public function __construct()
{
$this->socket = socket_create(AF_INET, SOCK_STREAM, 0);
if ($this->socket < 0) {
sendError('socket_create() failed: reason: ' . socket_strerror($this->socket));
}
}
function getConnection()
{
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if ($mysqli->connect_errno) {
sendError("Error al intentar establecer la coneccion a la base");
} else {
$mysqli->query("SET NAMES 'utf8'");
return $mysqli;
}
}
function listCategorias()
{
$c = getConnection();
$query = "SELECT * FROM categorias";
$categorias = array();
if ($resultado = $c->query($query)) {
while ($fila = $resultado->fetch_assoc()) {
$categorias[] = $fila;
}
$resultado->free();
sendResult(array("categorias" => $categorias), "Ok");
} else {
sendError("No se encontraron resultados");
}
}
function mysql_session_write($SessionID, $val)
{
# dbg("writing session info for $SessionID");
$SessionTableName = $GLOBALS["SessionTableName"];
$SessionID = addslashes($SessionID);
$val = addslashes($val);
$SessionExists = sql_fetch_row_query("select count(*) from {$SessionTableName} where sessionid = '{$SessionID}'");
if ($SessionExists[0] == 0) {
$retval = sql_query(sprintf('insert into %s (sessionid,lastactive,data) values("%s",UNIX_TIMESTAMP(NOW()),"%s")', $SessionTableName, $SessionID, $val));
} else {
$retval = sql_query(sprintf('update %s SET data = "%s", lastactive = UNIX_TIMESTAMP(NOW()) where sessionid = "%s"', $SessionTableName, $val, $SessionID));
if (sql_affected_rows() < 0) {
sendError("unable to update session data for session {$SessionID}");
}
}
return $retval;
}
public function onData($json, $client)
{
$data = json_decode($json, true);
if ($data === NULL || !isset($data['type']) || !isset($this->clienId2room[$client->getId()]) && $data['type'] !== "participate") {
$this->sendError("不正なデータを受信しました:無意味なメッセージ", $client);
return;
}
try {
switch ($data['type']) {
case "participate":
if (!isset($data['roomId']) || !isset($data['userId'])) {
$this->sendError("ログインに必要な情報がたりません", $client);
return;
}
$data['roomId'] = trim($data['roomId']);
$data['userId'] = trim($data['userId']);
if (!isset($this->roomName2room[$data['roomId']])) {
$this->roomName2room[$data['roomId']] = new ChatRoom();
}
$this->clienId2room[$client->getId()] = $this->roomName2room[$data['roomId']];
$this->clienId2room[$client->getId()]->loginUser($client, $data['userId']);
break;
case "message":
if (!isset($data['body'])) {
$this->sendError("不正なデータを受信しました:内容のないチャット送信", $client);
return;
}
$this->clienId2room[$client->getId()]->sendMessage($client, $data['body']);
break;
case "logout":
$this->clienId2room[$client->getId()]->logoutUser($client);
unset($this->clienId2room[$client->getId()]);
break;
default:
sendError("不正なデータを受信しました:無効な種類のメッセージ", $client);
return;
}
} catch (UserNotFoundException $e) {
$this->sendError($e->getMessage(), $client);
return;
} catch (ConnectionAlreadyEstablishedException $e) {
$this->sendError($e->getMessage(), $client);
return;
}
}
/**
* @return int
*/
public static function verifyCurrentPathAccess()
{
if (!isset($_POST["path"]) || !is_numeric($_POST["path"])) {
sendError(400);
}
$pathID = (int) $_POST["path"];
$allowedPaths = self::getAllowedPaths();
if (!isset($allowedPaths[$pathID])) {
sendError(404);
}
return $pathID;
}
sendError('Your local password is not set. Use Create Account to set a new password.');
}
// Verify password.
if (!empty($user_password) && check_encrypted_password($dbHandle, $username, $password)) {
$result = $dbHandle->query("SELECT userID,permissions FROM users WHERE username="******"DELETE FROM logins" . " WHERE sessionID={$session_id_q} AND userID={$user_id_q}");
$error = 'Le numéro de poste doit être composé de 5 chiffres et commencé par 5 ou 9';
break;
case 'idPavillon':
$pavillon = verifyPavillon(substr($info, 0, 1));
$etage = verifyEtage(substr($info, 1));
$boolError = $pavillon && $etage;
$error = "Le pavillon ou l'étage est incorrect";
break;
case 'idLogiciel':
$boolError = verifySoft($info);
$error = "Le nom du logiciel ne peut pas contenir d'accents, ni de caractères spéciaux";
break;
default:
throw new Exception("ID NON VALIDE");
}
if ($boolError === false) {
sendError($error);
}
} else {
sendError("Le champs est vide");
}
/*
* Cette fonction permet de retourner les erreurs
*/
function sendError($message)
{
header("Content-Type : application/json");
$erreur = array();
$erreur["description"] = $message;
echo json_encode($erreur);
}
if (isset($_POST['check-3'])) {
$content .= '<li>Vinduespudsning</li>';
}
if (isset($_POST['check-4'])) {
$content .= '<li>Havearbejde</li>';
}
if (isset($_POST['check-5'])) {
$content .= '<li>Snerydning</li>';
}
if (isset($_POST['check-6'])) {
$content .= '<li>Skadeservice</li>';
}
$content .= '</ul>';
}
if (isset($message) && !empty($message)) {
$content .= '<p><strong>Tilføjet besked: </strong></p><hr>';
$content .= nl2br($message);
$content .= '<hr>';
}
$content .= '<p style="font-size:10px;color:#888;">(' . $name . ' er sat som afsender af denne email, så du kan svare direkte tilbage på den.)</p>';
require 'mail_footer.php';
$new_post_array = array('post_content' => $content_header_white . $content, 'post_title' => $new_post_title, 'post_status' => 'private', 'post_type' => 'email');
$new = wp_insert_post($new_post_array, true);
if (is_wp_error($new)) {
sendError($new->get_error_message());
} else {
$response['success'] = 'oprettet med id: ' . $new;
echo json_encode($response);
}
