da_sql_escape_string PHP代码示例

示例#1

0

显示文件

文件： functions.php 项目： greendev5/freeradius-server-wasel

function get_user_info($link, $user, $config)
{
    if ($link && $config[sql_use_user_info_table] == 'true') {
        $user = da_sql_escape_string($user);
        $res = @da_sql_query($link, $config, "SELECT name FROM {$config['sql_user_info_table']} WHERE username = '******';");
        if ($res) {
            $row = @da_sql_fetch_array($res, $config);
            if ($row) {
                return $row[name];
            }
        }
    }
}

示例#2

0

显示文件

文件： user_finger.php 项目： greendev5/freeradius-server-wasel

    include_once "../lib/sql/drivers/{$config['sql_type']}/functions.php";
} else {
    echo <<<EOM
<body>
<center>
<b>Could not include SQL library functions. Aborting</b>
</body>
</html>
EOM;
    exit;
}
$date = strftime('%A, %e %B %Y, %T %Z');
$sql_extra_query = '';
if ($config[sql_accounting_extra_query] != '') {
    $sql_extra_query = xlat($config[sql_accounting_extra_query], $login, $config);
    $sql_extra_query = da_sql_escape_string($sql_extra_query);
}
$link = @da_sql_pconnect($config);
$link2 = connect2db($config);
$tot_in = $tot_rem = 0;
if ($link) {
    $h = 21;
    $servers_num = 0;
    if ($config[general_ld_library_path] != '') {
        putenv("LD_LIBRARY_PATH={$config['general_ld_library_path']}");
    }
    foreach ($nas_list as $nas) {
        $j = 0;
        $num = 0;
        if ($server != '') {
            if ($nas[name] == $server) {

示例#3

0

显示文件

文件： group_admin.php 项目： greendev5/freeradius-server-wasel

$link = @da_sql_pconnect($config);
if ($link) {
    if (isset($del_members)) {
        foreach ($del_members as $del) {
            $del = da_sql_escape_string($del);
            $res = @da_sql_query($link, $config, "DELETE FROM {$config['sql_usergroup_table']} WHERE username = '******' AND groupname = '{$login}';");
            if (!$res) {
                echo "<b>Could not delete user {$del} from group: " . da_sql_error($link, $config) . "</b><br>\n";
            }
        }
    }
    if ($new_members != '') {
        $Members = preg_split("/[\n\\s]+/", $new_members, -1, PREG_SPLIT_NO_EMPTY);
        if (!empty($Members)) {
            foreach ($Members as $new_member) {
                $new_member = da_sql_escape_string($new_member);
                $res = @da_sql_query($link, $config, "SELECT username FROM {$config['sql_usergroup_table']} WHERE\n\t\t\t\tusername = '******' AND groupname = '{$login}';");
                if ($res) {
                    if (@da_sql_num_rows($res, $config)) {
                        echo "<b>User {$new_member} already is a member of the group</b><br>\n";
                    } else {
                        $res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_usergroup_table']} (groupname,username)\n\t\t\t\t\t\tVALUES ('{$login}','{$new_member}');");
                        if (!$res) {
                            echo "<b>Error while adding user {$new_member} to group: " . da_sql_error($link, $config) . "</b><br>\n";
                        }
                    }
                } else {
                    echo "<b>Could not add new member {$new_member}: " . da_sql_error($link, $config) . "</b><br>\n";
                }
            }
        }

示例#4

0

显示文件

文件： stats.php 项目： greendev5/freeradius-server-wasel

    $tmp = "{$sql_val[$column[$j]]}";
    $res[$j] = $tmp == "" ? "COUNT(radacctid) AS res_{$j}" : "sum({$tmp}) AS res_{$j}";
}
$i = 1;
$servers[all] = 'all';
foreach ($nas_list as $nas) {
    $name = $nas[name];
    if ($nas[ip] == '') {
        continue;
    }
    $servers[$name] = $nas[ip];
    $i++;
}
ksort($servers);
if ($server != 'all' && $server != '') {
    $server = da_sql_escape_string($server);
    $s = "AND nasipaddress = '{$server}'";
}
$sql_extra_query = '';
if ($config[sql_accounting_extra_query] != '') {
    $sql_extra_query = xlat($config[sql_accounting_extra_query], $login, $config);
}
$link = @da_sql_pconnect($config);
if ($link) {
    for ($i = $num_days; $i > -1; $i--) {
        $day = "{$days[$i]}";
        if ($config[general_stats_use_totacct] == 'yes') {
            $search = @da_sql_query($link, $config, "SELECT {$res['1']},{$res['2']},{$res['3']} FROM {$config['sql_total_accounting_table']}\n\t\t\t{$sql_val['user']} AND acctdate = '{$day}' {$s} {$sql_extra_query};");
        } else {
            $search = @da_sql_query($link, $config, "SELECT {$res['1']},{$res['2']},{$res['3']} FROM {$config['sql_accounting_table']}\n\t\t\t{$sql_val['user']} AND acctstoptime >= '{$day} 00:00:00'\n\t\t\tAND acctstoptime <= '{$day} 23:59:59' {$s} {$sql_extra_query};");
        }

