function valid_mysql_query_data($istring)
{
$istring = "'" . sqlinjection_free($istring) . "'";
if ($istring == "''") {
$istring = "NULL";
}
return $istring;
}
<?php
/* Author: Gowtham */
session_start();
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
require 'inc.php';
//include 'db_login.php';
require "{$root}/lib/adminScripts/db_login.php";
$searchString = sqlinjection_free($_POST['searchString']);
$searchType = json_decode($_POST['searchType'], true);
if ($_SESSION['authenticated']) {
if ($searchType['type'] != 'onlyDBSearch') {
$query = "SELECT `uid` FROM `objectTable` WHERE `id`='" . $searchString . "'";
$result = mysql_db_query('collegedb2admin', $query, $dbc);
$error2 = mysql_error($dbc);
$UID = mysql_result($result, 0, 'uid');
if ($UID) {
$query = "SELECT PID, username FROM `users` WHERE `index`='" . $UID . "'";
$result = mysql_db_query('collegedb2admin', $query, $dbc);
$error3 = mysql_error();
$PID = mysql_result($result, 0, 'PID');
$username = mysql_result($result, 0, 'username');
if ($PID) {
$query = "SELECT * FROM user_profiles WHERE `index`='" . $PID . "'";
$result = mysql_db_query('collegedb2admin', $query, $dbc);
$error4 = mysql_error($dbc);
$full_name = mysql_result($result, 0, "full_name");
$gaurdian_id = mysql_result($result, 0, "gaurdian_id");
$sex = mysql_result($result, 0, 'sex');
$dob = mysql_result($result, 0, 'DOB');
$p_address = mysql_result($result, 0, 'permenent_address');
if ($authorizeTable) {
$query = "DROP TABLE `" . $dbTable . "`";
$result = mysql_query($query, $dbc);
$error1 = mysql_error($dbc);
if (!$error1) {
exec("rm {$DIR_dbTableData}/{$dbTable}");
echo '<status>success</status>';
$dbtUpdate['tables'][$dbTable]['op']['delTable'] = true;
} else {
echo '<status>' . $error1 . '</status>';
}
}
break;
case 'delRow':
if ($authorizeTable) {
$rowIndex = sqlinjection_free($_POST['rowIndex']);
$query = "DELETE FROM `" . $dbTable . "` WHERE `index` = '" . $rowIndex . "'";
$result = mysql_query($query, $dbc);
$error1 = mysql_error($dbc);
if (!$error1) {
$dbtUpdate['tables'][$dbTable]['op']['delRow'][$rowIndex]['oid'] = $_SESSION['oid'];
$dbtUpdate['tables'][$dbTable]['op']['delRow'][$rowIndex]['ts'] = strftime("%Y-%m-%d %H:%M:%S");
$tp = getTableFromFile($dbTable);
unset($tp[$rowIndex]);
putTableInFile($tp, $dbTable);
echo '<status>success</status>';
} else {
echo '<status>' . $error1 . '</status>';
}
}
break;
require_once 'inc.php';
$postLength = count($_POST);
$content_count = $postLength - 1;
$no_of_subs = $content_count / 3;
$marksTable = $_POST[tableName];
$sub_string = "";
for ($i = 0; $i < $no_of_subs; $i++) {
$sub_string .= sqlinjection_free($_POST[$i]) . '_int int(3), ';
$sub_string .= sqlinjection_free($_POST[$i]) . '_ext int(3), ';
}
$no_of_subjects = count($_POST) / 3;
$query = "create table " . $marksTable . "(index int(3) unique auto_increment, regd_no varchar(10) not null primary key, " . $sub_string . "total int(4))engine innodb";
$result = mysql_query($query);
$maxMarkStrng = "";
$sub_string = "";
if ($result) {
for ($i = 0; $i < $no_of_subs; $i++) {
$sub_string .= "`" . sqlinjection_free($_POST[$i]) . "_int`,";
$sub_string .= "`" . sqlinjection_free($_POST[$i]) . "_ext`,";
}
for ($i = $no_of_subs; $i < $content_count; $i++) {
$maxMarkStrng .= "'" . sqlinjection_free($_POST[$i]) . "',";
}
