polr/req.php

<?php
@(require_once('config.php'));
include('version.php');
$debug = 0; // Set to 1 in order to enable debug mode (shows sensitive database info), use for troubleshooting
$footer = "&copy; Copyright 2014 $wsn. Powered by <a href='http://github.com/cydrobolt/polr'>Polr</a> ver $version build $reldate";
//connect to mysql with $mysqli variable
$mysqli = new mysqli($host, $user, $passwd, $db) or $wp = 1; //If cannot connect, then set var $wp to 1
// Attempt to set Charset as UTF8 to avoid real_escape_string vulnerabilities
if (!$mysqli->set_charset("utf8")) {
    $insecure = TRUE;
} else {
    $insecure = FALSE;
}

function autoloader($class) {
        include $class . '.php';
}

spl_autoload_register('autoloader');
session_start();

function sqlex($table, $rowf, $where, $wval) {
    global $mysqli; //Import var into function
//Sanitize strings
    $rowfs = $mysqli->real_escape_string($rowf);
    $tables = $mysqli->real_escape_string($table);
    $wheres = $mysqli->real_escape_string($where);
    $wvals = $mysqli->real_escape_string($wval);
    $q2p = "SELECT {$rowfs} FROM {$tables} WHERE {$wheres}=?";
	$stmt = $mysqli->prepare($q2p);
	$stmt->bind_param('s', $wvals);
	$stmt->execute();
	$result = $stmt->get_result();
    $numrows = $result->num_rows;
    if (!$numrows) {
        return false;
    } else {
        return true;
    }
}

function sqlfetch($table, $rowf, $where, $wval) {
    global $mysqli;

    $rowfs = $mysqli->real_escape_string($rowf);
    $tables = $mysqli->real_escape_string($table);
    $wheres = $mysqli->real_escape_string($where);
    $wvals = $mysqli->real_escape_string($wval);

    //$query = "SELECT $rowfs FROM $tables WHERE $wheres='$wvals'";
    $q2p = "SELECT {$rowfs} FROM {$tables} WHERE {$wheres}=?";
	$stmt = $mysqli->prepare($q2p);
	$stmt->bind_param('s', $wvals);
	$stmt->execute();
	$result = $stmt->get_result();
    $row = mysqli_fetch_assoc($result);
    return $row[$rowf];
}

//SQL Functions
//Sanitize input when using sqlrun!
function sqlrun($query) {
    global $mysqli;
    $queryrs = $query;
    $resultrs = $mysqli->query($queryrs) or ($err =  $mysqli->error);
    if (strstr($err, "already exists")) {
        echo "<br />Could not create tables because the database already has Polr tables (perhaps from a previous installation?). Delete the existing Polr table and try again. You can also export the database and restore it after installation, however, the old database may not be compatible. ";
        die();
    }
    return true;
}


function showerror() {
	//Show an error, and die. If Debug is on, show SQL error message
    global $debug;
    global $mysqli;
    echo "There seems to be a problem. Contact an administrator to report this issue.";
    if ($debug == 1) {
        echo "<br>Error:<br>";
        echo $mysqli->error;
    }
    die();
}


function filterurl($url) {
    if (!filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_HOST_REQUIRED)) {
        return false;
    } else {
        return true;
    }
}
function filteremail($email) {
	// Validate an email
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        return false;
    } else {
        return true;
    }
}
Merging from Origin/Master - Open Sourcing Code Open sourcing Polr Code from Origin/Master located on polr.cf 2014-02-14 16:02:59 +01:00			`<?php`
Changed from WS branch to REL branch 2014-02-17 21:30:36 +01:00			`@(require_once('config.php'));`
			`include('version.php');`
secret URLs 2014-11-08 16:10:31 +01:00			`$debug = 0; // Set to 1 in order to enable debug mode (shows sensitive database info), use for troubleshooting`
Changed from WS branch to REL branch 2014-02-17 21:30:36 +01:00			`$footer = "© Copyright 2014 $wsn. Powered by <a href='http://github.com/cydrobolt/polr'>Polr</a> ver $version build $reldate";`
Merging from Origin/Master - Open Sourcing Code Open sourcing Polr Code from Origin/Master located on polr.cf 2014-02-14 16:02:59 +01:00			`//connect to mysql with $mysqli variable`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`$mysqli = new mysqli($host, $user, $passwd, $db) or $wp = 1; //If cannot connect, then set var $wp to 1`
Security patches 2014-11-08 00:14:21 +01:00			`// Attempt to set Charset as UTF8 to avoid real_escape_string vulnerabilities`
			`if (!$mysqli->set_charset("utf8")) {`
			`$insecure = TRUE;`
			`} else {`
			`$insecure = FALSE;`
			`}`
Merging from Origin/Master - Open Sourcing Code Open sourcing Polr Code from Origin/Master located on polr.cf 2014-02-14 16:02:59 +01:00
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`function autoloader($class) {`
			`include $class . '.php';`
			`}`
Merging from Origin/Master - Open Sourcing Code Open sourcing Polr Code from Origin/Master located on polr.cf 2014-02-14 16:02:59 +01:00
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`spl_autoload_register('autoloader');`
			`session_start();`

