function smf_db_initiate($db_server, $db_name, $db_user, $db_passwd, $db_options = array()) { global $mysql_set_mode; if (!empty($db_options['persist'])) { $connection = @mysql_pconnect($db_server, $db_user, $db_passwd); } else { $connection = @mysql_connect($db_server, $db_user, $db_passwd); } // Something's wrong, show an error if its fatal (which we assume it is) if (!$connection) { if (!empty($db_options['non_fatal'])) { return null; } else { db_fatal_error(); } } // Select the database, unless told not to if (empty($db_options['dont_select_db']) && !@mysql_select_db($db_name, $connection) && empty($db_options['non_fatal'])) { db_fatal_error(); } // This makes it possible to have SMF automatically change the sql_mode and autocommit if needed. if (isset($mysql_set_mode) && $mysql_set_mode === true) { smf_db_query('SET sql_mode = \'\', AUTOCOMMIT = 1', array(), false); } return $connection; }
function smf_db_initiate($db_server, $db_name, $db_user, $db_passwd, $db_prefix, $db_options = array()) { global $smcFunc, $mysql_set_mode; // Map some database specific functions, only do this once. if (!isset($smcFunc['db_fetch_assoc']) || $smcFunc['db_fetch_assoc'] != 'mysql_fetch_assoc') { $smcFunc += array('db_query' => 'smf_db_query', 'db_quote' => 'smf_db_quote', 'db_fetch_assoc' => 'mysql_fetch_assoc', 'db_fetch_row' => 'mysql_fetch_row', 'db_free_result' => 'mysql_free_result', 'db_insert' => 'smf_db_insert', 'db_insert_id' => 'smf_db_insert_id', 'db_num_rows' => 'mysql_num_rows', 'db_data_seek' => 'mysql_data_seek', 'db_num_fields' => 'mysql_num_fields', 'db_escape_string' => 'addslashes', 'db_unescape_string' => 'stripslashes', 'db_server_info' => 'mysql_get_server_info', 'db_affected_rows' => 'smf_db_affected_rows', 'db_transaction' => 'smf_db_transaction', 'db_error' => 'mysql_error', 'db_select_db' => 'mysql_select_db', 'db_title' => 'MySQL', 'db_sybase' => false, 'db_case_sensitive' => false, 'db_escape_wildcard_string' => 'smf_db_escape_wildcard_string'); } if (!empty($db_options['persist'])) { $connection = @mysql_pconnect($db_server, $db_user, $db_passwd); } else { $connection = @mysql_connect($db_server, $db_user, $db_passwd); } // Something's wrong, show an error if its fatal (which we assume it is) if (!$connection) { if (!empty($db_options['non_fatal'])) { return null; } else { db_fatal_error(); } } // Select the database, unless told not to if (empty($db_options['dont_select_db']) && !@mysql_select_db($db_name, $connection) && empty($db_options['non_fatal'])) { db_fatal_error(); } // This makes it possible to have SMF automatically change the sql_mode and autocommit if needed. if (isset($mysql_set_mode) && $mysql_set_mode === true) { $smcFunc['db_query']('', 'SET sql_mode = \'\', AUTOCOMMIT = 1', array(), false); } return $connection; }
function smf_db_initiate($db_server, $db_name, $db_user, $db_passwd, &$db_prefix, $db_options = array()) { global $smcFunc, $mysql_set_mode; // Map some database specific functions, only do this once. if (!isset($smcFunc['db_fetch_assoc']) || $smcFunc['db_fetch_assoc'] != 'postg_fetch_assoc') { $smcFunc += array('db_query' => 'smf_db_query', 'db_quote' => 'smf_db_quote', 'db_insert' => 'smf_db_insert', 'db_insert_id' => 'smf_db_insert_id', 'db_fetch_assoc' => 'smf_db_fetch_assoc', 'db_fetch_row' => 'smf_db_fetch_row', 'db_free_result' => 'pg_free_result', 'db_num_rows' => 'pg_num_rows', 'db_data_seek' => 'smf_db_data_seek', 'db_num_fields' => 'pg_num_fields', 'db_escape_string' => 'pg_escape_string', 'db_unescape_string' => 'smf_db_unescape_string', 'db_server_info' => 'smf_db_version', 'db_affected_rows' => 'smf_db_affected_rows', 'db_transaction' => 'smf_db_transaction', 'db_error' => 'pg_last_error', 'db_select_db' => 'smf_db_select_db', 'db_title' => 'PostgreSQL', 'db_sybase' => true, 'db_case_sensitive' => true, 'db_escape_wildcard_string' => 'smf_db_escape_wildcard_string'); } if (!empty($db_options['persist'])) { $connection = @pg_pconnect('host=' . $db_server . ' dbname=' . $db_name . ' user=\'' . $db_user . '\' password=\'' . $db_passwd . '\''); } else { $connection = @pg_connect('host=' . $db_server . ' dbname=' . $db_name . ' user=\'' . $db_user . '\' password=\'' . $db_passwd . '\''); } // Something's wrong, show an error if its fatal (which we assume it is) if (!$connection) { if (!empty($db_options['non_fatal'])) { return null; } else { db_fatal_error(); } } return $connection; }
