Пример #1
0
/**
 * Check for input.
 * If there is none, return waiting signal.
 * If there is input, validate it, and either report errors or move on to next step.
 */
function processInput()
{
    global $RESPONSE, $SESSION;
    if (sessionExpired()) {
        return;
    }
    // did we get the information necessary to move on to the next step?
    if (isset($_POST['click'])) {
        // data was submitted
        if (!validateInput()) {
            return;
        }
        storeInput();
        $SESSION->setStatus(Session::finished_step);
        if (readyToMoveOn()) {
            executeGroupCallbacks();
            advanceStep();
        }
    } else {
        // no user input
        if ($SESSION->current_step->time_limit > 0) {
            // if there is a time limit, announce remaining time
            $RESPONSE = array('action' => 'countdown', 'seconds' => $SESSION->expires - time());
        } else {
            // tell client to wait
            $RESPONSE = array('action' => 'wait');
        }
    }
}
Пример #2
0
function validateForm(&$errors)
{
    global $username, $password, $verifyPassword;
    if (!validateInput($username)) {
        $errors['username'][] = 'Your username must be between 4 and 8 symbols long. You can use latin characters, digits and - or _';
    }
    if (!validateInput($password) || !validateInput($verifyPassword)) {
        $errors['password'][] = 'Your password must be between 4 and 8 symbols long. You can use lating characters, digits and - or _';
    }
    if (!samePassword($password, $verifyPassword)) {
        $errors['password'][] = 'You must enter the same password twice.';
    } else {
        $password = password_hash($password, PASSWORD_DEFAULT);
    }
}
Пример #3
0
<h3 style ="text_align:center">Using IF ELSE</h3>
<form name="BirthYear" action="BirthYear_ifelse.php" method="post">
<p>Year of Birth: <input type="number" name="Year" value="<?php 
    echo $YearOfBirth;
    ?>
" /></p>
<p><input type="reset" value="Clear Form" />&nbsp;&nbsp;<input type="submit" name="Submit" value"Show Me My Sign" /></p>
</form>

<?php 
}
$ShowForm = TRUE;
$errorCount = 0;
$YearOfBirth = 0;
if (isset($_POST['Submit'])) {
    $YearOfBirth = validateInput($_POST['Year'], "Year of Birth");
    if ($errorCount == 0) {
        $ShowForm = FALSE;
    } else {
        $ShowForm = TRUE;
    }
}
if ($ShowForm == TRUE) {
    if ($errorCount > 0) {
        echo "<p>Please re-enter the form information below.</p>\n";
    }
    displayForm($Sender, $Email, $Subject, $Message);
} else {
    $yearSign = getYearSign($YearOfBirth);
    echo "<pre>You were born under the sign of the " . strtolower($yearSign) . ".\n\n";
    echo "<img src='" . $yearSign . ".jpg'/>";
Пример #4
0
    if (validateInput($_GET["task"], 'nospace') === true) {
        $selTask = $_GET["task"];
    }
}
session_set_cookie_params(43200);
// 8 hours
session_name("hlstats-session");
session_start();
session_regenerate_id(true);
$auth = false;
require 'class/admin.class.php';
$adminObj = new Admin();
$auth = $adminObj->getAuthStatus();
// process the logout
if (!empty($_GET['logout'])) {
    if (validateInput($_GET['logout'], 'digit') === true && $_GET['logout'] == "1") {
        $adminObj->doLogout();
        header('Location: index.php');
    }
}
if ($auth === true) {
    if (!empty($selTask)) {
        if (file_exists(getcwd() . '/hlstatsinc/admintasks/' . $selTask . '.inc.php')) {
            require 'hlstatsinc/admintasks/' . $selTask . '.inc.php';
        } else {
            require 'hlstatsinc/admintasks/overview.php';
        }
    } else {
        // show overview
        require 'hlstatsinc/admintasks/overview.php';
    }
Пример #5
0
     $gameCode = sanitize($_GET['gameCode']);
     if (!empty($gameCode) && validateInput($gameCode, 'nospace')) {
         $query = "SELECT\n\t\t\t    \t\t\tt1.playerId,lastName,skill\n\t\t\t    \t\tFROM\n\t\t\t    \t\t\thlstats_Players as t1 INNER JOIN hlstats_PlayerUniqueIds as t2\n\t\t\t    \t\t\tON t1.playerId = t2.playerId\n\t\t\t    \t\tWHERE\n\t\t\t    \t\t\tt1.game='" . $gameCode . "'\n\t\t\t    \t\t\tAND t1.hideranking=0\n\t\t\t    \t\t\tAND t2.uniqueId not like 'BOT:%'\n\t\t\t    \t\tORDER BY skill DESC\n\t\t\t    \t\tLIMIT 10";
     }
     break;