示例#5

0

显示文件

文件： nas_admin.php 项目： greendev5/freeradius-server-wasel

                 } else {
                     $msg = "<b>Error adding NAS '{$nasname}' " . da_sql_error($link, $config) . "</b><br>\n";
                 }
             }
             break;
         case 'change_nas':
             if ($nassecret == '' || $nasshortname == '') {
                 $msg = "<b>Error. Required fields are not set</b><br>\n";
             } else {
                 $nasshortname = da_sql_escape_string($nasshortname);
                 $nastype = da_sql_escape_string($nastype);
                 $nasportnum = da_sql_escape_string($nasportnum);
                 $nassecret = da_sql_escape_string($nassecret);
                 $nascommunity = da_sql_escape_string($nascommunity);
                 $nasdescription = da_sql_escape_string($nasdescription);
                 $nasname = da_sql_escape_string($nasname);
                 $res = @da_sql_query($link, $config, "UPDATE {$config['sql_nas_table']} SET\n\t\t\t\t\tshortname = '{$nasshortname}',\n\t\t\t\t\ttype = '{$nastype}',\n\t\t\t\t\tports = '{$nasportnum}',\n\t\t\t\t\tsecret = '{$nassecret}',\n\t\t\t\t\tcommunity = '{$nascommunity}',\n\t\t\t\t\tdescription = '{$nasdescription}' WHERE nasname = '{$nasname}';");
                 if ($res) {
                     $msg = "<b>NAS '{$nasname}' was updated successfully</b><br>\n";
                 } else {
                     $msg = "<b>Error updating NAS '{$selected_nas}' " . da_sql_error($link, $config) . "</b><br>\n";
                 }
             }
             break;
     }
 }
 $search = @da_sql_query($link, $config, "SELECT * FROM {$config['sql_nas_table']} ORDER BY nasname;");
 if ($search) {
     $num = 0;
     unset($my_nas_list);
     while ($row = @da_sql_fetch_array($search, $config)) {

示例#6

0

显示文件

文件： find.php 项目： greendev5/freeradius-server-wasel

        $res = @da_sql_query($link, $config, "SELECT " . da_sql_limit($max, 0, $config) . " username FROM {$config['sql_user_info_table']} WHERE\n\t\tlower({$search_IN}) LIKE '%{$search}%' " . da_sql_limit($max, 1, $config) . " " . da_sql_limit($max, 2, $config) . " ;");
        if ($res) {
            while ($row = @da_sql_fetch_array($res, $config)) {
                $found_users[] = $row[username];
            }
        } else {
            "<b>Database query failed: " . da_sql_error($link, $config) . "</b><br>\n";
        }
    } else {
        if ($search_IN == 'radius' && $radius_attr != '') {
            require "../lib/sql/attrmap.php";
            if ($attrmap["{$radius_attr}"] == '') {
                $attrmap["{$radius_attr}"] = $radius_attr;
                $attr_type["{$radius_attr}"] = 'replyItem';
            }
            $table = $attr_type[$radius_attr] == 'checkItem' ? $config[sql_check_table] : $config[sql_reply_table];
            $attr = $attrmap[$radius_attr];
            $attr = da_sql_escape_string($attr);
            $res = @da_sql_query($link, $config, "SELECT " . da_sql_limit($max, 0, $config) . " username FROM {$table} WHERE attribute = '{$attr}'\n\t\tAND value LIKE '%{$search}%' " . da_sql_limit($max, 1, $config) . " " . da_sql_limit($max, 2, $config) . " ;");
            if ($res) {
                while ($row = @da_sql_fetch_array($res, $config)) {
                    $found_users[] = $row[username];
                }
            } else {
                "<b>Database query failed: " . da_sql_error($link, $config) . "</b><br>\n";
            }
        }
    }
} else {
    echo "<b>Could not connect to SQL database</b><br>\n";
}

