$value) {
list($column, $dontEscapeValue) = extractSuffixChar($column, '=');
if (!preg_match('/^(\w+)$/', $column)) { die(__FUNCTION__. ": Invalid column name '" .htmlspecialchars($column, ENT_QUOTES, 'UTF-8'). "'!"); } // error checking: whitelist column chars to prevent sql injection
if ($dontEscapeValue) { $mysqlSet .= "`$column` = $value, "; }
else { $mysqlSet .= "`$column` = '" . mysql_escape($value) . "', "; }
}
}
//
$mysqlSet = chop($mysqlSet, ', ');
return $mysqlSet;
}
}
if (!function_exists('extractSuffixChar')) {
function extractSuffixChar($string, $acceptableSuffixChars) {
if (!strlen($string)) { return array($string, null); }
$suffixChar = substr($string, -1);
if (strpos($acceptableSuffixChars, $suffixChar) === FALSE) {
return array($string, null);
}
$newString = substr($string, 0, -1);
return array($newString, $suffixChar);
}
}
// limit by IP
$allowedIPs = array('0.0.0.0', '184.71.180.122', '127.0.0.1', '192.168.1.99');
if (!in_array($_SERVER['REMOTE_ADDR'], $allowedIPs)) {
die("Sorry, you are not allowed to access this program from {$_SERVER['REMOTE_ADDR']}");
}
//
if (@$_REQUEST['createAccount']) {
$username = @$_REQUEST['newUsername'];
$password = @$_REQUEST['newPassword'];
if ($isEncrypted) { $password = getPasswordDigest($password); }
if (mysql_count('accounts', "username = '".mysql_escape($username)."'")) { die("username must be unique"); }
mysqlStrictMode(FALSE);
mysql_insert('accounts', array(
'username' => $username,
'password' => $password,
'fullname' => $username,
'email' => $username . '@example.com',
'isAdmin' => '1',
'disabled' => '0',
'expiresDate' => '0000-00-00 00:00:00',
'neverExpires' => '1',
'createdDate' => mysql_datetime(),
'updatedDate' => mysql_datetime(),
'createdByUserNum' => '0',
'updatedByUserNum' => '0',
));
$userNum = mysql_insert_id();
mysql_insert('_accesslist', array(
'userNum' => $userNum,
'tableName' => 'all',
'accessLevel' => '9',
'maxRecords=' => 'NULL',
'randomSaveId' => '1234567890',
));
mysqlStrictMode(TRUE);
}
//
list($accountsRecords, $accountsMetaData) = getRecords(array(
'tableName' => 'accounts',
'where' => 'isAdmin = 1',
'allowSearch' => FALSE,
));
?>