function testInputTimeWrong()
{
$input = '21:30am';
$return = validate_input(array('type' => 'time'), $input, $error);
$this->assertEqual($input, '21:30am');
$this->assertEqual($return, false);
}
function testValidInputAddressBlankEmpty()
{
$input = '';
$valid = array('type' => 'address', 'blank' => 1);
validate_input($valid, $input, $error);
$this->assertTrue(empty($error));
$this->assertTrue(empty($input));
}
public function __construct($request)
{
// Get the token from $request which has been set in the headers
$this->token = $request['token'];
// Get the args which is simply the url without domain and ...
$args = $request['args'];
// This will check if user is authenticated, if not Auth will throw a Error(7) and kills the page
Auth::authenticate($this->token);
// Get the all arguments from url
$this->args = explode('/', rtrim($args, '/'));
// Get the Controller name
$this->endpoint = ucfirst($this->args[0]);
// always the first one is our endpoint , E.g : api/v1/ -> products
// Do a loop on all arguments to find ids and popo names
foreach ($this->args as $arg) {
// Look for an id , either mongo id , or product id !
if (is_mongo_id($arg)) {
$this->id = $arg;
continue;
// continue if the condition is met , go next loop
}
// Check if there is popo with this arg in popo folder
if (popo_exists($this->endpoint, uc_first($arg))) {
$this->popo = uc_first($arg);
}
}
// Request type
$this->request_type = $this->get_request_method();
// PUT and DELETE can be hidden inside of an POST request , check them :
if ($this->request_type == 'POST' && array_key_exists('HTTP_X_HTTP_METHOD', $_SERVER)) {
if ($_SERVER['HTTP_X_HTTP_METHOD'] == "DELETE") {
$this->request_type = 'DELETE';
} else {
if ($_SERVER['HTTP_X_HTTP_METHOD'] == 'PUT') {
$this->request_type = 'PUT';
}
}
}
// Get all inputs
$this->input = @file_get_contents('php://input');
$this->input = json_decode($this->input);
// Check if request method is either POST or PUT and if yes , check if input is empty or not
validate_input($this->input, $this->request_type);
// Get params from GET , if is set
if (isset($_GET)) {
$this->params = $_GET;
// first param is like : /produtcs/34534543 , So we dont need it
array_shift($this->params);
}
// Get params from POST , if is set
if (isset($_POST)) {
foreach ($_POST as $k => $v) {
$this->params[$k] = $v;
}
}
// Define the protocol
$this->protocol = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443 ? "https" : "http";
}
function check_entry($array)
{
header_if(!validate_input(array($array["model_name"])), 400);
$criteria = $array;
unset($criteria["model_name"]);
$entry = call_user_func("select_" . $array["model_name"], $_GET[$array["model_name"]], array_merge(array("id"), array_keys($criteria)));
header_if(is_empty($entry), 404);
foreach ($criteria as $column => $value) {
header_if($value != $entry[$column], 403);
}
define($array["model_name"], $entry["id"]);
$GLOBALS[$array["model_name"]] = $entry;
}
function create_linked_user($username, $email, $password, $panelType)
{
// Global variables
global $redis_enabled, $redis_server;
// Connect to the DB
$ret = create_connection($connection);
if ($ret !== true) {
return $ret;
}
// Connect to Redis
if ($redis_enabled === true) {
$redis = new Redis();
if (!$redis->connect($redis_server)) {
$redis = false;
}
} else {
$redis = false;
}
// Validate input
$ret = validate_input($username, $email, $password, $panelType);
if ($ret !== true) {
end_connection(true, $connection);
return $ret;
}
// Create user
if (create_user($username, $email, $password, $userid, $apikey, $connection) !== true) {
end_connection(true, $connection);
return 'Username already exists';
}
// Set the type of user profile
$prefix = 'data/' . $panelType;
// Create feeds
if (create_feeds($prefix . '_feeds.json', $feeds, $apikey) !== true) {
end_connection(true, $connection);
return 'Error while creating the feeds';
}
// Create inputs
if (create_inputs($prefix . '_inputs.json', $userid, $inputs, $connection, $redis) !== true) {
end_connection(true, $connection);
return 'Error while creating the inputs';
}
// Create processes
if (create_processes($prefix . '_processes.json', $feeds, $inputs, $apikey) !== true) {
end_connection(true, $connection);
return 'Error while creating the processes';
}
end_connection(false, $connection);
return true;
}
function delete_user($username)
{
// Connect to the DB
$ret = create_connection($connection);
if ($ret !== true) {
return $ret;
}
// Validate input
$ret = validate_input($username);
if ($ret !== true) {
$connection->close();
return $ret;
}
// Get user data
$user_data = get_user_data($username, $connection);
if ($user_data === false) {
$connection->close();
return 'Username provided does not exist';
}
// Delete feeds
if (delete_feeds($user_data, $connection) !== true) {
$connection->close();
return 'Error while deleting the feeds';
}
// Delete inputs
if (delete_inputs($user_data, $connection) !== true) {
$connection->close();
return 'Error while deleting the inputs';
}
// Delete EWatcher panels
if (delete_ewatcher($user_data, $connection) !== true) {
$connection->close();
return 'Error while deleting user configuration (EWatcher)';
}
// Delete user
if (delete_user_data($user_data, $connection) !== true) {
$connection->close();
return 'Error while deleting user data';
}
$connection->close();
return true;
}
} else {
// name or password missing?
