function prava($modul,$subint='*',$osoba='*') { // jako default subintu dat parametr subint z URL // jako default osoby dat to definici funkce toho, kdo je prihlasenej //echo "DEBUG: $subint<br>"; if ($subint!=='*') $subint_sql=" AND subint='$subint'"; if ($osoba==='*') $osoba=13740; //echo "DEBUG: subint=$subint osoba=$osoba<br>"; $tmp=MySQL_Query("SELECT * FROM prava WHERE modul='$modul' AND (osoba=0 OR osoba='$osoba') $subint_sql ORDER BY uroven DESC LIMIT 1"); if ($zaznam=MySQL_Fetch_Assoc($tmp)) return $zaznam[uroven]; else return 0; }
<option value="2"<?php if ($rec['secret'] == 2) { echo ' selected="selected"'; } ?> >soukromá</option> </select> </div> <?php if ($usrinfo['right_power']) { $sql = "SELECT id, login FROM " . DB_PREFIX . "users WHERE deleted=0 ORDER BY login ASC"; $res_n = MySQL_Query($sql); echo '<div> <label for="nowner">Vlastník:</label> <select name="nowner" id="nowner">'; while ($rec_n = MySQL_Fetch_Assoc($res_n)) { echo '<option value="' . $rec_n['id'] . '"' . ($rec_n['id'] == $usrinfo['id'] ? ' selected="selected"' : '') . '>' . $rec_n['login'] . '</option>'; } echo '</select> </div>'; } else { echo '<input type="hidden" name="nowner" value="' . $rec['iduser'] . '" />'; } if ($usrinfo['right_org'] == 1) { echo ' <div> <label for="nnotnew">Není nové</label> <input type="checkbox" name="nnotnew"/><br/> </div>'; } ?>
function filter() { global $f_cat, $f_sort, $f_user, $f_type, $usrinfo, $f_org, $f_my, $f_glob, $f_count; echo '<div id="filter-wrapper"><form action="audit.php" method="post" id="filter"> <fieldset> <legend>Filtr</legend> <p>Vypsat <select name="kategorie"> <option value="0"' . ($f_cat == 0 ? ' selected="selected"' : '') . '>všechny auditní záznamy</option> <option value="1"' . ($f_cat == 1 ? ' selected="selected"' : '') . '>i s aktualitami</option> <option value="2"' . ($f_cat == 2 ? ' selected="selected"' : '') . '>prohlížení auditních záznamů</option> <option value="3"' . ($f_cat == 3 ? ' selected="selected"' : '') . '>manipulaci s osobami</option> <option value="4"' . ($f_cat == 4 ? ' selected="selected"' : '') . '>manipulaci se skupinami</option> <option value="5"' . ($f_cat == 5 ? ' selected="selected"' : '') . '>manipulaci s případy</option> <option value="6"' . ($f_cat == 6 ? ' selected="selected"' : '') . '>manipulaci s hlášeními</option> </select> <select name="typ"> <option value="0"' . ($f_type == 0 ? ' selected="selected"' : '') . '>všech typů</option> <option value="1"' . ($f_type == 1 ? ' selected="selected"' : '') . '>jen zásahy</option> <option value="2"' . ($f_type == 2 ? ' selected="selected"' : '') . '>bez souborů a poznámek</option> </select> provedené uživatelem <select name="user" id="user"> <option value=0 ' . ($f_user == 0 ? ' selected="selected"' : '') . '>všemi</option>'; $sql_u = "SELECT id, login FROM " . DB_PREFIX . "users WHERE deleted=0 ORDER BY login ASC"; $res_u = MySQL_Query($sql_u); while ($rec_u = MySQL_Fetch_Assoc($res_u)) { echo '<option value="' . $rec_u['id'] . '"' . ($rec_u['id'] == $f_user ? ' selected="selected"' : '') . '>' . $rec_u['login'] . '</option>'; } echo '</select>'; echo 'a seřadit je podle <select name="sort"> <option value="1"' . ($f_sort == 1 ? ' selected="selected"' : '') . '>času vzestupně</option> <option value="2"' . ($f_sort == 2 ? ' selected="selected"' : '') . '>času sestupně</option> </select>.