public function enviar() { try { $Sql = new Sql(); $Sql->inicio(); $agendaDAO = new AgendaDAO(); $agenda = $agendaDAO->consultaCodigo(toNumero(GetVar('agenda'))); $empregadosDAO = new EmpregadosDAO(); $destinatarios = $empregadosDAO->listarSelecao(GetVar('destinatarios')); $emailController = new EmailController(); $listaEmail = array(); foreach ($destinatarios as $key => $empregado) { if ($empregado['email_emp'] != "") { $listaEmail[] = array("email" => $empregado['email_emp'], "nome" => $empregado['nome_emp']); } $agendaEnviadoEmpreg = new AgendaEnviadoEmpreg(); $agendaEnviadoEmpreg->setAgendaAee(toNumero(GetVar('agenda'))); $agendaEnviadoEmpreg->setEmpregadoAee(toNumero($empregado['codigo_emp'])); $agendaDAO->cadastrar($agendaEnviadoEmpreg, $codigo_aee, $Sql); } $emailController->setAssunto("Agendamento de Entrevista"); $emailController->setConteudo($this->montaAgendamento($agenda[0])); $emailController->setListaEmail($listaEmail); $return = $emailController->enviarEmail(); if (is_string($return)) { throw new Exception($return); } $Sql->commit($return); $result = $return ? 'Comunicado de Agendamento enviado com sucesso.' : 'Erro ao enviar Comunicado de Agendamento.'; echo json_encode(array("success" => is_string($return) ? false : $return, "msg" => is_string($return) ? $return : $result)); } catch (Exception $e) { echo json_encode(array("success" => false, "msg" => $e->getMessage())); } }
public function excluir() { $usuario = new Usuarios(); $usuario->setCodigoUsr(toNumero(GetVar('codigo_usr'))); $usuariosDAO = new UsuariosDAO(); $return = $usuariosDAO->excluir($usuario); $result = $return ? 'Registro Excluido com sucesso.' : 'Erro ao Excluir Registro.'; echo json_encode(array("success" => is_string($return) ? false : $return, "msg" => is_string($return) ? $return : $result)); }
public function excluir() { $empregado = new Empregado(); $empregado->setCodigoEmp(toNumero(GetVar('codigo_emp'))); $empregadosDAO = new EmpregadosDAO(); $return = $empregadosDAO->excluir($empregado); $result = $return ? 'Registro Excluido com sucesso.' : 'Erro ao Excluir Registro.'; echo json_encode(array("success" => is_string($return) ? false : $return, "msg" => is_string($return) ? $return : $result)); }
public function logar() { $login = new Login(); $login->setLoginUsr(toTexto(GetVar('login_usr'))); $login->setSenhaUsr(toTexto(sha1(GetVar('senha_usr')))); $loginDAO = new LoginDAO(); $return = $loginDAO->logar($login); $result = $return ? 'Login efetuado com sucesso. Aguarde...' : 'Usuario ou Senha incorretos.'; echo json_encode(array("success" => is_string($return) ? false : $return, "msg" => is_string($return) ? $return : $result)); }
public function cadastrar() { try { $Sql = new Sql(); $Sql->inicio(); $elogiosDAO = new ElogiosDAO(); $elogio = $elogiosDAO->listarElogio(toNumero(GetVar('elogio'))); $elogioEnvio = new ElogioEnvio(); $elogioEnvio->setElogioEen(toNumero(GetVar('elogio'))); $elogioEnvio->setDataEen(toDateTime()); $elogioEnvio->setDescricaoEen(toTexto(GetVar('descricao'))); $elogioEnvio->setResponsavelEen(toTexto(GetVar('responsavel'))); $codigo_een = ""; $elogiosDAO->cadastrar($elogioEnvio, $codigo_een, $Sql); $elogios = array(); $empregadosDAO = new EmpregadosDAO(); $elogiados = $empregadosDAO->listarSelecao(GetVar('elogiados')); foreach ($elogiados as $key => $empregado) { $empregado['descricao_een'] = GetVar('descricao'); $empregado['responsavel_een'] = GetVar('responsavel'); $empregado['data_een'] = date("d/m/Y"); $elogios[]["caminhoArquivo"] = $this->criaElogio($empregado, $elogio[0]['template_elo']); $elogioEnviadoEmpreg = new ElogioEnviadoEmpreg(); $elogioEnviadoEmpreg->setElogioenvioEee(toNumero($codigo_een)); $elogioEnviadoEmpreg->setEmpregadoEee(toNumero($empregado['codigo_emp'])); $elogiosDAO->cadastrar($elogioEnviadoEmpreg, $codigo_eee, $Sql); } $emailController = new EmailController(); $destinatarios = $empregadosDAO->listarSelecao(GetVar('destinatarios')); $listaEmail = array(); foreach ($destinatarios as $key => $empregado) { if ($empregado['email_emp'] != "") { $listaEmail[] = array("email" => $empregado['email_emp'], "nome" => $empregado['nome_emp']); } } $emailController->setAssunto("Elogios"); $emailController->setConteudo("Elogios"); $emailController->setListaAnexos($elogios); $emailController->setListaEmail($listaEmail); $return = $emailController->enviarEmail(); if (is_string($return)) { throw new Exception($return); } $Sql->commit($return); $result = $return ? 