function prava($modul,$subint='*',$osoba='*') {
// jako default subintu dat parametr subint z URL
// jako default osoby dat to definici funkce toho, kdo je prihlasenej
//echo "DEBUG: $subint<br>";
if ($subint!=='*') $subint_sql=" AND subint='$subint'";
if ($osoba==='*') $osoba=13740;
//echo "DEBUG: subint=$subint osoba=$osoba<br>";
$tmp=MySQL_Query("SELECT * FROM prava WHERE modul='$modul' AND (osoba=0 OR osoba='$osoba') $subint_sql ORDER BY uroven DESC LIMIT 1");
if ($zaznam=MySQL_Fetch_Assoc($tmp)) return $zaznam[uroven];
else return 0;
}
<option value="2"<?php
if ($rec['secret'] == 2) {
echo ' selected="selected"';
}
?>
>soukromá</option>
</select>
</div>
<?php
if ($usrinfo['right_power']) {
$sql = "SELECT id, login FROM " . DB_PREFIX . "users WHERE deleted=0 ORDER BY login ASC";
$res_n = MySQL_Query($sql);
echo '<div>
<label for="nowner">Vlastník:</label>
<select name="nowner" id="nowner">';
while ($rec_n = MySQL_Fetch_Assoc($res_n)) {
echo '<option value="' . $rec_n['id'] . '"' . ($rec_n['id'] == $usrinfo['id'] ? ' selected="selected"' : '') . '>' . $rec_n['login'] . '</option>';
}
echo '</select>
</div>';
} else {
echo '<input type="hidden" name="nowner" value="' . $rec['iduser'] . '" />';
}
if ($usrinfo['right_org'] == 1) {
echo '
<div>
<label for="nnotnew">Není nové</label>
<input type="checkbox" name="nnotnew"/><br/>
</div>';
}
?>
function filter()
{
global $f_cat, $f_sort, $f_user, $f_type, $usrinfo, $f_org, $f_my, $f_glob, $f_count;
echo '<div id="filter-wrapper"><form action="audit.php" method="post" id="filter">
<fieldset>
<legend>Filtr</legend>
<p>Vypsat <select name="kategorie">
<option value="0"' . ($f_cat == 0 ? ' selected="selected"' : '') . '>všechny auditní záznamy</option>
<option value="1"' . ($f_cat == 1 ? ' selected="selected"' : '') . '>i s aktualitami</option>
<option value="2"' . ($f_cat == 2 ? ' selected="selected"' : '') . '>prohlížení auditních záznamů</option>
<option value="3"' . ($f_cat == 3 ? ' selected="selected"' : '') . '>manipulaci s osobami</option>
<option value="4"' . ($f_cat == 4 ? ' selected="selected"' : '') . '>manipulaci se skupinami</option>
<option value="5"' . ($f_cat == 5 ? ' selected="selected"' : '') . '>manipulaci s případy</option>
<option value="6"' . ($f_cat == 6 ? ' selected="selected"' : '') . '>manipulaci s hlášeními</option>
</select>
<select name="typ">
<option value="0"' . ($f_type == 0 ? ' selected="selected"' : '') . '>všech typů</option>
<option value="1"' . ($f_type == 1 ? ' selected="selected"' : '') . '>jen zásahy</option>
<option value="2"' . ($f_type == 2 ? ' selected="selected"' : '') . '>bez souborů a poznámek</option>
</select>
provedené uživatelem
<select name="user" id="user">
<option value=0 ' . ($f_user == 0 ? ' selected="selected"' : '') . '>všemi</option>';
$sql_u = "SELECT id, login FROM " . DB_PREFIX . "users WHERE deleted=0 ORDER BY login ASC";
$res_u = MySQL_Query($sql_u);
while ($rec_u = MySQL_Fetch_Assoc($res_u)) {
