PHP cleanse示例

示例#1

文件： registrationupdate.php 项目： RomanRA/Class-Code

 echo '<p><a href="registrationlist.php">RETURN TO REGISTRATION LIST</a></p>';
 //SET VARIABLES WE WILL NEED LATER
 $showform = 0;
 $errormessage = "";
 //ONCE WE HAVE PRESSED SUBMIT, DO SOMETHING....
 if (isset($_POST['submit'])) {
     $_GET['x'] = $_POST['x'];
     //SET ALL POST VARIABLES
     $FORMFIELD['first'] = htmlchars(cleanse($_POST['first']));
     $FORMFIELD['mi'] = htmlchars(cleanse($_POST['mi']));
     $FORMFIELD['last'] = htmlchars(cleanse($_POST['last']));
     $FORMFIELD['email'] = strtolower(htmlchars(cleanse($_POST['email'])));
     $FORMFIELD['username'] = strtolower(htmlchars(cleanse($_POST['username'])));
     $FORMFIELD['gender'] = $_POST['gender'];
     $FORMFIELD['status'] = $_POST['status'];
     $FORMFIELD['bio'] = cleanse($_POST['bio']);
     //check for empty fields
     if ($FORMFIELD['first'] == "") {
         $errormessage .= "<p>FIRST NAME IS MISSING.</p>";
     }
     if ($FORMFIELD['last'] == "") {
         $errormessage .= "<p>LAST NAME IS MISSING.</p>";
     }
     if ($FORMFIELD['email'] == "") {
         $errormessage .= "<p>EMAIL IS MISSING.</p>";
     }
     if ($FORMFIELD['username'] == "") {
         $errormessage .= "<p>USERNAME IS MISSING.</p>";
     }
     if ($FORMFIELD['gender'] == "") {
         $errormessage .= "<p>GENDER IS MISSING.</p>";

示例#2

文件： emailusername.php 项目： RomanRA/Content-Management-System

 * Time: 7:02 PM
 */
$title = 'Email User Name';
$showform = 0;
include_once 'header.php';
include_once 'menu.php';
require_once 'connect.php';
require_once 'functions.inc.php';
$sendUser = "";
$to = $_POST['email'];
$subject = "Username";
$from = "*****@*****.**";
$message = "Your username is: ";
if (isset($_POST['submit'])) {
    //CHECK IF EMAIL EXISTS
    $FORMFIELD['email'] = strtolower(cleanse($_POST['email']));
    //CHECK IF USER EXIST
    try {
        //echo 'In try SELECT';
        $sql = 'SELECT email FROM registration WHERE  email = :email';
        $statement = $pdo->prepare($sql);
        $statement->bindValue(':email', $FORMFIELD['email']);
        $statement->execute();
        $count = $statement->rowCount();
    } catch (PDOException $e) {
        echo 'Error getting information: ' . $e->getMessage();
        exit;
    }
    if ($count != 1) {
        echo 'That email <em>does not exist</em>';
    } else {

示例#3

文件： login.php 项目： RomanRA/Class-Code

<?php

$title = "Login";
include_once 'header.inc.php';
include_once 'menu.inc.php';
require_once 'connect.php';
require_once 'functions.inc.php';
$showform = 0;
$errormessage = "";
if (isset($_POST['submit'])) {
    //CLEANSE DATA THE SAME AS THE REGISTRATION PAGE
    $FORMFIELD['username'] = strtolower(htmlchars(cleanse($_POST['username'])));
    $FORMFIELD['pwd'] = cleanse($_POST['pwd']);
    //CHECKING FOR EMPTY FIELDS THE SAME AS THE REGISTRATION PAGE
    if ($FORMFIELD['username'] == "") {
        $errormessage .= "<p>USERNAME IS MISSING.</p>";
    }
    if ($FORMFIELD['pwd'] == "") {
        $errormessage .= "<p>PASSWORD IS MISSING.</p>";
    }
    //display error
    if ($errormessage != "") {
        echo $errormessage;
    } else {
        //GET THE USERNAME AND SALT FROM THE DATABASE
        try {
            $sql = 'SELECT username, salt FROM registration WHERE username = :username';
            $s = $pdo->prepare($sql);
            $s->bindValue(':username', $FORMFIELD['username']);
            $s->execute();
            $count = $s->rowCount();

