print "{$message}"; } } } } else { if (isset($_GET['mlog'])) { $mc = new Machine(); $mc->setMachineID($_GET['mid']); $mc->showMachineLog(); } if (isset($_GET['actlid'])) { $ml->setValue('activitylogid', $_GET['actlid']); $ml->showMaintenanceUI(); } if (isset($_GET['session'])) { checksession('activitylog.html'); } if (isset($_GET['ui'])) { $ml->setValue('mainttypeid', $_GET['mtid']); $ml->setValue('machineid', $_GET['mcid']); $ml->showMaintenanceUI(); } if (isset($_GET['gspmlist'])) { $spm = new SPMaintenance(); $spm->setValue('machineid', $_GET['mcid']); $spm->createSPMTitleList(); $sel = new selectlist('SPM_ID', $spm->getSPMTitleList(), 'Select Maintenance Plan', 'SPM_ID', 'SPM_Title', 'class="required"', '', '1'); } if (isset($_GET['gprop'])) { $ml->setValue('spmid', $_GET['spmid']); $ml->showGPUI();
<?php session_start(); $page_title = 'Change your password'; include 'includes/header.php'; require 'checksession.php'; checksession(); //Starts the connection to the database. require '../mysqli_connect.php'; // Check for form submission: if ($_SERVER['REQUEST_METHOD'] == 'POST') { $errors = array(); // Initialize an error array. // Check for a password and match against the confirmed password: if (!empty($_POST['pass1'])) { if (preg_match("/^[a-zA-Z(0-9)+]{8,}\$/", $_POST['pass1'])) { if ($_POST['pass1'] != $_POST['pass2']) { $errors[] = 'Your password did not match the confirmed password.'; } else { $passwd = mysqli_real_escape_string($dbc, trim($_POST['pass1'])); } } else { $errors[] = 'Your password doesn\'t match the minimum requeriments'; } } else { $errors[] = 'You forgot to enter your password.'; } if (empty($errors)) { // If everything's OK. // Make the update with the new password: $q = "UPDATE USERS SET passwd=SHA1('{$passwd}') WHERE uid={$_SESSION['uid']} LIMIT 1";
function do_articles() { global $context, $txt, $settings, $boardurl, $scripturl, $smcFunc; // do an update of stray articles and categories $acats = array(); $request = $smcFunc['db_query']('', ' SELECT id FROM {db_prefix}tp_variables WHERE type = {string:type}', array('type' => 'category')); if ($smcFunc['db_num_rows']($request) > 0) { while ($row = $smcFunc['db_fetch_assoc']($request)) { $acats[] = $row['id']; } $smcFunc['db_free_result']($request); } if (count($acats) > 0) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value2 = {int:val2} WHERE type = {string:type} AND value2 NOT IN ({array_string:value2})', array('val2' => 0, 'type' => 'category', 'value2' => $acats)); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET category = {int:cat} WHERE category NOT IN({array_int:category}) AND category > 0', array('cat' => 0, 'category' => $acats)); } // first check any ajax stuff if (isset($_GET['arton'])) { checksession('get'); $what = is_numeric($_GET['arton']) ? $_GET['arton'] : '0'; if ($what > 0) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET off = IF(off = 0 , 1, 0) WHERE id = {int:artid}', array('artid' => $what)); } else { return; } } elseif (isset($_GET['artlock'])) { checksession('get'); $what = is_numeric($_GET['artlock']) ? $_GET['artlock'] : '0'; if ($what > 0) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET locked = IF(locked = 0 , 1, 0) WHERE id = {int:artid}', array('artid' => $what)); } else { return; } } elseif (isset($_GET['artsticky'])) { checksession('get'); $what = is_numeric($_GET['artsticky']) ? $_GET['artsticky'] : '0'; if ($what > 0) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET sticky = IF(sticky = 0 , 1, 0) WHERE id = {int:artid}', array('artid' => $what)); } else { return; } } elseif (isset($_GET['artfront'])) { checksession('get'); $what = is_numeric($_GET['artfront']) ? $_GET['artfront'] : '0'; if ($what > 0) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET frontpage = IF(frontpage = 0 , 1, 0) WHERE id = {int:artid}', array('artid' => $what)); } else { return; } } elseif (isset($_GET['artfeat'])) { checksession('get'); $what = is_numeric($_GET['artfeat']) ? $_GET['artfeat'] : '0'; if ($what > 0) { $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET featured = IF(featured = 0, 1, 0) WHERE id = {int:artid}', array('artid' => $what)); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET featured = {int:featured} WHERE id != {int:artid}', array('featured' => 0, 'artid' => $what)); } else { return; } } elseif (isset($_GET['catdelete'])) { checksession('get'); $what = is_numeric($_GET['catdelete']) ? $_GET['catdelete'] : '0'; if ($what > 0) { // first get info $request = $smcFunc['db_query']('', ' SELECT id, value2 FROM {db_prefix}tp_variables WHERE id = {int:varid} LIMIT 1', array('varid' => $what)); $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); $newcat = !empty($row['value2']) ? $row['value2'] : 0; $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_variables SET value2 = {int:val2} WHERE value2 = {int:varid}', array('val2' => $newcat, 'varid' => $what)); $smcFunc['db_query']('', ' DELETE FROM {db_prefix}tp_variables WHERE id = {int:varid}', array('varid' => $what)); $smcFunc['db_query']('', ' UPDATE {db_prefix}tp_articles SET category = {int:cat} WHERE category = {int:catid}', array('cat' => $newcat, 'catid' => $what)); redirectexit('action=tpadmin;sa=categories'); } else { redirectexit('action=tpadmin;sa=categories'); } } elseif (isset($_GET['artdelete'])) { checksession('get'); $what = is_numeric($_GET['artdelete']) ? $_GET['artdelete'] : '0'; $cu = is_numeric($_GET['cu']) ? $_GET['cu'] : ''; if ($cu == -1) { $strays = true; $cu = ''; } if ($what > 0) { $smcFunc['db_query']('', ' DELETE FROM {db_prefix}tp_articles WHERE id = {int:artid}', array('artid' => $what)); $smcFunc['db_query']('', ' DELETE FROM {db_prefix}tp_variables WHERE value5 = {int:artid}', array('artid' => $what)); } redirectexit('action=tpadmin' . (!empty($cu) ? ';cu=' . $cu : '') . (isset($strays) ? ';sa=strays' . $cu : ';sa=articles')); } // for the non-category articles, do a count. $request = $smcFunc['db_query']('', ' SELECT COUNT(*) as total FROM {db_prefix}tp_articles WHERE category = 0 OR category = 9999'); $row = $smcFunc['db_fetch_assoc']($request); $context['TPortal']['total_nocategory'] = $row['total']; $smcFunc['db_free_result']($request); // for the submissions too $request = $smcFunc['db_query']('', ' SELECT COUNT(*) as total FROM {db_prefix}tp_articles WHERE approved = 0'); $row = $smcFunc['db_fetch_assoc']($request); $context['TPortal']['total_submissions'] = $row['total']; $smcFunc['db_free_result']($request); // we are on categories screen if (in_array($context['TPortal']['subaction'], array('categories', 'addcategory'))) { TPadd_linktree($scripturl . '?action=tpadmin;sa=categories', $txt['tp-categories']); // first check if we simply want to copy or set as child if (isset($_GET['cu']) && is_numeric($_GET['cu'])) { $ccat = $_GET['cu']; if (isset($_GET['copy'])) { $request = $smcFunc['db_query']('', ' SELECT * FROM {db_prefix}tp_variables WHERE id = {int:varid}', array('varid' => $ccat)); if ($smcFunc['db_num_rows']($request) > 0) { $row = $smcFunc['db_fetch_assoc']($request); $row['value1'] .= '__copy'; $smcFunc['db_free_result']($request); $smcFunc['db_insert']('insert', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'value3' => 'string', 'type' => 'string', 'value4' => 'string', 'value5' => 'int', 'subtype' => 'string', 'value7' => 'string', 'value8' => 'string', 'subtype2' => 'int'), array($row['value1'], $row['value2'], $row['value3'], $row['type'], $row['value4'], $row['value5'], $row['subtype'], $row['value7'], $row['value8'], $row['subtype2']), array('id')); } redirectexit('action=tpadmin;sa=categories'); } elseif (isset($_GET['child'])) { $request = $smcFunc['db_query']('', ' SELECT * FROM {db_prefix}tp_variables WHERE id = {int:varid}', array('varid' => $ccat)); if ($smcFunc['db_num_rows']($request) > 0) { $row = $smcFunc['db_fetch_assoc']($request); $row['value1'] .= '__copy'; $smcFunc['db_free_result']($request); $smcFunc['db_insert']('INSERT', '{db_prefix}tp_variables', array('value1' => 'string', 'value2' => 'string', 'value3' => 'string', 'type' => 'string', 'value4' => 'string', 'value5' => 'int', 'subtype' => 'string', 'value7' => 'string', 'value8' => 'string', 'subtype2' => 'int'), array($row['value1'], $row['id'], $row['value3'], $row['type'], $row['value4'], $row['value5'], $row['subtype'], $row['value7'], $row['value8'], $row['subtype2']), array('id')); } redirectexit('action=tpadmin;sa=categories'); } else { // get membergroups get_grps(); $context['html_headers'] .