</p>'; if ($usrinfo['right_org'] == 1) { echo ' <label for="org">Zobrazit i zásahy organizátorů</label> <input type="checkbox" name="org" ' . ($f_org == 1 ? ' checked="checked"' : '') . '/><br/> <div class="clear"> </div>'; } echo '<label for="my">Zobrazit i moje zásahy</label> <input type="checkbox" name="my" ' . ($f_my == 1 ? ' checked="checked"' : '') . '/><br/> <div class="clear"> </div> <label for="my">Zobrazit i globální operace</label> <input type="checkbox" name="glob" ' . ($f_glob == 1 ? ' checked="checked"' : '') . '/><br/> <div class="clear"> </div> Zobrazit <input type="text" name="count" size=5 value="' . $f_count . '"> posledních záznamů. (Pro všechny záznamy ponechte pole prázdné).<br/> <div id="filtersubmit"><input type="submit" name="filter" value="Filtrovat" /></div> </fieldset> </form></div><!-- end of #filter-wrapper -->'; }
MySQL_Query("UPDATE " . DB_PREFIX . "symbols SET deleted=1 WHERE id=" . $_REQUEST['sdelete']); deleteAllUnread(7, $_REQUEST['sdelete']); Header('Location: symbols.php'); } // Uprava symbolu if (isset($_POST['symbolid']) && isset($_POST['editsymbol']) && $usrinfo['right_text']) { auditTrail(7, 2, $_POST['symbolid']); pageStart('Uložení změn'); mainMenu(5); if (!isset($_POST['notnew'])) { unreadRecords(7, $_POST['symbolid']); } sparklets('<a href="./symbols.php">symboly</a> » <a href="./editsymbol.php?rid=' . $_POST['symbolid'] . '">úprava symbolu</a> » <strong>uložení změn</strong>', '<a href="./readsymbol.php?rid=' . $_POST['symbolid'] . '">zobrazit upravené</a>'); if (is_uploaded_file($_FILES['symbol']['tmp_name'])) { $sps = MySQL_Query("SELECT symbol FROM " . DB_PREFIX . "symbols WHERE id=" . $_POST['symbolid']); if ($spc = MySQL_Fetch_Assoc($sps)) { unlink('./files/symbols/' . $spc['symbol']); } $sfile = Time() . MD5(uniqid(Time() . Rand())); move_uploaded_file($_FILES['symbol']['tmp_name'], './files/' . $sfile . 'tmp'); $sdst = resize_Image('./files/' . $sfile . 'tmp', 100, 100); imagejpeg($sdst, './files/symbols/' . $sfile); unlink('./files/' . $sfile . 'tmp'); MySQL_Query("UPDATE " . DB_PREFIX . "symbols SET symbol='" . $sfile . "' WHERE id=" . $_POST['symbolid']); } if ($usrinfo['right_org'] == 1) { $sql = "UPDATE " . DB_PREFIX . "symbols SET `desc`='" . mysql_real_escape_string($_POST['desc']) . "', archiv='" . (isset($_POST['archiv']) ? '1' : '0') . "', search_lines='" . $_POST['liner'] . "', search_curves='" . $_POST['curver'] . "', search_points='" . $_POST['pointer'] . "', search_geometricals='" . $_POST['geometrical'] . "', search_alphabets='" . $_POST['alphabeter'] . "', search_specialchars='" . $_POST['specialchar'] . "' WHERE id=" . $_POST['symbolid']; MySQL_Query($sql); } else { $sql = "UPDATE " . DB_PREFIX . "symbols SET `desc`='" . mysql_real_escape_string($_POST['desc']) . "', modified='" . Time() . "', modified_by='" . $usrinfo['id'] . "', archiv='" . (isset($_POST['archiv']) ? '1' : '0') . "', search_lines='" . $_POST['liner'] . "', search_curves='" . $_POST['curver'] . "', search_points='" . $_POST['pointer'] . "', search_geometricals='" . $_POST['geometrical'] . "', search_alphabets='" . $_POST['alphabeter'] . "', search_specialchars='" . $_POST['specialchar'] . "' WHERE id=" . $_POST['symbolid']; MySQL_Query($sql);
function custom_Filter($idtable, $idrecord = 0) { global $usrinfo; switch ($idtable) { case 1: $table = "persons"; break; case 2: $table = "groups"; break; case 3: $table = "cases"; break; case 4: $table = "reports"; break; case 8: $table = "users"; break; case 9: $table = "evilpts"; break; case 10: $table = "tasks"; break; case 11: $table = "audit"; break; case 13: $table = "search"; break; case 14: $table = "group" . $idrecord; break; case 15: $table = "p2c"; break; case 16: $table = "c2ar"; break; case 17: $table = "p2ar"; break; case 18: $table = "ar2c"; break; case 19: $table = "p2g"; break; case 20: $table = "sy2p"; break; case 21: $table = "sy2c"; break; case 22: $table = "sy2ar"; break; } $sql_cf = "SELECT filter FROM " . DB_PREFIX . "users WHERE id = " . $usrinfo['id']; $res_cf = MySQL_Query($sql_cf); $filter = $_REQUEST; // pokud přichází nový filtr a nejedná se o zadání úkolu či přidání zlobodů, případně pokud se jedná o konkrétní záznam a je nově filtrovaný, // použij nový filtr a ulož ho do databáze if (!empty($filter) && !isset($_POST['inserttask']) && !isset($_POST['addpoints']) && !isset($filter['rid']) || isset($filter['sort']) && isset($filter['rid'])) { if ($res_cf) { $rec_cf = MySQL_Fetch_Assoc($res_cf); $filters = unserialize($rec_cf['filter']); $filters[$table] = $filter; } else { $filters[$table] = $filter; } $sfilters = serialize($filters); $sql_scf = "UPDATE " . DB_PREFIX . "users SET filter='" . $sfilters . "' WHERE id=" . $usrinfo['id']; MySQL_Query($sql_scf); // v opačném případě zkontroluj, zda existuje odpovídající filtr v databázi, a pokud ano, načti jej } else { if ($res_cf) { $rec_cf = MySQL_Fetch_Assoc($res_cf); $filters = unserialize($rec_cf['filter']); if (!empty($filters)) { if (array_key_exists($table, $filters)) { $filter = $filters[$table]; } } } } return $filter; }
} echo implode($cases, '<br />') != "" ? implode($cases, '<br />') : '<em>Uživatel nemá žádný přiřazený neuzavřený případ.</em>'; ?> </p> <div class="clear"> </div> <h3>Nedokončené úkoly: <?php $sql_r = "SELECT * FROM " . DB_PREFIX . "tasks WHERE " . DB_PREFIX . "tasks.iduser="******" AND " . DB_PREFIX . "tasks.status=0 ORDER BY " . DB_PREFIX . "tasks.created ASC"; $res_r = MySQL_Query($sql_r); $rec_count = MySQL_Num_Rows($res_r); echo $rec_count; ?> </h3><p> <?php if (MySQL_Num_Rows($res_r)) { $tasks = array(); while ($rec_r = MySQL_Fetch_Assoc($res_r)) { $tasks[] = StripSlashes($rec_r['task']) . ' (' . getAuthor($rec_r['created_by'], 2) . ')'; } echo implode($tasks, '<br />'); } else { echo 'Uživatel nemá žádné nedokončené úkoly.'; } ?> </p> <div class="clear"> </div> </fieldset> </div> <?php } else { echo '<div id="obsah"><p>Uživatel neexistuje.</p></div>';