     /**
      * return some information about the given server like livestats view
      */
 /**
  * return some information about the given server like livestats view
  */
 case 'serverinfo':
 default:
     // we want some server info
     $serverId = sanitize($_GET['serverId']);
     if (!empty($serverId) && validateInput($serverId, 'digit')) {
         // check if we have such server
         $query = mysql_query("\n\t\t\t\t\t\tSELECT\n\t\t\t\t\t\t\ts.serverId,\n\t\t\t\t\t\t\ts.name,\n\t\t\t\t\t\t\ts.address,\n\t\t\t\t\t\t\ts.port,\n\t\t\t\t\t\t\ts.publicaddress,\n\t\t\t\t\t\t\ts.game,\n\t\t\t\t\t\t\ts.rcon_password,\n\t\t\t\t\t\t\tg.name gamename\n\t\t\t\t\t\tFROM\n\t\t\t\t\t\t\thlstats_Servers s\n\t\t\t\t\t\tLEFT JOIN\n\t\t\t\t\t\t\thlstats_Games g\n\t\t\t\t\t\tON\n\t\t\t\t\t\t\ts.game=g.code\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tserverId=" . $serverId . "\n\t\t\t\t\t\t\t");
         if (mysql_num_rows($query) === 1) {
             // get the server data
             $serverData = mysql_fetch_assoc($query);
             $xmlBody = "<server>";
             $xmlBody .= "<name>" . $serverData['name'] . "</name>";
             $xmlBody .= "<ip>" . $serverData['address'] . "</ip>";
             $xmlBody .= "<port>" . $serverData['port'] . "</port>";
             $xmlBody .= "<game>" . $serverData['gamename'] . "</game>";
             // load the required stuff
             include 'hlstatsinc/binary_funcs.inc.php';
             include 'hlstatsinc/hlquery_funcs.inc.php';
             $xmlBody .= "<additional>";
             // run some query to display some more info
Пример #6
0
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */
$return['status'] = false;
$return['msg'] = false;
if (isset($_POST['sub']['auth'])) {
    if (isset($_POST['login']['username']) && isset($_POST['login']['pass'])) {
        $username = trim($_POST['login']['username']);
        $pass = trim($_POST['login']['pass']);
        $check = validateInput($username, 'nospace');
        $check1 = validateInput($pass, 'nospace');
        if ($check === true && $check1 === true) {
            $do = $adminObj->doLogin($username, $pass);
            if ($do === true) {
                $return['status'] = "3";
                $return['msg'] = l('Login successfull');
                header('Location: index.php?mode=admin');
            } else {
                $return['status'] = "2";
                $return['msg'] = l('Invalid auth data');
            }
        } else {
            $return['status'] = "1";
            $return['msg'] = l('Please provide authentication data');
        }
    }
Пример #7
0
////
//// Main
////
$modes = array("players", "clans", "weapons", "maps", "actions", "claninfo", "playerinfo", "weaponinfo", "mapinfo", "actioninfo", "playerhistory", "search", "admin", "help", "livestats", "playerchathistory", "teams");
$mode = '';
if (!empty($_GET["mode"])) {
    if (in_array($_GET["mode"], $modes) && validateInput($_GET['mode'], 'nospace') === true) {
        $mode = $_GET['mode'];
    }
}
// decide if we show the games or the game file
$queryAllGames = mysql_query("SELECT code,name FROM " . DB_PREFIX . "_Games WHERE hidden='0' ORDER BY name ASC");
$num_games = mysql_num_rows($queryAllGames);
$game = '';
if (isset($_GET['game'])) {
    $check = validateInput($_GET['game'], 'nospace');
    if ($check === true) {
        $game = $_GET['game'];
        $query = mysql_query("SELECT name FROM " . DB_PREFIX . "_Games WHERE code='" . mysql_escape_string($game) . "' AND `hidden` = '0'");
        if (mysql_num_rows($query) < 1) {
            error("No such game '{$game}'.");
        } else {
            $result = mysql_fetch_assoc($query);
            $gamename = $result['name'];
            if (empty($mode)) {
                $mode = 'game';
            }
        }
    }
} else {
    if ($num_games == 1) {
Пример #8
0
 /**
  * check if the user is logged in
  */
 private function _checkAuth()
 {
     if (isset($_SESSION['hlstatsAuth']['authCode'])) {
         $check = validateInput($_SESSION['hlstatsAuth']['authCode'], 'nospace');
         if ($check === true) {
             // check if we have such code into the db
             $userData = $this->_getSessionDataFromDB($_SESSION['hlstatsAuth']['authCode']);