$smarty->assign('alert', true);
}
} elseif ($id && $name) {
runSQL("UPDATE " . TBL_USERS . "\n SET name = '" . addslashes($name) . "', permissions = {$perm}, email = '" . addslashes($email) . "'\n\t\t\t WHERE id = {$id}");
// new password?
if (!empty($password)) {
$pw = md5($password);
runSQL("UPDATE " . TBL_USERS . " SET passwd = '{$pw}' WHERE id = '{$id}'");
$message = $lang['msg_permpassupd'];
} else {
$message = $lang['msg_permupd'];
}
} elseif ($del && $_POST['del']) {
validate_input($del);
// clear user and config
runSQL('DELETE FROM ' . TBL_USERS . ' WHERE id = ' . $del);
runSQL('DELETE FROM ' . TBL_USERCONFIG . ' WHERE user_id = ' . $del);
// clear permissions
runSQL('DELETE FROM ' . TBL_PERMISSIONS . ' WHERE from_uid = ' . $del);
$message = $lang['msg_userdel'];
$smarty->assign('alert', true);
}
// current user permissions
$result = runSQL('SELECT id, name, permissions, email
FROM ' . TBL_USERS . '
ORDER BY name');
foreach ($result as $user) {
// is guest ?
$user['guest'] = $user['id'] == $config['guestid'] ? 1 : 0;
/**
* login function
*
* This function attempts to login the user
*
* @params = mysqli object
* returns = boolean (true if connected, false if not)
*/
function login($connection)
{
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$user = validate_input($_POST['user']);
$password = hash('sha512', validate_input($_POST['password']));
$checkStudent = "\tSELECT *\n\t\t\t\t\t\t\tFROM student\n\t\t\t\t\t\t\tWHERE email = ? LIMIT 1;";
$checkAdvisor = "\tSELECT *\n\t\t\t\t\t\t\tFROM advisor\n\t\t\t\t\t\t\tWHERE email = ? LIMIT 1;";
// Prepare the statement, bind parameters, then execute!
// mysqli::prepare returns a mysqli_stmt object or false if an error occurred
$stmt = $connection->prepare($checkAdvisor);
$stmt->bind_param('s', $user);
$stmt->execute();
// $result stores the mysqli_result object
$result = $stmt->get_result();
$storedAdvisor = $result->fetch_assoc();
if (!empty($storedAdvisor)) {
if (hash_equals($password, $storedAdvisor['password'])) {
// That means the user is an advisor! Let's set the session variables...
$_SESSION['fname'] = $storedAdvisor['fname'];
$_SESSION['lname'] = $storedAdvisor['lname'];
$_SESSION['advid'] = $storedAdvisor['advid'];
$_SESSION['password'] = $storedAdvisor['password'];
$_SESSION['loggedin'] = TRUE;
$_SESSION['timeout'] = time();
$connection->close();
// Take them to the advisor homepage
header("Location: advisor_home.php");
} else {
// Set the passwordErr variable to display on the login page
$_SESSION['passwordErr'] = "<p class='error'>* Incorrect password</p>";
$_SESSION['username'] = $_POST['user'];
$connection->close();
}
} else {
// No match found in the advisor table, so check the student table
$stmt = $connection->prepare($checkStudent);
$stmt->bind_param('s', $user);
$stmt->execute();
$result = $stmt->get_result();
$storedStudent = $result->fetch_assoc();
// write_to_file($storedStudent, "Stored Student");
if (!empty($storedStudent)) {
if (hash_equals($password, $storedStudent['password'])) {
// That means the user is a student! Let's set the session variables...