<?php require_once './inc/func_main.php'; if (is_numeric($_REQUEST['idfile'])) { if ($usrinfo['right_power']) { $sql = "SELECT mime, uniquename AS 'soubor', originalname AS 'nazev', size FROM " . DB_PREFIX . "data WHERE id=" . $_REQUEST['idfile']; } else { $sql = "SELECT mime, uniquename AS 'soubor', originalname AS 'nazev', size FROM " . DB_PREFIX . "data WHERE id=" . $_REQUEST['idfile'] . " AND secret=0"; } $getres = MySQL_Query($sql); if ($getrec = MySQL_Fetch_Assoc($getres)) { header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $getrec['nazev'] . '";'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Content-Length: ' . $getrec['size']); $getf = FOpen('./files/' . $getrec['soubor'], 'r'); FPassThru($getf); } }
<?php if (MySQL_Num_Rows($res)) { echo '<table> <thead> <tr> <th>#</th> <th>Úloha</th> ' . ($sportraits ? '<th>Portrét</th>' : '') . ($ssymbols ? '<th>Symbol</th>' : '') . ' <th>Jméno</th> </tr> </thead> <tbody> '; $even = 0; $iterator = 0; while ($rec = MySQL_Fetch_Assoc($res)) { echo '<script type="text/javascript" language="JavaScript"> <!-- function NameChanger' . $iterator . '() { if(document.addpersons.isthere' . $iterator . '.checked == true) { document.addpersons.role' . $iterator . '.name = "role[]"; } if(document.addpersons.isthere' . $iterator . '.checked == false) { document.addpersons.role' . $iterator . '.name = "norole[]"; } return true; } // --> </script>'; echo '<tr class="' . ($even % 2 == 0 ? 'even' : 'odd') . '"><td><input type="checkbox" id="isthere' . $iterator . '" name="person[]" value="' . $rec['id'] . '" class="checkbox"' . ($rec['iduser'] ? ' checked="checked"' : '') . ' onClick="NameChanger' . $iterator . '();"/></td>
unauthorizedAccess(8, 1, 0, 0); } auditTrail(8, 11, $_REQUEST['delete']); MySQL_Query("UPDATE " . DB_PREFIX . "users SET deleted=1 WHERE id=" . $_REQUEST['delete']); Header('Location: users.php'); } if (isset($_POST['insertuser']) && $usrinfo['right_power'] && !preg_match('/^[[:blank:]]*$/i', $_POST['login']) && !preg_match('/^[[:blank:]]*$/i', $_POST['heslo']) && is_numeric($_POST['power']) && is_numeric($_POST['texty'])) { pageStart('Přidán uživatel'); mainMenu(2); sparklets('<a href="./users.php">uživatelé</a> » <a href="./newuser.php">nový uživatel</a> » <strong>přidán uživatel</strong>'); $ures = MySQL_Query("SELECT id FROM " . DB_PREFIX . "users WHERE UCASE(login)=UCASE('" . mysql_real_escape_string(safeInput($_POST['login'])) . "')"); if (MySQL_Num_Rows($ures)) { echo '<div id="obsah"><p>Uživatel již existuje, změňte jeho jméno.