protected function secureData($data) { foreach ($data as $key => $value) { if (is_array($value)) { secureData($value); } else { $data[$key] = htmlspecialchars($value); } } return $data; }
function secure(&$array) { if (!is_array($array)) { $array = secureData($array); } else { foreach ($array as $key => $val) { if (!is_array($val)) { $array[$key] = secureData($val); } else { $array[$key] = array_map('secure', $val); } } } return $array; }
if ($amount < 1) { $error = 103; } switch ($type) { case 'ship': $item_table = $table['ships']; $item_id = 3; break; case 'defense': $item_table = $table['defense']; $item_id = 4; break; } if ($error< 100) $error = tryShipDefenseProductionAdd($playerdata['id'], $item_id, $item_table, $id, $amount); } if ($do == 'cancelprod') { $prod_id = secureData($_GET['prod_id']); $sql_findprod = "SELECT `id`, `player_id`, `type_id`, `item_id`, `amount` FROM $table[productions] WHERE `id` = '$prod_id' AND `player_id` = '$playerdata[id]'"; $res_findprod = mysql_query($sql_findprod); $num_findprod = mysql_num_rows($res_findprod); if ($num_findprod > 0) { $rec_findprod = mysql_fetch_assoc($res_findprod); $item_id = $rec_findprod['item_id']; $amount = $rec_findprod['amount']; $sql_findcosts = "SELECT `id`, `cost_steel`, `cost_crystal`, `cost_erbium`, `cost_titanium` FROM $table[ships] WHERE `id` = '$item_id'"; $res_findcosts = mysql_query($sql_findcosts); if (mysql_num_rows($res_findcosts) > 0) { $rec_findcosts = mysql_fetch_assoc($res_findcosts); $playerdata['res_steel'] += (($amount * $rec_findcosts['cost_steel']) * 0.8); $playerdata['res_crystal'] += (($amount * $rec_findcosts['cost_crystal']) * 0.8); $playerdata['res_erbium'] += (($amount * $rec_findcosts['cost_erbium']) * 0.8);
if ($playerdata['res_crystal'] < 5000) { $error = 104; } if (!checkItem($playerdata['id'], $NG_INTELLIGENCE)) { $error = 106; } if ($error < 100) { $playerdata['res_crystal'] -= 5000; updatePlayerData($playerdata['id'], $playerdata); } } if ($do == 'uniscan') { $findcluster = secureData($_POST['findcluster']); $order = secureData($_POST['order']); $excl_galmem = secureData($_POST['excl_galmem']); $excl_allmem = secureData($_POST['excl_allmem']); $minscore = secureData($_POST['minscore']); $maxscore = secureData($_POST['maxscore']); $minasteroids = secureData($_POST['minasteroids']); $maxasteroids = secureData($_POST['maxasteroids']); if ($minasteroids > $maxasteroids) { $error = 112; } if ($mindscore > $maxscore) { $error = 113; } if (($maxscore <= 0) || (!is_numeric($maxscore))){ $error = 108; } if (($maxasteroids <= 0) || (!is_numeric($maxasteroids))){ $error = 109; } if (($minasteroids < 0) || (!is_numeric($minasteroids))){ $error = 110; } if (($minscore < 0) || (!is_numeric($minscore))){ $error = 111; } if ($playerdata['res_crystal'] < 15000) { $error = 104; } if (!checkItem($playerdata['id'], $UNI_INTELLIGENCE)) { $error = 107; } if ($error < 100) { $playerdata['res_crystal'] -= 15000;
<?php session_start(); include_once 'lib/php/fonction.php'; include_once 'meta_header.php'; //quand on clique sur envoyer if (isset($_POST['validCom']) && isset($_POST['comment'])) { //on initialise de contenu $contenu = ''; //on récupère les données entrées par l'utilisateur $user_id = $_SESSION['id']; $user_mail = $_SESSION['email']; $comment = nl2br(secureData($_POST['comment'])); $datecomments = date('y-m-d H:i:s'); //$heure = date('H:i'); // $date=date("Y-m-d H:i:s"); if (isset($_SESSION['firstname'])) { $user_pseudo = $_SESSION['firstname']; } else { $user_pseudo = $_SESSION['pseudo']; } //on se connection $connection = connectBD(); //si la connection s'effectue if ($connection) { try { //on lance la transaction $connection->BeginTransaction(); //on prépare la requête $connection->exec('INSERT INTO comments VALUES (null, "' . $user_id . '", "' . $user_pseudo . '", "' . $user_mail . '", "' . $comment . '", "' . $datecomments . '") ');