             if ($userData !== false) {
                 // we have a valid user with valid authCode
                 // re create the authcode with current data
                 $authCode = sha1($_SERVER["REMOTE_ADDR"] . $_SERVER['HTTP_USER_AGENT'] . $userData['password']);
                 if ($authCode === $_SESSION['hlstatsAuth']['authCode']) {
                     $this->_authStatus = true;
                 }
             } else {
                 $this->_logoutCleanUp($_SESSION['hlstatsAuth']['authCode']);
             }
         }
     }
 }
Пример #9
0
function viewRegister()
{
    $errors = array();
    if (!empty($_POST)) {
        //vorm esitati
        if (empty($_POST["name"])) {
            $errors[] = "Nimi puudub.";
        }
        //nimi olemas
        $u = validateInput($_POST["name"]);
        $p1 = '';
        $p2 = '';
        $userMatch = false;
        $sql = "SELECT username FROM rsaarmae_users";
        $result = mysqli_query($_SESSION['connection'], $sql);
        while ($row = mysqli_fetch_assoc($result)) {
            if ($row['username'] == $u) {
                $userMatch = true;
                $errors[] = "Sellise nimega kasutaja on juba registreeritud, proovige teist nime";
            }
        }
        if (empty($_POST["name"])) {
        }
        if (empty($_POST["password"])) {
            $errors[] = "Salasõna puudub.";
        } else {
            $p1 = validateInput($_POST["password"]);
        }
        if (empty($_POST["password_check"])) {
            $errors[] = "Salasõna kontroll puudub.";
        } else {
            $p2 = validateInput($_POST["password_check"]);
        }
        if ($p1 != $p2) {
            $errors[] = "Salasõnad ei ühti.";
        }
        if (!$userMatch && empty($errors)) {
            $salt = sha1($p1 . $u . $p1);
            //salasõna räsi tekitamine ja soolamine
            $query = "INSERT INTO rsaarmae_users (username, pass) VALUES ('{$u}', '{$salt}');";
            mysqli_query($_SESSION['connection'], $query);
            startSession();
            startSession();
            $_SESSION["teade"] = "Registreeritud kasutaja nimega '" . $u . "'.";
            header("Location: controller.php?mode=index");
            exit(0);
        }
    }
    require_once 'register.php';
}
require 'dbconnection.php';
$action = isset($_POST['action']) ? $_POST['action'] : 'default';
function validateInput()
{
    if (empty($_POST['year']) || empty($_POST['month']) || empty($_POST['day'])) {
        return False;
    }
    $timestamp = strtotime($_POST['year'] . '-' . $_POST['month'] . '-' . $_POST['day']);
    if (!is_numeric($timestamp)) {
        return False;
    }
    return checkdate(date('m', $timestamp), date('d', $timestamp), date('Y', $timestamp));
}
switch ($action) {
    case 'Show':
        if (validateInput() === True) {
            $inputValidated = True;
            $date = sprintf('%d-%d-%d', $_POST['year'], $_POST['month'], $_POST['day']);
            $mongodate = new MongoDate(strtotime($date));
            $mongodb = DBConnection::instantiate();
            $collection = $mongodb->getCollection('daily_sales');
            $doc = $collection->findOne(array('sales_date' => $mongodate));
        } else {
            $inputValidated = False;
        }
        break;
    default:
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
Пример #11
0
* Dual licensed under the MIT and GPL licenses:
*   http://www.opensource.org/licenses/mit-license.php
*   http://www.gnu.org/licenses/gpl.html
*/
// JSON return strings
$sErr = "";
$sMsg = "";
$sData = "";
//
// basepath
$sConnBse = "../../";
include "config.php";
include "functions.php";
//
// security file checking
$aVldt = validateInput($sConnBse, array("fileList" => array(0, 2, 0), "duplicate" => array(0, 3, 0), "upload" => array(0, 5, 1), "swfUpload" => array(5, 2, 1), "delete" => array(0, 3, 0), "download" => array(2, 0, 0), "read" => array(0, 3, 0), "rename" => array(0, 4, 0), "addFolder" => array(0, 3, 0), "moveFiles" => array(0, 4, 0)));
$sAction = $aVldt["action"];
$sSFile = $aVldt["file"];
$sErr .= $aVldt["error"];
if ($sErr != "") {
    die('{"error":"' . $sErr . '","msg":"' . $sMsg . '","data":{' . $sData . '}}');
}
//
$sErr = '';
