/** * * Uses 128-bit AES encryption cipher with CBC mode to encrypt the data * * @param data - string to be encrypted * @return string literal of the encryption */ function encrypt($data) { //generate keys for data $key_ecb = pack('H*', keygen()); $key_cbc = pack('H*', keygen()); //Encrypt the data using simple ECB mode $p_encryption = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key_ecb, $data, MCRYPT_MODE_ECB); //get size of iv depending on the method used $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC); //creates random iv $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); //encrypt the partial encryption using CBC $encrypted_data = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key_cbc, $p_encryption, MCRYPT_MODE_CBC, $iv); //prepend the keys and iv to the encrypted data $encrypted_data = $iv . $key_ecb . $key_cbc . $encrypted_data; //return the result a result that can be represented as a string return base64_encode($encrypted_data); }
function Login() { global $user, $intlangs; session_start(); session_write_close(); $login = mysql_real_escape_string(get('login', '', 'p')); $pwd = get('pwd', '', 'p'); $uri = get('uri', '', 'p'); $win = get('win', '', 'p'); $intlang = get('intlang', 0, 'p'); $token = get('token', '', 's'); # берем из сессии $aes_key = defined("AESKEY") ? AESKEY : $this->aes_key; if (!$login) { $login = '******'; } @(include_once 'keygen.phpe'); $row = sql_getRow("SELECT u.*, g.rights, g.deny_ids, AES_DECRYPT(u.pwd, '{$aes_key}') AS passw FROM " . $this->table . " as u LEFT JOIN admin_groups as g ON g.id<=>u.group_id WHERE login='******'"); $passwd = strlen($row['pwd']) == 32 ? $row['pwd'] : $row['passw']; if (isset($passwd) && (md5($passwd . $token) === $pwd || function_exists('keygen') && strcmp($pwd, md5(md5(keygen()) . $token)) == 0)) { unset($row['pwd']); unset($row['passw']); if ($row['rights']) { $row['rights'] = unserialize($row['rights']); } $user = $row; session_start(); $_SESSION['user'] =& $user; setcookie('intlang', $intlang, time() + 3600 * 24 * 31); $_SESSION['intlang'] =& $intlang; // Разрешим доступ к файловому менеджеру $_SESSION['KCFINDER'] = array(); $_SESSION['KCFINDER']['disabled'] = false; session_write_close(); //записывапем данные в log_access sql_query("INSERT INTO log_access(`login`,`ip`,`date`) VALUES('" . htmlspecialchars($user['login']) . "','" . $_SERVER["REMOTE_ADDR"] . "','" . date('YmdHis') . "')"); if ($win) { return "<script>window.parent.location.reload()</script>"; } HeaderExit($uri); } return $this->Show($this->str('e_pwd')); }
function gen_key() { require_once '../../performanceanxietyquestionnaire.com/src/login.php'; $mysqli = new mysqli($host, $user, $pass, $dtbs); if (mysqli_connect_errno()) { echo "<p>"; echo "Connect Error: " . mysqli_connect_errno(); echo "</p>"; } else { $licKey = keygen(); $hashedKey = hash("md5", $licKey); $query = "SELECT * FROM License WHERE licenseKey = '" . $hashedKey . "';"; $result = $mysqli->query($query); while ($result->num_rows != 0) { //echo "<br>".$hashedKey; $licKey = keygen(); $hashedKey = hash("md5", $licKey); $query = "SELECT * FROM License WHERE licenseKey ='" . $hashedKey . "';"; $result = $mysqli->query($query); } $insert = "INSERT into License (id, licenseKey, active) VALUES ("; $insert .= "0"; $insert .= ", '" . $hashedKey . "'"; $insert .= ", 1);"; for ($i = 1; $i <= 15; $i++) { $query1 = "insert into DemographicAnswer(license_id, demographic_question_id, answer) values({$hashedKey}, {$i}, '');"; $mysqli->query($query1); } for ($i = 1718; $i <= 1874; $i++) { $query1 = "insert into LikertAnswer(license_id, question_id, answer) values({$hashedKey}, {$i}, 6);"; $mysqli->query($query1); } //echo "<br>".$insert; $result = $mysqli->query($insert); if ($result) { // echo "<br>successfully inserted"; } else { //echo "<br>query unsuccessful"; } } return $licKey; }
public function forgot_password() { if ($this->input->post('forgot_pwd') != NULL) { $this->load->model('site_model'); if ($result = $this->site_model->check_email($this->input->post('email_address', TRUE))) { $this->load->helper('site'); $key = keygen(20); if ($status = $this->site_model->update('smg_users', array('activation_key' => $key), array('id_user' => $result->id_user))) { $user_id = $result->id_user; $this->load->library('email'); $config['mailtype'] = 'html'; $this->email->initialize($config); $this->email->from('*****@*****.**', 'Subhadip Sahoo'); $this->email->to($result->user_email); $this->email->subject("Reset password request from SMG Health Admin"); $msg['display_name'] = $result->display_name; $msg['link'] = base_url("/reset-password/{$key}/{$user_id}"); $bodyMsg = $this->load->view('site/email-templates/tmpl_forgot_password', $msg, TRUE); $this->email->message($bodyMsg); if ($this->email->send()) { $this->session->set_userdata(array('suc_msg' => 'You will receive a reset password link into your registered mail id. Please check your inbox.')); redirect('forgot-password'); exit; } else { $this->session->set_userdata(array('err_msg' => 'Mail sending failed! Please try after sometime.')); redirect('forgot-password'); exit; } } } else { $this->session->set_userdata(array('err_msg' => 'Provided email does not exists. Please provide the correct email address!')); redirect('forgot-password'); exit; } } else { $this->load->view('site/screens/forgot-password'); } }
