $row['name']; } } echo json_encode($return_data); exit;
<?php require_once '../config.php'; checkAjax(); $return_data = array('status' => 0); $service = secure_data($_POST['service']); $html = '<option value="">-- Add new Job --</option>'; if ($service !== '') { $qry = "SELECT * FROM service_packages WHERE service_id = '{$service}'"; $result = mysql_query($qry); if (mysql_num_rows($result) > 0) { while ($row = mysql_fetch_assoc($result)) { $html .= '<option value="' . $row['id'] . '">' . $row['job'] . '</option>'; } } $return_data['status'] = 1; $return_data['html'] = $html; $return_data['messge'] = 'Jobs fetched successfully'; } else { $return_data['message'] = 'An error occured'; } echo json_encode($return_data); exit;
<?php include 'config.php'; include 'includes/paypalconfig.php'; $settings = json_decode(file_get_contents('admin/data/settings.txt')); $custom = explode('||', secure_data($_POST['custom'])); $payment_data = mysql_get_rows('payments', array('where' => "unique_key = '{$custom['0']}' AND user_id = '{$custom['1']}'"), 1); if ($payment_data) { header("Location: " . SITE_URL . 'updateinfo.php?uk=' . md5($custom[0]) . '&id=' . md5($payment_data['id'])); } else { header("Location: " . SITE_URL); }
curl_setopt_array($request, array(CURLOPT_URL => $url, CURLOPT_POST => TRUE, CURLOPT_POSTFIELDS => http_build_query(array('cmd' => '_notify-validate') + $ipn_post_data), CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_HEADER => FALSE, CURLOPT_SSL_VERIFYPEER => FALSE, CURLOPT_SSL_VERIFYHOST => FALSE, CURLOPT_CAINFO => 'cacert.pem')); // Execute request and get response and status code $response = curl_exec($request); $status = curl_getinfo($request, CURLINFO_HTTP_CODE); // Close connection curl_close($request); if ($status == 200 && $response == 'VERIFIED') { // TODO : Check condition for unique txn_id $service_data = array(); $package_data = array(); $qry = "SELECT * FROM service_packages WHERE id = '{$ipn_post_data['option_selection1']}'"; $result = mysql_query($qry); if (mysql_num_rows($result) > 0) { $package_data = mysql_fetch_assoc($result); $service_data = mysql_get_rows('services', array('where' => "id = '{$package_data['service_id']}'"), 1); if (!is_array($service_data)) { $service_data = array(); } } $custom = explode('||', $ipn_post_data['custom']); $insert_data = array('user_id' => $custom[1], 'client_id' => $ipn_post_data['option_selection2'], 'item_name' => count($service_data) > 0 ? $service_data['name'] : '', 'quantity' => $ipn_post_data['quantity'], 'amount' => $ipn_post_data['mc_gross'], 'txn_id' => $ipn_post_data['txn_id'], 'date' => date('Y-m-d H:i:s', strtotime($ipn_post_data['payment_date'])), 'payment_status' => $ipn_post_data['payment_status'], 'info_updated' => 1, 'package' => $ipn_post_data['item_name'], 'test_ipn' => $ipn_post_data['test_ipn'], 'unique_key' => $custom[0], 'package_id' => $ipn_post_data['option_selection1'], 'post_data' => json_encode($ipn_post_data), 'job_status' => 1); $payment_id = insertDB($insert_data, 'payments'); // TODO : Insert in message if (count($package_data) > 0) { $message_data = array('receiver_id' => $custom[1], 'payment_id' => $payment_id, 'message' => secure_data($package_data['required_data']), 'deliverable' => secure_data($package_data['deliverable']), 'days' => secure_data($package_data['days_to_complete']), 'msg_type' => 1); insertDB($message_data, 'messages'); } // TODO : Send email + save proper data in db } exit; }
