function clean_user($user)
{
if ($user->name != strip_tags($user->name)) {
$x = strip_tags($user->name);
echo "ID: {$user->id}\r\nname: {$user->name}\r\nstripped name: {$x}\r\nemail: {$user->email_addr}\r\n-----\r\n";
$x = boinc_real_escape_string($x);
$x = trim($x);
$query = "update user set name='{$x}' where id={$user->id}";
$retval = mysql_query($query);
echo $query;
}
}
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
// Redirect user to PayPal system
require_once "../inc/util.inc";
db_init();
$logged_in_user = get_logged_in_user(false);
$amount = post_str("inV");
$item_id = post_int("item_id", true);
if ($item_id == null) {
$item_id = 1;
}
$currency = post_str("currency");
if (post_int("anonymous", true) == 1 || $logged_in_user == null) {
$userid = 0;
} else {
$userid = $logged_in_user->id;
}
$order_time = time();
// Write user id to paypal table, so the return script knows it's expecting this payment
mysql_query("INSERT INTO donation_paypal SET order_time = '" . $order_time . "', userid = '{$userid}', item_number=" . $item_id . ", order_amount = '" . boinc_real_escape_string($amount) . "'");
$payment_id = mysql_insert_id();
$URL = "www.paypal.com/cgi-bin/webscr";
$fields = "cmd=_xclick&lc=US&business=" . PAYPAL_ADDRESS . "&quantity=1&item_name=Donation&item_number=" . $payment_id . "_" . $order_time . "&amount=" . $amount . "&no_shipping=1&return=" . URL_BASE . "donated.php?st=Completed&rm=2&cancel_return=" . URL_BASE . "/donated.php&no_note=1¤cy_code=" . $currency . "&bn=PP-BuyNowBF";
header("Location: https://{$URL}?{$fields}");
exit;
function name_search($filter)
{
$count = 100;
$search_string = get_str('search_string');
if (strlen($search_string) < 3) {
error_page("search string must be at least 3 characters");
}
$s = boinc_real_escape_string($search_string);
$s = escape_pattern($s);
$fields = "id, create_time, name, country, total_credit, expavg_credit, teamid, url, has_profile, donated";
$users = BoincUser::enum_fields($fields, "name like '{$s}%'", "limit {$count}");
$n = 0;
foreach ($users as $user) {
if (!filter_user($user, $filter)) {
continue;
}
if ($n == 0) {
echo "<h3>User names starting with '" . htmlspecialchars($search_string) . "'</h3>\n";
start_table();
table_header("Name", "Team", "Average credit", "Total credit", "Country", "Joined");
}
show_user($user);
$n++;
}
end_table();
if (!$n) {
echo "No users matching your search criteria.";
}
}
xml_error($retval);
}
}
if ($team_id) {
$team = lookup_team($team_id);
if ($team) {
show_team_xml($team);
} else {
xml_error(-136);
}
exit;
}
$team_name = get_str("team_name");
$name_lc = strtolower($team_name);
$name_lc = escape_pattern($name_lc);
$clause = "name like '%" . boinc_real_escape_string($name_lc) . "%' order by expavg_credit desc limit 100";
$teams = BoincTeam::enum($clause);
if ($format == 'xml') {
echo "<teams>\n";
$total = 0;
foreach ($teams as $team) {
show_team_xml($team);
$total++;
if ($total == 100) {
break;
}
}
echo "</teams>\n";
exit;
}
page_head("Search Results");
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
//
// This file was modified by contributors of "BOINC Web Tweak" project.