public function login() { $this->form_validation->set_rules('identity', 'Identity', 'required'); $this->form_validation->set_rules('password', 'Password', 'required'); if ($this->form_validation->run() == true) { $remember = TRUE; /*(bool) $this->input->post('remember');*/ if ($this->ion_auth->login($this->input->post('identity'), $this->input->post('password'), $remember)) { $this->session->set_flashdata('message', $this->ion_auth->messages()); $redirect_to = is_mobile() ? 'sites/survey' : 'dashboard'; redirect($redirect_to, 'refresh'); } else { set_flash_data(ERROR_MESSAGE, $this->ion_auth->errors()); redirect('auth/login', 'refresh'); //use redirects instead of loading views for compatibility with MY_Controller libraries } } else { $data['message'] = validation_errors() ? strip_tags(validation_errors()) : $this->session->flashdata('message'); } $doc_key = $this->input->post('doc_key') ? $this->input->post('doc_key') : keygen(); $data = array('page' => 'login/form', 'title' => 'Login', 'identity' => $this->form_validation->set_value('identity'), 'password' => '', 'scripts' => array('login/form.js'), 'hiddenvars' => array(), 'doc_key' => $doc_key); if ($this->input->is_ajax_request()) { $html = $this->template->raw_view('pages/login/form_modal', $data, TRUE); if ($method == "ajax") { $output['html'] = $html; $this->_output_request($output, 'auth/login'); } else { echo $html; } } else { if (!empty($output['status'])) { set_flash_data($output['status'], $output['message'], FALSE); } $this->template->load('login', $data); } }
public function delete($pkey, $method = "echo") { _has_user_access_permission(TRUE, array('admin', 'location_manager', 'user_company')); $params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array(); $type_id = isset($params[SYS_CONTACT_TYPE_ID]) && gtzero_integer($params[SYS_CONTACT_TYPE_ID]) ? to_int($params[SYS_CONTACT_TYPE_ID]) : 0; $ref_id = isset($params[SYS_REF_ID]) && gtzero_integer($params[SYS_REF_ID]) ? to_int($params[SYS_REF_ID]) : 0; $contact_id = isset($params[SYS_CONTACT_ID]) && gtzero_integer($params[SYS_CONTACT_ID]) ? to_int($params[SYS_CONTACT_ID]) : 0; $redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer()); $contact_info = $this->contact_m->details($contact_id, $ref_id, $type_id); if (!$contact_info) { $this->show_permission_denied_error($method); } $this->form_validation->set_rules('confirm', 'confirm', 'trim|required'); $output = array('message' => "", 'status' => ""); if ($this->form_validation->run() == TRUE) { $is_record_updated = $this->contact_m->delete($contact_id); if ($is_record_updated) { $output['message'] = sprintf('The contact "%s" has been deleted.', $contact_info->contact_name); $output['status'] = SUCCESS_MESSAGE; $output['contact_id'] = $contact_id; } else { $output['message'] = sprintf('Error occurred while trying to delete contact "%s".', $contact_info->contact_name); $output['status'] = ERROR_MESSAGE; } $this->_output_request($output, $redirect_url); } else { if (validation_errors()) { $output['message'] = validation_errors(); $output['status'] = ERROR_MESSAGE; } } $doc_key = $this->_post_args('doc_key', ARGS_TYPE_STRING) ? $this->_post_args('doc_key', ARGS_TYPE_STRING) : keygen(); $csrf = _get_csrf_nonce(); $data = array('form_action' => site_url('contacts/delete/' . $pkey), 'cancel_url' => $redirect_url, 'page' => 'contacts/delete', 'title' => 'Contact "' . $contact_info->contact_name . '"', "display_message" => sprintf('Are you sure you want to delete contact "%s"?', $contact_info->contact_name), "display_heading" => sprintf('Delete contact', $contact_info->contact_name), "submit_btn_text" => "Save Changes", 'hiddenvars' => array_merge($csrf, array('redirect_url' => $redirect_url)), 'doc_key' => $doc_key); if ($this->input->is_ajax_request()) { $html = $this->template->raw_view('pages/contacts/delete_modal', $data, TRUE); if ($method == "ajax") { $output['html'] = $html; $this->_output_request($output, $redirect_url); } else { echo $html; } } else { if (!empty($output['status'])) { set_flash_data($output['status'], $output['message'], FALSE); } $this->template->load('default', $data); } }