= ' <script type="text/javascript"><!-- // --><![CDATA[ function changeIllu(node,name) { node.src = \'' . $boardurl . '/tp-files/tp-articles/illustrations/\' + name; } function changeIcon(node,name) { node.src = \'' . $boardurl . '/tp-files/tp-articles/icons/\' + name; } // ]]></script>'; $request = $smcFunc['db_query']('', ' SELECT * FROM {db_prefix}tp_variables WHERE id = {int:varid} LIMIT 1', array('varid' => $ccat)); if ($smcFunc['db_num_rows']($request) > 0) { $row = $smcFunc['db_fetch_assoc']($request); $o = explode('|', $row['value7']); foreach ($o as $t => $opt) { $b = explode('=', $opt); if (isset($b[1])) { $row[$b[0]] = $b[1]; } } $smcFunc['db_free_result']($request); $check = array('layout', 'catlayout', 'toppanel', 'bottompanel', 'leftpanel', 'rightpanel', 'upperpanel', 'lowerpanel', 'showchild'); foreach ($check as $c => $ch) { if (!isset($row[$ch])) { $row[$ch] = 0; } } $context['TPortal']['editcategory'] = $row; } // fetch all categories and subcategories $request = $smcFunc['db_query']('', ' SELECT id, value1 as name, value2 as parent, value3, value4, value5, subtype, value7, value8, subtype2 FROM {db_prefix}tp_variables WHERE type = {string:type}', array('type' => 'category')); $context['TPortal']['editcats'] = array(); $allsorted = array(); $alcats = array(); if ($smcFunc['db_num_rows']($request) > 0) { while ($row = $smcFunc['db_fetch_assoc']($request)) { $row['indent'] = 0; $allsorted[$row['id']] = $row; $alcats[] = $row['id']; } $smcFunc['db_free_result']($request); if (count($allsorted) > 1) { $context['TPortal']['editcats'] = chain('id', 'parent', 'name', $allsorted); } else { $context['TPortal']['editcats'] = $allsorted; } } TPadd_linktree($scripturl . '?action=tpadmin;sa=categories;cu=' . $ccat, $txt['tp-editcategory']); } return; } // fetch all categories and subcategories $request = $smcFunc['db_query']('', ' SELECT id, value1 as name, value2 as parent, value3, value4, value5, subtype, value7, value8, subtype2 FROM {db_prefix}tp_variables WHERE type = {string:type}', array('type' => 'category')); $context['TPortal']['editcats'] = array(); $allsorted = array(); $alcats = array(); if ($smcFunc['db_num_rows']($request) > 0) { while ($row = $smcFunc['db_fetch_assoc']($request)) { $row['indent'] = 0; $allsorted[$row['id']] = $row; $alcats[] = $row['id']; } $smcFunc['db_free_result']($request); if (count($allsorted) > 1) { $context['TPortal']['editcats'] = chain('id', 'parent', 'name', $allsorted); } else { $context['TPortal']['editcats'] = $allsorted; } } // get the filecount as well if (count($alcats) > 0) { $request = $smcFunc['db_query']('', ' SELECT art.category as id, COUNT(art.id) as files FROM {db_prefix}tp_articles as art WHERE art.category IN ({string:cats}) GROUP BY art.category', array('cats' => implode(',', $alcats))); if ($smcFunc['db_num_rows']($request) > 0) { $context['TPortal']['cats_count'] = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['TPortal']['cats_count'][$row['id']] = $row['files']; } $smcFunc['db_free_result']($request); } } if ($context['TPortal']['subaction'] == 'addcategory') { TPadd_linktree($scripturl . '?action=tpadmin;sa=addcategory', $txt['tp-addcategory']); } return; } TPadd_linktree($scripturl . '?action=tpadmin;sa=articles', $txt['tp-articles']); // are we inside a category? if (isset($_GET['cu']) && is_numeric($_GET['cu'])) { $where = $_GET['cu']; } // show the no category articles? if (isset($_GET['sa']) && $_GET['sa'] == 'strays') { TPadd_linktree($scripturl . '?action=tpadmin;sa=strays', $txt['tp-strays']); $show_nocategory = true; } // submissions? if (isset($_GET['sa']) && $_GET['sa'] == 'submission') { TPadd_linktree($scripturl . '?action=tpadmin;sa=submission', $txt['tp-submissions']); $show_submission = true; } // single article? if (isset($_GET['sa']) && substr($_GET['sa'], 0, 11) == 'editarticle') { TPadd_linktree($scripturl . '?action=tpadmin;sa=' . $_GET['sa'], $txt['tp-editarticle']); $whatarticle = substr($_GET['sa'], 11); } // are we starting a new one? if (isset($_GET['sa']) && substr($_GET['sa'], 0, 11) == 