function smf_db_initiate($db_server, $db_name, $db_user, $db_passwd, $db_prefix, $db_options = array()) { global $smcFunc, $mysql_set_mode, $db_in_transact, $sqlite_error; // Map some database specific functions, only do this once. if (!isset($smcFunc['db_fetch_assoc']) || $smcFunc['db_fetch_assoc'] != 'sqlite_fetch_array') { $smcFunc += array('db_query' => 'smf_db_query', 'db_quote' => 'smf_db_quote', 'db_fetch_assoc' => 'sqlite_fetch_array', 'db_fetch_row' => 'smf_db_fetch_row', 'db_free_result' => 'smf_db_free_result', 'db_insert' => 'smf_db_insert', 'db_insert_id' => 'smf_db_insert_id', 'db_num_rows' => 'sqlite_num_rows', 'db_data_seek' => 'sqlite_seek', 'db_num_fields' => 'sqlite_num_fields', 'db_escape_string' => 'sqlite_escape_string', 'db_unescape_string' => 'smf_db_unescape_string', 'db_server_info' => 'smf_db_libversion', 'db_affected_rows' => 'smf_db_affected_rows', 'db_transaction' => 'smf_db_transaction', 'db_error' => 'smf_db_last_error', 'db_select_db' => '', 'db_title' => 'SQLite', 'db_sybase' => true, 'db_case_sensitive' => true, 'db_escape_wildcard_string' => 'smf_db_escape_wildcard_string'); } if (substr($db_name, -3) != '.db') { $db_name .= '.db'; } if (!empty($db_options['persist'])) { $connection = @sqlite_popen($db_name, 0666, $sqlite_error); } else { $connection = @sqlite_open($db_name, 0666, $sqlite_error); } // Something's wrong, show an error if its fatal (which we assume it is) if (!$connection) { if (!empty($db_options['non_fatal'])) { return null; } else { db_fatal_error(); } } $db_in_transact = false; // This is frankly stupid - stop SQLite returning alias names! @sqlite_query('PRAGMA short_column_names = 1', $connection); // Make some user defined functions! sqlite_create_function($connection, 'unix_timestamp', 'smf_udf_unix_timestamp', 0); sqlite_create_function($connection, 'inet_aton', 'smf_udf_inet_aton', 1); sqlite_create_function($connection, 'inet_ntoa', 'smf_udf_inet_ntoa', 1); sqlite_create_function($connection, 'find_in_set', 'smf_udf_find_in_set', 2); sqlite_create_function($connection, 'year', 'smf_udf_year', 1); sqlite_create_function($connection, 'month', 'smf_udf_month', 1); sqlite_create_function($connection, 'dayofmonth', 'smf_udf_dayofmonth', 1); sqlite_create_function($connection, 'concat', 'smf_udf_concat'); sqlite_create_function($connection, 'locate', 'smf_udf_locate', 2); sqlite_create_function($connection, 'regexp', 'smf_udf_regexp', 2); return $connection; }
<?php //Perform a SQL call that to get a list of all faculty who have set appointments in tbl_facAppts. //The select <option value="uniqname">Full Name</option> is structured here (on the server side) // and appended to the <select> statement object on the calling client page. require_once $_SERVER["DOCUMENT_ROOT"] . "/../Support/configStudentVisit.php"; $facLstSQL = <<<SQL \t\tSELECT * \t\tFROM vw_facwithappts \t\tORDER BY lname SQL; $facList = $db->query($facLstSQL); if (!$facList) { db_fatal_error("facListing query issue", $db->error); } while ($items = $facList->fetch_assoc()) { echo "<option class='facSelect' value='" . $items['uniqname'] . "'>" . $items['fname'] . " " . $items['lname'] . "</option>"; } $db->close();
echo "{$deptLngName}"; ?> Reference Letter Request Admin Management interface</h1> <p>These are the current individuals who are permitted to manage the <?php echo "{$deptLngName}"; ?> Reference Letter Requests Application</p> </div><!-- #instructions --> <div id="adminList"> <span id="currAdmins"> <?php $queryRecord = 'SELECT * FROM SRL_tbl_Admin ORDER BY AdminUniqname ASC'; if (!($result = $db->query($queryRecord))) { db_fatal_error('data select issue', $db->error, $queryRecord); exit($user_err_message); } while ($row = $result->fetch_array(MYSQLI_ASSOC)) { $fullname = ldapGleaner($row['AdminUniqname']); echo '<div class="record" id="record-', $row['id'], '"> <a href="?delete=', $row['id'], '" class="delete"><span style=color:red;font-weight:bold;>X</span></a> <strong>', $row['AdminUniqname'], '</strong> -- ', $fullname[0], " ", $fullname[1], '</div>'; } ?> </span> </div><!-- testing delete --> <br /> <div id="myAdminForm"><!-- add Admin --> If you would like to register another Administrator please enter their <b>uniqname</b> here <input type="text" name="name" />