sendEmail($email, $receiver, 'Ny besked fra kontaktformular', $content_header_white . $content);
sendEmail('*****@*****.**', $email, 'Tak for din henvendelse', $content_header . $content_extra . $content);
function saveUserAttribute($userid, $attid, $data)
{
global $usertable_prefix, $tables;
# workaround for integration webbler/phplist
if (!isset($usertable_prefix)) {
$usertable_prefix = '';
}
if (!empty($tables["attribute"])) {
$att_table = $usertable_prefix . $tables["attribute"];
$user_att_table = $usertable_prefix . $tables["user_attribute"];
} else {
$att_table = $usertable_prefix . "attribute";
$user_att_table = $usertable_prefix . "user_attribute";
}
if ($data["nodbsave"]) {
dbg("Not saving {$attid}");
return;
}
if (strtolower($data) == 'invalid attribute index') {
return;
}
if ($attid == "emailcheck" || $attid == "passwordcheck") {
dbg("Not saving {$attid}");
return;
}
if (!$data["type"]) {
$data["type"] = "textline";
}
if ($data["type"] == "static" || $data["type"] == "password" || $data['type'] == 'htmlpref') {
Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid, $data["value"], $userid));
if ($data["type"] == "password") {
Sql_Query(sprintf('update user set passwordchanged = now() where id = %d', $userid));
}
return 1;
}
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from %s where id = %d', $att_table, $attid));
if (!$attid_req[0]) {
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from %s where name = "%s"', $att_table, $data["name"]));
if (!$attid_req[0]) {
if ($GLOBALS["config"]["autocreate_attributes"]) {
Dbg("Creating new Attribute: " . $data["name"]);
sendError("creating new attribute " . $data["name"]);
$atttable = getNewAttributeTablename($data["name"]);
Sql_Query(sprintf('insert into %s (name,type,tablename) values("%s","%s","%s")', $att_table, $data["name"], $data["type"], $atttable));
$attid = Sql_Insert_Id();
} else {
dbg("Not creating new Attribute: " . $data["name"]);
# sendError("Not creating new attribute ".$data["name"]);
}
} else {
$attid = $attid_req[0];
$atttable = $attid_req[2];
}
} else {
$attid = $attid_req[0];
$atttable = $attid_req[2];
}
if (!$atttable) {
$atttable = getNewAttributeTablename($data["name"]);
# fix attribute without tablename
Sql_Query(sprintf('update %s set tablename ="%s" where id = %d', $att_table, $atttable, $attid));
# sendError("Attribute without Tablename $attid");
}
switch ($data["type"]) {
case "static":
case "password":
Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid, $data["value"], $userid));
break;
case "select":
$curval = Sql_Fetch_Row_Query(sprintf('select id from phplist_listattr_%s
where name = "%s"', $atttable, $data["displayvalue"]), 1);
if (!$curval[0] && $data['displayvalue'] && $data['displayvalue'] != '') {
Sql_Query(sprintf('insert into phplist_listattr_%s (name) values("%s")', $atttable, $data["displayvalue"]));
sendError("Added " . $data["displayvalue"] . " to {$atttable}");
$valid = Sql_Insert_id();
} else {
$valid = $curval[0];
}
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, $valid));
break;
case 'avatar':
if (is_array($_FILES)) {
## only avatars are files
$formfield = 'attribute' . $attid . '_file';
## the name of the fileupload element
if (!empty($_FILES[$formfield]['name'])) {
$tmpnam = $_FILES[$formfield]['tmp_name'];
move_uploaded_file($tmpnam, '/tmp/avatar' . $userid . '.jpg');
if (function_exists('resizeImageFile')) {
resizeImageFile('/tmp/avatar' . $userid . '.jpg', 250, 1);
}
$size = filesize('/tmp/avatar' . $userid . '.jpg');
# dbg('New size: '.$size);
if ($size < MAX_AVATAR_SIZE) {
$avatar = file_get_contents('/tmp/avatar' . $userid . '.jpg');
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, base64_encode($avatar)));
unlink('/tmp/avatar' . $userid . '.jpg');
}
}
}
break;
default:
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, $data["value"]));
break;
}
return 1;
}
function routeRequest($gpio)
{
$method = $_SERVER['REQUEST_METHOD'];
$request_uri = $_SERVER['REQUEST_URI'];
$root = $_SERVER['DOCUMENT_ROOT'];
$script = $_SERVER['SCRIPT_FILENAME'];
$path = pathinfo($script);
$context = substr($path['dirname'], strlen($root));
$uri = substr($request_uri, strlen($context));
$vars = explode('/', $uri);
global $SERVER_VERSION;
header("Server: " + $SERVER_VERSION);
if ($method == "GET") {
doGET($gpio, $vars);
} else {
if ($method == "POST") {
doPOST($gpio, $vars);
} else {
sendError(405, "Not Allowed");
}
}
}
sendError(3);
}
//linkstats = 1 mean old link
if ($linkstatus == 1) {
sendError(4);
}
//linkstats = 2 mean used link
if ($linkstatus == 2) {
sendError(5);
}
//check if linktime has expiered i.e a day old
$curtime = time();
$cmptime = $linktime + 24 * 60 * 60;
if ($curtime > $cmptime) {
snapUpdateLinkStatus($snapDbConn, $linkid, 1);
sendError(3);
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>MeetOn SNAP - Reset Password</title>
<meta content='width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no' name='viewport'>
<link href="common/css/bootstrap.css" rel="stylesheet" type="text/css" />
<link href="common/css/font-awesome.min.css" rel="stylesheet" type="text/css" />
<link href="postlogin/css/ionicons.min.css" rel="stylesheet" type="text/css" />
<link href="prelogin/css/AdminLTE.css" rel="stylesheet" type="text/css" />
<link href="common/css/skin-blue-light.min.css" rel="stylesheet" type="text/css" />
</head>
<body class="skin-blue-light" data-target="#scrollspy">
public function searchTextLayer($term)
{
$text_hits = array();
// Convert wildcards.
