function deleteDucks() { //echo "delete the ducks!"; startSession(); unset($_SESSION['ducks']); feedback('Ducks deleted!'); }
function updateExecute() { global $config; if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) { $myID = (int) $_POST['AdminID']; #Convert to integer, will equate to zero if fails } else { feedback("AdminID not numeric", "warning"); myRedirect($config->adminReset); } if (!onlyAlphaNum($_POST['PWord1'])) { //data must be alphanumeric or punctuation only feedback("Data entered for password must be alphanumeric only"); myRedirect(THIS_PAGE); } $myConn = conn('', FALSE); $redirect = $config->adminReset; # global var used for following formReq redirection on failure $AdminID = formReq('AdminID'); # calls dbIn internally, to check form data $AdminPW = formReq('PWord1'); # SHA() is the MySQL function that encrypts the password $sql = sprintf("UPDATE " . PREFIX . "Admin set AdminPW=SHA('%s') WHERE AdminID=%d", $AdminPW, $AdminID); @mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR)); //feedback success or failure of insert if (mysql_affected_rows($myConn) > 0) { feedback("Password Successfully Reset!", "notice"); } else { feedback("Password NOT Reset! (or not changed from original value)"); } get_header(); echo ' <div align="center"><h3>Reset Administrator Password</h3></div> <div align="center"><a href="' . $config->adminReset . '">Reset More</a></div> <div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div> '; get_footer(); }
exit; } include HCLANG . '/admin/admin.php'; if (isset($_GET['msg'])) { switch ($_GET['msg']) { case "1": feedback(1, $hc_lang_admin['Feed03']); break; case "2": feedback(3, $hc_lang_admin['Feed04']); break; case "3": feedback(1, $hc_lang_admin['Feed05']); break; case "4": feedback(1, $hc_lang_admin['Feed06']); break; } } appInstructions(0, "Editing_Admin_Users", $hc_lang_admin['TitleBrowseA'], $hc_lang_admin['InstructBrowseA']); $result = doQuery("SELECT PkID, FirstName, LastName, Email, LastLogin FROM " . HC_TblPrefix . "admin WHERE IsActive = 1 AND SuperAdmin = 0 ORDER BY LastName, FirstName"); if (hasRows($result)) { echo ' <ul class="data"> <li class="row header uline"> <div style="width:30%;">' . $hc_lang_admin['Name'] . '</div> <div style="width:40%;">' . $hc_lang_admin['EmailLabel'] . '</div> <div style="width:20%;">' . $hc_lang_admin['Login'] . '</div> <div style="width:10%;"> </div> </li>'; $cnt = 0;
if (isset($_GET['msg'])) { switch ($_GET['msg']) { case "1": feedback(1, $hc_lang_settings['Feed04']); break; case "2": feedback(1, $hc_lang_settings['Feed06']); break; case "3": feedback(3, $hc_lang_settings['Feed07']); break; case "4": feedback(1, $hc_lang_settings['Feed08']); break; case "5": feedback(3, $hc_lang_settings['Feed09']); break; } } appInstructions(0, "APIs", $hc_lang_settings['TitleAPI'], $hc_lang_settings['InstructAPI']); $result = doQuery("SELECT SettingValue FROM " . HC_TblPrefix . "settings \r\n\t\t\t\t\tWHERE PkID IN (5,6,25,27,41,42,43,45,46,47,50,52,55,56,57,58,59,61,62,63,69,94,95,96,\r\n\t\t\t\t\t\t\t\t100,101,102,103,104,105,111,112,113,114,115,117,118,119,120,121,122,123,124,125)\r\n\t\t\t\t\tORDER BY PkID"); $eventbriteKeyA = cOut(mysql_result($result, 0, 0)); $eventbriteKeyU = cOut(mysql_result($result, 1, 0)); $disqusName = cOut(mysql_result($result, 2, 0)); $emapZoom = cOut(mysql_result($result, 3, 0)); $lmapZoom = cOut(mysql_result($result, 4, 0)); $locBrowse = cOut(mysql_result($result, 7, 0)); $twtrAToken = cOut(mysql_result($result, 8, 0)); $twtrASecret = cOut(mysql_result($result, 9, 0)); $quickLinks = explode(",", cOut(mysql_result($result, 10, 0))); $googMapURL = cOut(mysql_result($result, 11, 0));
$dropbox_file_data[] = $receivers_celldata; $last_upload_date = api_get_local_time($dropbox_file->last_upload_date); $dropbox_file_data[] = date_to_str_ago($last_upload_date) . '<br /><span class="dropbox_date">' . api_format_date($last_upload_date) . '</span>'; //$dropbox_file_data[] = $dropbox_file->author; $receivers_celldata = ''; $action_icons = check_number_feedback($dropbox_file->id, $number_feedback) . ' ' . get_lang('Feedback') . ' <a href="' . api_get_self() . '?' . api_get_cidreq() . '&view_received_category=' . $viewReceivedCategory . '&view_sent_category=' . $viewSentCategory . '&view=' . $view . '&action=viewfeedback&id=' . $dropbox_file->id . '&' . $sort_params . '">' . Display::return_icon('discuss.png', get_lang('Comment'), '', ICON_SIZE_SMALL) . '</a> <a href="' . api_get_self() . '?' . api_get_cidreq() . '&view_received_category=' . $viewReceivedCategory . '&view_sent_category=' . $viewSentCategory . '&view=' . $view . '&action=movesent&move_id=' . $dropbox_file->id . '&' . $sort_params . '">' . Display::return_icon('move.png', get_lang('Move'), '', ICON_SIZE_SMALL) . '</a> <a href="' . api_get_self() . '?' . api_get_cidreq() . '&view_received_category=' . $viewReceivedCategory . '&view_sent_category=' . $viewSentCategory . '&view=' . $view . '&action=deletesentfile&id=' . $dropbox_file->id . '&' . $sort_params . '" onclick="javascript: return confirmation(\'' . $dropbox_file->title . '\');">' . Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL) . '</a>'; // This is a hack to have an additional row in a sortable table if ($action == 'viewfeedback' && isset($_GET['id']) && is_numeric($_GET['id']) && $dropbox_file->id == $_GET['id']) { $action_icons .= "</td></tr>\n"; // ending the normal row of the sortable table $action_icons .= "<tr><td colspan=\"2\">"; $action_icons .= "<a href=\"index.php?" . api_get_cidreq() . "&view_received_category=" . $viewReceivedCategory . "&view_sent_category=" . $viewSentCategory . "&view=" . $view . '&' . $sort_params . "\">" . get_lang('CloseFeedback') . "</a>"; $action_icons .= "</td><td colspan=\"7\">" . feedback($dropbox_file->feedback2) . "</td></tr>"; } $dropbox_file_data[] = $action_icons; $dropbox_file_data[] = $last_upload_date; $dropbox_file_data[] = $file_size; $action_icons = ''; $dropbox_data_sent[] = $dropbox_file_data; } } // The content of the sortable table = the categories (if we are not in the root) if ($view_dropbox_category_sent == 0) { foreach ($dropbox_categories as $category) { $dropbox_category_data = array(); if ($category['sent'] == '1') { $dropbox_category_data[] = $category['cat_id']; // This is where the checkbox icon for the files appear.