示例#4

文件： passwordreset.php 项目： RomanRA/Content-Management-System

 * Created by PhpStorm.
 * User: Richard
 * Date: 2/11/2015
 * Time: 7:02 PM
 */
$title = "Password Reset";
$showform = 0;
$title = "Password Reset";
include_once 'header.php';
include_once 'menu.php';
require_once 'connect.php';
require_once 'functions.inc.php';
if (isset($_POST['submit'])) {
    $FORMFIELD['secQ'] = cleanse($_POST['secQ']);
    $FORMFIELD['secA'] = cleanse($_POST['secA']);
    $FORMFIELD['userName'] = strtolower(cleanse($_POST['userName']));
    //CHECK IF USER EXIST
    try {
        //echo 'In try SELECT';
        $sql = 'SELECT userName FROM registration WHERE  userName = :userName';
        $statement = $pdo->prepare($sql);
        $statement->bindValue(':userName', $FORMFIELD['userName']);
        $statement->execute();
        $count = $statement->rowCount();
    } catch (PDOException $e) {
        echo 'Error getting information: ' . $e->getMessage();
        exit;
    }
    if ($count != 1) {
        echo 'That user does not exist';
    } else {

示例#5

文件： userupdate.php 项目： RomanRA/Content-Management-System

 $FORMFIELD['middleName'] = htmlchars(cleanse($_POST['middleName']));
 $FORMFIELD['lastName'] = htmlchars(cleanse($_POST['lastName']));
 $FORMFIELD['userName'] = strtolower(cleanse($_POST['userName']));
 $FORMFIELD['rank'] = htmlchars(cleanse($_POST['rank']));
 $FORMFIELD['institution'] = htmlchars(cleanse($_POST['institution']));
 $FORMFIELD['address1'] = htmlchars(cleanse($_POST['address1']));
 $FORMFIELD['address2'] = htmlchars(cleanse($_POST['address2']));
 $FORMFIELD['address3'] = htmlchars(cleanse($_POST['address3']));
 $FORMFIELD['city'] = htmlchars(cleanse($_POST['city']));
 $FORMFIELD['state'] = htmlchars(cleanse($_POST['state']));
 $FORMFIELD['zip'] = htmlchars(cleanse($_POST['zip']));
 $FORMFIELD['email'] = strtolower(cleanse($_POST['email']));
 $FORMFIELD['telephone'] = htmlchars(cleanse($_POST['telephone']));
 $FORMFIELD['secQ'] = htmlchars(cleanse($_POST['secQ']));
 $FORMFIELD['secA'] = htmlchars(cleanse($_POST['secA']));
 $FORMFIELD['membership'] = htmlchars(cleanse($_POST['membership']));
 //Check telephone
 if (!preg_match('/^[0-9]{10}$/', $FORMFIELD['telephone'])) {
     $errormessage .= '<p>The telephone does not have the required format</p>';
 }
 //See if username  has already been used
 try {
     $sql = 'SELECT * FROM registration WHERE userName = :userName AND ID != :ID';
     $q = $pdo->prepare($sql);
     $q->bindValue(':userName', $FORMFIELD['userName']);
     $q->bindValue(':ID', $_POST['x']);
     $q->execute();
     $count = $q->rowCount();
 } catch (PDOException $e) {
     echo 'Error fetching users: ' . $e->getMessage();
     exit;

示例#6

文件： login.php 项目： RomanRA/Content-Management-System

}
//END ISSET USERID
//USER PRESSES SUBMIT
if (isset($_POST['submit'])) {
    $FORMFIELD['userName'] = strtolower(htmlchars(cleanse($_POST['userName'])));
    $FORMFIELD['password'] = cleanse($_POST['password']);
    //CHECK IF ACCOUNT IS LOCKED
    //IF IS NOT SET SET NUMBER OF LOGIN ATTEMPTS
    if (!isset($_SESSION["attempts"])) {
        $_SESSION["attempts"] = 0;
    }
    //IF USER IS ALLOWED TO LOGIN
    if ($_SESSION["attempts"] < 5) {
        //CLEANSE DATA THE SAME AS THE REGISTRATION PAGE
        $FORMFIELD['userName'] = strtolower(htmlchars(cleanse($_POST['userName'])));
        $FORMFIELD['password'] = cleanse($_POST['password']);
        //Need to get the username and salt from table in database
        try {
            $sql = 'SELECT userName, salt FROM registration WHERE userName = :userName';
            $statement = $pdo->prepare($sql);
            $statement->bindValue(':userName', $FORMFIELD['userName']);
            $statement->execute();
            $count = $statement->rowCount();
        } catch (PDOException $e) {
            echo 'Error getting user: ' . $e->getMessage();
            exit;
        }
        //CHECK IF USER EXISTS
        if ($count < 1) {
            echo "<p>That user does not exist.</p>";
        } else {