<? require_once('global.inc.php'); $code = secureData($_GET['code']); $sql_doactivate = "UPDATE `$table[players]` SET `activated` = '1' WHERE `activation_code` = '$code'"; mysql_query($sql_doactivate) or die(mysql_error()); ?> <html> <head> <meta http-equiv="Content-Language" content="nl"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <link href="css/default.css" rel="stylesheet" type="text/css"> <title>Imperial-Battle | Account activation</title> </head> <body bgcolor="#223137"> <p align="center">Your account has been activated.</p> <p align="center">Click <a href="index.php" target="_top"><b>here</b></a> to login.</p> </body> </html>
if ($subject == '') { $error = 101; } if ($text == '') { $error = 102; } if ($error < 100) { $sql_createthread = "INSERT INTO $table[allianceforum_threads] (`alliance_id`, `subject`, `starter`, `date`) VALUES ('$alliance_id', '$subject', '$poster_id', '$date')"; mysql_query($sql_createthread); $thread_id = mysql_insert_id(); $sql_createpost = "INSERT INTO `$table[allianceforum_posts]` (`thread_id`, `alliance_id`, `poster_id`, `text`, `date`) VALUES ('$thread_id', '$alliance_id', '$poster_id', '$text', '$date')"; mysql_query($sql_createpost); } } if ($do == 'delthread') { $thread_id = secureData($_GET['thread_id']); if ((getAllianceCommander($playerdata['alliance_id']) != $playerdata['id']) && (getAllianceSubCommander($playerdata['alliance_id']) != $playerdata['id'])) { $error = 103; } else { $sql_delthread = "DELETE FROM $table[allianceforum_threads] WHERE `alliance_id` = '$playerdata[alliance_id]' AND `id` = '$thread_id'"; $sql_delposts = "DELETE FROM $table[allianceforum_posts] WHERE `alliance_id` = '$playerdata[alliance_id]' AND `thread_id` = '$thread_id'"; mysql_query($sql_delthread) or die(mysql_error()); mysql_query($sql_delposts) or die(mysql_error()); if (mysql_affected_rows() > 0) { $error = 1; } else { $error = 104; } } } switch($error) {
$rec_checkalliance = mysql_fetch_array($res_checkalliance); if ($num_checkalliance > 0) { if ($rec_checkalliance['id'] != $playerdata['alliance_id']) { $playerdata['alliance_id'] = $rec_checkalliance['id']; updatePlayerData($playerdata['id'], $playerdata); $error = 3; } else { $error = 105; } } else { $error = 106; } } if ($do == 'changerulerplanet') { $rulername = secureData($_POST['rulername']); $planetname = secureData($_POST['planetname']); if (!$rulername || !$planetname) { $error = 108; } if (getCurrentTick() > 1500) { $error = 109; } if ((getIdByRulername($rulername)) && ($rulername != $playerdata['rulername'])) { $error = 110; } if ((getIdByPlanetname($planetname)) && ($planetname != $playerdata['planetname'])) { $error = 111; } if ($error < 100) { $sql_updrp = "UPDATE $table[players] SET `rulername` = '$rulername', `planetname` = '$planetname' WHERE `id` = '$playerdata[id]'"; mysql_query($sql_updrp) or die(mysql_error()); $error = 4; } } $playerdata = getPlayerdata($playerdata['id']); switch($error) { case 0: $msg = "Succesfully changed password"; break;
