PHP myRedirect函数代码示例

 * @author Bill Newman <williamnewman@gmail.com>
 * @version 3.02 2011/05/18
 * @link http://www.newmanix.com/
 * @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0
 * @see demo_list_pager.php
 * @todo none
 */

# '../' works for a sub-folder.  use './' for the root  
require '../inc_0700/config_inc.php'; #provides configuration, pathing, error handling, db credentials
 
# check variable of item passed in - if invalid data, forcibly redirect back to demo_list_pager.php page
if(isset($_GET['id']) && (int)$_GET['id'] > 0){#proper data must be on querystring
	 $myID = (int)$_GET['id']; #Convert to integer, will equate to zero if fails
}else{
	myRedirect(VIRTUAL_PATH . "demo/demo_list_pager.php");
}

//sql statement to select individual item
$sql = "select MuffinName,Description,MetaDescription,MetaKeywords,Price from test_Muffins where MuffinID = " . $myID;
//---end config area --------------------------------------------------

$foundRecord = FALSE; # Will change to true, if record found!
   
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(),$sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));

if(mysqli_num_rows($result) > 0)
{#records exist - process
	   $foundRecord = TRUE;	
	   while ($row = mysqli_fetch_assoc($result))

function updateExecute()
{
    global $config;
    $myConn = conn('', FALSE);
    # MUST precede formReq() function, which uses active connection to parse data
    $redirect = $config->adminEdit;
    # global var used for following formReq redirection on failure
    $FirstName = formReq('FirstName');
    # formReq calls dbIn() internally, to check form data
    $LastName = formReq('LastName');
    $Email = strtolower(formReq('Email'));
    $Privilege = formReq('Privilege');
    $AdminID = formReq('AdminID');
    #check for duplicate email
    $sql = sprintf("select AdminID from " . PREFIX . "Admin WHERE (Email='%s') and AdminID != %d", $Email, $AdminID);
    $result = mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
    if (mysql_num_rows($result) > 0) {
        # someone already has email!
        feedback("Email already exists - please choose a different email.");
        myRedirect($config->adminEdit);
        # duplicate email
    }
    #sprintf() function allows us to filter data by type while inserting DB values.  Illegal data is neutralized, ie: numerics become zero
    $sql = sprintf("UPDATE " . PREFIX . "Admin set FirstName='%s',LastName='%s',Email='%s',Privilege='%s' WHERE AdminID=%d", $FirstName, $LastName, $Email, $Privilege, (int) $AdminID);
    mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
    //feedback success or failure of insert
    if (mysql_affected_rows($myConn) > 0) {
        $msg = "Admin Updated!";
        feedback("Successfully Updated!", "notice");
        if ($_SESSION["AdminID"] == $AdminID) {
            #this is me!  update current session info:
            $_SESSION["Privilege"] = $Privilege;
            $_SESSION["FirstName"] = $FirstName;
        }
    } else {
        feedback("Data NOT Updated! (or not changed from original values)");
    }
    get_header();
    echo '
		<div align="center"><h3>Edit Administrator</h3></div>
		<div align="center"><a href="' . $config->adminEdit . '">Edit More</a></div>
		<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
		';
    get_footer();
}

/**
 * mysqli version of formReq()
 * 
 * Requires data submitted as isset() and passes data to 
 * idbIn() which processes per MySQL standards, adding slashes and 
 * attempting to prevent SQL injection.
 *     
 * Upon failure, user is forcibly redirected to global variable,  
 * $redirect, which is applied just before checking a series of form values.
 *
 * mysqli version requires explicit connection, $myConn
 *
 *<code>
 * $iConn = conn("admin",TRUE); //mysqli connection
 * $myVar = iformReq($_POST['myVar'],$iConn);
 * $otherVar = iformReq($_POST['otherVar'],$iConn);
 *</code>
 *
 * @uses idbIn()
 * @see formReq() 
 * @param string $var data as entered by user
 * @param object $myConn active mysqli DB connection, passed by reference.
 * @return string returns data filtered by MySQL, adding slashes, etc.
 * @todo none
 */
function iformReq($var, &$iConn)
{
    /**
     * $redirect stores page to redirect user to upon failure 
     * These variables are declared in the page, just before the form fields are tested.
     *
     * @global string $redirect
     */
    global $redirect;
    if (!isset($_POST[$var])) {
        feedback("Required Form Data Not Passed", "error");
        if (!isset($redirect) || $redirect == "") {
            //if no redirect indicated, use the current page!
            myRedirect(THIS_PAGE);
        } else {
            myRedirect($redirect);
        }
    } else {
        return idbIn($_POST[$var], $iConn);
    }
}

