- Timestamp:
- Nov 19, 2009, 10:54:46 PM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
extensions/NBC_UserAdvManager/branches/2.12/admin/UserAdvManager_admin.php
r4168 r4317 45 45 $error = array(); 46 46 $UserAdvManager_Password_Test_Score = 0; 47 $pattern = '/;/'; 48 $replacement = '.'; 49 50 $UserAdvManager_MailInfo_Error_Txt = false; 51 $UserAdvManager_ConfirmMail_Error_Txt = false; 52 $UserAdvManager_Reminder_Error_Txt = false; 53 $UserAdvManager_ConfirmMail_Error_Txt1 = false; 54 $UserAdvManager_ConfirmMail_Error_Txt2 = false; 47 55 48 56 // +-----------------------------------------------------------------------+ … … 60 68 61 69 if (isset($_POST['submit']) and !is_adviser() and isset($_POST['UserAdvManager_Mail_Info']) and isset($_POST['UserAdvManager_No_Casse']) and isset($_POST['UserAdvManager_Username_Char']) and isset($_POST['UserAdvManager_Confirm_Mail']) and isset($_POST['UserAdvManager_No_Comment_Anonymous']) and isset($_POST['UserAdvManager_Password_Enforced']) and isset($_POST['UserAdvManager_AdminPassword_Enforced']) and isset($_POST['UserAdvManager_GhostUser_Tracker'])) 62 { 70 { 63 71 $_POST['UserAdvManager_MailInfo_Text'] = str_replace("\'", "'", str_replace("\\\\", "\\", $_POST['UserAdvManager_MailInfo_Text'])); 72 64 73 $_POST['UserAdvManager_ConfirmMail_Text'] = str_replace("\'", "'", str_replace("\\\\", "\\", $_POST['UserAdvManager_ConfirmMail_Text'])); 65 74 66 $_POST['UserAdvManager_GhostTracker_ReminderText'] = str_replace("\'", "'", str_replace("\\\\", "\\", $_POST['UserAdvManager_GhostTracker_ReminderText'])); 75 $_POST['UserAdvManager_GhostTracker_ReminderText'] = str_replace("\'", "'", str_replace("\\\\", "\\", $_POST['UserAdvManager_GhostTracker_ReminderText'])); 76 77 78 /* Control of semicolons - Replaced by dots - Warning message is displayed */ 79 if ((preg_match($pattern, $_POST['UserAdvManager_MailInfo_Text'])) or (preg_match($pattern, $_POST['UserAdvManager_GhostTracker_ReminderText'])) or (preg_match($pattern, $_POST['UserAdvManager_ConfirmMail_Text']))) 80 { 81 if (preg_match($pattern, $_POST['UserAdvManager_MailInfo_Text'])) 82 { 83 $_POST['UserAdvManager_MailInfo_Text'] = preg_replace($pattern, $replacement, $_POST['UserAdvManager_MailInfo_Text']); 84 $UserAdvManager_MailInfo_Error_Txt = true; 85 } 86 87 if (preg_match($pattern, $_POST['UserAdvManager_ConfirmMail_Text'])) 88 { 89 $_POST['UserAdvManager_ConfirmMail_Text'] = preg_replace($pattern, $replacement, $_POST['UserAdvManager_ConfirmMail_Text']); 90 $UserAdvManager_ConfirmMail_Error_Txt = true; 91 } 92 93 if (preg_match($pattern, $_POST['UserAdvManager_GhostTracker_ReminderText'])) 94 { 95 $_POST['UserAdvManager_GhostTracker_ReminderText'] = preg_replace($pattern, $replacement, $_POST['UserAdvManager_GhostTracker_ReminderText']); 96 $UserAdvManager_Reminder_Error_Txt = true; 97 } 98 99 array_push($page['errors'], l10n('mail_text_error')); 100 } 67 101 68 102 $newconf_nbc_UserAdvManager = $_POST['UserAdvManager_Mail_Info'].';'.$_POST['UserAdvManager_No_Casse'].';'.$_POST['UserAdvManager_Confirm_Mail'].';'.(isset($_POST['UserAdvManager_No_Confirm_Group'])?$_POST['UserAdvManager_No_Confirm_Group']:'').';'.(isset($_POST['UserAdvManager_Validated_Group'])?$_POST['UserAdvManager_Validated_Group']:'').';'.(isset($_POST['UserAdvManager_Validated_Status'])?$_POST['UserAdvManager_Validated_Status']:'').';'.$_POST['UserAdvManager_No_Comment_Anonymous'].';'.$_POST['UserAdvManager_Username_Char'].';'.$_POST['UserAdvManager_Username_List'].';'.(isset($_POST['UserAdvManager_No_Confirm_Status'])?