'; } else { // article edit if (!ctype_digit($_GET['edit'])) { redirect("/"); } if (dbcount("(article_id)", "bg_articles", " article_id='" . (int) $_GET['edit'] . "'") == "0") { redirect("/"); } $editresult = dbquery("SELECT * FROM bg_articles WHERE article_id='" . $_GET["edit"] . "'"); $edata = dbarray($editresult); if (isset($_POST["savearticle"]) and $_POST["nazov"] != "" and $_POST["text"] != "") { $nazov = dbescape(strip_tags($_POST["nazov"])); $kat = $_POST["kat"]; $img = $_POST["img"]; $target = dbescape(strip_tags($_POST["target"])); $text = addslashes($_POST["text"]); $mtext = addslashes($_POST["minitext"]); $navrh = isset($_POST["suggestion"]) ? $_POST["suggestion"] : $edata["article_suggestion"]; $redate = $_POST["redate"]; if ($redate) { dbquery("UPDATE bg_articles SET article_date='" . time() . "' WHERE article_id='" . (int) $_GET["edit"] . "'"); } dbquery("UPDATE bg_articles SET article_minitxt='" . $mtext . "',article_img='" . $img . "',article_name='" . $nazov . "',article_cat='" . $kat . "',article_txt='" . $text . "',article_suggestion='" . $navrh . "',article_target='" . $target . "' WHERE article_id='" . (int) $_GET["edit"] . "'"); echo '<div class="alert alert-success">Článok <b><a class="alert-link" href="/clanok/' . $_GET["edit"] . '/">' . $nazov . '</a></b> bol Upravený.</div>'; } if ($userinfo["user_perm"] == 4) { $mojclanok = $edata["article_author"] == $userinfo["user_id"] ? true : false; } else { $mojclanok = true; }
<?php if (!isset($_SERVER['HTTP_X_REQUESTED_WITH']) && !($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')) { die("bad request"); } require "../settings.php"; if (!MEMBER) { redirect("/"); } $touserid = (int) $_POST["touserid"]; $text = dbescape(htmlspecialchars($_POST["chatboxtext"], ENT_QUOTES)); $puserr = dbquery("SELECT * FROM bg_users WHERE user_id='" . $touserid . "'"); $puser = dbarray($puserr); $validuser = dbrows($puserr); if ($validuser == 0) { echo "Error."; } if ($touserid == "") { redirect("/"); } if ($text != "") { dbquery("INSERT INTO bg_messages (mes_userid, mes_touserid, mes_text, mes_time) VALUES('" . $userinfo["user_id"] . "', '" . $touserid . "', '" . $text . "', '" . time() . "') "); }
function sanitizeIntoDB($text) { // dbescape checks the database type and escapes appropriately. // fifers: we could roll the functionality into here... $text = dbescape(stripslashes($text)); $text = $this->oopsAddSlashes($text); return $text; }
<?php if (!isset($_SERVER['HTTP_X_REQUESTED_WITH']) && !($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')) { die("bad request"); } require "../settings.php"; if (!MEMBER) { redirect("/"); } $searchuser = htmlspecialchars(dbescape($_GET["s"])); if (!isset($searchuser)) { redirect("/"); } if ($searchuser != "") { $result = dbquery("SELECT * FROM bg_users WHERE user_id<>'" . $userinfo["user_id"] . "' AND user_nick LIKE '" . $searchuser . "%' ORDER BY user_nick ASC"); $rows1 = dbrows($result); if ($rows1 >= "1") { while ($data = dbarray($result)) { $unreadmessel = dbcount("(mes_id)", "bg_messages", "mes_touserid='" . $userinfo["user_id"] . "' AND mes_userid='" . $data["user_id"] . "' AND mes_read='0'"); $unreadmes = '<span class="gtipred" data-target="' . $data["user_id"] . '">' . $unreadmessel . '</span>'; echo '<a class="list-group-item userlistid" title="Online ' . timeago($data["user_lastactivity"]) . '" id="' . $data["user_id"] . '">' . $data["user_nick"] . '<span class="badge">' . $adminprava[$data["user_perm"]] . '</span></a>'; } } else { echo "Žiadni užívatelia."; } } else { $resultchati = dbquery("SELECT DISTINCT(mes_userid) FROM bg_messages WHERE mes_touserid='" . $userinfo["user_id"] . "' AND mes_time>'" . strtotime('-1 month') . "' ORDER BY mes_time"); $rows1 = dbrows($resultchati); if ($rows1 >= "1") { while ($data = dbarray($resultchati)) { $unreadmessel = dbcount("(mes_id)", "bg_messages", "mes_touserid='" . $userinfo["user_id"] . "' AND mes_userid='" . $data["mes_userid"] . "' AND mes_read='0'");
