public function getDatabaseRow() { $sanitizer = new Sanitizer(); $stmt = DatabaseFactory::getInstance()->prepareSelectById('finance_accounts', $sanitizer->filterUint('id'), 'title', 'assigned_to'); $stmt->execute(); return $stmt->fetchRowNotNull(); }
public function __construct() { parent::__construct('formCreateFinanceEntry', 'Create Finance Entry'); $sanitizer = new Sanitizer(); $this->addElement(new ElementInput('description', 'Description')); $this->addElement(new ElementNumeric('amount', 'Amount')); $this->addElement(new ElementHidden('account', 'Account', $sanitizer->filterUint('account'))); $this->addDefaultButtons(); }
public function __construct($gallery, $filename) { parent::__construct('editImageForm'); $sanitizer = new Sanitizer(); $gallery = $sanitizer->filterUint('gallery'); $filename = $sanitizer->filterString('filename'); $sql = 'SELECT i.filename, i.gallery, i.caption, i.promo, i.published, g.title FROM images i, galleries g WHERE i.gallery = g.id AND g.id = :gallery AND i.filename = :filename LIMIT 1'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':gallery', $gallery); $stmt->bindValue(':filename', $filename); $stmt->execute(); if ($stmt->numRows() == 0) { throw new Exception('Image entry not found in the database. The image may exist on the filesystem.'); } $current = $stmt->fetchRow(); $this->addElement(new ElementHidden('mode', null, 'editImage')); $this->addElement(new ElementHidden('gallery', null, $gallery)); $this->addElement(new ElementHidden('filename', null, $filename)); $this->addElement(new ElementInput('caption', 'Caption', $current['caption'])); $this->addElement(new ElementCheckbox('promo', 'Promotional image', $current['promo'], 'Is this image a promotional image? Promotional images are used on the homepage.')); $this->addElement(new ElementCheckbox('published', 'Published', $current['published'])); $this->addButtons(Form::BTN_SUBMIT); $this->setTitle('<a href = "gallery.php">Galleries</a> » Gallery: <a href = "viewGallery.php?id=' . $gallery . '">' . $current['title'] . '</a> » Edit image'); }
require_once 'includes/common.php'; require_once 'includes/classes/Group.php'; require_once 'includes/classes/FormUpdateGroupPrivileges.php'; require_once 'includes/classes/FormGroupEdit.php'; require_once 'includes/classes/FormGroupCreate.php'; use libAllure\Sanitizer; use libAllure\Session; use libAllure\DatabaseFactory; use libAllure\ElementHidden; use libAllure\User; $sanitizer = new Sanitizer(); $action = $sanitizer->filterString('action'); switch ($action) { case 'makePrimary': Session::requirePriv('GROUP_PRIMARY'); $groupId = $sanitizer->filterUint('group'); $userId = $sanitizer->filterUint('user'); $sql = 'UPDATE users SET `group` = :groupId WHERE id = :userId LIMIT 1'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':groupId', $groupId); $stmt->bindValue(':userId', $userId); $stmt->execute(); redirect('profile.php?id=' . $userId, 'Primary group changed for user.'); break; case 'delete': Session::requirePriv('GROUP_DELETE'); try { $id = $sanitizer->filterUint('id'); $group = new Group($id); } catch (Exception $e) { $tpl->error('Group not found');
