本文整理汇总了PHP中Security::escape方法的典型用法代码示例。如果您正苦于以下问题:PHP Security::escape方法的具体用法?PHP Security::escape怎么用?PHP Security::escape使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Security
的用法示例。
在下文中一共展示了Security::escape方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: resetPassword
public function resetPassword($user, $key, $password)
{
$db = new Database();
$user = Security::escape($user);
$oldKey = Security::escape($key);
$password = Security::escape($password);
$key = Security::generateKey();
$password = Security::encode($password);
$req = "SELECT * FROM accounts WHERE username = ? AND userKey = ?";
$result = $db->execute($req, array($user, $oldKey));
$stmt = $result->fetch();
$req = "UPDATE accounts SET userKey = ? WHERE id = ?";
$db->execute($req, array($key, $stmt['id']));
$req = "UPDATE passwords SET password = ? WHERE account = ?";
$db->execute($req, array($password, $stmt['id']));
}
示例2: lister
/**
* Creates a list (an array) of objects of the class, based on the value of a certain field. Offsets, limits, types of search, sort orders and groupings can be specified as well
*
* @param string $sender the class used
* @param string $field the field used to select the values that we want
* @param string $value the value that the field should have
* @param string $order the field by which we should sort the list (if specified)
* @param string $offset an offset used to skip a number of objects (if specified)
* @param string $limit used to limit the number of returned objects (if specified)
* @param string $search if set, this overrides the value and is used instead. uses LIKE '%search%' in sql instead of =
* @param string $way the sort order (asc or desc)
* @param string $group any group by clause
* @uses Security::escape()
* @uses function classToTable to get the correct tablename for the class (the sender parameter)
* @uses DB::query to get a list of matching ids
* @uses function loadByIds to load all objects that are to be returned from the function
* @return array an array of objects based on the parameters
*/
protected static function lister($sender, $field = null, $value = null, $order = null, $offset = null, $limit = null, $search = null, $way = null, $group = null)
{
// returnerar en lista med objekt där ett visst fält ($field) har ett visst värde ($value)
global $db;
$value = Security::escape($value);
$table = self::classToTable($sender);
$sql = "select * from {$table} ";
if ($field != null && $search != null) {
$sql .= "where {$field} like '%{$search}%' ";
} elseif ($field != "" && $value != "") {
$sql .= "where {$field} = '{$value}' ";
}
if ($group) {
$sql .= "group by " . $group . " ";
}
if ($order) {
$sql .= "order by " . $order . " ";
}
if ($way) {
$sql .= $way . " ";
}
if ($offset == null && $limit != null) {
$sql .= "limit 0," . $limit . " ";
} elseif ($offset) {
$sql .= "limit " . $offset . "," . $limit . " ";
}
$res = $db->query($sql);
$objects = array();
while ($row = mysql_fetch_assoc($res)) {
$objects[$row["id"]] = self::__getObj($sender, $row);
}
if (defined("DEBUG") && DEBUG && isset($_GET["mobject_debug"])) {
echo "\n<!--\n";
echo " Running query for {$sender} objects.\n";
echo " SQL: {$sql}\nResults:\n";
var_dump($objects);
echo "\n-->\n";
}
return $objects;
}
示例3: startOrongo
<?php
/**
* @author Jaco Ruit
*/
require '../startOrongo.php';
startOrongo();
if (isset($_POST['username']) && isset($_POST['password']) && !isset($_SESSION['orongo-id']) && !isset($_SESSION['orongo-session-id'])) {