$message = secure_data($_POST['message']); $days = secure_data($_POST['days']); $insert_data = array('message' => $message, 'days' => $days); $attachment_update = secure_data($_POST['attachment_update']); if ($attachment_update == 1) { $attachment = secure_data($_POST['attachment']); $insert_data['attachment'] = $attachment; if ($attachment) { $src = UPLOAD_ROOT . 'temp/' . $attachment; $des = UPLOAD_ROOT . 'attachment/' . $attachment; rename($src, $des); } } $insert_data['sender_id'] = $_SESSION['agent']; $insert_data['msg_type'] = 1; $insert_data['payment_id'] = secure_data($_POST['pi']); // Insert insertDB($insert_data, 'messages'); // Update updateDB("info_updated = '1'", 'WHERE id = ' . $insert_data['payment_id'], 'payments'); ob_start(); include "info_display.php"; $html = ob_get_contents(); ob_end_clean(); $return_data['html'] = $html; $return_data['status'] = 1; $return_data['message'] = 'Info updated successfully'; } else { $messages = ''; foreach ($v->errors() as $k => $msgs) { foreach ($msgs as $msg) {
<?php set_time_limit(0); include '../config.php'; $data = json_decode(file_get_contents('../admin/data/home.txt')); $bkid = secure_data($_GET['id']); $dmuk = secure_data($_GET['dmuk']); if ($bkid !== '' && $dmuk !== '') { $properties = array('where' => "md5(bkid) = '{$bkid}' AND md5(unique_key) = '{$dmuk}'"); $payment_data = mysql_get_rows('payments', $properties, 1); if ($payment_data && !is_null($payment_data['user_id'])) { $user_data = mysql_get_rows('users', array('where' => "id = '{$payment_data['user_id']}'"), 1); $_SESSION['agent'] = $user_data['id']; $url = SITE_URL . "updateinfo.php?uk=" . md5($payment_data['unique_key']) . "&id=" . md5($payment_data['id']); header("Location: " . $url); exit; } else { header("Location: " . SITE_URL); die; } } else { header("Location: " . SITE_URL); die; }
if ($service && in_array($service_type, array(1, 2))) { $v = new Validator($_POST, array(), 'en', DOC_ORG_ROOT . 'lang/'); $v->rule('required', 'job')->message('{field} is required')->label('Job Name'); $v->rule('required', ['days_to_complete', 'price']); $v->rule('numeric', ['price']); if ($v->validate()) { $job_id = secure_data($_POST['package']); $fields = array('job', 'required_data', 'deliverable', 'days_to_complete', 'price'); $fields_enc = array('required_data', 'deliverable'); $insert_data = array(); $update_data = ''; foreach ($fields as $field) { if (in_array($field, $fields_enc)) { $insert_data[$field] = secure_data(htmlspecialchars($_POST[$field])); } else { $insert_data[$field] = secure_data($_POST[$field]); } $update_data .= $update_data !== '' ? ", " : ""; $update_data .= "`{$field}` = '{$insert_data[$field]}'"; } if ($job_id) { // Update $where = " WHERE id = '{$job_id}' AND service_id = '{$service}'"; updateDB($update_data, $where, 'service_packages'); $return_data['type'] = 'update'; } else { // Insert $insert_data['service_id'] = $service; $job_id = insertDB($insert_data, 'service_packages'); $return_data['type'] = 'insert'; }
function ARRAYuserData4term($term_id, $user_id = 0) { global $DBCFG; $term_id = secure_data($term_id, "int"); $sql = SQL("select", "c.id as c_id,c.apellido as c_apellido,c.nombres as c_nombres,\r\n\t\t\t\tm.id as m_id,m.apellido as m_apellido,m.nombres as m_nombres\r\n\t\t\t\tfrom {$DBCFG['DBprefix']}usuario c ,{$DBCFG['DBprefix']}tema t\r\n\t\t\t\tleft join {$DBCFG['DBprefix']}usuario m on t.uid_final=m.id\r\n\t\t\t\twhere t.tema_id={$term_id}\r\n\t\t\t\tand c.id=t.uid\r\n\t\t\t\tgroup by t.tema_id"); return is_object($sql) ? $sql->FetchRow() : array(); }