<?php require_once 'includes/widgets/header.php'; require_once 'includes/widgets/sidebar.php'; require_once 'libAllure/Sanitizer.php'; use libAllure\DatabaseFactory; use libAllure\Sanitizer; $sanitizer = new Sanitizer(); $sql = 'SELECT a.id, a.title FROM finance_accounts a WHERE a.id = :id '; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue(':id', $sanitizer->filterUint('id')); $stmt->execute(); $tpl->assign('account', $stmt->fetchRow()); $sql = 'SELECT t.id, t.amount, t.description, t.timestamp FROM finance_transactions t WHERE t.account = :accountId'; $stmt = DatabaseFactory::getInstance()->prepare($sql); $stmt->bindValue('accountId', $sanitizer->filterUint('id')); $stmt->execute(); $tpl->assign('listTransactions', $stmt->fetchAll()); $tpl->display('viewFinanceAccount.tpl'); require_once 'includes/widgets/footer.php';
<?php require_once 'includes/common.php'; require_once 'libAllure/Inflector.php'; use libAllure\Sanitizer; use libAllure\FormHandler; use libAllure\Inflector; $sanitizer = new Sanitizer(); $gallery = $sanitizer->filterUint('gallery'); $filename = $sanitizer->filterString('filename'); $handler = new FormHandler('FormGalleryImageEdit', $tpl); $handler->setConstructorArgument(0, $gallery); $handler->setConstructorArgument(1, $filename); $handler->setRedirect('viewGalleryImage.php?gallery=' . $gallery . '&filename=' . $filename, 'Gallery image edited.'); $handler->handle();
<?php use libAllure\HtmlLinksCollection; use liballure\Sanitizer; $sanitizer = new Sanitizer(); $menu = new HtmlLinksCollection('View Finance Account'); $menu->add('form.php?form=FormCreateFinanceEntry&account=' . $sanitizer->filterUint('id'), 'Create finance entry'); $menu->add('updateFinanceAccount.php?id=' . $sanitizer->filterUint('id'), 'Update'); $menu->addIf($sanitizer->filterUint('id') != 1, 'deleteFinanceAccount.php?id=' . $sanitizer->filterUint('id'), 'Delete'); $tpl->assign('links', $menu); $tpl->display('sidebarLinks.tpl');
<?php require_once 'includes/common.php'; use libAllure\Sanitizer; $sanitizer = new Sanitizer(); $gallery = Galleries::GetById($sanitizer->filterUint('gallery')); $image = Galleries::getImage($sanitizer->filterString('filename'), $gallery); require_once 'includes/widgets/header.php'; require_once 'includes/widgets/sidebar.php'; Galleries::getPrevNext($image['filename'], $gallery, $prev, $next, $cii, $count); $tpl->assign('imageNumber', $cii + 1); $tpl->assign('imageCount', $count); $tpl->assign('prevFilename', $prev); $tpl->assign('nextFilename', $next); $tpl->assign('image', $image); $tpl->assign('gallery', $gallery); if (strpos($image['filename'], '.jpg') != null) { $tpl->assign('exifData', \libAllure\array_flatten(@exif_read_data($gallery['fullPath'] . $image['filename']))); } else { $tpl->assign('exifData', null); } $tpl->display('viewGalleryImage.tpl'); require_once 'includes/widgets/footer.php';
<?php require_once 'includes/common.php'; require_once 'includes/classes/FormUpdateAvatar.php'; use libAllure\Session; use libAllure\Sanitizer; requireLogin(); if (!Session::hasPriv('CHANGE_AVATAR')) { redirect('account.php', 'You do not have permission to change you avatar.'); } if (isset($_REQUEST['user']) && Session::hasPriv('CHANGE_OTHERS_AVATAR')) { $sanitizer = new Sanitizer(); $user = $sanitizer->filterUint('user'); } else { $user = Session::getUser()->getId(); } $f = new FormUpdateAvatar($user); if ($f->validate()) { $f->process(); redirect('updateAvatar.php?user='******'Avatar updated.'); } require_once 'includes/widgets/header.php'; require_once 'includes/widgets/sidebar.php'; echo '<div class = "box"><h2><a href = "account.php">Account</a> » Avatar</h2>'; $avatar = 'resources/images/avatars/' . $user . '.png'; if (!file_exists($avatar)) { $avatar = 'resources/images/defaultAvatar.png'; } echo '<div style = "width:20%; display: inline-block; vertical-align: top;">'; echo '<img src = "' . $avatar . '" alt = "avatar" />'; echo '</div>';