<?php header("content-type:text/html; charset=gb2312"); //本单元的作用:激活用户,并重置用户有效期\提醒次数重置为0; //处理:验证用户输入连接是否正确,如果正确,则处理之。 include '../include/basefunction.php'; include '../../../config.inc'; include '../config/config.php'; echo "<h3>用户信息确认与续订</h3>"; $user = $_GET['u']; $email = $_GET['email']; $uid = $_GET['uid']; $sig0 = $_GET['sig']; $action = $_GET['action']; $para = array($user, $email, $uid); $sig = keygen($para); if ($sig != $sig0) { echo "<h3>此激活连接不存在!请确认。</h3>"; exit; } $hidden_str = "<input type=hidden name='email' value='{$email}'><input type=hidden name='sig' value='{$sig}'>"; include '../include/dbconnect.php'; if (mysql_select_db(DBNAME)) { if ($action == 'actived') { if ($_GET['sure'] == '确认续订') { $fullname = mysql_real_escape_string($_GET['fullname'], $mlink); $email_n = mysql_real_escape_string($_GET['email_n'], $mlink); $staff_no = mysql_real_escape_string($_GET['staff_no'], $mlink); $department = mysql_real_escape_string($_GET['department'], $mlink); $expire = date("Y-m-d", strtotime("+{$user_t} day")); $query = "update svnauth_user set full_name=\"{$fullname}\",email=\"{$email_n}\",staff_no=\"{$staff_no}\",department=\"{$department}\",expire=\"{$expire}\",infotimes=0 where user_id={$uid}";
public function download($pkey, $method = "echo") { _has_user_access_permission(TRUE, array('admin')); $params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array(); $company_id = in_array($this->current_user->group_id, array(GROUP_ADMIN, GROUP_STAFF, GROUP_ENGINEER)) ? $this->_post_args('company_id', ARGS_TYPE_INT, array_key_exists(SYS_COMPANY_ID, $params) && gtzero_integer($params[SYS_COMPANY_ID]) ? to_int($params[SYS_COMPANY_ID]) : 0) : $this->current_user->company_id; $site_id = isset($params[SYS_SITE_ID]) && gtzero_integer($params[SYS_SITE_ID]) ? to_int($params[SYS_SITE_ID]) : 0; $redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer()); $site_statuses = array('' => '', 1 => 'OPEN', 2 => 'SUBMITTED', 3 => 'COMPLETED'); $site_info = $this->site_m->details($site_id, $company_id); if (!$site_info || _has_company_group_access($this->current_user->group_id) && $site_info->company_id != $this->current_user->company_id) { $this->show_permission_denied_error($method); } $company_id = in_array($this->current_user->group_id, array(GROUP_ADMIN, GROUP_STAFF, GROUP_ENGINEER)) ? $this->_post_args('company_id', ARGS_TYPE_INT, $site_info->company_id) : $this->current_user->company_id; $doc_key = $this->_post_args('doc_key', ARGS_TYPE_STRING) ? $this->_post_args('doc_key', ARGS_TYPE_STRING) : keygen(); $csrf = _get_csrf_nonce(); $headings = array("SITE", "FORM", "DATE ADDED", "ADDED BY", "STATUS", "DATE SUBMITTED", "SUBMITTED BY", "DATE COMPLETED", "COMPLETED BY"); $this->load->library('PHPExcel'); $this->load->library('PHPExcel/IOFactory'); // Create a new PHPExcel object $objPHPExcel = new PHPExcel(); $objPHPExcel->getActiveSheet()->setTitle('List of Site Forms'); $rowNumber = 1; $col = 'A'; foreach ($headings as $heading) { $objPHPExcel->getActiveSheet()->setCellValue($col . $rowNumber, $heading); $col++; } // Loop through the result set $rowNumber = 2; foreach ($site_info->site_forms as $site_form) { $col = 'A'; $objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, $site_info->site_code); $objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, $site_form->form_name); $objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, _validate_date($site_form->added_on, 'Y-m-d H:i:s') ? local_time($site_form->added_on, 'M d, Y @ h:ia') : ''); $objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, $site_form->added_by_name); $objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, $site_statuses[$site_form->status]); $objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, _validate_date($site_form->submitted_on, 'Y-m-d H:i:s') ? local_time($site_form->submitted_on, 'M d, Y @ h:ia') : ''); $objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, $site_form->submitted_by_name); $objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, _validate_date($site_form->completed_on, 'Y-m-d H:i:s') ? local_time($site_form->completed_on, 'M d, Y @ h:ia') : ''); $objPHPExcel->getActiveSheet()->setCellValue($col++ . $rowNumber, $site_form->completed_by_name); $rowNumber++; } $objWriter = IOFactory::createWriter($objPHPExcel, 'Excel5'); // We'll be outputting an excel file header('Content-type: application/vnd.ms-excel'); // It will be called file.xls header('Content-Disposition: attachment; filename="' . date('Ymd') . '.xls"'); // Write file to the browser $objWriter->save('php://output'); }