<?php //including the necessary files include 'Core/connection.php'; include 'Core/Functions/functions.php'; include 'Core/init.php'; //code to process data from register form if (empty($_POST) === false and $_POST['form_type'] === 'register') { $first_name = secure_data($_POST['first_name']); $last_name = secure_data($_POST['last_name']); $user_name = secure_data($_POST['user_name']); $email = secure_data($_POST['email']); $password = secure_data($_POST['password']); if (strlen($first_name) > 100) { $errors[] = 'First Name must be less than 100 characters'; } if (strlen($last_name) > 100) { $errors[] = 'Last Name must be less than 100 characters'; } if (strlen($user_name) > 100) { $errors[] = 'User Name must be less than 100 characters'; } if (strlen($password) > 100) { $errors[] = 'Password must be less than 100 characters'; } if (email_exists($database_handler, $email)) { $errors[] = 'The given Email already exists'; } if (user_exists($database_handler, $user_name)) { $errors[] = 'The given User Name already exists'; } else {
<?php require_once 'config.php'; checkAjax(); $return_data = array('status' => 0); $id = secure_data($_POST['id']); if ($id) { deleteDB('users', $id); $return_data['status'] = 1; $return_data['message'] = 'User deleted successfully.'; } echo json_encode($return_data); exit;
<?php include 'config.php'; $id = secure_data($_GET['id']); $qry = "SELECT * FROM courses WHERE md5(id)='{$id}'"; $resultData = mysql_query($qry); if (mysql_num_rows($resultData) == 0) { header("Location: " . SITE_URL); die; } $courseData = mysql_fetch_assoc($resultData); $data = json_decode(file_get_contents('admin/data/training.txt')); $data->seo_title = $courseData['name']; $data->seo_des = strip_tags($courseData['description']); include 'includes/header.php'; $user_id = $_SESSION['agent']; $user_completed = array(); $qry_complele = "SELECT * FROM user_completed_couse WHERE user_id='{$user_id}' AND course_id='{$courseData['id']}'"; $result_complete = mysql_query($qry_complele); while ($row = mysql_fetch_assoc($result_complete)) { $user_completed[$row['section_id']] = $row; } ?> <!-- Page Title --> <div class="page-title course-page-title"> <div class="container"> <div class="row"> <div class="span12"> <h3><?php
<?php require_once '../config.php'; checkAjax(); $section_id = secure_data($_GET['section_id']); $columns = array('course_sections.id', 'course_sections.name', ''); $index = 'course_sections.id'; // Total records $resultTotal = mysql_query("SELECT * FROM course_sections WHERE type=2 AND parent = '{$section_id}'"); $total_records = mysql_num_rows($resultTotal); // Get actual records $record_qry = 'SELECT * FROM course_sections'; $query = array(); $query = array_merge(_data_table($_GET, $columns), $query); $query['where'] = isset($query['where']) && $query['where'] !== '' ? $query['where'] . " AND type=2 AND parent = '{$section_id}'" : "type=2 AND parent = '{$section_id}'"; $where = ''; if (array_key_exists('where', $query) && $query['where'] !== '') { $record_qry .= ' WHERE ' . $query['where']; $where = ' WHERE ' . $query['where']; } if (array_key_exists('order', $query) && $query['order'] !== '') { $record_qry .= $query['order']; } if (array_key_exists('limit', $query) && $query['limit'] !== '') { $record_qry .= $query['limit']; } $resultRecords = mysql_query($record_qry); // Number of filtered records $resultFiltered = mysql_query("SELECT * FROM course_sections" . $where); $filtered_records = mysql_num_rows($resultFiltered); $output = array("sEcho" => intval($_GET['sEcho']), "iTotalRecords" => "{$total_records}", "iTotalDisplayRecords" => "{$filtered_records}", "aaData" => array());