++$bg; $marty->assign('darkBG', $bg % 2); switch ($val) { case 'N': $nam = new PName($key); $nam->display('pers_ldat.tpl'); unset($nam); break; case 'P': $pers = new Person($key); $pers->display('pers_ldat.tpl'); unset($pers); } } } else { feedback(102, 'hinw'); // kein Ergebnis } } break; // Ende --search-- // Ende --search-- case "Pick": $bg = 1; foreach (PName::listNames($_GET['C']) as $wert) { ++$bg; $marty->assign('darkBG', $bg % 2); $pers = new PName($wert); $pers->display('pers_ldat.tpl'); unset($pers); }
function insertExecute() { //$FirstName = strip_tags($_POST['FirstName']); //$LastName = strip_tags($_POST['LastName']); //$Email = strip_tags($_POST['Email']); $FirstName = $_POST['FirstName']; $LastName = $_POST['LastName']; $Email = $_POST['Email']; $db = pdo(); # pdo() creates and returns a PDO object //dumpDie($FirstName); //PDO Quote has some great stuff re: injection: //http://www.php.net/manual/en/pdo.quote.php //next check for specific issues with data /* if(!ctype_graph($_POST['FirstName'])|| !ctype_graph($_POST['LastName'])) {//data must be alphanumeric or punctuation only feedback("First and Last Name must contain letters, numbers or punctuation"); myRedirect(THIS_PAGE); } if(!onlyEmail($_POST['Email'])) {//data must be alphanumeric or punctuation only feedback("Data entered for email is not valid"); myRedirect(THIS_PAGE); } */ //build string for SQL insert with replacement vars, ? $sql = "INSERT INTO test_Customers (FirstName, LastName, Email) VALUES (?,?,?)"; $stmt = $db->prepare($sql); //INTEGER EXAMPLE $stmt->bindValue(1, $id, PDO::PARAM_INT); $stmt->bindValue(1, $FirstName, PDO::PARAM_STR); $stmt->bindValue(2, $LastName, PDO::PARAM_STR); $stmt->bindValue(3, $Email, PDO::PARAM_STR); try { $stmt->execute(); } catch (PDOException $ex) { trigger_error($ex->getMessage(), E_USER_ERROR); } #feedback success or failure of update if ($stmt->rowCount() > 0) { //success! provide feedback, chance to change another! feedback("Customer Added Successfully!", "success"); } else { //Problem! Provide feedback! feedback("Customer NOT added!", "warning"); } }
return true; } } //--> </script>'; } else { if (isset($_GET['msg'])) { switch ($_GET['msg']) { case "1": feedback(1, $hc_lang_news['Feed10']); break; case "2": feedback(1, $hc_lang_news['Feed11']); break; case "3": feedback(1, $hc_lang_news['Feed12']); break; } } appInstructions(0, "Subscriber_Groups", $hc_lang_news['TitleGroup'], $hc_lang_news['InstructGroup']); echo ' <a href="' . AdminRoot . '/index.php?com=subgrps&gID=0" class="add"><img src="' . AdminRoot . '/img/icons/add.png" width="16" height="16" alt="" />' . $hc_lang_news['NewGroup'] . '</a>'; $result = doQuery("SELECT PkID, Name, IsPublic,\r\n\t\t\t\t\t\t\t(SELECT COUNT(sg.UserID)\r\n\t\t\t\t\t\t\tFROM " . HC_TblPrefix . "subscribersgroups sg\r\n\t\t\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "subscribers s ON (sg.UserID = s.PkID)\r\n\t\t\t\t\t\t\tWHERE sg.GroupID = mg.PkID AND s.IsConfirm = 1) as GrpCnt,\r\n\t\t\t\t\t\t\t(SELECT COUNT(s.PkID)FROM " . HC_TblPrefix . "subscribers s WHERE s.IsConfirm = 1) as AllCnt\r\n\t\t\t\t\t\tFROM " . HC_TblPrefix . "mailgroups mg\r\n\t\t\t\t\t\tWHERE IsActive = 1 ORDER BY IsPublic, Name"); if (hasRows($result)) { echo ' <ul class="data"> <li class="row header uline"> <div style="width:50%;">' . $hc_lang_news['GroupNameLabel'] . '</div> <div style="width:20%;">' . $hc_lang_news['GroupStatusLabel'] . '</div> <div class="number" style="width:20%;">' . $hc_lang_news['GroupCountLabel'] . '</div> <div class="tools" style="width:10%;"> </div>
if (isset($_GET['s']) && $_GET['s'] != '') { $term = cIn(cleanQuotes(strip_tags($_GET['s']))); $save = '&s=' . $term; $queryS = " AND Name LIKE('%" . $term . "%')"; } $hc_Side[] = array(CalRoot . '/index.php?com=location', 'map.png', $hc_lang_locations['LinkMap'], 1); if (isset($_GET['msg'])) { switch ($_GET['msg']) { case "3": feedback(1, $hc_lang_locations['Feed03']); break; case "4": feedback(2, $hc_lang_locations['Feed04']); break; case "5": feedback(1, $hc_lang_locations['Feed05']); break; } } appInstructions(0, "Editing_Locations", $hc_lang_locations['TitleBrowse'], $hc_lang_locations['InstructBrowse']); $resultC = doQuery("SELECT COUNT(*) FROM " . HC_TblPrefix . "locations WHERE IsActive = 1 {$queryS}"); $pages = ceil(mysql_result($resultC, 0, 0) / $resLimit); if ($pages <= $resOffset && $pages > 0) { $resOffset = $pages - 1; } echo ' <fieldset style="border:0px;"> <label><b>' . $hc_lang_locations['ResPer'] . '</b></label> <span class="output">'; for ($x = 25; $x <= 100; $x = $x + 25) { echo $x > 25 ? ' | ' : '';
<?php /** * @package Helios Calendar * @license GNU General Public License version 2 or later; see LICENSE */ if (!defined('hcAdmin')) { header("HTTP/1.1 403 No Direct Access"); exit; } include HCLANG . '/admin/settings.php'; if (isset($_GET['msg'])) { switch ($_GET['msg']) { case "1": feedback(1, $hc_lang_settings['Feed03']); break; } } appInstructions(0, "Themes_Settings", $hc_lang_settings['TitleTheme'], $hc_lang_settings['InstructTheme']); $result = doQuery("SELECT SettingValue FROM " . HC_TblPrefix . "settings WHERE PkID IN (83,84,86) ORDER BY PkID"); $fullsite = cOut(mysql_result($result, 0, 0)); $mobile = cOut(mysql_result($result, 1, 0)); $agents = cOut(mysql_result($result, 2, 0)); $fullsiteOpts = $mobileOpts = ''; $themes = array(); if (file_exists(HCPATH . '/themes')) { $dir = dir(HCPATH . '/themes'); while (($file = $dir->read()) != false) { if (is_dir($dir->path . '/' . $file) && $file != "." && $file != "..") { $themes[] = $file; }