$_SESSION['fname'] = $storedStudent['fname'];
$_SESSION['lname'] = $storedStudent['lname'];
$_SESSION['studentid'] = $storedStudent['studentid'];
$_SESSION['major'] = $storedStudent['major'];
$_SESSION['startyear'] = $storedStudent['startyear'];
$_SESSION['password'] = $storedStudent['password'];
$_SESSION['loggedin'] = TRUE;
$_SESSION['timeout'] = time();
$connection->close();
// Take them to the student homepage!
header("Location: form.php");
} else {
$_SESSION['passwordErr'] = "<p class='error'>* Incorrect password</p>";
$_SESSION['username'] = $_POST['user'];
$connection->close();
}
} else {
$_SESSION['usernameErr'] = "<p class='error'>* Username not found</p>";
$connection->close();
}
}
}
}
if ($_REQUEST['action'] == 'delete') {
if (!is_reserved_currency($_REQUEST['code'])) {
$sql = "DELETE FROM currencies WHERE code='" . $_REQUEST['code'] . "' ";
mysql_query($sql) or die(mysql_error() . $sql);
} else {
echo "<p><b>Cannot delete currency: reserved by the system</b></p>";
}
}
if ($_REQUEST['action'] == 'set_default') {
$sql = "UPDATE currencies SET is_default = 'N' WHERE code <> '" . $_REQUEST['code'] . "' ";
mysql_query($sql) or die(mysql_error() . $sql);
$sql = "UPDATE currencies SET is_default = 'Y' WHERE code = '" . $_REQUEST['code'] . "' ";
mysql_query($sql) or die(mysql_error() . $sql);
}
if ($_REQUEST['submit'] != '') {
$error = validate_input();
if ($error != '') {
echo "Error: cannot save due to the following errors:<br>";
echo $error;
} else {
$sql = "REPLACE INTO currencies(code, name, rate, sign, decimal_places, decimal_point, thousands_sep, is_default) VALUES ('" . $_REQUEST['code'] . "', '" . $_REQUEST['name'] . "', '" . $_REQUEST['rate'] . "', '" . $_REQUEST['sign'] . "', '" . $_REQUEST['decimal_places'] . "', '" . $_REQUEST['decimal_point'] . "', '" . $_REQUEST['thousands_sep'] . "', '" . $_REQUEST['is_default'] . "') ";
//echo $sql;
mysql_query($sql) or die(mysql_error());
$_REQUEST['new'] = '';
$_REQUEST['action'] = '';
//print_r ($_REQUEST);
}
}
?>
<b>All currency rates are relative to the USD. (USD rate is always 1)</b><br>
All prices will be displayed in the default currency.<br>
?>
<?php
function validate_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
$data = strip_tags($data);
return $data;
}
// gather and validate data from $_POST array
$quote = validate_input($_POST['quote']);
$candidate = validate_input($_POST['candidate']);
$source = validate_input($_POST['source']);
$date = validate_input($_POST['date']);
// only send form data to db if all fields are filled out
if (!empty($candidate) and !empty($quote) and !empty($source) and !empty($date)) {
try {
$sql = "INSERT INTO app_data (quote, candidate, source, date) VALUES (:quote, :candidate, :source, :date)";
// set up pdo prepared statment
$stmt = $db->prepare($sql);
// bind to params in INSERT statement
$stmt->bindParam(':quote', $quote);
$stmt->bindParam(':candidate', $candidate);
$stmt->bindParam(':source', $source);
$stmt->bindParam(':date', $date);
// run sql
$stmt->execute();
// display success message if the request succeeded
echo "<section class='result-msg'><h3>Your entry is saved — Head back to see it!</h3>";
/** Laita kysymys tietokantaan
* @param $question_id integer
*/
function put_question_to_db($question_id)
{
/* $title string
* $body string
* $tags string
*/
if (check_user_status()) {
echo "User status pelaa";
$body = pg_escape_string($_POST['question']['body']);
$title = pg_escape_string($_POST['question']['title']);
$tags = $_POST['question']['tags'];
if (validate_input($title, $body, $tags)) {
echo "User input pelaa";
$title = $_POST['question']['title'];
set_question($question_id);
set_tags($question_id);
header("Location: /pgCodesS/index.php?" . "question_updated" . "&" . "question_id=" . $question_id . "&" . $title);
} else {
header("Location: /pgCodesS/index.php?" . "&unsuccessful_new_question");
}
} else {
header("Location: /pgCodesS/index.php" . "&unsuccessful_new_question");
}
}
<form action="create_group.php" method="post">
<div class="grid-container">
<div class="grid-row">
<div class="col-10"><label for="name"><strong>Group Name: </strong></label></div>
</div>
<div class="grid-row">
<div class="col-9"><input type="text" name="name" id="name" class="ajax-validate-input" maxlength="100" value="<?php
if (isset($_POST['name'])) {
echo escape(trim($_POST['name']));
}
?>
" data-validate="group_name" required/></div>