// output headers so that the file is downloaded rather than displayed header('Content-Type: text/csv; charset=utf-8'); header('Content-Disposition: attachment; filename="EnglishKudos.csv"'); // create a file pointer connected to the output stream $output = fopen('php://output', 'w'); // output the column headings fputcsv($output, array('RecordID', 'Uniqname', 'First Name', 'Last Name', 'Title', 'Type of Kudo', 'Edited By', 'Deleted')); if ($login_name === "janej" || $login_name === "janesull" || $login_name === "rsmoke" || $login_name === "dporter") { $sqlSelect = <<<SQL SELECT id, uniqname, userFname, userLname, kudoTitle, kudoDesc, kudoType, edited, selectedDelete FROM tbl_kudos ORDER BY userLname ASC SQL; } if (!($result = $db->query($sqlSelect))) { db_fatal_error("data select issue", $db->error); exit; } // loop over the rows, outputting them while ($row = $result->fetch_assoc()) { fputcsv($output, $row); }
function loadDatabase() { global $db_persist, $db_connection, $db_server, $db_user, $db_passwd; global $db_type, $db_name, $ssi_db_user, $ssi_db_passwd, $sourcedir, $db_prefix; // Figure out what type of database we are using. $db_type = 'mysql'; // Load the file for the database. require_once $sourcedir . '/lib/Subs-Db-' . $db_type . '.php'; // If we are in SSI try them first, but don't worry if it doesn't work, we have the normal username and password we can use. if (SMF == 'SSI' && !empty($ssi_db_user) && !empty($ssi_db_passwd)) { $db_connection = smf_db_initiate($db_server, $db_name, $ssi_db_user, $ssi_db_passwd, array('persist' => $db_persist, 'non_fatal' => true, 'dont_select_db' => true)); } // Either we aren't in SSI mode, or it failed. if (empty($db_connection)) { $db_connection = smf_db_initiate($db_server, $db_name, $db_user, $db_passwd, array('persist' => $db_persist, 'dont_select_db' => SMF == 'SSI')); } // Safe guard here, if there isn't a valid connection lets put a stop to it. if (!$db_connection) { db_fatal_error(); } // If in SSI mode fix up the prefix. if (SMF == 'SSI') { db_fix_prefix($db_prefix, $db_name); } }
function loadArcadeSettings() { global $arcSettings, $modSettings, $smcFunc; if (($arcSettings = cache_get_data('arcSettings', 90)) == null) { $request = $smcFunc['db_query']('', ' SELECT variable, value FROM {db_prefix}arcade_settings', array()); $arcSettings = array(); if (!$request) { db_fatal_error(); } while ($row = $smcFunc['db_fetch_row']($request)) { $arcSettings[$row[0]] = $row[1]; } $smcFunc['db_free_result']($request); if (!empty($modSettings['cache_enable'])) { cache_put_data('arcSettings', $arcSettings, 90); } } }
//insert data into database try { $sql = "INSERT INTO `tbl_kudos` (`userFname`, `userLname`, `uniqname`, `kudoType`, `kudoTitle`, `kudoDesc`) VALUES ('{$userFname}', '{$userLname}', '{$uniqname}', '{$kudoType}', '{$kudoTitle}', '{$kudoDesc}')"; if ($db->query($sql) === true) { $_SESSION['userEntry'] = $db->insert_id; //echo "New record created successfully"; $userFname = ""; $userLname = ""; $kudoType = ""; $kudoTitle = ""; $kudoDesc = ""; unset($_POST["submit"]); redirect_to("confirm.php"); exit; } else { die(db_fatal_error("Database query failed. ")); } $db->close(); } catch (Exception $e) { $result[] = $e->getMessage(); } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>LSA-<?php echo "{$pageTitle}"; ?> </title>
<?php require_once $_SERVER["DOCUMENT_ROOT"] . '/../Support/configEnglishContest.php'; require_once $_SERVER["DOCUMENT_ROOT"] . '/../Support/basicLib.php'; if (session_status() == PHP_SESSION_NONE) { session_start(); } $idSent = htmlspecialchars($_POST['delid']); if ($_SESSION['isAdmin']) { if ($idSent != 1) { $sqlDelete = <<<_SQL DELETE FROM tbl_contestadmin WHERE id = {$idSent}; _SQL; if (!($result = $db->query($sqlDelete))) { db_fatal_error("data delete issue", $db->error, $sqlDelete, $login_name); exit; } echo "Deleted admin ID: " . $idSent; } else { echo "nothin doin"; } } else { echo "unauthorized"; }