'addarticle_') { TPadd_linktree($scripturl . '?action=tpadmin;sa=' . $_GET['sa'], $txt['tp-addarticle']); $context['TPortal']['editarticle'] = array('id' => '', 'date' => time(), 'body' => '', 'intro' => '', 'useintro' => 0, 'category' => !empty($_GET['cu']) ? $_GET['cu'] : 0, 'frontpage' => 1, 'author_id' => $context['user']['id'], 'subject' => '', 'author' => $context['user']['name'], 'frame' => 'theme', 'approved' => 0, 'off' => 1, 'options' => 'date,title,author,linktree,top,cblock,rblock,lblock,bblock,tblock,lbblock,category,catlist,comments,commentallow,commentupshrink,views,rating,ratingallow,avatar,inherit,social,nofrontsetting', 'parse' => 0, 'comments' => 0, 'comments_var' => '', 'views' => 0, 'rating' => 0, 'voters' => '', 'id_theme' => 0, 'shortname' => '', 'sticky' => 0, 'fileimport' => '', 'topic' => 0, 'locked' => 0, 'illustration' => '', 'headers' => '', 'type' => substr($_GET['sa'], 11), 'featured' => 0, 'realName' => $context['user']['name'], 'authorID' => $context['user']['id'], 'articletype' => substr($_GET['sa'], 11), 'ID_THEME' => 0, 'pub_start' => 0, 'pub_end' => 0); $context['html_headers'] .= ' <script type="text/javascript"><!-- // --><![CDATA[ function changeIllu(node,name) { node.src = \'' . $boardurl . '/tp-files/tp-articles/illustrations/\' + name; } function changeIcon(node,name) { node.src = \'' . $boardurl . '/tp-files/tp-articles/icons/\' + name; } // ]]></script>'; // Add in BBC editor before we call in template so the headers are there if (substr($_GET['sa'], 11) == 'bbc') { $context['TPortal']['editor_id'] = 'tp_article_body'; TP_prebbcbox($context['TPortal']['editor_id']); } } // fetch categories and subcategories if (!isset($show_nocategory)) { $request = $smcFunc['db_query']('', ' SELECT DISTINCT var.id as id, var.value1 as name, var.value2 as parent FROM {db_prefix}tp_variables AS var WHERE var.type = {string:type} ' . (isset($where) ? 'AND var.value2 = {int:whereval}' : '') . ' ORDER BY parent, id DESC', array('type' => 'category', 'whereval' => isset($where) ? $where : 0)); if ($smcFunc['db_num_rows']($request) > 0) { $context['TPortal']['basecats'] = isset($where) ? array($where) : array('0', '9999'); $cats = array(); $context['TPortal']['cats'] = array(); $sorted = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $sorted[$row['id']] = $row; $cats[] = $row['id']; } $smcFunc['db_free_result']($request); if (count($sorted) > 1) { $context['TPortal']['cats'] = chain('id', 'parent', 'name', $sorted); } else { $context['TPortal']['cats'] = $sorted; } } } if (isset($show_submission) && $context['TPortal']['total_submissions'] > 0) { // check if we have any start values $start = !empty($_GET['p']) && is_numeric($_GET['p']) ? $_GET['p'] : 0; // sorting? $sort = $context['TPortal']['sort'] = !empty($_GET['sort']) && in_array($_GET['sort'], array('date', 'id', 'author_id', 'type', 'subject', 'parse')) ? $_GET['sort'] : 'date'; $context['TPortal']['pageindex'] = TPageIndex($scripturl . '?action=tpadmin;sa=submission;sort=' . $sort, $start, $context['TPortal']['total_submissions'], 15); $request = $smcFunc['db_query']('', ' SELECT art.id, art.date, art.frontpage, art.category, art.author_id as authorID, IFNULL(mem.real_name, art.author) as author, art.subject, art.approved, art.sticky, art.type, art.featured, art.locked, art.off, art.parse as pos FROM {db_prefix}tp_articles AS art LEFT JOIN {db_prefix}members AS mem ON (art.author_id = mem.id_member) WHERE art.approved = {int:approved} ORDER BY art.{raw:col} {raw:sort} LIMIT {int:start}, 15', array('approved' => 0, 'col' => $sort, 'start' => $start, 'sort' => in_array($sort, array('sticky', 'locked', 'frontpage', 'date', 'active')) ? 