<? require_once('global.inc.php'); if (!isset($mod)) { $mod = secureData($_GET['mod']); } if (!isset($mod)) { $mod = secureData($_POST['mod']); } if (!isset($act)) { $act = secureData($_GET['act']); } if (!isset($act)) { $act = secureData($_POST['act']); } ?> <html> <head> <meta http-equiv="Content-Language" content="nl"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <link href="css/default.css" rel="stylesheet" type="text/css"> <title>Imperial Battle</title> </head> <body bgcolor="#223137" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bottommargin="0"> <? if (!$user->checkLogin()) { //header('Location: login.php'); include('login.php'); ?> <!-- <META HTTP-EQUIV="Refresh" CONTENT="0;URL=http://www.imperial-battle.com/"> --> <? } else { ?> <META HTTP-EQUIV="Refresh" CONTENT="0.1;URL=index2.php"> <? }
$crystalinv = secureData($_POST['crystalinv']); $erbiuminv = secureData($_POST['erbiuminv']); if (!$factory_id) { $upd_factory = "INSERT INTO $table[titanium_factory] (`player_id`, `steel_investment`, `crystal_investment`, `erbium_investment`) VALUES ('$playerdata[id]', '$steelinv', '$crystalinv', '$erbiuminv')"; } else { $upd_factory = "UPDATE $table[titanium_factory] SET `steel_investment` = '$steelinv', `crystal_investment` = '$crystalinv', `erbium_investment` = '$erbiuminv' WHERE `id` = '$factory_id' AND `player_id` = '$playerdata[id]'"; } mysql_query($upd_factory) or die(mysql_error()); $error = 1; } if ($do == 'donate') { $res_type = secureData($_POST['res_type']); $amount = secureData($_POST['amount']); $donate_to = secureData($_POST['donate_to']); $arrkey = 'res_'.$res_type; if ($playerdata[$arrkey] < $amount) { $error = 101; } if (($donate_to != 'fund') && ($donate_to <= 0)) { $error = 102; } if ($amount <= 0) { $error = 104; } if (!is_numeric($amount)) { $error = 105; } if ($error < 100) { $error = 0; $playerdata[$arrkey] -= $amount; if ($donate_to == 'fund') { $gal_colname = 'fund_'.$res_type; $sql_donategfund = "UPDATE $table[galaxy] SET `$gal_colname` = `$gal_colname` + '$amount' WHERE `id` = '$playerdata[galaxy_id]'"; mysql_query($sql_donategfund) or die(mysql_error()); if ($moe_id = getMOE($playerdata['galaxy_id'])) { $c = getXYZ($playerdata['id']);
break; } } if ($do == 'delete') { $mail_id = secureData($_GET['mail_id']); $sql_delmail = "DELETE FROM $table[mail] WHERE `id` = '$mail_id' AND `to_player` = '$playerdata[id]'"; mysql_query($sql_delmail); $msg = "Mail succesfully removed."; } if ($do == 'deleteall') { $sql_delallmail = "DELETE FROM $table[mail] WHERE `to_player` = '$playerdata[id]'"; mysql_query($sql_delallmail) or die(mysql_error()); } if ($do == 'read') { $mail_id = secureData($_GET['mail_id']); ?> <table border="0" cellpadding="0" cellspacing="0" width="800"> <tr> <td width="4" valign="bottom"><img border="0" src="img/border/L_B.gif" width="20" height="15"></td> <td width="200">Communication - Reading mail</td> <td width="592" background="img/border/B.gif"><img border="0" src="img/border/B.gif" width="16" height="15"></td> <td width="4" valign="bottom"><img border="0" src="img/border/R_B.gif" width="20" height="15"></td> </tr> <tr> <td width="4" background="img/border/L.gif"> </td> <td width="696" height="100%" valign="top" colspan="2"> <table border="0" cellpadding="0" cellspacing="0" width="800"> <tr> <td valign="top">
<? if($_POST['buy2']){ $cost_steel = secureData($_POST['cost_steel']); $cost_crystal = secureData($_POST['cost_crystal']); $cost_erbium = secureData($_POST['cost_erbium']); $cost_titanium = secureData($_POST['cost_titanium']); $order_id = secureData($_POST['order_id']); $seller_id = secureData($_POST['seller_id']); if (checkSteelResource($playerdata['id'], $cost_steel) && checkCrystalResource($playerdata['id'], $cost_crystal) && checkErbiumResource($playerdata['id'], $cost_erbium) && checkTitaniumResource($playerdata['id'], $cost_titanium)) { $sql_updres = "UPDATE $table[players] SET `res_steel` = `res_steel` - '$cost_steel', `res_crystal` = `res_crystal` - '$cost_crystal', `res_erbium` = `res_erbium` - '$cost_erbium', `res_titanium` = `res_titanium` - '$cost_titanium' WHERE `id` = '$playerdata[id]'"; mysql_query($sql_updres) or die(mysql_error()); $sql_updres2 = "UPDATE $table[players] SET `res_steel` = `res_steel` + '$cost_steel', `res_crystal` = `res_crystal` + '$cost_crystal', `res_erbium` = `res_erbium` + '$cost_erbium', `res_titanium` = `res_titanium` + '$cost_titanium' WHERE `id` = '$seller_id'"; mysql_query($sql_updres2) or die(mysql_error()); $sql_getorderships = "SELECT `order_id`, `ship_id`, `amount` FROM $table[market_ships] WHERE `order_id` = '$order_id'"; $rec_getorderships = mysql_query($sql_getorderships); while ($res_getordership = mysql_fetch_array($rec_getorderships)) { $baseships = getBaseShips($playerdata['id'], $res_getordership['ship_id']); if ($baseships == 0){ $sql_insertship = "INSERT INTO `$table[playerunit]` (`player_id`, `type_id`, `unit_id`, `amount`) VALUES ('$playerdata[id]', '3', '$res_getordership[ship_id]', '$res_getordership[amount]')"; mysql_query($sql_insertship) or die(mysql_error()); }else{ $sql_updships = "UPDATE $table[playerunit] SET `amount` = `amount` + '$res_getordership[amount]' WHERE `player_id` = '$playerdata[id]' AND `unit_id` = '$res_getordership[ship_id]'"; mysql_query($sql_updships) or die(mysql_error()); } $sql_delships = "DELETE FROM $table[market_ships] WHERE `order_id` = '$order_id' AND `ship_id` = '$res_getordership[ship_id]'";
<? require_once("global.inc.php"); unset ($user, $_SESSION['user']); if ($_POST['submit']) { $secretcode = '3485ghfgh98ghfdghq31qqqzxfjkdfgddkjwer08448534gdfgbdfg'; /* Used for activation code generation */ $username = secureData($_POST['username']); $rulername = secureData($_POST['rulername']); $planetname = secureData($_POST['planetname']); $password = secureData($_POST['password']); $password2 = secureData($_POST['password2']); $email = secureData($_POST['email']); $email2 = secureData($_POST['email2']); if (getIdByUsername($username)) { $msg = '<font color=red>That username is already taken.</font>'; } elseif (getIdByRulername($rulername)) { $msg = '<font color=red>That rulername is already taken.</font>'; } elseif (getIdByPlanetname($planetname)) { $msg = '<font color=red>That planetname is already taken.</font>'; } elseif (getIdByEmail($email)) { $msg = '<font color=red>The email address you\'re trying to use, is already taken.</font>'; } elseif ($password != $password2) { $msg = '<font color=red>The passwords don\'t match!</font>'; } elseif ($email != $email2) { $msg = '<font color=red>The e-mails don\'t match!</font>'; } elseif (!$username || !$planetname || !$password || !$password2 || !$email) { $msg = '<font color=red>Empty fields are not allowed.</font>'; } else { $activation_code = md5($username.time().$email.$secretcode); /* Generate a unique md5 has by using the username, current time, email address and a private code. */ $galaxy_id = getRandomGalaxyId(); if (getFreeGalaxySpot($galaxy_id)) { $galaxy_spot = getFreeGalaxySpot($galaxy_id); } else { $msg = 'Registration failed. Your data was inserted correctly, but the galaxy spot is not right. Contact the crew'; } $password = md5($password); $sql_newplayer = "INSERT INTO `$table[players]` (`username` , `password` , `email` , `activated` , `activation_code` , `rulername`,`planetname` , `galaxy_id` , `galaxy_spot`) VALUES ('$username', '$password', '$email', '0', '$activation_code', '$rulername','$planetname', '$galaxy_id', '$galaxy_spot')"; mysql_query($sql_newplayer) or die(mysql_error());