<?php include 'config.php'; $allowed_domains = array('localhost', 'basekit-staging.digibuzz24.net'); $settings = json_decode(file_get_contents('admin/data/settings.txt')); $email = secure_data($_GET['e']); //echo "<pre>"; print_r($_SERVER); exit; $ref_domain = ''; $referrer = @$_SERVER['HTTP_REFERER']; if ($referrer) { $parse = parse_url($referrer); $ref_domain = preg_replace('#^www\\.(.+\\.)#i', '$1', $parse['host']); } if ($email && filter_var($email, FILTER_VALIDATE_EMAIL) && $ref_domain && in_array($ref_domain, $allowed_domains)) { $user_data = mysql_get_rows('users', array('where' => 'email = "' . $email . '"'), 1); if (!$user_data) { $email_arr = explode('@', $email); $username = $email_arr[0]; $insert_data = array('email' => $email, 'username' => $username, 'password' => md5(rand(5, 6)), 'type' => 2, 'status' => 1, 'created_at' => date('Y-m-d H:i:s')); $id = insertDB($insert_data, 'users'); } else { $id = $user_data['id']; } $_SESSION['agent'] = $id; header("Location: dashboard.php"); exit; } else { header("Location: login.php"); exit; }
<?php require_once 'config.php'; if (isset($_POST['save'])) { require_once 'ajax/addstep.php'; } $data = array(); $sections = array(); $course_id = secure_data($_GET['cid']); $cqry = "SELECT * FROM course_sections WHERE course_id = '{$course_id}' AND type=1"; $cresult = mysql_query($cqry); while ($row = mysql_fetch_assoc($cresult)) { $sections[$row['id']] = $row['name']; } ?> <div id="page-wrapper"> <div class="row"> <div class="col-lg-12"> <div class="clearfix"> <h1 class="page-header">Add new step</h1> </div> <div class="clearfix loader-parent"> <form id="form-add-step" class="form-horizontal" enctype="multipart/form-data" action="" method="post" role="form"> <div class="message-container"></div> <div class="form-group clearfix"> <label class="col-sm-2 control-label" for="name">Name</label> <div class="col-lg-6 col-sm-10"> <input type="text" name="name" id="name" class="form-control" value="<?php echo form_field('name', $data); ?> ">
} // dmexpert id available if ($dmid) { $service_data = mysql_get_rows('services', array('where' => "id = '{$package_data['service_id']}'"), 1); if (!is_array($service_data)) { $service_data = array(); } $insert_data['item_name'] = count($service_data) > 0 ? $service_data['name'] : ''; $insert_data['package'] = $package_data['job']; $insert_data['package_id'] = $dmid; $msg_insert_data['message'] = secure_data($package_data['required_data']); $msg_insert_data['deliverable'] = secure_data($package_data['deliverable']); $msg_insert_data['days'] = secure_data($package_data['days_to_complete']); } else { if (is_array($def_data)) { $msg_insert_data['message'] = secure_data($def_data['required_data']); $msg_insert_data['deliverable'] = secure_data($def_data['deliverable']); $msg_insert_data['days'] = secure_data($def_data['days_to_complete']); } else { $msg_insert_data['days'] = secure_data($outsource_data['days_complete']); } } // Insert in payment table $payment_id = insertDB($insert_data, 'payments'); $msg_insert_data['payment_id'] = $payment_id; // Insert in message table insertDB($msg_insert_data, 'messages'); $return_data['status'] = 1; $return_data['payment_id'] = $payment_id; } echo json_encode($return_data);