'DESC' : 'ASC')); if ($smcFunc['db_num_rows']($request) > 0) { $context['TPortal']['arts_submissions'] = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['TPortal']['arts_submissions'][] = $row; } $smcFunc['db_free_result']($request); } } if (isset($show_nocategory) && $context['TPortal']['total_nocategory'] > 0) { // check if we have any start values $start = !empty($_GET['p']) && is_numeric($_GET['p']) ? $_GET['p'] : 0; // sorting? $sort = $context['TPortal']['sort'] = !empty($_GET['sort']) && in_array($_GET['sort'], array('off', 'date', 'id', 'author_id', 'locked', 'frontpage', 'sticky', 'featured', 'type', 'subject', 'parse')) ? $_GET['sort'] : 'date'; $context['TPortal']['pageindex'] = TPageIndex($scripturl . '?action=tpadmin;sa=articles;sort=' . $sort, $start, $context['TPortal']['total_nocategory'], 15); $request = $smcFunc['db_query']('', ' SELECT art.id, art.date, art.frontpage, art.category, art.author_id as authorID, IFNULL(mem.real_name, art.author) as author, art.subject, art.approved, art.sticky, art.type, art.featured,art.locked, art.off, art.parse as pos FROM {db_prefix}tp_articles AS art LEFT JOIN {db_prefix}members AS mem ON (art.author_id = mem.id_member) WHERE (art.category = 0 OR art.category = 9999) ORDER BY art.{raw:col} {raw:sort} LIMIT {int:start}, 15', array('col' => $sort, 'sort' => in_array($sort, array('sticky', 'locked', 'frontpage', 'date', 'active')) ? 'DESC' : 'ASC', 'start' => $start)); if ($smcFunc['db_num_rows']($request) > 0) { $context['TPortal']['arts_nocat'] = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['TPortal']['arts_nocat'][] = $row; } $smcFunc['db_free_result']($request); } } // ok, fetch single article if (isset($whatarticle)) { $request = $smcFunc['db_query']('', ' SELECT art.*, IFNULL(mem.real_name, art.author) as realName, art.author_id as authorID, art.type as articletype, art.id_theme as ID_THEME FROM {db_prefix}tp_articles as art LEFT JOIN {db_prefix}members as mem ON (art.author_id = mem.id_member) WHERE art.id = {int:artid}', array('artid' => is_numeric($whatarticle) ? $whatarticle : 0)); if ($smcFunc['db_num_rows']($request) > 0) { $context['TPortal']['editarticle'] = $smcFunc['db_fetch_assoc']($request); $context['TPortal']['editing_article'] = true; $context['TPortal']['editarticle']['body'] = $smcFunc['htmlspecialchars']($context['TPortal']['editarticle']['body'], ENT_QUOTES); $smcFunc['db_free_result']($request); } // Add in BBC editor before we call in template so the headers are there if ($context['TPortal']['editarticle']['articletype'] == 'bbc') { $context['TPortal']['editor_id'] = 'tp_article_body'; TP_prebbcbox($context['TPortal']['editor_id'], strip_tags($context['TPortal']['editarticle']['body'])); } // fetch the WYSIWYG value $request = $smcFunc['db_query']('', ' SELECT value1 FROM {db_prefix}tp_variables WHERE subtype2 = {int:subtype} AND type = {string:type} LIMIT 1', array('subtype' => $whatarticle, 'type' => 'editorchoice')); if ($smcFunc['db_num_rows']($request) > 0) { $row = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); $context['TPortal']['editorchoice'] = $row['value1']; } else { $context['TPortal']['editorchoice'] = 1; } $context['html_headers'] .= ' <script type="text/javascript"><!-- // --><![CDATA[ function changeIllu(node,name) { node.src = \'' . $boardurl . '/tp-files/tp-articles/illustrations/\' + name; } function changeIcon(node,name) { node.src = \'' . $boardurl . '/tp-files/tp-articles/icons/\' + name; } // ]]></script>'; } // fetch article count for these if (isset($cats)) { $request = $smcFunc['db_query']('', ' SELECT art.category as id, COUNT(art.id) as files FROM {db_prefix}tp_articles as art WHERE art.category IN ({array_int:cat}) GROUP BY art.category', array('cat' => $cats)); $context['TPortal']['cats_count'] = array(); if ($smcFunc['db_num_rows']($request) > 0) { while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['TPortal']['cats_count'][$row['id']] = $row['files']; } $smcFunc['db_free_result']($request); } } // get the icons needed tp_collectArticleIcons(); // fetch all categories and subcategories $request = $smcFunc['db_query']('', ' SELECT id, value1 as name, value2 as parent FROM {db_prefix}tp_variables WHERE type = {string:type}', array('type' => 'category')); $context['TPortal']['allcats'] = array(); $allsorted = array(); if ($smcFunc['db_num_rows']($request) > 0) { while ($row = $smcFunc['db_fetch_assoc']($request)) { $allsorted[$row['id']] = $row; } $smcFunc['db_free_result']($request); if (count($allsorted) > 1) { $context['TPortal']['allcats'] = chain('id', 'parent', 'name', $allsorted); } else { $context['TPortal']['allcats'] = $allsorted; } } // not quite done yet lol, now we need to