'Elogio feito com sucesso.' : 'Erro ao fazer o Elogio.'; echo json_encode(array("success" => is_string($return) ? false : $return, "msg" => is_string($return) ? $return : $result)); } catch (Exception $e) { echo json_encode(array("success" => false, "msg" => $e->getMessage())); } }
function GetVar($name) { if (is_array($name)) { foreach ($name as $var) { GetVar($var); } } else { if (!isset($_REQUEST[$name])) { return false; } if (get_magic_quotes_gpc()) { $_REQUEST[$name] = ssr($_REQUEST[$name]); } $GLOBALS[$name] = $_REQUEST[$name]; return $GLOBALS[$name]; } }
/** * @get Image(Button) on Ajax Listing * @$ID * @return $img */ public function getImage($ID) { global $gdbobj; global $generalobj; switch ($_GET['tabfile']) { //echo GetVar('iStateId'); case "state": $img = "<a href='index.php?file=ge-city&view=index&AX=Yes&parent=ge-state&iStateId=" . $ID . "' class='top-nav-active'>View Cities</a>"; break; case "city": $img = "<a href='index.php?file=ge-city&view=edit&AX=Yes&parent=ge-state&iCityId=" . $ID . "&iStateId=" . GetVar('iStateId') . "&addtype=zip' class='top-nav-active'>Add</a>"; break; case "newsletter": $img = "<a href='index.php?file=ge-sendnewsletter&view=edit&AX=Yes&parent=ge-newsletter&iNformatId=" . $ID . "'><img src='images/btn-send-list.gif' align='absmiddle' border='0' alt='Send Mail' style='cursor:pointer'></a>"; break; } return $img; }
public function salvar() { $config = "<?php\n"; $config .= "//===============================================================================================\n"; $config .= "// Banco de Dados\n"; $config .= "//===============================================================================================\n"; $config .= sprintf("define('MYSQL_USUARIO', '%s'); // USUARIO DO SQL\n", GetVar('usuario')); $config .= sprintf("define('MYSQL_SENHA', '%s'); // SENHA DO SQL\n", GetVar('senha')); $config .= sprintf("define('MYSQL_IP', '%s'); // IP LOCAL PADRAO ( 127.0.0.1 )\n", GetVar('host')); $config .= sprintf("define('MYSQL_DATABASE', '%s'); // DATABASE DO SQL\n", GetVar('base')); $config .= "//===============================================================================================\n"; $config .= "?>"; file_put_contents("../admin/include/Banco.php", ""); if (file_put_contents("../admin/include/Banco.php", $config)) { echo json_encode(array("success" => true, "msg" => "Configuracao salva com sucesso.")); } else { echo json_encode(array("success" => false, "msg" => "Ocorreu um erro ao salvar configuracao.")); } }
public function enviar() { try { $Sql = new Sql(); $Sql->inicio(); $comunicadosDAO = new ComunicadosDAO(); $comunicado = $comunicadosDAO->consultaCodigo(toNumero(GetVar('comunicado'))); $empregadosDAO = new EmpregadosDAO(); $destinatarios = $empregadosDAO->listarSelecao(GetVar('destinatarios')); $emailController = new EmailController(); $listaEmail = array(); foreach ($destinatarios as $key => $empregado) { if ($empregado['email_emp'] != "") { $listaEmail[] = array("email" => $empregado['email_emp'], "nome" => $empregado['nome_emp']); } $comunicadoEmpreg = new ComunicadoEmpreg(); $comunicadoEmpreg->setComunicadoCoe(toNumero(GetVar('comunicado'))); $comunicadoEmpreg->setEmpregadoCoe(toNumero($empregado['codigo_emp'])); $comunicadosDAO->cadastrar($comunicadoEmpreg, $codigo_coe, $Sql); } $emailController->setAssunto($comunicado[0]['titulo_com']); $emailController->setConteudo($comunicado[0]['comunicado_com']); $emailController->setListaEmail($listaEmail); $return = $emailController->enviarEmail(); if (is_string($return)) { throw new Exception($return); } $comunicado = new Comunicado(); $comunicado->setCodigoCom(toNumero(GetVar('comunicado'))); $comunicado->setAlteracaoCom(toDateTime()); $comunicadosDAO->alterar($comunicado, null, $Sql); $Sql->commit($return); $result = $return ? 'Comunicado enviado com sucesso.' : 'Erro ao enviar Comunicado.'; echo json_encode(array("success" => is_string($return) ? false : $return, "msg" => is_string($return) ? $return : $result)); } catch (Exception $e) { echo json_encode(array("success" => false, "msg" => $e->getMessage())); } }