function sr_forms_news_signup() { global $hc_cfg, $hc_lang_config, $hc_lang_news, $hc_captchas, $hc_lang_core; if (isset($_GET['d'])) { $g = cIn(strip_tags($_GET['d'])); $result = doQuery("SELECT PkID FROM " . HC_TblPrefix . "subscribers WHERE GUID = '" . $g . "' AND GUID != '' AND IsConfirm = 1"); if (!hasRows($result)) { return 0; } echo ' <p>' . $hc_lang_news['DeleteNotice'] . '</p> <form name="frmEventNewsletter" id="frmEventNewsletter" method="post" action="' . CalRoot . '/news-edit.php"> <input name="dID" id="dID" type="hidden" value="' . $g . '" /> <div class="newsTools"><input type="submit" name="submit" id="submit" value="' . $hc_lang_news['CancelReg'] . '" /></div> </form>'; return 0; } $t = isset($_GET['t']) && is_numeric($_GET['t']) ? cIn(strip_tags($_GET['t'])) : 0; if (isset($hc_lang_news['ThankYou' . $t])) { echo $hc_lang_news['ThankYou' . $t]; return 0; } $submit = $hc_lang_news['SubmitReg']; $uID = $occupation = 0; $format = 2; $firstname = $lastname = $email = $zipcode = $birthyear = $gender = $refer = $yrOpts = ''; $query = NULL; $g = isset($_GET['u']) && $_GET['u'] != '' ? cIn(strip_tags($_GET['u'])) : ''; $result = doQuery("SELECT * FROM " . HC_TblPrefix . "subscribers WHERE GUID = '" . $g . "' AND GUID != '' AND IsConfirm = 1"); $notice = $hc_lang_news['SubInstruct']; if (hasRows($result)) { $notice = $hc_lang_news['SubInstruct2']; $submit = $hc_lang_news['UpdateReg']; $uID = mysql_result($result, 0, 0); $firstname = mysql_result($result, 0, 1); $lastname = mysql_result($result, 0, 2); $email = mysql_result($result, 0, 3); $occupation = mysql_result($result, 0, 4); $zipcode = mysql_result($result, 0, 5); $addedby = mysql_result($result, 0, 8); $birthyear = mysql_result($result, 0, 11); $gender = mysql_result($result, 0, 12); $refer = mysql_result($result, 0, 13); $format = mysql_result($result, 0, 14); $query = "SELECT c.PkID, c.CategoryName, c.ParentID, c.CategoryName as Sort, uc.UserID as Selected\r\n FROM " . HC_TblPrefix . "categories c\r\n LEFT JOIN " . HC_TblPrefix . "categories c2 ON (c.PkID = c2.PkID)\r\n LEFT JOIN " . HC_TblPrefix . "eventcategories ec ON (c.PkID = ec.CategoryID)\r\n LEFT JOIN " . HC_TblPrefix . "subscriberscategories uc ON (uc.CategoryID = c.PkID AND uc.UserID = '" . $uID . "')\r\n WHERE c.ParentID = 0 AND c.IsActive = 1\r\n GROUP BY c.PkID, c.CategoryName, c.ParentID, uc.UserID\r\n UNION\r\n SELECT c.PkID, c.CategoryName, c.ParentID, c2.CategoryName as Sort, uc.UserID as Selected\r\n FROM " . HC_TblPrefix . "categories c\r\n LEFT JOIN " . HC_TblPrefix . "categories c2 ON (c.ParentID = c2.PkID)\r\n LEFT JOIN " . HC_TblPrefix . "eventcategories ec ON (c.PkID = ec.CategoryID)\r\n LEFT JOIN " . HC_TblPrefix . "subscriberscategories uc ON (uc.CategoryID = c.PkID AND uc.UserID = '" . cIn($uID) . "')\r\n WHERE c.ParentID > 0 AND c.IsActive = 1\r\n GROUP BY c.PkID, c.CategoryName, c.ParentID, c2.CategoryName, uc.UserID\r\n ORDER BY Sort, ParentID, CategoryName"; } if (isset($_GET['msg'])) { switch ($_GET['msg']) { case "1": feedback(2, $hc_lang_news['Feed04']); break; } } $yearSU = date("Y") - 14; for ($x = 0; $x <= 80; $x++) { $yrOpts .= '<option' . ($yearSU == $birthyear ? ' selected="selected"' : '') . ' value="' . $yearSU . '">' . $yearSU . '</option>'; --$yearSU; } echo ' ' . $notice . ' <form name="frmEventNewsletter" id="frmEventNewsletter" method="post" action="' . CalRoot . '/news-signup.php" onsubmit="return validate();"> <input name="uID" id="uID" type="hidden" value="' . $uID . '" /> <input name="gID" id="gID" type="hidden" value="' . $g . '" />'; if ($hc_cfg[65] > 0 && in_array(4, $hc_captchas)) { echo ' <fieldset> <legend>' . $hc_lang_core['CapLegend'] . '</legend>'; buildCaptcha(); echo ' </fieldset>'; } echo ' <fieldset> <legend>' . $hc_lang_news['Subscriber'] . '</legend> <label for="hc_f1">' . $hc_lang_news['FName'] . '</label> <input name="hc_f1" id="hc_f1" type="text" size="20" maxlength="50" placeholder="' . $hc_lang_news['PlaceFName'] . '" value="' . $firstname . '" required="required" /> <label for="hc_f2">' . $hc_lang_news['LName'] . '</label> <input name="hc_f2" id="hc_f2" type="text" size="30" maxlength="50" placeholder="' . $hc_lang_news['PlaceLName'] . '" value="' . $lastname . '" required="required" /> <label for="hc_f3">' . $hc_lang_news['Email'] . '</label>' . ($email == '' ? '<input name="hc_f3" id="hc_f3" type="email" size="45" maxlength="75" placeholder="' . $hc_lang_news['PlaceEmail'] . '" value="' . $email . '" required="required" />' : ' <span class="output">' . $email . '</span> <input type="hidden" name="hc_f3" id="hc_f3" value="' . $email . '" />') . ' <label for="hc_fa">' . $hc_lang_news['Birth'] . '</label> <select name="hc_fa" id="hc_fa"> <option value="0">' . $hc_lang_news['Birth0'] . '</option> ' . $yrOpts . ' </select> <label for="occupation">' . $hc_lang_news['Occupation'] . '</label> '; include HCLANG . '/' . $hc_lang_config['OccupationFile']; echo ' <label for="hc_fb">' . $hc_lang_news['Gender'] . '</label> <select name="hc_fb" id="hc_fb"> <option value="0">' . $hc_lang_news['Gender0'] . '</option> <option' . ($gender == 1 ? ' selected="selected"' : '') . ' value="1">' . $hc_lang_news['GenderF'] . '</option> <option' . ($gender == 2 ? ' selected="selected"' : '') . ' value="2">' . $hc_lang_news['GenderM'] . '</option> </select> <label for="hc_fc">' . $hc_lang_news['Referral'] . '</label> <select name="hc_fc" id="hc_fc"> <option value="0">' . $hc_lang_news['Referral0'] . '</option> <option' . ($refer == 1 ? ' selected="selected"' : '') . ' value="1">' . $hc_lang_news['Referral1'] . '</option> <option' . ($refer == 2 ? ' selected="selected"' : '') . ' value="2">' . $hc_lang_news['Referral2'] . '</option> <option' . ($refer == 3 ? ' selected="selected"' : '') . ' value="3">' . $hc_lang_news['Referral3'] . '</option> <option' . ($refer == 4 ? ' selected="selected"' : '') . ' value="4">' . $hc_lang_news['Referral4'] . '</option> <option' . ($refer == 5 ? ' selected="selected"' : '') . ' value="5">' . $hc_lang_news['Referral5'] . '</option> <option' . ($refer == 6 ? ' selected="selected"' : '') . ' value="6">' . $hc_lang_news['Referral6'] . '</option> <option' . ($refer == 7 ? ' selected="selected"' : '') . ' value="7">' . $hc_lang_news['Referral7'] . '</option> </select> <label