$_POST['UserAdvManager_No_Confirm_Status']:'').';'.$_POST['UserAdvManager_MailInfo_Text'].';'.$_POST['UserAdvManager_ConfirmMail_Text'].';'.$_POST['UserAdvManager_MailExclusion'].';'.$_POST['UserAdvManager_MailExclusion_List'].';'.$_POST['UserAdvManager_Password_Enforced'].';'.$_POST['UserAdvManager_Password_Score'].';'.$_POST['UserAdvManager_AdminPassword_Enforced'].';'.$_POST['UserAdvManager_GhostUser_Tracker'].';'.$_POST['UserAdvManager_GhostTracker_DayLimit'].';'.$_POST['UserAdvManager_GhostTracker_ReminderText']; … … 107 141 $result = pwg_query($query); 108 142 109 while ($row = mysql_fetch_a rray($result))143 while ($row = mysql_fetch_assoc($result)) 110 144 { 111 145 $groups[$row['id']] = $row['name']; … … 214 248 'UserAdvManager_GHOSTRACKER_REMINDERTEXT' => $conf_nbc_UserAdvManager[19], 215 249 'UserAdvManager_PASSWORD_TEST_SCORE' => $UserAdvManager_Password_Test_Score, 250 'UserAdvManager_ERROR_REPORTS1' => $UserAdvManager_MailInfo_Error_Txt, 251 'UserAdvManager_ERROR_REPORTS2' => $UserAdvManager_ConfirmMail_Error_Txt, 252 'UserAdvManager_ERROR_REPORTS3' => $UserAdvManager_Reminder_Error_Txt, 216 253 ) 217 254 ); … … 238 275 $result = pwg_query($query); 239 276 240 while($row = mysql_fetch_a rray($result))277 while($row = mysql_fetch_assoc($result)) 241 278 { 242 $msg_error1 .= (($msg_error1 <> '') ? '<br/>' : '') . l10n('Err_audit_no_casse'). $row['username'];279 $msg_error1 .= (($msg_error1 <> '') ? '<br/>' : '') . l10n('Err_audit_no_casse').stripslashes($row['username']); 243 280 } 244 281 } … … 256 293 $result = pwg_query($query); 257 294 258 while($row = mysql_fetch_a rray($result))295 while($row = mysql_fetch_assoc($result)) 259 296 { 260 if (!ValidateUsername( $row['username']))261 $msg_error2 .= (($msg_error2 <> '') ? '<br/>' : '') . l10n('Err_audit_username_char'). $row['username'];297 if (!ValidateUsername(stripslashes($row['username']))) 298 $msg_error2 .= (($msg_error2 <> '') ? '<br/>' : '') . l10n('Err_audit_username_char').stripslashes($row['username']); 262 299 } 263 300 } … … 275 312 $result = pwg_query($query); 276 313 277 while($row = mysql_fetch_a rray($result))314 while($row = mysql_fetch_assoc($result)) 278 315 { 279 316 $conf_nbc_UserAdvManager = isset($conf['nbc_UserAdvManager']) ? explode(";" , $conf['nbc_UserAdvManager']) : array(); … … 284 321 if (preg_match($pattern, $row['mail_address'])) 285 322 { 286 $msg_error3 .= (($msg_error3 <> '') ? '<br/>' : '') . l10n('Err_audit_email_forbidden'). $row['username'].' ('.$row['mail_address'].')';323 $msg_error3 .= (($msg_error3 <> '') ? '<br/>' : '') . l10n('Err_audit_email_forbidden').stripslashes($row['username']).' ('.$row['mail_address'].')'; 287 324 } 288 325 } … … 340 377 { 341 378 $_POST['UserAdvManager_ConfirmMail_ReMail_Txt1'] = str_replace("\'", "'", str_replace("\\\\", "\\", $_POST['UserAdvManager_ConfirmMail_ReMail_Txt1'])); 379 342 380 $_POST['UserAdvManager_ConfirmMail_ReMail_Txt2'] = str_replace("\'", "'", str_replace("\\\\", "\\", $_POST['UserAdvManager_ConfirmMail_ReMail_Txt2'])); 381 382 /* Control of semicolons - Replaced by dots - Warning message displayed */ 383 if ((preg_match($pattern, $_POST['UserAdvManager_ConfirmMail_ReMail_Txt1'])) or (preg_match($pattern, $_POST['UserAdvManager_ConfirmMail_ReMail_Txt2']))) 384 { 385 if ((preg_match($pattern, $_POST['UserAdvManager_ConfirmMail_ReMail_Txt1']))) 386 { 387 $_POST['UserAdvManager_ConfirmMail_ReMail_Txt1'] = preg_replace($pattern, $replacement, $_POST['UserAdvManager_ConfirmMail_ReMail_Txt1']); 388 $UserAdvManager_ConfirmMail_Error_Txt1 = true; 389 } 390 391 if ((preg_match($pattern, $_POST['UserAdvManager_ConfirmMail_ReMail_Txt2']))) 392 { 393 $_POST['UserAdvManager_ConfirmMail_ReMail_Txt2'] = preg_replace($pattern, $replacement, $_POST['UserAdvManager_ConfirmMail_ReMail_Txt2']); 394 395 $UserAdvManager_ConfirmMail_Error_Txt2 = true; 396 } 397 398 array_push($page['errors'], l10n('mail_text_error')); 399 } 343 400 344 401 $newconf_nbc_UserAdvManager_ConfirmMail = $_POST['UserAdvManager_ConfirmMail_TimeOut'].';'.