function __construct() { if (method_exists($this, GetVar('action'))) { call_user_func(array($this, GetVar('action'))); } }
<?php /** * Add/Update File For Security Manager * @package addsecuritymanager.inc.php * @Section security_manager */ if (!isset($unitofmeasureObj)) { include_once SITE_CLASS_APPLICATION . 'class.UnitOfMeasure.php'; $unitofmeasureObj = new UnitOfMeasure(); } $gdbobj->getRequestVars(); $view = GetVar("view"); $iUnitId = GetVar("iUnitId"); $file = GetVar("file"); $arr = array(); if (count($_POST) > 0) { $arr[0] = $_POST; } else { if ($view == 'edit') { $arr = $unitofmeasureObj->select($iUnitId); // prints($arr); exit; } else { $view = "add"; } } $arr[0]['eStatus'] = isset($arr[0]['eStatus']) ? $arr[0]['eStatus'] : 'Active'; ?> <form name="frmadd" id="frmadd" action="index.php?file=<?php echo $file; ?>
public function getModuleInfo() { global $dbobj; $url = str_replace(SITE_FOLDER . ADMIN_FOLDER_CONST . "/", "", $_SERVER['REQUEST_URI']); $url = @explode("&", $url); $parenturl = @explode("=", $url[3]); if ($parenturl[0] != "") { $this->parenturl = $parenturl[0]; } else { $this->parenturl = ""; } if (isset($url[3]) && $url[3] != '' && $parenturl[0] == 'parent') { $moduleurl = "index.php?file=" . $parenturl[1]; } else { $moduleurl = $url[0]; } $label = array("ge-home", "ge-settings", "ge-backup", "ge-source", "ge-fullbkup", "ge-restore", "ge-help", "ge-document", "ge-access", "ge-inbox", "ge-comessage", "ge-sentmails", "ge-msgdetail", "ge-noaccess", "ge-sitemap"); if (isset($_GET['file']) && in_array($_GET['file'], $label)) { if ($_GET['file'] == 'ge-source' || $_GET['file'] == 'ge-fullbkup' || $_GET['file'] == 'ge-restore') { $moduleurl = 'index.php?file=ge-backup'; } if ($_GET['file'] == "ge-inbox" || $_GET['file'] == "ge-comessage" || $_GET['file'] == "ge-sentmails" || $_GET['file'] == "ge-msgdetail" || $_GET['file'] == "ge-noaccess") { $url = $moduleurl . "&view=add&AX=Yes"; $view = "add"; } else { $url = $moduleurl . "&view=edit&AX=Yes"; $view = "edit"; } } else { $url = $moduleurl . "&view=index&AX=Yes"; $view = GetVar('view'); } //Prints($view); if ($this->parenturl != "") { $this->dispview = $view; } else { $this->dispview = GetVar('view'); } $sql_menu = "SELECT iParentId,iModuleId\r\n\t\t\t\t\t FROM " . PRJ_DB_PREFIX . "_modules\r\n\t\t\t\t\t WHERE vLink='" . $url . "'\r\n\t\t\t\t\t AND eStatus = 'Active'\r\n\t\t\t\t\t AND iParentId <> '0'\r\n\t\t\t\t\t order by iDisporder ASC"; $db_menu_rs = $dbobj->MySQLSelect($sql_menu); return $db_menu_rs; }
<?php include S_SECTIONS . "/member/memberaccess.php"; $iOrganizationID = GetVar('id'); if ($sess_usertype == 'orgadmin' && $orgid != $iOrganizationID) { header("Location: " . SITE_URL_DUM . "oadashboard"); exit; } if (!isset($orgprefObj)) { include_once SITE_CLASS_APPLICATION . "organization/class.OrganizationPreference.php"; $orgprefObj = new OrganizationPreference(); } if (!isset($orgPrefVrfObj)) { include_once SITE_CLASS_APPLICATION . "organization/class.OrganizationPreferenceToverify.php"; $orgPrefVrfObj = new OrganizationPreferenceToverify(); } if (!isset($orgObj)) { require_once SITE_CLASS_APPLICATION . "organization/class.Organization.php"; $orgObj = new Organization(); } $orgdtls = $orgObj->select($iOrganizationID); $orgprefhistory = $orgprefObj->getHistory($iOrganizationID); // prints($orgprefhistory); exit; $smarty->assign('orgdtls', $orgdtls); $smarty->assign('orgprefhistory', $orgprefhistory);