</p></div>'; } else { MySQL_Query("INSERT INTO " . DB_PREFIX . "users VALUES('','" . mysql_real_escape_string(safeInput($_POST['login'])) . "','" . mysql_real_escape_string($_POST['heslo']) . "','','','" . $_POST['power'] . "','" . $_POST['texty'] . "','','','','','600','','','','')"); $uidarray = MySQL_Fetch_Assoc(MySQL_Query("SELECT id FROM " . DB_PREFIX . "users WHERE UCASE(login)=UCASE('" . mysql_real_escape_string(safeInput($_POST['login'])) . "')")); $uid = $uidarray['id']; auditTrail(8, 3, $uid); echo '<div id="obsah"><p>Uživatel vytvořen.</p></div>'; } pageEnd(); } else { if (isset($_POST['insertuser'])) { pageStart('Přidán uživatel'); mainMenu(2); sparklets('<a href="./users.php">uživatelé</a> » <a href="./newuser.php">nový uživatel</a> » <strong>přidán uživatel</strong>'); echo '<div id="obsah"><p>Chyba při vytváření, ujistěte se, že jste vše provedli správně a máte potřebná práva.</p></div>'; pageEnd(); } } if (isset($_POST['userid']) && isset($_POST['edituser']) && $usrinfo['right_power'] && !preg_match('/^[[:blank:]]*$/i', $_POST['login']) && is_numeric($_POST['power']) && is_numeric($_POST['texty'])) {
FUNCTION Fetch_Assoc() { RETURN MySQL_Fetch_Assoc($this->result); }
<!-- end of # --> <?php } else { ?> <em>Symbol nebyl přiřazen žádnému případu.</em><br /><?php } // konec seznamu přiřazených případů // generování seznamu přiřazených hlášení if ($usrinfo['right_power']) { $sql_s = "SELECT " . DB_PREFIX . "reports.id AS 'id', " . DB_PREFIX . "reports.label AS 'label' FROM " . DB_PREFIX . "symbol2all, " . DB_PREFIX . "reports WHERE " . DB_PREFIX . "reports.id=" . DB_PREFIX . "symbol2all.idrecord AND " . DB_PREFIX . "symbol2all.idsymbol=" . $rec['id'] . " AND " . DB_PREFIX . "symbol2all.table=4 ORDER BY " . DB_PREFIX . "reports.label ASC"; } else { $sql_s = "SELECT " . DB_PREFIX . "reports.id AS 'id', " . DB_PREFIX . "reports.label AS 'label' FROM " . DB_PREFIX . "symbol2all, " . DB_PREFIX . "reports WHERE " . DB_PREFIX . "reports.id=" . DB_PREFIX . "symbol2all.idrecord AND " . DB_PREFIX . "symbol2all.idsymbol=" . $rec['id'] . " AND " . DB_PREFIX . "symbol2all.table=4 AND " . DB_PREFIX . "reports.secret=0 ORDER BY " . DB_PREFIX . "reports.label ASC"; } $pers = MySQL_Query($sql_s); $i = 0; while ($perc = MySQL_Fetch_Assoc($pers)) { $i++; if ($i == 1) { ?> <strong>Hlášení:</strong> <ul id=""><?php } ?> <li><a href="readactrep.php?rid=<?php echo $perc['id']; ?> "><?php echo $perc['label']; ?> </a></li> <?php
while ($rec_r = MySQL_Fetch_Assoc($res_r)) { $tasks[] = StripSlashes($rec_r['task']) . ' (' . getAuthor($rec_r['created_by'], 0) . ') | <a href="procother.php?fnshtask=' . $rec_r['id'] . '">hotovo</a>'; } echo implode($tasks, '<br />'); } else { echo 'Nemáte žádné nedokončené úkoly.'; } ?> </p> </td> </tr></table> <div class="clear"> </div> </fieldset> <?php $res_d = MySQL_Query("SELECT * FROM " . DB_PREFIX . "dashboard ORDER BY id DESC LIMIT 1"); if ($rec_d = MySQL_Fetch_Assoc($res_d)) { ?> <fieldset><legend> <h2>Veřejná nástěnka</h2> <strong>Poslední změna:</strong> <?php echo Date('d. m. Y', $rec_d['created']); ?> <strong>Změnil:</strong> <?php $name = getAuthor($rec_d['iduser'], 0); echo $name; ?> </legend> <p> <?php if (isset($rec_d['content'])) {