function do_package_install() { global $package_installer_console; global $edit_domain; global $adm_login; global $pkg_info; global $dtcpkg_db_login; $package_installer_console .= "=> Installer Preparing Configuration for WordPress 2.5.1<br>"; $admin_path = getAdminPath($adm_login); $vhost_path = $admin_path . "/" . $edit_domain . "/subdomains/" . $_REQUEST["subdomain"] . "/html"; $hostname = $_REQUEST["subdomain"] . "." . $edit_domain; $vhost_url = "http://{$hostname}/"; $cmd = "mv " . $vhost_path . "/" . $pkg_info["directory"] . " " . $vhost_path . "/" . $_REQUEST["dtcpkg_directory"]; $data = array(); $data["lang"] = "english"; $data["dbms"] = "mysql4"; $data["upgrade"] = "0"; $data["dbhost"] = "localhost"; $data["dbname"] = $_REQUEST["database_name"]; $data["dbuser"] = $dtcpkg_db_login; $data["dbpasswd"] = $_REQUEST["dtcpkg_db_pass"]; $data["prefix"] = "wordpress_"; $data["server_name"] = $hostname; $data["server_port"] = "80"; $data["admin_name"] = $_REQUEST["dtcpkg_login"]; $data["admin_pass1"] = $_REQUEST["dtcpkg_pass"]; $data["admin_pass2"] = $_REQUEST["dtcpkg_pass"]; $data["install_step"] = "1"; $data["cur_lang"] = "english"; //Prepare WordPress Configuration function keygen($length) { $key = ''; for ($i = 0; $i < $length; $i++) { $key .= chr(rand(40, 127)); } return $key; } $wpconfig = array(); $wpconfig["gophp"] = "<?php"; $wpconfig["dbname"] = "define('DB_NAME','" . $data["dbname"] . "');"; $wpconfig["dbuser"] = "******" . $data["dbuser"] . "');"; $wpconfig["dbpasswd"] = "define('DB_PASSWORD','" . $data["dbpasswd"] . "');"; $wpconfig["dbhost"] = "define('DB_HOST','localhost');"; $wpconfig["dbcharset"] = "define('DB_CHARSET','utf8');"; $wpconfig["dbcollate"] = "define('DB_COLLATE','');"; $wpconfig["seckey"] = "define('SECRET_KEY','" . keygen(25) . "');"; $wpconfig["tblpfx"] = "\$" . "table_prefix = 'wp_';"; $wpconfig["wplang"] = "define('WPLANG','');"; $wpconfig["abspath"] = "define('ABSPATH',dirname(__FILE__).'/');"; $wpconfig["req_once"] = "require_once(ABSPATH.'wp-settings.php');"; $wpconfig["nophp"] = "?>"; $wpconf_str = implode("\n", $wpconfig); //Write WordPress Config File if (!file_put_contents($vhost_path . "/" . $_REQUEST["dtcpkg_directory"] . "/wp-config.php", $wpconf_str)) { $package_installer_console .= "=> Error Writing WordPress Configuration 'wp-config.php'<br>"; } else { $package_installer_console .= "=> WordPress Configuration 'wp-config.php' written<br>"; } //Set url for post install script, currently not used, //but returns HTTP/1.1 200 OK on WordPress install success. $url = $vhost_url . $_REQUEST["dtcpkg_directory"] . "/" . $pkg_info["post_script_url"]; // print_r($data); $package_installer_console .= "=> Calling {$url}<br>"; $ret = HTTP_Post($url, $data, $url); $weblines = explode("\n", $ret); // HTTP/1.1 200 OK $package_installer_console .= "=> Script returns: " . $weblines[0] . "\n\n"; $package_installer_console .= "WordPress will ask for a blog name and admin email address the first time you run it.\n\n WordPress will then show your admin login and password. Write it down to avoid trouble!\n\n"; return 0; // Ok, no problem ! :) }
require_once '../../../../performanceanxietyquestionnaire.com/src/login.php'; $count = $_POST["keycount"]; $mysqli = new mysqli($host, $user, $pass, $dtbs); if (mysqli_connect_errno()) { echo "<p>"; echo "Connect Error: " . mysqli_connect_errno(); echo "</p>"; } else { for ($i = 0; $i < $count; $i++) { $licKey = keygen(); $hashedKey = hash("md5", $licKey); $query = "SELECT * FROM License WHERE licenseKey = '" . $hashedKey . "';"; $result = $mysqli->query($query); while ($result->num_rows != 0) { //echo "<br>".$hashedKey; $licKey = keygen(); $hashedKey = hash("md5", $licKey); $query = "SELECT * FROM License WHERE licenseKey ='" . $hashedKey . "';"; $result = $mysqli->query($query); } $insert = "INSERT into License (id, licenseKey, active) VALUES ("; $insert .= "0"; $insert .= ", '" . $hashedKey . "'"; $insert .= ", 1);"; //echo "<br>".$insert; $result = $mysqli->query($insert); if ($result) { $keyFile .= $licKey . "\n"; $keyOutput .= $licKey . "<br>"; $get_id = "select id from License where licenseKey = '{$hashedKey}';"; $result = $mysqli->query($get_id);
# Prolong TTL # $item_ids = cw_query("SELECT {$tables['order_details']}.item_id FROM {$tables['order_details']}, {$tables['download_keys']} WHERE {$tables['order_details']}.doc_id = '{$doc_id}' AND {$tables['order_details']}.item_id = {$tables['download_keys']}.item_id"); if ($item_ids) { foreach ($item_ids as $v) { db_query("UPDATE {$tables['download_keys']} SET expires = '" . (time() + $config['egoods']['download_key_ttl'] * 3600) . "' WHERE item_id = '{$v['item_id']}'"); } } $pids = cw_query("SELECT {$tables['order_details']}.item_id, {$tables['order_details']}.product_id, {$tables['products']}.distribution FROM {$tables['order_details']}, {$tables['products']} WHERE {$tables['order_details']}.doc_id = '{$doc_id}' AND {$tables['order_details']}.product_id = {$tables['products']}.product_id AND {$tables['products']}.distribution != ''"); if ($pids) { $keys = array(); foreach ($pids as $v) { if (cw_query_first_cell("SELECT COUNT(*) FROM {$tables['download_keys']} WHERE item_id = '{$v['item_id']}'")) { continue; } $keys[$v['item_id']]['download_key'] = keygen($v['product_id'], $config['egoods']['download_key_ttl'], $v['item_id']); $keys[$v['item_id']]['distribution_filename'] = basename($v['distribution']); } if (!empty($keys)) { $order = cw_order_data($doc_id); if (!empty($order)) { foreach ($order['products'] as $k => $v) { if (isset($keys[$v['item_id']])) { $order['products'][$k] = cw_array_merge($v, $keys[$v['item_id']]); } } $smarty->assign('products', $order['products']); $smarty->assign('order', $order['order']); $smarty->assign('userinfo', $order['userinfo']); cw_call('cw_send_mail', array($config['Company']['orders_department'], $order['userinfo']['email'], "mail/egoods_download_keys_subj.tpl", "mail/egoods_download_keys.tpl")); }
public function show($pkey, $method = "echo") { _has_user_access_permission(TRUE, array('admin', 'staff')); $params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array(); $company_id = isset($params[SYS_COMPANY_ID]) && gtzero_integer($params[SYS_COMPANY_ID]) ? to_int($params[SYS_COMPANY_ID]) : 0; $redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer()); $company_info = $this->company_m->details($company_id); if (!$company_info) { $this->show_permission_denied_error($method); } $doc_key = $this->_post_args('doc_key', ARGS_TYPE_STRING) ? $this->_post_args('doc_key', ARGS_TYPE_STRING) : keygen(); $csrf = _get_csrf_nonce(); $data = array('form_action' => site_url('agencies/edit/' . $pkey), 'cancel_url' => $redirect_url, 'page' => 'companies/show', 'title' => 'Edit Agency', 'submit_btn_text' => 'Save Changes', 'logo' => $company_info->logo, 'name' => $company_info->name, 'address' => $company_info->address, 'active' => $company_info->active, 'gmt_offset' => $company_info->gmt_offset, 'scripts' => array('companies/show.js'), 'hiddenvars' => array_merge($csrf, array('redirect_url' => $redirect_url)), 'doc_key' => $doc_key); if ($this->input->is_ajax_request()) { $html = $this->template->raw_view('pages/companies/show_modal', $data, TRUE); if ($method == "ajax") { $output['html'] = $html; $this->_output_request($output, $redirect_url); } else { echo $html; } } else { if (!empty($output['status'])) { set_flash_data($output['status'], $output['message'], FALSE); } $this->template->load('default', $data); } }
} echo ' </tbody> </table> <p><input type="submit" value="Opslaan" /></p> </fieldset> </form> '; } elseif (intval($_POST['step']) == 3) { $names = $_POST['namen']; $mails = $_POST['mails']; $already = array(); foreach ($names as $key => $value) { $name = mysql_real_escape_string($value); $mail = mysql_real_escape_string($mails[$key]); $code = keygen(10); if (strlen($name) > 0) { if (!is_unieke_naam_in_groep($name, $_SESSION['gid'])) { $already[] = $name; } else { $sql = "INSERT INTO mensen SET\r\n naam = '" . $name . "',\r\n mail = '" . $mail . "',\r\n groep_id = " . $_SESSION['gid'] . ",\r\n code = '" . $code . "'"; $res = mysql_query($sql) or echo_mysql_error($sql); mail($name . ' <' . $mail . '>', 'Lootjes trekken', ' Hallo ' . $name . ', Zojuist is er een account voor je aangemaakt voor de Lootjestrekmachine in de groep \'' . $_SESSION['gname'] . '\'. Groepsnaam: ' . $_SESSION['gname'] . ' Naam: ' . $name . ' Inlogcode: ' . $code . '
function handle_upload() { //print_r($_FILES); $y = date('Y', current_time('timestamp')); $d = date('d', current_time('timestamp')); $m = date('m', current_time('timestamp')); $full = $y . '/' . $m . '/' . $d; // chmod(WP_CONTENT_DIR.'/cdm_uploads/'.$y.'/'.$m.'/'.$d, 777); // chmod(WP_CONTENT_DIR.'/cdm_uploads/'.$y.'/'.$m, 777); // chmod(WP_CONTENT_DIR.'/cdm_uploads/'.$y, 777); $permission_denied = !file_exists(WP_CONTENT_DIR . '/cdm_uploads/' . $y) ? mkdir(WP_CONTENT_DIR . '/cdm_uploads/' . $y, 0755) ? true : false : false; $permission_denied = !file_exists(WP_CONTENT_DIR . '/cdm_uploads/' . $y . '/' . $m) ? mkdir(WP_CONTENT_DIR . '/cdm_uploads/' . $y . '/' . $m, 0755) ? true : false : false; $permission_denied = !file_exists(WP_CONTENT_DIR . '/cdm_uploads/' . $y . '/' . $m . '/' . $d) ? mkdir(WP_CONTENT_DIR . '/cdm_uploads/' . $y . '/' . $m . '/' . $d, 0755) ? true : false : false; if ($permission) { $error = true; $msg = 'Permission denied! Cannot create directories, Please make sure the directory wp-content/cdm_uploads is writable.'; } else { $uploadDir = WP_CONTENT_DIR . '/cdm_uploads/' . $full . '/'; if (!empty($_FILES)) { $tempFile = $_FILES['Filedata']['tmp_name'][0]; // Validate the file type $fileTypes = explode(',', $this->configuration->allowed_extension); //$fileTypes = array('jpg', 'jpeg', 