$exist = 0; $mode = str_replace("|repadn|", "?", GetVar('mode')); $table = @explode(',', GetVar('table')); $Field_val = str_replace("|repadn|", "?", GetVar('val')); $comp_Field = str_replace("|repadn|", "?", GetVar('compid')); $iPrimId = str_replace("|repadn|", "?", GetVar('primeid')); $primeId_val = str_replace("|repadn|", "?", GetVar('primeval')); $tableprimid = @explode(',', GetVar('tableprimid')); $Thrtype = str_replace("|repadn|", "?", GetVar('Thrtype')); $vEmail = str_replace("|repadn|", "?", GetVar('vEmail')); $vUserName = str_replace("|repadn|", "?", GetVar('vUserName')); $eType = str_replace("|repadn|", "?", GetVar('eType')); $eSection = str_replace("|repadn|", "?", GetVar('eSection')); $vQuestion = str_replace("|repadn|", "?", GetVar('vQuestion')); $iUserId = str_replace("|repadn|", "?", GetVar('iUserId')); $iPercentage = str_replace("|repadn|", "?", GetVar('iPercentage')); $exist = 0; $extra_query = ""; if ($vEmail != '' && $vUserName != '') { $sql = "select iMemberId,if((vEmail='" . $vEmail . "'),'vEmail','vUserName') as field from " . $table[0] . " where vEmail='" . $vEmail . "' or vUserName = '******'"; $db_exist = $dbobj->MySQLselect($sql); if (count($db_exist) > 0) { $exist = 1; $comp_Field = $db_exist[0][field]; } else { $comp_Field = 'no'; } } else { if ($iUserId != '' && $iPercentage != '' && $mode == "add") { $sql = "select iUserId as field from " . $table[0] . " where iUserId='" . $iUserId . "' or iPercentage = '" . $iPercentage . "'"; $db_exist = $dbobj->MySQLselect($sql);
<?php if (!isset($rfq2Obj)) { include_once SITE_CLASS_APPLICATION . "user/class.RFQ2Master.php"; $rfq2Obj = new RFQ2Master(); } $status = GetVar('id'); $msg = GetVar('msg'); $sts = ""; if ($msg == 'isu' || $msg == 'acpt') { $sts = $msg; } $rfq2type = $gdbobj->getEnumSelect("" . PRJ_DB_PREFIX . "_rfq2_master", "eAuctionType", "eAuctionType", "eAuctionType", "", "", "class='form-control' ", "Select RFQ2 Type", "---Select---"); $bidcriteria = $gdbobj->getEnumSelect("" . PRJ_DB_PREFIX . "_rfq2_master", "eBidCriteria", "eBidCriteria", "eBidCriteria", "", "", "class='form-control' ", "Select Bid Criteria", "---Select---"); $smarty->assign('sts', $sts); $smarty->assign('status', $status); $smarty->assign('rfq2type', $rfq2type); $smarty->assign('bidcriteria', $bidcriteria);
<?php include S_SECTIONS . "/member/memberaccess.php"; if (!isset($rfq2Obj)) { include_once SITE_CLASS_APPLICATION . "user/class.RFQ2Master.php"; $rfq2Obj = new RFQ2Master(); } $id = GetVar('id'); $dtls = $rfq2Obj->select($id); $hdtls = $rfq2Obj->getHistory($id, $curORGID); // prints($hdtls); // exit; $smarty->assign('dtls', $dtls); $smarty->assign('hdtls', $hdtls);
include S_SECTIONS . "/member/memberaccess.php"; // pr($_GET); exit; $val = GetVar('val'); $field = GetVar('field'); $Data = GetVar('Data'); $id = GetVar('id'); $country = GetVar('country'); $orgtype = GetVar('orgtype'); $chkf = GetVar('chkf'); $chkfvl = GetVar('chkfvl'); $extc = GetVar('extc'); $chkfo = GetVar('chkfo'); $chkfvlo = GetVar('chkfvlo'); //$ownerid = GetVar('ownerid'); //$ownerfield = GetVar('ownerfield'); $table = GetVar('table'); if ($field == 'vEmail') { echo "true"; exit; } $extcndt = ""; if ($field == 'vCompanyRegNo' && $table == PRJ_DB_PREFIX . '_organization_master') { if (trim($country) != '') { $extcndt = " AND BINARY vCountry LIKE '{$country}' "; } if (trim($orgtype) != '') { $extcndt .= " AND eOrganizationType = '{$orgtype}' "; } } if (trim($chkf) != '' && trim($chkfvl) != '') { $extcndt .= " AND {$chkf}='{$chkfvl}' ";