$query = "insert into " . $marksTable . "(`id`,`UID`,`timeStamp`,`regd_no`," . $sub_string . "`total`) values(null,'" . $_SESSION['uid'] . "',null,'maxMarks'," . $maxMarkStrng . "null)";
$result = mysql_query($query);
if ($result) {
echo "true";
}
}
}
mysql_close();
$_SESSION['uid'] = "o" . $oid;
$_SESSION['oid'] = $oid;
$_SESSION['pid'] = NULL;
$_SESSION['authenticated'] = TRUE;
$_SESSION['adminLevel'] = mysql_result($result, 0, "adminLevel");
$_SESSION['userPic'] = NULL;
$_SESSION['nickName'] = $username;
$_SESSION['key'] = $key;
$_SESSION['function'][$oid]['label'] = mysql_result($result, $i, 'type2');
$_SESSION['function'][$oid]['func'] = mysql_result($result, $i, 'function');
$_SESSION['function'][$oid]['aL'] = mysql_result($result, $i, 'adminLevel');
$_SESSION['function'][$oid]['id'] = mysql_result($result, $i, 'id');
}
} else {
$username = strtolower(sqlinjection_free($_POST['username']));
$password = sqlinjection_free($_POST['password']);
$query = "select * from users where username='******'";
$result = mysql_db_query('collegedb2admin', $query, $dbc);
if ($password and $username and mysql_result($result, 0, "password") == $password) {
$uid = mysql_result($result, 0, 'index');
$slKey = ftok("{$_SERVER['DOCUMENT_ROOT']}/lib/sessionLog", 'f');
$slSemId = sem_get($slKey);
$slShmId = shm_attach($slKey, 1000000);
$sa = sem_acquire($slSemId);
@($sessionLog = shm_get_var($slShmId, $slKey));
if (@($sessionId = $sessionLog[$uid]['sessionId'])) {
session_id($sessionId);
}
session_start();
$sessionLog[$uid]['sessionId'] = $sessionId = $sessionId ? $sessionId : session_id();
$spv = shm_put_var($slShmId, $slKey, $sessionLog);
require "{$root}/lib/inc.php";
require "{$root}/lib/formValidator.php";
include 'db_login.php';
header('Content-Type: text/xml');
header('Cache-Control: no-cache');
header('Cache-Control: no-store', false);
echo '<register>';
require "{$root}/lib/recaptchalib.php";
$privatekey = "6Lf7sdASAAAAAKXALMdLPQMowDFkQhppTdj9Dufe";
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid and FALSE) {
// What happens when the CAPTCHA was entered incorrectly
echo "<status>The reCAPTCHA wasn't entered correctly. Go back and try it again.(reCAPTCHA said: " . $resp->error . ")</status>";
} else {
// Your code here to handle a successful verification
$usrname = sqlinjection_free($_POST['username']);
$username = strtolower(valid_mysql_query_data($_POST['username']));
$password = valid_mysql_query_data($_POST['password']);
$full_name = valid_mysql_query_data($_POST['fullName']);
$nickName = valid_mysql_query_data($_POST['nickName']);
$gaurdian_id = valid_mysql_query_data($_POST['gaurdianID']);
$sex = valid_mysql_query_data($_POST['sex']);
$dob = valid_mysql_query_data($_POST['DOB']);
$p_address = valid_mysql_query_data($_POST['pAddress']);
$tel1 = valid_mysql_query_data($_POST['tel1']);
$tel2 = valid_mysql_query_data($_POST['tel2']);
$email_id = valid_mysql_query_data($_POST['emailID']);
$photo_id = valid_mysql_query_data($_POST['photoID']);
$ePass = generatePassword(16, 8);
$domain = 'ferryfair.com';
$error_form = validate_form($username, $password, $full_name, $nickName, $gaurdian_id, $dob, $p_address, $tel1, $tel2, $email_id);
<?php
/* Author: Gowtham */
require 'authorize.php';
header('Content-Type: text/xml');
header('Cache-Control: no-cache');
header('Cache-Control: no-store', false);