<?php require_once './inc/func_main.php'; if (is_numeric($_REQUEST['rid'])) { $res = MySQL_Query("SELECT \r\n\t\t\t\t" . DB_PREFIX . "notes.id AS 'id',\r\n\t\t\t\t" . DB_PREFIX . "notes.title AS 'title',\r\n\t\t\t\t" . DB_PREFIX . "notes.note AS 'note',\r\n\t\t\t\t" . DB_PREFIX . "notes.secret AS 'secret',\r\n\t\t\t\t" . DB_PREFIX . "notes.iduser AS 'iduser',\r\n\t\t\t\t" . DB_PREFIX . "users.login AS 'nuser'\r\n\t\t\t\t FROM " . DB_PREFIX . "notes, " . DB_PREFIX . "users\r\n\t\t\t\t WHERE " . DB_PREFIX . "notes.id=" . $_REQUEST['rid'] . " \r\n\t\t\t\tAND " . DB_PREFIX . "notes.iduser="******"users.id"); if ($rec = MySQL_Fetch_Assoc($res)) { if ($rec['secret'] == 0 || $rec['iduser'] == $usrinfo['id'] || $usrinfo['right_power']) { pageStart(StripSlashes($rec['title'])); mainMenu(0); switch ($_REQUEST['idtable']) { case 1: $sourceurl = "persons.php"; $sourcename = "osoby"; break; case 2: $sourceurl = "groups.php"; $sourcename = "skupiny"; break; case 3: $sourceurl = "cases.php"; $sourcename = "případy"; break; case 4: $sourceurl = "reports.php"; $sourcename = "hlášení"; break; default: $sourceurl = ""; $sourcename = ""; break; }
} } if (isset($_POST['uploadfile']) && is_uploaded_file($_FILES['attachment']['tmp_name']) && is_numeric($_POST['caseid']) && is_numeric($_POST['secret'])) { auditTrail(3, 4, $_POST['caseid']); $newname = Time() . MD5(uniqid(Time() . Rand())); move_uploaded_file($_FILES['attachment']['tmp_name'], './files/' . $newname); $sql = "INSERT INTO " . DB_PREFIX . "data VALUES('','" . $newname . "','" . mysql_real_escape_string($_FILES['attachment']['name']) . "','" . mysql_real_escape_string($_FILES['attachment']['type']) . "','" . $_FILES['attachment']['size'] . "','" . Time() . "','" . $usrinfo['id'] . "','3','" . $_POST['caseid'] . "','" . $_POST['secret'] . "')"; MySQL_Query($sql); if (!isset($_POST['fnotnew'])) { unreadRecords(3, $_POST['caseid']); } Header('Location: ' . $_POST['backurl']); } else { if (isset($_POST['uploadfile'])) { pageStart('Přiložení souboru'); mainMenu(4); sparklets('<a href="./cases.php">případy</a> » <a href="./editcase.php?rid=' . $_POST['caseid'] . '">úprava případu</a> » <strong>přiložení souboru neúspěšné</strong>'); echo '<div id="obsah"><p>Soubor nebyl přiložen, něco se nepodařilo. Možná nebyl zvolen přikládaný soubor.</p></div>'; pageEnd(); } } if (isset($_GET['deletefile']) && is_numeric($_GET['deletefile'])) { auditTrail(3, 5, $_GET['caseid']); if ($usrinfo['right_text']) { $fres = MySQL_Query("SELECT uniquename FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']); $frec = MySQL_Fetch_Assoc($fres); UnLink('./files/' . $frec['uniquename']); MySQL_Query("DELETE FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']); } Header('Location: editcase.php?rid=' . $_GET['caseid']); }