'gif', 'png'); // Allowed file extensions $fileParts = pathinfo($_FILES['Filedata']['name'][0]); $file_name = keygen(32) . '.' . $fileParts['extension']; $targetFile = $uploadDir . $file_name; //$_FILES['Filedata']['name'][0]; // Validate the filetype if (in_array($fileParts['extension'], $fileTypes)) { // Save the file if (move_uploaded_file($tempFile, $targetFile)) { if ($id = $this->_save_file($file_name, $full, $_FILES['Filedata']['name'][0])) { $error = false; $msg = "File " . $_FILES['Filedata']['name'][0] . " Uploaded!"; $data = array('id' => $id, 'name' => $_FILES['Filedata']['name'][0]); } else { $error = true; $msg = "Server problem! Couldn't save the file to database, please try again. Here is the server message <br/>" . mysql_error(); } } } else { $error = true; $msg = "File type not allowed. Only " . $this->configuration->allowed_extension . " are allowed."; } } } header("Content-Type: application/json"); print_r(json_encode(array('error' => $error, 'msg' => $msg, 'file_data' => $data))); die; }
public function qedit($pkey, $method = "echo") { _has_user_access_permission(TRUE, array('admin')); $params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array(); $form_type_id = isset($params[SYS_FORM_TYPE_ID]) && gtzero_integer($params[SYS_FORM_TYPE_ID]) ? to_int($params[SYS_FORM_TYPE_ID]) : 0; $question_id = isset($params[SYS_QUESTION_ID]) && gtzero_integer($params[SYS_QUESTION_ID]) ? to_int($params[SYS_QUESTION_ID]) : 0; $redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer()); $form_info = $this->survey_m->form_type_details($form_type_id); $question_info = $this->survey_m->get_question_detail($question_id, $form_type_id); $this->form_validation->set_rules('description', 'Description', 'required|xss_clean'); $this->form_validation->set_rules('help_text', 'Help Text', 'trim|xss_clean'); $this->form_validation->set_rules('question_type', 'Question Type', 'required|xss_clean'); $this->form_validation->set_rules('allowed_types', 'Allowed Types', 'callback__allowed_types'); $this->form_validation->set_rules('max_size', 'Max Size', 'callback__max_size'); $this->form_validation->set_rules('db_table', 'Table', 'callback__db_table'); $this->form_validation->set_rules('options', 'options', 'callback__seloptions'); $this->form_validation->set_rules('sort_order', 'Sort Order', ''); $output = array('message' => "", 'status' => ""); if ($this->form_validation->run() == TRUE) { $question_type = $this->_post_args('question_type', ARGS_TYPE_STRING); $input = array('form_type_id' => $form_type_id, 'form_section_id' => $this->_post_args('form_section_id', ARGS_TYPE_INT), 'description' => $this->_post_args('description', ARGS_TYPE_STRING), 'help_text' => $this->_post_args('help_text', ARGS_TYPE_STRING), 'type' => $this->_post_args('question_type', ARGS_TYPE_STRING, 'text'), 'allowed_types' => $question_type == 'upload' ? implode('|', $this->_post_args('allowed_types', ARGS_TYPE_ARRAY)) : '', 'max_size' => $question_type == 'upload' ? $this->_post_args('max_size', ARGS_TYPE_STRING) : 0, 'table' => $question_type == 'database_table' ? $this->_post_args('db_table', ARGS_TYPE_STRING) : '', 'options' => in_array($question_type, array('radio', 'checkbox', 'select')) ? $this->_post_args('options', ARGS_TYPE_STRING) : '', 'sort_order' => $this->_post_args('sort_order', ARGS_TYPE_INT)); $is_record_updated = $this->survey_m->qupdate($input, $question_id); if ($is_record_updated > 0) { $output['status'] = SUCCESS_MESSAGE; $output['message'] = sprintf('The question for site form "%s" was updated.', $form_info->name); $output['form_type_id'] = $form_type_id; } else { $output['message'] = sprintf('Unable to update question for site form record "%s". Please report the issue to %s', $form_info->name, $this->cfg->contact_email); $output['status'] = ERROR_MESSAGE; } $this->_output_request($output, $redirect_url); } else { if (validation_errors()) { $output['message'] = validation_errors(); $output['status'] = ERROR_MESSAGE; } } $doc_key = $this->input->post('doc_key') ? $this->input->post('doc_key') : keygen(); $csrf = _get_csrf_nonce(); $data = array('form_action' => site_url('survey/qedit/' . $pkey), 'cancel_url' => $redirect_url, 'page' => 'survey/qform', 'title' => 'Question Detail', 'submit_btn_text' => 'Save Changes', 'form_type_id' => $form_type_id, 'form_section_id' => $this->_post_args('form_section_id', ARGS_TYPE_INT, $question_info->form_section_id), 'description' => $this->_post_args('description', ARGS_TYPE_STRING, $question_info->description), 'help_text' => $this->_post_args('help_text', ARGS_TYPE_STRING, $question_info->help_text), 'question_type' => $this->_post_args('question_type', ARGS_TYPE_STRING, $question_info->type), 