$term = str_replace('<?>', '_', $term);
$term = str_replace('<*>', '%', $term);
// Temporary SQLite storage.
$temp_db = $this->pdf_cache_path . DIRECTORY_SEPARATOR . $this->file_name . '.sq3';
/**
* Database text storage is created by extractXMLText(), when a PDF is open
* first time. When a PDF is being extracted, the PDF filename is written
* in a log. This code checks if a PDF is not being extracted at this
* moment, and delays the execution so that it continues after the database
* storage has been created.
*/
if (!is_file($temp_db)) {
// Is it being created?
if ($this->checkPDFLog($this->file_name . '.sq3')) {
// Wait up to 30 sec.
for ($i = 1; $i <= 60; $i++) {
if ($this->checkPDFLog($this->file_name . '.sq3')) {
usleep(500000);
}
}
} else {
// File might have been deleted. Re-create it.
$this->extractXMLText();
}
}
// At this point, the database must exist.
if (!file_exists($temp_db)) {
sendError('Text storage not found.');
}
// Fetch text from the database (8 PDF pages).
$dbHandle = database_connect($this->pdf_cache_path, $this->file_name);
$term_q = $dbHandle->quote('%' . $term . '%');
$result = $dbHandle->query("SELECT top,left,height,width,text,page_number" . " FROM texts WHERE text LIKE {$term_q} ORDER BY page_number ASC");
// Compile search results.
while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
extract($row);
$text_hits[] = array('p' => $page_number, 't' => $top, 'l' => $left, 'h' => $height, 'w' => $width, 'tx' => $text);
}
// If the result set is empty, check if there is any text at all.
if (empty($text_hits)) {
$result = $dbHandle->query("SELECT count(*) FROM texts");
$count = $result->fetchColumn();
if ($count == 0) {
sendError('This PDF has no searchable text.');
}
}
// If the result set is empty, the PDF has no text layer. It is allowed.
return json_encode($text_hits);
}
<?php
// Detect if there was XHR request
if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
$fields = array('row', 'column', 'text');
$sqlFields = array('name', 'age', 'location');
foreach ($fields as $field) {
if (!isset($_POST[$field]) || strlen($_POST[$field]) <= 0) {
sendError('No correct data');
exit;
}
}
$db = new mysqli('localhost', 'root', '', 'grid');
$db->set_charset('utf8');
if ($db->connect_errno) {
sendError('Connect error');
exit;
}
$userQuery = sprintf("UPDATE user SET %s='%s' WHERE user_id=%d", $sqlFields[intval($_POST['column'])], $db->real_escape_string($_POST['text']), $db->real_escape_string(intval($_POST['row'])));
$stmt = $db->query($userQuery);
if (!$stmt) {
sendError('Update failed');
exit;
}
}
header('Location: index.php');
function sendError($message)
{
header($_SERVER['SERVER_PROTOCOL'] . ' 320 ' . $message);
}
} else {
$strHeaders = "From: " . $strUsername . "<" . $strEmail . ">\n";
$strHeaders .= "Reply-To: " . $strUsername . "<" . $strEmail . ">\n";
$strHeaders .= "Cc: " . $strUsername . "<" . $strEmail . ">\n";
$strHeaders .= "X-Sender: " . $strUsername . "<" . $strEmail . ">\n";
$strHeaders .= "X-Mailer: PHP/" . phpversion();
$strHeaders .= "X-Priority: 1\n";
$strHeaders .= "Return-Path: " . $strEmail . "\n";
$strHeaders .= "MIME-Version: 1.0\r\n";
$strHeaders .= "Content-Type: text/html; charset=iso-8859-1\n";
$strMessage = wordwrap($strMessage, 70);
$blnSent = mail($strContactEmail, $strSubject, $strMessage, $strHeaders);
if ($blnSent) {
echo "<center><h2>Thank you for contacting us, you will receive an email from us within the next 48 hours</h2></center>";
} else {
sendError('Failed to send email');
}
}
} else {
?>
<center>
<form class="form" name="form" method="post" action="<?php
echo $_SERVER['PHP_SELF'];
?>
">
<input type="text" name="username" maxlength="10" placeholder="Enter Your Username">
<input type="text" name="email" maxlength="25" placeholder="Enter A Valid Email">
<input type="text" name="subject" maxlength="20" placeholder="Enter Your Subject">
<textarea name="comments" maxlength="500" cols="25" rows="6" placeholder="Enter Your Message"></textarea>
<!--edit the site key to match yours for the captcha -->
function signUp($db)
{
if (!(isset($_GET['username']) || !isset($_GET['password']))) {
//missing argument
sendError("Missing either username or password");
return;
}
$username = $_GET['username'];
$returnArr = [];
$pwHash = hash("md5", $_GET['password']);
//Find out if the username already exists
if (!($stmt = $db->prepare("SELECT userId FROM cs290_final_users WHERE userId = ?"))) {
sendError("Prepare failed: (" . $db->errno . ") " . $db->error);
}
$result;
$stmt->bind_param('s', $username);
$stmt->bind_result($result);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
//username already exists
$returnArr['usernameTaken'] = 1;
echo json_encode($returnArr);
return;
}
$stmt->close();
//store the new username to the database
if (!($stmt = $db->prepare("INSERT INTO cs290_final_users VALUES (?, ?)"))) {
sendError("Prepare failed: (" . $db->errno . ") " . $db->error);
}
$stmt->bind_param('ss', $username, $pwHash);
$stmt->execute();
$stmt->close();
$returnArr['signupSuccess'] = 1;
$_SESSION['username'] = $username;
echo json_encode($returnArr);
return;
}
$pdfHandler->createPageImage($_GET['page']);
} elseif (isset($_GET['renderthumbs']) && !empty($_GET['from'])) {
// Create thumbs.