$_POST['UserAdvManager_ConfirmMail_Delay'].';'.$_POST['UserAdvManager_ConfirmMail_ReMail_Txt1'].';'.$_POST['UserAdvManager_ConfirmMail_Remail'].';'.$_POST['UserAdvManager_ConfirmMail_ReMail_Txt2']; … … 371 428 'UserAdvManager_CONFIRMMAIL_REMAIL_TXT1' => $conf_nbc_UserAdvManager_ConfirmMail[2], 372 429 'UserAdvManager_CONFIRMMAIL_REMAIL_TXT2' => $conf_nbc_UserAdvManager_ConfirmMail[4], 430 'UserAdvManager_ERROR_REPORTS1' => $UserAdvManager_ConfirmMail_Error_Txt1, 431 'UserAdvManager_ERROR_REPORTS2' => $UserAdvManager_ConfirmMail_Error_Txt2, 373 432 ) 374 433 ); … … 588 647 WHERE id = '".$user_id."' 589 648 ;"; 590 $data = mysql_fetch_a rray(pwg_query($query));649 $data = mysql_fetch_assoc(pwg_query($query)); 591 650 592 ResendMail2User($typemail,$user_id, $data['username'],$data['mail_address'],true);651 ResendMail2User($typemail,$user_id,stripslashes($data['username']),$data['mail_address'],true); 593 652 } 594 653 array_push( … … 673 732 ;"; 674 733 675 $data = mysql_fetch_a rray(pwg_query($query));734 $data = mysql_fetch_assoc(pwg_query($query)); 676 735 677 ResendMail2User($typemail,$user_id, $data['username'],$data['mail_address'],false);736 ResendMail2User($typemail,$user_id,stripslashes($data['username']),$data['mail_address'],false); 678 737 } 679 738 array_push( … … 757 816 ;"; 758 817 759 $data = mysql_fetch_a rray(pwg_query($query));818 $data = mysql_fetch_assoc(pwg_query($query)); 760 819 761 820 ForceValidation($data['id']); … … 788 847 $result = pwg_query($query); 789 848 790 while ($row = mysql_fetch_a rray($result))849 while ($row = mysql_fetch_assoc($result)) 791 850 { 792 851 $groups[$row['id']] = $row['name']; … … 884 943 'U_PROFILE' => $profile_url.$local_user['id'], 885 944 'U_PERM' => $perm_url.$local_user['id'], 886 'USERNAME' => $local_user['username']945 'USERNAME' => stripslashes($local_user['username']) 887 946 .($local_user['id'] == $conf['guest_id'] 888 947 ? '<BR />['.l10n('is_the_guest').']' : '') … … 1112 1171 ;"; 1113 1172 1114 $data = mysql_fetch_a rray(pwg_query($query));1173 $data = mysql_fetch_assoc(pwg_query($query)); 1115 1174 1116 ghostreminder($user_id, $data['username'],$data['mail_address']);1175 ghostreminder($user_id,stripslashes($data['username']),$data['mail_address']); 1117 1176 } 1118 1177 array_push( … … 1156 1215 $result = pwg_query($query); 1157 1216 1158 while ($row = mysql_fetch_a rray($result))1217 while ($row = mysql_fetch_assoc($result)) 1159 1218 { 1160 1219 list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();')); … … 1183 1242 $result = pwg_query($query); 1184 1243 1185 while($row = mysql_fetch_a rray($result))1244 while($row = mysql_fetch_assoc($result)) 1186 1245 { 1187 1246 list($dbnow) = mysql_fetch_row(pwg_query('SELECT NOW();')); … … 1276 1335 'ID' => $local_user['id'], 1277 1336 'CHECKED' => $checked, 1278 'USERNAME' => $local_user['username']1337 'USERNAME' => stripslashes($local_user['username']) 1279 1338 .($local_user['id'] == $conf['guest_id'] 1280 1339 ? '<BR />['.l10n('is_the_guest').']' : '')
Note: See TracChangeset
for help on using the changeset viewer.