for="hc_f4">' . $hc_lang_news['Postal'] . '</label> <input name="hc_f4" id="hc_f4" type="text" size="12" maxlength="10" placeholder="' . $hc_lang_news['PlacePostal'] . '" value="' . $zipcode . '" /> </fieldset> <fieldset> <legend>' . $hc_lang_news['Subscription'] . '</legend> <label class="blank"> </label> <span class="output">' . $hc_lang_news['CategoriesLabel'] . '</span> <label>' . $hc_lang_news['Categories'] . '</label>'; sr_shared_getCategories('frmEventNewsletter', $hc_cfg['CatCols'], $query); echo ' <label for="format">' . $hc_lang_news['LinkFormat'] . '</label> <select name="format" id="format"> <option' . ($format == 0 ? ' selected="selected"' : '') . ' value="0">' . $hc_lang_news['LinkFormat0'] . '</option> <option' . ($format == 1 ? ' selected="selected"' : '') . ' value="1">' . $hc_lang_news['LinkFormat1'] . '</option> <option' . ($format == 2 ? ' selected="selected"' : '') . ' value="2">' . $hc_lang_news['LinkFormat2'] . '</option> </select> </fieldset>'; $result = doQuery("SELECT mg.PkID, mg.Name, mg.Description, sg.UserID\r\n FROM " . HC_TblPrefix . "mailgroups mg\r\n LEFT JOIN " . HC_TblPrefix . "subscribersgroups sg ON (mg.PkID = sg.GroupID AND sg.UserID = '" . $uID . "')\r\n WHERE mg.IsActive = 1 AND mg.PkID > 1 AND mg.IsPublic = 1\r\n ORDER BY Name"); if (hasRows($result)) { echo ' <fieldset class="frm_grp"> <legend>' . $hc_lang_news['GroupLabel'] . '</legend> <label for="grpID_1"><input disabled="disabled" checked="checked" name="grpID[]" id="grpID_1" type="checkbox" value="1" /><b>' . $hc_lang_news['GenericNews'] . '</b><p>' . $hc_lang_news['GenericNewsDesc'] . '</p></label>'; $cnt = 0; while ($row = mysql_fetch_row($result)) { $hl = $cnt % 2 == 0 ? ' class="hl"' : ''; echo ' <label for="grpID_' . $row[0] . '"' . $hl . '><input name="grpID[]" id="grpID_' . $row[0] . '" type="checkbox" value="' . $row[0] . '"' . ($row[3] == $uID && $uID > 0 ? ' checked="checked"' : '') . '/>' . cOut('<b>' . $row[1] . '</b><p>' . $row[2]) . '</p></label>'; ++$cnt; } echo ' </fieldset>'; } echo ' <div class="newsTools"><input type="submit" class="btn btn-primary" name="submit" id="submit" value="' . $submit . '" /></div> </form>'; }
/** * Output user account settings form. * @since 2.1.0 * @version 2.1.0 * @return void */ function user_manage_account() { global $hc_cfg, $hc_lang_user; if (!user_check_status()) { return -1; } $uID = cIn($_SESSION['UserPkID']); $result = doQuery("SELECT NetworkType, NetworkName, NetworkID, Email, FirstSignIn, Level, Location, Birthdate, APIKey, APIAccess\r\n\t\t\t\t\t\tFROM " . HC_TblPrefix . "users WHERE PkID = '" . $uID . "'"); if (!hasRows($result) or !user_check_status()) { return -1; } if (isset($_GET['msg'])) { switch ($_GET['msg']) { case "1": feedback(1, $hc_lang_user['Feed01']); break; } } $network = cOut(mysql_result($result, 0, 0)); $network_name = cOut(mysql_result($result, 0, 1)); $network_id = cOut(mysql_result($result, 0, 2)); $email = isset($_SESSION['new_user_email']) && $_SESSION['new_user_email'] != '' ? cIn(strip_tags($_SESSION['new_user_email'])) : cOut(mysql_result($result, 0, 3)); $signin_first = cOut(mysql_result($result, 0, 4)); $level = cOut(mysql_result($result, 0, 5)); $location = cOut(mysql_result($result, 0, 6)); $api_key = cOut(mysql_result($result, 0, 8)); $api_access = cOut(mysql_result($result, 0, 9)); $birthdate = isset($_SESSION['new_user_birthdate']) && $_SESSION['new_user_birthdate'] != '' ? cIn(strip_tags($_SESSION['new_user_birthdate'])) : stampToDate(mysql_result($result, 0, 7), $hc_cfg[24]); echo ' <form name="user_edit" id="user_edit" method="post" action="' . CalRoot . '/user-edit.php" onsubmit="return validate();"> <fieldset class="user"> <legend>' . $hc_lang_user['UserEditLabel'] . '</legend> <label>' . $hc_lang_user['Network'] . '</label> <span class="output">' . $hc_lang_user['Network' . $network] . '</span> <label>' . $hc_lang_user['Level'] . '</label> <span class="output">' . $hc_lang_user['Level' . $level] . '</span> <label>' . $hc_lang_user['Name'] . '</label> <span class="output">' . $network_name . '</span> <label for="email"><b>' . $hc_lang_user['Email'] . '</b></label> <input name="email" id="email" type="email" maxlength="75" size="35" value="' . $email . '" required="required" /> <label for="birthdate"><b>' . $hc_lang_user['Birthdate'] . '</b></label> <input name="birthdate" id="birthdate" type="text" size="12" maxlength="10" value="' . $birthdate . '" required="required" /> <a href="javascript:;" onclick="calx.select(document.getElementById(\'birthdate\'),\'cal1\',\'' . $hc_cfg[51] . '\');return false;" id="cal1" class="ds calendar" tabindex="-1"></a> <label for="user_loc">' . $hc_lang_user['Location'] . '</label> <input name="user_loc" id="user_loc" type="text" maxlength="250" size="50" value="' . $location . '" /> </fieldset>'; if ($hc_cfg[127] == 1) { echo ' <fieldset> <legend>' . $hc_lang_user['API'] . '</legend>'; echo $api_access == 1 && $email != '' && $birthdate != '' ? ' <label> </label> <span class="output">' . $hc_lang_user['APIHelp'] . '</span> <label>' . $hc_lang_user['APIEndpoint'] . '</label> <input size="50" maxlength="200" type="text" readonly="readonly" value="' . CalRoot . '/api/" onfocus="this.select();" /> <label>' . $hc_lang_user['Username'] . '</label> <input size="20" maxlength="200" type="text" readonly="readonly" value="' . $network_name . '" onfocus="this.select();" /> <label>' . $hc_lang_user['Key'] . '</label> <input size="45" maxlength="100" type="text" readonly="readonly" value="' . $api_key . '" onfocus="this.select();" /> <label> </label> <span class="frm_ctrls"> <label for="regen_apik"><input name="regen_apik" id="regen_apik" type="checkbox" onclick="" />' . $hc_lang_user['RegenKey'] . '</label> </span>' : ' <label> </label> <span class="output">' . $hc_lang_user['APIUnavailable'] . ($api_access == 1 ? ' ' . $hc_lang_user['ActivateAPI'] : '') . '</span>'; echo ' </fieldset>'; } echo ' <input type="submit" name="submit" id="submit" value="' . $hc_lang_user['Save'] . '" /> <input type="reset" name="reset" id="reset" value="' . $hc_lang_user['Reset'] . '" /> <input type="hidden" name="uID" id="uID" value="' . $uID . '" /> </form> <div id="dsCal" class="datePicker"></div> <script src="' . CalRoot . '/inc/javascript/validation.js"></script> <script src="' . CalRoot . '/inc/lang/' . $_SESSION['LangSet'] . '/popCal.js"></script> <script src="' . CalRoot . '/inc/javascript/DateSelect.js"></script> <script> //<!