function referral() { global $lang; global $timezone; $url = $GLOBALS['site_url']; $domain = trim(str_replace('www.', "", $url)); if (isset($_SERVER['HTTP_REFERER'])) { $referral = $_SERVER['HTTP_REFERER']; } else { $referral = $lang['unknown_referrer']; } if (isset($GLOBALS['pixie_user'])) { $uname = $GLOBALS['pixie_user']; } else { $uname = 'Visitor'; } $ip = $_SERVER['REMOTE_ADDR']; $uname = sterilise_txt($uname, TRUE); if (!preg_match('/^[0-9\\.]+$/', $ip)) { $ip = sterilise($ip, TRUE); $referral = sterilise($referral, TRUE); } if ($referral and !strstr($referral, $domain)) { safe_insert('pixie_log', "user_id = '{$uname}', \n\t\t\t\t\t\t\t\t\t user_ip = '{$ip}', \n\t\t\t\t\t\t\t\t \t log_time = utc_timestamp(),\n\t\t\t\t\t\t\t\t \t log_type = 'referral',\n\t\t\t\t\t\t\t\t \t log_icon = 'referral',\n\t\t\t\t\t\t\t\t \t log_message = '{$referral}'"); } }
// lets check to see if the refferal is from the current site if (strpos($_SERVER['HTTP_REFERER'], $site_url) != FALSE) { die; } // lets check to see if our bot catcher has been filled in if ($iam) { die; } if (isset($uemail)) { $domain = explode('@', $uemail); if (preg_match('#^[\\w.-]+@[\\w.-]+\\.[a-zA-Z]{2,6}$#', $uemail) && checkdnsrr($domain[1])) { if (isset($subject)) { if ($message) { $message = sterilise($message); $subject = sterilise($subject); $uemail = sterilise($uemail); $to = safe_field('email', 'pixie_users', "user_id = '{$contact}' limit 0,1"); $eol = "\r\n"; $headers .= "From: {$uemail} <{$uemail}>" . $eol; $headers .= "Reply-To: {$uemail} <{$uemail}>" . $eol; $headers .= "Return-Path: {$uemail} <{$uemail}>" . $eol; } else { $error = 'Please enter a message.'; } } else { $error = 'Please provide a subject.'; } } else { $error = 'Please provide a valid email adress.'; } } else {
* @copyright 2008-2010 Scott Evans * @author Scott Evans * @author Sam Collett * @author Tony White * @author Isa Worcs * @link http://www.getpixie.co.uk * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public License v3 * @todo Tag release for Pixie 1.04 * */ if (isset($login_forgotten)) { sleep(3); if (!isset($username)) { $username = NULL; } $username = sterilise($username, TRUE); $r1 = safe_field('email', 'pixie_users', "email='{$username}'"); $r2 = safe_field('user_name', 'pixie_users', "user_name='{$username}'"); if ($r1 or $r2) { if ($r1) { $rs = $r1; } else { $rs = safe_field('email', 'pixie_users', "user_name='{$username}'"); } if ($rs) { $password = generate_password(8); $nonce = md5(uniqid(rand(), TRUE)); $sql = "pass = password(lower('{$password}')), nonce = '{$nonce}'"; $ok = safe_update('pixie_users', "{$sql}", "email = '{$rs}'"); if (isset($rs) && $ok) { $email = $rs;
$error = $lang['comment_throttle_error']; } $comment = strip_tags($comment, '<strong><em><a>'); $comment = nl2br($comment); $comment = str_replace('<a', "<a rel=\"external nofollow\"", $comment); $name = strip_tags($name); if (isset($email)) { $email = strip_tags($email); } $web = strip_tags($web); $post = strip_tags($post); $scomment = sterilise($comment); $sweb = sterilise($web); $sname = sterilise($name); if (isset($email)) { $semail = sterilise($email); } $scream = array(); if (!$name) { if (isset($error)) { } else { $error = NULL; } $error .= $lang['comment_name_error'] . ' '; $scream[] = 'name'; } if (!$comment) { $error .= $lang['comment_comment_error'] . ' '; $scream[] = 'comment'; } $check = new Validator();