} elseif ($action == 'savesettings_attachment') { stdhead($lang_settings['head_save_attachment_settings']); $validConfig = array('enableattach', 'classone', 'countone', 'sizeone', 'extone', 'classtwo', 'counttwo', 'sizetwo', 'exttwo', 'classthree', 'countthree', 'sizethree', 'extthree', 'classfour', 'countfour', 'sizefour', 'extfour', 'savedirectory', 'httpdirectory', 'savedirectorytype', 'thumbnailtype', 'thumbquality', 'thumbwidth', 'thumbheight', 'watermarkpos', 'watermarkwidth', 'watermarkheight', 'watermarkquality', 'altthumbwidth', 'altthumbheight'); GetVar($validConfig); unset($ATTACHMENT); foreach ($validConfig as $config) { $ATTACHMENT[$config] = ${$config}; } WriteConfig('ATTACHMENT', $ATTACHMENT); $actiontime = date("F j, Y, g:i a"); write_log("Tracker ATTACHMENT settings updated by {$CURUSER['username']}. {$actiontime}", 'mod'); go_back(); } elseif ($action == 'savesettings_advertisement') { stdhead($lang_settings['head_save_advertisement_settings']); $validConfig = array('enablead', 'enablenoad', 'noad', 'enablebonusnoad', 'bonusnoad', 'bonusnoadpoint', 'bonusnoadtime', 'adclickbonus'); GetVar($validConfig); unset($ADVERTISEMENT); foreach ($validConfig as $config) { $ADVERTISEMENT[$config] = ${$config}; } WriteConfig('ADVERTISEMENT', $ADVERTISEMENT); $actiontime = date("F j, Y, g:i a"); write_log("Tracker ADVERTISEMENT settings updated by {$CURUSER['username']}. {$actiontime}", 'mod'); go_back(); } elseif ($action == 'tweaksettings') { stdhead($lang_settings['head_tweak_settings']); print $notice; print "<form method='post' action='" . $_SERVER["SCRIPT_NAME"] . "'><input type='hidden' name='action' value='savesettings_tweak' />"; yesorno($lang_settings['row_save_user_location'], 'where', $TWEAK["where"], $lang_settings['text_save_user_location_note']); yesorno($lang_settings['row_log_user_ips'], 'iplog1', $TWEAK["iplog1"], $lang_settings['text_store_user_ips_note']); tr($lang_settings['row_kps_enabled'], "<input type='radio' id='bonusenable' name='bonus'" . ($TWEAK["bonus"] == "enable" ? " checked='checked'" : "") . " value='enable' /> <label for='bonusenable'>" . $lang_settings['text_enabled'] . "</label> <input type='radio' id='bonusdisablesave' name='bonus'" . ($TWEAK["bonus"] == "disablesave" ? " checked='checked'" : "") . " value='disablesave' /> <label for='bonusdisablesave'>" . $lang_settings['text_disabled_but_save'] . "</label> <input type='radio' id='bonusdisable' name='bonus'" . ($TWEAK["bonus"] == "disable" ? " checked='checked'" : "") . " value='disable' /> <label for='bonusdisable'>" . $lang_settings['text_disabled_no_save'] . "</label> <br />" . $lang_settings['text_kps_note'], 1);
<?php if (!isset($b2baObj)) { include_once SITE_CLASS_APPLICATION . "organization/class.Buyer2_Buyer_Association.php"; $b2baObj = new Buyer2_Buyer_Association(); } if (!isset($b2bavObj)) { include_once SITE_CLASS_APPLICATION . "organization/class.Buyer2_Buyer_Association_ToVerify.php"; $b2bavObj = new Buyer2_Buyer_Association_ToVerify(); } $iAssociationId = GetVar('id'); // $msg = GetVar('msg'); $mod = ''; $flds = " b2bav.*, org.vCompanyName as vBuyer2, org.vCompCode, bo.vCompanyName as vBuyer, bo.vCompCode "; $jtbl = " LEFT JOIN " . PRJ_DB_PREFIX . "_organization_master bo on bo.iOrganizationID=b2bav.iBuyerId\r\n LEFT JOIN " . PRJ_DB_PREFIX . "_organization_master org on org.iOrganizationID=b2bav.iBuyer2Id "; $vb2bydtls = $b2bavObj->getJoinTableInfo($jtbl, $flds, " AND b2bav.iAssociationId={$iAssociationId} ", ' b2bav.iVerifiedID DESC ', '', ' LIMIT 0,1'); // pr($vb2bydtls); exit; $vrq = $b2bavObj->isVerifyReq($vb2bydtls); $vsts = ''; if ($vrq == 'vreq') { $vsts = $b2bavObj->chkRecVrf($vb2bydtls); if ($vsts == 'nr' || $vsts == 'om') { header('Location: ' . SITE_URL_DUM . 'b2buyerasoclist'); exit; } } else { if ($vrq == 'nr') { $flds = " b2bpa.*, org.vCompanyName as vBuyer2, org.vCompCode, bo.vCompanyName as vBuyer, bo.vCompCode "; $jtbl = " LEFT JOIN " . PRJ_DB_PREFIX . "_organization_master bo on bo.iOrganizationID=b2bpa.iBuyerId\r\n LEFT JOIN " . PRJ_DB_PREFIX . "_organization_master org on org.iOrganizationID=b2bpa.iBuyer2Id "; $vb2bydtls = $b2baObj->getJoinTableInfo($jtbl, $flds, " AND iAssociationId={$iAssociationId} "); $vrq = $b2bavObj->isVerifyReq($vb2bydtls);