        exit;
    }
}
$tyyp_id = 14;
$site->debug->print_hash($site->fdat, 1, "FDAT");
$leht = new Leht(array(id => $site->fdat['id'] ? $site->fdat['id'] : $site->alias("rub_home_id")));
$objekt = new Objekt(array(objekt_id => $site->fdat['id'], on_sisu => 1));
if (!$objekt->objekt_id) {
    //redirect 404 lehele
    header('Location: index.php?id=' . $site->alias(array('key' => '404error')));
    exit;
}
$obj_conf = new CONFIG($objekt->all['ttyyp_params']);
if ($site->fdat['output_device'] == 'pda') {
    if (strlen($site->fdat['text']) < 2 || strlen($site->fdat['nimi']) < 2) {
        myRedirect($site->fdat['redirect_url']);
        exit;
    }
    $name = trim($site->user->all['firstname'] . ' ' . $site->user->all['lastname']);
    $nimi = trim($site->fdat['nimi']);
    if ($name != $nimi) {
        $site->fdat['nimi'] .= ' (nimi muudetud)';
    }
}
$already = 0;
############ get all parent object: trail
$trail_objs = $leht->parents->list;
#oldfor ($y=-1;$y>-10;$y--){
$i = 0;
foreach ($trail_objs as $i => $myobj) {
    # skip the first array element - itself

//END CONFIG AREA ----------------------------------------------------------
$access = "superadmin";
#superadmin or above can add new administrators
include_once INCLUDE_PATH . 'admin_only_inc.php';
#session protected page - level is defined in $access var
if (isset($_POST['Email'])) {
    # if Email is set, check for valid data
    if (!onlyEmail($_POST['Email'])) {
        //data must be alphanumeric or punctuation only
        feedback("Data entered for email is not valid", "error");
        myRedirect($config->adminAdd);
    }
    if (!onlyAlphaNum($_POST['PWord1'])) {
        //data must be alphanumeric or punctuation only
        feedback("Password must contain letters and numbers only.", "error");
        myRedirect($config->adminAdd);
    }
    $myConn = conn('', FALSE);
    # MUST precede formReq() function, which uses active connection to parse data
    $FirstName = formReq('FirstName');
    # formReq calls dbIn() internally, to check form data
    $LastName = formReq('LastName');
    $AdminPW = formReq('PWord1');
    $Email = strtolower(formReq('Email'));
    $Privilege = formReq('Privilege');
    #sprintf() function allows us to filter data by type while inserting DB values.  Illegal data is neutralized, ie: numerics become zero
    $sql = sprintf("INSERT into " . PREFIX . "Admin (FirstName,LastName,AdminPW,Email,Privilege,DateAdded) VALUES ('%s','%s',SHA('%s'),'%s','%s',NOW())", $FirstName, $LastName, $AdminPW, $Email, $Privilege);
    @mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
    # insert is done here
    # feedback success or failure of insert
    if (mysql_affected_rows($myConn) > 0) {

 * @version 2.10 2012/02/28
 * @link http://www.newmanix.com/
 * @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0
 * @see feed_list.php
 * @todo none
 */
# '../' works for a sub-folder.  use './' for the root
require '../inc_0700/config_inc.php';
#provides configuration, pathing, error handling, db credentials
# check variable of item passed in - if invalid data, forcibly redirect back to feed_list.php page
if (isset($_GET['id']) && (int) $_GET['id'] > 0) {
    #proper data must be on querystring
    $myID = (int) $_GET['id'];
    #Convert to integer, will equate to zero if fails
} else {
    myRedirect(VIRTUAL_PATH . "feed/news_list.php");
}
/**
 *
 * INDIVIDUAL ITEMS FROM LIST PAGE
 *
 */
//sql statement to select individual item
$sql = <<<QUERY

        SELECT f.FeedName, f.FeedURL
            FROM wn16_categoryfeedlink l
        LEFT JOIN wn16_feed f 
            ON f.FeedID = l.FeedID
        RIGHT JOIN wn16_newscategories c 
            ON c.CategoryID = l.CategoryID