if (isset($_POST["confirmEntry"])) { //do check related stuff header("Location: " . "https://webapps.lsa.umich.edu/english/secure/userservices/profile.asp"); exit; } elseif (isset($_POST["deleteentry"])) { //preserve entry but mark a cancelled" $cancelquery = "UPDATE tbl_kudos SET "; $cancelquery .= "selectedDelete = 'deleted' "; $cancelquery .= "WHERE id = {$recordID}"; if ($result = $db->query($cancelquery)) { $db->close(); //sending user to an address outside of this webapp header("Location: " . "https://webapps.lsa.umich.edu/english/secure/userservices/profile.asp"); exit; } else { die(db_fatal_error("Database query failed for cancel. ")); } } else { $message = "Please review your information"; $sql = "SELECT * "; $sql .= "FROM tbl_kudos "; $sql .= "WHERE id={$recordID}"; $result = $db->query($sql); if ($result && $result->num_rows > 0) { // 3. Use returned data (if any) while ($subject = mysqli_fetch_assoc($result)) { // output data from each row ?> <!DOCTYPE html> <html lang="en"> <head>
} if (!$stmt->bind_param('issss', $contestsID, $contestOpen, $contestClose, $contestNotes, $login_name)) { db_fatal_error("Bind parameters failed", "( " . $stmt->errno . " )" . $stmt->error, "EMPTY", $login_name); exit($user_err_message); } if (isset($_POST['insertContest'])) { $contestsID = $db->real_escape_string(htmlspecialchars($_POST['contestID'])); $contestNotes = $db->real_escape_string(htmlspecialchars($_POST['notes'])); $contestOpen = date("Y-m-d H:i:s", strtotime($_POST['openDate'])); $contestClose = date("Y-m-d H:i:s", strtotime($_POST['closeDate'])); if ($stmt->execute()) { $_SESSION['flashMessage'] = "Successfully added new contest"; $_POST['insertContest'] = false; safeRedirect('contestAdmin.php'); } else { db_fatal_error("Execute failed", "( " . $stmt->errno . " )" . $stmt->error, "EMPTY", $login_name); exit($user_err_message); } } else { $contestsID = $contestNotes = $contestOpen = $contestClose = null; $_SESSION['flashMessage'] = ""; $_POST['insertContest'] = false; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>LSA-<?php echo "{$contestTitle}"; ?>
<div id="instructions"> <p>These are the current individuals who are permitted to manage the <?php echo "{$contestTitle}"; ?> Application</p> </div><!-- #instructions --> <div id="adminList"> <span id="currAdmins"> <?php $sqlAdmSel = <<<SQL SELECT * FROM tbl_contestadmin ORDER BY uniqname SQL; if (!($resADM = $db->query($sqlAdmSel))) { db_fatal_error("data read issue", $db->error, $sqlAdmSel, $login_name); exit; } while ($row = $resADM->fetch_assoc()) { $fullname = ldapGleaner($row['uniqname']); echo '<div class="record"> <button type="button" class="btn btn-xs btn-danger btnDelADM" data-delid="' . $row['id'] . '"><span class="glyphicon glyphicon-remove"></span></button> <strong>' . $row['uniqname'] . '</strong> -- ' . $fullname[0] . " " . $fullname[1] . '</div>'; } ?> </span> </div> <br /> <div id="myAdminForm"><!-- add Admin --> To add an Administrator please enter their <b>uniqname</b> below:<br> <input class="form_control" type="text" name="name" /><br>
$_SESSION['stuLname'] = NULL; $_SESSION['stuID'] = NULL; unset($_POST['logout']); $showChkList = false; redirect_to("index.php"); } } elseif (isset($_POST['logon'])) { // form was submitted $stuVisUsername = htmlentities($_POST['stuVisUsername']); $umid = htmlentities($_POST['umid']); $userSQL = "SELECT Fname, Lname, id "; $userSQL .= "FROM tbl_user "; $userSQL .= "WHERE password = '******' AND email = '{$stuVisUsername}' "; $userSQL .= "LIMIT 1"; if (!($resStuDetails = $db->query($userSQL))) { db_fatal_error("login issue", $db->error); } else { if ($resStuDetails->num_rows == 1) { // successful login $_SESSION['stuVisUsername'] = $stuVisUsername; $_SESSION['umid'] = $umid; while ($items = $resStuDetails->fetch_assoc()) { $_SESSION['stuFname'] = $items['Fname']; $_SESSION['stuLname'] = $items['Lname']; $_SESSION['stuID'] = $items['id']; } $resStuDetails->close(); $db->close(); unset($_POST['logon']); $message = NULL; redirect_to("php/stuVisChklst.php");