switch ($sAction) {
    case "fileList":
        // retreive file list
        $sImg = "";
        $sDir = $sConnBse . (isset($_POST["folder"]) ? $_POST["folder"] : "data/");
        $i = 0;
        if ($handle = opendir($sDir)) {
Пример #12
0
 * + 2007 - 2012
 * +
 *
 * This program is free software is licensed under the
 * COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
 *
 * You should have received a copy of the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE
 * along with this program; if not, visit http://hlstats-community.org/License.html
 *
 */
// Live Stats
// The binary functions need to be included
// Along with the HL Query functions
$serverId = '';
if (!empty($_GET["server"])) {
    if (validateInput($_GET["server"], 'digit') === true) {
        $serverId = $_GET["server"];
    } else {
        die("No server ID specified.");
    }
}
$time = microtime();
$time = explode(' ', $time);
$time = $time[1] + $time[0];
$start = $time;
include 'hlstatsinc/binary_funcs.inc.php';
include 'hlstatsinc/hlquery_funcs.inc.php';
$query = $DB->query("SELECT s.serverId, s.name, s.address,\n\t\t\ts.port, s.publicaddress, s.game, s.rcon_password,\n\t\t\tg.name gamename\n\t\tFROM `" . DB_PREFIX . "_Servers` AS s\n\t\tLEFT JOIN `" . DB_PREFIX . "_Games` AS g ON s.game = g.code\n\t\tWHERE serverId = '" . $DB->real_escape_string($serverId) . "'");
if (SHOW_DEBUG && $DB->error) {
    var_dump($DB->error);
}
Пример #13
0
 * + 2007 - 2012
 * +
 *
 * This program is free software is licensed under the
 * COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
 *
 * You should have received a copy of the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE
 * along with this program; if not, visit http://hlstats-community.org/License.html
 *
 */
$return = false;
if (isset($_POST['sub']['newgame'])) {
    $newGame = trim($_POST['newGame']);
    if (!empty($newGame)) {
        // read the gamesupport_file
        $check = validateInput($newGame, 'nospace');
        if (file_exists("hlstatsinc/sql_files/" . $newGame) && $check === true) {
            $sqlContent = file_get_contents("hlstatsinc/sql_files/" . $_POST['newGame']);
            $sqlContent = str_replace(array("\n", "\t", "\r"), array("\n"), $sqlContent);
            // replace the table prefix with the constant
            $sqlContent = str_replace("++DB_PREFIX++", DB_PREFIX, $sqlContent);
            $sqlContentArr = explode("\n", $sqlContent);
            $i = 0;
            foreach ($sqlContentArr as $line) {
                $line = trim($line);
                if (!preg_match("/^#/", $line) && $line != "") {
                    $query = $DB->query($line);
                    if (!$query) {
                        echo "Query Failed: " . $line;
                        $i++;
                        break;
Пример #14
0
    global $postpass;
    global $postemail;
    global $result;
    $db = new PDO('sqlite:database.db');
    $stmt = $db->prepare('SELECT * FROM users WHERE email LIKE ?');
    $stmt->execute(array($postemail));
    $result = $stmt->fetchAll();
    return count($result);
}
// ----------------------- REGISTER CASE
if ($_POST['choice'] == "REGISTER") {
    if ($_POST['log_password_conf'] != $postpass) {
        header("location: main.php?errorMsg=" . urlencode("\"password\" field is different than \"confirm password\""));
        return '';
    }
    if (validateInput($mail_match, $postemail) === false) {
        header("location: main.php?errorMsg=" . urlencode("\"email\" not accepted"));
        return '';
    }
    if (number_of_usersnamed() === 0) {
        if (number_of_users_with_email() === 0) {
            //generate activation code
            $length = 10;
            $code = "";
            $valid = "0123456789abcdefghijklmnopqrstuvwxyz";
            do {
                for ($i = 0; $i < $length; $i++) {
                    $code .= $valid[mt_rand(0, strlen($valid))];
                }
            } while (activation_code($code) > 0);
            $dbh = new PDO('sqlite:database.db');
Пример #15
0
function saveNewPaths($group = 'Core')
{
    global $rescueFields, $_DB_table_prefix;
    $retval = array();
    $sql = "SELECT * FROM " . $_DB_table_prefix . "conf_values WHERE group_name='" . DB_escapeString($group) . "' AND ((type <> 'subgroup') AND (type <> 'fieldset'))";