 * @link http://www.newmanix.com/
 * @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0
 * @see demo_list_upload.php
 * @see upload_form.php
 * @see upload_execute.php 
 * @todo none
 */

 # '../' works for a sub-folder.  use './' for the root
require '../inc_0700/config_inc.php'; #provides configuration, pathing, error handling, db credentials 

# check variable of item passed in - if invalid data, forcibly redirect back to list page 
if(isset($_GET['id']) && (int)$_GET['id'] > 0){#proper data must be on querystring
	 $myID = (int)$_GET['id']; #Convert to integer, will equate to zero if fails
}else{
	myRedirect(VIRTUAL_PATH . "demo/demo_list_upload.php");
}

# sql statement to select individual item
$sql = "select MuffinName,Description,MetaDescription,MetaKeywords,Price from test_Muffins where MuffinID = " . $myID;

$foundRecord = FALSE; # Will change to true, if record found!
   
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(),$sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));

if(mysqli_num_rows($result) > 0)
{#records exist - process
	   $foundRecord = TRUE;	
	   while ($row = mysqli_fetch_assoc($result))
	   {

 */
# '../' works for a sub-folder.  use './' for the root
require '../inc_0700/config_inc.php';
#provides configuration, pathing, error handling, db credentials
spl_autoload_register('MyAutoLoader::NamespaceLoader');
$config->titleTag = smartTitle();
#Fills <title> tag. If left empty will fallback to $config->titleTag in config_inc.php
$config->metaDescription = smartTitle() . ' - ' . $config->metaDescription;
//END CONFIG AREA ----------------------------------------------------------
# check variable of item passed in - if invalid data, forcibly redirect back to demo_list.php page
if (isset($_GET['id']) && (int) $_GET['id'] > 0) {
    #proper data must be on querystring
    $myID = (int) $_GET['id'];
    #Convert to integer, will equate to zero if fails
} else {
    myRedirect(VIRTUAL_PATH . "surveys/index.php");
}
get_header();
#defaults to header_inc.php
?>
<h3 align="center">Survey View</h3>
<?php 
$mySurvey = new SurveySez\Survey($myID);
//dumpDie($mySurvey);
if ($mySurvey->isValid) {
    //if the survey exsits, show data
    echo '<p>Survey Title:<b>' . $mySurvey->Title . '</b></p>';
    $mySurvey->showQuestions();
} else {
    //appologise
    echo '<div>There appears to be no such survey</div>';

function insertExecute()
{
    $iConn = IDB::conn();
    //must have DB as variable to pass to mysqli_real_escape() via iformReq()
    $redirect = THIS_PAGE;
    //global var used for following formReq redirection on failure
    $FirstName = strip_tags(iformReq('FirstName', $iConn));
    $LastName = strip_tags(iformReq('LastName', $iConn));
    $Email = strip_tags(iformReq('Email', $iConn));
    //next check for specific issues with data
    if (!ctype_graph($_POST['FirstName']) || !ctype_graph($_POST['LastName'])) {
        //data must be alphanumeric or punctuation only
        feedback("First and Last Name must contain letters, numbers or punctuation");
        myRedirect(THIS_PAGE);
    }
    if (!onlyEmail($_POST['Email'])) {
        //data must be alphanumeric or punctuation only
        feedback("Data entered for email is not valid");
        myRedirect(THIS_PAGE);
    }
    //build string for SQL insert with replacement vars, %s for string, %d for digits
    $sql = "INSERT INTO test_Customers (FirstName, LastName, Email) VALUES ('%s','%s','%s')";
    # sprintf() allows us to filter (parameterize) form data
    $sql = sprintf($sql, $FirstName, $LastName, $Email);
    @mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR));
    #feedback success or failure of update
    if (mysqli_affected_rows($iConn) > 0) {
        //success!  provide feedback, chance to change another!
        feedback("Customer Added Successfully!", "notice");
    } else {
        //Problem!  Provide feedback!
        feedback("Customer NOT added!");
    }
    myRedirect(THIS_PAGE);
}