<div class="col-1 validation-status"><?php
if (!isset($trimmed['name'])) {
echo '<div class="status" data-status="failed"></div>';
} elseif (!validate_input($trimmed['name'], 'group_name')) {
echo '<div class="status" data-status="failed"></div>';
}
?>
</div>
</div>
<div class="grid-row">
<div class="col-10"><label for="genre"><strong>Group Type: </strong></label></div>
</div>
<!-- GROUP TYPE -->
<div class="grid-row">
<div class="col-10">
<select name="group_type" id="group-type" required autofocus style="width:100%;height:30px;">
<option value=1 data-type="music">Music</option>
<option value=2 data-type="dance">Dance</option>
<option value=3 data-type="comedy">Comedy</option>
//========================================================================
// END: HANDLE RELOAD CACHE REQUEST
//========================================================================
//========================================================================
// BEGIN: HANDLE SET USER ACCESS REQUEST
//========================================================================
if (strcasecmp($configTask, "updateUserACL") == 0) {
$selectuser = get_input('selectuser');
$setUserAccess = TRUE;
// Make sure access controls are enabled
if (!defined('USE_ACL') || !USE_ACL) {
echo "Access control is not enabled.";
$setUserAccess = FALSE;
}
// Make sure the username of selectuser is OK
if (!validate_input($selectuser, 'username')) {
echo "Invalid username. Usernames must be at least 4 character and only use alpha-numeric and _ (underscore).";
$setUserAccess = FALSE;
}
// Make sure the user exists
if ($setUserAccess) {
$sql = "SELECT * FROM " . AUTHTABLENAME . " WHERE username='******'";
$result = perform_query($sql, $dbLink);
if (num_rows($result) == 0) {
echo "Username " . $selectuser . " does not exist!";
$setUserAccess = FALSE;
}
}
// If conditions are OK then update the user's access
if ($setUserAccess && grant_access($username, 'edit_acl', $dbLink)) {
$actionInputs = array();
public function onPageRequest(PageRequestEvent $event)
{
global $config, $page, $user;
$this->show_user_info();
if ($event->page_matches("user_admin")) {
if ($event->get_arg(0) == "login") {
if (isset($_POST['user']) && isset($_POST['pass'])) {
$this->page_login($_POST['user'], $_POST['pass']);
} else {
$this->theme->display_login_page($page);
}
} else {
if ($event->get_arg(0) == "recover") {
$this->page_recover($_POST['username']);
} else {
if ($event->get_arg(0) == "create") {
$this->page_create();
} else {
if ($event->get_arg(0) == "list") {
// select users.id,name,joindate,admin,
// (select count(*) from images where images.owner_id=users.id) as images,
// (select count(*) from comments where comments.owner_id=users.id) as comments from users;
// select users.id,name,joindate,admin,image_count,comment_count
// from users
// join (select owner_id,count(*) as image_count from images group by owner_id) as _images on _images.owner_id=users.id
// join (select owner_id,count(*) as comment_count from comments group by owner_id) as _comments on _comments.owner_id=users.id;
$this->theme->display_user_list($page, User::by_list(0), $user);
} else {
if ($event->get_arg(0) == "logout") {
$this->page_logout();
}
}
}
}
}
if (!$user->check_auth_token()) {
return;
} else {
if ($event->get_arg(0) == "change_name") {
$input = validate_input(array('id' => 'user_id,exists', 'name' => 'user_name'));
$duser = User::by_id($input['id']);
$this->change_name_wrapper($duser, $input['name']);
} else {
if ($event->get_arg(0) == "change_pass") {
$input = validate_input(array('id' => 'user_id,exists', 'pass1' => 'password', 'pass2' => 'password'));
$duser = User::by_id($input['id']);
$this->change_password_wrapper($duser, $input['pass1'], $input['pass2']);
} else {
if ($event->get_arg(0) == "change_email") {
$input = validate_input(array('id' => 'user_id,exists', 'address' => 'email'));
$duser = User::by_id($input['id']);
$this->change_email_wrapper($duser, $input['address']);
} else {
if ($event->get_arg(0) == "change_class") {
$input = validate_input(array('id' => 'user_id,exists', 'class' => 'user_class'));
$duser = User::by_id($input['id']);
$this->change_class_wrapper($duser, $input['class']);
} else {
if ($event->get_arg(0) == "delete_user") {
$this->delete_user($page, isset($_POST["with_images"]), isset($_POST["with_comments"]));
}
}
}
}
}
}
}
if ($event->page_matches("user")) {