function sterilise_txt($txt, $is_sql = FALSE) { if (!preg_match('/^[a-zA-ZÀÁÂÃÄÅĀĄĂÆÇĆČĈĊĎĐÐÈÉÊËĒĘĚĔĖĜĞĠĢĤĦÌÍÎÏĪĨĬĮİIJĴĶŁĽĹĻĿÑŃŇŅŊÒÓÔÕÖØŌŐŎŒŔŘŖŚŠŞŜȘŤŢŦȚÙÚÛÜŪŮŰŬŨŲŴÝŶŸŹŽŻÞÞàáâãäåāąăæçćčĉċďđðèéêëēęěĕėƒĝğġģĥħìíîïīĩĭįıijĵķĸłľĺļŀñńňņʼnŋòóôõöøōőŏœŕřŗšùúûüūůűŭũųŵýÿŷžżźþßſАБВГДЕЁЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЭЮЯабвгдеёжзийклмнопрстуфхцчшщъыэюя0-9\\_]+$/', $txt)) { return sterilise($txt, $is_sql); } return $txt; }
$email = sterilise($email, TRUE); $biography = mysql_real_escape_string($biography); $link_1 = sterilise($link_1, TRUE); $link_2 = sterilise($link_2, TRUE); $link_3 = sterilise($link_3, TRUE); $occupation = sterilise($occupation, TRUE); $website = sterilise($website, TRUE); $street = sterilise($street, TRUE); $town = sterilise($town, TRUE); $street = sterilise($street, TRUE); $town = sterilise($town, TRUE); $county = sterilise($county, TRUE); $country = sterilise($country, TRUE); $post_code = sterilise($post_code, TRUE); $telephone = sterilise($telephone, TRUE); $user_id = sterilise($user_id, TRUE); $sql = "realname = '{$realname}', email = '{$email}', biography = '{$biography}', link_1 = '{$link_1}', link_2 = '{$link_2}', \r\n\t\t\t\t\tlink_3 = '{$link_3}', occupation = '{$occupation}', website = '{$website}', street = '{$street}', town = '{$town}', \r\n\t\t\t\t\tcounty = '{$county}', country = '{$country}', post_code = '{$post_code}', telephone = '{$telephone}'"; $ok = safe_update('pixie_users', "{$sql}", "user_id = '{$user_id}'"); if (!$ok) { if (isset($table_name)) { safe_optimize("{$table_name}"); safe_repair("{$table_name}"); } $message = $lang['unknown_error']; } else { $messageok = $lang['profile_ok']; } } else { $err = explode('|', $error); $message = $err[0]; }
function admin_overview($table_name, $condition, $order_by, $asc_desc, $exclude = array(NULL), $view_number, $type) { global $page, $message, $s, $m, $x, $messageok, $search_submit, $field, $search_words, $tag, $lang; $table_name = adjust_prefix($table_name); $searchwords = trim($search_words); if ($page) { $searchwords = $search_submit; } if ($search_submit && isset($table_name)) { $searchwords = sterilise($searchwords, FALSE); //build search sql $r2 = safe_query("show fields from {$table_name}"); for ($j = 0; $j < mysql_num_rows($r2); $j++) { if ($F = mysql_fetch_array($r2)) { $an[$j] = $F['Field']; } if (last_word($an[$j]) != 'id') { if ($an[$j] != 'posted') { if ($an[$j] != 'author') { if ($an[$j] != 'comments') { if ($an[$j] != 'public') { if (first_word($an[$j]) != 'last') { if ($an[$j] != 'date') { $search_sql .= $an[$j] . " like '%" . $searchwords . "%' OR "; } } } } } } } } $search_sql = substr($search_sql, 0, strlen($search_sql) - 3) . ""; //echo $search_sql; } if (isset($tag)) { $tag = squash_slug($tag); } if (isset($table_name)) { if ($search_submit) { if ($m == 'dynamic') { $page_id = get_page_id($x); $r1 = safe_query("select * from {$table_name} where page_id = '{$page_id}' and (" . $search_sql . ") order by {$order_by} {$asc_desc}"); } else { $r1 = safe_query("select * from {$table_name} where " . $search_sql . " order by {$order_by} {$asc_desc}"); } } else { if (isset($tag) && $tag) { $r1 = safe_query("select * from {$table_name} where tags REGEXP '[[:<:]]" . $tag . "[[:>:]]' order by {$order_by} {$asc_desc}"); } else { $r1 = safe_query("select * from {$table_name} {$condition} order by {$order_by} {$asc_desc}"); } } } if ($r1) { $total = mysql_num_rows($r1); if (!isset($page) && isset($table_name)) { $lo = 0; $page = 1; if ($search_submit) { if ($m == 'dynamic') { $page_id = get_page_id($x); $r = safe_query("select * from {$table_name} where page_id = '{$page_id}' and (" . $search_sql . ") order by {$order_by} {$asc_desc}"); } else { $r = safe_query("select * from {$table_name} where " . $search_sql . " order by {$order_by} {$asc_desc}"); } } else { if (isset($tag) && $tag) { $r = safe_query("select * from {$table_name} where tags REGEXP '[[:<:]]" . $tag . "[[:>:]]' order by {$order_by} {$asc_desc}"); } else { $r = safe_query("select * from {$table_name} {$condition} order by {$order_by} {$asc_desc} limit {$lo},{$view_number}"); } } } else { if (isset($table_name)) { $lo = ($page - 1) * $view_number; if ($search_submit) { if ($m == 'dynamic') { $page_id = get_page_id($x); $r = safe_query("select * from {$table_name} where page_id = '{$page_id}' and (" . $search_sql . ") order by {$order_by} {$asc_desc}"); } else { $r = safe_query("select * from {$table_name} where " . $search_sql . " order by {$order_by} {$asc_desc}"); } } else { if (isset($tag) && $tag) { $r = safe_query("select * from {$table_name} where tags REGEXP '[[:<:]]" . $tag . "[[:>:]]' order by {$order_by} {$asc_desc}"); } else { $r = safe_query("select * from {$table_name} {$condition} order by {$order_by} {$asc_desc} limit {$lo},{$view_number}"); } } } } if ($r) { $rows = mysql_num_rows($r); $hi = $lo + $view_number; if ($hi > $total) { $finalmax = $total - $lo; $hi = $total; } $pages = ceil($total / $view_number); if ($pages < 1) { $pages = 1; } } /* Was : */ /* $a = &new Paginator_html($page, $total); */ /* but it's providing a "Assigning the return value of new by reference is deprecated" message. */ $a = new Paginator_html($page, $total); $a->set_Limit($view_number); $a->set_Links(4); $whereami = "?s={$s}&m={$m}&x={$x}"; if (isset($tag) && $tag) { $whereami = "?s={$s}&m={$m}&x={$x}&tag={$tag}"; } if ($search_submit) { $whereami = "?s={$s}&m={$m}&x={$x}&search_submit={$searchwords}"; } echo "\n\t\t\t\t\t<div class=\"admin_table_holder pcontent\">\n\t\t\t\t\t"; $wheream = "?s={$s}&m={$m}&x={$x}&page={$page}"; if (isset($table_name) && $rows) { if (isset($finalmax) && $finalmax) { } else { $finalmax = NULL; } $Table = new ShowTable($r, $exclude, $table_name, $view_number, $lo, $finalmax, $wheream, $type, $s); $Table->DrawBody(); $loprint = $lo + 1; echo "\n\t\t\t\t\t\t<div id=\"admin_table_overview\">\n\t\t\t\t\t\t\t<p>" . $lang['total_records'] . ": {$total} (" . $lang['showing_from_record'] . " {$loprint} " . $lang['to'] . " {$hi}) {$pages} " . $lang['page(s)'] . ".</p>\n\t\t\t\t\t\t</div>\n\n\t\t\t\t\t\t<div id=\"admin_table_pages\">\n\t\t\t\t\t\t\t"; echo "<p>"; $a->previousNext($whereami); echo "</p>"; echo "\n\t\t\t\t\t\t</div>"; } else { if ($search_submit or isset($tag) && $tag) { echo "<div class=\"helper\"><h3>" . $lang['help'] . "</h3><p>" . $lang['helper_search'] . "</p></div>"; } else { echo "<div class=\"helper\"><h3>" . $lang['help'] . "</h3><p>" . $lang['helper_nocontent'] . "</p></div>"; } echo "\n\t\t\t\t\t</div>\n"; } if ($rows) { echo "\n\t\t\t\t\t</div>\n"; } } }