protected static function loginPost() { $email = type::post('email', 'string'); $password = type::post('password', 'string'); $remember = type::post('remember', 'int'); if (is_null($email) || is_null($password) || $email == '' || $password == '') { echo message::info(lang::get('fill_out_both')); return; } $sql = new sql(); $sql->query('SELECT password, salt, id FROM ' . sql::table('user') . ' WHERE `email` = "' . $sql->escape($email) . '"'); if (!$sql->num()) { echo message::danger(sprintf(lang::get('email_not_found'), htmlspecialchars($email)), true); $shake = 1; return; } $sql->result(); if (!self::checkPassword($password, $sql->get('salt'), $sql->get('password'))) { echo message::danger(lang::get('wrong_pw')); $shake = 1; return; } self::loginSession(); self::$userID = $sql->get('id'); $_SESSION['login'] = $sql->get('id'); if ($remember) { setcookie("remember", $sql->get('id'), time() + 3600 * 24 * 7); } }
/** * Installiert ein Template * @param $file Dateiname des Templates * @param $template_name Name mit dem das Template installiert werden soll * @param [$debug=false] Debugflag */ function rex_installTemplate($file, $template_name, $debug = false) { global $REX, $REX_USER; $content = sql::escape(file_get_contents($file . '.tpl')); $sql = new rex_sql(); $sql->debugsql = $debug; $qry = 'INSERT INTO ' . $REX['TABLE_PREFIX'] . 'template SET `name` = ' . sql::escape($template_name) . ', `content` = ' . $content . ', `createdate` = ' . sql::escape(time()) . ', `createuser` = ' . sql::escape($REX_USER->getValue('login')); $sql->setQuery(_prepare_query($qry)); return $sql->getError(); }
/** * @access protected */ function _getSQLSetString() { $set = ' SET' . ' re_id = "' . sql::escape($this->getParentId()) . '"' . ', name = "' . sql::escape($this->getName()) . '"' . ', path = "' . sql::escape($this->getPath()) . '"' . ', hide = "' . sql::escape($this->isHidden()) . '"' . ', updatedate = "' . sql::escape($this->getUpdateDate()) . '"' . ', createdate = "' . sql::escape($this->getCreateDate()) . '"' . ', updateuser = "******"' . ', createuser = "******"'; return $set; }
static function __combine_where($keys, $revelance = FALSE) { self::$revelance = FALSE; $implode = ' AND '; if (!is_array($keys) or empty($keys)) { return ''; } if (self::$SAFE_MODE_WHERE) { foreach ($keys as $key => $value) { if (is_null($value)) { $a[] = self::__combine_keyn($key) . ' IS NULL'; } else { $a[] = self::__combine_keyn($key) . '=' . sql::escape($value); } } } else { $a = array(); foreach ($keys as $key => $v) { if (!is_array($v)) { $v = array($v); } foreach ($v as $value) { if ($key === 'OR') { $implode = ' OR '; } elseif (substr($key, -1) == '!' and is_null($value) or $value === '') { $a[] = self::__combine_keyn(substr($key, 0, -1)) . ' IS NOT NULL'; } elseif (is_null($value) or $value === '') { $a[] = self::__combine_keyn($key) . ' IS NULL'; } elseif (substr($key, -1) == '!') { $a[] = self::__combine_keyn(substr($key, 0, -1)) . '!