$display_user = $event->count_args() == 0 ? $user : User::by_name($event->get_arg(0));
if ($event->count_args() == 0 && $user->is_anonymous()) {
$this->theme->display_error(401, "Not Logged In", "You aren't logged in. First do that, then you can see your stats.");
} else {
if (!is_null($display_user) && $display_user->id != $config->get_int("anon_id")) {
$e = new UserPageBuildingEvent($display_user);
send_event($e);
$this->display_stats($e);
} else {
$this->theme->display_error(404, "No Such User", "If you typed the ID by hand, try again; if you came from a link on this " . "site, it might be bug report time...");
}
}
}
}
private function add_members()
{
global $user;
$inputs = validate_input(array("artistID" => "int", "members" => "string,lower"));
$artistID = $inputs["artistID"];
$members = explode(" ", $inputs["members"]);
foreach ($members as $member) {
if (!$this->member_exists($artistID, $member)) {
$this->save_new_member($artistID, $member, $user->id);
}
}
}
<p>Return to <a href="http://dev.boxtar.uk/">Boxtar UK</a></p>
</center>');
} else {
if (strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
die('<center>
<h1>Access Denied</h1>
<p>Return to <a href="http://dev.boxtar.uk/">Boxtar UK</a></p>
</center>');
}
}
require 'includes/src/core/config.inc.php';
require UTILITIES . 'validate_input.php';
if (isset($_POST['input'])) {
$input = $_POST['input'];
$validation_type = isset($_POST['validation_type']) ? $_POST['validation_type'] : '';
if (!validate_input($input, $validation_type)) {
die('<div class="status" data-status="failed"></div>
<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="14" height="14" viewBox="0 0 16 16">
<g>
</g>
<path d="M8 0c-4.418 0-8 3.582-8 8s3.582 8 8 8 8-3.582 8-8-3.582-8-8-8zM12 5.414l-2.586 2.586 2.586 2.586v1.414h-1.414l-2.586-2.586-2.586 2.586h-1.414v-1.414l2.586-2.586-2.586-2.586v-1.414h1.414l2.586 2.586 2.586-2.586h1.414v1.414z" fill="#A00"></path>
</svg>');
}
// Validation passed if we reach this point
// Check input is unique:
$user = new User();
if ($user->find($input, 'users', ['email'])) {
die('<span class="red">In use</span>');
}
// Validation passed and input unique if this point is reached
// Display success SVG:
/** Add a record
*
* This function validates it if correct it inserts it into the database.
*
* @param int $zone_id Zone ID
* @param string $name Name part of record
* @param string $type Type of record
* @param string $content Content of record
* @param int $ttl Time-To-Live of record
* @param int $prio Priority of record
*
* @return boolean true if successful
*/
function add_record($zone_id, $name, $type, $content, $ttl, $prio)
{
global $db;
global $pdnssec_use;
if (do_hook('verify_permission', 'zone_content_edit_others')) {
$perm_content_edit = "all";
} elseif (do_hook('verify_permission', 'zone_content_edit_own')) {
$perm_content_edit = "own";
} elseif (do_hook('verify_permission', 'zone_content_edit_own_as_client')) {
$perm_content_edit = "own_as_client";
} else {
$perm_content_edit = "none";
}
$user_is_zone_owner = do_hook('verify_user_is_owner_zoneid', $zone_id);
$zone_type = get_domain_type($zone_id);
if ($zone_type == "SLAVE" || $perm_content_edit == "none" || ($perm_content_edit == "own" || $perm_content_edit == "own_as_client") && $user_is_zone_owner == "0") {
error(ERR_PERM_ADD_RECORD);
return false;
} else {
$response = $db->beginTransaction();
if (validate_input(-1, $zone_id, $type, $content, $name, $prio, $ttl)) {
$change = time();
$name = strtolower($name);
// powerdns only searches for lower case records
if ($type == "SPF" || $type == "TXT") {
$content = $db->quote(stripslashes('\\"' . $content . '\\"'), 'text');
} else {
$content = $db->quote($content, 'text');
}
$query = "INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES (" . $db->quote($zone_id, 'integer') . "," . $db->quote($name, 'text') . "," . $db->quote($type, 'text') . "," . $content . "," . $db->quote($ttl, 'integer') . "," . $db->quote($prio, 'integer') . "," . $db->quote($change, 'integer') . ")";
$response = $db->exec($query);
if (PEAR::isError($response)) {
error($response->getMessage());
$response = $db->rollback();
return false;
} else {
$response = $db->commit();
if ($type != 'SOA') {
update_soa_serial($zone_id);
}
if ($pdnssec_use) {
dnssec_rectify_zone($zone_id);
}
return true;
}
} else {
return false;
}
}
}
function add_new_request($name, $email, $about, $contact)