$pdfHandler->createPageThumbs($_GET['from']);
} elseif (isset($_GET['renderbookmarks'])) {
// Extract bookmarks.
echo $pdfHandler->extractBookmarks();
} elseif (isset($_GET['rendertext'])) {
// Extract text into database.
$pdfHandler->extractXMLText();
} elseif (isset($_GET['gettextlayer']) && !empty($_GET['from'])) {
// Get text from the database.
echo $pdfHandler->getTextLayer($_GET['from']);
} elseif (isset($_GET['searchtextlayer'])) {
if (empty($_GET['search_term'])) {
sendError('No search term provided');
}
// Search text in the database.
echo $pdfHandler->searchTextLayer($_GET['search_term']);
} elseif (isset($_GET['deleteannotation']) && !empty($_GET['type'])) {
$dbids = array();
if (!empty($_GET['dbids'])) {
$dbids = $_GET['dbids'];
}
// Delete annotation.
echo $pdfHandler->deletePDFAnnotation($_GET['type'], $dbids);
} elseif (isset($_GET['editannotation']) && !empty($_GET['dbid'])) {
// Edit PDF note text.
echo $pdfHandler->editPDFNote($_GET['dbid'], $_GET['text']);
} elseif (isset($_GET['savepdfnote']) && !empty($_GET['page']) && !empty($_GET['top']) && !empty($_GET['left'])) {
// Save new PDF note.
function userErrorHandler($errno, $errmsg, $filename, $linenum, $vars)
{
# whats the point of a user handler when it only
# passes notices. unfortunaltey other errors dont get passed
# so this wont be called too often
# dbg("User error: $errno, $errmsg");
global $config;
$time = date("d M Y H:i:s");
// Get the error type from the error number
$errortype = array(1 => "Error", 2 => "Warning", 4 => "Parsing Error", 8 => "Notice", 16 => "Core Error", 32 => "Core Warning", 64 => "Compile Error", 128 => "Compile Warning", 256 => "User Error", 512 => "User Warning", 1024 => "User Notice");
$errlevel = $errortype[$errno];
//Write error to log file (CSV format)
if (!isset($config["error_log"])) {
$config["error_log"] = '/tmp/' . $config["name"] . "_errors.csv";
}
if ($errno != 2 && $errno != 8) {
//Terminate script if fatal error
print "Sorry an error occurred: ({$errno})" . $errmsg;
$errfile = fopen($config["error_log"], "a");
fputs($errfile, "{$time}\t{$filename}\t{$linenum}\t({$errlevel})\t{$errmsg}\n");
fclose($errfile);
sendError($errno . " " . $errmsg . '
File: ' . $filename . '
Line: ' . $linenum . '
Vars: ' . $vars);
# LogError($errno." ".$errmsg);
die("A fatal error has occured. Script execution has been aborted");
}
return 1;
}
<?php
$page = "plugin";
$page_title = "Plugin Page";
$auth_name = 'login';
$b3_conn = true;
// this page needs to connect to the B3 database
$pagination = false;
// this page requires the pagination part of the footer
$query_normal = false;
require 'inc.php';
if (!isset($_GET['pl']) || $_GET['pl'] == '') {
sendError('plug');
// send to error page with no plugin specified error
exit;
}
$plugin = addslashes(cleanvar($_GET['pl']));
$varible = NULL;
if (isset($_GET['v'])) {
$varible = cleanvar($_GET['v']);
}
$page = $plugin;
// name of the page is the plugin name
$Cplug = $plugins_class["{$plugin}"];
$page_title = $Cplug->getTitle();
// get the page title from the title of the plugin
$_SERVER['SCRIPT_NAME'] = $_SERVER['SCRIPT_NAME'] . '?pl=' . $_GET['pl'];
## Require Header ##
require 'inc/header.php';
if ($mem->reqLevel($Cplug->getPagePerm())) {
// name of the plugin is also the name of the premission associated with it
function listProductosPorCategoria()
{
$c = getConnection();
$id = (int) $c->real_escape_string(request('categoria_id'));
$query = "SELECT * FROM productos WHERE categoria_id = {$id}";
$productos = array();
if ($resultado = $c->query($query)) {
while ($fila = $resultado->fetch_assoc()) {
$productos[] = array_map('utf8_encode', $fila);
}
$resultado->free();
sendResult(array("productos" => $productos), "Ok");
} else {
sendError("No se encontraron resultados");
}
}
exit;
}
if ($arg['loggedIn']) {
if (!$_REQUEST['file']) {
sendError($twig, '403');
} else {
if (!file_exists($fpath)) {
sendError($twig, '404');
} else {
$filetime = filemtime($fpath);
$etag = MD5(filemtime($fpath));
header('Cache-Control: public, max-age=31536000');
$notChanged = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $filetime || isset($_SERVER['HTTP_IF_NONE_MATCH']) && $_SERVER['HTTP_IF_NONE_MATCH'] == $etag;
if ($notChanged) {
sendError($twig, '304');
exit;
} else {
$nextmonth = time() + 2419200;
header('Content-Type: ' . mime_content_type($fpath));