-- var calx = new CalendarPopup("dsCal"); calx.showYearNavigation(); calx.showYearNavigationInput(); calx.setCssPrefix("hc_"); calx.offsetX = 30; calx.offsetY = -5; function validate(){ var err = ""; err += reqField(document.getElementById("email"),"' . $hc_lang_user['Valid14'] . '\\n"); if(document.getElementById("email").value != "") err +=validEmail(document.getElementById("email"),"' . $hc_lang_user['Valid10'] . '\\n"); err += reqField(document.getElementById("birthdate"),"' . $hc_lang_user['Valid13'] . '\\n"); if(document.getElementById("birthdate").value != ""){ err += validDate(document.getElementById("birthdate"),"' . $hc_cfg[51] . '","' . $hc_lang_user['Valid11'] . ' ' . strtoupper($hc_cfg[51]) . '\\n"); err += validDateBefore(document.getElementById("birthdate").value,"' . strftime($hc_cfg[24], strtotime("-13 years")) . '","' . $hc_cfg[51] . '","' . $hc_lang_user['Valid12'] . '"); } if(err != ""){ alert(err); return false; } else { return true; } } //--> </script>'; }
header('Location:' . ADMIN_PATH . 'admin_login.php'); } else { if (!isset($access) || $access == "") { $access = "admin"; } //empty becomes admin $access = strtolower($access); //in case of typo switch ($access) { case "admin": break; case "superadmin": # not developer/superadmin, back to admin page if ($_SESSION['Privilege'] != "developer" && $_SESSION['Privilege'] != "superadmin") { feedback("Your admin privileges do not allow access to the previous page."); header('Location:' . ADMIN_PATH . 'admin_dashboard.php'); die; } break; case "developer": //highest level. all access! # not developer to admin page if ($_SESSION['Privilege'] != "developer") { feedback("Your admin privileges do not allow access to the previous page."); header('Location:' . ADMIN_PATH . 'admin_dashboard.php'); die; } break; break; } }
\t\t\t<input type="submit" class="btn btn-primary" value="Confirm & Send →" name="post" /> \t\t\t</form> \t\t</div> \t\t<br> \t</div> </div> feedback; echo "<div class='span3'>"; go_home(); sidepanel(); echo "</div></div>"; display_footer(); echo "\n</body>\n</html>"; } } feedback("Attendance Portal - Feedback"); if (isset($_POST['post'])) { include 'config/db.php'; include 'config/settings.php'; $dbname = $branchyear . '_Logs'; $table = $branchyear . '_Feedback'; $ftype = $_POST['ftype']; $Sentby = $_SESSION['UserId']; $sub = trim(htmlentities(addslashes($_POST['sub']))); //$feedback = trim(htmlentities(addslashes($_POST['fb']))); //$feedback = trim(htmlentities(addslashes(str_replace("\n","<br>",$_POST['fb'])))); $feedback = trim(str_replace("\n", "<br>", $_POST['fb'])); if (strlen($sub) < 6) { echo "<script>show_error('Subject Length Must Be Lessthan or equals to 6');</script>"; exit; }
function insertExecute() { $iConn = IDB::conn(); //must have DB as variable to pass to mysqli_real_escape() via iformReq() $redirect = THIS_PAGE; //global var used for following formReq redirection on failure $FirstName = strip_tags(iformReq('FirstName', $iConn)); $LastName = strip_tags(iformReq('LastName', $iConn)); $Email = strip_tags(iformReq('Email', $iConn)); //next check for specific issues with data if (!ctype_graph($_POST['FirstName']) || !ctype_graph($_POST['LastName'])) { //data must be alphanumeric or punctuation only feedback("First and Last Name must contain letters, numbers or punctuation"); myRedirect(THIS_PAGE); } if (!onlyEmail($_POST['Email'])) { //data must be alphanumeric or punctuation only feedback("Data entered for email is not valid"); myRedirect(THIS_PAGE); } //build string for SQL insert with replacement vars, %s for string, %d for digits $sql = "INSERT INTO test_Customers (FirstName, LastName, Email) VALUES ('%s','%s','%s')"; # sprintf() allows us to filter (parameterize) form data $sql = sprintf($sql, $FirstName, $LastName, $Email); @mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR)); #feedback success or failure of update if (mysqli_affected_rows($iConn) > 0) { //success! provide feedback, chance to change another! feedback("Customer Added Successfully!", "notice"); } else { //Problem! Provide feedback! feedback("Customer NOT added!"); } myRedirect(THIS_PAGE); }
<label> <input checked="checked" data-val="true" data-val-required="The AlertOptIn field is required." id="AlertOptIn" name="AlertOptIn" type="checkbox" value="true"><input name="AlertOptIn" type="hidden" value="false"> Я хочу получать на почту похожие объявления </label> </div> </div> --> <div class="clearfix"></div> <div class="text-center"> <button class="df_btn_spinner btn btn-lg btn-primary" id="submit-request-button" title="Отправить"> <span class="df_spinnerText"> Отправить </span> <i class="fa fa-lg fa-spinner fa-pulse df_spinner"></i></button> <div class="clearfix"></div> <!-- <p>Отправляя это сообщение, вы принимаете условия <a href="/polzovatelskoe-soglashenie" class = "sertext" target="_blank">Пользовательского соглашения</a></p> --> <?php feedback(); ?> </div> </form> </div> </div> </div> <?php get_related_posts_thumbnails(); ?> <?php comments_template();