echo '<option value="' . $rec_u['id'] . '"' . ($rec_u['id'] == $f_user ? ' selected="selected"' : '') . '>' . $rec_u['login'] . '</option>';
}
echo '</select>';
echo 'a seřadit je podle <select name="sort">
<option value="1"' . ($f_sort == 1 ? ' selected="selected"' : '') . '>času vzestupně</option>
<option value="2"' . ($f_sort == 2 ? ' selected="selected"' : '') . '>času sestupně</option>
</select>.</p>';
if ($usrinfo['right_org'] == 1) {
echo '
<label for="org">Zobrazit i zásahy organizátorů</label>
<input type="checkbox" name="org" ' . ($f_org == 1 ? ' checked="checked"' : '') . '/><br/>
<div class="clear"> </div>';
}
echo '<label for="my">Zobrazit i moje zásahy</label>
<input type="checkbox" name="my" ' . ($f_my == 1 ? ' checked="checked"' : '') . '/><br/>
<div class="clear"> </div>
<label for="my">Zobrazit i globální operace</label>
<input type="checkbox" name="glob" ' . ($f_glob == 1 ? ' checked="checked"' : '') . '/><br/>
<div class="clear"> </div>
Zobrazit <input type="text" name="count" size=5 value="' . $f_count . '"> posledních záznamů. (Pro všechny záznamy ponechte pole prázdné).<br/>
<div id="filtersubmit"><input type="submit" name="filter" value="Filtrovat" /></div>
</fieldset>
</form></div><!-- end of #filter-wrapper -->';
}
MySQL_Query("UPDATE " . DB_PREFIX . "symbols SET deleted=1 WHERE id=" . $_REQUEST['sdelete']);
deleteAllUnread(7, $_REQUEST['sdelete']);
Header('Location: symbols.php');
}
// Uprava symbolu
if (isset($_POST['symbolid']) && isset($_POST['editsymbol']) && $usrinfo['right_text']) {
auditTrail(7, 2, $_POST['symbolid']);
pageStart('Uložení změn');
mainMenu(5);
if (!isset($_POST['notnew'])) {
unreadRecords(7, $_POST['symbolid']);
}
sparklets('<a href="./symbols.php">symboly</a> » <a href="./editsymbol.php?rid=' . $_POST['symbolid'] . '">úprava symbolu</a> » <strong>uložení změn</strong>', '<a href="./readsymbol.php?rid=' . $_POST['symbolid'] . '">zobrazit upravené</a>');
if (is_uploaded_file($_FILES['symbol']['tmp_name'])) {
$sps = MySQL_Query("SELECT symbol FROM " . DB_PREFIX . "symbols WHERE id=" . $_POST['symbolid']);
if ($spc = MySQL_Fetch_Assoc($sps)) {
unlink('./files/symbols/' . $spc['symbol']);
}
$sfile = Time() . MD5(uniqid(Time() . Rand()));
move_uploaded_file($_FILES['symbol']['tmp_name'], './files/' . $sfile . 'tmp');
$sdst = resize_Image('./files/' . $sfile . 'tmp', 100, 100);
imagejpeg($sdst, './files/symbols/' . $sfile);
unlink('./files/' . $sfile . 'tmp');
MySQL_Query("UPDATE " . DB_PREFIX . "symbols SET symbol='" . $sfile . "' WHERE id=" . $_POST['symbolid']);
}
if ($usrinfo['right_org'] == 1) {
$sql = "UPDATE " . DB_PREFIX . "symbols SET `desc`='" . mysql_real_escape_string($_POST['desc']) . "', archiv='" . (isset($_POST['archiv']) ? '1' : '0') . "', search_lines='" . $_POST['liner'] . "', search_curves='" . $_POST['curver'] . "', search_points='" . $_POST['pointer'] . "', search_geometricals='" . $_POST['geometrical'] . "', search_alphabets='" . $_POST['alphabeter'] . "', search_specialchars='" . $_POST['specialchar'] . "' WHERE id=" . $_POST['symbolid'];
MySQL_Query($sql);