 * @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0
 * @see demo_list_meaningful.php
 * @see upload_form.php
 * @see upload_execute.php 
 * @todo align table name and/or item name changes with image name
 */
# '../' works for a sub-folder.  use './' for the root
require '../inc_0700/config_inc.php';
#provides configuration, pathing, error handling, db credentials
# check variable of item passed in - if invalid data, forcibly redirect back to list page
if (isset($_GET['id']) && (int) $_GET['id'] > 0) {
    #proper data must be on querystring
    $myID = (int) $_GET['id'];
    #Convert to integer, will equate to zero if fails
} else {
    myRedirect(VIRTUAL_PATH . "demo/demo_list_meaningful.php");
}
# sql statement to select individual item
$sql = "select MuffinName,Description,MetaDescription,MetaKeywords,Price from test_Muffins where MuffinID = " . $myID;
$foundRecord = FALSE;
# Will change to true, if record found!
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
    #records exist - process
    $foundRecord = TRUE;
    while ($row = mysqli_fetch_assoc($result)) {
        $MuffinName = dbOut($row['MuffinName']);
        $Description = dbOut($row['Description']);
        $Price = dbOut($row['Price']);
        $MetaDescription = dbOut($row['MetaDescription']);

 * @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0
 * @see demo_list_curvy.php
 * @see upload_form.php
 * @see upload_execute.php 
 * @todo none
 */
# '../' works for a sub-folder.  use './' for the root
require '../inc_0700/config_inc.php';
#provides configuration, pathing, error handling, db credentials
# check variable of item passed in - if invalid data, forcibly redirect back to list page
if (isset($_GET['id']) && (int) $_GET['id'] > 0) {
    #proper data must be on querystring
    $myID = (int) $_GET['id'];
    #Convert to integer, will equate to zero if fails
} else {
    myRedirect(VIRTUAL_PATH . "demo/demo_list_curvy.php");
}
//sql statement to select individual item
$sql = "select MuffinName,Description,MetaDescription,MetaKeywords,Price from test_Muffins where MuffinID = " . $myID;
$foundRecord = FALSE;
# Will change to true, if record found!
# connection comes first in mysqli (improved) function
$result = mysqli_query(IDB::conn(), $sql) or die(trigger_error(mysqli_error(IDB::conn()), E_USER_ERROR));
if (mysqli_num_rows($result) > 0) {
    #records exist - process
    $foundRecord = TRUE;
    while ($row = mysqli_fetch_assoc($result)) {
        $MuffinName = dbOut($row['MuffinName']);
        $Description = dbOut($row['Description']);
        $Price = dbOut($row['Price']);
        $MetaDescription = dbOut($row['MetaDescription']);

function updateExecute()
{
    global $config;
    if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) {
        $myID = (int) $_POST['AdminID'];
        #Convert to integer, will equate to zero if fails
    } else {
        feedback("AdminID not numeric", "warning");
        myRedirect($config->adminReset);
    }
    if (!onlyAlphaNum($_POST['PWord1'])) {
        //data must be alphanumeric or punctuation only
        feedback("Data entered for password must be alphanumeric only");
        myRedirect(THIS_PAGE);
    }
    $myConn = conn('', FALSE);
    $redirect = $config->adminReset;
    # global var used for following formReq redirection on failure
    $AdminID = formReq('AdminID');
    # calls dbIn internally, to check form data
    $AdminPW = formReq('PWord1');
    # SHA() is the MySQL function that encrypts the password
    $sql = sprintf("UPDATE " . PREFIX . "Admin set AdminPW=SHA('%s') WHERE AdminID=%d", $AdminPW, $AdminID);
    @mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
    //feedback success or failure of insert
    if (mysql_affected_rows($myConn) > 0) {
        feedback("Password Successfully Reset!", "notice");
    } else {
        feedback("Password NOT Reset! (or not changed from original value)");
    }
    get_header();
    echo '
	<div align="center"><h3>Reset Administrator Password</h3></div>
	<div align="center"><a href="' . $config->adminReset . '">Reset More</a></div>
	<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
	';
    get_footer();
}