//Вставляем лог в бд $db->query("UPDATE `" . PREFIX . "_log` SET browser = '" . $_BROWSER . "', ip = '" . $_IP . "' WHERE uid = '" . $user_info['user_id'] . "'"); $logged = true; } else { $user_info = array(); $logged = false; } } else { $user_info = array(); $logged = false; } //Если данные поступили через пост и пользователь не авторизован if (isset($_POST['log_in']) and !isset($_SESSION['user_id'])) { //Приготавливаем данные $email = $db->safesql(trim(htmlspecialchars(strip_tags($_POST['email'])))); $password = GetVar($_POST['pass']); //Проверяем правильность e-mail if (!preg_match('/^(("[\\w-\\s]+")|([\\w-]+(?:\\.[\\w-]+)*)|("[\\w-\\s]+")([\\w-]+(?:\\.[\\w-]+)*))(@((?:[\\w-]+\\.)*\\w[\\w-]{0,66})\\.([a-z]{2,6}(?:\\.[a-z]{2})?)$)|(@\\[?((25[0-5]\\.|2[0-4][0-9]\\.|1[0-9]{2}\\.|[0-9]{1,2}\\.))((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\\.){2}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\\]?$)/i', $email)) { $error_log = 'Доступ отключён!'; } else { //Считаем кол-во символов в пароле и email if (strlen($password) >= 0 and strlen($email) > 0) { $md5_pass = md5(md5($password)); $check_user = $db->super_query("SELECT user_id FROM `" . PREFIX . "_users` WHERE user_email = '" . $email . "' AND user_password = '******' AND user_group = 1"); //Если есть юзер то пропускаем if ($check_user) { //Hash ID $hid = $md5_pass . md5(md5($_IP)); //Устанавливаем в сессию ИД юзера $_SESSION['user_id'] = intval($check_user['user_id']); //Обновляем хэш входа
NoAjaxQuery(); } if ($logged) { $user_id = $user_info['user_id']; $act = $_GET['act']; $metatags['title'] = $lang['settings']; switch ($act) { //################### Изменение пароля ###################// case "newpass": NoAjaxQuery(); $_POST['old_pass'] = ajax_utf8($_POST['old_pass']); $_POST['new_pass'] = ajax_utf8($_POST['new_pass']); $_POST['new_pass2'] = ajax_utf8($_POST['new_pass2']); $old_pass = md5(md5(GetVar($_POST['old_pass']))); $new_pass = md5(md5(GetVar($_POST['new_pass']))); $new_pass2 = md5(md5(GetVar($_POST['new_pass2']))); //Выводим текущий пароль $row = $db->super_query("SELECT user_password FROM `" . PREFIX . "_users` WHERE user_id = '{$user_id}'"); if ($row['user_password'] == $old_pass) { if ($new_pass == $new_pass2) { $db->query("UPDATE `" . PREFIX . "_users` SET user_password = '******' WHERE user_id = '{$user_id}'"); } else { echo '2'; } } else { echo '1'; } die; break; //################### Изменение имени ###################// //################### Изменение имени ###################//
<?php include S_SECTIONS . "/member/memberaccess.php"; $iASMID = $sess_id; $iAdditionalInfoID = GetVar('id'); $iOrganizationID = GetVar('orgid'); $pg = GetVar('pg'); if ($sess_usertype == 'orgadmin' && $orgid != $iOrganizationID) { header("Location: " . SITE_URL_DUM . "oadashboard"); exit; } if (!isset($orgprefObj)) { include_once SITE_CLASS_APPLICATION . "organization/class.OrganizationPreference.php"; $orgprefObj = new OrganizationPreference(); } if (!isset($orgPrefVrfObj)) { include_once SITE_CLASS_APPLICATION . "organization/class.OrganizationPreferenceToverify.php"; $orgPrefVrfObj = new OrganizationPreferenceToverify(); } if (!isset($stMstrObj)) { include_once SITE_CLASS_APPLICATION . "class.StatusMaster.php"; $stMstrObj = new StatusMaster(); } if (!isset($orgObj)) { require_once SITE_CLASS_APPLICATION . "organization/class.Organization.php"; $orgObj = new Organization(); } if (!isset($orgvrfObj)) { include_once SITE_CLASS_APPLICATION . "organization/class.Organization_Toverify.php"; $orgvrfObj = new Organization_Toverify(); }
<?php //prints($_GET);exit; $val = GetVar('val'); if (!isset($countryObj)) { include_once SITE_CLASS_APPLICATION . "class.Country.php"; $countryObj = new Country(); } if ($val != '') { $where = "AND BINARY vCountryCode LIKE '{$val}'"; $arr = $countryObj->getCountryDetail("iCountryISD as code", $where); // prints($arr);exit; $arr[0]['iCountryISD'] = isset($arr[0]['iCountryISD']) ? $arr[0]['iCountryISD'] : ''; $code = isset($arr[0]['code']) ? $arr[0]['code'] : $arr[0]['iCountryISD']; } else { $code = ''; } echo "{$code}"; //exit;