function smf_db_replacement__callback($matches) { global $db_callback, $user_info, $db_prefix; list($values, $connection) = $db_callback; if (!is_resource($connection)) { db_fatal_error(); } if ($matches[1] === 'db_prefix') { return $db_prefix; } if ($matches[1] === 'query_see_board') { return $user_info['query_see_board']; } if ($matches[1] === 'query_wanna_see_board') { return $user_info['query_wanna_see_board']; } if (!isset($matches[2])) { smf_db_error_backtrace('Invalid value inserted or no type specified.', '', E_USER_ERROR, __FILE__, __LINE__); } if (!isset($values[$matches[2]])) { smf_db_error_backtrace('The database value you\'re trying to insert does not exist: ' . htmlspecialchars($matches[2]), '', E_USER_ERROR, __FILE__, __LINE__); } $replacement = $values[$matches[2]]; switch ($matches[1]) { case 'int': if (!is_numeric($replacement) || (string) $replacement !== (string) (int) $replacement) { smf_db_error_backtrace('Wrong value type sent to the database. Integer expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); } return (string) (int) $replacement; break; case 'string': case 'text': return sprintf('\'%1$s\'', mysql_real_escape_string($replacement, $connection)); break; case 'array_int': if (is_array($replacement)) { if (empty($replacement)) { smf_db_error_backtrace('Database error, given array of integer values is empty. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); } foreach ($replacement as $key => $value) { if (!is_numeric($value) || (string) $value !== (string) (int) $value) { smf_db_error_backtrace('Wrong value type sent to the database. Array of integers expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); } $replacement[$key] = (string) (int) $value; } return implode(', ', $replacement); } else { smf_db_error_backtrace('Wrong value type sent to the database. Array of integers expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); } break; case 'array_string': if (is_array($replacement)) { if (empty($replacement)) { smf_db_error_backtrace('Database error, given array of string values is empty. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); } foreach ($replacement as $key => $value) { $replacement[$key] = sprintf('\'%1$s\'', mysql_real_escape_string($value, $connection)); } return implode(', ', $replacement); } else { smf_db_error_backtrace('Wrong value type sent to the database. Array of strings expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); } break; case 'date': if (preg_match('~^(\\d{4})-([0-1]?\\d)-([0-3]?\\d)$~', $replacement, $date_matches) === 1) { return sprintf('\'%04d-%02d-%02d\'', $date_matches[1], $date_matches[2], $date_matches[3]); } else { smf_db_error_backtrace('Wrong value type sent to the database. Date expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); } break; case 'float': if (!is_numeric($replacement)) { smf_db_error_backtrace('Wrong value type sent to the database. Floating point number expected. (' . $matches[2] . ')', '', E_USER_ERROR, __FILE__, __LINE__); } return (string) (double) $replacement; break; case 'identifier': // Backticks inside identifiers are supported as of MySQL 4.1. We don't need them for SMF. return '`' . strtr($replacement, array('`' => '', '.' => '')) . '`'; break; case 'raw': return $replacement; break; default: smf_db_error_backtrace('Undefined type used in the database query. (' . $matches[1] . ':' . $matches[2] . ')', '', false, __FILE__, __LINE__); break; } }
$cachedir = $boarddir . '/cache'; } // And important includes. require_once $sourcedir . '/QueryString.php'; require_once $sourcedir . '/Subs.php'; require_once $sourcedir . '/Errors.php'; require_once $sourcedir . '/Load.php'; require_once $sourcedir . '/Security.php'; require_once $sourcedir . '/Subs-Portal.php'; // Using an pre-PHP 5.1 version? if (@version_compare(PHP_VERSION, '5.1') == -1) { require_once $sourcedir . '/Subs-Compat.php'; } // If $maintenance is set specifically to 2, then we're upgrading or something. if (!empty($maintenance) && $maintenance == 2) { db_fatal_error(); } // Create a variable to store some SMF specific functions in. $smcFunc = array(); // Initate the database connection and define some database functions to use. loadDatabase(); // Load the settings from the settings table, and perform operations like optimizing. reloadSettings(); // Clean the request variables, add slashes, etc. cleanRequest(); $context = array(); // Seed the random generator. if (empty($modSettings['rand_seed']) || mt_rand(1, 250) == 69) { smf_seed_generator(); } // Before we get carried away, are we doing a scheduled task? If so save CPU cycles by jumping out!
