function strips(&$el) { if (is_array($el)) { foreach ($el as $k => $v) { strips($el[$k]); } } else { $el = trim(stripslashes($el)); } }
function strips(&$arr, $k = "") { if (is_array($arr)) { foreach ($arr as $k => $v) { if (strtoupper($k) != "GLOBALS") { strips($arr["{$k}"]); } } } else { $arr = stripslashes($arr); } }
function strips(&$el) { if (is_array($el)) { foreach ($el as $k => $v) { if ($k != 'GLOBALS' && !strstr($k, "_ENV") && !strstr($k, "_SERVER")) { strips($el[$k]); } } } else { $el = stripslashes($el); } }
function strips(&$a) { // Проверка переменной; if (isset($a) and is_array($a)) { foreach ($a as $k => $v) { // Рекурсивный вызов функции; strips($a[$k]); } } else { // Удаление лишних пробелов; $a = preg_replace("/ +/", " ", trim($a)); // Обработка строк для записи в БД; //$a = mysql_real_escape_string($a); } }
function strips(&$el) { if (is_array($el)) { foreach ($el as $k => $v) { if ($k != "GLOBALS") { strips($el["{$k}"]); } } } else { $el = stripslashes($el); } }
strips($_REQUEST); if (isset($_SERVER['PHP_AUTH_USER'])) { strips($_SERVER['PHP_AUTH_USER']); } if (isset($_SERVER['PHP_AUTH_PW'])) { strips($_SERVER['PHP_AUTH_PW']); } } // $aGetQuery - массив содержащий все get-параметры // $sRequest - строка запроса, $nRequest - ee длина // $aRequest - массив элементов запроса $url = parse_url($_SERVER['REQUEST_URI']); if (isset($url['query'])) { parse_str($url['query'], $url['query']); if (get_magic_quotes_gpc()) { strips($url['query']); } $aGetQuery = $url['query']; } else { $aGetQuery = array(); } $sRequest = unslashify($url['path']); $nRequest = strlen($sRequest); $aRequest = explode('/', $sRequest); // libs, нужные в том числе и ядру // Components // ***TODO***: Кэшировать в файле алиасы таблиц, чтобы не дергать каждый раз базу $Components = new Components(); foreach ($Components->getAllTablesAndAliases() as $v) { $v['alias'] = 'DB_TBL_' . strtoupper($v['alias']); if (!defined($v['alias'])) { define($v['alias'], $v['name']);
ini_set('display_errors', 'Off'); ini_set('log_errors', 'On'); ini_set('error_log', ROOT_DIR . DS . 'tmp' . DS . 'error.log'); } /* * Bersihkan Magic Quotes jika ada */ function strips($val) { $value = is_array($val) ? array_map('strips', $val) : stripslashes($val); return $value; } if (get_magic_quotes_gpc()) { $_GET = strips($_GET); $_POST = strips($_POST); $_COOKIE = strips($_COOKIE); } /* * bersihkan variabel $_GLOBALS */ if (ini_get('register_globals')) { $array = array('_SESSION', '_POST', '_GET', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES'); foreach ($array as $value) { foreach ($GLOBALS[$value] as $key => $var) { if ($var === $GLOBALS[$key]) { unset($GLOBALS[$key]); } } } } /*
function strips(&$param) { if (is_array($param)) { foreach ($param as $k => $v) { strips($param[$k]); } } else { $param = stripslashes($param); //$param = utf8Filter($param); } }
require_once FLGR_COMMON . '/common.php'; // Все общие функции // Сервер может быть настроен так, чтобы экранировать // слеши во входных массивах. Восстанавливаем // нормальное состояние массивов. if (get_magic_quotes_gpc()) { strips($_GET); strips($_POST); strips($_FILES); strips($_COOKIE); strips($_REQUEST); if (isset($_SERVER['PHP_AUTH_USER'])) { strips($_SERVER['PHP_AUTH_USER']); } if (isset($_SERVER['PHP_AUTH_PW'])) { strips($_SERVER['PHP_AUTH_PW']); } } // $aGetQuery - массив содержащий все get-параметры // $sRequest - строка запроса, $nRequest - ee длина // $aRequest - массив элементов запроса $url = parse_url($_SERVER['REQUEST_URI']); if (isset($url['query'])) { parse_str($url['query'], $url['query']); $aGetQuery = $url['query']; } else { $aGetQuery = array(); } $sRequest = unslashify($url['path']); $nRequest = strlen($sRequest); $aRequest = explode('/', $sRequest);