header('Content-Length: ' . filesize($fpath));
header('Expires: ' . date('r', $nextmonth));
header('Last-Modified: ' . date('r', $filetime));
header('etag: ' . $etag);
readfile($fpath);
exit;
}
}
}
} else {
sendError($twig, '401');
}
function smamo_ajax_signup()
{
$response = array();
if (!isset($_POST['name']) || $_POST['name'] === '') {
sendError($response, 'Indtast venligst et navn');
}
if (!isset($_POST['email']) || $_POST['email'] === '') {
sendError($response, 'Indtast venligst en email');
}
if (!isset($_POST['work']) || $_POST['work'] === '') {
sendError($response, 'Vælg en arbejdsplads');
}
if (!isset($_POST['position']) || $_POST['position'] === '') {
sendError($response, 'Vælg en stilling');
}
if (!isset($_POST['work_since']) || $_POST['work_since'] === '') {
sendError($response, 'Indtast ansat siden');
}
if (!isset($_POST['birthday']) || $_POST['birthday'] === '') {
sendError($response, 'Indtast din fødselsdag');
}
if (!isset($_POST['phone']) || $_POST['phone'] === '') {
sendError($response, 'Skriv dit telefonnummer');
}
if (!isset($_POST['address']) || $_POST['address'] === '') {
sendError($response, 'Indtast din adresse');
}
if (!isset($_POST['post']) || $_POST['post'] === '') {
sendError($response, 'Indtast dit postnummer');
}
if (!isset($_POST['by']) || $_POST['by'] === '') {
sendError($response, 'Indtast by');
}
$name = wp_strip_all_tags($_POST['name']);
$email = wp_strip_all_tags($_POST['email']);
$work = wp_strip_all_tags($_POST['work']);
$position = wp_strip_all_tags($_POST['position']);
$ean = isset($_POST['ean']) ? wp_strip_all_tags($_POST['ean']) : '';
$cpr = isset($_POST['cpr']) ? wp_strip_all_tags($_POST['cpr']) : '';
$user_id = isset($_POST['user_id']) ? wp_strip_all_tags($_POST['user_id']) : '';
$work_since = strtotime(wp_strip_all_tags($_POST['work_since']));
$birthday = strtotime(wp_strip_all_tags($_POST['birthday']));
$phone = strtotime(wp_strip_all_tags($_POST['phone']));
$address = wp_strip_all_tags($_POST['address']);
$post = wp_strip_all_tags($_POST['post']);
$by = wp_strip_all_tags($_POST['by']);
$remarks = isset($_POST['remarks']) ? wp_strip_all_tags($_POST['remarks']) : '';
$new = wp_insert_post(array('post_title' => $name, 'post_type' => 'medlem', 'post_status' => 'draft'), true);
if (is_wp_error($new)) {
$response['error'] = 'Kunne ikke oprette medlemsskab på grund af en teknisk fejl: ' . $new->get_error_message;
echo json_encode($response);
exit;
}
update_post_meta($new, 'medlem_name', $name);
update_post_meta($new, 'medlem_email', $email);
update_post_meta($new, 'medlem_work', $work);
update_post_meta($new, 'medlem_position', $position);
update_post_meta($new, 'medlem_ean', $ean);
update_post_meta($new, 'medlem_cpr', $cpr);
update_post_meta($new, 'medlem_user_id', $user_id);
update_post_meta($new, 'medlem_work_since', $work_since);
update_post_meta($new, 'medlem_birthday', $birthday);
update_post_meta($new, 'medlem_phone', $phone);
update_post_meta($new, 'medlem_address', $address);
update_post_meta($new, 'medlem_post', $post);
update_post_meta($new, 'medlem_by', $by);
update_post_meta($new, 'medlem_remarks', $remarks);
update_post_meta($new, 'medlem_type', '99');
// Send notifikation
$members = get_posts(array('posts_per_page' => -1, 'meta_key' => 'notify_new_member', 'meta_value' => 1));
$emails = array();
foreach ($members as $member) {
$emails[] = get_post_meta($member->ID, 'medlem_email', true);
}
$message_head = '<html><head><meta name="charset" content="UTF-8"</head><body>';
$message_copy_notice = '<p><strong>Kære ' . $name . '</strong></p>';
$message_copy_notice .= '<p>Tak for din anmodning om medlemsskab i FSD. Du kan se en kopi af de sendte data herunder. FSD vil hurtigst muligt vende tilbage, når medlemsskabet er gennemført. </p><br/><br/>';
$message = '<h3>' . $name . ' har anmodet om medlemsskab i FSD</h3>';
$message .= '<p><strong>Oplysninger</strong></p><ul>';
$message .= '<li>Navn: ' . $name . '</li>';
$message .= '<li>Email: ' . $email . '</li>';
$message .= '<li>Telefonnummer: ' . $phone . '</li>';
$message .= '<li>Ansat hos: ' . $work . '</li>';
$message .= '<li>Stilling: ' . $position . '</li>';
$message .= '<li>EAN: ' . $ean . '</li>';
$message .= '<li>Bruger ID: ' . $user_id . '</li>';
$message .= '<li>Ansat siden: ' . $work_since . '</li>';
$message .= '<li>Fødselsdato: ' . $birthday . '</li>';
$message .= '<li>Adresse: ' . $address . '</li>';