<?php include S_SECTIONS . "/member/memberaccess.php"; // prints($_GET);exit; $val = GetVar('val'); $field = GetVar('field'); $Data = GetVar('Data'); $id = GetVar('id'); $table = GetVar('table'); $extfld = GetVar('extfld'); $extval = GetVar('extval'); if ($field == 'vEmail') { echo "true"; exit; } if (!is_array($Data)) { if (is_array($_GET[$field])) { $Data[$field] = $_GET[$field][0]; } else { $Data[$field] = $_GET[$field]; } } $Data[$field] = trim($Data[$field]); // prints($_GET); exit; if (trim($extfld) != '' && trim($extval) != '') { $cndt = " AND {$extfld}='" . trim($extval) . "'"; } $valid = 'true'; if ($val != '' && $val != 'undefined') { if ($Data[$field] != '') { $sql = "select {$id},{$field} as field from {$table} where {$field}='" . $Data[$field] . "' {$cndt}";
<?php $iProductId = GetVar('id'); $dtls = array(); if (trim($iProductId) != '' && $iProductId > 0) { if (!isset($bProductOrgObj)) { include_once SITE_CLASS_APPLICATION . 'productorganization/class.BProductOrganization.php'; $bProductOrgObj = new BProductOrganization(); } $flds = "bpo.iProductId, bpo.vProductName, bpo.vProductCode, 'sproduct' as eProductType, bpo.eAvailability, (select vBankName from " . PRJ_DB_PREFIX . "_bank_master bm where bm.iBankId=bpo.iBankId) as vBankName, bpo.vBankAccount"; $dtls = $bProductOrgObj->getDetails($flds, " AND iProductId='{$iProductId}' "); } if (!(is_array($dtls) && count($dtls) > 0)) { $dtls = 'nrf'; } $smarty->assign("dtls", $dtls);
<?php $iBidId = GetVar('id'); if (!isset($r2bdObj)) { include_once SITE_CLASS_APPLICATION . "user/" . "class.Rfq2Bids.php"; $r2bdObj = new Rfq2Bids(); } if (!isset($rpb2Obj)) { include_once SITE_CLASS_APPLICATION . "user/class.Rfq2ProductBuyer2.php"; $rpb2Obj = new Rfq2ProductBuyer2(); } if (!isset($rfq2Obj)) { include_once SITE_CLASS_APPLICATION . "user/class.RFQ2Master.php"; $rfq2Obj = new RFQ2Master(); } if (!isset($rfq2fObj)) { include_once SITE_CLASS_APPLICATION . "user/class.Rfq2Files.php"; $rfq2fObj = new Rfq2Files(); } if (!isset($invoiceorderObj)) { include_once SITE_CLASS_APPLICATION . "user/class.InvoiceOrderAttachment.php"; $invoiceorderObj = new InvoiceOrderAttachment(); } if (!isset($r2bdflObj)) { include_once SITE_CLASS_APPLICATION . "user/class.RFQ2BidFiles.php"; $r2bdflObj = new RFQ2BidFiles(); } if (!isset($orgUserPermObj)) { include_once SITE_CLASS_APPLICATION . "user/class.OrganizationUserPermission.php"; $orgUserPermObj = new OrganizationUserPermission(); }
<?php /* Appointment: Личные настройки File: mysettings.php */ if (!defined('MOZG')) { die('Hacking attempt!'); } $row = $db->super_query("SELECT user_email, user_name, user_lastname, user_password FROM `" . PREFIX . "_users` WHERE user_id = '" . $user_info['user_id'] . "'"); //Если сохраянем if (isset($_POST['save'])) { $old_pass = md5(md5(GetVar($_POST['old_pass']))); $new_pass = md5(md5(GetVar($_POST['new_pass']))); $user_name = textFilter($_POST['name'], false, true); $user_lastname = textFilter($_POST['lastname'], false, true); $user_email = textFilter($_POST['email'], false, true); $errors = array(); //Проверка имени if (isset($user_name)) { if (strlen($user_name) >= 2) { if (!preg_match("/^[a-zA-Zа-яА-Я]+\$/", $user_name)) { $errors[] = 'Введите имя'; } } else { $errors[] = 'Введите имя'; } } else { $errors[] = 'Введите имя'; } //Проверка фамилии
<?php /** * Action file for add/Update of Static Pages * * @package addstaticPages_a.php * @section action/general */ if (!isset($stPageObj)) { include_once SITE_CLASS_APPLICATION . "class.StaticPage.php"; $stPageObj = new StaticPage(); } $view = PostVar("view"); $Data = PostVar("Data"); $iSPageId = PostVar("iSPageId"); $actionfile = GetVar("file"); $lang = $gdbobj->getLanguage(); for ($i = 0; $i < count($lang); $i++) { $Data['tContent_' . $lang[$i]['vLanguageCode']] = trim(stripslashes($Data['tContent_' . $lang[$i]['vLanguageCode']])); } /** This is for Check Duplicate Record-------------------------------------------*/ $generalobj->getRequestVars(); $redirect_file = "index.php?file={$file}&view={$view}&iSPageId={$iSPageId}"; $generalobj->checkDuplicate('iSPageId', PRJ_DB_PREFIX . "_static_pages", array('vFile' => $Data['vFile']), $redirect_file, PAGE_ALREADY_EXISTS, $iSPageId); if ($view == "add") { //prints($Data);exit; $stPageObj->setAllVar($Data); $result = $stPageObj->insert(); if ($result) { $var_msg = "Record Added Successfully."; } else {