} else {
$sql = "UPDATE " . DB_PREFIX . "symbols SET `desc`='" . mysql_real_escape_string($_POST['desc']) . "', modified='" . Time() . "', modified_by='" . $usrinfo['id'] . "', archiv='" . (isset($_POST['archiv']) ? '1' : '0') . "', search_lines='" . $_POST['liner'] . "', search_curves='" . $_POST['curver'] . "', search_points='" . $_POST['pointer'] . "', search_geometricals='" . $_POST['geometrical'] . "', search_alphabets='" . $_POST['alphabeter'] . "', search_specialchars='" . $_POST['specialchar'] . "' WHERE id=" . $_POST['symbolid'];
MySQL_Query($sql);
function custom_Filter($idtable, $idrecord = 0)
{
global $usrinfo;
switch ($idtable) {
case 1:
$table = "persons";
break;
case 2:
$table = "groups";
break;
case 3:
$table = "cases";
break;
case 4:
$table = "reports";
break;
case 8:
$table = "users";
break;
case 9:
$table = "evilpts";
break;
case 10:
$table = "tasks";
break;
case 11:
$table = "audit";
break;
case 13:
$table = "search";
break;
case 14:
$table = "group" . $idrecord;
break;
case 15:
$table = "p2c";
break;
case 16:
$table = "c2ar";
break;
case 17:
$table = "p2ar";
break;
case 18:
$table = "ar2c";
break;
case 19:
$table = "p2g";
break;
case 20:
$table = "sy2p";
break;
case 21:
$table = "sy2c";
break;
case 22:
$table = "sy2ar";
break;
}
$sql_cf = "SELECT filter FROM " . DB_PREFIX . "users WHERE id = " . $usrinfo['id'];
$res_cf = MySQL_Query($sql_cf);
$filter = $_REQUEST;
// pokud přichází nový filtr a nejedná se o zadání úkolu či přidání zlobodů, případně pokud se jedná o konkrétní záznam a je nově filtrovaný,
// použij nový filtr a ulož ho do databáze
if (!empty($filter) && !isset($_POST['inserttask']) && !isset($_POST['addpoints']) && !isset($filter['rid']) || isset($filter['sort']) && isset($filter['rid'])) {
if ($res_cf) {
$rec_cf = MySQL_Fetch_Assoc($res_cf);
$filters = unserialize($rec_cf['filter']);
$filters[$table] = $filter;
} else {
$filters[$table] = $filter;
}
$sfilters = serialize($filters);
$sql_scf = "UPDATE " . DB_PREFIX . "users SET filter='" . $sfilters . "' WHERE id=" . $usrinfo['id'];
MySQL_Query($sql_scf);
// v opačném případě zkontroluj, zda existuje odpovídající filtr v databázi, a pokud ano, načti jej
} else {
if ($res_cf) {
$rec_cf = MySQL_Fetch_Assoc($res_cf);
$filters = unserialize($rec_cf['filter']);
if (!empty($filters)) {
if (array_key_exists($table, $filters)) {
$filter = $filters[$table];
}
}
}
}
return $filter;
}
}
echo implode($cases, '<br />') != "" ? implode($cases, '<br />') : '<em>Uživatel nemá žádný přiřazený neuzavřený případ.</em>';
?>
</p>
<div class="clear"> </div>
<h3>Nedokončené úkoly: <?php
$sql_r = "SELECT * FROM " . DB_PREFIX . "tasks WHERE " . DB_PREFIX . "tasks.iduser="******" AND " . DB_PREFIX . "tasks.status=0 ORDER BY " . DB_PREFIX . "tasks.created ASC";
$res_r = MySQL_Query($sql_r);
$rec_count = MySQL_Num_Rows($res_r);
echo $rec_count;
?>
</h3><p>
<?php
if (MySQL_Num_Rows($res_r)) {
$tasks = array();
while ($rec_r = MySQL_Fetch_Assoc($res_r)) {