'allowed_types' => $this->_post_args('allowed_types', ARGS_TYPE_ARRAY, !empty($question_info->allowed_types) ? explode('|', $question_info->allowed_types) : array()), 'max_size' => $this->_post_args('max_size', ARGS_TYPE_STRING, $question_info->max_size), 'db_table' => $this->_post_args('db_table', ARGS_TYPE_STRING, $question_info->table), 'options' => $this->_post_args('options', ARGS_TYPE_STRING, $question_info->options), 'sort_order' => $this->_post_args('sort_order', ARGS_TYPE_INT, $question_info->sort_order), 'scripts' => array('survey/qform.js'), 'hiddenvars' => array_merge($csrf, array('redirect_url' => $redirect_url))); if ($this->input->is_ajax_request()) { $html = $this->template->raw_view('pages/survey/qform_modal', $data, TRUE); if ($method == "ajax") { $output['html'] = $html; $this->_output_request($output, $redirect_url); } else { echo $html; } } else { if (!empty($output['status'])) { set_flash_data($output['status'], $output['message'], FALSE); } $this->template->load('default', $data); } }
$db->insertImageAccessEntry($_POST['ids_avions'], $_POST['description'], $image_id, $_POST['user_key'], $_POST['id_categorie'], $_POST['rank']); $db->commit(); $confirm = "Accès ajouté."; $httpQuery->delete('indexForm', 'active'); // Générer la vignette $vignette = new Image(); $vignette->createfromjpg($fileInfo['dirname'] . '/' . $fileInfo['basename'])->setHeight('24')->save(getHttpImagesRoot() . '/' . $fileInfo['basename']); unset($vignette); } catch (Exception $e) { $error = $e->getMessage() . "<br />Détail :<br />" . $e->getTraceAsString(); } } } // Ajouter un accès à un document if ($httpQuery->has('indexForm', 'active')) { $user_key = keygen(); $id_avion = false; $submitName = 'activate_access'; $submitValue = 'Activer'; $description = ''; $categorie_id = ''; $rank = 0; $id_avion_image = 0; $comment = ''; $ids_avion_arr = $db->getAllProducts(); } // Tous les documents présent sur l'espace ftp $allImages = readdir_recursive(getFtpImagesRoot() . '/', array('jpg', 'jpeg', 'png', 'JPG', 'JPEG', 'PNG')); // Toutes les images activés dans la base // Tableau sous la forme [id_image] => full_path; $allDbImages = $db->getAllImagesPath();
<?php if (!defined('APP_START')) { die('Access denied'); } if (empty($products)) { return false; } cw_load('mail'); $send_keys = false; foreach ($products as $key => $value) { if ($value['distribution']) { $download_key = keygen($value['product_id'], $config['egoods']['download_key_ttl'], $value['item_id']); $products[$key]['download_key'] = $download_key; $products[$key]['distribution_filename'] = basename($products[$key]['distribution']); $send_keys = true; } } $smarty->assign('products', $products); if ($send_keys) { $to_customer = cw_user_get_language($userinfo['customer_id']); if (empty($to_customer)) { $to_customer = $config['default_customer_language']; } cw_call('cw_send_mail', array($config['Company']['orders_department'], $userinfo['email'], 'mail/egoods_download_keys_subj.tpl', 'mail/egoods_download_keys.tpl')); }
public function show($pkey, $method = "echo") { _has_user_access_permission(TRUE, array('admin', 'management_company')); $output = array('message' => "", 'status' => ""); $params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array(); $company_id = $this->current_user->group_id == 1 ? 0 : $this->current_user->company_id; $user_id = isset($params[SYS_USER_ID]) && gtzero_integer($params[SYS_USER_ID]) ? to_int($params[SYS_USER_ID]) : 0; $redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer()); $user_info = $this->user_m->details($user_id); if (!$user_info || _has_company_group_access($this->current_user->group_id) && $user_info->company_id != $this->current_user->company_id || $this->current_user->user_id == $user_id) { $this->show_permission_denied_error($method); } $doc_key = $this->_post_args('doc_key', ARGS_TYPE_STRING) ? $this->_post_args('doc_key', ARGS_TYPE_STRING) : keygen(); $csrf = _get_csrf_nonce(); $data = array("user_id" => $user_id, 'form_action_type' => FORM_ACTION_SHOW, 'form_action' => site_url('users/edit/' . $pkey), 'cancel_url' => $redirect_url, 'page' => 'user/show', 'title' => 'User Detail', 'submit_btn_text' => 'Save Changes', 'company_name' => $user_info->company_name, 'group_name' => $user_info->group_description, 'first_name' => $user_info->first_name, 'last_name' => $user_info->last_name, 'phone' => $user_info->phone, 'email' => $user_info->email, 'group_id' => $user_info->group_id, 'company_id' => $company_id, 'client_ids' => $user_info->client_ids, 'group_id' => $user_info->group_id, 'scripts' => array('user/show.js'), 'hiddenvars' => array(), 'doc_key' => $doc_key); if ($this->input->is_ajax_request()) { $html = $this->template->raw_view('pages/user/show_modal', $data, TRUE); if ($method == "ajax") { $output['html'] = $html; $this->_output_request($output, $redirect_url); } else { echo $html; } } else { if (!empty($output['status'])) { set_flash_data($output['status'], $output['message'], FALSE); } $this->template->load('default', $data); } }
