143 lines
2.5 KiB
PHP
143 lines
2.5 KiB
PHP
|
<?php
|
||
|
|
include_once("includes/cached_functions.php");
|
||
|
|
$host_name = "localhost";
|
||
|
|
$database_name = "sos_data";
|
||
|
|
$database_user = "root";
|
||
|
|
$database_password = "";
|
||
|
|
$port="3306";
|
||
|
|
extract($_REQUEST);
|
||
|
|
extract($_GET);
|
||
|
|
extract($_POST);
|
||
|
|
|
||
|
|
// if(isset($_REQUEST)){
|
||
|
|
|
||
|
|
// error_log ( "Start Validating Request Attributes for special character check" );
|
||
|
|
// $requestStr="";
|
||
|
|
// foreach ( $_REQUEST as $key => $value ) {
|
||
|
|
// $requestStr.=$key . " : " . $value . "\n";
|
||
|
|
// error_log ( $key . " : " . $value . "<br />\r\n" );
|
||
|
|
// $white_list = str_split('0123456789
|
||
|
|
// abcdefghijklmnopqrstuvwxyz
|
||
|
|
|
||
|
|
// ABCDEFGHIJKLMNOPQRSTUVWXYZ.,?@_-$');
|
||
|
|
// foreach($_REQUEST as $key => &$val){
|
||
|
|
// $char_list = str_split($val);
|
||
|
|
// error_log("evaluating param ".$key." with value as ".$val." for whitelist");
|
||
|
|
// $val = trim($val);
|
||
|
|
// if($val==''){
|
||
|
|
// continue;
|
||
|
|
// }
|
||
|
|
// if(trim($val)!=''){
|
||
|
|
// foreach($char_list as $c){
|
||
|
|
// error_log("evaluating ".$c."character for whitelist");
|
||
|
|
// if(!in_array($c,$white_list)){
|
||
|
|
// error_log("Invalid Request.".$c." is an unsafe character");
|
||
|
|
// echo "<script>location.replace('index.php?msg=You are successfully logged out. Please login again')</script>";
|
||
|
|
// exit("unsafe request");
|
||
|
|
// break;
|
||
|
|
// }
|
||
|
|
// }
|
||
|
|
// }
|
||
|
|
// }
|
||
|
|
// }
|
||
|
|
|
||
|
|
// error_log ( "End Validating Request Attributes" );
|
||
|
|
|
||
|
|
|
||
|
|
// }
|
||
|
|
|
||
|
|
try
|
||
|
|
{
|
||
|
|
$dbh = new PDO("mysql:host=".$host_name.";port=".$port.";dbname=".$database_name,$database_user,$database_password);
|
||
|
|
}
|
||
|
|
catch (PDOException $e)
|
||
|
|
{
|
||
|
|
exit("Error: " . $e->getMessage());
|
||
|
|
}
|
||
|
|
$conn = mysqli_connect($host_name, $database_user, $database_password, $database_name,$port);
|
||
|
|
|
||
|
|
$GLOBALS['conn'] = $conn;
|
||
|
|
|
||
|
|
if (!$conn) {
|
||
|
|
error_log("Failed to connect to mysqli:" . mysqli_connect_errno());
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
@session_start();
|
||
|
|
|
||
|
|
if (!empty($_POST)) {
|
||
|
|
|
||
|
|
reset($_POST);
|
||
|
|
|
||
|
|
|
||
|
|
foreach ($_POST as $k => $v) {
|
||
|
|
|
||
|
|
|
||
|
|
${$k} = $v;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!empty($_GET)) {
|
||
|
|
|
||
|
|
reset($_GET);
|
||
|
|
|
||
|
|
foreach ($_GET as $k => $v) {
|
||
|
|
${$k} = $v;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!empty($_SERVER)) {
|
||
|
|
|
||
|
|
reset($_SERVER);
|
||
|
|
|
||
|
|
foreach ($_SERVER as $k => $v) {
|
||
|
|
|
||
|
|
${$k} = $v;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!empty($_COOKIE)) {
|
||
|
|
|
||
|
|
reset($_COOKIE);
|
||
|
|
|
||
|
|
foreach ($_COOKIE as $k => $v) {
|
||
|
|
|
||
|
|
${$k} = $v;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
if (!empty($_SESSION)) {
|
||
|
|
|
||
|
|
reset($_SESSION);
|
||
|
|
|
||
|
|
foreach ($_SESSION as $k => $v) {
|
||
|
|
|
||
|
|
|
||
|
|
${$k} = $v;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
// if (!empty($_FILES))
|
||
|
|
|
||
|
|
// {
|
||
|
|
|
||
|
|
// reset($_FILES);
|
||
|
|
|
||
|
|
// while (list($k,$v) = each($_FILES))
|
||
|
|
|
||
|
|
// {
|
||
|
|
|
||
|
|
// ${$k} = $v['tmp_name'];
|
||
|
|
|
||
|
|
// ${$k._name} = $v['name'];
|
||
|
|
|
||
|
|
// ${$k._type} = $v['type'];
|
||
|
|
|
||
|
|
// ${$k._size} = $v['size'];
|
||
|
|
|
||
|
|
// ${$k._error} = $v['error'];
|
||
|
|
|
||
|
|
// }
|
||
|
|
|
||
|
|
// }
|
||
|
|
//include_once('../../log_entry.php');
|