示例#7

0

显示文件

文件： group_change.php 项目： greendev5/freeradius-server-wasel

$link = @da_sql_pconnect($config);
if ($link) {
    if (isset($member_groups) && isset($edited_groups)) {
        $del_groups = array_diff($member_groups, $edited_groups);
        if (isset($del_groups)) {
            foreach ($del_groups as $del) {
                $del = da_sql_escape_string($del);
                $res = @da_sql_query($link, $config, "DELETE FROM {$config['sql_usergroup_table']} WHERE username = '******' AND groupname = '{$del}';");
                if (!$res) {
                    echo "<b>Could not delete user {$login} from group {$del}: " . da_sql_error($link, $config) . "</b><br>\n";
                } else {
                    echo "<b>User {$login} deleted from group {$del}</b><br>\n";
                }
            }
        }
        $new_groups = array_diff($edited_groups, $member_groups);
        if (isset($new_groups)) {
            foreach ($new_groups as $new) {
                $new = da_sql_escape_string($new);
                $res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_usergroup_table']} (groupname,username)\n\t\t\t\tVALUES ('{$new}','{$login}');");
                if (!$res) {
                    echo "<b>Error while adding user {$login} to group {$login}: " . da_sql_error($link, $config) . "</b><br>\n";
                } else {
                    echo "<b>User {$login} added to group {$new}</b><br>\n";
                }
            }
        }
    }
} else {
    echo "<b>Could not connect to SQL database</b><br>\n";
}

示例#8

0

显示文件

文件： badusers.php 项目： greendev5/freeradius-server-wasel

<form action="badusers.php" method="get" name="master">
<input type=hidden name=do_delete value=0>
<input type=hidden name=row_id value=0>
EOM;
?>

<p>
	<table border=1 bordercolordark=#ffffe0 bordercolorlight=#000000 width=100% cellpadding=2 cellspacing=0 bgcolor="#ffffe0" valign=top>
	<tr bgcolor="#d0ddb0">
	<th>#</th><th>user</th><th>date</th><th>admin</th><th>reason</th><th>administrator action</th>
	</tr>

<?php 
$auth_user = $_SERVER["PHP_AUTH_USER"];
if ($config[general_restrict_badusers_access] == 'yes') {
    $auth_user = da_sql_escape_string($auth_user);
    $extra_query = "AND admin == '{$auth_user}'";
}
$link = @da_sql_pconnect($config);
if ($link) {
    $search = @da_sql_query($link, $config, "SELECT " . da_sql_limit($limit, 0, $config) . " * FROM {$config['sql_badusers_table']}\n\tWHERE username {$usercheck} {$extra_query} AND incidentdate <= '{$now_str}'\n\tAND incidentdate >= '{$prev_str}' " . da_sql_limit($limit, 1, $config) . " ORDER BY incidentdate {$order} " . da_sql_limit($limit, 2, $config) . " ;");
    if ($search) {
        while ($row = @da_sql_fetch_array($search, $config)) {
            $num++;
            $id = $row[id];
            $user = "******";
            $User = urlencode($user);
            $date = "{$row['incidentdate']}";
            $reason = "{$row['reason']}";
            $admin = "{$row['admin']}";
            if ($admin == $auth_user || $admin == '-') {

示例#9

0

显示文件

文件： change_passwd.php 项目： greendev5/freeradius-server-wasel

}
if ($config[sql_use_operators] == 'true') {
    $text1 = ',op';
    $text2 = ",':='";
    $text3 = ", op = ':='";
} else {
    $text1 = '';
    $text2 = '';
    $text3 = '';
}
$link = @da_sql_pconnect($config);
if ($link) {
    if (is_file("../lib/crypt/{$config['general_encryption_method']}.php")) {
        include "../lib/crypt/{$config['general_encryption_method']}.php";
        $passwd = da_encrypt($passwd);
        $passwd = da_sql_escape_string($passwd);
        $res = @da_sql_query($link, $config, "SELECT value FROM {$config['sql_check_table']} WHERE username = '******'\n\t\t\tAND attribute = '{$config['sql_password_attribute']}';");
        if ($res) {
            $row = @da_sql_fetch_array($res, $config);
            if ($row) {
                $res = @da_sql_query($link, $config, "UPDATE {$config['sql_check_table']} SET value = '{$passwd}' {$text3} WHERE\n\t\t\t\tattribute = '{$config['sql_password_attribute']}' AND username = '******';");
                if (!$res || !@da_sql_affected_rows($link, $res, $config)) {
                    echo "<b>Error while changing password: "******"</b><br>\n";
                }
            } else {
                $res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_check_table']} (attribute,value,username {$text1})\n\t\t\t\t\tVALUES ('{$config['sql_password_attribute']}','{$passwd}','{$login}' {$text2});");
                if (!$res || !@da_sql_affected_rows($link, $res, $config)) {
                    echo "<b>Error while changing password: "******"</b><br>\n";
                }
            }
        } else {