{
$sql = run_query("insert into `sia-members` (name,email,about,contact)values('" . validate_input($name) . "','" . validate_input($email) . "','" . validate_input($about) . "','" . validate_input($contact) . "')");
$this->send_email();
}
function validate_input_array($valid, &$val, &$errors)
{
foreach ($val as $key => &$item) {
if (is_array($item)) {
validate_input_array($valid, $item, $errors);
} else {
validate_input($valid, $item, $error);
if (!empty($error)) {
$errors[$valid['_input']][$key] = $error;
}
}
}
}
</nav>
</div>
<div class="content">
<div id="contact">
<?php
$name;
$email;
$subject;
$message;
if ($_SERVER['REQUEST_METHOD'] == "POST") {
$name = validate_input($_POST["name"]);
$email = validate_input($_POST["email"]);
$subject = validate_input($_POST["subject"]);
$message = validate_input($_POST["message"]);
}
function validate_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$sent = fopen("received/records.txt", "a") or exit("File not found.");
$inquiry = $name . ", " . $email . "\r\n" . $subject . "\r\n" . $message . "\r\n \r\n";
file_put_contents($sent, $inquiry, FILE_APPEND);
fwrite($sent, $inquiry);
fclose($sent);
?>
// Ensure user is logged in or redirect
require_once UTILITIES . 'authenticate_user.inc.php';
$page_title = "Create A Group";
include HEADER;
include UTILITIES . 'brand_img.inc.php';
$user = new User();
if (isset($_POST['submitted'])) {
if (Token::check($_POST['token'])) {
// Trim all of the posted inputs:
$trimmed = array_map('trim', $_POST);
// Assume inputs are invalid:
$name = $type = $genre = false;
// Validate inputs:
require_once UTILITIES . 'validate_input.php';
/* Nested Ternary */
isset($trimmed['name']) && !empty($trimmed['name']) ? validate_input($trimmed['name'], 'group_name') ? $name = $trimmed['name'] : (print '<center><p class="red">- Group name is not valid</p></center>') : (print '<center><p class="red">- A Name is Required</p></center>');
isset($trimmed['group_type']) && !empty($trimmed['group_type']) ? is_numeric($trimmed['group_type']) && $trimmed['group_type'] >= 1 && $trimmed['group_type'] <= 3 ? $type = $trimmed['group_type'] : (print '<center><p class="red">- Invalid Group Type provided<br/>' . $trimmed['group_type'] . '</p><center>') : (print '<center><p class="red">- A Group Type is required<br/></p><center>');
if ($type) {
switch ($type) {
case Group_Manager::MUSIC:
isset($trimmed['genre']) && !empty($trimmed['genre']) ? is_numeric($trimmed['genre']) && $trimmed['genre'] >= 1 && $trimmed['genre'] <= 10 ? $genre = $trimmed['genre'] : (print '<center><p class="red">- Genre should be a numeric value</p></center>') : (print '<center><p class="red">- A Genre is required<br/></p><center>');
break;
case Group_Manager::DANCE:
isset($trimmed['style']) && !empty($trimmed['style']) ? is_numeric($trimmed['style']) && $trimmed['style'] >= 1 && $trimmed['style'] <= 4 ? $genre = $trimmed['style'] : (print '<center><p class="red">- Style should be a numeric value</p></center>') : (print '<center><p class="red">- A Style is required<br/></p><center>');
break;
case Group_Manager::COMEDY:
isset($trimmed['category']) && !empty($trimmed['category']) ? is_numeric($trimmed['category']) && $trimmed['category'] >= 1 && $trimmed['category'] <= 4 ? $genre = $trimmed['category'] : (print '<center><p class="red">- Category should be a numeric value</p></center>') : (print '<center><p class="red">- A Category is required<br/></p><center>');
break;
}
}
if ($name && $type && $genre) {
<?php
if (empty($_POST['username'])) {
$this->HandleError("UserName is empty!");
return false;
}
if (empty($_POST['password'])) {
$this->HandleError("Password is empty!");
return false;
}
$login_username = validate_input($_POST['username']);
$login_password = sha1(validate_input($_POST['password']));
session_start();
// var_dump($login_state);
// die();
// $login_state = 'TamilNadu';
$check = checkLogin($login_username, $login_password);
// var_dump($check);
// die();
if ($check == 1) {
// var_dump($check);
// die();
header("Location: volunteer_area.php");
die;
} else {
// $errormsg = "Error logging in. Invalid username or password.";
header("Location: volunteer_login.php");
die;
}
// echo $check;
// echo $username." ".$password." ".$state." ";
$GO_GROUPS->set_group_leader($_POST['group_id'], 0);
}
}
}
break;
case 'save_add_users':
for ($i = 0; $i < count($group_users); $i++) {