    $result = DB_query($sql);
    while ($row = DB_fetchArray($result)) {
        if ($group != 'Core' || in_array($row['name'], $rescueFields)) {
            $config[$row['name']] = @unserialize($row['value']);
            $default[$row['name']] = $row['default_value'];
        }
    }
    $cfgvalues = array();
    $reset = array();
    $cfgvalues = $_POST['cfgvalue'];
    $reset = isset($_POST['default']) ? $_POST['default'] : array();
    $changed = 0;
    foreach ($cfgvalues as $option => $value) {
        if (isset($reset[$option]) && $reset[$option] == 1) {
            $sql = "UPDATE " . $_DB_table_prefix . "conf_values SET value='" . $default[$option] . "' WHERE name='" . $option . "' AND group_name='" . $group . "'";
            DB_query($sql);
            $retval[] = 'Resetting ' . $option;
            $changed++;
        } else {
            $sVal = validateInput($value);
            if ($config[$option] != $sVal && $option != 'user_login_method' && $option != 'event_types' && $option != 'default_permissions' && $option != 'grouptags') {
                $fn = 'rescue_' . $option . '_validate';
                if (function_exists($fn)) {
                    $sVal = $fn($sVal);
                }
                $sql = "UPDATE " . $_DB_table_prefix . "conf_values SET value='" . serialize($sVal) . "' WHERE name='" . $option . "' AND group_name='" . $group . "'";
                DB_query($sql);
                $retval[] = 'Saving ' . $option;
                $changed++;
            }
        }
    }
    if ($changed == 0) {
        $retval[] = 'No changes detected';
    } else {
        @unlink($cfgvalue['path_data'] . '$$$config$$$.cache');
        @unlink($config['path_data'] . '$$$config$$$.cache');
        @unlink($cfgvalue['path_data'] . 'layout_cache/$$$config$$$.cache');
        @unlink($config['path_data'] . 'layout_cache/$$$config$$$.cache');
    }
    return $retval;
}
Пример #16
0
    if ($check === true) {
        $playersObj->setOption("sortorder", $_GET['sortorder']);
    }
    if ($_GET["sortorder"] == "ASC") {
        $newSort = "DESC";
    }
} else {
    $playersObj->setOption("sortorder", 'DESC');
}
/**
 * the rating system
 * @todo remove
 */
$rdlimit = 1000;
if (isset($_GET["rdlimit"])) {
    $check = validateInput($_GET['rdlimit'], 'digit');
    $rdlimit = $_GET["rdlimit"];
}
$rd2limit = $rdlimit * $rdlimit;
pageHeader(array($gamename, l('Player Rankings')), array($gamename => "index.php?game={$game}", l('Player Rankings') => ""));
?>

<div id="sidebar">
	<h1><?php 
echo l('Options');
?>
</h1>
	<div class="left-box">
		<ul class="sidemenu">
			<li>
		<?php 
Пример #17
0
<?php

include 'header.php';
include "getInputSafe.php";
if (!checkLogged()) {
    header("Location: main.php");
    //?errorMsg=".urlencode("Illegal Access to Upload Event page!"));
    return '';
}
$valid_user = validate_user();
$id = $_GET['id'];
if (!validateInput($number_match, $id)) {
    header("Location: main.php?errorMsg=" . urlencode("Illegal DATA in GET to Access an Event!"));
    return '';
}
//get userlist
$stmt = $dbh->prepare("SELECT * from users");
$stmt->execute(array());
$users = $stmt->fetchAll();
//get event
$stmt = $dbh->prepare("SELECT * from events \n   INNER JOIN users\n   ON users.id=events.owner\n   INNER JOIN eventTypes\n   ON eventTypes.id=events.eventtype\n   WHERE events.id_event= ?");
$stmt->execute(array($id));
$event_info = $stmt->fetchAll();
if ($_SESSION['login_user'] != $event_info[0]['owner']) {
    header("Location: main.php?");
    return '';
}
?>
<!DOCTYPE HTML>
<html>
  <head>
Пример #18
0
    // an extra variable in case we want to run the setup for a second time
    if ($overide_check) {
        $homepage = 'welcome';
    } elseif ($update) {
        doUpdate();
    } else {
        $already_setup = $db->testConnection();
        if ($already_setup) {
            $homepage = 'already_setup';
        } else {
            $homepage = 'welcome';
        }
    }
}
if ($mode == 'write') {
    validateInput();
} elseif ($mode == 'run_sql') {
    createTables();
} else {
    showPage();
}
## The initial function, loading up the HTML resource files (if necessary) and redirecting accordingly
function showPage()