示例#10

0

显示文件

文件： create_group.php 项目： greendev5/freeradius-server-wasel

     }
     if ($attr_type["{$key}"] == 'checkItem') {
         $table = "{$config['sql_groupcheck_table']}";
         $type = 1;
     } else {
         if ($attr_type["{$key}"] == 'replyItem') {
             $table = "{$config['sql_groupreply_table']}";
             $type = 2;
         }
     }
     $val = ${$attrmap}["{$key}"];
     $val = da_sql_escape_string($val);
     $op_name = $attrmap["{$key}"] . '_op';
     $op_val = ${$op_name};
     if ($op_val != '') {
         $op_val = da_sql_escape_string($op_val);
         if (check_operator($op_val, $type) == -1) {
             echo "<b>Invalid operator ({$op_val}) for attribute {$key}</b><br>\n";
             coninue;
         }
         $op_val2 = ",'{$op_val}'";
     }
     if ($val == '' || check_defaults($val, $op_val, $default_vals["{$key}"])) {
         continue;
     }
     $res = @da_sql_query($link, $config, "INSERT INTO {$table} (attribute,value,groupname {$text})\n\t\t\tVALUES ('{$attrmap[$key]}','{$val}','{$login}' {$op_val2});");
     if (!$res || !@da_sql_affected_rows($link, $res, $config)) {
         echo "<b>Query failed for attribute {$key}: " . da_sql_error($link, $config) . "</b><br>\n";
     }
 }
 echo "<b>Group created successfully</b><br>\n";

示例#11

0

显示文件

文件： user_accounting.php 项目： greendev5/freeradius-server-wasel

$now_str = $now_str != '' ? "{$now_str}" : date($config[sql_date_format], $now + 86400);
$prev_str = $prev_str != '' ? "{$prev_str}" : date($config[sql_date_format], $now - 604800);
$num = 0;
$pagesize = $pagesize ? $pagesize : 10;
if (!is_numeric($pagesize) && $pagesize != 'all') {
    $pagesize = 10;
}
$limit = $pagesize == 'all' ? '' : "{$pagesize}";
$selected[$pagesize] = 'selected';
$order = $order != '' ? $order : $config[general_accounting_info_order];
if ($order != 'desc' && $order != 'asc') {
    $order = 'desc';
}
$selected[$order] = 'selected';
$now_str = da_sql_escape_string($now_str);
$prev_str = da_sql_escape_string($prev_str);
unset($da_name_cache);
if (isset($_SESSION['da_name_cache'])) {
    $da_name_cache = $_SESSION['da_name_cache'];
}
echo <<<EOM
<head>
<title>subscription analysis for {$login}</title>
<meta http-equiv="Content-Type" content="text/html; charset={$config['general_charset']}">
<link rel="stylesheet" href="style.css">
</head>
<body>
<center>
<table border=0 width=550 cellpadding=0 cellspacing=0>
<tr valign=top>
<td align=center><img src="images/title2.gif"></td>

示例#12

0

显示文件

文件： change_info.php 项目： greendev5/freeradius-server-wasel

} else {
    echo "<b>Could not include SQL library</b><br>\n";
    exit;
}
$link = @da_sql_pconnect($config);
$fail = 0;
if ($link) {
    if ($config[sql_use_user_info_table] == 'true') {
        $res = @da_sql_query($link, $config, "SELECT username FROM {$config['sql_user_info_table']} WHERE\n\t\tusername = '******';");
        if ($res) {
            $Fcn = da_sql_escape_string($Fcn);
            $Fmail = da_sql_escape_string($Fmail);
            $Fou = da_sql_escape_string($Fou);
            $Ftelephonenumber = da_sql_escape_string($Ftelephonenumber);
            $Fhomephone = da_sql_escape_string($Fhomephone);
            $Fmobile = da_sql_escape_string($Fmobile);
            if (!@da_sql_num_rows($res, $config)) {
                $res = @da_sql_query($link, $config, "INSERT INTO {$config['sql_user_info_table']}\n\t\t\t\t(username,name,mail,department,homephone,workphone,mobile) VALUES\n\t\t\t\t('{$login}','{$Fcn}','{$Fmail}','{$Fou}','{$Ftelephonenumber}','{$Fhomephone}','{$Fmobile}');");
                if (!$res || !@da_sql_affected_rows($link, $res, $config)) {
                    echo "<b>Could not add user information in user info table: " . da_sql_error($link, $config) . "</b><br>\n";
                    $fail = 1;
                }
            } else {
                $res = @da_sql_query($link, $config, "UPDATE {$config['sql_user_info_table']} SET name = '{$Fcn}',Mail = '{$Fmail}',\n\t\t\t\tdepartment = '{$Fou}', homephone = '{$Fhomephone}', workphone = '{$Ftelephonenumber}',\n\t\t\t\tmobile = '{$Fmobile}' WHERE username = '******';");
                if (!$res || !@da_sql_affected_rows($link, $res, $config)) {
                    echo "<b>Could not update user information in user info table: " . da_sql_error($link, $config) . "</b><br>\n";
                    $fail = 1;
                }
            }
        } else {
            echo "<b>Could not find user in user info table: " . da_sql_error($link, $config) . "</b><br>\n";

PHP da_sql_escape_string示例