require_once $_SERVER["DOCUMENT_ROOT"] . '/../Support/configEnglishContestAdmin.php'; require_once $_SERVER["DOCUMENT_ROOT"] . '/../Support/basicLib.php'; if (session_status() == PHP_SESSION_NONE) { session_start(); } $isAdmin = false; $_SESSION['isAdmin'] = false; $sqlSelect = <<<_SQL SELECT * FROM tbl_contestadmin WHERE uniqname = '{$login_name}' ORDER BY uniqname _SQL; if (!($resAdmin = $db->query($sqlSelect))) { db_fatal_error("data insert issue", $db->error, $sqlSelect, $login_name); exit; } if ($resAdmin->num_rows > 0) { $isAdmin = true; $_SESSION['isAdmin'] = true; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>LSA-<?php echo "{$contestTitle}"; ?> Writing Contests</title>
<?php $query = "SELECT *\n\t\t\t\t FROM SRL_tbl_refLetter AS Letter\n\t\t\t\t WHERE Letter.refLetter_FKstudent_uniqname = '{$login_name}'"; $return = array(); if (!($ret = $db->query($query))) { db_fatal_error("data select issue", $db->error, $query); exit($user_err_message); } echo "<table id='userSub'>"; echo '<tr><th>ID</th><th>Institution</th><th>Requested</th><th>Title</th><th align="center">Delete</th></tr>'; while ($letters = mysqli_fetch_assoc($ret)) { echo '<tr><td><a href= "php/SRL_View.php?id=', $letters["refLetter_id"], '"target="_blank">', $letters["refLetter_id"], '</a></td><td>', $letters["refLetter_institute_name"], '</td><td>', $letters["refLetter_requestDate"], '</td><td>', $letters["refLetter_positionTitle"], '</td><td align="center"><a href= "php/delete_page.php?delid=', $letters["refLetter_id"], '"><span style="color:red;font-weight:bold">X</span></a></td></tr>'; } echo '</table>'; $db->close();
require_once $_SERVER["DOCUMENT_ROOT"] . '/../Support/configEnglishContestAdmin.php'; require_once $_SERVER["DOCUMENT_ROOT"] . '/../Support/basicLib.php'; if (session_status() == PHP_SESSION_NONE) { session_start(); } //$_SESSION['flashMessage'] = "FLASHER"; $isAdmin = false; $_SESSION['isAdmin'] = false; $sqlSelect = <<<_SQL SELECT * FROM tbl_contestadmin WHERE uniqname = '{$login_name}' ORDER BY uniqname _SQL; if (!($resAdmin = $db->query($sqlSelect))) { db_fatal_error("data read issue", $db->error, $sqlSelect, $login_name); exit; } if ($resAdmin->num_rows > 0) { $isAdmin = true; $_SESSION['isAdmin'] = true; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>LSA-<?php echo "{$contestTitle}"; ?> Writing Contests</title>
function reloadSettings() { global $modSettings, $db_prefix, $boarddir, $func, $txt, $db_character_set; global $mysql_set_mode, $context; // This makes it possible to have SMF automatically change the sql_mode and autocommit if needed. if (isset($mysql_set_mode) && $mysql_set_mode === true) { db_query("SET sql_mode='', AUTOCOMMIT=1", false, false); } // Most database systems have not set UTF-8 as their default input charset. if (isset($db_character_set) && preg_match('~^\\w+$~', $db_character_set) === 1) { db_query("\n\t\t\tSET NAMES {$db_character_set}", __FILE__, __LINE__); } // Try to load it from the cache first; it'll never get cached if the setting is off. if (($modSettings = cache_get_data('modSettings', 90)) == null) { $request = db_query("\n\t\t\tSELECT variable, value\n\t\t\tFROM {$db_prefix}settings", false, false); $modSettings = array(); if (!$request) { db_fatal_error(); } while ($row = mysql_fetch_row($request)) { $modSettings[$row[0]] = $row[1]; } mysql_free_result($request); // Do a few things to protect against missing settings or settings with invalid values... if (empty($modSettings['defaultMaxTopics']) || $modSettings['defaultMaxTopics'] <= 0 || $modSettings['defaultMaxTopics'] > 999) { $modSettings['defaultMaxTopics'] = 20; } if (empty($modSettings['defaultMaxMessages']) || $modSettings['defaultMaxMessages'] <= 0 || $modSettings['defaultMaxMessages'] > 999) { $modSettings['defaultMaxMessages'] = 15; } if (empty($modSettings['defaultMaxMembers']) || $modSettings['defaultMaxMembers'] <= 0 || $modSettings['defaultMaxMembers'] > 999) { $modSettings['defaultMaxMembers'] = 30; } if (!empty($modSettings['cache_enable'])) { cache_put_data('modSettings', $modSettings, 90); } } // UTF-8 in regular expressions is unsupported on PHP(win) versions < 4.2.3. $utf8 = (empty($modSettings['global_character_set']) ? $txt['lang_character_set'] : $modSettings['global_character_set']) === 'UTF-8' && (strpos(strtolower(PHP_OS), 'win') === false || @version_compare(PHP_VERSION, '4.2.3') != -1); // Set a list of common functions. $ent_list = empty($modSettings['disableEntityCheck']) ? '&(#\\d{1,7}|quot|amp|lt|gt|nbsp);' : '&(#021|quot|amp|lt|gt|nbsp);'; $ent_check = empty($modSettings['disableEntityCheck']) ? array('preg_replace(\'~(&#(\\d{1,7}|x[0-9a-fA-F]{1,6});)~e\', \'$func[\\\'entity_fix\\\'](\\\'\\2\\\')\', ', ')') : array('', ''); // Preg_replace can handle complex characters only for higher PHP versions. $space_chars = $utf8 ? @version_compare(PHP_VERSION, '4.3.3') != -1 ? '\\x{A0}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}' : pack('C*', 0xc2, 0xa0, 0xe2, 0x80, 0x80) . '-' . pack('C*', 0xe2, 0x80, 0x8f, 0xe2, 0x80, 0x9f, 0xe2, 0x80, 0xaf, 0xe2, 0x80, 0x9f, 0xe3, 0x80, 0x80, 0xef, 0xbb, 0xbf) : '\\xA0'; $func = array('entity_fix' => create_function('$string', ' $num = substr($string, 0, 1) === \'x\' ? hexdec(substr($string, 1)) : (int) $string; return $num < 0x20 || $num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) ? \'\' : \'&#\' . $num . \';\';'), 'substr' => create_function('$string, $start, $length = null', ' global $func; $ent_arr = preg_split(\'~(&#' . (empty($modSettings['disableEntityCheck']) ? '\\d{1,7}' : '021') . ';|"|&|<|>| |.)~' . ($utf8 ? 'u' : '') . '\', ' . implode('$string', $ent_check) . ', -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY); return $length === null ? implode(\'\', array_slice($ent_arr, $start)) : implode(\'\', array_slice($ent_arr, $start, $length));'), 'strlen' => create_function('$string', ' global $func; return strlen(preg_replace(\'~' . $ent_list . ($utf8 ? '|.~u' : '~') . '\', \'_\', ' . implode('$string', $ent_check) . '));'), 'strpos' => create_function('$haystack, $needle, $offset = 0', ' global $func; $haystack_arr = preg_split(\'~(&#' . (empty($modSettings['disableEntityCheck']) ? '\\d{1,7}' : '021') . ';|"|&|<|>| |.)~' . ($utf8 ? 'u' : '') . '\', ' . implode('$haystack', $ent_check) . ', -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY); $haystack_size = count($haystack_arr); if (strlen($needle) === 1) { $result = array_search($needle, array_slice($haystack_arr, $offset)); return is_int($result) ? $result + $offset : false; } else { $needle_arr = preg_split(\'~(&#' . (empty($modSettings['disableEntityCheck']) ? '\\d{1,7}' : '021') . ';|"|&|<|>| |.)~' . ($utf8 ? 'u' : '') . '\', ' . implode('$needle', $ent_check) . ', -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY); $needle_size = count($needle_arr); $result = array_search($needle_arr[0], array_slice($haystack_arr, $offset)); while (is_int($result)) { $offset += $result; if (array_slice($haystack_arr, $offset, $needle_size) === $needle_arr) return $offset; $result = array_search($needle_arr[0], array_slice($haystack_arr, ++$offset)); } return false; }'), 'htmlspecialchars' => create_function('$string, $quote_style = ENT_COMPAT, $charset = \'ISO-8859-1\'', ' global $func; return ' . strtr($ent_check[0], array('&' => '&')) . 'htmlspecialchars($string, $quote_style, ' . ($utf8 ? '\'UTF-8\'' : '$charset') . ')' . $ent_check[1] . ';'), 'htmltrim' => create_function('$string', ' global $func; return preg_replace(\'~^([ \\t\\n\\r\\x0B\\x00' . $space_chars . ']| )+|([ \\t\\n\\r\\x0B\\x00' . $space_chars . ']| )+$~' . ($utf8 ? 'u' : '') . '\', \'\', ' . implode('$string', $ent_check) . ');'), 'truncate' => create_function('$string, $length', (empty($modSettings['disableEntityCheck']) ? ' global $func; $string = ' . implode('$string', $ent_check) . ';' : '') . ' preg_match(\'~^(' . $ent_list . '|.){\' . $func[\'strlen\'](substr($string, 0, $length)) . \'}~' . ($utf8 ? 'u' : '') . '\', $string, $matches); $string = $matches[0]; while (strlen($string) > $length) $string = preg_replace(\'~(' . $ent_list . '|.)$~' . ($utf8 ? 'u' : '') . '\', \'\', $string); return $string;'), 'strtolower' => $utf8 ? function_exists('mb_strtolower') ? create_function('$string', ' return mb_strtolower($string, \'UTF-8\');') : create_function('$string', ' global $sourcedir; require_once($sourcedir . \'/Subs-Charset.php\'); return utf8_strtolower($string);') : 'strtolower', 'strtoupper' => $utf8 ? function_exists('mb_strtoupper') ? create_function('$string', ' return mb_strtoupper($string, \'UTF-8\');') : create_function('$string', ' global $sourcedir; require_once($sourcedir . \'/Subs-Charset.php\'); return utf8_strtoupper($string);') : 'strtoupper', 'ucfirst' => $utf8 ? create_function('$string', ' global $func; return $func[\'strtoupper\']($func[\'substr\']($string, 0, 