public function show($pkey, $method = "echo") { _has_user_access_permission(TRUE, array('admin', 'management_company', 'user_company')); $params = ($params = unserialize_object($pkey)) && is_array($params) ? $params : array(); $company_id = $this->current_user->group_id == 1 ? $this->_post_args('company_id', ARGS_TYPE_INT, array_key_exists(SYS_COMPANY_ID, $params) && gtzero_integer($params[SYS_COMPANY_ID]) ? to_int($params[SYS_COMPANY_ID]) : 0) : $this->current_user->company_id; $client_id = isset($params[SYS_CLIENT_ID]) && gtzero_integer($params[SYS_CLIENT_ID]) ? (int) $params[SYS_CLIENT_ID] : 0; $redirect_url = $this->_post_args('redirect_url', ARGS_TYPE_STRING, $this->agent->referrer()); $client_info = $this->client_m->details($client_id, $company_id); if (!$client_info || _has_company_group_access($this->current_user->group_id) && $client_info->company_id != $this->current_user->company_id) { $this->show_permission_denied_error($method); } $company_id = $this->current_user->group_id == 1 ? $this->_post_args('company_id', ARGS_TYPE_INT, $client_info->company_id) : $this->current_user->company_id; $doc_key = $this->_post_args('doc_key', ARGS_TYPE_STRING) ? $this->_post_args('doc_key', ARGS_TYPE_STRING) : keygen(); $csrf = _get_csrf_nonce(); $data = array("client_id" => $client_id, 'notes_listing_url' => site_url('notes/index/' . serialize_object(array(SYS_REF_ID => $client_id, SYS_NOTE_TYPE_ID => NOTE_TYPE_CLIENT))), 'form_action' => site_url('clients/edit/' . $pkey), 'cancel_url' => $redirect_url, 'page' => 'clients/show', 'title' => 'Client Detail', 'submit_btn_text' => 'Save Changes', 'company_id' => $company_id, 'company_name' => $client_info->company_name, 'client_name' => $client_info->full_name, 'first_name' => $client_info->first_name, 'last_name' => $client_info->last_name, 'address' => $client_info->address, 'postcode' => $client_info->postcode, 'phone' => $client_info->phone, 'email' => $client_info->email, 'avatar' => $client_info->avatar, 'contact_first_name' => $client_info->contact_first_name, 'contact_last_name' => $client_info->contact_last_name, 'contact_address' => $client_info->contact_address, 'contact_email' => $client_info->contact_email, 'contact_phone' => $client_info->contact_phone, 'contact_mobile' => $client_info->contact_mobile, 'contact_fax' => $client_info->contact_fax, 'notes' => $this->_post_args('notes', ARGS_TYPE_STRING), 'scripts' => array('clients/show.js'), 'hiddenvars' => array_merge($csrf, array('redirect_url' => $redirect_url))); if ($this->input->is_ajax_request()) { $html = $this->template->raw_view('pages/clients/show_modal', $data, TRUE); if ($method == "ajax") { $output['html'] = $html; $this->_output_request($output, $redirect_url); } else { echo $html; } } else { if (!empty($output['status'])) { set_flash_data($output['status'], $output['message'], FALSE); } $this->template->load('default', $data); } }
break; case "/pull": git("pull github master"); break; case "/status": git("status"); break; case "/log": git('log --pretty=format:"%h - %an, %ar : %s"'); break; case "/burn": case "/燒毀": burn($dict); break; case "/keygen": keygen(); break; default: if (strpos($message, "@" . BOT_NAME)) { sendMsg("我沒這指令, 你想做什麼??"); } //error(3); break; } } else { error(2); } } else { // 訊息不是 / 開頭 if (strpos($message, "@" . BOT_NAME) !== false) { sendMsg("嗨~ Tag 我幹嘛?");
exit; } include '../../../config.inc'; include '../include/basefunction.php'; function safe($str) { // $str=htmlspecialchars($str,ENT_QUOTES); return "'" . mysql_real_escape_string($str) . "'"; } include '../include/dbconnect.php'; if (mysql_select_db(DBNAME)) { //校验参数正确性 $repos = mysql_real_escape_string($_POST['repos']); $path = mysql_real_escape_string($_POST['path']); $para = array($repos, $path); if (keygen($para) != $_POST['sig']) { echo "参数非法!请勿越权操作!"; exit; } if (function_exists('iconv')) { $_POST["newdescript"] = iconv("UTF-8", "GB2312", $_POST["newdescript"]); } $des = safe($_POST['newdescript']); $pattern = '/(\\d+)\\.\\d+\\.\\d+/i'; preg_match($pattern, mysql_get_server_info(), $out); $encode = ''; if ($out[1] > 4) { $encode = " DEFAULT CHARSET=utf8 "; } $createtb = "create table IF NOT EXISTS dir_des(\r\n `repository` varchar(20) NOT NULL,\r\n `path` varchar(255) NOT NULL,\r\n `des` text(500) default NULL,\r\n PRIMARY KEY (`path`,`repository`)\r\n\t\t)ENGINE=MyISAM {$encode};"; mysql_query($createtb);
/** * Constructor of the class * * @param mixed $id the param * @since Version 0.0.1 * @version 0.0.1 */ public function __construct() { $this->id = keygen(50); $players = array(); }