$tasks[] = StripSlashes($rec_r['task']) . ' (' . getAuthor($rec_r['created_by'], 2) . ')';
}
echo implode($tasks, '<br />');
} else {
echo 'Uživatel nemá žádné nedokončené úkoly.';
}
?>
</p>
<div class="clear"> </div>
</fieldset>
</div>
<?php
} else {
echo '<div id="obsah"><p>Uživatel neexistuje.</p></div>';
<?php
require_once './inc/func_main.php';
if (is_numeric($_REQUEST['idfile'])) {
if ($usrinfo['right_power']) {
$sql = "SELECT mime, uniquename AS 'soubor', originalname AS 'nazev', size FROM " . DB_PREFIX . "data WHERE id=" . $_REQUEST['idfile'];
} else {
$sql = "SELECT mime, uniquename AS 'soubor', originalname AS 'nazev', size FROM " . DB_PREFIX . "data WHERE id=" . $_REQUEST['idfile'] . " AND secret=0";
}
$getres = MySQL_Query($sql);
if ($getrec = MySQL_Fetch_Assoc($getres)) {
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $getrec['nazev'] . '";');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . $getrec['size']);
$getf = FOpen('./files/' . $getrec['soubor'], 'r');
FPassThru($getf);
}
}
<?php
if (MySQL_Num_Rows($res)) {
echo '<table>
<thead>
<tr>
<th>#</th>
<th>Úloha</th>
' . ($sportraits ? '<th>Portrét</th>' : '') . ($ssymbols ? '<th>Symbol</th>' : '') . '
<th>Jméno</th>
</tr>
</thead>
<tbody>
';
$even = 0;
$iterator = 0;
while ($rec = MySQL_Fetch_Assoc($res)) {
echo '<script type="text/javascript" language="JavaScript">
<!--
function NameChanger' . $iterator . '()
{
if(document.addpersons.isthere' . $iterator . '.checked == true) {
document.addpersons.role' . $iterator . '.name = "role[]";
}
if(document.addpersons.isthere' . $iterator . '.checked == false) {
document.addpersons.role' . $iterator . '.name = "norole[]";
}
return true;
}
// -->
</script>';
echo '<tr class="' . ($even % 2 == 0 ? 'even' : 'odd') . '"><td><input type="checkbox" id="isthere' . $iterator . '" name="person[]" value="' . $rec['id'] . '" class="checkbox"' . ($rec['iduser'] ? ' checked="checked"' : '') . ' onClick="NameChanger' . $iterator . '();"/></td>
unauthorizedAccess(8, 1, 0, 0);
}
auditTrail(8, 11, $_REQUEST['delete']);
MySQL_Query("UPDATE " . DB_PREFIX . "users SET deleted=1 WHERE id=" . $_REQUEST['delete']);
Header('Location: users.php');
}
if (isset($_POST['insertuser']) && $usrinfo['right_power'] && !preg_match('/^[[:blank:]]*$/i', $_POST['login']) && !preg_match('/^[[:blank:]]*$/i', $_POST['heslo']) && is_numeric($_POST['power']) && is_numeric($_POST['texty'])) {
pageStart('Přidán uživatel');
mainMenu(2);
sparklets('<a href="./users.php">uživatelé</a> » <a href="./newuser.php">nový uživatel</a> » <strong>přidán uživatel</strong>');
$ures = MySQL_Query("SELECT id FROM " . DB_PREFIX . "users WHERE UCASE(login)=UCASE('" . mysql_real_escape_string(safeInput($_POST['login'])) . "')");
if (MySQL_Num_Rows($ures)) {
echo '<div id="obsah"><p>Uživatel již existuje, změňte jeho jméno.</p></div>';
} else {
MySQL_Query("INSERT INTO " . DB_PREFIX . "users VALUES('','" . mysql_real_escape_string(safeInput($_POST['login'])) . "','" . mysql_real_escape_string($_POST['heslo']) . "','','','" . $_POST['power'] . "','" . $_POST['texty'] . "','','','','','600','','','','')");