<?php /** * @package Helios Calendar * @license GNU General Public License version 2 or later; see LICENSE */ if (!defined('hcAdmin')) { header("HTTP/1.1 403 No Direct Access"); exit; } include HCLANG . '/admin/pages.php'; if (isset($_GET['msg'])) { switch ($_GET['msg']) { case "1": feedback(1, $hc_lang_pages['Feed01']); break; } } appInstructions(0, "Digest", $hc_lang_pages['TitleDigest'], $hc_lang_pages['InstructDigest']); $aID = isset($_GET['aID']) && is_numeric($_GET['aID']) ? cIn($_GET['aID']) : 0; $result = doQuery("SELECT * FROM " . HC_TblPrefix . "settings WHERE PkID IN (97,98,99)"); $status = 0; $newFor = 1; $welcomeMsg = ''; if (hasRows($result)) { $status = cOut(mysql_result($result, 0, 1)); $welcomeMsg = cOut(mysql_result($result, 1, 1)); $newFor = cOut(mysql_result($result, 2, 1)); } echo ' <form name="frmDigest" id="frmDigest" method="post" action="' . AdminRoot . '/components/DigestAction.php" onsubmit="return validate();">';
/** * handles POST data and formulates email response. * * @param string $skipFields comma separated string of POST elements to be skipped * @param boolean $sendEmail indicates whether developer wants email sent or not * @param string $fromAddress fallback 'noreply' address for domain hosting page * @param string $toAddress address to receive email * @param string $website name of website where form was filled out * @param string $fromDomain name of website where form was filled out * @return none * @uses show_POST() * @todo none */ function handle_POST($skipFields, $sendEmail, $toName, $fromAddress, $toAddress, $website, $fromDomain) { $aSkip = explode(",", $skipFields); #split form elements to skip into array $postData = show_POST($aSkip); #loops through and creates select POST data for display/email $fromAddress = ""; //default if (is_email($_POST['Email'])) { #Only use Email for return address if valid $fromAddress = $_POST['Email']; # extra email injector paranoia courtesy of DH: http://wiki.dreamhost.com/PHP_mail()#Mail_Header_Injection $fromAddress = preg_replace("([\r\n])", "", $fromAddress); } if ($sendEmail) { #create email if (isset($_POST['Name'])) { $Name = $_POST['Name']; } else { $Name = ""; } #Name, if used part of subject foreach ($_POST as $value) { #Content-Type: is too similar to email injection to allow $spaceless = str_replace(" ", "", $value); #in case hacker is clever enough to remove spaces if (stripos($spaceless, 'Content-Type:') !== FALSE) { feedback("Incorrect form data. Email NOT sent. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); myRedirect(THIS_PAGE); } } $Name = safe($Name); #Name is part of Subject/header - filter code further for email injection if ($Name != "") { $SubjectName = " from: " . $Name . ","; } else { $SubjectName = ""; } #Name, if used part of subject $postData = str_replace("<br />", PHP_EOL . PHP_EOL, $postData); #replace <br /> tags with double c/r $Subject = $website . " message" . $SubjectName . " " . date('F j, Y g:i a'); $txt = $Subject . PHP_EOL . PHP_EOL . $postData; email_handler($toAddress, $toName, $Subject, $txt, $fromAddress, $Name, $website, $fromDomain); } else { //print data only print "Data printed only. Email <b>not</b> sent!<br />"; echo $postData; #Shows select POST data echo '<a href="' . THIS_PAGE . '">Reset Form</a><br />'; } }
/** * @package Helios Calendar * @license GNU General Public License version 2 or later; see LICENSE */ if (!defined('hcAdmin')) { header("HTTP/1.1 403 No Direct Access"); exit; } include HCLANG . '/admin/tools.php'; if (isset($_GET['msg'])) { switch ($_GET['msg']) { case "1": feedback(1, $hc_lang_tools['Feed02']); break; case "2": feedback(2, $hc_lang_tools['Feed01']); break; } } appInstructions(0, "Event_Import", $hc_lang_tools['TitleImport'], $hc_lang_tools['InstructImport']); $token = set_form_token(1); $hc_Side[] = array(AdminRoot . '/components/ToolImportAction.php?samp=1&tkn=' . $token, 'download_csv.png', $hc_lang_tools['LinkTemplate'], 0); echo ' <form name="frmEventImport" id="frmEventImport" method="post" action="' . AdminRoot . '/components/ToolImportAction.php" onsubmit="return validate();"> <input type="hidden" name="token" id="token" value="' . $token . '" /> <fieldset> <legend>' . $hc_lang_tools['ImportLabel'] . '</legend> <label for="impType">' . $hc_lang_tools['Import'] . '</label> <select name="impType" id="impType" onchange="toggleMe(document.getElementById(\'csv\'));"> <option value="0">' . $hc_lang_tools['Import0'] . '</option> <option value="1">' . $hc_lang_tools['Import1'] . '</option>
<?php /** * admin_logout.php destroys session so administrators can logout * * Clears session data, forwards user to admin login page upon successful logout * * @package nmCommon * @author Blake Schwartz * @version 2.09x 2015 * @link http://www.newmanix.com/ * @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0 * @see admin_login.php * @todo none */ require '../inc_0700/config_inc.php'; #provides configuration, pathing, error handling, db credentials startSession(); //wrapper for session_start() $_SESSION = array(); # Setting a session to an empty array safely clears all data //session_destroy();# can't destroy session as will disable feedback - instead do it on login form! feedback("Logout Successful!", "notice"); $_SESSION['red'] = THIS_PAGE; myRedirect($config->adminLogin); # redirect for successful logout
function updateExecute() { global $config; $myConn = conn('', FALSE); # MUST precede formReq() function, which uses active connection to parse data $redirect = $config->adminEdit; # global var used for following formReq redirection on failure $FirstName = formReq('FirstName'); # formReq calls dbIn() internally, to check form data $LastName = formReq('LastName'); $Email = strtolower(formReq('Email')); $Privilege = formReq('Privilege'); $AdminID = formReq('AdminID'); #check for duplicate email $sql = sprintf("select AdminID from " . PREFIX . "Admin WHERE (Email='%s') and AdminID != %d", $Email, $AdminID); $result = mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR)); if (mysql_num_rows($result) > 0) { # someone already has email! feedback("Email already exists - please choose a different email."); myRedirect($config->adminEdit); # duplicate email } #sprintf() function allows us to filter data by type while inserting