if (!$GO_GROUPS->is_in_group($group_users[$i], $_POST['group_id'])) {
$GO_GROUPS->add_user_to_group($group_users[$i], $_POST['group_id']);
}
}
break;
case 'save_group_name':
$group_name = smart_addslashes(trim($_POST['group_name']));
if ($group_name != "") {
if (validate_input($group_name)) {
if ($_POST['group_id'] == '0') {
if (!$GO_GROUPS->get_group_by_name($group_name)) {
if (!($_REQUEST['group_id'] = $GO_GROUPS->add_group($GO_SECURITY->user_id, $group_name))) {
$_REQUEST['group_id'] = 0;
$feedback = "<p class=\"Error\">" . $add_group_fail . "</p>";
} else {
if ($_POST['close'] == 'true') {
header('Location: ' . $GO_CONFIG->host . 'administrator/groups/index.php');
exit;
}
}
} else {
$feedback = "<p class=\"Error\">" . $add_group_exists . "</p>";
}
} else {
session_start();
$_SERVER = cleanArray($_SERVER);
$_POST = cleanArray($_POST);
$_GET = cleanArray($_GET);
$_COOKIE = cleanArray($_COOKIE);
secure();
$time_start = get_microtime();
//------------------------------------------------------------------------
// Determine what page is being requested
//------------------------------------------------------------------------
$pageId = get_input('pageId');
if (!$pageId) { $pageId = "login"; }
if(!validate_input($pageId, 'pageId')) {
echo "Error on pageId validation! <br>Check your regExpArray in config.php!\n";
$pageId = "login";
}
//------------------------------------------------------------------------
// Connect to database. If connection fails then set the pageId for the
// help page.
//------------------------------------------------------------------------
$dbProblem = FALSE;
if(!$dbLink = db_connect_syslog(DBADMIN, DBADMINPW)) {
$pageId = "help";
$dbProblem = TRUE;
}
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
//
//
// see file COPYING or at http://www.gnu.org/licenses/gpl.html
// for more information.
//
require 'config.php';
require 'localize.php';
require 'vnstat.php';
validate_input();
require "./themes/{$style}/theme.php";
function write_side_bar()
{
global $iface, $page, $graph, $script, $style;
global $iface_list, $iface_title;
global $page_list, $page_title;
$p = "&graph={$graph}&style={$style}";
print "<ul class=\"iface\">\n";
foreach ($iface_list as $if) {
if ($iface == $if) {
print "<li class=\"iface active\">";
} else {
print "<li class=\"iface\">";
}
print "<a href=\"{$script}?if={$if}{$p}\">";
if ($topx && !validate_input($topx, 'topx')) {
array_push($inputValError, "topx");
}
if ($orderby && !validate_input($orderby, 'orderby')) {
array_push($inputValError, "orderby");
}
if ($order && !validate_input($order, 'order')) {
array_push($inputValError, "order");
}
if (!validate_input($offset, 'offset')) {
array_push($inputValError, "offset");
}
if ($collapse && !validate_input($collapse, 'collapse')) {
array_push($inputValError, "collapse");
}
if ($table && !validate_input($table, 'table')) {
array_push($inputValError, "table");
}
if ($inputValError) {
require_once $basePath . "/html_header.php";
echo "Input validation error! The following fields had the wrong format:<p>";
foreach ($inputValError as $value) {
echo $value . "<br>";
}
require_once $basePath . "/html_footer.php";
exit;
}
//========================================================================
// END: INPUT VALIDATION
//========================================================================
//========================================================================
// Assume all inputs are invalid as default:
$fn = $ln = $em = $pw = FALSE;
// Used to print any error messages:
function print_err($msg)
{
echo $msg . '<br/>';
}
/********** INPUT VALIDATION **********/
// validate first name
validate_input($trimmed['fname'], 'first_name') ? $fn = $trimmed['fname'] : print_err('<center>- First Name is not valid: <em>(Must be between 2 & 20 characters and can only contain letters, apostrophes and hyphens)</em></center>');
// validate last name
validate_input($trimmed['lname'], 'last_name') ? $ln = $trimmed['lname'] : print_err('<center>- Last Name is not valid: <i>(Must be between 2 & 40 characters and can only contain letters, apostrophes and hyphens)</i></center>');
// validate email
validate_input($trimmed['email'], 'email') ? $em = $trimmed['email'] : print_err('<center>- You did not provide a valid email address</center>');
// validate password
if (validate_input($trimmed['pass'], 'password')) {