示例#7

文件： pageupdate.php 项目： RomanRA/Class-Code

if (!isset($_SESSION['userid'])) {
    //go log in
    $_SESSION['loginRedirect'] = 1;
    header("Location: login.php");
    exit;
} elseif (isset($_SESSION['userid']) && $_SESSION['usertype'] == 1) {
    $showcontent = 1;
}
if ($showcontent == 1) {
    echo '<p><a href="pagelist.php">RETURN TO PAGES LIST</a></p>';
    $showform = 0;
    $errormessage = "";
    if (isset($_POST['submit'])) {
        $_GET['x'] = $_POST['x'];
        $FORMFIELD['title'] = htmlchars(cleanse($_POST['title']));
        $FORMFIELD['details'] = cleanse($_POST['details']);
        //check for empty fields
        if ($FORMFIELD['title'] == "") {
            $errormessage .= "<p> TITLE IS MISSING.</p>";
        }
        if ($FORMFIELD['details'] == "") {
            $errormessage .= "<p> DETAILS IS MISSING.</p>";
        }
        try {
            $sql = 'UPDATE pages_raroman SET
                title= :title,
                details= :details
                WHERE ID = :ID';
            $s = $pdo->prepare($sql);
            $s->bindValue(':title', $FORMFIELD['title']);
            // using data from form

示例#8

文件： registration.php 项目： RomanRA/Class-Code

require_once 'connect.php';
require_once 'functions.inc.php';
include_once 'menu.inc.php';
$showform = 0;
$errormessage = "";
if (isset($_POST['submit'])) {
    $FORMFIELD['first'] = htmlchars(cleanse($_POST['first']));
    $FORMFIELD['mi'] = htmlchars(cleanse($_POST['mi']));
    $FORMFIELD['last'] = htmlchars(cleanse($_POST['last']));
    $FORMFIELD['email'] = strtolower(cleanse($_POST['email']));
    $FORMFIELD['username'] = strtolower(cleanse($_POST['username']));
    $FORMFIELD['pwd'] = cleanse($_POST['pwd']);
    $FORMFIELD['pwd2'] = cleanse($_POST['pwd2']);
    $FORMFIELD['gender'] = $_POST['gender'];
    $FORMFIELD['status'] = $_POST['status'];
    $FORMFIELD['bio'] = htmlchars(cleanse($_POST['bio']));
    //check for empty fields
    if ($FORMFIELD['first'] == "") {
        $errormessage .= "<p> FIRST NAME IS MISSING.</p>";
    }
    if ($FORMFIELD['last'] == "") {
        $errormessage .= "<p> LAST NAME IS MISSING.</p>";
    }
    if ($FORMFIELD['email'] == "") {
        $errormessage .= "<p> EMAIL IS MISSING.</p>";
    }
    if ($FORMFIELD['username'] == "") {
        $errormessage .= "<p> USERNAME IS MISSING.</p>";
    }
    if ($FORMFIELD['pwd'] == "") {
        $errormessage .= "<p> PASSWORD IS MISSING.</p>";

示例#9

文件： conferencereg.php 项目： RomanRA/Content-Management-System

    $row = $s->fetch();
    $year = $row['theYear'];
    //IF USER IS REGISTERED THEY CANNOT RE-REGISTER
    if ($count > 1 && ($_SESSION['both'] = 2)) {
        echo '<h4 class="heading1">You are already signed up for both the 2015 and 2016 conference. You cannot sign up again.</h>';
        $showform = 1;
        header("refresh:3;url=index.php");
    }
}
//WHEN SUBMIT ADJUST THE PRICE
if (isset($_POST['submit'])) {
    //VARIABLES USED LATER
    $_SESSION['both'] = 0;
    //USER CAN REGISTER
    $FORMFIELD['year'] = htmlchars(cleanse($_POST['year']));
    $FORMFIELD['guestName'] = htmlchars(cleanse($_POST['guestName']));
    $_SESSION['year'] = $FORMFIELD['year'];
    //REGULAR MEMBER CACLULATION
    if ($_SESSION['membership'] == 'regular') {
        $membership = 30;
        if ($_POST['memberradio'] == 'member1') {
            if ($_POST['radio1'] == 'radio1') {
                if (isset($_POST['radio2'])) {
                    $value = $_POST['radio2'];
                    //echo "The value is: ".$value;
                    if ($value == 'radio4') {
                        $total = $regularRegPrice + $regularLunch + $membership;
                        $memberPrice = $regularRegPrice;
                        $lunchPrice = $regularLunch;
                    } else {
                        if ($value == 'radio5' || $value == 'radio6') {