function do_meta_tag($arrayTermino = "") { global $CFG; //Si hay algún tema de proveniente de algún proceso global $tema; //Si hay cambio de idioma... para que no dé duplicado $labelChangeLang = $_GET[setLang] ? '. ' . ucfirst($_SESSION[$_SESSION["CFGURL"]][lang][0]) : ''; $ARRAYfetchValues = ARRAYfetchValues('METADATA'); $_SESSION["CFGContributor"] = $ARRAYfetchValues["dc:contributor"]["value"]; $_SESSION["CFGRights"] = $ARRAYfetchValues["dc:rights"]["value"]; $_SESSION["CFGPublisher"] = $ARRAYfetchValues["dc:publisher"]["value"]; $_SESSION["CFGlastMod"] = fetchlastMod(); if (secure_data($tema, "digit")) { //Si hay tema_id desde GET o POST $tema_id = $_POST[tema] ? secure_data($_POST[tema], "digit") : secure_data($_GET[tema], "digit"); //Si hay tema_id desde algún proceso $tema_id = $tema ? $tema : $tema_id; } $letra = isValidLetter($_GET[letra]); if (secure_data($tema_id, "digit")) { $ARRAYdatosTermino = ARRAYverDatosTermino(secure_data($tema_id, "digit")); $sub_title = '; ' . xmlentities($ARRAYdatosTermino[titTema]); $ver_sub_title = xmlentities($ARRAYdatosTermino[titTema]) . ' - '; $relMeta = '<link rel="Dublin Core metadata" type="application/xml" href="xml.php?dcTema=' . $ARRAYdatosTermino[idTema] . '" title="Dublin Core ' . xmlentities($datosTermino[titTema]) . '" />'; $relMeta .= '<link rel="MADS metadata" type="application/xml" href="xml.php?madsTema=' . $ARRAYdatosTermino[idTema] . '" title="MADS ' . xmlentities($datosTermino[titTema]) . '" />'; $relMeta .= '<link rel="Zthes metadata" type="application/xml" href="xml.php?zthesTema=' . $ARRAYdatosTermino[idTema] . '" title="Zthes ' . xmlentities($datosTermino[titTema]) . '" />'; $relMeta .= '<link rel="Skos metadata" type="application/rdf+xml" href="xml.php?skosTema=' . $ARRAYdatosTermino[idTema] . '" title="Skos Core ' . xmlentities($datosTermino[titTema]) . '" />'; $relMeta .= '<link rel="TopicMap metadata" type="application/xml" href="xml.php?xtmTema=' . $ARRAYdatosTermino[idTema] . '" title="TopicMap ' . xmlentities($datosTermino[titTema]) . '" />'; } elseif (strlen($letra) > 0) { $sub_title = '; ' . MSG_ResultLetra . ' ' . xmlentities($letra); $ver_sub_title = ' :: ' . MENU_ListaAbc . ': ' . xmlentities($letra); } $meta_tag = '<title>' . xmlentities($ver_sub_title . ' ' . $_SESSION[CFGTitulo] . $labelChangeLang) . '</title>'; /* * Error en verificación $meta_tag.='<meta http-equiv="content-language" content="'.LANG.'" />'; */ $page_encode = in_array($CFG["_CHAR_ENCODE"], array('utf-8', 'iso-8859-1')) ? $CFG["_CHAR_ENCODE"] : 'utf-8'; header('Content-type: text/html; charset=' . $page_encode . ''); $meta_tag .= '<meta http-equiv="content-type" content="application/xhtml+xml; charset=' . $page_encode . '" />'; $meta_tag .= '<meta name="generator" content="' . xmlentities($_SESSION[CFGVersion]) . '" />'; $meta_tag .= '<meta name="description" content="' . html2txt($ver_sub_title . $_SESSION[CFGCobertura] . $labelChangeLang) . '" />'; $meta_tag .= '<meta name="keywords" content="' . xmlentities($_SESSION[CFGKeywords] . $sub_title . $labelChangeLang) . '" />'; $meta_tag .= '<meta name="author" content="' . xmlentities($_SESSION[CFGAutor]) . '" />'; $meta_tag .= '<meta name="Creation_Date" content="' . $_SESSION[CFGCreacion] . '" />'; $meta_tag .= '<meta http-equiv="last-modified" content="' . $_SESSION["CFGlastMod"] . '" />'; $meta_tag .= '<meta name="robots" content="index, follow" />'; $meta_tag .= '<meta name="revisit-after" content="15 days" />'; //$meta_tag.