if (isset($_POST['uploadfile'])) { pageStart('Přiložení souboru'); mainMenu(5); sparklets('<a href="./persons.php">osoby</a> » <a href="./editperson.php?rid=' . $_POST['personid'] . '">úprava osoby</a> » <strong>přiložení souboru neúspěšné</strong>'); echo '<div id="obsah"><p>Soubor nebyl přiložen, něco se nepodařilo. Možná nebyl zvolen přikládaný soubor.</p></div>'; pageEnd(); } } if (isset($_GET['deletefile']) && is_numeric($_GET['deletefile'])) { auditTrail(1, 5, $_POST['personid']); if ($usrinfo['right_text']) { $fres = MySQL_Query("SELECT uniquename FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']); $frec = MySQL_Fetch_Assoc($fres); UnLink('./files/' . $frec['uniquename']); MySQL_Query("DELETE FROM " . DB_PREFIX . "data WHERE " . DB_PREFIX . "data.id=" . $_GET['deletefile']); } Header('Location: editperson.php?rid=' . $_GET['personid']); } if (isset($_GET['deletesymbol'])) { auditTrail(1, 2, $_GET['personid']); if ($usrinfo['right_text']) { $sps = MySQL_Query("SELECT symbol FROM " . DB_PREFIX . "persons WHERE id=" . $_GET['personid']); $spc = MySQL_Fetch_Assoc($sps); $prsn_res = MySQL_Query("SELECT name, surname FROM " . DB_PREFIX . "persons WHERE id=" . $_GET['personid']); $prsn_rec = MySQL_Fetch_Assoc($prsn_res); $sdate = "<p>" . Date("j/m/Y H:i:s", Time()) . " Odpojeno od " . $prsn_rec['name'] . " " . $prsn_rec['surname'] . "</p>"; MySQL_Query("UPDATE " . DB_PREFIX . "symbols SET `desc` = concat('" . $sdate . "', `desc`), assigned=0 WHERE id=" . $spc['symbol']); MySQL_Query("UPDATE " . DB_PREFIX . "persons SET symbol='' WHERE id=" . $_GET['personid']); } Header('Location: editperson.php?rid=' . $_GET['personid']); }
$count++; echo "$record[datum] $record[username] $record[password] $record[ip] $record[uspech]<br>\n"; endwhile; MySQL_Free_Result($res); echo date("H:i:s")." nalezeno $count zaznamu<br>\n"; break; case "kraje": $res=MySQL_Query("SELECT * FROM kraje"); while ($record=MySQL_Fetch_Assoc($res)) $kraj[$record[oznaceni]]=$record[id]; MySQL_Free_Result($res); echo date("H:i:s")." načteny kraje<br>\n"; $count=0; $res=MySQL_Query("SELECT * FROM oddily"); while ($record=MySQL_Fetch_Assoc($res)): $count++; $up=$kraj[substr($record[fox_id],0,1)]; MySQL_Query("UPDATE oddily SET kraj=$up WHERE id='$record[id]'"); endwhile; MySQL_Free_Result($res); echo date("H:i:s")." nastaveno $count krajů<br>\n"; break; case "rc": $osoba[jmeno]='jm'; $osoba[prijmeni]='pr'; $osoba[narozeni]='1967-11-19'; $osoba[pohlavi]='Z'; $osoba[cizinec]='N'; $osoba[rc]='6711191553';
$secret = $rec_note['secret']; } break; case 3: $res_note = mysql_query("\r\n SELECT " . DB_PREFIX . "cases.title AS 'title', " . DB_PREFIX . "cases.id AS 'id', " . DB_PREFIX . "cases.secret AS 'secret'\r\n FROM " . DB_PREFIX . "cases\r\n WHERE id = " . $rec['iditem']); while ($rec_note = MySQL_Fetch_Assoc($res_note)) { $noteid = $rec_note['id']; $notetitle = $rec_note['title']; $type = "Případ"; $linktype = "readcase.php?rid=" . $rec_note['id'] . "&hidenotes=0"; $secret = $rec_note['secret']; } break; case 4: $res_note = mysql_query("\r\n SELECT " . DB_PREFIX . "reports.label AS 'label', " . DB_PREFIX . "reports.id AS 'id', " . DB_PREFIX . "reports.secret AS 'secret'\r\n FROM " . DB_PREFIX . "reports\r\n WHERE id = " . $rec['iditem']); while ($rec_note = MySQL_Fetch_Assoc($res_note)) { $noteid = $rec_note['id']; $notetitle = $rec_note['label']; $type = "Hlášení"; $linktype = "readactrep.php?rid=" . $rec_note['id'] . "&hidenotes=0&truenames=0"; $secret = $rec_note['secret']; } break; default: $noteid = $rec['id']; $notetitle = $rec['title']; $type = "Jiná"; break; } if ($usrinfo['right_power']) { echo '<tr class="' . ($even % 2 == 0 ? 'even' : 'odd') . '">