include_once SITE_CLASS_APPLICATION . "user/class.RFQ2BidFiles.php"; $r2bdflObj = new RFQ2BidFiles(); } if (!isset($orgprefObj)) { include_once SITE_CLASS_APPLICATION . "organization/class.OrganizationPreference.php"; $orgprefObj = new OrganizationPreference(); } if (!isset($orgUserPermObj)) { include_once SITE_CLASS_APPLICATION . "user/class.OrganizationUserPermission.php"; $orgUserPermObj = new OrganizationUserPermission(); } if (!isset($statusmasterObj)) { include_once SITE_CLASS_APPLICATION . "class.StatusMaster.php"; $statusmasterObj = new StatusMaster(); } $iAwardId = GetVar('id'); $jtbl = " INNER JOIN " . PRJ_DB_PREFIX . "_rfq2_master rfq2 on r2aw.iRFQ2Id=rfq2.iRFQ2Id\r\n INNER JOIN " . PRJ_DB_PREFIX . "_rfq2_bids r2bd ON r2bd.iBidId=r2aw.iBidId\r\n LEFT JOIN " . PRJ_DB_PREFIX . "_inovice_order_heading ih ON rfq2.iInvoiceID=ih.iInvoiceID\r\n LEFT JOIN " . PRJ_DB_PREFIX . "_purchase_order_heading ph ON rfq2.iPurchaseOrderID=ph.iPurchaseOrderID\r\n\t\t\t\tLEFT JOIN " . PRJ_DB_PREFIX . "_status_master sm ON sm.iStatusID=r2aw.iStatusID\r\n\t\t\t\tLEFT JOIN " . PRJ_DB_PREFIX . "_organization_master org ON org.iOrganizationID=r2bd.iBuyer2Id"; $where = " AND r2aw.iAwardId={$iAwardId} "; $bdtls = $rfq2awObj->getJoinTableInfo($jtbl, " DISTINCT *, ih.iInvoiceID,ph.vPOCode, r2aw.iAwardId, rfq2.iOrganizationID, org.vCompanyName as vBuyer2, r2aw.iStatusID, r2aw.iaStatusID, sm.vStatus_en as status, sm.vStatus_" . LANG . " as eStatus, r2aw.eSaved, r2aw.eDelete, r2aw.iModifiedById ", "{$where}", "", "", "", ""); // pr($bdtls); exit; if (!(is_array($bdtls) && count($bdtls) > 0) || trim($bdtls[0]['iBidId']) == '' || $bdtls[0]['iBidId'] < 1 || trim($bdtls[0]['iRFQ2Id']) == '' || $bdtls[0]['iRFQ2Id'] < 1) { header("Location: " . SITE_URL_DUM . "rfq2awardlist"); exit; } // pr($bdtls); exit; $rfq2bidfiles = $r2bdflObj->getDetails("*", " AND iBidId=" . $bdtls[0]['iBidId']); if (is_array($rfq2bidfiles) && count($rfq2bidfiles) > 0) { for ($l = 0; $l < count($rfq2bidfiles); $l++) { if (is_file($cfgimg['rfq2bid']['docs']['path'] . $rfq2bidfiles[$l]['iBidId'] . '/' . $rfq2bidfiles[$l]['vFile'])) { $bidfiles = $rfq2bidfiles[$l]['vFile']; $no = strpos($bidfiles, "_", "_");
$logged = false; } //Если юзер нажимает "Главная" то скидываем на его стр. $host_site = $_SERVER['QUERY_STRING']; if ($logged and !$host_site) { header('Location: /id' . $user_info['user_id']); } } else { $user_info = array(); $logged = false; } //Если данные поступили через пост и пользователь не авторизован if (isset($_POST['log_in']) and !$logged) { //Приготавливаем данные $email = textFilter(strip_tags($_POST['email'])); $password = md5(md5(GetVar($_POST['password']))); //Проверяем правильность e-mail if (!preg_match('/^(("[\\w-\\s]+")|([\\w-]+(?:\\.[\\w-]+)*)|("[\\w-\\s]+")([\\w-]+(?:\\.[\\w-]+)*))(@((?:[\\w-]+\\.)*\\w[\\w-]{0,66})\\.([a-z]{2,6}(?:\\.[a-z]{2})?)$)|(@\\[?((25[0-5]\\.|2[0-4][0-9]\\.|1[0-9]{2}\\.|[0-9]{1,2}\\.))((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\\.){2}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9]{1,2})\\]?$)/i', $email)) { msgbox('', $lang['not_loggin'] . '<br /><a href="/restore" onClick="Page.Go(this.href); return false">Забыли пароль?</a>', 'info_red'); } else { //Считаем кол-во символов в пароле и email if (isset($email) and !empty($email)) { $check_user = $db->super_query("SELECT user_id FROM `" . PREFIX . "_users` WHERE user_email = '" . $email . "' AND user_password = '******'"); //Если есть юзер то пропускаем if ($check_user) { //Hash ID $hid = $password . md5(md5($_IP)); //Обновляем хэш входа $db->query("UPDATE `" . PREFIX . "_users` SET user_hid = '" . $hid . "' WHERE user_id = '" . $check_user['user_id'] . "'"); //Удаляем все рание события $db->query("DELETE FROM `" . PREFIX . "_updates` WHERE for_user_id = '{$check_user['user_id']}'");