			`function sqlex($table, $rowf, $where, $wval) {`
			`global $mysqli; //Import var into function`
Merging from Origin/Master - Open Sourcing Code Open sourcing Polr Code from Origin/Master located on polr.cf 2014-02-14 16:02:59 +01:00			`//Sanitize strings`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`$rowfs = $mysqli->real_escape_string($rowf);`
			`$tables = $mysqli->real_escape_string($table);`
			`$wheres = $mysqli->real_escape_string($where);`
			`$wvals = $mysqli->real_escape_string($wval);`
fix sqlfetch issues 2014-11-08 22:13:25 +01:00			`$q2p = "SELECT {$rowfs} FROM {$tables} WHERE {$wheres}=?";`
more security updates (slowly but surely) and htaccess update 2014-11-08 21:11:03 +01:00			`$stmt = $mysqli->prepare($q2p);`
fix sqlfetch issues 2014-11-08 22:13:25 +01:00			`$stmt->bind_param('s', $wvals);`
more security updates (slowly but surely) and htaccess update 2014-11-08 21:11:03 +01:00			`$stmt->execute();`
			`$result = $stmt->get_result();`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`$numrows = $result->num_rows;`
			`if (!$numrows) {`
			`return false;`
			`} else {`
			`return true;`
			`}`
Merging from Origin/Master - Open Sourcing Code Open sourcing Polr Code from Origin/Master located on polr.cf 2014-02-14 16:02:59 +01:00			`}`
more security updates (slowly but surely) and htaccess update 2014-11-08 21:11:03 +01:00
			`function sqlfetch($table, $rowf, $where, $wval) {`
			`global $mysqli;`

			`$rowfs = $mysqli->real_escape_string($rowf);`
			`$tables = $mysqli->real_escape_string($table);`
			`$wheres = $mysqli->real_escape_string($where);`
			`$wvals = $mysqli->real_escape_string($wval);`

			`//$query = "SELECT $rowfs FROM $tables WHERE $wheres='$wvals'";`
fix sqlfetch issues 2014-11-08 22:13:25 +01:00			`$q2p = "SELECT {$rowfs} FROM {$tables} WHERE {$wheres}=?";`
more security updates (slowly but surely) and htaccess update 2014-11-08 21:11:03 +01:00			`$stmt = $mysqli->prepare($q2p);`
fix sqlfetch issues 2014-11-08 22:13:25 +01:00			`$stmt->bind_param('s', $wvals);`
more security updates (slowly but surely) and htaccess update 2014-11-08 21:11:03 +01:00			`$stmt->execute();`
			`$result = $stmt->get_result();`
			`$row = mysqli_fetch_assoc($result);`
			`return $row[$rowf];`
			`}`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00
readd sqlrun 2014-11-08 21:43:11 +01:00			`//SQL Functions`
			`//Sanitize input when using sqlrun!`
			`function sqlrun($query) {`
			`global $mysqli;`
			`$queryrs = $query;`
fix sqlfetch issues 2014-11-08 22:13:25 +01:00			`$resultrs = $mysqli->query($queryrs) or ($err = $mysqli->error);`
			`if (strstr($err, "already exists")) {`
			`echo "<br />Could not create tables because the database already has Polr tables (perhaps from a previous installation?). Delete the existing Polr table and try again. You can also export the database and restore it after installation, however, the old database may not be compatible. ";`
			`die();`
			`}`
readd sqlrun 2014-11-08 21:43:11 +01:00			`return true;`
			`}`


HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`function showerror() {`
			`//Show an error, and die. If Debug is on, show SQL error message`
			`global $debug;`
			`global $mysqli;`
more security updates (slowly but surely) and htaccess update 2014-11-08 21:11:03 +01:00			`echo "There seems to be a problem. Contact an administrator to report this issue.";`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`if ($debug == 1) {`
			`echo "<br>Error:<br>";`
			`echo $mysqli->error;`
			`}`
			`die();`
Merging from Origin/Master - Open Sourcing Code Open sourcing Polr Code from Origin/Master located on polr.cf 2014-02-14 16:02:59 +01:00			`}`

HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00
			`function filterurl($url) {`
			`if (!filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_HOST_REQUIRED)) {`
Merging from Origin/Master - Open Sourcing Code Open sourcing Polr Code from Origin/Master located on polr.cf 2014-02-14 16:02:59 +01:00			`return false;`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`} else {`
			`return true;`
Merging from Origin/Master - Open Sourcing Code Open sourcing Polr Code from Origin/Master located on polr.cf 2014-02-14 16:02:59 +01:00			`}`
HUGE update: add features from PaaS, readying for 0.15 Stable 2014-06-21 15:27:18 +02:00			`}`
			`function filteremail($email) {`
			`// Validate an email`
			`if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {`
			`return false;`
			`} else {`
Merging from Origin/Master - Open Sourcing Code Open sourcing Polr Code from Origin/Master located on polr.cf 2014-02-14 16:02:59 +01:00			`return true;`
			`}`
			`}`