DB values. Illegal data is neutralized, ie: numerics become zero $sql = sprintf("UPDATE " . PREFIX . "Admin set FirstName='%s',LastName='%s',Email='%s',Privilege='%s' WHERE AdminID=%d", $FirstName, $LastName, $Email, $Privilege, (int) $AdminID); mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR)); //feedback success or failure of insert if (mysql_affected_rows($myConn) > 0) { $msg = "Admin Updated!"; feedback("Successfully Updated!", "notice"); if ($_SESSION["AdminID"] == $AdminID) { #this is me! update current session info: $_SESSION["Privilege"] = $Privilege; $_SESSION["FirstName"] = $FirstName; } } else { feedback("Data NOT Updated! (or not changed from original values)"); } get_header(); echo ' <div align="center"><h3>Edit Administrator</h3></div> <div align="center"><a href="' . $config->adminEdit . '">Edit More</a></div> <div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div> '; get_footer(); }
<?php /** * @package Helios Calendar * @license GNU General Public License version 2 or later; see LICENSE */ if (!defined('hcAdmin')) { header("HTTP/1.1 403 No Direct Access"); exit; } include HCLANG . '/admin/reports.php'; if (isset($_GET['msg'])) { switch ($_GET['msg']) { case "1": feedback(1, $hc_lang_reports['Feed02']); break; } } appInstructions(0, "Reports", $hc_lang_reports['TitleFail'], $hc_lang_reports['InstructFail']); $result = doQuery("SELECT a.PkID, a.FirstName, a.LastName, a.Email, alh.IP, alh.`Client`, alh.LoginTime, alh.PkID\r\n\t\t\t\t\tFROM " . HC_TblPrefix . "adminloginhistory alh\r\n\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "admin a ON (a.PkID = alh.AdminID)\r\n\t\t\t\t\tWHERE alh.IsFail = 1 AND a.SuperAdmin = 0\r\n\t\t\t\t\tORDER BY LoginTime DESC LIMIT 200"); if (hasRows($result)) { echo ' <ul class="data"> <li class="row header uline"> <div class="txt" style="width:25%;"> </div> <div style="width:15%;">' . $hc_lang_reports['IP'] . '</div> <div style="width:20%;">' . $hc_lang_reports['Date'] . '</div> <div class="txt" style="width:30%">' . $hc_lang_reports['User'] . '</div> <div class="tools" style="width:10%;"> </div> </li> </ul>
function updateExecute() { if (!is_numeric($_POST['CustomerID'])) { //data must be alphanumeric only feedback("id passed was not a number. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); myRedirect(THIS_PAGE); } $iConn = IDB::conn(); //must have DB as variable to pass to mysqli_real_escape() via iformReq() $redirect = THIS_PAGE; //global var used for following formReq redirection on failure $CustomerID = iformReq('CustomerID', $iConn); //calls mysqli_real_escape() internally, to check form data $FirstName = strip_tags(iformReq('FirstName', $iConn)); $LastName = strip_tags(iformReq('LastName', $iConn)); $Email = strip_tags(iformReq('Email', $iConn)); //next check for specific issues with data if (!ctype_graph($_POST['FirstName']) || !ctype_graph($_POST['LastName'])) { //data must be alphanumeric or punctuation only feedback("First and Last Name must contain letters, numbers or punctuation", "warning"); myRedirect(THIS_PAGE); } if (!onlyEmail($_POST['Email'])) { //data must be alphanumeric or punctuation only feedback("Data entered for email is not valid", "warning"); myRedirect(THIS_PAGE); } //build string for SQL insert with replacement vars, %s for string, %d for digits $sql = "UPDATE test_Customers set \n FirstName='%s',\n LastName='%s',\n Email='%s'\n WHERE CustomerID=%d"; # sprintf() allows us to filter (parameterize) form data $sql = sprintf($sql, $FirstName, $LastName, $Email, (int) $CustomerID); @mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR)); #feedback success or failure of update if (mysqli_affected_rows($iConn) > 0) { //success! provide feedback, chance to change another! feedback("Data Updated Successfully!", "success"); } else { //Problem! Provide feedback! feedback("Data NOT changed!", "warning"); } myRedirect(THIS_PAGE); }
*/ if (!defined('hcAdmin')) { header("HTTP/1.1 403 No Direct Access"); exit; } include HCLANG . '/admin/register.php'; $rID = isset($_GET['rID']) && is_numeric($_GET['rID']) ? cIn(strip_tags($_GET['rID'])) : 0; $eID = isset($_GET['eID']) && is_numeric($_GET['eID']) ? cIn(strip_tags($_GET['eID'])) : 0; $instTitle = $hc_lang_register['TitleRegisterA']; $instText = $hc_lang_register['InstructRegisterA']; $name = $email = $phone = $address = $address2 = $city = $postal = ''; $state = $hc_cfg[21]; if (isset($_GET['msg'])) { switch ($_GET['msg']) { case "1": feedback(2, $hc_lang_register['Feed01']); break; } } $result = doQuery("SELECT * FROM " . HC_TblPrefix . "registrants WHERE PkID = '" . $rID . "'"); if (hasRows($result)) { $instTitle = $hc_lang_register['TitleRegisterE']; $instText = $hc_lang_register['InstructRegisterE']; $name = mysql_result($result, 0, 1); $email = mysql_result($result, 0, 2); $phone = mysql_result($result, 0, 3); $address = mysql_result($result, 0, 4); $address2 = mysql_result($result, 0, 5); $city = mysql_result($result, 0, 6); $state = mysql_result($result, 0, 7); $postal = mysql_result($result, 0, 8);
<?php /** * @package Helios Calendar * @license GNU General Public License version 2 or later; see LICENSE */ if (!defined('hcAdmin')) { header("HTTP/1.1 403 No Direct Access"); exit; } include HCLANG . '/admin/manage.php'; if (isset($_GET['msg'])) { switch ($_GET['msg']) { case "1": feedback(1, $hc_lang_manage['Feed01']); break; } } appInstructions(0, "Billboard_Events", $hc_lang_manage['TitleBillboard'], $hc_lang_manage['InstructBillboard']); $result = doQuery("SELECT PkID, Title, StartDate, Views FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND IsBillboard = 1 AND StartDate >= '" . cIn(SYSDATE) . "' ORDER BY StartDate, Views DESC"); if (hasRows($result)) { echo ' <ul class="data"> <li class="row header uline"> <div style="width:68%;">' . $hc_lang_manage['Title'] . '</div> <div style="width:10%;">' . $hc_lang_manage['Date'] . '</div> <div class="number" style="width:10%;">' . $hc_lang_manage['Views'] . '</div> <div style="width:10%;"> </div> </li> </ul> <ul class="data">
