<?php $user = check_param("name"); $password = check_param("password"); session_start(); if (checkUser($user, $password)) { $_SESSION["login"] = $user; $_SESSION["begin"] = date("F d, Y, h:i:s:a"); header("Location: todolist.php"); } else { header("Location: start.php"); } function check_param($var) { if (!isset($_POST[$var]) || $_POST[$var] == "") { die("Error: missing required parameter '{$var}'"); } return trim($_POST[$var]); } function checkUser($user, $password) { $userfile = "users.txt"; $granted = false; $new = true; $users = explode("\n", file_get_contents($userfile)); foreach ($users as $each) { # list배열에 $username,$userpass 에 아이디, 비밀번호 저장. list($username, $userpass) = explode(":", $each); # 기존 회원인 경우. if ($user == trim($username) && $password == trim($userpass)) { $granted = true;
/** * Return a ConversationSet for all challenges in the database; */ function getConversationSetData($parts) { $groupSet = new GroupSet(); $allGroups = getGroupsByGlobal(0, -1, 'date', 'ASC'); if (!$allGroups instanceof Error) { $count = count($allGroups->groups); for ($i = 0; $i < $count; $i++) { $group = $allGroups->groups[$i]; if (!$group instanceof Error) { $groupdata = getConversationData($group->groupid); if (count($parts) > 3) { $subtype = check_param($parts[3], PARAM_ALPHA); $group->filter = $subtype; } if ($groupdata instanceof Group) { $groupSet->add($groupdata); } } } } return $groupSet; }
} else { show_procs($dbh); } break; case 'add': if ($f_proc_name && $f_proc_code) { $requete = "SELECT count(1) FROM procs WHERE name='{$f_proc_name}' "; $res = mysql_query($requete, $dbh); $nbr_lignes = mysql_result($res, 0, 0); if (!$nbr_lignes) { if (is_array($userautorisation)) { $autorisations = implode(" ", $userautorisation); } else { $autorisations = ''; } $param_name = check_param($f_proc_code); if ($param_name !== true) { error_message_history($param_name, sprintf($msg["proc_param_check_field_name"], $param_name), 1); die; } $requete = "INSERT INTO procs (idproc,name,requete,comment,autorisations,num_classement, proc_notice_tpl, proc_notice_tpl_field) \n\t\t\t\tVALUES ('', '{$f_proc_name}', '{$f_proc_code}', '{$f_proc_comment}', '{$autorisations}', '{$form_classement}', '{$form_notice_tpl}', '{$form_notice_tpl_field}' ) "; $res = mysql_query($requete, $dbh); } else { print "<script language='Javascript'>alert(\"{$msg['709']}\");</script>"; print "<script language='Javascript'>history.go(-1);</script>"; } show_procs($dbh); } else { $requete_users = "SELECT userid, username FROM users order by username "; $res_users = mysql_query($requete_users, $dbh); $autorisation = array();
show_req_add_form(); break; case 'modif': break; case 'update': if ($req_name && $req_code) { $requete = "SELECT count(1) FROM procs WHERE name='" . $req_name . "' "; $res = mysql_query($requete, $dbh); $nbr_lignes = mysql_result($res, 0, 0); if (!$nbr_lignes) { if (is_array($user_aut)) { $autorisations = implode(" ", $user_aut); } else { $autorisations = ''; } $param_name = check_param($req_code); if ($param_name !== true) { error_message_history($param_name, sprintf($msg['proc_param_check_field_name'], $param_name), 1); exit; } $requete = "INSERT INTO procs (idproc,name,requete,comment,autorisations,num_classement) VALUES ('', '{$req_name}', '{$req_code}', '{$req_comm}', '{$autorisations}', '{$form_classement}' ) "; $res = mysql_query($requete, $dbh); } else { print "<script language='Javascript'>alert(\"" . addslashes($msg[709]) . "\");</script>"; } print "<script type='text/javascript'> document.location='./admin.php?categ=proc&sub=proc&action='</script>"; } break; case 'del': break; case 'list':