$username = Security::escape($_POST['username']);
$password = Security::hash($_POST['password']);
if (User::usernameExists($username)) {
$userID = User::getUserID($username);
$goodLogin = User::isGoodPassword($userID, $password);
if ($goodLogin) {
if (!User::userIsActivated($userID)) {
header("Location: ../orongo-login.php?msg=7");
exit;
} else {
$_SESSION['orongo-id'] = $userID;
$_SESSION['orongo-session-id'] = Session::createSession($userID);
header("Location: ../orongo-admin/");
exit;
}
} else {
header("Location: ../orongo-login.php?msg=0");
exit;
}
} else {
header("Location: ../orongo-login.php?msg=0");
exit;
}
示例4: header
exit;
}
if ($_POST['password'] != $_POST['password_again']) {
header("Location: " . orongoURL("orongo-register.php?msg=0"));
exit;
}
if (strlen($_POST['username']) < 4 || strlen($_POST['username']) > 20) {
header("Location: " . orongoURL("orongo-register.php?msg=2"));
exit;
}
if (strlen($_POST['password']) < 6) {
header("Location: " . orongoURL("orongo-register.php?msg=3"));
exit;
}
$name = Security::escape($_POST['username']);
$email = Security::escape($_POST['email']);
$password = Security::hash($_POST['password']);
if (User::usernameExists($name) == false) {
$user = null;
try {
$user = User::registerUser($name, $email, $password, RANK_USER);
} catch (Exception $e) {
header("Location: " . orongoURL("orongo-login.php?msg=3"));
exit;
}
$activationLink = User::generateActivationURL($user->getID());
$mail = MailFactory::generateActivationEmail($user->getName(), $activationLink);
$sendEmail = mail($user->getEmail(), $mail['subject'], $mail['message'], $mail['headers']);
if (!$sendEmail) {
header("Location: " . orongoURL("orongo-login.php?msg=3"));
exit;
示例5: define
define("OK", 31);
function errorDie($paramError, $paramErrorCode)
{
$arrayToJs = array();
$arrayToJs["response"] = $paramError;
$arrayToJs["response_code"] = $paramErrorCode;
die(json_encode($arrayToJs));
}
if (!isset($_POST['article']) || !is_numeric($_POST['article'])) {
errorDie("No article!", NO_ARTICLE);
exit;
}
if (!isset($_POST['content'])) {
errorDie("Comment has no content!", NO_CONTENT);
exit;
}
if (strlen($_POST['content']) < 3) {
errorDie("Content is too short!", TOO_SHORT);
exit;
}
$user = getUser();
if ($user == null) {
errorDie("You need to be logged in in order to post comments.", NOT_LOGGED_IN);
exit;
}
$comment = Comment::createComment(Security::escape($_POST['article']), $user);
$comment->setContent(Security::escape($_POST['content']));
$succesArray = array();
$succesArray["response"] = "Comment posted!";
$succesArray["response_code"] = OK;
die(json_encode($succesArray));
示例6: foreach
exit;
}
foreach ($lastCommentArr as $comment) {
if ($comment instanceof Comment == false) {
continue;
}
if ($comment->getID() <= $_POST['last_comment_id']) {
errorDie("No new comments! ", NO_NEW_COMMENTS);
exit;
} else {
$newLCID = $comment->getID();
}
}
$newComments = null;
try {
$newComments = orongo_query("action=fetch&object=comment&max=1000000&offset=" . Security::escape($_POST['offset']) . "&order=comment.id,asc&where=article.id:" . Security::escape($_POST['article']));
} catch (Exception $e) {
die("500");
}
$newComments = array_reverse($newComments);
$html = "";
if (getStyle()->doCommentHTML()) {
try {
$html = getStyle()->getCommentsHTML($newComments);
} catch (Exception $e) {
foreach ($newComments as $comment) {
$html .= $comment->toHTML();
}
}
} else {
foreach ($newComments as $comment) {