$uidarray = MySQL_Fetch_Assoc(MySQL_Query("SELECT id FROM " . DB_PREFIX . "users WHERE UCASE(login)=UCASE('" . mysql_real_escape_string(safeInput($_POST['login'])) . "')"));
$uid = $uidarray['id'];
auditTrail(8, 3, $uid);
echo '<div id="obsah"><p>Uživatel vytvořen.</p></div>';
}
pageEnd();
} else {
if (isset($_POST['insertuser'])) {
pageStart('Přidán uživatel');
mainMenu(2);
sparklets('<a href="./users.php">uživatelé</a> » <a href="./newuser.php">nový uživatel</a> » <strong>přidán uživatel</strong>');
echo '<div id="obsah"><p>Chyba při vytváření, ujistěte se, že jste vše provedli správně a máte potřebná práva.</p></div>';
pageEnd();
}
}
if (isset($_POST['userid']) && isset($_POST['edituser']) && $usrinfo['right_power'] && !preg_match('/^[[:blank:]]*$/i', $_POST['login']) && is_numeric($_POST['power']) && is_numeric($_POST['texty'])) {
FUNCTION Fetch_Assoc() {
RETURN MySQL_Fetch_Assoc($this->result);
}
<!-- end of # -->
<?php
} else {
?>
<em>Symbol nebyl přiřazen žádnému případu.</em><br /><?php
}
// konec seznamu přiřazených případů
// generování seznamu přiřazených hlášení
if ($usrinfo['right_power']) {
$sql_s = "SELECT " . DB_PREFIX . "reports.id AS 'id', " . DB_PREFIX . "reports.label AS 'label' FROM " . DB_PREFIX . "symbol2all, " . DB_PREFIX . "reports WHERE " . DB_PREFIX . "reports.id=" . DB_PREFIX . "symbol2all.idrecord AND " . DB_PREFIX . "symbol2all.idsymbol=" . $rec['id'] . " AND " . DB_PREFIX . "symbol2all.table=4 ORDER BY " . DB_PREFIX . "reports.label ASC";
} else {
$sql_s = "SELECT " . DB_PREFIX . "reports.id AS 'id', " . DB_PREFIX . "reports.label AS 'label' FROM " . DB_PREFIX . "symbol2all, " . DB_PREFIX . "reports WHERE " . DB_PREFIX . "reports.id=" . DB_PREFIX . "symbol2all.idrecord AND " . DB_PREFIX . "symbol2all.idsymbol=" . $rec['id'] . " AND " . DB_PREFIX . "symbol2all.table=4 AND " . DB_PREFIX . "reports.secret=0 ORDER BY " . DB_PREFIX . "reports.label ASC";
}
$pers = MySQL_Query($sql_s);
$i = 0;
while ($perc = MySQL_Fetch_Assoc($pers)) {
$i++;
if ($i == 1) {
?>
<strong>Hlášení:</strong>
<ul id=""><?php
}
?>
<li><a href="readactrep.php?rid=<?php
echo $perc['id'];
?>
"><?php
echo $perc['label'];
?>
</a></li>
<?php
while ($rec_r = MySQL_Fetch_Assoc($res_r)) {
$tasks[] = StripSlashes($rec_r['task']) . ' (' . getAuthor($rec_r['created_by'], 0) . ') | <a href="procother.php?fnshtask=' . $rec_r['id'] . '">hotovo</a>';
}
echo implode($tasks, '<br />');
} else {
echo 'Nemáte žádné nedokončené úkoly.';
}
?>
</p>
</td>
</tr></table>
<div class="clear"> </div>
</fieldset>
<?php
$res_d = MySQL_Query("SELECT * FROM " . DB_PREFIX . "dashboard ORDER BY id DESC LIMIT 1");
if ($rec_d = MySQL_Fetch_Assoc($res_d)) {
?>
<fieldset><legend>
<h2>Veřejná nástěnka</h2>
<strong>Poslední změna:</strong> <?php
echo Date('d. m. Y', $rec_d['created']);
?>
<strong>Změnil:</strong> <?php
$name = getAuthor($rec_d['iduser'], 0);
echo $name;
?>
</legend>
<p>
<?php
if (isset($rec_d['content'])) {
<?php