{
    global $common, $config, $homepage;
    // convert all variables in a form we can process them inside the HTML files
    foreach ($_REQUEST as $k => $v) {
        ${$k} = $v;
    }
    foreach ($config as $k => $v) {
        ${$k} = $v;
Пример #19
0
*   http://www.opensource.org/licenses/mit-license.php
*   http://www.gnu.org/licenses/gpl.html
*/
// JSON return strings
$sErr = "";
$sMsg = "";
$sData = "";
//
// basepath
$sConnBse = "../../../../";
include $sConnBse . "connectors/php/config.php";
include $sConnBse . "connectors/php/functions.php";
//include("config.php");
//
// security file checking
$aVldt = validateInput($sConnBse, array("new" => array(0, 4, 0), "edit" => array(0, 4, 0), "cont" => array(0, 3, 0)));
$sAction = $aVldt["action"];
$sSFile = $aVldt["file"];
$sErr .= $aVldt["error"];
if (isset($_POST["contents"])) {
    $sContents = $_POST["contents"];
}
//$aVldt["contents"];//$_POST["contents"];
//
switch ($sAction) {
    case "new":
        if (file_exists($sSFile)) {
            $sErr .= "File exists";
        } else {
            $oFile = fopen($sSFile, "w");
            fputs($oFile, stripslashes($sContents));
Пример #20
0
    		case IMAGETYPE_SWC:
    		case IMAGETYPE_IFF: 
    		case IMAGETYPE_ICO: */
    default:
        header("Location: create_event.php?errorMsg=" . urlencode($image_type_error));
        return '';
        break;
}
// if(validateInput($title_match,$_POST['title']))
//if(validateInput($text_match,$_POST['description'])==false) { header("Location: create_event.php?errorMsg=".urlencode($invalid_description_error)); return '';}
//input seems valid
sleep(1);
//avoid upload spamming
//create new data - - - - - - - - - - - - - - - - - - - - - - - - -
$clean_title = cleanUserTextTags($_POST['title']);
if (validateInput($title_match, $_POST['title']) === false) {
    header("Location: create_event.php?errorMsg=" . urlencode($invalid_title_error));
    return '';
}
$clean_description = cleanUserTextTags($_POST['description']);
$public = 0;
if (isset($_POST['public'])) {
    $public = 1;
}
$dbh = new PDO('sqlite:database.db');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//insert new event
$stmt = $dbh->prepare("INSERT INTO events VALUES(NULL, ?,?,?,?,?,?,?)");
$stmt->execute(array($_SESSION['login_user'], $_POST['types'], $current_datetime, $event_date, $clean_title, $clean_description, $public));
$event_id = $dbh->lastInsertId();
Пример #21
0
$mode = false;
$pl_name = '';
$pl_urlname = '';
if (!empty($_GET["player"])) {
    if (validateInput($_GET["player"], 'digit') === true) {
        $player = $_GET["player"];
    }
}
if (!empty($_GET["uniqueid"])) {
    if (validateInput($_GET["uniqueid"], 'digit') === true) {
        $uniqueid = $_GET["uniqueid"];
        $mode = true;
    }
}
if (!empty($_GET['killLimit'])) {
    if (validateInput($_GET['killLimit'], 'digit') === true) {
        $killLimit = $_GET['killLimit'];
    }
}
/*
@todo: remove
if (!$player && $uniqueid) {
	if (!$game) {
		header("Location: index.php?mode=search&st=uniqueid&q=$uniqueid");
		exit;
	}

	$query = mysql_query("SELECT playerId FROM ".DB_PREFIX."_PlayerUniqueIds
		WHERE uniqueId='".mysql_escape_string($uniqueid)."'
			AND game='".mysql_escape_string($game)."'
	");
$verbose = 2;
$dryrun = 0;
$exit_on_error = 1;
$copytype = 'folder';
$oldPath = '/';
$firstPass = true;
ob_implicit_flush(true);
ob_end_flush();
?>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.min.css">
<!-- Latest compiled and minified JavaScript -->
<script src="//netdna.bootstrapcdn.com/bootstrap/3.0.0/js/bootstrap.min.js"></script>

<?php 
if (!empty($_POST) && validateInput()) {
    showForm();
    echo "<pre>First pass...\n";
    update();
    echo "</pre>";
    $firstPass = false;
    echo "<pre>Second pass...\n";
    editPages();
    echo "</pre>";
} else {
    showForm();
}
function update()
{
    global $host, $host2;
    global $uname, $uname2;
Пример #23
0
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
       Strict//EN"
       "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 
       <html xmlns="http://www.w3.org/1999/xhtml">
       <head>
       <title>Scholarship Form</title>
       <meta http-equiv="content-type"
            content="text/html; charset=iso-8859-1" />