case 'create_user': $user_fields['cu_id'] = (int) str_replace(".", "", str_pad(microtime(true), 15, "0")); // enabled by default $user_fields['cu_status'] = 1; $username = $user_fields['cu_name']; $password = $user_fields['cu_password']; $c_error = 0; // checks check_param("Username", $user_fields['cu_name']); check_param("Password", $user_fields['cu_password']); check_param("Lastname", $user_fields['cu_lastname']); check_param("Forename", $user_fields['cu_forename']); check_param("Street", $user_fields['cu_street']); check_param("City", $user_fields['cu_city']); check_param("Country", $user_fields['cu_country']); check_param("Phone", $user_fields['cu_phone']); // email valid ? $cloud_email = new clouduser(); if (strcmp($user_fields['cu_email'], "@localhost")) { if (!$cloud_email->checkEmail($user_fields['cu_email'])) { $strMsg = "Email address is invalid. <br>"; $c_error = 1; redirect($strMsg, 'tab0', "cloud-user.php"); exit(0); } } // password min 6 characters if (strlen($user_fields['cu_password']) < 6) { $strMsg .= "Password must be at least 6 characters long <br>"; $c_error = 1; redirect($strMsg, 'tab0', "cloud-user.php");
/** run tests on a function. the code is passed in $txt */ function check_function($name, $txt, $offset) { global $API_params; if (preg_match_all('/zend_parse_parameters(?:_ex\\s*\\([^,]+,[^,]+|\\s*\\([^,]+),\\s*"([^"]*)"\\s*,\\s*([^{;]*)/S', $txt, $matches, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) { $GLOBALS['current_function'] = $name; foreach ($matches as $m) { $GLOBALS['error_few_vars_given'] = false; update_lineno($offset + $m[2][1]); $vars = get_vars(substr($txt, 0, $m[0][1])); // limit var search to current location $params = get_params($vars, $m[2][0]); $optional = $varargs = false; $last_last_char = $last_char = ''; $j = -1; $len = strlen($m[1][0]); for ($i = 0; $i < $len; ++$i) { switch ($char = $m[1][0][$i]) { // separator for optional parameters case '|': if ($optional) { error("more than one optional separator at char #{$i}"); } else { $optional = true; if ($i == $len - 1) { error("unnecessary optional separator"); } } break; // separate_zval_if_not_ref // separate_zval_if_not_ref case '/': if (!in_array($last_char, array('r', 'z'))) { error("the '/' specifier cannot be applied to '{$last_char}'"); } break; // nullable arguments // nullable arguments case '!': if (!in_array($last_char, array('a', 'C', 'f', 'h', 'o', 'O', 'r', 's', 't', 'z', 'Z'))) { error("the '!' specifier cannot be applied to '{$last_char}'"); } break; case '&': if (version_compare(VERSION, '6', 'ge')) { if ($last_char == 's' || $last_last_char == 's' && $last_char == '!') { check_param($params, ++$j, 'UConverter*', $optional); } else { error("the '&' specifier cannot be applied to '{$last_char}'"); } } else { error("unknown char ('&') at column {$i}"); } break; case '+': case '*': if (version_compare(VERSION, '6', 'ge')) { if ($varargs) { error("A varargs specifier can only be used once. repeated char at column {$i}"); } else { check_param($params, ++$j, 'zval****', $optional); check_param($params, ++$j, 'int*', $optional); $varargs = true; } } else { error("unknown char ('{$char}') at column {$i}"); } break; default: if (isset($API_params[$char])) { foreach ($API_params[$char] as $exp) { check_param($params, ++$j, $exp, $optional); } } else { error("unknown char ('{$char}') at column {$i}"); } } $last_last_char = $last_char; $last_char = $char; } } } }
/** run tests on a function. the code is passed in $txt */ function check_function($name, $txt, $offset) { global $API_params; $regex = '/ (?: zend_parse_parameters(?:_throw)? \\s*\\([^,]+ | zend_parse_(?:parameters_ex|method_parameters) \\s*\\([^,]+,[^,]+ | zend_parse_method_parameters_ex \\s*\\([^,]+,[^,]+,[^,+] ) ,\\s*"([^"]*)"\\s* ,\\s*([^{;]*) /Sx'; if (preg_match_all($regex, $txt, $matches, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) { $GLOBALS['current_function'] = $name; foreach ($matches as $m) { $GLOBALS['error_few_vars_given'] = false; update_lineno($offset + $m[2][1]); $vars = get_vars(substr($txt, 0, $m[0][1])); // limit var search to current location $params = get_params($vars, $m[2][0]); $optional = $varargs = false; $last_char = ''; $j = -1; $spec = $m[1][0]; $len = strlen($spec); for ($i = 0; $i < $len; ++$i) { $char = $spec[$i]; switch ($char = $spec[$i]) { // separator for optional parameters case '|': if ($optional) { error("more than one optional separator at char #{$i}"); } else { $optional = true; if ($i == $len - 1) { error("unnecessary optional separator"); } } break; // separate_zval_if_not_ref // separate_zval_if_not_ref case '/': if (in_array($last_char, array('l', 'L', 'd', 'b'))) { error("the '/' specifier should not be applied to '{$last_char}'"); } break; // nullable arguments // nullable arguments case '!': if (in_array($last_char, array('l', 'L', 'd', 'b'))) { check_param($params, ++$j, 'zend_bool*', $optional); } break; // variadic arguments // variadic arguments case '+': case '*': if ($varargs) { error("A varargs specifier can only be used once. repeated char at column {$i}"); } else { check_param($params, ++$j, 'zval**', $optional); check_param($params, ++$j, 'int*', $optional); $varargs = true; } break; case 's': case 'p': check_param($params, ++$j, 'char**', $optional, $allow_uninit = true); check_param($params, ++$j, 'size_t*', $optional, $allow_uninit = true); if ($optional && !$params[$j - 1][2] && !$params[$j][2] && $params[$j - 1][0] !== '**dummy**' && $params[$j][0] !== '**dummy**') { error("one of optional vars {$params[$j - 1][0]} or {$params[$j][0]} must be initialized", 1); } break; case 'C': // C must always be initialized, independently of whether it's optional check_param($params, ++$j, 'zend_class_entry**', false); break; default: if (!isset($API_params[$char])) { error("unknown char ('{$char}') at column {$i}"); } // If an is_null flag is in use, only that flag is required to be // initialized $allow_uninit = $i + 1 < $len && $spec[$i + 1] === '!' && in_array($char, array('l', 'L', 'd', 'b')); foreach ($API_params[$char] as $exp) { check_param($params, ++$j, $exp, $optional, $allow_uninit); } } $last_char = $char; } } } }
<link rel="stylesheet" href="leaflet.draw.ie.css" /> <![endif]--> <script src="lib/leaflet/leaflet.js"></script> <script src="lib/leaflet.draw/leaflet.draw.js"></script> <script src="lib/leaflet.polylineDecorator/leaflet.polylineDecorator.js"></script> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> </head> <body> <div id="header"> <a href='.'><img id='logo' src='images/logo.svg' alt='Geowiki'></a> <?php $name = $_REQUEST['id']; if (check_param($_REQUEST)) { $c = file_get_contents("{$data_path}/{$_REQUEST['id']}/map.json"); if ($c) { $c = json_decode($c, true); if (is_array($c) && array_key_exists('title', $c)) { $name = $c['title']; } } } ?> <span id="title"><?php print $name; ?> </span> </div> <div id="map"></div>
case "edit": // check post param $id = check_param("id"); $name = check_param("name"); $pay = check_param("pay"); $boost = check_param("boost"); $quality = check_param("quality"); $sql = <<<EOF UPDATE {$TB} SET name="{$name}", pay={$pay}, boost={$boost}, quality={$quality} WHERE uid={$id}; EOF; break; case "del": // check post param $id = check_param("id"); $sql = <<<EOF DELETE FROM {$TB} WHERE uid={$id}; EOF; break; default: exit; break; } $ret = $db->exec($sql); if (!$ret) { echo $db->lastErrorMsg(); } else { //echo "Records created successfully\n"; }
function ajax_save_remove_feature($param, $postdata) { global $data_path; if (!check_param($param)) { return array('saved' => false, 'error' => 'Invalid ID'); } git_init(); if (array_key_exists('rev', $param)) { git_checkout($param['rev']); } // create directory for map data $path = "{$data_path}/{$param['id']}"; if (!is_dir($path)) { mkdir($path); } $feature_id = $postdata; git_exec("rm " . shell_escape("{$param['id']}/_" . $feature_id . '.json')); git_commit("remove feature"); $rev = git_rev(); if (!git_merge()) { return array('saved' => false, 'rev' => $rev, 'error' => "Conflict when merging changes. Please reload and re-do changes."); } return array('saved' => true, 'rev' => $rev); }
$userId = $_SESSION['user_id']; if (!empty($userId)) { $user = User::findById($userId); $friendId = check_param($_REQUEST['friend_id']); $giftType = check_param($_REQUEST['gift_type']); $amount = check_param($_REQUEST['amount']); if (!empty($friendId)) { $result = $user->sendGift($friendId, $giftType, $amount); } } echo $result; exit; } else { if ($mode == 'send_request_bonus') { $result = 0; $userId = $_SESSION['user_id']; if (!empty($userId)) { $user = User::findById($userId); $count = check_param($_REQUEST['count']); if (!empty($count)) { $result = $user->addGift($count); } } echo $result; exit; } } } } } }