示例7: PopSmarty
<?php
require_once $_SERVER["DOCUMENT_ROOT"] . "/php/init.php";
Security::demand(USER, null, false);
$smarty = new PopSmarty();
$mid = Security::escape($_GET['id']);
$do = Security::escape($_GET['do']);
$medlem_to_send = Medlem::loadById($mid);
$smarty->assign("medlem_to_send", $medlem_to_send);
$smarty->assign("mid", $mid);
if ($do == 'send') {
$smarty->assign("is_replay", false);
if (isset($_GET['re'])) {
$id = Security::escape($_GET['re']);
$mail_to_read = MotiomeraMail::loadById($id);
$smarty->assign("is_replay", true);
$text_message_decoded = str_replace("<br>", "", $mail_to_read->getMsg());
$text_message_decoded = str_replace("<br />", "", $mail_to_read->getMsg());
$text_message = "\n\n********************\n";
$text_message .= $text_message_decoded;
$smarty->assign("text_message", $text_message);
$smarty->assign("mail_to_read", $mail_to_read);
}
$action = "send";
} else {
if ($do == 'sent') {
$action = "sent";
}
}
$smarty->assign("action", $action);
$smarty->display('send_mail.tpl');
示例8: isset
<?php
include $_SERVER["DOCUMENT_ROOT"] . "/php/init.php";
Security::demand(USER);
$id_to_remove = Security::escape($_POST['id_to_remove']);
MotiomeraMail::removeMail($id_to_remove);
/*
$send_to = Security::escape($_POST['mid']);
$amne = isset($_POST['amne']) ? Security::escape($_POST['amne']) : "";
$msg = isset($_POST['msg']) ? $_POST['msg'] : "";
$sent_from = $USER->getId();
$date = date("Y-m-d H:i:s");
$mm_mail = new MotiomeraMail($amne, $msg, $sent_from, $send_to, $date, 0, 0);
header("Location: /pages/mail.php?do=sent&mid=" . $send_to);
*/
示例9:
<?php
include $_SERVER["DOCUMENT_ROOT"] . "/php/init.php";
Security::demand(USER);
$my_id = Security::escape($_POST['my_id']);
$action = Security::escape($_POST['todo']);
$folder_name = Security::escape($_POST['folder_name']);
if ($action == 'create') {
$motiomeraMail_Folders = new MotiomeraMail_Folders($my_id);
$folder_created = $motiomeraMail_Folders->createFolder(utf8_encode($folder_name));
if ($folder_created) {
echo '1';
exit;
}
echo '0';
exit;
}
示例10: Tagg
if (isset($_GET["id"])) {
// uppdatera bilden
$db->nonquery("\tUPDATE\n\t\t\t\t\t\t\t\tmm_fotoalbumbild\n\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\tnamn = '" . Security::escape($_POST["namn"]) . "',\n\t\t\t\t\t\t\t\tbeskrivning = '" . Security::escape($_POST["beskrivning"]) . "',\n\t\t\t\t\t\t\t\tfotoalbum_id = '" . Security::escape($_POST["fotoalbum"]) . "'\n\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\tid = '" . $_GET["id"] . "'\n\t\t\t");
if (!empty($_POST['kid']) || !empty($_GET['id'])) {
$tag = new Tagg(array('objekt_table' => 'mm_fotoalbumbild', 'objekt_id' => $_GET["id"], 'objekt_namn' => $_POST['namn'], 'tag_table' => 'mm_kommun', 'tag_id' => $_POST['kid'], 'medlem_id' => $USER->getId()));
}
$urlHandler->redirect("Fotoalbum", URL_VIEW, $_GET["fid"]);
} else {
// uppdatera namn & beskrivningar på fotona
foreach ($_POST["namn"] as $id => $namn) {
if (isset($_POST["fotoalbum"][$id])) {
$album_sql = ", fotoalbum_id = '" . Security::escape($_POST["fotoalbum"][$id]) . "'";
} else {
$album_sql = "";
}
$db->nonquery("\tUPDATE\n\t\t\t\t\t\t\t\t\tmm_fotoalbumbild\n\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\tnamn = '" . Security::escape($_POST["namn"][$id]) . "',\n\t\t\t\t\t\t\t\t\tbeskrivning = '" . Security::escape($_POST["beskrivning"][$id]) . "'\n\t\t\t\t\t\t\t\t\t{$album_sql}\n\t\t\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\t\t\tid = '" . $id . "'\n\t\t\t\t");