='<!-- Dublin Core -->'; $meta_tag .= '<meta name="DC.Title" content="' . xmlentities($ver_sub_title . ' ' . $_SESSION[CFGTitulo]) . '" />'; $meta_tag .= '<meta name="DC.Creator" content="' . xmlentities($_SESSION[CFGAutor]) . '" />'; $meta_tag .= '<meta name="DC.Subject" content="' . xmlentities($_SESSION[CFGKeywords] . $sub_title) . '" />'; $meta_tag .= '<meta name="DC.Description" content="' . html2txt($ver_sub_title . $_SESSION[CFGCobertura], true) . '" />'; $meta_tag .= '<meta name="DC.Publisher" content="' . xmlentities($_SESSION[CFGPublisher]) . '" />'; $meta_tag .= '<meta name="DC.Contributor" content="' . xmlentities($_SESSION[CFGContributor]) . '" />'; $meta_tag .= '<meta name="DC.Rights" content="' . xmlentities($_SESSION[CFGRights]) . '" />'; $meta_tag .= '<meta name="DC.Date" content="' . $_SESSION[CFGCreacion] . '" />'; $meta_tag .= '<meta name="DC.Language" content="' . LANG . '" />'; $meta_tag .= '<link rel="' . MENU_Inicio . '" href="' . $_SESSION[CFGURL] . 'index.php" title="' . MENU_Inicio . '" />'; $meta_tag .= '<link rel="' . MENU_ListaSis . '" href="' . $_SESSION[CFGURL] . 'index.php" title="' . MENU_ListaSis . '" />'; $meta_tag .= '<link rel="' . MENU_ListaAbc . '" href="' . $_SESSION[CFGURL] . 'index.php?letra=?" title="' . MENU_ListaAbc . '" />'; $meta_tag .= '<link rel="' . MENU_Sobre . '" href="' . $_SESSION[CFGURL] . 'sobre.php" title="' . MENU_Sobre . '" />'; $meta_tag .= '<link rel="help" href="' . $_SESSION[CFGURL] . 'sobre.php" title="' . MENU_Sobre . '" />'; $meta_tag .= '<link rel="login" href="' . $_SESSION[CFGURL] . 'login.php" title="' . LABEL_login . '" />'; $meta_tag .= '<link rel="service" href="' . $_SESSION[CFGURL] . 'services.php" title="terminogical web services" />'; $meta_tag .= '<link rel="bookmark" href="' . $_SESSION[CFGURL] . '"/>'; $meta_tag .= '<link rel="rss" type="application/rss+xml" href="xml.php?rss=true" title="RSS ' . xmlentities($_SESSION[CFGTitulo]) . '" />'; $meta_tag .= '<link rel="alternate" type="application/rss+xml" href="xml.php?rss=true" title="RSS ' . xmlentities($_SESSION[CFGTitulo]) . '" />'; $meta_tag .= $relMeta; return array("metadata" => $meta_tag, "arraydata" => $ARRAYdatosTermino); }
$id = secure_data($_POST['id']); $return_data = array('status' => 0); foreach ($fields as $field) { $val = secure_data($_POST[$field]); if (in_array($field, $required_fields) && $val === '') { $error = 1; $message .= $message !== '' ? '<br>Please fill up all data' : 'Please fill up all data'; break; } $update_data .= $update_data !== '' ? ", " : ""; $update_data .= "`{$field}` = '{$val}'"; $post_data[$field] = $val; } $file_change = secure_data($_POST['file_change']); if ($file_change == 1) { $image = secure_data($_POST['image']); if ($image !== '') { $src = UPLOAD_ROOT . 'temp/' . $image; $destination = UPLOAD_ROOT . 'course/' . $image; $destination_thumb = UPLOAD_ROOT . 'course/thumb/' . $image; if (file_exists($src)) { copy($src, $destination); generatethumb($src, $destination_thumb, 580, 367); unlink($src); } } $post_data['image'] = $image; $update_data .= $update_data !== '' ? ", " : ""; $update_data .= "`image` = '" . $image . "'"; } if ($error == 0) {