require_once './inc/func_main.php';
if (is_numeric($_REQUEST['rid'])) {
$res = MySQL_Query("SELECT \r\n\t\t\t\t" . DB_PREFIX . "notes.id AS 'id',\r\n\t\t\t\t" . DB_PREFIX . "notes.title AS 'title',\r\n\t\t\t\t" . DB_PREFIX . "notes.note AS 'note',\r\n\t\t\t\t" . DB_PREFIX . "notes.secret AS 'secret',\r\n\t\t\t\t" . DB_PREFIX . "notes.iduser AS 'iduser',\r\n\t\t\t\t" . DB_PREFIX . "users.login AS 'nuser'\r\n\t\t\t\t FROM " . DB_PREFIX . "notes, " . DB_PREFIX . "users\r\n\t\t\t\t WHERE " . DB_PREFIX . "notes.id=" . $_REQUEST['rid'] . " \r\n\t\t\t\tAND " . DB_PREFIX . "notes.iduser="******"users.id");
if ($rec = MySQL_Fetch_Assoc($res)) {
if ($rec['secret'] == 0 || $rec['iduser'] == $usrinfo['id'] || $usrinfo['right_power']) {
pageStart(StripSlashes($rec['title']));
mainMenu(0);
switch ($_REQUEST['idtable']) {
case 1:
$sourceurl = "persons.php";
$sourcename = "osoby";
break;
case 2:
$sourceurl = "groups.php";
$sourcename = "skupiny";
break;
case 3:
$sourceurl = "cases.php";
$sourcename = "případy";
break;
case 4:
$sourceurl = "reports.php";
$sourcename = "hlášení";
break;
default:
$sourceurl = "";
$sourcename = "";
break;
}
}
}
if (isset($_POST['uploadfile']) && is_uploaded_file($_FILES['attachment']['tmp_name']) && is_numeric($_POST['caseid']) && is_numeric($_POST['secret'])) {
auditTrail(3, 4, $_POST['caseid']);
$newname = Time() . MD5(uniqid(Time() . Rand()));
move_uploaded_file($_FILES['attachment']['tmp_name'], './files/' . $newname);
$sql = "INSERT INTO " . DB_PREFIX . "data VALUES('','" . $newname . "','" . mysql_real_escape_string($_FILES['attachment']['name']) . "','" . mysql_real_escape_string($_FILES['attachment']['type']) . "','" . $_FILES['attachment']['size'] . "','" . Time() . "','" . $usrinfo['id'] . "','3','" . $_POST['caseid'] . "','" . $_POST['secret'] . "')";
MySQL_Query($sql);
if (!isset($_POST['fnotnew'])) {
unreadRecords(3, $_POST['caseid']);
}
Header('Location: ' . $_POST['backurl']);
} else {
if (isset($_POST['uploadfile'])) {
pageStart('Přiložení souboru');
mainMenu(4);
sparklets('<a href="./cases.php">případy</a> » <a href="./editcase.php?rid=' . $_POST['caseid'] . '">úprava případu</a> » <strong>přiložení souboru neúspěšné</strong>');
echo '<div id="obsah"><p>Soubor nebyl přiložen, něco se nepodařilo. Možná nebyl zvolen přikládaný soubor.</p></div>';
pageEnd();
}
}
if (isset($_GET['deletefile']) && is_numeric($_GET['deletefile'])) {
auditTrail(3, 5, $_GET['caseid']);
if ($usrinfo['right_text']) {
$fres = MySQL_Query("SELECT uniquename FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']);
$frec = MySQL_Fetch_Assoc($fres);
UnLink('./files/' . $frec['uniquename']);
MySQL_Query("DELETE FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']);
}
Header('Location: editcase.php?rid=' . $_GET['caseid']);
}
if (isset($_POST['uploadfile'])) {
pageStart('Přiložení souboru');
mainMenu(5);
sparklets('<a href="./persons.php">osoby</a> » <a href="./editperson.php?rid=' . $_POST['personid'] . '">úprava osoby</a> » <strong>přiložení souboru neúspěšné</strong>');