if(isset($_POST['usn']) && isset($_POST['pwd'])){ if($_SESSION['kodever']==$_POST['kodever']){ require_once(PATH_FUNGSI."/koneksi.php"); $k = new koneksi; $usn = strtolower(strips($_POST['usn'])); $pwd = md5(strips($_POST['pwd'])); $sql = "select level from tbl_admin where usn='$usn' and pwd='$pwd'"; $q = $k->exQ($sql); if($q){ if(mysql_num_rows($q)==1){ $unique = genUnique(32); $sql = "update tbl_admin set unique_id='$unique',last_login='******' where usn='$usn'"; $k->exQ($sql); $data = mysql_fetch_array($q,MYSQL_NUM); $_SESSION['usn']=$usn; $_SESSION['pwd']=strips($_POST['pwd']); $_SESSION['levelUser']=$data[0]; $_SESSION['uniqueId']=$unique; // login ke forum #include_once("forum.php"); // redirect halaman header("Location: ".$_SERVER['HTTP_REFERER']); die(); }else{ $smarty->assign("pesan","Invalid Username or Password !"); session_destroy(); } }else{ redirect("../error.php?p=1"); } }else{
$smarty->assign('pesan',"Data updated, wait pproval for your parent".$usr->pesan.$meta); $smarty->assign('dshowMe',true); }else{ $smarty->assign('pesan',"Failed to edit Membersip !".$usr->pesan.$meta); } } } } //pilih aksi if(isset($_POST['edit'])){ $edit = true; $smarty->assign("edit","true"); } $idUnik = strips($_SESSION['userId']); $sql = "select id,name,email,date_format(tglLahir,'%Y-%m-%d') as tglLahir,date_format(tglLahir,'%D %M %y') as waktu, tmpLahir,alamat,negara,noRumah,noHp,hobby,ortu,noHportu,handicap,golfClub,gambar,if(recomendation=1,'checked','') as rec, if(recomendation=1,'Yes','No') as recomen,level,group_type,package,reward_earned, ranking_point,trial_point,editProfile from tbl_membership where id='$idUnik'"; $result = $usr->exQ($sql); if(@mysql_num_rows($result)>0){ $data = mysql_fetch_array($result,MYSQL_ASSOC); foreach($data as $k=>$value){ $listProfile[$k] = $value; if($k == 'gambar'){ if($value != ""){ $listProfile['gambar'] = IMAGE_MEMBER."/".$data['gambar']; }else { $listProfile['gambar'] = IMAGE_MEMBER."/noPict.jpg"; }
$menuitems[0]['url'] = "http://..."; $menuitems[0]['text'] = "ダミー"; $smarty->assign("menuitems", $menuitems); //ヘッダ $smarty->assign("head" . "簡易掲示板"); //メインコンテンツ $contents = array(); $dbh = mysql_connect($db_host, $db_username, $db_password); if ($dbh !== false) { $sqlstr = "use {$db_name}"; mysql_query($sqlstr, $dbh); //削除マークのない20件を抽出 $sqlstr = "select * from mybbs where mark = '0' order by dt desc limit 20"; $result = mysql_query($sqlstr, $dbh); while ($row = mysql_fetch_assoc($result)) { $row = sanitate(strips($row)); $form_id = "form_" . $row['id']; $row['caption'] = '<form action="delete.php" method="get" id="' . $form_id . '>">' . '<input type="hidden" name="id" value="' . $row['id'] . '" />' . '<input type="password" size="10" name="pass" />' . '<input type="submit" value="削除" />' . '</form>'; '<div style="cusor:pointer;" onClick="javascript:document.getElementById(¥"' . $form_id . '¥").style.display=¥"block¥";¥">削除する</div>'; array_push($contents, $row); } } //print_r($contents); $smarty->assign("contents", $contents); //投稿フォーム $form['action'] = "bbswrite.php"; $form['title'] = ''; $form['body'] = 'Name<input type="text" name="name" /><br>' . 'Mail<input type="text" name="mailaddr" /><Br>' . 'Pass<input type="password" name="pass" /><br>' . 'Subject<input type="text" name="subject" /><Br>' . '本文<textarea rows="5" cols="40" name="body" /></textarea><br>' . '<input type="submit" value="新規投稿" />'; $smarty->assign("form", $form); $smarty->assign("contents", $contents); $smarty->display("index.tpl");
/** * @return void */ private function inputCheck() { /** * magic gemor */ if (get_magic_quotes_gpc()) { strips($_GET); strips($_POST); strips($_COOKIE); strips($_REQUEST); if (isset($_SERVER['PHP_AUTH_USER'])) { strips($_SERVER['PHP_AUTH_USER']); } if (isset($_SERVER['PHP_AUTH_PW'])) { strips($_SERVER['PHP_AUTH_PW']); } } }