/** * Performs basic setup and then calls __init * * Note that all data received via $_POST have magic quotes removed. */ function installbase() { stringHandler::removeMagicQuotes($_POST); Smarty::Smarty(); $this->_steps = array('prescan', 'install', 'postscan', 'upgrade'); $this->assign('version', LOQ_CUR_VERSION); $this->template_dir = LOQ_INSTALLER . '/templates'; $this->setCompileDir(); $this->loadconfiguration(); $this->__init(); }
/** * Authenticate the user * * @param string $user Username * @param string $pass Password * @param bool $setcookie If true, set a cookie */ function userauth($user, $pass, $setcookie = FALSE) { $query = "SELECT `id` FROM `" . T_AUTHORS . "` WHERE `nickname`='" . stringHandler::removeMagicQuotes($user) . "' AND `password`='" . stringHandler::removeMagicQuotes(passwordManager::toSHA1($pass)) . "'"; $rs = $this->_adb->GetRow($query); if ($rs) { $_SESSION['user_id'] = $rs[0]; return true; } else { return false; } }
/** * Returns cleaned user input. * * Instead of addslashing potential ' and " chars, let's remove them and get * rid of any magic quoting which is enabled by default. Also removes any * html tags and ASCII zeros * * @access public * @param mixed $var Could be a string or an arry of strings * @return string $cleaned result. */ function clean($var) { if (isset($var)) { if (!is_array($var)) { $clean = strip_tags($var); } else { $clean = array_map(array('stringHandler', 'clean'), $var); } } return stringHandler::removeMagicQuotes(stringHandler::trimWhitespace($clean)); }
* * @version $Revision$ */ if (!defined('IN_LOQUACITY')) { include_once './config.php'; } if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_SERVER['CONTENT_TYPE'] === 'application/x-www-form-urlencoded') { $post = null; $comment = null; if (defined('CLEANURLS')) { $url = explode('/', $_SERVER['REQUEST_URI']); $num = count($url); if ($url[$num - 3] === 'trackback') { //a comment id is included $post = stringHandler::removeMagicQuotes($url[$num - 2]); $comment = stringHandler::removeMagicQuotes($url[$num - 1]); } else { $post = stringHandler::removeMagicQuotes($url[$num - 1]); } } else { $url = array(); parse_str(substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1), $url); $post = stringHandler::removeMagicQuotes($url['tbpost']); if (isset($url['cid'])) { $comment = stringHandler::removeMagicQuotes($url['cid']); } } include_once 'includes/trackbackhandler.class.php'; $th = new trackbackhandler($loq->_adb, $post); $th->receiveTrackback($_SERVER['REMOTE_ADDR'], $_POST, $comment); }
// include needed files include_once SMARTY_DIR . 'Smarty.class.php'; include_once LOQ_APP_ROOT . '3rdparty/adodb/adodb.inc.php'; include_once LOQ_APP_ROOT . 'includes/stringhandler.class.php'; include_once LOQ_APP_ROOT . 'includes/confighandler.class.php'; include_once LOQ_APP_ROOT . 'includes/posthandler.class.php'; include_once LOQ_APP_ROOT . 'includes/commenthandler.class.php'; include_once LOQ_APP_ROOT . 'includes/sectionhandler.class.php'; include_once LOQ_APP_ROOT . 'includes/Loquacity.class.php'; include_once LOQ_APP_ROOT . 'includes/templates.php'; //Remove magic quotes foreach ($_POST as $key => $val) { $_POST[$key] = stringHandler::removeMagicQuotes($val); } foreach ($_GET as $key => $val) { $_GET[$key] = stringHandler::removeMagicQuotes($val); } unset($key); unset($val); $loq = new Loquacity(); if (defined(C_CAPTCHA_ENABLE) && C_CAPTCHA_ENABLE == 'true') { include_once LOQ_APP_ROOT . '3rdparty/captcha/php-captcha.inc.php'; } /* $mtime = explode(" ",microtime()); $loq->begintime = $mtime[1] + $mtime[0]; */ /* $loq->template_dir = LOQ_APP_ROOT.'templates/'.C_TEMPLATE; $loq->compile_dir = LOQ_APP_ROOT.'generated/templates/'; */ if (defined('IN_BBLOG_ADMIN')) { $loq->compile_id = 'admin'; $loq->template_dir = LOQ_APP_ROOT . 'includes/admin_templates'; } else {
function admin_plugin_links_run(&$loq) { if (isset($_GET['linkdo'])) { $linkdo = $_GET['linkdo']; } elseif (isset($_POST['linkdo'])) { $linkdo = $_POST['linkdo']; } else { $linkdo = ''; } $linkdo = strtolower($linkdo); switch ($linkdo) { case "new": $link_name = $_POST['nicename']; $link_url = $_POST['url']; $link_cat = intval($_POST['category']); if (strlen($link_name) > 0 && strlen($link_url) > 0 && $link_cat > 0) { $maxposition = $loq->_adb->GetOne("select MAX(position) from `" . T_LINKS . "`"); $position = $maxposition + 10; $stmt = $loq->_adb->Prepare('INSERT INTO `' . T_LINKS . '` VALUES(null, ?, ?, ?, ?)'); $loq->_adb->Execute($stmt, array($link_name, $link_url, $link_cat, $postition)); } break; case "delete": // delete link $loq->_adb->Execute("delete from " . T_LINKS . " where linkid=" . $_POST['linkid']); break; case "save": // update an existing link $loq->_adb->Execute("update " . T_LINKS . "\n set nicename='" . stringHandler::removeMagicQuotes($_POST['nicename']) . "',\n url='" . stringHandler::removeMagicQuotes($_POST['url']) . "',\n category='" . stringHandler::removeMagicQuotes($_POST['category']) . "'\n where linkid=" . $_POST['linkid']); break; case "up": $loq->_adb->Execute("update " . T_LINKS . " set position=position-15 where linkid=" . $_POST['linkid']); reorder_links(); break; case "down": $loq->_adb->Execute("update " . T_LINKS . " set position=position+15 where linkid=" . $_POST['linkid']); reorder_links(); break; default: // show form break; } if (isset($_GET['catdo'])) { $catdo = $_GET['catdo']; } elseif (isset($_POST['catdo'])) { $catdo = $_POST['catdo']; } else { $catdo = ''; } $catod = strtolower($catdo); switch ($catdo) { case "new": // add new category $cat_name = $_POST['name']; if (strlen($cat_name) > 0) { $stmt = $loq->_adb->Prepare('INSERT INTO `' . T_CATEGORIES . '` VALUES(null, ?)'); $loq->_adb->Execute($stmt, array($cat_name)); } break; case "delete": // delete category // have to remove all references to the category in the links $loq->_adb->Execute("update " . T_LINKS . "\n set linkid=0 where linkid=" . $_POST['categoryid']); // delete the category $loq->_adb->Execute("delete from " . T_CATEGORIES . " where categoryid=" . $_POST['categoryid']); break; case "save": // update an existing category $loq->_adb->Execute("update " . T_CATEGORIES . "\n set name='" . $_POST['name'] . "'\n where categoryid=" . $_POST['categoryid']); break; default: // show form break; } $rs = $loq->_adb->Execute("select * from " . T_CATEGORIES); if ($rs !== false && !$rs->EOF) { $loq->assign('ecategories', $rs->GetRows(-1)); } $rs = $loq->_adb->GetAll("select * from " . T_LINKS . " order by position"); if (is_array($rs)) { $loq->assign('elinks', $rs); } }