1)) . $func[\'substr\']($string, 1);') : 'ucfirst', 'ucwords' => $utf8 ? function_exists('mb_convert_case') ? create_function('$string', ' return mb_convert_case($string, MB_CASE_TITLE, \'UTF-8\');') : create_function('$string', ' global $func; $words = preg_split(\'~([\\s\\r\\n\\t]+)~\', $string, -1, PREG_SPLIT_DELIM_CAPTURE); for ($i = 0, $n = count($words); $i < $n; $i += 2) $words[$i] = $func[\'ucfirst\']($words[$i]); return implode(\'\', $words);') : 'ucwords'); // Setting the timezone is a requirement for some functions in PHP >= 5.1. if (isset($modSettings['default_timezone']) && function_exists('date_default_timezone_set')) { date_default_timezone_set($modSettings['default_timezone']); } // Check the load averages? if (!empty($modSettings['loadavg_enable'])) { if (($modSettings['load_average'] = cache_get_data('loadavg', 90)) == null) { $modSettings['load_average'] = @file_get_contents('/proc/loadavg'); if (!empty($modSettings['load_average']) && preg_match('~^([^ ]+?) ([^ ]+?) ([^ ]+)~', $modSettings['load_average'], $matches) != 0) { $modSettings['load_average'] = (double) $matches[1]; } elseif (($modSettings['load_average'] = @`uptime`) != null && preg_match('~load average[s]?: (\\d+\\.\\d+), (\\d+\\.\\d+), (\\d+\\.\\d+)~i', $modSettings['load_average'], $matches) != 0) { $modSettings['load_average'] = (double) $matches[1]; } else { unset($modSettings['load_average']); } if (!empty($modSettings['load_average'])) { cache_put_data('loadavg', $modSettings['load_average'], 90); } } if (!empty($modSettings['loadavg_forum']) && !empty($modSettings['load_average']) && $modSettings['load_average'] >= $modSettings['loadavg_forum']) { db_fatal_error(true); } } // Integration is cool. if (defined('SMF_INTEGRATION_SETTINGS')) { $modSettings = unserialize(SMF_INTEGRATION_SETTINGS) + $modSettings; } if (isset($modSettings['integrate_pre_include']) && file_exists(strtr($modSettings['integrate_pre_include'], array('$boarddir' => $boarddir)))) { require_once strtr($modSettings['integrate_pre_include'], array('$boarddir' => $boarddir)); } if (isset($modSettings['integrate_pre_load']) && function_exists($modSettings['integrate_pre_load'])) { call_user_func($modSettings['integrate_pre_load']); } // Is it time again to optimize the database? if (empty($modSettings['autoOptDatabase']) || $modSettings['autoOptLastOpt'] + $modSettings['autoOptDatabase'] * 3600 * 24 >= time() || SMF == 'SSI') { return; } if (!empty($modSettings['load_average']) && !empty($modSettings['loadavg_auto_opt']) && $modSettings['load_average'] >= $modSettings['loadavg_auto_opt']) { return; } if (!empty($modSettings['autoOptMaxOnline'])) { $request = db_query("\n\t\t\tSELECT COUNT(*)\n\t\t\tFROM {$db_prefix}log_online", __FILE__, __LINE__); list($dont_do_it) = mysql_fetch_row($request); mysql_free_result($request); if ($dont_do_it > $modSettings['autoOptMaxOnline']) { return; } } // Handle if things are prefixed with a database name. if (preg_match('~^`(.+?)`\\.(.+?)$~', $db_prefix, $match) != 0) { $request = db_query("\n\t\t\tSHOW TABLES\n\t\t\tFROM `" . strtr($match[1], array('`' => '')) . "`\n\t\t\tLIKE '" . str_replace('_', '\\_', $match[2]) . "%'", __FILE__, __LINE__); } else { $request = db_query("\n\t\t\tSHOW TABLES\n\t\t\tLIKE '" . str_replace('_', '\\_', $db_prefix) . "%'", __FILE__, __LINE__); } $tables = array(); while ($row = mysql_fetch_row($request)) { $tables[] = $row[0]; } mysql_free_result($request); updateSettings(array('autoOptLastOpt' => time())); // Don't bail if the user does. ignore_user_abort(true); // Do them one at a time for locking reasons... foreach ($tables as $table) { db_query("\n\t\t\tOPTIMIZE TABLE `{$table}`", __FILE__, __LINE__); } }
$stmt = $db->stmt_init(); if (!$stmt->prepare($sql)) { $error = $stmt->error; db_fatal_error('stmt prepare error', $error, $sql); exit($user_err_message); } else { $stmt->bind_param('is', $id, $login_name); // set parameters and execute $id = (int) trim($_GET['delid']); $stmt->execute(); ?> <html> <body> <div style="width:280px;margin:50px;padding:10px;border-style:ridge;border-width:5px"> You have deleted your request successfully <br /> <a style="color:sienna;margin-left:60px" href='../index.php'>Return to main page</a> </div><!-- infoBanner --> </body> </html> <?php } } catch (Exception $e) { $error = $e->getMessage(); db_fatal_error('admin delete issue', $error, $sql); exit($user_err_message); } } if (isset($db)) { $db->close(); }