$logged = 1; } else { $logged = 0; redirect("?logout"); } } else { $logged = 0; redirect("?logout"); } } // login odoslany if (isset($_POST["user_email"]) && isset($_POST["user_password"])) { $passwordhash = md5(md5(md5($_POST["user_password"]))); if ($_POST["user_email"] != "" && $_POST["user_password"] != "") { if (filter_var($_POST["user_email"], FILTER_VALIDATE_EMAIL)) { $bb = dbquery("SELECT * FROM bg_users WHERE user_email='" . dbescape($_POST["user_email"]) . "'"); $userinfo = dbarray($bb); if (dbrows($bb) == 1 && $userinfo["user_active"] == 0) { $notifdeactive = 1; } $detectban = dbrows(dbquery("SELECT * FROM da_bans WHERE ban_userid='" . $userinfo["user_id"] . "' AND ban_durationtime>'" . time() . "' ")); if ($detectban == 0) { if ($userinfo["user_email"] != htmlspecialchars($_POST["user_email"])) { $bademail = 1; } if ($userinfo["user_password"] == $passwordhash) { setcookie("log", $userinfo["user_id"] . "." . $passwordhash, time() + 3600 * 24 * 12 * 24, "/", "", "0"); $logged = 1; $notiflogin = 1; } else { $badpassword = 1;
<h5>Vytvorenie nového účtu</h5> Prosím vyplňte <b>všetky</b> údaje - viac údajov si môžete doplniť po prihlásení. </div> </div> <?php if (MEMBER) { redirect("/"); } if (isset($_POST["vytvorit"])) { if (isset($_POST['sbs']) && $_POST['sbs'] == "") { // kontrola pred spam botmi if (isset($_POST['cislo']) && isset($_SESSION['spamkiller']) && $_POST['cislo'] == $_SESSION['spamkiller']) { if (isset($_POST['podmienky']) == "1") { $user = dbescape(StrTr(strip_tags($_POST["meno"]), "ÁÄČÇĎÉĚËÍŇÓÖŘŠŤÚŮÜÝŽáäčçďéěëíňóöřšťúůüýž ", "AACCDEEEINOORSTUUUYZaaccdeeeinoorstuuuyz-")); $email = dbescape(strip_tags($_POST["email"])); $pass = md5(md5(md5($_POST["heslo"]))); $pass2 = md5(md5(md5($_POST["heslo2"]))); if ($pass == $pass2) { $result5 = dbquery("SELECT * FROM bg_users WHERE user_nick='" . $user . "'"); $result55 = dbquery("SELECT * FROM bg_users WHERE user_email='" . $email . "'"); $rows5 = dbrows($result5); $rows55e = dbrows($result55); if ($rows5 == 0 && $rows55e == 0 && $user != "") { if (preg_match("/^[^@]*@[^@]*\\.[^@]*\$/", $email)) { if (strlen($user) >= 4 and strlen($email) >= 4) { if (strlen($pass) >= 6) { dbquery("INSERT INTO bg_users(user_nick, user_password,user_email,user_active,user_datereg,user_lastactivity,user_ip,user_browser,user_os)\n VALUES('" . $user . "','" . $pass . "','" . $email . "','1','" . time() . "','" . time() . "','" . $_SERVER["REMOTE_ADDR"] . "','" . getBrowser() . "','" . getOS() . "')"); echo '<div class="alert alert-success">Registrácia prebehla úspešne. Teraz sa môžete prihlásiť.</div>'; } else { echo '<div class="alert alert-warning">Minimálna dĺžka hesla je 6 znakov.</div>';
<label> <input class="btn btn-success" name="lostpw2" value="Resetovať heslo" type="submit"> </label> </div> </div> </div> </form> '; } else { redirect("?error=exist"); } } else { if (isset($_POST["reset"])) { if (isset($_POST['cislo']) && $_POST['cislo'] == $_SESSION['control2']) { if (preg_match("/^[^@]*@[^@]*\\.[^@]*\$/", strip_tags($_POST["email"]))) { $result8 = dbquery("SELECT * FROM bg_users WHERE user_email='" . strip_tags(dbescape($_POST["email"])) . "' AND user_nick='" . strip_tags(dbescape($_POST["meno"])) . "' AND user_active='1'"); $rows6 = dbrows($result8); if ($rows6 == 1 && strip_tags($_POST["meno"]) != "") { $active = dbarray($result8); $mdcode = md5($active["user_nick"] . rand(10, 99)); $url = "http://desart.sk/noveheslo?resetpass="******"email"]); $subject = 'Desart - nové heslo'; $message = "<html>Pre nové hesla kliknite sem: " . nl2br($url) . "</html>"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n"; $headers .= 'From: Desart <*****@*****.**>' . "\r\n"; mail($to, $subject, $message, $headers); dbquery("UPDATE bg_users SET user_active='0' WHERE user_id='" . $active["user_id"] . "'"); dbquery("UPDATE bg_users SET user_usercode='" . $mdcode . "' WHERE user_id='" . $active["user_id"] . "'"); redirect("?error=send");