$message .= '<li>Postnummer: ' . $post . '</li>';
$message .= '<li>By: ' . $by . '</li>';
$message .= '<li>CPR: ' . $cpr . '</li>';
$message .= '<li>Bemærkninger: ' . $remarks . '</li>';
$message_footer = '</ul><br/><br/><p>Venlig hilsen FSD</p></body></html>';
$notify_header = "From: FSD <*****@*****.**>\r\n";
$notify_header .= "MIME-Version: 1.0\r\n";
$notify_header .= "Content-Type: text/html; charset=utf-8\r\n";
$notify_header .= "X-Priority: 1\r\n";
$email = wp_mail($emails, 'Nyt medlemsskab i FSD', $message_head . $message . $message_footer, $notify_header);
$confirm = wp_mail($email, 'Tak for din henvendelse', $message_head . $message_copy_notice . $message . $message_footer, $notify_header);
$confirm_copy = wp_mail('*****@*****.**', 'Tak for din henvendelse', $message_head . $message_copy_notice . $message . $message_footer, $notify_header);
$response['success'] = '<h2>Tjek din email</h2><p>Tak for din registrering. FSD vil hurtigst muligt vende tilbage, når medlemsskabet er gennemført.</p>';
echo json_encode($response);
exit;
}
<?php
if (empty($_POST["filename"])) {
sendError(400);
}
$filename = loadPicFile("helpers/filenamereject.php", array("filename" => $_POST["filename"]));
$path = Access::getCurrentPath();
$fullFilename = $path->path . $filename;
if (!is_file($fullFilename)) {
sendError(404);
}
if ($path->hasPermission("nsfw") === false) {
$nsfwRegexPathTest = preg_match("/.*\\/NSFW\\/.*/", $fullFilename);
if ($nsfwRegexPathTest === 1 || $nsfwRegexPathTest === false) {
sendError(404);
}
$nsfwRegexPathTest = preg_match("/NSFW\\/.*/", $fullFilename);
if ($nsfwRegexPathTest === 1 || $nsfwRegexPathTest === false) {
sendError(404);
}
}
return $fullFilename;
* This file handles requests to local.users.com/users
*/
$requestUri = $_SERVER['REQUEST_URI'];
$handledPath = '/users';
if (strpos($requestUri, $handledPath) === false) {
sendError();
}
$userId = str_replace($handledPath, '', $requestUri);
$userId = str_replace('/', '', $userId);
if ($userId) {
try {
$userData = getUserData($userId);
// Handle requests to /users/{userId}
sendSuccess($userData);
} catch (Exception $e) {
sendError();
}
} else {
sendSuccess(getAllUsers());
// Handle requests to /users
}
function getUserData($userId)
{
$users = getAllUsers();
if (isset($users[$userId])) {
$userData = $users[$userId];
return [$userId => $userData];
} else {
throw new Exception('Unable to fetch user');
}
}
private function getContact($uid)
{
$qry = "Select ContactId From SelfServiceUser Where Id = '{$uid}'";
$result = $this->query($qry);
$sobj = $this->unpackSObjects($result);
$cid = $sobj[0]->ContactId;
if (is_null($cid)) {
return null;
}
$qry = "Select Id, AccountId, Account.Name, FirstName, LastName, Phone, Email, Title, Department From Contact Where Id = '{$cid}'";
$result = $this->query($qry);
if (count($result->records) == 1) {
$cont = $this->unpackSObjects($result);
return $cont[0];
} else {
sendError($result, "Error retrieving contact information for {$uid}");
}
}
$fields['Response__c'] = floatval($resp);
$fields['Response_Provided__c'] = 'true';
} else {
$fields['Response__c'] = 0.0;
$fields['Response_Provided__c'] = 'false';
}
$item->fields = $fields;
array_push($answers, $item);
if ($log) {
fwrite($log, date('c') . ' - Answer: ' . $key . '-' . $idx . '-' . $_POST[$idx] . ' stored as ' . $resp . "\n");
}
}
try {
$response = $sforce->create($answers);
} catch (Exception $ex) {
sendError($ex, $_POST["company"]);
exit;
}
if ($log) {
fwrite($log, date('c') . ' - Answers: ' . count($response) . "\n");
fclose($log);
}
header('Location: http://www.anitaborg.org/TopCompany/form_ack.html');
}
function sendError($error, $company)
{
global $ERRORS_TO;
global $log;
$message = "A Top Company form submission error occurred at " . date('c') . "\r\n";
$message .= "Company Name: {$company} \r\n";
$message .= $error->getFile() . ': ' . $error->getLine() . "\r\n";
function saveUserAttribute($userid, $attid, $data)
{
global $usertable_prefix, $table_prefix, $tables;
# workaround for integration webbler/phplist
if (!isset($usertable_prefix)) {
$usertable_prefix = '';
}
if (!isset($table_prefix)) {
$table_prefix = 'phplist_';
}
if (!empty($tables["attribute"])) {
$att_table = $usertable_prefix . $tables["attribute"];
$user_att_table = $usertable_prefix . $tables["user_attribute"];
} else {
$att_table = $usertable_prefix . "attribute";