       </head>
       <body>
       <?php 
// Strip slashes allows for quotations
// Example John O'Hara
$firstName = validateInput($_POST['fName'], "First name");
$lastName = validateInput($_POST['lName'], "Last name");
// Will either display total number of errors or Thank You Message
if ($errorCount > 0) {
    echo "Please re-enter the information below.<br />";
    redisplayForm($firstName, $lastName);
} else {
    //      echo "Thank you for filling out the scholarship form,
    //            ".$firstName." ".$lastName . ".";
    // Send an e-mail instead of display message above
    $To = "*****@*****.**";
}
$Subject = "Scholarship Form Results";
$Message = "Student Name: " . $firstName . " " . $lastName;
$result = mail($To, $Subject, $Message);
if ($result) {
    $resultMsg = "Your message was successfuly sent.";
Пример #24
0
<?php

include_once "sections/header.php";
function validateInput($db, $room_id, $room_pass)
{
    $pass = substr(hash('sha256', $room_pass), 0, 16);
    $query = $db->prepare("SELECT * FROM rooms WHERE room_id = :rid AND (is_private = FALSE OR room_password = :rpass)");
    echo "Testing " . $room_id . " and " . $room_pass;
    $query->execute(array("rid" => $room_id, "rpass" => $pass));
    if ($query->rowCount() == 0) {
        return false;
    }
    return true;
}
if (!empty($_POST) && validateInput($db, $_POST["room_id"], $_POST["room_pass"])) {
    //Set the room-session
    $_SESSION["room_id"] = $_POST["room_id"];
    ?>

<section id="action-section">
    <h2 class="heading">Room joined successfully!</h2>
    <a href="room.php">Click here if you are not redirected soon...</a>
</section>

<script type="text/javascript">
    setTimeout(function () { window.location.replace("room.php"); }, 1000);
</script>

    <?php 
} else {
    ?>
Пример #25
0
            var_dump($DB->error);
        }
        if ($query !== false) {
            header('Location: index.php?mode=admin&task=toolsEditdetails&clanId=' . $_GET["clanId"]);
        } else {
            $return['msg'] = l('Could not save data');
            $return['status'] = "1";
        }
    }
}
// process the search
if (isset($_POST['submit']['searchForId'])) {
    $searchFor = trim($_POST['search']['ID']);
    $searchWhere = trim($_POST['search']['what']);
    $check = validateInput($searchFor, 'digit');
    $check1 = validateInput($searchWhere, 'nospace');
    if ($check === true && $check1 === true) {
        // search for given ID
        if ($searchWhere === "player") {
            $query = $DB->query("SELECT `playerId`\n\t\t\t\t\t\t\t\t\tFROM `" . DB_PREFIX . "_Players`\n\t\t\t\t\t\t\t\t\tWHERE `playerId` = '" . $DB->real_escape_string($searchFor) . "'");
            if (SHOW_DEBUG && $DB->error) {
                var_dump($DB->error);
            }
            if ($query->num_rows > 0) {
                $result = $query->fetch_assoc();
                header('Location: index.php?mode=admin&task=toolsEditdetails&playerId=' . $result['playerId']);
            } else {
                $return['msg'] = l('Nothing found');
                $return['status'] = "1";
            }
        } elseif ($searchWhere === "clan") {
Пример #26
0
$newSort = "ASC";
// the default sort order for the query
$sortorder = 'DESC';
if (isset($_GET["sortorder"])) {
    $check = validateInput($_GET['sortorder'], 'nospace');
    if ($check === true) {
        $sortorder = $_GET['sortorder'];
    }
    if ($_GET["sortorder"] == "ASC") {
        $newSort = "DESC";
    }
}
// minimum mebers count to show
$minmembers = 2;
if (isset($_GET["showAll"])) {
    $check = validateInput($_GET['showAll'], 'digit');
    if ($check === true) {
        $minmembers = false;
    }
}
// query to get the data from the db with the given options
$queryStr = "SELECT SQL_CALC_FOUND_ROWS\n\t\tc.clanId,\n\t\tc.name,\n\t\tc.tag,\n\t\tCOUNT(p.playerId) AS nummembers,\n\t\tSUM(p.kills) AS kills,\n\t\tSUM(p.deaths) AS deaths,\n\t\tROUND(AVG(p.skill)) AS skill,\n\t\tIFNULL(SUM(p.kills) / SUM(p.deaths), 0) AS kpd\n\tFROM `" . DB_PREFIX . "_Clans` AS c\n\tLEFT JOIN `" . DB_PREFIX . "_Players` AS p\n\t\tON p.clan = c.clanId\n\tWHERE c.game = '" . $DB->real_escape_string($game) . "'\n\t\tAND p.hideranking = 0\n\tGROUP BY c.clanId";