$username = $password = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT Username, Password FROM userinfo where Username ='******'"; $execute_query = mysql_query($query); if ($execute_query) { if (mysql_fetch_row($execute_query) == "") { $errorMsg = "Wrong username or password"; } else { $success = true; $query = "SELECT * FROM entries where Username ='******'"; $execute_query = mysql_query($query); $entriesString = ""; $index = 0; while ($row = MySQL_Fetch_Assoc($execute_query)) { //$row is now an array, containing the fields for that row: $entriesString .= "<div class='col-md-4' id='{$index}'>"; $entriesString .= "<h1>"; $entriesString .= (string) $username; $entriesString .= "'s 10b10</h1>"; $entriesString .= "<h1>"; $entriesString .= (string) $row['Time']; $entriesString .= "</h1>"; $entriesString .= "<table class='table'><thead><tr><th>Name</th><th>Description</th></tr></thead><tbody>"; $entriesString .= "<tr>"; $entriesString .= "<td>"; $entriesString .= (string) $row['one']; //gets the Name of this row $entriesString .= "</td>"; $entriesString .= "<td>";
pageStart('Uložení změn'); mainMenu(6); sparklets('<a href="./settings.php">nastavení</a> » <strong>uložení změn</strong>'); echo '<div id="obsah"><p>Timeout není číslo, nastavení nebylo uloženo.</p></div>'; pageEnd(); } else { if (isset($_POST['editsettings']) && ($_POST['timeout'] > 1800 || $_POST['timeout'] < 30)) { pageStart('Uložení změn'); mainMenu(6); sparklets('<a href="./settings.php">nastavení</a> » <strong>uložení změn</strong>'); echo '<div id="obsah"><p>Timeout nesouhlasí, je buď příliš malý nebo příliš velký.</p></div>'; pageEnd(); } else { if (isset($_POST['editsettings']) && isset($_POST['soucheslo']) && $_POST['soucheslo'] != '') { pageStart('Uložení změn'); $currentpwd = MySQL_Fetch_Assoc(MySQL_Query("SELECT pwd FROM " . DB_PREFIX . "users WHERE id=" . $usrinfo['id'])); if ($currentpwd['pwd'] == $_POST['soucheslo']) { MySQL_Query("UPDATE " . DB_PREFIX . "users SET pwd='" . mysql_real_escape_string($_POST['heslo']) . "', plan='" . mysql_real_escape_string($_POST['plan']) . "', timeout='" . $_POST['timeout'] . "' WHERE id=" . $usrinfo['id']); pageStart('Uložení změn'); mainMenu(6); sparklets('<a href="./settings.php">nastavení</a> » <strong>uložení změn</strong>'); echo '<div id="obsah"><p>Nastavení s novým heslem uloženo.</p></div>'; pageEnd(); } else { pageStart('Uložení změn'); mainMenu(6); sparklets('<a href="./settings.php">nastavení</a> » <strong>uložení změn</strong>'); echo '<div id="obsah"><p>Nesouhlasí staré heslo, nastavení nebylo uloženo.</p></div>'; pageEnd(); } } else {