$user_att_table = $usertable_prefix . "user_attribute";
}
if (!is_array($data)) {
$tmp = $data;
$data = Sql_Fetch_Assoc_Query(sprintf('select * from %s where id = %d', $att_table, $attid));
$data['value'] = $tmp;
$data['displayvalue'] = $tmp;
}
# dbg($data,'$data to store for '.$userid.' '.$attid);
if ($data["nodbsave"]) {
# dbg($attid, "Not saving, nodbsave");
return;
}
if ($attid == "emailcheck" || $attid == "passwordcheck") {
# dbg($attid, "Not saving, emailcheck/passwordcheck");
return;
}
if (!$data["type"]) {
$data["type"] = "textline";
}
if ($data["type"] == "static" || $data["type"] == "password" || $data['type'] == 'htmlpref') {
if (!empty($GLOBALS['config']['dontsave_userpassword']) && $data['type'] == 'password') {
$data["value"] = 'not authoritative';
}
Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid, $data["value"], $userid));
dbg('Saving', $data['value'], DBG_TRACE);
if ($data["type"] == "password") {
Sql_Query(sprintf('update user set passwordchanged = now(),password="******" where id = %d', hash('sha256', $data['value']), $userid));
}
return 1;
}
$attributetype = $data['type'];
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from %s where id = %d', $att_table, $attid));
if (!$attid_req[0]) {
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from %s where name = "%s"', $att_table, $data["name"]));
if (!$attid_req[0]) {
if (!empty($data["name"]) && $GLOBALS["config"]["autocreate_attributes"]) {
# Dbg("Creating new Attribute: ".$data["name"]);
sendError("creating new attribute " . $data["name"]);
$atttable = getNewAttributeTablename($data["name"]);
Sql_Query(sprintf('insert into %s (name,type,tablename) values("%s","%s","%s")', $att_table, $data["name"], $data["type"], $atttable));
$attid = Sql_Insert_Id();
} else {
# dbg("Not creating new Attribute: ".$data["name"]);
# sendError("Not creating new attribute ".$data["name"]);
}
} else {
$attid = $attid_req[0];
if (empty($attributetype)) {
$attributetype = $attid_req[1];
}
$atttable = $attid_req[2];
}
} else {
$attid = $attid_req[0];
if (empty($attributetype)) {
$attributetype = $attid_req[1];
}
$atttable = $attid_req[2];
}
if (!$atttable && !empty($data['name'])) {
$atttable = getNewAttributeTablename($data["name"]);
# fix attribute without tablename
Sql_Query(sprintf('update %s set tablename ="%s" where id = %d', $att_table, $atttable, $attid));
# sendError("Attribute without Tablename $attid");
}
switch ($attributetype) {
case "static":
case "password":
# dbg('SAVING STATIC OR PASSWORD');
if (!empty($GLOBALS['config']['dontsave_userpassword']) && $data['type'] == 'password') {
$data["value"] = 'not authoritative';
}
Sql_Query(sprintf('update user set %s = "%s" where id = %d', $attid, $data["value"], $userid));
break;
case "select":
$curval = Sql_Fetch_Row_Query(sprintf('select id from ' . $table_prefix . 'listattr_%s
where name = "%s"', $atttable, $data["displayvalue"]), 1);
if (!$curval[0] && $data['displayvalue'] && $data['displayvalue'] != '') {
Sql_Query(sprintf('insert into ' . $table_prefix . 'listattr_%s (name) values("%s")', $atttable, $data["displayvalue"]));
sendError("Added " . $data["displayvalue"] . " to {$atttable}");
$valid = Sql_Insert_id();
} else {
$valid = $curval[0];
}
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, $valid));
break;
case 'avatar':
if (is_array($_FILES)) {
## only avatars are files, for now
if (!defined('MAX_AVATAR_SIZE')) {
define('MAX_AVATAR_SIZE', 100000);
}
$formfield = 'attribute' . $attid . '_file';
## the name of the fileupload element
if (!empty($_FILES[$formfield]['name']) && !empty($_FILES[$formfield]['tmp_name'])) {
$tmpnam = $_FILES[$formfield]['tmp_name'];
move_uploaded_file($tmpnam, '/tmp/avatar' . $userid . '.jpg');
$size = filesize('/tmp/avatar' . $userid . '.jpg');
# dbg('New size: '.$size);
if ($size < MAX_AVATAR_SIZE) {
$avatar = file_get_contents('/tmp/avatar' . $userid . '.jpg');
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, base64_encode($avatar)));
unlink('/tmp/avatar' . $userid . '.jpg');
}
}
}
break;
default:
Sql_Query(sprintf('replace into %s (userid,attributeid,value)
values(%d,%d,"%s")', $user_att_table, $userid, $attid, $data["value"]));
break;
}
return 1;
}
/**
* PHP >= 5.4.0<br/>
* Write session data
* @link http://php.net/manual/en/sessionhandlerinterafce.write.php
* @param string $session_id The session id.