echo '<?xml version="1.0" encoding="UTF-8"?><deobjectize>';
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
require "{$root}/lib/inc.php";
if (authorizeTransit($_SESSION['adminLevel'], 'Zz0')) {
require 'db_login.php';
$objectId = sqlinjection_free($_POST['objectId']);
$query = "SELECT * FROM `objectTable` WHERE `id`='" . $objectId . "'";
$or = mysql_query($query, $dbc);
$dberr .= mysql_error($dbc);
if (!$dberr and $or) {
$uid = mysql_result($or, 0, 'uid');
$aL = mysql_result($or, 0, 'adminLevel');
$oid = mysql_result($or, 0, 'index');
$query = "SELECT * FROM `users` WHERE `index`=" . $uid;
$ur = mysql_query($query, $dbc);
$dberr .= mysql_error($dbc);
if (!$dberr and $ur) {
$uAL = mysql_result($ur, 0, 'adminLevel');
$i = 0;
while ($uAL[$i] != NULL) {
if ($uAL[$i] == $aL[0]) {
$i++;
while (!preg_match("/[A-Z]/", $uAL[$i]) and $uAL[$i] != NULL) {
if ($uAL[$i] == $aL[1] and $uAL[$i + 1] == $aL[2]) {
require 'db_login.php';
$root = realpath($_SERVER["DOCUMENT_ROOT"]);
require_once "{$root}/lib/inc.php";
//check table Authority
$userAdminLevel = $_SESSION['adminLevel'];
if (domesticSlave($userAdminLevel, 'Zz9')) {
$cQuery = sqlinjection_free($_GET['query']);
if ($_POST['query']) {
$cQuery = $_POST['query'];
}
$filters = split("[?:@\$][?:@\$]", $cQuery);
if (count($filters) > 4) {
echo 'bad query. Duplicate Operators ~&|~';
die;
}
$dbTable = sqlinjection_free(trim($filters[0]));
$dbTable = strtolower($dbTable);
$cQuery = $dbTable . substr($cQuery, strlen($filters[0]));
$cQuery = str_replace($filters[0], $dbTable, $cQuery);
$rFilter = null;
$cString = null;
$sString = null;
$filterCount = 0;
$start = strlen($filters[0]);
for ($i = 1; $i < count($filters); $i++) {
if ($cQuery[strpos($cQuery, $filters[$i], $start) - 1] == '?' and $cQuery[strpos($cQuery, $filters[$i], $start) - 2] == '?' and !$rFilter) {
$rFilter = $filters[$i];
} elseif ($cQuery[strpos($cQuery, $filters[$i], $start) - 1] == ':' and $cQuery[strpos($cQuery, $filters[$i], $start) - 2] == ':' and !$cString) {
$cString = $filters[$i];
} elseif ($cQuery[strpos($cQuery, $filters[$i], $start) - 1] == '@' and $cQuery[strpos($cQuery, $filters[$i], $start) - 2] == '@' and !$sString) {
$sString = $filters[$i];
<?php
/* Author: Gowtham */
include 'authorize.php';
require_once '../inc.php';
include_once 'db_Login.php';
$regNo = sqlinjection_free($_POST['regNo']);
$passKey = sqlinjection_free($_POST['passKey']);
$tableStr = substr($regNo, 0, 8);
$query = "SELECT `adminLevel`,`table` FROM `adminTable` WHERE `table`='" . $tableStr . "'";
$result = mysql_query($query);
$error = mysql_error();
$tableAdminLevel = mysql_result($result, 0, 'adminLevel');
if ($tableAdminLevel) {
$table = mysql_result($result, 0, 'table');
$query = "select `passKey` from `" . $table . "` where `id`='" . $regNo . "'";
$result = mysql_query($query);
$error = mysql_error();
$cPassKey = mysql_result($result, 0, 'passKey');
$match = FALSE;
if ($passKey and $passKey == $cPassKey) {
$userAdminLevel = $_SESSION['adminLevel'];
$preUserAdminLevel = $userAdminLevel;
$i = 0;
while ($i < strlen($userAdminLevel) and $userAdminLevel) {
if ($userAdminLevel[$i] == 'A') {
$i++;
while (!preg_match('/[A-Z]/', $userAdminLevel[$i]) and $i < strlen($userAdminLevel)) {
if ($userAdminLevel[$i] == 'a') {
$i++;
if ($userAdminLevel[$i] == '7') {