require_once "../inc/boinc_db.inc";
require_once "../inc/util.inc";
function show_profile_link2($profile, $n)
{
$user = lookup_user_id($profile->userid);
echo "<tr>\r\n\t\t<td>" . user_links($user) . "</td>\r\n\t\t<td>" . date_str($user->create_time) . "</td>\r\n\t\t<td>{$user->country}</td>\r\n\t\t<td>" . (int) $user->total_credit . "</td>\r\n\t\t<td>" . (int) $user->expavg_credit . "</td>\r\n\t\t</tr>\n";
}
$search_string = get_str('search_string');
$search_string = strip_tags($search_string);
$search_string = boinc_real_escape_string($search_string);
$offset = get_int('offset', true);
if (!$offset) {
$offset = 0;
}
$count = 10;
page_head("Profiles containing '{$search_string}'");
$profiles = BoincProfile::enum("match(response1, response2) against ('{$search_string}') limit {$offset},{$count}");
start_table();
echo "\r\n\t<tr><th>User name</th>\r\n\t<th>Joined project</th>\r\n\t<th>Country</th>\r\n\t<th>Total credit</th>\r\n\t<th>Recent credit</th></tr>\r\n";
$n = 0;
foreach ($profiles as $profile) {
show_profile_link2($profile, $n + $offset + 1);
$n += 1;
}
end_table();
function process_create_profile($user, $profile)
{
global $config;
$response1 = post_str('response1', true);
$response2 = post_str('response2', true);
$language = post_str('language');
$privatekey = parse_config($config, "<recaptcha_private_key>");
if ($privatekey) {
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$profile->response1 = $response1;
$profile->response2 = $response2;
show_profile_form($profile, tra("Your ReCaptcha response was not correct. Please try again."));
return;
}
}
if (!akismet_check($user, $response1)) {
$profile->response1 = $response1;
$profile->response2 = $response2;
show_profile_form($profile, tra("Your first response was flagged as spam by the Akismet anti-spam system. Please modify your text and try again."));
return;
}
if (!akismet_check($user, $response2)) {
$profile->response1 = $response1;
$profile->response2 = $response2;
show_profile_form($profile, tra("Your second response was flagged as spam by the Akismet anti-spam system. Please modify your text and try again."));
return;
}
if (isset($_POST['delete_pic'])) {
$delete_pic = $_POST['delete_pic'];
} else {
$delete_pic = "off";
}
if (strlen($response1) == 0 && strlen($response2) == 0 && $delete_pic != "on" && !is_uploaded_file($_FILES['picture']['tmp_name'])) {
error_page(tra("Your profile submission was empty."));
exit;
}
if ($delete_pic == "on") {
delete_user_pictures($profile->userid);
$profile->has_picture = false;
$profile->verification = 0;
}
$profile ? $hasPicture = $profile->has_picture : ($hasPicture = false);
if (is_uploaded_file($_FILES['picture']['tmp_name'])) {
$hasPicture = true;
if ($profile) {
$profile->verification = 0;
}
// echo "<br>Name: " . $_FILES['picture']['name'];
// echo "<br>Type: " . $_FILES['picture']['type'];
// echo "<br>Size: " . $_FILES['picture']['size'];
// echo "<br>Temp name: " . $_FILES['picture']['tmp_name'];
$images = getImages($_FILES['picture']['tmp_name']);
// Write the original image file to disk.
// TODO: define a constant for image quality.
ImageJPEG($images[0], IMAGE_PATH . $user->id . '.jpg');
ImageJPEG($images[1], IMAGE_PATH . $user->id . '_sm.jpg');
}
$response1 = sanitize_html($response1);
$response2 = sanitize_html($response2);
if ($profile) {
$query = " response1 = '" . boinc_real_escape_string($response1) . "'," . " response2 = '" . boinc_real_escape_string($response2) . "'," . " language = '" . boinc_real_escape_string($language) . "'," . " has_picture = '{$hasPicture}'," . " verification = '{$profile->verification}'" . " WHERE userid = '{$user->id}'";
$result = BoincProfile::update_aux($query);
if (!$result) {
error_page(tra("Could not update the profile: database error"));
}
} else {
$query = 'SET ' . " userid = '{$user->id}'," . " language = '" . boinc_real_escape_string($language) . "'," . " response1 = '" . boinc_real_escape_string($response1) . "'," . " response2 = '" . boinc_real_escape_string($response2) . "'," . " has_picture = '{$hasPicture}'," . " verification=0";
$result = BoincProfile::insert($query);
if (!$result) {
error_page(tra("Could not create the profile: database error"));
}
$user->update("has_profile=1");
}
page_head(tra("Profile saved"));
echo tra("Congratulations! Your profile was successfully entered into our database.") . "<br><br>" . tra("%1View your profile%2", "<a href=\"view_profile.php?userid=" . $user->id . "\">", "</a><br>");
page_tail();
}