// si on se connecte if ($connection) { try { //on lance la transaction $connection->BeginTransaction(); //si connection, on prépare la requête $connection->exec('INSERT INTO users VALUES(null,"' . $email . '","' . $pseudo . '","' . $mdp . '","' . $dateinscription . '","' . $admin . '","' . $client . '")'); //validation de la transaction $connection->commit(); //appel à la fonction qui connecte l'utilisateur login($connection, $pseudo, $mdp); //on donne une valeur au contenu $contenu = '<red><b>' . $_SESSION['pseudo'] . '</b> Vous avez été inscrit(e) avec succès!</red>'; // Récupération des variables nécessaires au mail de confirmation $email = secureData($_POST['email']); $pseudo = secureData($_POST['pseudo']); // Préparation du mail contenant le lien d'activation $destinataire = $email; $expediteur = '*****@*****.**'; $sujet = 'Votre inscription'; $entete = 'From: inscription@tiha.com'; $headers = 'MIME-Version: 1.0' . "\n"; // Version MIME $headers .= 'Content-type: text/html; charset=ISO-8859-1' . "\n"; // l'en-tete Content-type pour le format HTML $headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n"; $headers .= 'Reply-To: ' . $expediteur . "\n"; // Mail de reponse $headers .= 'From: "HARRAM Fatiha"<' . $expediteur . '>' . "\n"; // Expediteur $headers .= 'Delivered-to: ' . $destinataire . "\n";
if ($crystal < $cost_crystal){$error = 102;$e = 1;} if ($erbium < $cost_erbium){$error = 102;$e = 1;} if ($titanium < $cost_titanium){$error = 102;$e = 1;} $steel = secureData($_POST['steel']); $crystal = secureData($_POST['crystal']); $erbium = secureData($_POST['erbium']); $titanium = secureData($_POST['titanium']); if ($e != 1){ $sql_updorder = "UPDATE $table[market] SET `steel` = '$steel', `crystal` = '$crystal', `erbium` = '$erbium', `titanium` = '$titanium', `status` = '1' WHERE `id` = '$order_id'"; mysql_query($sql_updorder) or die(mysql_error()); } } if ($_POST['delete']){ $ordernr = secureData($_POST['ordernr']); $sql_getorderships = "SELECT `order_id`, `ship_id`, `amount` FROM $table[market_ships] WHERE `order_id` = $ordernr"; $rec_getorderships = mysql_query($sql_getorderships); while ($res_getordership = mysql_fetch_array($rec_getorderships)) { $sql_updships = "UPDATE $table[playerunit] SET `amount` = `amount` + '$res_getordership[amount]' WHERE `player_id` = '$playerdata[id]' AND `unit_id` = '$res_getordership[ship_id]'"; mysql_query($sql_updships) or die(mysql_error()); $sql_delships = "DELETE FROM $table[market_ships] WHERE `order_id` = '$ordernr' AND `ship_id` = '$res_getordership[ship_id]'"; mysql_query($sql_delships) or die(mysql_error()); } $sql_delorderships = "DELETE FROM $table[market] WHERE `id` = '$ordernr' AND `player_id` = '$playerdata[id]'"; mysql_query($sql_delorderships) or die(mysql_error()); $do = 'createorder';
<?php //on lance la session session_start(); include_once 'lib/php/fonction.php'; include_once 'meta_header.php'; //include_once('nav.php'); //quand on appuie sur inscrire if (isset($_POST['editClient'])) { //le contenu n'affiche rien $contenu = ''; $id_client = $_POST['client_id']; $name = $_POST['name']; $firstname = $_POST['firstname']; $phone = $_POST['phone']; $email = secureData($_POST['email']); $adress = $_POST['adress']; $active = $_POST['active']; if (isset($_POST['client_id'])) { $contenu = ''; //on se connecte $connection = connectBD(); // si on se connecte if ($connection) { //on récupère les données sécurisées du formulaire $req = $connection->prepare('UPDATE clients SET adress="' . $adress . '", phone="' . $phone . '", name="' . $name . '", firstname="' . $firstname . '", email="' . $email . '", active="' . $active . '" WHERE id = ?')->execute([$id_client]); $contenu = '<red>Votre profil a été modifié avec succès!</red>'; //on renvoie à la page pour remplir le formulaire de commentaire header('refresh:3; url=clientsAdmin.php'); } else { $contenu = '<red>Vous n\'êtes pas connecté à la BD, veuillez contacter votre administrateur!</red>';