* @param string $session_data <p>
* The encoded session data. This data is the
* result of the PHP internally encoding
* the $_SESSION superglobal to a serialized
* string and passing it as this parameter.
* Please note sessions use an alternative serialization method.
* </p>
* @return bool <p>
* The return value (usually TRUE on success, FALSE on failure).
* Note this value is returned internally to PHP for processing.
* </p>
*/
public function write($session_id, $session_data)
{
$session_id = addslashes($session_id);
$session_data = addslashes($session_data);
$session_exists = phpList::DB()->query(sprintf('SELECT COUNT(*) FROM %s
WHERE sessionid = \'%s\'', Config::SESSION_TABLENAME, addslashes($session_id)))->fetchColumn(0);
if ($session_exists <= 0) {
$retval = phpList::DB()->query(sprintf('INSERT INTO %s (sessionid,lastactive,data)
VALUES("%s",UNIX_TIMESTAMP(NOW()),"%s")', Config::SESSION_TABLENAME, $session_id, $session_data));
} else {
$retval = phpList::DB()->query(sprintf('UPDATE %s
SET data = "%s", lastactive = UNIX_TIMESTAMP(NOW())
WHERE sessionid = "%s"', Config::SESSION_TABLENAME, $session_id, $session_data));
if ($retval->rowCount() <= 0) {
//TODO: correct error handling
phpList::log()->notice('unable to update session data for session ' . $session_id);
sendError('unable to update session data for session ' . $session_id);
}
}
return $retval;
}
function saveUserAttribute($userid,$attid,$data) {
if ($data["nodbsave"]) {
dbg("Not saving $attid");
return;
}
if ($attid == "emailcheck" || $attid == "passwordcheck") {
dbg("Not saving $attid");
return;
}
if (!$data["type"])
$data["type"] = "textline";
if ($data["type"] == "static" || $data["type"] == "password") {
Sql_Query(sprintf('update user set %s = "%s" where id = %d',
$attid,$data["value"],$userid));
return 1;
}
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from attribute where id = %d',$attid));
if (!$attid_req[0]) {
$attid_req = Sql_Fetch_Row_Query(sprintf('
select id,type,tablename from attribute where name = "%s"',$data["name"]));
if (!$attid_req[0]) {
if ($GLOBALS["config"]["autocreate_attributes"]) {
Dbg("Creating new Attribute: ".$data["name"]);
sendError("creating new attribute ".$data["name"]);
$atttable= getNewAttributeTablename($data["name"]);
Sql_Query(sprintf('insert into attribute (name,type,tablename) values("%s","%s","%s")',$data["name"],$data["type"],$atttable));
$attid = Sql_Insert_Id();
} else {
dbg("Not creating new Attribute: ".$data["name"]);
# sendError("Not creating new attribute ".$data["name"]);
}
} else {
$attid = $attid_req[0];
$atttable = $attid_req[2];
}
} else {
$attid = $attid_req[0];
$atttable = $attid_req[2];
}
if (!$atttable) {
$atttable = getNewAttributeTablename($data["name"]);
# fix attribute without tablename
Sql_Query(sprintf('update attribute set tablename ="%s" where id = %d',
$atttable,$attid));
# sendError("Attribute without Tablename $attid");
}
switch ($data["type"]) {
case "static":
case "password":
Sql_Query(sprintf('update user set %s = "%s" where id = %d',
$attid,$data["value"],$userid));
break;
case "select":
$curval = Sql_Fetch_Row_Query(sprintf('select id from phplist_listattr_%s
where name = "%s"',$atttable,$data["displayvalue"]),1);
if (!$curval[0]) {
Sql_Query(sprintf('insert into phplist_listattr_%s (name) values("%s")',$atttable,
$data["displayvalue"]));
sendError("Added ".$data["displayvalue"]." to $atttable");
$valid = Sql_Insert_id();
} else {
$valid = $curval[0];
}
Sql_Query(sprintf('replace into user_attribute (userid,attributeid,value)
values(%d,%d,"%s")',$userid,$attid,$valid));
break;
default:
Sql_Query(sprintf('replace into user_attribute (userid,attributeid,value)
values(%d,%d,"%s")',$userid,$attid,$data["value"]));
break;
}
return 1;
}
}
// default to login required
if ($auth_user_here != false) {
// some pages do not need auth but include this file so this following line is optional
$mem->auth($auth_name);
}
// see if user has the right access level is not on the BL and has not got a hack counter above 3
## remove tokens from 2 pages ago to stop build up
if (!isLogin()) {
// stop login page from using this and moving the vars
$tokens = array();
$num_tokens = count($_SESSION['tokens']);
if ($num_tokens > 0) {
foreach ($_SESSION['tokens'] as $key => $value) {
$tokens[$key] = $value;
}
$_SESSION['tokens'] = array();
}
}
## if no time zone set display error ##
if (NO_TIME_ZONE) {
// if no time zoneset show warning message
set_warning("Setup Error: The website's time zone is not set, defaulting to use Europe/London (GMT)");
}
## Block Internet Explorer ###
if ($allow_ie == 0) {
if (detectIE() && !isError()) {
// alow IE on the pubbans page aswell as the error page
sendError('ie');
}
}