$config->titleTag = 'Log File Details';
#Fills <title> tag. If left empty will fallback to $config->titleTag in config_inc.php
$config->metaRobots = 'no index, no follow';
#never index admin pages
//END CONFIG AREA ----------------------------------------------------------
$access = "admin";
#admins can edit themselves, developers can edit any - don't change this var or no one can edit their own data
include_once INCLUDE_PATH . 'admin_only_inc.php';
#session protected page - level is defined in $access var
if (isset($_GET['del'])) {
    #prepare to delete log file
    $myDelete = trim($_GET['del']);
    unlink(LOG_PATH . $myDelete);
    #deletes file
    feedback("File '" . $myDelete . "' successfully deleted!");
    myRedirect(ADMIN_PATH . 'admin_log_list.php');
    #redirect back to list page with message
}
if (isset($_GET['f'])) {
    #file info from qstring
    $fileName = trim($_GET['f']);
    $filePath = LOG_PATH . $_GET['f'];
} else {
    $fileName = "No File Found";
}
$config->loadhead = '
<script language="JavaScript">
function confirmDelete()
{
	var agree=confirm("Are you sure you wish to delete this log file?");
	if(agree)

<?php

/**
 * index.php is an ADMIN ONLY page for redirects! 
 *
 * DO NOT place this folder in the root of your application space!
 *
 * DO place this in the ADMIN folder! (whatever you name it!!)
 *
 * @package nmCommon
 * @author Blake Schwartz
 * @version 2.09x 2015
 * @link http://www.newmanix.com/
 * @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0
 * @see config_inc.php 
 * @todo none
 */
require '../inc_0700/config_inc.php';
#provides configuration, pathing, error handling, db credentials
$redirect_to_login = TRUE;
#if true, will redirect to admin login page, else redirect to main site index
# END CONFIG AREA ----------------------------------------------------------
if ($redirect_to_login) {
    # redirect to current login page
    myRedirect($config->adminLogin);
} else {
    #redirect to main site index
    myRedirect(VIRTUAL_PATH . "index.php");
}

/**
 * handles POST data and formulates email response.
 * 
 * @param string $skipFields comma separated string of POST elements to be skipped
 * @param boolean $sendEmail indicates whether developer wants email sent or not
 * @param string $fromAddress fallback 'noreply' address for domain hosting page
 * @param string $toAddress address to receive email
 * @param string $website name of website where form was filled out
 * @param string $fromDomain name of website where form was filled out     
 * @return none 
 * @uses show_POST()
 * @todo none
 */
function handle_POST($skipFields, $sendEmail, $toName, $fromAddress, $toAddress, $website, $fromDomain)
{
    $aSkip = explode(",", $skipFields);
    #split form elements to skip into array
    $postData = show_POST($aSkip);
    #loops through and creates select POST data for display/email
    $fromAddress = "";
    //default
    if (is_email($_POST['Email'])) {
        #Only use Email for return address if valid
        $fromAddress = $_POST['Email'];
        # extra email injector paranoia courtesy of DH: http://wiki.dreamhost.com/PHP_mail()#Mail_Header_Injection
        $fromAddress = preg_replace("([\r\n])", "", $fromAddress);
    }
    if ($sendEmail) {
        #create email
        if (isset($_POST['Name'])) {
            $Name = $_POST['Name'];
        } else {
            $Name = "";
        }
        #Name, if used part of subject
        foreach ($_POST as $value) {
            #Content-Type: is too similar to email injection to allow
            $spaceless = str_replace(" ", "", $value);
            #in case hacker is clever enough to remove spaces
            if (stripos($spaceless, 'Content-Type:') !== FALSE) {
                feedback("Incorrect form data. Email NOT sent. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
                myRedirect(THIS_PAGE);
            }
        }
        $Name = safe($Name);
        #Name is part of Subject/header - filter code further for email injection
        if ($Name != "") {
            $SubjectName = " from: " . $Name . ",";
        } else {
            $SubjectName = "";
        }
        #Name, if used part of subject
        $postData = str_replace("<br />", PHP_EOL . PHP_EOL, $postData);
        #replace <br /> tags with double c/r
        $Subject = $website . " message" . $SubjectName . " " . date('F j, Y g:i a');
        $txt = $Subject . PHP_EOL . PHP_EOL . $postData;
        email_handler($toAddress, $toName, $Subject, $txt, $fromAddress, $Name, $website, $fromDomain);
    } else {
        //print data only
        print "Data printed only.  Email <b>not</b> sent!<br />";
        echo $postData;
        #Shows select POST data
        echo '<a href="' . THIS_PAGE . '">Reset Form</a><br />';
    }
}