/** * @package Helios Calendar * @license GNU General Public License version 2 or later; see LICENSE */ if (!defined('hcAdmin')) { header("HTTP/1.1 403 No Direct Access"); exit; } include HCLANG . '/admin/admin.php'; if (isset($_GET['msg'])) { switch ($_GET['msg']) { case "1": feedback(2, $hc_lang_admin['Feed01']); break; case "2": feedback(3, $hc_lang_admin['Feed02']); break; } } $aID = isset($_GET['aID']) && is_numeric($_GET['aID']) ? cIn($_GET['aID']) : 0; $result = doQuery("SELECT a.PkID, a.FirstName, a.LastName, a.Email, a.LoginCnt, a.LastLogin, a.PAge,\r\n\t\t\t\t\tap.EventEdit, ap.EventPending, ap.EventCategory, ap.UserEdit, ap.AdminEdit, ap.Newsletter, ap.Settings, ap.Tools, ap.Reports, ap.Locations, ap.Pages,\r\n\t\t\t\t\t(SELECT GROUP_CONCAT(TypeID) FROM " . HC_TblPrefix . "adminnotices an WHERE an.AdminID = '" . $aID . "') as Notices,\r\n\t\t\t\t\t(SELECT COUNT(*) FROM " . HC_TblPrefix . "adminloginhistory WHERE AdminID = '" . $aID . "' AND LoginTime > subdate(NOW(), INTERVAL 24 HOUR) AND IsFail = 1) as Fails\r\n\t\t\t\t\tFROM " . HC_TblPrefix . "admin a\r\n\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "adminpermissions ap ON (a.PkID = ap.AdminID)\r\n\t\t\t\t\tWHERE a.PkID = '" . $aID . "' AND a.IsActive = 1 AND ap.IsActive = 1 AND a.SuperAdmin = 0\r\n\t\t\t\t\tORDER BY LastName, FirstName"); $oldEmail = $firstname = $lastname = $email = $login_history = $active = ''; $editEvent = $eventPending = $eventCategory = $userEdit = $adminEdit = $newsletter = $settings = $tools = $reports = $locEdit = $pages = 0; $notices = array(); if (hasRows($result)) { appInstructions(0, "Editing_Admin_Users", $hc_lang_admin['TitleEditA'], $hc_lang_admin['InstructEditA']); $firstname = cOut(mysql_result($result, 0, 1)); $lastname = cOut(mysql_result($result, 0, 2)); $email = cOut(mysql_result($result, 0, 3)); $oldEmail = cOut(mysql_result($result, 0, 3)); $logins = mysql_result($result, 0, 4);
function showName() { #form submits here we show entered name get_header(); #defaults to footer_inc.php if (!isset($_POST['YourName']) || $_POST['YourName'] == '') { //data must be sent feedback("No form data submitted"); #will feedback to submitting page via session variable myRedirect(THIS_PAGE); } if (!ctype_alnum($_POST['YourName'])) { //data must be alphanumeric only feedback("Only letters and numbers are allowed. Please re-enter your name."); #will feedback to submitting page via session variable myRedirect(THIS_PAGE); } $myName = strip_tags($_POST['YourName']); # here's where we can strip out unwanted data echo '<h3 align="center">' . smartTitle() . '</h3>'; echo '<p align="center">Your name is <b>' . $myName . '</b>!</p>'; echo '<p align="center"><a href="' . THIS_PAGE . '">RESET</a></p>'; get_footer(); #defaults to footer_inc.php }
$stmt = $db->prepare($sql); $stmt->bindValue(1, $NumLogins, PDO::PARAM_INT); $stmt->bindValue(2, $AdminID, PDO::PARAM_INT); try { $stmt->execute(); } catch (PDOException $ex) { trigger_error($ex->getMessage(), E_USER_ERROR); } feedback("Login Successful!", "notice"); if (isset($_SESSION['red']) && $_SESSION['red'] != "") { #check to see if we'll be redirecting to a requesting page $red = $_SESSION['red']; #redirect back to original page $_SESSION['red'] == ''; #clear session var myRedirect($red); } else { myRedirect($config->adminDashboard); # successful login! Redirect to admin page } } else { # failed login, redirect feedback("Login and/or Password are incorrect.", "warning"); myRedirect($config->adminLogin); } unset($result, $db); //clear resources } else { feedback("Required data not sent. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); myRedirect($config->adminLogin); }
if ($from['id'] == administrator_id) { global $questionlist; $questions = file_get_contents('quiz'); $questions .= "\n" . file_get_contents('quiz2'); $questionlist = explode("\n", trim($questions)); } break; default: if (mb_stripos($text, '/ban', 0, 'UTF-8') !== FALSE && $from['id'] == administrator_id) { ban(mb_substr($text, 5, mb_strlen($text, 'UTF-8'), 'UTF-8')); } else { if (mb_stripos($text, '/unban', 0, 'UTF-8') !== FALSE && $from['id'] == administrator_id) { unban(mb_substr($text, 7, mb_strlen($text, 'UTF-8'), 'UTF-8')); } else { if (mb_stripos($text, '/feedback', 0, 'UTF-8') !== FALSE) { feedback($from['id'], mb_substr($text, 10, mb_strlen($text, 'UTF-8'), 'UTF-8')); } else { message($from['id'], $text); } } } break; } } } } process(); flushlog(); usleep(500000); } function feedback($userid, $text)
/** * mysqli version of formReq() * * Requires data submitted as isset() and passes data to * idbIn() which processes per MySQL standards, adding slashes and * attempting to prevent SQL injection. * * Upon failure, user is forcibly redirected to global variable, * $redirect, which is applied just before checking a series of form values. * * mysqli version requires explicit connection, $myConn * *<code> * $iConn = conn("admin",TRUE); //mysqli connection * $myVar = iformReq($_POST['myVar'],$iConn); * $otherVar = iformReq($_POST['otherVar'],$iConn); *</code> * * @uses idbIn() * @see formReq() * @param string $var data as entered by user * @param object $myConn active mysqli DB connection, passed by reference. * @return string returns data filtered by MySQL, adding slashes, etc. * @todo none */ function iformReq($var, &$iConn) { /** * $redirect stores page to redirect user to upon failure * These variables are declared in the page, just before the form fields are tested. * * @global string $redirect */ global $redirect; if (!isset($_POST[$var])) { feedback("Required Form Data Not Passed", "error"); if (!isset($redirect) || $redirect == "") { //if no redirect indicated, use the current page! myRedirect(THIS_PAGE); } else { myRedirect($redirect); } } else { return idbIn($_POST[$var], $iConn); } }