if (!empty($minmembers)) {
    $queryStr .= " HAVING nummembers >= " . $DB->real_escape_string($minmembers);
}
$queryStr .= " ORDER BY " . $sort . " " . $sortorder . "";
// calculate the limit
if ($page === 1) {
    $queryStr .= " LIMIT 0,50";
} else {
    $start = 50 * ($page - 1);
Пример #27
0
    $check = validateInput($_GET['page'], 'digit');
    if ($check === true) {
        $page = $_GET['page'];
    }
}
$sort = 'kills';
if (isset($_GET["sort"])) {
    $check = validateInput($_GET['sort'], 'nospace');
    if ($check === true) {
        $sort = $_GET['sort'];
    }
}
$newSort = "ASC";
$sortorder = 'DESC';
if (isset($_GET["sortorder"])) {
    $check = validateInput($_GET['sortorder'], 'nospace');
    if ($check === true) {
        $sortorder = $_GET['sortorder'];
    }
    if ($_GET["sortorder"] == "ASC") {
        $newSort = "DESC";
    }
}
// get the data
$killCount = $DB->query("SELECT COUNT(p.playerId) kc\n\tFROM `" . DB_PREFIX . "_Events_Frags` AS ef\n\tLEFT JOIN `" . DB_PREFIX . "_Players` AS p\n\t\tON p.playerId = ef.killerId\n\tWHERE p.game = '" . $DB->real_escape_string($game) . "'");
if (SHOW_DEBUG && $DB->error) {
    var_dump($DB->error);
}
$result = $killCount->fetch_assoc();
$totalkills = $result['kc'];
$killCount->free();
Пример #28
0
//require("hlstatsinc/search-class.inc.php");
pageHeader(array(l("Search")), array(l("Search") => ""));
$sr_query = false;
$sr_type = 'player';
$sr_game = false;
if (!empty($_GET["q"])) {
    $sr_query = sanitize($_GET["q"]);
    $sr_query = urldecode($sr_query);
}
if (!empty($_GET["st"])) {
    if (validateInput($_GET["st"], 'nospace') === true) {
        $sr_type = $_GET["st"];
    }
}
if (!empty($_GET["game"])) {
    if (validateInput($_GET["game"], 'nospace') === true) {
        $sr_game = $_GET["game"];
    }
}
$remoteSearch = false;
// check if we have asearch request via get
if (!empty($sr_query) && !empty($sr_type) && !empty($sr_game)) {
    $remoteSearch = true;
}
// get the game list
$gamesArr = array();
$query = mysql_query("SELECT code, name FROM " . DB_PREFIX . "_Games WHERE hidden='0' ORDER BY name");
while ($result = mysql_fetch_assoc($query)) {
    $gamesArr[$result['code']] = $result['name'];
}
$searchResults = false;
Пример #29
0
 * +
 *
 * This program is free software is licensed under the
 * COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0
 *
 * You should have received a copy of the COMMON DEVELOPMENT AND DISTRIBUTION LICENSE
 * along with this program; if not, visit http://hlstats-community.org/License.html
 *
 */
$gc = false;
$check = false;
$return = false;
// get the game, without it we can not do anyting
if (isset($_GET['gc'])) {
    $gc = trim($_GET['gc']);
    $check = validateInput($gc, 'nospace');
    if ($check === true) {
        // load the game info
        $query = $DB->query("SELECT name\n\t\t\t\t\t\t\tFROM `" . DB_PREFIX . "_Games`\n\t\t\t\t\t\t\tWHERE code = '" . $DB->real_escape_string($gc) . "'");
        if (SHOW_DEBUG && $DB->error) {
            var_dump($DB->error);
        }
        if ($query->num_rows > 0) {
            $result = $query->fetch_assoc();
            $gName = $result['name'];
        }
        $query->free();
    }
}
// do we have a valid gc code?
if (empty($gc) || empty($check)) {
Пример #30
0
const AdultPrice = 11.65;
const ChildPrice = 8.65;
const StudentPrice = 9.65;
$ShowForm = TRUE;
$errorCount = 0;
$AdultOrder = 0;
$ChildOrder = 0;
$StudentOrder = 0;
$Total = 0;
$TotalTickets = 0;
$CustomerName = "";
if (isset($_POST['Submit'])) {
    $AdultOrder = $_POST['Adult'];
    $ChildOrder = $_POST['Child'];
    $StudentOrder = $_POST['Student'];
    $CustomerName = validateInput($_POST['CustomerName'], "Customer Name");
    if ($errorCount == 0) {
        $ShowForm = FALSE;
    } else {
        $ShowForm = TRUE;
    }
}
if ($ShowForm == TRUE) {
    if ($errorCount > 0) {
        echo "<p>Please re-enter the form information below.</p>\n";
    }
    displayForm($AdultOrder, $ChildOrder, $StudentOrder, $CustomerName);
} else {
    $Total = $AdultOrder * AdultPrice + $ChildOrder * ChildPrice + $StudentOrder * StudentPrice;
    $TotalTickets = $AdultOrder + $ChildOrder + $StudentOrder;
    echo "<h2 style =\"text_align:left\">Movie Tickets Order Confirmation</h2>";