function SQLtargetTermsVocabulary($tvocab_id, $from = "0", $limit = "20") { global $DBCFG; $tvocab_id = secure_data($tvocab_id, "sql"); $from = is_numeric($from) ? $from : "0"; $limit = is_numeric($limit) ? $limit : "20"; $idUser = secure_data($idUser, "sql"); return SQL("select", "tv.tvocab_id,tv.tvocab_label,tv.tvocab_tag,\r\n\t\ttv.tvocab_title,tv.tvocab_url,tv.tvocab_uri_service,tv.cuando,tv.uid,\r\n\t\tt2tt.tterm_id,t2tt.tterm_url,t2tt.tterm_uri,t2tt.tterm_string,t2tt.cuando,t2tt.cuando_last,\r\n\t\tt.tema_id,t.tema\r\n\t\tfrom {$DBCFG['DBprefix']}tvocab tv,{$DBCFG['DBprefix']}term2tterm t2tt,{$DBCFG['DBprefix']}tema t\r\n\t\twhere tv.tvocab_id=t2tt.tvocab_id\r\n\t\tand t2tt.tema_id=t.tema_id\r\n\t\tand tv.tvocab_id='{$tvocab_id}'\r\n\t\torder by tv.tvocab_tag,t2tt.tterm_string\r\n\t\tlimit {$from},{$limit}"); }
<?php require_once '../config.php'; checkAjax(); $return_data = array('status' => 0); $id = secure_data($_POST['id']); $table = secure_data($_POST['tbl']); $allowed_tables = array('courses', 'course_sections'); if ($id && $table && in_array($table, $allowed_tables)) { deleteDB($table, $id); $return_data['status'] = 1; $return_data['message'] = 'Record deleted successfully.'; } echo json_encode($return_data); exit;
function HTMLadvancedSearchResult($array) { //Ctrol lenght string $array[xstring] = secure_data(trim($array[xstring]), "sql"); if (strlen(trim($array[xstring])) >= CFG_MIN_SEARCH_SIZE) { $sql = SQLadvancedSearch($array); $classMensaje = $sql[cant] ? 'information' : 'warning'; $resumeResult = '<p id="adsearch" class=' . $classMensaje . '><strong>' . $sql[cant] . '</strong> ' . MSG_ResultBusca . ' <strong> "<em>' . stripslashes($array[xstring]) . '</em>"</strong></p>'; } else { $sql[cant] = '0'; $resumeResult = '<p id="adsearch" class="error">' . sprintf(MSG_minCharSerarch, stripslashes($array[xstring]), strlen($array[xstring]), CFG_MIN_SEARCH_SIZE - 1) . '</p>'; } $body .= $resumeResult; if ($sql[cant] > 0) { $row_result .= '<div id="listaBusca"><ul>'; while ($resulta_busca = mysqli_fetch_array($sql[datos])) { $ibusca = ++$ibusca; //Si no es un término preferido if ($resulta_busca[uf_tema_id]) { switch ($resulta_busca[t_relacion]) { case '4': //UF $leyendaConector = USE_termino; break; case '5': //Tipo relacion término equivalente parcialmente $leyendaConector = '<acronym title="' . LABEL_termino_parcial_equivalente . '" lang="' . LANG . '">' . EQP_acronimo . '</acronym>'; break; case '6': //Tipo relacion término equivalente $leyendaConector = '<acronym title="' . LABEL_termino_equivalente . '" lang="' . LANG . '">' . EQ_acronimo . '</acronym>'; break; case '7': //Tipo relacion término no equivalente $leyendaConector = '<acronym title="' . LABEL_termino_no_equivalente . '" lang="' . LANG . '">' . NEQ_acronimo . '</acronym>'; break; case '8': //Tipo relacion término equivalente inexacta $leyendaConector = '<acronym title="' . LABEL_termino_parcial_equivalente . '" lang="' . LANG . '">' . EQP_acronimo . '</acronym>'; break; } $row_result .= '<li><em><a title="' . LABEL_verDetalle . $resulta_busca[tema] . '" href="index.php?tema=' . $resulta_busca[uf_tema_id] . '&/' . string2url($resulta_busca[uf_tema]) . '">' . $resulta_busca[uf_tema] . '</a></em> ' . $leyendaConector . ' <a title="' . LABEL_verDetalle . $resulta_busca[tema] . '" href="index.php?tema=' . $resulta_busca[tema_id] . '">' . $resulta_busca[tema] . '</a> </li>' . "\r\n"; } else { $row_result .= '<li><a title="' . LABEL_verDetalle . $resulta_busca[tema] . '" href="index.php?tema=' . $resulta_busca[tema_id] . '&/' . string2url($resulta_busca[tema]) . '">' . $resulta_busca[tema] . '</a></li>' . "\r\n"; } } //fin del while $row_result .= '</ul>'; $row_result .= '</div>'; } // fin de if result return $body . $row_result; }