function prepareRequestAndAddHistory($PRP) { $defaultPRP = array('doNotExecute' => false, 'exitOnComplete' => false, 'doNotShowUser' => false, 'directExecute' => false, 'signature' => false, 'timeout' => DEFAULT_MAX_CLIENT_REQUEST_TIMEOUT, 'runCondition' => false, 'status' => 'pending', 'isPluginResponse' => 1, 'sendAfterAllLoad' => false, 'callOpt' => array()); $PRP = array_merge($defaultPRP, $PRP); @extract($PRP); if (empty($historyAdditionalData)) { echo 'noHistoryAdditionalData'; return false; } if ($siteData['connectURL'] == 'default' && defined('CONNECT_USING_SITE_URL') && CONNECT_USING_SITE_URL == 1 || $siteData['connectURL'] == 'siteURL') { $URL = $siteData['URL']; } else { //if($siteData['connectURL'] == 'default' || $siteData['connectURL'] == 'adminURL') $URL = $siteData['adminURL']; } $historyData = array('siteID' => $siteData['siteID'], 'actionID' => Reg::get('currentRequest.actionID'), 'userID' => $GLOBALS['userID'], 'type' => $type, 'action' => $action, 'events' => $events, 'URL' => $URL, 'timeout' => $timeout, 'isPluginResponse' => $isPluginResponse); if ($doNotShowUser) { $historyData['showUser'] = '******'; } if ($parentHistoryID) { $historyData['parentHistoryID'] = $parentHistoryID; } if (!empty($siteData['callOpt'])) { $callOpt = @unserialize($siteData['callOpt']); } if (!empty($siteData['httpAuth'])) { $callOpt['httpAuth'] = @unserialize($siteData['httpAuth']); } if (!empty($runCondition)) { $historyData['runCondition'] = $runCondition; } if (!empty($timeScheduled)) { $historyData['timeScheduled'] = $timeScheduled; } $historyData['callOpt'] = serialize($callOpt); $historyID = addHistory($historyData, $historyAdditionalData); if ($signature === false) { $signature = signData($requestAction . $historyID, $siteData['isOpenSSLActive'], $siteData['privateKey'], $siteData['randomSignature']); } $requestParams['username'] = $siteData['adminUsername']; if (isset($requestParams['secure'])) { $requestParams['secure'] = secureData($requestParams['secure'], $siteData['isOpenSSLActive'], $siteData['privateKey'], $siteData['randomSignature']); } if (!empty($requestParams['args'])) { $requestParams['args']['parentHID'] = $historyID; } $requestData = array('iwp_action' => $requestAction, 'params' => $requestParams, 'id' => $historyID, 'signature' => $signature, 'iwp_admin_version' => APP_VERSION); $updateHistoryData = array('status' => $status); updateHistory($updateHistoryData, $historyID); DB::insert("?:history_raw_details", array('historyID' => $historyID, 'request' => base64_encode(serialize($requestData)), 'panelRequest' => serialize($_REQUEST))); if ($directExecute) { set_time_limit(0); echo 'direct_execute<br />'; executeRequest($historyID, $type, $action, $siteData['URL'], $requestData, $timeout, true, $callOpt); } else { echo 'async_call_it_should_be<br />'; if ($exitOnComplete) { set_time_limit(0); echo "async_call_it_should_be_working"; Reg::set('currentRequest.exitOnComplete', true); } elseif ($sendAfterAllLoad) { Reg::set('currentRequest.sendAfterAllLoad', true); } } return $historyID; }
<? if (!$user->checklogin()) { include('goto.login.php'); die(); } if (!$user->checklogin()) { include('goto.login.php '); die(); } if (!isset($x)) { $mod = secureData($_GET['x']); } if (!isset($x)) { $mod = secureData($_POST['x']); } if (!isset($y)) { $act = secureData($_GET['y']); } if (!isset($y)) { $act = secureData($_POST['y']); } if ($_POST['left']) { if ($x != 1) { if ($y == 1) { $x--; $y = $MAX_CLUSTER; } else { $y--; } } else { if ($y != 1) { $y--; } } } if ($_POST['right']) { if ($y == $MAX_CLUSTER) { $x++; $y = 1; } else { $y++; } }