=' . sql::escape($value); } elseif ($key == '^') { $a[] = 'MAX(' . self::__combine_keyn($value) . ')'; } elseif (substr($key, -2) == '~~') { $temp = 'MATCH (' . self::__combine_keyn(substr($key, 0, -2)) . ') AGAINST (' . sql::escape($value) . ')'; if ($revelance) { self::$revelance = $temp . ' AS `revelance`'; } $a[] = $temp; } elseif (substr($key, -1) == '~') { $a[] = self::__combine_keyn(substr($key, 0, -1)) . ' LIKE ' . sql::escape($value); } elseif (substr($key, -2) == '>=') { $a[] = self::__combine_keyn(substr($key, 0, -2)) . '>=' . sql::escape($value); } elseif (substr($key, -2) == '<=') { $a[] = self::__combine_keyn(substr($key, 0, -2)) . '<=' . sql::escape($value); } elseif (substr($key, -1) == '>') { $a[] = self::__combine_keyn(substr($key, 0, -1)) . '>' . sql::escape($value); } elseif (substr($key, -1) == '<') { $a[] = self::__combine_keyn(substr($key, 0, -1)) . '<' . sql::escape($value); } else { $a[] = self::__combine_keyn($key) . '=' . sql::escape($value); } } } } return ' WHERE ' . implode($implode, $a) . $addon; }
.css" rel="stylesheet" type='text/css'> <link href='https://fonts.googleapis.com/css?family=Open+Sans' rel='stylesheet' type='text/css'> </head> <body> <?php include 'inserts/navbar.php'; ?> <div id="mainDiv"> <?php //$mysqli->query("SET NAMES 'UTF8'"); //TODO: Limiting on graph $perPage = 40; $query = "SELECT rsn, clanRank, skill1 FROM rsAcc"; if (isset($_GET['search']) && !empty($_GET['search'])) { if (preg_match('([A-Za-z0-9\\-\\_]+)', $_GET['search'])) { $query = $query . " WHERE rsn LIKE '%" . $sql->escape($_GET['search']) . "%'"; } } else { $query = $query . " ORDER BY " . $sortType . " " . $sortDir; } $query = $query . " LIMIT " . ($page - 1) * $perPage . ", " . $page * $perPage; $result = $sql->query($query); if (mysqli_num_rows($result) != 0) { ?> <div id="membersHeader"> Clan Members </div> <table id="membersTable"> <tr> <!--<th class="memPic">Avatar</th>--> <th class="memName">Name <a href="?page=<?php
/** * @access protected */ function _getSQLSetString() { $set = ' SET' . ' re_file_id = "' . $this->getParentId() . '"' . ', category_id = "' . sql::escape($this->getCategoryId()) . '"' . ', filetype = "' . sql::escape($this->getType()) . '"' . ', filename = "' . sql::escape($this->getFileName()) . '"' . ', originalname = "' . sql::escape($this->getOrgFileName()) . '"' . ', filesize = "' . sql::escape($this->getSize()) . '"' . ', width = "' . sql::escape($this->getWidth()) . '"' . ', height = "' . sql::escape($this->getHeight()) . '"' . ', title = "' . sql::escape($this->getTitle()) . '"' . ', description = "' . sql::escape($this->getDescription()) . '"' . ', copyright = "' . sql::escape($this->getCopyright()) . '"' . ', updatedate = "' . sql::escape($this->getUpdateDate(null)) . '"' . ', createdate = "' . sql::escape($this->getCreateDate(null)) . '"' . ', updateuser = "******"' . ', createuser = "******"'; return $set; }
</a> <button type="submit" name="sendNew"><?php echo lang::get('add'); ?> </button> </form> </div> </div> <?php } elseif ($action == 'edit' && $id) { if (isset($_POST['send'])) { $sqlUser = new sql(); $sqlUser->result("SELECT * FROM " . sql::table('user') . " WHERE id = '" . $sqlUser->escape($id) . "'"); $perms = json_decode(type::post('rights')); $rights = []; foreach ($perms as $key => $val) { foreach ($val as $var) { $rights[] = $key . '[' . $var . ']'; } } $sql = new sql(); $sql->setTable('user'); $sql->setWhere('id=' . $id); $admin = isset($_POST['admin']) ? 1 : 0; $sql->addPost('perms', implode('|', $rights)); $sql->addPost('firstname', type::post('firstname')); $sql->addPost('name', type::post('name')); $sql->addPost('email', type::post('email'));
static function cache_update($kod) { $dane = db2::escape_data(sql::fetchone(sql::query('SELECT `ksiazki`.*, `pozycz`.`od`, `pozycz`.`kto` FROM `ksiazki` LEFT OUTER JOIN `pozycz` ON `pozycz`.`id`=`ksiazki`.`id` WHERE `ksiazki`.`id`=' . sql::escape($kod)))); self::cache_add($kod, $dane); }