}
if (!empty($_POST['kid'])) {
$tag = new Tagg(array('objekt_table' => 'mm_fotoalbumbild', 'objekt_id' => $id, 'objekt_namn' => $_POST['namn'], 'tag_table' => 'mm_kommun', 'tag_id' => $_POST['kid'], 'medlem_id' => $USER->getId()));
}
$urlHandler->redirect("Fotoalbum", URL_LIST);
}
break;
case "anslagstavlarad":
if (isset($_POST["aid"])) {
$anslagstavla = Anslagstavla::loadById($_POST["aid"]);
$anslagstavla->addRad($_POST["atext"]);
}
break;
case "newkeys":
if (isset($_GET['foretagsid']) && isset($_GET['orderid']) && isset($_GET['numkeys']) && (int) $_GET['numkeys'] > 0 && Security::authorized(ADMIN)) {
示例11: PopSmarty
<?php
require_once $_SERVER["DOCUMENT_ROOT"] . "/php/init.php";
Security::demand(USER, null, false);
$smarty = new PopSmarty();
$id = Security::escape($_GET['id']);
$is_inbox = isset($_GET['is_inbox']) ? Security::escape($_GET['is_inbox']) : false;
$mail_to_read = MotiomeraMail::loadById($id);
if (!isset($USER) || !($mail_to_read->getToId() == $USER->getId() or $mail_to_read->getSentFrom() == $USER->getId())) {
throw new UserException('Ett fel har uppstått', 'Mailet du försöker läsa är inte skickat till dig.');
}
if (isset($is_inbox) && $is_inbox == '1') {
$mail_to_read->setIsRead(1);
}
$smarty->assign("id", $id);
$smarty->assign("is_inbox", $is_inbox);
$smarty->assign("mail_to_read", $mail_to_read);
$smarty->assign("my_id", $USER->getId());
global $SETTINGS;
$fromMedlem = Medlem::loadById($mail_to_read->getSentFrom());
$smarty->assign("medlem", $fromMedlem);
$reserverade_anvandare = $SETTINGS["reserverade_anvandare"];
foreach ($reserverade_anvandare as $k => $anv) {
$reserverade_anvandare[$k] = strtolower($anv);
}
if (isset($SETTINGS["reserverade_anvandare"])) {
$replyable = in_array(strtolower($fromMedlem->getANamn()), $reserverade_anvandare) ? 0 : 1;
} else {
$replyable = 1;
}
$smarty->assign("replyable", $replyable);
示例12:
<?php
include $_SERVER["DOCUMENT_ROOT"] . "/php/init.php";
Security::demand(USER);
$folder_id = Security::escape($_GET['folder_id']);
$move_to = Security::escape($_GET['move_to']);
$nrofmails = Security::escape($_GET['nrofmails']);
if ($nrofmails > 0) {
for ($i = 0; $i < $nrofmails; $i++) {
$getvar = 'mail_id_' . $i;
$mail_id = Security::escape($_GET[$getvar]);
$motiomeraMail = MotiomeraMail::loadById($mail_id);
$motiomeraMail->setToInFolder($move_to);
}
}
header("Location: /pages/mail.php?do=inbox&folder_id=" . $folder_id);
示例13: escape
public function escape($string)
{
return Security::escape($string);
}
示例14: PopSmarty
<?php
require_once $_SERVER["DOCUMENT_ROOT"] . "/php/init.php";
Security::demand(USER, null, false);
$smarty = new PopSmarty();
$id = Security::escape($USER->getId());
$myself = Medlem::loadById($id);
$my_contacts = $myself->getUsersThatHasMeAsContact(0);
$smarty->assign("my_contacts", $my_contacts);
$smarty->assign("my_id", $USER->getId());
$smarty->display('write_new.tpl');
示例15:
<?php
include $_SERVER["DOCUMENT_ROOT"] . "/php/init.php";
Security::demand(USER);
$my_id = Security::escape($_POST['my_id']);
$multiple = Security::escape($_POST['multiple']);
if ($multiple == 0) {
$folder_id = Security::escape($_POST['folder_id']);
MotiomeraMail::removeMailFromFolder($folder_id, $my_id);
} else {
$nroffolders = Security::escape($_POST['nroffolders']);
for ($i = 0; $i < $nroffolders; $i++) {
$postvar = 'folder_id_' . $i;
$folder_id = Security::escape($_POST[$postvar]);
MotiomeraMail::removeMailFromFolder($folder_id, $my_id);
}
}