$trimmed['pass'] == $trimmed['pass2'] ? $pw = $trimmed['pass'] : print_err('<center>- Your passwords did not match</center>');
} else {
print_err('<center>- Please enter a valid password: <small>(Must be between 4 & 20 characters. Can only contain letters, numbers and underscores)</small></center>');
}
/**************************************/
// INPUT VALIDATION SUCCEEDED:
if ($fn && $ln && $em && $pw) {
// Create activation code:
$a = md5(uniqid(rand(), true));
$user = new User();
$user->register(['first_name' => $fn, 'last_name' => $ln, 'email' => $em, 'password' => $pw, 'prof_link' => strtolower($fn . '.' . $ln . uniqid(rand()))]);
} else {
print_err('<br/><center><h5 class="red">Please amend your information as detailed and try again</h5></center><br/><br/>');
}
}
function add_record($zoneid, $name, $type, $content, $ttl, $prio)
{
global $db;
if (verify_permission('zone_content_edit_others')) {
$perm_content_edit = "all";
} elseif (verify_permission('zone_content_edit_own')) {
$perm_content_edit = "own";
} else {
$perm_content_edit = "none";
}
$user_is_zone_owner = verify_user_is_owner_zoneid($zoneid);
$zone_type = get_domain_type($zoneid);
if ($zone_type == "SLAVE" || $perm_content_edit == "none" || $perm_content_edit == "own" && $user_is_zone_owner == "0") {
error(ERR_PERM_ADD_RECORD);
return false;
} else {
if (validate_input(-1, $zoneid, $type, $content, $name, $prio, $ttl)) {
$change = time();
if ($type == "SPF" || $type == "TXT") {
$content = $db->quote(stripslashes('\\"' . $content . '\\"'), 'text');
} else {
$content = $db->quote($content, 'text');
}
$query = "INSERT INTO records (domain_id, name, type, content, ttl, prio, change_date) VALUES (" . $db->quote($zoneid, 'integer') . "," . $db->quote($name, 'text') . "," . $db->quote($type, 'text') . "," . $content . "," . $db->quote($ttl, 'integer') . "," . $db->quote($prio, 'integer') . "," . $db->quote($change, 'integer') . ")";
$response = $db->query($query);
if (PEAR::isError($response)) {
error($response->getMessage());
return false;
} else {
if ($type != 'SOA') {
update_soa_serial($zoneid);
}
return true;
}
} else {
return false;
}
}
}
Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
*/
require "../Group-Office.php";
$GO_SECURITY->authenticate();
require $GO_LANGUAGE->get_language_file('bookmarks');
require $GO_THEME->theme_path . "simple_header.inc";
if ($_SERVER['REQUEST_METHOD'] == "POST") {
require $GO_CONFIG->class_path . "bookmarks.class.inc";
$bookmarks = new bookmarks();
$URL = trim($_REQUEST['URL']);
$name = trim($_REQUEST['name']);
$invalid[] = "\"";
$invalid[] = "&";
$invalid[] = "?";
if (!validate_input($name, $invalid)) {
$feedback = "<p class=\"Error\">" . $invalid_chars . ": \" & ?</p>";
} else {
if ($URL != "" && $name != "") {
if (!eregi('(^http[s]*:[/]+)(.*)', $URL)) {
$URL = "http://" . $URL;
}
if ($_REQUEST['bookmark_id']) {
if ($bookmarks->update_bookmark($_REQUEST['bookmark_id'], $URL, $name, $_REQUEST['new_window'])) {
echo "<script type=\"text/javascript\">\nopener.location=opener.location\nwindow.close()\n</script>";
} else {
$feedback = "<p class=\"Error\">" . $strSaveError . "</p>";
}
} else {
if ($bookmarks->add_bookmark($GO_SECURITY->user_id, $URL, $name, $_REQUEST['new_window'])) {
echo "<script type=\"text/javascript\">\nopener.location=opener.location\nwindow.close()\n</script>";
<div class="col-5 reg-form-label"><label for="email"><strong>Email Address</strong></label></div>
<div class="col-5">
<div class="grid-container">
<div class="grid-row">
<div class="col-9">
<input type="text" name="email" id="email" class="ajax-validate-input" maxlength="80" value="<?php
if (isset($trimmed['email'])) {
echo $trimmed['email'];
}
?>
" data-validate="email" data-target="ajax_unique_validation" autocomplete="off"/>
</div>
<div class="col-1 validation-status"><?php
if (!isset($trimmed['email'])) {
echo '<div class="status" data-status="failed"></div>';
} elseif (!validate_input($trimmed['email'], 'email')) {
echo '<div class="status" data-status="failed"></div>';
}
?>
</div>
</div>
</div>
</div>
</div>
<div class="grid-row">
<div class="col-5 reg-form-label"><label for="pass"><strong>Password</strong></label></div>
<div class="col-5">
<div class="grid-container">
<div class="grid-row">
<div class="col-9">
<input type="password" name="pass" id="pass" class="ajax-validate-input" maxlength="20" placeholder="Not currently encrypted - careful!" data-validate="password"/>