echo '<div id="obsah"><p>Soubor nebyl přiložen, něco se nepodařilo. Možná nebyl zvolen přikládaný soubor.</p></div>';
pageEnd();
}
}
if (isset($_GET['deletefile']) && is_numeric($_GET['deletefile'])) {
auditTrail(1, 5, $_POST['personid']);
if ($usrinfo['right_text']) {
$fres = MySQL_Query("SELECT uniquename FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']);
$frec = MySQL_Fetch_Assoc($fres);
UnLink('./files/' . $frec['uniquename']);
MySQL_Query("DELETE FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']);
}
Header('Location: editperson.php?rid=' . $_GET['personid']);
}
if (isset($_GET['deletesymbol'])) {
auditTrail(1, 2, $_GET['personid']);
if ($usrinfo['right_text']) {
$sps = MySQL_Query("SELECT symbol FROM " . DB_PREFIX . "persons WHERE id=" . $_GET['personid']);
$spc = MySQL_Fetch_Assoc($sps);
$prsn_res = MySQL_Query("SELECT name, surname FROM " . DB_PREFIX . "persons WHERE id=" . $_GET['personid']);
$prsn_rec = MySQL_Fetch_Assoc($prsn_res);
$sdate = "<p>" . Date("j/m/Y H:i:s", Time()) . " Odpojeno od " . $prsn_rec['name'] . " " . $prsn_rec['surname'] . "</p>";
MySQL_Query("UPDATE " . DB_PREFIX . "symbols SET `desc` = concat('" . $sdate . "', `desc`), assigned=0 WHERE id=" . $spc['symbol']);
MySQL_Query("UPDATE " . DB_PREFIX . "persons SET symbol='' WHERE id=" . $_GET['personid']);
}
Header('Location: editperson.php?rid=' . $_GET['personid']);
}
$count++;
echo "$record[datum] $record[username] $record[password] $record[ip] $record[uspech]<br>\n";
endwhile;
MySQL_Free_Result($res);
echo date("H:i:s")." nalezeno $count zaznamu<br>\n";
break;
case "kraje":
$res=MySQL_Query("SELECT * FROM kraje");
while ($record=MySQL_Fetch_Assoc($res))
$kraj[$record[oznaceni]]=$record[id];
MySQL_Free_Result($res);
echo date("H:i:s")." načteny kraje<br>\n";
$count=0;
$res=MySQL_Query("SELECT * FROM oddily");
while ($record=MySQL_Fetch_Assoc($res)):
$count++;
$up=$kraj[substr($record[fox_id],0,1)];
MySQL_Query("UPDATE oddily SET kraj=$up WHERE id='$record[id]'");
endwhile;
MySQL_Free_Result($res);
echo date("H:i:s")." nastaveno $count krajů<br>\n";
break;
case "rc":
$osoba[jmeno]='jm';
$osoba[prijmeni]='pr';
$osoba[narozeni]='1967-11-19';
$osoba[pohlavi]='Z';
$osoba[cizinec]='N';
$osoba[rc]='6711191553';
$secret = $rec_note['secret'];
}
break;
case 3:
$res_note = mysql_query("\r\n SELECT " . DB_PREFIX . "cases.title AS 'title', " . DB_PREFIX . "cases.id AS 'id', " . DB_PREFIX . "cases.secret AS 'secret'\r\n FROM " . DB_PREFIX . "cases\r\n WHERE id = " . $rec['iditem']);
while ($rec_note = MySQL_Fetch_Assoc($res_note)) {
$noteid = $rec_note['id'];
$notetitle = $rec_note['title'];
$type = "Případ";
$linktype = "readcase.php?rid=" . $rec_note['id'] . "&hidenotes=0";
$secret = $rec_note['secret'];
}
break;
case 4:
$res_note = mysql_query("\r\n SELECT " . DB_PREFIX . "reports.label AS 'label', " . DB_PREFIX . "reports.id AS 'id', " . DB_PREFIX . "reports.secret AS 'secret'\r\n FROM " . DB_PREFIX . "reports\r\n WHERE id = " . $rec['iditem']);