//on se connecte $connection = connectBD(); // si on se connecte if ($connection) { try { //on lance la transaction $connection->BeginTransaction(); //si connection, on prépare la requête $connection->exec('INSERT INTO clients (pseudo,name,firstname,adress,phone,email,mdp,dateinscription,admin,client,user,token) VALUES("' . $pseudo . '","' . $name . '","' . $firstname . '","' . $adress . '","' . $phone . '","' . $email . '","' . $mdp . '","' . $dateinscription . '","' . $admin . '","' . $client . '","' . $user . '","' . $token . '")'); // Insertion de la clé dans la base de données (à adapter en INSERT si besoin) //validation de la transaction $connection->commit(); // Récupération des variables nécessaires au mail de confirmation $email = secureData($_POST['email']); $name = secureData($_POST['name']); $firstname = secureData($_POST['firstname']); // Préparation du mail contenant le lien d'activation $to = $email; //$destinataire $email_address = '*****@*****.**'; //expediteur no_reply@tiha.be $email_subject = 'Vos identifiants dans notre espace client'; //sujet $name; $headers = 'MIME-Version: 1.0' . "\n"; // Version MIME $headers .= 'Content-type: text/html; charset=UTF-8' . "\r\n"; //entête content-type pour l'UTF8 $headers .= 'Reply-To: ' . $email_address . "\n"; // Mail de reponse $headers .= 'From: "HARRAM Fatiha"<' . $email_address . '>' . "\n";
<? if (!$user->checklogin()) { include('goto.login.php'); die(); } $sql_getships = "SELECT * FROM $table[ships]"; $rec_getships = mysql_query($sql_getships) or die(mysql_error()); if (!isset($do)) { $act = secureData($_GET['do']); } if (!isset($do)) { $act = secureData($_POST['do']); } if ($do == 'move') { $amount = secureData($_POST['amount']); $ship_id = secureData($_POST['ship_id']); $from = secureData($_POST['from']); $to = secureData($_POST['to']); $error = 0; if ($amount > getShipsOnFleet($playerdata[id], $ship_id, $from)) { $error = 1; } if ($from == $to) { $error = 2; } if ($error == 0) { moveShips($playerdata['id'], $ship_id, $amount, $from, $to); } switch($error) { case 0: $msg = "Succesfully moved ships."; break; case 1: $msg = "You don't have that amount of ships to move from fleet $from to $to";
} } if ($error == 0) { $error = 1; } } if ($do == 'donatefund') { $sql_galaxydata = "SELECT `id`, `x`, `y`, `topic`, `image_url`, `commander_id`, `moc_id`, `mow_id`, `moe_id`, `fund_steel`, `fund_crystal`, `fund_erbium`, `fund_titanium`, `private`, `password` FROM $table[galaxy] WHERE `id` = '$galaxy_id'"; $galaxy_data = mysql_fetch_array(mysql_query($sql_galaxydata)); $res_type = secureData($_POST['res_type']); $donate_to = securedata($_POST['donate_to']); $amount = secureData($_POST['amount']); $fund_arrkey = 'fund_'.$res_type; $player_arrkey = 'res_'.$res_type; if (($playerdata['id'] != $galaxy_data['commander_id']) && ($playerdata['id'] != $galaxy_data['moe_id'])) { $error = 106; } if ($amount <= 0) { $error = 103; } if ($galaxy_data[$fund_arrkey] < $amount) { $error = 104; } if ($donate_to <= 0) { $error = 105; } if ($error < 100) { $sql_donateplayer = "UPDATE $table[players] SET `$player_arrkey` = `$player_arrkey` + '$amount' WHERE `id` = '$donate_to'"; mysql_query($sql_donateplayer) or die(mysql_error()); addNews($donate_to, 'Donation', 'Recieved donation', 'You recieved a donation from the galactic fund.<br />The donation is '.$amount.' of '.$res_type.'.'); $sql_updatefund = "UPDATE $table[galaxy] SET `$fund_arrkey` = `$fund_arrkey` - '$amount' WHERE `id` = '$playerdata[galaxy_id]'"; mysql_query($sql_updatefund) or die(mysql_error()); } }