sort out if articles are to be listed if (isset($where)) { // check if we have any start values $start = !empty($_GET['p']) && is_numeric($_GET['p']) ? $_GET['p'] : 0; // sorting? $sort = $context['TPortal']['sort'] = !empty($_GET['sort']) && in_array($_GET['sort'], array('off', 'date', 'id', 'author_id', 'locked', 'frontpage', 'sticky', 'featured', 'type', 'subject', 'parse')) ? $_GET['sort'] : 'date'; $context['TPortal']['categoryID'] = $where; // get the name $request = $smcFunc['db_query']('', ' SELECT value1 FROM {db_prefix}tp_variables WHERE id = {int:varid} LIMIT 1', array('varid' => $where)); $f = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); $context['TPortal']['categoryNAME'] = $f['value1']; // get the total first $request = $smcFunc['db_query']('', ' SELECT COUNT(*) as total FROM {db_prefix}tp_articles WHERE category = {int:cat}', array('cat' => $where)); $row = $smcFunc['db_fetch_assoc']($request); $context['TPortal']['pageindex'] = TPageIndex($scripturl . '?action=tpadmin;sa=articles;sort=' . $sort . ';cu=' . $where, $start, $row['total'], 15); $smcFunc['db_free_result']($request); $request = $smcFunc['db_query']('', ' SELECT art.id, art.date, art.frontpage, art.category, art.author_id as authorID, IFNULL(mem.real_name, art.author) as author, art.subject, art.approved, art.sticky, art.type, art.featured, art.locked, art.off, art.parse as pos FROM {db_prefix}tp_articles AS art LEFT JOIN {db_prefix}members AS mem ON (art.author_id = mem.id_member) WHERE art.category = {int:cat} ORDER BY art.{raw:sort} {raw:sorter} LIMIT {int:start}, 15', array('cat' => $where, 'sort' => $sort, 'sorter' => in_array($sort, array('sticky', 'locked', 'frontpage', 'date', 'active')) ? 'DESC' : 'ASC', 'start' => $start)); TPadd_linktree($scripturl . '?action=tpadmin;sa=articles;cu=' . $where, $txt['tp-blocktype19']); if ($smcFunc['db_num_rows']($request) > 0) { $context['TPortal']['arts'] = array(); while ($row = $smcFunc['db_fetch_assoc']($request)) { $context['TPortal']['arts'][] = $row; } $smcFunc['db_free_result']($request); } } $context['html_headers'] .= ' <script type="text/javascript" src="' . $settings['default_theme_url'] . '/scripts/editor.js?rc1"></script> <script type="text/javascript"><!-- // --><![CDATA[ function getXMLHttpRequest() { if (window.XMLHttpRequest) return new XMLHttpRequest; else if (window.ActiveXObject) return new ActiveXObject("MICROSOFT.XMLHTTP"); else alert("Sorry, but your browser does not support Ajax"); } window.onload = startToggle; function startToggle() { var img = document.getElementsByTagName("img"); for(var i = 0; i < img.length; i++) { if (img[i].className == "toggleFront") img[i].onclick = toggleFront; else if (img[i].className == "toggleSticky") img[i].onclick = toggleSticky; else if (img[i].className == "toggleLock") img[i].onclick = toggleLock; else if (img[i].className == "toggleActive") img[i].onclick = toggleActive; else if (img[i].className == "toggleFeatured") img[i].onclick = toggleFeatured; } } function toggleActive(e) { var e = e ? e : window.event; var target = e.target ? e.target : e.srcElement; while(target.className != "toggleActive") target = target.parentNode; var id = target.id.replace("artActive", ""); var Ajax = getXMLHttpRequest(); Ajax.open("POST", "?action=tpadmin;arton=" + id + ";' . $context['session_var'] . '=' . $context['session_id'] . '"); Ajax.setRequestHeader("Content-type", "application/x-www-form-urlencode"); var source = target.src; target.src = "' . $settings['tp_images_url'] . '/ajax.gif" Ajax.onreadystatechange = function() { if(Ajax.readyState == 4) { target.src = source == "' . $settings['tp_images_url'] . '/TPactive2.gif" ? "' . $settings['tp_images_url'] . '/TPactive1.gif" : "' . $settings['tp_images_url'] . '/TPactive2.gif"; } } var params = "?action=tpadmin;arton=" + id + ";' . $context['session_var'] . '=' . $context['session_id'] . '"; Ajax.send(params); } function toggleFront(e) { var e = e ? e : window.event; var target = e.target ? e.target : e.srcElement; while(target.className != "toggleFront") target = target.parentNode; var id = target.id.replace("artFront", ""); var Ajax = getXMLHttpRequest(); Ajax.open("POST", "?action=tpadmin;artfront=" + id + ";' . $context['session_var'] . '=' . $context['session_id'] . '"); Ajax.setRequestHeader("Content-type", "application/x-www-form-urlencode"); var source = target.src; target.src = "' . $settings['tp_images_url'] . '/ajax.gif" Ajax.onreadystatechange = function() { if(Ajax.readyState == 4) { target.src = source == "' . $settings['tp_images_url'] . '/TPfront.gif" ? "' . $settings['tp_images_url'] . '/TPfront2.gif" : "' . $settings['tp_images_url'] . '/TPfront.gif"; } } var params = "?action=tpadmin;artfront=" + id + ";' . $context['session_var'] . '=' . $context['session_id'] . '"; Ajax.send(params); } function toggleSticky(e) { var e = e ? e : window.event; var target = e.target ? e.target : e.srcElement; while(target.className != "toggleSticky") target = target.parentNode; var id = target.id.replace("artSticky", ""); var Ajax = getXMLHttpRequest(); Ajax.open("POST", "?action=tpadmin;artsticky=" + id + ";' . $context['session_var'] . '=' . $context['session_id'] . '"); Ajax.setRequestHeader("Content-type", "application/x-www-form-urlencode"); var source = target.src; target.src = "' . $settings['tp_images_url'] . '/ajax.gif" Ajax.onreadystatechange = function() { if(Ajax.readyState == 4) { target.src = source == "' . $settings['tp_images_url'] . '/TPsticky1.gif" ? "' . $settings['tp_images_url'] . '/TPsticky2.gif" : "' . $settings['tp_images_url'] . '/TPsticky1.gif"; } } var params = "?action=tpadmin;artsticky=" + id + ";' . $context['session_var'] . '=' . $context['session_id'] . '"; Ajax.send(params); } function toggleLock(e) { var e = e ? e : window.event; var target = e.target ? e.target : e.srcElement; while(target.className != "toggleLock") target = target.parentNode; var id = target.id.replace("artLock", ""); var Ajax = getXMLHttpRequest(); Ajax.open("POST", "?action=tpadmin;artlock=" + id + ";' . $context['session_var'] . '=' . $context['session_id'] . '"); Ajax.setRequestHeader("Content-type", "application/x-www-form-urlencode"); var source = target.src; target.src = "' . $settings['tp_images_url'] . '/ajax.gif" Ajax.onreadystatechange = function() { if(Ajax.readyState == 4) { target.src = source == "' . $settings['tp_images_url'] . '/TPlock1.gif" ? "' . $settings['tp_images_url'] . '/TPlock2.gif" : "' . $settings['tp_images_url'] . '/TPlock1.gif"; } } var params = "?action=tpadmin;artlock=" + id + ";' . $context['session_var'] . '=' . $context['session_id'] . '"; Ajax.send(params); } function toggleFeatured(e) { var e = e ? e : window.event; var target = e.target ? e.target : e.srcElement; var aP=document.getElementsByTagName(\'img\'); for(var i=0; i<aP.length; i++) { if(aP[i].className===\'toggleFeatured\' && aP[i] != target) { aP[i].src=\'' . $settings['tp_images_url'] . '/TPflag2.gif\'; } } while(target.className != "toggleFeatured") target = target.parentNode; var id = target.id.replace("artFeatured", ""); var Ajax = getXMLHttpRequest(); Ajax.open("POST", "?action=tpadmin;artfeat=" + id + ";' . $context['session_var'] . '=' . $context['session_id'] . '"); Ajax.setRequestHeader("Content-type", "application/x-www-form-urlencode"); var source = target.src; target.src = "' . $settings['tp_images_url'] . '/ajax.gif" Ajax.onreadystatechange = function() { if(Ajax.readyState == 4) { target.src = source == "' . $settings['tp_images_url'] . '/TPflag.gif" ? "' . $settings['tp_images_url'] . '/TPflag2.gif" : "' . $settings['tp_images_url'] . '/TPflag.gif"; } } var params = "?action=tpadmin;artfeat=" + id + ";' . $context['session_var'] . '=' . $context['session_id'] . '"; Ajax.send(params); } // ]]></script>'; if ($context['TPortal']['subaction'] == 'artsettings') { TPadd_linktree($scripturl . '?action=tpadmin;sa=artsettings', $txt['tp-settings']); } elseif ($context['TPortal']['subaction'] == 'articons') { TPadd_linktree($scripturl . '?action=tpadmin;sa=articons', $txt['tp-adminicons']); } }