while ($rec_note = MySQL_Fetch_Assoc($res_note)) {
$noteid = $rec_note['id'];
$notetitle = $rec_note['label'];
$type = "Hlášení";
$linktype = "readactrep.php?rid=" . $rec_note['id'] . "&hidenotes=0&truenames=0";
$secret = $rec_note['secret'];
}
break;
default:
$noteid = $rec['id'];
$notetitle = $rec['title'];
$type = "Jiná";
break;
}
if ($usrinfo['right_power']) {
echo '<tr class="' . ($even % 2 == 0 ? 'even' : 'odd') . '">
$username = $password = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT Username, Password FROM userinfo where Username ='******'";
$execute_query = mysql_query($query);
if ($execute_query) {
if (mysql_fetch_row($execute_query) == "") {
$errorMsg = "Wrong username or password";
} else {
$success = true;
$query = "SELECT * FROM entries where Username ='******'";
$execute_query = mysql_query($query);
$entriesString = "";
$index = 0;
while ($row = MySQL_Fetch_Assoc($execute_query)) {
//$row is now an array, containing the fields for that row:
$entriesString .= "<div class='col-md-4' id='{$index}'>";
$entriesString .= "<h1>";
$entriesString .= (string) $username;
$entriesString .= "'s 10b10</h1>";
$entriesString .= "<h1>";
$entriesString .= (string) $row['Time'];
$entriesString .= "</h1>";
$entriesString .= "<table class='table'><thead><tr><th>Name</th><th>Description</th></tr></thead><tbody>";
$entriesString .= "<tr>";
$entriesString .= "<td>";
$entriesString .= (string) $row['one'];
//gets the Name of this row
$entriesString .= "</td>";
$entriesString .= "<td>";
pageStart('Uložení změn');
mainMenu(6);
sparklets('<a href="./settings.php">nastavení</a> » <strong>uložení změn</strong>');
echo '<div id="obsah"><p>Timeout není číslo, nastavení nebylo uloženo.</p></div>';
pageEnd();
} else {
if (isset($_POST['editsettings']) && ($_POST['timeout'] > 1800 || $_POST['timeout'] < 30)) {
pageStart('Uložení změn');
mainMenu(6);
sparklets('<a href="./settings.php">nastavení</a> » <strong>uložení změn</strong>');
echo '<div id="obsah"><p>Timeout nesouhlasí, je buď příliš malý nebo příliš velký.</p></div>';
pageEnd();
} else {
if (isset($_POST['editsettings']) && isset($_POST['soucheslo']) && $_POST['soucheslo'] != '') {
pageStart('Uložení změn');
$currentpwd = MySQL_Fetch_Assoc(MySQL_Query("SELECT pwd FROM " . DB_PREFIX . "users WHERE id=" . $usrinfo['id']));
if ($currentpwd['pwd'] == $_POST['soucheslo']) {
MySQL_Query("UPDATE " . DB_PREFIX . "users SET pwd='" . mysql_real_escape_string($_POST['heslo']) . "', plan='" . mysql_real_escape_string($_POST['plan']) . "', timeout='" . $_POST['timeout'] . "' WHERE id=" . $usrinfo['id']);
pageStart('Uložení změn');
mainMenu(6);
sparklets('<a href="./settings.php">nastavení</a> » <strong>uložení změn</strong>');
echo '<div id="obsah"><p>Nastavení s novým heslem uloženo.</p></div>';
pageEnd();
} else {
pageStart('Uložení změn');
mainMenu(6);
sparklets('<a href="./settings.php">nastavení</a> » <strong>uložení změn</strong>');
echo '<div id="obsah"><p>Nesouhlasí staré heslo, nastavení nebylo uloženo.</p></div>';
pageEnd();
}
} else {