$lName = secureData($_POST["lname"]); } if (empty($_POST["email"])) { $emailError = "Email is required"; } else { $email = secureData($_POST["email"]); } if (empty($_POST["password"])) { $passwordError = "Password is required"; } else { $password = secureData($_POST["password"]); } if (empty($_POST["password2"])) { $password2Error = "Retype Password is required"; } else { $password2 = secureData($_POST["password2"]); } if ($password !== $password2) { $pmatchError = "Password retype not matched."; } } function secureData($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } ?> <h1 class="text-center text-uppercase">Register</h1>
//valider les données entrées par l'utilisateur valider_mail($_POST['email']); valider_mdp($_POST['mdp']); //on vérifie s'il y a erreur if ($_SESSION['erreurform']) { //s'il y a erreur, réinitialisation de l'erreur de connection $_SESSION['erreur_connection'] = ''; //renvoie vers la page avec le formulaire header('refresh:0;url=espaceclient.php'); } else { //connection à la BD $connection = connectBD(); if ($connection) { //on récupère les données sécurisées du formulaire $email = secureData($_POST['email']); $mdp = md5(secureData($_POST['mdp'])); $req = $connection->prepare('UPDATE clients SET mdp="' . $mdp . '" WHERE email = ?')->execute([$email]); $contenu = '<red>Votre mot de passe a été modifié avec succès! <b>Vous pouvez dès à présent vous connecter!</b></red>'; //on renvoie à la page pour remplir le formulaire de commentaire header('refresh:3; url=espaceclient.php'); } else { $contenu = '<red>Vous n\'êtes pas connecté à la BD, veuillez contacter votre administrateur!</red>'; } } } //fin if isset ini include_once 'meta_header.php'; ?> <title>Connection</title> </head>
if (!$user->checklogin()) { include('goto.login.php'); die(); } if (!isset($do)) { $act = secureData($_GET['do']); } if (!isset($do)) { $act = secureData($_POST['do']); } $error = -1; if ($do == 'deleteall') { $sql_delallnews = "DELETE FROM $table[playernews] WHERE `player_id` = '$playerdata[id]' AND `read` = '1'"; mysql_query($sql_delallnews) or die(mysql_error()); $error = 0; } if ($do == 'delete') { $news_id = secureData($_GET['news_id']); if ($news_id) { $sql_delnews = "DELETE FROM $table[playernews] WHERE `id` = '$news_id' AND `player_id` = '$playerdata[id]'"; mysql_query($sql_delnews) or die(mysql_error()); if (mysql_affected_rows() > 0) { $error = 1; } else { $error = 100; } } else { $error = 101; } } switch($error) { case 0: $msg = "Succesfully deleted all news items.";
} if ($do == 'orderfleet') { $fleet_id = secureData($_GET['fleet_id']); } if ($do == 'order') { $fleet_id = secureData($_GET['fleet_id']); $x = secureData($_POST['x']); $y = secureData($_POST['y']); $z = secureData($_POST['z']); $target_id = getPlayerId($x, $y, $z); $action = secureData($_POST['action']); $action_time = secureData($_POST['action_time']); if (getFleetShipAmount($playerdata['id'], $fleet_id) == 0) { $error = 104; } if (!isFleetHome($playerdata['id'], $fleet_id) && $action != 'home') { $error = 105; } if (isFleetHome($playerdata['id'], $fleet_id) && $action == 'home') { $error = 110; } if ($target_id == $playerdata['id']) { $error = 108; } if ((getPlayerProperty($target_id, 'score') < ($playerdata['score'] / 3)) && ($action == 'attack')) { $error = 111; } if (!$action) { $action = 'home'; } if (!$action_time) { $action_time = 0; } if ($action == 'home') { $target_id = $playerdata['id'];