<?php require_once "function/sqllink.php"; require_once "function/encryption.php"; $link = sqllink(); if (checksession($link) == FALSE) { die("0"); } $id = $_SESSION['userid']; $index = $_POST['index']; if (!$link->beginTransaction()) { die('0'); } $sql = "SELECT * FROM `password` WHERE `userid`= ? AND `index`= ? "; $res = sqlexec($sql, array($id, (int) $index), $link); $record = $res->fetch(PDO::FETCH_ASSOC); if ($record == FALSE) { $link->commit(); die("0"); } $ppwd = $_POST['newpwd']; $pubkey = mt_rand(10000000, 99999999); $newpw = encrypt($ppwd, $pubkey); $changedCols = "`key` = ? ,`pwd` = ?"; $values = array($pubkey, $newpw); if (isset($_POST["name"])) { $changedCols .= " ,`name` = ?"; array_push($values, $_POST["name"]); } if (isset($_POST["other"])) { $changedCols .= " ,`other` = ?";
<!DOCTYPE HTML> <html> <head> <title>Paathshaala Profile</title> <?php include_once 'source.php'; include_once 'functions/functions.php'; include_once 'functions/class.user.php'; if (!checksession()) { redirect(); } else { $u = new user($_SESSION['uid']); } echo $header; ?> <link rel='stylesheet' href='css/profile.css'> </head> <body> <div id='topbar'></div> <img src="pics/load.gif" id='loading' style='display:none;'> <div id='container'> <?php echo $topBar; echo $feedback; ?> <div id='editProfile'></div> <div id='profileBox'> <img id='editProfileButton' src='pics/settings.png'/ > <div id='snapShot'> <img src="<?php
} else { $_SESSION["error"] = "pwsnotthere"; header("Location:settings.php"); } } if (isset($_POST['addurl'])) { echo checkadmin($_SESSION["userid"], $con); if (checkadmin($_SESSION["userid"], $con) == true) { header('Location:home.php'); } else { $URL = $_POST["URL"]; if ($URL != '') { if (checkurl($URL) == true) { $id = $_SESSION["userid"]; mysqli_query($con, "INSERT INTO project (website,owner_project) VALUES ('{$URL}','{$id}')"); checksession($id, $con); } else { $_SESSION["error"] = "invalidurlformat"; header('Location:createsession.php'); } } else { $_SESSION["error"] = "invalidurl"; header('Location:createsession.php'); } } } if (isset($_POST['changeurl'])) { $URL = $_POST["newurl"]; $id = $_SESSION["userid"]; if ($URL == mysqli_fetch_assoc(mysqli_query($con, "SELECT website FROM project WHERE owner_project='{$id}'"))['website']) { $_SESSION["error"] = "sameurl";
function random_str($length) { $arr = array_merge(range(0, 9), range('a', 'z'), range('A', 'Z')); $str = ''; $arr_len = count($arr); for ($i = 0; $i < $length; $i++) { $rand = mt_rand(0, $arr_len - 1); $str .= $arr[$rand]; } return $str; } require_once "function/sqllink.php"; require_once "function/encryption.php"; $link = sqllink(); if (!checksession($link)) { die("0"); } $id = $_SESSION['userid']; $usr = $_SESSION['user']; $username = $_POST['user']; $device = $_POST['device']; $sig = $_POST['sig']; if ($username != $usr) { die('0'); } $sql = "DELETE FROM `pin` WHERE `userid`= ? AND `device`= ?"; $res = sqlexec($sql, array($id, $device), $link); $pinpk = random_str(29); $sql = "INSERT INTO `pin` (`userid`,`device`,`pinsig`,`pinpk`,`ua`) VALUES (?,?,?,?,?)"; $res = sqlexec($sql, array($id, $device, $sig, $pinpk, $_SERVER['HTTP_USER_AGENT']), $link);
} if (isset($_SESSION['user'])) { if (isset($_SESSION["LAST_ACTIVITY"])) { if (time() - $_SESSION["LAST_ACTIVITY"] > 300) { // last request was more than 30 minutes ago session_unset(); // unset $_SESSION variable for the run-time session_destroy(); // destroy session data in storage return false; } else { $_SESSION["LAST_ACTIVITY"] = time(); // update last activity time stamp return true; } } } return false; } if (isset($_GET['check'])) { if (isset($_GET['sgid'])) { $sgid = $_GET['sgid']; } else { $sgid = ''; } if (checksession($sgid)) { echo '1'; } else { echo '0'; } }
<?php require_once 'autoload.php'; include 'checksession.php'; if (!checksession()) { header('Location: login.php'); } $au = new Approval(); $commallowed = array('2', '17'); if (isset($_SESSION['operatorid'])) { $au->setValue('operatorid', $_SESSION['operatorid']); $me = new Message(); $me->setTo($_SESSION['operatorid']); $nm = $me->getMessagecount(); } else { checksession('index.php'); } echo <<<_END <!DOCTYPE HTML> <head> <meta charset="utf-8" /> <title>Divya Engineering ERP</title> <link href="js/css/sm-core-css.css" rel="stylesheet" type="text/css" /> <link href="js/css/sm-blue/sm-blue.css" rel="stylesheet" type="text/css" /> <script src="js/jquery-2.1.4.min.js" ></script> <script src="js/jquery.smartmenus.js" ></script> <script>